xref: /freebsd/sys/cam/ctl/ctl.c (revision 63a938566d524836885917d95bd491aa4400b181) 
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2003-2009 Silicon Graphics International Corp.
5  * Copyright (c) 2012 The FreeBSD Foundation
6  * Copyright (c) 2014-2017 Alexander Motin <mav@FreeBSD.org>
7  * All rights reserved.
8  *
9  * Portions of this software were developed by Edward Tomasz Napierala
10  * under sponsorship from the FreeBSD Foundation.
11  *
12  * Redistribution and use in source and binary forms, with or without
13  * modification, are permitted provided that the following conditions
14  * are met:
15  * 1. Redistributions of source code must retain the above copyright
16  *    notice, this list of conditions, and the following disclaimer,
17  *    without modification.
18  * 2. Redistributions in binary form must reproduce at minimum a disclaimer
19  *    substantially similar to the "NO WARRANTY" disclaimer below
20  *    ("Disclaimer") and any redistribution must be conditioned upon
21  *    including a substantially similar Disclaimer requirement for further
22  *    binary redistribution.
23  *
24  * NO WARRANTY
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
33  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
34  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35  * POSSIBILITY OF SUCH DAMAGES.
36  *
37  * $Id$
38  */
39 /*
40  * CAM Target Layer, a SCSI device emulation subsystem.
41  *
42  * Author: Ken Merry <ken@FreeBSD.org>
43  */
44 
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
47 
48 #include <sys/param.h>
49 #include <sys/systm.h>
50 #include <sys/ctype.h>
51 #include <sys/kernel.h>
52 #include <sys/types.h>
53 #include <sys/kthread.h>
54 #include <sys/bio.h>
55 #include <sys/fcntl.h>
56 #include <sys/lock.h>
57 #include <sys/module.h>
58 #include <sys/mutex.h>
59 #include <sys/condvar.h>
60 #include <sys/malloc.h>
61 #include <sys/conf.h>
62 #include <sys/ioccom.h>
63 #include <sys/queue.h>
64 #include <sys/sbuf.h>
65 #include <sys/smp.h>
66 #include <sys/endian.h>
67 #include <sys/sysctl.h>
68 #include <vm/uma.h>
69 
70 #include <cam/cam.h>
71 #include <cam/scsi/scsi_all.h>
72 #include <cam/scsi/scsi_cd.h>
73 #include <cam/scsi/scsi_da.h>
74 #include <cam/ctl/ctl_io.h>
75 #include <cam/ctl/ctl.h>
76 #include <cam/ctl/ctl_frontend.h>
77 #include <cam/ctl/ctl_util.h>
78 #include <cam/ctl/ctl_backend.h>
79 #include <cam/ctl/ctl_ioctl.h>
80 #include <cam/ctl/ctl_ha.h>
81 #include <cam/ctl/ctl_private.h>
82 #include <cam/ctl/ctl_debug.h>
83 #include <cam/ctl/ctl_scsi_all.h>
84 #include <cam/ctl/ctl_error.h>
85 
86 struct ctl_softc *control_softc = NULL;
87 
88 /*
89  * Template mode pages.
90  */
91 
92 /*
93  * Note that these are default values only.  The actual values will be
94  * filled in when the user does a mode sense.
95  */
96 const static struct scsi_da_rw_recovery_page rw_er_page_default = {
97 	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
98 	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
99 	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
100 	/*read_retry_count*/0,
101 	/*correction_span*/0,
102 	/*head_offset_count*/0,
103 	/*data_strobe_offset_cnt*/0,
104 	/*byte8*/SMS_RWER_LBPERE,
105 	/*write_retry_count*/0,
106 	/*reserved2*/0,
107 	/*recovery_time_limit*/{0, 0},
108 };
109 
110 const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
111 	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
112 	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
113 	/*byte3*/SMS_RWER_PER,
114 	/*read_retry_count*/0,
115 	/*correction_span*/0,
116 	/*head_offset_count*/0,
117 	/*data_strobe_offset_cnt*/0,
118 	/*byte8*/SMS_RWER_LBPERE,
119 	/*write_retry_count*/0,
120 	/*reserved2*/0,
121 	/*recovery_time_limit*/{0, 0},
122 };
123 
124 const static struct scsi_format_page format_page_default = {
125 	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
126 	/*page_length*/sizeof(struct scsi_format_page) - 2,
127 	/*tracks_per_zone*/ {0, 0},
128 	/*alt_sectors_per_zone*/ {0, 0},
129 	/*alt_tracks_per_zone*/ {0, 0},
130 	/*alt_tracks_per_lun*/ {0, 0},
131 	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
132 			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
133 	/*bytes_per_sector*/ {0, 0},
134 	/*interleave*/ {0, 0},
135 	/*track_skew*/ {0, 0},
136 	/*cylinder_skew*/ {0, 0},
137 	/*flags*/ SFP_HSEC,
138 	/*reserved*/ {0, 0, 0}
139 };
140 
141 const static struct scsi_format_page format_page_changeable = {
142 	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
143 	/*page_length*/sizeof(struct scsi_format_page) - 2,
144 	/*tracks_per_zone*/ {0, 0},
145 	/*alt_sectors_per_zone*/ {0, 0},
146 	/*alt_tracks_per_zone*/ {0, 0},
147 	/*alt_tracks_per_lun*/ {0, 0},
148 	/*sectors_per_track*/ {0, 0},
149 	/*bytes_per_sector*/ {0, 0},
150 	/*interleave*/ {0, 0},
151 	/*track_skew*/ {0, 0},
152 	/*cylinder_skew*/ {0, 0},
153 	/*flags*/ 0,
154 	/*reserved*/ {0, 0, 0}
155 };
156 
157 const static struct scsi_rigid_disk_page rigid_disk_page_default = {
158 	/*page_code*/SMS_RIGID_DISK_PAGE,
159 	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
160 	/*cylinders*/ {0, 0, 0},
161 	/*heads*/ CTL_DEFAULT_HEADS,
162 	/*start_write_precomp*/ {0, 0, 0},
163 	/*start_reduced_current*/ {0, 0, 0},
164 	/*step_rate*/ {0, 0},
165 	/*landing_zone_cylinder*/ {0, 0, 0},
166 	/*rpl*/ SRDP_RPL_DISABLED,
167 	/*rotational_offset*/ 0,
168 	/*reserved1*/ 0,
169 	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
170 			   CTL_DEFAULT_ROTATION_RATE & 0xff},
171 	/*reserved2*/ {0, 0}
172 };
173 
174 const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
175 	/*page_code*/SMS_RIGID_DISK_PAGE,
176 	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
177 	/*cylinders*/ {0, 0, 0},
178 	/*heads*/ 0,
179 	/*start_write_precomp*/ {0, 0, 0},
180 	/*start_reduced_current*/ {0, 0, 0},
181 	/*step_rate*/ {0, 0},
182 	/*landing_zone_cylinder*/ {0, 0, 0},
183 	/*rpl*/ 0,
184 	/*rotational_offset*/ 0,
185 	/*reserved1*/ 0,
186 	/*rotation_rate*/ {0, 0},
187 	/*reserved2*/ {0, 0}
188 };
189 
190 const static struct scsi_da_verify_recovery_page verify_er_page_default = {
191 	/*page_code*/SMS_VERIFY_ERROR_RECOVERY_PAGE,
192 	/*page_length*/sizeof(struct scsi_da_verify_recovery_page) - 2,
193 	/*byte3*/0,
194 	/*read_retry_count*/0,
195 	/*reserved*/{ 0, 0, 0, 0, 0, 0 },
196 	/*recovery_time_limit*/{0, 0},
197 };
198 
199 const static struct scsi_da_verify_recovery_page verify_er_page_changeable = {
200 	/*page_code*/SMS_VERIFY_ERROR_RECOVERY_PAGE,
201 	/*page_length*/sizeof(struct scsi_da_verify_recovery_page) - 2,
202 	/*byte3*/SMS_VER_PER,
203 	/*read_retry_count*/0,
204 	/*reserved*/{ 0, 0, 0, 0, 0, 0 },
205 	/*recovery_time_limit*/{0, 0},
206 };
207 
208 const static struct scsi_caching_page caching_page_default = {
209 	/*page_code*/SMS_CACHING_PAGE,
210 	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211 	/*flags1*/ SCP_DISC | SCP_WCE,
212 	/*ret_priority*/ 0,
213 	/*disable_pf_transfer_len*/ {0xff, 0xff},
214 	/*min_prefetch*/ {0, 0},
215 	/*max_prefetch*/ {0xff, 0xff},
216 	/*max_pf_ceiling*/ {0xff, 0xff},
217 	/*flags2*/ 0,
218 	/*cache_segments*/ 0,
219 	/*cache_seg_size*/ {0, 0},
220 	/*reserved*/ 0,
221 	/*non_cache_seg_size*/ {0, 0, 0}
222 };
223 
224 const static struct scsi_caching_page caching_page_changeable = {
225 	/*page_code*/SMS_CACHING_PAGE,
226 	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227 	/*flags1*/ SCP_WCE | SCP_RCD,
228 	/*ret_priority*/ 0,
229 	/*disable_pf_transfer_len*/ {0, 0},
230 	/*min_prefetch*/ {0, 0},
231 	/*max_prefetch*/ {0, 0},
232 	/*max_pf_ceiling*/ {0, 0},
233 	/*flags2*/ 0,
234 	/*cache_segments*/ 0,
235 	/*cache_seg_size*/ {0, 0},
236 	/*reserved*/ 0,
237 	/*non_cache_seg_size*/ {0, 0, 0}
238 };
239 
240 const static struct scsi_control_page control_page_default = {
241 	/*page_code*/SMS_CONTROL_MODE_PAGE,
242 	/*page_length*/sizeof(struct scsi_control_page) - 2,
243 	/*rlec*/0,
244 	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245 	/*eca_and_aen*/0,
246 	/*flags4*/SCP_TAS,
247 	/*aen_holdoff_period*/{0, 0},
248 	/*busy_timeout_period*/{0, 0},
249 	/*extended_selftest_completion_time*/{0, 0}
250 };
251 
252 const static struct scsi_control_page control_page_changeable = {
253 	/*page_code*/SMS_CONTROL_MODE_PAGE,
254 	/*page_length*/sizeof(struct scsi_control_page) - 2,
255 	/*rlec*/SCP_DSENSE,
256 	/*queue_flags*/SCP_QUEUE_ALG_MASK | SCP_NUAR,
257 	/*eca_and_aen*/SCP_SWP,
258 	/*flags4*/0,
259 	/*aen_holdoff_period*/{0, 0},
260 	/*busy_timeout_period*/{0, 0},
261 	/*extended_selftest_completion_time*/{0, 0}
262 };
263 
264 #define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265 
266 const static struct scsi_control_ext_page control_ext_page_default = {
267 	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268 	/*subpage_code*/0x01,
269 	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270 	/*flags*/0,
271 	/*prio*/0,
272 	/*max_sense*/0
273 };
274 
275 const static struct scsi_control_ext_page control_ext_page_changeable = {
276 	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277 	/*subpage_code*/0x01,
278 	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279 	/*flags*/0,
280 	/*prio*/0,
281 	/*max_sense*/0xff
282 };
283 
284 const static struct scsi_info_exceptions_page ie_page_default = {
285 	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286 	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287 	/*info_flags*/SIEP_FLAGS_EWASC,
288 	/*mrie*/SIEP_MRIE_NO,
289 	/*interval_timer*/{0, 0, 0, 0},
290 	/*report_count*/{0, 0, 0, 1}
291 };
292 
293 const static struct scsi_info_exceptions_page ie_page_changeable = {
294 	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295 	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296 	/*info_flags*/SIEP_FLAGS_EWASC | SIEP_FLAGS_DEXCPT | SIEP_FLAGS_TEST |
297 	    SIEP_FLAGS_LOGERR,
298 	/*mrie*/0x0f,
299 	/*interval_timer*/{0xff, 0xff, 0xff, 0xff},
300 	/*report_count*/{0xff, 0xff, 0xff, 0xff}
301 };
302 
303 #define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
304 
305 const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
306 	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
307 	/*subpage_code*/0x02,
308 	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
309 	/*flags*/0,
310 	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
311 	/*descr*/{}},
312 	{{/*flags*/0,
313 	  /*resource*/0x01,
314 	  /*reserved*/{0, 0},
315 	  /*count*/{0, 0, 0, 0}},
316 	 {/*flags*/0,
317 	  /*resource*/0x02,
318 	  /*reserved*/{0, 0},
319 	  /*count*/{0, 0, 0, 0}},
320 	 {/*flags*/0,
321 	  /*resource*/0xf1,
322 	  /*reserved*/{0, 0},
323 	  /*count*/{0, 0, 0, 0}},
324 	 {/*flags*/0,
325 	  /*resource*/0xf2,
326 	  /*reserved*/{0, 0},
327 	  /*count*/{0, 0, 0, 0}}
328 	}
329 };
330 
331 const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
332 	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
333 	/*subpage_code*/0x02,
334 	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
335 	/*flags*/SLBPP_SITUA,
336 	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
337 	/*descr*/{}},
338 	{{/*flags*/0,
339 	  /*resource*/0,
340 	  /*reserved*/{0, 0},
341 	  /*count*/{0, 0, 0, 0}},
342 	 {/*flags*/0,
343 	  /*resource*/0,
344 	  /*reserved*/{0, 0},
345 	  /*count*/{0, 0, 0, 0}},
346 	 {/*flags*/0,
347 	  /*resource*/0,
348 	  /*reserved*/{0, 0},
349 	  /*count*/{0, 0, 0, 0}},
350 	 {/*flags*/0,
351 	  /*resource*/0,
352 	  /*reserved*/{0, 0},
353 	  /*count*/{0, 0, 0, 0}}
354 	}
355 };
356 
357 const static struct scsi_cddvd_capabilities_page cddvd_page_default = {
358 	/*page_code*/SMS_CDDVD_CAPS_PAGE,
359 	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
360 	/*caps1*/0x3f,
361 	/*caps2*/0x00,
362 	/*caps3*/0xf0,
363 	/*caps4*/0x00,
364 	/*caps5*/0x29,
365 	/*caps6*/0x00,
366 	/*obsolete*/{0, 0},
367 	/*nvol_levels*/{0, 0},
368 	/*buffer_size*/{8, 0},
369 	/*obsolete2*/{0, 0},
370 	/*reserved*/0,
371 	/*digital*/0,
372 	/*obsolete3*/0,
373 	/*copy_management*/0,
374 	/*reserved2*/0,
375 	/*rotation_control*/0,
376 	/*cur_write_speed*/0,
377 	/*num_speed_descr*/0,
378 };
379 
380 const static struct scsi_cddvd_capabilities_page cddvd_page_changeable = {
381 	/*page_code*/SMS_CDDVD_CAPS_PAGE,
382 	/*page_length*/sizeof(struct scsi_cddvd_capabilities_page) - 2,
383 	/*caps1*/0,
384 	/*caps2*/0,
385 	/*caps3*/0,
386 	/*caps4*/0,
387 	/*caps5*/0,
388 	/*caps6*/0,
389 	/*obsolete*/{0, 0},
390 	/*nvol_levels*/{0, 0},
391 	/*buffer_size*/{0, 0},
392 	/*obsolete2*/{0, 0},
393 	/*reserved*/0,
394 	/*digital*/0,
395 	/*obsolete3*/0,
396 	/*copy_management*/0,
397 	/*reserved2*/0,
398 	/*rotation_control*/0,
399 	/*cur_write_speed*/0,
400 	/*num_speed_descr*/0,
401 };
402 
403 SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
404 static int worker_threads = -1;
405 SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
406     &worker_threads, 1, "Number of worker threads");
407 static int ctl_debug = CTL_DEBUG_NONE;
408 SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
409     &ctl_debug, 0, "Enabled debug flags");
410 static int ctl_lun_map_size = 1024;
411 SYSCTL_INT(_kern_cam_ctl, OID_AUTO, lun_map_size, CTLFLAG_RWTUN,
412     &ctl_lun_map_size, 0, "Size of per-port LUN map (max LUN + 1)");
413 #ifdef  CTL_TIME_IO
414 static int ctl_time_io_secs = CTL_TIME_IO_DEFAULT_SECS;
415 SYSCTL_INT(_kern_cam_ctl, OID_AUTO, time_io_secs, CTLFLAG_RWTUN,
416     &ctl_time_io_secs, 0, "Log requests taking more seconds");
417 #endif
418 
419 /*
420  * Maximum number of LUNs we support.  MUST be a power of 2.
421  */
422 #define	CTL_DEFAULT_MAX_LUNS	1024
423 static int ctl_max_luns = CTL_DEFAULT_MAX_LUNS;
424 TUNABLE_INT("kern.cam.ctl.max_luns", &ctl_max_luns);
425 SYSCTL_INT(_kern_cam_ctl, OID_AUTO, max_luns, CTLFLAG_RDTUN,
426     &ctl_max_luns, CTL_DEFAULT_MAX_LUNS, "Maximum number of LUNs");
427 
428 /*
429  * Maximum number of ports registered at one time.
430  */
431 #define	CTL_DEFAULT_MAX_PORTS		256
432 static int ctl_max_ports = CTL_DEFAULT_MAX_PORTS;
433 TUNABLE_INT("kern.cam.ctl.max_ports", &ctl_max_ports);
434 SYSCTL_INT(_kern_cam_ctl, OID_AUTO, max_ports, CTLFLAG_RDTUN,
435     &ctl_max_ports, CTL_DEFAULT_MAX_LUNS, "Maximum number of ports");
436 
437 /*
438  * Maximum number of initiators we support.
439  */
440 #define	CTL_MAX_INITIATORS	(CTL_MAX_INIT_PER_PORT * ctl_max_ports)
441 
442 /*
443  * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
444  * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
445  * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
446  * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
447  */
448 #define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
449 
450 static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
451 				  int param);
452 static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
453 static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
454 static int ctl_init(void);
455 static int ctl_shutdown(void);
456 static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
457 static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
458 static void ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
459 static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
460 			      struct ctl_ooa *ooa_hdr,
461 			      struct ctl_ooa_entry *kern_entries);
462 static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
463 		     struct thread *td);
464 static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
465 			 struct ctl_be_lun *be_lun);
466 static int ctl_free_lun(struct ctl_lun *lun);
467 static void ctl_create_lun(struct ctl_be_lun *be_lun);
468 
469 static int ctl_do_mode_select(union ctl_io *io);
470 static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
471 			   uint64_t res_key, uint64_t sa_res_key,
472 			   uint8_t type, uint32_t residx,
473 			   struct ctl_scsiio *ctsio,
474 			   struct scsi_per_res_out *cdb,
475 			   struct scsi_per_res_out_parms* param);
476 static void ctl_pro_preempt_other(struct ctl_lun *lun,
477 				  union ctl_ha_msg *msg);
478 static void ctl_hndl_per_res_out_on_other_sc(union ctl_io *io);
479 static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
480 static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
481 static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
482 static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
483 static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
484 static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
485 					 int alloc_len);
486 static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
487 					 int alloc_len);
488 static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
489 static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
490 static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
491 static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
492 static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
493 static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
494     bool seq);
495 static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
496 static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
497     union ctl_io *pending_io, union ctl_io *ooa_io);
498 static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
499 				union ctl_io *starting_io);
500 static int ctl_check_blocked(struct ctl_lun *lun);
501 static int ctl_scsiio_lun_check(struct ctl_lun *lun,
502 				const struct ctl_cmd_entry *entry,
503 				struct ctl_scsiio *ctsio);
504 static void ctl_failover_lun(union ctl_io *io);
505 static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
506 			       struct ctl_scsiio *ctsio);
507 static int ctl_scsiio(struct ctl_scsiio *ctsio);
508 
509 static int ctl_target_reset(union ctl_io *io);
510 static void ctl_do_lun_reset(struct ctl_lun *lun, uint32_t initidx,
511 			 ctl_ua_type ua_type);
512 static int ctl_lun_reset(union ctl_io *io);
513 static int ctl_abort_task(union ctl_io *io);
514 static int ctl_abort_task_set(union ctl_io *io);
515 static int ctl_query_task(union ctl_io *io, int task_set);
516 static void ctl_i_t_nexus_loss(struct ctl_softc *softc, uint32_t initidx,
517 			      ctl_ua_type ua_type);
518 static int ctl_i_t_nexus_reset(union ctl_io *io);
519 static int ctl_query_async_event(union ctl_io *io);
520 static void ctl_run_task(union ctl_io *io);
521 #ifdef CTL_IO_DELAY
522 static void ctl_datamove_timer_wakeup(void *arg);
523 static void ctl_done_timer_wakeup(void *arg);
524 #endif /* CTL_IO_DELAY */
525 
526 static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
527 static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
528 static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
529 static void ctl_datamove_remote_write(union ctl_io *io);
530 static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
531 static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
532 static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
533 static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
534 				    ctl_ha_dt_cb callback);
535 static void ctl_datamove_remote_read(union ctl_io *io);
536 static void ctl_datamove_remote(union ctl_io *io);
537 static void ctl_process_done(union ctl_io *io);
538 static void ctl_lun_thread(void *arg);
539 static void ctl_thresh_thread(void *arg);
540 static void ctl_work_thread(void *arg);
541 static void ctl_enqueue_incoming(union ctl_io *io);
542 static void ctl_enqueue_rtr(union ctl_io *io);
543 static void ctl_enqueue_done(union ctl_io *io);
544 static void ctl_enqueue_isc(union ctl_io *io);
545 static const struct ctl_cmd_entry *
546     ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
547 static const struct ctl_cmd_entry *
548     ctl_validate_command(struct ctl_scsiio *ctsio);
549 static int ctl_cmd_applicable(uint8_t lun_type,
550     const struct ctl_cmd_entry *entry);
551 static int ctl_ha_init(void);
552 static int ctl_ha_shutdown(void);
553 
554 static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
555 static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
556 static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
557 static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
558 
559 /*
560  * Load the serialization table.  This isn't very pretty, but is probably
561  * the easiest way to do it.
562  */
563 #include "ctl_ser_table.c"
564 
565 /*
566  * We only need to define open, close and ioctl routines for this driver.
567  */
568 static struct cdevsw ctl_cdevsw = {
569 	.d_version =	D_VERSION,
570 	.d_flags =	0,
571 	.d_open =	ctl_open,
572 	.d_close =	ctl_close,
573 	.d_ioctl =	ctl_ioctl,
574 	.d_name =	"ctl",
575 };
576 
577 
578 MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
579 
580 static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
581 
582 static moduledata_t ctl_moduledata = {
583 	"ctl",
584 	ctl_module_event_handler,
585 	NULL
586 };
587 
588 DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
589 MODULE_VERSION(ctl, 1);
590 
591 static struct ctl_frontend ha_frontend =
592 {
593 	.name = "ha",
594 	.init = ctl_ha_init,
595 	.shutdown = ctl_ha_shutdown,
596 };
597 
598 static int
599 ctl_ha_init(void)
600 {
601 	struct ctl_softc *softc = control_softc;
602 
603 	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
604 	                    &softc->othersc_pool) != 0)
605 		return (ENOMEM);
606 	if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
607 		ctl_pool_free(softc->othersc_pool);
608 		return (EIO);
609 	}
610 	if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
611 	    != CTL_HA_STATUS_SUCCESS) {
612 		ctl_ha_msg_destroy(softc);
613 		ctl_pool_free(softc->othersc_pool);
614 		return (EIO);
615 	}
616 	return (0);
617 };
618 
619 static int
620 ctl_ha_shutdown(void)
621 {
622 	struct ctl_softc *softc = control_softc;
623 	struct ctl_port *port;
624 
625 	ctl_ha_msg_shutdown(softc);
626 	if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL) != CTL_HA_STATUS_SUCCESS)
627 		return (EIO);
628 	if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
629 		return (EIO);
630 	ctl_pool_free(softc->othersc_pool);
631 	while ((port = STAILQ_FIRST(&ha_frontend.port_list)) != NULL) {
632 		ctl_port_deregister(port);
633 		free(port->port_name, M_CTL);
634 		free(port, M_CTL);
635 	}
636 	return (0);
637 };
638 
639 static void
640 ctl_ha_datamove(union ctl_io *io)
641 {
642 	struct ctl_lun *lun = CTL_LUN(io);
643 	struct ctl_sg_entry *sgl;
644 	union ctl_ha_msg msg;
645 	uint32_t sg_entries_sent;
646 	int do_sg_copy, i, j;
647 
648 	memset(&msg.dt, 0, sizeof(msg.dt));
649 	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
650 	msg.hdr.original_sc = io->io_hdr.original_sc;
651 	msg.hdr.serializing_sc = io;
652 	msg.hdr.nexus = io->io_hdr.nexus;
653 	msg.hdr.status = io->io_hdr.status;
654 	msg.dt.flags = io->io_hdr.flags;
655 
656 	/*
657 	 * We convert everything into a S/G list here.  We can't
658 	 * pass by reference, only by value between controllers.
659 	 * So we can't pass a pointer to the S/G list, only as many
660 	 * S/G entries as we can fit in here.  If it's possible for
661 	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
662 	 * then we need to break this up into multiple transfers.
663 	 */
664 	if (io->scsiio.kern_sg_entries == 0) {
665 		msg.dt.kern_sg_entries = 1;
666 #if 0
667 		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
668 			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
669 		} else {
670 			/* XXX KDM use busdma here! */
671 			msg.dt.sg_list[0].addr =
672 			    (void *)vtophys(io->scsiio.kern_data_ptr);
673 		}
674 #else
675 		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
676 		    ("HA does not support BUS_ADDR"));
677 		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
678 #endif
679 		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
680 		do_sg_copy = 0;
681 	} else {
682 		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
683 		do_sg_copy = 1;
684 	}
685 
686 	msg.dt.kern_data_len = io->scsiio.kern_data_len;
687 	msg.dt.kern_total_len = io->scsiio.kern_total_len;
688 	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
689 	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
690 	msg.dt.sg_sequence = 0;
691 
692 	/*
693 	 * Loop until we've sent all of the S/G entries.  On the
694 	 * other end, we'll recompose these S/G entries into one
695 	 * contiguous list before processing.
696 	 */
697 	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
698 	    msg.dt.sg_sequence++) {
699 		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
700 		    sizeof(msg.dt.sg_list[0])),
701 		    msg.dt.kern_sg_entries - sg_entries_sent);
702 		if (do_sg_copy != 0) {
703 			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
704 			for (i = sg_entries_sent, j = 0;
705 			     i < msg.dt.cur_sg_entries; i++, j++) {
706 #if 0
707 				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
708 					msg.dt.sg_list[j].addr = sgl[i].addr;
709 				} else {
710 					/* XXX KDM use busdma here! */
711 					msg.dt.sg_list[j].addr =
712 					    (void *)vtophys(sgl[i].addr);
713 				}
714 #else
715 				KASSERT((io->io_hdr.flags &
716 				    CTL_FLAG_BUS_ADDR) == 0,
717 				    ("HA does not support BUS_ADDR"));
718 				msg.dt.sg_list[j].addr = sgl[i].addr;
719 #endif
720 				msg.dt.sg_list[j].len = sgl[i].len;
721 			}
722 		}
723 
724 		sg_entries_sent += msg.dt.cur_sg_entries;
725 		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
726 		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
727 		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
728 		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
729 		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
730 			io->io_hdr.port_status = 31341;
731 			io->scsiio.be_move_done(io);
732 			return;
733 		}
734 		msg.dt.sent_sg_entries = sg_entries_sent;
735 	}
736 
737 	/*
738 	 * Officially handover the request from us to peer.
739 	 * If failover has just happened, then we must return error.
740 	 * If failover happen just after, then it is not our problem.
741 	 */
742 	if (lun)
743 		mtx_lock(&lun->lun_lock);
744 	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
745 		if (lun)
746 			mtx_unlock(&lun->lun_lock);
747 		io->io_hdr.port_status = 31342;
748 		io->scsiio.be_move_done(io);
749 		return;
750 	}
751 	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
752 	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
753 	if (lun)
754 		mtx_unlock(&lun->lun_lock);
755 }
756 
757 static void
758 ctl_ha_done(union ctl_io *io)
759 {
760 	union ctl_ha_msg msg;
761 
762 	if (io->io_hdr.io_type == CTL_IO_SCSI) {
763 		memset(&msg, 0, sizeof(msg));
764 		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
765 		msg.hdr.original_sc = io->io_hdr.original_sc;
766 		msg.hdr.nexus = io->io_hdr.nexus;
767 		msg.hdr.status = io->io_hdr.status;
768 		msg.scsi.scsi_status = io->scsiio.scsi_status;
769 		msg.scsi.tag_num = io->scsiio.tag_num;
770 		msg.scsi.tag_type = io->scsiio.tag_type;
771 		msg.scsi.sense_len = io->scsiio.sense_len;
772 		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
773 		    io->scsiio.sense_len);
774 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
775 		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
776 		    msg.scsi.sense_len, M_WAITOK);
777 	}
778 	ctl_free_io(io);
779 }
780 
781 static void
782 ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
783 			    union ctl_ha_msg *msg_info)
784 {
785 	struct ctl_scsiio *ctsio;
786 
787 	if (msg_info->hdr.original_sc == NULL) {
788 		printf("%s: original_sc == NULL!\n", __func__);
789 		/* XXX KDM now what? */
790 		return;
791 	}
792 
793 	ctsio = &msg_info->hdr.original_sc->scsiio;
794 	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
795 	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
796 	ctsio->io_hdr.status = msg_info->hdr.status;
797 	ctsio->scsi_status = msg_info->scsi.scsi_status;
798 	ctsio->sense_len = msg_info->scsi.sense_len;
799 	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
800 	       msg_info->scsi.sense_len);
801 	ctl_enqueue_isc((union ctl_io *)ctsio);
802 }
803 
804 static void
805 ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
806 				union ctl_ha_msg *msg_info)
807 {
808 	struct ctl_scsiio *ctsio;
809 
810 	if (msg_info->hdr.serializing_sc == NULL) {
811 		printf("%s: serializing_sc == NULL!\n", __func__);
812 		/* XXX KDM now what? */
813 		return;
814 	}
815 
816 	ctsio = &msg_info->hdr.serializing_sc->scsiio;
817 	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
818 	ctl_enqueue_isc((union ctl_io *)ctsio);
819 }
820 
821 void
822 ctl_isc_announce_lun(struct ctl_lun *lun)
823 {
824 	struct ctl_softc *softc = lun->ctl_softc;
825 	union ctl_ha_msg *msg;
826 	struct ctl_ha_msg_lun_pr_key pr_key;
827 	int i, k;
828 
829 	if (softc->ha_link != CTL_HA_LINK_ONLINE)
830 		return;
831 	mtx_lock(&lun->lun_lock);
832 	i = sizeof(msg->lun);
833 	if (lun->lun_devid)
834 		i += lun->lun_devid->len;
835 	i += sizeof(pr_key) * lun->pr_key_count;
836 alloc:
837 	mtx_unlock(&lun->lun_lock);
838 	msg = malloc(i, M_CTL, M_WAITOK);
839 	mtx_lock(&lun->lun_lock);
840 	k = sizeof(msg->lun);
841 	if (lun->lun_devid)
842 		k += lun->lun_devid->len;
843 	k += sizeof(pr_key) * lun->pr_key_count;
844 	if (i < k) {
845 		free(msg, M_CTL);
846 		i = k;
847 		goto alloc;
848 	}
849 	bzero(&msg->lun, sizeof(msg->lun));
850 	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
851 	msg->hdr.nexus.targ_lun = lun->lun;
852 	msg->hdr.nexus.targ_mapped_lun = lun->lun;
853 	msg->lun.flags = lun->flags;
854 	msg->lun.pr_generation = lun->pr_generation;
855 	msg->lun.pr_res_idx = lun->pr_res_idx;
856 	msg->lun.pr_res_type = lun->pr_res_type;
857 	msg->lun.pr_key_count = lun->pr_key_count;
858 	i = 0;
859 	if (lun->lun_devid) {
860 		msg->lun.lun_devid_len = lun->lun_devid->len;
861 		memcpy(&msg->lun.data[i], lun->lun_devid->data,
862 		    msg->lun.lun_devid_len);
863 		i += msg->lun.lun_devid_len;
864 	}
865 	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
866 		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
867 			continue;
868 		pr_key.pr_iid = k;
869 		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
870 		i += sizeof(pr_key);
871 	}
872 	mtx_unlock(&lun->lun_lock);
873 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
874 	    M_WAITOK);
875 	free(msg, M_CTL);
876 
877 	if (lun->flags & CTL_LUN_PRIMARY_SC) {
878 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
879 			ctl_isc_announce_mode(lun, -1,
880 			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
881 			    lun->mode_pages.index[i].subpage);
882 		}
883 	}
884 }
885 
886 void
887 ctl_isc_announce_port(struct ctl_port *port)
888 {
889 	struct ctl_softc *softc = port->ctl_softc;
890 	union ctl_ha_msg *msg;
891 	int i;
892 
893 	if (port->targ_port < softc->port_min ||
894 	    port->targ_port >= softc->port_max ||
895 	    softc->ha_link != CTL_HA_LINK_ONLINE)
896 		return;
897 	i = sizeof(msg->port) + strlen(port->port_name) + 1;
898 	if (port->lun_map)
899 		i += port->lun_map_size * sizeof(uint32_t);
900 	if (port->port_devid)
901 		i += port->port_devid->len;
902 	if (port->target_devid)
903 		i += port->target_devid->len;
904 	if (port->init_devid)
905 		i += port->init_devid->len;
906 	msg = malloc(i, M_CTL, M_WAITOK);
907 	bzero(&msg->port, sizeof(msg->port));
908 	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
909 	msg->hdr.nexus.targ_port = port->targ_port;
910 	msg->port.port_type = port->port_type;
911 	msg->port.physical_port = port->physical_port;
912 	msg->port.virtual_port = port->virtual_port;
913 	msg->port.status = port->status;
914 	i = 0;
915 	msg->port.name_len = sprintf(&msg->port.data[i],
916 	    "%d:%s", softc->ha_id, port->port_name) + 1;
917 	i += msg->port.name_len;
918 	if (port->lun_map) {
919 		msg->port.lun_map_len = port->lun_map_size * sizeof(uint32_t);
920 		memcpy(&msg->port.data[i], port->lun_map,
921 		    msg->port.lun_map_len);
922 		i += msg->port.lun_map_len;
923 	}
924 	if (port->port_devid) {
925 		msg->port.port_devid_len = port->port_devid->len;
926 		memcpy(&msg->port.data[i], port->port_devid->data,
927 		    msg->port.port_devid_len);
928 		i += msg->port.port_devid_len;
929 	}
930 	if (port->target_devid) {
931 		msg->port.target_devid_len = port->target_devid->len;
932 		memcpy(&msg->port.data[i], port->target_devid->data,
933 		    msg->port.target_devid_len);
934 		i += msg->port.target_devid_len;
935 	}
936 	if (port->init_devid) {
937 		msg->port.init_devid_len = port->init_devid->len;
938 		memcpy(&msg->port.data[i], port->init_devid->data,
939 		    msg->port.init_devid_len);
940 		i += msg->port.init_devid_len;
941 	}
942 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
943 	    M_WAITOK);
944 	free(msg, M_CTL);
945 }
946 
947 void
948 ctl_isc_announce_iid(struct ctl_port *port, int iid)
949 {
950 	struct ctl_softc *softc = port->ctl_softc;
951 	union ctl_ha_msg *msg;
952 	int i, l;
953 
954 	if (port->targ_port < softc->port_min ||
955 	    port->targ_port >= softc->port_max ||
956 	    softc->ha_link != CTL_HA_LINK_ONLINE)
957 		return;
958 	mtx_lock(&softc->ctl_lock);
959 	i = sizeof(msg->iid);
960 	l = 0;
961 	if (port->wwpn_iid[iid].name)
962 		l = strlen(port->wwpn_iid[iid].name) + 1;
963 	i += l;
964 	msg = malloc(i, M_CTL, M_NOWAIT);
965 	if (msg == NULL) {
966 		mtx_unlock(&softc->ctl_lock);
967 		return;
968 	}
969 	bzero(&msg->iid, sizeof(msg->iid));
970 	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
971 	msg->hdr.nexus.targ_port = port->targ_port;
972 	msg->hdr.nexus.initid = iid;
973 	msg->iid.in_use = port->wwpn_iid[iid].in_use;
974 	msg->iid.name_len = l;
975 	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
976 	if (port->wwpn_iid[iid].name)
977 		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
978 	mtx_unlock(&softc->ctl_lock);
979 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
980 	free(msg, M_CTL);
981 }
982 
983 void
984 ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
985     uint8_t page, uint8_t subpage)
986 {
987 	struct ctl_softc *softc = lun->ctl_softc;
988 	union ctl_ha_msg msg;
989 	u_int i;
990 
991 	if (softc->ha_link != CTL_HA_LINK_ONLINE)
992 		return;
993 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
994 		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
995 		    page && lun->mode_pages.index[i].subpage == subpage)
996 			break;
997 	}
998 	if (i == CTL_NUM_MODE_PAGES)
999 		return;
1000 
1001 	/* Don't try to replicate pages not present on this device. */
1002 	if (lun->mode_pages.index[i].page_data == NULL)
1003 		return;
1004 
1005 	bzero(&msg.mode, sizeof(msg.mode));
1006 	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
1007 	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
1008 	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
1009 	msg.hdr.nexus.targ_lun = lun->lun;
1010 	msg.hdr.nexus.targ_mapped_lun = lun->lun;
1011 	msg.mode.page_code = page;
1012 	msg.mode.subpage = subpage;
1013 	msg.mode.page_len = lun->mode_pages.index[i].page_len;
1014 	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
1015 	    msg.mode.page_len);
1016 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
1017 	    M_WAITOK);
1018 }
1019 
1020 static void
1021 ctl_isc_ha_link_up(struct ctl_softc *softc)
1022 {
1023 	struct ctl_port *port;
1024 	struct ctl_lun *lun;
1025 	union ctl_ha_msg msg;
1026 	int i;
1027 
1028 	/* Announce this node parameters to peer for validation. */
1029 	msg.login.msg_type = CTL_MSG_LOGIN;
1030 	msg.login.version = CTL_HA_VERSION;
1031 	msg.login.ha_mode = softc->ha_mode;
1032 	msg.login.ha_id = softc->ha_id;
1033 	msg.login.max_luns = ctl_max_luns;
1034 	msg.login.max_ports = ctl_max_ports;
1035 	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
1036 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
1037 	    M_WAITOK);
1038 
1039 	STAILQ_FOREACH(port, &softc->port_list, links) {
1040 		ctl_isc_announce_port(port);
1041 		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1042 			if (port->wwpn_iid[i].in_use)
1043 				ctl_isc_announce_iid(port, i);
1044 		}
1045 	}
1046 	STAILQ_FOREACH(lun, &softc->lun_list, links)
1047 		ctl_isc_announce_lun(lun);
1048 }
1049 
1050 static void
1051 ctl_isc_ha_link_down(struct ctl_softc *softc)
1052 {
1053 	struct ctl_port *port;
1054 	struct ctl_lun *lun;
1055 	union ctl_io *io;
1056 	int i;
1057 
1058 	mtx_lock(&softc->ctl_lock);
1059 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1060 		mtx_lock(&lun->lun_lock);
1061 		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
1062 			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1063 			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1064 		}
1065 		mtx_unlock(&lun->lun_lock);
1066 
1067 		mtx_unlock(&softc->ctl_lock);
1068 		io = ctl_alloc_io(softc->othersc_pool);
1069 		mtx_lock(&softc->ctl_lock);
1070 		ctl_zero_io(io);
1071 		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
1072 		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
1073 		ctl_enqueue_isc(io);
1074 	}
1075 
1076 	STAILQ_FOREACH(port, &softc->port_list, links) {
1077 		if (port->targ_port >= softc->port_min &&
1078 		    port->targ_port < softc->port_max)
1079 			continue;
1080 		port->status &= ~CTL_PORT_STATUS_ONLINE;
1081 		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1082 			port->wwpn_iid[i].in_use = 0;
1083 			free(port->wwpn_iid[i].name, M_CTL);
1084 			port->wwpn_iid[i].name = NULL;
1085 		}
1086 	}
1087 	mtx_unlock(&softc->ctl_lock);
1088 }
1089 
1090 static void
1091 ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1092 {
1093 	struct ctl_lun *lun;
1094 	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
1095 
1096 	mtx_lock(&softc->ctl_lock);
1097 	if (msg->hdr.nexus.targ_mapped_lun >= ctl_max_luns ||
1098 	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) == NULL) {
1099 		mtx_unlock(&softc->ctl_lock);
1100 		return;
1101 	}
1102 	mtx_lock(&lun->lun_lock);
1103 	mtx_unlock(&softc->ctl_lock);
1104 	if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES && msg->ua.ua_set)
1105 		memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
1106 	if (msg->ua.ua_all) {
1107 		if (msg->ua.ua_set)
1108 			ctl_est_ua_all(lun, iid, msg->ua.ua_type);
1109 		else
1110 			ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
1111 	} else {
1112 		if (msg->ua.ua_set)
1113 			ctl_est_ua(lun, iid, msg->ua.ua_type);
1114 		else
1115 			ctl_clr_ua(lun, iid, msg->ua.ua_type);
1116 	}
1117 	mtx_unlock(&lun->lun_lock);
1118 }
1119 
1120 static void
1121 ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1122 {
1123 	struct ctl_lun *lun;
1124 	struct ctl_ha_msg_lun_pr_key pr_key;
1125 	int i, k;
1126 	ctl_lun_flags oflags;
1127 	uint32_t targ_lun;
1128 
1129 	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1130 	mtx_lock(&softc->ctl_lock);
1131 	if (targ_lun >= ctl_max_luns ||
1132 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
1133 		mtx_unlock(&softc->ctl_lock);
1134 		return;
1135 	}
1136 	mtx_lock(&lun->lun_lock);
1137 	mtx_unlock(&softc->ctl_lock);
1138 	if (lun->flags & CTL_LUN_DISABLED) {
1139 		mtx_unlock(&lun->lun_lock);
1140 		return;
1141 	}
1142 	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1143 	if (msg->lun.lun_devid_len != i || (i > 0 &&
1144 	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1145 		mtx_unlock(&lun->lun_lock);
1146 		printf("%s: Received conflicting HA LUN %d\n",
1147 		    __func__, targ_lun);
1148 		return;
1149 	} else {
1150 		/* Record whether peer is primary. */
1151 		oflags = lun->flags;
1152 		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1153 		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1154 			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1155 		else
1156 			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1157 		if (oflags != lun->flags)
1158 			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1159 
1160 		/* If peer is primary and we are not -- use data */
1161 		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1162 		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1163 			lun->pr_generation = msg->lun.pr_generation;
1164 			lun->pr_res_idx = msg->lun.pr_res_idx;
1165 			lun->pr_res_type = msg->lun.pr_res_type;
1166 			lun->pr_key_count = msg->lun.pr_key_count;
1167 			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1168 				ctl_clr_prkey(lun, k);
1169 			for (k = 0; k < msg->lun.pr_key_count; k++) {
1170 				memcpy(&pr_key, &msg->lun.data[i],
1171 				    sizeof(pr_key));
1172 				ctl_alloc_prkey(lun, pr_key.pr_iid);
1173 				ctl_set_prkey(lun, pr_key.pr_iid,
1174 				    pr_key.pr_key);
1175 				i += sizeof(pr_key);
1176 			}
1177 		}
1178 
1179 		mtx_unlock(&lun->lun_lock);
1180 		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1181 		    __func__, targ_lun,
1182 		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1183 		    "primary" : "secondary"));
1184 
1185 		/* If we are primary but peer doesn't know -- notify */
1186 		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1187 		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1188 			ctl_isc_announce_lun(lun);
1189 	}
1190 }
1191 
1192 static void
1193 ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1194 {
1195 	struct ctl_port *port;
1196 	struct ctl_lun *lun;
1197 	int i, new;
1198 
1199 	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1200 	if (port == NULL) {
1201 		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1202 		    msg->hdr.nexus.targ_port));
1203 		new = 1;
1204 		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1205 		port->frontend = &ha_frontend;
1206 		port->targ_port = msg->hdr.nexus.targ_port;
1207 		port->fe_datamove = ctl_ha_datamove;
1208 		port->fe_done = ctl_ha_done;
1209 	} else if (port->frontend == &ha_frontend) {
1210 		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1211 		    msg->hdr.nexus.targ_port));
1212 		new = 0;
1213 	} else {
1214 		printf("%s: Received conflicting HA port %d\n",
1215 		    __func__, msg->hdr.nexus.targ_port);
1216 		return;
1217 	}
1218 	port->port_type = msg->port.port_type;
1219 	port->physical_port = msg->port.physical_port;
1220 	port->virtual_port = msg->port.virtual_port;
1221 	port->status = msg->port.status;
1222 	i = 0;
1223 	free(port->port_name, M_CTL);
1224 	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1225 	    M_CTL);
1226 	i += msg->port.name_len;
1227 	if (msg->port.lun_map_len != 0) {
1228 		if (port->lun_map == NULL ||
1229 		    port->lun_map_size * sizeof(uint32_t) <
1230 		    msg->port.lun_map_len) {
1231 			port->lun_map_size = 0;
1232 			free(port->lun_map, M_CTL);
1233 			port->lun_map = malloc(msg->port.lun_map_len,
1234 			    M_CTL, M_WAITOK);
1235 		}
1236 		memcpy(port->lun_map, &msg->port.data[i], msg->port.lun_map_len);
1237 		port->lun_map_size = msg->port.lun_map_len / sizeof(uint32_t);
1238 		i += msg->port.lun_map_len;
1239 	} else {
1240 		port->lun_map_size = 0;
1241 		free(port->lun_map, M_CTL);
1242 		port->lun_map = NULL;
1243 	}
1244 	if (msg->port.port_devid_len != 0) {
1245 		if (port->port_devid == NULL ||
1246 		    port->port_devid->len < msg->port.port_devid_len) {
1247 			free(port->port_devid, M_CTL);
1248 			port->port_devid = malloc(sizeof(struct ctl_devid) +
1249 			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1250 		}
1251 		memcpy(port->port_devid->data, &msg->port.data[i],
1252 		    msg->port.port_devid_len);
1253 		port->port_devid->len = msg->port.port_devid_len;
1254 		i += msg->port.port_devid_len;
1255 	} else {
1256 		free(port->port_devid, M_CTL);
1257 		port->port_devid = NULL;
1258 	}
1259 	if (msg->port.target_devid_len != 0) {
1260 		if (port->target_devid == NULL ||
1261 		    port->target_devid->len < msg->port.target_devid_len) {
1262 			free(port->target_devid, M_CTL);
1263 			port->target_devid = malloc(sizeof(struct ctl_devid) +
1264 			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1265 		}
1266 		memcpy(port->target_devid->data, &msg->port.data[i],
1267 		    msg->port.target_devid_len);
1268 		port->target_devid->len = msg->port.target_devid_len;
1269 		i += msg->port.target_devid_len;
1270 	} else {
1271 		free(port->target_devid, M_CTL);
1272 		port->target_devid = NULL;
1273 	}
1274 	if (msg->port.init_devid_len != 0) {
1275 		if (port->init_devid == NULL ||
1276 		    port->init_devid->len < msg->port.init_devid_len) {
1277 			free(port->init_devid, M_CTL);
1278 			port->init_devid = malloc(sizeof(struct ctl_devid) +
1279 			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1280 		}
1281 		memcpy(port->init_devid->data, &msg->port.data[i],
1282 		    msg->port.init_devid_len);
1283 		port->init_devid->len = msg->port.init_devid_len;
1284 		i += msg->port.init_devid_len;
1285 	} else {
1286 		free(port->init_devid, M_CTL);
1287 		port->init_devid = NULL;
1288 	}
1289 	if (new) {
1290 		if (ctl_port_register(port) != 0) {
1291 			printf("%s: ctl_port_register() failed with error\n",
1292 			    __func__);
1293 		}
1294 	}
1295 	mtx_lock(&softc->ctl_lock);
1296 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1297 		if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
1298 			continue;
1299 		mtx_lock(&lun->lun_lock);
1300 		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1301 		mtx_unlock(&lun->lun_lock);
1302 	}
1303 	mtx_unlock(&softc->ctl_lock);
1304 }
1305 
1306 static void
1307 ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1308 {
1309 	struct ctl_port *port;
1310 	int iid;
1311 
1312 	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1313 	if (port == NULL) {
1314 		printf("%s: Received IID for unknown port %d\n",
1315 		    __func__, msg->hdr.nexus.targ_port);
1316 		return;
1317 	}
1318 	iid = msg->hdr.nexus.initid;
1319 	if (port->wwpn_iid[iid].in_use != 0 &&
1320 	    msg->iid.in_use == 0)
1321 		ctl_i_t_nexus_loss(softc, iid, CTL_UA_POWERON);
1322 	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1323 	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1324 	free(port->wwpn_iid[iid].name, M_CTL);
1325 	if (msg->iid.name_len) {
1326 		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1327 		    msg->iid.name_len, M_CTL);
1328 	} else
1329 		port->wwpn_iid[iid].name = NULL;
1330 }
1331 
1332 static void
1333 ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1334 {
1335 
1336 	if (msg->login.version != CTL_HA_VERSION) {
1337 		printf("CTL HA peers have different versions %d != %d\n",
1338 		    msg->login.version, CTL_HA_VERSION);
1339 		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1340 		return;
1341 	}
1342 	if (msg->login.ha_mode != softc->ha_mode) {
1343 		printf("CTL HA peers have different ha_mode %d != %d\n",
1344 		    msg->login.ha_mode, softc->ha_mode);
1345 		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1346 		return;
1347 	}
1348 	if (msg->login.ha_id == softc->ha_id) {
1349 		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1350 		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1351 		return;
1352 	}
1353 	if (msg->login.max_luns != ctl_max_luns ||
1354 	    msg->login.max_ports != ctl_max_ports ||
1355 	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1356 		printf("CTL HA peers have different limits\n");
1357 		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1358 		return;
1359 	}
1360 }
1361 
1362 static void
1363 ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1364 {
1365 	struct ctl_lun *lun;
1366 	u_int i;
1367 	uint32_t initidx, targ_lun;
1368 
1369 	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1370 	mtx_lock(&softc->ctl_lock);
1371 	if (targ_lun >= ctl_max_luns ||
1372 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
1373 		mtx_unlock(&softc->ctl_lock);
1374 		return;
1375 	}
1376 	mtx_lock(&lun->lun_lock);
1377 	mtx_unlock(&softc->ctl_lock);
1378 	if (lun->flags & CTL_LUN_DISABLED) {
1379 		mtx_unlock(&lun->lun_lock);
1380 		return;
1381 	}
1382 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1383 		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1384 		    msg->mode.page_code &&
1385 		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1386 			break;
1387 	}
1388 	if (i == CTL_NUM_MODE_PAGES) {
1389 		mtx_unlock(&lun->lun_lock);
1390 		return;
1391 	}
1392 	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1393 	    lun->mode_pages.index[i].page_len);
1394 	initidx = ctl_get_initindex(&msg->hdr.nexus);
1395 	if (initidx != -1)
1396 		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1397 	mtx_unlock(&lun->lun_lock);
1398 }
1399 
1400 /*
1401  * ISC (Inter Shelf Communication) event handler.  Events from the HA
1402  * subsystem come in here.
1403  */
1404 static void
1405 ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1406 {
1407 	struct ctl_softc *softc = control_softc;
1408 	union ctl_io *io;
1409 	struct ctl_prio *presio;
1410 	ctl_ha_status isc_status;
1411 
1412 	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1413 	if (event == CTL_HA_EVT_MSG_RECV) {
1414 		union ctl_ha_msg *msg, msgbuf;
1415 
1416 		if (param > sizeof(msgbuf))
1417 			msg = malloc(param, M_CTL, M_WAITOK);
1418 		else
1419 			msg = &msgbuf;
1420 		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1421 		    M_WAITOK);
1422 		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1423 			printf("%s: Error receiving message: %d\n",
1424 			    __func__, isc_status);
1425 			if (msg != &msgbuf)
1426 				free(msg, M_CTL);
1427 			return;
1428 		}
1429 
1430 		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1431 		switch (msg->hdr.msg_type) {
1432 		case CTL_MSG_SERIALIZE:
1433 			io = ctl_alloc_io(softc->othersc_pool);
1434 			ctl_zero_io(io);
1435 			// populate ctsio from msg
1436 			io->io_hdr.io_type = CTL_IO_SCSI;
1437 			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1438 			io->io_hdr.original_sc = msg->hdr.original_sc;
1439 			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1440 					    CTL_FLAG_IO_ACTIVE;
1441 			/*
1442 			 * If we're in serialization-only mode, we don't
1443 			 * want to go through full done processing.  Thus
1444 			 * the COPY flag.
1445 			 *
1446 			 * XXX KDM add another flag that is more specific.
1447 			 */
1448 			if (softc->ha_mode != CTL_HA_MODE_XFER)
1449 				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1450 			io->io_hdr.nexus = msg->hdr.nexus;
1451 #if 0
1452 			printf("port %u, iid %u, lun %u\n",
1453 			       io->io_hdr.nexus.targ_port,
1454 			       io->io_hdr.nexus.initid,
1455 			       io->io_hdr.nexus.targ_lun);
1456 #endif
1457 			io->scsiio.tag_num = msg->scsi.tag_num;
1458 			io->scsiio.tag_type = msg->scsi.tag_type;
1459 #ifdef CTL_TIME_IO
1460 			io->io_hdr.start_time = time_uptime;
1461 			getbinuptime(&io->io_hdr.start_bt);
1462 #endif /* CTL_TIME_IO */
1463 			io->scsiio.cdb_len = msg->scsi.cdb_len;
1464 			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1465 			       CTL_MAX_CDBLEN);
1466 			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1467 				const struct ctl_cmd_entry *entry;
1468 
1469 				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1470 				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1471 				io->io_hdr.flags |=
1472 					entry->flags & CTL_FLAG_DATA_MASK;
1473 			}
1474 			ctl_enqueue_isc(io);
1475 			break;
1476 
1477 		/* Performed on the Originating SC, XFER mode only */
1478 		case CTL_MSG_DATAMOVE: {
1479 			struct ctl_sg_entry *sgl;
1480 			int i, j;
1481 
1482 			io = msg->hdr.original_sc;
1483 			if (io == NULL) {
1484 				printf("%s: original_sc == NULL!\n", __func__);
1485 				/* XXX KDM do something here */
1486 				break;
1487 			}
1488 			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1489 			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1490 			/*
1491 			 * Keep track of this, we need to send it back over
1492 			 * when the datamove is complete.
1493 			 */
1494 			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1495 			if (msg->hdr.status == CTL_SUCCESS)
1496 				io->io_hdr.status = msg->hdr.status;
1497 
1498 			if (msg->dt.sg_sequence == 0) {
1499 #ifdef CTL_TIME_IO
1500 				getbinuptime(&io->io_hdr.dma_start_bt);
1501 #endif
1502 				i = msg->dt.kern_sg_entries +
1503 				    msg->dt.kern_data_len /
1504 				    CTL_HA_DATAMOVE_SEGMENT + 1;
1505 				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1506 				    M_WAITOK | M_ZERO);
1507 				io->io_hdr.remote_sglist = sgl;
1508 				io->io_hdr.local_sglist =
1509 				    &sgl[msg->dt.kern_sg_entries];
1510 
1511 				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1512 
1513 				io->scsiio.kern_sg_entries =
1514 					msg->dt.kern_sg_entries;
1515 				io->scsiio.rem_sg_entries =
1516 					msg->dt.kern_sg_entries;
1517 				io->scsiio.kern_data_len =
1518 					msg->dt.kern_data_len;
1519 				io->scsiio.kern_total_len =
1520 					msg->dt.kern_total_len;
1521 				io->scsiio.kern_data_resid =
1522 					msg->dt.kern_data_resid;
1523 				io->scsiio.kern_rel_offset =
1524 					msg->dt.kern_rel_offset;
1525 				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1526 				io->io_hdr.flags |= msg->dt.flags &
1527 				    CTL_FLAG_BUS_ADDR;
1528 			} else
1529 				sgl = (struct ctl_sg_entry *)
1530 					io->scsiio.kern_data_ptr;
1531 
1532 			for (i = msg->dt.sent_sg_entries, j = 0;
1533 			     i < (msg->dt.sent_sg_entries +
1534 			     msg->dt.cur_sg_entries); i++, j++) {
1535 				sgl[i].addr = msg->dt.sg_list[j].addr;
1536 				sgl[i].len = msg->dt.sg_list[j].len;
1537 
1538 #if 0
1539 				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1540 				    __func__, sgl[i].addr, sgl[i].len, j, i);
1541 #endif
1542 			}
1543 
1544 			/*
1545 			 * If this is the last piece of the I/O, we've got
1546 			 * the full S/G list.  Queue processing in the thread.
1547 			 * Otherwise wait for the next piece.
1548 			 */
1549 			if (msg->dt.sg_last != 0)
1550 				ctl_enqueue_isc(io);
1551 			break;
1552 		}
1553 		/* Performed on the Serializing (primary) SC, XFER mode only */
1554 		case CTL_MSG_DATAMOVE_DONE: {
1555 			if (msg->hdr.serializing_sc == NULL) {
1556 				printf("%s: serializing_sc == NULL!\n",
1557 				       __func__);
1558 				/* XXX KDM now what? */
1559 				break;
1560 			}
1561 			/*
1562 			 * We grab the sense information here in case
1563 			 * there was a failure, so we can return status
1564 			 * back to the initiator.
1565 			 */
1566 			io = msg->hdr.serializing_sc;
1567 			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1568 			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1569 			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1570 			io->io_hdr.port_status = msg->scsi.port_status;
1571 			io->scsiio.kern_data_resid = msg->scsi.kern_data_resid;
1572 			if (msg->hdr.status != CTL_STATUS_NONE) {
1573 				io->io_hdr.status = msg->hdr.status;
1574 				io->scsiio.scsi_status = msg->scsi.scsi_status;
1575 				io->scsiio.sense_len = msg->scsi.sense_len;
1576 				memcpy(&io->scsiio.sense_data,
1577 				    &msg->scsi.sense_data,
1578 				    msg->scsi.sense_len);
1579 				if (msg->hdr.status == CTL_SUCCESS)
1580 					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1581 			}
1582 			ctl_enqueue_isc(io);
1583 			break;
1584 		}
1585 
1586 		/* Preformed on Originating SC, SER_ONLY mode */
1587 		case CTL_MSG_R2R:
1588 			io = msg->hdr.original_sc;
1589 			if (io == NULL) {
1590 				printf("%s: original_sc == NULL!\n",
1591 				    __func__);
1592 				break;
1593 			}
1594 			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1595 			io->io_hdr.msg_type = CTL_MSG_R2R;
1596 			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1597 			ctl_enqueue_isc(io);
1598 			break;
1599 
1600 		/*
1601 		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1602 		 * mode.
1603 		 * Performed on the Originating (i.e. secondary) SC in XFER
1604 		 * mode
1605 		 */
1606 		case CTL_MSG_FINISH_IO:
1607 			if (softc->ha_mode == CTL_HA_MODE_XFER)
1608 				ctl_isc_handler_finish_xfer(softc, msg);
1609 			else
1610 				ctl_isc_handler_finish_ser_only(softc, msg);
1611 			break;
1612 
1613 		/* Preformed on Originating SC */
1614 		case CTL_MSG_BAD_JUJU:
1615 			io = msg->hdr.original_sc;
1616 			if (io == NULL) {
1617 				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1618 				       __func__);
1619 				break;
1620 			}
1621 			ctl_copy_sense_data(msg, io);
1622 			/*
1623 			 * IO should have already been cleaned up on other
1624 			 * SC so clear this flag so we won't send a message
1625 			 * back to finish the IO there.
1626 			 */
1627 			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1628 			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1629 
1630 			/* io = msg->hdr.serializing_sc; */
1631 			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1632 			ctl_enqueue_isc(io);
1633 			break;
1634 
1635 		/* Handle resets sent from the other side */
1636 		case CTL_MSG_MANAGE_TASKS: {
1637 			struct ctl_taskio *taskio;
1638 			taskio = (struct ctl_taskio *)ctl_alloc_io(
1639 			    softc->othersc_pool);
1640 			ctl_zero_io((union ctl_io *)taskio);
1641 			taskio->io_hdr.io_type = CTL_IO_TASK;
1642 			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1643 			taskio->io_hdr.nexus = msg->hdr.nexus;
1644 			taskio->task_action = msg->task.task_action;
1645 			taskio->tag_num = msg->task.tag_num;
1646 			taskio->tag_type = msg->task.tag_type;
1647 #ifdef CTL_TIME_IO
1648 			taskio->io_hdr.start_time = time_uptime;
1649 			getbinuptime(&taskio->io_hdr.start_bt);
1650 #endif /* CTL_TIME_IO */
1651 			ctl_run_task((union ctl_io *)taskio);
1652 			break;
1653 		}
1654 		/* Persistent Reserve action which needs attention */
1655 		case CTL_MSG_PERS_ACTION:
1656 			presio = (struct ctl_prio *)ctl_alloc_io(
1657 			    softc->othersc_pool);
1658 			ctl_zero_io((union ctl_io *)presio);
1659 			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1660 			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1661 			presio->io_hdr.nexus = msg->hdr.nexus;
1662 			presio->pr_msg = msg->pr;
1663 			ctl_enqueue_isc((union ctl_io *)presio);
1664 			break;
1665 		case CTL_MSG_UA:
1666 			ctl_isc_ua(softc, msg, param);
1667 			break;
1668 		case CTL_MSG_PORT_SYNC:
1669 			ctl_isc_port_sync(softc, msg, param);
1670 			break;
1671 		case CTL_MSG_LUN_SYNC:
1672 			ctl_isc_lun_sync(softc, msg, param);
1673 			break;
1674 		case CTL_MSG_IID_SYNC:
1675 			ctl_isc_iid_sync(softc, msg, param);
1676 			break;
1677 		case CTL_MSG_LOGIN:
1678 			ctl_isc_login(softc, msg, param);
1679 			break;
1680 		case CTL_MSG_MODE_SYNC:
1681 			ctl_isc_mode_sync(softc, msg, param);
1682 			break;
1683 		default:
1684 			printf("Received HA message of unknown type %d\n",
1685 			    msg->hdr.msg_type);
1686 			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1687 			break;
1688 		}
1689 		if (msg != &msgbuf)
1690 			free(msg, M_CTL);
1691 	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1692 		printf("CTL: HA link status changed from %d to %d\n",
1693 		    softc->ha_link, param);
1694 		if (param == softc->ha_link)
1695 			return;
1696 		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1697 			softc->ha_link = param;
1698 			ctl_isc_ha_link_down(softc);
1699 		} else {
1700 			softc->ha_link = param;
1701 			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1702 				ctl_isc_ha_link_up(softc);
1703 		}
1704 		return;
1705 	} else {
1706 		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1707 		return;
1708 	}
1709 }
1710 
1711 static void
1712 ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1713 {
1714 
1715 	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1716 	    src->scsi.sense_len);
1717 	dest->scsiio.scsi_status = src->scsi.scsi_status;
1718 	dest->scsiio.sense_len = src->scsi.sense_len;
1719 	dest->io_hdr.status = src->hdr.status;
1720 }
1721 
1722 static void
1723 ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1724 {
1725 
1726 	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1727 	    src->scsiio.sense_len);
1728 	dest->scsi.scsi_status = src->scsiio.scsi_status;
1729 	dest->scsi.sense_len = src->scsiio.sense_len;
1730 	dest->hdr.status = src->io_hdr.status;
1731 }
1732 
1733 void
1734 ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1735 {
1736 	struct ctl_softc *softc = lun->ctl_softc;
1737 	ctl_ua_type *pu;
1738 
1739 	if (initidx < softc->init_min || initidx >= softc->init_max)
1740 		return;
1741 	mtx_assert(&lun->lun_lock, MA_OWNED);
1742 	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1743 	if (pu == NULL)
1744 		return;
1745 	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1746 }
1747 
1748 void
1749 ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1750 {
1751 	int i;
1752 
1753 	mtx_assert(&lun->lun_lock, MA_OWNED);
1754 	if (lun->pending_ua[port] == NULL)
1755 		return;
1756 	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1757 		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1758 			continue;
1759 		lun->pending_ua[port][i] |= ua;
1760 	}
1761 }
1762 
1763 void
1764 ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1765 {
1766 	struct ctl_softc *softc = lun->ctl_softc;
1767 	int i;
1768 
1769 	mtx_assert(&lun->lun_lock, MA_OWNED);
1770 	for (i = softc->port_min; i < softc->port_max; i++)
1771 		ctl_est_ua_port(lun, i, except, ua);
1772 }
1773 
1774 void
1775 ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1776 {
1777 	struct ctl_softc *softc = lun->ctl_softc;
1778 	ctl_ua_type *pu;
1779 
1780 	if (initidx < softc->init_min || initidx >= softc->init_max)
1781 		return;
1782 	mtx_assert(&lun->lun_lock, MA_OWNED);
1783 	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1784 	if (pu == NULL)
1785 		return;
1786 	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1787 }
1788 
1789 void
1790 ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1791 {
1792 	struct ctl_softc *softc = lun->ctl_softc;
1793 	int i, j;
1794 
1795 	mtx_assert(&lun->lun_lock, MA_OWNED);
1796 	for (i = softc->port_min; i < softc->port_max; i++) {
1797 		if (lun->pending_ua[i] == NULL)
1798 			continue;
1799 		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1800 			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1801 				continue;
1802 			lun->pending_ua[i][j] &= ~ua;
1803 		}
1804 	}
1805 }
1806 
1807 void
1808 ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1809     ctl_ua_type ua_type)
1810 {
1811 	struct ctl_lun *lun;
1812 
1813 	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1814 	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1815 		mtx_lock(&lun->lun_lock);
1816 		ctl_clr_ua(lun, initidx, ua_type);
1817 		mtx_unlock(&lun->lun_lock);
1818 	}
1819 }
1820 
1821 static int
1822 ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1823 {
1824 	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1825 	struct ctl_lun *lun;
1826 	struct ctl_lun_req ireq;
1827 	int error, value;
1828 
1829 	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1830 	error = sysctl_handle_int(oidp, &value, 0, req);
1831 	if ((error != 0) || (req->newptr == NULL))
1832 		return (error);
1833 
1834 	mtx_lock(&softc->ctl_lock);
1835 	if (value == 0)
1836 		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1837 	else
1838 		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1839 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1840 		mtx_unlock(&softc->ctl_lock);
1841 		bzero(&ireq, sizeof(ireq));
1842 		ireq.reqtype = CTL_LUNREQ_MODIFY;
1843 		ireq.reqdata.modify.lun_id = lun->lun;
1844 		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1845 		    curthread);
1846 		if (ireq.status != CTL_LUN_OK) {
1847 			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1848 			    __func__, ireq.status, ireq.error_str);
1849 		}
1850 		mtx_lock(&softc->ctl_lock);
1851 	}
1852 	mtx_unlock(&softc->ctl_lock);
1853 	return (0);
1854 }
1855 
1856 static int
1857 ctl_init(void)
1858 {
1859 	struct make_dev_args args;
1860 	struct ctl_softc *softc;
1861 	int i, error;
1862 
1863 	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1864 			       M_WAITOK | M_ZERO);
1865 
1866 	make_dev_args_init(&args);
1867 	args.mda_devsw = &ctl_cdevsw;
1868 	args.mda_uid = UID_ROOT;
1869 	args.mda_gid = GID_OPERATOR;
1870 	args.mda_mode = 0600;
1871 	args.mda_si_drv1 = softc;
1872 	error = make_dev_s(&args, &softc->dev, "cam/ctl");
1873 	if (error != 0) {
1874 		free(softc, M_DEVBUF);
1875 		control_softc = NULL;
1876 		return (error);
1877 	}
1878 
1879 	sysctl_ctx_init(&softc->sysctl_ctx);
1880 	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1881 		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1882 		CTLFLAG_RD, 0, "CAM Target Layer");
1883 
1884 	if (softc->sysctl_tree == NULL) {
1885 		printf("%s: unable to allocate sysctl tree\n", __func__);
1886 		destroy_dev(softc->dev);
1887 		free(softc, M_DEVBUF);
1888 		control_softc = NULL;
1889 		return (ENOMEM);
1890 	}
1891 
1892 	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1893 	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1894 	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1895 	softc->flags = 0;
1896 
1897 	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1898 	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1899 	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1900 
1901 	if (ctl_max_luns <= 0 || powerof2(ctl_max_luns) == 0) {
1902 		printf("Bad value %d for kern.cam.ctl.max_luns, must be a power of two, using %d\n",
1903 		    ctl_max_luns, CTL_DEFAULT_MAX_LUNS);
1904 		ctl_max_luns = CTL_DEFAULT_MAX_LUNS;
1905 	}
1906 	softc->ctl_luns = malloc(sizeof(struct ctl_lun *) * ctl_max_luns,
1907 	    M_DEVBUF, M_WAITOK | M_ZERO);
1908 	softc->ctl_lun_mask = malloc(sizeof(uint32_t) *
1909 	    ((ctl_max_luns + 31) / 32), M_DEVBUF, M_WAITOK | M_ZERO);
1910 	if (ctl_max_ports <= 0 || powerof2(ctl_max_ports) == 0) {
1911 		printf("Bad value %d for kern.cam.ctl.max_ports, must be a power of two, using %d\n",
1912 		    ctl_max_ports, CTL_DEFAULT_MAX_PORTS);
1913 		ctl_max_ports = CTL_DEFAULT_MAX_PORTS;
1914 	}
1915 	softc->ctl_port_mask = malloc(sizeof(uint32_t) *
1916 	  ((ctl_max_ports + 31) / 32), M_DEVBUF, M_WAITOK | M_ZERO);
1917 	softc->ctl_ports = malloc(sizeof(struct ctl_port *) * ctl_max_ports,
1918 	     M_DEVBUF, M_WAITOK | M_ZERO);
1919 
1920 
1921 	/*
1922 	 * In Copan's HA scheme, the "master" and "slave" roles are
1923 	 * figured out through the slot the controller is in.  Although it
1924 	 * is an active/active system, someone has to be in charge.
1925 	 */
1926 	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1927 	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1928 	    "HA head ID (0 - no HA)");
1929 	if (softc->ha_id == 0 || softc->ha_id > NUM_HA_SHELVES) {
1930 		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1931 		softc->is_single = 1;
1932 		softc->port_cnt = ctl_max_ports;
1933 		softc->port_min = 0;
1934 	} else {
1935 		softc->port_cnt = ctl_max_ports / NUM_HA_SHELVES;
1936 		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1937 	}
1938 	softc->port_max = softc->port_min + softc->port_cnt;
1939 	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1940 	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1941 
1942 	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1943 	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1944 	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1945 
1946 	STAILQ_INIT(&softc->lun_list);
1947 	STAILQ_INIT(&softc->pending_lun_queue);
1948 	STAILQ_INIT(&softc->fe_list);
1949 	STAILQ_INIT(&softc->port_list);
1950 	STAILQ_INIT(&softc->be_list);
1951 	ctl_tpc_init(softc);
1952 
1953 	if (worker_threads <= 0)
1954 		worker_threads = max(1, mp_ncpus / 4);
1955 	if (worker_threads > CTL_MAX_THREADS)
1956 		worker_threads = CTL_MAX_THREADS;
1957 
1958 	for (i = 0; i < worker_threads; i++) {
1959 		struct ctl_thread *thr = &softc->threads[i];
1960 
1961 		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1962 		thr->ctl_softc = softc;
1963 		STAILQ_INIT(&thr->incoming_queue);
1964 		STAILQ_INIT(&thr->rtr_queue);
1965 		STAILQ_INIT(&thr->done_queue);
1966 		STAILQ_INIT(&thr->isc_queue);
1967 
1968 		error = kproc_kthread_add(ctl_work_thread, thr,
1969 		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1970 		if (error != 0) {
1971 			printf("error creating CTL work thread!\n");
1972 			return (error);
1973 		}
1974 	}
1975 	error = kproc_kthread_add(ctl_lun_thread, softc,
1976 	    &softc->ctl_proc, &softc->lun_thread, 0, 0, "ctl", "lun");
1977 	if (error != 0) {
1978 		printf("error creating CTL lun thread!\n");
1979 		return (error);
1980 	}
1981 	error = kproc_kthread_add(ctl_thresh_thread, softc,
1982 	    &softc->ctl_proc, &softc->thresh_thread, 0, 0, "ctl", "thresh");
1983 	if (error != 0) {
1984 		printf("error creating CTL threshold thread!\n");
1985 		return (error);
1986 	}
1987 
1988 	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1989 	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1990 	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1991 
1992 	if (softc->is_single == 0) {
1993 		if (ctl_frontend_register(&ha_frontend) != 0)
1994 			softc->is_single = 1;
1995 	}
1996 	return (0);
1997 }
1998 
1999 static int
2000 ctl_shutdown(void)
2001 {
2002 	struct ctl_softc *softc = control_softc;
2003 	int i;
2004 
2005 	if (softc->is_single == 0)
2006 		ctl_frontend_deregister(&ha_frontend);
2007 
2008 	destroy_dev(softc->dev);
2009 
2010 	/* Shutdown CTL threads. */
2011 	softc->shutdown = 1;
2012 	for (i = 0; i < worker_threads; i++) {
2013 		struct ctl_thread *thr = &softc->threads[i];
2014 		while (thr->thread != NULL) {
2015 			wakeup(thr);
2016 			if (thr->thread != NULL)
2017 				pause("CTL thr shutdown", 1);
2018 		}
2019 		mtx_destroy(&thr->queue_lock);
2020 	}
2021 	while (softc->lun_thread != NULL) {
2022 		wakeup(&softc->pending_lun_queue);
2023 		if (softc->lun_thread != NULL)
2024 			pause("CTL thr shutdown", 1);
2025 	}
2026 	while (softc->thresh_thread != NULL) {
2027 		wakeup(softc->thresh_thread);
2028 		if (softc->thresh_thread != NULL)
2029 			pause("CTL thr shutdown", 1);
2030 	}
2031 
2032 	ctl_tpc_shutdown(softc);
2033 	uma_zdestroy(softc->io_zone);
2034 	mtx_destroy(&softc->ctl_lock);
2035 
2036 	free(softc->ctl_luns, M_DEVBUF);
2037 	free(softc->ctl_lun_mask, M_DEVBUF);
2038 	free(softc->ctl_port_mask, M_DEVBUF);
2039 	free(softc->ctl_ports, M_DEVBUF);
2040 
2041 	sysctl_ctx_free(&softc->sysctl_ctx);
2042 
2043 	free(softc, M_DEVBUF);
2044 	control_softc = NULL;
2045 	return (0);
2046 }
2047 
2048 static int
2049 ctl_module_event_handler(module_t mod, int what, void *arg)
2050 {
2051 
2052 	switch (what) {
2053 	case MOD_LOAD:
2054 		return (ctl_init());
2055 	case MOD_UNLOAD:
2056 		return (ctl_shutdown());
2057 	default:
2058 		return (EOPNOTSUPP);
2059 	}
2060 }
2061 
2062 /*
2063  * XXX KDM should we do some access checks here?  Bump a reference count to
2064  * prevent a CTL module from being unloaded while someone has it open?
2065  */
2066 static int
2067 ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
2068 {
2069 	return (0);
2070 }
2071 
2072 static int
2073 ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
2074 {
2075 	return (0);
2076 }
2077 
2078 /*
2079  * Remove an initiator by port number and initiator ID.
2080  * Returns 0 for success, -1 for failure.
2081  */
2082 int
2083 ctl_remove_initiator(struct ctl_port *port, int iid)
2084 {
2085 	struct ctl_softc *softc = port->ctl_softc;
2086 	int last;
2087 
2088 	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2089 
2090 	if (iid > CTL_MAX_INIT_PER_PORT) {
2091 		printf("%s: initiator ID %u > maximun %u!\n",
2092 		       __func__, iid, CTL_MAX_INIT_PER_PORT);
2093 		return (-1);
2094 	}
2095 
2096 	mtx_lock(&softc->ctl_lock);
2097 	last = (--port->wwpn_iid[iid].in_use == 0);
2098 	port->wwpn_iid[iid].last_use = time_uptime;
2099 	mtx_unlock(&softc->ctl_lock);
2100 	if (last)
2101 		ctl_i_t_nexus_loss(softc, iid, CTL_UA_POWERON);
2102 	ctl_isc_announce_iid(port, iid);
2103 
2104 	return (0);
2105 }
2106 
2107 /*
2108  * Add an initiator to the initiator map.
2109  * Returns iid for success, < 0 for failure.
2110  */
2111 int
2112 ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
2113 {
2114 	struct ctl_softc *softc = port->ctl_softc;
2115 	time_t best_time;
2116 	int i, best;
2117 
2118 	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
2119 
2120 	if (iid >= CTL_MAX_INIT_PER_PORT) {
2121 		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
2122 		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
2123 		free(name, M_CTL);
2124 		return (-1);
2125 	}
2126 
2127 	mtx_lock(&softc->ctl_lock);
2128 
2129 	if (iid < 0 && (wwpn != 0 || name != NULL)) {
2130 		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2131 			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
2132 				iid = i;
2133 				break;
2134 			}
2135 			if (name != NULL && port->wwpn_iid[i].name != NULL &&
2136 			    strcmp(name, port->wwpn_iid[i].name) == 0) {
2137 				iid = i;
2138 				break;
2139 			}
2140 		}
2141 	}
2142 
2143 	if (iid < 0) {
2144 		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2145 			if (port->wwpn_iid[i].in_use == 0 &&
2146 			    port->wwpn_iid[i].wwpn == 0 &&
2147 			    port->wwpn_iid[i].name == NULL) {
2148 				iid = i;
2149 				break;
2150 			}
2151 		}
2152 	}
2153 
2154 	if (iid < 0) {
2155 		best = -1;
2156 		best_time = INT32_MAX;
2157 		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2158 			if (port->wwpn_iid[i].in_use == 0) {
2159 				if (port->wwpn_iid[i].last_use < best_time) {
2160 					best = i;
2161 					best_time = port->wwpn_iid[i].last_use;
2162 				}
2163 			}
2164 		}
2165 		iid = best;
2166 	}
2167 
2168 	if (iid < 0) {
2169 		mtx_unlock(&softc->ctl_lock);
2170 		free(name, M_CTL);
2171 		return (-2);
2172 	}
2173 
2174 	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2175 		/*
2176 		 * This is not an error yet.
2177 		 */
2178 		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2179 #if 0
2180 			printf("%s: port %d iid %u WWPN %#jx arrived"
2181 			    " again\n", __func__, port->targ_port,
2182 			    iid, (uintmax_t)wwpn);
2183 #endif
2184 			goto take;
2185 		}
2186 		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2187 		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2188 #if 0
2189 			printf("%s: port %d iid %u name '%s' arrived"
2190 			    " again\n", __func__, port->targ_port,
2191 			    iid, name);
2192 #endif
2193 			goto take;
2194 		}
2195 
2196 		/*
2197 		 * This is an error, but what do we do about it?  The
2198 		 * driver is telling us we have a new WWPN for this
2199 		 * initiator ID, so we pretty much need to use it.
2200 		 */
2201 		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2202 		    " but WWPN %#jx '%s' is still at that address\n",
2203 		    __func__, port->targ_port, iid, wwpn, name,
2204 		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2205 		    port->wwpn_iid[iid].name);
2206 	}
2207 take:
2208 	free(port->wwpn_iid[iid].name, M_CTL);
2209 	port->wwpn_iid[iid].name = name;
2210 	port->wwpn_iid[iid].wwpn = wwpn;
2211 	port->wwpn_iid[iid].in_use++;
2212 	mtx_unlock(&softc->ctl_lock);
2213 	ctl_isc_announce_iid(port, iid);
2214 
2215 	return (iid);
2216 }
2217 
2218 static int
2219 ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2220 {
2221 	int len;
2222 
2223 	switch (port->port_type) {
2224 	case CTL_PORT_FC:
2225 	{
2226 		struct scsi_transportid_fcp *id =
2227 		    (struct scsi_transportid_fcp *)buf;
2228 		if (port->wwpn_iid[iid].wwpn == 0)
2229 			return (0);
2230 		memset(id, 0, sizeof(*id));
2231 		id->format_protocol = SCSI_PROTO_FC;
2232 		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2233 		return (sizeof(*id));
2234 	}
2235 	case CTL_PORT_ISCSI:
2236 	{
2237 		struct scsi_transportid_iscsi_port *id =
2238 		    (struct scsi_transportid_iscsi_port *)buf;
2239 		if (port->wwpn_iid[iid].name == NULL)
2240 			return (0);
2241 		memset(id, 0, 256);
2242 		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2243 		    SCSI_PROTO_ISCSI;
2244 		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2245 		len = roundup2(min(len, 252), 4);
2246 		scsi_ulto2b(len, id->additional_length);
2247 		return (sizeof(*id) + len);
2248 	}
2249 	case CTL_PORT_SAS:
2250 	{
2251 		struct scsi_transportid_sas *id =
2252 		    (struct scsi_transportid_sas *)buf;
2253 		if (port->wwpn_iid[iid].wwpn == 0)
2254 			return (0);
2255 		memset(id, 0, sizeof(*id));
2256 		id->format_protocol = SCSI_PROTO_SAS;
2257 		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2258 		return (sizeof(*id));
2259 	}
2260 	default:
2261 	{
2262 		struct scsi_transportid_spi *id =
2263 		    (struct scsi_transportid_spi *)buf;
2264 		memset(id, 0, sizeof(*id));
2265 		id->format_protocol = SCSI_PROTO_SPI;
2266 		scsi_ulto2b(iid, id->scsi_addr);
2267 		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2268 		return (sizeof(*id));
2269 	}
2270 	}
2271 }
2272 
2273 /*
2274  * Serialize a command that went down the "wrong" side, and so was sent to
2275  * this controller for execution.  The logic is a little different than the
2276  * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2277  * sent back to the other side, but in the success case, we execute the
2278  * command on this side (XFER mode) or tell the other side to execute it
2279  * (SER_ONLY mode).
2280  */
2281 static void
2282 ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2283 {
2284 	struct ctl_softc *softc = CTL_SOFTC(ctsio);
2285 	struct ctl_port *port = CTL_PORT(ctsio);
2286 	union ctl_ha_msg msg_info;
2287 	struct ctl_lun *lun;
2288 	const struct ctl_cmd_entry *entry;
2289 	uint32_t targ_lun;
2290 
2291 	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2292 
2293 	/* Make sure that we know about this port. */
2294 	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2295 		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2296 					 /*retry_count*/ 1);
2297 		goto badjuju;
2298 	}
2299 
2300 	/* Make sure that we know about this LUN. */
2301 	mtx_lock(&softc->ctl_lock);
2302 	if (targ_lun >= ctl_max_luns ||
2303 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
2304 		mtx_unlock(&softc->ctl_lock);
2305 
2306 		/*
2307 		 * The other node would not send this request to us unless
2308 		 * received announce that we are primary node for this LUN.
2309 		 * If this LUN does not exist now, it is probably result of
2310 		 * a race, so respond to initiator in the most opaque way.
2311 		 */
2312 		ctl_set_busy(ctsio);
2313 		goto badjuju;
2314 	}
2315 	mtx_lock(&lun->lun_lock);
2316 	mtx_unlock(&softc->ctl_lock);
2317 
2318 	/*
2319 	 * If the LUN is invalid, pretend that it doesn't exist.
2320 	 * It will go away as soon as all pending I/Os completed.
2321 	 */
2322 	if (lun->flags & CTL_LUN_DISABLED) {
2323 		mtx_unlock(&lun->lun_lock);
2324 		ctl_set_busy(ctsio);
2325 		goto badjuju;
2326 	}
2327 
2328 	entry = ctl_get_cmd_entry(ctsio, NULL);
2329 	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2330 		mtx_unlock(&lun->lun_lock);
2331 		goto badjuju;
2332 	}
2333 
2334 	CTL_LUN(ctsio) = lun;
2335 	CTL_BACKEND_LUN(ctsio) = lun->be_lun;
2336 
2337 	/*
2338 	 * Every I/O goes into the OOA queue for a
2339 	 * particular LUN, and stays there until completion.
2340 	 */
2341 #ifdef CTL_TIME_IO
2342 	if (TAILQ_EMPTY(&lun->ooa_queue))
2343 		lun->idle_time += getsbinuptime() - lun->last_busy;
2344 #endif
2345 	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2346 
2347 	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2348 		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2349 		 ooa_links))) {
2350 	case CTL_ACTION_BLOCK:
2351 		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2352 		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2353 				  blocked_links);
2354 		mtx_unlock(&lun->lun_lock);
2355 		break;
2356 	case CTL_ACTION_PASS:
2357 	case CTL_ACTION_SKIP:
2358 		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2359 			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2360 			ctl_enqueue_rtr((union ctl_io *)ctsio);
2361 			mtx_unlock(&lun->lun_lock);
2362 		} else {
2363 			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2364 			mtx_unlock(&lun->lun_lock);
2365 
2366 			/* send msg back to other side */
2367 			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2368 			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2369 			msg_info.hdr.msg_type = CTL_MSG_R2R;
2370 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2371 			    sizeof(msg_info.hdr), M_WAITOK);
2372 		}
2373 		break;
2374 	case CTL_ACTION_OVERLAP:
2375 		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2376 		mtx_unlock(&lun->lun_lock);
2377 		ctl_set_overlapped_cmd(ctsio);
2378 		goto badjuju;
2379 	case CTL_ACTION_OVERLAP_TAG:
2380 		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2381 		mtx_unlock(&lun->lun_lock);
2382 		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2383 		goto badjuju;
2384 	case CTL_ACTION_ERROR:
2385 	default:
2386 		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2387 		mtx_unlock(&lun->lun_lock);
2388 
2389 		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2390 					 /*retry_count*/ 0);
2391 badjuju:
2392 		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2393 		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2394 		msg_info.hdr.serializing_sc = NULL;
2395 		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2396 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2397 		    sizeof(msg_info.scsi), M_WAITOK);
2398 		ctl_free_io((union ctl_io *)ctsio);
2399 		break;
2400 	}
2401 }
2402 
2403 /*
2404  * Returns 0 for success, errno for failure.
2405  */
2406 static void
2407 ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2408 		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2409 {
2410 	union ctl_io *io;
2411 
2412 	mtx_lock(&lun->lun_lock);
2413 	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2414 	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2415 	     ooa_links)) {
2416 		struct ctl_ooa_entry *entry;
2417 
2418 		/*
2419 		 * If we've got more than we can fit, just count the
2420 		 * remaining entries.
2421 		 */
2422 		if (*cur_fill_num >= ooa_hdr->alloc_num)
2423 			continue;
2424 
2425 		entry = &kern_entries[*cur_fill_num];
2426 
2427 		entry->tag_num = io->scsiio.tag_num;
2428 		entry->lun_num = lun->lun;
2429 #ifdef CTL_TIME_IO
2430 		entry->start_bt = io->io_hdr.start_bt;
2431 #endif
2432 		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2433 		entry->cdb_len = io->scsiio.cdb_len;
2434 		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2435 			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2436 
2437 		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2438 			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2439 
2440 		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2441 			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2442 
2443 		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2444 			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2445 
2446 		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2447 			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2448 	}
2449 	mtx_unlock(&lun->lun_lock);
2450 }
2451 
2452 static void *
2453 ctl_copyin_alloc(void *user_addr, unsigned int len, char *error_str,
2454 		 size_t error_str_len)
2455 {
2456 	void *kptr;
2457 
2458 	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2459 
2460 	if (copyin(user_addr, kptr, len) != 0) {
2461 		snprintf(error_str, error_str_len, "Error copying %d bytes "
2462 			 "from user address %p to kernel address %p", len,
2463 			 user_addr, kptr);
2464 		free(kptr, M_CTL);
2465 		return (NULL);
2466 	}
2467 
2468 	return (kptr);
2469 }
2470 
2471 static void
2472 ctl_free_args(int num_args, struct ctl_be_arg *args)
2473 {
2474 	int i;
2475 
2476 	if (args == NULL)
2477 		return;
2478 
2479 	for (i = 0; i < num_args; i++) {
2480 		free(args[i].kname, M_CTL);
2481 		free(args[i].kvalue, M_CTL);
2482 	}
2483 
2484 	free(args, M_CTL);
2485 }
2486 
2487 static struct ctl_be_arg *
2488 ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2489 		char *error_str, size_t error_str_len)
2490 {
2491 	struct ctl_be_arg *args;
2492 	int i;
2493 
2494 	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2495 				error_str, error_str_len);
2496 
2497 	if (args == NULL)
2498 		goto bailout;
2499 
2500 	for (i = 0; i < num_args; i++) {
2501 		args[i].kname = NULL;
2502 		args[i].kvalue = NULL;
2503 	}
2504 
2505 	for (i = 0; i < num_args; i++) {
2506 		uint8_t *tmpptr;
2507 
2508 		if (args[i].namelen == 0) {
2509 			snprintf(error_str, error_str_len, "Argument %d "
2510 				 "name length is zero", i);
2511 			goto bailout;
2512 		}
2513 
2514 		args[i].kname = ctl_copyin_alloc(args[i].name,
2515 			args[i].namelen, error_str, error_str_len);
2516 		if (args[i].kname == NULL)
2517 			goto bailout;
2518 
2519 		if (args[i].kname[args[i].namelen - 1] != '\0') {
2520 			snprintf(error_str, error_str_len, "Argument %d "
2521 				 "name is not NUL-terminated", i);
2522 			goto bailout;
2523 		}
2524 
2525 		if (args[i].flags & CTL_BEARG_RD) {
2526 			if (args[i].vallen == 0) {
2527 				snprintf(error_str, error_str_len, "Argument %d "
2528 					 "value length is zero", i);
2529 				goto bailout;
2530 			}
2531 
2532 			tmpptr = ctl_copyin_alloc(args[i].value,
2533 				args[i].vallen, error_str, error_str_len);
2534 			if (tmpptr == NULL)
2535 				goto bailout;
2536 
2537 			if ((args[i].flags & CTL_BEARG_ASCII)
2538 			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2539 				snprintf(error_str, error_str_len, "Argument "
2540 				    "%d value is not NUL-terminated", i);
2541 				free(tmpptr, M_CTL);
2542 				goto bailout;
2543 			}
2544 			args[i].kvalue = tmpptr;
2545 		} else {
2546 			args[i].kvalue = malloc(args[i].vallen,
2547 			    M_CTL, M_WAITOK | M_ZERO);
2548 		}
2549 	}
2550 
2551 	return (args);
2552 bailout:
2553 
2554 	ctl_free_args(num_args, args);
2555 
2556 	return (NULL);
2557 }
2558 
2559 static void
2560 ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2561 {
2562 	int i;
2563 
2564 	for (i = 0; i < num_args; i++) {
2565 		if (args[i].flags & CTL_BEARG_WR)
2566 			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2567 	}
2568 }
2569 
2570 /*
2571  * Escape characters that are illegal or not recommended in XML.
2572  */
2573 int
2574 ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2575 {
2576 	char *end = str + size;
2577 	int retval;
2578 
2579 	retval = 0;
2580 
2581 	for (; *str && str < end; str++) {
2582 		switch (*str) {
2583 		case '&':
2584 			retval = sbuf_printf(sb, "&amp;");
2585 			break;
2586 		case '>':
2587 			retval = sbuf_printf(sb, "&gt;");
2588 			break;
2589 		case '<':
2590 			retval = sbuf_printf(sb, "&lt;");
2591 			break;
2592 		default:
2593 			retval = sbuf_putc(sb, *str);
2594 			break;
2595 		}
2596 
2597 		if (retval != 0)
2598 			break;
2599 
2600 	}
2601 
2602 	return (retval);
2603 }
2604 
2605 static void
2606 ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2607 {
2608 	struct scsi_vpd_id_descriptor *desc;
2609 	int i;
2610 
2611 	if (id == NULL || id->len < 4)
2612 		return;
2613 	desc = (struct scsi_vpd_id_descriptor *)id->data;
2614 	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2615 	case SVPD_ID_TYPE_T10:
2616 		sbuf_printf(sb, "t10.");
2617 		break;
2618 	case SVPD_ID_TYPE_EUI64:
2619 		sbuf_printf(sb, "eui.");
2620 		break;
2621 	case SVPD_ID_TYPE_NAA:
2622 		sbuf_printf(sb, "naa.");
2623 		break;
2624 	case SVPD_ID_TYPE_SCSI_NAME:
2625 		break;
2626 	}
2627 	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2628 	case SVPD_ID_CODESET_BINARY:
2629 		for (i = 0; i < desc->length; i++)
2630 			sbuf_printf(sb, "%02x", desc->identifier[i]);
2631 		break;
2632 	case SVPD_ID_CODESET_ASCII:
2633 		sbuf_printf(sb, "%.*s", (int)desc->length,
2634 		    (char *)desc->identifier);
2635 		break;
2636 	case SVPD_ID_CODESET_UTF8:
2637 		sbuf_printf(sb, "%s", (char *)desc->identifier);
2638 		break;
2639 	}
2640 }
2641 
2642 static int
2643 ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2644 	  struct thread *td)
2645 {
2646 	struct ctl_softc *softc = dev->si_drv1;
2647 	struct ctl_port *port;
2648 	struct ctl_lun *lun;
2649 	int retval;
2650 
2651 	retval = 0;
2652 
2653 	switch (cmd) {
2654 	case CTL_IO:
2655 		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2656 		break;
2657 	case CTL_ENABLE_PORT:
2658 	case CTL_DISABLE_PORT:
2659 	case CTL_SET_PORT_WWNS: {
2660 		struct ctl_port *port;
2661 		struct ctl_port_entry *entry;
2662 
2663 		entry = (struct ctl_port_entry *)addr;
2664 
2665 		mtx_lock(&softc->ctl_lock);
2666 		STAILQ_FOREACH(port, &softc->port_list, links) {
2667 			int action, done;
2668 
2669 			if (port->targ_port < softc->port_min ||
2670 			    port->targ_port >= softc->port_max)
2671 				continue;
2672 
2673 			action = 0;
2674 			done = 0;
2675 			if ((entry->port_type == CTL_PORT_NONE)
2676 			 && (entry->targ_port == port->targ_port)) {
2677 				/*
2678 				 * If the user only wants to enable or
2679 				 * disable or set WWNs on a specific port,
2680 				 * do the operation and we're done.
2681 				 */
2682 				action = 1;
2683 				done = 1;
2684 			} else if (entry->port_type & port->port_type) {
2685 				/*
2686 				 * Compare the user's type mask with the
2687 				 * particular frontend type to see if we
2688 				 * have a match.
2689 				 */
2690 				action = 1;
2691 				done = 0;
2692 
2693 				/*
2694 				 * Make sure the user isn't trying to set
2695 				 * WWNs on multiple ports at the same time.
2696 				 */
2697 				if (cmd == CTL_SET_PORT_WWNS) {
2698 					printf("%s: Can't set WWNs on "
2699 					       "multiple ports\n", __func__);
2700 					retval = EINVAL;
2701 					break;
2702 				}
2703 			}
2704 			if (action == 0)
2705 				continue;
2706 
2707 			/*
2708 			 * XXX KDM we have to drop the lock here, because
2709 			 * the online/offline operations can potentially
2710 			 * block.  We need to reference count the frontends
2711 			 * so they can't go away,
2712 			 */
2713 			if (cmd == CTL_ENABLE_PORT) {
2714 				mtx_unlock(&softc->ctl_lock);
2715 				ctl_port_online(port);
2716 				mtx_lock(&softc->ctl_lock);
2717 			} else if (cmd == CTL_DISABLE_PORT) {
2718 				mtx_unlock(&softc->ctl_lock);
2719 				ctl_port_offline(port);
2720 				mtx_lock(&softc->ctl_lock);
2721 			} else if (cmd == CTL_SET_PORT_WWNS) {
2722 				ctl_port_set_wwns(port,
2723 				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2724 				    1 : 0, entry->wwnn,
2725 				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2726 				    1 : 0, entry->wwpn);
2727 			}
2728 			if (done != 0)
2729 				break;
2730 		}
2731 		mtx_unlock(&softc->ctl_lock);
2732 		break;
2733 	}
2734 	case CTL_GET_OOA: {
2735 		struct ctl_ooa *ooa_hdr;
2736 		struct ctl_ooa_entry *entries;
2737 		uint32_t cur_fill_num;
2738 
2739 		ooa_hdr = (struct ctl_ooa *)addr;
2740 
2741 		if ((ooa_hdr->alloc_len == 0)
2742 		 || (ooa_hdr->alloc_num == 0)) {
2743 			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2744 			       "must be non-zero\n", __func__,
2745 			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2746 			retval = EINVAL;
2747 			break;
2748 		}
2749 
2750 		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2751 		    sizeof(struct ctl_ooa_entry))) {
2752 			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2753 			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2754 			       __func__, ooa_hdr->alloc_len,
2755 			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2756 			retval = EINVAL;
2757 			break;
2758 		}
2759 
2760 		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2761 		if (entries == NULL) {
2762 			printf("%s: could not allocate %d bytes for OOA "
2763 			       "dump\n", __func__, ooa_hdr->alloc_len);
2764 			retval = ENOMEM;
2765 			break;
2766 		}
2767 
2768 		mtx_lock(&softc->ctl_lock);
2769 		if ((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0 &&
2770 		    (ooa_hdr->lun_num >= ctl_max_luns ||
2771 		     softc->ctl_luns[ooa_hdr->lun_num] == NULL)) {
2772 			mtx_unlock(&softc->ctl_lock);
2773 			free(entries, M_CTL);
2774 			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2775 			       __func__, (uintmax_t)ooa_hdr->lun_num);
2776 			retval = EINVAL;
2777 			break;
2778 		}
2779 
2780 		cur_fill_num = 0;
2781 
2782 		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2783 			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2784 				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2785 				    ooa_hdr, entries);
2786 			}
2787 		} else {
2788 			lun = softc->ctl_luns[ooa_hdr->lun_num];
2789 			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2790 			    entries);
2791 		}
2792 		mtx_unlock(&softc->ctl_lock);
2793 
2794 		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2795 		ooa_hdr->fill_len = ooa_hdr->fill_num *
2796 			sizeof(struct ctl_ooa_entry);
2797 		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2798 		if (retval != 0) {
2799 			printf("%s: error copying out %d bytes for OOA dump\n",
2800 			       __func__, ooa_hdr->fill_len);
2801 		}
2802 
2803 		getbinuptime(&ooa_hdr->cur_bt);
2804 
2805 		if (cur_fill_num > ooa_hdr->alloc_num) {
2806 			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2807 			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2808 		} else {
2809 			ooa_hdr->dropped_num = 0;
2810 			ooa_hdr->status = CTL_OOA_OK;
2811 		}
2812 
2813 		free(entries, M_CTL);
2814 		break;
2815 	}
2816 	case CTL_DELAY_IO: {
2817 		struct ctl_io_delay_info *delay_info;
2818 
2819 		delay_info = (struct ctl_io_delay_info *)addr;
2820 
2821 #ifdef CTL_IO_DELAY
2822 		mtx_lock(&softc->ctl_lock);
2823 		if (delay_info->lun_id >= ctl_max_luns ||
2824 		    (lun = softc->ctl_luns[delay_info->lun_id]) == NULL) {
2825 			mtx_unlock(&softc->ctl_lock);
2826 			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2827 			break;
2828 		}
2829 		mtx_lock(&lun->lun_lock);
2830 		mtx_unlock(&softc->ctl_lock);
2831 		delay_info->status = CTL_DELAY_STATUS_OK;
2832 		switch (delay_info->delay_type) {
2833 		case CTL_DELAY_TYPE_CONT:
2834 		case CTL_DELAY_TYPE_ONESHOT:
2835 			break;
2836 		default:
2837 			delay_info->status = CTL_DELAY_STATUS_INVALID_TYPE;
2838 			break;
2839 		}
2840 		switch (delay_info->delay_loc) {
2841 		case CTL_DELAY_LOC_DATAMOVE:
2842 			lun->delay_info.datamove_type = delay_info->delay_type;
2843 			lun->delay_info.datamove_delay = delay_info->delay_secs;
2844 			break;
2845 		case CTL_DELAY_LOC_DONE:
2846 			lun->delay_info.done_type = delay_info->delay_type;
2847 			lun->delay_info.done_delay = delay_info->delay_secs;
2848 			break;
2849 		default:
2850 			delay_info->status = CTL_DELAY_STATUS_INVALID_LOC;
2851 			break;
2852 		}
2853 		mtx_unlock(&lun->lun_lock);
2854 #else
2855 		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2856 #endif /* CTL_IO_DELAY */
2857 		break;
2858 	}
2859 #ifdef CTL_LEGACY_STATS
2860 	case CTL_GETSTATS: {
2861 		struct ctl_stats *stats = (struct ctl_stats *)addr;
2862 		int i;
2863 
2864 		/*
2865 		 * XXX KDM no locking here.  If the LUN list changes,
2866 		 * things can blow up.
2867 		 */
2868 		i = 0;
2869 		stats->status = CTL_SS_OK;
2870 		stats->fill_len = 0;
2871 		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2872 			if (stats->fill_len + sizeof(lun->legacy_stats) >
2873 			    stats->alloc_len) {
2874 				stats->status = CTL_SS_NEED_MORE_SPACE;
2875 				break;
2876 			}
2877 			retval = copyout(&lun->legacy_stats, &stats->lun_stats[i++],
2878 					 sizeof(lun->legacy_stats));
2879 			if (retval != 0)
2880 				break;
2881 			stats->fill_len += sizeof(lun->legacy_stats);
2882 		}
2883 		stats->num_luns = softc->num_luns;
2884 		stats->flags = CTL_STATS_FLAG_NONE;
2885 #ifdef CTL_TIME_IO
2886 		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
2887 #endif
2888 		getnanouptime(&stats->timestamp);
2889 		break;
2890 	}
2891 #endif /* CTL_LEGACY_STATS */
2892 	case CTL_ERROR_INJECT: {
2893 		struct ctl_error_desc *err_desc, *new_err_desc;
2894 
2895 		err_desc = (struct ctl_error_desc *)addr;
2896 
2897 		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2898 				      M_WAITOK | M_ZERO);
2899 		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2900 
2901 		mtx_lock(&softc->ctl_lock);
2902 		if (err_desc->lun_id >= ctl_max_luns ||
2903 		    (lun = softc->ctl_luns[err_desc->lun_id]) == NULL) {
2904 			mtx_unlock(&softc->ctl_lock);
2905 			free(new_err_desc, M_CTL);
2906 			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2907 			       __func__, (uintmax_t)err_desc->lun_id);
2908 			retval = EINVAL;
2909 			break;
2910 		}
2911 		mtx_lock(&lun->lun_lock);
2912 		mtx_unlock(&softc->ctl_lock);
2913 
2914 		/*
2915 		 * We could do some checking here to verify the validity
2916 		 * of the request, but given the complexity of error
2917 		 * injection requests, the checking logic would be fairly
2918 		 * complex.
2919 		 *
2920 		 * For now, if the request is invalid, it just won't get
2921 		 * executed and might get deleted.
2922 		 */
2923 		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2924 
2925 		/*
2926 		 * XXX KDM check to make sure the serial number is unique,
2927 		 * in case we somehow manage to wrap.  That shouldn't
2928 		 * happen for a very long time, but it's the right thing to
2929 		 * do.
2930 		 */
2931 		new_err_desc->serial = lun->error_serial;
2932 		err_desc->serial = lun->error_serial;
2933 		lun->error_serial++;
2934 
2935 		mtx_unlock(&lun->lun_lock);
2936 		break;
2937 	}
2938 	case CTL_ERROR_INJECT_DELETE: {
2939 		struct ctl_error_desc *delete_desc, *desc, *desc2;
2940 		int delete_done;
2941 
2942 		delete_desc = (struct ctl_error_desc *)addr;
2943 		delete_done = 0;
2944 
2945 		mtx_lock(&softc->ctl_lock);
2946 		if (delete_desc->lun_id >= ctl_max_luns ||
2947 		    (lun = softc->ctl_luns[delete_desc->lun_id]) == NULL) {
2948 			mtx_unlock(&softc->ctl_lock);
2949 			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2950 			       __func__, (uintmax_t)delete_desc->lun_id);
2951 			retval = EINVAL;
2952 			break;
2953 		}
2954 		mtx_lock(&lun->lun_lock);
2955 		mtx_unlock(&softc->ctl_lock);
2956 		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2957 			if (desc->serial != delete_desc->serial)
2958 				continue;
2959 
2960 			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2961 				      links);
2962 			free(desc, M_CTL);
2963 			delete_done = 1;
2964 		}
2965 		mtx_unlock(&lun->lun_lock);
2966 		if (delete_done == 0) {
2967 			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2968 			       "error serial %ju on LUN %u\n", __func__,
2969 			       delete_desc->serial, delete_desc->lun_id);
2970 			retval = EINVAL;
2971 			break;
2972 		}
2973 		break;
2974 	}
2975 	case CTL_DUMP_STRUCTS: {
2976 		int j, k;
2977 		struct ctl_port *port;
2978 		struct ctl_frontend *fe;
2979 
2980 		mtx_lock(&softc->ctl_lock);
2981 		printf("CTL Persistent Reservation information start:\n");
2982 		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2983 			mtx_lock(&lun->lun_lock);
2984 			if ((lun->flags & CTL_LUN_DISABLED) != 0) {
2985 				mtx_unlock(&lun->lun_lock);
2986 				continue;
2987 			}
2988 
2989 			for (j = 0; j < ctl_max_ports; j++) {
2990 				if (lun->pr_keys[j] == NULL)
2991 					continue;
2992 				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2993 					if (lun->pr_keys[j][k] == 0)
2994 						continue;
2995 					printf("  LUN %ju port %d iid %d key "
2996 					       "%#jx\n", lun->lun, j, k,
2997 					       (uintmax_t)lun->pr_keys[j][k]);
2998 				}
2999 			}
3000 			mtx_unlock(&lun->lun_lock);
3001 		}
3002 		printf("CTL Persistent Reservation information end\n");
3003 		printf("CTL Ports:\n");
3004 		STAILQ_FOREACH(port, &softc->port_list, links) {
3005 			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3006 			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3007 			       port->frontend->name, port->port_type,
3008 			       port->physical_port, port->virtual_port,
3009 			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3010 			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3011 				if (port->wwpn_iid[j].in_use == 0 &&
3012 				    port->wwpn_iid[j].wwpn == 0 &&
3013 				    port->wwpn_iid[j].name == NULL)
3014 					continue;
3015 
3016 				printf("    iid %u use %d WWPN %#jx '%s'\n",
3017 				    j, port->wwpn_iid[j].in_use,
3018 				    (uintmax_t)port->wwpn_iid[j].wwpn,
3019 				    port->wwpn_iid[j].name);
3020 			}
3021 		}
3022 		printf("CTL Port information end\n");
3023 		mtx_unlock(&softc->ctl_lock);
3024 		/*
3025 		 * XXX KDM calling this without a lock.  We'd likely want
3026 		 * to drop the lock before calling the frontend's dump
3027 		 * routine anyway.
3028 		 */
3029 		printf("CTL Frontends:\n");
3030 		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3031 			printf("  Frontend '%s'\n", fe->name);
3032 			if (fe->fe_dump != NULL)
3033 				fe->fe_dump();
3034 		}
3035 		printf("CTL Frontend information end\n");
3036 		break;
3037 	}
3038 	case CTL_LUN_REQ: {
3039 		struct ctl_lun_req *lun_req;
3040 		struct ctl_backend_driver *backend;
3041 
3042 		lun_req = (struct ctl_lun_req *)addr;
3043 
3044 		backend = ctl_backend_find(lun_req->backend);
3045 		if (backend == NULL) {
3046 			lun_req->status = CTL_LUN_ERROR;
3047 			snprintf(lun_req->error_str,
3048 				 sizeof(lun_req->error_str),
3049 				 "Backend \"%s\" not found.",
3050 				 lun_req->backend);
3051 			break;
3052 		}
3053 		if (lun_req->num_be_args > 0) {
3054 			lun_req->kern_be_args = ctl_copyin_args(
3055 				lun_req->num_be_args,
3056 				lun_req->be_args,
3057 				lun_req->error_str,
3058 				sizeof(lun_req->error_str));
3059 			if (lun_req->kern_be_args == NULL) {
3060 				lun_req->status = CTL_LUN_ERROR;
3061 				break;
3062 			}
3063 		}
3064 
3065 		retval = backend->ioctl(dev, cmd, addr, flag, td);
3066 
3067 		if (lun_req->num_be_args > 0) {
3068 			ctl_copyout_args(lun_req->num_be_args,
3069 				      lun_req->kern_be_args);
3070 			ctl_free_args(lun_req->num_be_args,
3071 				      lun_req->kern_be_args);
3072 		}
3073 		break;
3074 	}
3075 	case CTL_LUN_LIST: {
3076 		struct sbuf *sb;
3077 		struct ctl_lun_list *list;
3078 		struct ctl_option *opt;
3079 
3080 		list = (struct ctl_lun_list *)addr;
3081 
3082 		/*
3083 		 * Allocate a fixed length sbuf here, based on the length
3084 		 * of the user's buffer.  We could allocate an auto-extending
3085 		 * buffer, and then tell the user how much larger our
3086 		 * amount of data is than his buffer, but that presents
3087 		 * some problems:
3088 		 *
3089 		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3090 		 *     we can't hold a lock while calling them with an
3091 		 *     auto-extending buffer.
3092  		 *
3093 		 * 2.  There is not currently a LUN reference counting
3094 		 *     mechanism, outside of outstanding transactions on
3095 		 *     the LUN's OOA queue.  So a LUN could go away on us
3096 		 *     while we're getting the LUN number, backend-specific
3097 		 *     information, etc.  Thus, given the way things
3098 		 *     currently work, we need to hold the CTL lock while
3099 		 *     grabbing LUN information.
3100 		 *
3101 		 * So, from the user's standpoint, the best thing to do is
3102 		 * allocate what he thinks is a reasonable buffer length,
3103 		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3104 		 * double the buffer length and try again.  (And repeat
3105 		 * that until he succeeds.)
3106 		 */
3107 		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3108 		if (sb == NULL) {
3109 			list->status = CTL_LUN_LIST_ERROR;
3110 			snprintf(list->error_str, sizeof(list->error_str),
3111 				 "Unable to allocate %d bytes for LUN list",
3112 				 list->alloc_len);
3113 			break;
3114 		}
3115 
3116 		sbuf_printf(sb, "<ctllunlist>\n");
3117 
3118 		mtx_lock(&softc->ctl_lock);
3119 		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3120 			mtx_lock(&lun->lun_lock);
3121 			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3122 					     (uintmax_t)lun->lun);
3123 
3124 			/*
3125 			 * Bail out as soon as we see that we've overfilled
3126 			 * the buffer.
3127 			 */
3128 			if (retval != 0)
3129 				break;
3130 
3131 			retval = sbuf_printf(sb, "\t<backend_type>%s"
3132 					     "</backend_type>\n",
3133 					     (lun->backend == NULL) ?  "none" :
3134 					     lun->backend->name);
3135 
3136 			if (retval != 0)
3137 				break;
3138 
3139 			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3140 					     lun->be_lun->lun_type);
3141 
3142 			if (retval != 0)
3143 				break;
3144 
3145 			if (lun->backend == NULL) {
3146 				retval = sbuf_printf(sb, "</lun>\n");
3147 				if (retval != 0)
3148 					break;
3149 				continue;
3150 			}
3151 
3152 			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3153 					     (lun->be_lun->maxlba > 0) ?
3154 					     lun->be_lun->maxlba + 1 : 0);
3155 
3156 			if (retval != 0)
3157 				break;
3158 
3159 			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3160 					     lun->be_lun->blocksize);
3161 
3162 			if (retval != 0)
3163 				break;
3164 
3165 			retval = sbuf_printf(sb, "\t<serial_number>");
3166 
3167 			if (retval != 0)
3168 				break;
3169 
3170 			retval = ctl_sbuf_printf_esc(sb,
3171 			    lun->be_lun->serial_num,
3172 			    sizeof(lun->be_lun->serial_num));
3173 
3174 			if (retval != 0)
3175 				break;
3176 
3177 			retval = sbuf_printf(sb, "</serial_number>\n");
3178 
3179 			if (retval != 0)
3180 				break;
3181 
3182 			retval = sbuf_printf(sb, "\t<device_id>");
3183 
3184 			if (retval != 0)
3185 				break;
3186 
3187 			retval = ctl_sbuf_printf_esc(sb,
3188 			    lun->be_lun->device_id,
3189 			    sizeof(lun->be_lun->device_id));
3190 
3191 			if (retval != 0)
3192 				break;
3193 
3194 			retval = sbuf_printf(sb, "</device_id>\n");
3195 
3196 			if (retval != 0)
3197 				break;
3198 
3199 			if (lun->backend->lun_info != NULL) {
3200 				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3201 				if (retval != 0)
3202 					break;
3203 			}
3204 			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3205 				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3206 				    opt->name, opt->value, opt->name);
3207 				if (retval != 0)
3208 					break;
3209 			}
3210 
3211 			retval = sbuf_printf(sb, "</lun>\n");
3212 
3213 			if (retval != 0)
3214 				break;
3215 			mtx_unlock(&lun->lun_lock);
3216 		}
3217 		if (lun != NULL)
3218 			mtx_unlock(&lun->lun_lock);
3219 		mtx_unlock(&softc->ctl_lock);
3220 
3221 		if ((retval != 0)
3222 		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3223 			retval = 0;
3224 			sbuf_delete(sb);
3225 			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3226 			snprintf(list->error_str, sizeof(list->error_str),
3227 				 "Out of space, %d bytes is too small",
3228 				 list->alloc_len);
3229 			break;
3230 		}
3231 
3232 		sbuf_finish(sb);
3233 
3234 		retval = copyout(sbuf_data(sb), list->lun_xml,
3235 				 sbuf_len(sb) + 1);
3236 
3237 		list->fill_len = sbuf_len(sb) + 1;
3238 		list->status = CTL_LUN_LIST_OK;
3239 		sbuf_delete(sb);
3240 		break;
3241 	}
3242 	case CTL_ISCSI: {
3243 		struct ctl_iscsi *ci;
3244 		struct ctl_frontend *fe;
3245 
3246 		ci = (struct ctl_iscsi *)addr;
3247 
3248 		fe = ctl_frontend_find("iscsi");
3249 		if (fe == NULL) {
3250 			ci->status = CTL_ISCSI_ERROR;
3251 			snprintf(ci->error_str, sizeof(ci->error_str),
3252 			    "Frontend \"iscsi\" not found.");
3253 			break;
3254 		}
3255 
3256 		retval = fe->ioctl(dev, cmd, addr, flag, td);
3257 		break;
3258 	}
3259 	case CTL_PORT_REQ: {
3260 		struct ctl_req *req;
3261 		struct ctl_frontend *fe;
3262 
3263 		req = (struct ctl_req *)addr;
3264 
3265 		fe = ctl_frontend_find(req->driver);
3266 		if (fe == NULL) {
3267 			req->status = CTL_LUN_ERROR;
3268 			snprintf(req->error_str, sizeof(req->error_str),
3269 			    "Frontend \"%s\" not found.", req->driver);
3270 			break;
3271 		}
3272 		if (req->num_args > 0) {
3273 			req->kern_args = ctl_copyin_args(req->num_args,
3274 			    req->args, req->error_str, sizeof(req->error_str));
3275 			if (req->kern_args == NULL) {
3276 				req->status = CTL_LUN_ERROR;
3277 				break;
3278 			}
3279 		}
3280 
3281 		if (fe->ioctl)
3282 			retval = fe->ioctl(dev, cmd, addr, flag, td);
3283 		else
3284 			retval = ENODEV;
3285 
3286 		if (req->num_args > 0) {
3287 			ctl_copyout_args(req->num_args, req->kern_args);
3288 			ctl_free_args(req->num_args, req->kern_args);
3289 		}
3290 		break;
3291 	}
3292 	case CTL_PORT_LIST: {
3293 		struct sbuf *sb;
3294 		struct ctl_port *port;
3295 		struct ctl_lun_list *list;
3296 		struct ctl_option *opt;
3297 		int j;
3298 		uint32_t plun;
3299 
3300 		list = (struct ctl_lun_list *)addr;
3301 
3302 		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3303 		if (sb == NULL) {
3304 			list->status = CTL_LUN_LIST_ERROR;
3305 			snprintf(list->error_str, sizeof(list->error_str),
3306 				 "Unable to allocate %d bytes for LUN list",
3307 				 list->alloc_len);
3308 			break;
3309 		}
3310 
3311 		sbuf_printf(sb, "<ctlportlist>\n");
3312 
3313 		mtx_lock(&softc->ctl_lock);
3314 		STAILQ_FOREACH(port, &softc->port_list, links) {
3315 			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3316 					     (uintmax_t)port->targ_port);
3317 
3318 			/*
3319 			 * Bail out as soon as we see that we've overfilled
3320 			 * the buffer.
3321 			 */
3322 			if (retval != 0)
3323 				break;
3324 
3325 			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3326 			    "</frontend_type>\n", port->frontend->name);
3327 			if (retval != 0)
3328 				break;
3329 
3330 			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3331 					     port->port_type);
3332 			if (retval != 0)
3333 				break;
3334 
3335 			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3336 			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3337 			if (retval != 0)
3338 				break;
3339 
3340 			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3341 			    port->port_name);
3342 			if (retval != 0)
3343 				break;
3344 
3345 			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3346 			    port->physical_port);
3347 			if (retval != 0)
3348 				break;
3349 
3350 			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3351 			    port->virtual_port);
3352 			if (retval != 0)
3353 				break;
3354 
3355 			if (port->target_devid != NULL) {
3356 				sbuf_printf(sb, "\t<target>");
3357 				ctl_id_sbuf(port->target_devid, sb);
3358 				sbuf_printf(sb, "</target>\n");
3359 			}
3360 
3361 			if (port->port_devid != NULL) {
3362 				sbuf_printf(sb, "\t<port>");
3363 				ctl_id_sbuf(port->port_devid, sb);
3364 				sbuf_printf(sb, "</port>\n");
3365 			}
3366 
3367 			if (port->port_info != NULL) {
3368 				retval = port->port_info(port->onoff_arg, sb);
3369 				if (retval != 0)
3370 					break;
3371 			}
3372 			STAILQ_FOREACH(opt, &port->options, links) {
3373 				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3374 				    opt->name, opt->value, opt->name);
3375 				if (retval != 0)
3376 					break;
3377 			}
3378 
3379 			if (port->lun_map != NULL) {
3380 				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3381 				for (j = 0; j < port->lun_map_size; j++) {
3382 					plun = ctl_lun_map_from_port(port, j);
3383 					if (plun == UINT32_MAX)
3384 						continue;
3385 					sbuf_printf(sb,
3386 					    "\t<lun id=\"%u\">%u</lun>\n",
3387 					    j, plun);
3388 				}
3389 			}
3390 
3391 			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3392 				if (port->wwpn_iid[j].in_use == 0 ||
3393 				    (port->wwpn_iid[j].wwpn == 0 &&
3394 				     port->wwpn_iid[j].name == NULL))
3395 					continue;
3396 
3397 				if (port->wwpn_iid[j].name != NULL)
3398 					retval = sbuf_printf(sb,
3399 					    "\t<initiator id=\"%u\">%s</initiator>\n",
3400 					    j, port->wwpn_iid[j].name);
3401 				else
3402 					retval = sbuf_printf(sb,
3403 					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3404 					    j, port->wwpn_iid[j].wwpn);
3405 				if (retval != 0)
3406 					break;
3407 			}
3408 			if (retval != 0)
3409 				break;
3410 
3411 			retval = sbuf_printf(sb, "</targ_port>\n");
3412 			if (retval != 0)
3413 				break;
3414 		}
3415 		mtx_unlock(&softc->ctl_lock);
3416 
3417 		if ((retval != 0)
3418 		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3419 			retval = 0;
3420 			sbuf_delete(sb);
3421 			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3422 			snprintf(list->error_str, sizeof(list->error_str),
3423 				 "Out of space, %d bytes is too small",
3424 				 list->alloc_len);
3425 			break;
3426 		}
3427 
3428 		sbuf_finish(sb);
3429 
3430 		retval = copyout(sbuf_data(sb), list->lun_xml,
3431 				 sbuf_len(sb) + 1);
3432 
3433 		list->fill_len = sbuf_len(sb) + 1;
3434 		list->status = CTL_LUN_LIST_OK;
3435 		sbuf_delete(sb);
3436 		break;
3437 	}
3438 	case CTL_LUN_MAP: {
3439 		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3440 		struct ctl_port *port;
3441 
3442 		mtx_lock(&softc->ctl_lock);
3443 		if (lm->port < softc->port_min ||
3444 		    lm->port >= softc->port_max ||
3445 		    (port = softc->ctl_ports[lm->port]) == NULL) {
3446 			mtx_unlock(&softc->ctl_lock);
3447 			return (ENXIO);
3448 		}
3449 		if (port->status & CTL_PORT_STATUS_ONLINE) {
3450 			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3451 				if (ctl_lun_map_to_port(port, lun->lun) ==
3452 				    UINT32_MAX)
3453 					continue;
3454 				mtx_lock(&lun->lun_lock);
3455 				ctl_est_ua_port(lun, lm->port, -1,
3456 				    CTL_UA_LUN_CHANGE);
3457 				mtx_unlock(&lun->lun_lock);
3458 			}
3459 		}
3460 		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3461 		if (lm->plun != UINT32_MAX) {
3462 			if (lm->lun == UINT32_MAX)
3463 				retval = ctl_lun_map_unset(port, lm->plun);
3464 			else if (lm->lun < ctl_max_luns &&
3465 			    softc->ctl_luns[lm->lun] != NULL)
3466 				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3467 			else
3468 				return (ENXIO);
3469 		} else {
3470 			if (lm->lun == UINT32_MAX)
3471 				retval = ctl_lun_map_deinit(port);
3472 			else
3473 				retval = ctl_lun_map_init(port);
3474 		}
3475 		if (port->status & CTL_PORT_STATUS_ONLINE)
3476 			ctl_isc_announce_port(port);
3477 		break;
3478 	}
3479 	case CTL_GET_LUN_STATS: {
3480 		struct ctl_get_io_stats *stats = (struct ctl_get_io_stats *)addr;
3481 		int i;
3482 
3483 		/*
3484 		 * XXX KDM no locking here.  If the LUN list changes,
3485 		 * things can blow up.
3486 		 */
3487 		i = 0;
3488 		stats->status = CTL_SS_OK;
3489 		stats->fill_len = 0;
3490 		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3491 			if (lun->lun < stats->first_item)
3492 				continue;
3493 			if (stats->fill_len + sizeof(lun->stats) >
3494 			    stats->alloc_len) {
3495 				stats->status = CTL_SS_NEED_MORE_SPACE;
3496 				break;
3497 			}
3498 			retval = copyout(&lun->stats, &stats->stats[i++],
3499 					 sizeof(lun->stats));
3500 			if (retval != 0)
3501 				break;
3502 			stats->fill_len += sizeof(lun->stats);
3503 		}
3504 		stats->num_items = softc->num_luns;
3505 		stats->flags = CTL_STATS_FLAG_NONE;
3506 #ifdef CTL_TIME_IO
3507 		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
3508 #endif
3509 		getnanouptime(&stats->timestamp);
3510 		break;
3511 	}
3512 	case CTL_GET_PORT_STATS: {
3513 		struct ctl_get_io_stats *stats = (struct ctl_get_io_stats *)addr;
3514 		int i;
3515 
3516 		/*
3517 		 * XXX KDM no locking here.  If the LUN list changes,
3518 		 * things can blow up.
3519 		 */
3520 		i = 0;
3521 		stats->status = CTL_SS_OK;
3522 		stats->fill_len = 0;
3523 		STAILQ_FOREACH(port, &softc->port_list, links) {
3524 			if (port->targ_port < stats->first_item)
3525 				continue;
3526 			if (stats->fill_len + sizeof(port->stats) >
3527 			    stats->alloc_len) {
3528 				stats->status = CTL_SS_NEED_MORE_SPACE;
3529 				break;
3530 			}
3531 			retval = copyout(&port->stats, &stats->stats[i++],
3532 					 sizeof(port->stats));
3533 			if (retval != 0)
3534 				break;
3535 			stats->fill_len += sizeof(port->stats);
3536 		}
3537 		stats->num_items = softc->num_ports;
3538 		stats->flags = CTL_STATS_FLAG_NONE;
3539 #ifdef CTL_TIME_IO
3540 		stats->flags |= CTL_STATS_FLAG_TIME_VALID;
3541 #endif
3542 		getnanouptime(&stats->timestamp);
3543 		break;
3544 	}
3545 	default: {
3546 		/* XXX KDM should we fix this? */
3547 #if 0
3548 		struct ctl_backend_driver *backend;
3549 		unsigned int type;
3550 		int found;
3551 
3552 		found = 0;
3553 
3554 		/*
3555 		 * We encode the backend type as the ioctl type for backend
3556 		 * ioctls.  So parse it out here, and then search for a
3557 		 * backend of this type.
3558 		 */
3559 		type = _IOC_TYPE(cmd);
3560 
3561 		STAILQ_FOREACH(backend, &softc->be_list, links) {
3562 			if (backend->type == type) {
3563 				found = 1;
3564 				break;
3565 			}
3566 		}
3567 		if (found == 0) {
3568 			printf("ctl: unknown ioctl command %#lx or backend "
3569 			       "%d\n", cmd, type);
3570 			retval = EINVAL;
3571 			break;
3572 		}
3573 		retval = backend->ioctl(dev, cmd, addr, flag, td);
3574 #endif
3575 		retval = ENOTTY;
3576 		break;
3577 	}
3578 	}
3579 	return (retval);
3580 }
3581 
3582 uint32_t
3583 ctl_get_initindex(struct ctl_nexus *nexus)
3584 {
3585 	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3586 }
3587 
3588 int
3589 ctl_lun_map_init(struct ctl_port *port)
3590 {
3591 	struct ctl_softc *softc = port->ctl_softc;
3592 	struct ctl_lun *lun;
3593 	int size = ctl_lun_map_size;
3594 	uint32_t i;
3595 
3596 	if (port->lun_map == NULL || port->lun_map_size < size) {
3597 		port->lun_map_size = 0;
3598 		free(port->lun_map, M_CTL);
3599 		port->lun_map = malloc(size * sizeof(uint32_t),
3600 		    M_CTL, M_NOWAIT);
3601 	}
3602 	if (port->lun_map == NULL)
3603 		return (ENOMEM);
3604 	for (i = 0; i < size; i++)
3605 		port->lun_map[i] = UINT32_MAX;
3606 	port->lun_map_size = size;
3607 	if (port->status & CTL_PORT_STATUS_ONLINE) {
3608 		if (port->lun_disable != NULL) {
3609 			STAILQ_FOREACH(lun, &softc->lun_list, links)
3610 				port->lun_disable(port->targ_lun_arg, lun->lun);
3611 		}
3612 		ctl_isc_announce_port(port);
3613 	}
3614 	return (0);
3615 }
3616 
3617 int
3618 ctl_lun_map_deinit(struct ctl_port *port)
3619 {
3620 	struct ctl_softc *softc = port->ctl_softc;
3621 	struct ctl_lun *lun;
3622 
3623 	if (port->lun_map == NULL)
3624 		return (0);
3625 	port->lun_map_size = 0;
3626 	free(port->lun_map, M_CTL);
3627 	port->lun_map = NULL;
3628 	if (port->status & CTL_PORT_STATUS_ONLINE) {
3629 		if (port->lun_enable != NULL) {
3630 			STAILQ_FOREACH(lun, &softc->lun_list, links)
3631 				port->lun_enable(port->targ_lun_arg, lun->lun);
3632 		}
3633 		ctl_isc_announce_port(port);
3634 	}
3635 	return (0);
3636 }
3637 
3638 int
3639 ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3640 {
3641 	int status;
3642 	uint32_t old;
3643 
3644 	if (port->lun_map == NULL) {
3645 		status = ctl_lun_map_init(port);
3646 		if (status != 0)
3647 			return (status);
3648 	}
3649 	if (plun >= port->lun_map_size)
3650 		return (EINVAL);
3651 	old = port->lun_map[plun];
3652 	port->lun_map[plun] = glun;
3653 	if ((port->status & CTL_PORT_STATUS_ONLINE) && old == UINT32_MAX) {
3654 		if (port->lun_enable != NULL)
3655 			port->lun_enable(port->targ_lun_arg, plun);
3656 		ctl_isc_announce_port(port);
3657 	}
3658 	return (0);
3659 }
3660 
3661 int
3662 ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3663 {
3664 	uint32_t old;
3665 
3666 	if (port->lun_map == NULL || plun >= port->lun_map_size)
3667 		return (0);
3668 	old = port->lun_map[plun];
3669 	port->lun_map[plun] = UINT32_MAX;
3670 	if ((port->status & CTL_PORT_STATUS_ONLINE) && old != UINT32_MAX) {
3671 		if (port->lun_disable != NULL)
3672 			port->lun_disable(port->targ_lun_arg, plun);
3673 		ctl_isc_announce_port(port);
3674 	}
3675 	return (0);
3676 }
3677 
3678 uint32_t
3679 ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3680 {
3681 
3682 	if (port == NULL)
3683 		return (UINT32_MAX);
3684 	if (port->lun_map == NULL)
3685 		return (lun_id);
3686 	if (lun_id > port->lun_map_size)
3687 		return (UINT32_MAX);
3688 	return (port->lun_map[lun_id]);
3689 }
3690 
3691 uint32_t
3692 ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3693 {
3694 	uint32_t i;
3695 
3696 	if (port == NULL)
3697 		return (UINT32_MAX);
3698 	if (port->lun_map == NULL)
3699 		return (lun_id);
3700 	for (i = 0; i < port->lun_map_size; i++) {
3701 		if (port->lun_map[i] == lun_id)
3702 			return (i);
3703 	}
3704 	return (UINT32_MAX);
3705 }
3706 
3707 uint32_t
3708 ctl_decode_lun(uint64_t encoded)
3709 {
3710 	uint8_t lun[8];
3711 	uint32_t result = 0xffffffff;
3712 
3713 	be64enc(lun, encoded);
3714 	switch (lun[0] & RPL_LUNDATA_ATYP_MASK) {
3715 	case RPL_LUNDATA_ATYP_PERIPH:
3716 		if ((lun[0] & 0x3f) == 0 && lun[2] == 0 && lun[3] == 0 &&
3717 		    lun[4] == 0 && lun[5] == 0 && lun[6] == 0 && lun[7] == 0)
3718 			result = lun[1];
3719 		break;
3720 	case RPL_LUNDATA_ATYP_FLAT:
3721 		if (lun[2] == 0 && lun[3] == 0 && lun[4] == 0 && lun[5] == 0 &&
3722 		    lun[6] == 0 && lun[7] == 0)
3723 			result = ((lun[0] & 0x3f) << 8) + lun[1];
3724 		break;
3725 	case RPL_LUNDATA_ATYP_EXTLUN:
3726 		switch (lun[0] & RPL_LUNDATA_EXT_EAM_MASK) {
3727 		case 0x02:
3728 			switch (lun[0] & RPL_LUNDATA_EXT_LEN_MASK) {
3729 			case 0x00:
3730 				result = lun[1];
3731 				break;
3732 			case 0x10:
3733 				result = (lun[1] << 16) + (lun[2] << 8) +
3734 				    lun[3];
3735 				break;
3736 			case 0x20:
3737 				if (lun[1] == 0 && lun[6] == 0 && lun[7] == 0)
3738 					result = (lun[2] << 24) +
3739 					    (lun[3] << 16) + (lun[4] << 8) +
3740 					    lun[5];
3741 				break;
3742 			}
3743 			break;
3744 		case RPL_LUNDATA_EXT_EAM_NOT_SPEC:
3745 			result = 0xffffffff;
3746 			break;
3747 		}
3748 		break;
3749 	}
3750 	return (result);
3751 }
3752 
3753 uint64_t
3754 ctl_encode_lun(uint32_t decoded)
3755 {
3756 	uint64_t l = decoded;
3757 
3758 	if (l <= 0xff)
3759 		return (((uint64_t)RPL_LUNDATA_ATYP_PERIPH << 56) | (l << 48));
3760 	if (l <= 0x3fff)
3761 		return (((uint64_t)RPL_LUNDATA_ATYP_FLAT << 56) | (l << 48));
3762 	if (l <= 0xffffff)
3763 		return (((uint64_t)(RPL_LUNDATA_ATYP_EXTLUN | 0x12) << 56) |
3764 		    (l << 32));
3765 	return ((((uint64_t)RPL_LUNDATA_ATYP_EXTLUN | 0x22) << 56) | (l << 16));
3766 }
3767 
3768 int
3769 ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3770 {
3771 	int i;
3772 
3773 	for (i = first; i < last; i++) {
3774 		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3775 			return (i);
3776 	}
3777 	return (-1);
3778 }
3779 
3780 int
3781 ctl_set_mask(uint32_t *mask, uint32_t bit)
3782 {
3783 	uint32_t chunk, piece;
3784 
3785 	chunk = bit >> 5;
3786 	piece = bit % (sizeof(uint32_t) * 8);
3787 
3788 	if ((mask[chunk] & (1 << piece)) != 0)
3789 		return (-1);
3790 	else
3791 		mask[chunk] |= (1 << piece);
3792 
3793 	return (0);
3794 }
3795 
3796 int
3797 ctl_clear_mask(uint32_t *mask, uint32_t bit)
3798 {
3799 	uint32_t chunk, piece;
3800 
3801 	chunk = bit >> 5;
3802 	piece = bit % (sizeof(uint32_t) * 8);
3803 
3804 	if ((mask[chunk] & (1 << piece)) == 0)
3805 		return (-1);
3806 	else
3807 		mask[chunk] &= ~(1 << piece);
3808 
3809 	return (0);
3810 }
3811 
3812 int
3813 ctl_is_set(uint32_t *mask, uint32_t bit)
3814 {
3815 	uint32_t chunk, piece;
3816 
3817 	chunk = bit >> 5;
3818 	piece = bit % (sizeof(uint32_t) * 8);
3819 
3820 	if ((mask[chunk] & (1 << piece)) == 0)
3821 		return (0);
3822 	else
3823 		return (1);
3824 }
3825 
3826 static uint64_t
3827 ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3828 {
3829 	uint64_t *t;
3830 
3831 	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3832 	if (t == NULL)
3833 		return (0);
3834 	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3835 }
3836 
3837 static void
3838 ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3839 {
3840 	uint64_t *t;
3841 
3842 	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3843 	if (t == NULL)
3844 		return;
3845 	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3846 }
3847 
3848 static void
3849 ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3850 {
3851 	uint64_t *p;
3852 	u_int i;
3853 
3854 	i = residx/CTL_MAX_INIT_PER_PORT;
3855 	if (lun->pr_keys[i] != NULL)
3856 		return;
3857 	mtx_unlock(&lun->lun_lock);
3858 	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3859 	    M_WAITOK | M_ZERO);
3860 	mtx_lock(&lun->lun_lock);
3861 	if (lun->pr_keys[i] == NULL)
3862 		lun->pr_keys[i] = p;
3863 	else
3864 		free(p, M_CTL);
3865 }
3866 
3867 static void
3868 ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3869 {
3870 	uint64_t *t;
3871 
3872 	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3873 	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3874 	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3875 }
3876 
3877 /*
3878  * ctl_softc, pool_name, total_ctl_io are passed in.
3879  * npool is passed out.
3880  */
3881 int
3882 ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3883 		uint32_t total_ctl_io, void **npool)
3884 {
3885 	struct ctl_io_pool *pool;
3886 
3887 	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3888 					    M_NOWAIT | M_ZERO);
3889 	if (pool == NULL)
3890 		return (ENOMEM);
3891 
3892 	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3893 	pool->ctl_softc = ctl_softc;
3894 #ifdef IO_POOLS
3895 	pool->zone = uma_zsecond_create(pool->name, NULL,
3896 	    NULL, NULL, NULL, ctl_softc->io_zone);
3897 	/* uma_prealloc(pool->zone, total_ctl_io); */
3898 #else
3899 	pool->zone = ctl_softc->io_zone;
3900 #endif
3901 
3902 	*npool = pool;
3903 	return (0);
3904 }
3905 
3906 void
3907 ctl_pool_free(struct ctl_io_pool *pool)
3908 {
3909 
3910 	if (pool == NULL)
3911 		return;
3912 
3913 #ifdef IO_POOLS
3914 	uma_zdestroy(pool->zone);
3915 #endif
3916 	free(pool, M_CTL);
3917 }
3918 
3919 union ctl_io *
3920 ctl_alloc_io(void *pool_ref)
3921 {
3922 	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3923 	union ctl_io *io;
3924 
3925 	io = uma_zalloc(pool->zone, M_WAITOK);
3926 	if (io != NULL) {
3927 		io->io_hdr.pool = pool_ref;
3928 		CTL_SOFTC(io) = pool->ctl_softc;
3929 	}
3930 	return (io);
3931 }
3932 
3933 union ctl_io *
3934 ctl_alloc_io_nowait(void *pool_ref)
3935 {
3936 	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3937 	union ctl_io *io;
3938 
3939 	io = uma_zalloc(pool->zone, M_NOWAIT);
3940 	if (io != NULL) {
3941 		io->io_hdr.pool = pool_ref;
3942 		CTL_SOFTC(io) = pool->ctl_softc;
3943 	}
3944 	return (io);
3945 }
3946 
3947 void
3948 ctl_free_io(union ctl_io *io)
3949 {
3950 	struct ctl_io_pool *pool;
3951 
3952 	if (io == NULL)
3953 		return;
3954 
3955 	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3956 	uma_zfree(pool->zone, io);
3957 }
3958 
3959 void
3960 ctl_zero_io(union ctl_io *io)
3961 {
3962 	struct ctl_io_pool *pool;
3963 
3964 	if (io == NULL)
3965 		return;
3966 
3967 	/*
3968 	 * May need to preserve linked list pointers at some point too.
3969 	 */
3970 	pool = io->io_hdr.pool;
3971 	memset(io, 0, sizeof(*io));
3972 	io->io_hdr.pool = pool;
3973 	CTL_SOFTC(io) = pool->ctl_softc;
3974 }
3975 
3976 int
3977 ctl_expand_number(const char *buf, uint64_t *num)
3978 {
3979 	char *endptr;
3980 	uint64_t number;
3981 	unsigned shift;
3982 
3983 	number = strtoq(buf, &endptr, 0);
3984 
3985 	switch (tolower((unsigned char)*endptr)) {
3986 	case 'e':
3987 		shift = 60;
3988 		break;
3989 	case 'p':
3990 		shift = 50;
3991 		break;
3992 	case 't':
3993 		shift = 40;
3994 		break;
3995 	case 'g':
3996 		shift = 30;
3997 		break;
3998 	case 'm':
3999 		shift = 20;
4000 		break;
4001 	case 'k':
4002 		shift = 10;
4003 		break;
4004 	case 'b':
4005 	case '\0': /* No unit. */
4006 		*num = number;
4007 		return (0);
4008 	default:
4009 		/* Unrecognized unit. */
4010 		return (-1);
4011 	}
4012 
4013 	if ((number << shift) >> shift != number) {
4014 		/* Overflow */
4015 		return (-1);
4016 	}
4017 	*num = number << shift;
4018 	return (0);
4019 }
4020 
4021 
4022 /*
4023  * This routine could be used in the future to load default and/or saved
4024  * mode page parameters for a particuar lun.
4025  */
4026 static int
4027 ctl_init_page_index(struct ctl_lun *lun)
4028 {
4029 	int i, page_code;
4030 	struct ctl_page_index *page_index;
4031 	const char *value;
4032 	uint64_t ival;
4033 
4034 	memcpy(&lun->mode_pages.index, page_index_template,
4035 	       sizeof(page_index_template));
4036 
4037 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4038 
4039 		page_index = &lun->mode_pages.index[i];
4040 		if (lun->be_lun->lun_type == T_DIRECT &&
4041 		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4042 			continue;
4043 		if (lun->be_lun->lun_type == T_PROCESSOR &&
4044 		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4045 			continue;
4046 		if (lun->be_lun->lun_type == T_CDROM &&
4047 		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4048 			continue;
4049 
4050 		page_code = page_index->page_code & SMPH_PC_MASK;
4051 		switch (page_code) {
4052 		case SMS_RW_ERROR_RECOVERY_PAGE: {
4053 			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4054 			    ("subpage %#x for page %#x is incorrect!",
4055 			    page_index->subpage, page_code));
4056 			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4057 			       &rw_er_page_default,
4058 			       sizeof(rw_er_page_default));
4059 			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4060 			       &rw_er_page_changeable,
4061 			       sizeof(rw_er_page_changeable));
4062 			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4063 			       &rw_er_page_default,
4064 			       sizeof(rw_er_page_default));
4065 			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4066 			       &rw_er_page_default,
4067 			       sizeof(rw_er_page_default));
4068 			page_index->page_data =
4069 				(uint8_t *)lun->mode_pages.rw_er_page;
4070 			break;
4071 		}
4072 		case SMS_FORMAT_DEVICE_PAGE: {
4073 			struct scsi_format_page *format_page;
4074 
4075 			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4076 			    ("subpage %#x for page %#x is incorrect!",
4077 			    page_index->subpage, page_code));
4078 
4079 			/*
4080 			 * Sectors per track are set above.  Bytes per
4081 			 * sector need to be set here on a per-LUN basis.
4082 			 */
4083 			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4084 			       &format_page_default,
4085 			       sizeof(format_page_default));
4086 			memcpy(&lun->mode_pages.format_page[
4087 			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4088 			       sizeof(format_page_changeable));
4089 			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4090 			       &format_page_default,
4091 			       sizeof(format_page_default));
4092 			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4093 			       &format_page_default,
4094 			       sizeof(format_page_default));
4095 
4096 			format_page = &lun->mode_pages.format_page[
4097 				CTL_PAGE_CURRENT];
4098 			scsi_ulto2b(lun->be_lun->blocksize,
4099 				    format_page->bytes_per_sector);
4100 
4101 			format_page = &lun->mode_pages.format_page[
4102 				CTL_PAGE_DEFAULT];
4103 			scsi_ulto2b(lun->be_lun->blocksize,
4104 				    format_page->bytes_per_sector);
4105 
4106 			format_page = &lun->mode_pages.format_page[
4107 				CTL_PAGE_SAVED];
4108 			scsi_ulto2b(lun->be_lun->blocksize,
4109 				    format_page->bytes_per_sector);
4110 
4111 			page_index->page_data =
4112 				(uint8_t *)lun->mode_pages.format_page;
4113 			break;
4114 		}
4115 		case SMS_RIGID_DISK_PAGE: {
4116 			struct scsi_rigid_disk_page *rigid_disk_page;
4117 			uint32_t sectors_per_cylinder;
4118 			uint64_t cylinders;
4119 #ifndef	__XSCALE__
4120 			int shift;
4121 #endif /* !__XSCALE__ */
4122 
4123 			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4124 			    ("subpage %#x for page %#x is incorrect!",
4125 			    page_index->subpage, page_code));
4126 
4127 			/*
4128 			 * Rotation rate and sectors per track are set
4129 			 * above.  We calculate the cylinders here based on
4130 			 * capacity.  Due to the number of heads and
4131 			 * sectors per track we're using, smaller arrays
4132 			 * may turn out to have 0 cylinders.  Linux and
4133 			 * FreeBSD don't pay attention to these mode pages
4134 			 * to figure out capacity, but Solaris does.  It
4135 			 * seems to deal with 0 cylinders just fine, and
4136 			 * works out a fake geometry based on the capacity.
4137 			 */
4138 			memcpy(&lun->mode_pages.rigid_disk_page[
4139 			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4140 			       sizeof(rigid_disk_page_default));
4141 			memcpy(&lun->mode_pages.rigid_disk_page[
4142 			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4143 			       sizeof(rigid_disk_page_changeable));
4144 
4145 			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4146 				CTL_DEFAULT_HEADS;
4147 
4148 			/*
4149 			 * The divide method here will be more accurate,
4150 			 * probably, but results in floating point being
4151 			 * used in the kernel on i386 (__udivdi3()).  On the
4152 			 * XScale, though, __udivdi3() is implemented in
4153 			 * software.
4154 			 *
4155 			 * The shift method for cylinder calculation is
4156 			 * accurate if sectors_per_cylinder is a power of
4157 			 * 2.  Otherwise it might be slightly off -- you
4158 			 * might have a bit of a truncation problem.
4159 			 */
4160 #ifdef	__XSCALE__
4161 			cylinders = (lun->be_lun->maxlba + 1) /
4162 				sectors_per_cylinder;
4163 #else
4164 			for (shift = 31; shift > 0; shift--) {
4165 				if (sectors_per_cylinder & (1 << shift))
4166 					break;
4167 			}
4168 			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4169 #endif
4170 
4171 			/*
4172 			 * We've basically got 3 bytes, or 24 bits for the
4173 			 * cylinder size in the mode page.  If we're over,
4174 			 * just round down to 2^24.
4175 			 */
4176 			if (cylinders > 0xffffff)
4177 				cylinders = 0xffffff;
4178 
4179 			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4180 				CTL_PAGE_DEFAULT];
4181 			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4182 
4183 			if ((value = ctl_get_opt(&lun->be_lun->options,
4184 			    "rpm")) != NULL) {
4185 				scsi_ulto2b(strtol(value, NULL, 0),
4186 				     rigid_disk_page->rotation_rate);
4187 			}
4188 
4189 			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4190 			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4191 			       sizeof(rigid_disk_page_default));
4192 			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4193 			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4194 			       sizeof(rigid_disk_page_default));
4195 
4196 			page_index->page_data =
4197 				(uint8_t *)lun->mode_pages.rigid_disk_page;
4198 			break;
4199 		}
4200 		case SMS_VERIFY_ERROR_RECOVERY_PAGE: {
4201 			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4202 			    ("subpage %#x for page %#x is incorrect!",
4203 			    page_index->subpage, page_code));
4204 			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_CURRENT],
4205 			       &verify_er_page_default,
4206 			       sizeof(verify_er_page_default));
4207 			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_CHANGEABLE],
4208 			       &verify_er_page_changeable,
4209 			       sizeof(verify_er_page_changeable));
4210 			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_DEFAULT],
4211 			       &verify_er_page_default,
4212 			       sizeof(verify_er_page_default));
4213 			memcpy(&lun->mode_pages.verify_er_page[CTL_PAGE_SAVED],
4214 			       &verify_er_page_default,
4215 			       sizeof(verify_er_page_default));
4216 			page_index->page_data =
4217 				(uint8_t *)lun->mode_pages.verify_er_page;
4218 			break;
4219 		}
4220 		case SMS_CACHING_PAGE: {
4221 			struct scsi_caching_page *caching_page;
4222 
4223 			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4224 			    ("subpage %#x for page %#x is incorrect!",
4225 			    page_index->subpage, page_code));
4226 			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4227 			       &caching_page_default,
4228 			       sizeof(caching_page_default));
4229 			memcpy(&lun->mode_pages.caching_page[
4230 			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4231 			       sizeof(caching_page_changeable));
4232 			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4233 			       &caching_page_default,
4234 			       sizeof(caching_page_default));
4235 			caching_page = &lun->mode_pages.caching_page[
4236 			    CTL_PAGE_SAVED];
4237 			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4238 			if (value != NULL && strcmp(value, "off") == 0)
4239 				caching_page->flags1 &= ~SCP_WCE;
4240 			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4241 			if (value != NULL && strcmp(value, "off") == 0)
4242 				caching_page->flags1 |= SCP_RCD;
4243 			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4244 			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4245 			       sizeof(caching_page_default));
4246 			page_index->page_data =
4247 				(uint8_t *)lun->mode_pages.caching_page;
4248 			break;
4249 		}
4250 		case SMS_CONTROL_MODE_PAGE: {
4251 			switch (page_index->subpage) {
4252 			case SMS_SUBPAGE_PAGE_0: {
4253 				struct scsi_control_page *control_page;
4254 
4255 				memcpy(&lun->mode_pages.control_page[
4256 				    CTL_PAGE_DEFAULT],
4257 				       &control_page_default,
4258 				       sizeof(control_page_default));
4259 				memcpy(&lun->mode_pages.control_page[
4260 				    CTL_PAGE_CHANGEABLE],
4261 				       &control_page_changeable,
4262 				       sizeof(control_page_changeable));
4263 				memcpy(&lun->mode_pages.control_page[
4264 				    CTL_PAGE_SAVED],
4265 				       &control_page_default,
4266 				       sizeof(control_page_default));
4267 				control_page = &lun->mode_pages.control_page[
4268 				    CTL_PAGE_SAVED];
4269 				value = ctl_get_opt(&lun->be_lun->options,
4270 				    "reordering");
4271 				if (value != NULL &&
4272 				    strcmp(value, "unrestricted") == 0) {
4273 					control_page->queue_flags &=
4274 					    ~SCP_QUEUE_ALG_MASK;
4275 					control_page->queue_flags |=
4276 					    SCP_QUEUE_ALG_UNRESTRICTED;
4277 				}
4278 				memcpy(&lun->mode_pages.control_page[
4279 				    CTL_PAGE_CURRENT],
4280 				       &lun->mode_pages.control_page[
4281 				    CTL_PAGE_SAVED],
4282 				       sizeof(control_page_default));
4283 				page_index->page_data =
4284 				    (uint8_t *)lun->mode_pages.control_page;
4285 				break;
4286 			}
4287 			case 0x01:
4288 				memcpy(&lun->mode_pages.control_ext_page[
4289 				    CTL_PAGE_DEFAULT],
4290 				       &control_ext_page_default,
4291 				       sizeof(control_ext_page_default));
4292 				memcpy(&lun->mode_pages.control_ext_page[
4293 				    CTL_PAGE_CHANGEABLE],
4294 				       &control_ext_page_changeable,
4295 				       sizeof(control_ext_page_changeable));
4296 				memcpy(&lun->mode_pages.control_ext_page[
4297 				    CTL_PAGE_SAVED],
4298 				       &control_ext_page_default,
4299 				       sizeof(control_ext_page_default));
4300 				memcpy(&lun->mode_pages.control_ext_page[
4301 				    CTL_PAGE_CURRENT],
4302 				       &lun->mode_pages.control_ext_page[
4303 				    CTL_PAGE_SAVED],
4304 				       sizeof(control_ext_page_default));
4305 				page_index->page_data =
4306 				    (uint8_t *)lun->mode_pages.control_ext_page;
4307 				break;
4308 			default:
4309 				panic("subpage %#x for page %#x is incorrect!",
4310 				      page_index->subpage, page_code);
4311 			}
4312 			break;
4313 		}
4314 		case SMS_INFO_EXCEPTIONS_PAGE: {
4315 			switch (page_index->subpage) {
4316 			case SMS_SUBPAGE_PAGE_0:
4317 				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4318 				       &ie_page_default,
4319 				       sizeof(ie_page_default));
4320 				memcpy(&lun->mode_pages.ie_page[
4321 				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4322 				       sizeof(ie_page_changeable));
4323 				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4324 				       &ie_page_default,
4325 				       sizeof(ie_page_default));
4326 				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4327 				       &ie_page_default,
4328 				       sizeof(ie_page_default));
4329 				page_index->page_data =
4330 					(uint8_t *)lun->mode_pages.ie_page;
4331 				break;
4332 			case 0x02: {
4333 				struct ctl_logical_block_provisioning_page *page;
4334 
4335 				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4336 				       &lbp_page_default,
4337 				       sizeof(lbp_page_default));
4338 				memcpy(&lun->mode_pages.lbp_page[
4339 				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4340 				       sizeof(lbp_page_changeable));
4341 				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4342 				       &lbp_page_default,
4343 				       sizeof(lbp_page_default));
4344 				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4345 				value = ctl_get_opt(&lun->be_lun->options,
4346 				    "avail-threshold");
4347 				if (value != NULL &&
4348 				    ctl_expand_number(value, &ival) == 0) {
4349 					page->descr[0].flags |= SLBPPD_ENABLED |
4350 					    SLBPPD_ARMING_DEC;
4351 					if (lun->be_lun->blocksize)
4352 						ival /= lun->be_lun->blocksize;
4353 					else
4354 						ival /= 512;
4355 					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4356 					    page->descr[0].count);
4357 				}
4358 				value = ctl_get_opt(&lun->be_lun->options,
4359 				    "used-threshold");
4360 				if (value != NULL &&
4361 				    ctl_expand_number(value, &ival) == 0) {
4362 					page->descr[1].flags |= SLBPPD_ENABLED |
4363 					    SLBPPD_ARMING_INC;
4364 					if (lun->be_lun->blocksize)
4365 						ival /= lun->be_lun->blocksize;
4366 					else
4367 						ival /= 512;
4368 					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4369 					    page->descr[1].count);
4370 				}
4371 				value = ctl_get_opt(&lun->be_lun->options,
4372 				    "pool-avail-threshold");
4373 				if (value != NULL &&
4374 				    ctl_expand_number(value, &ival) == 0) {
4375 					page->descr[2].flags |= SLBPPD_ENABLED |
4376 					    SLBPPD_ARMING_DEC;
4377 					if (lun->be_lun->blocksize)
4378 						ival /= lun->be_lun->blocksize;
4379 					else
4380 						ival /= 512;
4381 					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4382 					    page->descr[2].count);
4383 				}
4384 				value = ctl_get_opt(&lun->be_lun->options,
4385 				    "pool-used-threshold");
4386 				if (value != NULL &&
4387 				    ctl_expand_number(value, &ival) == 0) {
4388 					page->descr[3].flags |= SLBPPD_ENABLED |
4389 					    SLBPPD_ARMING_INC;
4390 					if (lun->be_lun->blocksize)
4391 						ival /= lun->be_lun->blocksize;
4392 					else
4393 						ival /= 512;
4394 					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4395 					    page->descr[3].count);
4396 				}
4397 				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4398 				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4399 				       sizeof(lbp_page_default));
4400 				page_index->page_data =
4401 					(uint8_t *)lun->mode_pages.lbp_page;
4402 				break;
4403 			}
4404 			default:
4405 				panic("subpage %#x for page %#x is incorrect!",
4406 				      page_index->subpage, page_code);
4407 			}
4408 			break;
4409 		}
4410 		case SMS_CDDVD_CAPS_PAGE:{
4411 			KASSERT(page_index->subpage == SMS_SUBPAGE_PAGE_0,
4412 			    ("subpage %#x for page %#x is incorrect!",
4413 			    page_index->subpage, page_code));
4414 			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_DEFAULT],
4415 			       &cddvd_page_default,
4416 			       sizeof(cddvd_page_default));
4417 			memcpy(&lun->mode_pages.cddvd_page[
4418 			       CTL_PAGE_CHANGEABLE], &cddvd_page_changeable,
4419 			       sizeof(cddvd_page_changeable));
4420 			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4421 			       &cddvd_page_default,
4422 			       sizeof(cddvd_page_default));
4423 			memcpy(&lun->mode_pages.cddvd_page[CTL_PAGE_CURRENT],
4424 			       &lun->mode_pages.cddvd_page[CTL_PAGE_SAVED],
4425 			       sizeof(cddvd_page_default));
4426 			page_index->page_data =
4427 				(uint8_t *)lun->mode_pages.cddvd_page;
4428 			break;
4429 		}
4430 		default:
4431 			panic("invalid page code value %#x", page_code);
4432 		}
4433 	}
4434 
4435 	return (CTL_RETVAL_COMPLETE);
4436 }
4437 
4438 static int
4439 ctl_init_log_page_index(struct ctl_lun *lun)
4440 {
4441 	struct ctl_page_index *page_index;
4442 	int i, j, k, prev;
4443 
4444 	memcpy(&lun->log_pages.index, log_page_index_template,
4445 	       sizeof(log_page_index_template));
4446 
4447 	prev = -1;
4448 	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4449 
4450 		page_index = &lun->log_pages.index[i];
4451 		if (lun->be_lun->lun_type == T_DIRECT &&
4452 		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
4453 			continue;
4454 		if (lun->be_lun->lun_type == T_PROCESSOR &&
4455 		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
4456 			continue;
4457 		if (lun->be_lun->lun_type == T_CDROM &&
4458 		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
4459 			continue;
4460 
4461 		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4462 		    lun->backend->lun_attr == NULL)
4463 			continue;
4464 
4465 		if (page_index->page_code != prev) {
4466 			lun->log_pages.pages_page[j] = page_index->page_code;
4467 			prev = page_index->page_code;
4468 			j++;
4469 		}
4470 		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4471 		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4472 		k++;
4473 	}
4474 	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4475 	lun->log_pages.index[0].page_len = j;
4476 	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4477 	lun->log_pages.index[1].page_len = k * 2;
4478 	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4479 	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4480 	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4481 	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4482 	lun->log_pages.index[4].page_data = (uint8_t *)&lun->log_pages.ie_page;
4483 	lun->log_pages.index[4].page_len = sizeof(lun->log_pages.ie_page);
4484 
4485 	return (CTL_RETVAL_COMPLETE);
4486 }
4487 
4488 static int
4489 hex2bin(const char *str, uint8_t *buf, int buf_size)
4490 {
4491 	int i;
4492 	u_char c;
4493 
4494 	memset(buf, 0, buf_size);
4495 	while (isspace(str[0]))
4496 		str++;
4497 	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4498 		str += 2;
4499 	buf_size *= 2;
4500 	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4501 		while (str[i] == '-')	/* Skip dashes in UUIDs. */
4502 			str++;
4503 		c = str[i];
4504 		if (isdigit(c))
4505 			c -= '0';
4506 		else if (isalpha(c))
4507 			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4508 		else
4509 			break;
4510 		if (c >= 16)
4511 			break;
4512 		if ((i & 1) == 0)
4513 			buf[i / 2] |= (c << 4);
4514 		else
4515 			buf[i / 2] |= c;
4516 	}
4517 	return ((i + 1) / 2);
4518 }
4519 
4520 /*
4521  * LUN allocation.
4522  *
4523  * Requirements:
4524  * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4525  *   wants us to allocate the LUN and he can block.
4526  * - ctl_softc is always set
4527  * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4528  *
4529  * Returns 0 for success, non-zero (errno) for failure.
4530  */
4531 static int
4532 ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4533 	      struct ctl_be_lun *const be_lun)
4534 {
4535 	struct ctl_lun *nlun, *lun;
4536 	struct scsi_vpd_id_descriptor *desc;
4537 	struct scsi_vpd_id_t10 *t10id;
4538 	const char *eui, *naa, *scsiname, *uuid, *vendor, *value;
4539 	int lun_number, lun_malloced;
4540 	int devidlen, idlen1, idlen2 = 0, len;
4541 
4542 	if (be_lun == NULL)
4543 		return (EINVAL);
4544 
4545 	/*
4546 	 * We currently only support Direct Access or Processor LUN types.
4547 	 */
4548 	switch (be_lun->lun_type) {
4549 	case T_DIRECT:
4550 	case T_PROCESSOR:
4551 	case T_CDROM:
4552 		break;
4553 	case T_SEQUENTIAL:
4554 	case T_CHANGER:
4555 	default:
4556 		be_lun->lun_config_status(be_lun->be_lun,
4557 					  CTL_LUN_CONFIG_FAILURE);
4558 		break;
4559 	}
4560 	if (ctl_lun == NULL) {
4561 		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4562 		lun_malloced = 1;
4563 	} else {
4564 		lun_malloced = 0;
4565 		lun = ctl_lun;
4566 	}
4567 
4568 	memset(lun, 0, sizeof(*lun));
4569 	if (lun_malloced)
4570 		lun->flags = CTL_LUN_MALLOCED;
4571 
4572 	lun->pending_sense = malloc(sizeof(struct scsi_sense_data *) *
4573 	    ctl_max_ports, M_DEVBUF, M_WAITOK | M_ZERO);
4574 	lun->pending_ua = malloc(sizeof(ctl_ua_type *) * ctl_max_ports,
4575 	    M_DEVBUF, M_WAITOK | M_ZERO);
4576 	lun->pr_keys = malloc(sizeof(uint64_t *) * ctl_max_ports,
4577 	    M_DEVBUF, M_WAITOK | M_ZERO);
4578 
4579 	/* Generate LUN ID. */
4580 	devidlen = max(CTL_DEVID_MIN_LEN,
4581 	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4582 	idlen1 = sizeof(*t10id) + devidlen;
4583 	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4584 	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4585 	if (scsiname != NULL) {
4586 		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4587 		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4588 	}
4589 	eui = ctl_get_opt(&be_lun->options, "eui");
4590 	if (eui != NULL) {
4591 		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4592 	}
4593 	naa = ctl_get_opt(&be_lun->options, "naa");
4594 	if (naa != NULL) {
4595 		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4596 	}
4597 	uuid = ctl_get_opt(&be_lun->options, "uuid");
4598 	if (uuid != NULL) {
4599 		len += sizeof(struct scsi_vpd_id_descriptor) + 18;
4600 	}
4601 	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4602 	    M_CTL, M_WAITOK | M_ZERO);
4603 	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4604 	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4605 	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4606 	desc->length = idlen1;
4607 	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4608 	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4609 	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4610 		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4611 	} else {
4612 		strncpy(t10id->vendor, vendor,
4613 		    min(sizeof(t10id->vendor), strlen(vendor)));
4614 	}
4615 	strncpy((char *)t10id->vendor_spec_id,
4616 	    (char *)be_lun->device_id, devidlen);
4617 	if (scsiname != NULL) {
4618 		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4619 		    desc->length);
4620 		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4621 		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4622 		    SVPD_ID_TYPE_SCSI_NAME;
4623 		desc->length = idlen2;
4624 		strlcpy(desc->identifier, scsiname, idlen2);
4625 	}
4626 	if (eui != NULL) {
4627 		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4628 		    desc->length);
4629 		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4630 		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4631 		    SVPD_ID_TYPE_EUI64;
4632 		desc->length = hex2bin(eui, desc->identifier, 16);
4633 		desc->length = desc->length > 12 ? 16 :
4634 		    (desc->length > 8 ? 12 : 8);
4635 		len -= 16 - desc->length;
4636 	}
4637 	if (naa != NULL) {
4638 		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4639 		    desc->length);
4640 		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4641 		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4642 		    SVPD_ID_TYPE_NAA;
4643 		desc->length = hex2bin(naa, desc->identifier, 16);
4644 		desc->length = desc->length > 8 ? 16 : 8;
4645 		len -= 16 - desc->length;
4646 	}
4647 	if (uuid != NULL) {
4648 		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4649 		    desc->length);
4650 		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4651 		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4652 		    SVPD_ID_TYPE_UUID;
4653 		desc->identifier[0] = 0x10;
4654 		hex2bin(uuid, &desc->identifier[2], 16);
4655 		desc->length = 18;
4656 	}
4657 	lun->lun_devid->len = len;
4658 
4659 	mtx_lock(&ctl_softc->ctl_lock);
4660 	/*
4661 	 * See if the caller requested a particular LUN number.  If so, see
4662 	 * if it is available.  Otherwise, allocate the first available LUN.
4663 	 */
4664 	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4665 		if ((be_lun->req_lun_id > (ctl_max_luns - 1))
4666 		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4667 			mtx_unlock(&ctl_softc->ctl_lock);
4668 			if (be_lun->req_lun_id > (ctl_max_luns - 1)) {
4669 				printf("ctl: requested LUN ID %d is higher "
4670 				       "than ctl_max_luns - 1 (%d)\n",
4671 				       be_lun->req_lun_id, ctl_max_luns - 1);
4672 			} else {
4673 				/*
4674 				 * XXX KDM return an error, or just assign
4675 				 * another LUN ID in this case??
4676 				 */
4677 				printf("ctl: requested LUN ID %d is already "
4678 				       "in use\n", be_lun->req_lun_id);
4679 			}
4680 fail:
4681 			free(lun->lun_devid, M_CTL);
4682 			if (lun->flags & CTL_LUN_MALLOCED)
4683 				free(lun, M_CTL);
4684 			be_lun->lun_config_status(be_lun->be_lun,
4685 						  CTL_LUN_CONFIG_FAILURE);
4686 			return (ENOSPC);
4687 		}
4688 		lun_number = be_lun->req_lun_id;
4689 	} else {
4690 		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, ctl_max_luns);
4691 		if (lun_number == -1) {
4692 			mtx_unlock(&ctl_softc->ctl_lock);
4693 			printf("ctl: can't allocate LUN, out of LUNs\n");
4694 			goto fail;
4695 		}
4696 	}
4697 	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4698 	mtx_unlock(&ctl_softc->ctl_lock);
4699 
4700 	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4701 	lun->lun = lun_number;
4702 	lun->be_lun = be_lun;
4703 	/*
4704 	 * The processor LUN is always enabled.  Disk LUNs come on line
4705 	 * disabled, and must be enabled by the backend.
4706 	 */
4707 	lun->flags |= CTL_LUN_DISABLED;
4708 	lun->backend = be_lun->be;
4709 	be_lun->ctl_lun = lun;
4710 	be_lun->lun_id = lun_number;
4711 	atomic_add_int(&be_lun->be->num_luns, 1);
4712 	if (be_lun->flags & CTL_LUN_FLAG_EJECTED)
4713 		lun->flags |= CTL_LUN_EJECTED;
4714 	if (be_lun->flags & CTL_LUN_FLAG_NO_MEDIA)
4715 		lun->flags |= CTL_LUN_NO_MEDIA;
4716 	if (be_lun->flags & CTL_LUN_FLAG_STOPPED)
4717 		lun->flags |= CTL_LUN_STOPPED;
4718 
4719 	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4720 		lun->flags |= CTL_LUN_PRIMARY_SC;
4721 
4722 	value = ctl_get_opt(&be_lun->options, "removable");
4723 	if (value != NULL) {
4724 		if (strcmp(value, "on") == 0)
4725 			lun->flags |= CTL_LUN_REMOVABLE;
4726 	} else if (be_lun->lun_type == T_CDROM)
4727 		lun->flags |= CTL_LUN_REMOVABLE;
4728 
4729 	lun->ctl_softc = ctl_softc;
4730 #ifdef CTL_TIME_IO
4731 	lun->last_busy = getsbinuptime();
4732 #endif
4733 	TAILQ_INIT(&lun->ooa_queue);
4734 	TAILQ_INIT(&lun->blocked_queue);
4735 	STAILQ_INIT(&lun->error_list);
4736 	lun->ie_reported = 1;
4737 	callout_init_mtx(&lun->ie_callout, &lun->lun_lock, 0);
4738 	ctl_tpc_lun_init(lun);
4739 	if (lun->flags & CTL_LUN_REMOVABLE) {
4740 		lun->prevent = malloc((CTL_MAX_INITIATORS + 31) / 32 * 4,
4741 		    M_CTL, M_WAITOK);
4742 	}
4743 
4744 	/*
4745 	 * Initialize the mode and log page index.
4746 	 */
4747 	ctl_init_page_index(lun);
4748 	ctl_init_log_page_index(lun);
4749 
4750 	/* Setup statistics gathering */
4751 #ifdef CTL_LEGACY_STATS
4752 	lun->legacy_stats.device_type = be_lun->lun_type;
4753 	lun->legacy_stats.lun_number = lun_number;
4754 	lun->legacy_stats.blocksize = be_lun->blocksize;
4755 	if (be_lun->blocksize == 0)
4756 		lun->legacy_stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4757 	lun->legacy_stats.ports = malloc(sizeof(struct ctl_lun_io_port_stats) *
4758 	    ctl_max_ports, M_DEVBUF, M_WAITOK | M_ZERO);
4759 	for (len = 0; len < ctl_max_ports; len++)
4760 		lun->legacy_stats.ports[len].targ_port = len;
4761 #endif /* CTL_LEGACY_STATS */
4762 	lun->stats.item = lun_number;
4763 
4764 	/*
4765 	 * Now, before we insert this lun on the lun list, set the lun
4766 	 * inventory changed UA for all other luns.
4767 	 */
4768 	mtx_lock(&ctl_softc->ctl_lock);
4769 	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4770 		mtx_lock(&nlun->lun_lock);
4771 		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4772 		mtx_unlock(&nlun->lun_lock);
4773 	}
4774 	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4775 	ctl_softc->ctl_luns[lun_number] = lun;
4776 	ctl_softc->num_luns++;
4777 	mtx_unlock(&ctl_softc->ctl_lock);
4778 
4779 	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4780 	return (0);
4781 }
4782 
4783 /*
4784  * Delete a LUN.
4785  * Assumptions:
4786  * - LUN has already been marked invalid and any pending I/O has been taken
4787  *   care of.
4788  */
4789 static int
4790 ctl_free_lun(struct ctl_lun *lun)
4791 {
4792 	struct ctl_softc *softc = lun->ctl_softc;
4793 	struct ctl_lun *nlun;
4794 	int i;
4795 
4796 	KASSERT(TAILQ_EMPTY(&lun->ooa_queue),
4797 	    ("Freeing a LUN %p with outstanding I/O!\n", lun));
4798 
4799 	mtx_lock(&softc->ctl_lock);
4800 	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4801 	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4802 	softc->ctl_luns[lun->lun] = NULL;
4803 	softc->num_luns--;
4804 	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4805 		mtx_lock(&nlun->lun_lock);
4806 		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4807 		mtx_unlock(&nlun->lun_lock);
4808 	}
4809 	mtx_unlock(&softc->ctl_lock);
4810 
4811 	/*
4812 	 * Tell the backend to free resources, if this LUN has a backend.
4813 	 */
4814 	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4815 	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4816 
4817 	lun->ie_reportcnt = UINT32_MAX;
4818 	callout_drain(&lun->ie_callout);
4819 	ctl_tpc_lun_shutdown(lun);
4820 	mtx_destroy(&lun->lun_lock);
4821 	free(lun->lun_devid, M_CTL);
4822 	for (i = 0; i < ctl_max_ports; i++)
4823 		free(lun->pending_ua[i], M_CTL);
4824 	free(lun->pending_ua, M_DEVBUF);
4825 	for (i = 0; i < ctl_max_ports; i++)
4826 		free(lun->pr_keys[i], M_CTL);
4827 	free(lun->pr_keys, M_DEVBUF);
4828 	free(lun->write_buffer, M_CTL);
4829 	free(lun->prevent, M_CTL);
4830 	if (lun->flags & CTL_LUN_MALLOCED)
4831 		free(lun, M_CTL);
4832 
4833 	return (0);
4834 }
4835 
4836 static void
4837 ctl_create_lun(struct ctl_be_lun *be_lun)
4838 {
4839 
4840 	/*
4841 	 * ctl_alloc_lun() should handle all potential failure cases.
4842 	 */
4843 	ctl_alloc_lun(control_softc, NULL, be_lun);
4844 }
4845 
4846 int
4847 ctl_add_lun(struct ctl_be_lun *be_lun)
4848 {
4849 	struct ctl_softc *softc = control_softc;
4850 
4851 	mtx_lock(&softc->ctl_lock);
4852 	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4853 	mtx_unlock(&softc->ctl_lock);
4854 	wakeup(&softc->pending_lun_queue);
4855 
4856 	return (0);
4857 }
4858 
4859 int
4860 ctl_enable_lun(struct ctl_be_lun *be_lun)
4861 {
4862 	struct ctl_softc *softc;
4863 	struct ctl_port *port, *nport;
4864 	struct ctl_lun *lun;
4865 	int retval;
4866 
4867 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4868 	softc = lun->ctl_softc;
4869 
4870 	mtx_lock(&softc->ctl_lock);
4871 	mtx_lock(&lun->lun_lock);
4872 	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4873 		/*
4874 		 * eh?  Why did we get called if the LUN is already
4875 		 * enabled?
4876 		 */
4877 		mtx_unlock(&lun->lun_lock);
4878 		mtx_unlock(&softc->ctl_lock);
4879 		return (0);
4880 	}
4881 	lun->flags &= ~CTL_LUN_DISABLED;
4882 	mtx_unlock(&lun->lun_lock);
4883 
4884 	STAILQ_FOREACH_SAFE(port, &softc->port_list, links, nport) {
4885 		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4886 		    port->lun_map != NULL || port->lun_enable == NULL)
4887 			continue;
4888 
4889 		/*
4890 		 * Drop the lock while we call the FETD's enable routine.
4891 		 * This can lead to a callback into CTL (at least in the
4892 		 * case of the internal initiator frontend.
4893 		 */
4894 		mtx_unlock(&softc->ctl_lock);
4895 		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4896 		mtx_lock(&softc->ctl_lock);
4897 		if (retval != 0) {
4898 			printf("%s: FETD %s port %d returned error "
4899 			       "%d for lun_enable on lun %jd\n",
4900 			       __func__, port->port_name, port->targ_port,
4901 			       retval, (intmax_t)lun->lun);
4902 		}
4903 	}
4904 
4905 	mtx_unlock(&softc->ctl_lock);
4906 	ctl_isc_announce_lun(lun);
4907 
4908 	return (0);
4909 }
4910 
4911 int
4912 ctl_disable_lun(struct ctl_be_lun *be_lun)
4913 {
4914 	struct ctl_softc *softc;
4915 	struct ctl_port *port;
4916 	struct ctl_lun *lun;
4917 	int retval;
4918 
4919 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4920 	softc = lun->ctl_softc;
4921 
4922 	mtx_lock(&softc->ctl_lock);
4923 	mtx_lock(&lun->lun_lock);
4924 	if (lun->flags & CTL_LUN_DISABLED) {
4925 		mtx_unlock(&lun->lun_lock);
4926 		mtx_unlock(&softc->ctl_lock);
4927 		return (0);
4928 	}
4929 	lun->flags |= CTL_LUN_DISABLED;
4930 	mtx_unlock(&lun->lun_lock);
4931 
4932 	STAILQ_FOREACH(port, &softc->port_list, links) {
4933 		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4934 		    port->lun_map != NULL || port->lun_disable == NULL)
4935 			continue;
4936 
4937 		/*
4938 		 * Drop the lock before we call the frontend's disable
4939 		 * routine, to avoid lock order reversals.
4940 		 *
4941 		 * XXX KDM what happens if the frontend list changes while
4942 		 * we're traversing it?  It's unlikely, but should be handled.
4943 		 */
4944 		mtx_unlock(&softc->ctl_lock);
4945 		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4946 		mtx_lock(&softc->ctl_lock);
4947 		if (retval != 0) {
4948 			printf("%s: FETD %s port %d returned error "
4949 			       "%d for lun_disable on lun %jd\n",
4950 			       __func__, port->port_name, port->targ_port,
4951 			       retval, (intmax_t)lun->lun);
4952 		}
4953 	}
4954 
4955 	mtx_unlock(&softc->ctl_lock);
4956 	ctl_isc_announce_lun(lun);
4957 
4958 	return (0);
4959 }
4960 
4961 int
4962 ctl_start_lun(struct ctl_be_lun *be_lun)
4963 {
4964 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4965 
4966 	mtx_lock(&lun->lun_lock);
4967 	lun->flags &= ~CTL_LUN_STOPPED;
4968 	mtx_unlock(&lun->lun_lock);
4969 	return (0);
4970 }
4971 
4972 int
4973 ctl_stop_lun(struct ctl_be_lun *be_lun)
4974 {
4975 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4976 
4977 	mtx_lock(&lun->lun_lock);
4978 	lun->flags |= CTL_LUN_STOPPED;
4979 	mtx_unlock(&lun->lun_lock);
4980 	return (0);
4981 }
4982 
4983 int
4984 ctl_lun_no_media(struct ctl_be_lun *be_lun)
4985 {
4986 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4987 
4988 	mtx_lock(&lun->lun_lock);
4989 	lun->flags |= CTL_LUN_NO_MEDIA;
4990 	mtx_unlock(&lun->lun_lock);
4991 	return (0);
4992 }
4993 
4994 int
4995 ctl_lun_has_media(struct ctl_be_lun *be_lun)
4996 {
4997 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4998 	union ctl_ha_msg msg;
4999 
5000 	mtx_lock(&lun->lun_lock);
5001 	lun->flags &= ~(CTL_LUN_NO_MEDIA | CTL_LUN_EJECTED);
5002 	if (lun->flags & CTL_LUN_REMOVABLE)
5003 		ctl_est_ua_all(lun, -1, CTL_UA_MEDIUM_CHANGE);
5004 	mtx_unlock(&lun->lun_lock);
5005 	if ((lun->flags & CTL_LUN_REMOVABLE) &&
5006 	    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
5007 		bzero(&msg.ua, sizeof(msg.ua));
5008 		msg.hdr.msg_type = CTL_MSG_UA;
5009 		msg.hdr.nexus.initid = -1;
5010 		msg.hdr.nexus.targ_port = -1;
5011 		msg.hdr.nexus.targ_lun = lun->lun;
5012 		msg.hdr.nexus.targ_mapped_lun = lun->lun;
5013 		msg.ua.ua_all = 1;
5014 		msg.ua.ua_set = 1;
5015 		msg.ua.ua_type = CTL_UA_MEDIUM_CHANGE;
5016 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
5017 		    M_WAITOK);
5018 	}
5019 	return (0);
5020 }
5021 
5022 int
5023 ctl_lun_ejected(struct ctl_be_lun *be_lun)
5024 {
5025 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5026 
5027 	mtx_lock(&lun->lun_lock);
5028 	lun->flags |= CTL_LUN_EJECTED;
5029 	mtx_unlock(&lun->lun_lock);
5030 	return (0);
5031 }
5032 
5033 int
5034 ctl_lun_primary(struct ctl_be_lun *be_lun)
5035 {
5036 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5037 
5038 	mtx_lock(&lun->lun_lock);
5039 	lun->flags |= CTL_LUN_PRIMARY_SC;
5040 	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
5041 	mtx_unlock(&lun->lun_lock);
5042 	ctl_isc_announce_lun(lun);
5043 	return (0);
5044 }
5045 
5046 int
5047 ctl_lun_secondary(struct ctl_be_lun *be_lun)
5048 {
5049 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5050 
5051 	mtx_lock(&lun->lun_lock);
5052 	lun->flags &= ~CTL_LUN_PRIMARY_SC;
5053 	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
5054 	mtx_unlock(&lun->lun_lock);
5055 	ctl_isc_announce_lun(lun);
5056 	return (0);
5057 }
5058 
5059 int
5060 ctl_invalidate_lun(struct ctl_be_lun *be_lun)
5061 {
5062 	struct ctl_softc *softc;
5063 	struct ctl_lun *lun;
5064 
5065 	lun = (struct ctl_lun *)be_lun->ctl_lun;
5066 	softc = lun->ctl_softc;
5067 
5068 	mtx_lock(&lun->lun_lock);
5069 
5070 	/*
5071 	 * The LUN needs to be disabled before it can be marked invalid.
5072 	 */
5073 	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
5074 		mtx_unlock(&lun->lun_lock);
5075 		return (-1);
5076 	}
5077 	/*
5078 	 * Mark the LUN invalid.
5079 	 */
5080 	lun->flags |= CTL_LUN_INVALID;
5081 
5082 	/*
5083 	 * If there is nothing in the OOA queue, go ahead and free the LUN.
5084 	 * If we have something in the OOA queue, we'll free it when the
5085 	 * last I/O completes.
5086 	 */
5087 	if (TAILQ_EMPTY(&lun->ooa_queue)) {
5088 		mtx_unlock(&lun->lun_lock);
5089 		ctl_free_lun(lun);
5090 	} else
5091 		mtx_unlock(&lun->lun_lock);
5092 
5093 	return (0);
5094 }
5095 
5096 void
5097 ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5098 {
5099 	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5100 	union ctl_ha_msg msg;
5101 
5102 	mtx_lock(&lun->lun_lock);
5103 	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGE);
5104 	mtx_unlock(&lun->lun_lock);
5105 	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
5106 		/* Send msg to other side. */
5107 		bzero(&msg.ua, sizeof(msg.ua));
5108 		msg.hdr.msg_type = CTL_MSG_UA;
5109 		msg.hdr.nexus.initid = -1;
5110 		msg.hdr.nexus.targ_port = -1;
5111 		msg.hdr.nexus.targ_lun = lun->lun;
5112 		msg.hdr.nexus.targ_mapped_lun = lun->lun;
5113 		msg.ua.ua_all = 1;
5114 		msg.ua.ua_set = 1;
5115 		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGE;
5116 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
5117 		    M_WAITOK);
5118 	}
5119 }
5120 
5121 /*
5122  * Backend "memory move is complete" callback for requests that never
5123  * make it down to say RAIDCore's configuration code.
5124  */
5125 int
5126 ctl_config_move_done(union ctl_io *io)
5127 {
5128 	int retval;
5129 
5130 	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5131 	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
5132 	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
5133 
5134 	if ((io->io_hdr.port_status != 0) &&
5135 	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5136 	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5137 		ctl_set_internal_failure(&io->scsiio, /*sks_valid*/ 1,
5138 		    /*retry_count*/ io->io_hdr.port_status);
5139 	} else if (io->scsiio.kern_data_resid != 0 &&
5140 	    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT &&
5141 	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5142 	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5143 		ctl_set_invalid_field_ciu(&io->scsiio);
5144 	}
5145 
5146 	if (ctl_debug & CTL_DEBUG_CDB_DATA)
5147 		ctl_data_print(io);
5148 	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
5149 	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5150 	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
5151 	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5152 		/*
5153 		 * XXX KDM just assuming a single pointer here, and not a
5154 		 * S/G list.  If we start using S/G lists for config data,
5155 		 * we'll need to know how to clean them up here as well.
5156 		 */
5157 		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5158 			free(io->scsiio.kern_data_ptr, M_CTL);
5159 		ctl_done(io);
5160 		retval = CTL_RETVAL_COMPLETE;
5161 	} else {
5162 		/*
5163 		 * XXX KDM now we need to continue data movement.  Some
5164 		 * options:
5165 		 * - call ctl_scsiio() again?  We don't do this for data
5166 		 *   writes, because for those at least we know ahead of
5167 		 *   time where the write will go and how long it is.  For
5168 		 *   config writes, though, that information is largely
5169 		 *   contained within the write itself, thus we need to
5170 		 *   parse out the data again.
5171 		 *
5172 		 * - Call some other function once the data is in?
5173 		 */
5174 
5175 		/*
5176 		 * XXX KDM call ctl_scsiio() again for now, and check flag
5177 		 * bits to see whether we're allocated or not.
5178 		 */
5179 		retval = ctl_scsiio(&io->scsiio);
5180 	}
5181 	return (retval);
5182 }
5183 
5184 /*
5185  * This gets called by a backend driver when it is done with a
5186  * data_submit method.
5187  */
5188 void
5189 ctl_data_submit_done(union ctl_io *io)
5190 {
5191 	/*
5192 	 * If the IO_CONT flag is set, we need to call the supplied
5193 	 * function to continue processing the I/O, instead of completing
5194 	 * the I/O just yet.
5195 	 *
5196 	 * If there is an error, though, we don't want to keep processing.
5197 	 * Instead, just send status back to the initiator.
5198 	 */
5199 	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5200 	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5201 	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5202 	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5203 		io->scsiio.io_cont(io);
5204 		return;
5205 	}
5206 	ctl_done(io);
5207 }
5208 
5209 /*
5210  * This gets called by a backend driver when it is done with a
5211  * configuration write.
5212  */
5213 void
5214 ctl_config_write_done(union ctl_io *io)
5215 {
5216 	uint8_t *buf;
5217 
5218 	/*
5219 	 * If the IO_CONT flag is set, we need to call the supplied
5220 	 * function to continue processing the I/O, instead of completing
5221 	 * the I/O just yet.
5222 	 *
5223 	 * If there is an error, though, we don't want to keep processing.
5224 	 * Instead, just send status back to the initiator.
5225 	 */
5226 	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5227 	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5228 	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5229 	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5230 		io->scsiio.io_cont(io);
5231 		return;
5232 	}
5233 	/*
5234 	 * Since a configuration write can be done for commands that actually
5235 	 * have data allocated, like write buffer, and commands that have
5236 	 * no data, like start/stop unit, we need to check here.
5237 	 */
5238 	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5239 		buf = io->scsiio.kern_data_ptr;
5240 	else
5241 		buf = NULL;
5242 	ctl_done(io);
5243 	if (buf)
5244 		free(buf, M_CTL);
5245 }
5246 
5247 void
5248 ctl_config_read_done(union ctl_io *io)
5249 {
5250 	uint8_t *buf;
5251 
5252 	/*
5253 	 * If there is some error -- we are done, skip data transfer.
5254 	 */
5255 	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5256 	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5257 	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5258 		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5259 			buf = io->scsiio.kern_data_ptr;
5260 		else
5261 			buf = NULL;
5262 		ctl_done(io);
5263 		if (buf)
5264 			free(buf, M_CTL);
5265 		return;
5266 	}
5267 
5268 	/*
5269 	 * If the IO_CONT flag is set, we need to call the supplied
5270 	 * function to continue processing the I/O, instead of completing
5271 	 * the I/O just yet.
5272 	 */
5273 	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5274 		io->scsiio.io_cont(io);
5275 		return;
5276 	}
5277 
5278 	ctl_datamove(io);
5279 }
5280 
5281 /*
5282  * SCSI release command.
5283  */
5284 int
5285 ctl_scsi_release(struct ctl_scsiio *ctsio)
5286 {
5287 	struct ctl_lun *lun = CTL_LUN(ctsio);
5288 	uint32_t residx;
5289 
5290 	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5291 
5292 	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5293 
5294 	/*
5295 	 * XXX KDM right now, we only support LUN reservation.  We don't
5296 	 * support 3rd party reservations, or extent reservations, which
5297 	 * might actually need the parameter list.  If we've gotten this
5298 	 * far, we've got a LUN reservation.  Anything else got kicked out
5299 	 * above.  So, according to SPC, ignore the length.
5300 	 */
5301 
5302 	mtx_lock(&lun->lun_lock);
5303 
5304 	/*
5305 	 * According to SPC, it is not an error for an intiator to attempt
5306 	 * to release a reservation on a LUN that isn't reserved, or that
5307 	 * is reserved by another initiator.  The reservation can only be
5308 	 * released, though, by the initiator who made it or by one of
5309 	 * several reset type events.
5310 	 */
5311 	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5312 			lun->flags &= ~CTL_LUN_RESERVED;
5313 
5314 	mtx_unlock(&lun->lun_lock);
5315 
5316 	ctl_set_success(ctsio);
5317 	ctl_done((union ctl_io *)ctsio);
5318 	return (CTL_RETVAL_COMPLETE);
5319 }
5320 
5321 int
5322 ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5323 {
5324 	struct ctl_lun *lun = CTL_LUN(ctsio);
5325 	uint32_t residx;
5326 
5327 	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5328 
5329 	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5330 
5331 	/*
5332 	 * XXX KDM right now, we only support LUN reservation.  We don't
5333 	 * support 3rd party reservations, or extent reservations, which
5334 	 * might actually need the parameter list.  If we've gotten this
5335 	 * far, we've got a LUN reservation.  Anything else got kicked out
5336 	 * above.  So, according to SPC, ignore the length.
5337 	 */
5338 
5339 	mtx_lock(&lun->lun_lock);
5340 	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5341 		ctl_set_reservation_conflict(ctsio);
5342 		goto bailout;
5343 	}
5344 
5345 	/* SPC-3 exceptions to SPC-2 RESERVE and RELEASE behavior. */
5346 	if (lun->flags & CTL_LUN_PR_RESERVED) {
5347 		ctl_set_success(ctsio);
5348 		goto bailout;
5349 	}
5350 
5351 	lun->flags |= CTL_LUN_RESERVED;
5352 	lun->res_idx = residx;
5353 	ctl_set_success(ctsio);
5354 
5355 bailout:
5356 	mtx_unlock(&lun->lun_lock);
5357 	ctl_done((union ctl_io *)ctsio);
5358 	return (CTL_RETVAL_COMPLETE);
5359 }
5360 
5361 int
5362 ctl_start_stop(struct ctl_scsiio *ctsio)
5363 {
5364 	struct ctl_lun *lun = CTL_LUN(ctsio);
5365 	struct scsi_start_stop_unit *cdb;
5366 	int retval;
5367 
5368 	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5369 
5370 	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5371 
5372 	if ((cdb->how & SSS_PC_MASK) == 0) {
5373 		if ((lun->flags & CTL_LUN_PR_RESERVED) &&
5374 		    (cdb->how & SSS_START) == 0) {
5375 			uint32_t residx;
5376 
5377 			residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5378 			if (ctl_get_prkey(lun, residx) == 0 ||
5379 			    (lun->pr_res_idx != residx && lun->pr_res_type < 4)) {
5380 
5381 				ctl_set_reservation_conflict(ctsio);
5382 				ctl_done((union ctl_io *)ctsio);
5383 				return (CTL_RETVAL_COMPLETE);
5384 			}
5385 		}
5386 
5387 		if ((cdb->how & SSS_LOEJ) &&
5388 		    (lun->flags & CTL_LUN_REMOVABLE) == 0) {
5389 			ctl_set_invalid_field(ctsio,
5390 					      /*sks_valid*/ 1,
5391 					      /*command*/ 1,
5392 					      /*field*/ 4,
5393 					      /*bit_valid*/ 1,
5394 					      /*bit*/ 1);
5395 			ctl_done((union ctl_io *)ctsio);
5396 			return (CTL_RETVAL_COMPLETE);
5397 		}
5398 
5399 		if ((cdb->how & SSS_START) == 0 && (cdb->how & SSS_LOEJ) &&
5400 		    lun->prevent_count > 0) {
5401 			/* "Medium removal prevented" */
5402 			ctl_set_sense(ctsio, /*current_error*/ 1,
5403 			    /*sense_key*/(lun->flags & CTL_LUN_NO_MEDIA) ?
5404 			     SSD_KEY_NOT_READY : SSD_KEY_ILLEGAL_REQUEST,
5405 			    /*asc*/ 0x53, /*ascq*/ 0x02, SSD_ELEM_NONE);
5406 			ctl_done((union ctl_io *)ctsio);
5407 			return (CTL_RETVAL_COMPLETE);
5408 		}
5409 	}
5410 
5411 	retval = lun->backend->config_write((union ctl_io *)ctsio);
5412 	return (retval);
5413 }
5414 
5415 int
5416 ctl_prevent_allow(struct ctl_scsiio *ctsio)
5417 {
5418 	struct ctl_lun *lun = CTL_LUN(ctsio);
5419 	struct scsi_prevent *cdb;
5420 	int retval;
5421 	uint32_t initidx;
5422 
5423 	CTL_DEBUG_PRINT(("ctl_prevent_allow\n"));
5424 
5425 	cdb = (struct scsi_prevent *)ctsio->cdb;
5426 
5427 	if ((lun->flags & CTL_LUN_REMOVABLE) == 0 || lun->prevent == NULL) {
5428 		ctl_set_invalid_opcode(ctsio);
5429 		ctl_done((union ctl_io *)ctsio);
5430 		return (CTL_RETVAL_COMPLETE);
5431 	}
5432 
5433 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5434 	mtx_lock(&lun->lun_lock);
5435 	if ((cdb->how & PR_PREVENT) &&
5436 	    ctl_is_set(lun->prevent, initidx) == 0) {
5437 		ctl_set_mask(lun->prevent, initidx);
5438 		lun->prevent_count++;
5439 	} else if ((cdb->how & PR_PREVENT) == 0 &&
5440 	    ctl_is_set(lun->prevent, initidx)) {
5441 		ctl_clear_mask(lun->prevent, initidx);
5442 		lun->prevent_count--;
5443 	}
5444 	mtx_unlock(&lun->lun_lock);
5445 	retval = lun->backend->config_write((union ctl_io *)ctsio);
5446 	return (retval);
5447 }
5448 
5449 /*
5450  * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5451  * we don't really do anything with the LBA and length fields if the user
5452  * passes them in.  Instead we'll just flush out the cache for the entire
5453  * LUN.
5454  */
5455 int
5456 ctl_sync_cache(struct ctl_scsiio *ctsio)
5457 {
5458 	struct ctl_lun *lun = CTL_LUN(ctsio);
5459 	struct ctl_lba_len_flags *lbalen;
5460 	uint64_t starting_lba;
5461 	uint32_t block_count;
5462 	int retval;
5463 	uint8_t byte2;
5464 
5465 	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5466 
5467 	retval = 0;
5468 
5469 	switch (ctsio->cdb[0]) {
5470 	case SYNCHRONIZE_CACHE: {
5471 		struct scsi_sync_cache *cdb;
5472 		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5473 
5474 		starting_lba = scsi_4btoul(cdb->begin_lba);
5475 		block_count = scsi_2btoul(cdb->lb_count);
5476 		byte2 = cdb->byte2;
5477 		break;
5478 	}
5479 	case SYNCHRONIZE_CACHE_16: {
5480 		struct scsi_sync_cache_16 *cdb;
5481 		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5482 
5483 		starting_lba = scsi_8btou64(cdb->begin_lba);
5484 		block_count = scsi_4btoul(cdb->lb_count);
5485 		byte2 = cdb->byte2;
5486 		break;
5487 	}
5488 	default:
5489 		ctl_set_invalid_opcode(ctsio);
5490 		ctl_done((union ctl_io *)ctsio);
5491 		goto bailout;
5492 		break; /* NOTREACHED */
5493 	}
5494 
5495 	/*
5496 	 * We check the LBA and length, but don't do anything with them.
5497 	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5498 	 * get flushed.  This check will just help satisfy anyone who wants
5499 	 * to see an error for an out of range LBA.
5500 	 */
5501 	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5502 		ctl_set_lba_out_of_range(ctsio,
5503 		    MAX(starting_lba, lun->be_lun->maxlba + 1));
5504 		ctl_done((union ctl_io *)ctsio);
5505 		goto bailout;
5506 	}
5507 
5508 	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5509 	lbalen->lba = starting_lba;
5510 	lbalen->len = block_count;
5511 	lbalen->flags = byte2;
5512 	retval = lun->backend->config_write((union ctl_io *)ctsio);
5513 
5514 bailout:
5515 	return (retval);
5516 }
5517 
5518 int
5519 ctl_format(struct ctl_scsiio *ctsio)
5520 {
5521 	struct scsi_format *cdb;
5522 	int length, defect_list_len;
5523 
5524 	CTL_DEBUG_PRINT(("ctl_format\n"));
5525 
5526 	cdb = (struct scsi_format *)ctsio->cdb;
5527 
5528 	length = 0;
5529 	if (cdb->byte2 & SF_FMTDATA) {
5530 		if (cdb->byte2 & SF_LONGLIST)
5531 			length = sizeof(struct scsi_format_header_long);
5532 		else
5533 			length = sizeof(struct scsi_format_header_short);
5534 	}
5535 
5536 	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5537 	 && (length > 0)) {
5538 		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5539 		ctsio->kern_data_len = length;
5540 		ctsio->kern_total_len = length;
5541 		ctsio->kern_rel_offset = 0;
5542 		ctsio->kern_sg_entries = 0;
5543 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5544 		ctsio->be_move_done = ctl_config_move_done;
5545 		ctl_datamove((union ctl_io *)ctsio);
5546 
5547 		return (CTL_RETVAL_COMPLETE);
5548 	}
5549 
5550 	defect_list_len = 0;
5551 
5552 	if (cdb->byte2 & SF_FMTDATA) {
5553 		if (cdb->byte2 & SF_LONGLIST) {
5554 			struct scsi_format_header_long *header;
5555 
5556 			header = (struct scsi_format_header_long *)
5557 				ctsio->kern_data_ptr;
5558 
5559 			defect_list_len = scsi_4btoul(header->defect_list_len);
5560 			if (defect_list_len != 0) {
5561 				ctl_set_invalid_field(ctsio,
5562 						      /*sks_valid*/ 1,
5563 						      /*command*/ 0,
5564 						      /*field*/ 2,
5565 						      /*bit_valid*/ 0,
5566 						      /*bit*/ 0);
5567 				goto bailout;
5568 			}
5569 		} else {
5570 			struct scsi_format_header_short *header;
5571 
5572 			header = (struct scsi_format_header_short *)
5573 				ctsio->kern_data_ptr;
5574 
5575 			defect_list_len = scsi_2btoul(header->defect_list_len);
5576 			if (defect_list_len != 0) {
5577 				ctl_set_invalid_field(ctsio,
5578 						      /*sks_valid*/ 1,
5579 						      /*command*/ 0,
5580 						      /*field*/ 2,
5581 						      /*bit_valid*/ 0,
5582 						      /*bit*/ 0);
5583 				goto bailout;
5584 			}
5585 		}
5586 	}
5587 
5588 	ctl_set_success(ctsio);
5589 bailout:
5590 
5591 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5592 		free(ctsio->kern_data_ptr, M_CTL);
5593 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5594 	}
5595 
5596 	ctl_done((union ctl_io *)ctsio);
5597 	return (CTL_RETVAL_COMPLETE);
5598 }
5599 
5600 int
5601 ctl_read_buffer(struct ctl_scsiio *ctsio)
5602 {
5603 	struct ctl_lun *lun = CTL_LUN(ctsio);
5604 	uint64_t buffer_offset;
5605 	uint32_t len;
5606 	uint8_t byte2;
5607 	static uint8_t descr[4];
5608 	static uint8_t echo_descr[4] = { 0 };
5609 
5610 	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5611 
5612 	switch (ctsio->cdb[0]) {
5613 	case READ_BUFFER: {
5614 		struct scsi_read_buffer *cdb;
5615 
5616 		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5617 		buffer_offset = scsi_3btoul(cdb->offset);
5618 		len = scsi_3btoul(cdb->length);
5619 		byte2 = cdb->byte2;
5620 		break;
5621 	}
5622 	case READ_BUFFER_16: {
5623 		struct scsi_read_buffer_16 *cdb;
5624 
5625 		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5626 		buffer_offset = scsi_8btou64(cdb->offset);
5627 		len = scsi_4btoul(cdb->length);
5628 		byte2 = cdb->byte2;
5629 		break;
5630 	}
5631 	default: /* This shouldn't happen. */
5632 		ctl_set_invalid_opcode(ctsio);
5633 		ctl_done((union ctl_io *)ctsio);
5634 		return (CTL_RETVAL_COMPLETE);
5635 	}
5636 
5637 	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5638 	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5639 		ctl_set_invalid_field(ctsio,
5640 				      /*sks_valid*/ 1,
5641 				      /*command*/ 1,
5642 				      /*field*/ 6,
5643 				      /*bit_valid*/ 0,
5644 				      /*bit*/ 0);
5645 		ctl_done((union ctl_io *)ctsio);
5646 		return (CTL_RETVAL_COMPLETE);
5647 	}
5648 
5649 	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5650 		descr[0] = 0;
5651 		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5652 		ctsio->kern_data_ptr = descr;
5653 		len = min(len, sizeof(descr));
5654 	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5655 		ctsio->kern_data_ptr = echo_descr;
5656 		len = min(len, sizeof(echo_descr));
5657 	} else {
5658 		if (lun->write_buffer == NULL) {
5659 			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5660 			    M_CTL, M_WAITOK);
5661 		}
5662 		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5663 	}
5664 	ctsio->kern_data_len = len;
5665 	ctsio->kern_total_len = len;
5666 	ctsio->kern_rel_offset = 0;
5667 	ctsio->kern_sg_entries = 0;
5668 	ctl_set_success(ctsio);
5669 	ctsio->be_move_done = ctl_config_move_done;
5670 	ctl_datamove((union ctl_io *)ctsio);
5671 	return (CTL_RETVAL_COMPLETE);
5672 }
5673 
5674 int
5675 ctl_write_buffer(struct ctl_scsiio *ctsio)
5676 {
5677 	struct ctl_lun *lun = CTL_LUN(ctsio);
5678 	struct scsi_write_buffer *cdb;
5679 	int buffer_offset, len;
5680 
5681 	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5682 
5683 	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5684 
5685 	len = scsi_3btoul(cdb->length);
5686 	buffer_offset = scsi_3btoul(cdb->offset);
5687 
5688 	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5689 		ctl_set_invalid_field(ctsio,
5690 				      /*sks_valid*/ 1,
5691 				      /*command*/ 1,
5692 				      /*field*/ 6,
5693 				      /*bit_valid*/ 0,
5694 				      /*bit*/ 0);
5695 		ctl_done((union ctl_io *)ctsio);
5696 		return (CTL_RETVAL_COMPLETE);
5697 	}
5698 
5699 	/*
5700 	 * If we've got a kernel request that hasn't been malloced yet,
5701 	 * malloc it and tell the caller the data buffer is here.
5702 	 */
5703 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5704 		if (lun->write_buffer == NULL) {
5705 			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5706 			    M_CTL, M_WAITOK);
5707 		}
5708 		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5709 		ctsio->kern_data_len = len;
5710 		ctsio->kern_total_len = len;
5711 		ctsio->kern_rel_offset = 0;
5712 		ctsio->kern_sg_entries = 0;
5713 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5714 		ctsio->be_move_done = ctl_config_move_done;
5715 		ctl_datamove((union ctl_io *)ctsio);
5716 
5717 		return (CTL_RETVAL_COMPLETE);
5718 	}
5719 
5720 	ctl_set_success(ctsio);
5721 	ctl_done((union ctl_io *)ctsio);
5722 	return (CTL_RETVAL_COMPLETE);
5723 }
5724 
5725 int
5726 ctl_write_same(struct ctl_scsiio *ctsio)
5727 {
5728 	struct ctl_lun *lun = CTL_LUN(ctsio);
5729 	struct ctl_lba_len_flags *lbalen;
5730 	uint64_t lba;
5731 	uint32_t num_blocks;
5732 	int len, retval;
5733 	uint8_t byte2;
5734 
5735 	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5736 
5737 	switch (ctsio->cdb[0]) {
5738 	case WRITE_SAME_10: {
5739 		struct scsi_write_same_10 *cdb;
5740 
5741 		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5742 
5743 		lba = scsi_4btoul(cdb->addr);
5744 		num_blocks = scsi_2btoul(cdb->length);
5745 		byte2 = cdb->byte2;
5746 		break;
5747 	}
5748 	case WRITE_SAME_16: {
5749 		struct scsi_write_same_16 *cdb;
5750 
5751 		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5752 
5753 		lba = scsi_8btou64(cdb->addr);
5754 		num_blocks = scsi_4btoul(cdb->length);
5755 		byte2 = cdb->byte2;
5756 		break;
5757 	}
5758 	default:
5759 		/*
5760 		 * We got a command we don't support.  This shouldn't
5761 		 * happen, commands should be filtered out above us.
5762 		 */
5763 		ctl_set_invalid_opcode(ctsio);
5764 		ctl_done((union ctl_io *)ctsio);
5765 
5766 		return (CTL_RETVAL_COMPLETE);
5767 		break; /* NOTREACHED */
5768 	}
5769 
5770 	/* ANCHOR flag can be used only together with UNMAP */
5771 	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5772 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5773 		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5774 		ctl_done((union ctl_io *)ctsio);
5775 		return (CTL_RETVAL_COMPLETE);
5776 	}
5777 
5778 	/*
5779 	 * The first check is to make sure we're in bounds, the second
5780 	 * check is to catch wrap-around problems.  If the lba + num blocks
5781 	 * is less than the lba, then we've wrapped around and the block
5782 	 * range is invalid anyway.
5783 	 */
5784 	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5785 	 || ((lba + num_blocks) < lba)) {
5786 		ctl_set_lba_out_of_range(ctsio,
5787 		    MAX(lba, lun->be_lun->maxlba + 1));
5788 		ctl_done((union ctl_io *)ctsio);
5789 		return (CTL_RETVAL_COMPLETE);
5790 	}
5791 
5792 	/* Zero number of blocks means "to the last logical block" */
5793 	if (num_blocks == 0) {
5794 		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5795 			ctl_set_invalid_field(ctsio,
5796 					      /*sks_valid*/ 0,
5797 					      /*command*/ 1,
5798 					      /*field*/ 0,
5799 					      /*bit_valid*/ 0,
5800 					      /*bit*/ 0);
5801 			ctl_done((union ctl_io *)ctsio);
5802 			return (CTL_RETVAL_COMPLETE);
5803 		}
5804 		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5805 	}
5806 
5807 	len = lun->be_lun->blocksize;
5808 
5809 	/*
5810 	 * If we've got a kernel request that hasn't been malloced yet,
5811 	 * malloc it and tell the caller the data buffer is here.
5812 	 */
5813 	if ((byte2 & SWS_NDOB) == 0 &&
5814 	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5815 		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
5816 		ctsio->kern_data_len = len;
5817 		ctsio->kern_total_len = len;
5818 		ctsio->kern_rel_offset = 0;
5819 		ctsio->kern_sg_entries = 0;
5820 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5821 		ctsio->be_move_done = ctl_config_move_done;
5822 		ctl_datamove((union ctl_io *)ctsio);
5823 
5824 		return (CTL_RETVAL_COMPLETE);
5825 	}
5826 
5827 	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5828 	lbalen->lba = lba;
5829 	lbalen->len = num_blocks;
5830 	lbalen->flags = byte2;
5831 	retval = lun->backend->config_write((union ctl_io *)ctsio);
5832 
5833 	return (retval);
5834 }
5835 
5836 int
5837 ctl_unmap(struct ctl_scsiio *ctsio)
5838 {
5839 	struct ctl_lun *lun = CTL_LUN(ctsio);
5840 	struct scsi_unmap *cdb;
5841 	struct ctl_ptr_len_flags *ptrlen;
5842 	struct scsi_unmap_header *hdr;
5843 	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5844 	uint64_t lba;
5845 	uint32_t num_blocks;
5846 	int len, retval;
5847 	uint8_t byte2;
5848 
5849 	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5850 
5851 	cdb = (struct scsi_unmap *)ctsio->cdb;
5852 	len = scsi_2btoul(cdb->length);
5853 	byte2 = cdb->byte2;
5854 
5855 	/*
5856 	 * If we've got a kernel request that hasn't been malloced yet,
5857 	 * malloc it and tell the caller the data buffer is here.
5858 	 */
5859 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5860 		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
5861 		ctsio->kern_data_len = len;
5862 		ctsio->kern_total_len = len;
5863 		ctsio->kern_rel_offset = 0;
5864 		ctsio->kern_sg_entries = 0;
5865 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5866 		ctsio->be_move_done = ctl_config_move_done;
5867 		ctl_datamove((union ctl_io *)ctsio);
5868 
5869 		return (CTL_RETVAL_COMPLETE);
5870 	}
5871 
5872 	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5873 	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5874 	if (len < sizeof (*hdr) ||
5875 	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5876 	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5877 	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5878 		ctl_set_invalid_field(ctsio,
5879 				      /*sks_valid*/ 0,
5880 				      /*command*/ 0,
5881 				      /*field*/ 0,
5882 				      /*bit_valid*/ 0,
5883 				      /*bit*/ 0);
5884 		goto done;
5885 	}
5886 	len = scsi_2btoul(hdr->desc_length);
5887 	buf = (struct scsi_unmap_desc *)(hdr + 1);
5888 	end = buf + len / sizeof(*buf);
5889 
5890 	endnz = buf;
5891 	for (range = buf; range < end; range++) {
5892 		lba = scsi_8btou64(range->lba);
5893 		num_blocks = scsi_4btoul(range->length);
5894 		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5895 		 || ((lba + num_blocks) < lba)) {
5896 			ctl_set_lba_out_of_range(ctsio,
5897 			    MAX(lba, lun->be_lun->maxlba + 1));
5898 			ctl_done((union ctl_io *)ctsio);
5899 			return (CTL_RETVAL_COMPLETE);
5900 		}
5901 		if (num_blocks != 0)
5902 			endnz = range + 1;
5903 	}
5904 
5905 	/*
5906 	 * Block backend can not handle zero last range.
5907 	 * Filter it out and return if there is nothing left.
5908 	 */
5909 	len = (uint8_t *)endnz - (uint8_t *)buf;
5910 	if (len == 0) {
5911 		ctl_set_success(ctsio);
5912 		goto done;
5913 	}
5914 
5915 	mtx_lock(&lun->lun_lock);
5916 	ptrlen = (struct ctl_ptr_len_flags *)
5917 	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5918 	ptrlen->ptr = (void *)buf;
5919 	ptrlen->len = len;
5920 	ptrlen->flags = byte2;
5921 	ctl_check_blocked(lun);
5922 	mtx_unlock(&lun->lun_lock);
5923 
5924 	retval = lun->backend->config_write((union ctl_io *)ctsio);
5925 	return (retval);
5926 
5927 done:
5928 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5929 		free(ctsio->kern_data_ptr, M_CTL);
5930 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5931 	}
5932 	ctl_done((union ctl_io *)ctsio);
5933 	return (CTL_RETVAL_COMPLETE);
5934 }
5935 
5936 int
5937 ctl_default_page_handler(struct ctl_scsiio *ctsio,
5938 			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5939 {
5940 	struct ctl_lun *lun = CTL_LUN(ctsio);
5941 	uint8_t *current_cp;
5942 	int set_ua;
5943 	uint32_t initidx;
5944 
5945 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5946 	set_ua = 0;
5947 
5948 	current_cp = (page_index->page_data + (page_index->page_len *
5949 	    CTL_PAGE_CURRENT));
5950 
5951 	mtx_lock(&lun->lun_lock);
5952 	if (memcmp(current_cp, page_ptr, page_index->page_len)) {
5953 		memcpy(current_cp, page_ptr, page_index->page_len);
5954 		set_ua = 1;
5955 	}
5956 	if (set_ua != 0)
5957 		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5958 	mtx_unlock(&lun->lun_lock);
5959 	if (set_ua) {
5960 		ctl_isc_announce_mode(lun,
5961 		    ctl_get_initindex(&ctsio->io_hdr.nexus),
5962 		    page_index->page_code, page_index->subpage);
5963 	}
5964 	return (CTL_RETVAL_COMPLETE);
5965 }
5966 
5967 static void
5968 ctl_ie_timer(void *arg)
5969 {
5970 	struct ctl_lun *lun = arg;
5971 	uint64_t t;
5972 
5973 	if (lun->ie_asc == 0)
5974 		return;
5975 
5976 	if (lun->MODE_IE.mrie == SIEP_MRIE_UA)
5977 		ctl_est_ua_all(lun, -1, CTL_UA_IE);
5978 	else
5979 		lun->ie_reported = 0;
5980 
5981 	if (lun->ie_reportcnt < scsi_4btoul(lun->MODE_IE.report_count)) {
5982 		lun->ie_reportcnt++;
5983 		t = scsi_4btoul(lun->MODE_IE.interval_timer);
5984 		if (t == 0 || t == UINT32_MAX)
5985 			t = 3000;  /* 5 min */
5986 		callout_schedule(&lun->ie_callout, t * hz / 10);
5987 	}
5988 }
5989 
5990 int
5991 ctl_ie_page_handler(struct ctl_scsiio *ctsio,
5992 			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5993 {
5994 	struct ctl_lun *lun = CTL_LUN(ctsio);
5995 	struct scsi_info_exceptions_page *pg;
5996 	uint64_t t;
5997 
5998 	(void)ctl_default_page_handler(ctsio, page_index, page_ptr);
5999 
6000 	pg = (struct scsi_info_exceptions_page *)page_ptr;
6001 	mtx_lock(&lun->lun_lock);
6002 	if (pg->info_flags & SIEP_FLAGS_TEST) {
6003 		lun->ie_asc = 0x5d;
6004 		lun->ie_ascq = 0xff;
6005 		if (pg->mrie == SIEP_MRIE_UA) {
6006 			ctl_est_ua_all(lun, -1, CTL_UA_IE);
6007 			lun->ie_reported = 1;
6008 		} else {
6009 			ctl_clr_ua_all(lun, -1, CTL_UA_IE);
6010 			lun->ie_reported = -1;
6011 		}
6012 		lun->ie_reportcnt = 1;
6013 		if (lun->ie_reportcnt < scsi_4btoul(pg->report_count)) {
6014 			lun->ie_reportcnt++;
6015 			t = scsi_4btoul(pg->interval_timer);
6016 			if (t == 0 || t == UINT32_MAX)
6017 				t = 3000;  /* 5 min */
6018 			callout_reset(&lun->ie_callout, t * hz / 10,
6019 			    ctl_ie_timer, lun);
6020 		}
6021 	} else {
6022 		lun->ie_asc = 0;
6023 		lun->ie_ascq = 0;
6024 		lun->ie_reported = 1;
6025 		ctl_clr_ua_all(lun, -1, CTL_UA_IE);
6026 		lun->ie_reportcnt = UINT32_MAX;
6027 		callout_stop(&lun->ie_callout);
6028 	}
6029 	mtx_unlock(&lun->lun_lock);
6030 	return (CTL_RETVAL_COMPLETE);
6031 }
6032 
6033 static int
6034 ctl_do_mode_select(union ctl_io *io)
6035 {
6036 	struct ctl_lun *lun = CTL_LUN(io);
6037 	struct scsi_mode_page_header *page_header;
6038 	struct ctl_page_index *page_index;
6039 	struct ctl_scsiio *ctsio;
6040 	int page_len, page_len_offset, page_len_size;
6041 	union ctl_modepage_info *modepage_info;
6042 	uint16_t *len_left, *len_used;
6043 	int retval, i;
6044 
6045 	ctsio = &io->scsiio;
6046 	page_index = NULL;
6047 	page_len = 0;
6048 
6049 	modepage_info = (union ctl_modepage_info *)
6050 		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6051 	len_left = &modepage_info->header.len_left;
6052 	len_used = &modepage_info->header.len_used;
6053 
6054 do_next_page:
6055 
6056 	page_header = (struct scsi_mode_page_header *)
6057 		(ctsio->kern_data_ptr + *len_used);
6058 
6059 	if (*len_left == 0) {
6060 		free(ctsio->kern_data_ptr, M_CTL);
6061 		ctl_set_success(ctsio);
6062 		ctl_done((union ctl_io *)ctsio);
6063 		return (CTL_RETVAL_COMPLETE);
6064 	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6065 
6066 		free(ctsio->kern_data_ptr, M_CTL);
6067 		ctl_set_param_len_error(ctsio);
6068 		ctl_done((union ctl_io *)ctsio);
6069 		return (CTL_RETVAL_COMPLETE);
6070 
6071 	} else if ((page_header->page_code & SMPH_SPF)
6072 		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6073 
6074 		free(ctsio->kern_data_ptr, M_CTL);
6075 		ctl_set_param_len_error(ctsio);
6076 		ctl_done((union ctl_io *)ctsio);
6077 		return (CTL_RETVAL_COMPLETE);
6078 	}
6079 
6080 
6081 	/*
6082 	 * XXX KDM should we do something with the block descriptor?
6083 	 */
6084 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6085 		page_index = &lun->mode_pages.index[i];
6086 		if (lun->be_lun->lun_type == T_DIRECT &&
6087 		    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6088 			continue;
6089 		if (lun->be_lun->lun_type == T_PROCESSOR &&
6090 		    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6091 			continue;
6092 		if (lun->be_lun->lun_type == T_CDROM &&
6093 		    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6094 			continue;
6095 
6096 		if ((page_index->page_code & SMPH_PC_MASK) !=
6097 		    (page_header->page_code & SMPH_PC_MASK))
6098 			continue;
6099 
6100 		/*
6101 		 * If neither page has a subpage code, then we've got a
6102 		 * match.
6103 		 */
6104 		if (((page_index->page_code & SMPH_SPF) == 0)
6105 		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6106 			page_len = page_header->page_length;
6107 			break;
6108 		}
6109 
6110 		/*
6111 		 * If both pages have subpages, then the subpage numbers
6112 		 * have to match.
6113 		 */
6114 		if ((page_index->page_code & SMPH_SPF)
6115 		  && (page_header->page_code & SMPH_SPF)) {
6116 			struct scsi_mode_page_header_sp *sph;
6117 
6118 			sph = (struct scsi_mode_page_header_sp *)page_header;
6119 			if (page_index->subpage == sph->subpage) {
6120 				page_len = scsi_2btoul(sph->page_length);
6121 				break;
6122 			}
6123 		}
6124 	}
6125 
6126 	/*
6127 	 * If we couldn't find the page, or if we don't have a mode select
6128 	 * handler for it, send back an error to the user.
6129 	 */
6130 	if ((i >= CTL_NUM_MODE_PAGES)
6131 	 || (page_index->select_handler == NULL)) {
6132 		ctl_set_invalid_field(ctsio,
6133 				      /*sks_valid*/ 1,
6134 				      /*command*/ 0,
6135 				      /*field*/ *len_used,
6136 				      /*bit_valid*/ 0,
6137 				      /*bit*/ 0);
6138 		free(ctsio->kern_data_ptr, M_CTL);
6139 		ctl_done((union ctl_io *)ctsio);
6140 		return (CTL_RETVAL_COMPLETE);
6141 	}
6142 
6143 	if (page_index->page_code & SMPH_SPF) {
6144 		page_len_offset = 2;
6145 		page_len_size = 2;
6146 	} else {
6147 		page_len_size = 1;
6148 		page_len_offset = 1;
6149 	}
6150 
6151 	/*
6152 	 * If the length the initiator gives us isn't the one we specify in
6153 	 * the mode page header, or if they didn't specify enough data in
6154 	 * the CDB to avoid truncating this page, kick out the request.
6155 	 */
6156 	if (page_len != page_index->page_len - page_len_offset - page_len_size) {
6157 		ctl_set_invalid_field(ctsio,
6158 				      /*sks_valid*/ 1,
6159 				      /*command*/ 0,
6160 				      /*field*/ *len_used + page_len_offset,
6161 				      /*bit_valid*/ 0,
6162 				      /*bit*/ 0);
6163 		free(ctsio->kern_data_ptr, M_CTL);
6164 		ctl_done((union ctl_io *)ctsio);
6165 		return (CTL_RETVAL_COMPLETE);
6166 	}
6167 	if (*len_left < page_index->page_len) {
6168 		free(ctsio->kern_data_ptr, M_CTL);
6169 		ctl_set_param_len_error(ctsio);
6170 		ctl_done((union ctl_io *)ctsio);
6171 		return (CTL_RETVAL_COMPLETE);
6172 	}
6173 
6174 	/*
6175 	 * Run through the mode page, checking to make sure that the bits
6176 	 * the user changed are actually legal for him to change.
6177 	 */
6178 	for (i = 0; i < page_index->page_len; i++) {
6179 		uint8_t *user_byte, *change_mask, *current_byte;
6180 		int bad_bit;
6181 		int j;
6182 
6183 		user_byte = (uint8_t *)page_header + i;
6184 		change_mask = page_index->page_data +
6185 			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6186 		current_byte = page_index->page_data +
6187 			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6188 
6189 		/*
6190 		 * Check to see whether the user set any bits in this byte
6191 		 * that he is not allowed to set.
6192 		 */
6193 		if ((*user_byte & ~(*change_mask)) ==
6194 		    (*current_byte & ~(*change_mask)))
6195 			continue;
6196 
6197 		/*
6198 		 * Go through bit by bit to determine which one is illegal.
6199 		 */
6200 		bad_bit = 0;
6201 		for (j = 7; j >= 0; j--) {
6202 			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6203 			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6204 				bad_bit = i;
6205 				break;
6206 			}
6207 		}
6208 		ctl_set_invalid_field(ctsio,
6209 				      /*sks_valid*/ 1,
6210 				      /*command*/ 0,
6211 				      /*field*/ *len_used + i,
6212 				      /*bit_valid*/ 1,
6213 				      /*bit*/ bad_bit);
6214 		free(ctsio->kern_data_ptr, M_CTL);
6215 		ctl_done((union ctl_io *)ctsio);
6216 		return (CTL_RETVAL_COMPLETE);
6217 	}
6218 
6219 	/*
6220 	 * Decrement these before we call the page handler, since we may
6221 	 * end up getting called back one way or another before the handler
6222 	 * returns to this context.
6223 	 */
6224 	*len_left -= page_index->page_len;
6225 	*len_used += page_index->page_len;
6226 
6227 	retval = page_index->select_handler(ctsio, page_index,
6228 					    (uint8_t *)page_header);
6229 
6230 	/*
6231 	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6232 	 * wait until this queued command completes to finish processing
6233 	 * the mode page.  If it returns anything other than
6234 	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6235 	 * already set the sense information, freed the data pointer, and
6236 	 * completed the io for us.
6237 	 */
6238 	if (retval != CTL_RETVAL_COMPLETE)
6239 		goto bailout_no_done;
6240 
6241 	/*
6242 	 * If the initiator sent us more than one page, parse the next one.
6243 	 */
6244 	if (*len_left > 0)
6245 		goto do_next_page;
6246 
6247 	ctl_set_success(ctsio);
6248 	free(ctsio->kern_data_ptr, M_CTL);
6249 	ctl_done((union ctl_io *)ctsio);
6250 
6251 bailout_no_done:
6252 
6253 	return (CTL_RETVAL_COMPLETE);
6254 
6255 }
6256 
6257 int
6258 ctl_mode_select(struct ctl_scsiio *ctsio)
6259 {
6260 	struct ctl_lun *lun = CTL_LUN(ctsio);
6261 	union ctl_modepage_info *modepage_info;
6262 	int bd_len, i, header_size, param_len, pf, rtd, sp;
6263 	uint32_t initidx;
6264 
6265 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6266 	switch (ctsio->cdb[0]) {
6267 	case MODE_SELECT_6: {
6268 		struct scsi_mode_select_6 *cdb;
6269 
6270 		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6271 
6272 		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6273 		rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0;
6274 		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6275 		param_len = cdb->length;
6276 		header_size = sizeof(struct scsi_mode_header_6);
6277 		break;
6278 	}
6279 	case MODE_SELECT_10: {
6280 		struct scsi_mode_select_10 *cdb;
6281 
6282 		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6283 
6284 		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6285 		rtd = (cdb->byte2 & SMS_RTD) ? 1 : 0;
6286 		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6287 		param_len = scsi_2btoul(cdb->length);
6288 		header_size = sizeof(struct scsi_mode_header_10);
6289 		break;
6290 	}
6291 	default:
6292 		ctl_set_invalid_opcode(ctsio);
6293 		ctl_done((union ctl_io *)ctsio);
6294 		return (CTL_RETVAL_COMPLETE);
6295 	}
6296 
6297 	if (rtd) {
6298 		if (param_len != 0) {
6299 			ctl_set_invalid_field(ctsio, /*sks_valid*/ 0,
6300 			    /*command*/ 1, /*field*/ 0,
6301 			    /*bit_valid*/ 0, /*bit*/ 0);
6302 			ctl_done((union ctl_io *)ctsio);
6303 			return (CTL_RETVAL_COMPLETE);
6304 		}
6305 
6306 		/* Revert to defaults. */
6307 		ctl_init_page_index(lun);
6308 		mtx_lock(&lun->lun_lock);
6309 		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6310 		mtx_unlock(&lun->lun_lock);
6311 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6312 			ctl_isc_announce_mode(lun, -1,
6313 			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
6314 			    lun->mode_pages.index[i].subpage);
6315 		}
6316 		ctl_set_success(ctsio);
6317 		ctl_done((union ctl_io *)ctsio);
6318 		return (CTL_RETVAL_COMPLETE);
6319 	}
6320 
6321 	/*
6322 	 * From SPC-3:
6323 	 * "A parameter list length of zero indicates that the Data-Out Buffer
6324 	 * shall be empty. This condition shall not be considered as an error."
6325 	 */
6326 	if (param_len == 0) {
6327 		ctl_set_success(ctsio);
6328 		ctl_done((union ctl_io *)ctsio);
6329 		return (CTL_RETVAL_COMPLETE);
6330 	}
6331 
6332 	/*
6333 	 * Since we'll hit this the first time through, prior to
6334 	 * allocation, we don't need to free a data buffer here.
6335 	 */
6336 	if (param_len < header_size) {
6337 		ctl_set_param_len_error(ctsio);
6338 		ctl_done((union ctl_io *)ctsio);
6339 		return (CTL_RETVAL_COMPLETE);
6340 	}
6341 
6342 	/*
6343 	 * Allocate the data buffer and grab the user's data.  In theory,
6344 	 * we shouldn't have to sanity check the parameter list length here
6345 	 * because the maximum size is 64K.  We should be able to malloc
6346 	 * that much without too many problems.
6347 	 */
6348 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6349 		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6350 		ctsio->kern_data_len = param_len;
6351 		ctsio->kern_total_len = param_len;
6352 		ctsio->kern_rel_offset = 0;
6353 		ctsio->kern_sg_entries = 0;
6354 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6355 		ctsio->be_move_done = ctl_config_move_done;
6356 		ctl_datamove((union ctl_io *)ctsio);
6357 
6358 		return (CTL_RETVAL_COMPLETE);
6359 	}
6360 
6361 	switch (ctsio->cdb[0]) {
6362 	case MODE_SELECT_6: {
6363 		struct scsi_mode_header_6 *mh6;
6364 
6365 		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6366 		bd_len = mh6->blk_desc_len;
6367 		break;
6368 	}
6369 	case MODE_SELECT_10: {
6370 		struct scsi_mode_header_10 *mh10;
6371 
6372 		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6373 		bd_len = scsi_2btoul(mh10->blk_desc_len);
6374 		break;
6375 	}
6376 	default:
6377 		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6378 	}
6379 
6380 	if (param_len < (header_size + bd_len)) {
6381 		free(ctsio->kern_data_ptr, M_CTL);
6382 		ctl_set_param_len_error(ctsio);
6383 		ctl_done((union ctl_io *)ctsio);
6384 		return (CTL_RETVAL_COMPLETE);
6385 	}
6386 
6387 	/*
6388 	 * Set the IO_CONT flag, so that if this I/O gets passed to
6389 	 * ctl_config_write_done(), it'll get passed back to
6390 	 * ctl_do_mode_select() for further processing, or completion if
6391 	 * we're all done.
6392 	 */
6393 	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6394 	ctsio->io_cont = ctl_do_mode_select;
6395 
6396 	modepage_info = (union ctl_modepage_info *)
6397 		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6398 	memset(modepage_info, 0, sizeof(*modepage_info));
6399 	modepage_info->header.len_left = param_len - header_size - bd_len;
6400 	modepage_info->header.len_used = header_size + bd_len;
6401 
6402 	return (ctl_do_mode_select((union ctl_io *)ctsio));
6403 }
6404 
6405 int
6406 ctl_mode_sense(struct ctl_scsiio *ctsio)
6407 {
6408 	struct ctl_lun *lun = CTL_LUN(ctsio);
6409 	int pc, page_code, dbd, llba, subpage;
6410 	int alloc_len, page_len, header_len, total_len;
6411 	struct scsi_mode_block_descr *block_desc;
6412 	struct ctl_page_index *page_index;
6413 
6414 	dbd = 0;
6415 	llba = 0;
6416 	block_desc = NULL;
6417 
6418 	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6419 
6420 	switch (ctsio->cdb[0]) {
6421 	case MODE_SENSE_6: {
6422 		struct scsi_mode_sense_6 *cdb;
6423 
6424 		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6425 
6426 		header_len = sizeof(struct scsi_mode_hdr_6);
6427 		if (cdb->byte2 & SMS_DBD)
6428 			dbd = 1;
6429 		else
6430 			header_len += sizeof(struct scsi_mode_block_descr);
6431 
6432 		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6433 		page_code = cdb->page & SMS_PAGE_CODE;
6434 		subpage = cdb->subpage;
6435 		alloc_len = cdb->length;
6436 		break;
6437 	}
6438 	case MODE_SENSE_10: {
6439 		struct scsi_mode_sense_10 *cdb;
6440 
6441 		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6442 
6443 		header_len = sizeof(struct scsi_mode_hdr_10);
6444 
6445 		if (cdb->byte2 & SMS_DBD)
6446 			dbd = 1;
6447 		else
6448 			header_len += sizeof(struct scsi_mode_block_descr);
6449 		if (cdb->byte2 & SMS10_LLBAA)
6450 			llba = 1;
6451 		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6452 		page_code = cdb->page & SMS_PAGE_CODE;
6453 		subpage = cdb->subpage;
6454 		alloc_len = scsi_2btoul(cdb->length);
6455 		break;
6456 	}
6457 	default:
6458 		ctl_set_invalid_opcode(ctsio);
6459 		ctl_done((union ctl_io *)ctsio);
6460 		return (CTL_RETVAL_COMPLETE);
6461 		break; /* NOTREACHED */
6462 	}
6463 
6464 	/*
6465 	 * We have to make a first pass through to calculate the size of
6466 	 * the pages that match the user's query.  Then we allocate enough
6467 	 * memory to hold it, and actually copy the data into the buffer.
6468 	 */
6469 	switch (page_code) {
6470 	case SMS_ALL_PAGES_PAGE: {
6471 		u_int i;
6472 
6473 		page_len = 0;
6474 
6475 		/*
6476 		 * At the moment, values other than 0 and 0xff here are
6477 		 * reserved according to SPC-3.
6478 		 */
6479 		if ((subpage != SMS_SUBPAGE_PAGE_0)
6480 		 && (subpage != SMS_SUBPAGE_ALL)) {
6481 			ctl_set_invalid_field(ctsio,
6482 					      /*sks_valid*/ 1,
6483 					      /*command*/ 1,
6484 					      /*field*/ 3,
6485 					      /*bit_valid*/ 0,
6486 					      /*bit*/ 0);
6487 			ctl_done((union ctl_io *)ctsio);
6488 			return (CTL_RETVAL_COMPLETE);
6489 		}
6490 
6491 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6492 			page_index = &lun->mode_pages.index[i];
6493 
6494 			/* Make sure the page is supported for this dev type */
6495 			if (lun->be_lun->lun_type == T_DIRECT &&
6496 			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6497 				continue;
6498 			if (lun->be_lun->lun_type == T_PROCESSOR &&
6499 			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6500 				continue;
6501 			if (lun->be_lun->lun_type == T_CDROM &&
6502 			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6503 				continue;
6504 
6505 			/*
6506 			 * We don't use this subpage if the user didn't
6507 			 * request all subpages.
6508 			 */
6509 			if ((page_index->subpage != 0)
6510 			 && (subpage == SMS_SUBPAGE_PAGE_0))
6511 				continue;
6512 
6513 #if 0
6514 			printf("found page %#x len %d\n",
6515 			       page_index->page_code & SMPH_PC_MASK,
6516 			       page_index->page_len);
6517 #endif
6518 			page_len += page_index->page_len;
6519 		}
6520 		break;
6521 	}
6522 	default: {
6523 		u_int i;
6524 
6525 		page_len = 0;
6526 
6527 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6528 			page_index = &lun->mode_pages.index[i];
6529 
6530 			/* Make sure the page is supported for this dev type */
6531 			if (lun->be_lun->lun_type == T_DIRECT &&
6532 			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6533 				continue;
6534 			if (lun->be_lun->lun_type == T_PROCESSOR &&
6535 			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6536 				continue;
6537 			if (lun->be_lun->lun_type == T_CDROM &&
6538 			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6539 				continue;
6540 
6541 			/* Look for the right page code */
6542 			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6543 				continue;
6544 
6545 			/* Look for the right subpage or the subpage wildcard*/
6546 			if ((page_index->subpage != subpage)
6547 			 && (subpage != SMS_SUBPAGE_ALL))
6548 				continue;
6549 
6550 #if 0
6551 			printf("found page %#x len %d\n",
6552 			       page_index->page_code & SMPH_PC_MASK,
6553 			       page_index->page_len);
6554 #endif
6555 
6556 			page_len += page_index->page_len;
6557 		}
6558 
6559 		if (page_len == 0) {
6560 			ctl_set_invalid_field(ctsio,
6561 					      /*sks_valid*/ 1,
6562 					      /*command*/ 1,
6563 					      /*field*/ 2,
6564 					      /*bit_valid*/ 1,
6565 					      /*bit*/ 5);
6566 			ctl_done((union ctl_io *)ctsio);
6567 			return (CTL_RETVAL_COMPLETE);
6568 		}
6569 		break;
6570 	}
6571 	}
6572 
6573 	total_len = header_len + page_len;
6574 #if 0
6575 	printf("header_len = %d, page_len = %d, total_len = %d\n",
6576 	       header_len, page_len, total_len);
6577 #endif
6578 
6579 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6580 	ctsio->kern_sg_entries = 0;
6581 	ctsio->kern_rel_offset = 0;
6582 	ctsio->kern_data_len = min(total_len, alloc_len);
6583 	ctsio->kern_total_len = ctsio->kern_data_len;
6584 
6585 	switch (ctsio->cdb[0]) {
6586 	case MODE_SENSE_6: {
6587 		struct scsi_mode_hdr_6 *header;
6588 
6589 		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6590 
6591 		header->datalen = MIN(total_len - 1, 254);
6592 		if (lun->be_lun->lun_type == T_DIRECT) {
6593 			header->dev_specific = 0x10; /* DPOFUA */
6594 			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6595 			    (lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0)
6596 				header->dev_specific |= 0x80; /* WP */
6597 		}
6598 		if (dbd)
6599 			header->block_descr_len = 0;
6600 		else
6601 			header->block_descr_len =
6602 				sizeof(struct scsi_mode_block_descr);
6603 		block_desc = (struct scsi_mode_block_descr *)&header[1];
6604 		break;
6605 	}
6606 	case MODE_SENSE_10: {
6607 		struct scsi_mode_hdr_10 *header;
6608 		int datalen;
6609 
6610 		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6611 
6612 		datalen = MIN(total_len - 2, 65533);
6613 		scsi_ulto2b(datalen, header->datalen);
6614 		if (lun->be_lun->lun_type == T_DIRECT) {
6615 			header->dev_specific = 0x10; /* DPOFUA */
6616 			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6617 			    (lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0)
6618 				header->dev_specific |= 0x80; /* WP */
6619 		}
6620 		if (dbd)
6621 			scsi_ulto2b(0, header->block_descr_len);
6622 		else
6623 			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6624 				    header->block_descr_len);
6625 		block_desc = (struct scsi_mode_block_descr *)&header[1];
6626 		break;
6627 	}
6628 	default:
6629 		panic("%s: Invalid CDB type %#x", __func__, ctsio->cdb[0]);
6630 	}
6631 
6632 	/*
6633 	 * If we've got a disk, use its blocksize in the block
6634 	 * descriptor.  Otherwise, just set it to 0.
6635 	 */
6636 	if (dbd == 0) {
6637 		if (lun->be_lun->lun_type == T_DIRECT)
6638 			scsi_ulto3b(lun->be_lun->blocksize,
6639 				    block_desc->block_len);
6640 		else
6641 			scsi_ulto3b(0, block_desc->block_len);
6642 	}
6643 
6644 	switch (page_code) {
6645 	case SMS_ALL_PAGES_PAGE: {
6646 		int i, data_used;
6647 
6648 		data_used = header_len;
6649 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6650 			struct ctl_page_index *page_index;
6651 
6652 			page_index = &lun->mode_pages.index[i];
6653 			if (lun->be_lun->lun_type == T_DIRECT &&
6654 			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6655 				continue;
6656 			if (lun->be_lun->lun_type == T_PROCESSOR &&
6657 			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6658 				continue;
6659 			if (lun->be_lun->lun_type == T_CDROM &&
6660 			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6661 				continue;
6662 
6663 			/*
6664 			 * We don't use this subpage if the user didn't
6665 			 * request all subpages.  We already checked (above)
6666 			 * to make sure the user only specified a subpage
6667 			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6668 			 */
6669 			if ((page_index->subpage != 0)
6670 			 && (subpage == SMS_SUBPAGE_PAGE_0))
6671 				continue;
6672 
6673 			/*
6674 			 * Call the handler, if it exists, to update the
6675 			 * page to the latest values.
6676 			 */
6677 			if (page_index->sense_handler != NULL)
6678 				page_index->sense_handler(ctsio, page_index,pc);
6679 
6680 			memcpy(ctsio->kern_data_ptr + data_used,
6681 			       page_index->page_data +
6682 			       (page_index->page_len * pc),
6683 			       page_index->page_len);
6684 			data_used += page_index->page_len;
6685 		}
6686 		break;
6687 	}
6688 	default: {
6689 		int i, data_used;
6690 
6691 		data_used = header_len;
6692 
6693 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6694 			struct ctl_page_index *page_index;
6695 
6696 			page_index = &lun->mode_pages.index[i];
6697 
6698 			/* Look for the right page code */
6699 			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6700 				continue;
6701 
6702 			/* Look for the right subpage or the subpage wildcard*/
6703 			if ((page_index->subpage != subpage)
6704 			 && (subpage != SMS_SUBPAGE_ALL))
6705 				continue;
6706 
6707 			/* Make sure the page is supported for this dev type */
6708 			if (lun->be_lun->lun_type == T_DIRECT &&
6709 			    (page_index->page_flags & CTL_PAGE_FLAG_DIRECT) == 0)
6710 				continue;
6711 			if (lun->be_lun->lun_type == T_PROCESSOR &&
6712 			    (page_index->page_flags & CTL_PAGE_FLAG_PROC) == 0)
6713 				continue;
6714 			if (lun->be_lun->lun_type == T_CDROM &&
6715 			    (page_index->page_flags & CTL_PAGE_FLAG_CDROM) == 0)
6716 				continue;
6717 
6718 			/*
6719 			 * Call the handler, if it exists, to update the
6720 			 * page to the latest values.
6721 			 */
6722 			if (page_index->sense_handler != NULL)
6723 				page_index->sense_handler(ctsio, page_index,pc);
6724 
6725 			memcpy(ctsio->kern_data_ptr + data_used,
6726 			       page_index->page_data +
6727 			       (page_index->page_len * pc),
6728 			       page_index->page_len);
6729 			data_used += page_index->page_len;
6730 		}
6731 		break;
6732 	}
6733 	}
6734 
6735 	ctl_set_success(ctsio);
6736 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6737 	ctsio->be_move_done = ctl_config_move_done;
6738 	ctl_datamove((union ctl_io *)ctsio);
6739 	return (CTL_RETVAL_COMPLETE);
6740 }
6741 
6742 int
6743 ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6744 			       struct ctl_page_index *page_index,
6745 			       int pc)
6746 {
6747 	struct ctl_lun *lun = CTL_LUN(ctsio);
6748 	struct scsi_log_param_header *phdr;
6749 	uint8_t *data;
6750 	uint64_t val;
6751 
6752 	data = page_index->page_data;
6753 
6754 	if (lun->backend->lun_attr != NULL &&
6755 	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6756 	     != UINT64_MAX) {
6757 		phdr = (struct scsi_log_param_header *)data;
6758 		scsi_ulto2b(0x0001, phdr->param_code);
6759 		phdr->param_control = SLP_LBIN | SLP_LP;
6760 		phdr->param_len = 8;
6761 		data = (uint8_t *)(phdr + 1);
6762 		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6763 		data[4] = 0x02; /* per-pool */
6764 		data += phdr->param_len;
6765 	}
6766 
6767 	if (lun->backend->lun_attr != NULL &&
6768 	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6769 	     != UINT64_MAX) {
6770 		phdr = (struct scsi_log_param_header *)data;
6771 		scsi_ulto2b(0x0002, phdr->param_code);
6772 		phdr->param_control = SLP_LBIN | SLP_LP;
6773 		phdr->param_len = 8;
6774 		data = (uint8_t *)(phdr + 1);
6775 		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6776 		data[4] = 0x01; /* per-LUN */
6777 		data += phdr->param_len;
6778 	}
6779 
6780 	if (lun->backend->lun_attr != NULL &&
6781 	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6782 	     != UINT64_MAX) {
6783 		phdr = (struct scsi_log_param_header *)data;
6784 		scsi_ulto2b(0x00f1, phdr->param_code);
6785 		phdr->param_control = SLP_LBIN | SLP_LP;
6786 		phdr->param_len = 8;
6787 		data = (uint8_t *)(phdr + 1);
6788 		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6789 		data[4] = 0x02; /* per-pool */
6790 		data += phdr->param_len;
6791 	}
6792 
6793 	if (lun->backend->lun_attr != NULL &&
6794 	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6795 	     != UINT64_MAX) {
6796 		phdr = (struct scsi_log_param_header *)data;
6797 		scsi_ulto2b(0x00f2, phdr->param_code);
6798 		phdr->param_control = SLP_LBIN | SLP_LP;
6799 		phdr->param_len = 8;
6800 		data = (uint8_t *)(phdr + 1);
6801 		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6802 		data[4] = 0x02; /* per-pool */
6803 		data += phdr->param_len;
6804 	}
6805 
6806 	page_index->page_len = data - page_index->page_data;
6807 	return (0);
6808 }
6809 
6810 int
6811 ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6812 			       struct ctl_page_index *page_index,
6813 			       int pc)
6814 {
6815 	struct ctl_lun *lun = CTL_LUN(ctsio);
6816 	struct stat_page *data;
6817 	struct bintime *t;
6818 
6819 	data = (struct stat_page *)page_index->page_data;
6820 
6821 	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6822 	data->sap.hdr.param_control = SLP_LBIN;
6823 	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6824 	    sizeof(struct scsi_log_param_header);
6825 	scsi_u64to8b(lun->stats.operations[CTL_STATS_READ],
6826 	    data->sap.read_num);
6827 	scsi_u64to8b(lun->stats.operations[CTL_STATS_WRITE],
6828 	    data->sap.write_num);
6829 	if (lun->be_lun->blocksize > 0) {
6830 		scsi_u64to8b(lun->stats.bytes[CTL_STATS_WRITE] /
6831 		    lun->be_lun->blocksize, data->sap.recvieved_lba);
6832 		scsi_u64to8b(lun->stats.bytes[CTL_STATS_READ] /
6833 		    lun->be_lun->blocksize, data->sap.transmitted_lba);
6834 	}
6835 	t = &lun->stats.time[CTL_STATS_READ];
6836 	scsi_u64to8b((uint64_t)t->sec * 1000 + t->frac / (UINT64_MAX / 1000),
6837 	    data->sap.read_int);
6838 	t = &lun->stats.time[CTL_STATS_WRITE];
6839 	scsi_u64to8b((uint64_t)t->sec * 1000 + t->frac / (UINT64_MAX / 1000),
6840 	    data->sap.write_int);
6841 	scsi_u64to8b(0, data->sap.weighted_num);
6842 	scsi_u64to8b(0, data->sap.weighted_int);
6843 	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6844 	data->it.hdr.param_control = SLP_LBIN;
6845 	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6846 	    sizeof(struct scsi_log_param_header);
6847 #ifdef CTL_TIME_IO
6848 	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6849 #endif
6850 	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6851 	data->it.hdr.param_control = SLP_LBIN;
6852 	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6853 	    sizeof(struct scsi_log_param_header);
6854 	scsi_ulto4b(3, data->ti.exponent);
6855 	scsi_ulto4b(1, data->ti.integer);
6856 	return (0);
6857 }
6858 
6859 int
6860 ctl_ie_log_sense_handler(struct ctl_scsiio *ctsio,
6861 			       struct ctl_page_index *page_index,
6862 			       int pc)
6863 {
6864 	struct ctl_lun *lun = CTL_LUN(ctsio);
6865 	struct scsi_log_informational_exceptions *data;
6866 
6867 	data = (struct scsi_log_informational_exceptions *)page_index->page_data;
6868 
6869 	scsi_ulto2b(SLP_IE_GEN, data->hdr.param_code);
6870 	data->hdr.param_control = SLP_LBIN;
6871 	data->hdr.param_len = sizeof(struct scsi_log_informational_exceptions) -
6872 	    sizeof(struct scsi_log_param_header);
6873 	data->ie_asc = lun->ie_asc;
6874 	data->ie_ascq = lun->ie_ascq;
6875 	data->temperature = 0xff;
6876 	return (0);
6877 }
6878 
6879 int
6880 ctl_log_sense(struct ctl_scsiio *ctsio)
6881 {
6882 	struct ctl_lun *lun = CTL_LUN(ctsio);
6883 	int i, pc, page_code, subpage;
6884 	int alloc_len, total_len;
6885 	struct ctl_page_index *page_index;
6886 	struct scsi_log_sense *cdb;
6887 	struct scsi_log_header *header;
6888 
6889 	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6890 
6891 	cdb = (struct scsi_log_sense *)ctsio->cdb;
6892 	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6893 	page_code = cdb->page & SLS_PAGE_CODE;
6894 	subpage = cdb->subpage;
6895 	alloc_len = scsi_2btoul(cdb->length);
6896 
6897 	page_index = NULL;
6898 	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6899 		page_index = &lun->log_pages.index[i];
6900 
6901 		/* Look for the right page code */
6902 		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6903 			continue;
6904 
6905 		/* Look for the right subpage or the subpage wildcard*/
6906 		if (page_index->subpage != subpage)
6907 			continue;
6908 
6909 		break;
6910 	}
6911 	if (i >= CTL_NUM_LOG_PAGES) {
6912 		ctl_set_invalid_field(ctsio,
6913 				      /*sks_valid*/ 1,
6914 				      /*command*/ 1,
6915 				      /*field*/ 2,
6916 				      /*bit_valid*/ 0,
6917 				      /*bit*/ 0);
6918 		ctl_done((union ctl_io *)ctsio);
6919 		return (CTL_RETVAL_COMPLETE);
6920 	}
6921 
6922 	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6923 
6924 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6925 	ctsio->kern_sg_entries = 0;
6926 	ctsio->kern_rel_offset = 0;
6927 	ctsio->kern_data_len = min(total_len, alloc_len);
6928 	ctsio->kern_total_len = ctsio->kern_data_len;
6929 
6930 	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6931 	header->page = page_index->page_code;
6932 	if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING)
6933 		header->page |= SL_DS;
6934 	if (page_index->subpage) {
6935 		header->page |= SL_SPF;
6936 		header->subpage = page_index->subpage;
6937 	}
6938 	scsi_ulto2b(page_index->page_len, header->datalen);
6939 
6940 	/*
6941 	 * Call the handler, if it exists, to update the
6942 	 * page to the latest values.
6943 	 */
6944 	if (page_index->sense_handler != NULL)
6945 		page_index->sense_handler(ctsio, page_index, pc);
6946 
6947 	memcpy(header + 1, page_index->page_data, page_index->page_len);
6948 
6949 	ctl_set_success(ctsio);
6950 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6951 	ctsio->be_move_done = ctl_config_move_done;
6952 	ctl_datamove((union ctl_io *)ctsio);
6953 	return (CTL_RETVAL_COMPLETE);
6954 }
6955 
6956 int
6957 ctl_read_capacity(struct ctl_scsiio *ctsio)
6958 {
6959 	struct ctl_lun *lun = CTL_LUN(ctsio);
6960 	struct scsi_read_capacity *cdb;
6961 	struct scsi_read_capacity_data *data;
6962 	uint32_t lba;
6963 
6964 	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6965 
6966 	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6967 
6968 	lba = scsi_4btoul(cdb->addr);
6969 	if (((cdb->pmi & SRC_PMI) == 0)
6970 	 && (lba != 0)) {
6971 		ctl_set_invalid_field(/*ctsio*/ ctsio,
6972 				      /*sks_valid*/ 1,
6973 				      /*command*/ 1,
6974 				      /*field*/ 2,
6975 				      /*bit_valid*/ 0,
6976 				      /*bit*/ 0);
6977 		ctl_done((union ctl_io *)ctsio);
6978 		return (CTL_RETVAL_COMPLETE);
6979 	}
6980 
6981 	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6982 	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6983 	ctsio->kern_data_len = sizeof(*data);
6984 	ctsio->kern_total_len = sizeof(*data);
6985 	ctsio->kern_rel_offset = 0;
6986 	ctsio->kern_sg_entries = 0;
6987 
6988 	/*
6989 	 * If the maximum LBA is greater than 0xfffffffe, the user must
6990 	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6991 	 * serivce action set.
6992 	 */
6993 	if (lun->be_lun->maxlba > 0xfffffffe)
6994 		scsi_ulto4b(0xffffffff, data->addr);
6995 	else
6996 		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6997 
6998 	/*
6999 	 * XXX KDM this may not be 512 bytes...
7000 	 */
7001 	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7002 
7003 	ctl_set_success(ctsio);
7004 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7005 	ctsio->be_move_done = ctl_config_move_done;
7006 	ctl_datamove((union ctl_io *)ctsio);
7007 	return (CTL_RETVAL_COMPLETE);
7008 }
7009 
7010 int
7011 ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7012 {
7013 	struct ctl_lun *lun = CTL_LUN(ctsio);
7014 	struct scsi_read_capacity_16 *cdb;
7015 	struct scsi_read_capacity_data_long *data;
7016 	uint64_t lba;
7017 	uint32_t alloc_len;
7018 
7019 	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7020 
7021 	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7022 
7023 	alloc_len = scsi_4btoul(cdb->alloc_len);
7024 	lba = scsi_8btou64(cdb->addr);
7025 
7026 	if ((cdb->reladr & SRC16_PMI)
7027 	 && (lba != 0)) {
7028 		ctl_set_invalid_field(/*ctsio*/ ctsio,
7029 				      /*sks_valid*/ 1,
7030 				      /*command*/ 1,
7031 				      /*field*/ 2,
7032 				      /*bit_valid*/ 0,
7033 				      /*bit*/ 0);
7034 		ctl_done((union ctl_io *)ctsio);
7035 		return (CTL_RETVAL_COMPLETE);
7036 	}
7037 
7038 	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7039 	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7040 	ctsio->kern_rel_offset = 0;
7041 	ctsio->kern_sg_entries = 0;
7042 	ctsio->kern_data_len = min(sizeof(*data), alloc_len);
7043 	ctsio->kern_total_len = ctsio->kern_data_len;
7044 
7045 	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7046 	/* XXX KDM this may not be 512 bytes... */
7047 	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7048 	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7049 	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7050 	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7051 		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7052 
7053 	ctl_set_success(ctsio);
7054 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7055 	ctsio->be_move_done = ctl_config_move_done;
7056 	ctl_datamove((union ctl_io *)ctsio);
7057 	return (CTL_RETVAL_COMPLETE);
7058 }
7059 
7060 int
7061 ctl_get_lba_status(struct ctl_scsiio *ctsio)
7062 {
7063 	struct ctl_lun *lun = CTL_LUN(ctsio);
7064 	struct scsi_get_lba_status *cdb;
7065 	struct scsi_get_lba_status_data *data;
7066 	struct ctl_lba_len_flags *lbalen;
7067 	uint64_t lba;
7068 	uint32_t alloc_len, total_len;
7069 	int retval;
7070 
7071 	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7072 
7073 	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7074 	lba = scsi_8btou64(cdb->addr);
7075 	alloc_len = scsi_4btoul(cdb->alloc_len);
7076 
7077 	if (lba > lun->be_lun->maxlba) {
7078 		ctl_set_lba_out_of_range(ctsio, lba);
7079 		ctl_done((union ctl_io *)ctsio);
7080 		return (CTL_RETVAL_COMPLETE);
7081 	}
7082 
7083 	total_len = sizeof(*data) + sizeof(data->descr[0]);
7084 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7085 	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7086 	ctsio->kern_rel_offset = 0;
7087 	ctsio->kern_sg_entries = 0;
7088 	ctsio->kern_data_len = min(total_len, alloc_len);
7089 	ctsio->kern_total_len = ctsio->kern_data_len;
7090 
7091 	/* Fill dummy data in case backend can't tell anything. */
7092 	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7093 	scsi_u64to8b(lba, data->descr[0].addr);
7094 	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7095 	    data->descr[0].length);
7096 	data->descr[0].status = 0; /* Mapped or unknown. */
7097 
7098 	ctl_set_success(ctsio);
7099 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7100 	ctsio->be_move_done = ctl_config_move_done;
7101 
7102 	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7103 	lbalen->lba = lba;
7104 	lbalen->len = total_len;
7105 	lbalen->flags = 0;
7106 	retval = lun->backend->config_read((union ctl_io *)ctsio);
7107 	return (retval);
7108 }
7109 
7110 int
7111 ctl_read_defect(struct ctl_scsiio *ctsio)
7112 {
7113 	struct scsi_read_defect_data_10 *ccb10;
7114 	struct scsi_read_defect_data_12 *ccb12;
7115 	struct scsi_read_defect_data_hdr_10 *data10;
7116 	struct scsi_read_defect_data_hdr_12 *data12;
7117 	uint32_t alloc_len, data_len;
7118 	uint8_t format;
7119 
7120 	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7121 
7122 	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7123 		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7124 		format = ccb10->format;
7125 		alloc_len = scsi_2btoul(ccb10->alloc_length);
7126 		data_len = sizeof(*data10);
7127 	} else {
7128 		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7129 		format = ccb12->format;
7130 		alloc_len = scsi_4btoul(ccb12->alloc_length);
7131 		data_len = sizeof(*data12);
7132 	}
7133 	if (alloc_len == 0) {
7134 		ctl_set_success(ctsio);
7135 		ctl_done((union ctl_io *)ctsio);
7136 		return (CTL_RETVAL_COMPLETE);
7137 	}
7138 
7139 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7140 	ctsio->kern_rel_offset = 0;
7141 	ctsio->kern_sg_entries = 0;
7142 	ctsio->kern_data_len = min(data_len, alloc_len);
7143 	ctsio->kern_total_len = ctsio->kern_data_len;
7144 
7145 	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7146 		data10 = (struct scsi_read_defect_data_hdr_10 *)
7147 		    ctsio->kern_data_ptr;
7148 		data10->format = format;
7149 		scsi_ulto2b(0, data10->length);
7150 	} else {
7151 		data12 = (struct scsi_read_defect_data_hdr_12 *)
7152 		    ctsio->kern_data_ptr;
7153 		data12->format = format;
7154 		scsi_ulto2b(0, data12->generation);
7155 		scsi_ulto4b(0, data12->length);
7156 	}
7157 
7158 	ctl_set_success(ctsio);
7159 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7160 	ctsio->be_move_done = ctl_config_move_done;
7161 	ctl_datamove((union ctl_io *)ctsio);
7162 	return (CTL_RETVAL_COMPLETE);
7163 }
7164 
7165 int
7166 ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7167 {
7168 	struct ctl_softc *softc = CTL_SOFTC(ctsio);
7169 	struct ctl_lun *lun = CTL_LUN(ctsio);
7170 	struct scsi_maintenance_in *cdb;
7171 	int retval;
7172 	int alloc_len, ext, total_len = 0, g, pc, pg, ts, os;
7173 	int num_ha_groups, num_target_ports, shared_group;
7174 	struct ctl_port *port;
7175 	struct scsi_target_group_data *rtg_ptr;
7176 	struct scsi_target_group_data_extended *rtg_ext_ptr;
7177 	struct scsi_target_port_group_descriptor *tpg_desc;
7178 
7179 	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7180 
7181 	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7182 	retval = CTL_RETVAL_COMPLETE;
7183 
7184 	switch (cdb->byte2 & STG_PDF_MASK) {
7185 	case STG_PDF_LENGTH:
7186 		ext = 0;
7187 		break;
7188 	case STG_PDF_EXTENDED:
7189 		ext = 1;
7190 		break;
7191 	default:
7192 		ctl_set_invalid_field(/*ctsio*/ ctsio,
7193 				      /*sks_valid*/ 1,
7194 				      /*command*/ 1,
7195 				      /*field*/ 2,
7196 				      /*bit_valid*/ 1,
7197 				      /*bit*/ 5);
7198 		ctl_done((union ctl_io *)ctsio);
7199 		return(retval);
7200 	}
7201 
7202 	num_target_ports = 0;
7203 	shared_group = (softc->is_single != 0);
7204 	mtx_lock(&softc->ctl_lock);
7205 	STAILQ_FOREACH(port, &softc->port_list, links) {
7206 		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7207 			continue;
7208 		if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7209 			continue;
7210 		num_target_ports++;
7211 		if (port->status & CTL_PORT_STATUS_HA_SHARED)
7212 			shared_group = 1;
7213 	}
7214 	mtx_unlock(&softc->ctl_lock);
7215 	num_ha_groups = (softc->is_single) ? 0 : NUM_HA_SHELVES;
7216 
7217 	if (ext)
7218 		total_len = sizeof(struct scsi_target_group_data_extended);
7219 	else
7220 		total_len = sizeof(struct scsi_target_group_data);
7221 	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7222 		(shared_group + num_ha_groups) +
7223 	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7224 
7225 	alloc_len = scsi_4btoul(cdb->length);
7226 
7227 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7228 	ctsio->kern_sg_entries = 0;
7229 	ctsio->kern_rel_offset = 0;
7230 	ctsio->kern_data_len = min(total_len, alloc_len);
7231 	ctsio->kern_total_len = ctsio->kern_data_len;
7232 
7233 	if (ext) {
7234 		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7235 		    ctsio->kern_data_ptr;
7236 		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7237 		rtg_ext_ptr->format_type = 0x10;
7238 		rtg_ext_ptr->implicit_transition_time = 0;
7239 		tpg_desc = &rtg_ext_ptr->groups[0];
7240 	} else {
7241 		rtg_ptr = (struct scsi_target_group_data *)
7242 		    ctsio->kern_data_ptr;
7243 		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7244 		tpg_desc = &rtg_ptr->groups[0];
7245 	}
7246 
7247 	mtx_lock(&softc->ctl_lock);
7248 	pg = softc->port_min / softc->port_cnt;
7249 	if (lun->flags & (CTL_LUN_PRIMARY_SC | CTL_LUN_PEER_SC_PRIMARY)) {
7250 		/* Some shelf is known to be primary. */
7251 		if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7252 			os = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7253 		else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7254 			os = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7255 		else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7256 			os = TPG_ASYMMETRIC_ACCESS_STANDBY;
7257 		else
7258 			os = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7259 		if (lun->flags & CTL_LUN_PRIMARY_SC) {
7260 			ts = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7261 		} else {
7262 			ts = os;
7263 			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7264 		}
7265 	} else {
7266 		/* No known primary shelf. */
7267 		if (softc->ha_link == CTL_HA_LINK_OFFLINE) {
7268 			ts = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7269 			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7270 		} else if (softc->ha_link == CTL_HA_LINK_UNKNOWN) {
7271 			ts = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7272 			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7273 		} else {
7274 			ts = os = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7275 		}
7276 	}
7277 	if (shared_group) {
7278 		tpg_desc->pref_state = ts;
7279 		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7280 		    TPG_U_SUP | TPG_T_SUP;
7281 		scsi_ulto2b(1, tpg_desc->target_port_group);
7282 		tpg_desc->status = TPG_IMPLICIT;
7283 		pc = 0;
7284 		STAILQ_FOREACH(port, &softc->port_list, links) {
7285 			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7286 				continue;
7287 			if (!softc->is_single &&
7288 			    (port->status & CTL_PORT_STATUS_HA_SHARED) == 0)
7289 				continue;
7290 			if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7291 				continue;
7292 			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7293 			    relative_target_port_identifier);
7294 			pc++;
7295 		}
7296 		tpg_desc->target_port_count = pc;
7297 		tpg_desc = (struct scsi_target_port_group_descriptor *)
7298 		    &tpg_desc->descriptors[pc];
7299 	}
7300 	for (g = 0; g < num_ha_groups; g++) {
7301 		tpg_desc->pref_state = (g == pg) ? ts : os;
7302 		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7303 		    TPG_U_SUP | TPG_T_SUP;
7304 		scsi_ulto2b(2 + g, tpg_desc->target_port_group);
7305 		tpg_desc->status = TPG_IMPLICIT;
7306 		pc = 0;
7307 		STAILQ_FOREACH(port, &softc->port_list, links) {
7308 			if (port->targ_port < g * softc->port_cnt ||
7309 			    port->targ_port >= (g + 1) * softc->port_cnt)
7310 				continue;
7311 			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7312 				continue;
7313 			if (port->status & CTL_PORT_STATUS_HA_SHARED)
7314 				continue;
7315 			if (ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
7316 				continue;
7317 			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7318 			    relative_target_port_identifier);
7319 			pc++;
7320 		}
7321 		tpg_desc->target_port_count = pc;
7322 		tpg_desc = (struct scsi_target_port_group_descriptor *)
7323 		    &tpg_desc->descriptors[pc];
7324 	}
7325 	mtx_unlock(&softc->ctl_lock);
7326 
7327 	ctl_set_success(ctsio);
7328 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7329 	ctsio->be_move_done = ctl_config_move_done;
7330 	ctl_datamove((union ctl_io *)ctsio);
7331 	return(retval);
7332 }
7333 
7334 int
7335 ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7336 {
7337 	struct ctl_lun *lun = CTL_LUN(ctsio);
7338 	struct scsi_report_supported_opcodes *cdb;
7339 	const struct ctl_cmd_entry *entry, *sentry;
7340 	struct scsi_report_supported_opcodes_all *all;
7341 	struct scsi_report_supported_opcodes_descr *descr;
7342 	struct scsi_report_supported_opcodes_one *one;
7343 	int retval;
7344 	int alloc_len, total_len;
7345 	int opcode, service_action, i, j, num;
7346 
7347 	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7348 
7349 	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7350 	retval = CTL_RETVAL_COMPLETE;
7351 
7352 	opcode = cdb->requested_opcode;
7353 	service_action = scsi_2btoul(cdb->requested_service_action);
7354 	switch (cdb->options & RSO_OPTIONS_MASK) {
7355 	case RSO_OPTIONS_ALL:
7356 		num = 0;
7357 		for (i = 0; i < 256; i++) {
7358 			entry = &ctl_cmd_table[i];
7359 			if (entry->flags & CTL_CMD_FLAG_SA5) {
7360 				for (j = 0; j < 32; j++) {
7361 					sentry = &((const struct ctl_cmd_entry *)
7362 					    entry->execute)[j];
7363 					if (ctl_cmd_applicable(
7364 					    lun->be_lun->lun_type, sentry))
7365 						num++;
7366 				}
7367 			} else {
7368 				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7369 				    entry))
7370 					num++;
7371 			}
7372 		}
7373 		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7374 		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7375 		break;
7376 	case RSO_OPTIONS_OC:
7377 		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7378 			ctl_set_invalid_field(/*ctsio*/ ctsio,
7379 					      /*sks_valid*/ 1,
7380 					      /*command*/ 1,
7381 					      /*field*/ 2,
7382 					      /*bit_valid*/ 1,
7383 					      /*bit*/ 2);
7384 			ctl_done((union ctl_io *)ctsio);
7385 			return (CTL_RETVAL_COMPLETE);
7386 		}
7387 		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7388 		break;
7389 	case RSO_OPTIONS_OC_SA:
7390 		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7391 		    service_action >= 32) {
7392 			ctl_set_invalid_field(/*ctsio*/ ctsio,
7393 					      /*sks_valid*/ 1,
7394 					      /*command*/ 1,
7395 					      /*field*/ 2,
7396 					      /*bit_valid*/ 1,
7397 					      /*bit*/ 2);
7398 			ctl_done((union ctl_io *)ctsio);
7399 			return (CTL_RETVAL_COMPLETE);
7400 		}
7401 		/* FALLTHROUGH */
7402 	case RSO_OPTIONS_OC_ASA:
7403 		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7404 		break;
7405 	default:
7406 		ctl_set_invalid_field(/*ctsio*/ ctsio,
7407 				      /*sks_valid*/ 1,
7408 				      /*command*/ 1,
7409 				      /*field*/ 2,
7410 				      /*bit_valid*/ 1,
7411 				      /*bit*/ 2);
7412 		ctl_done((union ctl_io *)ctsio);
7413 		return (CTL_RETVAL_COMPLETE);
7414 	}
7415 
7416 	alloc_len = scsi_4btoul(cdb->length);
7417 
7418 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7419 	ctsio->kern_sg_entries = 0;
7420 	ctsio->kern_rel_offset = 0;
7421 	ctsio->kern_data_len = min(total_len, alloc_len);
7422 	ctsio->kern_total_len = ctsio->kern_data_len;
7423 
7424 	switch (cdb->options & RSO_OPTIONS_MASK) {
7425 	case RSO_OPTIONS_ALL:
7426 		all = (struct scsi_report_supported_opcodes_all *)
7427 		    ctsio->kern_data_ptr;
7428 		num = 0;
7429 		for (i = 0; i < 256; i++) {
7430 			entry = &ctl_cmd_table[i];
7431 			if (entry->flags & CTL_CMD_FLAG_SA5) {
7432 				for (j = 0; j < 32; j++) {
7433 					sentry = &((const struct ctl_cmd_entry *)
7434 					    entry->execute)[j];
7435 					if (!ctl_cmd_applicable(
7436 					    lun->be_lun->lun_type, sentry))
7437 						continue;
7438 					descr = &all->descr[num++];
7439 					descr->opcode = i;
7440 					scsi_ulto2b(j, descr->service_action);
7441 					descr->flags = RSO_SERVACTV;
7442 					scsi_ulto2b(sentry->length,
7443 					    descr->cdb_length);
7444 				}
7445 			} else {
7446 				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7447 				    entry))
7448 					continue;
7449 				descr = &all->descr[num++];
7450 				descr->opcode = i;
7451 				scsi_ulto2b(0, descr->service_action);
7452 				descr->flags = 0;
7453 				scsi_ulto2b(entry->length, descr->cdb_length);
7454 			}
7455 		}
7456 		scsi_ulto4b(
7457 		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7458 		    all->length);
7459 		break;
7460 	case RSO_OPTIONS_OC:
7461 		one = (struct scsi_report_supported_opcodes_one *)
7462 		    ctsio->kern_data_ptr;
7463 		entry = &ctl_cmd_table[opcode];
7464 		goto fill_one;
7465 	case RSO_OPTIONS_OC_SA:
7466 		one = (struct scsi_report_supported_opcodes_one *)
7467 		    ctsio->kern_data_ptr;
7468 		entry = &ctl_cmd_table[opcode];
7469 		entry = &((const struct ctl_cmd_entry *)
7470 		    entry->execute)[service_action];
7471 fill_one:
7472 		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7473 			one->support = 3;
7474 			scsi_ulto2b(entry->length, one->cdb_length);
7475 			one->cdb_usage[0] = opcode;
7476 			memcpy(&one->cdb_usage[1], entry->usage,
7477 			    entry->length - 1);
7478 		} else
7479 			one->support = 1;
7480 		break;
7481 	case RSO_OPTIONS_OC_ASA:
7482 		one = (struct scsi_report_supported_opcodes_one *)
7483 		    ctsio->kern_data_ptr;
7484 		entry = &ctl_cmd_table[opcode];
7485 		if (entry->flags & CTL_CMD_FLAG_SA5) {
7486 			entry = &((const struct ctl_cmd_entry *)
7487 			    entry->execute)[service_action];
7488 		} else if (service_action != 0) {
7489 			one->support = 1;
7490 			break;
7491 		}
7492 		goto fill_one;
7493 	}
7494 
7495 	ctl_set_success(ctsio);
7496 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7497 	ctsio->be_move_done = ctl_config_move_done;
7498 	ctl_datamove((union ctl_io *)ctsio);
7499 	return(retval);
7500 }
7501 
7502 int
7503 ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7504 {
7505 	struct scsi_report_supported_tmf *cdb;
7506 	struct scsi_report_supported_tmf_ext_data *data;
7507 	int retval;
7508 	int alloc_len, total_len;
7509 
7510 	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7511 
7512 	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7513 
7514 	retval = CTL_RETVAL_COMPLETE;
7515 
7516 	if (cdb->options & RST_REPD)
7517 		total_len = sizeof(struct scsi_report_supported_tmf_ext_data);
7518 	else
7519 		total_len = sizeof(struct scsi_report_supported_tmf_data);
7520 	alloc_len = scsi_4btoul(cdb->length);
7521 
7522 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7523 	ctsio->kern_sg_entries = 0;
7524 	ctsio->kern_rel_offset = 0;
7525 	ctsio->kern_data_len = min(total_len, alloc_len);
7526 	ctsio->kern_total_len = ctsio->kern_data_len;
7527 
7528 	data = (struct scsi_report_supported_tmf_ext_data *)ctsio->kern_data_ptr;
7529 	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7530 	    RST_TRS;
7531 	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7532 	data->length = total_len - 4;
7533 
7534 	ctl_set_success(ctsio);
7535 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7536 	ctsio->be_move_done = ctl_config_move_done;
7537 	ctl_datamove((union ctl_io *)ctsio);
7538 	return (retval);
7539 }
7540 
7541 int
7542 ctl_report_timestamp(struct ctl_scsiio *ctsio)
7543 {
7544 	struct scsi_report_timestamp *cdb;
7545 	struct scsi_report_timestamp_data *data;
7546 	struct timeval tv;
7547 	int64_t timestamp;
7548 	int retval;
7549 	int alloc_len, total_len;
7550 
7551 	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7552 
7553 	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7554 
7555 	retval = CTL_RETVAL_COMPLETE;
7556 
7557 	total_len = sizeof(struct scsi_report_timestamp_data);
7558 	alloc_len = scsi_4btoul(cdb->length);
7559 
7560 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7561 	ctsio->kern_sg_entries = 0;
7562 	ctsio->kern_rel_offset = 0;
7563 	ctsio->kern_data_len = min(total_len, alloc_len);
7564 	ctsio->kern_total_len = ctsio->kern_data_len;
7565 
7566 	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7567 	scsi_ulto2b(sizeof(*data) - 2, data->length);
7568 	data->origin = RTS_ORIG_OUTSIDE;
7569 	getmicrotime(&tv);
7570 	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7571 	scsi_ulto4b(timestamp >> 16, data->timestamp);
7572 	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7573 
7574 	ctl_set_success(ctsio);
7575 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7576 	ctsio->be_move_done = ctl_config_move_done;
7577 	ctl_datamove((union ctl_io *)ctsio);
7578 	return (retval);
7579 }
7580 
7581 int
7582 ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7583 {
7584 	struct ctl_softc *softc = CTL_SOFTC(ctsio);
7585 	struct ctl_lun *lun = CTL_LUN(ctsio);
7586 	struct scsi_per_res_in *cdb;
7587 	int alloc_len, total_len = 0;
7588 	/* struct scsi_per_res_in_rsrv in_data; */
7589 	uint64_t key;
7590 
7591 	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7592 
7593 	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7594 
7595 	alloc_len = scsi_2btoul(cdb->length);
7596 
7597 retry:
7598 	mtx_lock(&lun->lun_lock);
7599 	switch (cdb->action) {
7600 	case SPRI_RK: /* read keys */
7601 		total_len = sizeof(struct scsi_per_res_in_keys) +
7602 			lun->pr_key_count *
7603 			sizeof(struct scsi_per_res_key);
7604 		break;
7605 	case SPRI_RR: /* read reservation */
7606 		if (lun->flags & CTL_LUN_PR_RESERVED)
7607 			total_len = sizeof(struct scsi_per_res_in_rsrv);
7608 		else
7609 			total_len = sizeof(struct scsi_per_res_in_header);
7610 		break;
7611 	case SPRI_RC: /* report capabilities */
7612 		total_len = sizeof(struct scsi_per_res_cap);
7613 		break;
7614 	case SPRI_RS: /* read full status */
7615 		total_len = sizeof(struct scsi_per_res_in_header) +
7616 		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7617 		    lun->pr_key_count;
7618 		break;
7619 	default:
7620 		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7621 	}
7622 	mtx_unlock(&lun->lun_lock);
7623 
7624 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7625 	ctsio->kern_rel_offset = 0;
7626 	ctsio->kern_sg_entries = 0;
7627 	ctsio->kern_data_len = min(total_len, alloc_len);
7628 	ctsio->kern_total_len = ctsio->kern_data_len;
7629 
7630 	mtx_lock(&lun->lun_lock);
7631 	switch (cdb->action) {
7632 	case SPRI_RK: { // read keys
7633         struct scsi_per_res_in_keys *res_keys;
7634 		int i, key_count;
7635 
7636 		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7637 
7638 		/*
7639 		 * We had to drop the lock to allocate our buffer, which
7640 		 * leaves time for someone to come in with another
7641 		 * persistent reservation.  (That is unlikely, though,
7642 		 * since this should be the only persistent reservation
7643 		 * command active right now.)
7644 		 */
7645 		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7646 		    (lun->pr_key_count *
7647 		     sizeof(struct scsi_per_res_key)))){
7648 			mtx_unlock(&lun->lun_lock);
7649 			free(ctsio->kern_data_ptr, M_CTL);
7650 			printf("%s: reservation length changed, retrying\n",
7651 			       __func__);
7652 			goto retry;
7653 		}
7654 
7655 		scsi_ulto4b(lun->pr_generation, res_keys->header.generation);
7656 
7657 		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7658 			     lun->pr_key_count, res_keys->header.length);
7659 
7660 		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7661 			if ((key = ctl_get_prkey(lun, i)) == 0)
7662 				continue;
7663 
7664 			/*
7665 			 * We used lun->pr_key_count to calculate the
7666 			 * size to allocate.  If it turns out the number of
7667 			 * initiators with the registered flag set is
7668 			 * larger than that (i.e. they haven't been kept in
7669 			 * sync), we've got a problem.
7670 			 */
7671 			if (key_count >= lun->pr_key_count) {
7672 				key_count++;
7673 				continue;
7674 			}
7675 			scsi_u64to8b(key, res_keys->keys[key_count].key);
7676 			key_count++;
7677 		}
7678 		break;
7679 	}
7680 	case SPRI_RR: { // read reservation
7681 		struct scsi_per_res_in_rsrv *res;
7682 		int tmp_len, header_only;
7683 
7684 		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7685 
7686 		scsi_ulto4b(lun->pr_generation, res->header.generation);
7687 
7688 		if (lun->flags & CTL_LUN_PR_RESERVED)
7689 		{
7690 			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7691 			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7692 				    res->header.length);
7693 			header_only = 0;
7694 		} else {
7695 			tmp_len = sizeof(struct scsi_per_res_in_header);
7696 			scsi_ulto4b(0, res->header.length);
7697 			header_only = 1;
7698 		}
7699 
7700 		/*
7701 		 * We had to drop the lock to allocate our buffer, which
7702 		 * leaves time for someone to come in with another
7703 		 * persistent reservation.  (That is unlikely, though,
7704 		 * since this should be the only persistent reservation
7705 		 * command active right now.)
7706 		 */
7707 		if (tmp_len != total_len) {
7708 			mtx_unlock(&lun->lun_lock);
7709 			free(ctsio->kern_data_ptr, M_CTL);
7710 			printf("%s: reservation status changed, retrying\n",
7711 			       __func__);
7712 			goto retry;
7713 		}
7714 
7715 		/*
7716 		 * No reservation held, so we're done.
7717 		 */
7718 		if (header_only != 0)
7719 			break;
7720 
7721 		/*
7722 		 * If the registration is an All Registrants type, the key
7723 		 * is 0, since it doesn't really matter.
7724 		 */
7725 		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7726 			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7727 			    res->data.reservation);
7728 		}
7729 		res->data.scopetype = lun->pr_res_type;
7730 		break;
7731 	}
7732 	case SPRI_RC:     //report capabilities
7733 	{
7734 		struct scsi_per_res_cap *res_cap;
7735 		uint16_t type_mask;
7736 
7737 		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7738 		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7739 		res_cap->flags1 = SPRI_CRH;
7740 		res_cap->flags2 = SPRI_TMV | SPRI_ALLOW_5;
7741 		type_mask = SPRI_TM_WR_EX_AR |
7742 			    SPRI_TM_EX_AC_RO |
7743 			    SPRI_TM_WR_EX_RO |
7744 			    SPRI_TM_EX_AC |
7745 			    SPRI_TM_WR_EX |
7746 			    SPRI_TM_EX_AC_AR;
7747 		scsi_ulto2b(type_mask, res_cap->type_mask);
7748 		break;
7749 	}
7750 	case SPRI_RS: { // read full status
7751 		struct scsi_per_res_in_full *res_status;
7752 		struct scsi_per_res_in_full_desc *res_desc;
7753 		struct ctl_port *port;
7754 		int i, len;
7755 
7756 		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7757 
7758 		/*
7759 		 * We had to drop the lock to allocate our buffer, which
7760 		 * leaves time for someone to come in with another
7761 		 * persistent reservation.  (That is unlikely, though,
7762 		 * since this should be the only persistent reservation
7763 		 * command active right now.)
7764 		 */
7765 		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7766 		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7767 		     lun->pr_key_count)){
7768 			mtx_unlock(&lun->lun_lock);
7769 			free(ctsio->kern_data_ptr, M_CTL);
7770 			printf("%s: reservation length changed, retrying\n",
7771 			       __func__);
7772 			goto retry;
7773 		}
7774 
7775 		scsi_ulto4b(lun->pr_generation, res_status->header.generation);
7776 
7777 		res_desc = &res_status->desc[0];
7778 		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7779 			if ((key = ctl_get_prkey(lun, i)) == 0)
7780 				continue;
7781 
7782 			scsi_u64to8b(key, res_desc->res_key.key);
7783 			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7784 			    (lun->pr_res_idx == i ||
7785 			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7786 				res_desc->flags = SPRI_FULL_R_HOLDER;
7787 				res_desc->scopetype = lun->pr_res_type;
7788 			}
7789 			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7790 			    res_desc->rel_trgt_port_id);
7791 			len = 0;
7792 			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7793 			if (port != NULL)
7794 				len = ctl_create_iid(port,
7795 				    i % CTL_MAX_INIT_PER_PORT,
7796 				    res_desc->transport_id);
7797 			scsi_ulto4b(len, res_desc->additional_length);
7798 			res_desc = (struct scsi_per_res_in_full_desc *)
7799 			    &res_desc->transport_id[len];
7800 		}
7801 		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7802 		    res_status->header.length);
7803 		break;
7804 	}
7805 	default:
7806 		panic("%s: Invalid PR type %#x", __func__, cdb->action);
7807 	}
7808 	mtx_unlock(&lun->lun_lock);
7809 
7810 	ctl_set_success(ctsio);
7811 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7812 	ctsio->be_move_done = ctl_config_move_done;
7813 	ctl_datamove((union ctl_io *)ctsio);
7814 	return (CTL_RETVAL_COMPLETE);
7815 }
7816 
7817 /*
7818  * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7819  * it should return.
7820  */
7821 static int
7822 ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7823 		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7824 		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7825 		struct scsi_per_res_out_parms* param)
7826 {
7827 	union ctl_ha_msg persis_io;
7828 	int i;
7829 
7830 	mtx_lock(&lun->lun_lock);
7831 	if (sa_res_key == 0) {
7832 		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7833 			/* validate scope and type */
7834 			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7835 			     SPR_LU_SCOPE) {
7836 				mtx_unlock(&lun->lun_lock);
7837 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7838 						      /*sks_valid*/ 1,
7839 						      /*command*/ 1,
7840 						      /*field*/ 2,
7841 						      /*bit_valid*/ 1,
7842 						      /*bit*/ 4);
7843 				ctl_done((union ctl_io *)ctsio);
7844 				return (1);
7845 			}
7846 
7847 		        if (type>8 || type==2 || type==4 || type==0) {
7848 				mtx_unlock(&lun->lun_lock);
7849 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7850        	           				      /*sks_valid*/ 1,
7851 						      /*command*/ 1,
7852 						      /*field*/ 2,
7853 						      /*bit_valid*/ 1,
7854 						      /*bit*/ 0);
7855 				ctl_done((union ctl_io *)ctsio);
7856 				return (1);
7857 		        }
7858 
7859 			/*
7860 			 * Unregister everybody else and build UA for
7861 			 * them
7862 			 */
7863 			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7864 				if (i == residx || ctl_get_prkey(lun, i) == 0)
7865 					continue;
7866 
7867 				ctl_clr_prkey(lun, i);
7868 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7869 			}
7870 			lun->pr_key_count = 1;
7871 			lun->pr_res_type = type;
7872 			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
7873 			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
7874 				lun->pr_res_idx = residx;
7875 			lun->pr_generation++;
7876 			mtx_unlock(&lun->lun_lock);
7877 
7878 			/* send msg to other side */
7879 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7880 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7881 			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7882 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7883 			persis_io.pr.pr_info.res_type = type;
7884 			memcpy(persis_io.pr.pr_info.sa_res_key,
7885 			       param->serv_act_res_key,
7886 			       sizeof(param->serv_act_res_key));
7887 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7888 			    sizeof(persis_io.pr), M_WAITOK);
7889 		} else {
7890 			/* not all registrants */
7891 			mtx_unlock(&lun->lun_lock);
7892 			free(ctsio->kern_data_ptr, M_CTL);
7893 			ctl_set_invalid_field(ctsio,
7894 					      /*sks_valid*/ 1,
7895 					      /*command*/ 0,
7896 					      /*field*/ 8,
7897 					      /*bit_valid*/ 0,
7898 					      /*bit*/ 0);
7899 			ctl_done((union ctl_io *)ctsio);
7900 			return (1);
7901 		}
7902 	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7903 		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7904 		int found = 0;
7905 
7906 		if (res_key == sa_res_key) {
7907 			/* special case */
7908 			/*
7909 			 * The spec implies this is not good but doesn't
7910 			 * say what to do. There are two choices either
7911 			 * generate a res conflict or check condition
7912 			 * with illegal field in parameter data. Since
7913 			 * that is what is done when the sa_res_key is
7914 			 * zero I'll take that approach since this has
7915 			 * to do with the sa_res_key.
7916 			 */
7917 			mtx_unlock(&lun->lun_lock);
7918 			free(ctsio->kern_data_ptr, M_CTL);
7919 			ctl_set_invalid_field(ctsio,
7920 					      /*sks_valid*/ 1,
7921 					      /*command*/ 0,
7922 					      /*field*/ 8,
7923 					      /*bit_valid*/ 0,
7924 					      /*bit*/ 0);
7925 			ctl_done((union ctl_io *)ctsio);
7926 			return (1);
7927 		}
7928 
7929 		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7930 			if (ctl_get_prkey(lun, i) != sa_res_key)
7931 				continue;
7932 
7933 			found = 1;
7934 			ctl_clr_prkey(lun, i);
7935 			lun->pr_key_count--;
7936 			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7937 		}
7938 		if (!found) {
7939 			mtx_unlock(&lun->lun_lock);
7940 			free(ctsio->kern_data_ptr, M_CTL);
7941 			ctl_set_reservation_conflict(ctsio);
7942 			ctl_done((union ctl_io *)ctsio);
7943 			return (CTL_RETVAL_COMPLETE);
7944 		}
7945 		lun->pr_generation++;
7946 		mtx_unlock(&lun->lun_lock);
7947 
7948 		/* send msg to other side */
7949 		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7950 		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7951 		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7952 		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7953 		persis_io.pr.pr_info.res_type = type;
7954 		memcpy(persis_io.pr.pr_info.sa_res_key,
7955 		       param->serv_act_res_key,
7956 		       sizeof(param->serv_act_res_key));
7957 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7958 		    sizeof(persis_io.pr), M_WAITOK);
7959 	} else {
7960 		/* Reserved but not all registrants */
7961 		/* sa_res_key is res holder */
7962 		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7963 			/* validate scope and type */
7964 			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7965 			     SPR_LU_SCOPE) {
7966 				mtx_unlock(&lun->lun_lock);
7967 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7968 						      /*sks_valid*/ 1,
7969 						      /*command*/ 1,
7970 						      /*field*/ 2,
7971 						      /*bit_valid*/ 1,
7972 						      /*bit*/ 4);
7973 				ctl_done((union ctl_io *)ctsio);
7974 				return (1);
7975 			}
7976 
7977 			if (type>8 || type==2 || type==4 || type==0) {
7978 				mtx_unlock(&lun->lun_lock);
7979 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7980 						      /*sks_valid*/ 1,
7981 						      /*command*/ 1,
7982 						      /*field*/ 2,
7983 						      /*bit_valid*/ 1,
7984 						      /*bit*/ 0);
7985 				ctl_done((union ctl_io *)ctsio);
7986 				return (1);
7987 			}
7988 
7989 			/*
7990 			 * Do the following:
7991 			 * if sa_res_key != res_key remove all
7992 			 * registrants w/sa_res_key and generate UA
7993 			 * for these registrants(Registrations
7994 			 * Preempted) if it wasn't an exclusive
7995 			 * reservation generate UA(Reservations
7996 			 * Preempted) for all other registered nexuses
7997 			 * if the type has changed. Establish the new
7998 			 * reservation and holder. If res_key and
7999 			 * sa_res_key are the same do the above
8000 			 * except don't unregister the res holder.
8001 			 */
8002 
8003 			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8004 				if (i == residx || ctl_get_prkey(lun, i) == 0)
8005 					continue;
8006 
8007 				if (sa_res_key == ctl_get_prkey(lun, i)) {
8008 					ctl_clr_prkey(lun, i);
8009 					lun->pr_key_count--;
8010 					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8011 				} else if (type != lun->pr_res_type &&
8012 				    (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8013 				     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
8014 					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8015 				}
8016 			}
8017 			lun->pr_res_type = type;
8018 			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8019 			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8020 				lun->pr_res_idx = residx;
8021 			else
8022 				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8023 			lun->pr_generation++;
8024 			mtx_unlock(&lun->lun_lock);
8025 
8026 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8027 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8028 			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8029 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8030 			persis_io.pr.pr_info.res_type = type;
8031 			memcpy(persis_io.pr.pr_info.sa_res_key,
8032 			       param->serv_act_res_key,
8033 			       sizeof(param->serv_act_res_key));
8034 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8035 			    sizeof(persis_io.pr), M_WAITOK);
8036 		} else {
8037 			/*
8038 			 * sa_res_key is not the res holder just
8039 			 * remove registrants
8040 			 */
8041 			int found=0;
8042 
8043 			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8044 				if (sa_res_key != ctl_get_prkey(lun, i))
8045 					continue;
8046 
8047 				found = 1;
8048 				ctl_clr_prkey(lun, i);
8049 				lun->pr_key_count--;
8050 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8051 			}
8052 
8053 			if (!found) {
8054 				mtx_unlock(&lun->lun_lock);
8055 				free(ctsio->kern_data_ptr, M_CTL);
8056 				ctl_set_reservation_conflict(ctsio);
8057 				ctl_done((union ctl_io *)ctsio);
8058 		        	return (1);
8059 			}
8060 			lun->pr_generation++;
8061 			mtx_unlock(&lun->lun_lock);
8062 
8063 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8064 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8065 			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8066 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8067 			persis_io.pr.pr_info.res_type = type;
8068 			memcpy(persis_io.pr.pr_info.sa_res_key,
8069 			       param->serv_act_res_key,
8070 			       sizeof(param->serv_act_res_key));
8071 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8072 			    sizeof(persis_io.pr), M_WAITOK);
8073 		}
8074 	}
8075 	return (0);
8076 }
8077 
8078 static void
8079 ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8080 {
8081 	uint64_t sa_res_key;
8082 	int i;
8083 
8084 	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8085 
8086 	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8087 	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8088 	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8089 		if (sa_res_key == 0) {
8090 			/*
8091 			 * Unregister everybody else and build UA for
8092 			 * them
8093 			 */
8094 			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8095 				if (i == msg->pr.pr_info.residx ||
8096 				    ctl_get_prkey(lun, i) == 0)
8097 					continue;
8098 
8099 				ctl_clr_prkey(lun, i);
8100 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8101 			}
8102 
8103 			lun->pr_key_count = 1;
8104 			lun->pr_res_type = msg->pr.pr_info.res_type;
8105 			if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8106 			    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8107 				lun->pr_res_idx = msg->pr.pr_info.residx;
8108 		} else {
8109 		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8110 				if (sa_res_key == ctl_get_prkey(lun, i))
8111 					continue;
8112 
8113 				ctl_clr_prkey(lun, i);
8114 				lun->pr_key_count--;
8115 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8116 			}
8117 		}
8118 	} else {
8119 		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8120 			if (i == msg->pr.pr_info.residx ||
8121 			    ctl_get_prkey(lun, i) == 0)
8122 				continue;
8123 
8124 			if (sa_res_key == ctl_get_prkey(lun, i)) {
8125 				ctl_clr_prkey(lun, i);
8126 				lun->pr_key_count--;
8127 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8128 			} else if (msg->pr.pr_info.res_type != lun->pr_res_type
8129 			    && (lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8130 			     lun->pr_res_type == SPR_TYPE_EX_AC_RO)) {
8131 				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8132 			}
8133 		}
8134 		lun->pr_res_type = msg->pr.pr_info.res_type;
8135 		if (lun->pr_res_type != SPR_TYPE_WR_EX_AR &&
8136 		    lun->pr_res_type != SPR_TYPE_EX_AC_AR)
8137 			lun->pr_res_idx = msg->pr.pr_info.residx;
8138 		else
8139 			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8140 	}
8141 	lun->pr_generation++;
8142 
8143 }
8144 
8145 
8146 int
8147 ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8148 {
8149 	struct ctl_softc *softc = CTL_SOFTC(ctsio);
8150 	struct ctl_lun *lun = CTL_LUN(ctsio);
8151 	int retval;
8152 	u_int32_t param_len;
8153 	struct scsi_per_res_out *cdb;
8154 	struct scsi_per_res_out_parms* param;
8155 	uint32_t residx;
8156 	uint64_t res_key, sa_res_key, key;
8157 	uint8_t type;
8158 	union ctl_ha_msg persis_io;
8159 	int    i;
8160 
8161 	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8162 
8163 	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8164 	retval = CTL_RETVAL_COMPLETE;
8165 
8166 	/*
8167 	 * We only support whole-LUN scope.  The scope & type are ignored for
8168 	 * register, register and ignore existing key and clear.
8169 	 * We sometimes ignore scope and type on preempts too!!
8170 	 * Verify reservation type here as well.
8171 	 */
8172 	type = cdb->scope_type & SPR_TYPE_MASK;
8173 	if ((cdb->action == SPRO_RESERVE)
8174 	 || (cdb->action == SPRO_RELEASE)) {
8175 		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8176 			ctl_set_invalid_field(/*ctsio*/ ctsio,
8177 					      /*sks_valid*/ 1,
8178 					      /*command*/ 1,
8179 					      /*field*/ 2,
8180 					      /*bit_valid*/ 1,
8181 					      /*bit*/ 4);
8182 			ctl_done((union ctl_io *)ctsio);
8183 			return (CTL_RETVAL_COMPLETE);
8184 		}
8185 
8186 		if (type>8 || type==2 || type==4 || type==0) {
8187 			ctl_set_invalid_field(/*ctsio*/ ctsio,
8188 					      /*sks_valid*/ 1,
8189 					      /*command*/ 1,
8190 					      /*field*/ 2,
8191 					      /*bit_valid*/ 1,
8192 					      /*bit*/ 0);
8193 			ctl_done((union ctl_io *)ctsio);
8194 			return (CTL_RETVAL_COMPLETE);
8195 		}
8196 	}
8197 
8198 	param_len = scsi_4btoul(cdb->length);
8199 
8200 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8201 		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8202 		ctsio->kern_data_len = param_len;
8203 		ctsio->kern_total_len = param_len;
8204 		ctsio->kern_rel_offset = 0;
8205 		ctsio->kern_sg_entries = 0;
8206 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8207 		ctsio->be_move_done = ctl_config_move_done;
8208 		ctl_datamove((union ctl_io *)ctsio);
8209 
8210 		return (CTL_RETVAL_COMPLETE);
8211 	}
8212 
8213 	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8214 
8215 	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8216 	res_key = scsi_8btou64(param->res_key.key);
8217 	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8218 
8219 	/*
8220 	 * Validate the reservation key here except for SPRO_REG_IGNO
8221 	 * This must be done for all other service actions
8222 	 */
8223 	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8224 		mtx_lock(&lun->lun_lock);
8225 		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8226 			if (res_key != key) {
8227 				/*
8228 				 * The current key passed in doesn't match
8229 				 * the one the initiator previously
8230 				 * registered.
8231 				 */
8232 				mtx_unlock(&lun->lun_lock);
8233 				free(ctsio->kern_data_ptr, M_CTL);
8234 				ctl_set_reservation_conflict(ctsio);
8235 				ctl_done((union ctl_io *)ctsio);
8236 				return (CTL_RETVAL_COMPLETE);
8237 			}
8238 		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8239 			/*
8240 			 * We are not registered
8241 			 */
8242 			mtx_unlock(&lun->lun_lock);
8243 			free(ctsio->kern_data_ptr, M_CTL);
8244 			ctl_set_reservation_conflict(ctsio);
8245 			ctl_done((union ctl_io *)ctsio);
8246 			return (CTL_RETVAL_COMPLETE);
8247 		} else if (res_key != 0) {
8248 			/*
8249 			 * We are not registered and trying to register but
8250 			 * the register key isn't zero.
8251 			 */
8252 			mtx_unlock(&lun->lun_lock);
8253 			free(ctsio->kern_data_ptr, M_CTL);
8254 			ctl_set_reservation_conflict(ctsio);
8255 			ctl_done((union ctl_io *)ctsio);
8256 			return (CTL_RETVAL_COMPLETE);
8257 		}
8258 		mtx_unlock(&lun->lun_lock);
8259 	}
8260 
8261 	switch (cdb->action & SPRO_ACTION_MASK) {
8262 	case SPRO_REGISTER:
8263 	case SPRO_REG_IGNO: {
8264 
8265 #if 0
8266 		printf("Registration received\n");
8267 #endif
8268 
8269 		/*
8270 		 * We don't support any of these options, as we report in
8271 		 * the read capabilities request (see
8272 		 * ctl_persistent_reserve_in(), above).
8273 		 */
8274 		if ((param->flags & SPR_SPEC_I_PT)
8275 		 || (param->flags & SPR_ALL_TG_PT)
8276 		 || (param->flags & SPR_APTPL)) {
8277 			int bit_ptr;
8278 
8279 			if (param->flags & SPR_APTPL)
8280 				bit_ptr = 0;
8281 			else if (param->flags & SPR_ALL_TG_PT)
8282 				bit_ptr = 2;
8283 			else /* SPR_SPEC_I_PT */
8284 				bit_ptr = 3;
8285 
8286 			free(ctsio->kern_data_ptr, M_CTL);
8287 			ctl_set_invalid_field(ctsio,
8288 					      /*sks_valid*/ 1,
8289 					      /*command*/ 0,
8290 					      /*field*/ 20,
8291 					      /*bit_valid*/ 1,
8292 					      /*bit*/ bit_ptr);
8293 			ctl_done((union ctl_io *)ctsio);
8294 			return (CTL_RETVAL_COMPLETE);
8295 		}
8296 
8297 		mtx_lock(&lun->lun_lock);
8298 
8299 		/*
8300 		 * The initiator wants to clear the
8301 		 * key/unregister.
8302 		 */
8303 		if (sa_res_key == 0) {
8304 			if ((res_key == 0
8305 			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8306 			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8307 			  && ctl_get_prkey(lun, residx) == 0)) {
8308 				mtx_unlock(&lun->lun_lock);
8309 				goto done;
8310 			}
8311 
8312 			ctl_clr_prkey(lun, residx);
8313 			lun->pr_key_count--;
8314 
8315 			if (residx == lun->pr_res_idx) {
8316 				lun->flags &= ~CTL_LUN_PR_RESERVED;
8317 				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8318 
8319 				if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8320 				     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8321 				    lun->pr_key_count) {
8322 					/*
8323 					 * If the reservation is a registrants
8324 					 * only type we need to generate a UA
8325 					 * for other registered inits.  The
8326 					 * sense code should be RESERVATIONS
8327 					 * RELEASED
8328 					 */
8329 
8330 					for (i = softc->init_min; i < softc->init_max; i++){
8331 						if (ctl_get_prkey(lun, i) == 0)
8332 							continue;
8333 						ctl_est_ua(lun, i,
8334 						    CTL_UA_RES_RELEASE);
8335 					}
8336 				}
8337 				lun->pr_res_type = 0;
8338 			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8339 				if (lun->pr_key_count==0) {
8340 					lun->flags &= ~CTL_LUN_PR_RESERVED;
8341 					lun->pr_res_type = 0;
8342 					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8343 				}
8344 			}
8345 			lun->pr_generation++;
8346 			mtx_unlock(&lun->lun_lock);
8347 
8348 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8349 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8350 			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8351 			persis_io.pr.pr_info.residx = residx;
8352 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8353 			    sizeof(persis_io.pr), M_WAITOK);
8354 		} else /* sa_res_key != 0 */ {
8355 
8356 			/*
8357 			 * If we aren't registered currently then increment
8358 			 * the key count and set the registered flag.
8359 			 */
8360 			ctl_alloc_prkey(lun, residx);
8361 			if (ctl_get_prkey(lun, residx) == 0)
8362 				lun->pr_key_count++;
8363 			ctl_set_prkey(lun, residx, sa_res_key);
8364 			lun->pr_generation++;
8365 			mtx_unlock(&lun->lun_lock);
8366 
8367 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8368 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8369 			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8370 			persis_io.pr.pr_info.residx = residx;
8371 			memcpy(persis_io.pr.pr_info.sa_res_key,
8372 			       param->serv_act_res_key,
8373 			       sizeof(param->serv_act_res_key));
8374 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8375 			    sizeof(persis_io.pr), M_WAITOK);
8376 		}
8377 
8378 		break;
8379 	}
8380 	case SPRO_RESERVE:
8381 #if 0
8382                 printf("Reserve executed type %d\n", type);
8383 #endif
8384 		mtx_lock(&lun->lun_lock);
8385 		if (lun->flags & CTL_LUN_PR_RESERVED) {
8386 			/*
8387 			 * if this isn't the reservation holder and it's
8388 			 * not a "all registrants" type or if the type is
8389 			 * different then we have a conflict
8390 			 */
8391 			if ((lun->pr_res_idx != residx
8392 			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8393 			 || lun->pr_res_type != type) {
8394 				mtx_unlock(&lun->lun_lock);
8395 				free(ctsio->kern_data_ptr, M_CTL);
8396 				ctl_set_reservation_conflict(ctsio);
8397 				ctl_done((union ctl_io *)ctsio);
8398 				return (CTL_RETVAL_COMPLETE);
8399 			}
8400 			mtx_unlock(&lun->lun_lock);
8401 		} else /* create a reservation */ {
8402 			/*
8403 			 * If it's not an "all registrants" type record
8404 			 * reservation holder
8405 			 */
8406 			if (type != SPR_TYPE_WR_EX_AR
8407 			 && type != SPR_TYPE_EX_AC_AR)
8408 				lun->pr_res_idx = residx; /* Res holder */
8409 			else
8410 				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8411 
8412 			lun->flags |= CTL_LUN_PR_RESERVED;
8413 			lun->pr_res_type = type;
8414 
8415 			mtx_unlock(&lun->lun_lock);
8416 
8417 			/* send msg to other side */
8418 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8419 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8420 			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8421 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8422 			persis_io.pr.pr_info.res_type = type;
8423 			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8424 			    sizeof(persis_io.pr), M_WAITOK);
8425 		}
8426 		break;
8427 
8428 	case SPRO_RELEASE:
8429 		mtx_lock(&lun->lun_lock);
8430 		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8431 			/* No reservation exists return good status */
8432 			mtx_unlock(&lun->lun_lock);
8433 			goto done;
8434 		}
8435 		/*
8436 		 * Is this nexus a reservation holder?
8437 		 */
8438 		if (lun->pr_res_idx != residx
8439 		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8440 			/*
8441 			 * not a res holder return good status but
8442 			 * do nothing
8443 			 */
8444 			mtx_unlock(&lun->lun_lock);
8445 			goto done;
8446 		}
8447 
8448 		if (lun->pr_res_type != type) {
8449 			mtx_unlock(&lun->lun_lock);
8450 			free(ctsio->kern_data_ptr, M_CTL);
8451 			ctl_set_illegal_pr_release(ctsio);
8452 			ctl_done((union ctl_io *)ctsio);
8453 			return (CTL_RETVAL_COMPLETE);
8454 		}
8455 
8456 		/* okay to release */
8457 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8458 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8459 		lun->pr_res_type = 0;
8460 
8461 		/*
8462 		 * If this isn't an exclusive access reservation and NUAR
8463 		 * is not set, generate UA for all other registrants.
8464 		 */
8465 		if (type != SPR_TYPE_EX_AC && type != SPR_TYPE_WR_EX &&
8466 		    (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
8467 			for (i = softc->init_min; i < softc->init_max; i++) {
8468 				if (i == residx || ctl_get_prkey(lun, i) == 0)
8469 					continue;
8470 				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8471 			}
8472 		}
8473 		mtx_unlock(&lun->lun_lock);
8474 
8475 		/* Send msg to other side */
8476 		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8477 		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8478 		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8479 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8480 		     sizeof(persis_io.pr), M_WAITOK);
8481 		break;
8482 
8483 	case SPRO_CLEAR:
8484 		/* send msg to other side */
8485 
8486 		mtx_lock(&lun->lun_lock);
8487 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8488 		lun->pr_res_type = 0;
8489 		lun->pr_key_count = 0;
8490 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8491 
8492 		ctl_clr_prkey(lun, residx);
8493 		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8494 			if (ctl_get_prkey(lun, i) != 0) {
8495 				ctl_clr_prkey(lun, i);
8496 				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8497 			}
8498 		lun->pr_generation++;
8499 		mtx_unlock(&lun->lun_lock);
8500 
8501 		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8502 		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8503 		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8504 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8505 		     sizeof(persis_io.pr), M_WAITOK);
8506 		break;
8507 
8508 	case SPRO_PREEMPT:
8509 	case SPRO_PRE_ABO: {
8510 		int nretval;
8511 
8512 		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8513 					  residx, ctsio, cdb, param);
8514 		if (nretval != 0)
8515 			return (CTL_RETVAL_COMPLETE);
8516 		break;
8517 	}
8518 	default:
8519 		panic("%s: Invalid PR type %#x", __func__, cdb->action);
8520 	}
8521 
8522 done:
8523 	free(ctsio->kern_data_ptr, M_CTL);
8524 	ctl_set_success(ctsio);
8525 	ctl_done((union ctl_io *)ctsio);
8526 
8527 	return (retval);
8528 }
8529 
8530 /*
8531  * This routine is for handling a message from the other SC pertaining to
8532  * persistent reserve out. All the error checking will have been done
8533  * so only perorming the action need be done here to keep the two
8534  * in sync.
8535  */
8536 static void
8537 ctl_hndl_per_res_out_on_other_sc(union ctl_io *io)
8538 {
8539 	struct ctl_softc *softc = CTL_SOFTC(io);
8540 	union ctl_ha_msg *msg = (union ctl_ha_msg *)&io->presio.pr_msg;
8541 	struct ctl_lun *lun;
8542 	int i;
8543 	uint32_t residx, targ_lun;
8544 
8545 	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8546 	mtx_lock(&softc->ctl_lock);
8547 	if (targ_lun >= ctl_max_luns ||
8548 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
8549 		mtx_unlock(&softc->ctl_lock);
8550 		return;
8551 	}
8552 	mtx_lock(&lun->lun_lock);
8553 	mtx_unlock(&softc->ctl_lock);
8554 	if (lun->flags & CTL_LUN_DISABLED) {
8555 		mtx_unlock(&lun->lun_lock);
8556 		return;
8557 	}
8558 	residx = ctl_get_initindex(&msg->hdr.nexus);
8559 	switch(msg->pr.pr_info.action) {
8560 	case CTL_PR_REG_KEY:
8561 		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8562 		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8563 			lun->pr_key_count++;
8564 		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8565 		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8566 		lun->pr_generation++;
8567 		break;
8568 
8569 	case CTL_PR_UNREG_KEY:
8570 		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8571 		lun->pr_key_count--;
8572 
8573 		/* XXX Need to see if the reservation has been released */
8574 		/* if so do we need to generate UA? */
8575 		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8576 			lun->flags &= ~CTL_LUN_PR_RESERVED;
8577 			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8578 
8579 			if ((lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
8580 			     lun->pr_res_type == SPR_TYPE_EX_AC_RO) &&
8581 			    lun->pr_key_count) {
8582 				/*
8583 				 * If the reservation is a registrants
8584 				 * only type we need to generate a UA
8585 				 * for other registered inits.  The
8586 				 * sense code should be RESERVATIONS
8587 				 * RELEASED
8588 				 */
8589 
8590 				for (i = softc->init_min; i < softc->init_max; i++) {
8591 					if (ctl_get_prkey(lun, i) == 0)
8592 						continue;
8593 
8594 					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8595 				}
8596 			}
8597 			lun->pr_res_type = 0;
8598 		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8599 			if (lun->pr_key_count==0) {
8600 				lun->flags &= ~CTL_LUN_PR_RESERVED;
8601 				lun->pr_res_type = 0;
8602 				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8603 			}
8604 		}
8605 		lun->pr_generation++;
8606 		break;
8607 
8608 	case CTL_PR_RESERVE:
8609 		lun->flags |= CTL_LUN_PR_RESERVED;
8610 		lun->pr_res_type = msg->pr.pr_info.res_type;
8611 		lun->pr_res_idx = msg->pr.pr_info.residx;
8612 
8613 		break;
8614 
8615 	case CTL_PR_RELEASE:
8616 		/*
8617 		 * If this isn't an exclusive access reservation and NUAR
8618 		 * is not set, generate UA for all other registrants.
8619 		 */
8620 		if (lun->pr_res_type != SPR_TYPE_EX_AC &&
8621 		    lun->pr_res_type != SPR_TYPE_WR_EX &&
8622 		    (lun->MODE_CTRL.queue_flags & SCP_NUAR) == 0) {
8623 			for (i = softc->init_min; i < softc->init_max; i++)
8624 				if (i == residx || ctl_get_prkey(lun, i) == 0)
8625 					continue;
8626 				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8627 		}
8628 
8629 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8630 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8631 		lun->pr_res_type = 0;
8632 		break;
8633 
8634 	case CTL_PR_PREEMPT:
8635 		ctl_pro_preempt_other(lun, msg);
8636 		break;
8637 	case CTL_PR_CLEAR:
8638 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8639 		lun->pr_res_type = 0;
8640 		lun->pr_key_count = 0;
8641 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8642 
8643 		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8644 			if (ctl_get_prkey(lun, i) == 0)
8645 				continue;
8646 			ctl_clr_prkey(lun, i);
8647 			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8648 		}
8649 		lun->pr_generation++;
8650 		break;
8651 	}
8652 
8653 	mtx_unlock(&lun->lun_lock);
8654 }
8655 
8656 int
8657 ctl_read_write(struct ctl_scsiio *ctsio)
8658 {
8659 	struct ctl_lun *lun = CTL_LUN(ctsio);
8660 	struct ctl_lba_len_flags *lbalen;
8661 	uint64_t lba;
8662 	uint32_t num_blocks;
8663 	int flags, retval;
8664 	int isread;
8665 
8666 	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8667 
8668 	flags = 0;
8669 	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8670 	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8671 	switch (ctsio->cdb[0]) {
8672 	case READ_6:
8673 	case WRITE_6: {
8674 		struct scsi_rw_6 *cdb;
8675 
8676 		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8677 
8678 		lba = scsi_3btoul(cdb->addr);
8679 		/* only 5 bits are valid in the most significant address byte */
8680 		lba &= 0x1fffff;
8681 		num_blocks = cdb->length;
8682 		/*
8683 		 * This is correct according to SBC-2.
8684 		 */
8685 		if (num_blocks == 0)
8686 			num_blocks = 256;
8687 		break;
8688 	}
8689 	case READ_10:
8690 	case WRITE_10: {
8691 		struct scsi_rw_10 *cdb;
8692 
8693 		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8694 		if (cdb->byte2 & SRW10_FUA)
8695 			flags |= CTL_LLF_FUA;
8696 		if (cdb->byte2 & SRW10_DPO)
8697 			flags |= CTL_LLF_DPO;
8698 		lba = scsi_4btoul(cdb->addr);
8699 		num_blocks = scsi_2btoul(cdb->length);
8700 		break;
8701 	}
8702 	case WRITE_VERIFY_10: {
8703 		struct scsi_write_verify_10 *cdb;
8704 
8705 		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8706 		flags |= CTL_LLF_FUA;
8707 		if (cdb->byte2 & SWV_DPO)
8708 			flags |= CTL_LLF_DPO;
8709 		lba = scsi_4btoul(cdb->addr);
8710 		num_blocks = scsi_2btoul(cdb->length);
8711 		break;
8712 	}
8713 	case READ_12:
8714 	case WRITE_12: {
8715 		struct scsi_rw_12 *cdb;
8716 
8717 		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8718 		if (cdb->byte2 & SRW12_FUA)
8719 			flags |= CTL_LLF_FUA;
8720 		if (cdb->byte2 & SRW12_DPO)
8721 			flags |= CTL_LLF_DPO;
8722 		lba = scsi_4btoul(cdb->addr);
8723 		num_blocks = scsi_4btoul(cdb->length);
8724 		break;
8725 	}
8726 	case WRITE_VERIFY_12: {
8727 		struct scsi_write_verify_12 *cdb;
8728 
8729 		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8730 		flags |= CTL_LLF_FUA;
8731 		if (cdb->byte2 & SWV_DPO)
8732 			flags |= CTL_LLF_DPO;
8733 		lba = scsi_4btoul(cdb->addr);
8734 		num_blocks = scsi_4btoul(cdb->length);
8735 		break;
8736 	}
8737 	case READ_16:
8738 	case WRITE_16: {
8739 		struct scsi_rw_16 *cdb;
8740 
8741 		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8742 		if (cdb->byte2 & SRW12_FUA)
8743 			flags |= CTL_LLF_FUA;
8744 		if (cdb->byte2 & SRW12_DPO)
8745 			flags |= CTL_LLF_DPO;
8746 		lba = scsi_8btou64(cdb->addr);
8747 		num_blocks = scsi_4btoul(cdb->length);
8748 		break;
8749 	}
8750 	case WRITE_ATOMIC_16: {
8751 		struct scsi_write_atomic_16 *cdb;
8752 
8753 		if (lun->be_lun->atomicblock == 0) {
8754 			ctl_set_invalid_opcode(ctsio);
8755 			ctl_done((union ctl_io *)ctsio);
8756 			return (CTL_RETVAL_COMPLETE);
8757 		}
8758 
8759 		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8760 		if (cdb->byte2 & SRW12_FUA)
8761 			flags |= CTL_LLF_FUA;
8762 		if (cdb->byte2 & SRW12_DPO)
8763 			flags |= CTL_LLF_DPO;
8764 		lba = scsi_8btou64(cdb->addr);
8765 		num_blocks = scsi_2btoul(cdb->length);
8766 		if (num_blocks > lun->be_lun->atomicblock) {
8767 			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8768 			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8769 			    /*bit*/ 0);
8770 			ctl_done((union ctl_io *)ctsio);
8771 			return (CTL_RETVAL_COMPLETE);
8772 		}
8773 		break;
8774 	}
8775 	case WRITE_VERIFY_16: {
8776 		struct scsi_write_verify_16 *cdb;
8777 
8778 		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8779 		flags |= CTL_LLF_FUA;
8780 		if (cdb->byte2 & SWV_DPO)
8781 			flags |= CTL_LLF_DPO;
8782 		lba = scsi_8btou64(cdb->addr);
8783 		num_blocks = scsi_4btoul(cdb->length);
8784 		break;
8785 	}
8786 	default:
8787 		/*
8788 		 * We got a command we don't support.  This shouldn't
8789 		 * happen, commands should be filtered out above us.
8790 		 */
8791 		ctl_set_invalid_opcode(ctsio);
8792 		ctl_done((union ctl_io *)ctsio);
8793 
8794 		return (CTL_RETVAL_COMPLETE);
8795 		break; /* NOTREACHED */
8796 	}
8797 
8798 	/*
8799 	 * The first check is to make sure we're in bounds, the second
8800 	 * check is to catch wrap-around problems.  If the lba + num blocks
8801 	 * is less than the lba, then we've wrapped around and the block
8802 	 * range is invalid anyway.
8803 	 */
8804 	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8805 	 || ((lba + num_blocks) < lba)) {
8806 		ctl_set_lba_out_of_range(ctsio,
8807 		    MAX(lba, lun->be_lun->maxlba + 1));
8808 		ctl_done((union ctl_io *)ctsio);
8809 		return (CTL_RETVAL_COMPLETE);
8810 	}
8811 
8812 	/*
8813 	 * According to SBC-3, a transfer length of 0 is not an error.
8814 	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8815 	 * translates to 256 blocks for those commands.
8816 	 */
8817 	if (num_blocks == 0) {
8818 		ctl_set_success(ctsio);
8819 		ctl_done((union ctl_io *)ctsio);
8820 		return (CTL_RETVAL_COMPLETE);
8821 	}
8822 
8823 	/* Set FUA and/or DPO if caches are disabled. */
8824 	if (isread) {
8825 		if ((lun->MODE_CACHING.flags1 & SCP_RCD) != 0)
8826 			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8827 	} else {
8828 		if ((lun->MODE_CACHING.flags1 & SCP_WCE) == 0)
8829 			flags |= CTL_LLF_FUA;
8830 	}
8831 
8832 	lbalen = (struct ctl_lba_len_flags *)
8833 	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8834 	lbalen->lba = lba;
8835 	lbalen->len = num_blocks;
8836 	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8837 
8838 	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8839 	ctsio->kern_rel_offset = 0;
8840 
8841 	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8842 
8843 	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8844 	return (retval);
8845 }
8846 
8847 static int
8848 ctl_cnw_cont(union ctl_io *io)
8849 {
8850 	struct ctl_lun *lun = CTL_LUN(io);
8851 	struct ctl_scsiio *ctsio;
8852 	struct ctl_lba_len_flags *lbalen;
8853 	int retval;
8854 
8855 	ctsio = &io->scsiio;
8856 	ctsio->io_hdr.status = CTL_STATUS_NONE;
8857 	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8858 	lbalen = (struct ctl_lba_len_flags *)
8859 	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8860 	lbalen->flags &= ~CTL_LLF_COMPARE;
8861 	lbalen->flags |= CTL_LLF_WRITE;
8862 
8863 	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8864 	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8865 	return (retval);
8866 }
8867 
8868 int
8869 ctl_cnw(struct ctl_scsiio *ctsio)
8870 {
8871 	struct ctl_lun *lun = CTL_LUN(ctsio);
8872 	struct ctl_lba_len_flags *lbalen;
8873 	uint64_t lba;
8874 	uint32_t num_blocks;
8875 	int flags, retval;
8876 
8877 	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8878 
8879 	flags = 0;
8880 	switch (ctsio->cdb[0]) {
8881 	case COMPARE_AND_WRITE: {
8882 		struct scsi_compare_and_write *cdb;
8883 
8884 		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8885 		if (cdb->byte2 & SRW10_FUA)
8886 			flags |= CTL_LLF_FUA;
8887 		if (cdb->byte2 & SRW10_DPO)
8888 			flags |= CTL_LLF_DPO;
8889 		lba = scsi_8btou64(cdb->addr);
8890 		num_blocks = cdb->length;
8891 		break;
8892 	}
8893 	default:
8894 		/*
8895 		 * We got a command we don't support.  This shouldn't
8896 		 * happen, commands should be filtered out above us.
8897 		 */
8898 		ctl_set_invalid_opcode(ctsio);
8899 		ctl_done((union ctl_io *)ctsio);
8900 
8901 		return (CTL_RETVAL_COMPLETE);
8902 		break; /* NOTREACHED */
8903 	}
8904 
8905 	/*
8906 	 * The first check is to make sure we're in bounds, the second
8907 	 * check is to catch wrap-around problems.  If the lba + num blocks
8908 	 * is less than the lba, then we've wrapped around and the block
8909 	 * range is invalid anyway.
8910 	 */
8911 	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8912 	 || ((lba + num_blocks) < lba)) {
8913 		ctl_set_lba_out_of_range(ctsio,
8914 		    MAX(lba, lun->be_lun->maxlba + 1));
8915 		ctl_done((union ctl_io *)ctsio);
8916 		return (CTL_RETVAL_COMPLETE);
8917 	}
8918 
8919 	/*
8920 	 * According to SBC-3, a transfer length of 0 is not an error.
8921 	 */
8922 	if (num_blocks == 0) {
8923 		ctl_set_success(ctsio);
8924 		ctl_done((union ctl_io *)ctsio);
8925 		return (CTL_RETVAL_COMPLETE);
8926 	}
8927 
8928 	/* Set FUA if write cache is disabled. */
8929 	if ((lun->MODE_CACHING.flags1 & SCP_WCE) == 0)
8930 		flags |= CTL_LLF_FUA;
8931 
8932 	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8933 	ctsio->kern_rel_offset = 0;
8934 
8935 	/*
8936 	 * Set the IO_CONT flag, so that if this I/O gets passed to
8937 	 * ctl_data_submit_done(), it'll get passed back to
8938 	 * ctl_ctl_cnw_cont() for further processing.
8939 	 */
8940 	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8941 	ctsio->io_cont = ctl_cnw_cont;
8942 
8943 	lbalen = (struct ctl_lba_len_flags *)
8944 	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8945 	lbalen->lba = lba;
8946 	lbalen->len = num_blocks;
8947 	lbalen->flags = CTL_LLF_COMPARE | flags;
8948 
8949 	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8950 	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8951 	return (retval);
8952 }
8953 
8954 int
8955 ctl_verify(struct ctl_scsiio *ctsio)
8956 {
8957 	struct ctl_lun *lun = CTL_LUN(ctsio);
8958 	struct ctl_lba_len_flags *lbalen;
8959 	uint64_t lba;
8960 	uint32_t num_blocks;
8961 	int bytchk, flags;
8962 	int retval;
8963 
8964 	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8965 
8966 	bytchk = 0;
8967 	flags = CTL_LLF_FUA;
8968 	switch (ctsio->cdb[0]) {
8969 	case VERIFY_10: {
8970 		struct scsi_verify_10 *cdb;
8971 
8972 		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8973 		if (cdb->byte2 & SVFY_BYTCHK)
8974 			bytchk = 1;
8975 		if (cdb->byte2 & SVFY_DPO)
8976 			flags |= CTL_LLF_DPO;
8977 		lba = scsi_4btoul(cdb->addr);
8978 		num_blocks = scsi_2btoul(cdb->length);
8979 		break;
8980 	}
8981 	case VERIFY_12: {
8982 		struct scsi_verify_12 *cdb;
8983 
8984 		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8985 		if (cdb->byte2 & SVFY_BYTCHK)
8986 			bytchk = 1;
8987 		if (cdb->byte2 & SVFY_DPO)
8988 			flags |= CTL_LLF_DPO;
8989 		lba = scsi_4btoul(cdb->addr);
8990 		num_blocks = scsi_4btoul(cdb->length);
8991 		break;
8992 	}
8993 	case VERIFY_16: {
8994 		struct scsi_rw_16 *cdb;
8995 
8996 		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8997 		if (cdb->byte2 & SVFY_BYTCHK)
8998 			bytchk = 1;
8999 		if (cdb->byte2 & SVFY_DPO)
9000 			flags |= CTL_LLF_DPO;
9001 		lba = scsi_8btou64(cdb->addr);
9002 		num_blocks = scsi_4btoul(cdb->length);
9003 		break;
9004 	}
9005 	default:
9006 		/*
9007 		 * We got a command we don't support.  This shouldn't
9008 		 * happen, commands should be filtered out above us.
9009 		 */
9010 		ctl_set_invalid_opcode(ctsio);
9011 		ctl_done((union ctl_io *)ctsio);
9012 		return (CTL_RETVAL_COMPLETE);
9013 	}
9014 
9015 	/*
9016 	 * The first check is to make sure we're in bounds, the second
9017 	 * check is to catch wrap-around problems.  If the lba + num blocks
9018 	 * is less than the lba, then we've wrapped around and the block
9019 	 * range is invalid anyway.
9020 	 */
9021 	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9022 	 || ((lba + num_blocks) < lba)) {
9023 		ctl_set_lba_out_of_range(ctsio,
9024 		    MAX(lba, lun->be_lun->maxlba + 1));
9025 		ctl_done((union ctl_io *)ctsio);
9026 		return (CTL_RETVAL_COMPLETE);
9027 	}
9028 
9029 	/*
9030 	 * According to SBC-3, a transfer length of 0 is not an error.
9031 	 */
9032 	if (num_blocks == 0) {
9033 		ctl_set_success(ctsio);
9034 		ctl_done((union ctl_io *)ctsio);
9035 		return (CTL_RETVAL_COMPLETE);
9036 	}
9037 
9038 	lbalen = (struct ctl_lba_len_flags *)
9039 	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9040 	lbalen->lba = lba;
9041 	lbalen->len = num_blocks;
9042 	if (bytchk) {
9043 		lbalen->flags = CTL_LLF_COMPARE | flags;
9044 		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9045 	} else {
9046 		lbalen->flags = CTL_LLF_VERIFY | flags;
9047 		ctsio->kern_total_len = 0;
9048 	}
9049 	ctsio->kern_rel_offset = 0;
9050 
9051 	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9052 	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9053 	return (retval);
9054 }
9055 
9056 int
9057 ctl_report_luns(struct ctl_scsiio *ctsio)
9058 {
9059 	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9060 	struct ctl_port *port = CTL_PORT(ctsio);
9061 	struct ctl_lun *lun, *request_lun = CTL_LUN(ctsio);
9062 	struct scsi_report_luns *cdb;
9063 	struct scsi_report_luns_data *lun_data;
9064 	int num_filled, num_luns, num_port_luns, retval;
9065 	uint32_t alloc_len, lun_datalen;
9066 	uint32_t initidx, targ_lun_id, lun_id;
9067 
9068 	retval = CTL_RETVAL_COMPLETE;
9069 	cdb = (struct scsi_report_luns *)ctsio->cdb;
9070 
9071 	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9072 
9073 	num_luns = 0;
9074 	num_port_luns = port->lun_map ? port->lun_map_size : ctl_max_luns;
9075 	mtx_lock(&softc->ctl_lock);
9076 	for (targ_lun_id = 0; targ_lun_id < num_port_luns; targ_lun_id++) {
9077 		if (ctl_lun_map_from_port(port, targ_lun_id) != UINT32_MAX)
9078 			num_luns++;
9079 	}
9080 	mtx_unlock(&softc->ctl_lock);
9081 
9082 	switch (cdb->select_report) {
9083 	case RPL_REPORT_DEFAULT:
9084 	case RPL_REPORT_ALL:
9085 	case RPL_REPORT_NONSUBSID:
9086 		break;
9087 	case RPL_REPORT_WELLKNOWN:
9088 	case RPL_REPORT_ADMIN:
9089 	case RPL_REPORT_CONGLOM:
9090 		num_luns = 0;
9091 		break;
9092 	default:
9093 		ctl_set_invalid_field(ctsio,
9094 				      /*sks_valid*/ 1,
9095 				      /*command*/ 1,
9096 				      /*field*/ 2,
9097 				      /*bit_valid*/ 0,
9098 				      /*bit*/ 0);
9099 		ctl_done((union ctl_io *)ctsio);
9100 		return (retval);
9101 		break; /* NOTREACHED */
9102 	}
9103 
9104 	alloc_len = scsi_4btoul(cdb->length);
9105 	/*
9106 	 * The initiator has to allocate at least 16 bytes for this request,
9107 	 * so he can at least get the header and the first LUN.  Otherwise
9108 	 * we reject the request (per SPC-3 rev 14, section 6.21).
9109 	 */
9110 	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9111 	    sizeof(struct scsi_report_luns_lundata))) {
9112 		ctl_set_invalid_field(ctsio,
9113 				      /*sks_valid*/ 1,
9114 				      /*command*/ 1,
9115 				      /*field*/ 6,
9116 				      /*bit_valid*/ 0,
9117 				      /*bit*/ 0);
9118 		ctl_done((union ctl_io *)ctsio);
9119 		return (retval);
9120 	}
9121 
9122 	lun_datalen = sizeof(*lun_data) +
9123 		(num_luns * sizeof(struct scsi_report_luns_lundata));
9124 
9125 	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9126 	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9127 	ctsio->kern_sg_entries = 0;
9128 
9129 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9130 
9131 	mtx_lock(&softc->ctl_lock);
9132 	for (targ_lun_id = 0, num_filled = 0;
9133 	    targ_lun_id < num_port_luns && num_filled < num_luns;
9134 	    targ_lun_id++) {
9135 		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9136 		if (lun_id == UINT32_MAX)
9137 			continue;
9138 		lun = softc->ctl_luns[lun_id];
9139 		if (lun == NULL)
9140 			continue;
9141 
9142 		be64enc(lun_data->luns[num_filled++].lundata,
9143 		    ctl_encode_lun(targ_lun_id));
9144 
9145 		/*
9146 		 * According to SPC-3, rev 14 section 6.21:
9147 		 *
9148 		 * "The execution of a REPORT LUNS command to any valid and
9149 		 * installed logical unit shall clear the REPORTED LUNS DATA
9150 		 * HAS CHANGED unit attention condition for all logical
9151 		 * units of that target with respect to the requesting
9152 		 * initiator. A valid and installed logical unit is one
9153 		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9154 		 * INQUIRY data (see 6.4.2)."
9155 		 *
9156 		 * If request_lun is NULL, the LUN this report luns command
9157 		 * was issued to is either disabled or doesn't exist. In that
9158 		 * case, we shouldn't clear any pending lun change unit
9159 		 * attention.
9160 		 */
9161 		if (request_lun != NULL) {
9162 			mtx_lock(&lun->lun_lock);
9163 			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9164 			mtx_unlock(&lun->lun_lock);
9165 		}
9166 	}
9167 	mtx_unlock(&softc->ctl_lock);
9168 
9169 	/*
9170 	 * It's quite possible that we've returned fewer LUNs than we allocated
9171 	 * space for.  Trim it.
9172 	 */
9173 	lun_datalen = sizeof(*lun_data) +
9174 		(num_filled * sizeof(struct scsi_report_luns_lundata));
9175 	ctsio->kern_rel_offset = 0;
9176 	ctsio->kern_sg_entries = 0;
9177 	ctsio->kern_data_len = min(lun_datalen, alloc_len);
9178 	ctsio->kern_total_len = ctsio->kern_data_len;
9179 
9180 	/*
9181 	 * We set this to the actual data length, regardless of how much
9182 	 * space we actually have to return results.  If the user looks at
9183 	 * this value, he'll know whether or not he allocated enough space
9184 	 * and reissue the command if necessary.  We don't support well
9185 	 * known logical units, so if the user asks for that, return none.
9186 	 */
9187 	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9188 
9189 	/*
9190 	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9191 	 * this request.
9192 	 */
9193 	ctl_set_success(ctsio);
9194 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9195 	ctsio->be_move_done = ctl_config_move_done;
9196 	ctl_datamove((union ctl_io *)ctsio);
9197 	return (retval);
9198 }
9199 
9200 int
9201 ctl_request_sense(struct ctl_scsiio *ctsio)
9202 {
9203 	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9204 	struct ctl_lun *lun = CTL_LUN(ctsio);
9205 	struct scsi_request_sense *cdb;
9206 	struct scsi_sense_data *sense_ptr, *ps;
9207 	uint32_t initidx;
9208 	int have_error;
9209 	u_int sense_len = SSD_FULL_SIZE;
9210 	scsi_sense_data_type sense_format;
9211 	ctl_ua_type ua_type;
9212 	uint8_t asc = 0, ascq = 0;
9213 
9214 	cdb = (struct scsi_request_sense *)ctsio->cdb;
9215 
9216 	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9217 
9218 	/*
9219 	 * Determine which sense format the user wants.
9220 	 */
9221 	if (cdb->byte2 & SRS_DESC)
9222 		sense_format = SSD_TYPE_DESC;
9223 	else
9224 		sense_format = SSD_TYPE_FIXED;
9225 
9226 	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9227 	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9228 	ctsio->kern_sg_entries = 0;
9229 	ctsio->kern_rel_offset = 0;
9230 
9231 	/*
9232 	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9233 	 * larger than the largest allowed value for the length field in the
9234 	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9235 	 */
9236 	ctsio->kern_data_len = cdb->length;
9237 	ctsio->kern_total_len = cdb->length;
9238 
9239 	/*
9240 	 * If we don't have a LUN, we don't have any pending sense.
9241 	 */
9242 	if (lun == NULL ||
9243 	    ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
9244 	     softc->ha_link < CTL_HA_LINK_UNKNOWN)) {
9245 		/* "Logical unit not supported" */
9246 		ctl_set_sense_data(sense_ptr, &sense_len, NULL, sense_format,
9247 		    /*current_error*/ 1,
9248 		    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
9249 		    /*asc*/ 0x25,
9250 		    /*ascq*/ 0x00,
9251 		    SSD_ELEM_NONE);
9252 		goto send;
9253 	}
9254 
9255 	have_error = 0;
9256 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9257 	/*
9258 	 * Check for pending sense, and then for pending unit attentions.
9259 	 * Pending sense gets returned first, then pending unit attentions.
9260 	 */
9261 	mtx_lock(&lun->lun_lock);
9262 	ps = lun->pending_sense[initidx / CTL_MAX_INIT_PER_PORT];
9263 	if (ps != NULL)
9264 		ps += initidx % CTL_MAX_INIT_PER_PORT;
9265 	if (ps != NULL && ps->error_code != 0) {
9266 		scsi_sense_data_type stored_format;
9267 
9268 		/*
9269 		 * Check to see which sense format was used for the stored
9270 		 * sense data.
9271 		 */
9272 		stored_format = scsi_sense_type(ps);
9273 
9274 		/*
9275 		 * If the user requested a different sense format than the
9276 		 * one we stored, then we need to convert it to the other
9277 		 * format.  If we're going from descriptor to fixed format
9278 		 * sense data, we may lose things in translation, depending
9279 		 * on what options were used.
9280 		 *
9281 		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9282 		 * for some reason we'll just copy it out as-is.
9283 		 */
9284 		if ((stored_format == SSD_TYPE_FIXED)
9285 		 && (sense_format == SSD_TYPE_DESC))
9286 			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9287 			    ps, (struct scsi_sense_data_desc *)sense_ptr);
9288 		else if ((stored_format == SSD_TYPE_DESC)
9289 		      && (sense_format == SSD_TYPE_FIXED))
9290 			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9291 			    ps, (struct scsi_sense_data_fixed *)sense_ptr);
9292 		else
9293 			memcpy(sense_ptr, ps, sizeof(*sense_ptr));
9294 
9295 		ps->error_code = 0;
9296 		have_error = 1;
9297 	} else {
9298 		ua_type = ctl_build_ua(lun, initidx, sense_ptr, &sense_len,
9299 		    sense_format);
9300 		if (ua_type != CTL_UA_NONE)
9301 			have_error = 1;
9302 	}
9303 	if (have_error == 0) {
9304 		/*
9305 		 * Report informational exception if have one and allowed.
9306 		 */
9307 		if (lun->MODE_IE.mrie != SIEP_MRIE_NO) {
9308 			asc = lun->ie_asc;
9309 			ascq = lun->ie_ascq;
9310 		}
9311 		ctl_set_sense_data(sense_ptr, &sense_len, lun, sense_format,
9312 		    /*current_error*/ 1,
9313 		    /*sense_key*/ SSD_KEY_NO_SENSE,
9314 		    /*asc*/ asc,
9315 		    /*ascq*/ ascq,
9316 		    SSD_ELEM_NONE);
9317 	}
9318 	mtx_unlock(&lun->lun_lock);
9319 
9320 send:
9321 	/*
9322 	 * We report the SCSI status as OK, since the status of the command
9323 	 * itself is OK.  We're reporting sense as parameter data.
9324 	 */
9325 	ctl_set_success(ctsio);
9326 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9327 	ctsio->be_move_done = ctl_config_move_done;
9328 	ctl_datamove((union ctl_io *)ctsio);
9329 	return (CTL_RETVAL_COMPLETE);
9330 }
9331 
9332 int
9333 ctl_tur(struct ctl_scsiio *ctsio)
9334 {
9335 
9336 	CTL_DEBUG_PRINT(("ctl_tur\n"));
9337 
9338 	ctl_set_success(ctsio);
9339 	ctl_done((union ctl_io *)ctsio);
9340 
9341 	return (CTL_RETVAL_COMPLETE);
9342 }
9343 
9344 /*
9345  * SCSI VPD page 0x00, the Supported VPD Pages page.
9346  */
9347 static int
9348 ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9349 {
9350 	struct ctl_lun *lun = CTL_LUN(ctsio);
9351 	struct scsi_vpd_supported_pages *pages;
9352 	int sup_page_size;
9353 	int p;
9354 
9355 	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9356 	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9357 	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9358 	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9359 	ctsio->kern_rel_offset = 0;
9360 	ctsio->kern_sg_entries = 0;
9361 	ctsio->kern_data_len = min(sup_page_size, alloc_len);
9362 	ctsio->kern_total_len = ctsio->kern_data_len;
9363 
9364 	/*
9365 	 * The control device is always connected.  The disk device, on the
9366 	 * other hand, may not be online all the time.  Need to change this
9367 	 * to figure out whether the disk device is actually online or not.
9368 	 */
9369 	if (lun != NULL)
9370 		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9371 				lun->be_lun->lun_type;
9372 	else
9373 		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9374 
9375 	p = 0;
9376 	/* Supported VPD pages */
9377 	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9378 	/* Serial Number */
9379 	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9380 	/* Device Identification */
9381 	pages->page_list[p++] = SVPD_DEVICE_ID;
9382 	/* Extended INQUIRY Data */
9383 	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9384 	/* Mode Page Policy */
9385 	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9386 	/* SCSI Ports */
9387 	pages->page_list[p++] = SVPD_SCSI_PORTS;
9388 	/* Third-party Copy */
9389 	pages->page_list[p++] = SVPD_SCSI_TPC;
9390 	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9391 		/* Block limits */
9392 		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9393 		/* Block Device Characteristics */
9394 		pages->page_list[p++] = SVPD_BDC;
9395 		/* Logical Block Provisioning */
9396 		pages->page_list[p++] = SVPD_LBP;
9397 	}
9398 	pages->length = p;
9399 
9400 	ctl_set_success(ctsio);
9401 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9402 	ctsio->be_move_done = ctl_config_move_done;
9403 	ctl_datamove((union ctl_io *)ctsio);
9404 	return (CTL_RETVAL_COMPLETE);
9405 }
9406 
9407 /*
9408  * SCSI VPD page 0x80, the Unit Serial Number page.
9409  */
9410 static int
9411 ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9412 {
9413 	struct ctl_lun *lun = CTL_LUN(ctsio);
9414 	struct scsi_vpd_unit_serial_number *sn_ptr;
9415 	int data_len;
9416 
9417 	data_len = 4 + CTL_SN_LEN;
9418 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9419 	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9420 	ctsio->kern_rel_offset = 0;
9421 	ctsio->kern_sg_entries = 0;
9422 	ctsio->kern_data_len = min(data_len, alloc_len);
9423 	ctsio->kern_total_len = ctsio->kern_data_len;
9424 
9425 	/*
9426 	 * The control device is always connected.  The disk device, on the
9427 	 * other hand, may not be online all the time.  Need to change this
9428 	 * to figure out whether the disk device is actually online or not.
9429 	 */
9430 	if (lun != NULL)
9431 		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9432 				  lun->be_lun->lun_type;
9433 	else
9434 		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9435 
9436 	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9437 	sn_ptr->length = CTL_SN_LEN;
9438 	/*
9439 	 * If we don't have a LUN, we just leave the serial number as
9440 	 * all spaces.
9441 	 */
9442 	if (lun != NULL) {
9443 		strncpy((char *)sn_ptr->serial_num,
9444 			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9445 	} else
9446 		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9447 
9448 	ctl_set_success(ctsio);
9449 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9450 	ctsio->be_move_done = ctl_config_move_done;
9451 	ctl_datamove((union ctl_io *)ctsio);
9452 	return (CTL_RETVAL_COMPLETE);
9453 }
9454 
9455 
9456 /*
9457  * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9458  */
9459 static int
9460 ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9461 {
9462 	struct ctl_lun *lun = CTL_LUN(ctsio);
9463 	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9464 	int data_len;
9465 
9466 	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9467 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9468 	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9469 	ctsio->kern_sg_entries = 0;
9470 	ctsio->kern_rel_offset = 0;
9471 	ctsio->kern_data_len = min(data_len, alloc_len);
9472 	ctsio->kern_total_len = ctsio->kern_data_len;
9473 
9474 	/*
9475 	 * The control device is always connected.  The disk device, on the
9476 	 * other hand, may not be online all the time.
9477 	 */
9478 	if (lun != NULL)
9479 		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9480 				     lun->be_lun->lun_type;
9481 	else
9482 		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9483 	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9484 	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9485 	/*
9486 	 * We support head of queue, ordered and simple tags.
9487 	 */
9488 	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9489 	/*
9490 	 * Volatile cache supported.
9491 	 */
9492 	eid_ptr->flags3 = SVPD_EID_V_SUP;
9493 
9494 	/*
9495 	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9496 	 * attention for a particular IT nexus on all LUNs once we report
9497 	 * it to that nexus once.  This bit is required as of SPC-4.
9498 	 */
9499 	eid_ptr->flags4 = SVPD_EID_LUICLR;
9500 
9501 	/*
9502 	 * We support revert to defaults (RTD) bit in MODE SELECT.
9503 	 */
9504 	eid_ptr->flags5 = SVPD_EID_RTD_SUP;
9505 
9506 	/*
9507 	 * XXX KDM in order to correctly answer this, we would need
9508 	 * information from the SIM to determine how much sense data it
9509 	 * can send.  So this would really be a path inquiry field, most
9510 	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9511 	 * but the hardware may or may not be able to support that much.
9512 	 * 0 just means that the maximum sense data length is not reported.
9513 	 */
9514 	eid_ptr->max_sense_length = 0;
9515 
9516 	ctl_set_success(ctsio);
9517 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9518 	ctsio->be_move_done = ctl_config_move_done;
9519 	ctl_datamove((union ctl_io *)ctsio);
9520 	return (CTL_RETVAL_COMPLETE);
9521 }
9522 
9523 static int
9524 ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9525 {
9526 	struct ctl_lun *lun = CTL_LUN(ctsio);
9527 	struct scsi_vpd_mode_page_policy *mpp_ptr;
9528 	int data_len;
9529 
9530 	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9531 	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9532 
9533 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9534 	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9535 	ctsio->kern_rel_offset = 0;
9536 	ctsio->kern_sg_entries = 0;
9537 	ctsio->kern_data_len = min(data_len, alloc_len);
9538 	ctsio->kern_total_len = ctsio->kern_data_len;
9539 
9540 	/*
9541 	 * The control device is always connected.  The disk device, on the
9542 	 * other hand, may not be online all the time.
9543 	 */
9544 	if (lun != NULL)
9545 		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9546 				     lun->be_lun->lun_type;
9547 	else
9548 		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9549 	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9550 	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9551 	mpp_ptr->descr[0].page_code = 0x3f;
9552 	mpp_ptr->descr[0].subpage_code = 0xff;
9553 	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9554 
9555 	ctl_set_success(ctsio);
9556 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9557 	ctsio->be_move_done = ctl_config_move_done;
9558 	ctl_datamove((union ctl_io *)ctsio);
9559 	return (CTL_RETVAL_COMPLETE);
9560 }
9561 
9562 /*
9563  * SCSI VPD page 0x83, the Device Identification page.
9564  */
9565 static int
9566 ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9567 {
9568 	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9569 	struct ctl_port *port = CTL_PORT(ctsio);
9570 	struct ctl_lun *lun = CTL_LUN(ctsio);
9571 	struct scsi_vpd_device_id *devid_ptr;
9572 	struct scsi_vpd_id_descriptor *desc;
9573 	int data_len, g;
9574 	uint8_t proto;
9575 
9576 	data_len = sizeof(struct scsi_vpd_device_id) +
9577 	    sizeof(struct scsi_vpd_id_descriptor) +
9578 		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9579 	    sizeof(struct scsi_vpd_id_descriptor) +
9580 		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9581 	if (lun && lun->lun_devid)
9582 		data_len += lun->lun_devid->len;
9583 	if (port && port->port_devid)
9584 		data_len += port->port_devid->len;
9585 	if (port && port->target_devid)
9586 		data_len += port->target_devid->len;
9587 
9588 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9589 	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9590 	ctsio->kern_sg_entries = 0;
9591 	ctsio->kern_rel_offset = 0;
9592 	ctsio->kern_sg_entries = 0;
9593 	ctsio->kern_data_len = min(data_len, alloc_len);
9594 	ctsio->kern_total_len = ctsio->kern_data_len;
9595 
9596 	/*
9597 	 * The control device is always connected.  The disk device, on the
9598 	 * other hand, may not be online all the time.
9599 	 */
9600 	if (lun != NULL)
9601 		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9602 				     lun->be_lun->lun_type;
9603 	else
9604 		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9605 	devid_ptr->page_code = SVPD_DEVICE_ID;
9606 	scsi_ulto2b(data_len - 4, devid_ptr->length);
9607 
9608 	if (port && port->port_type == CTL_PORT_FC)
9609 		proto = SCSI_PROTO_FC << 4;
9610 	else if (port && port->port_type == CTL_PORT_SAS)
9611 		proto = SCSI_PROTO_SAS << 4;
9612 	else if (port && port->port_type == CTL_PORT_ISCSI)
9613 		proto = SCSI_PROTO_ISCSI << 4;
9614 	else
9615 		proto = SCSI_PROTO_SPI << 4;
9616 	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9617 
9618 	/*
9619 	 * We're using a LUN association here.  i.e., this device ID is a
9620 	 * per-LUN identifier.
9621 	 */
9622 	if (lun && lun->lun_devid) {
9623 		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9624 		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9625 		    lun->lun_devid->len);
9626 	}
9627 
9628 	/*
9629 	 * This is for the WWPN which is a port association.
9630 	 */
9631 	if (port && port->port_devid) {
9632 		memcpy(desc, port->port_devid->data, port->port_devid->len);
9633 		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9634 		    port->port_devid->len);
9635 	}
9636 
9637 	/*
9638 	 * This is for the Relative Target Port(type 4h) identifier
9639 	 */
9640 	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9641 	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9642 	    SVPD_ID_TYPE_RELTARG;
9643 	desc->length = 4;
9644 	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9645 	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9646 	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9647 
9648 	/*
9649 	 * This is for the Target Port Group(type 5h) identifier
9650 	 */
9651 	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9652 	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9653 	    SVPD_ID_TYPE_TPORTGRP;
9654 	desc->length = 4;
9655 	if (softc->is_single ||
9656 	    (port && port->status & CTL_PORT_STATUS_HA_SHARED))
9657 		g = 1;
9658 	else
9659 		g = 2 + ctsio->io_hdr.nexus.targ_port / softc->port_cnt;
9660 	scsi_ulto2b(g, &desc->identifier[2]);
9661 	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9662 	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9663 
9664 	/*
9665 	 * This is for the Target identifier
9666 	 */
9667 	if (port && port->target_devid) {
9668 		memcpy(desc, port->target_devid->data, port->target_devid->len);
9669 	}
9670 
9671 	ctl_set_success(ctsio);
9672 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9673 	ctsio->be_move_done = ctl_config_move_done;
9674 	ctl_datamove((union ctl_io *)ctsio);
9675 	return (CTL_RETVAL_COMPLETE);
9676 }
9677 
9678 static int
9679 ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9680 {
9681 	struct ctl_softc *softc = CTL_SOFTC(ctsio);
9682 	struct ctl_lun *lun = CTL_LUN(ctsio);
9683 	struct scsi_vpd_scsi_ports *sp;
9684 	struct scsi_vpd_port_designation *pd;
9685 	struct scsi_vpd_port_designation_cont *pdc;
9686 	struct ctl_port *port;
9687 	int data_len, num_target_ports, iid_len, id_len;
9688 
9689 	num_target_ports = 0;
9690 	iid_len = 0;
9691 	id_len = 0;
9692 	mtx_lock(&softc->ctl_lock);
9693 	STAILQ_FOREACH(port, &softc->port_list, links) {
9694 		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9695 			continue;
9696 		if (lun != NULL &&
9697 		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
9698 			continue;
9699 		num_target_ports++;
9700 		if (port->init_devid)
9701 			iid_len += port->init_devid->len;
9702 		if (port->port_devid)
9703 			id_len += port->port_devid->len;
9704 	}
9705 	mtx_unlock(&softc->ctl_lock);
9706 
9707 	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9708 	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9709 	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9710 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9711 	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9712 	ctsio->kern_sg_entries = 0;
9713 	ctsio->kern_rel_offset = 0;
9714 	ctsio->kern_sg_entries = 0;
9715 	ctsio->kern_data_len = min(data_len, alloc_len);
9716 	ctsio->kern_total_len = ctsio->kern_data_len;
9717 
9718 	/*
9719 	 * The control device is always connected.  The disk device, on the
9720 	 * other hand, may not be online all the time.  Need to change this
9721 	 * to figure out whether the disk device is actually online or not.
9722 	 */
9723 	if (lun != NULL)
9724 		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9725 				  lun->be_lun->lun_type;
9726 	else
9727 		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9728 
9729 	sp->page_code = SVPD_SCSI_PORTS;
9730 	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9731 	    sp->page_length);
9732 	pd = &sp->design[0];
9733 
9734 	mtx_lock(&softc->ctl_lock);
9735 	STAILQ_FOREACH(port, &softc->port_list, links) {
9736 		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9737 			continue;
9738 		if (lun != NULL &&
9739 		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
9740 			continue;
9741 		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9742 		if (port->init_devid) {
9743 			iid_len = port->init_devid->len;
9744 			memcpy(pd->initiator_transportid,
9745 			    port->init_devid->data, port->init_devid->len);
9746 		} else
9747 			iid_len = 0;
9748 		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9749 		pdc = (struct scsi_vpd_port_designation_cont *)
9750 		    (&pd->initiator_transportid[iid_len]);
9751 		if (port->port_devid) {
9752 			id_len = port->port_devid->len;
9753 			memcpy(pdc->target_port_descriptors,
9754 			    port->port_devid->data, port->port_devid->len);
9755 		} else
9756 			id_len = 0;
9757 		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9758 		pd = (struct scsi_vpd_port_designation *)
9759 		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9760 	}
9761 	mtx_unlock(&softc->ctl_lock);
9762 
9763 	ctl_set_success(ctsio);
9764 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9765 	ctsio->be_move_done = ctl_config_move_done;
9766 	ctl_datamove((union ctl_io *)ctsio);
9767 	return (CTL_RETVAL_COMPLETE);
9768 }
9769 
9770 static int
9771 ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9772 {
9773 	struct ctl_lun *lun = CTL_LUN(ctsio);
9774 	struct scsi_vpd_block_limits *bl_ptr;
9775 	uint64_t ival;
9776 
9777 	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9778 	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9779 	ctsio->kern_sg_entries = 0;
9780 	ctsio->kern_rel_offset = 0;
9781 	ctsio->kern_sg_entries = 0;
9782 	ctsio->kern_data_len = min(sizeof(*bl_ptr), alloc_len);
9783 	ctsio->kern_total_len = ctsio->kern_data_len;
9784 
9785 	/*
9786 	 * The control device is always connected.  The disk device, on the
9787 	 * other hand, may not be online all the time.  Need to change this
9788 	 * to figure out whether the disk device is actually online or not.
9789 	 */
9790 	if (lun != NULL)
9791 		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9792 				  lun->be_lun->lun_type;
9793 	else
9794 		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9795 
9796 	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9797 	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9798 	bl_ptr->max_cmp_write_len = 0xff;
9799 	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9800 	if (lun != NULL) {
9801 		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9802 		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9803 			ival = 0xffffffff;
9804 			ctl_get_opt_number(&lun->be_lun->options,
9805 			    "unmap_max_lba", &ival);
9806 			scsi_ulto4b(ival, bl_ptr->max_unmap_lba_cnt);
9807 			ival = 0xffffffff;
9808 			ctl_get_opt_number(&lun->be_lun->options,
9809 			    "unmap_max_descr", &ival);
9810 			scsi_ulto4b(ival, bl_ptr->max_unmap_blk_cnt);
9811 			if (lun->be_lun->ublockexp != 0) {
9812 				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9813 				    bl_ptr->opt_unmap_grain);
9814 				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9815 				    bl_ptr->unmap_grain_align);
9816 			}
9817 		}
9818 		scsi_ulto4b(lun->be_lun->atomicblock,
9819 		    bl_ptr->max_atomic_transfer_length);
9820 		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9821 		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9822 		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
9823 		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
9824 		ival = UINT64_MAX;
9825 		ctl_get_opt_number(&lun->be_lun->options, "write_same_max_lba", &ival);
9826 		scsi_u64to8b(ival, bl_ptr->max_write_same_length);
9827 	}
9828 
9829 	ctl_set_success(ctsio);
9830 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9831 	ctsio->be_move_done = ctl_config_move_done;
9832 	ctl_datamove((union ctl_io *)ctsio);
9833 	return (CTL_RETVAL_COMPLETE);
9834 }
9835 
9836 static int
9837 ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9838 {
9839 	struct ctl_lun *lun = CTL_LUN(ctsio);
9840 	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9841 	const char *value;
9842 	u_int i;
9843 
9844 	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9845 	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9846 	ctsio->kern_sg_entries = 0;
9847 	ctsio->kern_rel_offset = 0;
9848 	ctsio->kern_data_len = min(sizeof(*bdc_ptr), alloc_len);
9849 	ctsio->kern_total_len = ctsio->kern_data_len;
9850 
9851 	/*
9852 	 * The control device is always connected.  The disk device, on the
9853 	 * other hand, may not be online all the time.  Need to change this
9854 	 * to figure out whether the disk device is actually online or not.
9855 	 */
9856 	if (lun != NULL)
9857 		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9858 				  lun->be_lun->lun_type;
9859 	else
9860 		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9861 	bdc_ptr->page_code = SVPD_BDC;
9862 	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9863 	if (lun != NULL &&
9864 	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9865 		i = strtol(value, NULL, 0);
9866 	else
9867 		i = CTL_DEFAULT_ROTATION_RATE;
9868 	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9869 	if (lun != NULL &&
9870 	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9871 		i = strtol(value, NULL, 0);
9872 	else
9873 		i = 0;
9874 	bdc_ptr->wab_wac_ff = (i & 0x0f);
9875 	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9876 
9877 	ctl_set_success(ctsio);
9878 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9879 	ctsio->be_move_done = ctl_config_move_done;
9880 	ctl_datamove((union ctl_io *)ctsio);
9881 	return (CTL_RETVAL_COMPLETE);
9882 }
9883 
9884 static int
9885 ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9886 {
9887 	struct ctl_lun *lun = CTL_LUN(ctsio);
9888 	struct scsi_vpd_logical_block_prov *lbp_ptr;
9889 	const char *value;
9890 
9891 	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9892 	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9893 	ctsio->kern_sg_entries = 0;
9894 	ctsio->kern_rel_offset = 0;
9895 	ctsio->kern_data_len = min(sizeof(*lbp_ptr), alloc_len);
9896 	ctsio->kern_total_len = ctsio->kern_data_len;
9897 
9898 	/*
9899 	 * The control device is always connected.  The disk device, on the
9900 	 * other hand, may not be online all the time.  Need to change this
9901 	 * to figure out whether the disk device is actually online or not.
9902 	 */
9903 	if (lun != NULL)
9904 		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9905 				  lun->be_lun->lun_type;
9906 	else
9907 		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9908 
9909 	lbp_ptr->page_code = SVPD_LBP;
9910 	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9911 	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9912 	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9913 		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9914 		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9915 		value = ctl_get_opt(&lun->be_lun->options, "provisioning_type");
9916 		if (value != NULL) {
9917 			if (strcmp(value, "resource") == 0)
9918 				lbp_ptr->prov_type = SVPD_LBP_RESOURCE;
9919 			else if (strcmp(value, "thin") == 0)
9920 				lbp_ptr->prov_type = SVPD_LBP_THIN;
9921 		} else
9922 			lbp_ptr->prov_type = SVPD_LBP_THIN;
9923 	}
9924 
9925 	ctl_set_success(ctsio);
9926 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9927 	ctsio->be_move_done = ctl_config_move_done;
9928 	ctl_datamove((union ctl_io *)ctsio);
9929 	return (CTL_RETVAL_COMPLETE);
9930 }
9931 
9932 /*
9933  * INQUIRY with the EVPD bit set.
9934  */
9935 static int
9936 ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9937 {
9938 	struct ctl_lun *lun = CTL_LUN(ctsio);
9939 	struct scsi_inquiry *cdb;
9940 	int alloc_len, retval;
9941 
9942 	cdb = (struct scsi_inquiry *)ctsio->cdb;
9943 	alloc_len = scsi_2btoul(cdb->length);
9944 
9945 	switch (cdb->page_code) {
9946 	case SVPD_SUPPORTED_PAGES:
9947 		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9948 		break;
9949 	case SVPD_UNIT_SERIAL_NUMBER:
9950 		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9951 		break;
9952 	case SVPD_DEVICE_ID:
9953 		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9954 		break;
9955 	case SVPD_EXTENDED_INQUIRY_DATA:
9956 		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9957 		break;
9958 	case SVPD_MODE_PAGE_POLICY:
9959 		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9960 		break;
9961 	case SVPD_SCSI_PORTS:
9962 		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9963 		break;
9964 	case SVPD_SCSI_TPC:
9965 		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9966 		break;
9967 	case SVPD_BLOCK_LIMITS:
9968 		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9969 			goto err;
9970 		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9971 		break;
9972 	case SVPD_BDC:
9973 		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9974 			goto err;
9975 		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
9976 		break;
9977 	case SVPD_LBP:
9978 		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9979 			goto err;
9980 		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9981 		break;
9982 	default:
9983 err:
9984 		ctl_set_invalid_field(ctsio,
9985 				      /*sks_valid*/ 1,
9986 				      /*command*/ 1,
9987 				      /*field*/ 2,
9988 				      /*bit_valid*/ 0,
9989 				      /*bit*/ 0);
9990 		ctl_done((union ctl_io *)ctsio);
9991 		retval = CTL_RETVAL_COMPLETE;
9992 		break;
9993 	}
9994 
9995 	return (retval);
9996 }
9997 
9998 /*
9999  * Standard INQUIRY data.
10000  */
10001 static int
10002 ctl_inquiry_std(struct ctl_scsiio *ctsio)
10003 {
10004 	struct ctl_softc *softc = CTL_SOFTC(ctsio);
10005 	struct ctl_port *port = CTL_PORT(ctsio);
10006 	struct ctl_lun *lun = CTL_LUN(ctsio);
10007 	struct scsi_inquiry_data *inq_ptr;
10008 	struct scsi_inquiry *cdb;
10009 	char *val;
10010 	uint32_t alloc_len, data_len;
10011 	ctl_port_type port_type;
10012 
10013 	port_type = port->port_type;
10014 	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10015 		port_type = CTL_PORT_SCSI;
10016 
10017 	cdb = (struct scsi_inquiry *)ctsio->cdb;
10018 	alloc_len = scsi_2btoul(cdb->length);
10019 
10020 	/*
10021 	 * We malloc the full inquiry data size here and fill it
10022 	 * in.  If the user only asks for less, we'll give him
10023 	 * that much.
10024 	 */
10025 	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10026 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10027 	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10028 	ctsio->kern_sg_entries = 0;
10029 	ctsio->kern_rel_offset = 0;
10030 	ctsio->kern_data_len = min(data_len, alloc_len);
10031 	ctsio->kern_total_len = ctsio->kern_data_len;
10032 
10033 	if (lun != NULL) {
10034 		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10035 		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10036 			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10037 			    lun->be_lun->lun_type;
10038 		} else {
10039 			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10040 			    lun->be_lun->lun_type;
10041 		}
10042 		if (lun->flags & CTL_LUN_REMOVABLE)
10043 			inq_ptr->dev_qual2 |= SID_RMB;
10044 	} else
10045 		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10046 
10047 	/* RMB in byte 2 is 0 */
10048 	inq_ptr->version = SCSI_REV_SPC5;
10049 
10050 	/*
10051 	 * According to SAM-3, even if a device only supports a single
10052 	 * level of LUN addressing, it should still set the HISUP bit:
10053 	 *
10054 	 * 4.9.1 Logical unit numbers overview
10055 	 *
10056 	 * All logical unit number formats described in this standard are
10057 	 * hierarchical in structure even when only a single level in that
10058 	 * hierarchy is used. The HISUP bit shall be set to one in the
10059 	 * standard INQUIRY data (see SPC-2) when any logical unit number
10060 	 * format described in this standard is used.  Non-hierarchical
10061 	 * formats are outside the scope of this standard.
10062 	 *
10063 	 * Therefore we set the HiSup bit here.
10064 	 *
10065 	 * The response format is 2, per SPC-3.
10066 	 */
10067 	inq_ptr->response_format = SID_HiSup | 2;
10068 
10069 	inq_ptr->additional_length = data_len -
10070 	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10071 	CTL_DEBUG_PRINT(("additional_length = %d\n",
10072 			 inq_ptr->additional_length));
10073 
10074 	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10075 	if (port_type == CTL_PORT_SCSI)
10076 		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10077 	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10078 	inq_ptr->flags = SID_CmdQue;
10079 	if (port_type == CTL_PORT_SCSI)
10080 		inq_ptr->flags |= SID_WBus16 | SID_Sync;
10081 
10082 	/*
10083 	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10084 	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10085 	 * name and 4 bytes for the revision.
10086 	 */
10087 	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10088 	    "vendor")) == NULL) {
10089 		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10090 	} else {
10091 		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10092 		strncpy(inq_ptr->vendor, val,
10093 		    min(sizeof(inq_ptr->vendor), strlen(val)));
10094 	}
10095 	if (lun == NULL) {
10096 		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10097 		    sizeof(inq_ptr->product));
10098 	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10099 		switch (lun->be_lun->lun_type) {
10100 		case T_DIRECT:
10101 			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10102 			    sizeof(inq_ptr->product));
10103 			break;
10104 		case T_PROCESSOR:
10105 			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10106 			    sizeof(inq_ptr->product));
10107 			break;
10108 		case T_CDROM:
10109 			strncpy(inq_ptr->product, CTL_CDROM_PRODUCT,
10110 			    sizeof(inq_ptr->product));
10111 			break;
10112 		default:
10113 			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10114 			    sizeof(inq_ptr->product));
10115 			break;
10116 		}
10117 	} else {
10118 		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10119 		strncpy(inq_ptr->product, val,
10120 		    min(sizeof(inq_ptr->product), strlen(val)));
10121 	}
10122 
10123 	/*
10124 	 * XXX make this a macro somewhere so it automatically gets
10125 	 * incremented when we make changes.
10126 	 */
10127 	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10128 	    "revision")) == NULL) {
10129 		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10130 	} else {
10131 		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10132 		strncpy(inq_ptr->revision, val,
10133 		    min(sizeof(inq_ptr->revision), strlen(val)));
10134 	}
10135 
10136 	/*
10137 	 * For parallel SCSI, we support double transition and single
10138 	 * transition clocking.  We also support QAS (Quick Arbitration
10139 	 * and Selection) and Information Unit transfers on both the
10140 	 * control and array devices.
10141 	 */
10142 	if (port_type == CTL_PORT_SCSI)
10143 		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10144 				    SID_SPI_IUS;
10145 
10146 	/* SAM-6 (no version claimed) */
10147 	scsi_ulto2b(0x00C0, inq_ptr->version1);
10148 	/* SPC-5 (no version claimed) */
10149 	scsi_ulto2b(0x05C0, inq_ptr->version2);
10150 	if (port_type == CTL_PORT_FC) {
10151 		/* FCP-2 ANSI INCITS.350:2003 */
10152 		scsi_ulto2b(0x0917, inq_ptr->version3);
10153 	} else if (port_type == CTL_PORT_SCSI) {
10154 		/* SPI-4 ANSI INCITS.362:200x */
10155 		scsi_ulto2b(0x0B56, inq_ptr->version3);
10156 	} else if (port_type == CTL_PORT_ISCSI) {
10157 		/* iSCSI (no version claimed) */
10158 		scsi_ulto2b(0x0960, inq_ptr->version3);
10159 	} else if (port_type == CTL_PORT_SAS) {
10160 		/* SAS (no version claimed) */
10161 		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10162 	} else if (port_type == CTL_PORT_UMASS) {
10163 		/* USB Mass Storage Class Bulk-Only Transport, Revision 1.0 */
10164 		scsi_ulto2b(0x1730, inq_ptr->version3);
10165 	}
10166 
10167 	if (lun == NULL) {
10168 		/* SBC-4 (no version claimed) */
10169 		scsi_ulto2b(0x0600, inq_ptr->version4);
10170 	} else {
10171 		switch (lun->be_lun->lun_type) {
10172 		case T_DIRECT:
10173 			/* SBC-4 (no version claimed) */
10174 			scsi_ulto2b(0x0600, inq_ptr->version4);
10175 			break;
10176 		case T_PROCESSOR:
10177 			break;
10178 		case T_CDROM:
10179 			/* MMC-6 (no version claimed) */
10180 			scsi_ulto2b(0x04E0, inq_ptr->version4);
10181 			break;
10182 		default:
10183 			break;
10184 		}
10185 	}
10186 
10187 	ctl_set_success(ctsio);
10188 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10189 	ctsio->be_move_done = ctl_config_move_done;
10190 	ctl_datamove((union ctl_io *)ctsio);
10191 	return (CTL_RETVAL_COMPLETE);
10192 }
10193 
10194 int
10195 ctl_inquiry(struct ctl_scsiio *ctsio)
10196 {
10197 	struct scsi_inquiry *cdb;
10198 	int retval;
10199 
10200 	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10201 
10202 	cdb = (struct scsi_inquiry *)ctsio->cdb;
10203 	if (cdb->byte2 & SI_EVPD)
10204 		retval = ctl_inquiry_evpd(ctsio);
10205 	else if (cdb->page_code == 0)
10206 		retval = ctl_inquiry_std(ctsio);
10207 	else {
10208 		ctl_set_invalid_field(ctsio,
10209 				      /*sks_valid*/ 1,
10210 				      /*command*/ 1,
10211 				      /*field*/ 2,
10212 				      /*bit_valid*/ 0,
10213 				      /*bit*/ 0);
10214 		ctl_done((union ctl_io *)ctsio);
10215 		return (CTL_RETVAL_COMPLETE);
10216 	}
10217 
10218 	return (retval);
10219 }
10220 
10221 int
10222 ctl_get_config(struct ctl_scsiio *ctsio)
10223 {
10224 	struct ctl_lun *lun = CTL_LUN(ctsio);
10225 	struct scsi_get_config_header *hdr;
10226 	struct scsi_get_config_feature *feature;
10227 	struct scsi_get_config *cdb;
10228 	uint32_t alloc_len, data_len;
10229 	int rt, starting;
10230 
10231 	cdb = (struct scsi_get_config *)ctsio->cdb;
10232 	rt = (cdb->rt & SGC_RT_MASK);
10233 	starting = scsi_2btoul(cdb->starting_feature);
10234 	alloc_len = scsi_2btoul(cdb->length);
10235 
10236 	data_len = sizeof(struct scsi_get_config_header) +
10237 	    sizeof(struct scsi_get_config_feature) + 8 +
10238 	    sizeof(struct scsi_get_config_feature) + 8 +
10239 	    sizeof(struct scsi_get_config_feature) + 4 +
10240 	    sizeof(struct scsi_get_config_feature) + 4 +
10241 	    sizeof(struct scsi_get_config_feature) + 8 +
10242 	    sizeof(struct scsi_get_config_feature) +
10243 	    sizeof(struct scsi_get_config_feature) + 4 +
10244 	    sizeof(struct scsi_get_config_feature) + 4 +
10245 	    sizeof(struct scsi_get_config_feature) + 4 +
10246 	    sizeof(struct scsi_get_config_feature) + 4 +
10247 	    sizeof(struct scsi_get_config_feature) + 4 +
10248 	    sizeof(struct scsi_get_config_feature) + 4;
10249 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10250 	ctsio->kern_sg_entries = 0;
10251 	ctsio->kern_rel_offset = 0;
10252 
10253 	hdr = (struct scsi_get_config_header *)ctsio->kern_data_ptr;
10254 	if (lun->flags & CTL_LUN_NO_MEDIA)
10255 		scsi_ulto2b(0x0000, hdr->current_profile);
10256 	else
10257 		scsi_ulto2b(0x0010, hdr->current_profile);
10258 	feature = (struct scsi_get_config_feature *)(hdr + 1);
10259 
10260 	if (starting > 0x003b)
10261 		goto done;
10262 	if (starting > 0x003a)
10263 		goto f3b;
10264 	if (starting > 0x002b)
10265 		goto f3a;
10266 	if (starting > 0x002a)
10267 		goto f2b;
10268 	if (starting > 0x001f)
10269 		goto f2a;
10270 	if (starting > 0x001e)
10271 		goto f1f;
10272 	if (starting > 0x001d)
10273 		goto f1e;
10274 	if (starting > 0x0010)
10275 		goto f1d;
10276 	if (starting > 0x0003)
10277 		goto f10;
10278 	if (starting > 0x0002)
10279 		goto f3;
10280 	if (starting > 0x0001)
10281 		goto f2;
10282 	if (starting > 0x0000)
10283 		goto f1;
10284 
10285 	/* Profile List */
10286 	scsi_ulto2b(0x0000, feature->feature_code);
10287 	feature->flags = SGC_F_PERSISTENT | SGC_F_CURRENT;
10288 	feature->add_length = 8;
10289 	scsi_ulto2b(0x0008, &feature->feature_data[0]);	/* CD-ROM */
10290 	feature->feature_data[2] = 0x00;
10291 	scsi_ulto2b(0x0010, &feature->feature_data[4]);	/* DVD-ROM */
10292 	feature->feature_data[6] = 0x01;
10293 	feature = (struct scsi_get_config_feature *)
10294 	    &feature->feature_data[feature->add_length];
10295 
10296 f1:	/* Core */
10297 	scsi_ulto2b(0x0001, feature->feature_code);
10298 	feature->flags = 0x08 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10299 	feature->add_length = 8;
10300 	scsi_ulto4b(0x00000000, &feature->feature_data[0]);
10301 	feature->feature_data[4] = 0x03;
10302 	feature = (struct scsi_get_config_feature *)
10303 	    &feature->feature_data[feature->add_length];
10304 
10305 f2:	/* Morphing */
10306 	scsi_ulto2b(0x0002, feature->feature_code);
10307 	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10308 	feature->add_length = 4;
10309 	feature->feature_data[0] = 0x02;
10310 	feature = (struct scsi_get_config_feature *)
10311 	    &feature->feature_data[feature->add_length];
10312 
10313 f3:	/* Removable Medium */
10314 	scsi_ulto2b(0x0003, feature->feature_code);
10315 	feature->flags = 0x04 | SGC_F_PERSISTENT | SGC_F_CURRENT;
10316 	feature->add_length = 4;
10317 	feature->feature_data[0] = 0x39;
10318 	feature = (struct scsi_get_config_feature *)
10319 	    &feature->feature_data[feature->add_length];
10320 
10321 	if (rt == SGC_RT_CURRENT && (lun->flags & CTL_LUN_NO_MEDIA))
10322 		goto done;
10323 
10324 f10:	/* Random Read */
10325 	scsi_ulto2b(0x0010, feature->feature_code);
10326 	feature->flags = 0x00;
10327 	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10328 		feature->flags |= SGC_F_CURRENT;
10329 	feature->add_length = 8;
10330 	scsi_ulto4b(lun->be_lun->blocksize, &feature->feature_data[0]);
10331 	scsi_ulto2b(1, &feature->feature_data[4]);
10332 	feature->feature_data[6] = 0x00;
10333 	feature = (struct scsi_get_config_feature *)
10334 	    &feature->feature_data[feature->add_length];
10335 
10336 f1d:	/* Multi-Read */
10337 	scsi_ulto2b(0x001D, feature->feature_code);
10338 	feature->flags = 0x00;
10339 	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10340 		feature->flags |= SGC_F_CURRENT;
10341 	feature->add_length = 0;
10342 	feature = (struct scsi_get_config_feature *)
10343 	    &feature->feature_data[feature->add_length];
10344 
10345 f1e:	/* CD Read */
10346 	scsi_ulto2b(0x001E, feature->feature_code);
10347 	feature->flags = 0x00;
10348 	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10349 		feature->flags |= SGC_F_CURRENT;
10350 	feature->add_length = 4;
10351 	feature->feature_data[0] = 0x00;
10352 	feature = (struct scsi_get_config_feature *)
10353 	    &feature->feature_data[feature->add_length];
10354 
10355 f1f:	/* DVD Read */
10356 	scsi_ulto2b(0x001F, feature->feature_code);
10357 	feature->flags = 0x08;
10358 	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10359 		feature->flags |= SGC_F_CURRENT;
10360 	feature->add_length = 4;
10361 	feature->feature_data[0] = 0x01;
10362 	feature->feature_data[2] = 0x03;
10363 	feature = (struct scsi_get_config_feature *)
10364 	    &feature->feature_data[feature->add_length];
10365 
10366 f2a:	/* DVD+RW */
10367 	scsi_ulto2b(0x002A, feature->feature_code);
10368 	feature->flags = 0x04;
10369 	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10370 		feature->flags |= SGC_F_CURRENT;
10371 	feature->add_length = 4;
10372 	feature->feature_data[0] = 0x00;
10373 	feature->feature_data[1] = 0x00;
10374 	feature = (struct scsi_get_config_feature *)
10375 	    &feature->feature_data[feature->add_length];
10376 
10377 f2b:	/* DVD+R */
10378 	scsi_ulto2b(0x002B, feature->feature_code);
10379 	feature->flags = 0x00;
10380 	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10381 		feature->flags |= SGC_F_CURRENT;
10382 	feature->add_length = 4;
10383 	feature->feature_data[0] = 0x00;
10384 	feature = (struct scsi_get_config_feature *)
10385 	    &feature->feature_data[feature->add_length];
10386 
10387 f3a:	/* DVD+RW Dual Layer */
10388 	scsi_ulto2b(0x003A, feature->feature_code);
10389 	feature->flags = 0x00;
10390 	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10391 		feature->flags |= SGC_F_CURRENT;
10392 	feature->add_length = 4;
10393 	feature->feature_data[0] = 0x00;
10394 	feature->feature_data[1] = 0x00;
10395 	feature = (struct scsi_get_config_feature *)
10396 	    &feature->feature_data[feature->add_length];
10397 
10398 f3b:	/* DVD+R Dual Layer */
10399 	scsi_ulto2b(0x003B, feature->feature_code);
10400 	feature->flags = 0x00;
10401 	if ((lun->flags & CTL_LUN_NO_MEDIA) == 0)
10402 		feature->flags |= SGC_F_CURRENT;
10403 	feature->add_length = 4;
10404 	feature->feature_data[0] = 0x00;
10405 	feature = (struct scsi_get_config_feature *)
10406 	    &feature->feature_data[feature->add_length];
10407 
10408 done:
10409 	data_len = (uint8_t *)feature - (uint8_t *)hdr;
10410 	if (rt == SGC_RT_SPECIFIC && data_len > 4) {
10411 		feature = (struct scsi_get_config_feature *)(hdr + 1);
10412 		if (scsi_2btoul(feature->feature_code) == starting)
10413 			feature = (struct scsi_get_config_feature *)
10414 			    &feature->feature_data[feature->add_length];
10415 		data_len = (uint8_t *)feature - (uint8_t *)hdr;
10416 	}
10417 	scsi_ulto4b(data_len - 4, hdr->data_length);
10418 	ctsio->kern_data_len = min(data_len, alloc_len);
10419 	ctsio->kern_total_len = ctsio->kern_data_len;
10420 
10421 	ctl_set_success(ctsio);
10422 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10423 	ctsio->be_move_done = ctl_config_move_done;
10424 	ctl_datamove((union ctl_io *)ctsio);
10425 	return (CTL_RETVAL_COMPLETE);
10426 }
10427 
10428 int
10429 ctl_get_event_status(struct ctl_scsiio *ctsio)
10430 {
10431 	struct scsi_get_event_status_header *hdr;
10432 	struct scsi_get_event_status *cdb;
10433 	uint32_t alloc_len, data_len;
10434 	int notif_class;
10435 
10436 	cdb = (struct scsi_get_event_status *)ctsio->cdb;
10437 	if ((cdb->byte2 & SGESN_POLLED) == 0) {
10438 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
10439 		    /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
10440 		ctl_done((union ctl_io *)ctsio);
10441 		return (CTL_RETVAL_COMPLETE);
10442 	}
10443 	notif_class = cdb->notif_class;
10444 	alloc_len = scsi_2btoul(cdb->length);
10445 
10446 	data_len = sizeof(struct scsi_get_event_status_header);
10447 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10448 	ctsio->kern_sg_entries = 0;
10449 	ctsio->kern_rel_offset = 0;
10450 	ctsio->kern_data_len = min(data_len, alloc_len);
10451 	ctsio->kern_total_len = ctsio->kern_data_len;
10452 
10453 	hdr = (struct scsi_get_event_status_header *)ctsio->kern_data_ptr;
10454 	scsi_ulto2b(0, hdr->descr_length);
10455 	hdr->nea_class = SGESN_NEA;
10456 	hdr->supported_class = 0;
10457 
10458 	ctl_set_success(ctsio);
10459 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10460 	ctsio->be_move_done = ctl_config_move_done;
10461 	ctl_datamove((union ctl_io *)ctsio);
10462 	return (CTL_RETVAL_COMPLETE);
10463 }
10464 
10465 int
10466 ctl_mechanism_status(struct ctl_scsiio *ctsio)
10467 {
10468 	struct scsi_mechanism_status_header *hdr;
10469 	struct scsi_mechanism_status *cdb;
10470 	uint32_t alloc_len, data_len;
10471 
10472 	cdb = (struct scsi_mechanism_status *)ctsio->cdb;
10473 	alloc_len = scsi_2btoul(cdb->length);
10474 
10475 	data_len = sizeof(struct scsi_mechanism_status_header);
10476 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10477 	ctsio->kern_sg_entries = 0;
10478 	ctsio->kern_rel_offset = 0;
10479 	ctsio->kern_data_len = min(data_len, alloc_len);
10480 	ctsio->kern_total_len = ctsio->kern_data_len;
10481 
10482 	hdr = (struct scsi_mechanism_status_header *)ctsio->kern_data_ptr;
10483 	hdr->state1 = 0x00;
10484 	hdr->state2 = 0xe0;
10485 	scsi_ulto3b(0, hdr->lba);
10486 	hdr->slots_num = 0;
10487 	scsi_ulto2b(0, hdr->slots_length);
10488 
10489 	ctl_set_success(ctsio);
10490 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10491 	ctsio->be_move_done = ctl_config_move_done;
10492 	ctl_datamove((union ctl_io *)ctsio);
10493 	return (CTL_RETVAL_COMPLETE);
10494 }
10495 
10496 static void
10497 ctl_ultomsf(uint32_t lba, uint8_t *buf)
10498 {
10499 
10500 	lba += 150;
10501 	buf[0] = 0;
10502 	buf[1] = bin2bcd((lba / 75) / 60);
10503 	buf[2] = bin2bcd((lba / 75) % 60);
10504 	buf[3] = bin2bcd(lba % 75);
10505 }
10506 
10507 int
10508 ctl_read_toc(struct ctl_scsiio *ctsio)
10509 {
10510 	struct ctl_lun *lun = CTL_LUN(ctsio);
10511 	struct scsi_read_toc_hdr *hdr;
10512 	struct scsi_read_toc_type01_descr *descr;
10513 	struct scsi_read_toc *cdb;
10514 	uint32_t alloc_len, data_len;
10515 	int format, msf;
10516 
10517 	cdb = (struct scsi_read_toc *)ctsio->cdb;
10518 	msf = (cdb->byte2 & CD_MSF) != 0;
10519 	format = cdb->format;
10520 	alloc_len = scsi_2btoul(cdb->data_len);
10521 
10522 	data_len = sizeof(struct scsi_read_toc_hdr);
10523 	if (format == 0)
10524 		data_len += 2 * sizeof(struct scsi_read_toc_type01_descr);
10525 	else
10526 		data_len += sizeof(struct scsi_read_toc_type01_descr);
10527 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10528 	ctsio->kern_sg_entries = 0;
10529 	ctsio->kern_rel_offset = 0;
10530 	ctsio->kern_data_len = min(data_len, alloc_len);
10531 	ctsio->kern_total_len = ctsio->kern_data_len;
10532 
10533 	hdr = (struct scsi_read_toc_hdr *)ctsio->kern_data_ptr;
10534 	if (format == 0) {
10535 		scsi_ulto2b(0x12, hdr->data_length);
10536 		hdr->first = 1;
10537 		hdr->last = 1;
10538 		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10539 		descr->addr_ctl = 0x14;
10540 		descr->track_number = 1;
10541 		if (msf)
10542 			ctl_ultomsf(0, descr->track_start);
10543 		else
10544 			scsi_ulto4b(0, descr->track_start);
10545 		descr++;
10546 		descr->addr_ctl = 0x14;
10547 		descr->track_number = 0xaa;
10548 		if (msf)
10549 			ctl_ultomsf(lun->be_lun->maxlba+1, descr->track_start);
10550 		else
10551 			scsi_ulto4b(lun->be_lun->maxlba+1, descr->track_start);
10552 	} else {
10553 		scsi_ulto2b(0x0a, hdr->data_length);
10554 		hdr->first = 1;
10555 		hdr->last = 1;
10556 		descr = (struct scsi_read_toc_type01_descr *)(hdr + 1);
10557 		descr->addr_ctl = 0x14;
10558 		descr->track_number = 1;
10559 		if (msf)
10560 			ctl_ultomsf(0, descr->track_start);
10561 		else
10562 			scsi_ulto4b(0, descr->track_start);
10563 	}
10564 
10565 	ctl_set_success(ctsio);
10566 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10567 	ctsio->be_move_done = ctl_config_move_done;
10568 	ctl_datamove((union ctl_io *)ctsio);
10569 	return (CTL_RETVAL_COMPLETE);
10570 }
10571 
10572 /*
10573  * For known CDB types, parse the LBA and length.
10574  */
10575 static int
10576 ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10577 {
10578 	if (io->io_hdr.io_type != CTL_IO_SCSI)
10579 		return (1);
10580 
10581 	switch (io->scsiio.cdb[0]) {
10582 	case COMPARE_AND_WRITE: {
10583 		struct scsi_compare_and_write *cdb;
10584 
10585 		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10586 
10587 		*lba = scsi_8btou64(cdb->addr);
10588 		*len = cdb->length;
10589 		break;
10590 	}
10591 	case READ_6:
10592 	case WRITE_6: {
10593 		struct scsi_rw_6 *cdb;
10594 
10595 		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10596 
10597 		*lba = scsi_3btoul(cdb->addr);
10598 		/* only 5 bits are valid in the most significant address byte */
10599 		*lba &= 0x1fffff;
10600 		*len = cdb->length;
10601 		break;
10602 	}
10603 	case READ_10:
10604 	case WRITE_10: {
10605 		struct scsi_rw_10 *cdb;
10606 
10607 		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10608 
10609 		*lba = scsi_4btoul(cdb->addr);
10610 		*len = scsi_2btoul(cdb->length);
10611 		break;
10612 	}
10613 	case WRITE_VERIFY_10: {
10614 		struct scsi_write_verify_10 *cdb;
10615 
10616 		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10617 
10618 		*lba = scsi_4btoul(cdb->addr);
10619 		*len = scsi_2btoul(cdb->length);
10620 		break;
10621 	}
10622 	case READ_12:
10623 	case WRITE_12: {
10624 		struct scsi_rw_12 *cdb;
10625 
10626 		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10627 
10628 		*lba = scsi_4btoul(cdb->addr);
10629 		*len = scsi_4btoul(cdb->length);
10630 		break;
10631 	}
10632 	case WRITE_VERIFY_12: {
10633 		struct scsi_write_verify_12 *cdb;
10634 
10635 		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10636 
10637 		*lba = scsi_4btoul(cdb->addr);
10638 		*len = scsi_4btoul(cdb->length);
10639 		break;
10640 	}
10641 	case READ_16:
10642 	case WRITE_16: {
10643 		struct scsi_rw_16 *cdb;
10644 
10645 		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10646 
10647 		*lba = scsi_8btou64(cdb->addr);
10648 		*len = scsi_4btoul(cdb->length);
10649 		break;
10650 	}
10651 	case WRITE_ATOMIC_16: {
10652 		struct scsi_write_atomic_16 *cdb;
10653 
10654 		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10655 
10656 		*lba = scsi_8btou64(cdb->addr);
10657 		*len = scsi_2btoul(cdb->length);
10658 		break;
10659 	}
10660 	case WRITE_VERIFY_16: {
10661 		struct scsi_write_verify_16 *cdb;
10662 
10663 		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10664 
10665 		*lba = scsi_8btou64(cdb->addr);
10666 		*len = scsi_4btoul(cdb->length);
10667 		break;
10668 	}
10669 	case WRITE_SAME_10: {
10670 		struct scsi_write_same_10 *cdb;
10671 
10672 		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10673 
10674 		*lba = scsi_4btoul(cdb->addr);
10675 		*len = scsi_2btoul(cdb->length);
10676 		break;
10677 	}
10678 	case WRITE_SAME_16: {
10679 		struct scsi_write_same_16 *cdb;
10680 
10681 		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10682 
10683 		*lba = scsi_8btou64(cdb->addr);
10684 		*len = scsi_4btoul(cdb->length);
10685 		break;
10686 	}
10687 	case VERIFY_10: {
10688 		struct scsi_verify_10 *cdb;
10689 
10690 		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10691 
10692 		*lba = scsi_4btoul(cdb->addr);
10693 		*len = scsi_2btoul(cdb->length);
10694 		break;
10695 	}
10696 	case VERIFY_12: {
10697 		struct scsi_verify_12 *cdb;
10698 
10699 		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10700 
10701 		*lba = scsi_4btoul(cdb->addr);
10702 		*len = scsi_4btoul(cdb->length);
10703 		break;
10704 	}
10705 	case VERIFY_16: {
10706 		struct scsi_verify_16 *cdb;
10707 
10708 		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10709 
10710 		*lba = scsi_8btou64(cdb->addr);
10711 		*len = scsi_4btoul(cdb->length);
10712 		break;
10713 	}
10714 	case UNMAP: {
10715 		*lba = 0;
10716 		*len = UINT64_MAX;
10717 		break;
10718 	}
10719 	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10720 		struct scsi_get_lba_status *cdb;
10721 
10722 		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10723 		*lba = scsi_8btou64(cdb->addr);
10724 		*len = UINT32_MAX;
10725 		break;
10726 	}
10727 	default:
10728 		return (1);
10729 		break; /* NOTREACHED */
10730 	}
10731 
10732 	return (0);
10733 }
10734 
10735 static ctl_action
10736 ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10737     bool seq)
10738 {
10739 	uint64_t endlba1, endlba2;
10740 
10741 	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10742 	endlba2 = lba2 + len2 - 1;
10743 
10744 	if ((endlba1 < lba2) || (endlba2 < lba1))
10745 		return (CTL_ACTION_PASS);
10746 	else
10747 		return (CTL_ACTION_BLOCK);
10748 }
10749 
10750 static int
10751 ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10752 {
10753 	struct ctl_ptr_len_flags *ptrlen;
10754 	struct scsi_unmap_desc *buf, *end, *range;
10755 	uint64_t lba;
10756 	uint32_t len;
10757 
10758 	/* If not UNMAP -- go other way. */
10759 	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10760 	    io->scsiio.cdb[0] != UNMAP)
10761 		return (CTL_ACTION_ERROR);
10762 
10763 	/* If UNMAP without data -- block and wait for data. */
10764 	ptrlen = (struct ctl_ptr_len_flags *)
10765 	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10766 	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10767 	    ptrlen->ptr == NULL)
10768 		return (CTL_ACTION_BLOCK);
10769 
10770 	/* UNMAP with data -- check for collision. */
10771 	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10772 	end = buf + ptrlen->len / sizeof(*buf);
10773 	for (range = buf; range < end; range++) {
10774 		lba = scsi_8btou64(range->lba);
10775 		len = scsi_4btoul(range->length);
10776 		if ((lba < lba2 + len2) && (lba + len > lba2))
10777 			return (CTL_ACTION_BLOCK);
10778 	}
10779 	return (CTL_ACTION_PASS);
10780 }
10781 
10782 static ctl_action
10783 ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10784 {
10785 	uint64_t lba1, lba2;
10786 	uint64_t len1, len2;
10787 	int retval;
10788 
10789 	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10790 		return (CTL_ACTION_ERROR);
10791 
10792 	retval = ctl_extent_check_unmap(io1, lba2, len2);
10793 	if (retval != CTL_ACTION_ERROR)
10794 		return (retval);
10795 
10796 	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10797 		return (CTL_ACTION_ERROR);
10798 
10799 	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10800 		seq = FALSE;
10801 	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10802 }
10803 
10804 static ctl_action
10805 ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10806 {
10807 	uint64_t lba1, lba2;
10808 	uint64_t len1, len2;
10809 
10810 	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10811 		return (CTL_ACTION_PASS);
10812 	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10813 		return (CTL_ACTION_ERROR);
10814 	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10815 		return (CTL_ACTION_ERROR);
10816 
10817 	if (lba1 + len1 == lba2)
10818 		return (CTL_ACTION_BLOCK);
10819 	return (CTL_ACTION_PASS);
10820 }
10821 
10822 static ctl_action
10823 ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10824     union ctl_io *ooa_io)
10825 {
10826 	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10827 	const ctl_serialize_action *serialize_row;
10828 
10829 	/*
10830 	 * The initiator attempted multiple untagged commands at the same
10831 	 * time.  Can't do that.
10832 	 */
10833 	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10834 	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10835 	 && ((pending_io->io_hdr.nexus.targ_port ==
10836 	      ooa_io->io_hdr.nexus.targ_port)
10837 	  && (pending_io->io_hdr.nexus.initid ==
10838 	      ooa_io->io_hdr.nexus.initid))
10839 	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10840 	      CTL_FLAG_STATUS_SENT)) == 0))
10841 		return (CTL_ACTION_OVERLAP);
10842 
10843 	/*
10844 	 * The initiator attempted to send multiple tagged commands with
10845 	 * the same ID.  (It's fine if different initiators have the same
10846 	 * tag ID.)
10847 	 *
10848 	 * Even if all of those conditions are true, we don't kill the I/O
10849 	 * if the command ahead of us has been aborted.  We won't end up
10850 	 * sending it to the FETD, and it's perfectly legal to resend a
10851 	 * command with the same tag number as long as the previous
10852 	 * instance of this tag number has been aborted somehow.
10853 	 */
10854 	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10855 	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10856 	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10857 	 && ((pending_io->io_hdr.nexus.targ_port ==
10858 	      ooa_io->io_hdr.nexus.targ_port)
10859 	  && (pending_io->io_hdr.nexus.initid ==
10860 	      ooa_io->io_hdr.nexus.initid))
10861 	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10862 	      CTL_FLAG_STATUS_SENT)) == 0))
10863 		return (CTL_ACTION_OVERLAP_TAG);
10864 
10865 	/*
10866 	 * If we get a head of queue tag, SAM-3 says that we should
10867 	 * immediately execute it.
10868 	 *
10869 	 * What happens if this command would normally block for some other
10870 	 * reason?  e.g. a request sense with a head of queue tag
10871 	 * immediately after a write.  Normally that would block, but this
10872 	 * will result in its getting executed immediately...
10873 	 *
10874 	 * We currently return "pass" instead of "skip", so we'll end up
10875 	 * going through the rest of the queue to check for overlapped tags.
10876 	 *
10877 	 * XXX KDM check for other types of blockage first??
10878 	 */
10879 	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10880 		return (CTL_ACTION_PASS);
10881 
10882 	/*
10883 	 * Ordered tags have to block until all items ahead of them
10884 	 * have completed.  If we get called with an ordered tag, we always
10885 	 * block, if something else is ahead of us in the queue.
10886 	 */
10887 	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10888 		return (CTL_ACTION_BLOCK);
10889 
10890 	/*
10891 	 * Simple tags get blocked until all head of queue and ordered tags
10892 	 * ahead of them have completed.  I'm lumping untagged commands in
10893 	 * with simple tags here.  XXX KDM is that the right thing to do?
10894 	 */
10895 	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10896 	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10897 	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10898 	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10899 		return (CTL_ACTION_BLOCK);
10900 
10901 	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10902 	KASSERT(pending_entry->seridx < CTL_SERIDX_COUNT,
10903 	    ("%s: Invalid seridx %d for pending CDB %02x %02x @ %p",
10904 	     __func__, pending_entry->seridx, pending_io->scsiio.cdb[0],
10905 	     pending_io->scsiio.cdb[1], pending_io));
10906 	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10907 	if (ooa_entry->seridx == CTL_SERIDX_INVLD)
10908 		return (CTL_ACTION_PASS); /* Unsupported command in OOA queue */
10909 	KASSERT(ooa_entry->seridx < CTL_SERIDX_COUNT,
10910 	    ("%s: Invalid seridx %d for ooa CDB %02x %02x @ %p",
10911 	     __func__, ooa_entry->seridx, ooa_io->scsiio.cdb[0],
10912 	     ooa_io->scsiio.cdb[1], ooa_io));
10913 
10914 	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10915 
10916 	switch (serialize_row[pending_entry->seridx]) {
10917 	case CTL_SER_BLOCK:
10918 		return (CTL_ACTION_BLOCK);
10919 	case CTL_SER_EXTENT:
10920 		return (ctl_extent_check(ooa_io, pending_io,
10921 		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10922 	case CTL_SER_EXTENTOPT:
10923 		if ((lun->MODE_CTRL.queue_flags & SCP_QUEUE_ALG_MASK) !=
10924 		    SCP_QUEUE_ALG_UNRESTRICTED)
10925 			return (ctl_extent_check(ooa_io, pending_io,
10926 			    (lun->be_lun &&
10927 			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10928 		return (CTL_ACTION_PASS);
10929 	case CTL_SER_EXTENTSEQ:
10930 		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10931 			return (ctl_extent_check_seq(ooa_io, pending_io));
10932 		return (CTL_ACTION_PASS);
10933 	case CTL_SER_PASS:
10934 		return (CTL_ACTION_PASS);
10935 	case CTL_SER_BLOCKOPT:
10936 		if ((lun->MODE_CTRL.queue_flags & SCP_QUEUE_ALG_MASK) !=
10937 		    SCP_QUEUE_ALG_UNRESTRICTED)
10938 			return (CTL_ACTION_BLOCK);
10939 		return (CTL_ACTION_PASS);
10940 	case CTL_SER_SKIP:
10941 		return (CTL_ACTION_SKIP);
10942 	default:
10943 		panic("%s: Invalid serialization value %d for %d => %d",
10944 		    __func__, serialize_row[pending_entry->seridx],
10945 		    pending_entry->seridx, ooa_entry->seridx);
10946 	}
10947 
10948 	return (CTL_ACTION_ERROR);
10949 }
10950 
10951 /*
10952  * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10953  * Assumptions:
10954  * - pending_io is generally either incoming, or on the blocked queue
10955  * - starting I/O is the I/O we want to start the check with.
10956  */
10957 static ctl_action
10958 ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10959 	      union ctl_io *starting_io)
10960 {
10961 	union ctl_io *ooa_io;
10962 	ctl_action action;
10963 
10964 	mtx_assert(&lun->lun_lock, MA_OWNED);
10965 
10966 	/*
10967 	 * Run back along the OOA queue, starting with the current
10968 	 * blocked I/O and going through every I/O before it on the
10969 	 * queue.  If starting_io is NULL, we'll just end up returning
10970 	 * CTL_ACTION_PASS.
10971 	 */
10972 	for (ooa_io = starting_io; ooa_io != NULL;
10973 	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10974 	     ooa_links)){
10975 
10976 		/*
10977 		 * This routine just checks to see whether
10978 		 * cur_blocked is blocked by ooa_io, which is ahead
10979 		 * of it in the queue.  It doesn't queue/dequeue
10980 		 * cur_blocked.
10981 		 */
10982 		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10983 		switch (action) {
10984 		case CTL_ACTION_BLOCK:
10985 		case CTL_ACTION_OVERLAP:
10986 		case CTL_ACTION_OVERLAP_TAG:
10987 		case CTL_ACTION_SKIP:
10988 		case CTL_ACTION_ERROR:
10989 			return (action);
10990 			break; /* NOTREACHED */
10991 		case CTL_ACTION_PASS:
10992 			break;
10993 		default:
10994 			panic("%s: Invalid action %d\n", __func__, action);
10995 		}
10996 	}
10997 
10998 	return (CTL_ACTION_PASS);
10999 }
11000 
11001 /*
11002  * Assumptions:
11003  * - An I/O has just completed, and has been removed from the per-LUN OOA
11004  *   queue, so some items on the blocked queue may now be unblocked.
11005  */
11006 static int
11007 ctl_check_blocked(struct ctl_lun *lun)
11008 {
11009 	struct ctl_softc *softc = lun->ctl_softc;
11010 	union ctl_io *cur_blocked, *next_blocked;
11011 
11012 	mtx_assert(&lun->lun_lock, MA_OWNED);
11013 
11014 	/*
11015 	 * Run forward from the head of the blocked queue, checking each
11016 	 * entry against the I/Os prior to it on the OOA queue to see if
11017 	 * there is still any blockage.
11018 	 *
11019 	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11020 	 * with our removing a variable on it while it is traversing the
11021 	 * list.
11022 	 */
11023 	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11024 	     cur_blocked != NULL; cur_blocked = next_blocked) {
11025 		union ctl_io *prev_ooa;
11026 		ctl_action action;
11027 
11028 		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11029 							  blocked_links);
11030 
11031 		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11032 						      ctl_ooaq, ooa_links);
11033 
11034 		/*
11035 		 * If cur_blocked happens to be the first item in the OOA
11036 		 * queue now, prev_ooa will be NULL, and the action
11037 		 * returned will just be CTL_ACTION_PASS.
11038 		 */
11039 		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11040 
11041 		switch (action) {
11042 		case CTL_ACTION_BLOCK:
11043 			/* Nothing to do here, still blocked */
11044 			break;
11045 		case CTL_ACTION_OVERLAP:
11046 		case CTL_ACTION_OVERLAP_TAG:
11047 			/*
11048 			 * This shouldn't happen!  In theory we've already
11049 			 * checked this command for overlap...
11050 			 */
11051 			break;
11052 		case CTL_ACTION_PASS:
11053 		case CTL_ACTION_SKIP: {
11054 			const struct ctl_cmd_entry *entry;
11055 
11056 			/*
11057 			 * The skip case shouldn't happen, this transaction
11058 			 * should have never made it onto the blocked queue.
11059 			 */
11060 			/*
11061 			 * This I/O is no longer blocked, we can remove it
11062 			 * from the blocked queue.  Since this is a TAILQ
11063 			 * (doubly linked list), we can do O(1) removals
11064 			 * from any place on the list.
11065 			 */
11066 			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11067 				     blocked_links);
11068 			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11069 
11070 			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
11071 			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
11072 				/*
11073 				 * Need to send IO back to original side to
11074 				 * run
11075 				 */
11076 				union ctl_ha_msg msg_info;
11077 
11078 				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11079 				msg_info.hdr.original_sc =
11080 					cur_blocked->io_hdr.original_sc;
11081 				msg_info.hdr.serializing_sc = cur_blocked;
11082 				msg_info.hdr.msg_type = CTL_MSG_R2R;
11083 				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11084 				    sizeof(msg_info.hdr), M_NOWAIT);
11085 				break;
11086 			}
11087 			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11088 
11089 			/*
11090 			 * Check this I/O for LUN state changes that may
11091 			 * have happened while this command was blocked.
11092 			 * The LUN state may have been changed by a command
11093 			 * ahead of us in the queue, so we need to re-check
11094 			 * for any states that can be caused by SCSI
11095 			 * commands.
11096 			 */
11097 			if (ctl_scsiio_lun_check(lun, entry,
11098 						 &cur_blocked->scsiio) == 0) {
11099 				cur_blocked->io_hdr.flags |=
11100 				                      CTL_FLAG_IS_WAS_ON_RTR;
11101 				ctl_enqueue_rtr(cur_blocked);
11102 			} else
11103 				ctl_done(cur_blocked);
11104 			break;
11105 		}
11106 		default:
11107 			/*
11108 			 * This probably shouldn't happen -- we shouldn't
11109 			 * get CTL_ACTION_ERROR, or anything else.
11110 			 */
11111 			break;
11112 		}
11113 	}
11114 
11115 	return (CTL_RETVAL_COMPLETE);
11116 }
11117 
11118 /*
11119  * This routine (with one exception) checks LUN flags that can be set by
11120  * commands ahead of us in the OOA queue.  These flags have to be checked
11121  * when a command initially comes in, and when we pull a command off the
11122  * blocked queue and are preparing to execute it.  The reason we have to
11123  * check these flags for commands on the blocked queue is that the LUN
11124  * state may have been changed by a command ahead of us while we're on the
11125  * blocked queue.
11126  *
11127  * Ordering is somewhat important with these checks, so please pay
11128  * careful attention to the placement of any new checks.
11129  */
11130 static int
11131 ctl_scsiio_lun_check(struct ctl_lun *lun,
11132     const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11133 {
11134 	struct ctl_softc *softc = lun->ctl_softc;
11135 	int retval;
11136 	uint32_t residx;
11137 
11138 	retval = 0;
11139 
11140 	mtx_assert(&lun->lun_lock, MA_OWNED);
11141 
11142 	/*
11143 	 * If this shelf is a secondary shelf controller, we may have to
11144 	 * reject some commands disallowed by HA mode and link state.
11145 	 */
11146 	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11147 		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11148 		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11149 			ctl_set_lun_unavail(ctsio);
11150 			retval = 1;
11151 			goto bailout;
11152 		}
11153 		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11154 		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11155 			ctl_set_lun_transit(ctsio);
11156 			retval = 1;
11157 			goto bailout;
11158 		}
11159 		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11160 		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11161 			ctl_set_lun_standby(ctsio);
11162 			retval = 1;
11163 			goto bailout;
11164 		}
11165 
11166 		/* The rest of checks are only done on executing side */
11167 		if (softc->ha_mode == CTL_HA_MODE_XFER)
11168 			goto bailout;
11169 	}
11170 
11171 	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11172 		if (lun->be_lun &&
11173 		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11174 			ctl_set_hw_write_protected(ctsio);
11175 			retval = 1;
11176 			goto bailout;
11177 		}
11178 		if ((lun->MODE_CTRL.eca_and_aen & SCP_SWP) != 0) {
11179 			ctl_set_sense(ctsio, /*current_error*/ 1,
11180 			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11181 			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11182 			retval = 1;
11183 			goto bailout;
11184 		}
11185 	}
11186 
11187 	/*
11188 	 * Check for a reservation conflict.  If this command isn't allowed
11189 	 * even on reserved LUNs, and if this initiator isn't the one who
11190 	 * reserved us, reject the command with a reservation conflict.
11191 	 */
11192 	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11193 	if ((lun->flags & CTL_LUN_RESERVED)
11194 	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11195 		if (lun->res_idx != residx) {
11196 			ctl_set_reservation_conflict(ctsio);
11197 			retval = 1;
11198 			goto bailout;
11199 		}
11200 	}
11201 
11202 	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11203 	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11204 		/* No reservation or command is allowed. */;
11205 	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11206 	    (lun->pr_res_type == SPR_TYPE_WR_EX ||
11207 	     lun->pr_res_type == SPR_TYPE_WR_EX_RO ||
11208 	     lun->pr_res_type == SPR_TYPE_WR_EX_AR)) {
11209 		/* The command is allowed for Write Exclusive resv. */;
11210 	} else {
11211 		/*
11212 		 * if we aren't registered or it's a res holder type
11213 		 * reservation and this isn't the res holder then set a
11214 		 * conflict.
11215 		 */
11216 		if (ctl_get_prkey(lun, residx) == 0 ||
11217 		    (residx != lun->pr_res_idx && lun->pr_res_type < 4)) {
11218 			ctl_set_reservation_conflict(ctsio);
11219 			retval = 1;
11220 			goto bailout;
11221 		}
11222 	}
11223 
11224 	if ((entry->flags & CTL_CMD_FLAG_OK_ON_NO_MEDIA) == 0) {
11225 		if (lun->flags & CTL_LUN_EJECTED)
11226 			ctl_set_lun_ejected(ctsio);
11227 		else if (lun->flags & CTL_LUN_NO_MEDIA) {
11228 			if (lun->flags & CTL_LUN_REMOVABLE)
11229 				ctl_set_lun_no_media(ctsio);
11230 			else
11231 				ctl_set_lun_int_reqd(ctsio);
11232 		} else if (lun->flags & CTL_LUN_STOPPED)
11233 			ctl_set_lun_stopped(ctsio);
11234 		else
11235 			goto bailout;
11236 		retval = 1;
11237 		goto bailout;
11238 	}
11239 
11240 bailout:
11241 	return (retval);
11242 }
11243 
11244 static void
11245 ctl_failover_io(union ctl_io *io, int have_lock)
11246 {
11247 	ctl_set_busy(&io->scsiio);
11248 	ctl_done(io);
11249 }
11250 
11251 static void
11252 ctl_failover_lun(union ctl_io *rio)
11253 {
11254 	struct ctl_softc *softc = CTL_SOFTC(rio);
11255 	struct ctl_lun *lun;
11256 	struct ctl_io_hdr *io, *next_io;
11257 	uint32_t targ_lun;
11258 
11259 	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
11260 	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
11261 
11262 	/* Find and lock the LUN. */
11263 	mtx_lock(&softc->ctl_lock);
11264 	if (targ_lun > ctl_max_luns ||
11265 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11266 		mtx_unlock(&softc->ctl_lock);
11267 		return;
11268 	}
11269 	mtx_lock(&lun->lun_lock);
11270 	mtx_unlock(&softc->ctl_lock);
11271 	if (lun->flags & CTL_LUN_DISABLED) {
11272 		mtx_unlock(&lun->lun_lock);
11273 		return;
11274 	}
11275 
11276 	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11277 		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11278 			/* We are master */
11279 			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11280 				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11281 					io->flags |= CTL_FLAG_ABORT;
11282 					io->flags |= CTL_FLAG_FAILOVER;
11283 				} else { /* This can be only due to DATAMOVE */
11284 					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11285 					io->flags &= ~CTL_FLAG_DMA_INPROG;
11286 					io->flags |= CTL_FLAG_IO_ACTIVE;
11287 					io->port_status = 31340;
11288 					ctl_enqueue_isc((union ctl_io *)io);
11289 				}
11290 			}
11291 			/* We are slave */
11292 			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11293 				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11294 				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11295 					io->flags |= CTL_FLAG_FAILOVER;
11296 				} else {
11297 					ctl_set_busy(&((union ctl_io *)io)->
11298 					    scsiio);
11299 					ctl_done((union ctl_io *)io);
11300 				}
11301 			}
11302 		}
11303 	} else { /* SERIALIZE modes */
11304 		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11305 		    next_io) {
11306 			/* We are master */
11307 			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11308 				TAILQ_REMOVE(&lun->blocked_queue, io,
11309 				    blocked_links);
11310 				io->flags &= ~CTL_FLAG_BLOCKED;
11311 				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11312 				ctl_free_io((union ctl_io *)io);
11313 			}
11314 		}
11315 		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11316 			/* We are master */
11317 			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11318 				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11319 				ctl_free_io((union ctl_io *)io);
11320 			}
11321 			/* We are slave */
11322 			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11323 				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11324 				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11325 					ctl_set_busy(&((union ctl_io *)io)->
11326 					    scsiio);
11327 					ctl_done((union ctl_io *)io);
11328 				}
11329 			}
11330 		}
11331 		ctl_check_blocked(lun);
11332 	}
11333 	mtx_unlock(&lun->lun_lock);
11334 }
11335 
11336 static int
11337 ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11338 {
11339 	struct ctl_lun *lun;
11340 	const struct ctl_cmd_entry *entry;
11341 	uint32_t initidx, targ_lun;
11342 	int retval = 0;
11343 
11344 	lun = NULL;
11345 	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11346 	if (targ_lun < ctl_max_luns)
11347 		lun = softc->ctl_luns[targ_lun];
11348 	if (lun) {
11349 		/*
11350 		 * If the LUN is invalid, pretend that it doesn't exist.
11351 		 * It will go away as soon as all pending I/O has been
11352 		 * completed.
11353 		 */
11354 		mtx_lock(&lun->lun_lock);
11355 		if (lun->flags & CTL_LUN_DISABLED) {
11356 			mtx_unlock(&lun->lun_lock);
11357 			lun = NULL;
11358 		}
11359 	}
11360 	CTL_LUN(ctsio) = lun;
11361 	if (lun) {
11362 		CTL_BACKEND_LUN(ctsio) = lun->be_lun;
11363 
11364 		/*
11365 		 * Every I/O goes into the OOA queue for a particular LUN,
11366 		 * and stays there until completion.
11367 		 */
11368 #ifdef CTL_TIME_IO
11369 		if (TAILQ_EMPTY(&lun->ooa_queue))
11370 			lun->idle_time += getsbinuptime() - lun->last_busy;
11371 #endif
11372 		TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
11373 	}
11374 
11375 	/* Get command entry and return error if it is unsuppotyed. */
11376 	entry = ctl_validate_command(ctsio);
11377 	if (entry == NULL) {
11378 		if (lun)
11379 			mtx_unlock(&lun->lun_lock);
11380 		return (retval);
11381 	}
11382 
11383 	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11384 	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11385 
11386 	/*
11387 	 * Check to see whether we can send this command to LUNs that don't
11388 	 * exist.  This should pretty much only be the case for inquiry
11389 	 * and request sense.  Further checks, below, really require having
11390 	 * a LUN, so we can't really check the command anymore.  Just put
11391 	 * it on the rtr queue.
11392 	 */
11393 	if (lun == NULL) {
11394 		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11395 			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11396 			ctl_enqueue_rtr((union ctl_io *)ctsio);
11397 			return (retval);
11398 		}
11399 
11400 		ctl_set_unsupported_lun(ctsio);
11401 		ctl_done((union ctl_io *)ctsio);
11402 		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11403 		return (retval);
11404 	} else {
11405 		/*
11406 		 * Make sure we support this particular command on this LUN.
11407 		 * e.g., we don't support writes to the control LUN.
11408 		 */
11409 		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11410 			mtx_unlock(&lun->lun_lock);
11411 			ctl_set_invalid_opcode(ctsio);
11412 			ctl_done((union ctl_io *)ctsio);
11413 			return (retval);
11414 		}
11415 	}
11416 
11417 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11418 
11419 	/*
11420 	 * If we've got a request sense, it'll clear the contingent
11421 	 * allegiance condition.  Otherwise, if we have a CA condition for
11422 	 * this initiator, clear it, because it sent down a command other
11423 	 * than request sense.
11424 	 */
11425 	if (ctsio->cdb[0] != REQUEST_SENSE) {
11426 		struct scsi_sense_data *ps;
11427 
11428 		ps = lun->pending_sense[initidx / CTL_MAX_INIT_PER_PORT];
11429 		if (ps != NULL)
11430 			ps[initidx % CTL_MAX_INIT_PER_PORT].error_code = 0;
11431 	}
11432 
11433 	/*
11434 	 * If the command has this flag set, it handles its own unit
11435 	 * attention reporting, we shouldn't do anything.  Otherwise we
11436 	 * check for any pending unit attentions, and send them back to the
11437 	 * initiator.  We only do this when a command initially comes in,
11438 	 * not when we pull it off the blocked queue.
11439 	 *
11440 	 * According to SAM-3, section 5.3.2, the order that things get
11441 	 * presented back to the host is basically unit attentions caused
11442 	 * by some sort of reset event, busy status, reservation conflicts
11443 	 * or task set full, and finally any other status.
11444 	 *
11445 	 * One issue here is that some of the unit attentions we report
11446 	 * don't fall into the "reset" category (e.g. "reported luns data
11447 	 * has changed").  So reporting it here, before the reservation
11448 	 * check, may be technically wrong.  I guess the only thing to do
11449 	 * would be to check for and report the reset events here, and then
11450 	 * check for the other unit attention types after we check for a
11451 	 * reservation conflict.
11452 	 *
11453 	 * XXX KDM need to fix this
11454 	 */
11455 	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11456 		ctl_ua_type ua_type;
11457 		u_int sense_len = 0;
11458 
11459 		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11460 		    &sense_len, SSD_TYPE_NONE);
11461 		if (ua_type != CTL_UA_NONE) {
11462 			mtx_unlock(&lun->lun_lock);
11463 			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11464 			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11465 			ctsio->sense_len = sense_len;
11466 			ctl_done((union ctl_io *)ctsio);
11467 			return (retval);
11468 		}
11469 	}
11470 
11471 
11472 	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11473 		mtx_unlock(&lun->lun_lock);
11474 		ctl_done((union ctl_io *)ctsio);
11475 		return (retval);
11476 	}
11477 
11478 	/*
11479 	 * XXX CHD this is where we want to send IO to other side if
11480 	 * this LUN is secondary on this SC. We will need to make a copy
11481 	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11482 	 * the copy we send as FROM_OTHER.
11483 	 * We also need to stuff the address of the original IO so we can
11484 	 * find it easily. Something similar will need be done on the other
11485 	 * side so when we are done we can find the copy.
11486 	 */
11487 	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11488 	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11489 	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11490 		union ctl_ha_msg msg_info;
11491 		int isc_retval;
11492 
11493 		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11494 		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11495 		mtx_unlock(&lun->lun_lock);
11496 
11497 		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11498 		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11499 		msg_info.hdr.serializing_sc = NULL;
11500 		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11501 		msg_info.scsi.tag_num = ctsio->tag_num;
11502 		msg_info.scsi.tag_type = ctsio->tag_type;
11503 		msg_info.scsi.cdb_len = ctsio->cdb_len;
11504 		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11505 
11506 		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11507 		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11508 		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11509 			ctl_set_busy(ctsio);
11510 			ctl_done((union ctl_io *)ctsio);
11511 			return (retval);
11512 		}
11513 		return (retval);
11514 	}
11515 
11516 	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11517 			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11518 			      ctl_ooaq, ooa_links))) {
11519 	case CTL_ACTION_BLOCK:
11520 		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11521 		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11522 				  blocked_links);
11523 		mtx_unlock(&lun->lun_lock);
11524 		return (retval);
11525 	case CTL_ACTION_PASS:
11526 	case CTL_ACTION_SKIP:
11527 		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11528 		mtx_unlock(&lun->lun_lock);
11529 		ctl_enqueue_rtr((union ctl_io *)ctsio);
11530 		break;
11531 	case CTL_ACTION_OVERLAP:
11532 		mtx_unlock(&lun->lun_lock);
11533 		ctl_set_overlapped_cmd(ctsio);
11534 		ctl_done((union ctl_io *)ctsio);
11535 		break;
11536 	case CTL_ACTION_OVERLAP_TAG:
11537 		mtx_unlock(&lun->lun_lock);
11538 		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11539 		ctl_done((union ctl_io *)ctsio);
11540 		break;
11541 	case CTL_ACTION_ERROR:
11542 	default:
11543 		mtx_unlock(&lun->lun_lock);
11544 		ctl_set_internal_failure(ctsio,
11545 					 /*sks_valid*/ 0,
11546 					 /*retry_count*/ 0);
11547 		ctl_done((union ctl_io *)ctsio);
11548 		break;
11549 	}
11550 	return (retval);
11551 }
11552 
11553 const struct ctl_cmd_entry *
11554 ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11555 {
11556 	const struct ctl_cmd_entry *entry;
11557 	int service_action;
11558 
11559 	entry = &ctl_cmd_table[ctsio->cdb[0]];
11560 	if (sa)
11561 		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11562 	if (entry->flags & CTL_CMD_FLAG_SA5) {
11563 		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11564 		entry = &((const struct ctl_cmd_entry *)
11565 		    entry->execute)[service_action];
11566 	}
11567 	return (entry);
11568 }
11569 
11570 const struct ctl_cmd_entry *
11571 ctl_validate_command(struct ctl_scsiio *ctsio)
11572 {
11573 	const struct ctl_cmd_entry *entry;
11574 	int i, sa;
11575 	uint8_t diff;
11576 
11577 	entry = ctl_get_cmd_entry(ctsio, &sa);
11578 	if (entry->execute == NULL) {
11579 		if (sa)
11580 			ctl_set_invalid_field(ctsio,
11581 					      /*sks_valid*/ 1,
11582 					      /*command*/ 1,
11583 					      /*field*/ 1,
11584 					      /*bit_valid*/ 1,
11585 					      /*bit*/ 4);
11586 		else
11587 			ctl_set_invalid_opcode(ctsio);
11588 		ctl_done((union ctl_io *)ctsio);
11589 		return (NULL);
11590 	}
11591 	KASSERT(entry->length > 0,
11592 	    ("Not defined length for command 0x%02x/0x%02x",
11593 	     ctsio->cdb[0], ctsio->cdb[1]));
11594 	for (i = 1; i < entry->length; i++) {
11595 		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11596 		if (diff == 0)
11597 			continue;
11598 		ctl_set_invalid_field(ctsio,
11599 				      /*sks_valid*/ 1,
11600 				      /*command*/ 1,
11601 				      /*field*/ i,
11602 				      /*bit_valid*/ 1,
11603 				      /*bit*/ fls(diff) - 1);
11604 		ctl_done((union ctl_io *)ctsio);
11605 		return (NULL);
11606 	}
11607 	return (entry);
11608 }
11609 
11610 static int
11611 ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11612 {
11613 
11614 	switch (lun_type) {
11615 	case T_DIRECT:
11616 		if ((entry->flags & CTL_CMD_FLAG_OK_ON_DIRECT) == 0)
11617 			return (0);
11618 		break;
11619 	case T_PROCESSOR:
11620 		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11621 			return (0);
11622 		break;
11623 	case T_CDROM:
11624 		if ((entry->flags & CTL_CMD_FLAG_OK_ON_CDROM) == 0)
11625 			return (0);
11626 		break;
11627 	default:
11628 		return (0);
11629 	}
11630 	return (1);
11631 }
11632 
11633 static int
11634 ctl_scsiio(struct ctl_scsiio *ctsio)
11635 {
11636 	int retval;
11637 	const struct ctl_cmd_entry *entry;
11638 
11639 	retval = CTL_RETVAL_COMPLETE;
11640 
11641 	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11642 
11643 	entry = ctl_get_cmd_entry(ctsio, NULL);
11644 
11645 	/*
11646 	 * If this I/O has been aborted, just send it straight to
11647 	 * ctl_done() without executing it.
11648 	 */
11649 	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11650 		ctl_done((union ctl_io *)ctsio);
11651 		goto bailout;
11652 	}
11653 
11654 	/*
11655 	 * All the checks should have been handled by ctl_scsiio_precheck().
11656 	 * We should be clear now to just execute the I/O.
11657 	 */
11658 	retval = entry->execute(ctsio);
11659 
11660 bailout:
11661 	return (retval);
11662 }
11663 
11664 static int
11665 ctl_target_reset(union ctl_io *io)
11666 {
11667 	struct ctl_softc *softc = CTL_SOFTC(io);
11668 	struct ctl_port *port = CTL_PORT(io);
11669 	struct ctl_lun *lun;
11670 	uint32_t initidx;
11671 	ctl_ua_type ua_type;
11672 
11673 	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11674 		union ctl_ha_msg msg_info;
11675 
11676 		msg_info.hdr.nexus = io->io_hdr.nexus;
11677 		msg_info.task.task_action = io->taskio.task_action;
11678 		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11679 		msg_info.hdr.original_sc = NULL;
11680 		msg_info.hdr.serializing_sc = NULL;
11681 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11682 		    sizeof(msg_info.task), M_WAITOK);
11683 	}
11684 
11685 	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11686 	if (io->taskio.task_action == CTL_TASK_TARGET_RESET)
11687 		ua_type = CTL_UA_TARG_RESET;
11688 	else
11689 		ua_type = CTL_UA_BUS_RESET;
11690 	mtx_lock(&softc->ctl_lock);
11691 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11692 		if (port != NULL &&
11693 		    ctl_lun_map_to_port(port, lun->lun) == UINT32_MAX)
11694 			continue;
11695 		ctl_do_lun_reset(lun, initidx, ua_type);
11696 	}
11697 	mtx_unlock(&softc->ctl_lock);
11698 	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11699 	return (0);
11700 }
11701 
11702 /*
11703  * The LUN should always be set.  The I/O is optional, and is used to
11704  * distinguish between I/Os sent by this initiator, and by other
11705  * initiators.  We set unit attention for initiators other than this one.
11706  * SAM-3 is vague on this point.  It does say that a unit attention should
11707  * be established for other initiators when a LUN is reset (see section
11708  * 5.7.3), but it doesn't specifically say that the unit attention should
11709  * be established for this particular initiator when a LUN is reset.  Here
11710  * is the relevant text, from SAM-3 rev 8:
11711  *
11712  * 5.7.2 When a SCSI initiator port aborts its own tasks
11713  *
11714  * When a SCSI initiator port causes its own task(s) to be aborted, no
11715  * notification that the task(s) have been aborted shall be returned to
11716  * the SCSI initiator port other than the completion response for the
11717  * command or task management function action that caused the task(s) to
11718  * be aborted and notification(s) associated with related effects of the
11719  * action (e.g., a reset unit attention condition).
11720  *
11721  * XXX KDM for now, we're setting unit attention for all initiators.
11722  */
11723 static void
11724 ctl_do_lun_reset(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua_type)
11725 {
11726 	union ctl_io *xio;
11727 	int i;
11728 
11729 	mtx_lock(&lun->lun_lock);
11730 	/* Abort tasks. */
11731 	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11732 	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11733 		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11734 	}
11735 	/* Clear CA. */
11736 	for (i = 0; i < ctl_max_ports; i++) {
11737 		free(lun->pending_sense[i], M_CTL);
11738 		lun->pending_sense[i] = NULL;
11739 	}
11740 	/* Clear reservation. */
11741 	lun->flags &= ~CTL_LUN_RESERVED;
11742 	/* Clear prevent media removal. */
11743 	if (lun->prevent) {
11744 		for (i = 0; i < CTL_MAX_INITIATORS; i++)
11745 			ctl_clear_mask(lun->prevent, i);
11746 		lun->prevent_count = 0;
11747 	}
11748 	/* Clear TPC status */
11749 	ctl_tpc_lun_clear(lun, -1);
11750 	/* Establish UA. */
11751 #if 0
11752 	ctl_est_ua_all(lun, initidx, ua_type);
11753 #else
11754 	ctl_est_ua_all(lun, -1, ua_type);
11755 #endif
11756 	mtx_unlock(&lun->lun_lock);
11757 }
11758 
11759 static int
11760 ctl_lun_reset(union ctl_io *io)
11761 {
11762 	struct ctl_softc *softc = CTL_SOFTC(io);
11763 	struct ctl_lun *lun;
11764 	uint32_t targ_lun, initidx;
11765 
11766 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11767 	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11768 	mtx_lock(&softc->ctl_lock);
11769 	if (targ_lun >= ctl_max_luns ||
11770 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11771 		mtx_unlock(&softc->ctl_lock);
11772 		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11773 		return (1);
11774 	}
11775 	ctl_do_lun_reset(lun, initidx, CTL_UA_LUN_RESET);
11776 	mtx_unlock(&softc->ctl_lock);
11777 	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11778 
11779 	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11780 		union ctl_ha_msg msg_info;
11781 
11782 		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11783 		msg_info.hdr.nexus = io->io_hdr.nexus;
11784 		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11785 		msg_info.hdr.original_sc = NULL;
11786 		msg_info.hdr.serializing_sc = NULL;
11787 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11788 		    sizeof(msg_info.task), M_WAITOK);
11789 	}
11790 	return (0);
11791 }
11792 
11793 static void
11794 ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11795     int other_sc)
11796 {
11797 	union ctl_io *xio;
11798 
11799 	mtx_assert(&lun->lun_lock, MA_OWNED);
11800 
11801 	/*
11802 	 * Run through the OOA queue and attempt to find the given I/O.
11803 	 * The target port, initiator ID, tag type and tag number have to
11804 	 * match the values that we got from the initiator.  If we have an
11805 	 * untagged command to abort, simply abort the first untagged command
11806 	 * we come to.  We only allow one untagged command at a time of course.
11807 	 */
11808 	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11809 	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11810 
11811 		if ((targ_port == UINT32_MAX ||
11812 		     targ_port == xio->io_hdr.nexus.targ_port) &&
11813 		    (init_id == UINT32_MAX ||
11814 		     init_id == xio->io_hdr.nexus.initid)) {
11815 			if (targ_port != xio->io_hdr.nexus.targ_port ||
11816 			    init_id != xio->io_hdr.nexus.initid)
11817 				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11818 			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11819 			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11820 				union ctl_ha_msg msg_info;
11821 
11822 				msg_info.hdr.nexus = xio->io_hdr.nexus;
11823 				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11824 				msg_info.task.tag_num = xio->scsiio.tag_num;
11825 				msg_info.task.tag_type = xio->scsiio.tag_type;
11826 				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11827 				msg_info.hdr.original_sc = NULL;
11828 				msg_info.hdr.serializing_sc = NULL;
11829 				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11830 				    sizeof(msg_info.task), M_NOWAIT);
11831 			}
11832 		}
11833 	}
11834 }
11835 
11836 static int
11837 ctl_abort_task_set(union ctl_io *io)
11838 {
11839 	struct ctl_softc *softc = CTL_SOFTC(io);
11840 	struct ctl_lun *lun;
11841 	uint32_t targ_lun;
11842 
11843 	/*
11844 	 * Look up the LUN.
11845 	 */
11846 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11847 	mtx_lock(&softc->ctl_lock);
11848 	if (targ_lun >= ctl_max_luns ||
11849 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11850 		mtx_unlock(&softc->ctl_lock);
11851 		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11852 		return (1);
11853 	}
11854 
11855 	mtx_lock(&lun->lun_lock);
11856 	mtx_unlock(&softc->ctl_lock);
11857 	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11858 		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11859 		    io->io_hdr.nexus.initid,
11860 		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11861 	} else { /* CTL_TASK_CLEAR_TASK_SET */
11862 		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11863 		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11864 	}
11865 	mtx_unlock(&lun->lun_lock);
11866 	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11867 	return (0);
11868 }
11869 
11870 static void
11871 ctl_i_t_nexus_loss(struct ctl_softc *softc, uint32_t initidx,
11872     ctl_ua_type ua_type)
11873 {
11874 	struct ctl_lun *lun;
11875 	struct scsi_sense_data *ps;
11876 	uint32_t p, i;
11877 
11878 	p = initidx / CTL_MAX_INIT_PER_PORT;
11879 	i = initidx % CTL_MAX_INIT_PER_PORT;
11880 	mtx_lock(&softc->ctl_lock);
11881 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11882 		mtx_lock(&lun->lun_lock);
11883 		/* Abort tasks. */
11884 		ctl_abort_tasks_lun(lun, p, i, 1);
11885 		/* Clear CA. */
11886 		ps = lun->pending_sense[p];
11887 		if (ps != NULL)
11888 			ps[i].error_code = 0;
11889 		/* Clear reservation. */
11890 		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11891 			lun->flags &= ~CTL_LUN_RESERVED;
11892 		/* Clear prevent media removal. */
11893 		if (lun->prevent && ctl_is_set(lun->prevent, initidx)) {
11894 			ctl_clear_mask(lun->prevent, initidx);
11895 			lun->prevent_count--;
11896 		}
11897 		/* Clear TPC status */
11898 		ctl_tpc_lun_clear(lun, initidx);
11899 		/* Establish UA. */
11900 		ctl_est_ua(lun, initidx, ua_type);
11901 		mtx_unlock(&lun->lun_lock);
11902 	}
11903 	mtx_unlock(&softc->ctl_lock);
11904 }
11905 
11906 static int
11907 ctl_i_t_nexus_reset(union ctl_io *io)
11908 {
11909 	struct ctl_softc *softc = CTL_SOFTC(io);
11910 	uint32_t initidx;
11911 
11912 	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11913 		union ctl_ha_msg msg_info;
11914 
11915 		msg_info.hdr.nexus = io->io_hdr.nexus;
11916 		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11917 		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11918 		msg_info.hdr.original_sc = NULL;
11919 		msg_info.hdr.serializing_sc = NULL;
11920 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11921 		    sizeof(msg_info.task), M_WAITOK);
11922 	}
11923 
11924 	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11925 	ctl_i_t_nexus_loss(softc, initidx, CTL_UA_I_T_NEXUS_LOSS);
11926 	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11927 	return (0);
11928 }
11929 
11930 static int
11931 ctl_abort_task(union ctl_io *io)
11932 {
11933 	struct ctl_softc *softc = CTL_SOFTC(io);
11934 	union ctl_io *xio;
11935 	struct ctl_lun *lun;
11936 #if 0
11937 	struct sbuf sb;
11938 	char printbuf[128];
11939 #endif
11940 	int found;
11941 	uint32_t targ_lun;
11942 
11943 	found = 0;
11944 
11945 	/*
11946 	 * Look up the LUN.
11947 	 */
11948 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11949 	mtx_lock(&softc->ctl_lock);
11950 	if (targ_lun >= ctl_max_luns ||
11951 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11952 		mtx_unlock(&softc->ctl_lock);
11953 		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11954 		return (1);
11955 	}
11956 
11957 #if 0
11958 	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11959 	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11960 #endif
11961 
11962 	mtx_lock(&lun->lun_lock);
11963 	mtx_unlock(&softc->ctl_lock);
11964 	/*
11965 	 * Run through the OOA queue and attempt to find the given I/O.
11966 	 * The target port, initiator ID, tag type and tag number have to
11967 	 * match the values that we got from the initiator.  If we have an
11968 	 * untagged command to abort, simply abort the first untagged command
11969 	 * we come to.  We only allow one untagged command at a time of course.
11970 	 */
11971 	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11972 	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11973 #if 0
11974 		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11975 
11976 		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11977 			    lun->lun, xio->scsiio.tag_num,
11978 			    xio->scsiio.tag_type,
11979 			    (xio->io_hdr.blocked_links.tqe_prev
11980 			    == NULL) ? "" : " BLOCKED",
11981 			    (xio->io_hdr.flags &
11982 			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11983 			    (xio->io_hdr.flags &
11984 			    CTL_FLAG_ABORT) ? " ABORT" : "",
11985 			    (xio->io_hdr.flags &
11986 			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11987 		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11988 		sbuf_finish(&sb);
11989 		printf("%s\n", sbuf_data(&sb));
11990 #endif
11991 
11992 		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11993 		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11994 		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11995 			continue;
11996 
11997 		/*
11998 		 * If the abort says that the task is untagged, the
11999 		 * task in the queue must be untagged.  Otherwise,
12000 		 * we just check to see whether the tag numbers
12001 		 * match.  This is because the QLogic firmware
12002 		 * doesn't pass back the tag type in an abort
12003 		 * request.
12004 		 */
12005 #if 0
12006 		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12007 		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12008 		 || (xio->scsiio.tag_num == io->taskio.tag_num))
12009 #endif
12010 		/*
12011 		 * XXX KDM we've got problems with FC, because it
12012 		 * doesn't send down a tag type with aborts.  So we
12013 		 * can only really go by the tag number...
12014 		 * This may cause problems with parallel SCSI.
12015 		 * Need to figure that out!!
12016 		 */
12017 		if (xio->scsiio.tag_num == io->taskio.tag_num) {
12018 			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12019 			found = 1;
12020 			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
12021 			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12022 				union ctl_ha_msg msg_info;
12023 
12024 				msg_info.hdr.nexus = io->io_hdr.nexus;
12025 				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12026 				msg_info.task.tag_num = io->taskio.tag_num;
12027 				msg_info.task.tag_type = io->taskio.tag_type;
12028 				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12029 				msg_info.hdr.original_sc = NULL;
12030 				msg_info.hdr.serializing_sc = NULL;
12031 #if 0
12032 				printf("Sent Abort to other side\n");
12033 #endif
12034 				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12035 				    sizeof(msg_info.task), M_NOWAIT);
12036 			}
12037 #if 0
12038 			printf("ctl_abort_task: found I/O to abort\n");
12039 #endif
12040 		}
12041 	}
12042 	mtx_unlock(&lun->lun_lock);
12043 
12044 	if (found == 0) {
12045 		/*
12046 		 * This isn't really an error.  It's entirely possible for
12047 		 * the abort and command completion to cross on the wire.
12048 		 * This is more of an informative/diagnostic error.
12049 		 */
12050 #if 0
12051 		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12052 		       "%u:%u:%u tag %d type %d\n",
12053 		       io->io_hdr.nexus.initid,
12054 		       io->io_hdr.nexus.targ_port,
12055 		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12056 		       io->taskio.tag_type);
12057 #endif
12058 	}
12059 	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12060 	return (0);
12061 }
12062 
12063 static int
12064 ctl_query_task(union ctl_io *io, int task_set)
12065 {
12066 	struct ctl_softc *softc = CTL_SOFTC(io);
12067 	union ctl_io *xio;
12068 	struct ctl_lun *lun;
12069 	int found = 0;
12070 	uint32_t targ_lun;
12071 
12072 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12073 	mtx_lock(&softc->ctl_lock);
12074 	if (targ_lun >= ctl_max_luns ||
12075 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12076 		mtx_unlock(&softc->ctl_lock);
12077 		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12078 		return (1);
12079 	}
12080 	mtx_lock(&lun->lun_lock);
12081 	mtx_unlock(&softc->ctl_lock);
12082 	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12083 	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12084 
12085 		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12086 		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12087 		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12088 			continue;
12089 
12090 		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12091 			found = 1;
12092 			break;
12093 		}
12094 	}
12095 	mtx_unlock(&lun->lun_lock);
12096 	if (found)
12097 		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12098 	else
12099 		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12100 	return (0);
12101 }
12102 
12103 static int
12104 ctl_query_async_event(union ctl_io *io)
12105 {
12106 	struct ctl_softc *softc = CTL_SOFTC(io);
12107 	struct ctl_lun *lun;
12108 	ctl_ua_type ua;
12109 	uint32_t targ_lun, initidx;
12110 
12111 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12112 	mtx_lock(&softc->ctl_lock);
12113 	if (targ_lun >= ctl_max_luns ||
12114 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12115 		mtx_unlock(&softc->ctl_lock);
12116 		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12117 		return (1);
12118 	}
12119 	mtx_lock(&lun->lun_lock);
12120 	mtx_unlock(&softc->ctl_lock);
12121 	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12122 	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12123 	mtx_unlock(&lun->lun_lock);
12124 	if (ua != CTL_UA_NONE)
12125 		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12126 	else
12127 		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12128 	return (0);
12129 }
12130 
12131 static void
12132 ctl_run_task(union ctl_io *io)
12133 {
12134 	int retval = 1;
12135 
12136 	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12137 	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12138 	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12139 	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12140 	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12141 	switch (io->taskio.task_action) {
12142 	case CTL_TASK_ABORT_TASK:
12143 		retval = ctl_abort_task(io);
12144 		break;
12145 	case CTL_TASK_ABORT_TASK_SET:
12146 	case CTL_TASK_CLEAR_TASK_SET:
12147 		retval = ctl_abort_task_set(io);
12148 		break;
12149 	case CTL_TASK_CLEAR_ACA:
12150 		break;
12151 	case CTL_TASK_I_T_NEXUS_RESET:
12152 		retval = ctl_i_t_nexus_reset(io);
12153 		break;
12154 	case CTL_TASK_LUN_RESET:
12155 		retval = ctl_lun_reset(io);
12156 		break;
12157 	case CTL_TASK_TARGET_RESET:
12158 	case CTL_TASK_BUS_RESET:
12159 		retval = ctl_target_reset(io);
12160 		break;
12161 	case CTL_TASK_PORT_LOGIN:
12162 		break;
12163 	case CTL_TASK_PORT_LOGOUT:
12164 		break;
12165 	case CTL_TASK_QUERY_TASK:
12166 		retval = ctl_query_task(io, 0);
12167 		break;
12168 	case CTL_TASK_QUERY_TASK_SET:
12169 		retval = ctl_query_task(io, 1);
12170 		break;
12171 	case CTL_TASK_QUERY_ASYNC_EVENT:
12172 		retval = ctl_query_async_event(io);
12173 		break;
12174 	default:
12175 		printf("%s: got unknown task management event %d\n",
12176 		       __func__, io->taskio.task_action);
12177 		break;
12178 	}
12179 	if (retval == 0)
12180 		io->io_hdr.status = CTL_SUCCESS;
12181 	else
12182 		io->io_hdr.status = CTL_ERROR;
12183 	ctl_done(io);
12184 }
12185 
12186 /*
12187  * For HA operation.  Handle commands that come in from the other
12188  * controller.
12189  */
12190 static void
12191 ctl_handle_isc(union ctl_io *io)
12192 {
12193 	struct ctl_softc *softc = CTL_SOFTC(io);
12194 	struct ctl_lun *lun;
12195 	const struct ctl_cmd_entry *entry;
12196 	uint32_t targ_lun;
12197 
12198 	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12199 	switch (io->io_hdr.msg_type) {
12200 	case CTL_MSG_SERIALIZE:
12201 		ctl_serialize_other_sc_cmd(&io->scsiio);
12202 		break;
12203 	case CTL_MSG_R2R:		/* Only used in SER_ONLY mode. */
12204 		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12205 		if (targ_lun >= ctl_max_luns ||
12206 		    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12207 			ctl_done(io);
12208 			break;
12209 		}
12210 		mtx_lock(&lun->lun_lock);
12211 		if (ctl_scsiio_lun_check(lun, entry, &io->scsiio) != 0) {
12212 			mtx_unlock(&lun->lun_lock);
12213 			ctl_done(io);
12214 			break;
12215 		}
12216 		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12217 		mtx_unlock(&lun->lun_lock);
12218 		ctl_enqueue_rtr(io);
12219 		break;
12220 	case CTL_MSG_FINISH_IO:
12221 		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12222 			ctl_done(io);
12223 			break;
12224 		}
12225 		if (targ_lun >= ctl_max_luns ||
12226 		    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12227 			ctl_free_io(io);
12228 			break;
12229 		}
12230 		mtx_lock(&lun->lun_lock);
12231 		TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12232 		ctl_check_blocked(lun);
12233 		mtx_unlock(&lun->lun_lock);
12234 		ctl_free_io(io);
12235 		break;
12236 	case CTL_MSG_PERS_ACTION:
12237 		ctl_hndl_per_res_out_on_other_sc(io);
12238 		ctl_free_io(io);
12239 		break;
12240 	case CTL_MSG_BAD_JUJU:
12241 		ctl_done(io);
12242 		break;
12243 	case CTL_MSG_DATAMOVE:		/* Only used in XFER mode */
12244 		ctl_datamove_remote(io);
12245 		break;
12246 	case CTL_MSG_DATAMOVE_DONE:	/* Only used in XFER mode */
12247 		io->scsiio.be_move_done(io);
12248 		break;
12249 	case CTL_MSG_FAILOVER:
12250 		ctl_failover_lun(io);
12251 		ctl_free_io(io);
12252 		break;
12253 	default:
12254 		printf("%s: Invalid message type %d\n",
12255 		       __func__, io->io_hdr.msg_type);
12256 		ctl_free_io(io);
12257 		break;
12258 	}
12259 
12260 }
12261 
12262 
12263 /*
12264  * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12265  * there is no match.
12266  */
12267 static ctl_lun_error_pattern
12268 ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12269 {
12270 	const struct ctl_cmd_entry *entry;
12271 	ctl_lun_error_pattern filtered_pattern, pattern;
12272 
12273 	pattern = desc->error_pattern;
12274 
12275 	/*
12276 	 * XXX KDM we need more data passed into this function to match a
12277 	 * custom pattern, and we actually need to implement custom pattern
12278 	 * matching.
12279 	 */
12280 	if (pattern & CTL_LUN_PAT_CMD)
12281 		return (CTL_LUN_PAT_CMD);
12282 
12283 	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12284 		return (CTL_LUN_PAT_ANY);
12285 
12286 	entry = ctl_get_cmd_entry(ctsio, NULL);
12287 
12288 	filtered_pattern = entry->pattern & pattern;
12289 
12290 	/*
12291 	 * If the user requested specific flags in the pattern (e.g.
12292 	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12293 	 * flags.
12294 	 *
12295 	 * If the user did not specify any flags, it doesn't matter whether
12296 	 * or not the command supports the flags.
12297 	 */
12298 	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12299 	     (pattern & ~CTL_LUN_PAT_MASK))
12300 		return (CTL_LUN_PAT_NONE);
12301 
12302 	/*
12303 	 * If the user asked for a range check, see if the requested LBA
12304 	 * range overlaps with this command's LBA range.
12305 	 */
12306 	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12307 		uint64_t lba1;
12308 		uint64_t len1;
12309 		ctl_action action;
12310 		int retval;
12311 
12312 		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12313 		if (retval != 0)
12314 			return (CTL_LUN_PAT_NONE);
12315 
12316 		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12317 					      desc->lba_range.len, FALSE);
12318 		/*
12319 		 * A "pass" means that the LBA ranges don't overlap, so
12320 		 * this doesn't match the user's range criteria.
12321 		 */
12322 		if (action == CTL_ACTION_PASS)
12323 			return (CTL_LUN_PAT_NONE);
12324 	}
12325 
12326 	return (filtered_pattern);
12327 }
12328 
12329 static void
12330 ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12331 {
12332 	struct ctl_error_desc *desc, *desc2;
12333 
12334 	mtx_assert(&lun->lun_lock, MA_OWNED);
12335 
12336 	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12337 		ctl_lun_error_pattern pattern;
12338 		/*
12339 		 * Check to see whether this particular command matches
12340 		 * the pattern in the descriptor.
12341 		 */
12342 		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12343 		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12344 			continue;
12345 
12346 		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12347 		case CTL_LUN_INJ_ABORTED:
12348 			ctl_set_aborted(&io->scsiio);
12349 			break;
12350 		case CTL_LUN_INJ_MEDIUM_ERR:
12351 			ctl_set_medium_error(&io->scsiio,
12352 			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12353 			     CTL_FLAG_DATA_OUT);
12354 			break;
12355 		case CTL_LUN_INJ_UA:
12356 			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12357 			 * OCCURRED */
12358 			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12359 			break;
12360 		case CTL_LUN_INJ_CUSTOM:
12361 			/*
12362 			 * We're assuming the user knows what he is doing.
12363 			 * Just copy the sense information without doing
12364 			 * checks.
12365 			 */
12366 			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12367 			      MIN(sizeof(desc->custom_sense),
12368 				  sizeof(io->scsiio.sense_data)));
12369 			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12370 			io->scsiio.sense_len = SSD_FULL_SIZE;
12371 			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12372 			break;
12373 		case CTL_LUN_INJ_NONE:
12374 		default:
12375 			/*
12376 			 * If this is an error injection type we don't know
12377 			 * about, clear the continuous flag (if it is set)
12378 			 * so it will get deleted below.
12379 			 */
12380 			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12381 			break;
12382 		}
12383 		/*
12384 		 * By default, each error injection action is a one-shot
12385 		 */
12386 		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12387 			continue;
12388 
12389 		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12390 
12391 		free(desc, M_CTL);
12392 	}
12393 }
12394 
12395 #ifdef CTL_IO_DELAY
12396 static void
12397 ctl_datamove_timer_wakeup(void *arg)
12398 {
12399 	union ctl_io *io;
12400 
12401 	io = (union ctl_io *)arg;
12402 
12403 	ctl_datamove(io);
12404 }
12405 #endif /* CTL_IO_DELAY */
12406 
12407 void
12408 ctl_datamove(union ctl_io *io)
12409 {
12410 	void (*fe_datamove)(union ctl_io *io);
12411 
12412 	mtx_assert(&((struct ctl_softc *)CTL_SOFTC(io))->ctl_lock, MA_NOTOWNED);
12413 
12414 	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12415 
12416 	/* No data transferred yet.  Frontend must update this when done. */
12417 	io->scsiio.kern_data_resid = io->scsiio.kern_data_len;
12418 
12419 #ifdef CTL_TIME_IO
12420 	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12421 		char str[256];
12422 		char path_str[64];
12423 		struct sbuf sb;
12424 
12425 		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12426 		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12427 
12428 		sbuf_cat(&sb, path_str);
12429 		switch (io->io_hdr.io_type) {
12430 		case CTL_IO_SCSI:
12431 			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12432 			sbuf_printf(&sb, "\n");
12433 			sbuf_cat(&sb, path_str);
12434 			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12435 				    io->scsiio.tag_num, io->scsiio.tag_type);
12436 			break;
12437 		case CTL_IO_TASK:
12438 			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12439 				    "Tag Type: %d\n", io->taskio.task_action,
12440 				    io->taskio.tag_num, io->taskio.tag_type);
12441 			break;
12442 		default:
12443 			panic("%s: Invalid CTL I/O type %d\n",
12444 			    __func__, io->io_hdr.io_type);
12445 		}
12446 		sbuf_cat(&sb, path_str);
12447 		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12448 			    (intmax_t)time_uptime - io->io_hdr.start_time);
12449 		sbuf_finish(&sb);
12450 		printf("%s", sbuf_data(&sb));
12451 	}
12452 #endif /* CTL_TIME_IO */
12453 
12454 #ifdef CTL_IO_DELAY
12455 	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12456 		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12457 	} else {
12458 		struct ctl_lun *lun;
12459 
12460 		lun = CTL_LUN(io);
12461 		if ((lun != NULL)
12462 		 && (lun->delay_info.datamove_delay > 0)) {
12463 
12464 			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12465 			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12466 			callout_reset(&io->io_hdr.delay_callout,
12467 				      lun->delay_info.datamove_delay * hz,
12468 				      ctl_datamove_timer_wakeup, io);
12469 			if (lun->delay_info.datamove_type ==
12470 			    CTL_DELAY_TYPE_ONESHOT)
12471 				lun->delay_info.datamove_delay = 0;
12472 			return;
12473 		}
12474 	}
12475 #endif
12476 
12477 	/*
12478 	 * This command has been aborted.  Set the port status, so we fail
12479 	 * the data move.
12480 	 */
12481 	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12482 		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12483 		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12484 		       io->io_hdr.nexus.targ_port,
12485 		       io->io_hdr.nexus.targ_lun);
12486 		io->io_hdr.port_status = 31337;
12487 		/*
12488 		 * Note that the backend, in this case, will get the
12489 		 * callback in its context.  In other cases it may get
12490 		 * called in the frontend's interrupt thread context.
12491 		 */
12492 		io->scsiio.be_move_done(io);
12493 		return;
12494 	}
12495 
12496 	/* Don't confuse frontend with zero length data move. */
12497 	if (io->scsiio.kern_data_len == 0) {
12498 		io->scsiio.be_move_done(io);
12499 		return;
12500 	}
12501 
12502 	fe_datamove = CTL_PORT(io)->fe_datamove;
12503 	fe_datamove(io);
12504 }
12505 
12506 static void
12507 ctl_send_datamove_done(union ctl_io *io, int have_lock)
12508 {
12509 	union ctl_ha_msg msg;
12510 #ifdef CTL_TIME_IO
12511 	struct bintime cur_bt;
12512 #endif
12513 
12514 	memset(&msg, 0, sizeof(msg));
12515 	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12516 	msg.hdr.original_sc = io;
12517 	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12518 	msg.hdr.nexus = io->io_hdr.nexus;
12519 	msg.hdr.status = io->io_hdr.status;
12520 	msg.scsi.kern_data_resid = io->scsiio.kern_data_resid;
12521 	msg.scsi.tag_num = io->scsiio.tag_num;
12522 	msg.scsi.tag_type = io->scsiio.tag_type;
12523 	msg.scsi.scsi_status = io->scsiio.scsi_status;
12524 	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12525 	       io->scsiio.sense_len);
12526 	msg.scsi.sense_len = io->scsiio.sense_len;
12527 	msg.scsi.port_status = io->io_hdr.port_status;
12528 	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12529 	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12530 		ctl_failover_io(io, /*have_lock*/ have_lock);
12531 		return;
12532 	}
12533 	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12534 	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12535 	    msg.scsi.sense_len, M_WAITOK);
12536 
12537 #ifdef CTL_TIME_IO
12538 	getbinuptime(&cur_bt);
12539 	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12540 	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12541 #endif
12542 	io->io_hdr.num_dmas++;
12543 }
12544 
12545 /*
12546  * The DMA to the remote side is done, now we need to tell the other side
12547  * we're done so it can continue with its data movement.
12548  */
12549 static void
12550 ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12551 {
12552 	union ctl_io *io;
12553 	uint32_t i;
12554 
12555 	io = rq->context;
12556 
12557 	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12558 		printf("%s: ISC DMA write failed with error %d", __func__,
12559 		       rq->ret);
12560 		ctl_set_internal_failure(&io->scsiio,
12561 					 /*sks_valid*/ 1,
12562 					 /*retry_count*/ rq->ret);
12563 	}
12564 
12565 	ctl_dt_req_free(rq);
12566 
12567 	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12568 		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12569 	free(io->io_hdr.remote_sglist, M_CTL);
12570 	io->io_hdr.remote_sglist = NULL;
12571 	io->io_hdr.local_sglist = NULL;
12572 
12573 	/*
12574 	 * The data is in local and remote memory, so now we need to send
12575 	 * status (good or back) back to the other side.
12576 	 */
12577 	ctl_send_datamove_done(io, /*have_lock*/ 0);
12578 }
12579 
12580 /*
12581  * We've moved the data from the host/controller into local memory.  Now we
12582  * need to push it over to the remote controller's memory.
12583  */
12584 static int
12585 ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12586 {
12587 	int retval;
12588 
12589 	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12590 					  ctl_datamove_remote_write_cb);
12591 	return (retval);
12592 }
12593 
12594 static void
12595 ctl_datamove_remote_write(union ctl_io *io)
12596 {
12597 	int retval;
12598 	void (*fe_datamove)(union ctl_io *io);
12599 
12600 	/*
12601 	 * - Get the data from the host/HBA into local memory.
12602 	 * - DMA memory from the local controller to the remote controller.
12603 	 * - Send status back to the remote controller.
12604 	 */
12605 
12606 	retval = ctl_datamove_remote_sgl_setup(io);
12607 	if (retval != 0)
12608 		return;
12609 
12610 	/* Switch the pointer over so the FETD knows what to do */
12611 	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12612 
12613 	/*
12614 	 * Use a custom move done callback, since we need to send completion
12615 	 * back to the other controller, not to the backend on this side.
12616 	 */
12617 	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12618 
12619 	fe_datamove = CTL_PORT(io)->fe_datamove;
12620 	fe_datamove(io);
12621 }
12622 
12623 static int
12624 ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12625 {
12626 #if 0
12627 	char str[256];
12628 	char path_str[64];
12629 	struct sbuf sb;
12630 #endif
12631 	uint32_t i;
12632 
12633 	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12634 		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12635 	free(io->io_hdr.remote_sglist, M_CTL);
12636 	io->io_hdr.remote_sglist = NULL;
12637 	io->io_hdr.local_sglist = NULL;
12638 
12639 #if 0
12640 	scsi_path_string(io, path_str, sizeof(path_str));
12641 	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12642 	sbuf_cat(&sb, path_str);
12643 	scsi_command_string(&io->scsiio, NULL, &sb);
12644 	sbuf_printf(&sb, "\n");
12645 	sbuf_cat(&sb, path_str);
12646 	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12647 		    io->scsiio.tag_num, io->scsiio.tag_type);
12648 	sbuf_cat(&sb, path_str);
12649 	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12650 		    io->io_hdr.flags, io->io_hdr.status);
12651 	sbuf_finish(&sb);
12652 	printk("%s", sbuf_data(&sb));
12653 #endif
12654 
12655 
12656 	/*
12657 	 * The read is done, now we need to send status (good or bad) back
12658 	 * to the other side.
12659 	 */
12660 	ctl_send_datamove_done(io, /*have_lock*/ 0);
12661 
12662 	return (0);
12663 }
12664 
12665 static void
12666 ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12667 {
12668 	union ctl_io *io;
12669 	void (*fe_datamove)(union ctl_io *io);
12670 
12671 	io = rq->context;
12672 
12673 	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12674 		printf("%s: ISC DMA read failed with error %d\n", __func__,
12675 		       rq->ret);
12676 		ctl_set_internal_failure(&io->scsiio,
12677 					 /*sks_valid*/ 1,
12678 					 /*retry_count*/ rq->ret);
12679 	}
12680 
12681 	ctl_dt_req_free(rq);
12682 
12683 	/* Switch the pointer over so the FETD knows what to do */
12684 	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12685 
12686 	/*
12687 	 * Use a custom move done callback, since we need to send completion
12688 	 * back to the other controller, not to the backend on this side.
12689 	 */
12690 	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12691 
12692 	/* XXX KDM add checks like the ones in ctl_datamove? */
12693 
12694 	fe_datamove = CTL_PORT(io)->fe_datamove;
12695 	fe_datamove(io);
12696 }
12697 
12698 static int
12699 ctl_datamove_remote_sgl_setup(union ctl_io *io)
12700 {
12701 	struct ctl_sg_entry *local_sglist;
12702 	uint32_t len_to_go;
12703 	int retval;
12704 	int i;
12705 
12706 	retval = 0;
12707 	local_sglist = io->io_hdr.local_sglist;
12708 	len_to_go = io->scsiio.kern_data_len;
12709 
12710 	/*
12711 	 * The difficult thing here is that the size of the various
12712 	 * S/G segments may be different than the size from the
12713 	 * remote controller.  That'll make it harder when DMAing
12714 	 * the data back to the other side.
12715 	 */
12716 	for (i = 0; len_to_go > 0; i++) {
12717 		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12718 		local_sglist[i].addr =
12719 		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12720 
12721 		len_to_go -= local_sglist[i].len;
12722 	}
12723 	/*
12724 	 * Reset the number of S/G entries accordingly.  The original
12725 	 * number of S/G entries is available in rem_sg_entries.
12726 	 */
12727 	io->scsiio.kern_sg_entries = i;
12728 
12729 #if 0
12730 	printf("%s: kern_sg_entries = %d\n", __func__,
12731 	       io->scsiio.kern_sg_entries);
12732 	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12733 		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12734 		       local_sglist[i].addr, local_sglist[i].len);
12735 #endif
12736 
12737 	return (retval);
12738 }
12739 
12740 static int
12741 ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12742 			 ctl_ha_dt_cb callback)
12743 {
12744 	struct ctl_ha_dt_req *rq;
12745 	struct ctl_sg_entry *remote_sglist, *local_sglist;
12746 	uint32_t local_used, remote_used, total_used;
12747 	int i, j, isc_ret;
12748 
12749 	rq = ctl_dt_req_alloc();
12750 
12751 	/*
12752 	 * If we failed to allocate the request, and if the DMA didn't fail
12753 	 * anyway, set busy status.  This is just a resource allocation
12754 	 * failure.
12755 	 */
12756 	if ((rq == NULL)
12757 	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12758 	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12759 		ctl_set_busy(&io->scsiio);
12760 
12761 	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12762 	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12763 
12764 		if (rq != NULL)
12765 			ctl_dt_req_free(rq);
12766 
12767 		/*
12768 		 * The data move failed.  We need to return status back
12769 		 * to the other controller.  No point in trying to DMA
12770 		 * data to the remote controller.
12771 		 */
12772 
12773 		ctl_send_datamove_done(io, /*have_lock*/ 0);
12774 
12775 		return (1);
12776 	}
12777 
12778 	local_sglist = io->io_hdr.local_sglist;
12779 	remote_sglist = io->io_hdr.remote_sglist;
12780 	local_used = 0;
12781 	remote_used = 0;
12782 	total_used = 0;
12783 
12784 	/*
12785 	 * Pull/push the data over the wire from/to the other controller.
12786 	 * This takes into account the possibility that the local and
12787 	 * remote sglists may not be identical in terms of the size of
12788 	 * the elements and the number of elements.
12789 	 *
12790 	 * One fundamental assumption here is that the length allocated for
12791 	 * both the local and remote sglists is identical.  Otherwise, we've
12792 	 * essentially got a coding error of some sort.
12793 	 */
12794 	isc_ret = CTL_HA_STATUS_SUCCESS;
12795 	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12796 		uint32_t cur_len;
12797 		uint8_t *tmp_ptr;
12798 
12799 		rq->command = command;
12800 		rq->context = io;
12801 
12802 		/*
12803 		 * Both pointers should be aligned.  But it is possible
12804 		 * that the allocation length is not.  They should both
12805 		 * also have enough slack left over at the end, though,
12806 		 * to round up to the next 8 byte boundary.
12807 		 */
12808 		cur_len = MIN(local_sglist[i].len - local_used,
12809 			      remote_sglist[j].len - remote_used);
12810 		rq->size = cur_len;
12811 
12812 		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12813 		tmp_ptr += local_used;
12814 
12815 #if 0
12816 		/* Use physical addresses when talking to ISC hardware */
12817 		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12818 			/* XXX KDM use busdma */
12819 			rq->local = vtophys(tmp_ptr);
12820 		} else
12821 			rq->local = tmp_ptr;
12822 #else
12823 		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12824 		    ("HA does not support BUS_ADDR"));
12825 		rq->local = tmp_ptr;
12826 #endif
12827 
12828 		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12829 		tmp_ptr += remote_used;
12830 		rq->remote = tmp_ptr;
12831 
12832 		rq->callback = NULL;
12833 
12834 		local_used += cur_len;
12835 		if (local_used >= local_sglist[i].len) {
12836 			i++;
12837 			local_used = 0;
12838 		}
12839 
12840 		remote_used += cur_len;
12841 		if (remote_used >= remote_sglist[j].len) {
12842 			j++;
12843 			remote_used = 0;
12844 		}
12845 		total_used += cur_len;
12846 
12847 		if (total_used >= io->scsiio.kern_data_len)
12848 			rq->callback = callback;
12849 
12850 #if 0
12851 		printf("%s: %s: local %p remote %p size %d\n", __func__,
12852 		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12853 		       rq->local, rq->remote, rq->size);
12854 #endif
12855 
12856 		isc_ret = ctl_dt_single(rq);
12857 		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12858 			break;
12859 	}
12860 	if (isc_ret != CTL_HA_STATUS_WAIT) {
12861 		rq->ret = isc_ret;
12862 		callback(rq);
12863 	}
12864 
12865 	return (0);
12866 }
12867 
12868 static void
12869 ctl_datamove_remote_read(union ctl_io *io)
12870 {
12871 	int retval;
12872 	uint32_t i;
12873 
12874 	/*
12875 	 * This will send an error to the other controller in the case of a
12876 	 * failure.
12877 	 */
12878 	retval = ctl_datamove_remote_sgl_setup(io);
12879 	if (retval != 0)
12880 		return;
12881 
12882 	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12883 					  ctl_datamove_remote_read_cb);
12884 	if (retval != 0) {
12885 		/*
12886 		 * Make sure we free memory if there was an error..  The
12887 		 * ctl_datamove_remote_xfer() function will send the
12888 		 * datamove done message, or call the callback with an
12889 		 * error if there is a problem.
12890 		 */
12891 		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12892 			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12893 		free(io->io_hdr.remote_sglist, M_CTL);
12894 		io->io_hdr.remote_sglist = NULL;
12895 		io->io_hdr.local_sglist = NULL;
12896 	}
12897 }
12898 
12899 /*
12900  * Process a datamove request from the other controller.  This is used for
12901  * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12902  * first.  Once that is complete, the data gets DMAed into the remote
12903  * controller's memory.  For reads, we DMA from the remote controller's
12904  * memory into our memory first, and then move it out to the FETD.
12905  */
12906 static void
12907 ctl_datamove_remote(union ctl_io *io)
12908 {
12909 
12910 	mtx_assert(&((struct ctl_softc *)CTL_SOFTC(io))->ctl_lock, MA_NOTOWNED);
12911 
12912 	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12913 		ctl_failover_io(io, /*have_lock*/ 0);
12914 		return;
12915 	}
12916 
12917 	/*
12918 	 * Note that we look for an aborted I/O here, but don't do some of
12919 	 * the other checks that ctl_datamove() normally does.
12920 	 * We don't need to run the datamove delay code, since that should
12921 	 * have been done if need be on the other controller.
12922 	 */
12923 	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12924 		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12925 		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12926 		       io->io_hdr.nexus.targ_port,
12927 		       io->io_hdr.nexus.targ_lun);
12928 		io->io_hdr.port_status = 31338;
12929 		ctl_send_datamove_done(io, /*have_lock*/ 0);
12930 		return;
12931 	}
12932 
12933 	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12934 		ctl_datamove_remote_write(io);
12935 	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12936 		ctl_datamove_remote_read(io);
12937 	else {
12938 		io->io_hdr.port_status = 31339;
12939 		ctl_send_datamove_done(io, /*have_lock*/ 0);
12940 	}
12941 }
12942 
12943 static void
12944 ctl_process_done(union ctl_io *io)
12945 {
12946 	struct ctl_softc *softc = CTL_SOFTC(io);
12947 	struct ctl_port *port = CTL_PORT(io);
12948 	struct ctl_lun *lun = CTL_LUN(io);
12949 	void (*fe_done)(union ctl_io *io);
12950 	union ctl_ha_msg msg;
12951 
12952 	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12953 	fe_done = port->fe_done;
12954 
12955 #ifdef CTL_TIME_IO
12956 	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12957 		char str[256];
12958 		char path_str[64];
12959 		struct sbuf sb;
12960 
12961 		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12962 		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12963 
12964 		sbuf_cat(&sb, path_str);
12965 		switch (io->io_hdr.io_type) {
12966 		case CTL_IO_SCSI:
12967 			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12968 			sbuf_printf(&sb, "\n");
12969 			sbuf_cat(&sb, path_str);
12970 			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12971 				    io->scsiio.tag_num, io->scsiio.tag_type);
12972 			break;
12973 		case CTL_IO_TASK:
12974 			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12975 				    "Tag Type: %d\n", io->taskio.task_action,
12976 				    io->taskio.tag_num, io->taskio.tag_type);
12977 			break;
12978 		default:
12979 			panic("%s: Invalid CTL I/O type %d\n",
12980 			    __func__, io->io_hdr.io_type);
12981 		}
12982 		sbuf_cat(&sb, path_str);
12983 		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12984 			    (intmax_t)time_uptime - io->io_hdr.start_time);
12985 		sbuf_finish(&sb);
12986 		printf("%s", sbuf_data(&sb));
12987 	}
12988 #endif /* CTL_TIME_IO */
12989 
12990 	switch (io->io_hdr.io_type) {
12991 	case CTL_IO_SCSI:
12992 		break;
12993 	case CTL_IO_TASK:
12994 		if (ctl_debug & CTL_DEBUG_INFO)
12995 			ctl_io_error_print(io, NULL);
12996 		fe_done(io);
12997 		return;
12998 	default:
12999 		panic("%s: Invalid CTL I/O type %d\n",
13000 		    __func__, io->io_hdr.io_type);
13001 	}
13002 
13003 	if (lun == NULL) {
13004 		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13005 				 io->io_hdr.nexus.targ_mapped_lun));
13006 		goto bailout;
13007 	}
13008 
13009 	mtx_lock(&lun->lun_lock);
13010 
13011 	/*
13012 	 * Check to see if we have any informational exception and status
13013 	 * of this command can be modified to report it in form of either
13014 	 * RECOVERED ERROR or NO SENSE, depending on MRIE mode page field.
13015 	 */
13016 	if (lun->ie_reported == 0 && lun->ie_asc != 0 &&
13017 	    io->io_hdr.status == CTL_SUCCESS &&
13018 	    (io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0) {
13019 		uint8_t mrie = lun->MODE_IE.mrie;
13020 		uint8_t per = ((lun->MODE_RWER.byte3 & SMS_RWER_PER) ||
13021 		    (lun->MODE_VER.byte3 & SMS_VER_PER));
13022 		if (((mrie == SIEP_MRIE_REC_COND && per) ||
13023 		     mrie == SIEP_MRIE_REC_UNCOND ||
13024 		     mrie == SIEP_MRIE_NO_SENSE) &&
13025 		    (ctl_get_cmd_entry(&io->scsiio, NULL)->flags &
13026 		     CTL_CMD_FLAG_NO_SENSE) == 0) {
13027 			ctl_set_sense(&io->scsiio,
13028 			      /*current_error*/ 1,
13029 			      /*sense_key*/ (mrie == SIEP_MRIE_NO_SENSE) ?
13030 			        SSD_KEY_NO_SENSE : SSD_KEY_RECOVERED_ERROR,
13031 			      /*asc*/ lun->ie_asc,
13032 			      /*ascq*/ lun->ie_ascq,
13033 			      SSD_ELEM_NONE);
13034 			lun->ie_reported = 1;
13035 		}
13036 	} else if (lun->ie_reported < 0)
13037 		lun->ie_reported = 0;
13038 
13039 	/*
13040 	 * Check to see if we have any errors to inject here.  We only
13041 	 * inject errors for commands that don't already have errors set.
13042 	 */
13043 	if (!STAILQ_EMPTY(&lun->error_list) &&
13044 	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13045 	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13046 		ctl_inject_error(lun, io);
13047 
13048 	/*
13049 	 * XXX KDM how do we treat commands that aren't completed
13050 	 * successfully?
13051 	 *
13052 	 * XXX KDM should we also track I/O latency?
13053 	 */
13054 	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13055 	    io->io_hdr.io_type == CTL_IO_SCSI) {
13056 		int type;
13057 #ifdef CTL_TIME_IO
13058 		struct bintime bt;
13059 
13060 		getbinuptime(&bt);
13061 		bintime_sub(&bt, &io->io_hdr.start_bt);
13062 #endif
13063 		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13064 		    CTL_FLAG_DATA_IN)
13065 			type = CTL_STATS_READ;
13066 		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13067 		    CTL_FLAG_DATA_OUT)
13068 			type = CTL_STATS_WRITE;
13069 		else
13070 			type = CTL_STATS_NO_IO;
13071 
13072 #ifdef CTL_LEGACY_STATS
13073 		uint32_t targ_port = port->targ_port;
13074 		lun->legacy_stats.ports[targ_port].bytes[type] +=
13075 		    io->scsiio.kern_total_len;
13076 		lun->legacy_stats.ports[targ_port].operations[type] ++;
13077 		lun->legacy_stats.ports[targ_port].num_dmas[type] +=
13078 		    io->io_hdr.num_dmas;
13079 #ifdef CTL_TIME_IO
13080 		bintime_add(&lun->legacy_stats.ports[targ_port].dma_time[type],
13081 		   &io->io_hdr.dma_bt);
13082 		bintime_add(&lun->legacy_stats.ports[targ_port].time[type],
13083 		    &bt);
13084 #endif
13085 #endif /* CTL_LEGACY_STATS */
13086 
13087 		lun->stats.bytes[type] += io->scsiio.kern_total_len;
13088 		lun->stats.operations[type] ++;
13089 		lun->stats.dmas[type] += io->io_hdr.num_dmas;
13090 #ifdef CTL_TIME_IO
13091 		bintime_add(&lun->stats.dma_time[type], &io->io_hdr.dma_bt);
13092 		bintime_add(&lun->stats.time[type], &bt);
13093 #endif
13094 
13095 		mtx_lock(&port->port_lock);
13096 		port->stats.bytes[type] += io->scsiio.kern_total_len;
13097 		port->stats.operations[type] ++;
13098 		port->stats.dmas[type] += io->io_hdr.num_dmas;
13099 #ifdef CTL_TIME_IO
13100 		bintime_add(&port->stats.dma_time[type], &io->io_hdr.dma_bt);
13101 		bintime_add(&port->stats.time[type], &bt);
13102 #endif
13103 		mtx_unlock(&port->port_lock);
13104 	}
13105 
13106 	/*
13107 	 * Remove this from the OOA queue.
13108 	 */
13109 	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13110 #ifdef CTL_TIME_IO
13111 	if (TAILQ_EMPTY(&lun->ooa_queue))
13112 		lun->last_busy = getsbinuptime();
13113 #endif
13114 
13115 	/*
13116 	 * Run through the blocked queue on this LUN and see if anything
13117 	 * has become unblocked, now that this transaction is done.
13118 	 */
13119 	ctl_check_blocked(lun);
13120 
13121 	/*
13122 	 * If the LUN has been invalidated, free it if there is nothing
13123 	 * left on its OOA queue.
13124 	 */
13125 	if ((lun->flags & CTL_LUN_INVALID)
13126 	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13127 		mtx_unlock(&lun->lun_lock);
13128 		ctl_free_lun(lun);
13129 	} else
13130 		mtx_unlock(&lun->lun_lock);
13131 
13132 bailout:
13133 
13134 	/*
13135 	 * If this command has been aborted, make sure we set the status
13136 	 * properly.  The FETD is responsible for freeing the I/O and doing
13137 	 * whatever it needs to do to clean up its state.
13138 	 */
13139 	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13140 		ctl_set_task_aborted(&io->scsiio);
13141 
13142 	/*
13143 	 * If enabled, print command error status.
13144 	 */
13145 	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13146 	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13147 		ctl_io_error_print(io, NULL);
13148 
13149 	/*
13150 	 * Tell the FETD or the other shelf controller we're done with this
13151 	 * command.  Note that only SCSI commands get to this point.  Task
13152 	 * management commands are completed above.
13153 	 */
13154 	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13155 	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13156 		memset(&msg, 0, sizeof(msg));
13157 		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13158 		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13159 		msg.hdr.nexus = io->io_hdr.nexus;
13160 		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13161 		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13162 		    M_WAITOK);
13163 	}
13164 
13165 	fe_done(io);
13166 }
13167 
13168 /*
13169  * Front end should call this if it doesn't do autosense.  When the request
13170  * sense comes back in from the initiator, we'll dequeue this and send it.
13171  */
13172 int
13173 ctl_queue_sense(union ctl_io *io)
13174 {
13175 	struct ctl_softc *softc = CTL_SOFTC(io);
13176 	struct ctl_port *port = CTL_PORT(io);
13177 	struct ctl_lun *lun;
13178 	struct scsi_sense_data *ps;
13179 	uint32_t initidx, p, targ_lun;
13180 
13181 	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13182 
13183 	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13184 
13185 	/*
13186 	 * LUN lookup will likely move to the ctl_work_thread() once we
13187 	 * have our new queueing infrastructure (that doesn't put things on
13188 	 * a per-LUN queue initially).  That is so that we can handle
13189 	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13190 	 * can't deal with that right now.
13191 	 * If we don't have a LUN for this, just toss the sense information.
13192 	 */
13193 	mtx_lock(&softc->ctl_lock);
13194 	if (targ_lun >= ctl_max_luns ||
13195 	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
13196 		mtx_unlock(&softc->ctl_lock);
13197 		goto bailout;
13198 	}
13199 	mtx_lock(&lun->lun_lock);
13200 	mtx_unlock(&softc->ctl_lock);
13201 
13202 	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13203 	p = initidx / CTL_MAX_INIT_PER_PORT;
13204 	if (lun->pending_sense[p] == NULL) {
13205 		lun->pending_sense[p] = malloc(sizeof(*ps) * CTL_MAX_INIT_PER_PORT,
13206 		    M_CTL, M_NOWAIT | M_ZERO);
13207 	}
13208 	if ((ps = lun->pending_sense[p]) != NULL) {
13209 		ps += initidx % CTL_MAX_INIT_PER_PORT;
13210 		memset(ps, 0, sizeof(*ps));
13211 		memcpy(ps, &io->scsiio.sense_data, io->scsiio.sense_len);
13212 	}
13213 	mtx_unlock(&lun->lun_lock);
13214 
13215 bailout:
13216 	ctl_free_io(io);
13217 	return (CTL_RETVAL_COMPLETE);
13218 }
13219 
13220 /*
13221  * Primary command inlet from frontend ports.  All SCSI and task I/O
13222  * requests must go through this function.
13223  */
13224 int
13225 ctl_queue(union ctl_io *io)
13226 {
13227 	struct ctl_port *port = CTL_PORT(io);
13228 
13229 	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13230 
13231 #ifdef CTL_TIME_IO
13232 	io->io_hdr.start_time = time_uptime;
13233 	getbinuptime(&io->io_hdr.start_bt);
13234 #endif /* CTL_TIME_IO */
13235 
13236 	/* Map FE-specific LUN ID into global one. */
13237 	io->io_hdr.nexus.targ_mapped_lun =
13238 	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13239 
13240 	switch (io->io_hdr.io_type) {
13241 	case CTL_IO_SCSI:
13242 	case CTL_IO_TASK:
13243 		if (ctl_debug & CTL_DEBUG_CDB)
13244 			ctl_io_print(io);
13245 		ctl_enqueue_incoming(io);
13246 		break;
13247 	default:
13248 		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13249 		return (EINVAL);
13250 	}
13251 
13252 	return (CTL_RETVAL_COMPLETE);
13253 }
13254 
13255 #ifdef CTL_IO_DELAY
13256 static void
13257 ctl_done_timer_wakeup(void *arg)
13258 {
13259 	union ctl_io *io;
13260 
13261 	io = (union ctl_io *)arg;
13262 	ctl_done(io);
13263 }
13264 #endif /* CTL_IO_DELAY */
13265 
13266 void
13267 ctl_serseq_done(union ctl_io *io)
13268 {
13269 	struct ctl_lun *lun = CTL_LUN(io);;
13270 
13271 	if (lun->be_lun == NULL ||
13272 	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13273 		return;
13274 	mtx_lock(&lun->lun_lock);
13275 	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13276 	ctl_check_blocked(lun);
13277 	mtx_unlock(&lun->lun_lock);
13278 }
13279 
13280 void
13281 ctl_done(union ctl_io *io)
13282 {
13283 
13284 	/*
13285 	 * Enable this to catch duplicate completion issues.
13286 	 */
13287 #if 0
13288 	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13289 		printf("%s: type %d msg %d cdb %x iptl: "
13290 		       "%u:%u:%u tag 0x%04x "
13291 		       "flag %#x status %x\n",
13292 			__func__,
13293 			io->io_hdr.io_type,
13294 			io->io_hdr.msg_type,
13295 			io->scsiio.cdb[0],
13296 			io->io_hdr.nexus.initid,
13297 			io->io_hdr.nexus.targ_port,
13298 			io->io_hdr.nexus.targ_lun,
13299 			(io->io_hdr.io_type ==
13300 			CTL_IO_TASK) ?
13301 			io->taskio.tag_num :
13302 			io->scsiio.tag_num,
13303 		        io->io_hdr.flags,
13304 			io->io_hdr.status);
13305 	} else
13306 		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13307 #endif
13308 
13309 	/*
13310 	 * This is an internal copy of an I/O, and should not go through
13311 	 * the normal done processing logic.
13312 	 */
13313 	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13314 		return;
13315 
13316 #ifdef CTL_IO_DELAY
13317 	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13318 		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13319 	} else {
13320 		struct ctl_lun *lun = CTL_LUN(io);
13321 
13322 		if ((lun != NULL)
13323 		 && (lun->delay_info.done_delay > 0)) {
13324 
13325 			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13326 			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13327 			callout_reset(&io->io_hdr.delay_callout,
13328 				      lun->delay_info.done_delay * hz,
13329 				      ctl_done_timer_wakeup, io);
13330 			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13331 				lun->delay_info.done_delay = 0;
13332 			return;
13333 		}
13334 	}
13335 #endif /* CTL_IO_DELAY */
13336 
13337 	ctl_enqueue_done(io);
13338 }
13339 
13340 static void
13341 ctl_work_thread(void *arg)
13342 {
13343 	struct ctl_thread *thr = (struct ctl_thread *)arg;
13344 	struct ctl_softc *softc = thr->ctl_softc;
13345 	union ctl_io *io;
13346 	int retval;
13347 
13348 	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13349 
13350 	while (!softc->shutdown) {
13351 		/*
13352 		 * We handle the queues in this order:
13353 		 * - ISC
13354 		 * - done queue (to free up resources, unblock other commands)
13355 		 * - incoming queue
13356 		 * - RtR queue
13357 		 *
13358 		 * If those queues are empty, we break out of the loop and
13359 		 * go to sleep.
13360 		 */
13361 		mtx_lock(&thr->queue_lock);
13362 		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13363 		if (io != NULL) {
13364 			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13365 			mtx_unlock(&thr->queue_lock);
13366 			ctl_handle_isc(io);
13367 			continue;
13368 		}
13369 		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13370 		if (io != NULL) {
13371 			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13372 			/* clear any blocked commands, call fe_done */
13373 			mtx_unlock(&thr->queue_lock);
13374 			ctl_process_done(io);
13375 			continue;
13376 		}
13377 		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13378 		if (io != NULL) {
13379 			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13380 			mtx_unlock(&thr->queue_lock);
13381 			if (io->io_hdr.io_type == CTL_IO_TASK)
13382 				ctl_run_task(io);
13383 			else
13384 				ctl_scsiio_precheck(softc, &io->scsiio);
13385 			continue;
13386 		}
13387 		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13388 		if (io != NULL) {
13389 			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13390 			mtx_unlock(&thr->queue_lock);
13391 			retval = ctl_scsiio(&io->scsiio);
13392 			if (retval != CTL_RETVAL_COMPLETE)
13393 				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13394 			continue;
13395 		}
13396 
13397 		/* Sleep until we have something to do. */
13398 		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13399 	}
13400 	thr->thread = NULL;
13401 	kthread_exit();
13402 }
13403 
13404 static void
13405 ctl_lun_thread(void *arg)
13406 {
13407 	struct ctl_softc *softc = (struct ctl_softc *)arg;
13408 	struct ctl_be_lun *be_lun;
13409 
13410 	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13411 
13412 	while (!softc->shutdown) {
13413 		mtx_lock(&softc->ctl_lock);
13414 		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13415 		if (be_lun != NULL) {
13416 			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13417 			mtx_unlock(&softc->ctl_lock);
13418 			ctl_create_lun(be_lun);
13419 			continue;
13420 		}
13421 
13422 		/* Sleep until we have something to do. */
13423 		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13424 		    PDROP | PRIBIO, "-", 0);
13425 	}
13426 	softc->lun_thread = NULL;
13427 	kthread_exit();
13428 }
13429 
13430 static void
13431 ctl_thresh_thread(void *arg)
13432 {
13433 	struct ctl_softc *softc = (struct ctl_softc *)arg;
13434 	struct ctl_lun *lun;
13435 	struct ctl_logical_block_provisioning_page *page;
13436 	const char *attr;
13437 	union ctl_ha_msg msg;
13438 	uint64_t thres, val;
13439 	int i, e, set;
13440 
13441 	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13442 
13443 	while (!softc->shutdown) {
13444 		mtx_lock(&softc->ctl_lock);
13445 		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13446 			if ((lun->flags & CTL_LUN_DISABLED) ||
13447 			    (lun->flags & CTL_LUN_NO_MEDIA) ||
13448 			    lun->backend->lun_attr == NULL)
13449 				continue;
13450 			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13451 			    softc->ha_mode == CTL_HA_MODE_XFER)
13452 				continue;
13453 			if ((lun->MODE_RWER.byte8 & SMS_RWER_LBPERE) == 0)
13454 				continue;
13455 			e = 0;
13456 			page = &lun->MODE_LBP;
13457 			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13458 				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13459 					continue;
13460 				thres = scsi_4btoul(page->descr[i].count);
13461 				thres <<= CTL_LBP_EXPONENT;
13462 				switch (page->descr[i].resource) {
13463 				case 0x01:
13464 					attr = "blocksavail";
13465 					break;
13466 				case 0x02:
13467 					attr = "blocksused";
13468 					break;
13469 				case 0xf1:
13470 					attr = "poolblocksavail";
13471 					break;
13472 				case 0xf2:
13473 					attr = "poolblocksused";
13474 					break;
13475 				default:
13476 					continue;
13477 				}
13478 				mtx_unlock(&softc->ctl_lock); // XXX
13479 				val = lun->backend->lun_attr(
13480 				    lun->be_lun->be_lun, attr);
13481 				mtx_lock(&softc->ctl_lock);
13482 				if (val == UINT64_MAX)
13483 					continue;
13484 				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13485 				    == SLBPPD_ARMING_INC)
13486 					e = (val >= thres);
13487 				else
13488 					e = (val <= thres);
13489 				if (e)
13490 					break;
13491 			}
13492 			mtx_lock(&lun->lun_lock);
13493 			if (e) {
13494 				scsi_u64to8b((uint8_t *)&page->descr[i] -
13495 				    (uint8_t *)page, lun->ua_tpt_info);
13496 				if (lun->lasttpt == 0 ||
13497 				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13498 					lun->lasttpt = time_uptime;
13499 					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13500 					set = 1;
13501 				} else
13502 					set = 0;
13503 			} else {
13504 				lun->lasttpt = 0;
13505 				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13506 				set = -1;
13507 			}
13508 			mtx_unlock(&lun->lun_lock);
13509 			if (set != 0 &&
13510 			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13511 				/* Send msg to other side. */
13512 				bzero(&msg.ua, sizeof(msg.ua));
13513 				msg.hdr.msg_type = CTL_MSG_UA;
13514 				msg.hdr.nexus.initid = -1;
13515 				msg.hdr.nexus.targ_port = -1;
13516 				msg.hdr.nexus.targ_lun = lun->lun;
13517 				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13518 				msg.ua.ua_all = 1;
13519 				msg.ua.ua_set = (set > 0);
13520 				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13521 				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13522 				mtx_unlock(&softc->ctl_lock); // XXX
13523 				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13524 				    sizeof(msg.ua), M_WAITOK);
13525 				mtx_lock(&softc->ctl_lock);
13526 			}
13527 		}
13528 		mtx_sleep(&softc->thresh_thread, &softc->ctl_lock,
13529 		    PDROP | PRIBIO, "-", CTL_LBP_PERIOD * hz);
13530 	}
13531 	softc->thresh_thread = NULL;
13532 	kthread_exit();
13533 }
13534 
13535 static void
13536 ctl_enqueue_incoming(union ctl_io *io)
13537 {
13538 	struct ctl_softc *softc = CTL_SOFTC(io);
13539 	struct ctl_thread *thr;
13540 	u_int idx;
13541 
13542 	idx = (io->io_hdr.nexus.targ_port * 127 +
13543 	       io->io_hdr.nexus.initid) % worker_threads;
13544 	thr = &softc->threads[idx];
13545 	mtx_lock(&thr->queue_lock);
13546 	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13547 	mtx_unlock(&thr->queue_lock);
13548 	wakeup(thr);
13549 }
13550 
13551 static void
13552 ctl_enqueue_rtr(union ctl_io *io)
13553 {
13554 	struct ctl_softc *softc = CTL_SOFTC(io);
13555 	struct ctl_thread *thr;
13556 
13557 	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13558 	mtx_lock(&thr->queue_lock);
13559 	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13560 	mtx_unlock(&thr->queue_lock);
13561 	wakeup(thr);
13562 }
13563 
13564 static void
13565 ctl_enqueue_done(union ctl_io *io)
13566 {
13567 	struct ctl_softc *softc = CTL_SOFTC(io);
13568 	struct ctl_thread *thr;
13569 
13570 	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13571 	mtx_lock(&thr->queue_lock);
13572 	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13573 	mtx_unlock(&thr->queue_lock);
13574 	wakeup(thr);
13575 }
13576 
13577 static void
13578 ctl_enqueue_isc(union ctl_io *io)
13579 {
13580 	struct ctl_softc *softc = CTL_SOFTC(io);
13581 	struct ctl_thread *thr;
13582 
13583 	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13584 	mtx_lock(&thr->queue_lock);
13585 	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13586 	mtx_unlock(&thr->queue_lock);
13587 	wakeup(thr);
13588 }
13589 
13590 /*
13591  *  vim: ts=8
13592  */
13593