xref: /freebsd/sys/cam/ctl/ctl.c (revision 9a41df2a0e6408e9b329bbd8b9e37c2b44461a1b) 
1 /*-
2  * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3  * Copyright (c) 2012 The FreeBSD Foundation
4  * All rights reserved.
5  *
6  * Portions of this software were developed by Edward Tomasz Napierala
7  * under sponsorship from the FreeBSD Foundation.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions, and the following disclaimer,
14  *    without modification.
15  * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16  *    substantially similar to the "NO WARRANTY" disclaimer below
17  *    ("Disclaimer") and any redistribution must be conditioned upon
18  *    including a substantially similar Disclaimer requirement for further
19  *    binary redistribution.
20  *
21  * NO WARRANTY
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26  * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32  * POSSIBILITY OF SUCH DAMAGES.
33  *
34  * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35  */
36 /*
37  * CAM Target Layer, a SCSI device emulation subsystem.
38  *
39  * Author: Ken Merry <ken@FreeBSD.org>
40  */
41 
42 #define _CTL_C
43 
44 #include <sys/cdefs.h>
45 __FBSDID("$FreeBSD$");
46 
47 #include <sys/param.h>
48 #include <sys/systm.h>
49 #include <sys/kernel.h>
50 #include <sys/types.h>
51 #include <sys/kthread.h>
52 #include <sys/bio.h>
53 #include <sys/fcntl.h>
54 #include <sys/lock.h>
55 #include <sys/mutex.h>
56 #include <sys/condvar.h>
57 #include <sys/malloc.h>
58 #include <sys/conf.h>
59 #include <sys/ioccom.h>
60 #include <sys/queue.h>
61 #include <sys/sbuf.h>
62 #include <sys/endian.h>
63 #include <sys/sysctl.h>
64 
65 #include <cam/cam.h>
66 #include <cam/scsi/scsi_all.h>
67 #include <cam/scsi/scsi_da.h>
68 #include <cam/ctl/ctl_io.h>
69 #include <cam/ctl/ctl.h>
70 #include <cam/ctl/ctl_frontend.h>
71 #include <cam/ctl/ctl_frontend_internal.h>
72 #include <cam/ctl/ctl_util.h>
73 #include <cam/ctl/ctl_backend.h>
74 #include <cam/ctl/ctl_ioctl.h>
75 #include <cam/ctl/ctl_ha.h>
76 #include <cam/ctl/ctl_private.h>
77 #include <cam/ctl/ctl_debug.h>
78 #include <cam/ctl/ctl_scsi_all.h>
79 #include <cam/ctl/ctl_error.h>
80 
81 struct ctl_softc *control_softc = NULL;
82 
83 /*
84  * The default is to run with CTL_DONE_THREAD turned on.  Completed
85  * transactions are queued for processing by the CTL work thread.  When
86  * CTL_DONE_THREAD is not defined, completed transactions are processed in
87  * the caller's context.
88  */
89 #define CTL_DONE_THREAD
90 
91 /*
92  *  * Use the serial number and device ID provided by the backend, rather than
93  *   * making up our own.
94  *    */
95 #define CTL_USE_BACKEND_SN
96 
97 /*
98  * Size and alignment macros needed for Copan-specific HA hardware.  These
99  * can go away when the HA code is re-written, and uses busdma for any
100  * hardware.
101  */
102 #define	CTL_ALIGN_8B(target, source, type)				\
103 	if (((uint32_t)source & 0x7) != 0)				\
104 		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
105 	else								\
106 		target = (type)source;
107 
108 #define	CTL_SIZE_8B(target, size)					\
109 	if ((size & 0x7) != 0)						\
110 		target = size + (0x8 - (size & 0x7));			\
111 	else								\
112 		target = size;
113 
114 #define CTL_ALIGN_8B_MARGIN	16
115 
116 /*
117  * Template mode pages.
118  */
119 
120 /*
121  * Note that these are default values only.  The actual values will be
122  * filled in when the user does a mode sense.
123  */
124 static struct copan_power_subpage power_page_default = {
125 	/*page_code*/ PWR_PAGE_CODE | SMPH_SPF,
126 	/*subpage*/ PWR_SUBPAGE_CODE,
127 	/*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00,
128 			 (sizeof(struct copan_power_subpage) - 4) & 0x00ff},
129 	/*page_version*/ PWR_VERSION,
130 	/* total_luns */ 26,
131 	/* max_active_luns*/ PWR_DFLT_MAX_LUNS,
132 	/*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0,
133 		      0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
134 		      0, 0, 0, 0, 0, 0}
135 };
136 
137 static struct copan_power_subpage power_page_changeable = {
138 	/*page_code*/ PWR_PAGE_CODE | SMPH_SPF,
139 	/*subpage*/ PWR_SUBPAGE_CODE,
140 	/*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00,
141 			 (sizeof(struct copan_power_subpage) - 4) & 0x00ff},
142 	/*page_version*/ 0,
143 	/* total_luns */ 0,
144 	/* max_active_luns*/ 0,
145 	/*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0,
146 		      0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
147 		      0, 0, 0, 0, 0, 0}
148 };
149 
150 static struct copan_aps_subpage aps_page_default = {
151 	APS_PAGE_CODE | SMPH_SPF, //page_code
152 	APS_SUBPAGE_CODE, //subpage
153 	{(sizeof(struct copan_aps_subpage) - 4) & 0xff00,
154 	 (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length
155 	APS_VERSION, //page_version
156 	0, //lock_active
157 	{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
158 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
159 	0, 0, 0, 0, 0} //reserved
160 };
161 
162 static struct copan_aps_subpage aps_page_changeable = {
163 	APS_PAGE_CODE | SMPH_SPF, //page_code
164 	APS_SUBPAGE_CODE, //subpage
165 	{(sizeof(struct copan_aps_subpage) - 4) & 0xff00,
166 	 (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length
167 	0, //page_version
168 	0, //lock_active
169 	{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
170 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
171 	0, 0, 0, 0, 0} //reserved
172 };
173 
174 static struct copan_debugconf_subpage debugconf_page_default = {
175 	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
176 	DBGCNF_SUBPAGE_CODE,		/* subpage */
177 	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
178 	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
179 	DBGCNF_VERSION,			/* page_version */
180 	{CTL_TIME_IO_DEFAULT_SECS>>8,
181 	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
182 };
183 
184 static struct copan_debugconf_subpage debugconf_page_changeable = {
185 	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
186 	DBGCNF_SUBPAGE_CODE,		/* subpage */
187 	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
188 	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
189 	0,				/* page_version */
190 	{0xff,0xff},			/* ctl_time_io_secs */
191 };
192 
193 static struct scsi_format_page format_page_default = {
194 	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
195 	/*page_length*/sizeof(struct scsi_format_page) - 2,
196 	/*tracks_per_zone*/ {0, 0},
197 	/*alt_sectors_per_zone*/ {0, 0},
198 	/*alt_tracks_per_zone*/ {0, 0},
199 	/*alt_tracks_per_lun*/ {0, 0},
200 	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
201 			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
202 	/*bytes_per_sector*/ {0, 0},
203 	/*interleave*/ {0, 0},
204 	/*track_skew*/ {0, 0},
205 	/*cylinder_skew*/ {0, 0},
206 	/*flags*/ SFP_HSEC,
207 	/*reserved*/ {0, 0, 0}
208 };
209 
210 static struct scsi_format_page format_page_changeable = {
211 	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
212 	/*page_length*/sizeof(struct scsi_format_page) - 2,
213 	/*tracks_per_zone*/ {0, 0},
214 	/*alt_sectors_per_zone*/ {0, 0},
215 	/*alt_tracks_per_zone*/ {0, 0},
216 	/*alt_tracks_per_lun*/ {0, 0},
217 	/*sectors_per_track*/ {0, 0},
218 	/*bytes_per_sector*/ {0, 0},
219 	/*interleave*/ {0, 0},
220 	/*track_skew*/ {0, 0},
221 	/*cylinder_skew*/ {0, 0},
222 	/*flags*/ 0,
223 	/*reserved*/ {0, 0, 0}
224 };
225 
226 static struct scsi_rigid_disk_page rigid_disk_page_default = {
227 	/*page_code*/SMS_RIGID_DISK_PAGE,
228 	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
229 	/*cylinders*/ {0, 0, 0},
230 	/*heads*/ CTL_DEFAULT_HEADS,
231 	/*start_write_precomp*/ {0, 0, 0},
232 	/*start_reduced_current*/ {0, 0, 0},
233 	/*step_rate*/ {0, 0},
234 	/*landing_zone_cylinder*/ {0, 0, 0},
235 	/*rpl*/ SRDP_RPL_DISABLED,
236 	/*rotational_offset*/ 0,
237 	/*reserved1*/ 0,
238 	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
239 			   CTL_DEFAULT_ROTATION_RATE & 0xff},
240 	/*reserved2*/ {0, 0}
241 };
242 
243 static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
244 	/*page_code*/SMS_RIGID_DISK_PAGE,
245 	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
246 	/*cylinders*/ {0, 0, 0},
247 	/*heads*/ 0,
248 	/*start_write_precomp*/ {0, 0, 0},
249 	/*start_reduced_current*/ {0, 0, 0},
250 	/*step_rate*/ {0, 0},
251 	/*landing_zone_cylinder*/ {0, 0, 0},
252 	/*rpl*/ 0,
253 	/*rotational_offset*/ 0,
254 	/*reserved1*/ 0,
255 	/*rotation_rate*/ {0, 0},
256 	/*reserved2*/ {0, 0}
257 };
258 
259 static struct scsi_caching_page caching_page_default = {
260 	/*page_code*/SMS_CACHING_PAGE,
261 	/*page_length*/sizeof(struct scsi_caching_page) - 2,
262 	/*flags1*/ SCP_DISC | SCP_WCE,
263 	/*ret_priority*/ 0,
264 	/*disable_pf_transfer_len*/ {0xff, 0xff},
265 	/*min_prefetch*/ {0, 0},
266 	/*max_prefetch*/ {0xff, 0xff},
267 	/*max_pf_ceiling*/ {0xff, 0xff},
268 	/*flags2*/ 0,
269 	/*cache_segments*/ 0,
270 	/*cache_seg_size*/ {0, 0},
271 	/*reserved*/ 0,
272 	/*non_cache_seg_size*/ {0, 0, 0}
273 };
274 
275 static struct scsi_caching_page caching_page_changeable = {
276 	/*page_code*/SMS_CACHING_PAGE,
277 	/*page_length*/sizeof(struct scsi_caching_page) - 2,
278 	/*flags1*/ 0,
279 	/*ret_priority*/ 0,
280 	/*disable_pf_transfer_len*/ {0, 0},
281 	/*min_prefetch*/ {0, 0},
282 	/*max_prefetch*/ {0, 0},
283 	/*max_pf_ceiling*/ {0, 0},
284 	/*flags2*/ 0,
285 	/*cache_segments*/ 0,
286 	/*cache_seg_size*/ {0, 0},
287 	/*reserved*/ 0,
288 	/*non_cache_seg_size*/ {0, 0, 0}
289 };
290 
291 static struct scsi_control_page control_page_default = {
292 	/*page_code*/SMS_CONTROL_MODE_PAGE,
293 	/*page_length*/sizeof(struct scsi_control_page) - 2,
294 	/*rlec*/0,
295 	/*queue_flags*/0,
296 	/*eca_and_aen*/0,
297 	/*reserved*/0,
298 	/*aen_holdoff_period*/{0, 0}
299 };
300 
301 static struct scsi_control_page control_page_changeable = {
302 	/*page_code*/SMS_CONTROL_MODE_PAGE,
303 	/*page_length*/sizeof(struct scsi_control_page) - 2,
304 	/*rlec*/SCP_DSENSE,
305 	/*queue_flags*/0,
306 	/*eca_and_aen*/0,
307 	/*reserved*/0,
308 	/*aen_holdoff_period*/{0, 0}
309 };
310 
311 
312 /*
313  * XXX KDM move these into the softc.
314  */
315 static int rcv_sync_msg;
316 static int persis_offset;
317 static uint8_t ctl_pause_rtr;
318 static int     ctl_is_single;
319 static int     index_to_aps_page;
320 int	   ctl_disable = 0;
321 
322 SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
323 SYSCTL_INT(_kern_cam_ctl, OID_AUTO, disable, CTLFLAG_RDTUN, &ctl_disable, 0,
324 	   "Disable CTL");
325 TUNABLE_INT("kern.cam.ctl.disable", &ctl_disable);
326 
327 /*
328  * Serial number (0x80), device id (0x83), and supported pages (0x00)
329  */
330 #define SCSI_EVPD_NUM_SUPPORTED_PAGES	3
331 
332 static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
333 				  int param);
334 static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
335 static void ctl_init(void);
336 void ctl_shutdown(void);
337 static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
338 static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
339 static void ctl_ioctl_online(void *arg);
340 static void ctl_ioctl_offline(void *arg);
341 static int ctl_ioctl_targ_enable(void *arg, struct ctl_id targ_id);
342 static int ctl_ioctl_targ_disable(void *arg, struct ctl_id targ_id);
343 static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
344 static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
345 static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
346 static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio, int have_lock);
347 static int ctl_ioctl_submit_wait(union ctl_io *io);
348 static void ctl_ioctl_datamove(union ctl_io *io);
349 static void ctl_ioctl_done(union ctl_io *io);
350 static void ctl_ioctl_hard_startstop_callback(void *arg,
351 					      struct cfi_metatask *metatask);
352 static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
353 static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
354 			      struct ctl_ooa *ooa_hdr);
355 static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
356 		     struct thread *td);
357 uint32_t ctl_get_resindex(struct ctl_nexus *nexus);
358 uint32_t ctl_port_idx(int port_num);
359 #ifdef unused
360 static union ctl_io *ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port,
361 				   uint32_t targ_target, uint32_t targ_lun,
362 				   int can_wait);
363 static void ctl_kfree_io(union ctl_io *io);
364 #endif /* unused */
365 static void ctl_free_io_internal(union ctl_io *io, int have_lock);
366 static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
367 			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
368 static int ctl_free_lun(struct ctl_lun *lun);
369 static void ctl_create_lun(struct ctl_be_lun *be_lun);
370 /**
371 static void ctl_failover_change_pages(struct ctl_softc *softc,
372 				      struct ctl_scsiio *ctsio, int master);
373 **/
374 
375 static int ctl_do_mode_select(union ctl_io *io);
376 static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
377 			   uint64_t res_key, uint64_t sa_res_key,
378 			   uint8_t type, uint32_t residx,
379 			   struct ctl_scsiio *ctsio,
380 			   struct scsi_per_res_out *cdb,
381 			   struct scsi_per_res_out_parms* param);
382 static void ctl_pro_preempt_other(struct ctl_lun *lun,
383 				  union ctl_ha_msg *msg);
384 static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
385 static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
386 static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
387 static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
388 static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
389 static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
390 static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint32_t *len);
391 static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
392 static ctl_action ctl_check_for_blockage(union ctl_io *pending_io,
393 					 union ctl_io *ooa_io);
394 static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
395 				union ctl_io *starting_io);
396 static int ctl_check_blocked(struct ctl_lun *lun);
397 static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
398 				struct ctl_lun *lun,
399 				struct ctl_cmd_entry *entry,
400 				struct ctl_scsiio *ctsio);
401 //static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
402 static void ctl_failover(void);
403 static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
404 			       struct ctl_scsiio *ctsio);
405 static int ctl_scsiio(struct ctl_scsiio *ctsio);
406 
407 static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
408 static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
409 			    ctl_ua_type ua_type);
410 static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
411 			 ctl_ua_type ua_type);
412 static int ctl_abort_task(union ctl_io *io);
413 static void ctl_run_task_queue(struct ctl_softc *ctl_softc);
414 #ifdef CTL_IO_DELAY
415 static void ctl_datamove_timer_wakeup(void *arg);
416 static void ctl_done_timer_wakeup(void *arg);
417 #endif /* CTL_IO_DELAY */
418 
419 static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
420 static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
421 static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
422 static void ctl_datamove_remote_write(union ctl_io *io);
423 static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
424 static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
425 static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
426 static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
427 				    ctl_ha_dt_cb callback);
428 static void ctl_datamove_remote_read(union ctl_io *io);
429 static void ctl_datamove_remote(union ctl_io *io);
430 static int ctl_process_done(union ctl_io *io, int have_lock);
431 static void ctl_work_thread(void *arg);
432 
433 /*
434  * Load the serialization table.  This isn't very pretty, but is probably
435  * the easiest way to do it.
436  */
437 #include "ctl_ser_table.c"
438 
439 /*
440  * We only need to define open, close and ioctl routines for this driver.
441  */
442 static struct cdevsw ctl_cdevsw = {
443 	.d_version =	D_VERSION,
444 	.d_flags =	0,
445 	.d_open =	ctl_open,
446 	.d_close =	ctl_close,
447 	.d_ioctl =	ctl_ioctl,
448 	.d_name =	"ctl",
449 };
450 
451 
452 MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
453 
454 /*
455  * If we have the CAM SIM, we may or may not have another SIM that will
456  * cause CTL to get initialized.  If not, we need to initialize it.
457  */
458 SYSINIT(ctl_init, SI_SUB_CONFIGURE, SI_ORDER_THIRD, ctl_init, NULL);
459 
460 static void
461 ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
462 			    union ctl_ha_msg *msg_info)
463 {
464 	struct ctl_scsiio *ctsio;
465 
466 	if (msg_info->hdr.original_sc == NULL) {
467 		printf("%s: original_sc == NULL!\n", __func__);
468 		/* XXX KDM now what? */
469 		return;
470 	}
471 
472 	ctsio = &msg_info->hdr.original_sc->scsiio;
473 	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
474 	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
475 	ctsio->io_hdr.status = msg_info->hdr.status;
476 	ctsio->scsi_status = msg_info->scsi.scsi_status;
477 	ctsio->sense_len = msg_info->scsi.sense_len;
478 	ctsio->sense_residual = msg_info->scsi.sense_residual;
479 	ctsio->residual = msg_info->scsi.residual;
480 	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
481 	       sizeof(ctsio->sense_data));
482 	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
483 	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));;
484 	STAILQ_INSERT_TAIL(&ctl_softc->isc_queue, &ctsio->io_hdr, links);
485 	ctl_wakeup_thread();
486 }
487 
488 static void
489 ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
490 				union ctl_ha_msg *msg_info)
491 {
492 	struct ctl_scsiio *ctsio;
493 
494 	if (msg_info->hdr.serializing_sc == NULL) {
495 		printf("%s: serializing_sc == NULL!\n", __func__);
496 		/* XXX KDM now what? */
497 		return;
498 	}
499 
500 	ctsio = &msg_info->hdr.serializing_sc->scsiio;
501 #if 0
502 	/*
503 	 * Attempt to catch the situation where an I/O has
504 	 * been freed, and we're using it again.
505 	 */
506 	if (ctsio->io_hdr.io_type == 0xff) {
507 		union ctl_io *tmp_io;
508 		tmp_io = (union ctl_io *)ctsio;
509 		printf("%s: %p use after free!\n", __func__,
510 		       ctsio);
511 		printf("%s: type %d msg %d cdb %x iptl: "
512 		       "%d:%d:%d:%d tag 0x%04x "
513 		       "flag %#x status %x\n",
514 			__func__,
515 			tmp_io->io_hdr.io_type,
516 			tmp_io->io_hdr.msg_type,
517 			tmp_io->scsiio.cdb[0],
518 			tmp_io->io_hdr.nexus.initid.id,
519 			tmp_io->io_hdr.nexus.targ_port,
520 			tmp_io->io_hdr.nexus.targ_target.id,
521 			tmp_io->io_hdr.nexus.targ_lun,
522 			(tmp_io->io_hdr.io_type ==
523 			CTL_IO_TASK) ?
524 			tmp_io->taskio.tag_num :
525 			tmp_io->scsiio.tag_num,
526 		        tmp_io->io_hdr.flags,
527 			tmp_io->io_hdr.status);
528 	}
529 #endif
530 	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
531 	STAILQ_INSERT_TAIL(&ctl_softc->isc_queue, &ctsio->io_hdr, links);
532 	ctl_wakeup_thread();
533 }
534 
535 /*
536  * ISC (Inter Shelf Communication) event handler.  Events from the HA
537  * subsystem come in here.
538  */
539 static void
540 ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
541 {
542 	struct ctl_softc *ctl_softc;
543 	union ctl_io *io;
544 	struct ctl_prio *presio;
545 	ctl_ha_status isc_status;
546 
547 	ctl_softc = control_softc;
548 	io = NULL;
549 
550 
551 #if 0
552 	printf("CTL: Isc Msg event %d\n", event);
553 #endif
554 	if (event == CTL_HA_EVT_MSG_RECV) {
555 		union ctl_ha_msg msg_info;
556 
557 		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
558 					     sizeof(msg_info), /*wait*/ 0);
559 #if 0
560 		printf("CTL: msg_type %d\n", msg_info.msg_type);
561 #endif
562 		if (isc_status != 0) {
563 			printf("Error receiving message, status = %d\n",
564 			       isc_status);
565 			return;
566 		}
567 		mtx_lock(&ctl_softc->ctl_lock);
568 
569 		switch (msg_info.hdr.msg_type) {
570 		case CTL_MSG_SERIALIZE:
571 #if 0
572 			printf("Serialize\n");
573 #endif
574 			io = ctl_alloc_io((void *)ctl_softc->othersc_pool);
575 			if (io == NULL) {
576 				printf("ctl_isc_event_handler: can't allocate "
577 				       "ctl_io!\n");
578 				/* Bad Juju */
579 				/* Need to set busy and send msg back */
580 				mtx_unlock(&ctl_softc->ctl_lock);
581 				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
582 				msg_info.hdr.status = CTL_SCSI_ERROR;
583 				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
584 				msg_info.scsi.sense_len = 0;
585 			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
586 				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
587 				}
588 				goto bailout;
589 			}
590 			ctl_zero_io(io);
591 			// populate ctsio from msg_info
592 			io->io_hdr.io_type = CTL_IO_SCSI;
593 			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
594 			io->io_hdr.original_sc = msg_info.hdr.original_sc;
595 #if 0
596 			printf("pOrig %x\n", (int)msg_info.original_sc);
597 #endif
598 			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
599 					    CTL_FLAG_IO_ACTIVE;
600 			/*
601 			 * If we're in serialization-only mode, we don't
602 			 * want to go through full done processing.  Thus
603 			 * the COPY flag.
604 			 *
605 			 * XXX KDM add another flag that is more specific.
606 			 */
607 			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
608 				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
609 			io->io_hdr.nexus = msg_info.hdr.nexus;
610 #if 0
611 			printf("targ %d, port %d, iid %d, lun %d\n",
612 			       io->io_hdr.nexus.targ_target.id,
613 			       io->io_hdr.nexus.targ_port,
614 			       io->io_hdr.nexus.initid.id,
615 			       io->io_hdr.nexus.targ_lun);
616 #endif
617 			io->scsiio.tag_num = msg_info.scsi.tag_num;
618 			io->scsiio.tag_type = msg_info.scsi.tag_type;
619 			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
620 			       CTL_MAX_CDBLEN);
621 			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
622 				struct ctl_cmd_entry *entry;
623 				uint8_t opcode;
624 
625 				opcode = io->scsiio.cdb[0];
626 				entry = &ctl_cmd_table[opcode];
627 				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
628 				io->io_hdr.flags |=
629 					entry->flags & CTL_FLAG_DATA_MASK;
630 			}
631 			STAILQ_INSERT_TAIL(&ctl_softc->isc_queue,
632 					   &io->io_hdr, links);
633 			ctl_wakeup_thread();
634 			break;
635 
636 		/* Performed on the Originating SC, XFER mode only */
637 		case CTL_MSG_DATAMOVE: {
638 			struct ctl_sg_entry *sgl;
639 			int i, j;
640 
641 			io = msg_info.hdr.original_sc;
642 			if (io == NULL) {
643 				printf("%s: original_sc == NULL!\n", __func__);
644 				/* XXX KDM do something here */
645 				break;
646 			}
647 			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
648 			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
649 			/*
650 			 * Keep track of this, we need to send it back over
651 			 * when the datamove is complete.
652 			 */
653 			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
654 
655 			if (msg_info.dt.sg_sequence == 0) {
656 				/*
657 				 * XXX KDM we use the preallocated S/G list
658 				 * here, but we'll need to change this to
659 				 * dynamic allocation if we need larger S/G
660 				 * lists.
661 				 */
662 				if (msg_info.dt.kern_sg_entries >
663 				    sizeof(io->io_hdr.remote_sglist) /
664 				    sizeof(io->io_hdr.remote_sglist[0])) {
665 					printf("%s: number of S/G entries "
666 					    "needed %u > allocated num %zd\n",
667 					    __func__,
668 					    msg_info.dt.kern_sg_entries,
669 					    sizeof(io->io_hdr.remote_sglist)/
670 					    sizeof(io->io_hdr.remote_sglist[0]));
671 
672 					/*
673 					 * XXX KDM send a message back to
674 					 * the other side to shut down the
675 					 * DMA.  The error will come back
676 					 * through via the normal channel.
677 					 */
678 					break;
679 				}
680 				sgl = io->io_hdr.remote_sglist;
681 				memset(sgl, 0,
682 				       sizeof(io->io_hdr.remote_sglist));
683 
684 				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
685 
686 				io->scsiio.kern_sg_entries =
687 					msg_info.dt.kern_sg_entries;
688 				io->scsiio.rem_sg_entries =
689 					msg_info.dt.kern_sg_entries;
690 				io->scsiio.kern_data_len =
691 					msg_info.dt.kern_data_len;
692 				io->scsiio.kern_total_len =
693 					msg_info.dt.kern_total_len;
694 				io->scsiio.kern_data_resid =
695 					msg_info.dt.kern_data_resid;
696 				io->scsiio.kern_rel_offset =
697 					msg_info.dt.kern_rel_offset;
698 				/*
699 				 * Clear out per-DMA flags.
700 				 */
701 				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
702 				/*
703 				 * Add per-DMA flags that are set for this
704 				 * particular DMA request.
705 				 */
706 				io->io_hdr.flags |= msg_info.dt.flags &
707 						    CTL_FLAG_RDMA_MASK;
708 			} else
709 				sgl = (struct ctl_sg_entry *)
710 					io->scsiio.kern_data_ptr;
711 
712 			for (i = msg_info.dt.sent_sg_entries, j = 0;
713 			     i < (msg_info.dt.sent_sg_entries +
714 			     msg_info.dt.cur_sg_entries); i++, j++) {
715 				sgl[i].addr = msg_info.dt.sg_list[j].addr;
716 				sgl[i].len = msg_info.dt.sg_list[j].len;
717 
718 #if 0
719 				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
720 				       __func__,
721 				       msg_info.dt.sg_list[j].addr,
722 				       msg_info.dt.sg_list[j].len,
723 				       sgl[i].addr, sgl[i].len, j, i);
724 #endif
725 			}
726 #if 0
727 			memcpy(&sgl[msg_info.dt.sent_sg_entries],
728 			       msg_info.dt.sg_list,
729 			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
730 #endif
731 
732 			/*
733 			 * If this is the last piece of the I/O, we've got
734 			 * the full S/G list.  Queue processing in the thread.
735 			 * Otherwise wait for the next piece.
736 			 */
737 			if (msg_info.dt.sg_last != 0) {
738 				STAILQ_INSERT_TAIL(&ctl_softc->isc_queue,
739 						   &io->io_hdr, links);
740 				ctl_wakeup_thread();
741 			}
742 			break;
743 		}
744 		/* Performed on the Serializing (primary) SC, XFER mode only */
745 		case CTL_MSG_DATAMOVE_DONE: {
746 			if (msg_info.hdr.serializing_sc == NULL) {
747 				printf("%s: serializing_sc == NULL!\n",
748 				       __func__);
749 				/* XXX KDM now what? */
750 				break;
751 			}
752 			/*
753 			 * We grab the sense information here in case
754 			 * there was a failure, so we can return status
755 			 * back to the initiator.
756 			 */
757 			io = msg_info.hdr.serializing_sc;
758 			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
759 			io->io_hdr.status = msg_info.hdr.status;
760 			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
761 			io->scsiio.sense_len = msg_info.scsi.sense_len;
762 			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
763 			io->io_hdr.port_status = msg_info.scsi.fetd_status;
764 			io->scsiio.residual = msg_info.scsi.residual;
765 			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
766 			       sizeof(io->scsiio.sense_data));
767 
768 			STAILQ_INSERT_TAIL(&ctl_softc->isc_queue,
769 					   &io->io_hdr, links);
770 			ctl_wakeup_thread();
771 			break;
772 		}
773 
774 		/* Preformed on Originating SC, SER_ONLY mode */
775 		case CTL_MSG_R2R:
776 			io = msg_info.hdr.original_sc;
777 			if (io == NULL) {
778 				printf("%s: Major Bummer\n", __func__);
779 				mtx_unlock(&ctl_softc->ctl_lock);
780 				return;
781 			} else {
782 #if 0
783 				printf("pOrig %x\n",(int) ctsio);
784 #endif
785 			}
786 			io->io_hdr.msg_type = CTL_MSG_R2R;
787 			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
788 			STAILQ_INSERT_TAIL(&ctl_softc->isc_queue,
789 					   &io->io_hdr, links);
790 			ctl_wakeup_thread();
791 			break;
792 
793 		/*
794 		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
795 		 * mode.
796 		 * Performed on the Originating (i.e. secondary) SC in XFER
797 		 * mode
798 		 */
799 		case CTL_MSG_FINISH_IO:
800 			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
801 				ctl_isc_handler_finish_xfer(ctl_softc,
802 							    &msg_info);
803 			else
804 				ctl_isc_handler_finish_ser_only(ctl_softc,
805 								&msg_info);
806 			break;
807 
808 		/* Preformed on Originating SC */
809 		case CTL_MSG_BAD_JUJU:
810 			io = msg_info.hdr.original_sc;
811 			if (io == NULL) {
812 				printf("%s: Bad JUJU!, original_sc is NULL!\n",
813 				       __func__);
814 				break;
815 			}
816 			ctl_copy_sense_data(&msg_info, io);
817 			/*
818 			 * IO should have already been cleaned up on other
819 			 * SC so clear this flag so we won't send a message
820 			 * back to finish the IO there.
821 			 */
822 			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
823 			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
824 
825 			/* io = msg_info.hdr.serializing_sc; */
826 			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
827 		        STAILQ_INSERT_TAIL(&ctl_softc->isc_queue,
828 					   &io->io_hdr, links);
829 			ctl_wakeup_thread();
830 			break;
831 
832 		/* Handle resets sent from the other side */
833 		case CTL_MSG_MANAGE_TASKS: {
834 			struct ctl_taskio *taskio;
835 			taskio = (struct ctl_taskio *)ctl_alloc_io(
836 				(void *)ctl_softc->othersc_pool);
837 			if (taskio == NULL) {
838 				printf("ctl_isc_event_handler: can't allocate "
839 				       "ctl_io!\n");
840 				/* Bad Juju */
841 				/* should I just call the proper reset func
842 				   here??? */
843 				mtx_unlock(&ctl_softc->ctl_lock);
844 				goto bailout;
845 			}
846 			ctl_zero_io((union ctl_io *)taskio);
847 			taskio->io_hdr.io_type = CTL_IO_TASK;
848 			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
849 			taskio->io_hdr.nexus = msg_info.hdr.nexus;
850 			taskio->task_action = msg_info.task.task_action;
851 			taskio->tag_num = msg_info.task.tag_num;
852 			taskio->tag_type = msg_info.task.tag_type;
853 #ifdef CTL_TIME_IO
854 			taskio->io_hdr.start_time = time_uptime;
855 			getbintime(&taskio->io_hdr.start_bt);
856 #if 0
857 			cs_prof_gettime(&taskio->io_hdr.start_ticks);
858 #endif
859 #endif /* CTL_TIME_IO */
860 		        STAILQ_INSERT_TAIL(&ctl_softc->task_queue,
861 					   &taskio->io_hdr, links);
862 			ctl_softc->flags |= CTL_FLAG_TASK_PENDING;
863 			ctl_wakeup_thread();
864 			break;
865 		}
866 		/* Persistent Reserve action which needs attention */
867 		case CTL_MSG_PERS_ACTION:
868 			presio = (struct ctl_prio *)ctl_alloc_io(
869 				(void *)ctl_softc->othersc_pool);
870 			if (presio == NULL) {
871 				printf("ctl_isc_event_handler: can't allocate "
872 				       "ctl_io!\n");
873 				/* Bad Juju */
874 				/* Need to set busy and send msg back */
875 				mtx_unlock(&ctl_softc->ctl_lock);
876 				goto bailout;
877 			}
878 			ctl_zero_io((union ctl_io *)presio);
879 			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
880 			presio->pr_msg = msg_info.pr;
881 		        STAILQ_INSERT_TAIL(&ctl_softc->isc_queue,
882 					   &presio->io_hdr, links);
883 			ctl_wakeup_thread();
884 			break;
885 		case CTL_MSG_SYNC_FE:
886 			rcv_sync_msg = 1;
887 			break;
888 		case CTL_MSG_APS_LOCK: {
889 			// It's quicker to execute this then to
890 			// queue it.
891 			struct ctl_lun *lun;
892 			struct ctl_page_index *page_index;
893 			struct copan_aps_subpage *current_sp;
894 
895 			lun = ctl_softc->ctl_luns[msg_info.hdr.nexus.targ_lun];
896 			page_index = &lun->mode_pages.index[index_to_aps_page];
897 			current_sp = (struct copan_aps_subpage *)
898 				     (page_index->page_data +
899 				     (page_index->page_len * CTL_PAGE_CURRENT));
900 
901 			current_sp->lock_active = msg_info.aps.lock_flag;
902 		        break;
903 		}
904 		default:
905 		        printf("How did I get here?\n");
906 		}
907 		mtx_unlock(&ctl_softc->ctl_lock);
908 	} else if (event == CTL_HA_EVT_MSG_SENT) {
909 		if (param != CTL_HA_STATUS_SUCCESS) {
910 			printf("Bad status from ctl_ha_msg_send status %d\n",
911 			       param);
912 		}
913 		return;
914 	} else if (event == CTL_HA_EVT_DISCONNECT) {
915 		printf("CTL: Got a disconnect from Isc\n");
916 		return;
917 	} else {
918 		printf("ctl_isc_event_handler: Unknown event %d\n", event);
919 		return;
920 	}
921 
922 bailout:
923 	return;
924 }
925 
926 static void
927 ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
928 {
929 	struct scsi_sense_data *sense;
930 
931 	sense = &dest->scsiio.sense_data;
932 	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
933 	dest->scsiio.scsi_status = src->scsi.scsi_status;
934 	dest->scsiio.sense_len = src->scsi.sense_len;
935 	dest->io_hdr.status = src->hdr.status;
936 }
937 
938 static void
939 ctl_init(void)
940 {
941 	struct ctl_softc *softc;
942 	struct ctl_io_pool *internal_pool, *emergency_pool, *other_pool;
943 	struct ctl_frontend *fe;
944 	struct ctl_lun *lun;
945         uint8_t sc_id =0;
946 #if 0
947 	int i;
948 #endif
949 	int retval;
950 	//int isc_retval;
951 
952 	retval = 0;
953 	ctl_pause_rtr = 0;
954         rcv_sync_msg = 0;
955 
956 	/* If we're disabled, don't initialize. */
957 	if (ctl_disable != 0)
958 		return;
959 
960 	control_softc = malloc(sizeof(*control_softc), M_DEVBUF, M_WAITOK);
961 	softc = control_softc;
962 
963 	memset(softc, 0, sizeof(*softc));
964 
965 	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
966 			      "cam/ctl");
967 
968 	softc->dev->si_drv1 = softc;
969 
970 	/*
971 	 * By default, return a "bad LUN" peripheral qualifier for unknown
972 	 * LUNs.  The user can override this default using the tunable or
973 	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
974 	 */
975 	softc->inquiry_pq_no_lun = 1;
976 	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
977 			  &softc->inquiry_pq_no_lun);
978 	sysctl_ctx_init(&softc->sysctl_ctx);
979 	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
980 		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
981 		CTLFLAG_RD, 0, "CAM Target Layer");
982 
983 	if (softc->sysctl_tree == NULL) {
984 		printf("%s: unable to allocate sysctl tree\n", __func__);
985 		destroy_dev(softc->dev);
986 		free(control_softc, M_DEVBUF);
987 		control_softc = NULL;
988 		return;
989 	}
990 
991 	SYSCTL_ADD_INT(&softc->sysctl_ctx,
992 		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
993 		       "inquiry_pq_no_lun", CTLFLAG_RW,
994 		       &softc->inquiry_pq_no_lun, 0,
995 		       "Report no lun possible for invalid LUNs");
996 
997 	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
998 	softc->open_count = 0;
999 
1000 	/*
1001 	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1002 	 * the drive.
1003 	 */
1004 	softc->flags = CTL_FLAG_REAL_SYNC;
1005 
1006 	/*
1007 	 * In Copan's HA scheme, the "master" and "slave" roles are
1008 	 * figured out through the slot the controller is in.  Although it
1009 	 * is an active/active system, someone has to be in charge.
1010  	 */
1011 #ifdef NEEDTOPORT
1012         scmicro_rw(SCMICRO_GET_SHELF_ID, &sc_id);
1013 #endif
1014 
1015         if (sc_id == 0) {
1016 		softc->flags |= CTL_FLAG_MASTER_SHELF;
1017 		persis_offset = 0;
1018 	} else
1019 		persis_offset = CTL_MAX_INITIATORS;
1020 
1021 	/*
1022 	 * XXX KDM need to figure out where we want to get our target ID
1023 	 * and WWID.  Is it different on each port?
1024 	 */
1025 	softc->target.id = 0;
1026 	softc->target.wwid[0] = 0x12345678;
1027 	softc->target.wwid[1] = 0x87654321;
1028 	STAILQ_INIT(&softc->lun_list);
1029 	STAILQ_INIT(&softc->pending_lun_queue);
1030 	STAILQ_INIT(&softc->task_queue);
1031 	STAILQ_INIT(&softc->incoming_queue);
1032 	STAILQ_INIT(&softc->rtr_queue);
1033 	STAILQ_INIT(&softc->done_queue);
1034 	STAILQ_INIT(&softc->isc_queue);
1035 	STAILQ_INIT(&softc->fe_list);
1036 	STAILQ_INIT(&softc->be_list);
1037 	STAILQ_INIT(&softc->io_pools);
1038 
1039 	lun = &softc->lun;
1040 
1041 	/*
1042 	 * We don't bother calling these with ctl_lock held here, because,
1043 	 * in theory, no one else can try to do anything while we're in our
1044 	 * module init routine.
1045 	 */
1046 	if (ctl_pool_create(softc, CTL_POOL_INTERNAL, CTL_POOL_ENTRIES_INTERNAL,
1047 			    &internal_pool)!= 0){
1048 		printf("ctl: can't allocate %d entry internal pool, "
1049 		       "exiting\n", CTL_POOL_ENTRIES_INTERNAL);
1050 		return;
1051 	}
1052 
1053 	if (ctl_pool_create(softc, CTL_POOL_EMERGENCY,
1054 			    CTL_POOL_ENTRIES_EMERGENCY, &emergency_pool) != 0) {
1055 		printf("ctl: can't allocate %d entry emergency pool, "
1056 		       "exiting\n", CTL_POOL_ENTRIES_EMERGENCY);
1057 		ctl_pool_free(softc, internal_pool);
1058 		return;
1059 	}
1060 
1061 	if (ctl_pool_create(softc, CTL_POOL_4OTHERSC, CTL_POOL_ENTRIES_OTHER_SC,
1062 	                    &other_pool) != 0)
1063 	{
1064 		printf("ctl: can't allocate %d entry other SC pool, "
1065 		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1066 		ctl_pool_free(softc, internal_pool);
1067 		ctl_pool_free(softc, emergency_pool);
1068 		return;
1069 	}
1070 
1071 	softc->internal_pool = internal_pool;
1072 	softc->emergency_pool = emergency_pool;
1073 	softc->othersc_pool = other_pool;
1074 
1075 	ctl_pool_acquire(internal_pool);
1076 	ctl_pool_acquire(emergency_pool);
1077 	ctl_pool_acquire(other_pool);
1078 
1079 	/*
1080 	 * We used to allocate a processor LUN here.  The new scheme is to
1081 	 * just let the user allocate LUNs as he sees fit.
1082 	 */
1083 #if 0
1084 	mtx_lock(&softc->ctl_lock);
1085 	ctl_alloc_lun(softc, lun, /*be_lun*/NULL, /*target*/softc->target);
1086 	mtx_unlock(&softc->ctl_lock);
1087 #endif
1088 
1089 	if (kproc_create(ctl_work_thread, softc, &softc->work_thread, 0, 0,
1090 			 "ctl_thrd") != 0) {
1091 		printf("error creating CTL work thread!\n");
1092 		ctl_free_lun(lun);
1093 		ctl_pool_free(softc, internal_pool);
1094 		ctl_pool_free(softc, emergency_pool);
1095 		ctl_pool_free(softc, other_pool);
1096 		return;
1097 	}
1098 	printf("ctl: CAM Target Layer loaded\n");
1099 
1100 	/*
1101 	 * Initialize the initiator and portname mappings
1102 	 */
1103 	memset(softc->wwpn_iid, 0, sizeof(softc->wwpn_iid));
1104 
1105 	/*
1106 	 * Initialize the ioctl front end.
1107 	 */
1108 	fe = &softc->ioctl_info.fe;
1109 	sprintf(softc->ioctl_info.port_name, "CTL ioctl");
1110 	fe->port_type = CTL_PORT_IOCTL;
1111 	fe->num_requested_ctl_io = 100;
1112 	fe->port_name = softc->ioctl_info.port_name;
1113 	fe->port_online = ctl_ioctl_online;
1114 	fe->port_offline = ctl_ioctl_offline;
1115 	fe->onoff_arg = &softc->ioctl_info;
1116 	fe->targ_enable = ctl_ioctl_targ_enable;
1117 	fe->targ_disable = ctl_ioctl_targ_disable;
1118 	fe->lun_enable = ctl_ioctl_lun_enable;
1119 	fe->lun_disable = ctl_ioctl_lun_disable;
1120 	fe->targ_lun_arg = &softc->ioctl_info;
1121 	fe->fe_datamove = ctl_ioctl_datamove;
1122 	fe->fe_done = ctl_ioctl_done;
1123 	fe->max_targets = 15;
1124 	fe->max_target_id = 15;
1125 
1126 	if (ctl_frontend_register(&softc->ioctl_info.fe,
1127 	                  (softc->flags & CTL_FLAG_MASTER_SHELF)) != 0) {
1128 		printf("ctl: ioctl front end registration failed, will "
1129 		       "continue anyway\n");
1130 	}
1131 
1132 #ifdef CTL_IO_DELAY
1133 	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1134 		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1135 		       sizeof(struct callout), CTL_TIMER_BYTES);
1136 		return;
1137 	}
1138 #endif /* CTL_IO_DELAY */
1139 
1140 }
1141 
1142 void
1143 ctl_shutdown(void)
1144 {
1145 	struct ctl_softc *softc;
1146 	struct ctl_lun *lun, *next_lun;
1147 	struct ctl_io_pool *pool, *next_pool;
1148 
1149 	softc = (struct ctl_softc *)control_softc;
1150 
1151 	if (ctl_frontend_deregister(&softc->ioctl_info.fe) != 0)
1152 		printf("ctl: ioctl front end deregistration failed\n");
1153 
1154 	mtx_lock(&softc->ctl_lock);
1155 
1156 	/*
1157 	 * Free up each LUN.
1158 	 */
1159 	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1160 		next_lun = STAILQ_NEXT(lun, links);
1161 		ctl_free_lun(lun);
1162 	}
1163 
1164 	/*
1165 	 * This will rip the rug out from under any FETDs or anyone else
1166 	 * that has a pool allocated.  Since we increment our module
1167 	 * refcount any time someone outside the main CTL module allocates
1168 	 * a pool, we shouldn't have any problems here.  The user won't be
1169 	 * able to unload the CTL module until client modules have
1170 	 * successfully unloaded.
1171 	 */
1172 	for (pool = STAILQ_FIRST(&softc->io_pools); pool != NULL;
1173 	     pool = next_pool) {
1174 		next_pool = STAILQ_NEXT(pool, links);
1175 		ctl_pool_free(softc, pool);
1176 	}
1177 
1178 	mtx_unlock(&softc->ctl_lock);
1179 
1180 #if 0
1181 	ctl_shutdown_thread(softc->work_thread);
1182 #endif
1183 
1184 	mtx_destroy(&softc->ctl_lock);
1185 
1186 	destroy_dev(softc->dev);
1187 
1188 	sysctl_ctx_free(&softc->sysctl_ctx);
1189 
1190 	free(control_softc, M_DEVBUF);
1191 	control_softc = NULL;
1192 
1193 	printf("ctl: CAM Target Layer unloaded\n");
1194 }
1195 
1196 /*
1197  * XXX KDM should we do some access checks here?  Bump a reference count to
1198  * prevent a CTL module from being unloaded while someone has it open?
1199  */
1200 static int
1201 ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1202 {
1203 	return (0);
1204 }
1205 
1206 static int
1207 ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1208 {
1209 	return (0);
1210 }
1211 
1212 int
1213 ctl_port_enable(ctl_port_type port_type)
1214 {
1215 	struct ctl_softc *softc;
1216 	struct ctl_frontend *fe;
1217 
1218 	if (ctl_is_single == 0) {
1219 		union ctl_ha_msg msg_info;
1220 		int isc_retval;
1221 
1222 #if 0
1223 		printf("%s: HA mode, synchronizing frontend enable\n",
1224 		        __func__);
1225 #endif
1226 		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1227 	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1228 		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1229 			printf("Sync msg send error retval %d\n", isc_retval);
1230 		}
1231 		if (!rcv_sync_msg) {
1232 			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1233 			        sizeof(msg_info), 1);
1234 		}
1235 #if 0
1236         	printf("CTL:Frontend Enable\n");
1237 	} else {
1238 		printf("%s: single mode, skipping frontend synchronization\n",
1239 		        __func__);
1240 #endif
1241 	}
1242 
1243 	softc = control_softc;
1244 
1245 	STAILQ_FOREACH(fe, &softc->fe_list, links) {
1246 		if (port_type & fe->port_type)
1247 		{
1248 #if 0
1249 			printf("port %d\n", fe->targ_port);
1250 #endif
1251 			ctl_frontend_online(fe);
1252 		}
1253 	}
1254 
1255 	return (0);
1256 }
1257 
1258 int
1259 ctl_port_disable(ctl_port_type port_type)
1260 {
1261 	struct ctl_softc *softc;
1262 	struct ctl_frontend *fe;
1263 
1264 	softc = control_softc;
1265 
1266 	STAILQ_FOREACH(fe, &softc->fe_list, links) {
1267 		if (port_type & fe->port_type)
1268 			ctl_frontend_offline(fe);
1269 	}
1270 
1271 	return (0);
1272 }
1273 
1274 /*
1275  * Returns 0 for success, 1 for failure.
1276  * Currently the only failure mode is if there aren't enough entries
1277  * allocated.  So, in case of a failure, look at num_entries_dropped,
1278  * reallocate and try again.
1279  */
1280 int
1281 ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1282 	      int *num_entries_filled, int *num_entries_dropped,
1283 	      ctl_port_type port_type, int no_virtual)
1284 {
1285 	struct ctl_softc *softc;
1286 	struct ctl_frontend *fe;
1287 	int entries_dropped, entries_filled;
1288 	int retval;
1289 	int i;
1290 
1291 	softc = control_softc;
1292 
1293 	retval = 0;
1294 	entries_filled = 0;
1295 	entries_dropped = 0;
1296 
1297 	i = 0;
1298 	mtx_lock(&softc->ctl_lock);
1299 	STAILQ_FOREACH(fe, &softc->fe_list, links) {
1300 		struct ctl_port_entry *entry;
1301 
1302 		if ((fe->port_type & port_type) == 0)
1303 			continue;
1304 
1305 		if ((no_virtual != 0)
1306 		 && (fe->virtual_port != 0))
1307 			continue;
1308 
1309 		if (entries_filled >= num_entries_alloced) {
1310 			entries_dropped++;
1311 			continue;
1312 		}
1313 		entry = &entries[i];
1314 
1315 		entry->port_type = fe->port_type;
1316 		strlcpy(entry->port_name, fe->port_name,
1317 			sizeof(entry->port_name));
1318 		entry->physical_port = fe->physical_port;
1319 		entry->virtual_port = fe->virtual_port;
1320 		entry->wwnn = fe->wwnn;
1321 		entry->wwpn = fe->wwpn;
1322 
1323 		i++;
1324 		entries_filled++;
1325 	}
1326 
1327 	mtx_unlock(&softc->ctl_lock);
1328 
1329 	if (entries_dropped > 0)
1330 		retval = 1;
1331 
1332 	*num_entries_dropped = entries_dropped;
1333 	*num_entries_filled = entries_filled;
1334 
1335 	return (retval);
1336 }
1337 
1338 static void
1339 ctl_ioctl_online(void *arg)
1340 {
1341 	struct ctl_ioctl_info *ioctl_info;
1342 
1343 	ioctl_info = (struct ctl_ioctl_info *)arg;
1344 
1345 	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1346 }
1347 
1348 static void
1349 ctl_ioctl_offline(void *arg)
1350 {
1351 	struct ctl_ioctl_info *ioctl_info;
1352 
1353 	ioctl_info = (struct ctl_ioctl_info *)arg;
1354 
1355 	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1356 }
1357 
1358 /*
1359  * Remove an initiator by port number and initiator ID.
1360  * Returns 0 for success, 1 for failure.
1361  * Assumes the caller does NOT hold the CTL lock.
1362  */
1363 int
1364 ctl_remove_initiator(int32_t targ_port, uint32_t iid)
1365 {
1366 	struct ctl_softc *softc;
1367 
1368 	softc = control_softc;
1369 
1370 	if ((targ_port < 0)
1371 	 || (targ_port > CTL_MAX_PORTS)) {
1372 		printf("%s: invalid port number %d\n", __func__, targ_port);
1373 		return (1);
1374 	}
1375 	if (iid > CTL_MAX_INIT_PER_PORT) {
1376 		printf("%s: initiator ID %u > maximun %u!\n",
1377 		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1378 		return (1);
1379 	}
1380 
1381 	mtx_lock(&softc->ctl_lock);
1382 
1383 	softc->wwpn_iid[targ_port][iid].in_use = 0;
1384 
1385 	mtx_unlock(&softc->ctl_lock);
1386 
1387 	return (0);
1388 }
1389 
1390 /*
1391  * Add an initiator to the initiator map.
1392  * Returns 0 for success, 1 for failure.
1393  * Assumes the caller does NOT hold the CTL lock.
1394  */
1395 int
1396 ctl_add_initiator(uint64_t wwpn, int32_t targ_port, uint32_t iid)
1397 {
1398 	struct ctl_softc *softc;
1399 	int retval;
1400 
1401 	softc = control_softc;
1402 
1403 	retval = 0;
1404 
1405 	if ((targ_port < 0)
1406 	 || (targ_port > CTL_MAX_PORTS)) {
1407 		printf("%s: invalid port number %d\n", __func__, targ_port);
1408 		return (1);
1409 	}
1410 	if (iid > CTL_MAX_INIT_PER_PORT) {
1411 		printf("%s: WWPN %#jx initiator ID %u > maximun %u!\n",
1412 		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1413 		return (1);
1414 	}
1415 
1416 	mtx_lock(&softc->ctl_lock);
1417 
1418 	if (softc->wwpn_iid[targ_port][iid].in_use != 0) {
1419 		/*
1420 		 * We don't treat this as an error.
1421 		 */
1422 		if (softc->wwpn_iid[targ_port][iid].wwpn == wwpn) {
1423 			printf("%s: port %d iid %u WWPN %#jx arrived again?\n",
1424 			       __func__, targ_port, iid, (uintmax_t)wwpn);
1425 			goto bailout;
1426 		}
1427 
1428 		/*
1429 		 * This is an error, but what do we do about it?  The
1430 		 * driver is telling us we have a new WWPN for this
1431 		 * initiator ID, so we pretty much need to use it.
1432 		 */
1433 		printf("%s: port %d iid %u WWPN %#jx arrived, WWPN %#jx is "
1434 		       "still at that address\n", __func__, targ_port, iid,
1435 		       (uintmax_t)wwpn,
1436 		       (uintmax_t)softc->wwpn_iid[targ_port][iid].wwpn);
1437 
1438 		/*
1439 		 * XXX KDM clear have_ca and ua_pending on each LUN for
1440 		 * this initiator.
1441 		 */
1442 	}
1443 	softc->wwpn_iid[targ_port][iid].in_use = 1;
1444 	softc->wwpn_iid[targ_port][iid].iid = iid;
1445 	softc->wwpn_iid[targ_port][iid].wwpn = wwpn;
1446 	softc->wwpn_iid[targ_port][iid].port = targ_port;
1447 
1448 bailout:
1449 
1450 	mtx_unlock(&softc->ctl_lock);
1451 
1452 	return (retval);
1453 }
1454 
1455 /*
1456  * XXX KDM should we pretend to do something in the target/lun
1457  * enable/disable functions?
1458  */
1459 static int
1460 ctl_ioctl_targ_enable(void *arg, struct ctl_id targ_id)
1461 {
1462 	return (0);
1463 }
1464 
1465 static int
1466 ctl_ioctl_targ_disable(void *arg, struct ctl_id targ_id)
1467 {
1468 	return (0);
1469 }
1470 
1471 static int
1472 ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1473 {
1474 	return (0);
1475 }
1476 
1477 static int
1478 ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1479 {
1480 	return (0);
1481 }
1482 
1483 /*
1484  * Data movement routine for the CTL ioctl frontend port.
1485  */
1486 static int
1487 ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1488 {
1489 	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1490 	struct ctl_sg_entry ext_entry, kern_entry;
1491 	int ext_sglen, ext_sg_entries, kern_sg_entries;
1492 	int ext_sg_start, ext_offset;
1493 	int len_to_copy, len_copied;
1494 	int kern_watermark, ext_watermark;
1495 	int ext_sglist_malloced;
1496 	int i, j;
1497 
1498 	ext_sglist_malloced = 0;
1499 	ext_sg_start = 0;
1500 	ext_offset = 0;
1501 
1502 	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1503 
1504 	/*
1505 	 * If this flag is set, fake the data transfer.
1506 	 */
1507 	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1508 		ctsio->ext_data_filled = ctsio->ext_data_len;
1509 		goto bailout;
1510 	}
1511 
1512 	/*
1513 	 * To simplify things here, if we have a single buffer, stick it in
1514 	 * a S/G entry and just make it a single entry S/G list.
1515 	 */
1516 	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1517 		int len_seen;
1518 
1519 		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1520 
1521 		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1522 							   M_WAITOK);
1523 		ext_sglist_malloced = 1;
1524 		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1525 				   ext_sglen) != 0) {
1526 			ctl_set_internal_failure(ctsio,
1527 						 /*sks_valid*/ 0,
1528 						 /*retry_count*/ 0);
1529 			goto bailout;
1530 		}
1531 		ext_sg_entries = ctsio->ext_sg_entries;
1532 		len_seen = 0;
1533 		for (i = 0; i < ext_sg_entries; i++) {
1534 			if ((len_seen + ext_sglist[i].len) >=
1535 			     ctsio->ext_data_filled) {
1536 				ext_sg_start = i;
1537 				ext_offset = ctsio->ext_data_filled - len_seen;
1538 				break;
1539 			}
1540 			len_seen += ext_sglist[i].len;
1541 		}
1542 	} else {
1543 		ext_sglist = &ext_entry;
1544 		ext_sglist->addr = ctsio->ext_data_ptr;
1545 		ext_sglist->len = ctsio->ext_data_len;
1546 		ext_sg_entries = 1;
1547 		ext_sg_start = 0;
1548 		ext_offset = ctsio->ext_data_filled;
1549 	}
1550 
1551 	if (ctsio->kern_sg_entries > 0) {
1552 		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1553 		kern_sg_entries = ctsio->kern_sg_entries;
1554 	} else {
1555 		kern_sglist = &kern_entry;
1556 		kern_sglist->addr = ctsio->kern_data_ptr;
1557 		kern_sglist->len = ctsio->kern_data_len;
1558 		kern_sg_entries = 1;
1559 	}
1560 
1561 
1562 	kern_watermark = 0;
1563 	ext_watermark = ext_offset;
1564 	len_copied = 0;
1565 	for (i = ext_sg_start, j = 0;
1566 	     i < ext_sg_entries && j < kern_sg_entries;) {
1567 		uint8_t *ext_ptr, *kern_ptr;
1568 
1569 		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1570 				      kern_sglist[j].len - kern_watermark);
1571 
1572 		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1573 		ext_ptr = ext_ptr + ext_watermark;
1574 		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1575 			/*
1576 			 * XXX KDM fix this!
1577 			 */
1578 			panic("need to implement bus address support");
1579 #if 0
1580 			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1581 #endif
1582 		} else
1583 			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1584 		kern_ptr = kern_ptr + kern_watermark;
1585 
1586 		kern_watermark += len_to_copy;
1587 		ext_watermark += len_to_copy;
1588 
1589 		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1590 		     CTL_FLAG_DATA_IN) {
1591 			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1592 					 "bytes to user\n", len_to_copy));
1593 			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1594 					 "to %p\n", kern_ptr, ext_ptr));
1595 			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1596 				ctl_set_internal_failure(ctsio,
1597 							 /*sks_valid*/ 0,
1598 							 /*retry_count*/ 0);
1599 				goto bailout;
1600 			}
1601 		} else {
1602 			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1603 					 "bytes from user\n", len_to_copy));
1604 			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1605 					 "to %p\n", ext_ptr, kern_ptr));
1606 			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1607 				ctl_set_internal_failure(ctsio,
1608 							 /*sks_valid*/ 0,
1609 							 /*retry_count*/0);
1610 				goto bailout;
1611 			}
1612 		}
1613 
1614 		len_copied += len_to_copy;
1615 
1616 		if (ext_sglist[i].len == ext_watermark) {
1617 			i++;
1618 			ext_watermark = 0;
1619 		}
1620 
1621 		if (kern_sglist[j].len == kern_watermark) {
1622 			j++;
1623 			kern_watermark = 0;
1624 		}
1625 	}
1626 
1627 	ctsio->ext_data_filled += len_copied;
1628 
1629 	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1630 			 "kern_sg_entries: %d\n", ext_sg_entries,
1631 			 kern_sg_entries));
1632 	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1633 			 "kern_data_len = %d\n", ctsio->ext_data_len,
1634 			 ctsio->kern_data_len));
1635 
1636 
1637 	/* XXX KDM set residual?? */
1638 bailout:
1639 
1640 	if (ext_sglist_malloced != 0)
1641 		free(ext_sglist, M_CTL);
1642 
1643 	return (CTL_RETVAL_COMPLETE);
1644 }
1645 
1646 /*
1647  * Serialize a command that went down the "wrong" side, and so was sent to
1648  * this controller for execution.  The logic is a little different than the
1649  * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1650  * sent back to the other side, but in the success case, we execute the
1651  * command on this side (XFER mode) or tell the other side to execute it
1652  * (SER_ONLY mode).
1653  */
1654 static int
1655 ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio, int have_lock)
1656 {
1657 	struct ctl_softc *ctl_softc;
1658 	union ctl_ha_msg msg_info;
1659 	struct ctl_lun *lun;
1660 	int retval = 0;
1661 
1662 	ctl_softc = control_softc;
1663 	if (have_lock == 0)
1664 		mtx_lock(&ctl_softc->ctl_lock);
1665 
1666 	lun = ctl_softc->ctl_luns[ctsio->io_hdr.nexus.targ_lun];
1667 	if (lun==NULL)
1668 	{
1669 		/*
1670 		 * Why isn't LUN defined? The other side wouldn't
1671 		 * send a cmd if the LUN is undefined.
1672 		 */
1673 		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1674 
1675 		/* "Logical unit not supported" */
1676 		ctl_set_sense_data(&msg_info.scsi.sense_data,
1677 				   lun,
1678 				   /*sense_format*/SSD_TYPE_NONE,
1679 				   /*current_error*/ 1,
1680 				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1681 				   /*asc*/ 0x25,
1682 				   /*ascq*/ 0x00,
1683 				   SSD_ELEM_NONE);
1684 
1685 		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1686 		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1687 		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1688 		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1689 		msg_info.hdr.serializing_sc = NULL;
1690 		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1691 	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1692 				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1693 		}
1694 		if (have_lock == 0)
1695 			mtx_unlock(&ctl_softc->ctl_lock);
1696 		return(1);
1697 
1698 	}
1699 
1700     	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1701 
1702 	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1703 		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1704 		 ooa_links))) {
1705 	case CTL_ACTION_BLOCK:
1706 		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1707 		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1708 				  blocked_links);
1709 		break;
1710 	case CTL_ACTION_PASS:
1711 	case CTL_ACTION_SKIP:
1712 		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1713 			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1714 			STAILQ_INSERT_TAIL(&ctl_softc->rtr_queue,
1715 					   &ctsio->io_hdr, links);
1716 		} else {
1717 
1718 			/* send msg back to other side */
1719 			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1720 			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1721 			msg_info.hdr.msg_type = CTL_MSG_R2R;
1722 #if 0
1723 			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1724 #endif
1725 		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1726 			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1727 			}
1728 		}
1729 		break;
1730 	case CTL_ACTION_OVERLAP:
1731 		/* OVERLAPPED COMMANDS ATTEMPTED */
1732 		ctl_set_sense_data(&msg_info.scsi.sense_data,
1733 				   lun,
1734 				   /*sense_format*/SSD_TYPE_NONE,
1735 				   /*current_error*/ 1,
1736 				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1737 				   /*asc*/ 0x4E,
1738 				   /*ascq*/ 0x00,
1739 				   SSD_ELEM_NONE);
1740 
1741 		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1742 		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1743 		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1744 		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1745 		msg_info.hdr.serializing_sc = NULL;
1746 		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1747 #if 0
1748 		printf("BAD JUJU:Major Bummer Overlap\n");
1749 #endif
1750 		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1751 		retval = 1;
1752 		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1753 		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1754 		}
1755 		break;
1756 	case CTL_ACTION_OVERLAP_TAG:
1757 		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1758 		ctl_set_sense_data(&msg_info.scsi.sense_data,
1759 				   lun,
1760 				   /*sense_format*/SSD_TYPE_NONE,
1761 				   /*current_error*/ 1,
1762 				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1763 				   /*asc*/ 0x4D,
1764 				   /*ascq*/ ctsio->tag_num & 0xff,
1765 				   SSD_ELEM_NONE);
1766 
1767 		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1768 		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1769 		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1770 		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1771 		msg_info.hdr.serializing_sc = NULL;
1772 		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1773 #if 0
1774 		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1775 #endif
1776 		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1777 		retval = 1;
1778 		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1779 		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1780 		}
1781 		break;
1782 	case CTL_ACTION_ERROR:
1783 	default:
1784 		/* "Internal target failure" */
1785 		ctl_set_sense_data(&msg_info.scsi.sense_data,
1786 				   lun,
1787 				   /*sense_format*/SSD_TYPE_NONE,
1788 				   /*current_error*/ 1,
1789 				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1790 				   /*asc*/ 0x44,
1791 				   /*ascq*/ 0x00,
1792 				   SSD_ELEM_NONE);
1793 
1794 		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1795 		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1796 		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1797 		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1798 		msg_info.hdr.serializing_sc = NULL;
1799 		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1800 #if 0
1801 		printf("BAD JUJU:Major Bummer HW Error\n");
1802 #endif
1803 		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1804 		retval = 1;
1805 		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1806 		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1807 		}
1808 		break;
1809 	}
1810 	if (have_lock == 0)
1811 		mtx_unlock(&ctl_softc->ctl_lock);
1812 	return (retval);
1813 }
1814 
1815 static int
1816 ctl_ioctl_submit_wait(union ctl_io *io)
1817 {
1818 	struct ctl_fe_ioctl_params params;
1819 	ctl_fe_ioctl_state last_state;
1820 	int done, retval;
1821 
1822 	retval = 0;
1823 
1824 	bzero(&params, sizeof(params));
1825 
1826 	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
1827 	cv_init(&params.sem, "ctlioccv");
1828 	params.state = CTL_IOCTL_INPROG;
1829 	last_state = params.state;
1830 
1831 	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
1832 
1833 	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
1834 
1835 	/* This shouldn't happen */
1836 	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
1837 		return (retval);
1838 
1839 	done = 0;
1840 
1841 	do {
1842 		mtx_lock(&params.ioctl_mtx);
1843 		/*
1844 		 * Check the state here, and don't sleep if the state has
1845 		 * already changed (i.e. wakeup has already occured, but we
1846 		 * weren't waiting yet).
1847 		 */
1848 		if (params.state == last_state) {
1849 			/* XXX KDM cv_wait_sig instead? */
1850 			cv_wait(&params.sem, &params.ioctl_mtx);
1851 		}
1852 		last_state = params.state;
1853 
1854 		switch (params.state) {
1855 		case CTL_IOCTL_INPROG:
1856 			/* Why did we wake up? */
1857 			/* XXX KDM error here? */
1858 			mtx_unlock(&params.ioctl_mtx);
1859 			break;
1860 		case CTL_IOCTL_DATAMOVE:
1861 			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
1862 
1863 			/*
1864 			 * change last_state back to INPROG to avoid
1865 			 * deadlock on subsequent data moves.
1866 			 */
1867 			params.state = last_state = CTL_IOCTL_INPROG;
1868 
1869 			mtx_unlock(&params.ioctl_mtx);
1870 			ctl_ioctl_do_datamove(&io->scsiio);
1871 			/*
1872 			 * Note that in some cases, most notably writes,
1873 			 * this will queue the I/O and call us back later.
1874 			 * In other cases, generally reads, this routine
1875 			 * will immediately call back and wake us up,
1876 			 * probably using our own context.
1877 			 */
1878 			io->scsiio.be_move_done(io);
1879 			break;
1880 		case CTL_IOCTL_DONE:
1881 			mtx_unlock(&params.ioctl_mtx);
1882 			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
1883 			done = 1;
1884 			break;
1885 		default:
1886 			mtx_unlock(&params.ioctl_mtx);
1887 			/* XXX KDM error here? */
1888 			break;
1889 		}
1890 	} while (done == 0);
1891 
1892 	mtx_destroy(&params.ioctl_mtx);
1893 	cv_destroy(&params.sem);
1894 
1895 	return (CTL_RETVAL_COMPLETE);
1896 }
1897 
1898 static void
1899 ctl_ioctl_datamove(union ctl_io *io)
1900 {
1901 	struct ctl_fe_ioctl_params *params;
1902 
1903 	params = (struct ctl_fe_ioctl_params *)
1904 		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1905 
1906 	mtx_lock(&params->ioctl_mtx);
1907 	params->state = CTL_IOCTL_DATAMOVE;
1908 	cv_broadcast(&params->sem);
1909 	mtx_unlock(&params->ioctl_mtx);
1910 }
1911 
1912 static void
1913 ctl_ioctl_done(union ctl_io *io)
1914 {
1915 	struct ctl_fe_ioctl_params *params;
1916 
1917 	params = (struct ctl_fe_ioctl_params *)
1918 		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1919 
1920 	mtx_lock(&params->ioctl_mtx);
1921 	params->state = CTL_IOCTL_DONE;
1922 	cv_broadcast(&params->sem);
1923 	mtx_unlock(&params->ioctl_mtx);
1924 }
1925 
1926 static void
1927 ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
1928 {
1929 	struct ctl_fe_ioctl_startstop_info *sd_info;
1930 
1931 	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
1932 
1933 	sd_info->hs_info.status = metatask->status;
1934 	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
1935 	sd_info->hs_info.luns_complete =
1936 		metatask->taskinfo.startstop.luns_complete;
1937 	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
1938 
1939 	cv_broadcast(&sd_info->sem);
1940 }
1941 
1942 static void
1943 ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
1944 {
1945 	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
1946 
1947 	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
1948 
1949 	mtx_lock(fe_bbr_info->lock);
1950 	fe_bbr_info->bbr_info->status = metatask->status;
1951 	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
1952 	fe_bbr_info->wakeup_done = 1;
1953 	mtx_unlock(fe_bbr_info->lock);
1954 
1955 	cv_broadcast(&fe_bbr_info->sem);
1956 }
1957 
1958 /*
1959  * Must be called with the ctl_lock held.
1960  * Returns 0 for success, errno for failure.
1961  */
1962 static int
1963 ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1964 		   struct ctl_ooa *ooa_hdr)
1965 {
1966 	union ctl_io *io;
1967 	int retval;
1968 
1969 	retval = 0;
1970 
1971 	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1972 	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
1973 	     ooa_links)) {
1974 		struct ctl_ooa_entry *cur_entry, entry;
1975 
1976 		/*
1977 		 * If we've got more than we can fit, just count the
1978 		 * remaining entries.
1979 		 */
1980 		if (*cur_fill_num >= ooa_hdr->alloc_num)
1981 			continue;
1982 
1983 		cur_entry = &ooa_hdr->entries[*cur_fill_num];
1984 
1985 		bzero(&entry, sizeof(entry));
1986 
1987 		entry.tag_num = io->scsiio.tag_num;
1988 		entry.lun_num = lun->lun;
1989 #ifdef CTL_TIME_IO
1990 		entry.start_bt = io->io_hdr.start_bt;
1991 #endif
1992 		bcopy(io->scsiio.cdb, entry.cdb, io->scsiio.cdb_len);
1993 		entry.cdb_len = io->scsiio.cdb_len;
1994 		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
1995 			entry.cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
1996 
1997 		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
1998 			entry.cmd_flags |= CTL_OOACMD_FLAG_DMA;
1999 
2000 		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2001 			entry.cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2002 
2003 		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2004 			entry.cmd_flags |= CTL_OOACMD_FLAG_RTR;
2005 
2006 		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2007 			entry.cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2008 
2009 		retval = copyout(&entry, cur_entry, sizeof(entry));
2010 
2011 		if (retval != 0)
2012 			break;
2013 	}
2014 
2015 	return (retval);
2016 }
2017 
2018 static void *
2019 ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2020 		 size_t error_str_len)
2021 {
2022 	void *kptr;
2023 
2024 	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2025 
2026 	if (copyin(user_addr, kptr, len) != 0) {
2027 		snprintf(error_str, error_str_len, "Error copying %d bytes "
2028 			 "from user address %p to kernel address %p", len,
2029 			 user_addr, kptr);
2030 		free(kptr, M_CTL);
2031 		return (NULL);
2032 	}
2033 
2034 	return (kptr);
2035 }
2036 
2037 static void
2038 ctl_free_args(int num_be_args, struct ctl_be_arg *be_args)
2039 {
2040 	int i;
2041 
2042 	if (be_args == NULL)
2043 		return;
2044 
2045 	for (i = 0; i < num_be_args; i++) {
2046 		free(be_args[i].kname, M_CTL);
2047 		free(be_args[i].kvalue, M_CTL);
2048 	}
2049 
2050 	free(be_args, M_CTL);
2051 }
2052 
2053 static struct ctl_be_arg *
2054 ctl_copyin_args(int num_be_args, struct ctl_be_arg *be_args,
2055 		char *error_str, size_t error_str_len)
2056 {
2057 	struct ctl_be_arg *args;
2058 	int i;
2059 
2060 	args = ctl_copyin_alloc(be_args, num_be_args * sizeof(*be_args),
2061 				error_str, error_str_len);
2062 
2063 	if (args == NULL)
2064 		goto bailout;
2065 
2066 	for (i = 0; i < num_be_args; i++) {
2067 		args[i].kname = NULL;
2068 		args[i].kvalue = NULL;
2069 	}
2070 
2071 	for (i = 0; i < num_be_args; i++) {
2072 		uint8_t *tmpptr;
2073 
2074 		args[i].kname = ctl_copyin_alloc(args[i].name,
2075 			args[i].namelen, error_str, error_str_len);
2076 		if (args[i].kname == NULL)
2077 			goto bailout;
2078 
2079 		if (args[i].kname[args[i].namelen - 1] != '\0') {
2080 			snprintf(error_str, error_str_len, "Argument %d "
2081 				 "name is not NUL-terminated", i);
2082 			goto bailout;
2083 		}
2084 
2085 		args[i].kvalue = NULL;
2086 
2087 		tmpptr = ctl_copyin_alloc(args[i].value,
2088 			args[i].vallen, error_str, error_str_len);
2089 		if (tmpptr == NULL)
2090 			goto bailout;
2091 
2092 		args[i].kvalue = tmpptr;
2093 
2094 		if ((args[i].flags & CTL_BEARG_ASCII)
2095 		 && (tmpptr[args[i].vallen - 1] != '\0')) {
2096 			snprintf(error_str, error_str_len, "Argument %d "
2097 				 "value is not NUL-terminated", i);
2098 			goto bailout;
2099 		}
2100 	}
2101 
2102 	return (args);
2103 bailout:
2104 
2105 	ctl_free_args(num_be_args, args);
2106 
2107 	return (NULL);
2108 }
2109 
2110 /*
2111  * Escape characters that are illegal or not recommended in XML.
2112  */
2113 int
2114 ctl_sbuf_printf_esc(struct sbuf *sb, char *str)
2115 {
2116 	int retval;
2117 
2118 	retval = 0;
2119 
2120 	for (; *str; str++) {
2121 		switch (*str) {
2122 		case '&':
2123 			retval = sbuf_printf(sb, "&amp;");
2124 			break;
2125 		case '>':
2126 			retval = sbuf_printf(sb, "&gt;");
2127 			break;
2128 		case '<':
2129 			retval = sbuf_printf(sb, "&lt;");
2130 			break;
2131 		default:
2132 			retval = sbuf_putc(sb, *str);
2133 			break;
2134 		}
2135 
2136 		if (retval != 0)
2137 			break;
2138 
2139 	}
2140 
2141 	return (retval);
2142 }
2143 
2144 static int
2145 ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2146 	  struct thread *td)
2147 {
2148 	struct ctl_softc *softc;
2149 	int retval;
2150 
2151 	softc = control_softc;
2152 
2153 	retval = 0;
2154 
2155 	switch (cmd) {
2156 	case CTL_IO: {
2157 		union ctl_io *io;
2158 		void *pool_tmp;
2159 
2160 		/*
2161 		 * If we haven't been "enabled", don't allow any SCSI I/O
2162 		 * to this FETD.
2163 		 */
2164 		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2165 			retval = -EPERM;
2166 			break;
2167 		}
2168 
2169 		io = ctl_alloc_io(softc->ioctl_info.fe.ctl_pool_ref);
2170 		if (io == NULL) {
2171 			printf("ctl_ioctl: can't allocate ctl_io!\n");
2172 			retval = -ENOSPC;
2173 			break;
2174 		}
2175 
2176 		/*
2177 		 * Need to save the pool reference so it doesn't get
2178 		 * spammed by the user's ctl_io.
2179 		 */
2180 		pool_tmp = io->io_hdr.pool;
2181 
2182 		memcpy(io, (void *)addr, sizeof(*io));
2183 
2184 		io->io_hdr.pool = pool_tmp;
2185 		/*
2186 		 * No status yet, so make sure the status is set properly.
2187 		 */
2188 		io->io_hdr.status = CTL_STATUS_NONE;
2189 
2190 		/*
2191 		 * The user sets the initiator ID, target and LUN IDs.
2192 		 */
2193 		io->io_hdr.nexus.targ_port = softc->ioctl_info.fe.targ_port;
2194 		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2195 		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2196 		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2197 			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2198 
2199 		retval = ctl_ioctl_submit_wait(io);
2200 
2201 		if (retval != 0) {
2202 			ctl_free_io(io);
2203 			break;
2204 		}
2205 
2206 		memcpy((void *)addr, io, sizeof(*io));
2207 
2208 		/* return this to our pool */
2209 		ctl_free_io(io);
2210 
2211 		break;
2212 	}
2213 	case CTL_ENABLE_PORT:
2214 	case CTL_DISABLE_PORT:
2215 	case CTL_SET_PORT_WWNS: {
2216 		struct ctl_frontend *fe;
2217 		struct ctl_port_entry *entry;
2218 
2219 		entry = (struct ctl_port_entry *)addr;
2220 
2221 		mtx_lock(&softc->ctl_lock);
2222 		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2223 			int action, done;
2224 
2225 			action = 0;
2226 			done = 0;
2227 
2228 			if ((entry->port_type == CTL_PORT_NONE)
2229 			 && (entry->targ_port == fe->targ_port)) {
2230 				/*
2231 				 * If the user only wants to enable or
2232 				 * disable or set WWNs on a specific port,
2233 				 * do the operation and we're done.
2234 				 */
2235 				action = 1;
2236 				done = 1;
2237 			} else if (entry->port_type & fe->port_type) {
2238 				/*
2239 				 * Compare the user's type mask with the
2240 				 * particular frontend type to see if we
2241 				 * have a match.
2242 				 */
2243 				action = 1;
2244 				done = 0;
2245 
2246 				/*
2247 				 * Make sure the user isn't trying to set
2248 				 * WWNs on multiple ports at the same time.
2249 				 */
2250 				if (cmd == CTL_SET_PORT_WWNS) {
2251 					printf("%s: Can't set WWNs on "
2252 					       "multiple ports\n", __func__);
2253 					retval = EINVAL;
2254 					break;
2255 				}
2256 			}
2257 			if (action != 0) {
2258 				/*
2259 				 * XXX KDM we have to drop the lock here,
2260 				 * because the online/offline operations
2261 				 * can potentially block.  We need to
2262 				 * reference count the frontends so they
2263 				 * can't go away,
2264 				 */
2265 				mtx_unlock(&softc->ctl_lock);
2266 
2267 				if (cmd == CTL_ENABLE_PORT)
2268 					ctl_frontend_online(fe);
2269 				else if (cmd == CTL_DISABLE_PORT)
2270 					ctl_frontend_offline(fe);
2271 
2272 				mtx_lock(&softc->ctl_lock);
2273 
2274 				if (cmd == CTL_SET_PORT_WWNS)
2275 					ctl_frontend_set_wwns(fe,
2276 					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2277 					    1 : 0, entry->wwnn,
2278 					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2279 					    1 : 0, entry->wwpn);
2280 			}
2281 			if (done != 0)
2282 				break;
2283 		}
2284 		mtx_unlock(&softc->ctl_lock);
2285 		break;
2286 	}
2287 	case CTL_GET_PORT_LIST: {
2288 		struct ctl_frontend *fe;
2289 		struct ctl_port_list *list;
2290 		int i;
2291 
2292 		list = (struct ctl_port_list *)addr;
2293 
2294 		if (list->alloc_len != (list->alloc_num *
2295 		    sizeof(struct ctl_port_entry))) {
2296 			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2297 			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2298 			       "%zu\n", __func__, list->alloc_len,
2299 			       list->alloc_num, sizeof(struct ctl_port_entry));
2300 			retval = EINVAL;
2301 			break;
2302 		}
2303 		list->fill_len = 0;
2304 		list->fill_num = 0;
2305 		list->dropped_num = 0;
2306 		i = 0;
2307 		mtx_lock(&softc->ctl_lock);
2308 		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2309 			struct ctl_port_entry entry, *list_entry;
2310 
2311 			if (list->fill_num >= list->alloc_num) {
2312 				list->dropped_num++;
2313 				continue;
2314 			}
2315 
2316 			entry.port_type = fe->port_type;
2317 			strlcpy(entry.port_name, fe->port_name,
2318 				sizeof(entry.port_name));
2319 			entry.targ_port = fe->targ_port;
2320 			entry.physical_port = fe->physical_port;
2321 			entry.virtual_port = fe->virtual_port;
2322 			entry.wwnn = fe->wwnn;
2323 			entry.wwpn = fe->wwpn;
2324 			if (fe->status & CTL_PORT_STATUS_ONLINE)
2325 				entry.online = 1;
2326 			else
2327 				entry.online = 0;
2328 
2329 			list_entry = &list->entries[i];
2330 
2331 			retval = copyout(&entry, list_entry, sizeof(entry));
2332 			if (retval != 0) {
2333 				printf("%s: CTL_GET_PORT_LIST: copyout "
2334 				       "returned %d\n", __func__, retval);
2335 				break;
2336 			}
2337 			i++;
2338 			list->fill_num++;
2339 			list->fill_len += sizeof(entry);
2340 		}
2341 		mtx_unlock(&softc->ctl_lock);
2342 
2343 		/*
2344 		 * If this is non-zero, we had a copyout fault, so there's
2345 		 * probably no point in attempting to set the status inside
2346 		 * the structure.
2347 		 */
2348 		if (retval != 0)
2349 			break;
2350 
2351 		if (list->dropped_num > 0)
2352 			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2353 		else
2354 			list->status = CTL_PORT_LIST_OK;
2355 		break;
2356 	}
2357 	case CTL_DUMP_OOA: {
2358 		struct ctl_lun *lun;
2359 		union ctl_io *io;
2360 		char printbuf[128];
2361 		struct sbuf sb;
2362 
2363 		mtx_lock(&softc->ctl_lock);
2364 		printf("Dumping OOA queues:\n");
2365 		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2366 			for (io = (union ctl_io *)TAILQ_FIRST(
2367 			     &lun->ooa_queue); io != NULL;
2368 			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2369 			     ooa_links)) {
2370 				sbuf_new(&sb, printbuf, sizeof(printbuf),
2371 					 SBUF_FIXEDLEN);
2372 				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2373 					    (intmax_t)lun->lun,
2374 					    io->scsiio.tag_num,
2375 					    (io->io_hdr.flags &
2376 					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2377 					    (io->io_hdr.flags &
2378 					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2379 					    (io->io_hdr.flags &
2380 					    CTL_FLAG_ABORT) ? " ABORT" : "",
2381 			                    (io->io_hdr.flags &
2382 		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2383 				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2384 				sbuf_finish(&sb);
2385 				printf("%s\n", sbuf_data(&sb));
2386 			}
2387 		}
2388 		printf("OOA queues dump done\n");
2389 		mtx_unlock(&softc->ctl_lock);
2390 		break;
2391 	}
2392 	case CTL_GET_OOA: {
2393 		struct ctl_lun *lun;
2394 		struct ctl_ooa *ooa_hdr;
2395 		uint32_t cur_fill_num;
2396 
2397 		ooa_hdr = (struct ctl_ooa *)addr;
2398 
2399 		if ((ooa_hdr->alloc_len == 0)
2400 		 || (ooa_hdr->alloc_num == 0)) {
2401 			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2402 			       "must be non-zero\n", __func__,
2403 			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2404 			retval = EINVAL;
2405 			break;
2406 		}
2407 
2408 		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2409 		    sizeof(struct ctl_ooa_entry))) {
2410 			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2411 			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2412 			       __func__, ooa_hdr->alloc_len,
2413 			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2414 			retval = EINVAL;
2415 			break;
2416 		}
2417 
2418 		mtx_lock(&softc->ctl_lock);
2419 		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2420 		 && ((ooa_hdr->lun_num > CTL_MAX_LUNS)
2421 		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2422 			mtx_unlock(&softc->ctl_lock);
2423 			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2424 			       __func__, (uintmax_t)ooa_hdr->lun_num);
2425 			retval = EINVAL;
2426 			break;
2427 		}
2428 
2429 		cur_fill_num = 0;
2430 
2431 		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2432 			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2433 				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2434 					ooa_hdr);
2435 				if (retval != 0)
2436 					break;
2437 			}
2438 			if (retval != 0) {
2439 				mtx_unlock(&softc->ctl_lock);
2440 				break;
2441 			}
2442 		} else {
2443 			lun = softc->ctl_luns[ooa_hdr->lun_num];
2444 
2445 			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr);
2446 		}
2447 		mtx_unlock(&softc->ctl_lock);
2448 
2449 		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2450 		ooa_hdr->fill_len = ooa_hdr->fill_num *
2451 			sizeof(struct ctl_ooa_entry);
2452 
2453 		getbintime(&ooa_hdr->cur_bt);
2454 
2455 		if (cur_fill_num > ooa_hdr->alloc_num) {
2456 			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2457 			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2458 		} else {
2459 			ooa_hdr->dropped_num = 0;
2460 			ooa_hdr->status = CTL_OOA_OK;
2461 		}
2462 		break;
2463 	}
2464 	case CTL_CHECK_OOA: {
2465 		union ctl_io *io;
2466 		struct ctl_lun *lun;
2467 		struct ctl_ooa_info *ooa_info;
2468 
2469 
2470 		ooa_info = (struct ctl_ooa_info *)addr;
2471 
2472 		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2473 			ooa_info->status = CTL_OOA_INVALID_LUN;
2474 			break;
2475 		}
2476 		mtx_lock(&softc->ctl_lock);
2477 		lun = softc->ctl_luns[ooa_info->lun_id];
2478 		if (lun == NULL) {
2479 			mtx_unlock(&softc->ctl_lock);
2480 			ooa_info->status = CTL_OOA_INVALID_LUN;
2481 			break;
2482 		}
2483 
2484 		ooa_info->num_entries = 0;
2485 		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2486 		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2487 		     &io->io_hdr, ooa_links)) {
2488 			ooa_info->num_entries++;
2489 		}
2490 
2491 		mtx_unlock(&softc->ctl_lock);
2492 		ooa_info->status = CTL_OOA_SUCCESS;
2493 
2494 		break;
2495 	}
2496 	case CTL_HARD_START:
2497 	case CTL_HARD_STOP: {
2498 		struct ctl_fe_ioctl_startstop_info ss_info;
2499 		struct cfi_metatask *metatask;
2500 		struct mtx hs_mtx;
2501 
2502 		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2503 
2504 		cv_init(&ss_info.sem, "hard start/stop cv" );
2505 
2506 		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2507 		if (metatask == NULL) {
2508 			retval = ENOMEM;
2509 			mtx_destroy(&hs_mtx);
2510 			break;
2511 		}
2512 
2513 		if (cmd == CTL_HARD_START)
2514 			metatask->tasktype = CFI_TASK_STARTUP;
2515 		else
2516 			metatask->tasktype = CFI_TASK_SHUTDOWN;
2517 
2518 		metatask->callback = ctl_ioctl_hard_startstop_callback;
2519 		metatask->callback_arg = &ss_info;
2520 
2521 		cfi_action(metatask);
2522 
2523 		/* Wait for the callback */
2524 		mtx_lock(&hs_mtx);
2525 		cv_wait_sig(&ss_info.sem, &hs_mtx);
2526 		mtx_unlock(&hs_mtx);
2527 
2528 		/*
2529 		 * All information has been copied from the metatask by the
2530 		 * time cv_broadcast() is called, so we free the metatask here.
2531 		 */
2532 		cfi_free_metatask(metatask);
2533 
2534 		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2535 
2536 		mtx_destroy(&hs_mtx);
2537 		break;
2538 	}
2539 	case CTL_BBRREAD: {
2540 		struct ctl_bbrread_info *bbr_info;
2541 		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2542 		struct mtx bbr_mtx;
2543 		struct cfi_metatask *metatask;
2544 
2545 		bbr_info = (struct ctl_bbrread_info *)addr;
2546 
2547 		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2548 
2549 		bzero(&bbr_mtx, sizeof(bbr_mtx));
2550 		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2551 
2552 		fe_bbr_info.bbr_info = bbr_info;
2553 		fe_bbr_info.lock = &bbr_mtx;
2554 
2555 		cv_init(&fe_bbr_info.sem, "BBR read cv");
2556 		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2557 
2558 		if (metatask == NULL) {
2559 			mtx_destroy(&bbr_mtx);
2560 			cv_destroy(&fe_bbr_info.sem);
2561 			retval = ENOMEM;
2562 			break;
2563 		}
2564 		metatask->tasktype = CFI_TASK_BBRREAD;
2565 		metatask->callback = ctl_ioctl_bbrread_callback;
2566 		metatask->callback_arg = &fe_bbr_info;
2567 		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2568 		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2569 		metatask->taskinfo.bbrread.len = bbr_info->len;
2570 
2571 		cfi_action(metatask);
2572 
2573 		mtx_lock(&bbr_mtx);
2574 		while (fe_bbr_info.wakeup_done == 0)
2575 			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2576 		mtx_unlock(&bbr_mtx);
2577 
2578 		bbr_info->status = metatask->status;
2579 		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2580 		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2581 		memcpy(&bbr_info->sense_data,
2582 		       &metatask->taskinfo.bbrread.sense_data,
2583 		       ctl_min(sizeof(bbr_info->sense_data),
2584 			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2585 
2586 		cfi_free_metatask(metatask);
2587 
2588 		mtx_destroy(&bbr_mtx);
2589 		cv_destroy(&fe_bbr_info.sem);
2590 
2591 		break;
2592 	}
2593 	case CTL_DELAY_IO: {
2594 		struct ctl_io_delay_info *delay_info;
2595 #ifdef CTL_IO_DELAY
2596 		struct ctl_lun *lun;
2597 #endif /* CTL_IO_DELAY */
2598 
2599 		delay_info = (struct ctl_io_delay_info *)addr;
2600 
2601 #ifdef CTL_IO_DELAY
2602 		mtx_lock(&softc->ctl_lock);
2603 
2604 		if ((delay_info->lun_id > CTL_MAX_LUNS)
2605 		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2606 			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2607 		} else {
2608 			lun = softc->ctl_luns[delay_info->lun_id];
2609 
2610 			delay_info->status = CTL_DELAY_STATUS_OK;
2611 
2612 			switch (delay_info->delay_type) {
2613 			case CTL_DELAY_TYPE_CONT:
2614 				break;
2615 			case CTL_DELAY_TYPE_ONESHOT:
2616 				break;
2617 			default:
2618 				delay_info->status =
2619 					CTL_DELAY_STATUS_INVALID_TYPE;
2620 				break;
2621 			}
2622 
2623 			switch (delay_info->delay_loc) {
2624 			case CTL_DELAY_LOC_DATAMOVE:
2625 				lun->delay_info.datamove_type =
2626 					delay_info->delay_type;
2627 				lun->delay_info.datamove_delay =
2628 					delay_info->delay_secs;
2629 				break;
2630 			case CTL_DELAY_LOC_DONE:
2631 				lun->delay_info.done_type =
2632 					delay_info->delay_type;
2633 				lun->delay_info.done_delay =
2634 					delay_info->delay_secs;
2635 				break;
2636 			default:
2637 				delay_info->status =
2638 					CTL_DELAY_STATUS_INVALID_LOC;
2639 				break;
2640 			}
2641 		}
2642 
2643 		mtx_unlock(&softc->ctl_lock);
2644 #else
2645 		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2646 #endif /* CTL_IO_DELAY */
2647 		break;
2648 	}
2649 	case CTL_REALSYNC_SET: {
2650 		int *syncstate;
2651 
2652 		syncstate = (int *)addr;
2653 
2654 		mtx_lock(&softc->ctl_lock);
2655 		switch (*syncstate) {
2656 		case 0:
2657 			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2658 			break;
2659 		case 1:
2660 			softc->flags |= CTL_FLAG_REAL_SYNC;
2661 			break;
2662 		default:
2663 			retval = -EINVAL;
2664 			break;
2665 		}
2666 		mtx_unlock(&softc->ctl_lock);
2667 		break;
2668 	}
2669 	case CTL_REALSYNC_GET: {
2670 		int *syncstate;
2671 
2672 		syncstate = (int*)addr;
2673 
2674 		mtx_lock(&softc->ctl_lock);
2675 		if (softc->flags & CTL_FLAG_REAL_SYNC)
2676 			*syncstate = 1;
2677 		else
2678 			*syncstate = 0;
2679 		mtx_unlock(&softc->ctl_lock);
2680 
2681 		break;
2682 	}
2683 	case CTL_SETSYNC:
2684 	case CTL_GETSYNC: {
2685 		struct ctl_sync_info *sync_info;
2686 		struct ctl_lun *lun;
2687 
2688 		sync_info = (struct ctl_sync_info *)addr;
2689 
2690 		mtx_lock(&softc->ctl_lock);
2691 		lun = softc->ctl_luns[sync_info->lun_id];
2692 		if (lun == NULL) {
2693 			mtx_unlock(&softc->ctl_lock);
2694 			sync_info->status = CTL_GS_SYNC_NO_LUN;
2695 		}
2696 		/*
2697 		 * Get or set the sync interval.  We're not bounds checking
2698 		 * in the set case, hopefully the user won't do something
2699 		 * silly.
2700 		 */
2701 		if (cmd == CTL_GETSYNC)
2702 			sync_info->sync_interval = lun->sync_interval;
2703 		else
2704 			lun->sync_interval = sync_info->sync_interval;
2705 
2706 		mtx_unlock(&softc->ctl_lock);
2707 
2708 		sync_info->status = CTL_GS_SYNC_OK;
2709 
2710 		break;
2711 	}
2712 	case CTL_GETSTATS: {
2713 		struct ctl_stats *stats;
2714 		struct ctl_lun *lun;
2715 		int i;
2716 
2717 		stats = (struct ctl_stats *)addr;
2718 
2719 		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2720 		     stats->alloc_len) {
2721 			stats->status = CTL_SS_NEED_MORE_SPACE;
2722 			stats->num_luns = softc->num_luns;
2723 			break;
2724 		}
2725 		/*
2726 		 * XXX KDM no locking here.  If the LUN list changes,
2727 		 * things can blow up.
2728 		 */
2729 		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2730 		     i++, lun = STAILQ_NEXT(lun, links)) {
2731 			retval = copyout(&lun->stats, &stats->lun_stats[i],
2732 					 sizeof(lun->stats));
2733 			if (retval != 0)
2734 				break;
2735 		}
2736 		stats->num_luns = softc->num_luns;
2737 		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2738 				 softc->num_luns;
2739 		stats->status = CTL_SS_OK;
2740 #ifdef CTL_TIME_IO
2741 		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2742 #else
2743 		stats->flags = CTL_STATS_FLAG_NONE;
2744 #endif
2745 		getnanouptime(&stats->timestamp);
2746 		break;
2747 	}
2748 	case CTL_ERROR_INJECT: {
2749 		struct ctl_error_desc *err_desc, *new_err_desc;
2750 		struct ctl_lun *lun;
2751 
2752 		err_desc = (struct ctl_error_desc *)addr;
2753 
2754 		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2755 				      M_WAITOK | M_ZERO);
2756 		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2757 
2758 		mtx_lock(&softc->ctl_lock);
2759 		lun = softc->ctl_luns[err_desc->lun_id];
2760 		if (lun == NULL) {
2761 			mtx_unlock(&softc->ctl_lock);
2762 			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2763 			       __func__, (uintmax_t)err_desc->lun_id);
2764 			retval = EINVAL;
2765 			break;
2766 		}
2767 
2768 		/*
2769 		 * We could do some checking here to verify the validity
2770 		 * of the request, but given the complexity of error
2771 		 * injection requests, the checking logic would be fairly
2772 		 * complex.
2773 		 *
2774 		 * For now, if the request is invalid, it just won't get
2775 		 * executed and might get deleted.
2776 		 */
2777 		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2778 
2779 		/*
2780 		 * XXX KDM check to make sure the serial number is unique,
2781 		 * in case we somehow manage to wrap.  That shouldn't
2782 		 * happen for a very long time, but it's the right thing to
2783 		 * do.
2784 		 */
2785 		new_err_desc->serial = lun->error_serial;
2786 		err_desc->serial = lun->error_serial;
2787 		lun->error_serial++;
2788 
2789 		mtx_unlock(&softc->ctl_lock);
2790 		break;
2791 	}
2792 	case CTL_ERROR_INJECT_DELETE: {
2793 		struct ctl_error_desc *delete_desc, *desc, *desc2;
2794 		struct ctl_lun *lun;
2795 		int delete_done;
2796 
2797 		delete_desc = (struct ctl_error_desc *)addr;
2798 		delete_done = 0;
2799 
2800 		mtx_lock(&softc->ctl_lock);
2801 		lun = softc->ctl_luns[delete_desc->lun_id];
2802 		if (lun == NULL) {
2803 			mtx_unlock(&softc->ctl_lock);
2804 			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2805 			       __func__, (uintmax_t)delete_desc->lun_id);
2806 			retval = EINVAL;
2807 			break;
2808 		}
2809 		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2810 			if (desc->serial != delete_desc->serial)
2811 				continue;
2812 
2813 			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2814 				      links);
2815 			free(desc, M_CTL);
2816 			delete_done = 1;
2817 		}
2818 		mtx_unlock(&softc->ctl_lock);
2819 		if (delete_done == 0) {
2820 			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2821 			       "error serial %ju on LUN %u\n", __func__,
2822 			       delete_desc->serial, delete_desc->lun_id);
2823 			retval = EINVAL;
2824 			break;
2825 		}
2826 		break;
2827 	}
2828 	case CTL_DUMP_STRUCTS: {
2829 		int i, j, k;
2830 		struct ctl_frontend *fe;
2831 
2832 		printf("CTL IID to WWPN map start:\n");
2833 		for (i = 0; i < CTL_MAX_PORTS; i++) {
2834 			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2835 				if (softc->wwpn_iid[i][j].in_use == 0)
2836 					continue;
2837 
2838 				printf("port %d iid %u WWPN %#jx\n",
2839 				       softc->wwpn_iid[i][j].port,
2840 				       softc->wwpn_iid[i][j].iid,
2841 				       (uintmax_t)softc->wwpn_iid[i][j].wwpn);
2842 			}
2843 		}
2844 		printf("CTL IID to WWPN map end\n");
2845 		printf("CTL Persistent Reservation information start:\n");
2846 		for (i = 0; i < CTL_MAX_LUNS; i++) {
2847 			struct ctl_lun *lun;
2848 
2849 			lun = softc->ctl_luns[i];
2850 
2851 			if ((lun == NULL)
2852 			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2853 				continue;
2854 
2855 			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
2856 				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2857 					if (lun->per_res[j+k].registered == 0)
2858 						continue;
2859 					printf("LUN %d port %d iid %d key "
2860 					       "%#jx\n", i, j, k,
2861 					       (uintmax_t)scsi_8btou64(
2862 					       lun->per_res[j+k].res_key.key));
2863 				}
2864 			}
2865 		}
2866 		printf("CTL Persistent Reservation information end\n");
2867 		printf("CTL Frontends:\n");
2868 		/*
2869 		 * XXX KDM calling this without a lock.  We'd likely want
2870 		 * to drop the lock before calling the frontend's dump
2871 		 * routine anyway.
2872 		 */
2873 		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2874 			printf("Frontend %s Type %u pport %d vport %d WWNN "
2875 			       "%#jx WWPN %#jx\n", fe->port_name, fe->port_type,
2876 			       fe->physical_port, fe->virtual_port,
2877 			       (uintmax_t)fe->wwnn, (uintmax_t)fe->wwpn);
2878 
2879 			/*
2880 			 * Frontends are not required to support the dump
2881 			 * routine.
2882 			 */
2883 			if (fe->fe_dump == NULL)
2884 				continue;
2885 
2886 			fe->fe_dump();
2887 		}
2888 		printf("CTL Frontend information end\n");
2889 		break;
2890 	}
2891 	case CTL_LUN_REQ: {
2892 		struct ctl_lun_req *lun_req;
2893 		struct ctl_backend_driver *backend;
2894 
2895 		lun_req = (struct ctl_lun_req *)addr;
2896 
2897 		backend = ctl_backend_find(lun_req->backend);
2898 		if (backend == NULL) {
2899 			lun_req->status = CTL_LUN_ERROR;
2900 			snprintf(lun_req->error_str,
2901 				 sizeof(lun_req->error_str),
2902 				 "Backend \"%s\" not found.",
2903 				 lun_req->backend);
2904 			break;
2905 		}
2906 		if (lun_req->num_be_args > 0) {
2907 			lun_req->kern_be_args = ctl_copyin_args(
2908 				lun_req->num_be_args,
2909 				lun_req->be_args,
2910 				lun_req->error_str,
2911 				sizeof(lun_req->error_str));
2912 			if (lun_req->kern_be_args == NULL) {
2913 				lun_req->status = CTL_LUN_ERROR;
2914 				break;
2915 			}
2916 		}
2917 
2918 		retval = backend->ioctl(dev, cmd, addr, flag, td);
2919 
2920 		if (lun_req->num_be_args > 0) {
2921 			ctl_free_args(lun_req->num_be_args,
2922 				      lun_req->kern_be_args);
2923 		}
2924 		break;
2925 	}
2926 	case CTL_LUN_LIST: {
2927 		struct sbuf *sb;
2928 		struct ctl_lun *lun;
2929 		struct ctl_lun_list *list;
2930 
2931 		list = (struct ctl_lun_list *)addr;
2932 
2933 		/*
2934 		 * Allocate a fixed length sbuf here, based on the length
2935 		 * of the user's buffer.  We could allocate an auto-extending
2936 		 * buffer, and then tell the user how much larger our
2937 		 * amount of data is than his buffer, but that presents
2938 		 * some problems:
2939 		 *
2940 		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2941 		 *     we can't hold a lock while calling them with an
2942 		 *     auto-extending buffer.
2943  		 *
2944 		 * 2.  There is not currently a LUN reference counting
2945 		 *     mechanism, outside of outstanding transactions on
2946 		 *     the LUN's OOA queue.  So a LUN could go away on us
2947 		 *     while we're getting the LUN number, backend-specific
2948 		 *     information, etc.  Thus, given the way things
2949 		 *     currently work, we need to hold the CTL lock while
2950 		 *     grabbing LUN information.
2951 		 *
2952 		 * So, from the user's standpoint, the best thing to do is
2953 		 * allocate what he thinks is a reasonable buffer length,
2954 		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2955 		 * double the buffer length and try again.  (And repeat
2956 		 * that until he succeeds.)
2957 		 */
2958 		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2959 		if (sb == NULL) {
2960 			list->status = CTL_LUN_LIST_ERROR;
2961 			snprintf(list->error_str, sizeof(list->error_str),
2962 				 "Unable to allocate %d bytes for LUN list",
2963 				 list->alloc_len);
2964 			break;
2965 		}
2966 
2967 		sbuf_printf(sb, "<ctllunlist>\n");
2968 
2969 		mtx_lock(&softc->ctl_lock);
2970 
2971 		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2972 			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2973 					     (uintmax_t)lun->lun);
2974 
2975 			/*
2976 			 * Bail out as soon as we see that we've overfilled
2977 			 * the buffer.
2978 			 */
2979 			if (retval != 0)
2980 				break;
2981 
2982 			retval = sbuf_printf(sb, "<backend_type>%s"
2983 					     "</backend_type>\n",
2984 					     (lun->backend == NULL) ?  "none" :
2985 					     lun->backend->name);
2986 
2987 			if (retval != 0)
2988 				break;
2989 
2990 			retval = sbuf_printf(sb, "<lun_type>%d</lun_type>\n",
2991 					     lun->be_lun->lun_type);
2992 
2993 			if (retval != 0)
2994 				break;
2995 
2996 			if (lun->backend == NULL) {
2997 				retval = sbuf_printf(sb, "</lun>\n");
2998 				if (retval != 0)
2999 					break;
3000 				continue;
3001 			}
3002 
3003 			retval = sbuf_printf(sb, "<size>%ju</size>\n",
3004 					     (lun->be_lun->maxlba > 0) ?
3005 					     lun->be_lun->maxlba + 1 : 0);
3006 
3007 			if (retval != 0)
3008 				break;
3009 
3010 			retval = sbuf_printf(sb, "<blocksize>%u</blocksize>\n",
3011 					     lun->be_lun->blocksize);
3012 
3013 			if (retval != 0)
3014 				break;
3015 
3016 			retval = sbuf_printf(sb, "<serial_number>");
3017 
3018 			if (retval != 0)
3019 				break;
3020 
3021 			retval = ctl_sbuf_printf_esc(sb,
3022 						     lun->be_lun->serial_num);
3023 
3024 			if (retval != 0)
3025 				break;
3026 
3027 			retval = sbuf_printf(sb, "</serial_number>\n");
3028 
3029 			if (retval != 0)
3030 				break;
3031 
3032 			retval = sbuf_printf(sb, "<device_id>");
3033 
3034 			if (retval != 0)
3035 				break;
3036 
3037 			retval = ctl_sbuf_printf_esc(sb,lun->be_lun->device_id);
3038 
3039 			if (retval != 0)
3040 				break;
3041 
3042 			retval = sbuf_printf(sb, "</device_id>\n");
3043 
3044 			if (retval != 0)
3045 				break;
3046 
3047 			if (lun->backend->lun_info == NULL) {
3048 				retval = sbuf_printf(sb, "</lun>\n");
3049 				if (retval != 0)
3050 					break;
3051 				continue;
3052 			}
3053 
3054 			retval =lun->backend->lun_info(lun->be_lun->be_lun, sb);
3055 
3056 			if (retval != 0)
3057 				break;
3058 
3059 			retval = sbuf_printf(sb, "</lun>\n");
3060 
3061 			if (retval != 0)
3062 				break;
3063 		}
3064 		mtx_unlock(&softc->ctl_lock);
3065 
3066 		if ((retval != 0)
3067 		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3068 			retval = 0;
3069 			sbuf_delete(sb);
3070 			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3071 			snprintf(list->error_str, sizeof(list->error_str),
3072 				 "Out of space, %d bytes is too small",
3073 				 list->alloc_len);
3074 			break;
3075 		}
3076 
3077 		sbuf_finish(sb);
3078 
3079 		retval = copyout(sbuf_data(sb), list->lun_xml,
3080 				 sbuf_len(sb) + 1);
3081 
3082 		list->fill_len = sbuf_len(sb) + 1;
3083 		list->status = CTL_LUN_LIST_OK;
3084 		sbuf_delete(sb);
3085 		break;
3086 	}
3087 	default: {
3088 		/* XXX KDM should we fix this? */
3089 #if 0
3090 		struct ctl_backend_driver *backend;
3091 		unsigned int type;
3092 		int found;
3093 
3094 		found = 0;
3095 
3096 		/*
3097 		 * We encode the backend type as the ioctl type for backend
3098 		 * ioctls.  So parse it out here, and then search for a
3099 		 * backend of this type.
3100 		 */
3101 		type = _IOC_TYPE(cmd);
3102 
3103 		STAILQ_FOREACH(backend, &softc->be_list, links) {
3104 			if (backend->type == type) {
3105 				found = 1;
3106 				break;
3107 			}
3108 		}
3109 		if (found == 0) {
3110 			printf("ctl: unknown ioctl command %#lx or backend "
3111 			       "%d\n", cmd, type);
3112 			retval = -EINVAL;
3113 			break;
3114 		}
3115 		retval = backend->ioctl(dev, cmd, addr, flag, td);
3116 #endif
3117 		retval = ENOTTY;
3118 		break;
3119 	}
3120 	}
3121 	return (retval);
3122 }
3123 
3124 uint32_t
3125 ctl_get_initindex(struct ctl_nexus *nexus)
3126 {
3127 	if (nexus->targ_port < CTL_MAX_PORTS)
3128 		return (nexus->initid.id +
3129 			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3130 	else
3131 		return (nexus->initid.id +
3132 		       ((nexus->targ_port - CTL_MAX_PORTS) *
3133 			CTL_MAX_INIT_PER_PORT));
3134 }
3135 
3136 uint32_t
3137 ctl_get_resindex(struct ctl_nexus *nexus)
3138 {
3139 	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3140 }
3141 
3142 uint32_t
3143 ctl_port_idx(int port_num)
3144 {
3145 	if (port_num < CTL_MAX_PORTS)
3146 		return(port_num);
3147 	else
3148 		return(port_num - CTL_MAX_PORTS);
3149 }
3150 
3151 /*
3152  * Note:  This only works for bitmask sizes that are at least 32 bits, and
3153  * that are a power of 2.
3154  */
3155 int
3156 ctl_ffz(uint32_t *mask, uint32_t size)
3157 {
3158 	uint32_t num_chunks, num_pieces;
3159 	int i, j;
3160 
3161 	num_chunks = (size >> 5);
3162 	if (num_chunks == 0)
3163 		num_chunks++;
3164 	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3165 
3166 	for (i = 0; i < num_chunks; i++) {
3167 		for (j = 0; j < num_pieces; j++) {
3168 			if ((mask[i] & (1 << j)) == 0)
3169 				return ((i << 5) + j);
3170 		}
3171 	}
3172 
3173 	return (-1);
3174 }
3175 
3176 int
3177 ctl_set_mask(uint32_t *mask, uint32_t bit)
3178 {
3179 	uint32_t chunk, piece;
3180 
3181 	chunk = bit >> 5;
3182 	piece = bit % (sizeof(uint32_t) * 8);
3183 
3184 	if ((mask[chunk] & (1 << piece)) != 0)
3185 		return (-1);
3186 	else
3187 		mask[chunk] |= (1 << piece);
3188 
3189 	return (0);
3190 }
3191 
3192 int
3193 ctl_clear_mask(uint32_t *mask, uint32_t bit)
3194 {
3195 	uint32_t chunk, piece;
3196 
3197 	chunk = bit >> 5;
3198 	piece = bit % (sizeof(uint32_t) * 8);
3199 
3200 	if ((mask[chunk] & (1 << piece)) == 0)
3201 		return (-1);
3202 	else
3203 		mask[chunk] &= ~(1 << piece);
3204 
3205 	return (0);
3206 }
3207 
3208 int
3209 ctl_is_set(uint32_t *mask, uint32_t bit)
3210 {
3211 	uint32_t chunk, piece;
3212 
3213 	chunk = bit >> 5;
3214 	piece = bit % (sizeof(uint32_t) * 8);
3215 
3216 	if ((mask[chunk] & (1 << piece)) == 0)
3217 		return (0);
3218 	else
3219 		return (1);
3220 }
3221 
3222 #ifdef unused
3223 /*
3224  * The bus, target and lun are optional, they can be filled in later.
3225  * can_wait is used to determine whether we can wait on the malloc or not.
3226  */
3227 union ctl_io*
3228 ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port, uint32_t targ_target,
3229 	      uint32_t targ_lun, int can_wait)
3230 {
3231 	union ctl_io *io;
3232 
3233 	if (can_wait)
3234 		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_WAITOK);
3235 	else
3236 		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3237 
3238 	if (io != NULL) {
3239 		io->io_hdr.io_type = io_type;
3240 		io->io_hdr.targ_port = targ_port;
3241 		/*
3242 		 * XXX KDM this needs to change/go away.  We need to move
3243 		 * to a preallocated pool of ctl_scsiio structures.
3244 		 */
3245 		io->io_hdr.nexus.targ_target.id = targ_target;
3246 		io->io_hdr.nexus.targ_lun = targ_lun;
3247 	}
3248 
3249 	return (io);
3250 }
3251 
3252 void
3253 ctl_kfree_io(union ctl_io *io)
3254 {
3255 	free(io, M_CTL);
3256 }
3257 #endif /* unused */
3258 
3259 /*
3260  * ctl_softc, pool_type, total_ctl_io are passed in.
3261  * npool is passed out.
3262  */
3263 int
3264 ctl_pool_create(struct ctl_softc *ctl_softc, ctl_pool_type pool_type,
3265 		uint32_t total_ctl_io, struct ctl_io_pool **npool)
3266 {
3267 	uint32_t i;
3268 	union ctl_io *cur_io, *next_io;
3269 	struct ctl_io_pool *pool;
3270 	int retval;
3271 
3272 	retval = 0;
3273 
3274 	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL, M_NOWAIT);
3275 	if (pool == NULL) {
3276 		retval = -ENOMEM;
3277 		goto bailout;
3278 	}
3279 
3280 	memset(pool, 0, sizeof(*pool));
3281 
3282 	pool->type = pool_type;
3283 	pool->ctl_softc = ctl_softc;
3284 
3285 	mtx_lock(&ctl_softc->ctl_lock);
3286 	pool->id = ctl_softc->cur_pool_id++;
3287 	mtx_unlock(&ctl_softc->ctl_lock);
3288 
3289 	pool->flags = CTL_POOL_FLAG_NONE;
3290 	STAILQ_INIT(&pool->free_queue);
3291 
3292 	/*
3293 	 * XXX KDM other options here:
3294 	 * - allocate a page at a time
3295 	 * - allocate one big chunk of memory.
3296 	 * Page allocation might work well, but would take a little more
3297 	 * tracking.
3298 	 */
3299 	for (i = 0; i < total_ctl_io; i++) {
3300 		cur_io = (union ctl_io *)malloc(sizeof(*cur_io), M_CTL,
3301 						M_NOWAIT);
3302 		if (cur_io == NULL) {
3303 			retval = ENOMEM;
3304 			break;
3305 		}
3306 		cur_io->io_hdr.pool = pool;
3307 		STAILQ_INSERT_TAIL(&pool->free_queue, &cur_io->io_hdr, links);
3308 		pool->total_ctl_io++;
3309 		pool->free_ctl_io++;
3310 	}
3311 
3312 	if (retval != 0) {
3313 		for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3314 		     cur_io != NULL; cur_io = next_io) {
3315 			next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3316 							      links);
3317 			STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr,
3318 				      ctl_io_hdr, links);
3319 			free(cur_io, M_CTL);
3320 		}
3321 
3322 		free(pool, M_CTL);
3323 		goto bailout;
3324 	}
3325 	mtx_lock(&ctl_softc->ctl_lock);
3326 	ctl_softc->num_pools++;
3327 	STAILQ_INSERT_TAIL(&ctl_softc->io_pools, pool, links);
3328 	/*
3329 	 * Increment our usage count if this is an external consumer, so we
3330 	 * can't get unloaded until the external consumer (most likely a
3331 	 * FETD) unloads and frees his pool.
3332 	 *
3333 	 * XXX KDM will this increment the caller's module use count, or
3334 	 * mine?
3335 	 */
3336 #if 0
3337 	if ((pool_type != CTL_POOL_EMERGENCY)
3338 	 && (pool_type != CTL_POOL_INTERNAL)
3339 	 && (pool_type != CTL_POOL_IOCTL)
3340 	 && (pool_type != CTL_POOL_4OTHERSC))
3341 		MOD_INC_USE_COUNT;
3342 #endif
3343 
3344 	mtx_unlock(&ctl_softc->ctl_lock);
3345 
3346 	*npool = pool;
3347 
3348 bailout:
3349 
3350 	return (retval);
3351 }
3352 
3353 /*
3354  * Caller must hold ctl_softc->ctl_lock.
3355  */
3356 int
3357 ctl_pool_acquire(struct ctl_io_pool *pool)
3358 {
3359 	if (pool == NULL)
3360 		return (-EINVAL);
3361 
3362 	if (pool->flags & CTL_POOL_FLAG_INVALID)
3363 		return (-EINVAL);
3364 
3365 	pool->refcount++;
3366 
3367 	return (0);
3368 }
3369 
3370 /*
3371  * Caller must hold ctl_softc->ctl_lock.
3372  */
3373 int
3374 ctl_pool_invalidate(struct ctl_io_pool *pool)
3375 {
3376 	if (pool == NULL)
3377 		return (-EINVAL);
3378 
3379 	pool->flags |= CTL_POOL_FLAG_INVALID;
3380 
3381 	return (0);
3382 }
3383 
3384 /*
3385  * Caller must hold ctl_softc->ctl_lock.
3386  */
3387 int
3388 ctl_pool_release(struct ctl_io_pool *pool)
3389 {
3390 	if (pool == NULL)
3391 		return (-EINVAL);
3392 
3393 	if ((--pool->refcount == 0)
3394 	 && (pool->flags & CTL_POOL_FLAG_INVALID)) {
3395 		ctl_pool_free(pool->ctl_softc, pool);
3396 	}
3397 
3398 	return (0);
3399 }
3400 
3401 /*
3402  * Must be called with ctl_softc->ctl_lock held.
3403  */
3404 void
3405 ctl_pool_free(struct ctl_softc *ctl_softc, struct ctl_io_pool *pool)
3406 {
3407 	union ctl_io *cur_io, *next_io;
3408 
3409 	for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3410 	     cur_io != NULL; cur_io = next_io) {
3411 		next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3412 						      links);
3413 		STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr, ctl_io_hdr,
3414 			      links);
3415 		free(cur_io, M_CTL);
3416 	}
3417 
3418 	STAILQ_REMOVE(&ctl_softc->io_pools, pool, ctl_io_pool, links);
3419 	ctl_softc->num_pools--;
3420 
3421 	/*
3422 	 * XXX KDM will this decrement the caller's usage count or mine?
3423 	 */
3424 #if 0
3425 	if ((pool->type != CTL_POOL_EMERGENCY)
3426 	 && (pool->type != CTL_POOL_INTERNAL)
3427 	 && (pool->type != CTL_POOL_IOCTL))
3428 		MOD_DEC_USE_COUNT;
3429 #endif
3430 
3431 	free(pool, M_CTL);
3432 }
3433 
3434 /*
3435  * This routine does not block (except for spinlocks of course).
3436  * It tries to allocate a ctl_io union from the caller's pool as quickly as
3437  * possible.
3438  */
3439 union ctl_io *
3440 ctl_alloc_io(void *pool_ref)
3441 {
3442 	union ctl_io *io;
3443 	struct ctl_softc *ctl_softc;
3444 	struct ctl_io_pool *pool, *npool;
3445 	struct ctl_io_pool *emergency_pool;
3446 
3447 	pool = (struct ctl_io_pool *)pool_ref;
3448 
3449 	if (pool == NULL) {
3450 		printf("%s: pool is NULL\n", __func__);
3451 		return (NULL);
3452 	}
3453 
3454 	emergency_pool = NULL;
3455 
3456 	ctl_softc = pool->ctl_softc;
3457 
3458 	mtx_lock(&ctl_softc->ctl_lock);
3459 	/*
3460 	 * First, try to get the io structure from the user's pool.
3461 	 */
3462 	if (ctl_pool_acquire(pool) == 0) {
3463 		io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3464 		if (io != NULL) {
3465 			STAILQ_REMOVE_HEAD(&pool->free_queue, links);
3466 			pool->total_allocated++;
3467 			pool->free_ctl_io--;
3468 			mtx_unlock(&ctl_softc->ctl_lock);
3469 			return (io);
3470 		} else
3471 			ctl_pool_release(pool);
3472 	}
3473 	/*
3474 	 * If he doesn't have any io structures left, search for an
3475 	 * emergency pool and grab one from there.
3476 	 */
3477 	STAILQ_FOREACH(npool, &ctl_softc->io_pools, links) {
3478 		if (npool->type != CTL_POOL_EMERGENCY)
3479 			continue;
3480 
3481 		if (ctl_pool_acquire(npool) != 0)
3482 			continue;
3483 
3484 		emergency_pool = npool;
3485 
3486 		io = (union ctl_io *)STAILQ_FIRST(&npool->free_queue);
3487 		if (io != NULL) {
3488 			STAILQ_REMOVE_HEAD(&npool->free_queue, links);
3489 			npool->total_allocated++;
3490 			npool->free_ctl_io--;
3491 			mtx_unlock(&ctl_softc->ctl_lock);
3492 			return (io);
3493 		} else
3494 			ctl_pool_release(npool);
3495 	}
3496 
3497 	/* Drop the spinlock before we malloc */
3498 	mtx_unlock(&ctl_softc->ctl_lock);
3499 
3500 	/*
3501 	 * The emergency pool (if it exists) didn't have one, so try an
3502 	 * atomic (i.e. nonblocking) malloc and see if we get lucky.
3503 	 */
3504 	io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3505 	if (io != NULL) {
3506 		/*
3507 		 * If the emergency pool exists but is empty, add this
3508 		 * ctl_io to its list when it gets freed.
3509 		 */
3510 		if (emergency_pool != NULL) {
3511 			mtx_lock(&ctl_softc->ctl_lock);
3512 			if (ctl_pool_acquire(emergency_pool) == 0) {
3513 				io->io_hdr.pool = emergency_pool;
3514 				emergency_pool->total_ctl_io++;
3515 				/*
3516 				 * Need to bump this, otherwise
3517 				 * total_allocated and total_freed won't
3518 				 * match when we no longer have anything
3519 				 * outstanding.
3520 				 */
3521 				emergency_pool->total_allocated++;
3522 			}
3523 			mtx_unlock(&ctl_softc->ctl_lock);
3524 		} else
3525 			io->io_hdr.pool = NULL;
3526 	}
3527 
3528 	return (io);
3529 }
3530 
3531 static void
3532 ctl_free_io_internal(union ctl_io *io, int have_lock)
3533 {
3534 	if (io == NULL)
3535 		return;
3536 
3537 	/*
3538 	 * If this ctl_io has a pool, return it to that pool.
3539 	 */
3540 	if (io->io_hdr.pool != NULL) {
3541 		struct ctl_io_pool *pool;
3542 #if 0
3543 		struct ctl_softc *ctl_softc;
3544 		union ctl_io *tmp_io;
3545 		unsigned long xflags;
3546 		int i;
3547 
3548 		ctl_softc = control_softc;
3549 #endif
3550 
3551 		pool = (struct ctl_io_pool *)io->io_hdr.pool;
3552 
3553 		if (have_lock == 0)
3554 			mtx_lock(&pool->ctl_softc->ctl_lock);
3555 #if 0
3556 		save_flags(xflags);
3557 
3558 		for (i = 0, tmp_io = (union ctl_io *)STAILQ_FIRST(
3559 		     &ctl_softc->task_queue); tmp_io != NULL; i++,
3560 		     tmp_io = (union ctl_io *)STAILQ_NEXT(&tmp_io->io_hdr,
3561 		     links)) {
3562 			if (tmp_io == io) {
3563 				printf("%s: %p is still on the task queue!\n",
3564 				       __func__, tmp_io);
3565 				printf("%s: (%d): type %d "
3566 				       "msg %d cdb %x iptl: "
3567 				       "%d:%d:%d:%d tag 0x%04x "
3568 				       "flg %#lx\n",
3569 					__func__, i,
3570 					tmp_io->io_hdr.io_type,
3571 					tmp_io->io_hdr.msg_type,
3572 					tmp_io->scsiio.cdb[0],
3573 					tmp_io->io_hdr.nexus.initid.id,
3574 					tmp_io->io_hdr.nexus.targ_port,
3575 					tmp_io->io_hdr.nexus.targ_target.id,
3576 					tmp_io->io_hdr.nexus.targ_lun,
3577 					(tmp_io->io_hdr.io_type ==
3578 					CTL_IO_TASK) ?
3579 					tmp_io->taskio.tag_num :
3580 					tmp_io->scsiio.tag_num,
3581 					xflags);
3582 				panic("I/O still on the task queue!");
3583 			}
3584 		}
3585 #endif
3586 		io->io_hdr.io_type = 0xff;
3587 		STAILQ_INSERT_TAIL(&pool->free_queue, &io->io_hdr, links);
3588 		pool->total_freed++;
3589 		pool->free_ctl_io++;
3590 		ctl_pool_release(pool);
3591 		if (have_lock == 0)
3592 			mtx_unlock(&pool->ctl_softc->ctl_lock);
3593 	} else {
3594 		/*
3595 		 * Otherwise, just free it.  We probably malloced it and
3596 		 * the emergency pool wasn't available.
3597 		 */
3598 		free(io, M_CTL);
3599 	}
3600 
3601 }
3602 
3603 void
3604 ctl_free_io(union ctl_io *io)
3605 {
3606 	ctl_free_io_internal(io, /*have_lock*/ 0);
3607 }
3608 
3609 void
3610 ctl_zero_io(union ctl_io *io)
3611 {
3612 	void *pool_ref;
3613 
3614 	if (io == NULL)
3615 		return;
3616 
3617 	/*
3618 	 * May need to preserve linked list pointers at some point too.
3619 	 */
3620 	pool_ref = io->io_hdr.pool;
3621 
3622 	memset(io, 0, sizeof(*io));
3623 
3624 	io->io_hdr.pool = pool_ref;
3625 }
3626 
3627 /*
3628  * This routine is currently used for internal copies of ctl_ios that need
3629  * to persist for some reason after we've already returned status to the
3630  * FETD.  (Thus the flag set.)
3631  *
3632  * XXX XXX
3633  * Note that this makes a blind copy of all fields in the ctl_io, except
3634  * for the pool reference.  This includes any memory that has been
3635  * allocated!  That memory will no longer be valid after done has been
3636  * called, so this would be VERY DANGEROUS for command that actually does
3637  * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3638  * start and stop commands, which don't transfer any data, so this is not a
3639  * problem.  If it is used for anything else, the caller would also need to
3640  * allocate data buffer space and this routine would need to be modified to
3641  * copy the data buffer(s) as well.
3642  */
3643 void
3644 ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3645 {
3646 	void *pool_ref;
3647 
3648 	if ((src == NULL)
3649 	 || (dest == NULL))
3650 		return;
3651 
3652 	/*
3653 	 * May need to preserve linked list pointers at some point too.
3654 	 */
3655 	pool_ref = dest->io_hdr.pool;
3656 
3657 	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
3658 
3659 	dest->io_hdr.pool = pool_ref;
3660 	/*
3661 	 * We need to know that this is an internal copy, and doesn't need
3662 	 * to get passed back to the FETD that allocated it.
3663 	 */
3664 	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3665 }
3666 
3667 #ifdef NEEDTOPORT
3668 static void
3669 ctl_update_power_subpage(struct copan_power_subpage *page)
3670 {
3671 	int num_luns, num_partitions, config_type;
3672 	struct ctl_softc *softc;
3673 	cs_BOOL_t aor_present, shelf_50pct_power;
3674 	cs_raidset_personality_t rs_type;
3675 	int max_active_luns;
3676 
3677 	softc = control_softc;
3678 
3679 	/* subtract out the processor LUN */
3680 	num_luns = softc->num_luns - 1;
3681 	/*
3682 	 * Default to 7 LUNs active, which was the only number we allowed
3683 	 * in the past.
3684 	 */
3685 	max_active_luns = 7;
3686 
3687 	num_partitions = config_GetRsPartitionInfo();
3688 	config_type = config_GetConfigType();
3689 	shelf_50pct_power = config_GetShelfPowerMode();
3690 	aor_present = config_IsAorRsPresent();
3691 
3692 	rs_type = ddb_GetRsRaidType(1);
3693 	if ((rs_type != CS_RAIDSET_PERSONALITY_RAID5)
3694 	 && (rs_type != CS_RAIDSET_PERSONALITY_RAID1)) {
3695 		EPRINT(0, "Unsupported RS type %d!", rs_type);
3696 	}
3697 
3698 
3699 	page->total_luns = num_luns;
3700 
3701 	switch (config_type) {
3702 	case 40:
3703 		/*
3704 		 * In a 40 drive configuration, it doesn't matter what DC
3705 		 * cards we have, whether we have AOR enabled or not,
3706 		 * partitioning or not, or what type of RAIDset we have.
3707 		 * In that scenario, we can power up every LUN we present
3708 		 * to the user.
3709 		 */
3710 		max_active_luns = num_luns;
3711 
3712 		break;
3713 	case 64:
3714 		if (shelf_50pct_power == CS_FALSE) {
3715 			/* 25% power */
3716 			if (aor_present == CS_TRUE) {
3717 				if (rs_type ==
3718 				     CS_RAIDSET_PERSONALITY_RAID5) {
3719 					max_active_luns = 7;
3720 				} else if (rs_type ==
3721 					 CS_RAIDSET_PERSONALITY_RAID1){
3722 					max_active_luns = 14;
3723 				} else {
3724 					/* XXX KDM now what?? */
3725 				}
3726 			} else {
3727 				if (rs_type ==
3728 				     CS_RAIDSET_PERSONALITY_RAID5) {
3729 					max_active_luns = 8;
3730 				} else if (rs_type ==
3731 					 CS_RAIDSET_PERSONALITY_RAID1){
3732 					max_active_luns = 16;
3733 				} else {
3734 					/* XXX KDM now what?? */
3735 				}
3736 			}
3737 		} else {
3738 			/* 50% power */
3739 			/*
3740 			 * With 50% power in a 64 drive configuration, we
3741 			 * can power all LUNs we present.
3742 			 */
3743 			max_active_luns = num_luns;
3744 		}
3745 		break;
3746 	case 112:
3747 		if (shelf_50pct_power == CS_FALSE) {
3748 			/* 25% power */
3749 			if (aor_present == CS_TRUE) {
3750 				if (rs_type ==
3751 				     CS_RAIDSET_PERSONALITY_RAID5) {
3752 					max_active_luns = 7;
3753 				} else if (rs_type ==
3754 					 CS_RAIDSET_PERSONALITY_RAID1){
3755 					max_active_luns = 14;
3756 				} else {
3757 					/* XXX KDM now what?? */
3758 				}
3759 			} else {
3760 				if (rs_type ==
3761 				     CS_RAIDSET_PERSONALITY_RAID5) {
3762 					max_active_luns = 8;
3763 				} else if (rs_type ==
3764 					 CS_RAIDSET_PERSONALITY_RAID1){
3765 					max_active_luns = 16;
3766 				} else {
3767 					/* XXX KDM now what?? */
3768 				}
3769 			}
3770 		} else {
3771 			/* 50% power */
3772 			if (aor_present == CS_TRUE) {
3773 				if (rs_type ==
3774 				     CS_RAIDSET_PERSONALITY_RAID5) {
3775 					max_active_luns = 14;
3776 				} else if (rs_type ==
3777 					 CS_RAIDSET_PERSONALITY_RAID1){
3778 					/*
3779 					 * We're assuming here that disk
3780 					 * caching is enabled, and so we're
3781 					 * able to power up half of each
3782 					 * LUN, and cache all writes.
3783 					 */
3784 					max_active_luns = num_luns;
3785 				} else {
3786 					/* XXX KDM now what?? */
3787 				}
3788 			} else {
3789 				if (rs_type ==
3790 				     CS_RAIDSET_PERSONALITY_RAID5) {
3791 					max_active_luns = 15;
3792 				} else if (rs_type ==
3793 					 CS_RAIDSET_PERSONALITY_RAID1){
3794 					max_active_luns = 30;
3795 				} else {
3796 					/* XXX KDM now what?? */
3797 				}
3798 			}
3799 		}
3800 		break;
3801 	default:
3802 		/*
3803 		 * In this case, we have an unknown configuration, so we
3804 		 * just use the default from above.
3805 		 */
3806 		break;
3807 	}
3808 
3809 	page->max_active_luns = max_active_luns;
3810 #if 0
3811 	printk("%s: total_luns = %d, max_active_luns = %d\n", __func__,
3812 	       page->total_luns, page->max_active_luns);
3813 #endif
3814 }
3815 #endif /* NEEDTOPORT */
3816 
3817 /*
3818  * This routine could be used in the future to load default and/or saved
3819  * mode page parameters for a particuar lun.
3820  */
3821 static int
3822 ctl_init_page_index(struct ctl_lun *lun)
3823 {
3824 	int i;
3825 	struct ctl_page_index *page_index;
3826 	struct ctl_softc *softc;
3827 
3828 	memcpy(&lun->mode_pages.index, page_index_template,
3829 	       sizeof(page_index_template));
3830 
3831 	softc = lun->ctl_softc;
3832 
3833 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3834 
3835 		page_index = &lun->mode_pages.index[i];
3836 		/*
3837 		 * If this is a disk-only mode page, there's no point in
3838 		 * setting it up.  For some pages, we have to have some
3839 		 * basic information about the disk in order to calculate the
3840 		 * mode page data.
3841 		 */
3842 		if ((lun->be_lun->lun_type != T_DIRECT)
3843 		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3844 			continue;
3845 
3846 		switch (page_index->page_code & SMPH_PC_MASK) {
3847 		case SMS_FORMAT_DEVICE_PAGE: {
3848 			struct scsi_format_page *format_page;
3849 
3850 			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3851 				panic("subpage is incorrect!");
3852 
3853 			/*
3854 			 * Sectors per track are set above.  Bytes per
3855 			 * sector need to be set here on a per-LUN basis.
3856 			 */
3857 			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3858 			       &format_page_default,
3859 			       sizeof(format_page_default));
3860 			memcpy(&lun->mode_pages.format_page[
3861 			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3862 			       sizeof(format_page_changeable));
3863 			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3864 			       &format_page_default,
3865 			       sizeof(format_page_default));
3866 			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3867 			       &format_page_default,
3868 			       sizeof(format_page_default));
3869 
3870 			format_page = &lun->mode_pages.format_page[
3871 				CTL_PAGE_CURRENT];
3872 			scsi_ulto2b(lun->be_lun->blocksize,
3873 				    format_page->bytes_per_sector);
3874 
3875 			format_page = &lun->mode_pages.format_page[
3876 				CTL_PAGE_DEFAULT];
3877 			scsi_ulto2b(lun->be_lun->blocksize,
3878 				    format_page->bytes_per_sector);
3879 
3880 			format_page = &lun->mode_pages.format_page[
3881 				CTL_PAGE_SAVED];
3882 			scsi_ulto2b(lun->be_lun->blocksize,
3883 				    format_page->bytes_per_sector);
3884 
3885 			page_index->page_data =
3886 				(uint8_t *)lun->mode_pages.format_page;
3887 			break;
3888 		}
3889 		case SMS_RIGID_DISK_PAGE: {
3890 			struct scsi_rigid_disk_page *rigid_disk_page;
3891 			uint32_t sectors_per_cylinder;
3892 			uint64_t cylinders;
3893 #ifndef	__XSCALE__
3894 			int shift;
3895 #endif /* !__XSCALE__ */
3896 
3897 			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3898 				panic("invalid subpage value %d",
3899 				      page_index->subpage);
3900 
3901 			/*
3902 			 * Rotation rate and sectors per track are set
3903 			 * above.  We calculate the cylinders here based on
3904 			 * capacity.  Due to the number of heads and
3905 			 * sectors per track we're using, smaller arrays
3906 			 * may turn out to have 0 cylinders.  Linux and
3907 			 * FreeBSD don't pay attention to these mode pages
3908 			 * to figure out capacity, but Solaris does.  It
3909 			 * seems to deal with 0 cylinders just fine, and
3910 			 * works out a fake geometry based on the capacity.
3911 			 */
3912 			memcpy(&lun->mode_pages.rigid_disk_page[
3913 			       CTL_PAGE_CURRENT], &rigid_disk_page_default,
3914 			       sizeof(rigid_disk_page_default));
3915 			memcpy(&lun->mode_pages.rigid_disk_page[
3916 			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3917 			       sizeof(rigid_disk_page_changeable));
3918 			memcpy(&lun->mode_pages.rigid_disk_page[
3919 			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3920 			       sizeof(rigid_disk_page_default));
3921 			memcpy(&lun->mode_pages.rigid_disk_page[
3922 			       CTL_PAGE_SAVED], &rigid_disk_page_default,
3923 			       sizeof(rigid_disk_page_default));
3924 
3925 			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3926 				CTL_DEFAULT_HEADS;
3927 
3928 			/*
3929 			 * The divide method here will be more accurate,
3930 			 * probably, but results in floating point being
3931 			 * used in the kernel on i386 (__udivdi3()).  On the
3932 			 * XScale, though, __udivdi3() is implemented in
3933 			 * software.
3934 			 *
3935 			 * The shift method for cylinder calculation is
3936 			 * accurate if sectors_per_cylinder is a power of
3937 			 * 2.  Otherwise it might be slightly off -- you
3938 			 * might have a bit of a truncation problem.
3939 			 */
3940 #ifdef	__XSCALE__
3941 			cylinders = (lun->be_lun->maxlba + 1) /
3942 				sectors_per_cylinder;
3943 #else
3944 			for (shift = 31; shift > 0; shift--) {
3945 				if (sectors_per_cylinder & (1 << shift))
3946 					break;
3947 			}
3948 			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3949 #endif
3950 
3951 			/*
3952 			 * We've basically got 3 bytes, or 24 bits for the
3953 			 * cylinder size in the mode page.  If we're over,
3954 			 * just round down to 2^24.
3955 			 */
3956 			if (cylinders > 0xffffff)
3957 				cylinders = 0xffffff;
3958 
3959 			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3960 				CTL_PAGE_CURRENT];
3961 			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3962 
3963 			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3964 				CTL_PAGE_DEFAULT];
3965 			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3966 
3967 			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3968 				CTL_PAGE_SAVED];
3969 			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3970 
3971 			page_index->page_data =
3972 				(uint8_t *)lun->mode_pages.rigid_disk_page;
3973 			break;
3974 		}
3975 		case SMS_CACHING_PAGE: {
3976 
3977 			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3978 				panic("invalid subpage value %d",
3979 				      page_index->subpage);
3980 			/*
3981 			 * Defaults should be okay here, no calculations
3982 			 * needed.
3983 			 */
3984 			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3985 			       &caching_page_default,
3986 			       sizeof(caching_page_default));
3987 			memcpy(&lun->mode_pages.caching_page[
3988 			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3989 			       sizeof(caching_page_changeable));
3990 			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3991 			       &caching_page_default,
3992 			       sizeof(caching_page_default));
3993 			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3994 			       &caching_page_default,
3995 			       sizeof(caching_page_default));
3996 			page_index->page_data =
3997 				(uint8_t *)lun->mode_pages.caching_page;
3998 			break;
3999 		}
4000 		case SMS_CONTROL_MODE_PAGE: {
4001 
4002 			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4003 				panic("invalid subpage value %d",
4004 				      page_index->subpage);
4005 
4006 			/*
4007 			 * Defaults should be okay here, no calculations
4008 			 * needed.
4009 			 */
4010 			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4011 			       &control_page_default,
4012 			       sizeof(control_page_default));
4013 			memcpy(&lun->mode_pages.control_page[
4014 			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4015 			       sizeof(control_page_changeable));
4016 			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4017 			       &control_page_default,
4018 			       sizeof(control_page_default));
4019 			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4020 			       &control_page_default,
4021 			       sizeof(control_page_default));
4022 			page_index->page_data =
4023 				(uint8_t *)lun->mode_pages.control_page;
4024 			break;
4025 
4026 		}
4027 		case SMS_VENDOR_SPECIFIC_PAGE:{
4028 			switch (page_index->subpage) {
4029 			case PWR_SUBPAGE_CODE: {
4030 				struct copan_power_subpage *current_page,
4031 							   *saved_page;
4032 
4033 				memcpy(&lun->mode_pages.power_subpage[
4034 				       CTL_PAGE_CURRENT],
4035 				       &power_page_default,
4036 				       sizeof(power_page_default));
4037 				memcpy(&lun->mode_pages.power_subpage[
4038 				       CTL_PAGE_CHANGEABLE],
4039 				       &power_page_changeable,
4040 				       sizeof(power_page_changeable));
4041 				memcpy(&lun->mode_pages.power_subpage[
4042 				       CTL_PAGE_DEFAULT],
4043 				       &power_page_default,
4044 				       sizeof(power_page_default));
4045 				memcpy(&lun->mode_pages.power_subpage[
4046 				       CTL_PAGE_SAVED],
4047 				       &power_page_default,
4048 				       sizeof(power_page_default));
4049 				page_index->page_data =
4050 				    (uint8_t *)lun->mode_pages.power_subpage;
4051 
4052 				current_page = (struct copan_power_subpage *)
4053 					(page_index->page_data +
4054 					 (page_index->page_len *
4055 					  CTL_PAGE_CURRENT));
4056 			        saved_page = (struct copan_power_subpage *)
4057 				        (page_index->page_data +
4058 					 (page_index->page_len *
4059 					  CTL_PAGE_SAVED));
4060 				break;
4061 			}
4062 			case APS_SUBPAGE_CODE: {
4063 				struct copan_aps_subpage *current_page,
4064 							 *saved_page;
4065 
4066 				// This gets set multiple times but
4067 				// it should always be the same. It's
4068 				// only done during init so who cares.
4069 				index_to_aps_page = i;
4070 
4071 				memcpy(&lun->mode_pages.aps_subpage[
4072 				       CTL_PAGE_CURRENT],
4073 				       &aps_page_default,
4074 				       sizeof(aps_page_default));
4075 				memcpy(&lun->mode_pages.aps_subpage[
4076 				       CTL_PAGE_CHANGEABLE],
4077 				       &aps_page_changeable,
4078 				       sizeof(aps_page_changeable));
4079 				memcpy(&lun->mode_pages.aps_subpage[
4080 				       CTL_PAGE_DEFAULT],
4081 				       &aps_page_default,
4082 				       sizeof(aps_page_default));
4083 				memcpy(&lun->mode_pages.aps_subpage[
4084 				       CTL_PAGE_SAVED],
4085 				       &aps_page_default,
4086 				       sizeof(aps_page_default));
4087 				page_index->page_data =
4088 					(uint8_t *)lun->mode_pages.aps_subpage;
4089 
4090 				current_page = (struct copan_aps_subpage *)
4091 					(page_index->page_data +
4092 					 (page_index->page_len *
4093 					  CTL_PAGE_CURRENT));
4094 				saved_page = (struct copan_aps_subpage *)
4095 					(page_index->page_data +
4096 					 (page_index->page_len *
4097 					  CTL_PAGE_SAVED));
4098 				break;
4099 			}
4100 			case DBGCNF_SUBPAGE_CODE: {
4101 				struct copan_debugconf_subpage *current_page,
4102 							       *saved_page;
4103 
4104 				memcpy(&lun->mode_pages.debugconf_subpage[
4105 				       CTL_PAGE_CURRENT],
4106 				       &debugconf_page_default,
4107 				       sizeof(debugconf_page_default));
4108 				memcpy(&lun->mode_pages.debugconf_subpage[
4109 				       CTL_PAGE_CHANGEABLE],
4110 				       &debugconf_page_changeable,
4111 				       sizeof(debugconf_page_changeable));
4112 				memcpy(&lun->mode_pages.debugconf_subpage[
4113 				       CTL_PAGE_DEFAULT],
4114 				       &debugconf_page_default,
4115 				       sizeof(debugconf_page_default));
4116 				memcpy(&lun->mode_pages.debugconf_subpage[
4117 				       CTL_PAGE_SAVED],
4118 				       &debugconf_page_default,
4119 				       sizeof(debugconf_page_default));
4120 				page_index->page_data =
4121 					(uint8_t *)lun->mode_pages.debugconf_subpage;
4122 
4123 				current_page = (struct copan_debugconf_subpage *)
4124 					(page_index->page_data +
4125 					 (page_index->page_len *
4126 					  CTL_PAGE_CURRENT));
4127 				saved_page = (struct copan_debugconf_subpage *)
4128 					(page_index->page_data +
4129 					 (page_index->page_len *
4130 					  CTL_PAGE_SAVED));
4131 				break;
4132 			}
4133 			default:
4134 				panic("invalid subpage value %d",
4135 				      page_index->subpage);
4136 				break;
4137 			}
4138    			break;
4139 		}
4140 		default:
4141 			panic("invalid page value %d",
4142 			      page_index->page_code & SMPH_PC_MASK);
4143 			break;
4144     	}
4145 	}
4146 
4147 	return (CTL_RETVAL_COMPLETE);
4148 }
4149 
4150 /*
4151  * LUN allocation.
4152  *
4153  * Requirements:
4154  * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4155  *   wants us to allocate the LUN and he can block.
4156  * - ctl_softc is always set
4157  * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4158  *
4159  * Returns 0 for success, non-zero (errno) for failure.
4160  */
4161 static int
4162 ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4163 	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4164 {
4165 	struct ctl_lun *nlun, *lun;
4166 	struct ctl_frontend *fe;
4167 	int lun_number, i;
4168 
4169 	if (be_lun == NULL)
4170 		return (EINVAL);
4171 
4172 	/*
4173 	 * We currently only support Direct Access or Processor LUN types.
4174 	 */
4175 	switch (be_lun->lun_type) {
4176 	case T_DIRECT:
4177 		break;
4178 	case T_PROCESSOR:
4179 		break;
4180 	case T_SEQUENTIAL:
4181 	case T_CHANGER:
4182 	default:
4183 		be_lun->lun_config_status(be_lun->be_lun,
4184 					  CTL_LUN_CONFIG_FAILURE);
4185 		break;
4186 	}
4187 	if (ctl_lun == NULL) {
4188 		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4189 		lun->flags = CTL_LUN_MALLOCED;
4190 	} else
4191 		lun = ctl_lun;
4192 
4193 	memset(lun, 0, sizeof(*lun));
4194 
4195 	mtx_lock(&ctl_softc->ctl_lock);
4196 	/*
4197 	 * See if the caller requested a particular LUN number.  If so, see
4198 	 * if it is available.  Otherwise, allocate the first available LUN.
4199 	 */
4200 	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4201 		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4202 		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4203 			mtx_unlock(&ctl_softc->ctl_lock);
4204 			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4205 				printf("ctl: requested LUN ID %d is higher "
4206 				       "than CTL_MAX_LUNS - 1 (%d)\n",
4207 				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4208 			} else {
4209 				/*
4210 				 * XXX KDM return an error, or just assign
4211 				 * another LUN ID in this case??
4212 				 */
4213 				printf("ctl: requested LUN ID %d is already "
4214 				       "in use\n", be_lun->req_lun_id);
4215 			}
4216 			if (lun->flags & CTL_LUN_MALLOCED)
4217 				free(lun, M_CTL);
4218 			be_lun->lun_config_status(be_lun->be_lun,
4219 						  CTL_LUN_CONFIG_FAILURE);
4220 			return (ENOSPC);
4221 		}
4222 		lun_number = be_lun->req_lun_id;
4223 	} else {
4224 		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4225 		if (lun_number == -1) {
4226 			mtx_unlock(&ctl_softc->ctl_lock);
4227 			printf("ctl: can't allocate LUN on target %ju, out of "
4228 			       "LUNs\n", (uintmax_t)target_id.id);
4229 			if (lun->flags & CTL_LUN_MALLOCED)
4230 				free(lun, M_CTL);
4231 			be_lun->lun_config_status(be_lun->be_lun,
4232 						  CTL_LUN_CONFIG_FAILURE);
4233 			return (ENOSPC);
4234 		}
4235 	}
4236 	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4237 
4238 	lun->target = target_id;
4239 	lun->lun = lun_number;
4240 	lun->be_lun = be_lun;
4241 	/*
4242 	 * The processor LUN is always enabled.  Disk LUNs come on line
4243 	 * disabled, and must be enabled by the backend.
4244 	 */
4245 	lun->flags = CTL_LUN_DISABLED;
4246 	lun->backend = be_lun->be;
4247 	be_lun->ctl_lun = lun;
4248 	be_lun->lun_id = lun_number;
4249 	atomic_add_int(&be_lun->be->num_luns, 1);
4250 	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4251 		lun->flags |= CTL_LUN_STOPPED;
4252 
4253 	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4254 		lun->flags |= CTL_LUN_INOPERABLE;
4255 
4256 	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4257 		lun->flags |= CTL_LUN_PRIMARY_SC;
4258 
4259 	lun->ctl_softc = ctl_softc;
4260 	TAILQ_INIT(&lun->ooa_queue);
4261 	TAILQ_INIT(&lun->blocked_queue);
4262 	STAILQ_INIT(&lun->error_list);
4263 
4264 	/*
4265 	 * Initialize the mode page index.
4266 	 */
4267 	ctl_init_page_index(lun);
4268 
4269 	/*
4270 	 * Set the poweron UA for all initiators on this LUN only.
4271 	 */
4272 	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4273 		lun->pending_sense[i].ua_pending = CTL_UA_POWERON;
4274 
4275 	/*
4276 	 * Now, before we insert this lun on the lun list, set the lun
4277 	 * inventory changed UA for all other luns.
4278 	 */
4279 	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4280 		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4281 			nlun->pending_sense[i].ua_pending |= CTL_UA_LUN_CHANGE;
4282 		}
4283 	}
4284 
4285 	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4286 
4287 	ctl_softc->ctl_luns[lun_number] = lun;
4288 
4289 	ctl_softc->num_luns++;
4290 
4291 	/* Setup statistics gathering */
4292 	lun->stats.device_type = be_lun->lun_type;
4293 	lun->stats.lun_number = lun_number;
4294 	if (lun->stats.device_type == T_DIRECT)
4295 		lun->stats.blocksize = be_lun->blocksize;
4296 	else
4297 		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4298 	for (i = 0;i < CTL_MAX_PORTS;i++)
4299 		lun->stats.ports[i].targ_port = i;
4300 
4301 	mtx_unlock(&ctl_softc->ctl_lock);
4302 
4303 	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4304 
4305 	/*
4306 	 * Run through each registered FETD and bring it online if it isn't
4307 	 * already.  Enable the target ID if it hasn't been enabled, and
4308 	 * enable this particular LUN.
4309 	 */
4310 	STAILQ_FOREACH(fe, &ctl_softc->fe_list, links) {
4311 		int retval;
4312 
4313 		/*
4314 		 * XXX KDM this only works for ONE TARGET ID.  We'll need
4315 		 * to do things differently if we go to a multiple target
4316 		 * ID scheme.
4317 		 */
4318 		if ((fe->status & CTL_PORT_STATUS_TARG_ONLINE) == 0) {
4319 
4320 			retval = fe->targ_enable(fe->targ_lun_arg, target_id);
4321 			if (retval != 0) {
4322 				printf("ctl_alloc_lun: FETD %s port %d "
4323 				       "returned error %d for targ_enable on "
4324 				       "target %ju\n", fe->port_name,
4325 				       fe->targ_port, retval,
4326 				       (uintmax_t)target_id.id);
4327 			} else
4328 				fe->status |= CTL_PORT_STATUS_TARG_ONLINE;
4329 		}
4330 
4331 		retval = fe->lun_enable(fe->targ_lun_arg, target_id,lun_number);
4332 		if (retval != 0) {
4333 			printf("ctl_alloc_lun: FETD %s port %d returned error "
4334 			       "%d for lun_enable on target %ju lun %d\n",
4335 			       fe->port_name, fe->targ_port, retval,
4336 			       (uintmax_t)target_id.id, lun_number);
4337 		} else
4338 			fe->status |= CTL_PORT_STATUS_LUN_ONLINE;
4339 	}
4340 	return (0);
4341 }
4342 
4343 /*
4344  * Delete a LUN.
4345  * Assumptions:
4346  * - caller holds ctl_softc->ctl_lock.
4347  * - LUN has already been marked invalid and any pending I/O has been taken
4348  *   care of.
4349  */
4350 static int
4351 ctl_free_lun(struct ctl_lun *lun)
4352 {
4353 	struct ctl_softc *softc;
4354 #if 0
4355 	struct ctl_frontend *fe;
4356 #endif
4357 	struct ctl_lun *nlun;
4358 	union ctl_io *io, *next_io;
4359 	int i;
4360 
4361 	softc = lun->ctl_softc;
4362 
4363 	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4364 
4365 	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4366 
4367 	softc->ctl_luns[lun->lun] = NULL;
4368 
4369 	if (TAILQ_FIRST(&lun->ooa_queue) != NULL) {
4370 		printf("ctl_free_lun: aieee!! freeing a LUN with "
4371 		       "outstanding I/O!!\n");
4372 	}
4373 
4374 	/*
4375 	 * If we have anything pending on the RtR queue, remove it.
4376 	 */
4377 	for (io = (union ctl_io *)STAILQ_FIRST(&softc->rtr_queue); io != NULL;
4378 	     io = next_io) {
4379 		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
4380 		if ((io->io_hdr.nexus.targ_target.id == lun->target.id)
4381 		 && (io->io_hdr.nexus.targ_lun == lun->lun))
4382 			STAILQ_REMOVE(&softc->rtr_queue, &io->io_hdr,
4383 				      ctl_io_hdr, links);
4384 	}
4385 
4386 	/*
4387 	 * Then remove everything from the blocked queue.
4388 	 */
4389 	for (io = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue); io != NULL;
4390 	     io = next_io) {
4391 		next_io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,blocked_links);
4392 		TAILQ_REMOVE(&lun->blocked_queue, &io->io_hdr, blocked_links);
4393 		io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
4394 	}
4395 
4396 	/*
4397 	 * Now clear out the OOA queue, and free all the I/O.
4398 	 * XXX KDM should we notify the FETD here?  We probably need to
4399 	 * quiesce the LUN before deleting it.
4400 	 */
4401 	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); io != NULL;
4402 	     io = next_io) {
4403 		next_io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr, ooa_links);
4404 		TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
4405 		ctl_free_io_internal(io, /*have_lock*/ 1);
4406 	}
4407 
4408 	softc->num_luns--;
4409 
4410 	/*
4411 	 * XXX KDM this scheme only works for a single target/multiple LUN
4412 	 * setup.  It needs to be revamped for a multiple target scheme.
4413 	 *
4414 	 * XXX KDM this results in fe->lun_disable() getting called twice,
4415 	 * once when ctl_disable_lun() is called, and a second time here.
4416 	 * We really need to re-think the LUN disable semantics.  There
4417 	 * should probably be several steps/levels to LUN removal:
4418 	 *  - disable
4419 	 *  - invalidate
4420 	 *  - free
4421  	 *
4422 	 * Right now we only have a disable method when communicating to
4423 	 * the front end ports, at least for individual LUNs.
4424 	 */
4425 #if 0
4426 	STAILQ_FOREACH(fe, &softc->fe_list, links) {
4427 		int retval;
4428 
4429 		retval = fe->lun_disable(fe->targ_lun_arg, lun->target,
4430 					 lun->lun);
4431 		if (retval != 0) {
4432 			printf("ctl_free_lun: FETD %s port %d returned error "
4433 			       "%d for lun_disable on target %ju lun %jd\n",
4434 			       fe->port_name, fe->targ_port, retval,
4435 			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4436 		}
4437 
4438 		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4439 			fe->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4440 
4441 			retval = fe->targ_disable(fe->targ_lun_arg,lun->target);
4442 			if (retval != 0) {
4443 				printf("ctl_free_lun: FETD %s port %d "
4444 				       "returned error %d for targ_disable on "
4445 				       "target %ju\n", fe->port_name,
4446 				       fe->targ_port, retval,
4447 				       (uintmax_t)lun->target.id);
4448 			} else
4449 				fe->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4450 
4451 			if ((fe->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4452 				continue;
4453 
4454 #if 0
4455 			fe->port_offline(fe->onoff_arg);
4456 			fe->status &= ~CTL_PORT_STATUS_ONLINE;
4457 #endif
4458 		}
4459 	}
4460 #endif
4461 
4462 	/*
4463 	 * Tell the backend to free resources, if this LUN has a backend.
4464 	 */
4465 	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4466 	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4467 
4468 	if (lun->flags & CTL_LUN_MALLOCED)
4469 		free(lun, M_CTL);
4470 
4471 	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4472 		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4473 			nlun->pending_sense[i].ua_pending |= CTL_UA_LUN_CHANGE;
4474 		}
4475 	}
4476 
4477 	return (0);
4478 }
4479 
4480 static void
4481 ctl_create_lun(struct ctl_be_lun *be_lun)
4482 {
4483 	struct ctl_softc *ctl_softc;
4484 
4485 	ctl_softc = control_softc;
4486 
4487 	/*
4488 	 * ctl_alloc_lun() should handle all potential failure cases.
4489 	 */
4490 	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
4491 }
4492 
4493 int
4494 ctl_add_lun(struct ctl_be_lun *be_lun)
4495 {
4496 	struct ctl_softc *ctl_softc;
4497 
4498 	ctl_softc = control_softc;
4499 
4500 	mtx_lock(&ctl_softc->ctl_lock);
4501 	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
4502 	mtx_unlock(&ctl_softc->ctl_lock);
4503 
4504 	ctl_wakeup_thread();
4505 
4506 	return (0);
4507 }
4508 
4509 int
4510 ctl_enable_lun(struct ctl_be_lun *be_lun)
4511 {
4512 	struct ctl_softc *ctl_softc;
4513 	struct ctl_frontend *fe, *nfe;
4514 	struct ctl_lun *lun;
4515 	int retval;
4516 
4517 	ctl_softc = control_softc;
4518 
4519 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4520 
4521 	mtx_lock(&ctl_softc->ctl_lock);
4522 	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4523 		/*
4524 		 * eh?  Why did we get called if the LUN is already
4525 		 * enabled?
4526 		 */
4527 		mtx_unlock(&ctl_softc->ctl_lock);
4528 		return (0);
4529 	}
4530 	lun->flags &= ~CTL_LUN_DISABLED;
4531 
4532 	for (fe = STAILQ_FIRST(&ctl_softc->fe_list); fe != NULL; fe = nfe) {
4533 		nfe = STAILQ_NEXT(fe, links);
4534 
4535 		/*
4536 		 * Drop the lock while we call the FETD's enable routine.
4537 		 * This can lead to a callback into CTL (at least in the
4538 		 * case of the internal initiator frontend.
4539 		 */
4540 		mtx_unlock(&ctl_softc->ctl_lock);
4541 		retval = fe->lun_enable(fe->targ_lun_arg, lun->target,lun->lun);
4542 		mtx_lock(&ctl_softc->ctl_lock);
4543 		if (retval != 0) {
4544 			printf("%s: FETD %s port %d returned error "
4545 			       "%d for lun_enable on target %ju lun %jd\n",
4546 			       __func__, fe->port_name, fe->targ_port, retval,
4547 			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4548 		}
4549 #if 0
4550 		 else {
4551             /* NOTE:  TODO:  why does lun enable affect port status? */
4552 			fe->status |= CTL_PORT_STATUS_LUN_ONLINE;
4553 		}
4554 #endif
4555 	}
4556 
4557 	mtx_unlock(&ctl_softc->ctl_lock);
4558 
4559 	return (0);
4560 }
4561 
4562 int
4563 ctl_disable_lun(struct ctl_be_lun *be_lun)
4564 {
4565 	struct ctl_softc *ctl_softc;
4566 	struct ctl_frontend *fe;
4567 	struct ctl_lun *lun;
4568 	int retval;
4569 
4570 	ctl_softc = control_softc;
4571 
4572 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4573 
4574 	mtx_lock(&ctl_softc->ctl_lock);
4575 
4576 	if (lun->flags & CTL_LUN_DISABLED) {
4577 		mtx_unlock(&ctl_softc->ctl_lock);
4578 		return (0);
4579 	}
4580 	lun->flags |= CTL_LUN_DISABLED;
4581 
4582 	STAILQ_FOREACH(fe, &ctl_softc->fe_list, links) {
4583 		mtx_unlock(&ctl_softc->ctl_lock);
4584 		/*
4585 		 * Drop the lock before we call the frontend's disable
4586 		 * routine, to avoid lock order reversals.
4587 		 *
4588 		 * XXX KDM what happens if the frontend list changes while
4589 		 * we're traversing it?  It's unlikely, but should be handled.
4590 		 */
4591 		retval = fe->lun_disable(fe->targ_lun_arg, lun->target,
4592 					 lun->lun);
4593 		mtx_lock(&ctl_softc->ctl_lock);
4594 		if (retval != 0) {
4595 			printf("ctl_alloc_lun: FETD %s port %d returned error "
4596 			       "%d for lun_disable on target %ju lun %jd\n",
4597 			       fe->port_name, fe->targ_port, retval,
4598 			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4599 		}
4600 	}
4601 
4602 	mtx_unlock(&ctl_softc->ctl_lock);
4603 
4604 	return (0);
4605 }
4606 
4607 int
4608 ctl_start_lun(struct ctl_be_lun *be_lun)
4609 {
4610 	struct ctl_softc *ctl_softc;
4611 	struct ctl_lun *lun;
4612 
4613 	ctl_softc = control_softc;
4614 
4615 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4616 
4617 	mtx_lock(&ctl_softc->ctl_lock);
4618 	lun->flags &= ~CTL_LUN_STOPPED;
4619 	mtx_unlock(&ctl_softc->ctl_lock);
4620 
4621 	return (0);
4622 }
4623 
4624 int
4625 ctl_stop_lun(struct ctl_be_lun *be_lun)
4626 {
4627 	struct ctl_softc *ctl_softc;
4628 	struct ctl_lun *lun;
4629 
4630 	ctl_softc = control_softc;
4631 
4632 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4633 
4634 	mtx_lock(&ctl_softc->ctl_lock);
4635 	lun->flags |= CTL_LUN_STOPPED;
4636 	mtx_unlock(&ctl_softc->ctl_lock);
4637 
4638 	return (0);
4639 }
4640 
4641 int
4642 ctl_lun_offline(struct ctl_be_lun *be_lun)
4643 {
4644 	struct ctl_softc *ctl_softc;
4645 	struct ctl_lun *lun;
4646 
4647 	ctl_softc = control_softc;
4648 
4649 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4650 
4651 	mtx_lock(&ctl_softc->ctl_lock);
4652 	lun->flags |= CTL_LUN_OFFLINE;
4653 	mtx_unlock(&ctl_softc->ctl_lock);
4654 
4655 	return (0);
4656 }
4657 
4658 int
4659 ctl_lun_online(struct ctl_be_lun *be_lun)
4660 {
4661 	struct ctl_softc *ctl_softc;
4662 	struct ctl_lun *lun;
4663 
4664 	ctl_softc = control_softc;
4665 
4666 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4667 
4668 	mtx_lock(&ctl_softc->ctl_lock);
4669 	lun->flags &= ~CTL_LUN_OFFLINE;
4670 	mtx_unlock(&ctl_softc->ctl_lock);
4671 
4672 	return (0);
4673 }
4674 
4675 int
4676 ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4677 {
4678 	struct ctl_softc *ctl_softc;
4679 	struct ctl_lun *lun;
4680 
4681 	ctl_softc = control_softc;
4682 
4683 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4684 
4685 	mtx_lock(&ctl_softc->ctl_lock);
4686 
4687 	/*
4688 	 * The LUN needs to be disabled before it can be marked invalid.
4689 	 */
4690 	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4691 		mtx_unlock(&ctl_softc->ctl_lock);
4692 		return (-1);
4693 	}
4694 	/*
4695 	 * Mark the LUN invalid.
4696 	 */
4697 	lun->flags |= CTL_LUN_INVALID;
4698 
4699 	/*
4700 	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4701 	 * If we have something in the OOA queue, we'll free it when the
4702 	 * last I/O completes.
4703 	 */
4704 	if (TAILQ_FIRST(&lun->ooa_queue) == NULL)
4705 		ctl_free_lun(lun);
4706 	mtx_unlock(&ctl_softc->ctl_lock);
4707 
4708 	return (0);
4709 }
4710 
4711 int
4712 ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4713 {
4714 	struct ctl_softc *ctl_softc;
4715 	struct ctl_lun *lun;
4716 
4717 	ctl_softc = control_softc;
4718 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4719 
4720 	mtx_lock(&ctl_softc->ctl_lock);
4721 	lun->flags |= CTL_LUN_INOPERABLE;
4722 	mtx_unlock(&ctl_softc->ctl_lock);
4723 
4724 	return (0);
4725 }
4726 
4727 int
4728 ctl_lun_operable(struct ctl_be_lun *be_lun)
4729 {
4730 	struct ctl_softc *ctl_softc;
4731 	struct ctl_lun *lun;
4732 
4733 	ctl_softc = control_softc;
4734 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4735 
4736 	mtx_lock(&ctl_softc->ctl_lock);
4737 	lun->flags &= ~CTL_LUN_INOPERABLE;
4738 	mtx_unlock(&ctl_softc->ctl_lock);
4739 
4740 	return (0);
4741 }
4742 
4743 int
4744 ctl_lun_power_lock(struct ctl_be_lun *be_lun, struct ctl_nexus *nexus,
4745 		   int lock)
4746 {
4747 	struct ctl_softc *softc;
4748 	struct ctl_lun *lun;
4749 	struct copan_aps_subpage *current_sp;
4750 	struct ctl_page_index *page_index;
4751 	int i;
4752 
4753 	softc = control_softc;
4754 
4755 	mtx_lock(&softc->ctl_lock);
4756 
4757 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4758 
4759 	page_index = NULL;
4760 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4761 		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
4762 		     APS_PAGE_CODE)
4763 			continue;
4764 
4765 		if (lun->mode_pages.index[i].subpage != APS_SUBPAGE_CODE)
4766 			continue;
4767 		page_index = &lun->mode_pages.index[i];
4768 	}
4769 
4770 	if (page_index == NULL) {
4771 		mtx_unlock(&softc->ctl_lock);
4772 		printf("%s: APS subpage not found for lun %ju!\n", __func__,
4773 		       (uintmax_t)lun->lun);
4774 		return (1);
4775 	}
4776 #if 0
4777 	if ((softc->aps_locked_lun != 0)
4778 	 && (softc->aps_locked_lun != lun->lun)) {
4779 		printf("%s: attempt to lock LUN %llu when %llu is already "
4780 		       "locked\n");
4781 		mtx_unlock(&softc->ctl_lock);
4782 		return (1);
4783 	}
4784 #endif
4785 
4786 	current_sp = (struct copan_aps_subpage *)(page_index->page_data +
4787 		(page_index->page_len * CTL_PAGE_CURRENT));
4788 
4789 	if (lock != 0) {
4790 		current_sp->lock_active = APS_LOCK_ACTIVE;
4791 		softc->aps_locked_lun = lun->lun;
4792 	} else {
4793 		current_sp->lock_active = 0;
4794 		softc->aps_locked_lun = 0;
4795 	}
4796 
4797 
4798 	/*
4799 	 * If we're in HA mode, try to send the lock message to the other
4800 	 * side.
4801 	 */
4802 	if (ctl_is_single == 0) {
4803 		int isc_retval;
4804 		union ctl_ha_msg lock_msg;
4805 
4806 		lock_msg.hdr.nexus = *nexus;
4807 		lock_msg.hdr.msg_type = CTL_MSG_APS_LOCK;
4808 		if (lock != 0)
4809 			lock_msg.aps.lock_flag = 1;
4810 		else
4811 			lock_msg.aps.lock_flag = 0;
4812 		isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &lock_msg,
4813 					 sizeof(lock_msg), 0);
4814 		if (isc_retval > CTL_HA_STATUS_SUCCESS) {
4815 			printf("%s: APS (lock=%d) error returned from "
4816 			       "ctl_ha_msg_send: %d\n", __func__, lock, isc_retval);
4817 			mtx_unlock(&softc->ctl_lock);
4818 			return (1);
4819 		}
4820 	}
4821 
4822 	mtx_unlock(&softc->ctl_lock);
4823 
4824 	return (0);
4825 }
4826 
4827 void
4828 ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4829 {
4830 	struct ctl_lun *lun;
4831 	struct ctl_softc *softc;
4832 	int i;
4833 
4834 	softc = control_softc;
4835 
4836 	mtx_lock(&softc->ctl_lock);
4837 
4838 	lun = (struct ctl_lun *)be_lun->ctl_lun;
4839 
4840 	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4841 		lun->pending_sense[i].ua_pending |= CTL_UA_CAPACITY_CHANGED;
4842 
4843 	mtx_unlock(&softc->ctl_lock);
4844 }
4845 
4846 /*
4847  * Backend "memory move is complete" callback for requests that never
4848  * make it down to say RAIDCore's configuration code.
4849  */
4850 int
4851 ctl_config_move_done(union ctl_io *io)
4852 {
4853 	int retval;
4854 
4855 	retval = CTL_RETVAL_COMPLETE;
4856 
4857 
4858 	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4859 	/*
4860 	 * XXX KDM this shouldn't happen, but what if it does?
4861 	 */
4862 	if (io->io_hdr.io_type != CTL_IO_SCSI)
4863 		panic("I/O type isn't CTL_IO_SCSI!");
4864 
4865 	if ((io->io_hdr.port_status == 0)
4866 	 && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
4867 	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE))
4868 		io->io_hdr.status = CTL_SUCCESS;
4869 	else if ((io->io_hdr.port_status != 0)
4870 	      && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
4871 	      && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)){
4872 		/*
4873 		 * For hardware error sense keys, the sense key
4874 		 * specific value is defined to be a retry count,
4875 		 * but we use it to pass back an internal FETD
4876 		 * error code.  XXX KDM  Hopefully the FETD is only
4877 		 * using 16 bits for an error code, since that's
4878 		 * all the space we have in the sks field.
4879 		 */
4880 		ctl_set_internal_failure(&io->scsiio,
4881 					 /*sks_valid*/ 1,
4882 					 /*retry_count*/
4883 					 io->io_hdr.port_status);
4884 		free(io->scsiio.kern_data_ptr, M_CTL);
4885 		ctl_done(io);
4886 		goto bailout;
4887 	}
4888 
4889 	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
4890 	 || ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
4891 	 || ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4892 		/*
4893 		 * XXX KDM just assuming a single pointer here, and not a
4894 		 * S/G list.  If we start using S/G lists for config data,
4895 		 * we'll need to know how to clean them up here as well.
4896 		 */
4897 		free(io->scsiio.kern_data_ptr, M_CTL);
4898 		/* Hopefully the user has already set the status... */
4899 		ctl_done(io);
4900 	} else {
4901 		/*
4902 		 * XXX KDM now we need to continue data movement.  Some
4903 		 * options:
4904 		 * - call ctl_scsiio() again?  We don't do this for data
4905 		 *   writes, because for those at least we know ahead of
4906 		 *   time where the write will go and how long it is.  For
4907 		 *   config writes, though, that information is largely
4908 		 *   contained within the write itself, thus we need to
4909 		 *   parse out the data again.
4910 		 *
4911 		 * - Call some other function once the data is in?
4912 		 */
4913 
4914 		/*
4915 		 * XXX KDM call ctl_scsiio() again for now, and check flag
4916 		 * bits to see whether we're allocated or not.
4917 		 */
4918 		retval = ctl_scsiio(&io->scsiio);
4919 	}
4920 bailout:
4921 	return (retval);
4922 }
4923 
4924 /*
4925  * This gets called by a backend driver when it is done with a
4926  * configuration write.
4927  */
4928 void
4929 ctl_config_write_done(union ctl_io *io)
4930 {
4931 	/*
4932 	 * If the IO_CONT flag is set, we need to call the supplied
4933 	 * function to continue processing the I/O, instead of completing
4934 	 * the I/O just yet.
4935 	 *
4936 	 * If there is an error, though, we don't want to keep processing.
4937 	 * Instead, just send status back to the initiator.
4938 	 */
4939 	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT)
4940 	 && (((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)
4941 	  || ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))) {
4942 		io->scsiio.io_cont(io);
4943 		return;
4944 	}
4945 	/*
4946 	 * Since a configuration write can be done for commands that actually
4947 	 * have data allocated, like write buffer, and commands that have
4948 	 * no data, like start/stop unit, we need to check here.
4949 	 */
4950 	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
4951 		free(io->scsiio.kern_data_ptr, M_CTL);
4952 	ctl_done(io);
4953 }
4954 
4955 /*
4956  * SCSI release command.
4957  */
4958 int
4959 ctl_scsi_release(struct ctl_scsiio *ctsio)
4960 {
4961 	int length, longid, thirdparty_id, resv_id;
4962 	struct ctl_softc *ctl_softc;
4963 	struct ctl_lun *lun;
4964 
4965 	length = 0;
4966 	resv_id = 0;
4967 
4968 	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4969 
4970 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4971 	ctl_softc = control_softc;
4972 
4973 	switch (ctsio->cdb[0]) {
4974 	case RELEASE: {
4975 		struct scsi_release *cdb;
4976 
4977 		cdb = (struct scsi_release *)ctsio->cdb;
4978 		if ((cdb->byte2 & 0x1f) != 0) {
4979 			ctl_set_invalid_field(ctsio,
4980 					      /*sks_valid*/ 1,
4981 					      /*command*/ 1,
4982 					      /*field*/ 1,
4983 					      /*bit_valid*/ 0,
4984 					      /*bit*/ 0);
4985 			ctl_done((union ctl_io *)ctsio);
4986 			return (CTL_RETVAL_COMPLETE);
4987 		}
4988 		break;
4989 	}
4990 	case RELEASE_10: {
4991 		struct scsi_release_10 *cdb;
4992 
4993 		cdb = (struct scsi_release_10 *)ctsio->cdb;
4994 
4995 		if ((cdb->byte2 & SR10_EXTENT) != 0) {
4996 			ctl_set_invalid_field(ctsio,
4997 					      /*sks_valid*/ 1,
4998 					      /*command*/ 1,
4999 					      /*field*/ 1,
5000 					      /*bit_valid*/ 1,
5001 					      /*bit*/ 0);
5002 			ctl_done((union ctl_io *)ctsio);
5003 			return (CTL_RETVAL_COMPLETE);
5004 
5005 		}
5006 
5007 		if ((cdb->byte2 & SR10_3RDPTY) != 0) {
5008 			ctl_set_invalid_field(ctsio,
5009 					      /*sks_valid*/ 1,
5010 					      /*command*/ 1,
5011 					      /*field*/ 1,
5012 					      /*bit_valid*/ 1,
5013 					      /*bit*/ 4);
5014 			ctl_done((union ctl_io *)ctsio);
5015 			return (CTL_RETVAL_COMPLETE);
5016 		}
5017 
5018 		if (cdb->byte2 & SR10_LONGID)
5019 			longid = 1;
5020 		else
5021 			thirdparty_id = cdb->thirdparty_id;
5022 
5023 		resv_id = cdb->resv_id;
5024 		length = scsi_2btoul(cdb->length);
5025 		break;
5026 	}
5027 	}
5028 
5029 
5030 	/*
5031 	 * XXX KDM right now, we only support LUN reservation.  We don't
5032 	 * support 3rd party reservations, or extent reservations, which
5033 	 * might actually need the parameter list.  If we've gotten this
5034 	 * far, we've got a LUN reservation.  Anything else got kicked out
5035 	 * above.  So, according to SPC, ignore the length.
5036 	 */
5037 	length = 0;
5038 
5039 	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5040 	 && (length > 0)) {
5041 		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5042 		ctsio->kern_data_len = length;
5043 		ctsio->kern_total_len = length;
5044 		ctsio->kern_data_resid = 0;
5045 		ctsio->kern_rel_offset = 0;
5046 		ctsio->kern_sg_entries = 0;
5047 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5048 		ctsio->be_move_done = ctl_config_move_done;
5049 		ctl_datamove((union ctl_io *)ctsio);
5050 
5051 		return (CTL_RETVAL_COMPLETE);
5052 	}
5053 
5054 	if (length > 0)
5055 		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5056 
5057 	mtx_lock(&ctl_softc->ctl_lock);
5058 
5059 	/*
5060 	 * According to SPC, it is not an error for an intiator to attempt
5061 	 * to release a reservation on a LUN that isn't reserved, or that
5062 	 * is reserved by another initiator.  The reservation can only be
5063 	 * released, though, by the initiator who made it or by one of
5064 	 * several reset type events.
5065 	 */
5066 	if (lun->flags & CTL_LUN_RESERVED) {
5067 		if ((ctsio->io_hdr.nexus.initid.id == lun->rsv_nexus.initid.id)
5068 		 && (ctsio->io_hdr.nexus.targ_port == lun->rsv_nexus.targ_port)
5069 		 && (ctsio->io_hdr.nexus.targ_target.id ==
5070 		     lun->rsv_nexus.targ_target.id)) {
5071 			lun->flags &= ~CTL_LUN_RESERVED;
5072 		}
5073 	}
5074 
5075 	ctsio->scsi_status = SCSI_STATUS_OK;
5076 	ctsio->io_hdr.status = CTL_SUCCESS;
5077 
5078 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5079 		free(ctsio->kern_data_ptr, M_CTL);
5080 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5081 	}
5082 
5083 	mtx_unlock(&ctl_softc->ctl_lock);
5084 
5085 	ctl_done((union ctl_io *)ctsio);
5086 	return (CTL_RETVAL_COMPLETE);
5087 }
5088 
5089 int
5090 ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5091 {
5092 	int extent, thirdparty, longid;
5093 	int resv_id, length;
5094 	uint64_t thirdparty_id;
5095 	struct ctl_softc *ctl_softc;
5096 	struct ctl_lun *lun;
5097 
5098 	extent = 0;
5099 	thirdparty = 0;
5100 	longid = 0;
5101 	resv_id = 0;
5102 	length = 0;
5103 	thirdparty_id = 0;
5104 
5105 	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5106 
5107 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5108 	ctl_softc = control_softc;
5109 
5110 	switch (ctsio->cdb[0]) {
5111 	case RESERVE: {
5112 		struct scsi_reserve *cdb;
5113 
5114 		cdb = (struct scsi_reserve *)ctsio->cdb;
5115 		if ((cdb->byte2 & 0x1f) != 0) {
5116 			ctl_set_invalid_field(ctsio,
5117 					      /*sks_valid*/ 1,
5118 					      /*command*/ 1,
5119 					      /*field*/ 1,
5120 					      /*bit_valid*/ 0,
5121 					      /*bit*/ 0);
5122 			ctl_done((union ctl_io *)ctsio);
5123 			return (CTL_RETVAL_COMPLETE);
5124 		}
5125 		resv_id = cdb->resv_id;
5126 		length = scsi_2btoul(cdb->length);
5127 		break;
5128 	}
5129 	case RESERVE_10: {
5130 		struct scsi_reserve_10 *cdb;
5131 
5132 		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5133 
5134 		if ((cdb->byte2 & SR10_EXTENT) != 0) {
5135 			ctl_set_invalid_field(ctsio,
5136 					      /*sks_valid*/ 1,
5137 					      /*command*/ 1,
5138 					      /*field*/ 1,
5139 					      /*bit_valid*/ 1,
5140 					      /*bit*/ 0);
5141 			ctl_done((union ctl_io *)ctsio);
5142 			return (CTL_RETVAL_COMPLETE);
5143 		}
5144 		if ((cdb->byte2 & SR10_3RDPTY) != 0) {
5145 			ctl_set_invalid_field(ctsio,
5146 					      /*sks_valid*/ 1,
5147 					      /*command*/ 1,
5148 					      /*field*/ 1,
5149 					      /*bit_valid*/ 1,
5150 					      /*bit*/ 4);
5151 			ctl_done((union ctl_io *)ctsio);
5152 			return (CTL_RETVAL_COMPLETE);
5153 		}
5154 		if (cdb->byte2 & SR10_LONGID)
5155 			longid = 1;
5156 		else
5157 			thirdparty_id = cdb->thirdparty_id;
5158 
5159 		resv_id = cdb->resv_id;
5160 		length = scsi_2btoul(cdb->length);
5161 		break;
5162 	}
5163 	}
5164 
5165 	/*
5166 	 * XXX KDM right now, we only support LUN reservation.  We don't
5167 	 * support 3rd party reservations, or extent reservations, which
5168 	 * might actually need the parameter list.  If we've gotten this
5169 	 * far, we've got a LUN reservation.  Anything else got kicked out
5170 	 * above.  So, according to SPC, ignore the length.
5171 	 */
5172 	length = 0;
5173 
5174 	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5175 	 && (length > 0)) {
5176 		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5177 		ctsio->kern_data_len = length;
5178 		ctsio->kern_total_len = length;
5179 		ctsio->kern_data_resid = 0;
5180 		ctsio->kern_rel_offset = 0;
5181 		ctsio->kern_sg_entries = 0;
5182 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5183 		ctsio->be_move_done = ctl_config_move_done;
5184 		ctl_datamove((union ctl_io *)ctsio);
5185 
5186 		return (CTL_RETVAL_COMPLETE);
5187 	}
5188 
5189 	if (length > 0)
5190 		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5191 
5192 	mtx_lock(&ctl_softc->ctl_lock);
5193 	if (lun->flags & CTL_LUN_RESERVED) {
5194 		if ((ctsio->io_hdr.nexus.initid.id != lun->rsv_nexus.initid.id)
5195 		 || (ctsio->io_hdr.nexus.targ_port != lun->rsv_nexus.targ_port)
5196 		 || (ctsio->io_hdr.nexus.targ_target.id !=
5197 		     lun->rsv_nexus.targ_target.id)) {
5198 			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
5199 			ctsio->io_hdr.status = CTL_SCSI_ERROR;
5200 			goto bailout;
5201 		}
5202 	}
5203 
5204 	lun->flags |= CTL_LUN_RESERVED;
5205 	lun->rsv_nexus = ctsio->io_hdr.nexus;
5206 
5207 	ctsio->scsi_status = SCSI_STATUS_OK;
5208 	ctsio->io_hdr.status = CTL_SUCCESS;
5209 
5210 bailout:
5211 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5212 		free(ctsio->kern_data_ptr, M_CTL);
5213 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5214 	}
5215 
5216 	mtx_unlock(&ctl_softc->ctl_lock);
5217 
5218 	ctl_done((union ctl_io *)ctsio);
5219 	return (CTL_RETVAL_COMPLETE);
5220 }
5221 
5222 int
5223 ctl_start_stop(struct ctl_scsiio *ctsio)
5224 {
5225 	struct scsi_start_stop_unit *cdb;
5226 	struct ctl_lun *lun;
5227 	struct ctl_softc *ctl_softc;
5228 	int retval;
5229 
5230 	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5231 
5232 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5233 	ctl_softc = control_softc;
5234 	retval = 0;
5235 
5236 	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5237 
5238 	/*
5239 	 * XXX KDM
5240 	 * We don't support the immediate bit on a stop unit.  In order to
5241 	 * do that, we would need to code up a way to know that a stop is
5242 	 * pending, and hold off any new commands until it completes, one
5243 	 * way or another.  Then we could accept or reject those commands
5244 	 * depending on its status.  We would almost need to do the reverse
5245 	 * of what we do below for an immediate start -- return the copy of
5246 	 * the ctl_io to the FETD with status to send to the host (and to
5247 	 * free the copy!) and then free the original I/O once the stop
5248 	 * actually completes.  That way, the OOA queue mechanism can work
5249 	 * to block commands that shouldn't proceed.  Another alternative
5250 	 * would be to put the copy in the queue in place of the original,
5251 	 * and return the original back to the caller.  That could be
5252 	 * slightly safer..
5253 	 */
5254 	if ((cdb->byte2 & SSS_IMMED)
5255 	 && ((cdb->how & SSS_START) == 0)) {
5256 		ctl_set_invalid_field(ctsio,
5257 				      /*sks_valid*/ 1,
5258 				      /*command*/ 1,
5259 				      /*field*/ 1,
5260 				      /*bit_valid*/ 1,
5261 				      /*bit*/ 0);
5262 		ctl_done((union ctl_io *)ctsio);
5263 		return (CTL_RETVAL_COMPLETE);
5264 	}
5265 
5266 	/*
5267 	 * We don't support the power conditions field.  We need to check
5268 	 * this prior to checking the load/eject and start/stop bits.
5269 	 */
5270 	if ((cdb->how & SSS_PC_MASK) != SSS_PC_START_VALID) {
5271 		ctl_set_invalid_field(ctsio,
5272 				      /*sks_valid*/ 1,
5273 				      /*command*/ 1,
5274 				      /*field*/ 4,
5275 				      /*bit_valid*/ 1,
5276 				      /*bit*/ 4);
5277 		ctl_done((union ctl_io *)ctsio);
5278 		return (CTL_RETVAL_COMPLETE);
5279 	}
5280 
5281 	/*
5282 	 * Media isn't removable, so we can't load or eject it.
5283 	 */
5284 	if ((cdb->how & SSS_LOEJ) != 0) {
5285 		ctl_set_invalid_field(ctsio,
5286 				      /*sks_valid*/ 1,
5287 				      /*command*/ 1,
5288 				      /*field*/ 4,
5289 				      /*bit_valid*/ 1,
5290 				      /*bit*/ 1);
5291 		ctl_done((union ctl_io *)ctsio);
5292 		return (CTL_RETVAL_COMPLETE);
5293 	}
5294 
5295 	if ((lun->flags & CTL_LUN_PR_RESERVED)
5296 	 && ((cdb->how & SSS_START)==0)) {
5297 		uint32_t residx;
5298 
5299 		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5300 		if (!lun->per_res[residx].registered
5301 		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5302 
5303 			ctl_set_reservation_conflict(ctsio);
5304 			ctl_done((union ctl_io *)ctsio);
5305 			return (CTL_RETVAL_COMPLETE);
5306 		}
5307 	}
5308 
5309 	/*
5310 	 * If there is no backend on this device, we can't start or stop
5311 	 * it.  In theory we shouldn't get any start/stop commands in the
5312 	 * first place at this level if the LUN doesn't have a backend.
5313 	 * That should get stopped by the command decode code.
5314 	 */
5315 	if (lun->backend == NULL) {
5316 		ctl_set_invalid_opcode(ctsio);
5317 		ctl_done((union ctl_io *)ctsio);
5318 		return (CTL_RETVAL_COMPLETE);
5319 	}
5320 
5321 	/*
5322 	 * XXX KDM Copan-specific offline behavior.
5323 	 * Figure out a reasonable way to port this?
5324 	 */
5325 #ifdef NEEDTOPORT
5326 	mtx_lock(&ctl_softc->ctl_lock);
5327 
5328 	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5329 	 && (lun->flags & CTL_LUN_OFFLINE)) {
5330 		/*
5331 		 * If the LUN is offline, and the on/offline bit isn't set,
5332 		 * reject the start or stop.  Otherwise, let it through.
5333 		 */
5334 		mtx_unlock(&ctl_softc->ctl_lock);
5335 		ctl_set_lun_not_ready(ctsio);
5336 		ctl_done((union ctl_io *)ctsio);
5337 	} else {
5338 		mtx_unlock(&ctl_softc->ctl_lock);
5339 #endif /* NEEDTOPORT */
5340 		/*
5341 		 * This could be a start or a stop when we're online,
5342 		 * or a stop/offline or start/online.  A start or stop when
5343 		 * we're offline is covered in the case above.
5344 		 */
5345 		/*
5346 		 * In the non-immediate case, we send the request to
5347 		 * the backend and return status to the user when
5348 		 * it is done.
5349 		 *
5350 		 * In the immediate case, we allocate a new ctl_io
5351 		 * to hold a copy of the request, and send that to
5352 		 * the backend.  We then set good status on the
5353 		 * user's request and return it immediately.
5354 		 */
5355 		if (cdb->byte2 & SSS_IMMED) {
5356 			union ctl_io *new_io;
5357 
5358 			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5359 			if (new_io == NULL) {
5360 				ctl_set_busy(ctsio);
5361 				ctl_done((union ctl_io *)ctsio);
5362 			} else {
5363 				ctl_copy_io((union ctl_io *)ctsio,
5364 					    new_io);
5365 				retval = lun->backend->config_write(new_io);
5366 				ctl_set_success(ctsio);
5367 				ctl_done((union ctl_io *)ctsio);
5368 			}
5369 		} else {
5370 			retval = lun->backend->config_write(
5371 				(union ctl_io *)ctsio);
5372 		}
5373 #ifdef NEEDTOPORT
5374 	}
5375 #endif
5376 	return (retval);
5377 }
5378 
5379 /*
5380  * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5381  * we don't really do anything with the LBA and length fields if the user
5382  * passes them in.  Instead we'll just flush out the cache for the entire
5383  * LUN.
5384  */
5385 int
5386 ctl_sync_cache(struct ctl_scsiio *ctsio)
5387 {
5388 	struct ctl_lun *lun;
5389 	struct ctl_softc *ctl_softc;
5390 	uint64_t starting_lba;
5391 	uint32_t block_count;
5392 	int reladr, immed;
5393 	int retval;
5394 
5395 	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5396 
5397 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5398 	ctl_softc = control_softc;
5399 	retval = 0;
5400 	reladr = 0;
5401 	immed = 0;
5402 
5403 	switch (ctsio->cdb[0]) {
5404 	case SYNCHRONIZE_CACHE: {
5405 		struct scsi_sync_cache *cdb;
5406 		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5407 
5408 		if (cdb->byte2 & SSC_RELADR)
5409 			reladr = 1;
5410 
5411 		if (cdb->byte2 & SSC_IMMED)
5412 			immed = 1;
5413 
5414 		starting_lba = scsi_4btoul(cdb->begin_lba);
5415 		block_count = scsi_2btoul(cdb->lb_count);
5416 		break;
5417 	}
5418 	case SYNCHRONIZE_CACHE_16: {
5419 		struct scsi_sync_cache_16 *cdb;
5420 		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5421 
5422 		if (cdb->byte2 & SSC_RELADR)
5423 			reladr = 1;
5424 
5425 		if (cdb->byte2 & SSC_IMMED)
5426 			immed = 1;
5427 
5428 		starting_lba = scsi_8btou64(cdb->begin_lba);
5429 		block_count = scsi_4btoul(cdb->lb_count);
5430 		break;
5431 	}
5432 	default:
5433 		ctl_set_invalid_opcode(ctsio);
5434 		ctl_done((union ctl_io *)ctsio);
5435 		goto bailout;
5436 		break; /* NOTREACHED */
5437 	}
5438 
5439 	if (immed) {
5440 		/*
5441 		 * We don't support the immediate bit.  Since it's in the
5442 		 * same place for the 10 and 16 byte SYNCHRONIZE CACHE
5443 		 * commands, we can just return the same error in either
5444 		 * case.
5445 		 */
5446 		ctl_set_invalid_field(ctsio,
5447 				      /*sks_valid*/ 1,
5448 				      /*command*/ 1,
5449 				      /*field*/ 1,
5450 				      /*bit_valid*/ 1,
5451 				      /*bit*/ 1);
5452 		ctl_done((union ctl_io *)ctsio);
5453 		goto bailout;
5454 	}
5455 
5456 	if (reladr) {
5457 		/*
5458 		 * We don't support the reladr bit either.  It can only be
5459 		 * used with linked commands, and we don't support linked
5460 		 * commands.  Since the bit is in the same place for the
5461 		 * 10 and 16 byte SYNCHRONIZE CACHE * commands, we can
5462 		 * just return the same error in either case.
5463 		 */
5464 		ctl_set_invalid_field(ctsio,
5465 				      /*sks_valid*/ 1,
5466 				      /*command*/ 1,
5467 				      /*field*/ 1,
5468 				      /*bit_valid*/ 1,
5469 				      /*bit*/ 0);
5470 		ctl_done((union ctl_io *)ctsio);
5471 		goto bailout;
5472 	}
5473 
5474 	/*
5475 	 * We check the LBA and length, but don't do anything with them.
5476 	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5477 	 * get flushed.  This check will just help satisfy anyone who wants
5478 	 * to see an error for an out of range LBA.
5479 	 */
5480 	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5481 		ctl_set_lba_out_of_range(ctsio);
5482 		ctl_done((union ctl_io *)ctsio);
5483 		goto bailout;
5484 	}
5485 
5486 	/*
5487 	 * If this LUN has no backend, we can't flush the cache anyway.
5488 	 */
5489 	if (lun->backend == NULL) {
5490 		ctl_set_invalid_opcode(ctsio);
5491 		ctl_done((union ctl_io *)ctsio);
5492 		goto bailout;
5493 	}
5494 
5495 	/*
5496 	 * Check to see whether we're configured to send the SYNCHRONIZE
5497 	 * CACHE command directly to the back end.
5498 	 */
5499 	mtx_lock(&ctl_softc->ctl_lock);
5500 	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5501 	 && (++(lun->sync_count) >= lun->sync_interval)) {
5502 		lun->sync_count = 0;
5503 		mtx_unlock(&ctl_softc->ctl_lock);
5504 		retval = lun->backend->config_write((union ctl_io *)ctsio);
5505 	} else {
5506 		mtx_unlock(&ctl_softc->ctl_lock);
5507 		ctl_set_success(ctsio);
5508 		ctl_done((union ctl_io *)ctsio);
5509 	}
5510 
5511 bailout:
5512 
5513 	return (retval);
5514 }
5515 
5516 int
5517 ctl_format(struct ctl_scsiio *ctsio)
5518 {
5519 	struct scsi_format *cdb;
5520 	struct ctl_lun *lun;
5521 	struct ctl_softc *ctl_softc;
5522 	int length, defect_list_len;
5523 
5524 	CTL_DEBUG_PRINT(("ctl_format\n"));
5525 
5526 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5527 	ctl_softc = control_softc;
5528 
5529 	cdb = (struct scsi_format *)ctsio->cdb;
5530 
5531 	length = 0;
5532 	if (cdb->byte2 & SF_FMTDATA) {
5533 		if (cdb->byte2 & SF_LONGLIST)
5534 			length = sizeof(struct scsi_format_header_long);
5535 		else
5536 			length = sizeof(struct scsi_format_header_short);
5537 	}
5538 
5539 	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5540 	 && (length > 0)) {
5541 		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5542 		ctsio->kern_data_len = length;
5543 		ctsio->kern_total_len = length;
5544 		ctsio->kern_data_resid = 0;
5545 		ctsio->kern_rel_offset = 0;
5546 		ctsio->kern_sg_entries = 0;
5547 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5548 		ctsio->be_move_done = ctl_config_move_done;
5549 		ctl_datamove((union ctl_io *)ctsio);
5550 
5551 		return (CTL_RETVAL_COMPLETE);
5552 	}
5553 
5554 	defect_list_len = 0;
5555 
5556 	if (cdb->byte2 & SF_FMTDATA) {
5557 		if (cdb->byte2 & SF_LONGLIST) {
5558 			struct scsi_format_header_long *header;
5559 
5560 			header = (struct scsi_format_header_long *)
5561 				ctsio->kern_data_ptr;
5562 
5563 			defect_list_len = scsi_4btoul(header->defect_list_len);
5564 			if (defect_list_len != 0) {
5565 				ctl_set_invalid_field(ctsio,
5566 						      /*sks_valid*/ 1,
5567 						      /*command*/ 0,
5568 						      /*field*/ 2,
5569 						      /*bit_valid*/ 0,
5570 						      /*bit*/ 0);
5571 				goto bailout;
5572 			}
5573 		} else {
5574 			struct scsi_format_header_short *header;
5575 
5576 			header = (struct scsi_format_header_short *)
5577 				ctsio->kern_data_ptr;
5578 
5579 			defect_list_len = scsi_2btoul(header->defect_list_len);
5580 			if (defect_list_len != 0) {
5581 				ctl_set_invalid_field(ctsio,
5582 						      /*sks_valid*/ 1,
5583 						      /*command*/ 0,
5584 						      /*field*/ 2,
5585 						      /*bit_valid*/ 0,
5586 						      /*bit*/ 0);
5587 				goto bailout;
5588 			}
5589 		}
5590 	}
5591 
5592 	/*
5593 	 * The format command will clear out the "Medium format corrupted"
5594 	 * status if set by the configuration code.  That status is really
5595 	 * just a way to notify the host that we have lost the media, and
5596 	 * get them to issue a command that will basically make them think
5597 	 * they're blowing away the media.
5598 	 */
5599 	mtx_lock(&ctl_softc->ctl_lock);
5600 	lun->flags &= ~CTL_LUN_INOPERABLE;
5601 	mtx_unlock(&ctl_softc->ctl_lock);
5602 
5603 	ctsio->scsi_status = SCSI_STATUS_OK;
5604 	ctsio->io_hdr.status = CTL_SUCCESS;
5605 bailout:
5606 
5607 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5608 		free(ctsio->kern_data_ptr, M_CTL);
5609 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5610 	}
5611 
5612 	ctl_done((union ctl_io *)ctsio);
5613 	return (CTL_RETVAL_COMPLETE);
5614 }
5615 
5616 int
5617 ctl_write_buffer(struct ctl_scsiio *ctsio)
5618 {
5619 	struct scsi_write_buffer *cdb;
5620 	struct copan_page_header *header;
5621 	struct ctl_lun *lun;
5622 	struct ctl_softc *ctl_softc;
5623 	int buffer_offset, len;
5624 	int retval;
5625 
5626 	header = NULL;
5627 
5628 	retval = CTL_RETVAL_COMPLETE;
5629 
5630 	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5631 
5632 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5633 	ctl_softc = control_softc;
5634 	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5635 
5636 	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5637 		ctl_set_invalid_field(ctsio,
5638 				      /*sks_valid*/ 1,
5639 				      /*command*/ 1,
5640 				      /*field*/ 1,
5641 				      /*bit_valid*/ 1,
5642 				      /*bit*/ 4);
5643 		ctl_done((union ctl_io *)ctsio);
5644 		return (CTL_RETVAL_COMPLETE);
5645 	}
5646 	if (cdb->buffer_id != 0) {
5647 		ctl_set_invalid_field(ctsio,
5648 				      /*sks_valid*/ 1,
5649 				      /*command*/ 1,
5650 				      /*field*/ 2,
5651 				      /*bit_valid*/ 0,
5652 				      /*bit*/ 0);
5653 		ctl_done((union ctl_io *)ctsio);
5654 		return (CTL_RETVAL_COMPLETE);
5655 	}
5656 
5657 	len = scsi_3btoul(cdb->length);
5658 	buffer_offset = scsi_3btoul(cdb->offset);
5659 
5660 	if (len > sizeof(lun->write_buffer)) {
5661 		ctl_set_invalid_field(ctsio,
5662 				      /*sks_valid*/ 1,
5663 				      /*command*/ 1,
5664 				      /*field*/ 6,
5665 				      /*bit_valid*/ 0,
5666 				      /*bit*/ 0);
5667 		ctl_done((union ctl_io *)ctsio);
5668 		return (CTL_RETVAL_COMPLETE);
5669 	}
5670 
5671 	if (buffer_offset != 0) {
5672 		ctl_set_invalid_field(ctsio,
5673 				      /*sks_valid*/ 1,
5674 				      /*command*/ 1,
5675 				      /*field*/ 3,
5676 				      /*bit_valid*/ 0,
5677 				      /*bit*/ 0);
5678 		ctl_done((union ctl_io *)ctsio);
5679 		return (CTL_RETVAL_COMPLETE);
5680 	}
5681 
5682 	/*
5683 	 * If we've got a kernel request that hasn't been malloced yet,
5684 	 * malloc it and tell the caller the data buffer is here.
5685 	 */
5686 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5687 		ctsio->kern_data_ptr = lun->write_buffer;
5688 		ctsio->kern_data_len = len;
5689 		ctsio->kern_total_len = len;
5690 		ctsio->kern_data_resid = 0;
5691 		ctsio->kern_rel_offset = 0;
5692 		ctsio->kern_sg_entries = 0;
5693 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5694 		ctsio->be_move_done = ctl_config_move_done;
5695 		ctl_datamove((union ctl_io *)ctsio);
5696 
5697 		return (CTL_RETVAL_COMPLETE);
5698 	}
5699 
5700 	ctl_done((union ctl_io *)ctsio);
5701 
5702 	return (CTL_RETVAL_COMPLETE);
5703 }
5704 
5705 /*
5706  * Note that this function currently doesn't actually do anything inside
5707  * CTL to enforce things if the DQue bit is turned on.
5708  *
5709  * Also note that this function can't be used in the default case, because
5710  * the DQue bit isn't set in the changeable mask for the control mode page
5711  * anyway.  This is just here as an example for how to implement a page
5712  * handler, and a placeholder in case we want to allow the user to turn
5713  * tagged queueing on and off.
5714  *
5715  * The D_SENSE bit handling is functional, however, and will turn
5716  * descriptor sense on and off for a given LUN.
5717  */
5718 int
5719 ctl_control_page_handler(struct ctl_scsiio *ctsio,
5720 			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5721 {
5722 	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5723 	struct ctl_lun *lun;
5724 	struct ctl_softc *softc;
5725 	int set_ua;
5726 	uint32_t initidx;
5727 
5728 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5729 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5730 	set_ua = 0;
5731 
5732 	user_cp = (struct scsi_control_page *)page_ptr;
5733 	current_cp = (struct scsi_control_page *)
5734 		(page_index->page_data + (page_index->page_len *
5735 		CTL_PAGE_CURRENT));
5736 	saved_cp = (struct scsi_control_page *)
5737 		(page_index->page_data + (page_index->page_len *
5738 		CTL_PAGE_SAVED));
5739 
5740 	softc = control_softc;
5741 
5742 	mtx_lock(&softc->ctl_lock);
5743 	if (((current_cp->rlec & SCP_DSENSE) == 0)
5744 	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5745 		/*
5746 		 * Descriptor sense is currently turned off and the user
5747 		 * wants to turn it on.
5748 		 */
5749 		current_cp->rlec |= SCP_DSENSE;
5750 		saved_cp->rlec |= SCP_DSENSE;
5751 		lun->flags |= CTL_LUN_SENSE_DESC;
5752 		set_ua = 1;
5753 	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5754 		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5755 		/*
5756 		 * Descriptor sense is currently turned on, and the user
5757 		 * wants to turn it off.
5758 		 */
5759 		current_cp->rlec &= ~SCP_DSENSE;
5760 		saved_cp->rlec &= ~SCP_DSENSE;
5761 		lun->flags &= ~CTL_LUN_SENSE_DESC;
5762 		set_ua = 1;
5763 	}
5764 	if (current_cp->queue_flags & SCP_QUEUE_DQUE) {
5765 		if (user_cp->queue_flags & SCP_QUEUE_DQUE) {
5766 #ifdef NEEDTOPORT
5767 			csevent_log(CSC_CTL | CSC_SHELF_SW |
5768 				    CTL_UNTAG_TO_UNTAG,
5769 				    csevent_LogType_Trace,
5770 				    csevent_Severity_Information,
5771 				    csevent_AlertLevel_Green,
5772 				    csevent_FRU_Firmware,
5773 				    csevent_FRU_Unknown,
5774 				    "Received untagged to untagged transition");
5775 #endif /* NEEDTOPORT */
5776 		} else {
5777 #ifdef NEEDTOPORT
5778 			csevent_log(CSC_CTL | CSC_SHELF_SW |
5779 				    CTL_UNTAG_TO_TAG,
5780 				    csevent_LogType_ConfigChange,
5781 				    csevent_Severity_Information,
5782 				    csevent_AlertLevel_Green,
5783 				    csevent_FRU_Firmware,
5784 				    csevent_FRU_Unknown,
5785 				    "Received untagged to tagged "
5786 				    "queueing transition");
5787 #endif /* NEEDTOPORT */
5788 
5789 			current_cp->queue_flags &= ~SCP_QUEUE_DQUE;
5790 			saved_cp->queue_flags &= ~SCP_QUEUE_DQUE;
5791 			set_ua = 1;
5792 		}
5793 	} else {
5794 		if (user_cp->queue_flags & SCP_QUEUE_DQUE) {
5795 #ifdef NEEDTOPORT
5796 			csevent_log(CSC_CTL | CSC_SHELF_SW |
5797 				    CTL_TAG_TO_UNTAG,
5798 				    csevent_LogType_ConfigChange,
5799 				    csevent_Severity_Warning,
5800 				    csevent_AlertLevel_Yellow,
5801 				    csevent_FRU_Firmware,
5802 				    csevent_FRU_Unknown,
5803 				    "Received tagged queueing to untagged "
5804 				    "transition");
5805 #endif /* NEEDTOPORT */
5806 
5807 			current_cp->queue_flags |= SCP_QUEUE_DQUE;
5808 			saved_cp->queue_flags |= SCP_QUEUE_DQUE;
5809 			set_ua = 1;
5810 		} else {
5811 #ifdef NEEDTOPORT
5812 			csevent_log(CSC_CTL | CSC_SHELF_SW |
5813 				    CTL_TAG_TO_TAG,
5814 				    csevent_LogType_Trace,
5815 				    csevent_Severity_Information,
5816 				    csevent_AlertLevel_Green,
5817 				    csevent_FRU_Firmware,
5818 				    csevent_FRU_Unknown,
5819 				    "Received tagged queueing to tagged "
5820 				    "queueing transition");
5821 #endif /* NEEDTOPORT */
5822 		}
5823 	}
5824 	if (set_ua != 0) {
5825 		int i;
5826 		/*
5827 		 * Let other initiators know that the mode
5828 		 * parameters for this LUN have changed.
5829 		 */
5830 		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
5831 			if (i == initidx)
5832 				continue;
5833 
5834 			lun->pending_sense[i].ua_pending |=
5835 				CTL_UA_MODE_CHANGE;
5836 		}
5837 	}
5838 	mtx_unlock(&softc->ctl_lock);
5839 
5840 	return (0);
5841 }
5842 
5843 int
5844 ctl_power_sp_handler(struct ctl_scsiio *ctsio,
5845 		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5846 {
5847 	return (0);
5848 }
5849 
5850 int
5851 ctl_power_sp_sense_handler(struct ctl_scsiio *ctsio,
5852 			   struct ctl_page_index *page_index, int pc)
5853 {
5854 	struct copan_power_subpage *page;
5855 
5856 	page = (struct copan_power_subpage *)page_index->page_data +
5857 		(page_index->page_len * pc);
5858 
5859 	switch (pc) {
5860 	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5861 		/*
5862 		 * We don't update the changable bits for this page.
5863 		 */
5864 		break;
5865 	case SMS_PAGE_CTRL_CURRENT >> 6:
5866 	case SMS_PAGE_CTRL_DEFAULT >> 6:
5867 	case SMS_PAGE_CTRL_SAVED >> 6:
5868 #ifdef NEEDTOPORT
5869 		ctl_update_power_subpage(page);
5870 #endif
5871 		break;
5872 	default:
5873 #ifdef NEEDTOPORT
5874 		EPRINT(0, "Invalid PC %d!!", pc);
5875 #endif
5876 		break;
5877 	}
5878 	return (0);
5879 }
5880 
5881 
5882 int
5883 ctl_aps_sp_handler(struct ctl_scsiio *ctsio,
5884 		   struct ctl_page_index *page_index, uint8_t *page_ptr)
5885 {
5886 	struct copan_aps_subpage *user_sp;
5887 	struct copan_aps_subpage *current_sp;
5888 	union ctl_modepage_info *modepage_info;
5889 	struct ctl_softc *softc;
5890 	struct ctl_lun *lun;
5891 	int retval;
5892 
5893 	retval = CTL_RETVAL_COMPLETE;
5894 	current_sp = (struct copan_aps_subpage *)(page_index->page_data +
5895 		     (page_index->page_len * CTL_PAGE_CURRENT));
5896 	softc = control_softc;
5897 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5898 
5899 	user_sp = (struct copan_aps_subpage *)page_ptr;
5900 
5901 	modepage_info = (union ctl_modepage_info *)
5902 		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5903 
5904 	modepage_info->header.page_code = page_index->page_code & SMPH_PC_MASK;
5905 	modepage_info->header.subpage = page_index->subpage;
5906 	modepage_info->aps.lock_active = user_sp->lock_active;
5907 
5908 	mtx_lock(&softc->ctl_lock);
5909 
5910 	/*
5911 	 * If there is a request to lock the LUN and another LUN is locked
5912 	 * this is an error. If the requested LUN is already locked ignore
5913 	 * the request. If no LUN is locked attempt to lock it.
5914 	 * if there is a request to unlock the LUN and the LUN is currently
5915 	 * locked attempt to unlock it. Otherwise ignore the request. i.e.
5916 	 * if another LUN is locked or no LUN is locked.
5917 	 */
5918 	if (user_sp->lock_active & APS_LOCK_ACTIVE) {
5919 		if (softc->aps_locked_lun == lun->lun) {
5920 			/*
5921 			 * This LUN is already locked, so we're done.
5922 			 */
5923 			retval = CTL_RETVAL_COMPLETE;
5924 		} else if (softc->aps_locked_lun == 0) {
5925 			/*
5926 			 * No one has the lock, pass the request to the
5927 			 * backend.
5928 			 */
5929 			retval = lun->backend->config_write(
5930 				(union ctl_io *)ctsio);
5931 		} else {
5932 			/*
5933 			 * Someone else has the lock, throw out the request.
5934 			 */
5935 			ctl_set_already_locked(ctsio);
5936 			free(ctsio->kern_data_ptr, M_CTL);
5937 			ctl_done((union ctl_io *)ctsio);
5938 
5939 			/*
5940 			 * Set the return value so that ctl_do_mode_select()
5941 			 * won't try to complete the command.  We already
5942 			 * completed it here.
5943 			 */
5944 			retval = CTL_RETVAL_ERROR;
5945 		}
5946 	} else if (softc->aps_locked_lun == lun->lun) {
5947 		/*
5948 		 * This LUN is locked, so pass the unlock request to the
5949 		 * backend.
5950 		 */
5951 		retval = lun->backend->config_write((union ctl_io *)ctsio);
5952 	}
5953 	mtx_unlock(&softc->ctl_lock);
5954 
5955 	return (retval);
5956 }
5957 
5958 int
5959 ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5960 				struct ctl_page_index *page_index,
5961 				uint8_t *page_ptr)
5962 {
5963 	uint8_t *c;
5964 	int i;
5965 
5966 	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5967 	ctl_time_io_secs =
5968 		(c[0] << 8) |
5969 		(c[1] << 0) |
5970 		0;
5971 	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5972 	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5973 	printf("page data:");
5974 	for (i=0; i<8; i++)
5975 		printf(" %.2x",page_ptr[i]);
5976 	printf("\n");
5977 	return (0);
5978 }
5979 
5980 int
5981 ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5982 			       struct ctl_page_index *page_index,
5983 			       int pc)
5984 {
5985 	struct copan_debugconf_subpage *page;
5986 
5987 	page = (struct copan_debugconf_subpage *)page_index->page_data +
5988 		(page_index->page_len * pc);
5989 
5990 	switch (pc) {
5991 	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5992 	case SMS_PAGE_CTRL_DEFAULT >> 6:
5993 	case SMS_PAGE_CTRL_SAVED >> 6:
5994 		/*
5995 		 * We don't update the changable or default bits for this page.
5996 		 */
5997 		break;
5998 	case SMS_PAGE_CTRL_CURRENT >> 6:
5999 		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6000 		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6001 		break;
6002 	default:
6003 #ifdef NEEDTOPORT
6004 		EPRINT(0, "Invalid PC %d!!", pc);
6005 #endif /* NEEDTOPORT */
6006 		break;
6007 	}
6008 	return (0);
6009 }
6010 
6011 
6012 static int
6013 ctl_do_mode_select(union ctl_io *io)
6014 {
6015 	struct scsi_mode_page_header *page_header;
6016 	struct ctl_page_index *page_index;
6017 	struct ctl_scsiio *ctsio;
6018 	int control_dev, page_len;
6019 	int page_len_offset, page_len_size;
6020 	union ctl_modepage_info *modepage_info;
6021 	struct ctl_lun *lun;
6022 	int *len_left, *len_used;
6023 	int retval, i;
6024 
6025 	ctsio = &io->scsiio;
6026 	page_index = NULL;
6027 	page_len = 0;
6028 	retval = CTL_RETVAL_COMPLETE;
6029 
6030 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6031 
6032 	if (lun->be_lun->lun_type != T_DIRECT)
6033 		control_dev = 1;
6034 	else
6035 		control_dev = 0;
6036 
6037 	modepage_info = (union ctl_modepage_info *)
6038 		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6039 	len_left = &modepage_info->header.len_left;
6040 	len_used = &modepage_info->header.len_used;
6041 
6042 do_next_page:
6043 
6044 	page_header = (struct scsi_mode_page_header *)
6045 		(ctsio->kern_data_ptr + *len_used);
6046 
6047 	if (*len_left == 0) {
6048 		free(ctsio->kern_data_ptr, M_CTL);
6049 		ctl_set_success(ctsio);
6050 		ctl_done((union ctl_io *)ctsio);
6051 		return (CTL_RETVAL_COMPLETE);
6052 	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6053 
6054 		free(ctsio->kern_data_ptr, M_CTL);
6055 		ctl_set_param_len_error(ctsio);
6056 		ctl_done((union ctl_io *)ctsio);
6057 		return (CTL_RETVAL_COMPLETE);
6058 
6059 	} else if ((page_header->page_code & SMPH_SPF)
6060 		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6061 
6062 		free(ctsio->kern_data_ptr, M_CTL);
6063 		ctl_set_param_len_error(ctsio);
6064 		ctl_done((union ctl_io *)ctsio);
6065 		return (CTL_RETVAL_COMPLETE);
6066 	}
6067 
6068 
6069 	/*
6070 	 * XXX KDM should we do something with the block descriptor?
6071 	 */
6072 	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6073 
6074 		if ((control_dev != 0)
6075 		 && (lun->mode_pages.index[i].page_flags &
6076 		     CTL_PAGE_FLAG_DISK_ONLY))
6077 			continue;
6078 
6079 		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6080 		    (page_header->page_code & SMPH_PC_MASK))
6081 			continue;
6082 
6083 		/*
6084 		 * If neither page has a subpage code, then we've got a
6085 		 * match.
6086 		 */
6087 		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6088 		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6089 			page_index = &lun->mode_pages.index[i];
6090 			page_len = page_header->page_length;
6091 			break;
6092 		}
6093 
6094 		/*
6095 		 * If both pages have subpages, then the subpage numbers
6096 		 * have to match.
6097 		 */
6098 		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6099 		  && (page_header->page_code & SMPH_SPF)) {
6100 			struct scsi_mode_page_header_sp *sph;
6101 
6102 			sph = (struct scsi_mode_page_header_sp *)page_header;
6103 
6104 			if (lun->mode_pages.index[i].subpage ==
6105 			    sph->subpage) {
6106 				page_index = &lun->mode_pages.index[i];
6107 				page_len = scsi_2btoul(sph->page_length);
6108 				break;
6109 			}
6110 		}
6111 	}
6112 
6113 	/*
6114 	 * If we couldn't find the page, or if we don't have a mode select
6115 	 * handler for it, send back an error to the user.
6116 	 */
6117 	if ((page_index == NULL)
6118 	 || (page_index->select_handler == NULL)) {
6119 		ctl_set_invalid_field(ctsio,
6120 				      /*sks_valid*/ 1,
6121 				      /*command*/ 0,
6122 				      /*field*/ *len_used,
6123 				      /*bit_valid*/ 0,
6124 				      /*bit*/ 0);
6125 		free(ctsio->kern_data_ptr, M_CTL);
6126 		ctl_done((union ctl_io *)ctsio);
6127 		return (CTL_RETVAL_COMPLETE);
6128 	}
6129 
6130 	if (page_index->page_code & SMPH_SPF) {
6131 		page_len_offset = 2;
6132 		page_len_size = 2;
6133 	} else {
6134 		page_len_size = 1;
6135 		page_len_offset = 1;
6136 	}
6137 
6138 	/*
6139 	 * If the length the initiator gives us isn't the one we specify in
6140 	 * the mode page header, or if they didn't specify enough data in
6141 	 * the CDB to avoid truncating this page, kick out the request.
6142 	 */
6143 	if ((page_len != (page_index->page_len - page_len_offset -
6144 			  page_len_size))
6145 	 || (*len_left < page_index->page_len)) {
6146 
6147 
6148 		ctl_set_invalid_field(ctsio,
6149 				      /*sks_valid*/ 1,
6150 				      /*command*/ 0,
6151 				      /*field*/ *len_used + page_len_offset,
6152 				      /*bit_valid*/ 0,
6153 				      /*bit*/ 0);
6154 		free(ctsio->kern_data_ptr, M_CTL);
6155 		ctl_done((union ctl_io *)ctsio);
6156 		return (CTL_RETVAL_COMPLETE);
6157 	}
6158 
6159 	/*
6160 	 * Run through the mode page, checking to make sure that the bits
6161 	 * the user changed are actually legal for him to change.
6162 	 */
6163 	for (i = 0; i < page_index->page_len; i++) {
6164 		uint8_t *user_byte, *change_mask, *current_byte;
6165 		int bad_bit;
6166 		int j;
6167 
6168 		user_byte = (uint8_t *)page_header + i;
6169 		change_mask = page_index->page_data +
6170 			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6171 		current_byte = page_index->page_data +
6172 			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6173 
6174 		/*
6175 		 * Check to see whether the user set any bits in this byte
6176 		 * that he is not allowed to set.
6177 		 */
6178 		if ((*user_byte & ~(*change_mask)) ==
6179 		    (*current_byte & ~(*change_mask)))
6180 			continue;
6181 
6182 		/*
6183 		 * Go through bit by bit to determine which one is illegal.
6184 		 */
6185 		bad_bit = 0;
6186 		for (j = 7; j >= 0; j--) {
6187 			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6188 			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6189 				bad_bit = i;
6190 				break;
6191 			}
6192 		}
6193 		ctl_set_invalid_field(ctsio,
6194 				      /*sks_valid*/ 1,
6195 				      /*command*/ 0,
6196 				      /*field*/ *len_used + i,
6197 				      /*bit_valid*/ 1,
6198 				      /*bit*/ bad_bit);
6199 		free(ctsio->kern_data_ptr, M_CTL);
6200 		ctl_done((union ctl_io *)ctsio);
6201 		return (CTL_RETVAL_COMPLETE);
6202 	}
6203 
6204 	/*
6205 	 * Decrement these before we call the page handler, since we may
6206 	 * end up getting called back one way or another before the handler
6207 	 * returns to this context.
6208 	 */
6209 	*len_left -= page_index->page_len;
6210 	*len_used += page_index->page_len;
6211 
6212 	retval = page_index->select_handler(ctsio, page_index,
6213 					    (uint8_t *)page_header);
6214 
6215 	/*
6216 	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6217 	 * wait until this queued command completes to finish processing
6218 	 * the mode page.  If it returns anything other than
6219 	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6220 	 * already set the sense information, freed the data pointer, and
6221 	 * completed the io for us.
6222 	 */
6223 	if (retval != CTL_RETVAL_COMPLETE)
6224 		goto bailout_no_done;
6225 
6226 	/*
6227 	 * If the initiator sent us more than one page, parse the next one.
6228 	 */
6229 	if (*len_left > 0)
6230 		goto do_next_page;
6231 
6232 	ctl_set_success(ctsio);
6233 	free(ctsio->kern_data_ptr, M_CTL);
6234 	ctl_done((union ctl_io *)ctsio);
6235 
6236 bailout_no_done:
6237 
6238 	return (CTL_RETVAL_COMPLETE);
6239 
6240 }
6241 
6242 int
6243 ctl_mode_select(struct ctl_scsiio *ctsio)
6244 {
6245 	int param_len, pf, sp;
6246 	int header_size, bd_len;
6247 	int len_left, len_used;
6248 	struct ctl_page_index *page_index;
6249 	struct ctl_lun *lun;
6250 	int control_dev, page_len;
6251 	union ctl_modepage_info *modepage_info;
6252 	int retval;
6253 
6254 	pf = 0;
6255 	sp = 0;
6256 	page_len = 0;
6257 	len_used = 0;
6258 	len_left = 0;
6259 	retval = 0;
6260 	bd_len = 0;
6261 	page_index = NULL;
6262 
6263 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6264 
6265 	if (lun->be_lun->lun_type != T_DIRECT)
6266 		control_dev = 1;
6267 	else
6268 		control_dev = 0;
6269 
6270 	switch (ctsio->cdb[0]) {
6271 	case MODE_SELECT_6: {
6272 		struct scsi_mode_select_6 *cdb;
6273 
6274 		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6275 
6276 		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6277 		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6278 
6279 		param_len = cdb->length;
6280 		header_size = sizeof(struct scsi_mode_header_6);
6281 		break;
6282 	}
6283 	case MODE_SELECT_10: {
6284 		struct scsi_mode_select_10 *cdb;
6285 
6286 		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6287 
6288 		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6289 		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6290 
6291 		param_len = scsi_2btoul(cdb->length);
6292 		header_size = sizeof(struct scsi_mode_header_10);
6293 		break;
6294 	}
6295 	default:
6296 		ctl_set_invalid_opcode(ctsio);
6297 		ctl_done((union ctl_io *)ctsio);
6298 		return (CTL_RETVAL_COMPLETE);
6299 		break; /* NOTREACHED */
6300 	}
6301 
6302 	/*
6303 	 * From SPC-3:
6304 	 * "A parameter list length of zero indicates that the Data-Out Buffer
6305 	 * shall be empty. This condition shall not be considered as an error."
6306 	 */
6307 	if (param_len == 0) {
6308 		ctl_set_success(ctsio);
6309 		ctl_done((union ctl_io *)ctsio);
6310 		return (CTL_RETVAL_COMPLETE);
6311 	}
6312 
6313 	/*
6314 	 * Since we'll hit this the first time through, prior to
6315 	 * allocation, we don't need to free a data buffer here.
6316 	 */
6317 	if (param_len < header_size) {
6318 		ctl_set_param_len_error(ctsio);
6319 		ctl_done((union ctl_io *)ctsio);
6320 		return (CTL_RETVAL_COMPLETE);
6321 	}
6322 
6323 	/*
6324 	 * Allocate the data buffer and grab the user's data.  In theory,
6325 	 * we shouldn't have to sanity check the parameter list length here
6326 	 * because the maximum size is 64K.  We should be able to malloc
6327 	 * that much without too many problems.
6328 	 */
6329 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6330 		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6331 		ctsio->kern_data_len = param_len;
6332 		ctsio->kern_total_len = param_len;
6333 		ctsio->kern_data_resid = 0;
6334 		ctsio->kern_rel_offset = 0;
6335 		ctsio->kern_sg_entries = 0;
6336 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6337 		ctsio->be_move_done = ctl_config_move_done;
6338 		ctl_datamove((union ctl_io *)ctsio);
6339 
6340 		return (CTL_RETVAL_COMPLETE);
6341 	}
6342 
6343 	switch (ctsio->cdb[0]) {
6344 	case MODE_SELECT_6: {
6345 		struct scsi_mode_header_6 *mh6;
6346 
6347 		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6348 		bd_len = mh6->blk_desc_len;
6349 		break;
6350 	}
6351 	case MODE_SELECT_10: {
6352 		struct scsi_mode_header_10 *mh10;
6353 
6354 		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6355 		bd_len = scsi_2btoul(mh10->blk_desc_len);
6356 		break;
6357 	}
6358 	default:
6359 		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6360 		break;
6361 	}
6362 
6363 	if (param_len < (header_size + bd_len)) {
6364 		free(ctsio->kern_data_ptr, M_CTL);
6365 		ctl_set_param_len_error(ctsio);
6366 		ctl_done((union ctl_io *)ctsio);
6367 		return (CTL_RETVAL_COMPLETE);
6368 	}
6369 
6370 	/*
6371 	 * Set the IO_CONT flag, so that if this I/O gets passed to
6372 	 * ctl_config_write_done(), it'll get passed back to
6373 	 * ctl_do_mode_select() for further processing, or completion if
6374 	 * we're all done.
6375 	 */
6376 	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6377 	ctsio->io_cont = ctl_do_mode_select;
6378 
6379 	modepage_info = (union ctl_modepage_info *)
6380 		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6381 
6382 	memset(modepage_info, 0, sizeof(*modepage_info));
6383 
6384 	len_left = param_len - header_size - bd_len;
6385 	len_used = header_size + bd_len;
6386 
6387 	modepage_info->header.len_left = len_left;
6388 	modepage_info->header.len_used = len_used;
6389 
6390 	return (ctl_do_mode_select((union ctl_io *)ctsio));
6391 }
6392 
6393 int
6394 ctl_mode_sense(struct ctl_scsiio *ctsio)
6395 {
6396 	struct ctl_lun *lun;
6397 	int pc, page_code, dbd, llba, subpage;
6398 	int alloc_len, page_len, header_len, total_len;
6399 	struct scsi_mode_block_descr *block_desc;
6400 	struct ctl_page_index *page_index;
6401 	int control_dev;
6402 
6403 	dbd = 0;
6404 	llba = 0;
6405 	block_desc = NULL;
6406 	page_index = NULL;
6407 
6408 	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6409 
6410 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6411 
6412 	if (lun->be_lun->lun_type != T_DIRECT)
6413 		control_dev = 1;
6414 	else
6415 		control_dev = 0;
6416 
6417 	switch (ctsio->cdb[0]) {
6418 	case MODE_SENSE_6: {
6419 		struct scsi_mode_sense_6 *cdb;
6420 
6421 		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6422 
6423 		header_len = sizeof(struct scsi_mode_hdr_6);
6424 		if (cdb->byte2 & SMS_DBD)
6425 			dbd = 1;
6426 		else
6427 			header_len += sizeof(struct scsi_mode_block_descr);
6428 
6429 		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6430 		page_code = cdb->page & SMS_PAGE_CODE;
6431 		subpage = cdb->subpage;
6432 		alloc_len = cdb->length;
6433 		break;
6434 	}
6435 	case MODE_SENSE_10: {
6436 		struct scsi_mode_sense_10 *cdb;
6437 
6438 		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6439 
6440 		header_len = sizeof(struct scsi_mode_hdr_10);
6441 
6442 		if (cdb->byte2 & SMS_DBD)
6443 			dbd = 1;
6444 		else
6445 			header_len += sizeof(struct scsi_mode_block_descr);
6446 		if (cdb->byte2 & SMS10_LLBAA)
6447 			llba = 1;
6448 		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6449 		page_code = cdb->page & SMS_PAGE_CODE;
6450 		subpage = cdb->subpage;
6451 		alloc_len = scsi_2btoul(cdb->length);
6452 		break;
6453 	}
6454 	default:
6455 		ctl_set_invalid_opcode(ctsio);
6456 		ctl_done((union ctl_io *)ctsio);
6457 		return (CTL_RETVAL_COMPLETE);
6458 		break; /* NOTREACHED */
6459 	}
6460 
6461 	/*
6462 	 * We have to make a first pass through to calculate the size of
6463 	 * the pages that match the user's query.  Then we allocate enough
6464 	 * memory to hold it, and actually copy the data into the buffer.
6465 	 */
6466 	switch (page_code) {
6467 	case SMS_ALL_PAGES_PAGE: {
6468 		int i;
6469 
6470 		page_len = 0;
6471 
6472 		/*
6473 		 * At the moment, values other than 0 and 0xff here are
6474 		 * reserved according to SPC-3.
6475 		 */
6476 		if ((subpage != SMS_SUBPAGE_PAGE_0)
6477 		 && (subpage != SMS_SUBPAGE_ALL)) {
6478 			ctl_set_invalid_field(ctsio,
6479 					      /*sks_valid*/ 1,
6480 					      /*command*/ 1,
6481 					      /*field*/ 3,
6482 					      /*bit_valid*/ 0,
6483 					      /*bit*/ 0);
6484 			ctl_done((union ctl_io *)ctsio);
6485 			return (CTL_RETVAL_COMPLETE);
6486 		}
6487 
6488 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6489 			if ((control_dev != 0)
6490 			 && (lun->mode_pages.index[i].page_flags &
6491 			     CTL_PAGE_FLAG_DISK_ONLY))
6492 				continue;
6493 
6494 			/*
6495 			 * We don't use this subpage if the user didn't
6496 			 * request all subpages.
6497 			 */
6498 			if ((lun->mode_pages.index[i].subpage != 0)
6499 			 && (subpage == SMS_SUBPAGE_PAGE_0))
6500 				continue;
6501 
6502 #if 0
6503 			printf("found page %#x len %d\n",
6504 			       lun->mode_pages.index[i].page_code &
6505 			       SMPH_PC_MASK,
6506 			       lun->mode_pages.index[i].page_len);
6507 #endif
6508 			page_len += lun->mode_pages.index[i].page_len;
6509 		}
6510 		break;
6511 	}
6512 	default: {
6513 		int i;
6514 
6515 		page_len = 0;
6516 
6517 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6518 			/* Look for the right page code */
6519 			if ((lun->mode_pages.index[i].page_code &
6520 			     SMPH_PC_MASK) != page_code)
6521 				continue;
6522 
6523 			/* Look for the right subpage or the subpage wildcard*/
6524 			if ((lun->mode_pages.index[i].subpage != subpage)
6525 			 && (subpage != SMS_SUBPAGE_ALL))
6526 				continue;
6527 
6528 			/* Make sure the page is supported for this dev type */
6529 			if ((control_dev != 0)
6530 			 && (lun->mode_pages.index[i].page_flags &
6531 			     CTL_PAGE_FLAG_DISK_ONLY))
6532 				continue;
6533 
6534 #if 0
6535 			printf("found page %#x len %d\n",
6536 			       lun->mode_pages.index[i].page_code &
6537 			       SMPH_PC_MASK,
6538 			       lun->mode_pages.index[i].page_len);
6539 #endif
6540 
6541 			page_len += lun->mode_pages.index[i].page_len;
6542 		}
6543 
6544 		if (page_len == 0) {
6545 			ctl_set_invalid_field(ctsio,
6546 					      /*sks_valid*/ 1,
6547 					      /*command*/ 1,
6548 					      /*field*/ 2,
6549 					      /*bit_valid*/ 1,
6550 					      /*bit*/ 5);
6551 			ctl_done((union ctl_io *)ctsio);
6552 			return (CTL_RETVAL_COMPLETE);
6553 		}
6554 		break;
6555 	}
6556 	}
6557 
6558 	total_len = header_len + page_len;
6559 #if 0
6560 	printf("header_len = %d, page_len = %d, total_len = %d\n",
6561 	       header_len, page_len, total_len);
6562 #endif
6563 
6564 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK);
6565 	ctsio->kern_sg_entries = 0;
6566 	ctsio->kern_data_resid = 0;
6567 	ctsio->kern_rel_offset = 0;
6568 	if (total_len < alloc_len) {
6569 		ctsio->residual = alloc_len - total_len;
6570 		ctsio->kern_data_len = total_len;
6571 		ctsio->kern_total_len = total_len;
6572 	} else {
6573 		ctsio->residual = 0;
6574 		ctsio->kern_data_len = alloc_len;
6575 		ctsio->kern_total_len = alloc_len;
6576 	}
6577 	memset(ctsio->kern_data_ptr, 0, total_len);
6578 
6579 	switch (ctsio->cdb[0]) {
6580 	case MODE_SENSE_6: {
6581 		struct scsi_mode_hdr_6 *header;
6582 
6583 		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6584 
6585 		header->datalen = ctl_min(total_len - 1, 254);
6586 
6587 		if (dbd)
6588 			header->block_descr_len = 0;
6589 		else
6590 			header->block_descr_len =
6591 				sizeof(struct scsi_mode_block_descr);
6592 		block_desc = (struct scsi_mode_block_descr *)&header[1];
6593 		break;
6594 	}
6595 	case MODE_SENSE_10: {
6596 		struct scsi_mode_hdr_10 *header;
6597 		int datalen;
6598 
6599 		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6600 
6601 		datalen = ctl_min(total_len - 2, 65533);
6602 		scsi_ulto2b(datalen, header->datalen);
6603 		if (dbd)
6604 			scsi_ulto2b(0, header->block_descr_len);
6605 		else
6606 			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6607 				    header->block_descr_len);
6608 		block_desc = (struct scsi_mode_block_descr *)&header[1];
6609 		break;
6610 	}
6611 	default:
6612 		panic("invalid CDB type %#x", ctsio->cdb[0]);
6613 		break; /* NOTREACHED */
6614 	}
6615 
6616 	/*
6617 	 * If we've got a disk, use its blocksize in the block
6618 	 * descriptor.  Otherwise, just set it to 0.
6619 	 */
6620 	if (dbd == 0) {
6621 		if (control_dev != 0)
6622 			scsi_ulto3b(lun->be_lun->blocksize,
6623 				    block_desc->block_len);
6624 		else
6625 			scsi_ulto3b(0, block_desc->block_len);
6626 	}
6627 
6628 	switch (page_code) {
6629 	case SMS_ALL_PAGES_PAGE: {
6630 		int i, data_used;
6631 
6632 		data_used = header_len;
6633 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6634 			struct ctl_page_index *page_index;
6635 
6636 			page_index = &lun->mode_pages.index[i];
6637 
6638 			if ((control_dev != 0)
6639 			 && (page_index->page_flags &
6640 			    CTL_PAGE_FLAG_DISK_ONLY))
6641 				continue;
6642 
6643 			/*
6644 			 * We don't use this subpage if the user didn't
6645 			 * request all subpages.  We already checked (above)
6646 			 * to make sure the user only specified a subpage
6647 			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6648 			 */
6649 			if ((page_index->subpage != 0)
6650 			 && (subpage == SMS_SUBPAGE_PAGE_0))
6651 				continue;
6652 
6653 			/*
6654 			 * Call the handler, if it exists, to update the
6655 			 * page to the latest values.
6656 			 */
6657 			if (page_index->sense_handler != NULL)
6658 				page_index->sense_handler(ctsio, page_index,pc);
6659 
6660 			memcpy(ctsio->kern_data_ptr + data_used,
6661 			       page_index->page_data +
6662 			       (page_index->page_len * pc),
6663 			       page_index->page_len);
6664 			data_used += page_index->page_len;
6665 		}
6666 		break;
6667 	}
6668 	default: {
6669 		int i, data_used;
6670 
6671 		data_used = header_len;
6672 
6673 		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6674 			struct ctl_page_index *page_index;
6675 
6676 			page_index = &lun->mode_pages.index[i];
6677 
6678 			/* Look for the right page code */
6679 			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6680 				continue;
6681 
6682 			/* Look for the right subpage or the subpage wildcard*/
6683 			if ((page_index->subpage != subpage)
6684 			 && (subpage != SMS_SUBPAGE_ALL))
6685 				continue;
6686 
6687 			/* Make sure the page is supported for this dev type */
6688 			if ((control_dev != 0)
6689 			 && (page_index->page_flags &
6690 			     CTL_PAGE_FLAG_DISK_ONLY))
6691 				continue;
6692 
6693 			/*
6694 			 * Call the handler, if it exists, to update the
6695 			 * page to the latest values.
6696 			 */
6697 			if (page_index->sense_handler != NULL)
6698 				page_index->sense_handler(ctsio, page_index,pc);
6699 
6700 			memcpy(ctsio->kern_data_ptr + data_used,
6701 			       page_index->page_data +
6702 			       (page_index->page_len * pc),
6703 			       page_index->page_len);
6704 			data_used += page_index->page_len;
6705 		}
6706 		break;
6707 	}
6708 	}
6709 
6710 	ctsio->scsi_status = SCSI_STATUS_OK;
6711 
6712 	ctsio->be_move_done = ctl_config_move_done;
6713 	ctl_datamove((union ctl_io *)ctsio);
6714 
6715 	return (CTL_RETVAL_COMPLETE);
6716 }
6717 
6718 int
6719 ctl_read_capacity(struct ctl_scsiio *ctsio)
6720 {
6721 	struct scsi_read_capacity *cdb;
6722 	struct scsi_read_capacity_data *data;
6723 	struct ctl_lun *lun;
6724 	uint32_t lba;
6725 
6726 	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6727 
6728 	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6729 
6730 	lba = scsi_4btoul(cdb->addr);
6731 	if (((cdb->pmi & SRC_PMI) == 0)
6732 	 && (lba != 0)) {
6733 		ctl_set_invalid_field(/*ctsio*/ ctsio,
6734 				      /*sks_valid*/ 1,
6735 				      /*command*/ 1,
6736 				      /*field*/ 2,
6737 				      /*bit_valid*/ 0,
6738 				      /*bit*/ 0);
6739 		ctl_done((union ctl_io *)ctsio);
6740 		return (CTL_RETVAL_COMPLETE);
6741 	}
6742 
6743 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6744 
6745 	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK);
6746 	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6747 	ctsio->residual = 0;
6748 	ctsio->kern_data_len = sizeof(*data);
6749 	ctsio->kern_total_len = sizeof(*data);
6750 	ctsio->kern_data_resid = 0;
6751 	ctsio->kern_rel_offset = 0;
6752 	ctsio->kern_sg_entries = 0;
6753 
6754 	memset(data, 0, sizeof(*data));
6755 
6756 	/*
6757 	 * If the maximum LBA is greater than 0xfffffffe, the user must
6758 	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6759 	 * serivce action set.
6760 	 */
6761 	if (lun->be_lun->maxlba > 0xfffffffe)
6762 		scsi_ulto4b(0xffffffff, data->addr);
6763 	else
6764 		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6765 
6766 	/*
6767 	 * XXX KDM this may not be 512 bytes...
6768 	 */
6769 	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6770 
6771 	ctsio->scsi_status = SCSI_STATUS_OK;
6772 
6773 	ctsio->be_move_done = ctl_config_move_done;
6774 	ctl_datamove((union ctl_io *)ctsio);
6775 
6776 	return (CTL_RETVAL_COMPLETE);
6777 }
6778 
6779 static int
6780 ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6781 {
6782 	struct scsi_read_capacity_16 *cdb;
6783 	struct scsi_read_capacity_data_long *data;
6784 	struct ctl_lun *lun;
6785 	uint64_t lba;
6786 	uint32_t alloc_len;
6787 
6788 	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6789 
6790 	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6791 
6792 	alloc_len = scsi_4btoul(cdb->alloc_len);
6793 	lba = scsi_8btou64(cdb->addr);
6794 
6795 	if ((cdb->reladr & SRC16_PMI)
6796 	 && (lba != 0)) {
6797 		ctl_set_invalid_field(/*ctsio*/ ctsio,
6798 				      /*sks_valid*/ 1,
6799 				      /*command*/ 1,
6800 				      /*field*/ 2,
6801 				      /*bit_valid*/ 0,
6802 				      /*bit*/ 0);
6803 		ctl_done((union ctl_io *)ctsio);
6804 		return (CTL_RETVAL_COMPLETE);
6805 	}
6806 
6807 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6808 
6809 	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK);
6810 	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6811 
6812 	if (sizeof(*data) < alloc_len) {
6813 		ctsio->residual = alloc_len - sizeof(*data);
6814 		ctsio->kern_data_len = sizeof(*data);
6815 		ctsio->kern_total_len = sizeof(*data);
6816 	} else {
6817 		ctsio->residual = 0;
6818 		ctsio->kern_data_len = alloc_len;
6819 		ctsio->kern_total_len = alloc_len;
6820 	}
6821 	ctsio->kern_data_resid = 0;
6822 	ctsio->kern_rel_offset = 0;
6823 	ctsio->kern_sg_entries = 0;
6824 
6825 	memset(data, 0, sizeof(*data));
6826 
6827 	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6828 	/* XXX KDM this may not be 512 bytes... */
6829 	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6830 
6831 	ctsio->scsi_status = SCSI_STATUS_OK;
6832 
6833 	ctsio->be_move_done = ctl_config_move_done;
6834 	ctl_datamove((union ctl_io *)ctsio);
6835 
6836 	return (CTL_RETVAL_COMPLETE);
6837 }
6838 
6839 int
6840 ctl_service_action_in(struct ctl_scsiio *ctsio)
6841 {
6842 	struct scsi_service_action_in *cdb;
6843 	int retval;
6844 
6845 	CTL_DEBUG_PRINT(("ctl_service_action_in\n"));
6846 
6847 	cdb = (struct scsi_service_action_in *)ctsio->cdb;
6848 
6849 	retval = CTL_RETVAL_COMPLETE;
6850 
6851 	switch (cdb->service_action) {
6852 	case SRC16_SERVICE_ACTION:
6853 		retval = ctl_read_capacity_16(ctsio);
6854 		break;
6855 	default:
6856 		ctl_set_invalid_field(/*ctsio*/ ctsio,
6857 				      /*sks_valid*/ 1,
6858 				      /*command*/ 1,
6859 				      /*field*/ 1,
6860 				      /*bit_valid*/ 1,
6861 				      /*bit*/ 4);
6862 		ctl_done((union ctl_io *)ctsio);
6863 		break;
6864 	}
6865 
6866 	return (retval);
6867 }
6868 
6869 int
6870 ctl_maintenance_in(struct ctl_scsiio *ctsio)
6871 {
6872 	struct scsi_maintenance_in *cdb;
6873 	int retval;
6874 	int alloc_len, total_len = 0;
6875 	int num_target_port_groups;
6876 	struct ctl_lun *lun;
6877 	struct ctl_softc *softc;
6878 	struct scsi_target_group_data *rtg_ptr;
6879 	struct scsi_target_port_group_descriptor *tpg_desc_ptr1, *tpg_desc_ptr2;
6880 	struct scsi_target_port_descriptor  *tp_desc_ptr1_1, *tp_desc_ptr1_2,
6881 	                                    *tp_desc_ptr2_1, *tp_desc_ptr2_2;
6882 
6883 	CTL_DEBUG_PRINT(("ctl_maintenance_in\n"));
6884 
6885 	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
6886 	softc = control_softc;
6887 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6888 
6889 	retval = CTL_RETVAL_COMPLETE;
6890 	mtx_lock(&softc->ctl_lock);
6891 
6892 	if ((cdb->byte2 & SERVICE_ACTION_MASK) != SA_RPRT_TRGT_GRP) {
6893 		ctl_set_invalid_field(/*ctsio*/ ctsio,
6894 				      /*sks_valid*/ 1,
6895 				      /*command*/ 1,
6896 				      /*field*/ 1,
6897 				      /*bit_valid*/ 1,
6898 				      /*bit*/ 4);
6899 		ctl_done((union ctl_io *)ctsio);
6900 		return(retval);
6901 	}
6902 
6903 	if (ctl_is_single)
6904         	num_target_port_groups = NUM_TARGET_PORT_GROUPS - 1;
6905 	else
6906         	num_target_port_groups = NUM_TARGET_PORT_GROUPS;
6907 
6908 	total_len = sizeof(struct scsi_target_group_data) +
6909 		sizeof(struct scsi_target_port_group_descriptor) *
6910 		num_target_port_groups +
6911 		sizeof(struct scsi_target_port_descriptor) *
6912 		NUM_PORTS_PER_GRP * num_target_port_groups;
6913 
6914 	alloc_len = scsi_4btoul(cdb->length);
6915 
6916 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK);
6917 	memset(ctsio->kern_data_ptr, 0, total_len);
6918 
6919 	ctsio->kern_sg_entries = 0;
6920 
6921 	if (total_len < alloc_len) {
6922 		ctsio->residual = alloc_len - total_len;
6923 		ctsio->kern_data_len = total_len;
6924 		ctsio->kern_total_len = total_len;
6925 	} else {
6926 		ctsio->residual = 0;
6927 		ctsio->kern_data_len = alloc_len;
6928 		ctsio->kern_total_len = alloc_len;
6929 	}
6930 	ctsio->kern_data_resid = 0;
6931 	ctsio->kern_rel_offset = 0;
6932 
6933 	rtg_ptr = (struct scsi_target_group_data *)ctsio->kern_data_ptr;
6934 
6935 	tpg_desc_ptr1 = &rtg_ptr->groups[0];
6936 	tp_desc_ptr1_1 = &tpg_desc_ptr1->descriptors[0];
6937 	tp_desc_ptr1_2 = (struct scsi_target_port_descriptor *)
6938 	        &tp_desc_ptr1_1->desc_list[0];
6939 
6940 
6941 
6942 	if (ctl_is_single == 0) {
6943 		tpg_desc_ptr2 = (struct scsi_target_port_group_descriptor *)
6944 	                &tp_desc_ptr1_2->desc_list[0];
6945 		tp_desc_ptr2_1 = &tpg_desc_ptr2->descriptors[0];
6946 		tp_desc_ptr2_2 = (struct scsi_target_port_descriptor *)
6947 	        	&tp_desc_ptr2_1->desc_list[0];
6948         } else {
6949 		tpg_desc_ptr2 = NULL;
6950 		tp_desc_ptr2_1 = NULL;
6951 		tp_desc_ptr2_2 = NULL;
6952 	}
6953 
6954 	scsi_ulto4b(total_len - 4, rtg_ptr->length);
6955 	if (ctl_is_single == 0) {
6956         	if (ctsio->io_hdr.nexus.targ_port < CTL_MAX_PORTS) {
6957 			if (lun->flags & CTL_LUN_PRIMARY_SC) {
6958 				tpg_desc_ptr1->pref_state = TPG_PRIMARY;
6959 				tpg_desc_ptr2->pref_state =
6960 					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
6961 			} else {
6962 				tpg_desc_ptr1->pref_state =
6963 					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
6964 				tpg_desc_ptr2->pref_state = TPG_PRIMARY;
6965 			}
6966 		} else {
6967 			if (lun->flags & CTL_LUN_PRIMARY_SC) {
6968 				tpg_desc_ptr1->pref_state =
6969 					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
6970 				tpg_desc_ptr2->pref_state = TPG_PRIMARY;
6971 			} else {
6972 				tpg_desc_ptr1->pref_state = TPG_PRIMARY;
6973 				tpg_desc_ptr2->pref_state =
6974 					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
6975 			}
6976 		}
6977 	} else {
6978 		tpg_desc_ptr1->pref_state = TPG_PRIMARY;
6979 	}
6980 	tpg_desc_ptr1->support = 0;
6981 	tpg_desc_ptr1->target_port_group[1] = 1;
6982 	tpg_desc_ptr1->status = TPG_IMPLICIT;
6983 	tpg_desc_ptr1->target_port_count= NUM_PORTS_PER_GRP;
6984 
6985 	if (ctl_is_single == 0) {
6986 		tpg_desc_ptr2->support = 0;
6987 		tpg_desc_ptr2->target_port_group[1] = 2;
6988 		tpg_desc_ptr2->status = TPG_IMPLICIT;
6989 		tpg_desc_ptr2->target_port_count = NUM_PORTS_PER_GRP;
6990 
6991 		tp_desc_ptr1_1->relative_target_port_identifier[1] = 1;
6992 		tp_desc_ptr1_2->relative_target_port_identifier[1] = 2;
6993 
6994 		tp_desc_ptr2_1->relative_target_port_identifier[1] = 9;
6995 		tp_desc_ptr2_2->relative_target_port_identifier[1] = 10;
6996 	} else {
6997         	if (ctsio->io_hdr.nexus.targ_port < CTL_MAX_PORTS) {
6998 			tp_desc_ptr1_1->relative_target_port_identifier[1] = 1;
6999 			tp_desc_ptr1_2->relative_target_port_identifier[1] = 2;
7000 		} else {
7001 			tp_desc_ptr1_1->relative_target_port_identifier[1] = 9;
7002 			tp_desc_ptr1_2->relative_target_port_identifier[1] = 10;
7003 		}
7004 	}
7005 
7006 	mtx_unlock(&softc->ctl_lock);
7007 
7008 	ctsio->be_move_done = ctl_config_move_done;
7009 
7010 	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7011 			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7012 			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7013 			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7014 			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7015 
7016 	ctl_datamove((union ctl_io *)ctsio);
7017 	return(retval);
7018 }
7019 
7020 int
7021 ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7022 {
7023 	struct scsi_per_res_in *cdb;
7024 	int alloc_len, total_len = 0;
7025 	/* struct scsi_per_res_in_rsrv in_data; */
7026 	struct ctl_lun *lun;
7027 	struct ctl_softc *softc;
7028 
7029 	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7030 
7031 	softc = control_softc;
7032 
7033 	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7034 
7035 	alloc_len = scsi_2btoul(cdb->length);
7036 
7037 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7038 
7039 retry:
7040 	mtx_lock(&softc->ctl_lock);
7041 	switch (cdb->action) {
7042 	case SPRI_RK: /* read keys */
7043 		total_len = sizeof(struct scsi_per_res_in_keys) +
7044 			lun->pr_key_count *
7045 			sizeof(struct scsi_per_res_key);
7046 		break;
7047 	case SPRI_RR: /* read reservation */
7048 		if (lun->flags & CTL_LUN_PR_RESERVED)
7049 			total_len = sizeof(struct scsi_per_res_in_rsrv);
7050 		else
7051 			total_len = sizeof(struct scsi_per_res_in_header);
7052 		break;
7053 	case SPRI_RC: /* report capabilities */
7054 		total_len = sizeof(struct scsi_per_res_cap);
7055 		break;
7056 	case SPRI_RS: /* read full status */
7057 	default:
7058 		mtx_unlock(&softc->ctl_lock);
7059 		ctl_set_invalid_field(ctsio,
7060 				      /*sks_valid*/ 1,
7061 				      /*command*/ 1,
7062 				      /*field*/ 1,
7063 				      /*bit_valid*/ 1,
7064 				      /*bit*/ 0);
7065 		ctl_done((union ctl_io *)ctsio);
7066 		return (CTL_RETVAL_COMPLETE);
7067 		break; /* NOTREACHED */
7068 	}
7069 	mtx_unlock(&softc->ctl_lock);
7070 
7071 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK);
7072 
7073 	if (total_len < alloc_len) {
7074 		ctsio->residual = alloc_len - total_len;
7075 		ctsio->kern_data_len = total_len;
7076 		ctsio->kern_total_len = total_len;
7077 	} else {
7078 		ctsio->residual = 0;
7079 		ctsio->kern_data_len = alloc_len;
7080 		ctsio->kern_total_len = alloc_len;
7081 	}
7082 
7083 	ctsio->kern_data_resid = 0;
7084 	ctsio->kern_rel_offset = 0;
7085 	ctsio->kern_sg_entries = 0;
7086 
7087 	memset(ctsio->kern_data_ptr, 0, total_len);
7088 
7089 	mtx_lock(&softc->ctl_lock);
7090 	switch (cdb->action) {
7091 	case SPRI_RK: { // read keys
7092         struct scsi_per_res_in_keys *res_keys;
7093 		int i, key_count;
7094 
7095 		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7096 
7097 		/*
7098 		 * We had to drop the lock to allocate our buffer, which
7099 		 * leaves time for someone to come in with another
7100 		 * persistent reservation.  (That is unlikely, though,
7101 		 * since this should be the only persistent reservation
7102 		 * command active right now.)
7103 		 */
7104 		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7105 		    (lun->pr_key_count *
7106 		     sizeof(struct scsi_per_res_key)))){
7107 			mtx_unlock(&softc->ctl_lock);
7108 			free(ctsio->kern_data_ptr, M_CTL);
7109 			printf("%s: reservation length changed, retrying\n",
7110 			       __func__);
7111 			goto retry;
7112 		}
7113 
7114 		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7115 
7116 		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7117 			     lun->pr_key_count, res_keys->header.length);
7118 
7119 		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7120 			if (!lun->per_res[i].registered)
7121 				continue;
7122 
7123 			/*
7124 			 * We used lun->pr_key_count to calculate the
7125 			 * size to allocate.  If it turns out the number of
7126 			 * initiators with the registered flag set is
7127 			 * larger than that (i.e. they haven't been kept in
7128 			 * sync), we've got a problem.
7129 			 */
7130 			if (key_count >= lun->pr_key_count) {
7131 #ifdef NEEDTOPORT
7132 				csevent_log(CSC_CTL | CSC_SHELF_SW |
7133 					    CTL_PR_ERROR,
7134 					    csevent_LogType_Fault,
7135 					    csevent_AlertLevel_Yellow,
7136 					    csevent_FRU_ShelfController,
7137 					    csevent_FRU_Firmware,
7138 				        csevent_FRU_Unknown,
7139 					    "registered keys %d >= key "
7140 					    "count %d", key_count,
7141 					    lun->pr_key_count);
7142 #endif
7143 				key_count++;
7144 				continue;
7145 			}
7146 			memcpy(res_keys->keys[key_count].key,
7147 			       lun->per_res[i].res_key.key,
7148 			       ctl_min(sizeof(res_keys->keys[key_count].key),
7149 			       sizeof(lun->per_res[i].res_key)));
7150 			key_count++;
7151 		}
7152 		break;
7153 	}
7154 	case SPRI_RR: { // read reservation
7155 		struct scsi_per_res_in_rsrv *res;
7156 		int tmp_len, header_only;
7157 
7158 		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7159 
7160 		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7161 
7162 		if (lun->flags & CTL_LUN_PR_RESERVED)
7163 		{
7164 			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7165 			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7166 				    res->header.length);
7167 			header_only = 0;
7168 		} else {
7169 			tmp_len = sizeof(struct scsi_per_res_in_header);
7170 			scsi_ulto4b(0, res->header.length);
7171 			header_only = 1;
7172 		}
7173 
7174 		/*
7175 		 * We had to drop the lock to allocate our buffer, which
7176 		 * leaves time for someone to come in with another
7177 		 * persistent reservation.  (That is unlikely, though,
7178 		 * since this should be the only persistent reservation
7179 		 * command active right now.)
7180 		 */
7181 		if (tmp_len != total_len) {
7182 			mtx_unlock(&softc->ctl_lock);
7183 			free(ctsio->kern_data_ptr, M_CTL);
7184 			printf("%s: reservation status changed, retrying\n",
7185 			       __func__);
7186 			goto retry;
7187 		}
7188 
7189 		/*
7190 		 * No reservation held, so we're done.
7191 		 */
7192 		if (header_only != 0)
7193 			break;
7194 
7195 		/*
7196 		 * If the registration is an All Registrants type, the key
7197 		 * is 0, since it doesn't really matter.
7198 		 */
7199 		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7200 			memcpy(res->data.reservation,
7201 			       &lun->per_res[lun->pr_res_idx].res_key,
7202 			       sizeof(struct scsi_per_res_key));
7203 		}
7204 		res->data.scopetype = lun->res_type;
7205 		break;
7206 	}
7207 	case SPRI_RC:     //report capabilities
7208 	{
7209 		struct scsi_per_res_cap *res_cap;
7210 		uint16_t type_mask;
7211 
7212 		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7213 		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7214 		res_cap->flags2 |= SPRI_TMV;
7215 		type_mask = SPRI_TM_WR_EX_AR |
7216 			    SPRI_TM_EX_AC_RO |
7217 			    SPRI_TM_WR_EX_RO |
7218 			    SPRI_TM_EX_AC |
7219 			    SPRI_TM_WR_EX |
7220 			    SPRI_TM_EX_AC_AR;
7221 		scsi_ulto2b(type_mask, res_cap->type_mask);
7222 		break;
7223 	}
7224 	case SPRI_RS: //read full status
7225 	default:
7226 		/*
7227 		 * This is a bug, because we just checked for this above,
7228 		 * and should have returned an error.
7229 		 */
7230 		panic("Invalid PR type %x", cdb->action);
7231 		break; /* NOTREACHED */
7232 	}
7233 	mtx_unlock(&softc->ctl_lock);
7234 
7235 	ctsio->be_move_done = ctl_config_move_done;
7236 
7237 	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7238 			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7239 			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7240 			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7241 			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7242 
7243 	ctl_datamove((union ctl_io *)ctsio);
7244 
7245 	return (CTL_RETVAL_COMPLETE);
7246 }
7247 
7248 /*
7249  * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7250  * it should return.
7251  */
7252 static int
7253 ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7254 		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7255 		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7256 		struct scsi_per_res_out_parms* param)
7257 {
7258 	union ctl_ha_msg persis_io;
7259 	int retval, i;
7260 	int isc_retval;
7261 
7262 	retval = 0;
7263 
7264 	if (sa_res_key == 0) {
7265 		mtx_lock(&softc->ctl_lock);
7266 		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7267 			/* validate scope and type */
7268 			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7269 			     SPR_LU_SCOPE) {
7270 				mtx_unlock(&softc->ctl_lock);
7271 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7272 						      /*sks_valid*/ 1,
7273 						      /*command*/ 1,
7274 						      /*field*/ 2,
7275 						      /*bit_valid*/ 1,
7276 						      /*bit*/ 4);
7277 				ctl_done((union ctl_io *)ctsio);
7278 				return (1);
7279 			}
7280 
7281 		        if (type>8 || type==2 || type==4 || type==0) {
7282 				mtx_unlock(&softc->ctl_lock);
7283 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7284        	           				      /*sks_valid*/ 1,
7285 						      /*command*/ 1,
7286 						      /*field*/ 2,
7287 						      /*bit_valid*/ 1,
7288 						      /*bit*/ 0);
7289 				ctl_done((union ctl_io *)ctsio);
7290 				return (1);
7291 		        }
7292 
7293 			/* temporarily unregister this nexus */
7294 			lun->per_res[residx].registered = 0;
7295 
7296 			/*
7297 			 * Unregister everybody else and build UA for
7298 			 * them
7299 			 */
7300 			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7301 				if (lun->per_res[i].registered == 0)
7302 					continue;
7303 
7304 				if (!persis_offset
7305 				 && i <CTL_MAX_INITIATORS)
7306 					lun->pending_sense[i].ua_pending |=
7307 						CTL_UA_REG_PREEMPT;
7308 				else if (persis_offset
7309 				      && i >= persis_offset)
7310 					lun->pending_sense[i-persis_offset
7311 						].ua_pending |=
7312 						CTL_UA_REG_PREEMPT;
7313 				lun->per_res[i].registered = 0;
7314 				memset(&lun->per_res[i].res_key, 0,
7315 				       sizeof(struct scsi_per_res_key));
7316 			}
7317 			lun->per_res[residx].registered = 1;
7318 			lun->pr_key_count = 1;
7319 			lun->res_type = type;
7320 			if (lun->res_type != SPR_TYPE_WR_EX_AR
7321 			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7322 				lun->pr_res_idx = residx;
7323 
7324 			mtx_unlock(&softc->ctl_lock);
7325 			/* send msg to other side */
7326 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7327 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7328 			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7329 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7330 			persis_io.pr.pr_info.res_type = type;
7331 			memcpy(persis_io.pr.pr_info.sa_res_key,
7332 			       param->serv_act_res_key,
7333 			       sizeof(param->serv_act_res_key));
7334 			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7335 			     &persis_io, sizeof(persis_io), 0)) >
7336 			     CTL_HA_STATUS_SUCCESS) {
7337 				printf("CTL:Persis Out error returned "
7338 				       "from ctl_ha_msg_send %d\n",
7339 				       isc_retval);
7340 			}
7341 		} else {
7342 			/* not all registrants */
7343 			mtx_unlock(&softc->ctl_lock);
7344 			free(ctsio->kern_data_ptr, M_CTL);
7345 			ctl_set_invalid_field(ctsio,
7346 					      /*sks_valid*/ 1,
7347 					      /*command*/ 0,
7348 					      /*field*/ 8,
7349 					      /*bit_valid*/ 0,
7350 					      /*bit*/ 0);
7351 			ctl_done((union ctl_io *)ctsio);
7352 			return (1);
7353 		}
7354 	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7355 		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7356 		int found = 0;
7357 
7358 		mtx_lock(&softc->ctl_lock);
7359 		if (res_key == sa_res_key) {
7360 			/* special case */
7361 			/*
7362 			 * The spec implies this is not good but doesn't
7363 			 * say what to do. There are two choices either
7364 			 * generate a res conflict or check condition
7365 			 * with illegal field in parameter data. Since
7366 			 * that is what is done when the sa_res_key is
7367 			 * zero I'll take that approach since this has
7368 			 * to do with the sa_res_key.
7369 			 */
7370 			mtx_unlock(&softc->ctl_lock);
7371 			free(ctsio->kern_data_ptr, M_CTL);
7372 			ctl_set_invalid_field(ctsio,
7373 					      /*sks_valid*/ 1,
7374 					      /*command*/ 0,
7375 					      /*field*/ 8,
7376 					      /*bit_valid*/ 0,
7377 					      /*bit*/ 0);
7378 			ctl_done((union ctl_io *)ctsio);
7379 			return (1);
7380 		}
7381 
7382 		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7383 			if (lun->per_res[i].registered
7384 			 && memcmp(param->serv_act_res_key,
7385 			    lun->per_res[i].res_key.key,
7386 			    sizeof(struct scsi_per_res_key)) != 0)
7387 				continue;
7388 
7389 			found = 1;
7390 			lun->per_res[i].registered = 0;
7391 			memset(&lun->per_res[i].res_key, 0,
7392 			       sizeof(struct scsi_per_res_key));
7393 			lun->pr_key_count--;
7394 
7395 			if (!persis_offset
7396 			 && i < CTL_MAX_INITIATORS)
7397 				lun->pending_sense[i].ua_pending |=
7398 					CTL_UA_REG_PREEMPT;
7399 			else if (persis_offset
7400 			      && i >= persis_offset)
7401 				lun->pending_sense[i-persis_offset].ua_pending|=
7402 					CTL_UA_REG_PREEMPT;
7403 		}
7404 		mtx_unlock(&softc->ctl_lock);
7405 		if (!found) {
7406 			free(ctsio->kern_data_ptr, M_CTL);
7407 			ctl_set_reservation_conflict(ctsio);
7408 			ctl_done((union ctl_io *)ctsio);
7409 			return (CTL_RETVAL_COMPLETE);
7410 		}
7411 		/* send msg to other side */
7412 		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7413 		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7414 		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7415 		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7416 		persis_io.pr.pr_info.res_type = type;
7417 		memcpy(persis_io.pr.pr_info.sa_res_key,
7418 		       param->serv_act_res_key,
7419 		       sizeof(param->serv_act_res_key));
7420 		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7421 		     &persis_io, sizeof(persis_io), 0)) >
7422 		     CTL_HA_STATUS_SUCCESS) {
7423 			printf("CTL:Persis Out error returned from "
7424 			       "ctl_ha_msg_send %d\n", isc_retval);
7425 		}
7426 	} else {
7427 		/* Reserved but not all registrants */
7428 		/* sa_res_key is res holder */
7429 		if (memcmp(param->serv_act_res_key,
7430                    lun->per_res[lun->pr_res_idx].res_key.key,
7431                    sizeof(struct scsi_per_res_key)) == 0) {
7432 			/* validate scope and type */
7433 			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7434 			     SPR_LU_SCOPE) {
7435 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7436 						      /*sks_valid*/ 1,
7437 						      /*command*/ 1,
7438 						      /*field*/ 2,
7439 						      /*bit_valid*/ 1,
7440 						      /*bit*/ 4);
7441 				ctl_done((union ctl_io *)ctsio);
7442 				return (1);
7443 			}
7444 
7445 			if (type>8 || type==2 || type==4 || type==0) {
7446 				ctl_set_invalid_field(/*ctsio*/ ctsio,
7447 						      /*sks_valid*/ 1,
7448 						      /*command*/ 1,
7449 						      /*field*/ 2,
7450 						      /*bit_valid*/ 1,
7451 						      /*bit*/ 0);
7452 				ctl_done((union ctl_io *)ctsio);
7453 				return (1);
7454 			}
7455 
7456 			/*
7457 			 * Do the following:
7458 			 * if sa_res_key != res_key remove all
7459 			 * registrants w/sa_res_key and generate UA
7460 			 * for these registrants(Registrations
7461 			 * Preempted) if it wasn't an exclusive
7462 			 * reservation generate UA(Reservations
7463 			 * Preempted) for all other registered nexuses
7464 			 * if the type has changed. Establish the new
7465 			 * reservation and holder. If res_key and
7466 			 * sa_res_key are the same do the above
7467 			 * except don't unregister the res holder.
7468 			 */
7469 
7470 			/*
7471 			 * Temporarily unregister so it won't get
7472 			 * removed or UA generated
7473 			 */
7474 			lun->per_res[residx].registered = 0;
7475 			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7476 				if (lun->per_res[i].registered == 0)
7477 					continue;
7478 
7479 				if (memcmp(param->serv_act_res_key,
7480 				    lun->per_res[i].res_key.key,
7481 				    sizeof(struct scsi_per_res_key)) == 0) {
7482 					lun->per_res[i].registered = 0;
7483 					memset(&lun->per_res[i].res_key,
7484 					       0,
7485 					       sizeof(struct scsi_per_res_key));
7486 					lun->pr_key_count--;
7487 
7488 					if (!persis_offset
7489 					 && i < CTL_MAX_INITIATORS)
7490 						lun->pending_sense[i
7491 							].ua_pending |=
7492 							CTL_UA_REG_PREEMPT;
7493 					else if (persis_offset
7494 					      && i >= persis_offset)
7495 						lun->pending_sense[
7496 						  i-persis_offset].ua_pending |=
7497 						  CTL_UA_REG_PREEMPT;
7498 				} else if (type != lun->res_type
7499 					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7500 					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7501 						if (!persis_offset
7502 						 && i < CTL_MAX_INITIATORS)
7503 							lun->pending_sense[i
7504 							].ua_pending |=
7505 							CTL_UA_RES_RELEASE;
7506 						else if (persis_offset
7507 						      && i >= persis_offset)
7508 							lun->pending_sense[
7509 							i-persis_offset
7510 							].ua_pending |=
7511 							CTL_UA_RES_RELEASE;
7512 				}
7513 			}
7514 			lun->per_res[residx].registered = 1;
7515 			lun->res_type = type;
7516 			if (lun->res_type != SPR_TYPE_WR_EX_AR
7517 			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7518 				lun->pr_res_idx = residx;
7519 			else
7520 				lun->pr_res_idx =
7521 					CTL_PR_ALL_REGISTRANTS;
7522 
7523 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7524 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7525 			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7526 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7527 			persis_io.pr.pr_info.res_type = type;
7528 			memcpy(persis_io.pr.pr_info.sa_res_key,
7529 			       param->serv_act_res_key,
7530 			       sizeof(param->serv_act_res_key));
7531 			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7532 			     &persis_io, sizeof(persis_io), 0)) >
7533 			     CTL_HA_STATUS_SUCCESS) {
7534 				printf("CTL:Persis Out error returned "
7535 				       "from ctl_ha_msg_send %d\n",
7536 				       isc_retval);
7537 			}
7538 		} else {
7539 			/*
7540 			 * sa_res_key is not the res holder just
7541 			 * remove registrants
7542 			 */
7543 			int found=0;
7544 			mtx_lock(&softc->ctl_lock);
7545 
7546 			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7547 				if (memcmp(param->serv_act_res_key,
7548 				    lun->per_res[i].res_key.key,
7549 				    sizeof(struct scsi_per_res_key)) != 0)
7550 					continue;
7551 
7552 				found = 1;
7553 				lun->per_res[i].registered = 0;
7554 				memset(&lun->per_res[i].res_key, 0,
7555 				       sizeof(struct scsi_per_res_key));
7556 				lun->pr_key_count--;
7557 
7558 				if (!persis_offset
7559 				 && i < CTL_MAX_INITIATORS)
7560 					lun->pending_sense[i].ua_pending |=
7561 						CTL_UA_REG_PREEMPT;
7562 				else if (persis_offset
7563 				      && i >= persis_offset)
7564 					lun->pending_sense[
7565 						i-persis_offset].ua_pending |=
7566 						CTL_UA_REG_PREEMPT;
7567 			}
7568 
7569 			if (!found) {
7570 				mtx_unlock(&softc->ctl_lock);
7571 				free(ctsio->kern_data_ptr, M_CTL);
7572 				ctl_set_reservation_conflict(ctsio);
7573 				ctl_done((union ctl_io *)ctsio);
7574 		        	return (1);
7575 			}
7576 			mtx_unlock(&softc->ctl_lock);
7577 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7578 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7579 			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7580 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7581 			persis_io.pr.pr_info.res_type = type;
7582 			memcpy(persis_io.pr.pr_info.sa_res_key,
7583 			       param->serv_act_res_key,
7584 			       sizeof(param->serv_act_res_key));
7585 			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7586 			     &persis_io, sizeof(persis_io), 0)) >
7587 			     CTL_HA_STATUS_SUCCESS) {
7588 				printf("CTL:Persis Out error returned "
7589 				       "from ctl_ha_msg_send %d\n",
7590 				isc_retval);
7591 			}
7592 		}
7593 	}
7594 
7595 	lun->PRGeneration++;
7596 
7597 	return (retval);
7598 }
7599 
7600 static void
7601 ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7602 {
7603 	int i;
7604 
7605 	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7606 	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7607 	 || memcmp(&lun->per_res[lun->pr_res_idx].res_key,
7608 		   msg->pr.pr_info.sa_res_key,
7609 		   sizeof(struct scsi_per_res_key)) != 0) {
7610 		uint64_t sa_res_key;
7611 		sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7612 
7613 		if (sa_res_key == 0) {
7614 			/* temporarily unregister this nexus */
7615 			lun->per_res[msg->pr.pr_info.residx].registered = 0;
7616 
7617 			/*
7618 			 * Unregister everybody else and build UA for
7619 			 * them
7620 			 */
7621 			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7622 				if (lun->per_res[i].registered == 0)
7623 					continue;
7624 
7625 				if (!persis_offset
7626 				 && i < CTL_MAX_INITIATORS)
7627 					lun->pending_sense[i].ua_pending |=
7628 						CTL_UA_REG_PREEMPT;
7629 				else if (persis_offset && i >= persis_offset)
7630 					lun->pending_sense[i -
7631 						persis_offset].ua_pending |=
7632 						CTL_UA_REG_PREEMPT;
7633 				lun->per_res[i].registered = 0;
7634 				memset(&lun->per_res[i].res_key, 0,
7635 				       sizeof(struct scsi_per_res_key));
7636 			}
7637 
7638 			lun->per_res[msg->pr.pr_info.residx].registered = 1;
7639 			lun->pr_key_count = 1;
7640 			lun->res_type = msg->pr.pr_info.res_type;
7641 			if (lun->res_type != SPR_TYPE_WR_EX_AR
7642 			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7643 				lun->pr_res_idx = msg->pr.pr_info.residx;
7644 		} else {
7645 		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7646 				if (memcmp(msg->pr.pr_info.sa_res_key,
7647 		                   lun->per_res[i].res_key.key,
7648 		                   sizeof(struct scsi_per_res_key)) != 0)
7649 					continue;
7650 
7651 				lun->per_res[i].registered = 0;
7652 				memset(&lun->per_res[i].res_key, 0,
7653 				       sizeof(struct scsi_per_res_key));
7654 				lun->pr_key_count--;
7655 
7656 				if (!persis_offset
7657 				 && i < persis_offset)
7658 					lun->pending_sense[i].ua_pending |=
7659 						CTL_UA_REG_PREEMPT;
7660 				else if (persis_offset
7661 				      && i >= persis_offset)
7662 					lun->pending_sense[i -
7663 						persis_offset].ua_pending |=
7664 						CTL_UA_REG_PREEMPT;
7665 			}
7666 		}
7667 	} else {
7668 		/*
7669 		 * Temporarily unregister so it won't get removed
7670 		 * or UA generated
7671 		 */
7672 		lun->per_res[msg->pr.pr_info.residx].registered = 0;
7673 		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7674 			if (lun->per_res[i].registered == 0)
7675 				continue;
7676 
7677 			if (memcmp(msg->pr.pr_info.sa_res_key,
7678 	                   lun->per_res[i].res_key.key,
7679 	                   sizeof(struct scsi_per_res_key)) == 0) {
7680 				lun->per_res[i].registered = 0;
7681 				memset(&lun->per_res[i].res_key, 0,
7682 				       sizeof(struct scsi_per_res_key));
7683 				lun->pr_key_count--;
7684 				if (!persis_offset
7685 				 && i < CTL_MAX_INITIATORS)
7686 					lun->pending_sense[i].ua_pending |=
7687 						CTL_UA_REG_PREEMPT;
7688 				else if (persis_offset
7689 				      && i >= persis_offset)
7690 					lun->pending_sense[i -
7691 						persis_offset].ua_pending |=
7692 						CTL_UA_REG_PREEMPT;
7693 			} else if (msg->pr.pr_info.res_type != lun->res_type
7694 				&& (lun->res_type == SPR_TYPE_WR_EX_RO
7695 				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
7696 					if (!persis_offset
7697 					 && i < persis_offset)
7698 						lun->pending_sense[i
7699 							].ua_pending |=
7700 							CTL_UA_RES_RELEASE;
7701 					else if (persis_offset
7702 					      && i >= persis_offset)
7703 					lun->pending_sense[i -
7704 						persis_offset].ua_pending |=
7705 						CTL_UA_RES_RELEASE;
7706 			}
7707 		}
7708 		lun->per_res[msg->pr.pr_info.residx].registered = 1;
7709 		lun->res_type = msg->pr.pr_info.res_type;
7710 		if (lun->res_type != SPR_TYPE_WR_EX_AR
7711 		 && lun->res_type != SPR_TYPE_EX_AC_AR)
7712 			lun->pr_res_idx = msg->pr.pr_info.residx;
7713 		else
7714 			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7715 	}
7716 	lun->PRGeneration++;
7717 
7718 }
7719 
7720 
7721 int
7722 ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
7723 {
7724 	int retval;
7725 	int isc_retval;
7726 	u_int32_t param_len;
7727 	struct scsi_per_res_out *cdb;
7728 	struct ctl_lun *lun;
7729 	struct scsi_per_res_out_parms* param;
7730 	struct ctl_softc *softc;
7731 	uint32_t residx;
7732 	uint64_t res_key, sa_res_key;
7733 	uint8_t type;
7734 	union ctl_ha_msg persis_io;
7735 	int    i;
7736 
7737 	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
7738 
7739 	retval = CTL_RETVAL_COMPLETE;
7740 
7741 	softc = control_softc;
7742 
7743 	cdb = (struct scsi_per_res_out *)ctsio->cdb;
7744 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7745 
7746 	/*
7747 	 * We only support whole-LUN scope.  The scope & type are ignored for
7748 	 * register, register and ignore existing key and clear.
7749 	 * We sometimes ignore scope and type on preempts too!!
7750 	 * Verify reservation type here as well.
7751 	 */
7752 	type = cdb->scope_type & SPR_TYPE_MASK;
7753 	if ((cdb->action == SPRO_RESERVE)
7754 	 || (cdb->action == SPRO_RELEASE)) {
7755 		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
7756 			ctl_set_invalid_field(/*ctsio*/ ctsio,
7757 					      /*sks_valid*/ 1,
7758 					      /*command*/ 1,
7759 					      /*field*/ 2,
7760 					      /*bit_valid*/ 1,
7761 					      /*bit*/ 4);
7762 			ctl_done((union ctl_io *)ctsio);
7763 			return (CTL_RETVAL_COMPLETE);
7764 		}
7765 
7766 		if (type>8 || type==2 || type==4 || type==0) {
7767 			ctl_set_invalid_field(/*ctsio*/ ctsio,
7768 					      /*sks_valid*/ 1,
7769 					      /*command*/ 1,
7770 					      /*field*/ 2,
7771 					      /*bit_valid*/ 1,
7772 					      /*bit*/ 0);
7773 			ctl_done((union ctl_io *)ctsio);
7774 			return (CTL_RETVAL_COMPLETE);
7775 		}
7776 	}
7777 
7778 	switch (cdb->action & SPRO_ACTION_MASK) {
7779 	case SPRO_REGISTER:
7780 	case SPRO_RESERVE:
7781 	case SPRO_RELEASE:
7782 	case SPRO_CLEAR:
7783 	case SPRO_PREEMPT:
7784 	case SPRO_REG_IGNO:
7785 		break;
7786 	case SPRO_REG_MOVE:
7787 	case SPRO_PRE_ABO:
7788 	default:
7789 		ctl_set_invalid_field(/*ctsio*/ ctsio,
7790 				      /*sks_valid*/ 1,
7791 				      /*command*/ 1,
7792 				      /*field*/ 1,
7793 				      /*bit_valid*/ 1,
7794 				      /*bit*/ 0);
7795 		ctl_done((union ctl_io *)ctsio);
7796 		return (CTL_RETVAL_COMPLETE);
7797 		break; /* NOTREACHED */
7798 	}
7799 
7800 	param_len = scsi_4btoul(cdb->length);
7801 
7802 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
7803 		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
7804 		ctsio->kern_data_len = param_len;
7805 		ctsio->kern_total_len = param_len;
7806 		ctsio->kern_data_resid = 0;
7807 		ctsio->kern_rel_offset = 0;
7808 		ctsio->kern_sg_entries = 0;
7809 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7810 		ctsio->be_move_done = ctl_config_move_done;
7811 		ctl_datamove((union ctl_io *)ctsio);
7812 
7813 		return (CTL_RETVAL_COMPLETE);
7814 	}
7815 
7816 	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
7817 
7818 	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
7819 	res_key = scsi_8btou64(param->res_key.key);
7820 	sa_res_key = scsi_8btou64(param->serv_act_res_key);
7821 
7822 	/*
7823 	 * Validate the reservation key here except for SPRO_REG_IGNO
7824 	 * This must be done for all other service actions
7825 	 */
7826 	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
7827 		mtx_lock(&softc->ctl_lock);
7828 		if (lun->per_res[residx].registered) {
7829 		    if (memcmp(param->res_key.key,
7830 			       lun->per_res[residx].res_key.key,
7831 			       ctl_min(sizeof(param->res_key),
7832 			       sizeof(lun->per_res[residx].res_key))) != 0) {
7833 				/*
7834 				 * The current key passed in doesn't match
7835 				 * the one the initiator previously
7836 				 * registered.
7837 				 */
7838 				mtx_unlock(&softc->ctl_lock);
7839 				free(ctsio->kern_data_ptr, M_CTL);
7840 				ctl_set_reservation_conflict(ctsio);
7841 				ctl_done((union ctl_io *)ctsio);
7842 				return (CTL_RETVAL_COMPLETE);
7843 			}
7844 		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
7845 		    /*
7846 			 * We are not registered
7847 			 */
7848 			mtx_unlock(&softc->ctl_lock);
7849 			free(ctsio->kern_data_ptr, M_CTL);
7850 			ctl_set_reservation_conflict(ctsio);
7851 			ctl_done((union ctl_io *)ctsio);
7852 			return (CTL_RETVAL_COMPLETE);
7853 		} else if (res_key != 0) {
7854 			/*
7855 			 * We are not registered and trying to register but
7856 			 * the register key isn't zero.
7857 			 */
7858 			mtx_unlock(&softc->ctl_lock);
7859 			free(ctsio->kern_data_ptr, M_CTL);
7860 			ctl_set_reservation_conflict(ctsio);
7861 			ctl_done((union ctl_io *)ctsio);
7862 			return (CTL_RETVAL_COMPLETE);
7863 		}
7864 		mtx_unlock(&softc->ctl_lock);
7865 	}
7866 
7867 	switch (cdb->action & SPRO_ACTION_MASK) {
7868 	case SPRO_REGISTER:
7869 	case SPRO_REG_IGNO: {
7870 
7871 #if 0
7872 		printf("Registration received\n");
7873 #endif
7874 
7875 		/*
7876 		 * We don't support any of these options, as we report in
7877 		 * the read capabilities request (see
7878 		 * ctl_persistent_reserve_in(), above).
7879 		 */
7880 		if ((param->flags & SPR_SPEC_I_PT)
7881 		 || (param->flags & SPR_ALL_TG_PT)
7882 		 || (param->flags & SPR_APTPL)) {
7883 			int bit_ptr;
7884 
7885 			if (param->flags & SPR_APTPL)
7886 				bit_ptr = 0;
7887 			else if (param->flags & SPR_ALL_TG_PT)
7888 				bit_ptr = 2;
7889 			else /* SPR_SPEC_I_PT */
7890 				bit_ptr = 3;
7891 
7892 			free(ctsio->kern_data_ptr, M_CTL);
7893 			ctl_set_invalid_field(ctsio,
7894 					      /*sks_valid*/ 1,
7895 					      /*command*/ 0,
7896 					      /*field*/ 20,
7897 					      /*bit_valid*/ 1,
7898 					      /*bit*/ bit_ptr);
7899 			ctl_done((union ctl_io *)ctsio);
7900 			return (CTL_RETVAL_COMPLETE);
7901 		}
7902 
7903 		mtx_lock(&softc->ctl_lock);
7904 
7905 		/*
7906 		 * The initiator wants to clear the
7907 		 * key/unregister.
7908 		 */
7909 		if (sa_res_key == 0) {
7910 			if ((res_key == 0
7911 			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
7912 			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
7913 			  && !lun->per_res[residx].registered)) {
7914 				mtx_unlock(&softc->ctl_lock);
7915 				goto done;
7916 			}
7917 
7918 			lun->per_res[residx].registered = 0;
7919 			memset(&lun->per_res[residx].res_key,
7920 			       0, sizeof(lun->per_res[residx].res_key));
7921 			lun->pr_key_count--;
7922 
7923 			if (residx == lun->pr_res_idx) {
7924 				lun->flags &= ~CTL_LUN_PR_RESERVED;
7925 				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
7926 
7927 				if ((lun->res_type == SPR_TYPE_WR_EX_RO
7928 				  || lun->res_type == SPR_TYPE_EX_AC_RO)
7929 				 && lun->pr_key_count) {
7930 					/*
7931 					 * If the reservation is a registrants
7932 					 * only type we need to generate a UA
7933 					 * for other registered inits.  The
7934 					 * sense code should be RESERVATIONS
7935 					 * RELEASED
7936 					 */
7937 
7938 					for (i = 0; i < CTL_MAX_INITIATORS;i++){
7939 						if (lun->per_res[
7940 						    i+persis_offset].registered
7941 						    == 0)
7942 							continue;
7943 						lun->pending_sense[i
7944 							].ua_pending |=
7945 							CTL_UA_RES_RELEASE;
7946 					}
7947 				}
7948 				lun->res_type = 0;
7949 			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7950 				if (lun->pr_key_count==0) {
7951 					lun->flags &= ~CTL_LUN_PR_RESERVED;
7952 					lun->res_type = 0;
7953 					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
7954 				}
7955 			}
7956 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7957 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7958 			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
7959 			persis_io.pr.pr_info.residx = residx;
7960 			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7961 			     &persis_io, sizeof(persis_io), 0 )) >
7962 			     CTL_HA_STATUS_SUCCESS) {
7963 				printf("CTL:Persis Out error returned from "
7964 				       "ctl_ha_msg_send %d\n", isc_retval);
7965 			}
7966 			mtx_unlock(&softc->ctl_lock);
7967 		} else /* sa_res_key != 0 */ {
7968 
7969 			/*
7970 			 * If we aren't registered currently then increment
7971 			 * the key count and set the registered flag.
7972 			 */
7973 			if (!lun->per_res[residx].registered) {
7974 				lun->pr_key_count++;
7975 				lun->per_res[residx].registered = 1;
7976 			}
7977 
7978 			memcpy(&lun->per_res[residx].res_key,
7979 			       param->serv_act_res_key,
7980 			       ctl_min(sizeof(param->serv_act_res_key),
7981 			       sizeof(lun->per_res[residx].res_key)));
7982 
7983 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7984 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7985 			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
7986 			persis_io.pr.pr_info.residx = residx;
7987 			memcpy(persis_io.pr.pr_info.sa_res_key,
7988 			       param->serv_act_res_key,
7989 			       sizeof(param->serv_act_res_key));
7990 			mtx_unlock(&softc->ctl_lock);
7991 			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7992 			     &persis_io, sizeof(persis_io), 0)) >
7993 			     CTL_HA_STATUS_SUCCESS) {
7994 				printf("CTL:Persis Out error returned from "
7995 				       "ctl_ha_msg_send %d\n", isc_retval);
7996 			}
7997 		}
7998 		lun->PRGeneration++;
7999 
8000 		break;
8001 	}
8002 	case SPRO_RESERVE:
8003 #if 0
8004                 printf("Reserve executed type %d\n", type);
8005 #endif
8006 		mtx_lock(&softc->ctl_lock);
8007 		if (lun->flags & CTL_LUN_PR_RESERVED) {
8008 			/*
8009 			 * if this isn't the reservation holder and it's
8010 			 * not a "all registrants" type or if the type is
8011 			 * different then we have a conflict
8012 			 */
8013 			if ((lun->pr_res_idx != residx
8014 			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8015 			 || lun->res_type != type) {
8016 				mtx_unlock(&softc->ctl_lock);
8017 				free(ctsio->kern_data_ptr, M_CTL);
8018 				ctl_set_reservation_conflict(ctsio);
8019 				ctl_done((union ctl_io *)ctsio);
8020 				return (CTL_RETVAL_COMPLETE);
8021 			}
8022 		} else /* create a reservation */ {
8023 			/*
8024 			 * If it's not an "all registrants" type record
8025 			 * reservation holder
8026 			 */
8027 			if (type != SPR_TYPE_WR_EX_AR
8028 			 && type != SPR_TYPE_EX_AC_AR)
8029 				lun->pr_res_idx = residx; /* Res holder */
8030 			else
8031 				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8032 
8033 			lun->flags |= CTL_LUN_PR_RESERVED;
8034 			lun->res_type = type;
8035 
8036 			mtx_unlock(&softc->ctl_lock);
8037 
8038 			/* send msg to other side */
8039 			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8040 			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8041 			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8042 			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8043 			persis_io.pr.pr_info.res_type = type;
8044 			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8045 			     &persis_io, sizeof(persis_io), 0)) >
8046 			     CTL_HA_STATUS_SUCCESS) {
8047 				printf("CTL:Persis Out error returned from "
8048 				       "ctl_ha_msg_send %d\n", isc_retval);
8049 			}
8050 		}
8051 		break;
8052 
8053 	case SPRO_RELEASE:
8054 		mtx_lock(&softc->ctl_lock);
8055 		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8056 			/* No reservation exists return good status */
8057 			mtx_unlock(&softc->ctl_lock);
8058 			goto done;
8059 		}
8060 		/*
8061 		 * Is this nexus a reservation holder?
8062 		 */
8063 		if (lun->pr_res_idx != residx
8064 		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8065 			/*
8066 			 * not a res holder return good status but
8067 			 * do nothing
8068 			 */
8069 			mtx_unlock(&softc->ctl_lock);
8070 			goto done;
8071 		}
8072 
8073 		if (lun->res_type != type) {
8074 			mtx_unlock(&softc->ctl_lock);
8075 			free(ctsio->kern_data_ptr, M_CTL);
8076 			ctl_set_illegal_pr_release(ctsio);
8077 			ctl_done((union ctl_io *)ctsio);
8078 			return (CTL_RETVAL_COMPLETE);
8079 		}
8080 
8081 		/* okay to release */
8082 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8083 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8084 		lun->res_type = 0;
8085 
8086 		/*
8087 		 * if this isn't an exclusive access
8088 		 * res generate UA for all other
8089 		 * registrants.
8090 		 */
8091 		if (type != SPR_TYPE_EX_AC
8092 		 && type != SPR_TYPE_WR_EX) {
8093 			/*
8094 			 * temporarily unregister so we don't generate UA
8095 			 */
8096 			lun->per_res[residx].registered = 0;
8097 
8098 			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8099 				if (lun->per_res[i+persis_offset].registered
8100 				    == 0)
8101 					continue;
8102 				lun->pending_sense[i].ua_pending |=
8103 					CTL_UA_RES_RELEASE;
8104 			}
8105 
8106 			lun->per_res[residx].registered = 1;
8107 		}
8108 		mtx_unlock(&softc->ctl_lock);
8109 		/* Send msg to other side */
8110 		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8111 		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8112 		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8113 		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8114 		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8115 			printf("CTL:Persis Out error returned from "
8116 			       "ctl_ha_msg_send %d\n", isc_retval);
8117 		}
8118 		break;
8119 
8120 	case SPRO_CLEAR:
8121 		/* send msg to other side */
8122 
8123 		mtx_lock(&softc->ctl_lock);
8124 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8125 		lun->res_type = 0;
8126 		lun->pr_key_count = 0;
8127 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8128 
8129 
8130 		memset(&lun->per_res[residx].res_key,
8131 		       0, sizeof(lun->per_res[residx].res_key));
8132 		lun->per_res[residx].registered = 0;
8133 
8134 		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8135 			if (lun->per_res[i].registered) {
8136 				if (!persis_offset && i < CTL_MAX_INITIATORS)
8137 					lun->pending_sense[i].ua_pending |=
8138 						CTL_UA_RES_PREEMPT;
8139 				else if (persis_offset && i >= persis_offset)
8140 					lun->pending_sense[i-persis_offset
8141 					    ].ua_pending |= CTL_UA_RES_PREEMPT;
8142 
8143 				memset(&lun->per_res[i].res_key,
8144 				       0, sizeof(struct scsi_per_res_key));
8145 				lun->per_res[i].registered = 0;
8146 			}
8147 		lun->PRGeneration++;
8148 		mtx_unlock(&softc->ctl_lock);
8149 		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8150 		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8151 		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8152 		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8153 		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8154 			printf("CTL:Persis Out error returned from "
8155 			       "ctl_ha_msg_send %d\n", isc_retval);
8156 		}
8157 		break;
8158 
8159 	case SPRO_PREEMPT: {
8160 		int nretval;
8161 
8162 		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8163 					  residx, ctsio, cdb, param);
8164 		if (nretval != 0)
8165 			return (CTL_RETVAL_COMPLETE);
8166 		break;
8167 	}
8168 	case SPRO_REG_MOVE:
8169 	case SPRO_PRE_ABO:
8170 	default:
8171 		free(ctsio->kern_data_ptr, M_CTL);
8172 		ctl_set_invalid_field(/*ctsio*/ ctsio,
8173 				      /*sks_valid*/ 1,
8174 				      /*command*/ 1,
8175 				      /*field*/ 1,
8176 				      /*bit_valid*/ 1,
8177 				      /*bit*/ 0);
8178 		ctl_done((union ctl_io *)ctsio);
8179 		return (CTL_RETVAL_COMPLETE);
8180 		break; /* NOTREACHED */
8181 	}
8182 
8183 done:
8184 	free(ctsio->kern_data_ptr, M_CTL);
8185 	ctl_set_success(ctsio);
8186 	ctl_done((union ctl_io *)ctsio);
8187 
8188 	return (retval);
8189 }
8190 
8191 /*
8192  * This routine is for handling a message from the other SC pertaining to
8193  * persistent reserve out. All the error checking will have been done
8194  * so only perorming the action need be done here to keep the two
8195  * in sync.
8196  */
8197 static void
8198 ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8199 {
8200 	struct ctl_lun *lun;
8201 	struct ctl_softc *softc;
8202 	int i;
8203 
8204 	softc = control_softc;
8205 
8206 	mtx_lock(&softc->ctl_lock);
8207 
8208 	lun = softc->ctl_luns[msg->hdr.nexus.targ_lun];
8209 	switch(msg->pr.pr_info.action) {
8210 	case CTL_PR_REG_KEY:
8211 		if (!lun->per_res[msg->pr.pr_info.residx].registered) {
8212 			lun->per_res[msg->pr.pr_info.residx].registered = 1;
8213 			lun->pr_key_count++;
8214 		}
8215 		lun->PRGeneration++;
8216 		memcpy(&lun->per_res[msg->pr.pr_info.residx].res_key,
8217 		       msg->pr.pr_info.sa_res_key,
8218 		       sizeof(struct scsi_per_res_key));
8219 		break;
8220 
8221 	case CTL_PR_UNREG_KEY:
8222 		lun->per_res[msg->pr.pr_info.residx].registered = 0;
8223 		memset(&lun->per_res[msg->pr.pr_info.residx].res_key,
8224 		       0, sizeof(struct scsi_per_res_key));
8225 		lun->pr_key_count--;
8226 
8227 		/* XXX Need to see if the reservation has been released */
8228 		/* if so do we need to generate UA? */
8229 		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8230 			lun->flags &= ~CTL_LUN_PR_RESERVED;
8231 			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8232 
8233 			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8234 			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8235 			 && lun->pr_key_count) {
8236 				/*
8237 				 * If the reservation is a registrants
8238 				 * only type we need to generate a UA
8239 				 * for other registered inits.  The
8240 				 * sense code should be RESERVATIONS
8241 				 * RELEASED
8242 				 */
8243 
8244 				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8245 					if (lun->per_res[i+
8246 					    persis_offset].registered == 0)
8247 						continue;
8248 
8249 					lun->pending_sense[i
8250 						].ua_pending |=
8251 						CTL_UA_RES_RELEASE;
8252 				}
8253 			}
8254 			lun->res_type = 0;
8255 		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8256 			if (lun->pr_key_count==0) {
8257 				lun->flags &= ~CTL_LUN_PR_RESERVED;
8258 				lun->res_type = 0;
8259 				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8260 			}
8261 		}
8262 		lun->PRGeneration++;
8263 		break;
8264 
8265 	case CTL_PR_RESERVE:
8266 		lun->flags |= CTL_LUN_PR_RESERVED;
8267 		lun->res_type = msg->pr.pr_info.res_type;
8268 		lun->pr_res_idx = msg->pr.pr_info.residx;
8269 
8270 		break;
8271 
8272 	case CTL_PR_RELEASE:
8273 		/*
8274 		 * if this isn't an exclusive access res generate UA for all
8275 		 * other registrants.
8276 		 */
8277 		if (lun->res_type != SPR_TYPE_EX_AC
8278 		 && lun->res_type != SPR_TYPE_WR_EX) {
8279 			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8280 				if (lun->per_res[i+persis_offset].registered)
8281 					lun->pending_sense[i].ua_pending |=
8282 						CTL_UA_RES_RELEASE;
8283 		}
8284 
8285 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8286 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8287 		lun->res_type = 0;
8288 		break;
8289 
8290 	case CTL_PR_PREEMPT:
8291 		ctl_pro_preempt_other(lun, msg);
8292 		break;
8293 	case CTL_PR_CLEAR:
8294 		lun->flags &= ~CTL_LUN_PR_RESERVED;
8295 		lun->res_type = 0;
8296 		lun->pr_key_count = 0;
8297 		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8298 
8299 		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8300 			if (lun->per_res[i].registered == 0)
8301 				continue;
8302 			if (!persis_offset
8303 			 && i < CTL_MAX_INITIATORS)
8304 				lun->pending_sense[i].ua_pending |=
8305 					CTL_UA_RES_PREEMPT;
8306 			else if (persis_offset
8307 			      && i >= persis_offset)
8308    				lun->pending_sense[i-persis_offset].ua_pending|=
8309 					CTL_UA_RES_PREEMPT;
8310 			memset(&lun->per_res[i].res_key, 0,
8311 			       sizeof(struct scsi_per_res_key));
8312 			lun->per_res[i].registered = 0;
8313 		}
8314 		lun->PRGeneration++;
8315 		break;
8316 	}
8317 
8318 	mtx_unlock(&softc->ctl_lock);
8319 }
8320 
8321 int
8322 ctl_read_write(struct ctl_scsiio *ctsio)
8323 {
8324 	struct ctl_lun *lun;
8325 	struct ctl_lba_len lbalen;
8326 	uint64_t lba;
8327 	uint32_t num_blocks;
8328 	int reladdr, fua, dpo, ebp;
8329 	int retval;
8330 	int isread;
8331 
8332 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8333 
8334 	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8335 
8336 	reladdr = 0;
8337 	fua = 0;
8338 	dpo = 0;
8339 	ebp = 0;
8340 
8341 	retval = CTL_RETVAL_COMPLETE;
8342 
8343 	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8344 	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8345 	if (lun->flags & CTL_LUN_PR_RESERVED && isread) {
8346 		uint32_t residx;
8347 
8348 		/*
8349 		 * XXX KDM need a lock here.
8350 		 */
8351 		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8352 		if ((lun->res_type == SPR_TYPE_EX_AC
8353 		  && residx != lun->pr_res_idx)
8354 		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
8355 		   || lun->res_type == SPR_TYPE_EX_AC_AR)
8356 		  && !lun->per_res[residx].registered)) {
8357 			ctl_set_reservation_conflict(ctsio);
8358 			ctl_done((union ctl_io *)ctsio);
8359 			return (CTL_RETVAL_COMPLETE);
8360 	        }
8361 	}
8362 
8363 	switch (ctsio->cdb[0]) {
8364 	case READ_6:
8365 	case WRITE_6: {
8366 		struct scsi_rw_6 *cdb;
8367 
8368 		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8369 
8370 		lba = scsi_3btoul(cdb->addr);
8371 		/* only 5 bits are valid in the most significant address byte */
8372 		lba &= 0x1fffff;
8373 		num_blocks = cdb->length;
8374 		/*
8375 		 * This is correct according to SBC-2.
8376 		 */
8377 		if (num_blocks == 0)
8378 			num_blocks = 256;
8379 		break;
8380 	}
8381 	case READ_10:
8382 	case WRITE_10: {
8383 		struct scsi_rw_10 *cdb;
8384 
8385 		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8386 
8387 		if (cdb->byte2 & SRW10_RELADDR)
8388 			reladdr = 1;
8389 		if (cdb->byte2 & SRW10_FUA)
8390 			fua = 1;
8391 		if (cdb->byte2 & SRW10_DPO)
8392 			dpo = 1;
8393 
8394 		if ((cdb->opcode == WRITE_10)
8395 		 && (cdb->byte2 & SRW10_EBP))
8396 			ebp = 1;
8397 
8398 		lba = scsi_4btoul(cdb->addr);
8399 		num_blocks = scsi_2btoul(cdb->length);
8400 		break;
8401 	}
8402 	case WRITE_VERIFY_10: {
8403 		struct scsi_write_verify_10 *cdb;
8404 
8405 		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8406 
8407 		/*
8408 		 * XXX KDM we should do actual write verify support at some
8409 		 * point.  This is obviously fake, we're just translating
8410 		 * things to a write.  So we don't even bother checking the
8411 		 * BYTCHK field, since we don't do any verification.  If
8412 		 * the user asks for it, we'll just pretend we did it.
8413 		 */
8414 		if (cdb->byte2 & SWV_DPO)
8415 			dpo = 1;
8416 
8417 		lba = scsi_4btoul(cdb->addr);
8418 		num_blocks = scsi_2btoul(cdb->length);
8419 		break;
8420 	}
8421 	case READ_12:
8422 	case WRITE_12: {
8423 		struct scsi_rw_12 *cdb;
8424 
8425 		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8426 
8427 		if (cdb->byte2 & SRW12_RELADDR)
8428 			reladdr = 1;
8429 		if (cdb->byte2 & SRW12_FUA)
8430 			fua = 1;
8431 		if (cdb->byte2 & SRW12_DPO)
8432 			dpo = 1;
8433 		lba = scsi_4btoul(cdb->addr);
8434 		num_blocks = scsi_4btoul(cdb->length);
8435 		break;
8436 	}
8437 	case WRITE_VERIFY_12: {
8438 		struct scsi_write_verify_12 *cdb;
8439 
8440 		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8441 
8442 		if (cdb->byte2 & SWV_DPO)
8443 			dpo = 1;
8444 
8445 		lba = scsi_4btoul(cdb->addr);
8446 		num_blocks = scsi_4btoul(cdb->length);
8447 
8448 		break;
8449 	}
8450 	case READ_16:
8451 	case WRITE_16: {
8452 		struct scsi_rw_16 *cdb;
8453 
8454 		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8455 
8456 		if (cdb->byte2 & SRW12_RELADDR)
8457 			reladdr = 1;
8458 		if (cdb->byte2 & SRW12_FUA)
8459 			fua = 1;
8460 		if (cdb->byte2 & SRW12_DPO)
8461 			dpo = 1;
8462 
8463 		lba = scsi_8btou64(cdb->addr);
8464 		num_blocks = scsi_4btoul(cdb->length);
8465 		break;
8466 	}
8467 	case WRITE_VERIFY_16: {
8468 		struct scsi_write_verify_16 *cdb;
8469 
8470 		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8471 
8472 		if (cdb->byte2 & SWV_DPO)
8473 			dpo = 1;
8474 
8475 		lba = scsi_8btou64(cdb->addr);
8476 		num_blocks = scsi_4btoul(cdb->length);
8477 		break;
8478 	}
8479 	default:
8480 		/*
8481 		 * We got a command we don't support.  This shouldn't
8482 		 * happen, commands should be filtered out above us.
8483 		 */
8484 		ctl_set_invalid_opcode(ctsio);
8485 		ctl_done((union ctl_io *)ctsio);
8486 
8487 		return (CTL_RETVAL_COMPLETE);
8488 		break; /* NOTREACHED */
8489 	}
8490 
8491 	/*
8492 	 * XXX KDM what do we do with the DPO and FUA bits?  FUA might be
8493 	 * interesting for us, but if RAIDCore is in write-back mode,
8494 	 * getting it to do write-through for a particular transaction may
8495 	 * not be possible.
8496 	 */
8497 	/*
8498 	 * We don't support relative addressing.  That also requires
8499 	 * supporting linked commands, which we don't do.
8500 	 */
8501 	if (reladdr != 0) {
8502 		ctl_set_invalid_field(ctsio,
8503 				      /*sks_valid*/ 1,
8504 				      /*command*/ 1,
8505 				      /*field*/ 1,
8506 				      /*bit_valid*/ 1,
8507 				      /*bit*/ 0);
8508 		ctl_done((union ctl_io *)ctsio);
8509 		return (CTL_RETVAL_COMPLETE);
8510 	}
8511 
8512 	/*
8513 	 * The first check is to make sure we're in bounds, the second
8514 	 * check is to catch wrap-around problems.  If the lba + num blocks
8515 	 * is less than the lba, then we've wrapped around and the block
8516 	 * range is invalid anyway.
8517 	 */
8518 	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8519 	 || ((lba + num_blocks) < lba)) {
8520 		ctl_set_lba_out_of_range(ctsio);
8521 		ctl_done((union ctl_io *)ctsio);
8522 		return (CTL_RETVAL_COMPLETE);
8523 	}
8524 
8525 	/*
8526 	 * According to SBC-3, a transfer length of 0 is not an error.
8527 	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8528 	 * translates to 256 blocks for those commands.
8529 	 */
8530 	if (num_blocks == 0) {
8531 		ctl_set_success(ctsio);
8532 		ctl_done((union ctl_io *)ctsio);
8533 		return (CTL_RETVAL_COMPLETE);
8534 	}
8535 
8536 	lbalen.lba = lba;
8537 	lbalen.len = num_blocks;
8538 	memcpy(ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes, &lbalen,
8539 	       sizeof(lbalen));
8540 
8541 	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8542 
8543 	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8544 
8545 	return (retval);
8546 }
8547 
8548 int
8549 ctl_report_luns(struct ctl_scsiio *ctsio)
8550 {
8551 	struct scsi_report_luns *cdb;
8552 	struct scsi_report_luns_data *lun_data;
8553 	struct ctl_lun *lun, *request_lun;
8554 	int num_luns, retval;
8555 	uint32_t alloc_len, lun_datalen;
8556 	int num_filled, well_known;
8557 	uint32_t initidx;
8558 
8559 	retval = CTL_RETVAL_COMPLETE;
8560 	well_known = 0;
8561 
8562 	cdb = (struct scsi_report_luns *)ctsio->cdb;
8563 
8564 	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8565 
8566 	mtx_lock(&control_softc->ctl_lock);
8567 	num_luns = control_softc->num_luns;
8568 	mtx_unlock(&control_softc->ctl_lock);
8569 
8570 	switch (cdb->select_report) {
8571 	case RPL_REPORT_DEFAULT:
8572 	case RPL_REPORT_ALL:
8573 		break;
8574 	case RPL_REPORT_WELLKNOWN:
8575 		well_known = 1;
8576 		num_luns = 0;
8577 		break;
8578 	default:
8579 		ctl_set_invalid_field(ctsio,
8580 				      /*sks_valid*/ 1,
8581 				      /*command*/ 1,
8582 				      /*field*/ 2,
8583 				      /*bit_valid*/ 0,
8584 				      /*bit*/ 0);
8585 		ctl_done((union ctl_io *)ctsio);
8586 		return (retval);
8587 		break; /* NOTREACHED */
8588 	}
8589 
8590 	alloc_len = scsi_4btoul(cdb->length);
8591 	/*
8592 	 * The initiator has to allocate at least 16 bytes for this request,
8593 	 * so he can at least get the header and the first LUN.  Otherwise
8594 	 * we reject the request (per SPC-3 rev 14, section 6.21).
8595 	 */
8596 	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
8597 	    sizeof(struct scsi_report_luns_lundata))) {
8598 		ctl_set_invalid_field(ctsio,
8599 				      /*sks_valid*/ 1,
8600 				      /*command*/ 1,
8601 				      /*field*/ 6,
8602 				      /*bit_valid*/ 0,
8603 				      /*bit*/ 0);
8604 		ctl_done((union ctl_io *)ctsio);
8605 		return (retval);
8606 	}
8607 
8608 	request_lun = (struct ctl_lun *)
8609 		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8610 
8611 	lun_datalen = sizeof(*lun_data) +
8612 		(num_luns * sizeof(struct scsi_report_luns_lundata));
8613 
8614 	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK);
8615 	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
8616 	ctsio->kern_sg_entries = 0;
8617 
8618 	if (lun_datalen < alloc_len) {
8619 		ctsio->residual = alloc_len - lun_datalen;
8620 		ctsio->kern_data_len = lun_datalen;
8621 		ctsio->kern_total_len = lun_datalen;
8622 	} else {
8623 		ctsio->residual = 0;
8624 		ctsio->kern_data_len = alloc_len;
8625 		ctsio->kern_total_len = alloc_len;
8626 	}
8627 	ctsio->kern_data_resid = 0;
8628 	ctsio->kern_rel_offset = 0;
8629 	ctsio->kern_sg_entries = 0;
8630 
8631 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8632 
8633 	memset(lun_data, 0, lun_datalen);
8634 
8635 	/*
8636 	 * We set this to the actual data length, regardless of how much
8637 	 * space we actually have to return results.  If the user looks at
8638 	 * this value, he'll know whether or not he allocated enough space
8639 	 * and reissue the command if necessary.  We don't support well
8640 	 * known logical units, so if the user asks for that, return none.
8641 	 */
8642 	scsi_ulto4b(lun_datalen - 8, lun_data->length);
8643 
8644 	mtx_lock(&control_softc->ctl_lock);
8645 	for (num_filled = 0, lun = STAILQ_FIRST(&control_softc->lun_list);
8646 	     (lun != NULL) && (num_filled < num_luns);
8647 	     lun = STAILQ_NEXT(lun, links)) {
8648 
8649 		if (lun->lun <= 0xff) {
8650 			/*
8651 			 * Peripheral addressing method, bus number 0.
8652 			 */
8653 			lun_data->luns[num_filled].lundata[0] =
8654 				RPL_LUNDATA_ATYP_PERIPH;
8655 			lun_data->luns[num_filled].lundata[1] = lun->lun;
8656 			num_filled++;
8657 		} else if (lun->lun <= 0x3fff) {
8658 			/*
8659 			 * Flat addressing method.
8660 			 */
8661 			lun_data->luns[num_filled].lundata[0] =
8662 				RPL_LUNDATA_ATYP_FLAT |
8663 				(lun->lun & RPL_LUNDATA_FLAT_LUN_MASK);
8664 #ifdef OLDCTLHEADERS
8665 				(SRLD_ADDR_FLAT << SRLD_ADDR_SHIFT) |
8666 				(lun->lun & SRLD_BUS_LUN_MASK);
8667 #endif
8668 			lun_data->luns[num_filled].lundata[1] =
8669 #ifdef OLDCTLHEADERS
8670 				lun->lun >> SRLD_BUS_LUN_BITS;
8671 #endif
8672 				lun->lun >> RPL_LUNDATA_FLAT_LUN_BITS;
8673 			num_filled++;
8674 		} else {
8675 			printf("ctl_report_luns: bogus LUN number %jd, "
8676 			       "skipping\n", (intmax_t)lun->lun);
8677 		}
8678 		/*
8679 		 * According to SPC-3, rev 14 section 6.21:
8680 		 *
8681 		 * "The execution of a REPORT LUNS command to any valid and
8682 		 * installed logical unit shall clear the REPORTED LUNS DATA
8683 		 * HAS CHANGED unit attention condition for all logical
8684 		 * units of that target with respect to the requesting
8685 		 * initiator. A valid and installed logical unit is one
8686 		 * having a PERIPHERAL QUALIFIER of 000b in the standard
8687 		 * INQUIRY data (see 6.4.2)."
8688 		 *
8689 		 * If request_lun is NULL, the LUN this report luns command
8690 		 * was issued to is either disabled or doesn't exist. In that
8691 		 * case, we shouldn't clear any pending lun change unit
8692 		 * attention.
8693 		 */
8694 		if (request_lun != NULL)
8695 			lun->pending_sense[initidx].ua_pending &=
8696 				~CTL_UA_LUN_CHANGE;
8697 	}
8698 	mtx_unlock(&control_softc->ctl_lock);
8699 
8700 	/*
8701 	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
8702 	 * this request.
8703 	 */
8704 	ctsio->scsi_status = SCSI_STATUS_OK;
8705 
8706 	ctsio->be_move_done = ctl_config_move_done;
8707 	ctl_datamove((union ctl_io *)ctsio);
8708 
8709 	return (retval);
8710 }
8711 
8712 int
8713 ctl_request_sense(struct ctl_scsiio *ctsio)
8714 {
8715 	struct scsi_request_sense *cdb;
8716 	struct scsi_sense_data *sense_ptr;
8717 	struct ctl_lun *lun;
8718 	uint32_t initidx;
8719 	int have_error;
8720 	scsi_sense_data_type sense_format;
8721 
8722 	cdb = (struct scsi_request_sense *)ctsio->cdb;
8723 
8724 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8725 
8726 	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
8727 
8728 	/*
8729 	 * Determine which sense format the user wants.
8730 	 */
8731 	if (cdb->byte2 & SRS_DESC)
8732 		sense_format = SSD_TYPE_DESC;
8733 	else
8734 		sense_format = SSD_TYPE_FIXED;
8735 
8736 	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
8737 	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
8738 	ctsio->kern_sg_entries = 0;
8739 
8740 	/*
8741 	 * struct scsi_sense_data, which is currently set to 256 bytes, is
8742 	 * larger than the largest allowed value for the length field in the
8743 	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
8744 	 */
8745 	ctsio->residual = 0;
8746 	ctsio->kern_data_len = cdb->length;
8747 	ctsio->kern_total_len = cdb->length;
8748 
8749 	ctsio->kern_data_resid = 0;
8750 	ctsio->kern_rel_offset = 0;
8751 	ctsio->kern_sg_entries = 0;
8752 
8753 	/*
8754 	 * If we don't have a LUN, we don't have any pending sense.
8755 	 */
8756 	if (lun == NULL)
8757 		goto no_sense;
8758 
8759 	have_error = 0;
8760 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8761 	/*
8762 	 * Check for pending sense, and then for pending unit attentions.
8763 	 * Pending sense gets returned first, then pending unit attentions.
8764 	 */
8765 	mtx_lock(&lun->ctl_softc->ctl_lock);
8766 	if (ctl_is_set(lun->have_ca, initidx)) {
8767 		scsi_sense_data_type stored_format;
8768 
8769 		/*
8770 		 * Check to see which sense format was used for the stored
8771 		 * sense data.
8772 		 */
8773 		stored_format = scsi_sense_type(
8774 		    &lun->pending_sense[initidx].sense);
8775 
8776 		/*
8777 		 * If the user requested a different sense format than the
8778 		 * one we stored, then we need to convert it to the other
8779 		 * format.  If we're going from descriptor to fixed format
8780 		 * sense data, we may lose things in translation, depending
8781 		 * on what options were used.
8782 		 *
8783 		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
8784 		 * for some reason we'll just copy it out as-is.
8785 		 */
8786 		if ((stored_format == SSD_TYPE_FIXED)
8787 		 && (sense_format == SSD_TYPE_DESC))
8788 			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
8789 			    &lun->pending_sense[initidx].sense,
8790 			    (struct scsi_sense_data_desc *)sense_ptr);
8791 		else if ((stored_format == SSD_TYPE_DESC)
8792 		      && (sense_format == SSD_TYPE_FIXED))
8793 			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
8794 			    &lun->pending_sense[initidx].sense,
8795 			    (struct scsi_sense_data_fixed *)sense_ptr);
8796 		else
8797 			memcpy(sense_ptr, &lun->pending_sense[initidx].sense,
8798 			       ctl_min(sizeof(*sense_ptr),
8799 			       sizeof(lun->pending_sense[initidx].sense)));
8800 
8801 		ctl_clear_mask(lun->have_ca, initidx);
8802 		have_error = 1;
8803 	} else if (lun->pending_sense[initidx].ua_pending != CTL_UA_NONE) {
8804 		ctl_ua_type ua_type;
8805 
8806 		ua_type = ctl_build_ua(lun->pending_sense[initidx].ua_pending,
8807 				       sense_ptr, sense_format);
8808 		if (ua_type != CTL_UA_NONE) {
8809 			have_error = 1;
8810 			/* We're reporting this UA, so clear it */
8811 			lun->pending_sense[initidx].ua_pending &= ~ua_type;
8812 		}
8813 	}
8814 	mtx_unlock(&lun->ctl_softc->ctl_lock);
8815 
8816 	/*
8817 	 * We already have a pending error, return it.
8818 	 */
8819 	if (have_error != 0) {
8820 		/*
8821 		 * We report the SCSI status as OK, since the status of the
8822 		 * request sense command itself is OK.
8823 		 */
8824 		ctsio->scsi_status = SCSI_STATUS_OK;
8825 
8826 		/*
8827 		 * We report 0 for the sense length, because we aren't doing
8828 		 * autosense in this case.  We're reporting sense as
8829 		 * parameter data.
8830 		 */
8831 		ctsio->sense_len = 0;
8832 
8833 		ctsio->be_move_done = ctl_config_move_done;
8834 		ctl_datamove((union ctl_io *)ctsio);
8835 
8836 		return (CTL_RETVAL_COMPLETE);
8837 	}
8838 
8839 no_sense:
8840 
8841 	/*
8842 	 * No sense information to report, so we report that everything is
8843 	 * okay.
8844 	 */
8845 	ctl_set_sense_data(sense_ptr,
8846 			   lun,
8847 			   sense_format,
8848 			   /*current_error*/ 1,
8849 			   /*sense_key*/ SSD_KEY_NO_SENSE,
8850 			   /*asc*/ 0x00,
8851 			   /*ascq*/ 0x00,
8852 			   SSD_ELEM_NONE);
8853 
8854 	ctsio->scsi_status = SCSI_STATUS_OK;
8855 
8856 	/*
8857 	 * We report 0 for the sense length, because we aren't doing
8858 	 * autosense in this case.  We're reporting sense as parameter data.
8859 	 */
8860 	ctsio->sense_len = 0;
8861 	ctsio->be_move_done = ctl_config_move_done;
8862 	ctl_datamove((union ctl_io *)ctsio);
8863 
8864 	return (CTL_RETVAL_COMPLETE);
8865 }
8866 
8867 int
8868 ctl_tur(struct ctl_scsiio *ctsio)
8869 {
8870 	struct ctl_lun *lun;
8871 
8872 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8873 
8874 	CTL_DEBUG_PRINT(("ctl_tur\n"));
8875 
8876 	if (lun == NULL)
8877 		return (-EINVAL);
8878 
8879 	ctsio->scsi_status = SCSI_STATUS_OK;
8880 	ctsio->io_hdr.status = CTL_SUCCESS;
8881 
8882 	ctl_done((union ctl_io *)ctsio);
8883 
8884 	return (CTL_RETVAL_COMPLETE);
8885 }
8886 
8887 #ifdef notyet
8888 static int
8889 ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
8890 {
8891 
8892 }
8893 #endif
8894 
8895 static int
8896 ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
8897 {
8898 	struct scsi_vpd_supported_pages *pages;
8899 	int sup_page_size;
8900 	struct ctl_lun *lun;
8901 
8902 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8903 
8904 	sup_page_size = sizeof(struct scsi_vpd_supported_pages) +
8905 		SCSI_EVPD_NUM_SUPPORTED_PAGES;
8906 	/*
8907 	 * XXX KDM GFP_???  We probably don't want to wait here,
8908 	 * unless we end up having a process/thread context.
8909 	 */
8910 	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK);
8911 	if (ctsio->kern_data_ptr == NULL) {
8912 		ctsio->io_hdr.status = CTL_SCSI_ERROR;
8913 		ctsio->scsi_status = SCSI_STATUS_BUSY;
8914 		ctl_done((union ctl_io *)ctsio);
8915 		return (CTL_RETVAL_COMPLETE);
8916 	}
8917 	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
8918 	ctsio->kern_sg_entries = 0;
8919 
8920 	if (sup_page_size < alloc_len) {
8921 		ctsio->residual = alloc_len - sup_page_size;
8922 		ctsio->kern_data_len = sup_page_size;
8923 		ctsio->kern_total_len = sup_page_size;
8924 	} else {
8925 		ctsio->residual = 0;
8926 		ctsio->kern_data_len = alloc_len;
8927 		ctsio->kern_total_len = alloc_len;
8928 	}
8929 	ctsio->kern_data_resid = 0;
8930 	ctsio->kern_rel_offset = 0;
8931 	ctsio->kern_sg_entries = 0;
8932 
8933 	memset(pages, 0, sup_page_size);
8934 
8935 	/*
8936 	 * The control device is always connected.  The disk device, on the
8937 	 * other hand, may not be online all the time.  Need to change this
8938 	 * to figure out whether the disk device is actually online or not.
8939 	 */
8940 	if (lun != NULL)
8941 		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
8942 				lun->be_lun->lun_type;
8943 	else
8944 		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
8945 
8946 	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
8947 	/* Supported VPD pages */
8948 	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
8949 	/* Serial Number */
8950 	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
8951 	/* Device Identification */
8952 	pages->page_list[2] = SVPD_DEVICE_ID;
8953 
8954 	ctsio->scsi_status = SCSI_STATUS_OK;
8955 
8956 	ctsio->be_move_done = ctl_config_move_done;
8957 	ctl_datamove((union ctl_io *)ctsio);
8958 
8959 	return (CTL_RETVAL_COMPLETE);
8960 }
8961 
8962 static int
8963 ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
8964 {
8965 	struct scsi_vpd_unit_serial_number *sn_ptr;
8966 	struct ctl_lun *lun;
8967 #ifndef CTL_USE_BACKEND_SN
8968 	char tmpstr[32];
8969 #endif
8970 
8971 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8972 
8973 	/* XXX KDM which malloc flags here?? */
8974 	ctsio->kern_data_ptr = malloc(sizeof(*sn_ptr), M_CTL, M_WAITOK);
8975 	if (ctsio->kern_data_ptr == NULL) {
8976 		ctsio->io_hdr.status = CTL_SCSI_ERROR;
8977 		ctsio->scsi_status = SCSI_STATUS_BUSY;
8978 		ctl_done((union ctl_io *)ctsio);
8979 		return (CTL_RETVAL_COMPLETE);
8980 	}
8981 	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
8982 	ctsio->kern_sg_entries = 0;
8983 
8984 	if (sizeof(*sn_ptr) < alloc_len) {
8985 		ctsio->residual = alloc_len - sizeof(*sn_ptr);
8986 		ctsio->kern_data_len = sizeof(*sn_ptr);
8987 		ctsio->kern_total_len = sizeof(*sn_ptr);
8988 	} else {
8989 		ctsio->residual = 0;
8990 		ctsio->kern_data_len = alloc_len;
8991 		ctsio->kern_total_len = alloc_len;
8992 	}
8993 	ctsio->kern_data_resid = 0;
8994 	ctsio->kern_rel_offset = 0;
8995 	ctsio->kern_sg_entries = 0;
8996 
8997 	memset(sn_ptr, 0, sizeof(*sn_ptr));
8998 
8999 	/*
9000 	 * The control device is always connected.  The disk device, on the
9001 	 * other hand, may not be online all the time.  Need to change this
9002 	 * to figure out whether the disk device is actually online or not.
9003 	 */
9004 	if (lun != NULL)
9005 		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9006 				  lun->be_lun->lun_type;
9007 	else
9008 		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9009 
9010 	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9011 	sn_ptr->length = ctl_min(sizeof(*sn_ptr) - 4, CTL_SN_LEN);
9012 #ifdef CTL_USE_BACKEND_SN
9013 	/*
9014 	 * If we don't have a LUN, we just leave the serial number as
9015 	 * all spaces.
9016 	 */
9017 	memset(sn_ptr->serial_num, 0x20, sizeof(sn_ptr->serial_num));
9018 	if (lun != NULL) {
9019 		strncpy((char *)sn_ptr->serial_num,
9020 			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9021 	}
9022 #else
9023 	/*
9024 	 * Note that we're using a non-unique serial number here,
9025 	 */
9026 	snprintf(tmpstr, sizeof(tmpstr), "MYSERIALNUMIS000");
9027 	memset(sn_ptr->serial_num, 0x20, sizeof(sn_ptr->serial_num));
9028 	strncpy(sn_ptr->serial_num, tmpstr, ctl_min(CTL_SN_LEN,
9029 		ctl_min(sizeof(tmpstr), sizeof(*sn_ptr) - 4)));
9030 #endif
9031 	ctsio->scsi_status = SCSI_STATUS_OK;
9032 
9033 	ctsio->be_move_done = ctl_config_move_done;
9034 	ctl_datamove((union ctl_io *)ctsio);
9035 
9036 	return (CTL_RETVAL_COMPLETE);
9037 }
9038 
9039 
9040 static int
9041 ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9042 {
9043 	struct scsi_vpd_device_id *devid_ptr;
9044 	struct scsi_vpd_id_descriptor *desc, *desc1;
9045 	struct scsi_vpd_id_descriptor *desc2, *desc3; /* for types 4h and 5h */
9046 	struct scsi_vpd_id_t10 *t10id;
9047 	struct ctl_softc *ctl_softc;
9048 	struct ctl_lun *lun;
9049 	struct ctl_frontend *fe;
9050 #ifndef CTL_USE_BACKEND_SN
9051 	char tmpstr[32];
9052 #endif /* CTL_USE_BACKEND_SN */
9053 	int devid_len;
9054 
9055 	ctl_softc = control_softc;
9056 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9057 
9058 	devid_len = sizeof(struct scsi_vpd_device_id) +
9059 		sizeof(struct scsi_vpd_id_descriptor) +
9060 		sizeof(struct scsi_vpd_id_t10) + CTL_DEVID_LEN +
9061 		sizeof(struct scsi_vpd_id_descriptor) + CTL_WWPN_LEN +
9062 		sizeof(struct scsi_vpd_id_descriptor) +
9063 		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9064 		sizeof(struct scsi_vpd_id_descriptor) +
9065 		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9066 
9067 	/* XXX KDM which malloc flags here ?? */
9068 	ctsio->kern_data_ptr = malloc(devid_len, M_CTL, M_WAITOK);
9069 	if (ctsio->kern_data_ptr == NULL) {
9070 		ctsio->io_hdr.status = CTL_SCSI_ERROR;
9071 		ctsio->scsi_status = SCSI_STATUS_BUSY;
9072 		ctl_done((union ctl_io *)ctsio);
9073 		return (CTL_RETVAL_COMPLETE);
9074 	}
9075 	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9076 	ctsio->kern_sg_entries = 0;
9077 
9078 	if (devid_len < alloc_len) {
9079 		ctsio->residual = alloc_len - devid_len;
9080 		ctsio->kern_data_len = devid_len;
9081 		ctsio->kern_total_len = devid_len;
9082 	} else {
9083 		ctsio->residual = 0;
9084 		ctsio->kern_data_len = alloc_len;
9085 		ctsio->kern_total_len = alloc_len;
9086 	}
9087 	ctsio->kern_data_resid = 0;
9088 	ctsio->kern_rel_offset = 0;
9089 	ctsio->kern_sg_entries = 0;
9090 
9091 	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9092 	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
9093 	desc1 = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9094 		sizeof(struct scsi_vpd_id_t10) + CTL_DEVID_LEN);
9095 	desc2 = (struct scsi_vpd_id_descriptor *)(&desc1->identifier[0] +
9096 	          CTL_WWPN_LEN);
9097 	desc3 = (struct scsi_vpd_id_descriptor *)(&desc2->identifier[0] +
9098 	         sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9099 	memset(devid_ptr, 0, devid_len);
9100 
9101 	/*
9102 	 * The control device is always connected.  The disk device, on the
9103 	 * other hand, may not be online all the time.
9104 	 */
9105 	if (lun != NULL)
9106 		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9107 				     lun->be_lun->lun_type;
9108 	else
9109 		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9110 
9111 	devid_ptr->page_code = SVPD_DEVICE_ID;
9112 
9113 	scsi_ulto2b(devid_len - 4, devid_ptr->length);
9114 
9115 	mtx_lock(&ctl_softc->ctl_lock);
9116 
9117 	fe = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9118 
9119 	/*
9120 	 * For Fibre channel,
9121 	 */
9122 	if (fe->port_type == CTL_PORT_FC)
9123 	{
9124 		desc->proto_codeset = (SCSI_PROTO_FC << 4) |
9125 				      SVPD_ID_CODESET_ASCII;
9126         	desc1->proto_codeset = (SCSI_PROTO_FC << 4) |
9127 		              SVPD_ID_CODESET_BINARY;
9128 	}
9129 	else
9130 	{
9131 		desc->proto_codeset = (SCSI_PROTO_SPI << 4) |
9132 				      SVPD_ID_CODESET_ASCII;
9133         	desc1->proto_codeset = (SCSI_PROTO_SPI << 4) |
9134 		              SVPD_ID_CODESET_BINARY;
9135 	}
9136 	desc2->proto_codeset = desc3->proto_codeset = desc1->proto_codeset;
9137 	mtx_unlock(&ctl_softc->ctl_lock);
9138 
9139 	/*
9140 	 * We're using a LUN association here.  i.e., this device ID is a
9141 	 * per-LUN identifier.
9142 	 */
9143 	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
9144 	desc->length = sizeof(*t10id) + CTL_DEVID_LEN;
9145 	strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
9146 
9147 	/*
9148 	 * desc1 is for the WWPN which is a port asscociation.
9149 	 */
9150 	desc1->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT | SVPD_ID_TYPE_NAA;
9151 	desc1->length = CTL_WWPN_LEN;
9152 	/* XXX Call Reggie's get_WWNN func here then add port # to the end */
9153 	/* For testing just create the WWPN */
9154 #if 0
9155 	ddb_GetWWNN((char *)desc1->identifier);
9156 
9157 	/* NOTE: if the port is 0 or 8 we don't want to subtract 1 */
9158 	/* This is so Copancontrol will return something sane */
9159 	if (ctsio->io_hdr.nexus.targ_port!=0 &&
9160 	    ctsio->io_hdr.nexus.targ_port!=8)
9161 		desc1->identifier[7] += ctsio->io_hdr.nexus.targ_port-1;
9162 	else
9163 		desc1->identifier[7] += ctsio->io_hdr.nexus.targ_port;
9164 #endif
9165 
9166 	be64enc(desc1->identifier, fe->wwpn);
9167 
9168 	/*
9169 	 * desc2 is for the Relative Target Port(type 4h) identifier
9170 	 */
9171 	desc2->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT
9172 	                 | SVPD_ID_TYPE_RELTARG;
9173 	desc2->length = 4;
9174 //#if 0
9175 	/* NOTE: if the port is 0 or 8 we don't want to subtract 1 */
9176 	/* This is so Copancontrol will return something sane */
9177 	if (ctsio->io_hdr.nexus.targ_port!=0 &&
9178 	    ctsio->io_hdr.nexus.targ_port!=8)
9179 		desc2->identifier[3] = ctsio->io_hdr.nexus.targ_port - 1;
9180 	else
9181 	        desc2->identifier[3] = ctsio->io_hdr.nexus.targ_port;
9182 //#endif
9183 
9184 	/*
9185 	 * desc3 is for the Target Port Group(type 5h) identifier
9186 	 */
9187 	desc3->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT
9188 	                 | SVPD_ID_TYPE_TPORTGRP;
9189 	desc3->length = 4;
9190 	if (ctsio->io_hdr.nexus.targ_port < CTL_MAX_PORTS || ctl_is_single)
9191 		desc3->identifier[3] = 1;
9192 	else
9193 		desc3->identifier[3] = 2;
9194 
9195 #ifdef CTL_USE_BACKEND_SN
9196 	/*
9197 	 * If we've actually got a backend, copy the device id from the
9198 	 * per-LUN data.  Otherwise, set it to all spaces.
9199 	 */
9200 	if (lun != NULL) {
9201 		/*
9202 		 * Copy the backend's LUN ID.
9203 		 */
9204 		strncpy((char *)t10id->vendor_spec_id,
9205 			(char *)lun->be_lun->device_id, CTL_DEVID_LEN);
9206 	} else {
9207 		/*
9208 		 * No backend, set this to spaces.
9209 		 */
9210 		memset(t10id->vendor_spec_id, 0x20, CTL_DEVID_LEN);
9211 	}
9212 #else
9213 	snprintf(tmpstr, sizeof(tmpstr), "MYDEVICEIDIS%4d",
9214 		 (lun != NULL) ?  (int)lun->lun : 0);
9215 	strncpy(t10id->vendor_spec_id, tmpstr, ctl_min(CTL_DEVID_LEN,
9216 		sizeof(tmpstr)));
9217 #endif
9218 
9219 	ctsio->scsi_status = SCSI_STATUS_OK;
9220 
9221 	ctsio->be_move_done = ctl_config_move_done;
9222 	ctl_datamove((union ctl_io *)ctsio);
9223 
9224 	return (CTL_RETVAL_COMPLETE);
9225 }
9226 
9227 static int
9228 ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9229 {
9230 	struct scsi_inquiry *cdb;
9231 	int alloc_len, retval;
9232 
9233 	cdb = (struct scsi_inquiry *)ctsio->cdb;
9234 
9235 	retval = CTL_RETVAL_COMPLETE;
9236 
9237 	alloc_len = scsi_2btoul(cdb->length);
9238 
9239 	switch (cdb->page_code) {
9240 	case SVPD_SUPPORTED_PAGES:
9241 		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9242 		break;
9243 	case SVPD_UNIT_SERIAL_NUMBER:
9244 		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9245 		break;
9246 	case SVPD_DEVICE_ID:
9247 		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9248 		break;
9249 	default:
9250 		ctl_set_invalid_field(ctsio,
9251 				      /*sks_valid*/ 1,
9252 				      /*command*/ 1,
9253 				      /*field*/ 2,
9254 				      /*bit_valid*/ 0,
9255 				      /*bit*/ 0);
9256 		ctl_done((union ctl_io *)ctsio);
9257 		retval = CTL_RETVAL_COMPLETE;
9258 		break;
9259 	}
9260 
9261 	return (retval);
9262 }
9263 
9264 static int
9265 ctl_inquiry_std(struct ctl_scsiio *ctsio)
9266 {
9267 	struct scsi_inquiry_data *inq_ptr;
9268 	struct scsi_inquiry *cdb;
9269 	struct ctl_softc *ctl_softc;
9270 	struct ctl_lun *lun;
9271 	uint32_t alloc_len;
9272 	int is_fc;
9273 
9274 	ctl_softc = control_softc;
9275 
9276 	/*
9277 	 * Figure out whether we're talking to a Fibre Channel port or not.
9278 	 * We treat the ioctl front end, and any SCSI adapters, as packetized
9279 	 * SCSI front ends.
9280 	 */
9281 	mtx_lock(&ctl_softc->ctl_lock);
9282 	if (ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type !=
9283 	    CTL_PORT_FC)
9284 		is_fc = 0;
9285 	else
9286 		is_fc = 1;
9287 	mtx_unlock(&ctl_softc->ctl_lock);
9288 
9289 	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9290 	cdb = (struct scsi_inquiry *)ctsio->cdb;
9291 	alloc_len = scsi_2btoul(cdb->length);
9292 
9293 	/*
9294 	 * We malloc the full inquiry data size here and fill it
9295 	 * in.  If the user only asks for less, we'll give him
9296 	 * that much.
9297 	 */
9298 	/* XXX KDM what malloc flags should we use here?? */
9299 	ctsio->kern_data_ptr = malloc(sizeof(*inq_ptr), M_CTL, M_WAITOK);
9300 	if (ctsio->kern_data_ptr == NULL) {
9301 		ctsio->io_hdr.status = CTL_SCSI_ERROR;
9302 		ctsio->scsi_status = SCSI_STATUS_BUSY;
9303 		ctl_done((union ctl_io *)ctsio);
9304 		return (CTL_RETVAL_COMPLETE);
9305 	}
9306 	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
9307 	ctsio->kern_sg_entries = 0;
9308 	ctsio->kern_data_resid = 0;
9309 	ctsio->kern_rel_offset = 0;
9310 
9311 	if (sizeof(*inq_ptr) < alloc_len) {
9312 		ctsio->residual = alloc_len - sizeof(*inq_ptr);
9313 		ctsio->kern_data_len = sizeof(*inq_ptr);
9314 		ctsio->kern_total_len = sizeof(*inq_ptr);
9315 	} else {
9316 		ctsio->residual = 0;
9317 		ctsio->kern_data_len = alloc_len;
9318 		ctsio->kern_total_len = alloc_len;
9319 	}
9320 
9321 	memset(inq_ptr, 0, sizeof(*inq_ptr));
9322 
9323 	/*
9324 	 * If we have a LUN configured, report it as connected.  Otherwise,
9325 	 * report that it is offline or no device is supported, depending
9326 	 * on the value of inquiry_pq_no_lun.
9327 	 *
9328 	 * According to the spec (SPC-4 r34), the peripheral qualifier
9329 	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
9330 	 *
9331 	 * "A peripheral device having the specified peripheral device type
9332 	 * is not connected to this logical unit. However, the device
9333 	 * server is capable of supporting the specified peripheral device
9334 	 * type on this logical unit."
9335 	 *
9336 	 * According to the same spec, the peripheral qualifier
9337 	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
9338 	 *
9339 	 * "The device server is not capable of supporting a peripheral
9340 	 * device on this logical unit. For this peripheral qualifier the
9341 	 * peripheral device type shall be set to 1Fh. All other peripheral
9342 	 * device type values are reserved for this peripheral qualifier."
9343 	 *
9344 	 * Given the text, it would seem that we probably want to report that
9345 	 * the LUN is offline here.  There is no LUN connected, but we can
9346 	 * support a LUN at the given LUN number.
9347 	 *
9348 	 * In the real world, though, it sounds like things are a little
9349 	 * different:
9350 	 *
9351 	 * - Linux, when presented with a LUN with the offline peripheral
9352 	 *   qualifier, will create an sg driver instance for it.  So when
9353 	 *   you attach it to CTL, you wind up with a ton of sg driver
9354 	 *   instances.  (One for every LUN that Linux bothered to probe.)
9355 	 *   Linux does this despite the fact that it issues a REPORT LUNs
9356 	 *   to LUN 0 to get the inventory of supported LUNs.
9357 	 *
9358 	 * - There is other anecdotal evidence (from Emulex folks) about
9359 	 *   arrays that use the offline peripheral qualifier for LUNs that
9360 	 *   are on the "passive" path in an active/passive array.
9361 	 *
9362 	 * So the solution is provide a hopefully reasonable default
9363 	 * (return bad/no LUN) and allow the user to change the behavior
9364 	 * with a tunable/sysctl variable.
9365 	 */
9366 	if (lun != NULL)
9367 		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9368 				  lun->be_lun->lun_type;
9369 	else if (ctl_softc->inquiry_pq_no_lun == 0)
9370 		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9371 	else
9372 		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
9373 
9374 	/* RMB in byte 2 is 0 */
9375 	inq_ptr->version = SCSI_REV_SPC3;
9376 
9377 	/*
9378 	 * According to SAM-3, even if a device only supports a single
9379 	 * level of LUN addressing, it should still set the HISUP bit:
9380 	 *
9381 	 * 4.9.1 Logical unit numbers overview
9382 	 *
9383 	 * All logical unit number formats described in this standard are
9384 	 * hierarchical in structure even when only a single level in that
9385 	 * hierarchy is used. The HISUP bit shall be set to one in the
9386 	 * standard INQUIRY data (see SPC-2) when any logical unit number
9387 	 * format described in this standard is used.  Non-hierarchical
9388 	 * formats are outside the scope of this standard.
9389 	 *
9390 	 * Therefore we set the HiSup bit here.
9391 	 *
9392 	 * The reponse format is 2, per SPC-3.
9393 	 */
9394 	inq_ptr->response_format = SID_HiSup | 2;
9395 
9396 	inq_ptr->additional_length = sizeof(*inq_ptr) - 4;
9397 	CTL_DEBUG_PRINT(("additional_length = %d\n",
9398 			 inq_ptr->additional_length));
9399 
9400 	inq_ptr->spc3_flags = SPC3_SID_TPGS_IMPLICIT;
9401 	/* 16 bit addressing */
9402 	if (is_fc == 0)
9403 		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
9404 	/* XXX set the SID_MultiP bit here if we're actually going to
9405 	   respond on multiple ports */
9406 	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
9407 
9408 	/* 16 bit data bus, synchronous transfers */
9409 	/* XXX these flags don't apply for FC */
9410 	if (is_fc == 0)
9411 		inq_ptr->flags = SID_WBus16 | SID_Sync;
9412 	/*
9413 	 * XXX KDM do we want to support tagged queueing on the control
9414 	 * device at all?
9415 	 */
9416 	if ((lun == NULL)
9417 	 || (lun->be_lun->lun_type != T_PROCESSOR))
9418 		inq_ptr->flags |= SID_CmdQue;
9419 	/*
9420 	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
9421 	 * We have 8 bytes for the vendor name, and 16 bytes for the device
9422 	 * name and 4 bytes for the revision.
9423 	 */
9424 	strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
9425 	if (lun == NULL) {
9426 		strcpy(inq_ptr->product, CTL_DIRECT_PRODUCT);
9427 	} else {
9428 		switch (lun->be_lun->lun_type) {
9429 		case T_DIRECT:
9430 			strcpy(inq_ptr->product, CTL_DIRECT_PRODUCT);
9431 			break;
9432 		case T_PROCESSOR:
9433 			strcpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT);
9434 			break;
9435 		default:
9436 			strcpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT);
9437 			break;
9438 		}
9439 	}
9440 
9441 	/*
9442 	 * XXX make this a macro somewhere so it automatically gets
9443 	 * incremented when we make changes.
9444 	 */
9445 	strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
9446 
9447 	/*
9448 	 * For parallel SCSI, we support double transition and single
9449 	 * transition clocking.  We also support QAS (Quick Arbitration
9450 	 * and Selection) and Information Unit transfers on both the
9451 	 * control and array devices.
9452 	 */
9453 	if (is_fc == 0)
9454 		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
9455 				    SID_SPI_IUS;
9456 
9457 	/* SAM-3 */
9458 	scsi_ulto2b(0x0060, inq_ptr->version1);
9459 	/* SPC-3 (no version claimed) XXX should we claim a version? */
9460 	scsi_ulto2b(0x0300, inq_ptr->version2);
9461 	if (is_fc) {
9462 		/* FCP-2 ANSI INCITS.350:2003 */
9463 		scsi_ulto2b(0x0917, inq_ptr->version3);
9464 	} else {
9465 		/* SPI-4 ANSI INCITS.362:200x */
9466 		scsi_ulto2b(0x0B56, inq_ptr->version3);
9467 	}
9468 
9469 	if (lun == NULL) {
9470 		/* SBC-2 (no version claimed) XXX should we claim a version? */
9471 		scsi_ulto2b(0x0320, inq_ptr->version4);
9472 	} else {
9473 		switch (lun->be_lun->lun_type) {
9474 		case T_DIRECT:
9475 			/*
9476 			 * SBC-2 (no version claimed) XXX should we claim a
9477 			 * version?
9478 			 */
9479 			scsi_ulto2b(0x0320, inq_ptr->version4);
9480 			break;
9481 		case T_PROCESSOR:
9482 		default:
9483 			break;
9484 		}
9485 	}
9486 
9487 	ctsio->scsi_status = SCSI_STATUS_OK;
9488 	if (ctsio->kern_data_len > 0) {
9489 		ctsio->be_move_done = ctl_config_move_done;
9490 		ctl_datamove((union ctl_io *)ctsio);
9491 	} else {
9492 		ctsio->io_hdr.status = CTL_SUCCESS;
9493 		ctl_done((union ctl_io *)ctsio);
9494 	}
9495 
9496 	return (CTL_RETVAL_COMPLETE);
9497 }
9498 
9499 int
9500 ctl_inquiry(struct ctl_scsiio *ctsio)
9501 {
9502 	struct scsi_inquiry *cdb;
9503 	int retval;
9504 
9505 	cdb = (struct scsi_inquiry *)ctsio->cdb;
9506 
9507 	retval = 0;
9508 
9509 	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
9510 
9511 	/*
9512 	 * Right now, we don't support the CmdDt inquiry information.
9513 	 * This would be nice to support in the future.  When we do
9514 	 * support it, we should change this test so that it checks to make
9515 	 * sure SI_EVPD and SI_CMDDT aren't both set at the same time.
9516 	 */
9517 #ifdef notyet
9518 	if (((cdb->byte2 & SI_EVPD)
9519 	 && (cdb->byte2 & SI_CMDDT)))
9520 #endif
9521 	if (cdb->byte2 & SI_CMDDT) {
9522 		/*
9523 		 * Point to the SI_CMDDT bit.  We might change this
9524 		 * when we support SI_CMDDT, but since both bits would be
9525 		 * "wrong", this should probably just stay as-is then.
9526 		 */
9527 		ctl_set_invalid_field(ctsio,
9528 				      /*sks_valid*/ 1,
9529 				      /*command*/ 1,
9530 				      /*field*/ 1,
9531 				      /*bit_valid*/ 1,
9532 				      /*bit*/ 1);
9533 		ctl_done((union ctl_io *)ctsio);
9534 		return (CTL_RETVAL_COMPLETE);
9535 	}
9536 	if (cdb->byte2 & SI_EVPD)
9537 		retval = ctl_inquiry_evpd(ctsio);
9538 #ifdef notyet
9539 	else if (cdb->byte2 & SI_CMDDT)
9540 		retval = ctl_inquiry_cmddt(ctsio);
9541 #endif
9542 	else
9543 		retval = ctl_inquiry_std(ctsio);
9544 
9545 	return (retval);
9546 }
9547 
9548 /*
9549  * For known CDB types, parse the LBA and length.
9550  */
9551 static int
9552 ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint32_t *len)
9553 {
9554 	if (io->io_hdr.io_type != CTL_IO_SCSI)
9555 		return (1);
9556 
9557 	switch (io->scsiio.cdb[0]) {
9558 	case READ_6:
9559 	case WRITE_6: {
9560 		struct scsi_rw_6 *cdb;
9561 
9562 		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
9563 
9564 		*lba = scsi_3btoul(cdb->addr);
9565 		/* only 5 bits are valid in the most significant address byte */
9566 		*lba &= 0x1fffff;
9567 		*len = cdb->length;
9568 		break;
9569 	}
9570 	case READ_10:
9571 	case WRITE_10: {
9572 		struct scsi_rw_10 *cdb;
9573 
9574 		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
9575 
9576 		*lba = scsi_4btoul(cdb->addr);
9577 		*len = scsi_2btoul(cdb->length);
9578 		break;
9579 	}
9580 	case WRITE_VERIFY_10: {
9581 		struct scsi_write_verify_10 *cdb;
9582 
9583 		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
9584 
9585 		*lba = scsi_4btoul(cdb->addr);
9586 		*len = scsi_2btoul(cdb->length);
9587 		break;
9588 	}
9589 	case READ_12:
9590 	case WRITE_12: {
9591 		struct scsi_rw_12 *cdb;
9592 
9593 		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
9594 
9595 		*lba = scsi_4btoul(cdb->addr);
9596 		*len = scsi_4btoul(cdb->length);
9597 		break;
9598 	}
9599 	case WRITE_VERIFY_12: {
9600 		struct scsi_write_verify_12 *cdb;
9601 
9602 		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
9603 
9604 		*lba = scsi_4btoul(cdb->addr);
9605 		*len = scsi_4btoul(cdb->length);
9606 		break;
9607 	}
9608 	case READ_16:
9609 	case WRITE_16: {
9610 		struct scsi_rw_16 *cdb;
9611 
9612 		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
9613 
9614 		*lba = scsi_8btou64(cdb->addr);
9615 		*len = scsi_4btoul(cdb->length);
9616 		break;
9617 	}
9618 	case WRITE_VERIFY_16: {
9619 		struct scsi_write_verify_16 *cdb;
9620 
9621 		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
9622 
9623 
9624 		*lba = scsi_8btou64(cdb->addr);
9625 		*len = scsi_4btoul(cdb->length);
9626 		break;
9627 	}
9628 	default:
9629 		return (1);
9630 		break; /* NOTREACHED */
9631 	}
9632 
9633 	return (0);
9634 }
9635 
9636 static ctl_action
9637 ctl_extent_check_lba(uint64_t lba1, uint32_t len1, uint64_t lba2, uint32_t len2)
9638 {
9639 	uint64_t endlba1, endlba2;
9640 
9641 	endlba1 = lba1 + len1 - 1;
9642 	endlba2 = lba2 + len2 - 1;
9643 
9644 	if ((endlba1 < lba2)
9645 	 || (endlba2 < lba1))
9646 		return (CTL_ACTION_PASS);
9647 	else
9648 		return (CTL_ACTION_BLOCK);
9649 }
9650 
9651 static ctl_action
9652 ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
9653 {
9654 	uint64_t lba1, lba2;
9655 	uint32_t len1, len2;
9656 	int retval;
9657 
9658 	retval = ctl_get_lba_len(io1, &lba1, &len1);
9659 	if (retval != 0)
9660 		return (CTL_ACTION_ERROR);
9661 
9662 	retval = ctl_get_lba_len(io2, &lba2, &len2);
9663 	if (retval != 0)
9664 		return (CTL_ACTION_ERROR);
9665 
9666 	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
9667 }
9668 
9669 static ctl_action
9670 ctl_check_for_blockage(union ctl_io *pending_io, union ctl_io *ooa_io)
9671 {
9672 	struct ctl_cmd_entry *pending_entry, *ooa_entry;
9673 	ctl_serialize_action *serialize_row;
9674 
9675 	/*
9676 	 * The initiator attempted multiple untagged commands at the same
9677 	 * time.  Can't do that.
9678 	 */
9679 	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
9680 	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
9681 	 && ((pending_io->io_hdr.nexus.targ_port ==
9682 	      ooa_io->io_hdr.nexus.targ_port)
9683 	  && (pending_io->io_hdr.nexus.initid.id ==
9684 	      ooa_io->io_hdr.nexus.initid.id))
9685 	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
9686 		return (CTL_ACTION_OVERLAP);
9687 
9688 	/*
9689 	 * The initiator attempted to send multiple tagged commands with
9690 	 * the same ID.  (It's fine if different initiators have the same
9691 	 * tag ID.)
9692 	 *
9693 	 * Even if all of those conditions are true, we don't kill the I/O
9694 	 * if the command ahead of us has been aborted.  We won't end up
9695 	 * sending it to the FETD, and it's perfectly legal to resend a
9696 	 * command with the same tag number as long as the previous
9697 	 * instance of this tag number has been aborted somehow.
9698 	 */
9699 	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
9700 	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
9701 	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
9702 	 && ((pending_io->io_hdr.nexus.targ_port ==
9703 	      ooa_io->io_hdr.nexus.targ_port)
9704 	  && (pending_io->io_hdr.nexus.initid.id ==
9705 	      ooa_io->io_hdr.nexus.initid.id))
9706 	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
9707 		return (CTL_ACTION_OVERLAP_TAG);
9708 
9709 	/*
9710 	 * If we get a head of queue tag, SAM-3 says that we should
9711 	 * immediately execute it.
9712 	 *
9713 	 * What happens if this command would normally block for some other
9714 	 * reason?  e.g. a request sense with a head of queue tag
9715 	 * immediately after a write.  Normally that would block, but this
9716 	 * will result in its getting executed immediately...
9717 	 *
9718 	 * We currently return "pass" instead of "skip", so we'll end up
9719 	 * going through the rest of the queue to check for overlapped tags.
9720 	 *
9721 	 * XXX KDM check for other types of blockage first??
9722 	 */
9723 	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
9724 		return (CTL_ACTION_PASS);
9725 
9726 	/*
9727 	 * Ordered tags have to block until all items ahead of them
9728 	 * have completed.  If we get called with an ordered tag, we always
9729 	 * block, if something else is ahead of us in the queue.
9730 	 */
9731 	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
9732 		return (CTL_ACTION_BLOCK);
9733 
9734 	/*
9735 	 * Simple tags get blocked until all head of queue and ordered tags
9736 	 * ahead of them have completed.  I'm lumping untagged commands in
9737 	 * with simple tags here.  XXX KDM is that the right thing to do?
9738 	 */
9739 	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
9740 	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
9741 	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
9742 	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
9743 		return (CTL_ACTION_BLOCK);
9744 
9745 	pending_entry = &ctl_cmd_table[pending_io->scsiio.cdb[0]];
9746 	ooa_entry = &ctl_cmd_table[ooa_io->scsiio.cdb[0]];
9747 
9748 	serialize_row = ctl_serialize_table[ooa_entry->seridx];
9749 
9750 	switch (serialize_row[pending_entry->seridx]) {
9751 	case CTL_SER_BLOCK:
9752 		return (CTL_ACTION_BLOCK);
9753 		break; /* NOTREACHED */
9754 	case CTL_SER_EXTENT:
9755 		return (ctl_extent_check(pending_io, ooa_io));
9756 		break; /* NOTREACHED */
9757 	case CTL_SER_PASS:
9758 		return (CTL_ACTION_PASS);
9759 		break; /* NOTREACHED */
9760 	case CTL_SER_SKIP:
9761 		return (CTL_ACTION_SKIP);
9762 		break;
9763 	default:
9764 		panic("invalid serialization value %d",
9765 		      serialize_row[pending_entry->seridx]);
9766 		break; /* NOTREACHED */
9767 	}
9768 
9769 	return (CTL_ACTION_ERROR);
9770 }
9771 
9772 /*
9773  * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
9774  * Assumptions:
9775  * - caller holds ctl_lock
9776  * - pending_io is generally either incoming, or on the blocked queue
9777  * - starting I/O is the I/O we want to start the check with.
9778  */
9779 static ctl_action
9780 ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
9781 	      union ctl_io *starting_io)
9782 {
9783 	union ctl_io *ooa_io;
9784 	ctl_action action;
9785 
9786 	/*
9787 	 * Run back along the OOA queue, starting with the current
9788 	 * blocked I/O and going through every I/O before it on the
9789 	 * queue.  If starting_io is NULL, we'll just end up returning
9790 	 * CTL_ACTION_PASS.
9791 	 */
9792 	for (ooa_io = starting_io; ooa_io != NULL;
9793 	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
9794 	     ooa_links)){
9795 
9796 		/*
9797 		 * This routine just checks to see whether
9798 		 * cur_blocked is blocked by ooa_io, which is ahead
9799 		 * of it in the queue.  It doesn't queue/dequeue
9800 		 * cur_blocked.
9801 		 */
9802 		action = ctl_check_for_blockage(pending_io, ooa_io);
9803 		switch (action) {
9804 		case CTL_ACTION_BLOCK:
9805 		case CTL_ACTION_OVERLAP:
9806 		case CTL_ACTION_OVERLAP_TAG:
9807 		case CTL_ACTION_SKIP:
9808 		case CTL_ACTION_ERROR:
9809 			return (action);
9810 			break; /* NOTREACHED */
9811 		case CTL_ACTION_PASS:
9812 			break;
9813 		default:
9814 			panic("invalid action %d", action);
9815 			break;  /* NOTREACHED */
9816 		}
9817 	}
9818 
9819 	return (CTL_ACTION_PASS);
9820 }
9821 
9822 /*
9823  * Assumptions:
9824  * - An I/O has just completed, and has been removed from the per-LUN OOA
9825  *   queue, so some items on the blocked queue may now be unblocked.
9826  * - The caller holds ctl_softc->ctl_lock
9827  */
9828 static int
9829 ctl_check_blocked(struct ctl_lun *lun)
9830 {
9831 	union ctl_io *cur_blocked, *next_blocked;
9832 
9833 	/*
9834 	 * Run forward from the head of the blocked queue, checking each
9835 	 * entry against the I/Os prior to it on the OOA queue to see if
9836 	 * there is still any blockage.
9837 	 *
9838 	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
9839 	 * with our removing a variable on it while it is traversing the
9840 	 * list.
9841 	 */
9842 	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
9843 	     cur_blocked != NULL; cur_blocked = next_blocked) {
9844 		union ctl_io *prev_ooa;
9845 		ctl_action action;
9846 
9847 		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
9848 							  blocked_links);
9849 
9850 		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
9851 						      ctl_ooaq, ooa_links);
9852 
9853 		/*
9854 		 * If cur_blocked happens to be the first item in the OOA
9855 		 * queue now, prev_ooa will be NULL, and the action
9856 		 * returned will just be CTL_ACTION_PASS.
9857 		 */
9858 		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
9859 
9860 		switch (action) {
9861 		case CTL_ACTION_BLOCK:
9862 			/* Nothing to do here, still blocked */
9863 			break;
9864 		case CTL_ACTION_OVERLAP:
9865 		case CTL_ACTION_OVERLAP_TAG:
9866 			/*
9867 			 * This shouldn't happen!  In theory we've already
9868 			 * checked this command for overlap...
9869 			 */
9870 			break;
9871 		case CTL_ACTION_PASS:
9872 		case CTL_ACTION_SKIP: {
9873 			struct ctl_softc *softc;
9874 			struct ctl_cmd_entry *entry;
9875 			uint32_t initidx;
9876 			uint8_t opcode;
9877 			int isc_retval;
9878 
9879 			/*
9880 			 * The skip case shouldn't happen, this transaction
9881 			 * should have never made it onto the blocked queue.
9882 			 */
9883 			/*
9884 			 * This I/O is no longer blocked, we can remove it
9885 			 * from the blocked queue.  Since this is a TAILQ
9886 			 * (doubly linked list), we can do O(1) removals
9887 			 * from any place on the list.
9888 			 */
9889 			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
9890 				     blocked_links);
9891 			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
9892 
9893 			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
9894 				/*
9895 				 * Need to send IO back to original side to
9896 				 * run
9897 				 */
9898 				union ctl_ha_msg msg_info;
9899 
9900 				msg_info.hdr.original_sc =
9901 					cur_blocked->io_hdr.original_sc;
9902 				msg_info.hdr.serializing_sc = cur_blocked;
9903 				msg_info.hdr.msg_type = CTL_MSG_R2R;
9904 				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
9905 				     &msg_info, sizeof(msg_info), 0)) >
9906 				     CTL_HA_STATUS_SUCCESS) {
9907 					printf("CTL:Check Blocked error from "
9908 					       "ctl_ha_msg_send %d\n",
9909 					       isc_retval);
9910 				}
9911 				break;
9912 			}
9913 			opcode = cur_blocked->scsiio.cdb[0];
9914 			entry = &ctl_cmd_table[opcode];
9915 			softc = control_softc;
9916 
9917 			initidx = ctl_get_initindex(&cur_blocked->io_hdr.nexus);
9918 
9919 			/*
9920 			 * Check this I/O for LUN state changes that may
9921 			 * have happened while this command was blocked.
9922 			 * The LUN state may have been changed by a command
9923 			 * ahead of us in the queue, so we need to re-check
9924 			 * for any states that can be caused by SCSI
9925 			 * commands.
9926 			 */
9927 			if (ctl_scsiio_lun_check(softc, lun, entry,
9928 						 &cur_blocked->scsiio) == 0) {
9929 				cur_blocked->io_hdr.flags |=
9930 				                      CTL_FLAG_IS_WAS_ON_RTR;
9931 				STAILQ_INSERT_TAIL(&lun->ctl_softc->rtr_queue,
9932 						   &cur_blocked->io_hdr, links);
9933 				/*
9934 				 * In the non CTL_DONE_THREAD case, we need
9935 				 * to wake up the work thread here.  When
9936 				 * we're processing completed requests from
9937 				 * the work thread context, we'll pop back
9938 				 * around and end up pulling things off the
9939 				 * RtR queue.  When we aren't processing
9940 				 * things from the work thread context,
9941 				 * though, we won't ever check the RtR queue.
9942 				 * So we need to wake up the thread to clear
9943 				 * things off the queue.  Otherwise this
9944 				 * transaction will just sit on the RtR queue
9945 				 * until a new I/O comes in.  (Which may or
9946 				 * may not happen...)
9947 				 */
9948 #ifndef CTL_DONE_THREAD
9949 				ctl_wakeup_thread();
9950 #endif
9951 			} else
9952 				ctl_done_lock(cur_blocked, /*have_lock*/ 1);
9953 			break;
9954 		}
9955 		default:
9956 			/*
9957 			 * This probably shouldn't happen -- we shouldn't
9958 			 * get CTL_ACTION_ERROR, or anything else.
9959 			 */
9960 			break;
9961 		}
9962 	}
9963 
9964 	return (CTL_RETVAL_COMPLETE);
9965 }
9966 
9967 /*
9968  * This routine (with one exception) checks LUN flags that can be set by
9969  * commands ahead of us in the OOA queue.  These flags have to be checked
9970  * when a command initially comes in, and when we pull a command off the
9971  * blocked queue and are preparing to execute it.  The reason we have to
9972  * check these flags for commands on the blocked queue is that the LUN
9973  * state may have been changed by a command ahead of us while we're on the
9974  * blocked queue.
9975  *
9976  * Ordering is somewhat important with these checks, so please pay
9977  * careful attention to the placement of any new checks.
9978  */
9979 static int
9980 ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
9981 		     struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
9982 {
9983 	int retval;
9984 
9985 	retval = 0;
9986 
9987 	/*
9988 	 * If this shelf is a secondary shelf controller, we have to reject
9989 	 * any media access commands.
9990 	 */
9991 #if 0
9992 	/* No longer needed for HA */
9993 	if (((ctl_softc->flags & CTL_FLAG_MASTER_SHELF) == 0)
9994 	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0)) {
9995 		ctl_set_lun_standby(ctsio);
9996 		retval = 1;
9997 		goto bailout;
9998 	}
9999 #endif
10000 
10001 	/*
10002 	 * Check for a reservation conflict.  If this command isn't allowed
10003 	 * even on reserved LUNs, and if this initiator isn't the one who
10004 	 * reserved us, reject the command with a reservation conflict.
10005 	 */
10006 	if ((lun->flags & CTL_LUN_RESERVED)
10007 	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10008 		if ((ctsio->io_hdr.nexus.initid.id != lun->rsv_nexus.initid.id)
10009 		 || (ctsio->io_hdr.nexus.targ_port != lun->rsv_nexus.targ_port)
10010 		 || (ctsio->io_hdr.nexus.targ_target.id !=
10011 		     lun->rsv_nexus.targ_target.id)) {
10012 			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
10013 			ctsio->io_hdr.status = CTL_SCSI_ERROR;
10014 			retval = 1;
10015 			goto bailout;
10016 		}
10017 	}
10018 
10019 	if ( (lun->flags & CTL_LUN_PR_RESERVED)
10020 	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV) == 0)) {
10021 		uint32_t residx;
10022 
10023 		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
10024 		/*
10025 		 * if we aren't registered or it's a res holder type
10026 		 * reservation and this isn't the res holder then set a
10027 		 * conflict.
10028 		 * NOTE: Commands which might be allowed on write exclusive
10029 		 * type reservations are checked in the particular command
10030 		 * for a conflict. Read and SSU are the only ones.
10031 		 */
10032 		if (!lun->per_res[residx].registered
10033 		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10034 			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
10035 			ctsio->io_hdr.status = CTL_SCSI_ERROR;
10036 			retval = 1;
10037 			goto bailout;
10038 		}
10039 
10040 	}
10041 
10042 	if ((lun->flags & CTL_LUN_OFFLINE)
10043 	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
10044 		ctl_set_lun_not_ready(ctsio);
10045 		retval = 1;
10046 		goto bailout;
10047 	}
10048 
10049 	/*
10050 	 * If the LUN is stopped, see if this particular command is allowed
10051 	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
10052 	 */
10053 	if ((lun->flags & CTL_LUN_STOPPED)
10054 	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10055 		/* "Logical unit not ready, initializing cmd. required" */
10056 		ctl_set_lun_stopped(ctsio);
10057 		retval = 1;
10058 		goto bailout;
10059 	}
10060 
10061 	if ((lun->flags & CTL_LUN_INOPERABLE)
10062 	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10063 		/* "Medium format corrupted" */
10064 		ctl_set_medium_format_corrupted(ctsio);
10065 		retval = 1;
10066 		goto bailout;
10067 	}
10068 
10069 bailout:
10070 	return (retval);
10071 
10072 }
10073 
10074 static void
10075 ctl_failover_io(union ctl_io *io, int have_lock)
10076 {
10077 	ctl_set_busy(&io->scsiio);
10078 	ctl_done_lock(io, have_lock);
10079 }
10080 
10081 static void
10082 ctl_failover(void)
10083 {
10084 	struct ctl_lun *lun;
10085 	struct ctl_softc *ctl_softc;
10086 	union ctl_io *next_io, *pending_io;
10087 	union ctl_io *io;
10088 	int lun_idx;
10089 	int i;
10090 
10091 	ctl_softc = control_softc;
10092 
10093 	mtx_lock(&ctl_softc->ctl_lock);
10094 	/*
10095 	 * Remove any cmds from the other SC from the rtr queue.  These
10096 	 * will obviously only be for LUNs for which we're the primary.
10097 	 * We can't send status or get/send data for these commands.
10098 	 * Since they haven't been executed yet, we can just remove them.
10099 	 * We'll either abort them or delete them below, depending on
10100 	 * which HA mode we're in.
10101 	 */
10102 	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
10103 	     io != NULL; io = next_io) {
10104 		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
10105 		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
10106 			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
10107 				      ctl_io_hdr, links);
10108 	}
10109 
10110 	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
10111 		lun = ctl_softc->ctl_luns[lun_idx];
10112 		if (lun==NULL)
10113 			continue;
10114 
10115 		/*
10116 		 * Processor LUNs are primary on both sides.
10117 		 * XXX will this always be true?
10118 		 */
10119 		if (lun->be_lun->lun_type == T_PROCESSOR)
10120 			continue;
10121 
10122 		if ((lun->flags & CTL_LUN_PRIMARY_SC)
10123 		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
10124 			printf("FAILOVER: primary lun %d\n", lun_idx);
10125 		        /*
10126 			 * Remove all commands from the other SC. First from the
10127 			 * blocked queue then from the ooa queue. Once we have
10128 			 * removed them. Call ctl_check_blocked to see if there
10129 			 * is anything that can run.
10130 			 */
10131 			for (io = (union ctl_io *)TAILQ_FIRST(
10132 			     &lun->blocked_queue); io != NULL; io = next_io) {
10133 
10134 		        	next_io = (union ctl_io *)TAILQ_NEXT(
10135 				    &io->io_hdr, blocked_links);
10136 
10137 				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
10138 					TAILQ_REMOVE(&lun->blocked_queue,
10139 						     &io->io_hdr,blocked_links);
10140 					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10141 					TAILQ_REMOVE(&lun->ooa_queue,
10142 						     &io->io_hdr, ooa_links);
10143 
10144 					ctl_free_io_internal(io, 1);
10145 				}
10146 			}
10147 
10148 			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
10149 	     		     io != NULL; io = next_io) {
10150 
10151 		        	next_io = (union ctl_io *)TAILQ_NEXT(
10152 				    &io->io_hdr, ooa_links);
10153 
10154 				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
10155 
10156 					TAILQ_REMOVE(&lun->ooa_queue,
10157 						&io->io_hdr,
10158 					     	ooa_links);
10159 
10160 					ctl_free_io_internal(io, 1);
10161 				}
10162 			}
10163 			ctl_check_blocked(lun);
10164 		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
10165 			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
10166 
10167 			printf("FAILOVER: primary lun %d\n", lun_idx);
10168 			/*
10169 			 * Abort all commands from the other SC.  We can't
10170 			 * send status back for them now.  These should get
10171 			 * cleaned up when they are completed or come out
10172 			 * for a datamove operation.
10173 			 */
10174 			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
10175 	     		     io != NULL; io = next_io) {
10176 		        	next_io = (union ctl_io *)TAILQ_NEXT(
10177 					&io->io_hdr, ooa_links);
10178 
10179 				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
10180 					io->io_hdr.flags |= CTL_FLAG_ABORT;
10181 			}
10182 		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
10183 			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
10184 
10185 			printf("FAILOVER: secondary lun %d\n", lun_idx);
10186 
10187 			lun->flags |= CTL_LUN_PRIMARY_SC;
10188 
10189 			/*
10190 			 * We send all I/O that was sent to this controller
10191 			 * and redirected to the other side back with
10192 			 * busy status, and have the initiator retry it.
10193 			 * Figuring out how much data has been transferred,
10194 			 * etc. and picking up where we left off would be
10195 			 * very tricky.
10196 			 *
10197 			 * XXX KDM need to remove I/O from the blocked
10198 			 * queue as well!
10199 			 */
10200 			for (pending_io = (union ctl_io *)TAILQ_FIRST(
10201 			     &lun->ooa_queue); pending_io != NULL;
10202 			     pending_io = next_io) {
10203 
10204 				next_io =  (union ctl_io *)TAILQ_NEXT(
10205 					&pending_io->io_hdr, ooa_links);
10206 
10207 				pending_io->io_hdr.flags &=
10208 					~CTL_FLAG_SENT_2OTHER_SC;
10209 
10210 				if (pending_io->io_hdr.flags &
10211 				    CTL_FLAG_IO_ACTIVE) {
10212 					pending_io->io_hdr.flags |=
10213 						CTL_FLAG_FAILOVER;
10214 				} else {
10215 					ctl_set_busy(&pending_io->scsiio);
10216 					ctl_done_lock(pending_io,
10217 						      /*have_lock*/1);
10218 				}
10219 			}
10220 
10221 			/*
10222 			 * Build Unit Attention
10223 			 */
10224 			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
10225 				lun->pending_sense[i].ua_pending |=
10226 				                     CTL_UA_ASYM_ACC_CHANGE;
10227 			}
10228 		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
10229 			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
10230 			printf("FAILOVER: secondary lun %d\n", lun_idx);
10231 			/*
10232 			 * if the first io on the OOA is not on the RtR queue
10233 			 * add it.
10234 			 */
10235 			lun->flags |= CTL_LUN_PRIMARY_SC;
10236 
10237 			pending_io = (union ctl_io *)TAILQ_FIRST(
10238 			    &lun->ooa_queue);
10239 			if (pending_io==NULL) {
10240 				printf("Nothing on OOA queue\n");
10241 				continue;
10242 			}
10243 
10244 			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10245 			if ((pending_io->io_hdr.flags &
10246 			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
10247 				pending_io->io_hdr.flags |=
10248 				    CTL_FLAG_IS_WAS_ON_RTR;
10249 				STAILQ_INSERT_TAIL(&ctl_softc->rtr_queue,
10250 						   &pending_io->io_hdr, links);
10251 			}
10252 #if 0
10253 			else
10254 			{
10255 				printf("Tag 0x%04x is running\n",
10256 				      pending_io->scsiio.tag_num);
10257 			}
10258 #endif
10259 
10260 			next_io = (union ctl_io *)TAILQ_NEXT(
10261 			    &pending_io->io_hdr, ooa_links);
10262 			for (pending_io=next_io; pending_io != NULL;
10263 			     pending_io = next_io) {
10264 				pending_io->io_hdr.flags &=
10265 				    ~CTL_FLAG_SENT_2OTHER_SC;
10266 				next_io = (union ctl_io *)TAILQ_NEXT(
10267 					&pending_io->io_hdr, ooa_links);
10268 				if (pending_io->io_hdr.flags &
10269 				    CTL_FLAG_IS_WAS_ON_RTR) {
10270 #if 0
10271 				        printf("Tag 0x%04x is running\n",
10272 				      		pending_io->scsiio.tag_num);
10273 #endif
10274 					continue;
10275 				}
10276 
10277 				switch (ctl_check_ooa(lun, pending_io,
10278 			            (union ctl_io *)TAILQ_PREV(
10279 				    &pending_io->io_hdr, ctl_ooaq,
10280 				    ooa_links))) {
10281 
10282 				case CTL_ACTION_BLOCK:
10283 					TAILQ_INSERT_TAIL(&lun->blocked_queue,
10284 							  &pending_io->io_hdr,
10285 							  blocked_links);
10286 					pending_io->io_hdr.flags |=
10287 					    CTL_FLAG_BLOCKED;
10288 					break;
10289 				case CTL_ACTION_PASS:
10290 				case CTL_ACTION_SKIP:
10291 					pending_io->io_hdr.flags |=
10292 					    CTL_FLAG_IS_WAS_ON_RTR;
10293 					STAILQ_INSERT_TAIL(
10294 					    &ctl_softc->rtr_queue,
10295 					    &pending_io->io_hdr, links);
10296 					break;
10297 				case CTL_ACTION_OVERLAP:
10298 					ctl_set_overlapped_cmd(
10299 					    (struct ctl_scsiio *)pending_io);
10300 					ctl_done_lock(pending_io,
10301 						      /*have_lock*/ 1);
10302 					break;
10303 				case CTL_ACTION_OVERLAP_TAG:
10304 					ctl_set_overlapped_tag(
10305 					    (struct ctl_scsiio *)pending_io,
10306 					    pending_io->scsiio.tag_num & 0xff);
10307 					ctl_done_lock(pending_io,
10308 						      /*have_lock*/ 1);
10309 					break;
10310 				case CTL_ACTION_ERROR:
10311 				default:
10312 					ctl_set_internal_failure(
10313 						(struct ctl_scsiio *)pending_io,
10314 						0,  // sks_valid
10315 						0); //retry count
10316 					ctl_done_lock(pending_io,
10317 						      /*have_lock*/ 1);
10318 					break;
10319 				}
10320 			}
10321 
10322 			/*
10323 			 * Build Unit Attention
10324 			 */
10325 			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
10326 				lun->pending_sense[i].ua_pending |=
10327 				                     CTL_UA_ASYM_ACC_CHANGE;
10328 			}
10329 		} else {
10330 			panic("Unhandled HA mode failover, LUN flags = %#x, "
10331 			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
10332 		}
10333 	}
10334 	ctl_pause_rtr = 0;
10335 	mtx_unlock(&ctl_softc->ctl_lock);
10336 }
10337 
10338 static int
10339 ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
10340 {
10341 	struct ctl_lun *lun;
10342 	struct ctl_cmd_entry *entry;
10343 	uint8_t opcode;
10344 	uint32_t initidx;
10345 	int retval;
10346 
10347 	retval = 0;
10348 
10349 	lun = NULL;
10350 
10351 	opcode = ctsio->cdb[0];
10352 
10353 	mtx_lock(&ctl_softc->ctl_lock);
10354 
10355 	if ((ctsio->io_hdr.nexus.targ_lun < CTL_MAX_LUNS)
10356 	 && (ctl_softc->ctl_luns[ctsio->io_hdr.nexus.targ_lun] != NULL)) {
10357 		lun = ctl_softc->ctl_luns[ctsio->io_hdr.nexus.targ_lun];
10358 		/*
10359 		 * If the LUN is invalid, pretend that it doesn't exist.
10360 		 * It will go away as soon as all pending I/O has been
10361 		 * completed.
10362 		 */
10363 		if (lun->flags & CTL_LUN_DISABLED) {
10364 			lun = NULL;
10365 		} else {
10366 			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
10367 			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
10368 				lun->be_lun;
10369 			if (lun->be_lun->lun_type == T_PROCESSOR) {
10370 				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
10371 			}
10372 		}
10373 	} else {
10374 		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
10375 		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
10376 	}
10377 
10378 	entry = &ctl_cmd_table[opcode];
10379 
10380 	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
10381 	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
10382 
10383 	/*
10384 	 * Check to see whether we can send this command to LUNs that don't
10385 	 * exist.  This should pretty much only be the case for inquiry
10386 	 * and request sense.  Further checks, below, really require having
10387 	 * a LUN, so we can't really check the command anymore.  Just put
10388 	 * it on the rtr queue.
10389 	 */
10390 	if (lun == NULL) {
10391 		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS)
10392 			goto queue_rtr;
10393 
10394 		ctl_set_unsupported_lun(ctsio);
10395 		mtx_unlock(&ctl_softc->ctl_lock);
10396 		ctl_done((union ctl_io *)ctsio);
10397 		goto bailout;
10398 	} else {
10399 		/*
10400 		 * Every I/O goes into the OOA queue for a particular LUN, and
10401 		 * stays there until completion.
10402 		 */
10403 		TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
10404 
10405 		/*
10406 		 * Make sure we support this particular command on this LUN.
10407 		 * e.g., we don't support writes to the control LUN.
10408 		 */
10409 		switch (lun->be_lun->lun_type) {
10410 		case T_PROCESSOR:
10411 		 	if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
10412 			 && ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS)
10413 			      == 0)) {
10414 				ctl_set_invalid_opcode(ctsio);
10415 				mtx_unlock(&ctl_softc->ctl_lock);
10416 				ctl_done((union ctl_io *)ctsio);
10417 				goto bailout;
10418 			}
10419 			break;
10420 		case T_DIRECT:
10421 			if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
10422 			 && ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS)
10423 			      == 0)){
10424 				ctl_set_invalid_opcode(ctsio);
10425 				mtx_unlock(&ctl_softc->ctl_lock);
10426 				ctl_done((union ctl_io *)ctsio);
10427 				goto bailout;
10428 			}
10429 			break;
10430 		default:
10431 			printf("Unsupported CTL LUN type %d\n",
10432 			       lun->be_lun->lun_type);
10433 			panic("Unsupported CTL LUN type %d\n",
10434 			      lun->be_lun->lun_type);
10435 			break; /* NOTREACHED */
10436 		}
10437 	}
10438 
10439 	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10440 
10441 	/*
10442 	 * If we've got a request sense, it'll clear the contingent
10443 	 * allegiance condition.  Otherwise, if we have a CA condition for
10444 	 * this initiator, clear it, because it sent down a command other
10445 	 * than request sense.
10446 	 */
10447 	if ((opcode != REQUEST_SENSE)
10448 	 && (ctl_is_set(lun->have_ca, initidx)))
10449 		ctl_clear_mask(lun->have_ca, initidx);
10450 
10451 	/*
10452 	 * If the command has this flag set, it handles its own unit
10453 	 * attention reporting, we shouldn't do anything.  Otherwise we
10454 	 * check for any pending unit attentions, and send them back to the
10455 	 * initiator.  We only do this when a command initially comes in,
10456 	 * not when we pull it off the blocked queue.
10457 	 *
10458 	 * According to SAM-3, section 5.3.2, the order that things get
10459 	 * presented back to the host is basically unit attentions caused
10460 	 * by some sort of reset event, busy status, reservation conflicts
10461 	 * or task set full, and finally any other status.
10462 	 *
10463 	 * One issue here is that some of the unit attentions we report
10464 	 * don't fall into the "reset" category (e.g. "reported luns data
10465 	 * has changed").  So reporting it here, before the reservation
10466 	 * check, may be technically wrong.  I guess the only thing to do
10467 	 * would be to check for and report the reset events here, and then
10468 	 * check for the other unit attention types after we check for a
10469 	 * reservation conflict.
10470 	 *
10471 	 * XXX KDM need to fix this
10472 	 */
10473 	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
10474 		ctl_ua_type ua_type;
10475 
10476 		ua_type = lun->pending_sense[initidx].ua_pending;
10477 		if (ua_type != CTL_UA_NONE) {
10478 			scsi_sense_data_type sense_format;
10479 
10480 			if (lun != NULL)
10481 				sense_format = (lun->flags &
10482 				    CTL_LUN_SENSE_DESC) ? SSD_TYPE_DESC :
10483 				    SSD_TYPE_FIXED;
10484 			else
10485 				sense_format = SSD_TYPE_FIXED;
10486 
10487 			ua_type = ctl_build_ua(ua_type, &ctsio->sense_data,
10488 					       sense_format);
10489 			if (ua_type != CTL_UA_NONE) {
10490 				ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
10491 				ctsio->io_hdr.status = CTL_SCSI_ERROR |
10492 						       CTL_AUTOSENSE;
10493 				ctsio->sense_len = SSD_FULL_SIZE;
10494 				lun->pending_sense[initidx].ua_pending &=
10495 					~ua_type;
10496 				mtx_unlock(&ctl_softc->ctl_lock);
10497 				ctl_done((union ctl_io *)ctsio);
10498 				goto bailout;
10499 			}
10500 		}
10501 	}
10502 
10503 
10504 	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
10505 		mtx_unlock(&ctl_softc->ctl_lock);
10506 		ctl_done((union ctl_io *)ctsio);
10507 		goto bailout;
10508 	}
10509 
10510 	/*
10511 	 * XXX CHD this is where we want to send IO to other side if
10512 	 * this LUN is secondary on this SC. We will need to make a copy
10513 	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
10514 	 * the copy we send as FROM_OTHER.
10515 	 * We also need to stuff the address of the original IO so we can
10516 	 * find it easily. Something similar will need be done on the other
10517 	 * side so when we are done we can find the copy.
10518 	 */
10519 	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10520 		union ctl_ha_msg msg_info;
10521 		int isc_retval;
10522 
10523 		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
10524 
10525 		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
10526 		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
10527 #if 0
10528 		printf("1. ctsio %p\n", ctsio);
10529 #endif
10530 		msg_info.hdr.serializing_sc = NULL;
10531 		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
10532 		msg_info.scsi.tag_num = ctsio->tag_num;
10533 		msg_info.scsi.tag_type = ctsio->tag_type;
10534 		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
10535 
10536 		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10537 
10538 		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
10539 		    (void *)&msg_info, sizeof(msg_info), 0)) >
10540 		    CTL_HA_STATUS_SUCCESS) {
10541 			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
10542 			       isc_retval);
10543 			printf("CTL:opcode is %x\n",opcode);
10544 		} else {
10545 #if 0
10546 			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
10547 #endif
10548 		}
10549 
10550 		/*
10551 		 * XXX KDM this I/O is off the incoming queue, but hasn't
10552 		 * been inserted on any other queue.  We may need to come
10553 		 * up with a holding queue while we wait for serialization
10554 		 * so that we have an idea of what we're waiting for from
10555 		 * the other side.
10556 		 */
10557 		goto bailout_unlock;
10558 	}
10559 
10560 	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
10561 			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
10562 			      ctl_ooaq, ooa_links))) {
10563 	case CTL_ACTION_BLOCK:
10564 		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
10565 		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
10566 				  blocked_links);
10567 		goto bailout_unlock;
10568 		break; /* NOTREACHED */
10569 	case CTL_ACTION_PASS:
10570 	case CTL_ACTION_SKIP:
10571 		goto queue_rtr;
10572 		break; /* NOTREACHED */
10573 	case CTL_ACTION_OVERLAP:
10574 		ctl_set_overlapped_cmd(ctsio);
10575 		mtx_unlock(&ctl_softc->ctl_lock);
10576 		ctl_done((union ctl_io *)ctsio);
10577 		goto bailout;
10578 		break; /* NOTREACHED */
10579 	case CTL_ACTION_OVERLAP_TAG:
10580 		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
10581 		mtx_unlock(&ctl_softc->ctl_lock);
10582 		ctl_done((union ctl_io *)ctsio);
10583 		goto bailout;
10584 		break; /* NOTREACHED */
10585 	case CTL_ACTION_ERROR:
10586 	default:
10587 		ctl_set_internal_failure(ctsio,
10588 					 /*sks_valid*/ 0,
10589 					 /*retry_count*/ 0);
10590 		mtx_unlock(&ctl_softc->ctl_lock);
10591 		ctl_done((union ctl_io *)ctsio);
10592 		goto bailout;
10593 		break; /* NOTREACHED */
10594 	}
10595 
10596 	goto bailout_unlock;
10597 
10598 queue_rtr:
10599 	ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
10600 	STAILQ_INSERT_TAIL(&ctl_softc->rtr_queue, &ctsio->io_hdr, links);
10601 
10602 bailout_unlock:
10603 	mtx_unlock(&ctl_softc->ctl_lock);
10604 
10605 bailout:
10606 	return (retval);
10607 }
10608 
10609 static int
10610 ctl_scsiio(struct ctl_scsiio *ctsio)
10611 {
10612 	int retval;
10613 	struct ctl_cmd_entry *entry;
10614 
10615 	retval = CTL_RETVAL_COMPLETE;
10616 
10617 	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
10618 
10619 	entry = &ctl_cmd_table[ctsio->cdb[0]];
10620 
10621 	/*
10622 	 * If this I/O has been aborted, just send it straight to
10623 	 * ctl_done() without executing it.
10624 	 */
10625 	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
10626 		ctl_done((union ctl_io *)ctsio);
10627 		goto bailout;
10628 	}
10629 
10630 	/*
10631 	 * All the checks should have been handled by ctl_scsiio_precheck().
10632 	 * We should be clear now to just execute the I/O.
10633 	 */
10634 	retval = entry->execute(ctsio);
10635 
10636 bailout:
10637 	return (retval);
10638 }
10639 
10640 /*
10641  * Since we only implement one target right now, a bus reset simply resets
10642  * our single target.
10643  */
10644 static int
10645 ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
10646 {
10647 	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
10648 }
10649 
10650 static int
10651 ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
10652 		 ctl_ua_type ua_type)
10653 {
10654 	struct ctl_lun *lun;
10655 	int retval;
10656 
10657 	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
10658 		union ctl_ha_msg msg_info;
10659 
10660 		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
10661 		msg_info.hdr.nexus = io->io_hdr.nexus;
10662 		if (ua_type==CTL_UA_TARG_RESET)
10663 			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
10664 		else
10665 			msg_info.task.task_action = CTL_TASK_BUS_RESET;
10666 		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
10667 		msg_info.hdr.original_sc = NULL;
10668 		msg_info.hdr.serializing_sc = NULL;
10669 		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
10670 		    (void *)&msg_info, sizeof(msg_info), 0)) {
10671 		}
10672 	}
10673 	retval = 0;
10674 
10675 	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
10676 		retval += ctl_lun_reset(lun, io, ua_type);
10677 
10678 	return (retval);
10679 }
10680 
10681 /*
10682  * The LUN should always be set.  The I/O is optional, and is used to
10683  * distinguish between I/Os sent by this initiator, and by other
10684  * initiators.  We set unit attention for initiators other than this one.
10685  * SAM-3 is vague on this point.  It does say that a unit attention should
10686  * be established for other initiators when a LUN is reset (see section
10687  * 5.7.3), but it doesn't specifically say that the unit attention should
10688  * be established for this particular initiator when a LUN is reset.  Here
10689  * is the relevant text, from SAM-3 rev 8:
10690  *
10691  * 5.7.2 When a SCSI initiator port aborts its own tasks
10692  *
10693  * When a SCSI initiator port causes its own task(s) to be aborted, no
10694  * notification that the task(s) have been aborted shall be returned to
10695  * the SCSI initiator port other than the completion response for the
10696  * command or task management function action that caused the task(s) to
10697  * be aborted and notification(s) associated with related effects of the
10698  * action (e.g., a reset unit attention condition).
10699  *
10700  * XXX KDM for now, we're setting unit attention for all initiators.
10701  */
10702 static int
10703 ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
10704 {
10705 	union ctl_io *xio;
10706 #if 0
10707 	uint32_t initindex;
10708 #endif
10709 	int i;
10710 
10711 	/*
10712 	 * Run through the OOA queue and abort each I/O.
10713 	 */
10714 #if 0
10715 	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
10716 #endif
10717 	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
10718 	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
10719 		xio->io_hdr.flags |= CTL_FLAG_ABORT;
10720 	}
10721 
10722 	/*
10723 	 * This version sets unit attention for every
10724 	 */
10725 #if 0
10726 	initindex = ctl_get_initindex(&io->io_hdr.nexus);
10727 	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
10728 		if (initindex == i)
10729 			continue;
10730 		lun->pending_sense[i].ua_pending |= ua_type;
10731 	}
10732 #endif
10733 
10734 	/*
10735 	 * A reset (any kind, really) clears reservations established with
10736 	 * RESERVE/RELEASE.  It does not clear reservations established
10737 	 * with PERSISTENT RESERVE OUT, but we don't support that at the
10738 	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
10739 	 * reservations made with the RESERVE/RELEASE commands, because
10740 	 * those commands are obsolete in SPC-3.
10741 	 */
10742 	lun->flags &= ~CTL_LUN_RESERVED;
10743 
10744 	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
10745 		ctl_clear_mask(lun->have_ca, i);
10746 		lun->pending_sense[i].ua_pending |= ua_type;
10747 	}
10748 
10749 	return (0);
10750 }
10751 
10752 static int
10753 ctl_abort_task(union ctl_io *io)
10754 {
10755 	union ctl_io *xio;
10756 	struct ctl_lun *lun;
10757 	struct ctl_softc *ctl_softc;
10758 #if 0
10759 	struct sbuf sb;
10760 	char printbuf[128];
10761 #endif
10762 	int found;
10763 
10764 	ctl_softc = control_softc;
10765 	found = 0;
10766 
10767 	/*
10768 	 * Look up the LUN.
10769 	 */
10770 	if ((io->io_hdr.nexus.targ_lun < CTL_MAX_LUNS)
10771 	 && (ctl_softc->ctl_luns[io->io_hdr.nexus.targ_lun] != NULL))
10772 		lun = ctl_softc->ctl_luns[io->io_hdr.nexus.targ_lun];
10773 	else
10774 		goto bailout;
10775 
10776 #if 0
10777 	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
10778 	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
10779 #endif
10780 
10781 	/*
10782 	 * Run through the OOA queue and attempt to find the given I/O.
10783 	 * The target port, initiator ID, tag type and tag number have to
10784 	 * match the values that we got from the initiator.  If we have an
10785 	 * untagged command to abort, simply abort the first untagged command
10786 	 * we come to.  We only allow one untagged command at a time of course.
10787 	 */
10788 #if 0
10789 	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
10790 #endif
10791 	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
10792 	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
10793 #if 0
10794 		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
10795 
10796 		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
10797 			    lun->lun, xio->scsiio.tag_num,
10798 			    xio->scsiio.tag_type,
10799 			    (xio->io_hdr.blocked_links.tqe_prev
10800 			    == NULL) ? "" : " BLOCKED",
10801 			    (xio->io_hdr.flags &
10802 			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
10803 			    (xio->io_hdr.flags &
10804 			    CTL_FLAG_ABORT) ? " ABORT" : ""),
10805 			    (xio->io_hdr.flags &
10806 			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : "");
10807 		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
10808 		sbuf_finish(&sb);
10809 		printf("%s\n", sbuf_data(&sb));
10810 #endif
10811 
10812 		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
10813 		 && (xio->io_hdr.nexus.initid.id ==
10814 		     io->io_hdr.nexus.initid.id)) {
10815 			/*
10816 			 * If the abort says that the task is untagged, the
10817 			 * task in the queue must be untagged.  Otherwise,
10818 			 * we just check to see whether the tag numbers
10819 			 * match.  This is because the QLogic firmware
10820 			 * doesn't pass back the tag type in an abort
10821 			 * request.
10822 			 */
10823 #if 0
10824 			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
10825 			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
10826 			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
10827 #endif
10828 			/*
10829 			 * XXX KDM we've got problems with FC, because it
10830 			 * doesn't send down a tag type with aborts.  So we
10831 			 * can only really go by the tag number...
10832 			 * This may cause problems with parallel SCSI.
10833 			 * Need to figure that out!!
10834 			 */
10835 			if (xio->scsiio.tag_num == io->taskio.tag_num) {
10836 				xio->io_hdr.flags |= CTL_FLAG_ABORT;
10837 				found = 1;
10838 				if ((io->io_hdr.flags &
10839 				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
10840 				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
10841 					union ctl_ha_msg msg_info;
10842 
10843 					io->io_hdr.flags |=
10844 					                CTL_FLAG_SENT_2OTHER_SC;
10845 					msg_info.hdr.nexus = io->io_hdr.nexus;
10846 					msg_info.task.task_action =
10847 						CTL_TASK_ABORT_TASK;
10848 					msg_info.task.tag_num =
10849 						io->taskio.tag_num;
10850 					msg_info.task.tag_type =
10851 						io->taskio.tag_type;
10852 					msg_info.hdr.msg_type =
10853 						CTL_MSG_MANAGE_TASKS;
10854 					msg_info.hdr.original_sc = NULL;
10855 					msg_info.hdr.serializing_sc = NULL;
10856 #if 0
10857 					printf("Sent Abort to other side\n");
10858 #endif
10859 					if (CTL_HA_STATUS_SUCCESS !=
10860 					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
10861 		    				(void *)&msg_info,
10862 						sizeof(msg_info), 0)) {
10863 					}
10864 				}
10865 #if 0
10866 				printf("ctl_abort_task: found I/O to abort\n");
10867 #endif
10868 				break;
10869 			}
10870 		}
10871 	}
10872 
10873 bailout:
10874 
10875 	if (found == 0) {
10876 		/*
10877 		 * This isn't really an error.  It's entirely possible for
10878 		 * the abort and command completion to cross on the wire.
10879 		 * This is more of an informative/diagnostic error.
10880 		 */
10881 #if 0
10882 		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
10883 		       "%d:%d:%d:%d tag %d type %d\n",
10884 		       io->io_hdr.nexus.initid.id,
10885 		       io->io_hdr.nexus.targ_port,
10886 		       io->io_hdr.nexus.targ_target.id,
10887 		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
10888 		       io->taskio.tag_type);
10889 #endif
10890 		return (1);
10891 	} else
10892 		return (0);
10893 }
10894 
10895 /*
10896  * Assumptions:  caller holds ctl_softc->ctl_lock
10897  *
10898  * This routine cannot block!  It must be callable from an interrupt
10899  * handler as well as from the work thread.
10900  */
10901 static void
10902 ctl_run_task_queue(struct ctl_softc *ctl_softc)
10903 {
10904 	union ctl_io *io, *next_io;
10905 
10906 	CTL_DEBUG_PRINT(("ctl_run_task_queue\n"));
10907 
10908 	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->task_queue);
10909 	     io != NULL; io = next_io) {
10910 		int retval;
10911 		const char *task_desc;
10912 
10913 		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
10914 
10915 		retval = 0;
10916 
10917 		switch (io->io_hdr.io_type) {
10918 		case CTL_IO_TASK: {
10919 			task_desc = ctl_scsi_task_string(&io->taskio);
10920 			if (task_desc != NULL) {
10921 #ifdef NEEDTOPORT
10922 				csevent_log(CSC_CTL | CSC_SHELF_SW |
10923 					    CTL_TASK_REPORT,
10924 					    csevent_LogType_Trace,
10925 					    csevent_Severity_Information,
10926 					    csevent_AlertLevel_Green,
10927 					    csevent_FRU_Firmware,
10928 					    csevent_FRU_Unknown,
10929 					    "CTL: received task: %s",task_desc);
10930 #endif
10931 			} else {
10932 #ifdef NEEDTOPORT
10933 				csevent_log(CSC_CTL | CSC_SHELF_SW |
10934 					    CTL_TASK_REPORT,
10935 					    csevent_LogType_Trace,
10936 					    csevent_Severity_Information,
10937 					    csevent_AlertLevel_Green,
10938 					    csevent_FRU_Firmware,
10939 					    csevent_FRU_Unknown,
10940 					    "CTL: received unknown task "
10941 					    "type: %d (%#x)",
10942 					    io->taskio.task_action,
10943 					    io->taskio.task_action);
10944 #endif
10945 			}
10946 			switch (io->taskio.task_action) {
10947 			case CTL_TASK_ABORT_TASK:
10948 				retval = ctl_abort_task(io);
10949 				break;
10950 			case CTL_TASK_ABORT_TASK_SET:
10951 				break;
10952 			case CTL_TASK_CLEAR_ACA:
10953 				break;
10954 			case CTL_TASK_CLEAR_TASK_SET:
10955 				break;
10956 			case CTL_TASK_LUN_RESET: {
10957 				struct ctl_lun *lun;
10958 				uint32_t targ_lun;
10959 				int retval;
10960 
10961 				targ_lun = io->io_hdr.nexus.targ_lun;
10962 
10963 				if ((targ_lun < CTL_MAX_LUNS)
10964 				 && (ctl_softc->ctl_luns[targ_lun] != NULL))
10965 					lun = ctl_softc->ctl_luns[targ_lun];
10966 				else {
10967 					retval = 1;
10968 					break;
10969 				}
10970 
10971 				if (!(io->io_hdr.flags &
10972 				    CTL_FLAG_FROM_OTHER_SC)) {
10973 					union ctl_ha_msg msg_info;
10974 
10975 					io->io_hdr.flags |=
10976 						CTL_FLAG_SENT_2OTHER_SC;
10977 					msg_info.hdr.msg_type =
10978 						CTL_MSG_MANAGE_TASKS;
10979 					msg_info.hdr.nexus = io->io_hdr.nexus;
10980 					msg_info.task.task_action =
10981 						CTL_TASK_LUN_RESET;
10982 					msg_info.hdr.original_sc = NULL;
10983 					msg_info.hdr.serializing_sc = NULL;
10984 					if (CTL_HA_STATUS_SUCCESS !=
10985 					    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
10986 					    (void *)&msg_info,
10987 					    sizeof(msg_info), 0)) {
10988 					}
10989 				}
10990 
10991 				retval = ctl_lun_reset(lun, io,
10992 						       CTL_UA_LUN_RESET);
10993 				break;
10994 			}
10995 			case CTL_TASK_TARGET_RESET:
10996 				retval = ctl_target_reset(ctl_softc, io,
10997 							  CTL_UA_TARG_RESET);
10998 				break;
10999 			case CTL_TASK_BUS_RESET:
11000 				retval = ctl_bus_reset(ctl_softc, io);
11001 				break;
11002 			case CTL_TASK_PORT_LOGIN:
11003 				break;
11004 			case CTL_TASK_PORT_LOGOUT:
11005 				break;
11006 			default:
11007 				printf("ctl_run_task_queue: got unknown task "
11008 				       "management event %d\n",
11009 				       io->taskio.task_action);
11010 				break;
11011 			}
11012 			if (retval == 0)
11013 				io->io_hdr.status = CTL_SUCCESS;
11014 			else
11015 				io->io_hdr.status = CTL_ERROR;
11016 
11017 			STAILQ_REMOVE(&ctl_softc->task_queue, &io->io_hdr,
11018 				      ctl_io_hdr, links);
11019 			/*
11020 			 * This will queue this I/O to the done queue, but the
11021 			 * work thread won't be able to process it until we
11022 			 * return and the lock is released.
11023 			 */
11024 			ctl_done_lock(io, /*have_lock*/ 1);
11025 			break;
11026 		}
11027 		default: {
11028 
11029 			printf("%s: invalid I/O type %d msg %d cdb %x"
11030 			       " iptl: %ju:%d:%ju:%d tag 0x%04x\n",
11031 			       __func__, io->io_hdr.io_type,
11032 			       io->io_hdr.msg_type, io->scsiio.cdb[0],
11033 			       (uintmax_t)io->io_hdr.nexus.initid.id,
11034 			       io->io_hdr.nexus.targ_port,
11035 			       (uintmax_t)io->io_hdr.nexus.targ_target.id,
11036 			       io->io_hdr.nexus.targ_lun,
11037 			       (io->io_hdr.io_type == CTL_IO_TASK) ?
11038 			       io->taskio.tag_num : io->scsiio.tag_num);
11039 			STAILQ_REMOVE(&ctl_softc->task_queue, &io->io_hdr,
11040 				      ctl_io_hdr, links);
11041 			ctl_free_io_internal(io, 1);
11042 			break;
11043 		}
11044 		}
11045 	}
11046 
11047 	ctl_softc->flags &= ~CTL_FLAG_TASK_PENDING;
11048 }
11049 
11050 /*
11051  * For HA operation.  Handle commands that come in from the other
11052  * controller.
11053  */
11054 static void
11055 ctl_handle_isc(union ctl_io *io)
11056 {
11057 	int free_io;
11058 	struct ctl_lun *lun;
11059 	struct ctl_softc *ctl_softc;
11060 
11061 	ctl_softc = control_softc;
11062 
11063 	lun = ctl_softc->ctl_luns[io->io_hdr.nexus.targ_lun];
11064 
11065 	switch (io->io_hdr.msg_type) {
11066 	case CTL_MSG_SERIALIZE:
11067 		free_io = ctl_serialize_other_sc_cmd(&io->scsiio,
11068 						     /*have_lock*/ 0);
11069 		break;
11070 	case CTL_MSG_R2R: {
11071 		uint8_t opcode;
11072 		struct ctl_cmd_entry *entry;
11073 
11074 		/*
11075 		 * This is only used in SER_ONLY mode.
11076 		 */
11077 		free_io = 0;
11078 		opcode = io->scsiio.cdb[0];
11079 		entry = &ctl_cmd_table[opcode];
11080 		mtx_lock(&ctl_softc->ctl_lock);
11081 		if (ctl_scsiio_lun_check(ctl_softc, lun,
11082 		    entry, (struct ctl_scsiio *)io) != 0) {
11083 			ctl_done_lock(io, /*have_lock*/ 1);
11084 			mtx_unlock(&ctl_softc->ctl_lock);
11085 			break;
11086 		}
11087 		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11088 		STAILQ_INSERT_TAIL(&ctl_softc->rtr_queue,
11089 				   &io->io_hdr, links);
11090 		mtx_unlock(&ctl_softc->ctl_lock);
11091 		break;
11092 	}
11093 	case CTL_MSG_FINISH_IO:
11094 		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
11095 			free_io = 0;
11096 			ctl_done_lock(io, /*have_lock*/ 0);
11097 		} else {
11098 			free_io = 1;
11099 			mtx_lock(&ctl_softc->ctl_lock);
11100 			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11101 				     ooa_links);
11102 			STAILQ_REMOVE(&ctl_softc->task_queue,
11103 				      &io->io_hdr, ctl_io_hdr, links);
11104 			ctl_check_blocked(lun);
11105 			mtx_unlock(&ctl_softc->ctl_lock);
11106 		}
11107 		break;
11108 	case CTL_MSG_PERS_ACTION:
11109 		ctl_hndl_per_res_out_on_other_sc(
11110 			(union ctl_ha_msg *)&io->presio.pr_msg);
11111 		free_io = 1;
11112 		break;
11113 	case CTL_MSG_BAD_JUJU:
11114 		free_io = 0;
11115 		ctl_done_lock(io, /*have_lock*/ 0);
11116 		break;
11117 	case CTL_MSG_DATAMOVE:
11118 		/* Only used in XFER mode */
11119 		free_io = 0;
11120 		ctl_datamove_remote(io);
11121 		break;
11122 	case CTL_MSG_DATAMOVE_DONE:
11123 		/* Only used in XFER mode */
11124 		free_io = 0;
11125 		io->scsiio.be_move_done(io);
11126 		break;
11127 	default:
11128 		free_io = 1;
11129 		printf("%s: Invalid message type %d\n",
11130 		       __func__, io->io_hdr.msg_type);
11131 		break;
11132 	}
11133 	if (free_io)
11134 		ctl_free_io_internal(io, 0);
11135 
11136 }
11137 
11138 
11139 /*
11140  * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11141  * there is no match.
11142  */
11143 static ctl_lun_error_pattern
11144 ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11145 {
11146 	struct ctl_cmd_entry *entry;
11147 	ctl_lun_error_pattern filtered_pattern, pattern;
11148 	uint8_t opcode;
11149 
11150 	pattern = desc->error_pattern;
11151 
11152 	/*
11153 	 * XXX KDM we need more data passed into this function to match a
11154 	 * custom pattern, and we actually need to implement custom pattern
11155 	 * matching.
11156 	 */
11157 	if (pattern & CTL_LUN_PAT_CMD)
11158 		return (CTL_LUN_PAT_CMD);
11159 
11160 	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11161 		return (CTL_LUN_PAT_ANY);
11162 
11163 	opcode = ctsio->cdb[0];
11164 	entry = &ctl_cmd_table[opcode];
11165 
11166 	filtered_pattern = entry->pattern & pattern;
11167 
11168 	/*
11169 	 * If the user requested specific flags in the pattern (e.g.
11170 	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11171 	 * flags.
11172 	 *
11173 	 * If the user did not specify any flags, it doesn't matter whether
11174 	 * or not the command supports the flags.
11175 	 */
11176 	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11177 	     (pattern & ~CTL_LUN_PAT_MASK))
11178 		return (CTL_LUN_PAT_NONE);
11179 
11180 	/*
11181 	 * If the user asked for a range check, see if the requested LBA
11182 	 * range overlaps with this command's LBA range.
11183 	 */
11184 	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
11185 		uint64_t lba1;
11186 		uint32_t len1;
11187 		ctl_action action;
11188 		int retval;
11189 
11190 		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
11191 		if (retval != 0)
11192 			return (CTL_LUN_PAT_NONE);
11193 
11194 		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
11195 					      desc->lba_range.len);
11196 		/*
11197 		 * A "pass" means that the LBA ranges don't overlap, so
11198 		 * this doesn't match the user's range criteria.
11199 		 */
11200 		if (action == CTL_ACTION_PASS)
11201 			return (CTL_LUN_PAT_NONE);
11202 	}
11203 
11204 	return (filtered_pattern);
11205 }
11206 
11207 /*
11208  * Called with the CTL lock held.
11209  */
11210 static void
11211 ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
11212 {
11213 	struct ctl_error_desc *desc, *desc2;
11214 
11215 	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
11216 		ctl_lun_error_pattern pattern;
11217 		/*
11218 		 * Check to see whether this particular command matches
11219 		 * the pattern in the descriptor.
11220 		 */
11221 		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
11222 		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
11223 			continue;
11224 
11225 		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
11226 		case CTL_LUN_INJ_ABORTED:
11227 			ctl_set_aborted(&io->scsiio);
11228 			break;
11229 		case CTL_LUN_INJ_MEDIUM_ERR:
11230 			ctl_set_medium_error(&io->scsiio);
11231 			break;
11232 		case CTL_LUN_INJ_UA:
11233 			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
11234 			 * OCCURRED */
11235 			ctl_set_ua(&io->scsiio, 0x29, 0x00);
11236 			break;
11237 		case CTL_LUN_INJ_CUSTOM:
11238 			/*
11239 			 * We're assuming the user knows what he is doing.
11240 			 * Just copy the sense information without doing
11241 			 * checks.
11242 			 */
11243 			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
11244 			      ctl_min(sizeof(desc->custom_sense),
11245 				      sizeof(io->scsiio.sense_data)));
11246 			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
11247 			io->scsiio.sense_len = SSD_FULL_SIZE;
11248 			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11249 			break;
11250 		case CTL_LUN_INJ_NONE:
11251 		default:
11252 			/*
11253 			 * If this is an error injection type we don't know
11254 			 * about, clear the continuous flag (if it is set)
11255 			 * so it will get deleted below.
11256 			 */
11257 			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
11258 			break;
11259 		}
11260 		/*
11261 		 * By default, each error injection action is a one-shot
11262 		 */
11263 		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
11264 			continue;
11265 
11266 		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
11267 
11268 		free(desc, M_CTL);
11269 	}
11270 }
11271 
11272 #ifdef CTL_IO_DELAY
11273 static void
11274 ctl_datamove_timer_wakeup(void *arg)
11275 {
11276 	union ctl_io *io;
11277 
11278 	io = (union ctl_io *)arg;
11279 
11280 	ctl_datamove(io);
11281 }
11282 #endif /* CTL_IO_DELAY */
11283 
11284 /*
11285  * Assumption:  caller does NOT hold ctl_lock
11286  */
11287 void
11288 ctl_datamove(union ctl_io *io)
11289 {
11290 	void (*fe_datamove)(union ctl_io *io);
11291 
11292 	CTL_DEBUG_PRINT(("ctl_datamove\n"));
11293 
11294 #ifdef CTL_TIME_IO
11295 	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
11296 		char str[256];
11297 		char path_str[64];
11298 		struct sbuf sb;
11299 
11300 		ctl_scsi_path_string(io, path_str, sizeof(path_str));
11301 		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
11302 
11303 		sbuf_cat(&sb, path_str);
11304 		switch (io->io_hdr.io_type) {
11305 		case CTL_IO_SCSI:
11306 			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
11307 			sbuf_printf(&sb, "\n");
11308 			sbuf_cat(&sb, path_str);
11309 			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
11310 				    io->scsiio.tag_num, io->scsiio.tag_type);
11311 			break;
11312 		case CTL_IO_TASK:
11313 			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
11314 				    "Tag Type: %d\n", io->taskio.task_action,
11315 				    io->taskio.tag_num, io->taskio.tag_type);
11316 			break;
11317 		default:
11318 			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
11319 			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
11320 			break;
11321 		}
11322 		sbuf_cat(&sb, path_str);
11323 		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
11324 			    (intmax_t)time_uptime - io->io_hdr.start_time);
11325 		sbuf_finish(&sb);
11326 		printf("%s", sbuf_data(&sb));
11327 	}
11328 #endif /* CTL_TIME_IO */
11329 
11330 	mtx_lock(&control_softc->ctl_lock);
11331 #ifdef CTL_IO_DELAY
11332 	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
11333 		struct ctl_lun *lun;
11334 
11335 		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
11336 
11337 		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
11338 	} else {
11339 		struct ctl_lun *lun;
11340 
11341 		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
11342 		if ((lun != NULL)
11343 		 && (lun->delay_info.datamove_delay > 0)) {
11344 			struct callout *callout;
11345 
11346 			callout = (struct callout *)&io->io_hdr.timer_bytes;
11347 			callout_init(callout, /*mpsafe*/ 1);
11348 			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
11349 			callout_reset(callout,
11350 				      lun->delay_info.datamove_delay * hz,
11351 				      ctl_datamove_timer_wakeup, io);
11352 			if (lun->delay_info.datamove_type ==
11353 			    CTL_DELAY_TYPE_ONESHOT)
11354 				lun->delay_info.datamove_delay = 0;
11355 			mtx_unlock(&control_softc->ctl_lock);
11356 			return;
11357 		}
11358 	}
11359 #endif
11360 	/*
11361 	 * If we have any pending task management commands, process them
11362 	 * first.  This is necessary to eliminate a race condition with the
11363 	 * FETD:
11364 	 *
11365 	 * - FETD submits a task management command, like an abort.
11366 	 * - Back end calls fe_datamove() to move the data for the aborted
11367 	 *   command.  The FETD can't really accept it, but if it did, it
11368 	 *   would end up transmitting data for a command that the initiator
11369 	 *   told us to abort.
11370 	 *
11371 	 * We close the race by processing all pending task management
11372 	 * commands here (we can't block!), and then check this I/O to see
11373 	 * if it has been aborted.  If so, return it to the back end with
11374 	 * bad status, so the back end can say return an error to the back end
11375 	 * and then when the back end returns an error, we can return the
11376 	 * aborted command to the FETD, so it can clean up its resources.
11377 	 */
11378 	if (control_softc->flags & CTL_FLAG_TASK_PENDING)
11379 		ctl_run_task_queue(control_softc);
11380 
11381 	/*
11382 	 * This command has been aborted.  Set the port status, so we fail
11383 	 * the data move.
11384 	 */
11385 	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
11386 		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
11387 		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
11388 		       io->io_hdr.nexus.targ_port,
11389 		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
11390 		       io->io_hdr.nexus.targ_lun);
11391 		io->io_hdr.status = CTL_CMD_ABORTED;
11392 		io->io_hdr.port_status = 31337;
11393 		mtx_unlock(&control_softc->ctl_lock);
11394 		/*
11395 		 * Note that the backend, in this case, will get the
11396 		 * callback in its context.  In other cases it may get
11397 		 * called in the frontend's interrupt thread context.
11398 		 */
11399 		io->scsiio.be_move_done(io);
11400 		return;
11401 	}
11402 
11403 	/*
11404 	 * If we're in XFER mode and this I/O is from the other shelf
11405 	 * controller, we need to send the DMA to the other side to
11406 	 * actually transfer the data to/from the host.  In serialize only
11407 	 * mode the transfer happens below CTL and ctl_datamove() is only
11408 	 * called on the machine that originally received the I/O.
11409 	 */
11410 	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
11411 	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11412 		union ctl_ha_msg msg;
11413 		uint32_t sg_entries_sent;
11414 		int do_sg_copy;
11415 		int i;
11416 
11417 		memset(&msg, 0, sizeof(msg));
11418 		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
11419 		msg.hdr.original_sc = io->io_hdr.original_sc;
11420 		msg.hdr.serializing_sc = io;
11421 		msg.hdr.nexus = io->io_hdr.nexus;
11422 		msg.dt.flags = io->io_hdr.flags;
11423 		/*
11424 		 * We convert everything into a S/G list here.  We can't
11425 		 * pass by reference, only by value between controllers.
11426 		 * So we can't pass a pointer to the S/G list, only as many
11427 		 * S/G entries as we can fit in here.  If it's possible for
11428 		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
11429 		 * then we need to break this up into multiple transfers.
11430 		 */
11431 		if (io->scsiio.kern_sg_entries == 0) {
11432 			msg.dt.kern_sg_entries = 1;
11433 			/*
11434 			 * If this is in cached memory, flush the cache
11435 			 * before we send the DMA request to the other
11436 			 * controller.  We want to do this in either the
11437 			 * read or the write case.  The read case is
11438 			 * straightforward.  In the write case, we want to
11439 			 * make sure nothing is in the local cache that
11440 			 * could overwrite the DMAed data.
11441 			 */
11442 			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
11443 				/*
11444 				 * XXX KDM use bus_dmamap_sync() here.
11445 				 */
11446 			}
11447 
11448 			/*
11449 			 * Convert to a physical address if this is a
11450 			 * virtual address.
11451 			 */
11452 			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
11453 				msg.dt.sg_list[0].addr =
11454 					io->scsiio.kern_data_ptr;
11455 			} else {
11456 				/*
11457 				 * XXX KDM use busdma here!
11458 				 */
11459 #if 0
11460 				msg.dt.sg_list[0].addr = (void *)
11461 					vtophys(io->scsiio.kern_data_ptr);
11462 #endif
11463 			}
11464 
11465 			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
11466 			do_sg_copy = 0;
11467 		} else {
11468 			struct ctl_sg_entry *sgl;
11469 
11470 			do_sg_copy = 1;
11471 			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
11472 			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
11473 			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
11474 				/*
11475 				 * XXX KDM use bus_dmamap_sync() here.
11476 				 */
11477 			}
11478 		}
11479 
11480 		msg.dt.kern_data_len = io->scsiio.kern_data_len;
11481 		msg.dt.kern_total_len = io->scsiio.kern_total_len;
11482 		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
11483 		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
11484 		msg.dt.sg_sequence = 0;
11485 
11486 		/*
11487 		 * Loop until we've sent all of the S/G entries.  On the
11488 		 * other end, we'll recompose these S/G entries into one
11489 		 * contiguous list before passing it to the
11490 		 */
11491 		for (sg_entries_sent = 0; sg_entries_sent <
11492 		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
11493 			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
11494 				sizeof(msg.dt.sg_list[0])),
11495 				msg.dt.kern_sg_entries - sg_entries_sent);
11496 
11497 			if (do_sg_copy != 0) {
11498 				struct ctl_sg_entry *sgl;
11499 				int j;
11500 
11501 				sgl = (struct ctl_sg_entry *)
11502 					io->scsiio.kern_data_ptr;
11503 				/*
11504 				 * If this is in cached memory, flush the cache
11505 				 * before we send the DMA request to the other
11506 				 * controller.  We want to do this in either
11507 				 * the * read or the write case.  The read
11508 				 * case is straightforward.  In the write
11509 				 * case, we want to make sure nothing is
11510 				 * in the local cache that could overwrite
11511 				 * the DMAed data.
11512 				 */
11513 
11514 				for (i = sg_entries_sent, j = 0;
11515 				     i < msg.dt.cur_sg_entries; i++, j++) {
11516 					if ((io->io_hdr.flags &
11517 					     CTL_FLAG_NO_DATASYNC) == 0) {
11518 						/*
11519 						 * XXX KDM use bus_dmamap_sync()
11520 						 */
11521 					}
11522 					if ((io->io_hdr.flags &
11523 					     CTL_FLAG_BUS_ADDR) == 0) {
11524 						/*
11525 						 * XXX KDM use busdma.
11526 						 */
11527 #if 0
11528 						msg.dt.sg_list[j].addr =(void *)
11529 						       vtophys(sgl[i].addr);
11530 #endif
11531 					} else {
11532 						msg.dt.sg_list[j].addr =
11533 							sgl[i].addr;
11534 					}
11535 					msg.dt.sg_list[j].len = sgl[i].len;
11536 				}
11537 			}
11538 
11539 			sg_entries_sent += msg.dt.cur_sg_entries;
11540 			if (sg_entries_sent >= msg.dt.kern_sg_entries)
11541 				msg.dt.sg_last = 1;
11542 			else
11543 				msg.dt.sg_last = 0;
11544 
11545 			/*
11546 			 * XXX KDM drop and reacquire the lock here?
11547 			 */
11548 			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
11549 			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
11550 				/*
11551 				 * XXX do something here.
11552 				 */
11553 			}
11554 
11555 			msg.dt.sent_sg_entries = sg_entries_sent;
11556 		}
11557 		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11558 		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
11559 			ctl_failover_io(io, /*have_lock*/ 1);
11560 
11561 	} else {
11562 
11563 		/*
11564 		 * Lookup the fe_datamove() function for this particular
11565 		 * front end.
11566 		 */
11567 		fe_datamove =
11568 		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
11569 		mtx_unlock(&control_softc->ctl_lock);
11570 
11571 		fe_datamove(io);
11572 	}
11573 }
11574 
11575 static void
11576 ctl_send_datamove_done(union ctl_io *io, int have_lock)
11577 {
11578 	union ctl_ha_msg msg;
11579 	int isc_status;
11580 
11581 	memset(&msg, 0, sizeof(msg));
11582 
11583 	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
11584 	msg.hdr.original_sc = io;
11585 	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
11586 	msg.hdr.nexus = io->io_hdr.nexus;
11587 	msg.hdr.status = io->io_hdr.status;
11588 	msg.scsi.tag_num = io->scsiio.tag_num;
11589 	msg.scsi.tag_type = io->scsiio.tag_type;
11590 	msg.scsi.scsi_status = io->scsiio.scsi_status;
11591 	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
11592 	       sizeof(io->scsiio.sense_data));
11593 	msg.scsi.sense_len = io->scsiio.sense_len;
11594 	msg.scsi.sense_residual = io->scsiio.sense_residual;
11595 	msg.scsi.fetd_status = io->io_hdr.port_status;
11596 	msg.scsi.residual = io->scsiio.residual;
11597 	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11598 
11599 	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
11600 		ctl_failover_io(io, /*have_lock*/ have_lock);
11601 		return;
11602 	}
11603 
11604 	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
11605 	if (isc_status > CTL_HA_STATUS_SUCCESS) {
11606 		/* XXX do something if this fails */
11607 	}
11608 
11609 }
11610 
11611 /*
11612  * The DMA to the remote side is done, now we need to tell the other side
11613  * we're done so it can continue with its data movement.
11614  */
11615 static void
11616 ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
11617 {
11618 	union ctl_io *io;
11619 
11620 	io = rq->context;
11621 
11622 	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
11623 		printf("%s: ISC DMA write failed with error %d", __func__,
11624 		       rq->ret);
11625 		ctl_set_internal_failure(&io->scsiio,
11626 					 /*sks_valid*/ 1,
11627 					 /*retry_count*/ rq->ret);
11628 	}
11629 
11630 	ctl_dt_req_free(rq);
11631 
11632 	/*
11633 	 * In this case, we had to malloc the memory locally.  Free it.
11634 	 */
11635 	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
11636 		int i;
11637 		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
11638 			free(io->io_hdr.local_sglist[i].addr, M_CTL);
11639 	}
11640 	/*
11641 	 * The data is in local and remote memory, so now we need to send
11642 	 * status (good or back) back to the other side.
11643 	 */
11644 	ctl_send_datamove_done(io, /*have_lock*/ 0);
11645 }
11646 
11647 /*
11648  * We've moved the data from the host/controller into local memory.  Now we
11649  * need to push it over to the remote controller's memory.
11650  */
11651 static int
11652 ctl_datamove_remote_dm_write_cb(union ctl_io *io)
11653 {
11654 	int retval;
11655 
11656 	retval = 0;
11657 
11658 	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
11659 					  ctl_datamove_remote_write_cb);
11660 
11661 	return (retval);
11662 }
11663 
11664 static void
11665 ctl_datamove_remote_write(union ctl_io *io)
11666 {
11667 	int retval;
11668 	void (*fe_datamove)(union ctl_io *io);
11669 
11670 	/*
11671 	 * - Get the data from the host/HBA into local memory.
11672 	 * - DMA memory from the local controller to the remote controller.
11673 	 * - Send status back to the remote controller.
11674 	 */
11675 
11676 	retval = ctl_datamove_remote_sgl_setup(io);
11677 	if (retval != 0)
11678 		return;
11679 
11680 	/* Switch the pointer over so the FETD knows what to do */
11681 	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
11682 
11683 	/*
11684 	 * Use a custom move done callback, since we need to send completion
11685 	 * back to the other controller, not to the backend on this side.
11686 	 */
11687 	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
11688 
11689 	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
11690 
11691 	fe_datamove(io);
11692 
11693 	return;
11694 
11695 }
11696 
11697 static int
11698 ctl_datamove_remote_dm_read_cb(union ctl_io *io)
11699 {
11700 #if 0
11701 	char str[256];
11702 	char path_str[64];
11703 	struct sbuf sb;
11704 #endif
11705 
11706 	/*
11707 	 * In this case, we had to malloc the memory locally.  Free it.
11708 	 */
11709 	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
11710 		int i;
11711 		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
11712 			free(io->io_hdr.local_sglist[i].addr, M_CTL);
11713 	}
11714 
11715 #if 0
11716 	scsi_path_string(io, path_str, sizeof(path_str));
11717 	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
11718 	sbuf_cat(&sb, path_str);
11719 	scsi_command_string(&io->scsiio, NULL, &sb);
11720 	sbuf_printf(&sb, "\n");
11721 	sbuf_cat(&sb, path_str);
11722 	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
11723 		    io->scsiio.tag_num, io->scsiio.tag_type);
11724 	sbuf_cat(&sb, path_str);
11725 	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
11726 		    io->io_hdr.flags, io->io_hdr.status);
11727 	sbuf_finish(&sb);
11728 	printk("%s", sbuf_data(&sb));
11729 #endif
11730 
11731 
11732 	/*
11733 	 * The read is done, now we need to send status (good or bad) back
11734 	 * to the other side.
11735 	 */
11736 	ctl_send_datamove_done(io, /*have_lock*/ 0);
11737 
11738 	return (0);
11739 }
11740 
11741 static void
11742 ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
11743 {
11744 	union ctl_io *io;
11745 	void (*fe_datamove)(union ctl_io *io);
11746 
11747 	io = rq->context;
11748 
11749 	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
11750 		printf("%s: ISC DMA read failed with error %d", __func__,
11751 		       rq->ret);
11752 		ctl_set_internal_failure(&io->scsiio,
11753 					 /*sks_valid*/ 1,
11754 					 /*retry_count*/ rq->ret);
11755 	}
11756 
11757 	ctl_dt_req_free(rq);
11758 
11759 	/* Switch the pointer over so the FETD knows what to do */
11760 	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
11761 
11762 	/*
11763 	 * Use a custom move done callback, since we need to send completion
11764 	 * back to the other controller, not to the backend on this side.
11765 	 */
11766 	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
11767 
11768 	/* XXX KDM add checks like the ones in ctl_datamove? */
11769 
11770 	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
11771 
11772 	fe_datamove(io);
11773 }
11774 
11775 static int
11776 ctl_datamove_remote_sgl_setup(union ctl_io *io)
11777 {
11778 	struct ctl_sg_entry *local_sglist, *remote_sglist;
11779 	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
11780 	struct ctl_softc *softc;
11781 	int retval;
11782 	int i;
11783 
11784 	retval = 0;
11785 	softc = control_softc;
11786 
11787 	local_sglist = io->io_hdr.local_sglist;
11788 	local_dma_sglist = io->io_hdr.local_dma_sglist;
11789 	remote_sglist = io->io_hdr.remote_sglist;
11790 	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
11791 
11792 	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
11793 		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
11794 			local_sglist[i].len = remote_sglist[i].len;
11795 
11796 			/*
11797 			 * XXX Detect the situation where the RS-level I/O
11798 			 * redirector on the other side has already read the
11799 			 * data off of the AOR RS on this side, and
11800 			 * transferred it to remote (mirror) memory on the
11801 			 * other side.  Since we already have the data in
11802 			 * memory here, we just need to use it.
11803 			 *
11804 			 * XXX KDM this can probably be removed once we
11805 			 * get the cache device code in and take the
11806 			 * current AOR implementation out.
11807 			 */
11808 #ifdef NEEDTOPORT
11809 			if ((remote_sglist[i].addr >=
11810 			     (void *)vtophys(softc->mirr->addr))
11811 			 && (remote_sglist[i].addr <
11812 			     ((void *)vtophys(softc->mirr->addr) +
11813 			     CacheMirrorOffset))) {
11814 				local_sglist[i].addr = remote_sglist[i].addr -
11815 					CacheMirrorOffset;
11816 				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
11817 				     CTL_FLAG_DATA_IN)
11818 					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
11819 			} else {
11820 				local_sglist[i].addr = remote_sglist[i].addr +
11821 					CacheMirrorOffset;
11822 			}
11823 #endif
11824 #if 0
11825 			printf("%s: local %p, remote %p, len %d\n",
11826 			       __func__, local_sglist[i].addr,
11827 			       remote_sglist[i].addr, local_sglist[i].len);
11828 #endif
11829 		}
11830 	} else {
11831 		uint32_t len_to_go;
11832 
11833 		/*
11834 		 * In this case, we don't have automatically allocated
11835 		 * memory for this I/O on this controller.  This typically
11836 		 * happens with internal CTL I/O -- e.g. inquiry, mode
11837 		 * sense, etc.  Anything coming from RAIDCore will have
11838 		 * a mirror area available.
11839 		 */
11840 		len_to_go = io->scsiio.kern_data_len;
11841 
11842 		/*
11843 		 * Clear the no datasync flag, we have to use malloced
11844 		 * buffers.
11845 		 */
11846 		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
11847 
11848 		/*
11849 		 * The difficult thing here is that the size of the various
11850 		 * S/G segments may be different than the size from the
11851 		 * remote controller.  That'll make it harder when DMAing
11852 		 * the data back to the other side.
11853 		 */
11854 		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
11855 		     sizeof(io->io_hdr.remote_sglist[0])) &&
11856 		     (len_to_go > 0); i++) {
11857 			local_sglist[i].len = ctl_min(len_to_go, 131072);
11858 			CTL_SIZE_8B(local_dma_sglist[i].len,
11859 				    local_sglist[i].len);
11860 			local_sglist[i].addr =
11861 				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
11862 
11863 			local_dma_sglist[i].addr = local_sglist[i].addr;
11864 
11865 			if (local_sglist[i].addr == NULL) {
11866 				int j;
11867 
11868 				printf("malloc failed for %zd bytes!",
11869 				       local_dma_sglist[i].len);
11870 				for (j = 0; j < i; j++) {
11871 					free(local_sglist[j].addr, M_CTL);
11872 				}
11873 				ctl_set_internal_failure(&io->scsiio,
11874 							 /*sks_valid*/ 1,
11875 							 /*retry_count*/ 4857);
11876 				retval = 1;
11877 				goto bailout_error;
11878 
11879 			}
11880 			/* XXX KDM do we need a sync here? */
11881 
11882 			len_to_go -= local_sglist[i].len;
11883 		}
11884 		/*
11885 		 * Reset the number of S/G entries accordingly.  The
11886 		 * original number of S/G entries is available in
11887 		 * rem_sg_entries.
11888 		 */
11889 		io->scsiio.kern_sg_entries = i;
11890 
11891 #if 0
11892 		printf("%s: kern_sg_entries = %d\n", __func__,
11893 		       io->scsiio.kern_sg_entries);
11894 		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
11895 			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
11896 			       local_sglist[i].addr, local_sglist[i].len,
11897 			       local_dma_sglist[i].len);
11898 #endif
11899 	}
11900 
11901 
11902 	return (retval);
11903 
11904 bailout_error:
11905 
11906 	ctl_send_datamove_done(io, /*have_lock*/ 0);
11907 
11908 	return (retval);
11909 }
11910 
11911 static int
11912 ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
11913 			 ctl_ha_dt_cb callback)
11914 {
11915 	struct ctl_ha_dt_req *rq;
11916 	struct ctl_sg_entry *remote_sglist, *local_sglist;
11917 	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
11918 	uint32_t local_used, remote_used, total_used;
11919 	int retval;
11920 	int i, j;
11921 
11922 	retval = 0;
11923 
11924 	rq = ctl_dt_req_alloc();
11925 
11926 	/*
11927 	 * If we failed to allocate the request, and if the DMA didn't fail
11928 	 * anyway, set busy status.  This is just a resource allocation
11929 	 * failure.
11930 	 */
11931 	if ((rq == NULL)
11932 	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
11933 		ctl_set_busy(&io->scsiio);
11934 
11935 	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
11936 
11937 		if (rq != NULL)
11938 			ctl_dt_req_free(rq);
11939 
11940 		/*
11941 		 * The data move failed.  We need to return status back
11942 		 * to the other controller.  No point in trying to DMA
11943 		 * data to the remote controller.
11944 		 */
11945 
11946 		ctl_send_datamove_done(io, /*have_lock*/ 0);
11947 
11948 		retval = 1;
11949 
11950 		goto bailout;
11951 	}
11952 
11953 	local_sglist = io->io_hdr.local_sglist;
11954 	local_dma_sglist = io->io_hdr.local_dma_sglist;
11955 	remote_sglist = io->io_hdr.remote_sglist;
11956 	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
11957 	local_used = 0;
11958 	remote_used = 0;
11959 	total_used = 0;
11960 
11961 	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
11962 		rq->ret = CTL_HA_STATUS_SUCCESS;
11963 		rq->context = io;
11964 		callback(rq);
11965 		goto bailout;
11966 	}
11967 
11968 	/*
11969 	 * Pull/push the data over the wire from/to the other controller.
11970 	 * This takes into account the possibility that the local and
11971 	 * remote sglists may not be identical in terms of the size of
11972 	 * the elements and the number of elements.
11973 	 *
11974 	 * One fundamental assumption here is that the length allocated for
11975 	 * both the local and remote sglists is identical.  Otherwise, we've
11976 	 * essentially got a coding error of some sort.
11977 	 */
11978 	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
11979 		int isc_ret;
11980 		uint32_t cur_len, dma_length;
11981 		uint8_t *tmp_ptr;
11982 
11983 		rq->id = CTL_HA_DATA_CTL;
11984 		rq->command = command;
11985 		rq->context = io;
11986 
11987 		/*
11988 		 * Both pointers should be aligned.  But it is possible
11989 		 * that the allocation length is not.  They should both
11990 		 * also have enough slack left over at the end, though,
11991 		 * to round up to the next 8 byte boundary.
11992 		 */
11993 		cur_len = ctl_min(local_sglist[i].len - local_used,
11994 				  remote_sglist[j].len - remote_used);
11995 
11996 		/*
11997 		 * In this case, we have a size issue and need to decrease
11998 		 * the size, except in the case where we actually have less
11999 		 * than 8 bytes left.  In that case, we need to increase
12000 		 * the DMA length to get the last bit.
12001 		 */
12002 		if ((cur_len & 0x7) != 0) {
12003 			if (cur_len > 0x7) {
12004 				cur_len = cur_len - (cur_len & 0x7);
12005 				dma_length = cur_len;
12006 			} else {
12007 				CTL_SIZE_8B(dma_length, cur_len);
12008 			}
12009 
12010 		} else
12011 			dma_length = cur_len;
12012 
12013 		/*
12014 		 * If we had to allocate memory for this I/O, instead of using
12015 		 * the non-cached mirror memory, we'll need to flush the cache
12016 		 * before trying to DMA to the other controller.
12017 		 *
12018 		 * We could end up doing this multiple times for the same
12019 		 * segment if we have a larger local segment than remote
12020 		 * segment.  That shouldn't be an issue.
12021 		 */
12022 		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12023 			/*
12024 			 * XXX KDM use bus_dmamap_sync() here.
12025 			 */
12026 		}
12027 
12028 		rq->size = dma_length;
12029 
12030 		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12031 		tmp_ptr += local_used;
12032 
12033 		/* Use physical addresses when talking to ISC hardware */
12034 		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12035 			/* XXX KDM use busdma */
12036 #if 0
12037 			rq->local = vtophys(tmp_ptr);
12038 #endif
12039 		} else
12040 			rq->local = tmp_ptr;
12041 
12042 		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12043 		tmp_ptr += remote_used;
12044 		rq->remote = tmp_ptr;
12045 
12046 		rq->callback = NULL;
12047 
12048 		local_used += cur_len;
12049 		if (local_used >= local_sglist[i].len) {
12050 			i++;
12051 			local_used = 0;
12052 		}
12053 
12054 		remote_used += cur_len;
12055 		if (remote_used >= remote_sglist[j].len) {
12056 			j++;
12057 			remote_used = 0;
12058 		}
12059 		total_used += cur_len;
12060 
12061 		if (total_used >= io->scsiio.kern_data_len)
12062 			rq->callback = callback;
12063 
12064 		if ((rq->size & 0x7) != 0) {
12065 			printf("%s: warning: size %d is not on 8b boundary\n",
12066 			       __func__, rq->size);
12067 		}
12068 		if (((uintptr_t)rq->local & 0x7) != 0) {
12069 			printf("%s: warning: local %p not on 8b boundary\n",
12070 			       __func__, rq->local);
12071 		}
12072 		if (((uintptr_t)rq->remote & 0x7) != 0) {
12073 			printf("%s: warning: remote %p not on 8b boundary\n",
12074 			       __func__, rq->local);
12075 		}
12076 #if 0
12077 		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
12078 		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12079 		       rq->local, rq->remote, rq->size);
12080 #endif
12081 
12082 		isc_ret = ctl_dt_single(rq);
12083 		if (isc_ret == CTL_HA_STATUS_WAIT)
12084 			continue;
12085 
12086 		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
12087 			rq->ret = CTL_HA_STATUS_SUCCESS;
12088 		} else {
12089 			rq->ret = isc_ret;
12090 		}
12091 		callback(rq);
12092 		goto bailout;
12093 	}
12094 
12095 bailout:
12096 	return (retval);
12097 
12098 }
12099 
12100 static void
12101 ctl_datamove_remote_read(union ctl_io *io)
12102 {
12103 	int retval;
12104 	int i;
12105 
12106 	/*
12107 	 * This will send an error to the other controller in the case of a
12108 	 * failure.
12109 	 */
12110 	retval = ctl_datamove_remote_sgl_setup(io);
12111 	if (retval != 0)
12112 		return;
12113 
12114 	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12115 					  ctl_datamove_remote_read_cb);
12116 	if ((retval != 0)
12117 	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
12118 		/*
12119 		 * Make sure we free memory if there was an error..  The
12120 		 * ctl_datamove_remote_xfer() function will send the
12121 		 * datamove done message, or call the callback with an
12122 		 * error if there is a problem.
12123 		 */
12124 		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12125 			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12126 	}
12127 
12128 	return;
12129 }
12130 
12131 /*
12132  * Process a datamove request from the other controller.  This is used for
12133  * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12134  * first.  Once that is complete, the data gets DMAed into the remote
12135  * controller's memory.  For reads, we DMA from the remote controller's
12136  * memory into our memory first, and then move it out to the FETD.
12137  *
12138  * Should be called without the ctl_lock held.
12139  */
12140 static void
12141 ctl_datamove_remote(union ctl_io *io)
12142 {
12143 	struct ctl_softc *softc;
12144 
12145 	softc = control_softc;
12146 
12147 	/*
12148 	 * Note that we look for an aborted I/O here, but don't do some of
12149 	 * the other checks that ctl_datamove() normally does.  We don't
12150 	 * need to run the task queue, because this I/O is on the ISC
12151 	 * queue, which is executed by the work thread after the task queue.
12152 	 * We don't need to run the datamove delay code, since that should
12153 	 * have been done if need be on the other controller.
12154 	 */
12155 	mtx_lock(&softc->ctl_lock);
12156 
12157 	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12158 
12159 		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
12160 		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
12161 		       io->io_hdr.nexus.targ_port,
12162 		       io->io_hdr.nexus.targ_target.id,
12163 		       io->io_hdr.nexus.targ_lun);
12164 		io->io_hdr.status = CTL_CMD_ABORTED;
12165 		io->io_hdr.port_status = 31338;
12166 
12167 		mtx_unlock(&softc->ctl_lock);
12168 
12169 		ctl_send_datamove_done(io, /*have_lock*/ 0);
12170 
12171 		return;
12172 	}
12173 
12174 	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
12175 		mtx_unlock(&softc->ctl_lock);
12176 		ctl_datamove_remote_write(io);
12177 	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
12178 		mtx_unlock(&softc->ctl_lock);
12179 		ctl_datamove_remote_read(io);
12180 	} else {
12181 		union ctl_ha_msg msg;
12182 		struct scsi_sense_data *sense;
12183 		uint8_t sks[3];
12184 		int retry_count;
12185 
12186 		memset(&msg, 0, sizeof(msg));
12187 
12188 		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
12189 		msg.hdr.status = CTL_SCSI_ERROR;
12190 		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
12191 
12192 		retry_count = 4243;
12193 
12194 		sense = &msg.scsi.sense_data;
12195 		sks[0] = SSD_SCS_VALID;
12196 		sks[1] = (retry_count >> 8) & 0xff;
12197 		sks[2] = retry_count & 0xff;
12198 
12199 		/* "Internal target failure" */
12200 		scsi_set_sense_data(sense,
12201 				    /*sense_format*/ SSD_TYPE_NONE,
12202 				    /*current_error*/ 1,
12203 				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
12204 				    /*asc*/ 0x44,
12205 				    /*ascq*/ 0x00,
12206 				    /*type*/ SSD_ELEM_SKS,
12207 				    /*size*/ sizeof(sks),
12208 				    /*data*/ sks,
12209 				    SSD_ELEM_NONE);
12210 
12211 		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12212 		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12213 			ctl_failover_io(io, /*have_lock*/ 1);
12214 			mtx_unlock(&softc->ctl_lock);
12215 			return;
12216 		}
12217 
12218 		mtx_unlock(&softc->ctl_lock);
12219 
12220 		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
12221 		    CTL_HA_STATUS_SUCCESS) {
12222 			/* XXX KDM what to do if this fails? */
12223 		}
12224 		return;
12225 	}
12226 
12227 }
12228 
12229 static int
12230 ctl_process_done(union ctl_io *io, int have_lock)
12231 {
12232 	struct ctl_lun *lun;
12233 	struct ctl_softc *ctl_softc;
12234 	void (*fe_done)(union ctl_io *io);
12235 	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
12236 
12237 	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12238 
12239 	fe_done =
12240 	    control_softc->ctl_ports[targ_port]->fe_done;
12241 
12242 #ifdef CTL_TIME_IO
12243 	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12244 		char str[256];
12245 		char path_str[64];
12246 		struct sbuf sb;
12247 
12248 		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12249 		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12250 
12251 		sbuf_cat(&sb, path_str);
12252 		switch (io->io_hdr.io_type) {
12253 		case CTL_IO_SCSI:
12254 			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12255 			sbuf_printf(&sb, "\n");
12256 			sbuf_cat(&sb, path_str);
12257 			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12258 				    io->scsiio.tag_num, io->scsiio.tag_type);
12259 			break;
12260 		case CTL_IO_TASK:
12261 			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12262 				    "Tag Type: %d\n", io->taskio.task_action,
12263 				    io->taskio.tag_num, io->taskio.tag_type);
12264 			break;
12265 		default:
12266 			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12267 			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12268 			break;
12269 		}
12270 		sbuf_cat(&sb, path_str);
12271 		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12272 			    (intmax_t)time_uptime - io->io_hdr.start_time);
12273 		sbuf_finish(&sb);
12274 		printf("%s", sbuf_data(&sb));
12275 	}
12276 #endif /* CTL_TIME_IO */
12277 
12278 	switch (io->io_hdr.io_type) {
12279 	case CTL_IO_SCSI:
12280 		break;
12281 	case CTL_IO_TASK:
12282 		ctl_io_error_print(io, NULL);
12283 		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
12284 			ctl_free_io_internal(io, /*have_lock*/ 0);
12285 		else
12286 			fe_done(io);
12287 		return (CTL_RETVAL_COMPLETE);
12288 		break;
12289 	default:
12290 		printf("ctl_process_done: invalid io type %d\n",
12291 		       io->io_hdr.io_type);
12292 		panic("ctl_process_done: invalid io type %d\n",
12293 		      io->io_hdr.io_type);
12294 		break; /* NOTREACHED */
12295 	}
12296 
12297 	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12298 	if (lun == NULL) {
12299 		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12300 				 io->io_hdr.nexus.targ_lun));
12301 		fe_done(io);
12302 		goto bailout;
12303 	}
12304 	ctl_softc = lun->ctl_softc;
12305 
12306 	/*
12307 	 * Remove this from the OOA queue.
12308 	 */
12309 	if (have_lock == 0)
12310 		mtx_lock(&ctl_softc->ctl_lock);
12311 
12312 	/*
12313 	 * Check to see if we have any errors to inject here.  We only
12314 	 * inject errors for commands that don't already have errors set.
12315 	 */
12316 	if ((STAILQ_FIRST(&lun->error_list) != NULL)
12317 	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))
12318 		ctl_inject_error(lun, io);
12319 
12320 	/*
12321 	 * XXX KDM how do we treat commands that aren't completed
12322 	 * successfully?
12323 	 *
12324 	 * XXX KDM should we also track I/O latency?
12325 	 */
12326 	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) {
12327 		uint32_t blocksize;
12328 #ifdef CTL_TIME_IO
12329 		struct bintime cur_bt;
12330 #endif
12331 
12332 		if ((lun->be_lun != NULL)
12333 		 && (lun->be_lun->blocksize != 0))
12334 			blocksize = lun->be_lun->blocksize;
12335 		else
12336 			blocksize = 512;
12337 
12338 		switch (io->io_hdr.io_type) {
12339 		case CTL_IO_SCSI: {
12340 			int isread;
12341 			struct ctl_lba_len lbalen;
12342 
12343 			isread = 0;
12344 			switch (io->scsiio.cdb[0]) {
12345 			case READ_6:
12346 			case READ_10:
12347 			case READ_12:
12348 			case READ_16:
12349 				isread = 1;
12350 				/* FALLTHROUGH */
12351 			case WRITE_6:
12352 			case WRITE_10:
12353 			case WRITE_12:
12354 			case WRITE_16:
12355 			case WRITE_VERIFY_10:
12356 			case WRITE_VERIFY_12:
12357 			case WRITE_VERIFY_16:
12358 				memcpy(&lbalen, io->io_hdr.ctl_private[
12359 				       CTL_PRIV_LBA_LEN].bytes, sizeof(lbalen));
12360 
12361 				if (isread) {
12362 					lun->stats.ports[targ_port].bytes[CTL_STATS_READ] +=
12363 						lbalen.len * blocksize;
12364 					lun->stats.ports[targ_port].operations[CTL_STATS_READ]++;
12365 
12366 #ifdef CTL_TIME_IO
12367 					bintime_add(
12368 					   &lun->stats.ports[targ_port].dma_time[CTL_STATS_READ],
12369 					   &io->io_hdr.dma_bt);
12370 					lun->stats.ports[targ_port].num_dmas[CTL_STATS_READ] +=
12371 						io->io_hdr.num_dmas;
12372 					getbintime(&cur_bt);
12373 					bintime_sub(&cur_bt,
12374 						    &io->io_hdr.start_bt);
12375 
12376 					bintime_add(
12377 					    &lun->stats.ports[targ_port].time[CTL_STATS_READ],
12378 					    &cur_bt);
12379 
12380 #if 0
12381 					cs_prof_gettime(&cur_ticks);
12382 					lun->stats.time[CTL_STATS_READ] +=
12383 						cur_ticks -
12384 						io->io_hdr.start_ticks;
12385 #endif
12386 #if 0
12387 					lun->stats.time[CTL_STATS_READ] +=
12388 						jiffies - io->io_hdr.start_time;
12389 #endif
12390 #endif /* CTL_TIME_IO */
12391 				} else {
12392 					lun->stats.ports[targ_port].bytes[CTL_STATS_WRITE] +=
12393 						lbalen.len * blocksize;
12394 					lun->stats.ports[targ_port].operations[
12395 						CTL_STATS_WRITE]++;
12396 
12397 #ifdef CTL_TIME_IO
12398 					bintime_add(
12399 					  &lun->stats.ports[targ_port].dma_time[CTL_STATS_WRITE],
12400 					  &io->io_hdr.dma_bt);
12401 					lun->stats.ports[targ_port].num_dmas[CTL_STATS_WRITE] +=
12402 						io->io_hdr.num_dmas;
12403 					getbintime(&cur_bt);
12404 					bintime_sub(&cur_bt,
12405 						    &io->io_hdr.start_bt);
12406 
12407 					bintime_add(
12408 					    &lun->stats.ports[targ_port].time[CTL_STATS_WRITE],
12409 					    &cur_bt);
12410 #if 0
12411 					cs_prof_gettime(&cur_ticks);
12412 					lun->stats.ports[targ_port].time[CTL_STATS_WRITE] +=
12413 						cur_ticks -
12414 						io->io_hdr.start_ticks;
12415 					lun->stats.ports[targ_port].time[CTL_STATS_WRITE] +=
12416 						jiffies - io->io_hdr.start_time;
12417 #endif
12418 #endif /* CTL_TIME_IO */
12419 				}
12420 				break;
12421 			default:
12422 				lun->stats.ports[targ_port].operations[CTL_STATS_NO_IO]++;
12423 
12424 #ifdef CTL_TIME_IO
12425 				bintime_add(
12426 				  &lun->stats.ports[targ_port].dma_time[CTL_STATS_NO_IO],
12427 				  &io->io_hdr.dma_bt);
12428 				lun->stats.ports[targ_port].num_dmas[CTL_STATS_NO_IO] +=
12429 					io->io_hdr.num_dmas;
12430 				getbintime(&cur_bt);
12431 				bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12432 
12433 				bintime_add(&lun->stats.ports[targ_port].time[CTL_STATS_NO_IO],
12434 					    &cur_bt);
12435 
12436 #if 0
12437 				cs_prof_gettime(&cur_ticks);
12438 				lun->stats.ports[targ_port].time[CTL_STATS_NO_IO] +=
12439 					cur_ticks -
12440 					io->io_hdr.start_ticks;
12441 				lun->stats.ports[targ_port].time[CTL_STATS_NO_IO] +=
12442 					jiffies - io->io_hdr.start_time;
12443 #endif
12444 #endif /* CTL_TIME_IO */
12445 				break;
12446 			}
12447 			break;
12448 		}
12449 		default:
12450 			break;
12451 		}
12452 	}
12453 
12454 	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12455 
12456 	/*
12457 	 * Run through the blocked queue on this LUN and see if anything
12458 	 * has become unblocked, now that this transaction is done.
12459 	 */
12460 	ctl_check_blocked(lun);
12461 
12462 	/*
12463 	 * If the LUN has been invalidated, free it if there is nothing
12464 	 * left on its OOA queue.
12465 	 */
12466 	if ((lun->flags & CTL_LUN_INVALID)
12467 	 && (TAILQ_FIRST(&lun->ooa_queue) == NULL))
12468 		ctl_free_lun(lun);
12469 
12470 	/*
12471 	 * If this command has been aborted, make sure we set the status
12472 	 * properly.  The FETD is responsible for freeing the I/O and doing
12473 	 * whatever it needs to do to clean up its state.
12474 	 */
12475 	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12476 		io->io_hdr.status = CTL_CMD_ABORTED;
12477 
12478 	/*
12479 	 * We print out status for every task management command.  For SCSI
12480 	 * commands, we filter out any unit attention errors; they happen
12481 	 * on every boot, and would clutter up the log.  Note:  task
12482 	 * management commands aren't printed here, they are printed above,
12483 	 * since they should never even make it down here.
12484 	 */
12485 	switch (io->io_hdr.io_type) {
12486 	case CTL_IO_SCSI: {
12487 		int error_code, sense_key, asc, ascq;
12488 
12489 		sense_key = 0;
12490 
12491 		if (((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR)
12492 		 && (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
12493 			/*
12494 			 * Since this is just for printing, no need to
12495 			 * show errors here.
12496 			 */
12497 			scsi_extract_sense_len(&io->scsiio.sense_data,
12498 					       io->scsiio.sense_len,
12499 					       &error_code,
12500 					       &sense_key,
12501 					       &asc,
12502 					       &ascq,
12503 					       /*show_errors*/ 0);
12504 		}
12505 
12506 		if (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
12507 		 && (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SCSI_ERROR)
12508 		  || (io->scsiio.scsi_status != SCSI_STATUS_CHECK_COND)
12509 		  || (sense_key != SSD_KEY_UNIT_ATTENTION))) {
12510 
12511 			if ((time_uptime - ctl_softc->last_print_jiffies) <= 0){
12512 				ctl_softc->skipped_prints++;
12513 				if (have_lock == 0)
12514 					mtx_unlock(&ctl_softc->ctl_lock);
12515 			} else {
12516 				uint32_t skipped_prints;
12517 
12518 				skipped_prints = ctl_softc->skipped_prints;
12519 
12520 				ctl_softc->skipped_prints = 0;
12521 				ctl_softc->last_print_jiffies = time_uptime;
12522 
12523 				if (have_lock == 0)
12524 					mtx_unlock(&ctl_softc->ctl_lock);
12525 				if (skipped_prints > 0) {
12526 #ifdef NEEDTOPORT
12527 					csevent_log(CSC_CTL | CSC_SHELF_SW |
12528 					    CTL_ERROR_REPORT,
12529 					    csevent_LogType_Trace,
12530 					    csevent_Severity_Information,
12531 					    csevent_AlertLevel_Green,
12532 					    csevent_FRU_Firmware,
12533 					    csevent_FRU_Unknown,
12534 					    "High CTL error volume, %d prints "
12535 					    "skipped", skipped_prints);
12536 #endif
12537 				}
12538 				ctl_io_error_print(io, NULL);
12539 			}
12540 		} else {
12541 			if (have_lock == 0)
12542 				mtx_unlock(&ctl_softc->ctl_lock);
12543 		}
12544 		break;
12545 	}
12546 	case CTL_IO_TASK:
12547 		if (have_lock == 0)
12548 			mtx_unlock(&ctl_softc->ctl_lock);
12549 		ctl_io_error_print(io, NULL);
12550 		break;
12551 	default:
12552 		if (have_lock == 0)
12553 			mtx_unlock(&ctl_softc->ctl_lock);
12554 		break;
12555 	}
12556 
12557 	/*
12558 	 * Tell the FETD or the other shelf controller we're done with this
12559 	 * command.  Note that only SCSI commands get to this point.  Task
12560 	 * management commands are completed above.
12561 	 *
12562 	 * We only send status to the other controller if we're in XFER
12563 	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
12564 	 * received the I/O (from CTL's perspective), and so the status is
12565 	 * generated there.
12566 	 *
12567 	 * XXX KDM if we hold the lock here, we could cause a deadlock
12568 	 * if the frontend comes back in in this context to queue
12569 	 * something.
12570 	 */
12571 	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
12572 	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12573 		union ctl_ha_msg msg;
12574 
12575 		memset(&msg, 0, sizeof(msg));
12576 		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12577 		msg.hdr.original_sc = io->io_hdr.original_sc;
12578 		msg.hdr.nexus = io->io_hdr.nexus;
12579 		msg.hdr.status = io->io_hdr.status;
12580 		msg.scsi.scsi_status = io->scsiio.scsi_status;
12581 		msg.scsi.tag_num = io->scsiio.tag_num;
12582 		msg.scsi.tag_type = io->scsiio.tag_type;
12583 		msg.scsi.sense_len = io->scsiio.sense_len;
12584 		msg.scsi.sense_residual = io->scsiio.sense_residual;
12585 		msg.scsi.residual = io->scsiio.residual;
12586 		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12587 		       sizeof(io->scsiio.sense_data));
12588 		/*
12589 		 * We copy this whether or not this is an I/O-related
12590 		 * command.  Otherwise, we'd have to go and check to see
12591 		 * whether it's a read/write command, and it really isn't
12592 		 * worth it.
12593 		 */
12594 		memcpy(&msg.scsi.lbalen,
12595 		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
12596 		       sizeof(msg.scsi.lbalen));;
12597 
12598 		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12599 				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12600 			/* XXX do something here */
12601 		}
12602 
12603 		ctl_free_io_internal(io, /*have_lock*/ 0);
12604 	} else
12605 		fe_done(io);
12606 
12607 bailout:
12608 
12609 	return (CTL_RETVAL_COMPLETE);
12610 }
12611 
12612 /*
12613  * Front end should call this if it doesn't do autosense.  When the request
12614  * sense comes back in from the initiator, we'll dequeue this and send it.
12615  */
12616 int
12617 ctl_queue_sense(union ctl_io *io)
12618 {
12619 	struct ctl_lun *lun;
12620 	struct ctl_softc *ctl_softc;
12621 	uint32_t initidx;
12622 
12623 	ctl_softc = control_softc;
12624 
12625 	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
12626 
12627 	/*
12628 	 * LUN lookup will likely move to the ctl_work_thread() once we
12629 	 * have our new queueing infrastructure (that doesn't put things on
12630 	 * a per-LUN queue initially).  That is so that we can handle
12631 	 * things like an INQUIRY to a LUN that we don't have enabled.  We
12632 	 * can't deal with that right now.
12633 	 */
12634 	mtx_lock(&ctl_softc->ctl_lock);
12635 
12636 	/*
12637 	 * If we don't have a LUN for this, just toss the sense
12638 	 * information.
12639 	 */
12640 	if ((io->io_hdr.nexus.targ_lun < CTL_MAX_LUNS)
12641 	 && (ctl_softc->ctl_luns[io->io_hdr.nexus.targ_lun] != NULL))
12642 		lun = ctl_softc->ctl_luns[io->io_hdr.nexus.targ_lun];
12643 	else
12644 		goto bailout;
12645 
12646 	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12647 
12648 	/*
12649 	 * Already have CA set for this LUN...toss the sense information.
12650 	 */
12651 	if (ctl_is_set(lun->have_ca, initidx))
12652 		goto bailout;
12653 
12654 	memcpy(&lun->pending_sense[initidx].sense, &io->scsiio.sense_data,
12655 	       ctl_min(sizeof(lun->pending_sense[initidx].sense),
12656 	       sizeof(io->scsiio.sense_data)));
12657 	ctl_set_mask(lun->have_ca, initidx);
12658 
12659 bailout:
12660 	mtx_unlock(&ctl_softc->ctl_lock);
12661 
12662 	ctl_free_io(io);
12663 
12664 	return (CTL_RETVAL_COMPLETE);
12665 }
12666 
12667 /*
12668  * Primary command inlet from frontend ports.  All SCSI and task I/O
12669  * requests must go through this function.
12670  */
12671 int
12672 ctl_queue(union ctl_io *io)
12673 {
12674 	struct ctl_softc *ctl_softc;
12675 
12676 	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
12677 
12678 	ctl_softc = control_softc;
12679 
12680 #ifdef CTL_TIME_IO
12681 	io->io_hdr.start_time = time_uptime;
12682 	getbintime(&io->io_hdr.start_bt);
12683 #endif /* CTL_TIME_IO */
12684 
12685 	mtx_lock(&ctl_softc->ctl_lock);
12686 
12687 	switch (io->io_hdr.io_type) {
12688 	case CTL_IO_SCSI:
12689 		STAILQ_INSERT_TAIL(&ctl_softc->incoming_queue, &io->io_hdr,
12690 				   links);
12691 		break;
12692 	case CTL_IO_TASK:
12693 		STAILQ_INSERT_TAIL(&ctl_softc->task_queue, &io->io_hdr, links);
12694 		/*
12695 		 * Set the task pending flag.  This is necessary to close a
12696 		 * race condition with the FETD:
12697 		 *
12698 		 * - FETD submits a task management command, like an abort.
12699 		 * - Back end calls fe_datamove() to move the data for the
12700 		 *   aborted command.  The FETD can't really accept it, but
12701 		 *   if it did, it would end up transmitting data for a
12702 		 *   command that the initiator told us to abort.
12703 		 *
12704 		 * We close the race condition by setting the flag here,
12705 		 * and checking it in ctl_datamove(), before calling the
12706 		 * FETD's fe_datamove routine.  If we've got a task
12707 		 * pending, we run the task queue and then check to see
12708 		 * whether our particular I/O has been aborted.
12709 		 */
12710 		ctl_softc->flags |= CTL_FLAG_TASK_PENDING;
12711 		break;
12712 	default:
12713 		mtx_unlock(&ctl_softc->ctl_lock);
12714 		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
12715 		return (-EINVAL);
12716 		break; /* NOTREACHED */
12717 	}
12718 	mtx_unlock(&ctl_softc->ctl_lock);
12719 
12720 	ctl_wakeup_thread();
12721 
12722 	return (CTL_RETVAL_COMPLETE);
12723 }
12724 
12725 #ifdef CTL_IO_DELAY
12726 static void
12727 ctl_done_timer_wakeup(void *arg)
12728 {
12729 	union ctl_io *io;
12730 
12731 	io = (union ctl_io *)arg;
12732 	ctl_done_lock(io, /*have_lock*/ 0);
12733 }
12734 #endif /* CTL_IO_DELAY */
12735 
12736 void
12737 ctl_done_lock(union ctl_io *io, int have_lock)
12738 {
12739 	struct ctl_softc *ctl_softc;
12740 #ifndef CTL_DONE_THREAD
12741 	union ctl_io *xio;
12742 #endif /* !CTL_DONE_THREAD */
12743 
12744 	ctl_softc = control_softc;
12745 
12746 	if (have_lock == 0)
12747 		mtx_lock(&ctl_softc->ctl_lock);
12748 
12749 	/*
12750 	 * Enable this to catch duplicate completion issues.
12751 	 */
12752 #if 0
12753 	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
12754 		printf("%s: type %d msg %d cdb %x iptl: "
12755 		       "%d:%d:%d:%d tag 0x%04x "
12756 		       "flag %#x status %x\n",
12757 			__func__,
12758 			io->io_hdr.io_type,
12759 			io->io_hdr.msg_type,
12760 			io->scsiio.cdb[0],
12761 			io->io_hdr.nexus.initid.id,
12762 			io->io_hdr.nexus.targ_port,
12763 			io->io_hdr.nexus.targ_target.id,
12764 			io->io_hdr.nexus.targ_lun,
12765 			(io->io_hdr.io_type ==
12766 			CTL_IO_TASK) ?
12767 			io->taskio.tag_num :
12768 			io->scsiio.tag_num,
12769 		        io->io_hdr.flags,
12770 			io->io_hdr.status);
12771 	} else
12772 		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
12773 #endif
12774 
12775 	/*
12776 	 * This is an internal copy of an I/O, and should not go through
12777 	 * the normal done processing logic.
12778 	 */
12779 	if (io->io_hdr.flags & CTL_FLAG_INT_COPY) {
12780 		if (have_lock == 0)
12781 			mtx_unlock(&ctl_softc->ctl_lock);
12782 		return;
12783 	}
12784 
12785 	/*
12786 	 * We need to send a msg to the serializing shelf to finish the IO
12787 	 * as well.  We don't send a finish message to the other shelf if
12788 	 * this is a task management command.  Task management commands
12789 	 * aren't serialized in the OOA queue, but rather just executed on
12790 	 * both shelf controllers for commands that originated on that
12791 	 * controller.
12792 	 */
12793 	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
12794 	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
12795 		union ctl_ha_msg msg_io;
12796 
12797 		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
12798 		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
12799 		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
12800 		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
12801 		}
12802 		/* continue on to finish IO */
12803 	}
12804 #ifdef CTL_IO_DELAY
12805 	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12806 		struct ctl_lun *lun;
12807 
12808 		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12809 
12810 		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12811 	} else {
12812 		struct ctl_lun *lun;
12813 
12814 		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12815 
12816 		if ((lun != NULL)
12817 		 && (lun->delay_info.done_delay > 0)) {
12818 			struct callout *callout;
12819 
12820 			callout = (struct callout *)&io->io_hdr.timer_bytes;
12821 			callout_init(callout, /*mpsafe*/ 1);
12822 			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12823 			callout_reset(callout,
12824 				      lun->delay_info.done_delay * hz,
12825 				      ctl_done_timer_wakeup, io);
12826 			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
12827 				lun->delay_info.done_delay = 0;
12828 			if (have_lock == 0)
12829 				mtx_unlock(&ctl_softc->ctl_lock);
12830 			return;
12831 		}
12832 	}
12833 #endif /* CTL_IO_DELAY */
12834 
12835 	STAILQ_INSERT_TAIL(&ctl_softc->done_queue, &io->io_hdr, links);
12836 
12837 #ifdef CTL_DONE_THREAD
12838 	if (have_lock == 0)
12839 		mtx_unlock(&ctl_softc->ctl_lock);
12840 
12841 	ctl_wakeup_thread();
12842 #else /* CTL_DONE_THREAD */
12843 	for (xio = (union ctl_io *)STAILQ_FIRST(&ctl_softc->done_queue);
12844 	     xio != NULL;
12845 	     xio =(union ctl_io *)STAILQ_FIRST(&ctl_softc->done_queue)) {
12846 
12847 		STAILQ_REMOVE_HEAD(&ctl_softc->done_queue, links);
12848 
12849 		ctl_process_done(xio, /*have_lock*/ 1);
12850 	}
12851 	if (have_lock == 0)
12852 		mtx_unlock(&ctl_softc->ctl_lock);
12853 #endif /* CTL_DONE_THREAD */
12854 }
12855 
12856 void
12857 ctl_done(union ctl_io *io)
12858 {
12859 	ctl_done_lock(io, /*have_lock*/ 0);
12860 }
12861 
12862 int
12863 ctl_isc(struct ctl_scsiio *ctsio)
12864 {
12865 	struct ctl_lun *lun;
12866 	int retval;
12867 
12868 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12869 
12870 	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
12871 
12872 	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
12873 
12874 	retval = lun->backend->data_submit((union ctl_io *)ctsio);
12875 
12876 	return (retval);
12877 }
12878 
12879 
12880 static void
12881 ctl_work_thread(void *arg)
12882 {
12883 	struct ctl_softc *softc;
12884 	union ctl_io *io;
12885 	struct ctl_be_lun *be_lun;
12886 	int retval;
12887 
12888 	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
12889 
12890 	softc = (struct ctl_softc *)arg;
12891 	if (softc == NULL)
12892 		return;
12893 
12894 	mtx_lock(&softc->ctl_lock);
12895 	for (;;) {
12896 		retval = 0;
12897 
12898 		/*
12899 		 * We handle the queues in this order:
12900 		 * - task management
12901 		 * - ISC
12902 		 * - done queue (to free up resources, unblock other commands)
12903 		 * - RtR queue
12904 		 * - incoming queue
12905 		 *
12906 		 * If those queues are empty, we break out of the loop and
12907 		 * go to sleep.
12908 		 */
12909 		io = (union ctl_io *)STAILQ_FIRST(&softc->task_queue);
12910 		if (io != NULL) {
12911 			ctl_run_task_queue(softc);
12912 			continue;
12913 		}
12914 		io = (union ctl_io *)STAILQ_FIRST(&softc->isc_queue);
12915 		if (io != NULL) {
12916 			STAILQ_REMOVE_HEAD(&softc->isc_queue, links);
12917 			ctl_handle_isc(io);
12918 			continue;
12919 		}
12920 		io = (union ctl_io *)STAILQ_FIRST(&softc->done_queue);
12921 		if (io != NULL) {
12922 			STAILQ_REMOVE_HEAD(&softc->done_queue, links);
12923 			/* clear any blocked commands, call fe_done */
12924 			mtx_unlock(&softc->ctl_lock);
12925 			/*
12926 			 * XXX KDM
12927 			 * Call this without a lock for now.  This will
12928 			 * depend on whether there is any way the FETD can
12929 			 * sleep or deadlock if called with the CTL lock
12930 			 * held.
12931 			 */
12932 			retval = ctl_process_done(io, /*have_lock*/ 0);
12933 			mtx_lock(&softc->ctl_lock);
12934 			continue;
12935 		}
12936 		if (!ctl_pause_rtr) {
12937 			io = (union ctl_io *)STAILQ_FIRST(&softc->rtr_queue);
12938 			if (io != NULL) {
12939 				STAILQ_REMOVE_HEAD(&softc->rtr_queue, links);
12940 				mtx_unlock(&softc->ctl_lock);
12941 				goto execute;
12942 			}
12943 		}
12944 		io = (union ctl_io *)STAILQ_FIRST(&softc->incoming_queue);
12945 		if (io != NULL) {
12946 			STAILQ_REMOVE_HEAD(&softc->incoming_queue, links);
12947 			mtx_unlock(&softc->ctl_lock);
12948 			ctl_scsiio_precheck(softc, &io->scsiio);
12949 			mtx_lock(&softc->ctl_lock);
12950 			continue;
12951 		}
12952 		/*
12953 		 * We might want to move this to a separate thread, so that
12954 		 * configuration requests (in this case LUN creations)
12955 		 * won't impact the I/O path.
12956 		 */
12957 		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
12958 		if (be_lun != NULL) {
12959 			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
12960 			mtx_unlock(&softc->ctl_lock);
12961 			ctl_create_lun(be_lun);
12962 			mtx_lock(&softc->ctl_lock);
12963 			continue;
12964 		}
12965 
12966 		/* XXX KDM use the PDROP flag?? */
12967 		/* Sleep until we have something to do. */
12968 		mtx_sleep(softc, &softc->ctl_lock, PRIBIO, "ctl_work", 0);
12969 
12970 		/* Back to the top of the loop to see what woke us up. */
12971 		continue;
12972 
12973 execute:
12974 		retval = ctl_scsiio(&io->scsiio);
12975 		switch (retval) {
12976 		case CTL_RETVAL_COMPLETE:
12977 			break;
12978 		default:
12979 			/*
12980 			 * Probably need to make sure this doesn't happen.
12981 			 */
12982 			break;
12983 		}
12984 		mtx_lock(&softc->ctl_lock);
12985 	}
12986 }
12987 
12988 void
12989 ctl_wakeup_thread()
12990 {
12991 	struct ctl_softc *softc;
12992 
12993 	softc = control_softc;
12994 
12995 	wakeup(softc);
12996 }
12997 
12998 /* Initialization and failover */
12999 
13000 void
13001 ctl_init_isc_msg(void)
13002 {
13003 	printf("CTL: Still calling this thing\n");
13004 }
13005 
13006 /*
13007  * Init component
13008  * 	Initializes component into configuration defined by bootMode
13009  *	(see hasc-sv.c)
13010  *  	returns hasc_Status:
13011  * 		OK
13012  *		ERROR - fatal error
13013  */
13014 static ctl_ha_comp_status
13015 ctl_isc_init(struct ctl_ha_component *c)
13016 {
13017 	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13018 
13019 	c->status = ret;
13020 	return ret;
13021 }
13022 
13023 /* Start component
13024  * 	Starts component in state requested. If component starts successfully,
13025  *	it must set its own state to the requestrd state
13026  *	When requested state is HASC_STATE_HA, the component may refine it
13027  * 	by adding _SLAVE or _MASTER flags.
13028  *	Currently allowed state transitions are:
13029  *	UNKNOWN->HA		- initial startup
13030  *	UNKNOWN->SINGLE - initial startup when no parter detected
13031  *	HA->SINGLE		- failover
13032  * returns ctl_ha_comp_status:
13033  * 		OK	- component successfully started in requested state
13034  *		FAILED  - could not start the requested state, failover may
13035  * 			  be possible
13036  *		ERROR	- fatal error detected, no future startup possible
13037  */
13038 static ctl_ha_comp_status
13039 ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
13040 {
13041 	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13042 
13043 	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
13044 	if (c->state == CTL_HA_STATE_UNKNOWN ) {
13045 		ctl_is_single = 0;
13046 		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
13047 		    != CTL_HA_STATUS_SUCCESS) {
13048 			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
13049 			ret = CTL_HA_COMP_STATUS_ERROR;
13050 		}
13051 	} else if (CTL_HA_STATE_IS_HA(c->state)
13052 		&& CTL_HA_STATE_IS_SINGLE(state)){
13053 		// HA->SINGLE transition
13054 	        ctl_failover();
13055 		ctl_is_single = 1;
13056 	} else {
13057 		printf("ctl_isc_start:Invalid state transition %X->%X\n",
13058 		       c->state, state);
13059 		ret = CTL_HA_COMP_STATUS_ERROR;
13060 	}
13061 	if (CTL_HA_STATE_IS_SINGLE(state))
13062 		ctl_is_single = 1;
13063 
13064 	c->state = state;
13065 	c->status = ret;
13066 	return ret;
13067 }
13068 
13069 /*
13070  * Quiesce component
13071  * The component must clear any error conditions (set status to OK) and
13072  * prepare itself to another Start call
13073  * returns ctl_ha_comp_status:
13074  * 	OK
13075  *	ERROR
13076  */
13077 static ctl_ha_comp_status
13078 ctl_isc_quiesce(struct ctl_ha_component *c)
13079 {
13080 	int ret = CTL_HA_COMP_STATUS_OK;
13081 
13082 	ctl_pause_rtr = 1;
13083 	c->status = ret;
13084 	return ret;
13085 }
13086 
13087 struct ctl_ha_component ctl_ha_component_ctlisc =
13088 {
13089 	.name = "CTL ISC",
13090 	.state = CTL_HA_STATE_UNKNOWN,
13091 	.init = ctl_isc_init,
13092 	.start = ctl_isc_start,
13093 	.quiesce = ctl_isc_quiesce
13094 };
13095 
13096 /*
13097  *  vim: ts=8
13098  */
13099