xref: /freebsd/sys/cam/ctl/ctl_tpc.c (revision a0ee8cc636cd5c2374ec44ca71226564ea0bca95)
1 /*-
2  * Copyright (c) 2014 Alexander Motin <mav@FreeBSD.org>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer,
10  *    without modification, immediately at the beginning of the file.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29 
30 #include <sys/param.h>
31 #include <sys/systm.h>
32 #include <sys/kernel.h>
33 #include <sys/types.h>
34 #include <sys/lock.h>
35 #include <sys/module.h>
36 #include <sys/mutex.h>
37 #include <sys/condvar.h>
38 #include <sys/malloc.h>
39 #include <sys/conf.h>
40 #include <sys/queue.h>
41 #include <sys/sysctl.h>
42 #include <machine/atomic.h>
43 
44 #include <cam/cam.h>
45 #include <cam/scsi/scsi_all.h>
46 #include <cam/scsi/scsi_da.h>
47 #include <cam/ctl/ctl_io.h>
48 #include <cam/ctl/ctl.h>
49 #include <cam/ctl/ctl_frontend.h>
50 #include <cam/ctl/ctl_util.h>
51 #include <cam/ctl/ctl_backend.h>
52 #include <cam/ctl/ctl_ioctl.h>
53 #include <cam/ctl/ctl_ha.h>
54 #include <cam/ctl/ctl_private.h>
55 #include <cam/ctl/ctl_debug.h>
56 #include <cam/ctl/ctl_scsi_all.h>
57 #include <cam/ctl/ctl_tpc.h>
58 #include <cam/ctl/ctl_error.h>
59 
60 #define	TPC_MAX_CSCDS	64
61 #define	TPC_MAX_SEGS	64
62 #define	TPC_MAX_SEG	0
63 #define	TPC_MAX_LIST	8192
64 #define	TPC_MAX_INLINE	0
65 #define	TPC_MAX_LISTS	255
66 #define	TPC_MAX_IO_SIZE	(1024 * 1024)
67 #define	TPC_MAX_IOCHUNK_SIZE	(TPC_MAX_IO_SIZE * 16)
68 #define	TPC_MIN_TOKEN_TIMEOUT	1
69 #define	TPC_DFL_TOKEN_TIMEOUT	60
70 #define	TPC_MAX_TOKEN_TIMEOUT	600
71 
72 MALLOC_DEFINE(M_CTL_TPC, "ctltpc", "CTL TPC");
73 
74 typedef enum {
75 	TPC_ERR_RETRY		= 0x000,
76 	TPC_ERR_FAIL		= 0x001,
77 	TPC_ERR_MASK		= 0x0ff,
78 	TPC_ERR_NO_DECREMENT	= 0x100
79 } tpc_error_action;
80 
81 struct tpc_list;
82 TAILQ_HEAD(runl, tpc_io);
83 struct tpc_io {
84 	union ctl_io		*io;
85 	uint64_t		 lun;
86 	struct tpc_list		*list;
87 	struct runl		 run;
88 	TAILQ_ENTRY(tpc_io)	 rlinks;
89 	TAILQ_ENTRY(tpc_io)	 links;
90 };
91 
92 struct tpc_token {
93 	uint8_t			 token[512];
94 	uint64_t		 lun;
95 	uint32_t		 blocksize;
96 	uint8_t			*params;
97 	struct scsi_range_desc	*range;
98 	int			 nrange;
99 	int			 active;
100 	time_t			 last_active;
101 	uint32_t		 timeout;
102 	TAILQ_ENTRY(tpc_token)	 links;
103 };
104 
105 struct tpc_list {
106 	uint8_t			 service_action;
107 	int			 init_port;
108 	uint32_t		 init_idx;
109 	uint32_t		 list_id;
110 	uint8_t			 flags;
111 	uint8_t			*params;
112 	struct scsi_ec_cscd	*cscd;
113 	struct scsi_ec_segment	*seg[TPC_MAX_SEGS];
114 	uint8_t			*inl;
115 	int			 ncscd;
116 	int			 nseg;
117 	int			 leninl;
118 	struct tpc_token	*token;
119 	struct scsi_range_desc	*range;
120 	int			 nrange;
121 	off_t			 offset_into_rod;
122 
123 	int			 curseg;
124 	off_t			 cursectors;
125 	off_t			 curbytes;
126 	int			 curops;
127 	int			 stage;
128 	uint8_t			*buf;
129 	off_t			 segsectors;
130 	off_t			 segbytes;
131 	int			 tbdio;
132 	int			 error;
133 	int			 abort;
134 	int			 completed;
135 	time_t			 last_active;
136 	TAILQ_HEAD(, tpc_io)	 allio;
137 	struct scsi_sense_data	 sense_data;
138 	uint8_t			 sense_len;
139 	uint8_t			 scsi_status;
140 	struct ctl_scsiio	*ctsio;
141 	struct ctl_lun		*lun;
142 	int			 res_token_valid;
143 	uint8_t			 res_token[512];
144 	TAILQ_ENTRY(tpc_list)	 links;
145 };
146 
147 static void
148 tpc_timeout(void *arg)
149 {
150 	struct ctl_softc *softc = arg;
151 	struct ctl_lun *lun;
152 	struct tpc_token *token, *ttoken;
153 	struct tpc_list *list, *tlist;
154 
155 	/* Free completed lists with expired timeout. */
156 	STAILQ_FOREACH(lun, &softc->lun_list, links) {
157 		mtx_lock(&lun->lun_lock);
158 		TAILQ_FOREACH_SAFE(list, &lun->tpc_lists, links, tlist) {
159 			if (!list->completed || time_uptime < list->last_active +
160 			    TPC_DFL_TOKEN_TIMEOUT)
161 				continue;
162 			TAILQ_REMOVE(&lun->tpc_lists, list, links);
163 			free(list, M_CTL);
164 		}
165 		mtx_unlock(&lun->lun_lock);
166 	}
167 
168 	/* Free inactive ROD tokens with expired timeout. */
169 	mtx_lock(&softc->tpc_lock);
170 	TAILQ_FOREACH_SAFE(token, &softc->tpc_tokens, links, ttoken) {
171 		if (token->active ||
172 		    time_uptime < token->last_active + token->timeout + 1)
173 			continue;
174 		TAILQ_REMOVE(&softc->tpc_tokens, token, links);
175 		free(token->params, M_CTL);
176 		free(token, M_CTL);
177 	}
178 	mtx_unlock(&softc->tpc_lock);
179 	callout_schedule(&softc->tpc_timeout, hz);
180 }
181 
182 void
183 ctl_tpc_init(struct ctl_softc *softc)
184 {
185 
186 	mtx_init(&softc->tpc_lock, "CTL TPC mutex", NULL, MTX_DEF);
187 	TAILQ_INIT(&softc->tpc_tokens);
188 	callout_init_mtx(&softc->tpc_timeout, &softc->ctl_lock, 0);
189 	callout_reset(&softc->tpc_timeout, hz, tpc_timeout, softc);
190 }
191 
192 void
193 ctl_tpc_shutdown(struct ctl_softc *softc)
194 {
195 	struct tpc_token *token;
196 
197 	callout_drain(&softc->tpc_timeout);
198 
199 	/* Free ROD tokens. */
200 	mtx_lock(&softc->tpc_lock);
201 	while ((token = TAILQ_FIRST(&softc->tpc_tokens)) != NULL) {
202 		TAILQ_REMOVE(&softc->tpc_tokens, token, links);
203 		free(token->params, M_CTL);
204 		free(token, M_CTL);
205 	}
206 	mtx_unlock(&softc->tpc_lock);
207 	mtx_destroy(&softc->tpc_lock);
208 }
209 
210 void
211 ctl_tpc_lun_init(struct ctl_lun *lun)
212 {
213 
214 	TAILQ_INIT(&lun->tpc_lists);
215 }
216 
217 void
218 ctl_tpc_lun_shutdown(struct ctl_lun *lun)
219 {
220 	struct ctl_softc *softc = lun->ctl_softc;
221 	struct tpc_list *list;
222 	struct tpc_token *token, *ttoken;
223 
224 	/* Free lists for this LUN. */
225 	while ((list = TAILQ_FIRST(&lun->tpc_lists)) != NULL) {
226 		TAILQ_REMOVE(&lun->tpc_lists, list, links);
227 		KASSERT(list->completed,
228 		    ("Not completed TPC (%p) on shutdown", list));
229 		free(list, M_CTL);
230 	}
231 
232 	/* Free ROD tokens for this LUN. */
233 	mtx_lock(&softc->tpc_lock);
234 	TAILQ_FOREACH_SAFE(token, &softc->tpc_tokens, links, ttoken) {
235 		if (token->lun != lun->lun || token->active)
236 			continue;
237 		TAILQ_REMOVE(&softc->tpc_tokens, token, links);
238 		free(token->params, M_CTL);
239 		free(token, M_CTL);
240 	}
241 	mtx_unlock(&softc->tpc_lock);
242 }
243 
244 int
245 ctl_inquiry_evpd_tpc(struct ctl_scsiio *ctsio, int alloc_len)
246 {
247 	struct scsi_vpd_tpc *tpc_ptr;
248 	struct scsi_vpd_tpc_descriptor *d_ptr;
249 	struct scsi_vpd_tpc_descriptor_bdrl *bdrl_ptr;
250 	struct scsi_vpd_tpc_descriptor_sc *sc_ptr;
251 	struct scsi_vpd_tpc_descriptor_sc_descr *scd_ptr;
252 	struct scsi_vpd_tpc_descriptor_pd *pd_ptr;
253 	struct scsi_vpd_tpc_descriptor_sd *sd_ptr;
254 	struct scsi_vpd_tpc_descriptor_sdid *sdid_ptr;
255 	struct scsi_vpd_tpc_descriptor_rtf *rtf_ptr;
256 	struct scsi_vpd_tpc_descriptor_rtf_block *rtfb_ptr;
257 	struct scsi_vpd_tpc_descriptor_srt *srt_ptr;
258 	struct scsi_vpd_tpc_descriptor_srtd *srtd_ptr;
259 	struct scsi_vpd_tpc_descriptor_gco *gco_ptr;
260 	struct ctl_lun *lun;
261 	int data_len;
262 
263 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
264 
265 	data_len = sizeof(struct scsi_vpd_tpc) +
266 	    sizeof(struct scsi_vpd_tpc_descriptor_bdrl) +
267 	    roundup2(sizeof(struct scsi_vpd_tpc_descriptor_sc) +
268 	     2 * sizeof(struct scsi_vpd_tpc_descriptor_sc_descr) + 11, 4) +
269 	    sizeof(struct scsi_vpd_tpc_descriptor_pd) +
270 	    roundup2(sizeof(struct scsi_vpd_tpc_descriptor_sd) + 4, 4) +
271 	    roundup2(sizeof(struct scsi_vpd_tpc_descriptor_sdid) + 2, 4) +
272 	    sizeof(struct scsi_vpd_tpc_descriptor_rtf) +
273 	     sizeof(struct scsi_vpd_tpc_descriptor_rtf_block) +
274 	    sizeof(struct scsi_vpd_tpc_descriptor_srt) +
275 	     2*sizeof(struct scsi_vpd_tpc_descriptor_srtd) +
276 	    sizeof(struct scsi_vpd_tpc_descriptor_gco);
277 
278 	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
279 	tpc_ptr = (struct scsi_vpd_tpc *)ctsio->kern_data_ptr;
280 	ctsio->kern_sg_entries = 0;
281 
282 	if (data_len < alloc_len) {
283 		ctsio->residual = alloc_len - data_len;
284 		ctsio->kern_data_len = data_len;
285 		ctsio->kern_total_len = data_len;
286 	} else {
287 		ctsio->residual = 0;
288 		ctsio->kern_data_len = alloc_len;
289 		ctsio->kern_total_len = alloc_len;
290 	}
291 	ctsio->kern_data_resid = 0;
292 	ctsio->kern_rel_offset = 0;
293 	ctsio->kern_sg_entries = 0;
294 
295 	/*
296 	 * The control device is always connected.  The disk device, on the
297 	 * other hand, may not be online all the time.
298 	 */
299 	if (lun != NULL)
300 		tpc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
301 				     lun->be_lun->lun_type;
302 	else
303 		tpc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
304 	tpc_ptr->page_code = SVPD_SCSI_TPC;
305 	scsi_ulto2b(data_len - 4, tpc_ptr->page_length);
306 
307 	/* Block Device ROD Limits */
308 	d_ptr = (struct scsi_vpd_tpc_descriptor *)&tpc_ptr->descr[0];
309 	bdrl_ptr = (struct scsi_vpd_tpc_descriptor_bdrl *)d_ptr;
310 	scsi_ulto2b(SVPD_TPC_BDRL, bdrl_ptr->desc_type);
311 	scsi_ulto2b(sizeof(*bdrl_ptr) - 4, bdrl_ptr->desc_length);
312 	scsi_ulto2b(TPC_MAX_SEGS, bdrl_ptr->maximum_ranges);
313 	scsi_ulto4b(TPC_MAX_TOKEN_TIMEOUT,
314 	    bdrl_ptr->maximum_inactivity_timeout);
315 	scsi_ulto4b(TPC_DFL_TOKEN_TIMEOUT,
316 	    bdrl_ptr->default_inactivity_timeout);
317 	scsi_u64to8b(0, bdrl_ptr->maximum_token_transfer_size);
318 	scsi_u64to8b(0, bdrl_ptr->optimal_transfer_count);
319 
320 	/* Supported commands */
321 	d_ptr = (struct scsi_vpd_tpc_descriptor *)
322 	    (&d_ptr->parameters[0] + scsi_2btoul(d_ptr->desc_length));
323 	sc_ptr = (struct scsi_vpd_tpc_descriptor_sc *)d_ptr;
324 	scsi_ulto2b(SVPD_TPC_SC, sc_ptr->desc_type);
325 	sc_ptr->list_length = 2 * sizeof(*scd_ptr) + 11;
326 	scsi_ulto2b(roundup2(1 + sc_ptr->list_length, 4), sc_ptr->desc_length);
327 	scd_ptr = &sc_ptr->descr[0];
328 	scd_ptr->opcode = EXTENDED_COPY;
329 	scd_ptr->sa_length = 5;
330 	scd_ptr->supported_service_actions[0] = EC_EC_LID1;
331 	scd_ptr->supported_service_actions[1] = EC_EC_LID4;
332 	scd_ptr->supported_service_actions[2] = EC_PT;
333 	scd_ptr->supported_service_actions[3] = EC_WUT;
334 	scd_ptr->supported_service_actions[4] = EC_COA;
335 	scd_ptr = (struct scsi_vpd_tpc_descriptor_sc_descr *)
336 	    &scd_ptr->supported_service_actions[scd_ptr->sa_length];
337 	scd_ptr->opcode = RECEIVE_COPY_STATUS;
338 	scd_ptr->sa_length = 6;
339 	scd_ptr->supported_service_actions[0] = RCS_RCS_LID1;
340 	scd_ptr->supported_service_actions[1] = RCS_RCFD;
341 	scd_ptr->supported_service_actions[2] = RCS_RCS_LID4;
342 	scd_ptr->supported_service_actions[3] = RCS_RCOP;
343 	scd_ptr->supported_service_actions[4] = RCS_RRTI;
344 	scd_ptr->supported_service_actions[5] = RCS_RART;
345 
346 	/* Parameter data. */
347 	d_ptr = (struct scsi_vpd_tpc_descriptor *)
348 	    (&d_ptr->parameters[0] + scsi_2btoul(d_ptr->desc_length));
349 	pd_ptr = (struct scsi_vpd_tpc_descriptor_pd *)d_ptr;
350 	scsi_ulto2b(SVPD_TPC_PD, pd_ptr->desc_type);
351 	scsi_ulto2b(sizeof(*pd_ptr) - 4, pd_ptr->desc_length);
352 	scsi_ulto2b(TPC_MAX_CSCDS, pd_ptr->maximum_cscd_descriptor_count);
353 	scsi_ulto2b(TPC_MAX_SEGS, pd_ptr->maximum_segment_descriptor_count);
354 	scsi_ulto4b(TPC_MAX_LIST, pd_ptr->maximum_descriptor_list_length);
355 	scsi_ulto4b(TPC_MAX_INLINE, pd_ptr->maximum_inline_data_length);
356 
357 	/* Supported Descriptors */
358 	d_ptr = (struct scsi_vpd_tpc_descriptor *)
359 	    (&d_ptr->parameters[0] + scsi_2btoul(d_ptr->desc_length));
360 	sd_ptr = (struct scsi_vpd_tpc_descriptor_sd *)d_ptr;
361 	scsi_ulto2b(SVPD_TPC_SD, sd_ptr->desc_type);
362 	scsi_ulto2b(roundup2(sizeof(*sd_ptr) - 4 + 4, 4), sd_ptr->desc_length);
363 	sd_ptr->list_length = 4;
364 	sd_ptr->supported_descriptor_codes[0] = EC_SEG_B2B;
365 	sd_ptr->supported_descriptor_codes[1] = EC_SEG_VERIFY;
366 	sd_ptr->supported_descriptor_codes[2] = EC_SEG_REGISTER_KEY;
367 	sd_ptr->supported_descriptor_codes[3] = EC_CSCD_ID;
368 
369 	/* Supported CSCD Descriptor IDs */
370 	d_ptr = (struct scsi_vpd_tpc_descriptor *)
371 	    (&d_ptr->parameters[0] + scsi_2btoul(d_ptr->desc_length));
372 	sdid_ptr = (struct scsi_vpd_tpc_descriptor_sdid *)d_ptr;
373 	scsi_ulto2b(SVPD_TPC_SDID, sdid_ptr->desc_type);
374 	scsi_ulto2b(roundup2(sizeof(*sdid_ptr) - 4 + 2, 4), sdid_ptr->desc_length);
375 	scsi_ulto2b(2, sdid_ptr->list_length);
376 	scsi_ulto2b(0xffff, &sdid_ptr->supported_descriptor_ids[0]);
377 
378 	/* ROD Token Features */
379 	d_ptr = (struct scsi_vpd_tpc_descriptor *)
380 	    (&d_ptr->parameters[0] + scsi_2btoul(d_ptr->desc_length));
381 	rtf_ptr = (struct scsi_vpd_tpc_descriptor_rtf *)d_ptr;
382 	scsi_ulto2b(SVPD_TPC_RTF, rtf_ptr->desc_type);
383 	scsi_ulto2b(sizeof(*rtf_ptr) - 4 + sizeof(*rtfb_ptr), rtf_ptr->desc_length);
384 	rtf_ptr->remote_tokens = 0;
385 	scsi_ulto4b(TPC_MIN_TOKEN_TIMEOUT, rtf_ptr->minimum_token_lifetime);
386 	scsi_ulto4b(UINT32_MAX, rtf_ptr->maximum_token_lifetime);
387 	scsi_ulto4b(TPC_MAX_TOKEN_TIMEOUT,
388 	    rtf_ptr->maximum_token_inactivity_timeout);
389 	scsi_ulto2b(sizeof(*rtfb_ptr), rtf_ptr->type_specific_features_length);
390 	rtfb_ptr = (struct scsi_vpd_tpc_descriptor_rtf_block *)
391 	    &rtf_ptr->type_specific_features;
392 	rtfb_ptr->type_format = SVPD_TPC_RTF_BLOCK;
393 	scsi_ulto2b(sizeof(*rtfb_ptr) - 4, rtfb_ptr->desc_length);
394 	scsi_ulto2b(0, rtfb_ptr->optimal_length_granularity);
395 	scsi_u64to8b(0, rtfb_ptr->maximum_bytes);
396 	scsi_u64to8b(0, rtfb_ptr->optimal_bytes);
397 	scsi_u64to8b(UINT64_MAX, rtfb_ptr->optimal_bytes_to_token_per_segment);
398 	scsi_u64to8b(TPC_MAX_IOCHUNK_SIZE,
399 	    rtfb_ptr->optimal_bytes_from_token_per_segment);
400 
401 	/* Supported ROD Tokens */
402 	d_ptr = (struct scsi_vpd_tpc_descriptor *)
403 	    (&d_ptr->parameters[0] + scsi_2btoul(d_ptr->desc_length));
404 	srt_ptr = (struct scsi_vpd_tpc_descriptor_srt *)d_ptr;
405 	scsi_ulto2b(SVPD_TPC_SRT, srt_ptr->desc_type);
406 	scsi_ulto2b(sizeof(*srt_ptr) - 4 + 2*sizeof(*srtd_ptr), srt_ptr->desc_length);
407 	scsi_ulto2b(2*sizeof(*srtd_ptr), srt_ptr->rod_type_descriptors_length);
408 	srtd_ptr = (struct scsi_vpd_tpc_descriptor_srtd *)
409 	    &srt_ptr->rod_type_descriptors;
410 	scsi_ulto4b(ROD_TYPE_AUR, srtd_ptr->rod_type);
411 	srtd_ptr->flags = SVPD_TPC_SRTD_TIN | SVPD_TPC_SRTD_TOUT;
412 	scsi_ulto2b(0, srtd_ptr->preference_indicator);
413 	srtd_ptr++;
414 	scsi_ulto4b(ROD_TYPE_BLOCK_ZERO, srtd_ptr->rod_type);
415 	srtd_ptr->flags = SVPD_TPC_SRTD_TIN;
416 	scsi_ulto2b(0, srtd_ptr->preference_indicator);
417 
418 	/* General Copy Operations */
419 	d_ptr = (struct scsi_vpd_tpc_descriptor *)
420 	    (&d_ptr->parameters[0] + scsi_2btoul(d_ptr->desc_length));
421 	gco_ptr = (struct scsi_vpd_tpc_descriptor_gco *)d_ptr;
422 	scsi_ulto2b(SVPD_TPC_GCO, gco_ptr->desc_type);
423 	scsi_ulto2b(sizeof(*gco_ptr) - 4, gco_ptr->desc_length);
424 	scsi_ulto4b(TPC_MAX_LISTS, gco_ptr->total_concurrent_copies);
425 	scsi_ulto4b(TPC_MAX_LISTS, gco_ptr->maximum_identified_concurrent_copies);
426 	scsi_ulto4b(TPC_MAX_SEG, gco_ptr->maximum_segment_length);
427 	gco_ptr->data_segment_granularity = 0;
428 	gco_ptr->inline_data_granularity = 0;
429 
430 	ctl_set_success(ctsio);
431 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
432 	ctsio->be_move_done = ctl_config_move_done;
433 	ctl_datamove((union ctl_io *)ctsio);
434 
435 	return (CTL_RETVAL_COMPLETE);
436 }
437 
438 int
439 ctl_receive_copy_operating_parameters(struct ctl_scsiio *ctsio)
440 {
441 	struct scsi_receive_copy_operating_parameters *cdb;
442 	struct scsi_receive_copy_operating_parameters_data *data;
443 	int retval;
444 	int alloc_len, total_len;
445 
446 	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
447 
448 	cdb = (struct scsi_receive_copy_operating_parameters *)ctsio->cdb;
449 
450 	retval = CTL_RETVAL_COMPLETE;
451 
452 	total_len = sizeof(*data) + 4;
453 	alloc_len = scsi_4btoul(cdb->length);
454 
455 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
456 
457 	ctsio->kern_sg_entries = 0;
458 
459 	if (total_len < alloc_len) {
460 		ctsio->residual = alloc_len - total_len;
461 		ctsio->kern_data_len = total_len;
462 		ctsio->kern_total_len = total_len;
463 	} else {
464 		ctsio->residual = 0;
465 		ctsio->kern_data_len = alloc_len;
466 		ctsio->kern_total_len = alloc_len;
467 	}
468 	ctsio->kern_data_resid = 0;
469 	ctsio->kern_rel_offset = 0;
470 
471 	data = (struct scsi_receive_copy_operating_parameters_data *)ctsio->kern_data_ptr;
472 	scsi_ulto4b(sizeof(*data) - 4 + 4, data->length);
473 	data->snlid = RCOP_SNLID;
474 	scsi_ulto2b(TPC_MAX_CSCDS, data->maximum_cscd_descriptor_count);
475 	scsi_ulto2b(TPC_MAX_SEGS, data->maximum_segment_descriptor_count);
476 	scsi_ulto4b(TPC_MAX_LIST, data->maximum_descriptor_list_length);
477 	scsi_ulto4b(TPC_MAX_SEG, data->maximum_segment_length);
478 	scsi_ulto4b(TPC_MAX_INLINE, data->maximum_inline_data_length);
479 	scsi_ulto4b(0, data->held_data_limit);
480 	scsi_ulto4b(0, data->maximum_stream_device_transfer_size);
481 	scsi_ulto2b(TPC_MAX_LISTS, data->total_concurrent_copies);
482 	data->maximum_concurrent_copies = TPC_MAX_LISTS;
483 	data->data_segment_granularity = 0;
484 	data->inline_data_granularity = 0;
485 	data->held_data_granularity = 0;
486 	data->implemented_descriptor_list_length = 4;
487 	data->list_of_implemented_descriptor_type_codes[0] = EC_SEG_B2B;
488 	data->list_of_implemented_descriptor_type_codes[1] = EC_SEG_VERIFY;
489 	data->list_of_implemented_descriptor_type_codes[2] = EC_SEG_REGISTER_KEY;
490 	data->list_of_implemented_descriptor_type_codes[3] = EC_CSCD_ID;
491 
492 	ctl_set_success(ctsio);
493 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
494 	ctsio->be_move_done = ctl_config_move_done;
495 	ctl_datamove((union ctl_io *)ctsio);
496 	return (retval);
497 }
498 
499 static struct tpc_list *
500 tpc_find_list(struct ctl_lun *lun, uint32_t list_id, uint32_t init_idx)
501 {
502 	struct tpc_list *list;
503 
504 	mtx_assert(&lun->lun_lock, MA_OWNED);
505 	TAILQ_FOREACH(list, &lun->tpc_lists, links) {
506 		if ((list->flags & EC_LIST_ID_USAGE_MASK) !=
507 		     EC_LIST_ID_USAGE_NONE && list->list_id == list_id &&
508 		    list->init_idx == init_idx)
509 			break;
510 	}
511 	return (list);
512 }
513 
514 int
515 ctl_receive_copy_status_lid1(struct ctl_scsiio *ctsio)
516 {
517 	struct ctl_lun *lun;
518 	struct scsi_receive_copy_status_lid1 *cdb;
519 	struct scsi_receive_copy_status_lid1_data *data;
520 	struct tpc_list *list;
521 	struct tpc_list list_copy;
522 	int retval;
523 	int alloc_len, total_len;
524 	uint32_t list_id;
525 
526 	CTL_DEBUG_PRINT(("ctl_receive_copy_status_lid1\n"));
527 
528 	cdb = (struct scsi_receive_copy_status_lid1 *)ctsio->cdb;
529 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
530 
531 	retval = CTL_RETVAL_COMPLETE;
532 
533 	list_id = cdb->list_identifier;
534 	mtx_lock(&lun->lun_lock);
535 	list = tpc_find_list(lun, list_id,
536 	    ctl_get_initindex(&ctsio->io_hdr.nexus));
537 	if (list == NULL) {
538 		mtx_unlock(&lun->lun_lock);
539 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
540 		    /*command*/ 1, /*field*/ 2, /*bit_valid*/ 0,
541 		    /*bit*/ 0);
542 		ctl_done((union ctl_io *)ctsio);
543 		return (retval);
544 	}
545 	list_copy = *list;
546 	if (list->completed) {
547 		TAILQ_REMOVE(&lun->tpc_lists, list, links);
548 		free(list, M_CTL);
549 	}
550 	mtx_unlock(&lun->lun_lock);
551 
552 	total_len = sizeof(*data);
553 	alloc_len = scsi_4btoul(cdb->length);
554 
555 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
556 
557 	ctsio->kern_sg_entries = 0;
558 
559 	if (total_len < alloc_len) {
560 		ctsio->residual = alloc_len - total_len;
561 		ctsio->kern_data_len = total_len;
562 		ctsio->kern_total_len = total_len;
563 	} else {
564 		ctsio->residual = 0;
565 		ctsio->kern_data_len = alloc_len;
566 		ctsio->kern_total_len = alloc_len;
567 	}
568 	ctsio->kern_data_resid = 0;
569 	ctsio->kern_rel_offset = 0;
570 
571 	data = (struct scsi_receive_copy_status_lid1_data *)ctsio->kern_data_ptr;
572 	scsi_ulto4b(sizeof(*data) - 4, data->available_data);
573 	if (list_copy.completed) {
574 		if (list_copy.error || list_copy.abort)
575 			data->copy_command_status = RCS_CCS_ERROR;
576 		else
577 			data->copy_command_status = RCS_CCS_COMPLETED;
578 	} else
579 		data->copy_command_status = RCS_CCS_INPROG;
580 	scsi_ulto2b(list_copy.curseg, data->segments_processed);
581 	if (list_copy.curbytes <= UINT32_MAX) {
582 		data->transfer_count_units = RCS_TC_BYTES;
583 		scsi_ulto4b(list_copy.curbytes, data->transfer_count);
584 	} else {
585 		data->transfer_count_units = RCS_TC_MBYTES;
586 		scsi_ulto4b(list_copy.curbytes >> 20, data->transfer_count);
587 	}
588 
589 	ctl_set_success(ctsio);
590 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
591 	ctsio->be_move_done = ctl_config_move_done;
592 	ctl_datamove((union ctl_io *)ctsio);
593 	return (retval);
594 }
595 
596 int
597 ctl_receive_copy_failure_details(struct ctl_scsiio *ctsio)
598 {
599 	struct ctl_lun *lun;
600 	struct scsi_receive_copy_failure_details *cdb;
601 	struct scsi_receive_copy_failure_details_data *data;
602 	struct tpc_list *list;
603 	struct tpc_list list_copy;
604 	int retval;
605 	int alloc_len, total_len;
606 	uint32_t list_id;
607 
608 	CTL_DEBUG_PRINT(("ctl_receive_copy_failure_details\n"));
609 
610 	cdb = (struct scsi_receive_copy_failure_details *)ctsio->cdb;
611 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
612 
613 	retval = CTL_RETVAL_COMPLETE;
614 
615 	list_id = cdb->list_identifier;
616 	mtx_lock(&lun->lun_lock);
617 	list = tpc_find_list(lun, list_id,
618 	    ctl_get_initindex(&ctsio->io_hdr.nexus));
619 	if (list == NULL || !list->completed) {
620 		mtx_unlock(&lun->lun_lock);
621 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
622 		    /*command*/ 1, /*field*/ 2, /*bit_valid*/ 0,
623 		    /*bit*/ 0);
624 		ctl_done((union ctl_io *)ctsio);
625 		return (retval);
626 	}
627 	list_copy = *list;
628 	TAILQ_REMOVE(&lun->tpc_lists, list, links);
629 	free(list, M_CTL);
630 	mtx_unlock(&lun->lun_lock);
631 
632 	total_len = sizeof(*data) + list_copy.sense_len;
633 	alloc_len = scsi_4btoul(cdb->length);
634 
635 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
636 
637 	ctsio->kern_sg_entries = 0;
638 
639 	if (total_len < alloc_len) {
640 		ctsio->residual = alloc_len - total_len;
641 		ctsio->kern_data_len = total_len;
642 		ctsio->kern_total_len = total_len;
643 	} else {
644 		ctsio->residual = 0;
645 		ctsio->kern_data_len = alloc_len;
646 		ctsio->kern_total_len = alloc_len;
647 	}
648 	ctsio->kern_data_resid = 0;
649 	ctsio->kern_rel_offset = 0;
650 
651 	data = (struct scsi_receive_copy_failure_details_data *)ctsio->kern_data_ptr;
652 	if (list_copy.completed && (list_copy.error || list_copy.abort)) {
653 		scsi_ulto4b(sizeof(*data) - 4 + list_copy.sense_len,
654 		    data->available_data);
655 		data->copy_command_status = RCS_CCS_ERROR;
656 	} else
657 		scsi_ulto4b(0, data->available_data);
658 	scsi_ulto2b(list_copy.sense_len, data->sense_data_length);
659 	memcpy(data->sense_data, &list_copy.sense_data, list_copy.sense_len);
660 
661 	ctl_set_success(ctsio);
662 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
663 	ctsio->be_move_done = ctl_config_move_done;
664 	ctl_datamove((union ctl_io *)ctsio);
665 	return (retval);
666 }
667 
668 int
669 ctl_receive_copy_status_lid4(struct ctl_scsiio *ctsio)
670 {
671 	struct ctl_lun *lun;
672 	struct scsi_receive_copy_status_lid4 *cdb;
673 	struct scsi_receive_copy_status_lid4_data *data;
674 	struct tpc_list *list;
675 	struct tpc_list list_copy;
676 	int retval;
677 	int alloc_len, total_len;
678 	uint32_t list_id;
679 
680 	CTL_DEBUG_PRINT(("ctl_receive_copy_status_lid4\n"));
681 
682 	cdb = (struct scsi_receive_copy_status_lid4 *)ctsio->cdb;
683 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
684 
685 	retval = CTL_RETVAL_COMPLETE;
686 
687 	list_id = scsi_4btoul(cdb->list_identifier);
688 	mtx_lock(&lun->lun_lock);
689 	list = tpc_find_list(lun, list_id,
690 	    ctl_get_initindex(&ctsio->io_hdr.nexus));
691 	if (list == NULL) {
692 		mtx_unlock(&lun->lun_lock);
693 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
694 		    /*command*/ 1, /*field*/ 2, /*bit_valid*/ 0,
695 		    /*bit*/ 0);
696 		ctl_done((union ctl_io *)ctsio);
697 		return (retval);
698 	}
699 	list_copy = *list;
700 	if (list->completed) {
701 		TAILQ_REMOVE(&lun->tpc_lists, list, links);
702 		free(list, M_CTL);
703 	}
704 	mtx_unlock(&lun->lun_lock);
705 
706 	total_len = sizeof(*data) + list_copy.sense_len;
707 	alloc_len = scsi_4btoul(cdb->length);
708 
709 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
710 
711 	ctsio->kern_sg_entries = 0;
712 
713 	if (total_len < alloc_len) {
714 		ctsio->residual = alloc_len - total_len;
715 		ctsio->kern_data_len = total_len;
716 		ctsio->kern_total_len = total_len;
717 	} else {
718 		ctsio->residual = 0;
719 		ctsio->kern_data_len = alloc_len;
720 		ctsio->kern_total_len = alloc_len;
721 	}
722 	ctsio->kern_data_resid = 0;
723 	ctsio->kern_rel_offset = 0;
724 
725 	data = (struct scsi_receive_copy_status_lid4_data *)ctsio->kern_data_ptr;
726 	scsi_ulto4b(sizeof(*data) - 4 + list_copy.sense_len,
727 	    data->available_data);
728 	data->response_to_service_action = list_copy.service_action;
729 	if (list_copy.completed) {
730 		if (list_copy.error)
731 			data->copy_command_status = RCS_CCS_ERROR;
732 		else if (list_copy.abort)
733 			data->copy_command_status = RCS_CCS_ABORTED;
734 		else
735 			data->copy_command_status = RCS_CCS_COMPLETED;
736 	} else
737 		data->copy_command_status = RCS_CCS_INPROG_FG;
738 	scsi_ulto2b(list_copy.curops, data->operation_counter);
739 	scsi_ulto4b(UINT32_MAX, data->estimated_status_update_delay);
740 	data->transfer_count_units = RCS_TC_BYTES;
741 	scsi_u64to8b(list_copy.curbytes, data->transfer_count);
742 	scsi_ulto2b(list_copy.curseg, data->segments_processed);
743 	data->length_of_the_sense_data_field = list_copy.sense_len;
744 	data->sense_data_length = list_copy.sense_len;
745 	memcpy(data->sense_data, &list_copy.sense_data, list_copy.sense_len);
746 
747 	ctl_set_success(ctsio);
748 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
749 	ctsio->be_move_done = ctl_config_move_done;
750 	ctl_datamove((union ctl_io *)ctsio);
751 	return (retval);
752 }
753 
754 int
755 ctl_copy_operation_abort(struct ctl_scsiio *ctsio)
756 {
757 	struct ctl_lun *lun;
758 	struct scsi_copy_operation_abort *cdb;
759 	struct tpc_list *list;
760 	int retval;
761 	uint32_t list_id;
762 
763 	CTL_DEBUG_PRINT(("ctl_copy_operation_abort\n"));
764 
765 	cdb = (struct scsi_copy_operation_abort *)ctsio->cdb;
766 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
767 
768 	retval = CTL_RETVAL_COMPLETE;
769 
770 	list_id = scsi_4btoul(cdb->list_identifier);
771 	mtx_lock(&lun->lun_lock);
772 	list = tpc_find_list(lun, list_id,
773 	    ctl_get_initindex(&ctsio->io_hdr.nexus));
774 	if (list == NULL) {
775 		mtx_unlock(&lun->lun_lock);
776 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
777 		    /*command*/ 1, /*field*/ 2, /*bit_valid*/ 0,
778 		    /*bit*/ 0);
779 		ctl_done((union ctl_io *)ctsio);
780 		return (retval);
781 	}
782 	list->abort = 1;
783 	mtx_unlock(&lun->lun_lock);
784 
785 	ctl_set_success(ctsio);
786 	ctl_done((union ctl_io *)ctsio);
787 	return (retval);
788 }
789 
790 static uint64_t
791 tpc_resolve(struct tpc_list *list, uint16_t idx, uint32_t *ss,
792     uint32_t *pb, uint32_t *pbo)
793 {
794 
795 	if (idx == 0xffff) {
796 		if (ss && list->lun->be_lun)
797 			*ss = list->lun->be_lun->blocksize;
798 		if (pb && list->lun->be_lun)
799 			*pb = list->lun->be_lun->blocksize <<
800 			    list->lun->be_lun->pblockexp;
801 		if (pbo && list->lun->be_lun)
802 			*pbo = list->lun->be_lun->blocksize *
803 			    list->lun->be_lun->pblockoff;
804 		return (list->lun->lun);
805 	}
806 	if (idx >= list->ncscd)
807 		return (UINT64_MAX);
808 	return (tpcl_resolve(list->lun->ctl_softc,
809 	    list->init_port, &list->cscd[idx], ss, pb, pbo));
810 }
811 
812 static int
813 tpc_process_b2b(struct tpc_list *list)
814 {
815 	struct scsi_ec_segment_b2b *seg;
816 	struct scsi_ec_cscd_dtsp *sdstp, *ddstp;
817 	struct tpc_io *tior, *tiow;
818 	struct runl run;
819 	uint64_t sl, dl;
820 	off_t srclba, dstlba, numbytes, donebytes, roundbytes;
821 	int numlba;
822 	uint32_t srcblock, dstblock, pb, pbo, adj;
823 	uint8_t csi[4];
824 
825 	scsi_ulto4b(list->curseg, csi);
826 	if (list->stage == 1) {
827 		while ((tior = TAILQ_FIRST(&list->allio)) != NULL) {
828 			TAILQ_REMOVE(&list->allio, tior, links);
829 			ctl_free_io(tior->io);
830 			free(tior, M_CTL);
831 		}
832 		free(list->buf, M_CTL);
833 		if (list->abort) {
834 			ctl_set_task_aborted(list->ctsio);
835 			return (CTL_RETVAL_ERROR);
836 		} else if (list->error) {
837 			ctl_set_sense(list->ctsio, /*current_error*/ 1,
838 			    /*sense_key*/ SSD_KEY_COPY_ABORTED,
839 			    /*asc*/ 0x0d, /*ascq*/ 0x01,
840 			    SSD_ELEM_COMMAND, sizeof(csi), csi,
841 			    SSD_ELEM_NONE);
842 			return (CTL_RETVAL_ERROR);
843 		}
844 		list->cursectors += list->segsectors;
845 		list->curbytes += list->segbytes;
846 		return (CTL_RETVAL_COMPLETE);
847 	}
848 
849 	TAILQ_INIT(&list->allio);
850 	seg = (struct scsi_ec_segment_b2b *)list->seg[list->curseg];
851 	sl = tpc_resolve(list, scsi_2btoul(seg->src_cscd), &srcblock, NULL, NULL);
852 	dl = tpc_resolve(list, scsi_2btoul(seg->dst_cscd), &dstblock, &pb, &pbo);
853 	if (sl >= CTL_MAX_LUNS || dl >= CTL_MAX_LUNS) {
854 		ctl_set_sense(list->ctsio, /*current_error*/ 1,
855 		    /*sense_key*/ SSD_KEY_COPY_ABORTED,
856 		    /*asc*/ 0x08, /*ascq*/ 0x04,
857 		    SSD_ELEM_COMMAND, sizeof(csi), csi,
858 		    SSD_ELEM_NONE);
859 		return (CTL_RETVAL_ERROR);
860 	}
861 	if (pbo > 0)
862 		pbo = pb - pbo;
863 	sdstp = &list->cscd[scsi_2btoul(seg->src_cscd)].dtsp;
864 	if (scsi_3btoul(sdstp->block_length) != 0)
865 		srcblock = scsi_3btoul(sdstp->block_length);
866 	ddstp = &list->cscd[scsi_2btoul(seg->dst_cscd)].dtsp;
867 	if (scsi_3btoul(ddstp->block_length) != 0)
868 		dstblock = scsi_3btoul(ddstp->block_length);
869 	numlba = scsi_2btoul(seg->number_of_blocks);
870 	if (seg->flags & EC_SEG_DC)
871 		numbytes = (off_t)numlba * dstblock;
872 	else
873 		numbytes = (off_t)numlba * srcblock;
874 	srclba = scsi_8btou64(seg->src_lba);
875 	dstlba = scsi_8btou64(seg->dst_lba);
876 
877 //	printf("Copy %ju bytes from %ju @ %ju to %ju @ %ju\n",
878 //	    (uintmax_t)numbytes, sl, scsi_8btou64(seg->src_lba),
879 //	    dl, scsi_8btou64(seg->dst_lba));
880 
881 	if (numbytes == 0)
882 		return (CTL_RETVAL_COMPLETE);
883 
884 	if (numbytes % srcblock != 0 || numbytes % dstblock != 0) {
885 		ctl_set_sense(list->ctsio, /*current_error*/ 1,
886 		    /*sense_key*/ SSD_KEY_COPY_ABORTED,
887 		    /*asc*/ 0x26, /*ascq*/ 0x0A,
888 		    SSD_ELEM_COMMAND, sizeof(csi), csi,
889 		    SSD_ELEM_NONE);
890 		return (CTL_RETVAL_ERROR);
891 	}
892 
893 	list->buf = malloc(numbytes, M_CTL, M_WAITOK);
894 	list->segbytes = numbytes;
895 	list->segsectors = numbytes / dstblock;
896 	donebytes = 0;
897 	TAILQ_INIT(&run);
898 	list->tbdio = 0;
899 	while (donebytes < numbytes) {
900 		roundbytes = numbytes - donebytes;
901 		if (roundbytes > TPC_MAX_IO_SIZE) {
902 			roundbytes = TPC_MAX_IO_SIZE;
903 			roundbytes -= roundbytes % dstblock;
904 			if (pb > dstblock) {
905 				adj = (dstlba * dstblock + roundbytes - pbo) % pb;
906 				if (roundbytes > adj)
907 					roundbytes -= adj;
908 			}
909 		}
910 
911 		tior = malloc(sizeof(*tior), M_CTL, M_WAITOK | M_ZERO);
912 		TAILQ_INIT(&tior->run);
913 		tior->list = list;
914 		TAILQ_INSERT_TAIL(&list->allio, tior, links);
915 		tior->io = tpcl_alloc_io();
916 		ctl_scsi_read_write(tior->io,
917 				    /*data_ptr*/ &list->buf[donebytes],
918 				    /*data_len*/ roundbytes,
919 				    /*read_op*/ 1,
920 				    /*byte2*/ 0,
921 				    /*minimum_cdb_size*/ 0,
922 				    /*lba*/ srclba,
923 				    /*num_blocks*/ roundbytes / srcblock,
924 				    /*tag_type*/ CTL_TAG_SIMPLE,
925 				    /*control*/ 0);
926 		tior->io->io_hdr.retries = 3;
927 		tior->lun = sl;
928 		tior->io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = tior;
929 
930 		tiow = malloc(sizeof(*tior), M_CTL, M_WAITOK | M_ZERO);
931 		TAILQ_INIT(&tiow->run);
932 		tiow->list = list;
933 		TAILQ_INSERT_TAIL(&list->allio, tiow, links);
934 		tiow->io = tpcl_alloc_io();
935 		ctl_scsi_read_write(tiow->io,
936 				    /*data_ptr*/ &list->buf[donebytes],
937 				    /*data_len*/ roundbytes,
938 				    /*read_op*/ 0,
939 				    /*byte2*/ 0,
940 				    /*minimum_cdb_size*/ 0,
941 				    /*lba*/ dstlba,
942 				    /*num_blocks*/ roundbytes / dstblock,
943 				    /*tag_type*/ CTL_TAG_SIMPLE,
944 				    /*control*/ 0);
945 		tiow->io->io_hdr.retries = 3;
946 		tiow->lun = dl;
947 		tiow->io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = tiow;
948 
949 		TAILQ_INSERT_TAIL(&tior->run, tiow, rlinks);
950 		TAILQ_INSERT_TAIL(&run, tior, rlinks);
951 		list->tbdio++;
952 		donebytes += roundbytes;
953 		srclba += roundbytes / srcblock;
954 		dstlba += roundbytes / dstblock;
955 	}
956 
957 	while ((tior = TAILQ_FIRST(&run)) != NULL) {
958 		TAILQ_REMOVE(&run, tior, rlinks);
959 		if (tpcl_queue(tior->io, tior->lun) != CTL_RETVAL_COMPLETE)
960 			panic("tpcl_queue() error");
961 	}
962 
963 	list->stage++;
964 	return (CTL_RETVAL_QUEUED);
965 }
966 
967 static int
968 tpc_process_verify(struct tpc_list *list)
969 {
970 	struct scsi_ec_segment_verify *seg;
971 	struct tpc_io *tio;
972 	uint64_t sl;
973 	uint8_t csi[4];
974 
975 	scsi_ulto4b(list->curseg, csi);
976 	if (list->stage == 1) {
977 		while ((tio = TAILQ_FIRST(&list->allio)) != NULL) {
978 			TAILQ_REMOVE(&list->allio, tio, links);
979 			ctl_free_io(tio->io);
980 			free(tio, M_CTL);
981 		}
982 		if (list->abort) {
983 			ctl_set_task_aborted(list->ctsio);
984 			return (CTL_RETVAL_ERROR);
985 		} else if (list->error) {
986 			ctl_set_sense(list->ctsio, /*current_error*/ 1,
987 			    /*sense_key*/ SSD_KEY_COPY_ABORTED,
988 			    /*asc*/ 0x0d, /*ascq*/ 0x01,
989 			    SSD_ELEM_COMMAND, sizeof(csi), csi,
990 			    SSD_ELEM_NONE);
991 			return (CTL_RETVAL_ERROR);
992 		} else
993 			return (CTL_RETVAL_COMPLETE);
994 	}
995 
996 	TAILQ_INIT(&list->allio);
997 	seg = (struct scsi_ec_segment_verify *)list->seg[list->curseg];
998 	sl = tpc_resolve(list, scsi_2btoul(seg->src_cscd), NULL, NULL, NULL);
999 	if (sl >= CTL_MAX_LUNS) {
1000 		ctl_set_sense(list->ctsio, /*current_error*/ 1,
1001 		    /*sense_key*/ SSD_KEY_COPY_ABORTED,
1002 		    /*asc*/ 0x08, /*ascq*/ 0x04,
1003 		    SSD_ELEM_COMMAND, sizeof(csi), csi,
1004 		    SSD_ELEM_NONE);
1005 		return (CTL_RETVAL_ERROR);
1006 	}
1007 
1008 //	printf("Verify %ju\n", sl);
1009 
1010 	if ((seg->tur & 0x01) == 0)
1011 		return (CTL_RETVAL_COMPLETE);
1012 
1013 	list->tbdio = 1;
1014 	tio = malloc(sizeof(*tio), M_CTL, M_WAITOK | M_ZERO);
1015 	TAILQ_INIT(&tio->run);
1016 	tio->list = list;
1017 	TAILQ_INSERT_TAIL(&list->allio, tio, links);
1018 	tio->io = tpcl_alloc_io();
1019 	ctl_scsi_tur(tio->io, /*tag_type*/ CTL_TAG_SIMPLE, /*control*/ 0);
1020 	tio->io->io_hdr.retries = 3;
1021 	tio->lun = sl;
1022 	tio->io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = tio;
1023 	list->stage++;
1024 	if (tpcl_queue(tio->io, tio->lun) != CTL_RETVAL_COMPLETE)
1025 		panic("tpcl_queue() error");
1026 	return (CTL_RETVAL_QUEUED);
1027 }
1028 
1029 static int
1030 tpc_process_register_key(struct tpc_list *list)
1031 {
1032 	struct scsi_ec_segment_register_key *seg;
1033 	struct tpc_io *tio;
1034 	uint64_t dl;
1035 	int datalen;
1036 	uint8_t csi[4];
1037 
1038 	scsi_ulto4b(list->curseg, csi);
1039 	if (list->stage == 1) {
1040 		while ((tio = TAILQ_FIRST(&list->allio)) != NULL) {
1041 			TAILQ_REMOVE(&list->allio, tio, links);
1042 			ctl_free_io(tio->io);
1043 			free(tio, M_CTL);
1044 		}
1045 		free(list->buf, M_CTL);
1046 		if (list->abort) {
1047 			ctl_set_task_aborted(list->ctsio);
1048 			return (CTL_RETVAL_ERROR);
1049 		} else if (list->error) {
1050 			ctl_set_sense(list->ctsio, /*current_error*/ 1,
1051 			    /*sense_key*/ SSD_KEY_COPY_ABORTED,
1052 			    /*asc*/ 0x0d, /*ascq*/ 0x01,
1053 			    SSD_ELEM_COMMAND, sizeof(csi), csi,
1054 			    SSD_ELEM_NONE);
1055 			return (CTL_RETVAL_ERROR);
1056 		} else
1057 			return (CTL_RETVAL_COMPLETE);
1058 	}
1059 
1060 	TAILQ_INIT(&list->allio);
1061 	seg = (struct scsi_ec_segment_register_key *)list->seg[list->curseg];
1062 	dl = tpc_resolve(list, scsi_2btoul(seg->dst_cscd), NULL, NULL, NULL);
1063 	if (dl >= CTL_MAX_LUNS) {
1064 		ctl_set_sense(list->ctsio, /*current_error*/ 1,
1065 		    /*sense_key*/ SSD_KEY_COPY_ABORTED,
1066 		    /*asc*/ 0x08, /*ascq*/ 0x04,
1067 		    SSD_ELEM_COMMAND, sizeof(csi), csi,
1068 		    SSD_ELEM_NONE);
1069 		return (CTL_RETVAL_ERROR);
1070 	}
1071 
1072 //	printf("Register Key %ju\n", dl);
1073 
1074 	list->tbdio = 1;
1075 	tio = malloc(sizeof(*tio), M_CTL, M_WAITOK | M_ZERO);
1076 	TAILQ_INIT(&tio->run);
1077 	tio->list = list;
1078 	TAILQ_INSERT_TAIL(&list->allio, tio, links);
1079 	tio->io = tpcl_alloc_io();
1080 	datalen = sizeof(struct scsi_per_res_out_parms);
1081 	list->buf = malloc(datalen, M_CTL, M_WAITOK);
1082 	ctl_scsi_persistent_res_out(tio->io,
1083 	    list->buf, datalen, SPRO_REGISTER, -1,
1084 	    scsi_8btou64(seg->res_key), scsi_8btou64(seg->sa_res_key),
1085 	    /*tag_type*/ CTL_TAG_SIMPLE, /*control*/ 0);
1086 	tio->io->io_hdr.retries = 3;
1087 	tio->lun = dl;
1088 	tio->io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = tio;
1089 	list->stage++;
1090 	if (tpcl_queue(tio->io, tio->lun) != CTL_RETVAL_COMPLETE)
1091 		panic("tpcl_queue() error");
1092 	return (CTL_RETVAL_QUEUED);
1093 }
1094 
1095 static off_t
1096 tpc_ranges_length(struct scsi_range_desc *range, int nrange)
1097 {
1098 	off_t length = 0;
1099 	int r;
1100 
1101 	for (r = 0; r < nrange; r++)
1102 		length += scsi_4btoul(range[r].length);
1103 	return (length);
1104 }
1105 
1106 static int
1107 tpc_skip_ranges(struct scsi_range_desc *range, int nrange, off_t skip,
1108     int *srange, off_t *soffset)
1109 {
1110 	off_t off;
1111 	int r;
1112 
1113 	r = 0;
1114 	off = 0;
1115 	while (r < nrange) {
1116 		if (skip - off < scsi_4btoul(range[r].length)) {
1117 			*srange = r;
1118 			*soffset = skip - off;
1119 			return (0);
1120 		}
1121 		off += scsi_4btoul(range[r].length);
1122 		r++;
1123 	}
1124 	return (-1);
1125 }
1126 
1127 static int
1128 tpc_process_wut(struct tpc_list *list)
1129 {
1130 	struct tpc_io *tio, *tior, *tiow;
1131 	struct runl run;
1132 	int drange, srange;
1133 	off_t doffset, soffset;
1134 	off_t srclba, dstlba, numbytes, donebytes, roundbytes;
1135 	uint32_t srcblock, dstblock, pb, pbo, adj;
1136 
1137 	if (list->stage > 0) {
1138 		/* Cleanup after previous rounds. */
1139 		while ((tio = TAILQ_FIRST(&list->allio)) != NULL) {
1140 			TAILQ_REMOVE(&list->allio, tio, links);
1141 			ctl_free_io(tio->io);
1142 			free(tio, M_CTL);
1143 		}
1144 		free(list->buf, M_CTL);
1145 		if (list->abort) {
1146 			ctl_set_task_aborted(list->ctsio);
1147 			return (CTL_RETVAL_ERROR);
1148 		} else if (list->error) {
1149 			ctl_set_sense(list->ctsio, /*current_error*/ 1,
1150 			    /*sense_key*/ SSD_KEY_COPY_ABORTED,
1151 			    /*asc*/ 0x0d, /*ascq*/ 0x01, SSD_ELEM_NONE);
1152 			return (CTL_RETVAL_ERROR);
1153 		}
1154 		list->cursectors += list->segsectors;
1155 		list->curbytes += list->segbytes;
1156 	}
1157 
1158 	/* Check where we are on destination ranges list. */
1159 	if (tpc_skip_ranges(list->range, list->nrange, list->cursectors,
1160 	    &drange, &doffset) != 0)
1161 		return (CTL_RETVAL_COMPLETE);
1162 	dstblock = list->lun->be_lun->blocksize;
1163 	pb = dstblock << list->lun->be_lun->pblockexp;
1164 	if (list->lun->be_lun->pblockoff > 0)
1165 		pbo = pb - dstblock * list->lun->be_lun->pblockoff;
1166 	else
1167 		pbo = 0;
1168 
1169 	/* Check where we are on source ranges list. */
1170 	srcblock = list->token->blocksize;
1171 	if (tpc_skip_ranges(list->token->range, list->token->nrange,
1172 	    list->offset_into_rod + list->cursectors * dstblock / srcblock,
1173 	    &srange, &soffset) != 0) {
1174 		ctl_set_sense(list->ctsio, /*current_error*/ 1,
1175 		    /*sense_key*/ SSD_KEY_COPY_ABORTED,
1176 		    /*asc*/ 0x0d, /*ascq*/ 0x04, SSD_ELEM_NONE);
1177 		return (CTL_RETVAL_ERROR);
1178 	}
1179 
1180 	srclba = scsi_8btou64(list->token->range[srange].lba) + soffset;
1181 	dstlba = scsi_8btou64(list->range[drange].lba) + doffset;
1182 	numbytes = srcblock *
1183 	    (scsi_4btoul(list->token->range[srange].length) - soffset);
1184 	numbytes = omin(numbytes, dstblock *
1185 	    (scsi_4btoul(list->range[drange].length) - doffset));
1186 	if (numbytes > TPC_MAX_IOCHUNK_SIZE) {
1187 		numbytes = TPC_MAX_IOCHUNK_SIZE;
1188 		numbytes -= numbytes % dstblock;
1189 		if (pb > dstblock) {
1190 			adj = (dstlba * dstblock + numbytes - pbo) % pb;
1191 			if (numbytes > adj)
1192 				numbytes -= adj;
1193 		}
1194 	}
1195 
1196 	if (numbytes % srcblock != 0 || numbytes % dstblock != 0) {
1197 		ctl_set_sense(list->ctsio, /*current_error*/ 1,
1198 		    /*sense_key*/ SSD_KEY_COPY_ABORTED,
1199 		    /*asc*/ 0x26, /*ascq*/ 0x0A, SSD_ELEM_NONE);
1200 		return (CTL_RETVAL_ERROR);
1201 	}
1202 
1203 	list->buf = malloc(numbytes, M_CTL, M_WAITOK |
1204 	    (list->token == NULL ? M_ZERO : 0));
1205 	list->segbytes = numbytes;
1206 	list->segsectors = numbytes / dstblock;
1207 //printf("Copy chunk of %ju sectors from %ju to %ju\n", list->segsectors,
1208 //    srclba, dstlba);
1209 	donebytes = 0;
1210 	TAILQ_INIT(&run);
1211 	list->tbdio = 0;
1212 	TAILQ_INIT(&list->allio);
1213 	while (donebytes < numbytes) {
1214 		roundbytes = numbytes - donebytes;
1215 		if (roundbytes > TPC_MAX_IO_SIZE) {
1216 			roundbytes = TPC_MAX_IO_SIZE;
1217 			roundbytes -= roundbytes % dstblock;
1218 			if (pb > dstblock) {
1219 				adj = (dstlba * dstblock + roundbytes - pbo) % pb;
1220 				if (roundbytes > adj)
1221 					roundbytes -= adj;
1222 			}
1223 		}
1224 
1225 		tior = malloc(sizeof(*tior), M_CTL, M_WAITOK | M_ZERO);
1226 		TAILQ_INIT(&tior->run);
1227 		tior->list = list;
1228 		TAILQ_INSERT_TAIL(&list->allio, tior, links);
1229 		tior->io = tpcl_alloc_io();
1230 		ctl_scsi_read_write(tior->io,
1231 				    /*data_ptr*/ &list->buf[donebytes],
1232 				    /*data_len*/ roundbytes,
1233 				    /*read_op*/ 1,
1234 				    /*byte2*/ 0,
1235 				    /*minimum_cdb_size*/ 0,
1236 				    /*lba*/ srclba,
1237 				    /*num_blocks*/ roundbytes / srcblock,
1238 				    /*tag_type*/ CTL_TAG_SIMPLE,
1239 				    /*control*/ 0);
1240 		tior->io->io_hdr.retries = 3;
1241 		tior->lun = list->token->lun;
1242 		tior->io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = tior;
1243 
1244 		tiow = malloc(sizeof(*tiow), M_CTL, M_WAITOK | M_ZERO);
1245 		TAILQ_INIT(&tiow->run);
1246 		tiow->list = list;
1247 		TAILQ_INSERT_TAIL(&list->allio, tiow, links);
1248 		tiow->io = tpcl_alloc_io();
1249 		ctl_scsi_read_write(tiow->io,
1250 				    /*data_ptr*/ &list->buf[donebytes],
1251 				    /*data_len*/ roundbytes,
1252 				    /*read_op*/ 0,
1253 				    /*byte2*/ 0,
1254 				    /*minimum_cdb_size*/ 0,
1255 				    /*lba*/ dstlba,
1256 				    /*num_blocks*/ roundbytes / dstblock,
1257 				    /*tag_type*/ CTL_TAG_SIMPLE,
1258 				    /*control*/ 0);
1259 		tiow->io->io_hdr.retries = 3;
1260 		tiow->lun = list->lun->lun;
1261 		tiow->io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = tiow;
1262 
1263 		TAILQ_INSERT_TAIL(&tior->run, tiow, rlinks);
1264 		TAILQ_INSERT_TAIL(&run, tior, rlinks);
1265 		list->tbdio++;
1266 		donebytes += roundbytes;
1267 		srclba += roundbytes / srcblock;
1268 		dstlba += roundbytes / dstblock;
1269 	}
1270 
1271 	while ((tior = TAILQ_FIRST(&run)) != NULL) {
1272 		TAILQ_REMOVE(&run, tior, rlinks);
1273 		if (tpcl_queue(tior->io, tior->lun) != CTL_RETVAL_COMPLETE)
1274 			panic("tpcl_queue() error");
1275 	}
1276 
1277 	list->stage++;
1278 	return (CTL_RETVAL_QUEUED);
1279 }
1280 
1281 static int
1282 tpc_process_zero_wut(struct tpc_list *list)
1283 {
1284 	struct tpc_io *tio, *tiow;
1285 	struct runl run, *prun;
1286 	int r;
1287 	uint32_t dstblock, len;
1288 
1289 	if (list->stage > 0) {
1290 complete:
1291 		/* Cleanup after previous rounds. */
1292 		while ((tio = TAILQ_FIRST(&list->allio)) != NULL) {
1293 			TAILQ_REMOVE(&list->allio, tio, links);
1294 			ctl_free_io(tio->io);
1295 			free(tio, M_CTL);
1296 		}
1297 		if (list->abort) {
1298 			ctl_set_task_aborted(list->ctsio);
1299 			return (CTL_RETVAL_ERROR);
1300 		} else if (list->error) {
1301 			ctl_set_sense(list->ctsio, /*current_error*/ 1,
1302 			    /*sense_key*/ SSD_KEY_COPY_ABORTED,
1303 			    /*asc*/ 0x0d, /*ascq*/ 0x01, SSD_ELEM_NONE);
1304 			return (CTL_RETVAL_ERROR);
1305 		}
1306 		list->cursectors += list->segsectors;
1307 		list->curbytes += list->segbytes;
1308 		return (CTL_RETVAL_COMPLETE);
1309 	}
1310 
1311 	dstblock = list->lun->be_lun->blocksize;
1312 	TAILQ_INIT(&run);
1313 	prun = &run;
1314 	list->tbdio = 1;
1315 	TAILQ_INIT(&list->allio);
1316 	list->segsectors = 0;
1317 	for (r = 0; r < list->nrange; r++) {
1318 		len = scsi_4btoul(list->range[r].length);
1319 		if (len == 0)
1320 			continue;
1321 
1322 		tiow = malloc(sizeof(*tiow), M_CTL, M_WAITOK | M_ZERO);
1323 		TAILQ_INIT(&tiow->run);
1324 		tiow->list = list;
1325 		TAILQ_INSERT_TAIL(&list->allio, tiow, links);
1326 		tiow->io = tpcl_alloc_io();
1327 		ctl_scsi_write_same(tiow->io,
1328 				    /*data_ptr*/ NULL,
1329 				    /*data_len*/ 0,
1330 				    /*byte2*/ SWS_NDOB,
1331 				    /*lba*/ scsi_8btou64(list->range[r].lba),
1332 				    /*num_blocks*/ len,
1333 				    /*tag_type*/ CTL_TAG_SIMPLE,
1334 				    /*control*/ 0);
1335 		tiow->io->io_hdr.retries = 3;
1336 		tiow->lun = list->lun->lun;
1337 		tiow->io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = tiow;
1338 
1339 		TAILQ_INSERT_TAIL(prun, tiow, rlinks);
1340 		prun = &tiow->run;
1341 		list->segsectors += len;
1342 	}
1343 	list->segbytes = list->segsectors * dstblock;
1344 
1345 	if (TAILQ_EMPTY(&run))
1346 		goto complete;
1347 
1348 	while ((tiow = TAILQ_FIRST(&run)) != NULL) {
1349 		TAILQ_REMOVE(&run, tiow, rlinks);
1350 		if (tpcl_queue(tiow->io, tiow->lun) != CTL_RETVAL_COMPLETE)
1351 			panic("tpcl_queue() error");
1352 	}
1353 
1354 	list->stage++;
1355 	return (CTL_RETVAL_QUEUED);
1356 }
1357 
1358 static void
1359 tpc_process(struct tpc_list *list)
1360 {
1361 	struct ctl_lun *lun = list->lun;
1362 	struct ctl_softc *softc = lun->ctl_softc;
1363 	struct scsi_ec_segment *seg;
1364 	struct ctl_scsiio *ctsio = list->ctsio;
1365 	int retval = CTL_RETVAL_COMPLETE;
1366 	uint8_t csi[4];
1367 
1368 	if (list->service_action == EC_WUT) {
1369 		if (list->token != NULL)
1370 			retval = tpc_process_wut(list);
1371 		else
1372 			retval = tpc_process_zero_wut(list);
1373 		if (retval == CTL_RETVAL_QUEUED)
1374 			return;
1375 		if (retval == CTL_RETVAL_ERROR) {
1376 			list->error = 1;
1377 			goto done;
1378 		}
1379 	} else {
1380 //printf("ZZZ %d cscd, %d segs\n", list->ncscd, list->nseg);
1381 		while (list->curseg < list->nseg) {
1382 			seg = list->seg[list->curseg];
1383 			switch (seg->type_code) {
1384 			case EC_SEG_B2B:
1385 				retval = tpc_process_b2b(list);
1386 				break;
1387 			case EC_SEG_VERIFY:
1388 				retval = tpc_process_verify(list);
1389 				break;
1390 			case EC_SEG_REGISTER_KEY:
1391 				retval = tpc_process_register_key(list);
1392 				break;
1393 			default:
1394 				scsi_ulto4b(list->curseg, csi);
1395 				ctl_set_sense(ctsio, /*current_error*/ 1,
1396 				    /*sense_key*/ SSD_KEY_COPY_ABORTED,
1397 				    /*asc*/ 0x26, /*ascq*/ 0x09,
1398 				    SSD_ELEM_COMMAND, sizeof(csi), csi,
1399 				    SSD_ELEM_NONE);
1400 				goto done;
1401 			}
1402 			if (retval == CTL_RETVAL_QUEUED)
1403 				return;
1404 			if (retval == CTL_RETVAL_ERROR) {
1405 				list->error = 1;
1406 				goto done;
1407 			}
1408 			list->curseg++;
1409 			list->stage = 0;
1410 		}
1411 	}
1412 
1413 	ctl_set_success(ctsio);
1414 
1415 done:
1416 //printf("ZZZ done\n");
1417 	free(list->params, M_CTL);
1418 	list->params = NULL;
1419 	if (list->token) {
1420 		mtx_lock(&softc->tpc_lock);
1421 		if (--list->token->active == 0)
1422 			list->token->last_active = time_uptime;
1423 		mtx_unlock(&softc->tpc_lock);
1424 		list->token = NULL;
1425 	}
1426 	mtx_lock(&lun->lun_lock);
1427 	if ((list->flags & EC_LIST_ID_USAGE_MASK) == EC_LIST_ID_USAGE_NONE) {
1428 		TAILQ_REMOVE(&lun->tpc_lists, list, links);
1429 		free(list, M_CTL);
1430 	} else {
1431 		list->completed = 1;
1432 		list->last_active = time_uptime;
1433 		list->sense_data = ctsio->sense_data;
1434 		list->sense_len = ctsio->sense_len;
1435 		list->scsi_status = ctsio->scsi_status;
1436 	}
1437 	mtx_unlock(&lun->lun_lock);
1438 
1439 	ctl_done((union ctl_io *)ctsio);
1440 }
1441 
1442 /*
1443  * For any sort of check condition, busy, etc., we just retry.  We do not
1444  * decrement the retry count for unit attention type errors.  These are
1445  * normal, and we want to save the retry count for "real" errors.  Otherwise,
1446  * we could end up with situations where a command will succeed in some
1447  * situations and fail in others, depending on whether a unit attention is
1448  * pending.  Also, some of our error recovery actions, most notably the
1449  * LUN reset action, will cause a unit attention.
1450  *
1451  * We can add more detail here later if necessary.
1452  */
1453 static tpc_error_action
1454 tpc_checkcond_parse(union ctl_io *io)
1455 {
1456 	tpc_error_action error_action;
1457 	int error_code, sense_key, asc, ascq;
1458 
1459 	/*
1460 	 * Default to retrying the command.
1461 	 */
1462 	error_action = TPC_ERR_RETRY;
1463 
1464 	scsi_extract_sense_len(&io->scsiio.sense_data,
1465 			       io->scsiio.sense_len,
1466 			       &error_code,
1467 			       &sense_key,
1468 			       &asc,
1469 			       &ascq,
1470 			       /*show_errors*/ 1);
1471 
1472 	switch (error_code) {
1473 	case SSD_DEFERRED_ERROR:
1474 	case SSD_DESC_DEFERRED_ERROR:
1475 		error_action |= TPC_ERR_NO_DECREMENT;
1476 		break;
1477 	case SSD_CURRENT_ERROR:
1478 	case SSD_DESC_CURRENT_ERROR:
1479 	default:
1480 		switch (sense_key) {
1481 		case SSD_KEY_UNIT_ATTENTION:
1482 			error_action |= TPC_ERR_NO_DECREMENT;
1483 			break;
1484 		case SSD_KEY_HARDWARE_ERROR:
1485 			/*
1486 			 * This is our generic "something bad happened"
1487 			 * error code.  It often isn't recoverable.
1488 			 */
1489 			if ((asc == 0x44) && (ascq == 0x00))
1490 				error_action = TPC_ERR_FAIL;
1491 			break;
1492 		case SSD_KEY_NOT_READY:
1493 			/*
1494 			 * If the LUN is powered down, there likely isn't
1495 			 * much point in retrying right now.
1496 			 */
1497 			if ((asc == 0x04) && (ascq == 0x02))
1498 				error_action = TPC_ERR_FAIL;
1499 			/*
1500 			 * If the LUN is offline, there probably isn't much
1501 			 * point in retrying, either.
1502 			 */
1503 			if ((asc == 0x04) && (ascq == 0x03))
1504 				error_action = TPC_ERR_FAIL;
1505 			break;
1506 		}
1507 	}
1508 	return (error_action);
1509 }
1510 
1511 static tpc_error_action
1512 tpc_error_parse(union ctl_io *io)
1513 {
1514 	tpc_error_action error_action = TPC_ERR_RETRY;
1515 
1516 	switch (io->io_hdr.io_type) {
1517 	case CTL_IO_SCSI:
1518 		switch (io->io_hdr.status & CTL_STATUS_MASK) {
1519 		case CTL_SCSI_ERROR:
1520 			switch (io->scsiio.scsi_status) {
1521 			case SCSI_STATUS_CHECK_COND:
1522 				error_action = tpc_checkcond_parse(io);
1523 				break;
1524 			default:
1525 				break;
1526 			}
1527 			break;
1528 		default:
1529 			break;
1530 		}
1531 		break;
1532 	case CTL_IO_TASK:
1533 		break;
1534 	default:
1535 		panic("%s: invalid ctl_io type %d\n", __func__,
1536 		      io->io_hdr.io_type);
1537 		break;
1538 	}
1539 	return (error_action);
1540 }
1541 
1542 void
1543 tpc_done(union ctl_io *io)
1544 {
1545 	struct tpc_io *tio, *tior;
1546 
1547 	/*
1548 	 * Very minimal retry logic.  We basically retry if we got an error
1549 	 * back, and the retry count is greater than 0.  If we ever want
1550 	 * more sophisticated initiator type behavior, the CAM error
1551 	 * recovery code in ../common might be helpful.
1552 	 */
1553 	tio = io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1554 	if (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
1555 	 && (io->io_hdr.retries > 0)) {
1556 		ctl_io_status old_status;
1557 		tpc_error_action error_action;
1558 
1559 		error_action = tpc_error_parse(io);
1560 		switch (error_action & TPC_ERR_MASK) {
1561 		case TPC_ERR_FAIL:
1562 			break;
1563 		case TPC_ERR_RETRY:
1564 		default:
1565 			if ((error_action & TPC_ERR_NO_DECREMENT) == 0)
1566 				io->io_hdr.retries--;
1567 			old_status = io->io_hdr.status;
1568 			io->io_hdr.status = CTL_STATUS_NONE;
1569 			io->io_hdr.flags &= ~CTL_FLAG_ABORT;
1570 			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1571 			if (tpcl_queue(io, tio->lun) != CTL_RETVAL_COMPLETE) {
1572 				printf("%s: error returned from ctl_queue()!\n",
1573 				       __func__);
1574 				io->io_hdr.status = old_status;
1575 			} else
1576 				return;
1577 		}
1578 	}
1579 
1580 	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
1581 		tio->list->error = 1;
1582 	else
1583 		atomic_add_int(&tio->list->curops, 1);
1584 	if (!tio->list->error && !tio->list->abort) {
1585 		while ((tior = TAILQ_FIRST(&tio->run)) != NULL) {
1586 			TAILQ_REMOVE(&tio->run, tior, rlinks);
1587 			atomic_add_int(&tio->list->tbdio, 1);
1588 			if (tpcl_queue(tior->io, tior->lun) != CTL_RETVAL_COMPLETE)
1589 				panic("tpcl_queue() error");
1590 		}
1591 	}
1592 	if (atomic_fetchadd_int(&tio->list->tbdio, -1) == 1)
1593 		tpc_process(tio->list);
1594 }
1595 
1596 int
1597 ctl_extended_copy_lid1(struct ctl_scsiio *ctsio)
1598 {
1599 	struct scsi_extended_copy *cdb;
1600 	struct scsi_extended_copy_lid1_data *data;
1601 	struct ctl_lun *lun;
1602 	struct tpc_list *list, *tlist;
1603 	uint8_t *ptr;
1604 	char *value;
1605 	int len, off, lencscd, lenseg, leninl, nseg;
1606 
1607 	CTL_DEBUG_PRINT(("ctl_extended_copy_lid1\n"));
1608 
1609 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
1610 	cdb = (struct scsi_extended_copy *)ctsio->cdb;
1611 	len = scsi_4btoul(cdb->length);
1612 
1613 	if (len == 0) {
1614 		ctl_set_success(ctsio);
1615 		goto done;
1616 	}
1617 	if (len < sizeof(struct scsi_extended_copy_lid1_data) ||
1618 	    len > sizeof(struct scsi_extended_copy_lid1_data) +
1619 	    TPC_MAX_LIST + TPC_MAX_INLINE) {
1620 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
1621 		    /*field*/ 9, /*bit_valid*/ 0, /*bit*/ 0);
1622 		goto done;
1623 	}
1624 
1625 	/*
1626 	 * If we've got a kernel request that hasn't been malloced yet,
1627 	 * malloc it and tell the caller the data buffer is here.
1628 	 */
1629 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
1630 		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
1631 		ctsio->kern_data_len = len;
1632 		ctsio->kern_total_len = len;
1633 		ctsio->kern_data_resid = 0;
1634 		ctsio->kern_rel_offset = 0;
1635 		ctsio->kern_sg_entries = 0;
1636 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
1637 		ctsio->be_move_done = ctl_config_move_done;
1638 		ctl_datamove((union ctl_io *)ctsio);
1639 
1640 		return (CTL_RETVAL_COMPLETE);
1641 	}
1642 
1643 	data = (struct scsi_extended_copy_lid1_data *)ctsio->kern_data_ptr;
1644 	lencscd = scsi_2btoul(data->cscd_list_length);
1645 	lenseg = scsi_4btoul(data->segment_list_length);
1646 	leninl = scsi_4btoul(data->inline_data_length);
1647 	if (lencscd > TPC_MAX_CSCDS * sizeof(struct scsi_ec_cscd)) {
1648 		ctl_set_sense(ctsio, /*current_error*/ 1,
1649 		    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1650 		    /*asc*/ 0x26, /*ascq*/ 0x06, SSD_ELEM_NONE);
1651 		goto done;
1652 	}
1653 	if (lenseg > TPC_MAX_SEGS * sizeof(struct scsi_ec_segment)) {
1654 		ctl_set_sense(ctsio, /*current_error*/ 1,
1655 		    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1656 		    /*asc*/ 0x26, /*ascq*/ 0x08, SSD_ELEM_NONE);
1657 		goto done;
1658 	}
1659 	if (lencscd + lenseg > TPC_MAX_LIST ||
1660 	    leninl > TPC_MAX_INLINE ||
1661 	    len < sizeof(struct scsi_extended_copy_lid1_data) +
1662 	     lencscd + lenseg + leninl) {
1663 		ctl_set_param_len_error(ctsio);
1664 		goto done;
1665 	}
1666 
1667 	list = malloc(sizeof(struct tpc_list), M_CTL, M_WAITOK | M_ZERO);
1668 	list->service_action = cdb->service_action;
1669 	value = ctl_get_opt(&lun->be_lun->options, "insecure_tpc");
1670 	if (value != NULL && strcmp(value, "on") == 0)
1671 		list->init_port = -1;
1672 	else
1673 		list->init_port = ctsio->io_hdr.nexus.targ_port;
1674 	list->init_idx = ctl_get_initindex(&ctsio->io_hdr.nexus);
1675 	list->list_id = data->list_identifier;
1676 	list->flags = data->flags;
1677 	list->params = ctsio->kern_data_ptr;
1678 	list->cscd = (struct scsi_ec_cscd *)&data->data[0];
1679 	ptr = &data->data[lencscd];
1680 	for (nseg = 0, off = 0; off < lenseg; nseg++) {
1681 		if (nseg >= TPC_MAX_SEGS) {
1682 			free(list, M_CTL);
1683 			ctl_set_sense(ctsio, /*current_error*/ 1,
1684 			    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1685 			    /*asc*/ 0x26, /*ascq*/ 0x08, SSD_ELEM_NONE);
1686 			goto done;
1687 		}
1688 		list->seg[nseg] = (struct scsi_ec_segment *)(ptr + off);
1689 		off += sizeof(struct scsi_ec_segment) +
1690 		    scsi_2btoul(list->seg[nseg]->descr_length);
1691 	}
1692 	list->inl = &data->data[lencscd + lenseg];
1693 	list->ncscd = lencscd / sizeof(struct scsi_ec_cscd);
1694 	list->nseg = nseg;
1695 	list->leninl = leninl;
1696 	list->ctsio = ctsio;
1697 	list->lun = lun;
1698 	mtx_lock(&lun->lun_lock);
1699 	if ((list->flags & EC_LIST_ID_USAGE_MASK) != EC_LIST_ID_USAGE_NONE) {
1700 		tlist = tpc_find_list(lun, list->list_id, list->init_idx);
1701 		if (tlist != NULL && !tlist->completed) {
1702 			mtx_unlock(&lun->lun_lock);
1703 			free(list, M_CTL);
1704 			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
1705 			    /*command*/ 0, /*field*/ 0, /*bit_valid*/ 0,
1706 			    /*bit*/ 0);
1707 			goto done;
1708 		}
1709 		if (tlist != NULL) {
1710 			TAILQ_REMOVE(&lun->tpc_lists, tlist, links);
1711 			free(tlist, M_CTL);
1712 		}
1713 	}
1714 	TAILQ_INSERT_TAIL(&lun->tpc_lists, list, links);
1715 	mtx_unlock(&lun->lun_lock);
1716 
1717 	tpc_process(list);
1718 	return (CTL_RETVAL_COMPLETE);
1719 
1720 done:
1721 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
1722 		free(ctsio->kern_data_ptr, M_CTL);
1723 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
1724 	}
1725 	ctl_done((union ctl_io *)ctsio);
1726 	return (CTL_RETVAL_COMPLETE);
1727 }
1728 
1729 int
1730 ctl_extended_copy_lid4(struct ctl_scsiio *ctsio)
1731 {
1732 	struct scsi_extended_copy *cdb;
1733 	struct scsi_extended_copy_lid4_data *data;
1734 	struct ctl_lun *lun;
1735 	struct tpc_list *list, *tlist;
1736 	uint8_t *ptr;
1737 	char *value;
1738 	int len, off, lencscd, lenseg, leninl, nseg;
1739 
1740 	CTL_DEBUG_PRINT(("ctl_extended_copy_lid4\n"));
1741 
1742 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
1743 	cdb = (struct scsi_extended_copy *)ctsio->cdb;
1744 	len = scsi_4btoul(cdb->length);
1745 
1746 	if (len == 0) {
1747 		ctl_set_success(ctsio);
1748 		goto done;
1749 	}
1750 	if (len < sizeof(struct scsi_extended_copy_lid4_data) ||
1751 	    len > sizeof(struct scsi_extended_copy_lid4_data) +
1752 	    TPC_MAX_LIST + TPC_MAX_INLINE) {
1753 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
1754 		    /*field*/ 9, /*bit_valid*/ 0, /*bit*/ 0);
1755 		goto done;
1756 	}
1757 
1758 	/*
1759 	 * If we've got a kernel request that hasn't been malloced yet,
1760 	 * malloc it and tell the caller the data buffer is here.
1761 	 */
1762 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
1763 		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
1764 		ctsio->kern_data_len = len;
1765 		ctsio->kern_total_len = len;
1766 		ctsio->kern_data_resid = 0;
1767 		ctsio->kern_rel_offset = 0;
1768 		ctsio->kern_sg_entries = 0;
1769 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
1770 		ctsio->be_move_done = ctl_config_move_done;
1771 		ctl_datamove((union ctl_io *)ctsio);
1772 
1773 		return (CTL_RETVAL_COMPLETE);
1774 	}
1775 
1776 	data = (struct scsi_extended_copy_lid4_data *)ctsio->kern_data_ptr;
1777 	lencscd = scsi_2btoul(data->cscd_list_length);
1778 	lenseg = scsi_2btoul(data->segment_list_length);
1779 	leninl = scsi_2btoul(data->inline_data_length);
1780 	if (lencscd > TPC_MAX_CSCDS * sizeof(struct scsi_ec_cscd)) {
1781 		ctl_set_sense(ctsio, /*current_error*/ 1,
1782 		    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1783 		    /*asc*/ 0x26, /*ascq*/ 0x06, SSD_ELEM_NONE);
1784 		goto done;
1785 	}
1786 	if (lenseg > TPC_MAX_SEGS * sizeof(struct scsi_ec_segment)) {
1787 		ctl_set_sense(ctsio, /*current_error*/ 1,
1788 		    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1789 		    /*asc*/ 0x26, /*ascq*/ 0x08, SSD_ELEM_NONE);
1790 		goto done;
1791 	}
1792 	if (lencscd + lenseg > TPC_MAX_LIST ||
1793 	    leninl > TPC_MAX_INLINE ||
1794 	    len < sizeof(struct scsi_extended_copy_lid1_data) +
1795 	     lencscd + lenseg + leninl) {
1796 		ctl_set_param_len_error(ctsio);
1797 		goto done;
1798 	}
1799 
1800 	list = malloc(sizeof(struct tpc_list), M_CTL, M_WAITOK | M_ZERO);
1801 	list->service_action = cdb->service_action;
1802 	value = ctl_get_opt(&lun->be_lun->options, "insecure_tpc");
1803 	if (value != NULL && strcmp(value, "on") == 0)
1804 		list->init_port = -1;
1805 	else
1806 		list->init_port = ctsio->io_hdr.nexus.targ_port;
1807 	list->init_idx = ctl_get_initindex(&ctsio->io_hdr.nexus);
1808 	list->list_id = scsi_4btoul(data->list_identifier);
1809 	list->flags = data->flags;
1810 	list->params = ctsio->kern_data_ptr;
1811 	list->cscd = (struct scsi_ec_cscd *)&data->data[0];
1812 	ptr = &data->data[lencscd];
1813 	for (nseg = 0, off = 0; off < lenseg; nseg++) {
1814 		if (nseg >= TPC_MAX_SEGS) {
1815 			free(list, M_CTL);
1816 			ctl_set_sense(ctsio, /*current_error*/ 1,
1817 			    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1818 			    /*asc*/ 0x26, /*ascq*/ 0x08, SSD_ELEM_NONE);
1819 			goto done;
1820 		}
1821 		list->seg[nseg] = (struct scsi_ec_segment *)(ptr + off);
1822 		off += sizeof(struct scsi_ec_segment) +
1823 		    scsi_2btoul(list->seg[nseg]->descr_length);
1824 	}
1825 	list->inl = &data->data[lencscd + lenseg];
1826 	list->ncscd = lencscd / sizeof(struct scsi_ec_cscd);
1827 	list->nseg = nseg;
1828 	list->leninl = leninl;
1829 	list->ctsio = ctsio;
1830 	list->lun = lun;
1831 	mtx_lock(&lun->lun_lock);
1832 	if ((list->flags & EC_LIST_ID_USAGE_MASK) != EC_LIST_ID_USAGE_NONE) {
1833 		tlist = tpc_find_list(lun, list->list_id, list->init_idx);
1834 		if (tlist != NULL && !tlist->completed) {
1835 			mtx_unlock(&lun->lun_lock);
1836 			free(list, M_CTL);
1837 			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
1838 			    /*command*/ 0, /*field*/ 0, /*bit_valid*/ 0,
1839 			    /*bit*/ 0);
1840 			goto done;
1841 		}
1842 		if (tlist != NULL) {
1843 			TAILQ_REMOVE(&lun->tpc_lists, tlist, links);
1844 			free(tlist, M_CTL);
1845 		}
1846 	}
1847 	TAILQ_INSERT_TAIL(&lun->tpc_lists, list, links);
1848 	mtx_unlock(&lun->lun_lock);
1849 
1850 	tpc_process(list);
1851 	return (CTL_RETVAL_COMPLETE);
1852 
1853 done:
1854 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
1855 		free(ctsio->kern_data_ptr, M_CTL);
1856 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
1857 	}
1858 	ctl_done((union ctl_io *)ctsio);
1859 	return (CTL_RETVAL_COMPLETE);
1860 }
1861 
1862 static void
1863 tpc_create_token(struct ctl_lun *lun, struct ctl_port *port, off_t len,
1864     struct scsi_token *token)
1865 {
1866 	static int id = 0;
1867 	struct scsi_vpd_id_descriptor *idd = NULL;
1868 	struct scsi_ec_cscd_id *cscd;
1869 	struct scsi_read_capacity_data_long *dtsd;
1870 	int targid_len;
1871 
1872 	scsi_ulto4b(ROD_TYPE_AUR, token->type);
1873 	scsi_ulto2b(0x01f8, token->length);
1874 	scsi_u64to8b(atomic_fetchadd_int(&id, 1), &token->body[0]);
1875 	if (lun->lun_devid)
1876 		idd = scsi_get_devid_desc((struct scsi_vpd_id_descriptor *)
1877 		    lun->lun_devid->data, lun->lun_devid->len,
1878 		    scsi_devid_is_lun_naa);
1879 	if (idd == NULL && lun->lun_devid)
1880 		idd = scsi_get_devid_desc((struct scsi_vpd_id_descriptor *)
1881 		    lun->lun_devid->data, lun->lun_devid->len,
1882 		    scsi_devid_is_lun_eui64);
1883 	if (idd != NULL) {
1884 		cscd = (struct scsi_ec_cscd_id *)&token->body[8];
1885 		cscd->type_code = EC_CSCD_ID;
1886 		cscd->luidt_pdt = T_DIRECT;
1887 		memcpy(&cscd->codeset, idd, 4 + idd->length);
1888 		scsi_ulto3b(lun->be_lun->blocksize, cscd->dtsp.block_length);
1889 	}
1890 	scsi_u64to8b(0, &token->body[40]); /* XXX: Should be 128bit value. */
1891 	scsi_u64to8b(len, &token->body[48]);
1892 
1893 	/* ROD token device type specific data (RC16 without first field) */
1894 	dtsd = (struct scsi_read_capacity_data_long *)&token->body[88 - 8];
1895 	scsi_ulto4b(lun->be_lun->blocksize, dtsd->length);
1896 	dtsd->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
1897 	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, dtsd->lalba_lbp);
1898 	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
1899 		dtsd->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
1900 
1901 	if (port->target_devid) {
1902 		targid_len = port->target_devid->len;
1903 		memcpy(&token->body[120], port->target_devid->data, targid_len);
1904 	} else
1905 		targid_len = 32;
1906 	arc4rand(&token->body[120 + targid_len], 384 - targid_len, 0);
1907 };
1908 
1909 int
1910 ctl_populate_token(struct ctl_scsiio *ctsio)
1911 {
1912 	struct scsi_populate_token *cdb;
1913 	struct scsi_populate_token_data *data;
1914 	struct ctl_softc *softc;
1915 	struct ctl_lun *lun;
1916 	struct ctl_port *port;
1917 	struct tpc_list *list, *tlist;
1918 	struct tpc_token *token;
1919 	int len, lendesc;
1920 
1921 	CTL_DEBUG_PRINT(("ctl_populate_token\n"));
1922 
1923 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
1924 	softc = lun->ctl_softc;
1925 	port = softc->ctl_ports[ctsio->io_hdr.nexus.targ_port];
1926 	cdb = (struct scsi_populate_token *)ctsio->cdb;
1927 	len = scsi_4btoul(cdb->length);
1928 
1929 	if (len < sizeof(struct scsi_populate_token_data) ||
1930 	    len > sizeof(struct scsi_populate_token_data) +
1931 	     TPC_MAX_SEGS * sizeof(struct scsi_range_desc)) {
1932 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
1933 		    /*field*/ 9, /*bit_valid*/ 0, /*bit*/ 0);
1934 		goto done;
1935 	}
1936 
1937 	/*
1938 	 * If we've got a kernel request that hasn't been malloced yet,
1939 	 * malloc it and tell the caller the data buffer is here.
1940 	 */
1941 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
1942 		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
1943 		ctsio->kern_data_len = len;
1944 		ctsio->kern_total_len = len;
1945 		ctsio->kern_data_resid = 0;
1946 		ctsio->kern_rel_offset = 0;
1947 		ctsio->kern_sg_entries = 0;
1948 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
1949 		ctsio->be_move_done = ctl_config_move_done;
1950 		ctl_datamove((union ctl_io *)ctsio);
1951 
1952 		return (CTL_RETVAL_COMPLETE);
1953 	}
1954 
1955 	data = (struct scsi_populate_token_data *)ctsio->kern_data_ptr;
1956 	lendesc = scsi_2btoul(data->range_descriptor_length);
1957 	if (len < sizeof(struct scsi_populate_token_data) + lendesc) {
1958 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 0,
1959 		    /*field*/ 2, /*bit_valid*/ 0, /*bit*/ 0);
1960 		goto done;
1961 	}
1962 /*
1963 	printf("PT(list=%u) flags=%x to=%d rt=%x len=%x\n",
1964 	    scsi_4btoul(cdb->list_identifier),
1965 	    data->flags, scsi_4btoul(data->inactivity_timeout),
1966 	    scsi_4btoul(data->rod_type),
1967 	    scsi_2btoul(data->range_descriptor_length));
1968 */
1969 	if ((data->flags & EC_PT_RTV) &&
1970 	    scsi_4btoul(data->rod_type) != ROD_TYPE_AUR) {
1971 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 0,
1972 		    /*field*/ 8, /*bit_valid*/ 0, /*bit*/ 0);
1973 		goto done;
1974 	}
1975 
1976 	list = malloc(sizeof(struct tpc_list), M_CTL, M_WAITOK | M_ZERO);
1977 	list->service_action = cdb->service_action;
1978 	list->init_port = ctsio->io_hdr.nexus.targ_port;
1979 	list->init_idx = ctl_get_initindex(&ctsio->io_hdr.nexus);
1980 	list->list_id = scsi_4btoul(cdb->list_identifier);
1981 	list->flags = data->flags;
1982 	list->ctsio = ctsio;
1983 	list->lun = lun;
1984 	mtx_lock(&lun->lun_lock);
1985 	tlist = tpc_find_list(lun, list->list_id, list->init_idx);
1986 	if (tlist != NULL && !tlist->completed) {
1987 		mtx_unlock(&lun->lun_lock);
1988 		free(list, M_CTL);
1989 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
1990 		    /*command*/ 0, /*field*/ 0, /*bit_valid*/ 0,
1991 		    /*bit*/ 0);
1992 		goto done;
1993 	}
1994 	if (tlist != NULL) {
1995 		TAILQ_REMOVE(&lun->tpc_lists, tlist, links);
1996 		free(tlist, M_CTL);
1997 	}
1998 	TAILQ_INSERT_TAIL(&lun->tpc_lists, list, links);
1999 	mtx_unlock(&lun->lun_lock);
2000 
2001 	token = malloc(sizeof(*token), M_CTL, M_WAITOK | M_ZERO);
2002 	token->lun = lun->lun;
2003 	token->blocksize = lun->be_lun->blocksize;
2004 	token->params = ctsio->kern_data_ptr;
2005 	token->range = &data->desc[0];
2006 	token->nrange = scsi_2btoul(data->range_descriptor_length) /
2007 	    sizeof(struct scsi_range_desc);
2008 	list->cursectors = tpc_ranges_length(token->range, token->nrange);
2009 	list->curbytes = (off_t)list->cursectors * lun->be_lun->blocksize;
2010 	tpc_create_token(lun, port, list->curbytes,
2011 	    (struct scsi_token *)token->token);
2012 	token->active = 0;
2013 	token->last_active = time_uptime;
2014 	token->timeout = scsi_4btoul(data->inactivity_timeout);
2015 	if (token->timeout == 0)
2016 		token->timeout = TPC_DFL_TOKEN_TIMEOUT;
2017 	else if (token->timeout < TPC_MIN_TOKEN_TIMEOUT)
2018 		token->timeout = TPC_MIN_TOKEN_TIMEOUT;
2019 	else if (token->timeout > TPC_MAX_TOKEN_TIMEOUT) {
2020 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
2021 		    /*command*/ 0, /*field*/ 4, /*bit_valid*/ 0,
2022 		    /*bit*/ 0);
2023 	}
2024 	memcpy(list->res_token, token->token, sizeof(list->res_token));
2025 	list->res_token_valid = 1;
2026 	list->curseg = 0;
2027 	list->completed = 1;
2028 	list->last_active = time_uptime;
2029 	mtx_lock(&softc->tpc_lock);
2030 	TAILQ_INSERT_TAIL(&softc->tpc_tokens, token, links);
2031 	mtx_unlock(&softc->tpc_lock);
2032 	ctl_set_success(ctsio);
2033 	ctl_done((union ctl_io *)ctsio);
2034 	return (CTL_RETVAL_COMPLETE);
2035 
2036 done:
2037 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
2038 		free(ctsio->kern_data_ptr, M_CTL);
2039 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
2040 	}
2041 	ctl_done((union ctl_io *)ctsio);
2042 	return (CTL_RETVAL_COMPLETE);
2043 }
2044 
2045 int
2046 ctl_write_using_token(struct ctl_scsiio *ctsio)
2047 {
2048 	struct scsi_write_using_token *cdb;
2049 	struct scsi_write_using_token_data *data;
2050 	struct ctl_softc *softc;
2051 	struct ctl_lun *lun;
2052 	struct tpc_list *list, *tlist;
2053 	struct tpc_token *token;
2054 	int len, lendesc;
2055 
2056 	CTL_DEBUG_PRINT(("ctl_write_using_token\n"));
2057 
2058 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
2059 	softc = lun->ctl_softc;
2060 	cdb = (struct scsi_write_using_token *)ctsio->cdb;
2061 	len = scsi_4btoul(cdb->length);
2062 
2063 	if (len < sizeof(struct scsi_populate_token_data) ||
2064 	    len > sizeof(struct scsi_populate_token_data) +
2065 	     TPC_MAX_SEGS * sizeof(struct scsi_range_desc)) {
2066 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 1,
2067 		    /*field*/ 9, /*bit_valid*/ 0, /*bit*/ 0);
2068 		goto done;
2069 	}
2070 
2071 	/*
2072 	 * If we've got a kernel request that hasn't been malloced yet,
2073 	 * malloc it and tell the caller the data buffer is here.
2074 	 */
2075 	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
2076 		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);
2077 		ctsio->kern_data_len = len;
2078 		ctsio->kern_total_len = len;
2079 		ctsio->kern_data_resid = 0;
2080 		ctsio->kern_rel_offset = 0;
2081 		ctsio->kern_sg_entries = 0;
2082 		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
2083 		ctsio->be_move_done = ctl_config_move_done;
2084 		ctl_datamove((union ctl_io *)ctsio);
2085 
2086 		return (CTL_RETVAL_COMPLETE);
2087 	}
2088 
2089 	data = (struct scsi_write_using_token_data *)ctsio->kern_data_ptr;
2090 	lendesc = scsi_2btoul(data->range_descriptor_length);
2091 	if (len < sizeof(struct scsi_populate_token_data) + lendesc) {
2092 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1, /*command*/ 0,
2093 		    /*field*/ 2, /*bit_valid*/ 0, /*bit*/ 0);
2094 		goto done;
2095 	}
2096 /*
2097 	printf("WUT(list=%u) flags=%x off=%ju len=%x\n",
2098 	    scsi_4btoul(cdb->list_identifier),
2099 	    data->flags, scsi_8btou64(data->offset_into_rod),
2100 	    scsi_2btoul(data->range_descriptor_length));
2101 */
2102 	list = malloc(sizeof(struct tpc_list), M_CTL, M_WAITOK | M_ZERO);
2103 	list->service_action = cdb->service_action;
2104 	list->init_port = ctsio->io_hdr.nexus.targ_port;
2105 	list->init_idx = ctl_get_initindex(&ctsio->io_hdr.nexus);
2106 	list->list_id = scsi_4btoul(cdb->list_identifier);
2107 	list->flags = data->flags;
2108 	list->params = ctsio->kern_data_ptr;
2109 	list->range = &data->desc[0];
2110 	list->nrange = scsi_2btoul(data->range_descriptor_length) /
2111 	    sizeof(struct scsi_range_desc);
2112 	list->offset_into_rod = scsi_8btou64(data->offset_into_rod);
2113 	list->ctsio = ctsio;
2114 	list->lun = lun;
2115 	mtx_lock(&lun->lun_lock);
2116 	tlist = tpc_find_list(lun, list->list_id, list->init_idx);
2117 	if (tlist != NULL && !tlist->completed) {
2118 		mtx_unlock(&lun->lun_lock);
2119 		free(list, M_CTL);
2120 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
2121 		    /*command*/ 0, /*field*/ 0, /*bit_valid*/ 0,
2122 		    /*bit*/ 0);
2123 		goto done;
2124 	}
2125 	if (tlist != NULL) {
2126 		TAILQ_REMOVE(&lun->tpc_lists, tlist, links);
2127 		free(tlist, M_CTL);
2128 	}
2129 	TAILQ_INSERT_TAIL(&lun->tpc_lists, list, links);
2130 	mtx_unlock(&lun->lun_lock);
2131 
2132 	/* Block device zero ROD token -> no token. */
2133 	if (scsi_4btoul(data->rod_token) == ROD_TYPE_BLOCK_ZERO) {
2134 		tpc_process(list);
2135 		return (CTL_RETVAL_COMPLETE);
2136 	}
2137 
2138 	mtx_lock(&softc->tpc_lock);
2139 	TAILQ_FOREACH(token, &softc->tpc_tokens, links) {
2140 		if (memcmp(token->token, data->rod_token,
2141 		    sizeof(data->rod_token)) == 0)
2142 			break;
2143 	}
2144 	if (token != NULL) {
2145 		token->active++;
2146 		list->token = token;
2147 		if (data->flags & EC_WUT_DEL_TKN)
2148 			token->timeout = 0;
2149 	}
2150 	mtx_unlock(&softc->tpc_lock);
2151 	if (token == NULL) {
2152 		mtx_lock(&lun->lun_lock);
2153 		TAILQ_REMOVE(&lun->tpc_lists, list, links);
2154 		mtx_unlock(&lun->lun_lock);
2155 		free(list, M_CTL);
2156 		ctl_set_sense(ctsio, /*current_error*/ 1,
2157 		    /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
2158 		    /*asc*/ 0x23, /*ascq*/ 0x04, SSD_ELEM_NONE);
2159 		goto done;
2160 	}
2161 
2162 	tpc_process(list);
2163 	return (CTL_RETVAL_COMPLETE);
2164 
2165 done:
2166 	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
2167 		free(ctsio->kern_data_ptr, M_CTL);
2168 		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
2169 	}
2170 	ctl_done((union ctl_io *)ctsio);
2171 	return (CTL_RETVAL_COMPLETE);
2172 }
2173 
2174 int
2175 ctl_receive_rod_token_information(struct ctl_scsiio *ctsio)
2176 {
2177 	struct ctl_lun *lun;
2178 	struct scsi_receive_rod_token_information *cdb;
2179 	struct scsi_receive_copy_status_lid4_data *data;
2180 	struct tpc_list *list;
2181 	struct tpc_list list_copy;
2182 	uint8_t *ptr;
2183 	int retval;
2184 	int alloc_len, total_len, token_len;
2185 	uint32_t list_id;
2186 
2187 	CTL_DEBUG_PRINT(("ctl_receive_rod_token_information\n"));
2188 
2189 	cdb = (struct scsi_receive_rod_token_information *)ctsio->cdb;
2190 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
2191 
2192 	retval = CTL_RETVAL_COMPLETE;
2193 
2194 	list_id = scsi_4btoul(cdb->list_identifier);
2195 	mtx_lock(&lun->lun_lock);
2196 	list = tpc_find_list(lun, list_id,
2197 	    ctl_get_initindex(&ctsio->io_hdr.nexus));
2198 	if (list == NULL) {
2199 		mtx_unlock(&lun->lun_lock);
2200 		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
2201 		    /*command*/ 1, /*field*/ 2, /*bit_valid*/ 0,
2202 		    /*bit*/ 0);
2203 		ctl_done((union ctl_io *)ctsio);
2204 		return (retval);
2205 	}
2206 	list_copy = *list;
2207 	if (list->completed) {
2208 		TAILQ_REMOVE(&lun->tpc_lists, list, links);
2209 		free(list, M_CTL);
2210 	}
2211 	mtx_unlock(&lun->lun_lock);
2212 
2213 	token_len = list_copy.res_token_valid ? 2 + sizeof(list_copy.res_token) : 0;
2214 	total_len = sizeof(*data) + list_copy.sense_len + 4 + token_len;
2215 	alloc_len = scsi_4btoul(cdb->length);
2216 
2217 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
2218 
2219 	ctsio->kern_sg_entries = 0;
2220 
2221 	if (total_len < alloc_len) {
2222 		ctsio->residual = alloc_len - total_len;
2223 		ctsio->kern_data_len = total_len;
2224 		ctsio->kern_total_len = total_len;
2225 	} else {
2226 		ctsio->residual = 0;
2227 		ctsio->kern_data_len = alloc_len;
2228 		ctsio->kern_total_len = alloc_len;
2229 	}
2230 	ctsio->kern_data_resid = 0;
2231 	ctsio->kern_rel_offset = 0;
2232 
2233 	data = (struct scsi_receive_copy_status_lid4_data *)ctsio->kern_data_ptr;
2234 	scsi_ulto4b(sizeof(*data) - 4 + list_copy.sense_len +
2235 	    4 + token_len, data->available_data);
2236 	data->response_to_service_action = list_copy.service_action;
2237 	if (list_copy.completed) {
2238 		if (list_copy.error)
2239 			data->copy_command_status = RCS_CCS_ERROR;
2240 		else if (list_copy.abort)
2241 			data->copy_command_status = RCS_CCS_ABORTED;
2242 		else
2243 			data->copy_command_status = RCS_CCS_COMPLETED;
2244 	} else
2245 		data->copy_command_status = RCS_CCS_INPROG_FG;
2246 	scsi_ulto2b(list_copy.curops, data->operation_counter);
2247 	scsi_ulto4b(UINT32_MAX, data->estimated_status_update_delay);
2248 	data->transfer_count_units = RCS_TC_LBAS;
2249 	scsi_u64to8b(list_copy.cursectors, data->transfer_count);
2250 	scsi_ulto2b(list_copy.curseg, data->segments_processed);
2251 	data->length_of_the_sense_data_field = list_copy.sense_len;
2252 	data->sense_data_length = list_copy.sense_len;
2253 	memcpy(data->sense_data, &list_copy.sense_data, list_copy.sense_len);
2254 
2255 	ptr = &data->sense_data[data->length_of_the_sense_data_field];
2256 	scsi_ulto4b(token_len, &ptr[0]);
2257 	if (list_copy.res_token_valid) {
2258 		scsi_ulto2b(0, &ptr[4]);
2259 		memcpy(&ptr[6], list_copy.res_token, sizeof(list_copy.res_token));
2260 	}
2261 /*
2262 	printf("RRTI(list=%u) valid=%d\n",
2263 	    scsi_4btoul(cdb->list_identifier), list_copy.res_token_valid);
2264 */
2265 	ctl_set_success(ctsio);
2266 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
2267 	ctsio->be_move_done = ctl_config_move_done;
2268 	ctl_datamove((union ctl_io *)ctsio);
2269 	return (retval);
2270 }
2271 
2272 int
2273 ctl_report_all_rod_tokens(struct ctl_scsiio *ctsio)
2274 {
2275 	struct ctl_softc *softc;
2276 	struct ctl_lun *lun;
2277 	struct scsi_report_all_rod_tokens *cdb;
2278 	struct scsi_report_all_rod_tokens_data *data;
2279 	struct tpc_token *token;
2280 	int retval;
2281 	int alloc_len, total_len, tokens, i;
2282 
2283 	CTL_DEBUG_PRINT(("ctl_receive_rod_token_information\n"));
2284 
2285 	cdb = (struct scsi_report_all_rod_tokens *)ctsio->cdb;
2286 	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
2287 	softc = lun->ctl_softc;
2288 
2289 	retval = CTL_RETVAL_COMPLETE;
2290 
2291 	tokens = 0;
2292 	mtx_lock(&softc->tpc_lock);
2293 	TAILQ_FOREACH(token, &softc->tpc_tokens, links)
2294 		tokens++;
2295 	mtx_unlock(&softc->tpc_lock);
2296 	if (tokens > 512)
2297 		tokens = 512;
2298 
2299 	total_len = sizeof(*data) + tokens * 96;
2300 	alloc_len = scsi_4btoul(cdb->length);
2301 
2302 	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
2303 
2304 	ctsio->kern_sg_entries = 0;
2305 
2306 	if (total_len < alloc_len) {
2307 		ctsio->residual = alloc_len - total_len;
2308 		ctsio->kern_data_len = total_len;
2309 		ctsio->kern_total_len = total_len;
2310 	} else {
2311 		ctsio->residual = 0;
2312 		ctsio->kern_data_len = alloc_len;
2313 		ctsio->kern_total_len = alloc_len;
2314 	}
2315 	ctsio->kern_data_resid = 0;
2316 	ctsio->kern_rel_offset = 0;
2317 
2318 	data = (struct scsi_report_all_rod_tokens_data *)ctsio->kern_data_ptr;
2319 	i = 0;
2320 	mtx_lock(&softc->tpc_lock);
2321 	TAILQ_FOREACH(token, &softc->tpc_tokens, links) {
2322 		if (i >= tokens)
2323 			break;
2324 		memcpy(&data->rod_management_token_list[i * 96],
2325 		    token->token, 96);
2326 		i++;
2327 	}
2328 	mtx_unlock(&softc->tpc_lock);
2329 	scsi_ulto4b(sizeof(*data) - 4 + i * 96, data->available_data);
2330 /*
2331 	printf("RART tokens=%d\n", i);
2332 */
2333 	ctl_set_success(ctsio);
2334 	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
2335 	ctsio->be_move_done = ctl_config_move_done;
2336 	ctl_datamove((union ctl_io *)ctsio);
2337 	return (retval);
2338 }
2339 
2340