xref: /illumos-gate/usr/src/uts/common/io/scsi/targets/sd.c (revision 43d18f1c320355e93c47399bea0b2e022fe06364) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * SCSI disk target driver.
31  */
32 
33 #include <sys/scsi/scsi.h>
34 #include <sys/dkbad.h>
35 #include <sys/dklabel.h>
36 #include <sys/dkio.h>
37 #include <sys/fdio.h>
38 #include <sys/cdio.h>
39 #include <sys/mhd.h>
40 #include <sys/vtoc.h>
41 #include <sys/dktp/fdisk.h>
42 #include <sys/file.h>
43 #include <sys/stat.h>
44 #include <sys/kstat.h>
45 #include <sys/vtrace.h>
46 #include <sys/note.h>
47 #include <sys/thread.h>
48 #include <sys/proc.h>
49 #include <sys/efi_partition.h>
50 #include <sys/var.h>
51 #include <sys/aio_req.h>
52 #if (defined(__fibre))
53 /* Note: is there a leadville version of the following? */
54 #include <sys/fc4/fcal_linkapp.h>
55 #endif
56 #include <sys/taskq.h>
57 #include <sys/uuid.h>
58 #include <sys/byteorder.h>
59 #include <sys/sdt.h>
60 
61 #include "sd_xbuf.h"
62 
63 #include <sys/scsi/targets/sddef.h>
64 
65 
66 /*
67  * Loadable module info.
68  */
69 #if (defined(__fibre))
70 #define	SD_MODULE_NAME	"SCSI SSA/FCAL Disk Driver %I%"
71 char _depends_on[]	= "misc/scsi drv/fcp";
72 #else
73 #define	SD_MODULE_NAME	"SCSI Disk Driver %I%"
74 char _depends_on[]	= "misc/scsi";
75 #endif
76 
77 /*
78  * Define the interconnect type, to allow the driver to distinguish
79  * between parallel SCSI (sd) and fibre channel (ssd) behaviors.
80  *
81  * This is really for backward compatability. In the future, the driver
82  * should actually check the "interconnect-type" property as reported by
83  * the HBA; however at present this property is not defined by all HBAs,
84  * so we will use this #define (1) to permit the driver to run in
85  * backward-compatability mode; and (2) to print a notification message
86  * if an FC HBA does not support the "interconnect-type" property.  The
87  * behavior of the driver will be to assume parallel SCSI behaviors unless
88  * the "interconnect-type" property is defined by the HBA **AND** has a
89  * value of either INTERCONNECT_FIBRE, INTERCONNECT_SSA, or
90  * INTERCONNECT_FABRIC, in which case the driver will assume Fibre
91  * Channel behaviors (as per the old ssd).  (Note that the
92  * INTERCONNECT_1394 and INTERCONNECT_USB types are not supported and
93  * will result in the driver assuming parallel SCSI behaviors.)
94  *
95  * (see common/sys/scsi/impl/services.h)
96  *
97  * Note: For ssd semantics, don't use INTERCONNECT_FABRIC as the default
98  * since some FC HBAs may already support that, and there is some code in
99  * the driver that already looks for it.  Using INTERCONNECT_FABRIC as the
100  * default would confuse that code, and besides things should work fine
101  * anyways if the FC HBA already reports INTERCONNECT_FABRIC for the
102  * "interconnect_type" property.
103  */
104 #if (defined(__fibre))
105 #define	SD_DEFAULT_INTERCONNECT_TYPE	SD_INTERCONNECT_FIBRE
106 #else
107 #define	SD_DEFAULT_INTERCONNECT_TYPE	SD_INTERCONNECT_PARALLEL
108 #endif
109 
110 /*
111  * The name of the driver, established from the module name in _init.
112  */
113 static	char *sd_label			= NULL;
114 
115 /*
116  * Driver name is unfortunately prefixed on some driver.conf properties.
117  */
118 #if (defined(__fibre))
119 #define	sd_max_xfer_size		ssd_max_xfer_size
120 #define	sd_config_list			ssd_config_list
121 static	char *sd_max_xfer_size		= "ssd_max_xfer_size";
122 static	char *sd_config_list		= "ssd-config-list";
123 #else
124 static	char *sd_max_xfer_size		= "sd_max_xfer_size";
125 static	char *sd_config_list		= "sd-config-list";
126 #endif
127 
128 /*
129  * Driver global variables
130  */
131 
132 #if (defined(__fibre))
133 /*
134  * These #defines are to avoid namespace collisions that occur because this
135  * code is currently used to compile two seperate driver modules: sd and ssd.
136  * All global variables need to be treated this way (even if declared static)
137  * in order to allow the debugger to resolve the names properly.
138  * It is anticipated that in the near future the ssd module will be obsoleted,
139  * at which time this namespace issue should go away.
140  */
141 #define	sd_state			ssd_state
142 #define	sd_io_time			ssd_io_time
143 #define	sd_failfast_enable		ssd_failfast_enable
144 #define	sd_ua_retry_count		ssd_ua_retry_count
145 #define	sd_report_pfa			ssd_report_pfa
146 #define	sd_max_throttle			ssd_max_throttle
147 #define	sd_min_throttle			ssd_min_throttle
148 #define	sd_rot_delay			ssd_rot_delay
149 
150 #define	sd_retry_on_reservation_conflict	\
151 					ssd_retry_on_reservation_conflict
152 #define	sd_reinstate_resv_delay		ssd_reinstate_resv_delay
153 #define	sd_resv_conflict_name		ssd_resv_conflict_name
154 
155 #define	sd_component_mask		ssd_component_mask
156 #define	sd_level_mask			ssd_level_mask
157 #define	sd_debug_un			ssd_debug_un
158 #define	sd_error_level			ssd_error_level
159 
160 #define	sd_xbuf_active_limit		ssd_xbuf_active_limit
161 #define	sd_xbuf_reserve_limit		ssd_xbuf_reserve_limit
162 
163 #define	sd_tr				ssd_tr
164 #define	sd_reset_throttle_timeout	ssd_reset_throttle_timeout
165 #define	sd_qfull_throttle_timeout	ssd_qfull_throttle_timeout
166 #define	sd_qfull_throttle_enable	ssd_qfull_throttle_enable
167 #define	sd_check_media_time		ssd_check_media_time
168 #define	sd_wait_cmds_complete		ssd_wait_cmds_complete
169 #define	sd_label_mutex			ssd_label_mutex
170 #define	sd_detach_mutex			ssd_detach_mutex
171 #define	sd_log_buf			ssd_log_buf
172 #define	sd_log_mutex			ssd_log_mutex
173 
174 #define	sd_disk_table			ssd_disk_table
175 #define	sd_disk_table_size		ssd_disk_table_size
176 #define	sd_sense_mutex			ssd_sense_mutex
177 #define	sd_cdbtab			ssd_cdbtab
178 
179 #define	sd_cb_ops			ssd_cb_ops
180 #define	sd_ops				ssd_ops
181 #define	sd_additional_codes		ssd_additional_codes
182 
183 #define	sd_minor_data			ssd_minor_data
184 #define	sd_minor_data_efi		ssd_minor_data_efi
185 
186 #define	sd_tq				ssd_tq
187 #define	sd_wmr_tq			ssd_wmr_tq
188 #define	sd_taskq_name			ssd_taskq_name
189 #define	sd_wmr_taskq_name		ssd_wmr_taskq_name
190 #define	sd_taskq_minalloc		ssd_taskq_minalloc
191 #define	sd_taskq_maxalloc		ssd_taskq_maxalloc
192 
193 #define	sd_dump_format_string		ssd_dump_format_string
194 
195 #define	sd_iostart_chain		ssd_iostart_chain
196 #define	sd_iodone_chain			ssd_iodone_chain
197 
198 #define	sd_pm_idletime			ssd_pm_idletime
199 
200 #define	sd_force_pm_supported		ssd_force_pm_supported
201 
202 #define	sd_dtype_optical_bind		ssd_dtype_optical_bind
203 
204 #endif
205 
206 
207 #ifdef	SDDEBUG
208 int	sd_force_pm_supported		= 0;
209 #endif	/* SDDEBUG */
210 
211 void *sd_state				= NULL;
212 int sd_io_time				= SD_IO_TIME;
213 int sd_failfast_enable			= 1;
214 int sd_ua_retry_count			= SD_UA_RETRY_COUNT;
215 int sd_report_pfa			= 1;
216 int sd_max_throttle			= SD_MAX_THROTTLE;
217 int sd_min_throttle			= SD_MIN_THROTTLE;
218 int sd_rot_delay			= 4; /* Default 4ms Rotation delay */
219 int sd_qfull_throttle_enable		= TRUE;
220 
221 int sd_retry_on_reservation_conflict	= 1;
222 int sd_reinstate_resv_delay		= SD_REINSTATE_RESV_DELAY;
223 _NOTE(SCHEME_PROTECTS_DATA("safe sharing", sd_reinstate_resv_delay))
224 
225 static int sd_dtype_optical_bind	= -1;
226 
227 /* Note: the following is not a bug, it really is "sd_" and not "ssd_" */
228 static	char *sd_resv_conflict_name	= "sd_retry_on_reservation_conflict";
229 
230 /*
231  * Global data for debug logging. To enable debug printing, sd_component_mask
232  * and sd_level_mask should be set to the desired bit patterns as outlined in
233  * sddef.h.
234  */
235 uint_t	sd_component_mask		= 0x0;
236 uint_t	sd_level_mask			= 0x0;
237 struct	sd_lun *sd_debug_un		= NULL;
238 uint_t	sd_error_level			= SCSI_ERR_RETRYABLE;
239 
240 /* Note: these may go away in the future... */
241 static uint32_t	sd_xbuf_active_limit	= 512;
242 static uint32_t sd_xbuf_reserve_limit	= 16;
243 
244 static struct sd_resv_reclaim_request	sd_tr = { NULL, NULL, NULL, 0, 0, 0 };
245 
246 /*
247  * Timer value used to reset the throttle after it has been reduced
248  * (typically in response to TRAN_BUSY or STATUS_QFULL)
249  */
250 static int sd_reset_throttle_timeout	= SD_RESET_THROTTLE_TIMEOUT;
251 static int sd_qfull_throttle_timeout	= SD_QFULL_THROTTLE_TIMEOUT;
252 
253 /*
254  * Interval value associated with the media change scsi watch.
255  */
256 static int sd_check_media_time		= 3000000;
257 
258 /*
259  * Wait value used for in progress operations during a DDI_SUSPEND
260  */
261 static int sd_wait_cmds_complete	= SD_WAIT_CMDS_COMPLETE;
262 
263 /*
264  * sd_label_mutex protects a static buffer used in the disk label
265  * component of the driver
266  */
267 static kmutex_t sd_label_mutex;
268 
269 /*
270  * sd_detach_mutex protects un_layer_count, un_detach_count, and
271  * un_opens_in_progress in the sd_lun structure.
272  */
273 static kmutex_t sd_detach_mutex;
274 
275 _NOTE(MUTEX_PROTECTS_DATA(sd_detach_mutex,
276 	sd_lun::{un_layer_count un_detach_count un_opens_in_progress}))
277 
278 /*
279  * Global buffer and mutex for debug logging
280  */
281 static char	sd_log_buf[1024];
282 static kmutex_t	sd_log_mutex;
283 
284 
285 /*
286  * "Smart" Probe Caching structs, globals, #defines, etc.
287  * For parallel scsi and non-self-identify device only.
288  */
289 
290 /*
291  * The following resources and routines are implemented to support
292  * "smart" probing, which caches the scsi_probe() results in an array,
293  * in order to help avoid long probe times.
294  */
295 struct sd_scsi_probe_cache {
296 	struct	sd_scsi_probe_cache	*next;
297 	dev_info_t	*pdip;
298 	int		cache[NTARGETS_WIDE];
299 };
300 
301 static kmutex_t	sd_scsi_probe_cache_mutex;
302 static struct	sd_scsi_probe_cache *sd_scsi_probe_cache_head = NULL;
303 
304 /*
305  * Really we only need protection on the head of the linked list, but
306  * better safe than sorry.
307  */
308 _NOTE(MUTEX_PROTECTS_DATA(sd_scsi_probe_cache_mutex,
309     sd_scsi_probe_cache::next sd_scsi_probe_cache::pdip))
310 
311 _NOTE(MUTEX_PROTECTS_DATA(sd_scsi_probe_cache_mutex,
312     sd_scsi_probe_cache_head))
313 
314 
315 /*
316  * Vendor specific data name property declarations
317  */
318 
319 #if defined(__fibre) || defined(__i386) ||defined(__amd64)
320 
321 static sd_tunables seagate_properties = {
322 	SEAGATE_THROTTLE_VALUE,
323 	0,
324 	0,
325 	0,
326 	0,
327 	0,
328 	0,
329 	0,
330 	0
331 };
332 
333 
334 static sd_tunables fujitsu_properties = {
335 	FUJITSU_THROTTLE_VALUE,
336 	0,
337 	0,
338 	0,
339 	0,
340 	0,
341 	0,
342 	0,
343 	0
344 };
345 
346 static sd_tunables ibm_properties = {
347 	IBM_THROTTLE_VALUE,
348 	0,
349 	0,
350 	0,
351 	0,
352 	0,
353 	0,
354 	0,
355 	0
356 };
357 
358 static sd_tunables purple_properties = {
359 	PURPLE_THROTTLE_VALUE,
360 	0,
361 	0,
362 	PURPLE_BUSY_RETRIES,
363 	PURPLE_RESET_RETRY_COUNT,
364 	PURPLE_RESERVE_RELEASE_TIME,
365 	0,
366 	0,
367 	0
368 };
369 
370 static sd_tunables sve_properties = {
371 	SVE_THROTTLE_VALUE,
372 	0,
373 	0,
374 	SVE_BUSY_RETRIES,
375 	SVE_RESET_RETRY_COUNT,
376 	SVE_RESERVE_RELEASE_TIME,
377 	SVE_MIN_THROTTLE_VALUE,
378 	SVE_DISKSORT_DISABLED_FLAG,
379 	0
380 };
381 
382 static sd_tunables maserati_properties = {
383 	0,
384 	0,
385 	0,
386 	0,
387 	0,
388 	0,
389 	0,
390 	MASERATI_DISKSORT_DISABLED_FLAG,
391 	MASERATI_LUN_RESET_ENABLED_FLAG
392 };
393 
394 static sd_tunables pirus_properties = {
395 	PIRUS_THROTTLE_VALUE,
396 	0,
397 	PIRUS_NRR_COUNT,
398 	PIRUS_BUSY_RETRIES,
399 	PIRUS_RESET_RETRY_COUNT,
400 	0,
401 	PIRUS_MIN_THROTTLE_VALUE,
402 	PIRUS_DISKSORT_DISABLED_FLAG,
403 	PIRUS_LUN_RESET_ENABLED_FLAG
404 };
405 
406 #endif
407 
408 #if (defined(__sparc) && !defined(__fibre)) || \
409 	(defined(__i386) || defined(__amd64))
410 
411 
412 static sd_tunables elite_properties = {
413 	ELITE_THROTTLE_VALUE,
414 	0,
415 	0,
416 	0,
417 	0,
418 	0,
419 	0,
420 	0,
421 	0
422 };
423 
424 static sd_tunables st31200n_properties = {
425 	ST31200N_THROTTLE_VALUE,
426 	0,
427 	0,
428 	0,
429 	0,
430 	0,
431 	0,
432 	0,
433 	0
434 };
435 
436 #endif /* Fibre or not */
437 
438 static sd_tunables lsi_properties_scsi = {
439 	LSI_THROTTLE_VALUE,
440 	0,
441 	LSI_NOTREADY_RETRIES,
442 	0,
443 	0,
444 	0,
445 	0,
446 	0,
447 	0
448 };
449 
450 static sd_tunables symbios_properties = {
451 	SYMBIOS_THROTTLE_VALUE,
452 	0,
453 	SYMBIOS_NOTREADY_RETRIES,
454 	0,
455 	0,
456 	0,
457 	0,
458 	0,
459 	0
460 };
461 
462 static sd_tunables lsi_properties = {
463 	0,
464 	0,
465 	LSI_NOTREADY_RETRIES,
466 	0,
467 	0,
468 	0,
469 	0,
470 	0,
471 	0
472 };
473 
474 static sd_tunables lsi_oem_properties = {
475 	0,
476 	0,
477 	LSI_OEM_NOTREADY_RETRIES,
478 	0,
479 	0,
480 	0,
481 	0,
482 	0,
483 	0
484 };
485 
486 
487 
488 #if (defined(SD_PROP_TST))
489 
490 #define	SD_TST_CTYPE_VAL	CTYPE_CDROM
491 #define	SD_TST_THROTTLE_VAL	16
492 #define	SD_TST_NOTREADY_VAL	12
493 #define	SD_TST_BUSY_VAL		60
494 #define	SD_TST_RST_RETRY_VAL	36
495 #define	SD_TST_RSV_REL_TIME	60
496 
497 static sd_tunables tst_properties = {
498 	SD_TST_THROTTLE_VAL,
499 	SD_TST_CTYPE_VAL,
500 	SD_TST_NOTREADY_VAL,
501 	SD_TST_BUSY_VAL,
502 	SD_TST_RST_RETRY_VAL,
503 	SD_TST_RSV_REL_TIME,
504 	0,
505 	0,
506 	0
507 };
508 #endif
509 
510 /* This is similiar to the ANSI toupper implementation */
511 #define	SD_TOUPPER(C)	(((C) >= 'a' && (C) <= 'z') ? (C) - 'a' + 'A' : (C))
512 
513 /*
514  * Static Driver Configuration Table
515  *
516  * This is the table of disks which need throttle adjustment (or, perhaps
517  * something else as defined by the flags at a future time.)  device_id
518  * is a string consisting of concatenated vid (vendor), pid (product/model)
519  * and revision strings as defined in the scsi_inquiry structure.  Offsets of
520  * the parts of the string are as defined by the sizes in the scsi_inquiry
521  * structure.  Device type is searched as far as the device_id string is
522  * defined.  Flags defines which values are to be set in the driver from the
523  * properties list.
524  *
525  * Entries below which begin and end with a "*" are a special case.
526  * These do not have a specific vendor, and the string which follows
527  * can appear anywhere in the 16 byte PID portion of the inquiry data.
528  *
529  * Entries below which begin and end with a " " (blank) are a special
530  * case. The comparison function will treat multiple consecutive blanks
531  * as equivalent to a single blank. For example, this causes a
532  * sd_disk_table entry of " NEC CDROM " to match a device's id string
533  * of  "NEC       CDROM".
534  *
535  * Note: The MD21 controller type has been obsoleted.
536  *	 ST318202F is a Legacy device
537  *	 MAM3182FC, MAM3364FC, MAM3738FC do not appear to have ever been
538  *	 made with an FC connection. The entries here are a legacy.
539  */
540 static sd_disk_config_t sd_disk_table[] = {
541 #if defined(__fibre) || defined(__i386) || defined(__amd64)
542 	{ "SEAGATE ST34371FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
543 	{ "SEAGATE ST19171FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
544 	{ "SEAGATE ST39102FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
545 	{ "SEAGATE ST39103FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
546 	{ "SEAGATE ST118273F", SD_CONF_BSET_THROTTLE, &seagate_properties },
547 	{ "SEAGATE ST318202F", SD_CONF_BSET_THROTTLE, &seagate_properties },
548 	{ "SEAGATE ST318203F", SD_CONF_BSET_THROTTLE, &seagate_properties },
549 	{ "SEAGATE ST136403F", SD_CONF_BSET_THROTTLE, &seagate_properties },
550 	{ "SEAGATE ST318304F", SD_CONF_BSET_THROTTLE, &seagate_properties },
551 	{ "SEAGATE ST336704F", SD_CONF_BSET_THROTTLE, &seagate_properties },
552 	{ "SEAGATE ST373405F", SD_CONF_BSET_THROTTLE, &seagate_properties },
553 	{ "SEAGATE ST336605F", SD_CONF_BSET_THROTTLE, &seagate_properties },
554 	{ "SEAGATE ST336752F", SD_CONF_BSET_THROTTLE, &seagate_properties },
555 	{ "SEAGATE ST318452F", SD_CONF_BSET_THROTTLE, &seagate_properties },
556 	{ "FUJITSU MAG3091F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
557 	{ "FUJITSU MAG3182F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
558 	{ "FUJITSU MAA3182F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
559 	{ "FUJITSU MAF3364F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
560 	{ "FUJITSU MAL3364F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
561 	{ "FUJITSU MAL3738F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
562 	{ "FUJITSU MAM3182FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
563 	{ "FUJITSU MAM3364FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
564 	{ "FUJITSU MAM3738FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
565 	{ "IBM     DDYFT1835",  SD_CONF_BSET_THROTTLE, &ibm_properties },
566 	{ "IBM     DDYFT3695",  SD_CONF_BSET_THROTTLE, &ibm_properties },
567 	{ "IBM     IC35LF2D2",  SD_CONF_BSET_THROTTLE, &ibm_properties },
568 	{ "IBM     IC35LF2PR",  SD_CONF_BSET_THROTTLE, &ibm_properties },
569 	{ "IBM     3526",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
570 	{ "IBM     3542",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
571 	{ "IBM     3552",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
572 	{ "IBM     1722",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
573 	{ "IBM     1742",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
574 	{ "IBM     1815",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
575 	{ "IBM     FAStT",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
576 	{ "LSI     INF",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
577 	{ "ENGENIO INF",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
578 	{ "SGI     TP",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
579 	{ "SGI     IS",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
580 	{ "*CSM100_*",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
581 	{ "*CSM200_*",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
582 	{ "LSI",		SD_CONF_BSET_NRR_COUNT, &lsi_properties },
583 	{ "SUN     T3", SD_CONF_BSET_THROTTLE |
584 			SD_CONF_BSET_BSY_RETRY_COUNT|
585 			SD_CONF_BSET_RST_RETRIES|
586 			SD_CONF_BSET_RSV_REL_TIME,
587 		&purple_properties },
588 	{ "SUN     SESS01", SD_CONF_BSET_THROTTLE |
589 		SD_CONF_BSET_BSY_RETRY_COUNT|
590 		SD_CONF_BSET_RST_RETRIES|
591 		SD_CONF_BSET_RSV_REL_TIME|
592 		SD_CONF_BSET_MIN_THROTTLE|
593 		SD_CONF_BSET_DISKSORT_DISABLED,
594 		&sve_properties },
595 	{ "SUN     T4", SD_CONF_BSET_THROTTLE |
596 			SD_CONF_BSET_BSY_RETRY_COUNT|
597 			SD_CONF_BSET_RST_RETRIES|
598 			SD_CONF_BSET_RSV_REL_TIME,
599 		&purple_properties },
600 	{ "SUN     SVE01", SD_CONF_BSET_DISKSORT_DISABLED |
601 		SD_CONF_BSET_LUN_RESET_ENABLED,
602 		&maserati_properties },
603 	{ "SUN     SE6920", SD_CONF_BSET_THROTTLE |
604 		SD_CONF_BSET_NRR_COUNT|
605 		SD_CONF_BSET_BSY_RETRY_COUNT|
606 		SD_CONF_BSET_RST_RETRIES|
607 		SD_CONF_BSET_MIN_THROTTLE|
608 		SD_CONF_BSET_DISKSORT_DISABLED|
609 		SD_CONF_BSET_LUN_RESET_ENABLED,
610 		&pirus_properties },
611 	{ "SUN     SE6940", SD_CONF_BSET_THROTTLE |
612 		SD_CONF_BSET_NRR_COUNT|
613 		SD_CONF_BSET_BSY_RETRY_COUNT|
614 		SD_CONF_BSET_RST_RETRIES|
615 		SD_CONF_BSET_MIN_THROTTLE|
616 		SD_CONF_BSET_DISKSORT_DISABLED|
617 		SD_CONF_BSET_LUN_RESET_ENABLED,
618 		&pirus_properties },
619 	{ "SUN     StorageTek 6920", SD_CONF_BSET_THROTTLE |
620 		SD_CONF_BSET_NRR_COUNT|
621 		SD_CONF_BSET_BSY_RETRY_COUNT|
622 		SD_CONF_BSET_RST_RETRIES|
623 		SD_CONF_BSET_MIN_THROTTLE|
624 		SD_CONF_BSET_DISKSORT_DISABLED|
625 		SD_CONF_BSET_LUN_RESET_ENABLED,
626 		&pirus_properties },
627 	{ "SUN     StorageTek 6940", SD_CONF_BSET_THROTTLE |
628 		SD_CONF_BSET_NRR_COUNT|
629 		SD_CONF_BSET_BSY_RETRY_COUNT|
630 		SD_CONF_BSET_RST_RETRIES|
631 		SD_CONF_BSET_MIN_THROTTLE|
632 		SD_CONF_BSET_DISKSORT_DISABLED|
633 		SD_CONF_BSET_LUN_RESET_ENABLED,
634 		&pirus_properties },
635 	{ "SUN     PSX1000", SD_CONF_BSET_THROTTLE |
636 		SD_CONF_BSET_NRR_COUNT|
637 		SD_CONF_BSET_BSY_RETRY_COUNT|
638 		SD_CONF_BSET_RST_RETRIES|
639 		SD_CONF_BSET_MIN_THROTTLE|
640 		SD_CONF_BSET_DISKSORT_DISABLED|
641 		SD_CONF_BSET_LUN_RESET_ENABLED,
642 		&pirus_properties },
643 	{ "SUN     SE6330", SD_CONF_BSET_THROTTLE |
644 		SD_CONF_BSET_NRR_COUNT|
645 		SD_CONF_BSET_BSY_RETRY_COUNT|
646 		SD_CONF_BSET_RST_RETRIES|
647 		SD_CONF_BSET_MIN_THROTTLE|
648 		SD_CONF_BSET_DISKSORT_DISABLED|
649 		SD_CONF_BSET_LUN_RESET_ENABLED,
650 		&pirus_properties },
651 	{ "STK     OPENstorage", SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
652 	{ "STK     OpenStorage", SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
653 	{ "STK     BladeCtlr",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
654 	{ "STK     FLEXLINE",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
655 	{ "SYMBIOS", SD_CONF_BSET_NRR_COUNT, &symbios_properties },
656 #endif /* fibre or NON-sparc platforms */
657 #if ((defined(__sparc) && !defined(__fibre)) ||\
658 	(defined(__i386) || defined(__amd64)))
659 	{ "SEAGATE ST42400N", SD_CONF_BSET_THROTTLE, &elite_properties },
660 	{ "SEAGATE ST31200N", SD_CONF_BSET_THROTTLE, &st31200n_properties },
661 	{ "SEAGATE ST41600N", SD_CONF_BSET_TUR_CHECK, NULL },
662 	{ "CONNER  CP30540",  SD_CONF_BSET_NOCACHE,  NULL },
663 	{ "*SUN0104*", SD_CONF_BSET_FAB_DEVID, NULL },
664 	{ "*SUN0207*", SD_CONF_BSET_FAB_DEVID, NULL },
665 	{ "*SUN0327*", SD_CONF_BSET_FAB_DEVID, NULL },
666 	{ "*SUN0340*", SD_CONF_BSET_FAB_DEVID, NULL },
667 	{ "*SUN0424*", SD_CONF_BSET_FAB_DEVID, NULL },
668 	{ "*SUN0669*", SD_CONF_BSET_FAB_DEVID, NULL },
669 	{ "*SUN1.0G*", SD_CONF_BSET_FAB_DEVID, NULL },
670 	{ "SYMBIOS INF-01-00       ", SD_CONF_BSET_FAB_DEVID, NULL },
671 	{ "SYMBIOS", SD_CONF_BSET_THROTTLE|SD_CONF_BSET_NRR_COUNT,
672 	    &symbios_properties },
673 	{ "LSI", SD_CONF_BSET_THROTTLE | SD_CONF_BSET_NRR_COUNT,
674 	    &lsi_properties_scsi },
675 #if defined(__i386) || defined(__amd64)
676 	{ " NEC CD-ROM DRIVE:260 ", (SD_CONF_BSET_PLAYMSF_BCD
677 				    | SD_CONF_BSET_READSUB_BCD
678 				    | SD_CONF_BSET_READ_TOC_ADDR_BCD
679 				    | SD_CONF_BSET_NO_READ_HEADER
680 				    | SD_CONF_BSET_READ_CD_XD4), NULL },
681 
682 	{ " NEC CD-ROM DRIVE:270 ", (SD_CONF_BSET_PLAYMSF_BCD
683 				    | SD_CONF_BSET_READSUB_BCD
684 				    | SD_CONF_BSET_READ_TOC_ADDR_BCD
685 				    | SD_CONF_BSET_NO_READ_HEADER
686 				    | SD_CONF_BSET_READ_CD_XD4), NULL },
687 #endif /* __i386 || __amd64 */
688 #endif /* sparc NON-fibre or NON-sparc platforms */
689 
690 #if (defined(SD_PROP_TST))
691 	{ "VENDOR  PRODUCT ", (SD_CONF_BSET_THROTTLE
692 				| SD_CONF_BSET_CTYPE
693 				| SD_CONF_BSET_NRR_COUNT
694 				| SD_CONF_BSET_FAB_DEVID
695 				| SD_CONF_BSET_NOCACHE
696 				| SD_CONF_BSET_BSY_RETRY_COUNT
697 				| SD_CONF_BSET_PLAYMSF_BCD
698 				| SD_CONF_BSET_READSUB_BCD
699 				| SD_CONF_BSET_READ_TOC_TRK_BCD
700 				| SD_CONF_BSET_READ_TOC_ADDR_BCD
701 				| SD_CONF_BSET_NO_READ_HEADER
702 				| SD_CONF_BSET_READ_CD_XD4
703 				| SD_CONF_BSET_RST_RETRIES
704 				| SD_CONF_BSET_RSV_REL_TIME
705 				| SD_CONF_BSET_TUR_CHECK), &tst_properties},
706 #endif
707 };
708 
709 static const int sd_disk_table_size =
710 	sizeof (sd_disk_table)/ sizeof (sd_disk_config_t);
711 
712 
713 /*
714  * Return codes of sd_uselabel().
715  */
716 #define	SD_LABEL_IS_VALID		0
717 #define	SD_LABEL_IS_INVALID		1
718 
719 #define	SD_INTERCONNECT_PARALLEL	0
720 #define	SD_INTERCONNECT_FABRIC		1
721 #define	SD_INTERCONNECT_FIBRE		2
722 #define	SD_INTERCONNECT_SSA		3
723 #define	SD_IS_PARALLEL_SCSI(un)		\
724 	((un)->un_interconnect_type == SD_INTERCONNECT_PARALLEL)
725 
726 /*
727  * Definitions used by device id registration routines
728  */
729 #define	VPD_HEAD_OFFSET		3	/* size of head for vpd page */
730 #define	VPD_PAGE_LENGTH		3	/* offset for pge length data */
731 #define	VPD_MODE_PAGE		1	/* offset into vpd pg for "page code" */
732 #define	WD_NODE			7	/* the whole disk minor */
733 
734 static kmutex_t sd_sense_mutex = {0};
735 
736 /*
737  * Macros for updates of the driver state
738  */
739 #define	New_state(un, s)        \
740 	(un)->un_last_state = (un)->un_state, (un)->un_state = (s)
741 #define	Restore_state(un)	\
742 	{ uchar_t tmp = (un)->un_last_state; New_state((un), tmp); }
743 
744 static struct sd_cdbinfo sd_cdbtab[] = {
745 	{ CDB_GROUP0, 0x00,	   0x1FFFFF,   0xFF,	    },
746 	{ CDB_GROUP1, SCMD_GROUP1, 0xFFFFFFFF, 0xFFFF,	    },
747 	{ CDB_GROUP5, SCMD_GROUP5, 0xFFFFFFFF, 0xFFFFFFFF,  },
748 	{ CDB_GROUP4, SCMD_GROUP4, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFF, },
749 };
750 
751 /*
752  * Specifies the number of seconds that must have elapsed since the last
753  * cmd. has completed for a device to be declared idle to the PM framework.
754  */
755 static int sd_pm_idletime = 1;
756 
757 /*
758  * Internal function prototypes
759  */
760 
761 #if (defined(__fibre))
762 /*
763  * These #defines are to avoid namespace collisions that occur because this
764  * code is currently used to compile two seperate driver modules: sd and ssd.
765  * All function names need to be treated this way (even if declared static)
766  * in order to allow the debugger to resolve the names properly.
767  * It is anticipated that in the near future the ssd module will be obsoleted,
768  * at which time this ugliness should go away.
769  */
770 #define	sd_log_trace			ssd_log_trace
771 #define	sd_log_info			ssd_log_info
772 #define	sd_log_err			ssd_log_err
773 #define	sdprobe				ssdprobe
774 #define	sdinfo				ssdinfo
775 #define	sd_prop_op			ssd_prop_op
776 #define	sd_scsi_probe_cache_init	ssd_scsi_probe_cache_init
777 #define	sd_scsi_probe_cache_fini	ssd_scsi_probe_cache_fini
778 #define	sd_scsi_clear_probe_cache	ssd_scsi_clear_probe_cache
779 #define	sd_scsi_probe_with_cache	ssd_scsi_probe_with_cache
780 #define	sd_spin_up_unit			ssd_spin_up_unit
781 #define	sd_enable_descr_sense		ssd_enable_descr_sense
782 #define	sd_set_mmc_caps			ssd_set_mmc_caps
783 #define	sd_read_unit_properties		ssd_read_unit_properties
784 #define	sd_process_sdconf_file		ssd_process_sdconf_file
785 #define	sd_process_sdconf_table		ssd_process_sdconf_table
786 #define	sd_sdconf_id_match		ssd_sdconf_id_match
787 #define	sd_blank_cmp			ssd_blank_cmp
788 #define	sd_chk_vers1_data		ssd_chk_vers1_data
789 #define	sd_set_vers1_properties		ssd_set_vers1_properties
790 #define	sd_validate_geometry		ssd_validate_geometry
791 
792 #if defined(_SUNOS_VTOC_16)
793 #define	sd_convert_geometry		ssd_convert_geometry
794 #endif
795 
796 #define	sd_resync_geom_caches		ssd_resync_geom_caches
797 #define	sd_read_fdisk			ssd_read_fdisk
798 #define	sd_get_physical_geometry	ssd_get_physical_geometry
799 #define	sd_get_virtual_geometry		ssd_get_virtual_geometry
800 #define	sd_update_block_info		ssd_update_block_info
801 #define	sd_swap_efi_gpt			ssd_swap_efi_gpt
802 #define	sd_swap_efi_gpe			ssd_swap_efi_gpe
803 #define	sd_validate_efi			ssd_validate_efi
804 #define	sd_use_efi			ssd_use_efi
805 #define	sd_uselabel			ssd_uselabel
806 #define	sd_build_default_label		ssd_build_default_label
807 #define	sd_has_max_chs_vals		ssd_has_max_chs_vals
808 #define	sd_inq_fill			ssd_inq_fill
809 #define	sd_register_devid		ssd_register_devid
810 #define	sd_get_devid_block		ssd_get_devid_block
811 #define	sd_get_devid			ssd_get_devid
812 #define	sd_create_devid			ssd_create_devid
813 #define	sd_write_deviceid		ssd_write_deviceid
814 #define	sd_check_vpd_page_support	ssd_check_vpd_page_support
815 #define	sd_setup_pm			ssd_setup_pm
816 #define	sd_create_pm_components		ssd_create_pm_components
817 #define	sd_ddi_suspend			ssd_ddi_suspend
818 #define	sd_ddi_pm_suspend		ssd_ddi_pm_suspend
819 #define	sd_ddi_resume			ssd_ddi_resume
820 #define	sd_ddi_pm_resume		ssd_ddi_pm_resume
821 #define	sdpower				ssdpower
822 #define	sdattach			ssdattach
823 #define	sddetach			ssddetach
824 #define	sd_unit_attach			ssd_unit_attach
825 #define	sd_unit_detach			ssd_unit_detach
826 #define	sd_create_minor_nodes		ssd_create_minor_nodes
827 #define	sd_create_errstats		ssd_create_errstats
828 #define	sd_set_errstats			ssd_set_errstats
829 #define	sd_set_pstats			ssd_set_pstats
830 #define	sddump				ssddump
831 #define	sd_scsi_poll			ssd_scsi_poll
832 #define	sd_send_polled_RQS		ssd_send_polled_RQS
833 #define	sd_ddi_scsi_poll		ssd_ddi_scsi_poll
834 #define	sd_init_event_callbacks		ssd_init_event_callbacks
835 #define	sd_event_callback		ssd_event_callback
836 #define	sd_disable_caching		ssd_disable_caching
837 #define	sd_get_write_cache_enabled	ssd_get_write_cache_enabled
838 #define	sd_make_device			ssd_make_device
839 #define	sdopen				ssdopen
840 #define	sdclose				ssdclose
841 #define	sd_ready_and_valid		ssd_ready_and_valid
842 #define	sdmin				ssdmin
843 #define	sdread				ssdread
844 #define	sdwrite				ssdwrite
845 #define	sdaread				ssdaread
846 #define	sdawrite			ssdawrite
847 #define	sdstrategy			ssdstrategy
848 #define	sdioctl				ssdioctl
849 #define	sd_mapblockaddr_iostart		ssd_mapblockaddr_iostart
850 #define	sd_mapblocksize_iostart		ssd_mapblocksize_iostart
851 #define	sd_checksum_iostart		ssd_checksum_iostart
852 #define	sd_checksum_uscsi_iostart	ssd_checksum_uscsi_iostart
853 #define	sd_pm_iostart			ssd_pm_iostart
854 #define	sd_core_iostart			ssd_core_iostart
855 #define	sd_mapblockaddr_iodone		ssd_mapblockaddr_iodone
856 #define	sd_mapblocksize_iodone		ssd_mapblocksize_iodone
857 #define	sd_checksum_iodone		ssd_checksum_iodone
858 #define	sd_checksum_uscsi_iodone	ssd_checksum_uscsi_iodone
859 #define	sd_pm_iodone			ssd_pm_iodone
860 #define	sd_initpkt_for_buf		ssd_initpkt_for_buf
861 #define	sd_destroypkt_for_buf		ssd_destroypkt_for_buf
862 #define	sd_setup_rw_pkt			ssd_setup_rw_pkt
863 #define	sd_setup_next_rw_pkt		ssd_setup_next_rw_pkt
864 #define	sd_buf_iodone			ssd_buf_iodone
865 #define	sd_uscsi_strategy		ssd_uscsi_strategy
866 #define	sd_initpkt_for_uscsi		ssd_initpkt_for_uscsi
867 #define	sd_destroypkt_for_uscsi		ssd_destroypkt_for_uscsi
868 #define	sd_uscsi_iodone			ssd_uscsi_iodone
869 #define	sd_xbuf_strategy		ssd_xbuf_strategy
870 #define	sd_xbuf_init			ssd_xbuf_init
871 #define	sd_pm_entry			ssd_pm_entry
872 #define	sd_pm_exit			ssd_pm_exit
873 
874 #define	sd_pm_idletimeout_handler	ssd_pm_idletimeout_handler
875 #define	sd_pm_timeout_handler		ssd_pm_timeout_handler
876 
877 #define	sd_add_buf_to_waitq		ssd_add_buf_to_waitq
878 #define	sdintr				ssdintr
879 #define	sd_start_cmds			ssd_start_cmds
880 #define	sd_send_scsi_cmd		ssd_send_scsi_cmd
881 #define	sd_bioclone_alloc		ssd_bioclone_alloc
882 #define	sd_bioclone_free		ssd_bioclone_free
883 #define	sd_shadow_buf_alloc		ssd_shadow_buf_alloc
884 #define	sd_shadow_buf_free		ssd_shadow_buf_free
885 #define	sd_print_transport_rejected_message	\
886 					ssd_print_transport_rejected_message
887 #define	sd_retry_command		ssd_retry_command
888 #define	sd_set_retry_bp			ssd_set_retry_bp
889 #define	sd_send_request_sense_command	ssd_send_request_sense_command
890 #define	sd_start_retry_command		ssd_start_retry_command
891 #define	sd_start_direct_priority_command	\
892 					ssd_start_direct_priority_command
893 #define	sd_return_failed_command	ssd_return_failed_command
894 #define	sd_return_failed_command_no_restart	\
895 					ssd_return_failed_command_no_restart
896 #define	sd_return_command		ssd_return_command
897 #define	sd_sync_with_callback		ssd_sync_with_callback
898 #define	sdrunout			ssdrunout
899 #define	sd_mark_rqs_busy		ssd_mark_rqs_busy
900 #define	sd_mark_rqs_idle		ssd_mark_rqs_idle
901 #define	sd_reduce_throttle		ssd_reduce_throttle
902 #define	sd_restore_throttle		ssd_restore_throttle
903 #define	sd_print_incomplete_msg		ssd_print_incomplete_msg
904 #define	sd_init_cdb_limits		ssd_init_cdb_limits
905 #define	sd_pkt_status_good		ssd_pkt_status_good
906 #define	sd_pkt_status_check_condition	ssd_pkt_status_check_condition
907 #define	sd_pkt_status_busy		ssd_pkt_status_busy
908 #define	sd_pkt_status_reservation_conflict	\
909 					ssd_pkt_status_reservation_conflict
910 #define	sd_pkt_status_qfull		ssd_pkt_status_qfull
911 #define	sd_handle_request_sense		ssd_handle_request_sense
912 #define	sd_handle_auto_request_sense	ssd_handle_auto_request_sense
913 #define	sd_print_sense_failed_msg	ssd_print_sense_failed_msg
914 #define	sd_validate_sense_data		ssd_validate_sense_data
915 #define	sd_decode_sense			ssd_decode_sense
916 #define	sd_print_sense_msg		ssd_print_sense_msg
917 #define	sd_extract_sense_info_descr	ssd_extract_sense_info_descr
918 #define	sd_sense_key_no_sense		ssd_sense_key_no_sense
919 #define	sd_sense_key_recoverable_error	ssd_sense_key_recoverable_error
920 #define	sd_sense_key_not_ready		ssd_sense_key_not_ready
921 #define	sd_sense_key_medium_or_hardware_error	\
922 					ssd_sense_key_medium_or_hardware_error
923 #define	sd_sense_key_illegal_request	ssd_sense_key_illegal_request
924 #define	sd_sense_key_unit_attention	ssd_sense_key_unit_attention
925 #define	sd_sense_key_fail_command	ssd_sense_key_fail_command
926 #define	sd_sense_key_blank_check	ssd_sense_key_blank_check
927 #define	sd_sense_key_aborted_command	ssd_sense_key_aborted_command
928 #define	sd_sense_key_default		ssd_sense_key_default
929 #define	sd_print_retry_msg		ssd_print_retry_msg
930 #define	sd_print_cmd_incomplete_msg	ssd_print_cmd_incomplete_msg
931 #define	sd_pkt_reason_cmd_incomplete	ssd_pkt_reason_cmd_incomplete
932 #define	sd_pkt_reason_cmd_tran_err	ssd_pkt_reason_cmd_tran_err
933 #define	sd_pkt_reason_cmd_reset		ssd_pkt_reason_cmd_reset
934 #define	sd_pkt_reason_cmd_aborted	ssd_pkt_reason_cmd_aborted
935 #define	sd_pkt_reason_cmd_timeout	ssd_pkt_reason_cmd_timeout
936 #define	sd_pkt_reason_cmd_unx_bus_free	ssd_pkt_reason_cmd_unx_bus_free
937 #define	sd_pkt_reason_cmd_tag_reject	ssd_pkt_reason_cmd_tag_reject
938 #define	sd_pkt_reason_default		ssd_pkt_reason_default
939 #define	sd_reset_target			ssd_reset_target
940 #define	sd_start_stop_unit_callback	ssd_start_stop_unit_callback
941 #define	sd_start_stop_unit_task		ssd_start_stop_unit_task
942 #define	sd_taskq_create			ssd_taskq_create
943 #define	sd_taskq_delete			ssd_taskq_delete
944 #define	sd_media_change_task		ssd_media_change_task
945 #define	sd_handle_mchange		ssd_handle_mchange
946 #define	sd_send_scsi_DOORLOCK		ssd_send_scsi_DOORLOCK
947 #define	sd_send_scsi_READ_CAPACITY	ssd_send_scsi_READ_CAPACITY
948 #define	sd_send_scsi_READ_CAPACITY_16	ssd_send_scsi_READ_CAPACITY_16
949 #define	sd_send_scsi_GET_CONFIGURATION	ssd_send_scsi_GET_CONFIGURATION
950 #define	sd_send_scsi_feature_GET_CONFIGURATION	\
951 					sd_send_scsi_feature_GET_CONFIGURATION
952 #define	sd_send_scsi_START_STOP_UNIT	ssd_send_scsi_START_STOP_UNIT
953 #define	sd_send_scsi_INQUIRY		ssd_send_scsi_INQUIRY
954 #define	sd_send_scsi_TEST_UNIT_READY	ssd_send_scsi_TEST_UNIT_READY
955 #define	sd_send_scsi_PERSISTENT_RESERVE_IN	\
956 					ssd_send_scsi_PERSISTENT_RESERVE_IN
957 #define	sd_send_scsi_PERSISTENT_RESERVE_OUT	\
958 					ssd_send_scsi_PERSISTENT_RESERVE_OUT
959 #define	sd_send_scsi_SYNCHRONIZE_CACHE	ssd_send_scsi_SYNCHRONIZE_CACHE
960 #define	sd_send_scsi_SYNCHRONIZE_CACHE_biodone	\
961 					ssd_send_scsi_SYNCHRONIZE_CACHE_biodone
962 #define	sd_send_scsi_MODE_SENSE		ssd_send_scsi_MODE_SENSE
963 #define	sd_send_scsi_MODE_SELECT	ssd_send_scsi_MODE_SELECT
964 #define	sd_send_scsi_RDWR		ssd_send_scsi_RDWR
965 #define	sd_send_scsi_LOG_SENSE		ssd_send_scsi_LOG_SENSE
966 #define	sd_alloc_rqs			ssd_alloc_rqs
967 #define	sd_free_rqs			ssd_free_rqs
968 #define	sd_dump_memory			ssd_dump_memory
969 #define	sd_uscsi_ioctl			ssd_uscsi_ioctl
970 #define	sd_get_media_info		ssd_get_media_info
971 #define	sd_dkio_ctrl_info		ssd_dkio_ctrl_info
972 #define	sd_dkio_get_geometry		ssd_dkio_get_geometry
973 #define	sd_dkio_set_geometry		ssd_dkio_set_geometry
974 #define	sd_dkio_get_partition		ssd_dkio_get_partition
975 #define	sd_dkio_set_partition		ssd_dkio_set_partition
976 #define	sd_dkio_partition		ssd_dkio_partition
977 #define	sd_dkio_get_vtoc		ssd_dkio_get_vtoc
978 #define	sd_dkio_get_efi			ssd_dkio_get_efi
979 #define	sd_build_user_vtoc		ssd_build_user_vtoc
980 #define	sd_dkio_set_vtoc		ssd_dkio_set_vtoc
981 #define	sd_dkio_set_efi			ssd_dkio_set_efi
982 #define	sd_build_label_vtoc		ssd_build_label_vtoc
983 #define	sd_write_label			ssd_write_label
984 #define	sd_clear_vtoc			ssd_clear_vtoc
985 #define	sd_clear_efi			ssd_clear_efi
986 #define	sd_get_tunables_from_conf	ssd_get_tunables_from_conf
987 #define	sd_setup_next_xfer		ssd_setup_next_xfer
988 #define	sd_dkio_get_temp		ssd_dkio_get_temp
989 #define	sd_dkio_get_mboot		ssd_dkio_get_mboot
990 #define	sd_dkio_set_mboot		ssd_dkio_set_mboot
991 #define	sd_setup_default_geometry	ssd_setup_default_geometry
992 #define	sd_update_fdisk_and_vtoc	ssd_update_fdisk_and_vtoc
993 #define	sd_check_mhd			ssd_check_mhd
994 #define	sd_mhd_watch_cb			ssd_mhd_watch_cb
995 #define	sd_mhd_watch_incomplete		ssd_mhd_watch_incomplete
996 #define	sd_sname			ssd_sname
997 #define	sd_mhd_resvd_recover		ssd_mhd_resvd_recover
998 #define	sd_resv_reclaim_thread		ssd_resv_reclaim_thread
999 #define	sd_take_ownership		ssd_take_ownership
1000 #define	sd_reserve_release		ssd_reserve_release
1001 #define	sd_rmv_resv_reclaim_req		ssd_rmv_resv_reclaim_req
1002 #define	sd_mhd_reset_notify_cb		ssd_mhd_reset_notify_cb
1003 #define	sd_persistent_reservation_in_read_keys	\
1004 					ssd_persistent_reservation_in_read_keys
1005 #define	sd_persistent_reservation_in_read_resv	\
1006 					ssd_persistent_reservation_in_read_resv
1007 #define	sd_mhdioc_takeown		ssd_mhdioc_takeown
1008 #define	sd_mhdioc_failfast		ssd_mhdioc_failfast
1009 #define	sd_mhdioc_release		ssd_mhdioc_release
1010 #define	sd_mhdioc_register_devid	ssd_mhdioc_register_devid
1011 #define	sd_mhdioc_inkeys		ssd_mhdioc_inkeys
1012 #define	sd_mhdioc_inresv		ssd_mhdioc_inresv
1013 #define	sr_change_blkmode		ssr_change_blkmode
1014 #define	sr_change_speed			ssr_change_speed
1015 #define	sr_atapi_change_speed		ssr_atapi_change_speed
1016 #define	sr_pause_resume			ssr_pause_resume
1017 #define	sr_play_msf			ssr_play_msf
1018 #define	sr_play_trkind			ssr_play_trkind
1019 #define	sr_read_all_subcodes		ssr_read_all_subcodes
1020 #define	sr_read_subchannel		ssr_read_subchannel
1021 #define	sr_read_tocentry		ssr_read_tocentry
1022 #define	sr_read_tochdr			ssr_read_tochdr
1023 #define	sr_read_cdda			ssr_read_cdda
1024 #define	sr_read_cdxa			ssr_read_cdxa
1025 #define	sr_read_mode1			ssr_read_mode1
1026 #define	sr_read_mode2			ssr_read_mode2
1027 #define	sr_read_cd_mode2		ssr_read_cd_mode2
1028 #define	sr_sector_mode			ssr_sector_mode
1029 #define	sr_eject			ssr_eject
1030 #define	sr_ejected			ssr_ejected
1031 #define	sr_check_wp			ssr_check_wp
1032 #define	sd_check_media			ssd_check_media
1033 #define	sd_media_watch_cb		ssd_media_watch_cb
1034 #define	sd_delayed_cv_broadcast		ssd_delayed_cv_broadcast
1035 #define	sr_volume_ctrl			ssr_volume_ctrl
1036 #define	sr_read_sony_session_offset	ssr_read_sony_session_offset
1037 #define	sd_log_page_supported		ssd_log_page_supported
1038 #define	sd_check_for_writable_cd	ssd_check_for_writable_cd
1039 #define	sd_wm_cache_constructor		ssd_wm_cache_constructor
1040 #define	sd_wm_cache_destructor		ssd_wm_cache_destructor
1041 #define	sd_range_lock			ssd_range_lock
1042 #define	sd_get_range			ssd_get_range
1043 #define	sd_free_inlist_wmap		ssd_free_inlist_wmap
1044 #define	sd_range_unlock			ssd_range_unlock
1045 #define	sd_read_modify_write_task	ssd_read_modify_write_task
1046 #define	sddump_do_read_of_rmw		ssddump_do_read_of_rmw
1047 
1048 #define	sd_iostart_chain		ssd_iostart_chain
1049 #define	sd_iodone_chain			ssd_iodone_chain
1050 #define	sd_initpkt_map			ssd_initpkt_map
1051 #define	sd_destroypkt_map		ssd_destroypkt_map
1052 #define	sd_chain_type_map		ssd_chain_type_map
1053 #define	sd_chain_index_map		ssd_chain_index_map
1054 
1055 #define	sd_failfast_flushctl		ssd_failfast_flushctl
1056 #define	sd_failfast_flushq		ssd_failfast_flushq
1057 #define	sd_failfast_flushq_callback	ssd_failfast_flushq_callback
1058 
1059 #define	sd_is_lsi			ssd_is_lsi
1060 
1061 #endif	/* #if (defined(__fibre)) */
1062 
1063 
1064 int _init(void);
1065 int _fini(void);
1066 int _info(struct modinfo *modinfop);
1067 
1068 /*PRINTFLIKE3*/
1069 static void sd_log_trace(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1070 /*PRINTFLIKE3*/
1071 static void sd_log_info(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1072 /*PRINTFLIKE3*/
1073 static void sd_log_err(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1074 
1075 static int sdprobe(dev_info_t *devi);
1076 static int sdinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg,
1077     void **result);
1078 static int sd_prop_op(dev_t dev, dev_info_t *dip, ddi_prop_op_t prop_op,
1079     int mod_flags, char *name, caddr_t valuep, int *lengthp);
1080 
1081 /*
1082  * Smart probe for parallel scsi
1083  */
1084 static void sd_scsi_probe_cache_init(void);
1085 static void sd_scsi_probe_cache_fini(void);
1086 static void sd_scsi_clear_probe_cache(void);
1087 static int  sd_scsi_probe_with_cache(struct scsi_device *devp, int (*fn)());
1088 
1089 static int	sd_spin_up_unit(struct sd_lun *un);
1090 #ifdef _LP64
1091 static void	sd_enable_descr_sense(struct sd_lun *un);
1092 #endif /* _LP64 */
1093 static void	sd_set_mmc_caps(struct sd_lun *un);
1094 
1095 static void sd_read_unit_properties(struct sd_lun *un);
1096 static int  sd_process_sdconf_file(struct sd_lun *un);
1097 static void sd_get_tunables_from_conf(struct sd_lun *un, int flags,
1098     int *data_list, sd_tunables *values);
1099 static void sd_process_sdconf_table(struct sd_lun *un);
1100 static int  sd_sdconf_id_match(struct sd_lun *un, char *id, int idlen);
1101 static int  sd_blank_cmp(struct sd_lun *un, char *id, int idlen);
1102 static int  sd_chk_vers1_data(struct sd_lun *un, int flags, int *prop_list,
1103 	int list_len, char *dataname_ptr);
1104 static void sd_set_vers1_properties(struct sd_lun *un, int flags,
1105     sd_tunables *prop_list);
1106 static int  sd_validate_geometry(struct sd_lun *un, int path_flag);
1107 
1108 #if defined(_SUNOS_VTOC_16)
1109 static void sd_convert_geometry(uint64_t capacity, struct dk_geom *un_g);
1110 #endif
1111 
1112 static void sd_resync_geom_caches(struct sd_lun *un, int capacity, int lbasize,
1113 	int path_flag);
1114 static int  sd_read_fdisk(struct sd_lun *un, uint_t capacity, int lbasize,
1115 	int path_flag);
1116 static void sd_get_physical_geometry(struct sd_lun *un,
1117 	struct geom_cache *pgeom_p, int capacity, int lbasize, int path_flag);
1118 static void sd_get_virtual_geometry(struct sd_lun *un, int capacity,
1119 	int lbasize);
1120 static int  sd_uselabel(struct sd_lun *un, struct dk_label *l, int path_flag);
1121 static void sd_swap_efi_gpt(efi_gpt_t *);
1122 static void sd_swap_efi_gpe(int nparts, efi_gpe_t *);
1123 static int sd_validate_efi(efi_gpt_t *);
1124 static int sd_use_efi(struct sd_lun *, int);
1125 static void sd_build_default_label(struct sd_lun *un);
1126 
1127 #if defined(_FIRMWARE_NEEDS_FDISK)
1128 static int  sd_has_max_chs_vals(struct ipart *fdp);
1129 #endif
1130 static void sd_inq_fill(char *p, int l, char *s);
1131 
1132 
1133 static void sd_register_devid(struct sd_lun *un, dev_info_t *devi,
1134     int reservation_flag);
1135 static daddr_t  sd_get_devid_block(struct sd_lun *un);
1136 static int  sd_get_devid(struct sd_lun *un);
1137 static int  sd_get_serialnum(struct sd_lun *un, uchar_t *wwn, int *len);
1138 static ddi_devid_t sd_create_devid(struct sd_lun *un);
1139 static int  sd_write_deviceid(struct sd_lun *un);
1140 static int  sd_get_devid_page(struct sd_lun *un, uchar_t *wwn, int *len);
1141 static int  sd_check_vpd_page_support(struct sd_lun *un);
1142 
1143 static void sd_setup_pm(struct sd_lun *un, dev_info_t *devi);
1144 static void sd_create_pm_components(dev_info_t *devi, struct sd_lun *un);
1145 
1146 static int  sd_ddi_suspend(dev_info_t *devi);
1147 static int  sd_ddi_pm_suspend(struct sd_lun *un);
1148 static int  sd_ddi_resume(dev_info_t *devi);
1149 static int  sd_ddi_pm_resume(struct sd_lun *un);
1150 static int  sdpower(dev_info_t *devi, int component, int level);
1151 
1152 static int  sdattach(dev_info_t *devi, ddi_attach_cmd_t cmd);
1153 static int  sddetach(dev_info_t *devi, ddi_detach_cmd_t cmd);
1154 static int  sd_unit_attach(dev_info_t *devi);
1155 static int  sd_unit_detach(dev_info_t *devi);
1156 
1157 static int  sd_create_minor_nodes(struct sd_lun *un, dev_info_t *devi);
1158 static void sd_create_errstats(struct sd_lun *un, int instance);
1159 static void sd_set_errstats(struct sd_lun *un);
1160 static void sd_set_pstats(struct sd_lun *un);
1161 
1162 static int  sddump(dev_t dev, caddr_t addr, daddr_t blkno, int nblk);
1163 static int  sd_scsi_poll(struct sd_lun *un, struct scsi_pkt *pkt);
1164 static int  sd_send_polled_RQS(struct sd_lun *un);
1165 static int  sd_ddi_scsi_poll(struct scsi_pkt *pkt);
1166 
1167 #if (defined(__fibre))
1168 /*
1169  * Event callbacks (photon)
1170  */
1171 static void sd_init_event_callbacks(struct sd_lun *un);
1172 static void  sd_event_callback(dev_info_t *, ddi_eventcookie_t, void *, void *);
1173 #endif
1174 
1175 
1176 static int   sd_disable_caching(struct sd_lun *un);
1177 static int   sd_get_write_cache_enabled(struct sd_lun *un, int *is_enabled);
1178 static dev_t sd_make_device(dev_info_t *devi);
1179 
1180 static void  sd_update_block_info(struct sd_lun *un, uint32_t lbasize,
1181 	uint64_t capacity);
1182 
1183 /*
1184  * Driver entry point functions.
1185  */
1186 static int  sdopen(dev_t *dev_p, int flag, int otyp, cred_t *cred_p);
1187 static int  sdclose(dev_t dev, int flag, int otyp, cred_t *cred_p);
1188 static int  sd_ready_and_valid(struct sd_lun *un);
1189 
1190 static void sdmin(struct buf *bp);
1191 static int sdread(dev_t dev, struct uio *uio, cred_t *cred_p);
1192 static int sdwrite(dev_t dev, struct uio *uio, cred_t *cred_p);
1193 static int sdaread(dev_t dev, struct aio_req *aio, cred_t *cred_p);
1194 static int sdawrite(dev_t dev, struct aio_req *aio, cred_t *cred_p);
1195 
1196 static int sdstrategy(struct buf *bp);
1197 static int sdioctl(dev_t, int, intptr_t, int, cred_t *, int *);
1198 
1199 /*
1200  * Function prototypes for layering functions in the iostart chain.
1201  */
1202 static void sd_mapblockaddr_iostart(int index, struct sd_lun *un,
1203 	struct buf *bp);
1204 static void sd_mapblocksize_iostart(int index, struct sd_lun *un,
1205 	struct buf *bp);
1206 static void sd_checksum_iostart(int index, struct sd_lun *un, struct buf *bp);
1207 static void sd_checksum_uscsi_iostart(int index, struct sd_lun *un,
1208 	struct buf *bp);
1209 static void sd_pm_iostart(int index, struct sd_lun *un, struct buf *bp);
1210 static void sd_core_iostart(int index, struct sd_lun *un, struct buf *bp);
1211 
1212 /*
1213  * Function prototypes for layering functions in the iodone chain.
1214  */
1215 static void sd_buf_iodone(int index, struct sd_lun *un, struct buf *bp);
1216 static void sd_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp);
1217 static void sd_mapblockaddr_iodone(int index, struct sd_lun *un,
1218 	struct buf *bp);
1219 static void sd_mapblocksize_iodone(int index, struct sd_lun *un,
1220 	struct buf *bp);
1221 static void sd_checksum_iodone(int index, struct sd_lun *un, struct buf *bp);
1222 static void sd_checksum_uscsi_iodone(int index, struct sd_lun *un,
1223 	struct buf *bp);
1224 static void sd_pm_iodone(int index, struct sd_lun *un, struct buf *bp);
1225 
1226 /*
1227  * Prototypes for functions to support buf(9S) based IO.
1228  */
1229 static void sd_xbuf_strategy(struct buf *bp, ddi_xbuf_t xp, void *arg);
1230 static int sd_initpkt_for_buf(struct buf *, struct scsi_pkt **);
1231 static void sd_destroypkt_for_buf(struct buf *);
1232 static int sd_setup_rw_pkt(struct sd_lun *un, struct scsi_pkt **pktpp,
1233 	struct buf *bp, int flags,
1234 	int (*callback)(caddr_t), caddr_t callback_arg,
1235 	diskaddr_t lba, uint32_t blockcount);
1236 #if defined(__i386) || defined(__amd64)
1237 static int sd_setup_next_rw_pkt(struct sd_lun *un, struct scsi_pkt *pktp,
1238 	struct buf *bp, diskaddr_t lba, uint32_t blockcount);
1239 #endif /* defined(__i386) || defined(__amd64) */
1240 
1241 /*
1242  * Prototypes for functions to support USCSI IO.
1243  */
1244 static int sd_uscsi_strategy(struct buf *bp);
1245 static int sd_initpkt_for_uscsi(struct buf *, struct scsi_pkt **);
1246 static void sd_destroypkt_for_uscsi(struct buf *);
1247 
1248 static void sd_xbuf_init(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
1249 	uchar_t chain_type, void *pktinfop);
1250 
1251 static int  sd_pm_entry(struct sd_lun *un);
1252 static void sd_pm_exit(struct sd_lun *un);
1253 
1254 static void sd_pm_idletimeout_handler(void *arg);
1255 
1256 /*
1257  * sd_core internal functions (used at the sd_core_io layer).
1258  */
1259 static void sd_add_buf_to_waitq(struct sd_lun *un, struct buf *bp);
1260 static void sdintr(struct scsi_pkt *pktp);
1261 static void sd_start_cmds(struct sd_lun *un, struct buf *immed_bp);
1262 
1263 static int sd_send_scsi_cmd(dev_t dev, struct uscsi_cmd *incmd,
1264 	enum uio_seg cdbspace, enum uio_seg dataspace, enum uio_seg rqbufspace,
1265 	int path_flag);
1266 
1267 static struct buf *sd_bioclone_alloc(struct buf *bp, size_t datalen,
1268 	daddr_t blkno, int (*func)(struct buf *));
1269 static struct buf *sd_shadow_buf_alloc(struct buf *bp, size_t datalen,
1270 	uint_t bflags, daddr_t blkno, int (*func)(struct buf *));
1271 static void sd_bioclone_free(struct buf *bp);
1272 static void sd_shadow_buf_free(struct buf *bp);
1273 
1274 static void sd_print_transport_rejected_message(struct sd_lun *un,
1275 	struct sd_xbuf *xp, int code);
1276 
1277 static void sd_retry_command(struct sd_lun *un, struct buf *bp,
1278 	int retry_check_flag,
1279 	void (*user_funcp)(struct sd_lun *un, struct buf *bp, void *argp,
1280 		int c),
1281 	void *user_arg, int failure_code,  clock_t retry_delay,
1282 	void (*statp)(kstat_io_t *));
1283 
1284 static void sd_set_retry_bp(struct sd_lun *un, struct buf *bp,
1285 	clock_t retry_delay, void (*statp)(kstat_io_t *));
1286 
1287 static void sd_send_request_sense_command(struct sd_lun *un, struct buf *bp,
1288 	struct scsi_pkt *pktp);
1289 static void sd_start_retry_command(void *arg);
1290 static void sd_start_direct_priority_command(void *arg);
1291 static void sd_return_failed_command(struct sd_lun *un, struct buf *bp,
1292 	int errcode);
1293 static void sd_return_failed_command_no_restart(struct sd_lun *un,
1294 	struct buf *bp, int errcode);
1295 static void sd_return_command(struct sd_lun *un, struct buf *bp);
1296 static void sd_sync_with_callback(struct sd_lun *un);
1297 static int sdrunout(caddr_t arg);
1298 
1299 static void sd_mark_rqs_busy(struct sd_lun *un, struct buf *bp);
1300 static struct buf *sd_mark_rqs_idle(struct sd_lun *un, struct sd_xbuf *xp);
1301 
1302 static void sd_reduce_throttle(struct sd_lun *un, int throttle_type);
1303 static void sd_restore_throttle(void *arg);
1304 
1305 static void sd_init_cdb_limits(struct sd_lun *un);
1306 
1307 static void sd_pkt_status_good(struct sd_lun *un, struct buf *bp,
1308 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1309 
1310 /*
1311  * Error handling functions
1312  */
1313 static void sd_pkt_status_check_condition(struct sd_lun *un, struct buf *bp,
1314 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1315 static void sd_pkt_status_busy(struct sd_lun *un, struct buf *bp,
1316 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1317 static void sd_pkt_status_reservation_conflict(struct sd_lun *un,
1318 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1319 static void sd_pkt_status_qfull(struct sd_lun *un, struct buf *bp,
1320 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1321 
1322 static void sd_handle_request_sense(struct sd_lun *un, struct buf *bp,
1323 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1324 static void sd_handle_auto_request_sense(struct sd_lun *un, struct buf *bp,
1325 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1326 static int sd_validate_sense_data(struct sd_lun *un, struct buf *bp,
1327 	struct sd_xbuf *xp);
1328 static void sd_decode_sense(struct sd_lun *un, struct buf *bp,
1329 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1330 
1331 static void sd_print_sense_msg(struct sd_lun *un, struct buf *bp,
1332 	void *arg, int code);
1333 static diskaddr_t sd_extract_sense_info_descr(
1334 	struct scsi_descr_sense_hdr *sdsp);
1335 
1336 static void sd_sense_key_no_sense(struct sd_lun *un, struct buf *bp,
1337 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1338 static void sd_sense_key_recoverable_error(struct sd_lun *un,
1339 	uint8_t asc,
1340 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1341 static void sd_sense_key_not_ready(struct sd_lun *un,
1342 	uint8_t asc, uint8_t ascq,
1343 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1344 static void sd_sense_key_medium_or_hardware_error(struct sd_lun *un,
1345 	int sense_key, uint8_t asc,
1346 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1347 static void sd_sense_key_illegal_request(struct sd_lun *un, struct buf *bp,
1348 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1349 static void sd_sense_key_unit_attention(struct sd_lun *un,
1350 	uint8_t asc,
1351 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1352 static void sd_sense_key_fail_command(struct sd_lun *un, struct buf *bp,
1353 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1354 static void sd_sense_key_blank_check(struct sd_lun *un, struct buf *bp,
1355 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1356 static void sd_sense_key_aborted_command(struct sd_lun *un, struct buf *bp,
1357 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1358 static void sd_sense_key_default(struct sd_lun *un,
1359 	int sense_key,
1360 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1361 
1362 static void sd_print_retry_msg(struct sd_lun *un, struct buf *bp,
1363 	void *arg, int flag);
1364 
1365 static void sd_pkt_reason_cmd_incomplete(struct sd_lun *un, struct buf *bp,
1366 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1367 static void sd_pkt_reason_cmd_tran_err(struct sd_lun *un, struct buf *bp,
1368 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1369 static void sd_pkt_reason_cmd_reset(struct sd_lun *un, struct buf *bp,
1370 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1371 static void sd_pkt_reason_cmd_aborted(struct sd_lun *un, struct buf *bp,
1372 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1373 static void sd_pkt_reason_cmd_timeout(struct sd_lun *un, struct buf *bp,
1374 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1375 static void sd_pkt_reason_cmd_unx_bus_free(struct sd_lun *un, struct buf *bp,
1376 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1377 static void sd_pkt_reason_cmd_tag_reject(struct sd_lun *un, struct buf *bp,
1378 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1379 static void sd_pkt_reason_default(struct sd_lun *un, struct buf *bp,
1380 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1381 
1382 static void sd_reset_target(struct sd_lun *un, struct scsi_pkt *pktp);
1383 
1384 static void sd_start_stop_unit_callback(void *arg);
1385 static void sd_start_stop_unit_task(void *arg);
1386 
1387 static void sd_taskq_create(void);
1388 static void sd_taskq_delete(void);
1389 static void sd_media_change_task(void *arg);
1390 
1391 static int sd_handle_mchange(struct sd_lun *un);
1392 static int sd_send_scsi_DOORLOCK(struct sd_lun *un, int flag, int path_flag);
1393 static int sd_send_scsi_READ_CAPACITY(struct sd_lun *un, uint64_t *capp,
1394 	uint32_t *lbap, int path_flag);
1395 static int sd_send_scsi_READ_CAPACITY_16(struct sd_lun *un, uint64_t *capp,
1396 	uint32_t *lbap, int path_flag);
1397 static int sd_send_scsi_START_STOP_UNIT(struct sd_lun *un, int flag,
1398 	int path_flag);
1399 static int sd_send_scsi_INQUIRY(struct sd_lun *un, uchar_t *bufaddr,
1400 	size_t buflen, uchar_t evpd, uchar_t page_code, size_t *residp);
1401 static int sd_send_scsi_TEST_UNIT_READY(struct sd_lun *un, int flag);
1402 static int sd_send_scsi_PERSISTENT_RESERVE_IN(struct sd_lun *un,
1403 	uchar_t usr_cmd, uint16_t data_len, uchar_t *data_bufp);
1404 static int sd_send_scsi_PERSISTENT_RESERVE_OUT(struct sd_lun *un,
1405 	uchar_t usr_cmd, uchar_t *usr_bufp);
1406 static int sd_send_scsi_SYNCHRONIZE_CACHE(struct sd_lun *un,
1407 	struct dk_callback *dkc);
1408 static int sd_send_scsi_SYNCHRONIZE_CACHE_biodone(struct buf *bp);
1409 static int sd_send_scsi_GET_CONFIGURATION(struct sd_lun *un,
1410 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
1411 	uchar_t *bufaddr, uint_t buflen);
1412 static int sd_send_scsi_feature_GET_CONFIGURATION(struct sd_lun *un,
1413 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
1414 	uchar_t *bufaddr, uint_t buflen, char feature);
1415 static int sd_send_scsi_MODE_SENSE(struct sd_lun *un, int cdbsize,
1416 	uchar_t *bufaddr, size_t buflen, uchar_t page_code, int path_flag);
1417 static int sd_send_scsi_MODE_SELECT(struct sd_lun *un, int cdbsize,
1418 	uchar_t *bufaddr, size_t buflen, uchar_t save_page, int path_flag);
1419 static int sd_send_scsi_RDWR(struct sd_lun *un, uchar_t cmd, void *bufaddr,
1420 	size_t buflen, daddr_t start_block, int path_flag);
1421 #define	sd_send_scsi_READ(un, bufaddr, buflen, start_block, path_flag)	\
1422 	sd_send_scsi_RDWR(un, SCMD_READ, bufaddr, buflen, start_block, \
1423 	path_flag)
1424 #define	sd_send_scsi_WRITE(un, bufaddr, buflen, start_block, path_flag)	\
1425 	sd_send_scsi_RDWR(un, SCMD_WRITE, bufaddr, buflen, start_block,\
1426 	path_flag)
1427 
1428 static int sd_send_scsi_LOG_SENSE(struct sd_lun *un, uchar_t *bufaddr,
1429 	uint16_t buflen, uchar_t page_code, uchar_t page_control,
1430 	uint16_t param_ptr, int path_flag);
1431 
1432 static int  sd_alloc_rqs(struct scsi_device *devp, struct sd_lun *un);
1433 static void sd_free_rqs(struct sd_lun *un);
1434 
1435 static void sd_dump_memory(struct sd_lun *un, uint_t comp, char *title,
1436 	uchar_t *data, int len, int fmt);
1437 
1438 /*
1439  * Disk Ioctl Function Prototypes
1440  */
1441 static int sd_uscsi_ioctl(dev_t dev, caddr_t arg, int flag);
1442 static int sd_get_media_info(dev_t dev, caddr_t arg, int flag);
1443 static int sd_dkio_ctrl_info(dev_t dev, caddr_t arg, int flag);
1444 static int sd_dkio_get_geometry(dev_t dev, caddr_t arg, int flag,
1445 	int geom_validated);
1446 static int sd_dkio_set_geometry(dev_t dev, caddr_t arg, int flag);
1447 static int sd_dkio_get_partition(dev_t dev, caddr_t arg, int flag,
1448 	int geom_validated);
1449 static int sd_dkio_set_partition(dev_t dev, caddr_t arg, int flag);
1450 static int sd_dkio_get_vtoc(dev_t dev, caddr_t arg, int flag,
1451 	int geom_validated);
1452 static int sd_dkio_get_efi(dev_t dev, caddr_t arg, int flag);
1453 static int sd_dkio_partition(dev_t dev, caddr_t arg, int flag);
1454 static void sd_build_user_vtoc(struct sd_lun *un, struct vtoc *user_vtoc);
1455 static int sd_dkio_set_vtoc(dev_t dev, caddr_t arg, int flag);
1456 static int sd_dkio_set_efi(dev_t dev, caddr_t arg, int flag);
1457 static int sd_build_label_vtoc(struct sd_lun *un, struct vtoc *user_vtoc);
1458 static int sd_write_label(dev_t dev);
1459 static int sd_set_vtoc(struct sd_lun *un, struct dk_label *dkl);
1460 static void sd_clear_vtoc(struct sd_lun *un);
1461 static void sd_clear_efi(struct sd_lun *un);
1462 static int sd_dkio_get_temp(dev_t dev, caddr_t arg, int flag);
1463 static int sd_dkio_get_mboot(dev_t dev, caddr_t arg, int flag);
1464 static int sd_dkio_set_mboot(dev_t dev, caddr_t arg, int flag);
1465 static void sd_setup_default_geometry(struct sd_lun *un);
1466 #if defined(__i386) || defined(__amd64)
1467 static int sd_update_fdisk_and_vtoc(struct sd_lun *un);
1468 #endif
1469 
1470 /*
1471  * Multi-host Ioctl Prototypes
1472  */
1473 static int sd_check_mhd(dev_t dev, int interval);
1474 static int sd_mhd_watch_cb(caddr_t arg, struct scsi_watch_result *resultp);
1475 static void sd_mhd_watch_incomplete(struct sd_lun *un, struct scsi_pkt *pkt);
1476 static char *sd_sname(uchar_t status);
1477 static void sd_mhd_resvd_recover(void *arg);
1478 static void sd_resv_reclaim_thread();
1479 static int sd_take_ownership(dev_t dev, struct mhioctkown *p);
1480 static int sd_reserve_release(dev_t dev, int cmd);
1481 static void sd_rmv_resv_reclaim_req(dev_t dev);
1482 static void sd_mhd_reset_notify_cb(caddr_t arg);
1483 static int sd_persistent_reservation_in_read_keys(struct sd_lun *un,
1484 	mhioc_inkeys_t *usrp, int flag);
1485 static int sd_persistent_reservation_in_read_resv(struct sd_lun *un,
1486 	mhioc_inresvs_t *usrp, int flag);
1487 static int sd_mhdioc_takeown(dev_t dev, caddr_t arg, int flag);
1488 static int sd_mhdioc_failfast(dev_t dev, caddr_t arg, int flag);
1489 static int sd_mhdioc_release(dev_t dev);
1490 static int sd_mhdioc_register_devid(dev_t dev);
1491 static int sd_mhdioc_inkeys(dev_t dev, caddr_t arg, int flag);
1492 static int sd_mhdioc_inresv(dev_t dev, caddr_t arg, int flag);
1493 
1494 /*
1495  * SCSI removable prototypes
1496  */
1497 static int sr_change_blkmode(dev_t dev, int cmd, intptr_t data, int flag);
1498 static int sr_change_speed(dev_t dev, int cmd, intptr_t data, int flag);
1499 static int sr_atapi_change_speed(dev_t dev, int cmd, intptr_t data, int flag);
1500 static int sr_pause_resume(dev_t dev, int mode);
1501 static int sr_play_msf(dev_t dev, caddr_t data, int flag);
1502 static int sr_play_trkind(dev_t dev, caddr_t data, int flag);
1503 static int sr_read_all_subcodes(dev_t dev, caddr_t data, int flag);
1504 static int sr_read_subchannel(dev_t dev, caddr_t data, int flag);
1505 static int sr_read_tocentry(dev_t dev, caddr_t data, int flag);
1506 static int sr_read_tochdr(dev_t dev, caddr_t data, int flag);
1507 static int sr_read_cdda(dev_t dev, caddr_t data, int flag);
1508 static int sr_read_cdxa(dev_t dev, caddr_t data, int flag);
1509 static int sr_read_mode1(dev_t dev, caddr_t data, int flag);
1510 static int sr_read_mode2(dev_t dev, caddr_t data, int flag);
1511 static int sr_read_cd_mode2(dev_t dev, caddr_t data, int flag);
1512 static int sr_sector_mode(dev_t dev, uint32_t blksize);
1513 static int sr_eject(dev_t dev);
1514 static void sr_ejected(register struct sd_lun *un);
1515 static int sr_check_wp(dev_t dev);
1516 static int sd_check_media(dev_t dev, enum dkio_state state);
1517 static int sd_media_watch_cb(caddr_t arg, struct scsi_watch_result *resultp);
1518 static void sd_delayed_cv_broadcast(void *arg);
1519 static int sr_volume_ctrl(dev_t dev, caddr_t data, int flag);
1520 static int sr_read_sony_session_offset(dev_t dev, caddr_t data, int flag);
1521 
1522 static int sd_log_page_supported(struct sd_lun *un, int log_page);
1523 
1524 /*
1525  * Function Prototype for the non-512 support (DVDRAM, MO etc.) functions.
1526  */
1527 static void sd_check_for_writable_cd(struct sd_lun *un);
1528 static int sd_wm_cache_constructor(void *wm, void *un, int flags);
1529 static void sd_wm_cache_destructor(void *wm, void *un);
1530 static struct sd_w_map *sd_range_lock(struct sd_lun *un, daddr_t startb,
1531 	daddr_t endb, ushort_t typ);
1532 static struct sd_w_map *sd_get_range(struct sd_lun *un, daddr_t startb,
1533 	daddr_t endb);
1534 static void sd_free_inlist_wmap(struct sd_lun *un, struct sd_w_map *wmp);
1535 static void sd_range_unlock(struct sd_lun *un, struct sd_w_map *wm);
1536 static void sd_read_modify_write_task(void * arg);
1537 static int
1538 sddump_do_read_of_rmw(struct sd_lun *un, uint64_t blkno, uint64_t nblk,
1539 	struct buf **bpp);
1540 
1541 
1542 /*
1543  * Function prototypes for failfast support.
1544  */
1545 static void sd_failfast_flushq(struct sd_lun *un);
1546 static int sd_failfast_flushq_callback(struct buf *bp);
1547 
1548 /*
1549  * Function prototypes to check for lsi devices
1550  */
1551 static void sd_is_lsi(struct sd_lun *un);
1552 
1553 /*
1554  * Function prototypes for x86 support
1555  */
1556 #if defined(__i386) || defined(__amd64)
1557 static int sd_setup_next_xfer(struct sd_lun *un, struct buf *bp,
1558 		struct scsi_pkt *pkt, struct sd_xbuf *xp);
1559 #endif
1560 
1561 /*
1562  * Constants for failfast support:
1563  *
1564  * SD_FAILFAST_INACTIVE: Instance is currently in a normal state, with NO
1565  * failfast processing being performed.
1566  *
1567  * SD_FAILFAST_ACTIVE: Instance is in the failfast state and is performing
1568  * failfast processing on all bufs with B_FAILFAST set.
1569  */
1570 
1571 #define	SD_FAILFAST_INACTIVE		0
1572 #define	SD_FAILFAST_ACTIVE		1
1573 
1574 /*
1575  * Bitmask to control behavior of buf(9S) flushes when a transition to
1576  * the failfast state occurs. Optional bits include:
1577  *
1578  * SD_FAILFAST_FLUSH_ALL_BUFS: When set, flush ALL bufs including those that
1579  * do NOT have B_FAILFAST set. When clear, only bufs with B_FAILFAST will
1580  * be flushed.
1581  *
1582  * SD_FAILFAST_FLUSH_ALL_QUEUES: When set, flush any/all other queues in the
1583  * driver, in addition to the regular wait queue. This includes the xbuf
1584  * queues. When clear, only the driver's wait queue will be flushed.
1585  */
1586 #define	SD_FAILFAST_FLUSH_ALL_BUFS	0x01
1587 #define	SD_FAILFAST_FLUSH_ALL_QUEUES	0x02
1588 
1589 /*
1590  * The default behavior is to only flush bufs that have B_FAILFAST set, but
1591  * to flush all queues within the driver.
1592  */
1593 static int sd_failfast_flushctl = SD_FAILFAST_FLUSH_ALL_QUEUES;
1594 
1595 
1596 /*
1597  * SD Testing Fault Injection
1598  */
1599 #ifdef SD_FAULT_INJECTION
1600 static void sd_faultinjection_ioctl(int cmd, intptr_t arg, struct sd_lun *un);
1601 static void sd_faultinjection(struct scsi_pkt *pktp);
1602 static void sd_injection_log(char *buf, struct sd_lun *un);
1603 #endif
1604 
1605 /*
1606  * Device driver ops vector
1607  */
1608 static struct cb_ops sd_cb_ops = {
1609 	sdopen,			/* open */
1610 	sdclose,		/* close */
1611 	sdstrategy,		/* strategy */
1612 	nodev,			/* print */
1613 	sddump,			/* dump */
1614 	sdread,			/* read */
1615 	sdwrite,		/* write */
1616 	sdioctl,		/* ioctl */
1617 	nodev,			/* devmap */
1618 	nodev,			/* mmap */
1619 	nodev,			/* segmap */
1620 	nochpoll,		/* poll */
1621 	sd_prop_op,		/* cb_prop_op */
1622 	0,			/* streamtab  */
1623 	D_64BIT | D_MP | D_NEW | D_HOTPLUG, /* Driver compatibility flags */
1624 	CB_REV,			/* cb_rev */
1625 	sdaread, 		/* async I/O read entry point */
1626 	sdawrite		/* async I/O write entry point */
1627 };
1628 
1629 static struct dev_ops sd_ops = {
1630 	DEVO_REV,		/* devo_rev, */
1631 	0,			/* refcnt  */
1632 	sdinfo,			/* info */
1633 	nulldev,		/* identify */
1634 	sdprobe,		/* probe */
1635 	sdattach,		/* attach */
1636 	sddetach,		/* detach */
1637 	nodev,			/* reset */
1638 	&sd_cb_ops,		/* driver operations */
1639 	NULL,			/* bus operations */
1640 	sdpower			/* power */
1641 };
1642 
1643 
1644 /*
1645  * This is the loadable module wrapper.
1646  */
1647 #include <sys/modctl.h>
1648 
1649 static struct modldrv modldrv = {
1650 	&mod_driverops,		/* Type of module. This one is a driver */
1651 	SD_MODULE_NAME,		/* Module name. */
1652 	&sd_ops			/* driver ops */
1653 };
1654 
1655 
1656 static struct modlinkage modlinkage = {
1657 	MODREV_1,
1658 	&modldrv,
1659 	NULL
1660 };
1661 
1662 
1663 static struct scsi_asq_key_strings sd_additional_codes[] = {
1664 	0x81, 0, "Logical Unit is Reserved",
1665 	0x85, 0, "Audio Address Not Valid",
1666 	0xb6, 0, "Media Load Mechanism Failed",
1667 	0xB9, 0, "Audio Play Operation Aborted",
1668 	0xbf, 0, "Buffer Overflow for Read All Subcodes Command",
1669 	0x53, 2, "Medium removal prevented",
1670 	0x6f, 0, "Authentication failed during key exchange",
1671 	0x6f, 1, "Key not present",
1672 	0x6f, 2, "Key not established",
1673 	0x6f, 3, "Read without proper authentication",
1674 	0x6f, 4, "Mismatched region to this logical unit",
1675 	0x6f, 5, "Region reset count error",
1676 	0xffff, 0x0, NULL
1677 };
1678 
1679 
1680 /*
1681  * Struct for passing printing information for sense data messages
1682  */
1683 struct sd_sense_info {
1684 	int	ssi_severity;
1685 	int	ssi_pfa_flag;
1686 };
1687 
1688 /*
1689  * Table of function pointers for iostart-side routines. Seperate "chains"
1690  * of layered function calls are formed by placing the function pointers
1691  * sequentially in the desired order. Functions are called according to an
1692  * incrementing table index ordering. The last function in each chain must
1693  * be sd_core_iostart(). The corresponding iodone-side routines are expected
1694  * in the sd_iodone_chain[] array.
1695  *
1696  * Note: It may seem more natural to organize both the iostart and iodone
1697  * functions together, into an array of structures (or some similar
1698  * organization) with a common index, rather than two seperate arrays which
1699  * must be maintained in synchronization. The purpose of this division is
1700  * to achiece improved performance: individual arrays allows for more
1701  * effective cache line utilization on certain platforms.
1702  */
1703 
1704 typedef void (*sd_chain_t)(int index, struct sd_lun *un, struct buf *bp);
1705 
1706 
1707 static sd_chain_t sd_iostart_chain[] = {
1708 
1709 	/* Chain for buf IO for disk drive targets (PM enabled) */
1710 	sd_mapblockaddr_iostart,	/* Index: 0 */
1711 	sd_pm_iostart,			/* Index: 1 */
1712 	sd_core_iostart,		/* Index: 2 */
1713 
1714 	/* Chain for buf IO for disk drive targets (PM disabled) */
1715 	sd_mapblockaddr_iostart,	/* Index: 3 */
1716 	sd_core_iostart,		/* Index: 4 */
1717 
1718 	/* Chain for buf IO for removable-media targets (PM enabled) */
1719 	sd_mapblockaddr_iostart,	/* Index: 5 */
1720 	sd_mapblocksize_iostart,	/* Index: 6 */
1721 	sd_pm_iostart,			/* Index: 7 */
1722 	sd_core_iostart,		/* Index: 8 */
1723 
1724 	/* Chain for buf IO for removable-media targets (PM disabled) */
1725 	sd_mapblockaddr_iostart,	/* Index: 9 */
1726 	sd_mapblocksize_iostart,	/* Index: 10 */
1727 	sd_core_iostart,		/* Index: 11 */
1728 
1729 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1730 	sd_mapblockaddr_iostart,	/* Index: 12 */
1731 	sd_checksum_iostart,		/* Index: 13 */
1732 	sd_pm_iostart,			/* Index: 14 */
1733 	sd_core_iostart,		/* Index: 15 */
1734 
1735 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1736 	sd_mapblockaddr_iostart,	/* Index: 16 */
1737 	sd_checksum_iostart,		/* Index: 17 */
1738 	sd_core_iostart,		/* Index: 18 */
1739 
1740 	/* Chain for USCSI commands (all targets) */
1741 	sd_pm_iostart,			/* Index: 19 */
1742 	sd_core_iostart,		/* Index: 20 */
1743 
1744 	/* Chain for checksumming USCSI commands (all targets) */
1745 	sd_checksum_uscsi_iostart,	/* Index: 21 */
1746 	sd_pm_iostart,			/* Index: 22 */
1747 	sd_core_iostart,		/* Index: 23 */
1748 
1749 	/* Chain for "direct" USCSI commands (all targets) */
1750 	sd_core_iostart,		/* Index: 24 */
1751 
1752 	/* Chain for "direct priority" USCSI commands (all targets) */
1753 	sd_core_iostart,		/* Index: 25 */
1754 };
1755 
1756 /*
1757  * Macros to locate the first function of each iostart chain in the
1758  * sd_iostart_chain[] array. These are located by the index in the array.
1759  */
1760 #define	SD_CHAIN_DISK_IOSTART			0
1761 #define	SD_CHAIN_DISK_IOSTART_NO_PM		3
1762 #define	SD_CHAIN_RMMEDIA_IOSTART		5
1763 #define	SD_CHAIN_RMMEDIA_IOSTART_NO_PM		9
1764 #define	SD_CHAIN_CHKSUM_IOSTART			12
1765 #define	SD_CHAIN_CHKSUM_IOSTART_NO_PM		16
1766 #define	SD_CHAIN_USCSI_CMD_IOSTART		19
1767 #define	SD_CHAIN_USCSI_CHKSUM_IOSTART		21
1768 #define	SD_CHAIN_DIRECT_CMD_IOSTART		24
1769 #define	SD_CHAIN_PRIORITY_CMD_IOSTART		25
1770 
1771 
1772 /*
1773  * Table of function pointers for the iodone-side routines for the driver-
1774  * internal layering mechanism.  The calling sequence for iodone routines
1775  * uses a decrementing table index, so the last routine called in a chain
1776  * must be at the lowest array index location for that chain.  The last
1777  * routine for each chain must be either sd_buf_iodone() (for buf(9S) IOs)
1778  * or sd_uscsi_iodone() (for uscsi IOs).  Other than this, the ordering
1779  * of the functions in an iodone side chain must correspond to the ordering
1780  * of the iostart routines for that chain.  Note that there is no iodone
1781  * side routine that corresponds to sd_core_iostart(), so there is no
1782  * entry in the table for this.
1783  */
1784 
1785 static sd_chain_t sd_iodone_chain[] = {
1786 
1787 	/* Chain for buf IO for disk drive targets (PM enabled) */
1788 	sd_buf_iodone,			/* Index: 0 */
1789 	sd_mapblockaddr_iodone,		/* Index: 1 */
1790 	sd_pm_iodone,			/* Index: 2 */
1791 
1792 	/* Chain for buf IO for disk drive targets (PM disabled) */
1793 	sd_buf_iodone,			/* Index: 3 */
1794 	sd_mapblockaddr_iodone,		/* Index: 4 */
1795 
1796 	/* Chain for buf IO for removable-media targets (PM enabled) */
1797 	sd_buf_iodone,			/* Index: 5 */
1798 	sd_mapblockaddr_iodone,		/* Index: 6 */
1799 	sd_mapblocksize_iodone,		/* Index: 7 */
1800 	sd_pm_iodone,			/* Index: 8 */
1801 
1802 	/* Chain for buf IO for removable-media targets (PM disabled) */
1803 	sd_buf_iodone,			/* Index: 9 */
1804 	sd_mapblockaddr_iodone,		/* Index: 10 */
1805 	sd_mapblocksize_iodone,		/* Index: 11 */
1806 
1807 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1808 	sd_buf_iodone,			/* Index: 12 */
1809 	sd_mapblockaddr_iodone,		/* Index: 13 */
1810 	sd_checksum_iodone,		/* Index: 14 */
1811 	sd_pm_iodone,			/* Index: 15 */
1812 
1813 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1814 	sd_buf_iodone,			/* Index: 16 */
1815 	sd_mapblockaddr_iodone,		/* Index: 17 */
1816 	sd_checksum_iodone,		/* Index: 18 */
1817 
1818 	/* Chain for USCSI commands (non-checksum targets) */
1819 	sd_uscsi_iodone,		/* Index: 19 */
1820 	sd_pm_iodone,			/* Index: 20 */
1821 
1822 	/* Chain for USCSI commands (checksum targets) */
1823 	sd_uscsi_iodone,		/* Index: 21 */
1824 	sd_checksum_uscsi_iodone,	/* Index: 22 */
1825 	sd_pm_iodone,			/* Index: 22 */
1826 
1827 	/* Chain for "direct" USCSI commands (all targets) */
1828 	sd_uscsi_iodone,		/* Index: 24 */
1829 
1830 	/* Chain for "direct priority" USCSI commands (all targets) */
1831 	sd_uscsi_iodone,		/* Index: 25 */
1832 };
1833 
1834 
1835 /*
1836  * Macros to locate the "first" function in the sd_iodone_chain[] array for
1837  * each iodone-side chain. These are located by the array index, but as the
1838  * iodone side functions are called in a decrementing-index order, the
1839  * highest index number in each chain must be specified (as these correspond
1840  * to the first function in the iodone chain that will be called by the core
1841  * at IO completion time).
1842  */
1843 
1844 #define	SD_CHAIN_DISK_IODONE			2
1845 #define	SD_CHAIN_DISK_IODONE_NO_PM		4
1846 #define	SD_CHAIN_RMMEDIA_IODONE			8
1847 #define	SD_CHAIN_RMMEDIA_IODONE_NO_PM		11
1848 #define	SD_CHAIN_CHKSUM_IODONE			15
1849 #define	SD_CHAIN_CHKSUM_IODONE_NO_PM		18
1850 #define	SD_CHAIN_USCSI_CMD_IODONE		20
1851 #define	SD_CHAIN_USCSI_CHKSUM_IODONE		22
1852 #define	SD_CHAIN_DIRECT_CMD_IODONE		24
1853 #define	SD_CHAIN_PRIORITY_CMD_IODONE		25
1854 
1855 
1856 
1857 
1858 /*
1859  * Array to map a layering chain index to the appropriate initpkt routine.
1860  * The redundant entries are present so that the index used for accessing
1861  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1862  * with this table as well.
1863  */
1864 typedef int (*sd_initpkt_t)(struct buf *, struct scsi_pkt **);
1865 
1866 static sd_initpkt_t	sd_initpkt_map[] = {
1867 
1868 	/* Chain for buf IO for disk drive targets (PM enabled) */
1869 	sd_initpkt_for_buf,		/* Index: 0 */
1870 	sd_initpkt_for_buf,		/* Index: 1 */
1871 	sd_initpkt_for_buf,		/* Index: 2 */
1872 
1873 	/* Chain for buf IO for disk drive targets (PM disabled) */
1874 	sd_initpkt_for_buf,		/* Index: 3 */
1875 	sd_initpkt_for_buf,		/* Index: 4 */
1876 
1877 	/* Chain for buf IO for removable-media targets (PM enabled) */
1878 	sd_initpkt_for_buf,		/* Index: 5 */
1879 	sd_initpkt_for_buf,		/* Index: 6 */
1880 	sd_initpkt_for_buf,		/* Index: 7 */
1881 	sd_initpkt_for_buf,		/* Index: 8 */
1882 
1883 	/* Chain for buf IO for removable-media targets (PM disabled) */
1884 	sd_initpkt_for_buf,		/* Index: 9 */
1885 	sd_initpkt_for_buf,		/* Index: 10 */
1886 	sd_initpkt_for_buf,		/* Index: 11 */
1887 
1888 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1889 	sd_initpkt_for_buf,		/* Index: 12 */
1890 	sd_initpkt_for_buf,		/* Index: 13 */
1891 	sd_initpkt_for_buf,		/* Index: 14 */
1892 	sd_initpkt_for_buf,		/* Index: 15 */
1893 
1894 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1895 	sd_initpkt_for_buf,		/* Index: 16 */
1896 	sd_initpkt_for_buf,		/* Index: 17 */
1897 	sd_initpkt_for_buf,		/* Index: 18 */
1898 
1899 	/* Chain for USCSI commands (non-checksum targets) */
1900 	sd_initpkt_for_uscsi,		/* Index: 19 */
1901 	sd_initpkt_for_uscsi,		/* Index: 20 */
1902 
1903 	/* Chain for USCSI commands (checksum targets) */
1904 	sd_initpkt_for_uscsi,		/* Index: 21 */
1905 	sd_initpkt_for_uscsi,		/* Index: 22 */
1906 	sd_initpkt_for_uscsi,		/* Index: 22 */
1907 
1908 	/* Chain for "direct" USCSI commands (all targets) */
1909 	sd_initpkt_for_uscsi,		/* Index: 24 */
1910 
1911 	/* Chain for "direct priority" USCSI commands (all targets) */
1912 	sd_initpkt_for_uscsi,		/* Index: 25 */
1913 
1914 };
1915 
1916 
1917 /*
1918  * Array to map a layering chain index to the appropriate destroypktpkt routine.
1919  * The redundant entries are present so that the index used for accessing
1920  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1921  * with this table as well.
1922  */
1923 typedef void (*sd_destroypkt_t)(struct buf *);
1924 
1925 static sd_destroypkt_t	sd_destroypkt_map[] = {
1926 
1927 	/* Chain for buf IO for disk drive targets (PM enabled) */
1928 	sd_destroypkt_for_buf,		/* Index: 0 */
1929 	sd_destroypkt_for_buf,		/* Index: 1 */
1930 	sd_destroypkt_for_buf,		/* Index: 2 */
1931 
1932 	/* Chain for buf IO for disk drive targets (PM disabled) */
1933 	sd_destroypkt_for_buf,		/* Index: 3 */
1934 	sd_destroypkt_for_buf,		/* Index: 4 */
1935 
1936 	/* Chain for buf IO for removable-media targets (PM enabled) */
1937 	sd_destroypkt_for_buf,		/* Index: 5 */
1938 	sd_destroypkt_for_buf,		/* Index: 6 */
1939 	sd_destroypkt_for_buf,		/* Index: 7 */
1940 	sd_destroypkt_for_buf,		/* Index: 8 */
1941 
1942 	/* Chain for buf IO for removable-media targets (PM disabled) */
1943 	sd_destroypkt_for_buf,		/* Index: 9 */
1944 	sd_destroypkt_for_buf,		/* Index: 10 */
1945 	sd_destroypkt_for_buf,		/* Index: 11 */
1946 
1947 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1948 	sd_destroypkt_for_buf,		/* Index: 12 */
1949 	sd_destroypkt_for_buf,		/* Index: 13 */
1950 	sd_destroypkt_for_buf,		/* Index: 14 */
1951 	sd_destroypkt_for_buf,		/* Index: 15 */
1952 
1953 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1954 	sd_destroypkt_for_buf,		/* Index: 16 */
1955 	sd_destroypkt_for_buf,		/* Index: 17 */
1956 	sd_destroypkt_for_buf,		/* Index: 18 */
1957 
1958 	/* Chain for USCSI commands (non-checksum targets) */
1959 	sd_destroypkt_for_uscsi,	/* Index: 19 */
1960 	sd_destroypkt_for_uscsi,	/* Index: 20 */
1961 
1962 	/* Chain for USCSI commands (checksum targets) */
1963 	sd_destroypkt_for_uscsi,	/* Index: 21 */
1964 	sd_destroypkt_for_uscsi,	/* Index: 22 */
1965 	sd_destroypkt_for_uscsi,	/* Index: 22 */
1966 
1967 	/* Chain for "direct" USCSI commands (all targets) */
1968 	sd_destroypkt_for_uscsi,	/* Index: 24 */
1969 
1970 	/* Chain for "direct priority" USCSI commands (all targets) */
1971 	sd_destroypkt_for_uscsi,	/* Index: 25 */
1972 
1973 };
1974 
1975 
1976 
1977 /*
1978  * Array to map a layering chain index to the appropriate chain "type".
1979  * The chain type indicates a specific property/usage of the chain.
1980  * The redundant entries are present so that the index used for accessing
1981  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1982  * with this table as well.
1983  */
1984 
1985 #define	SD_CHAIN_NULL			0	/* for the special RQS cmd */
1986 #define	SD_CHAIN_BUFIO			1	/* regular buf IO */
1987 #define	SD_CHAIN_USCSI			2	/* regular USCSI commands */
1988 #define	SD_CHAIN_DIRECT			3	/* uscsi, w/ bypass power mgt */
1989 #define	SD_CHAIN_DIRECT_PRIORITY	4	/* uscsi, w/ bypass power mgt */
1990 						/* (for error recovery) */
1991 
1992 static int sd_chain_type_map[] = {
1993 
1994 	/* Chain for buf IO for disk drive targets (PM enabled) */
1995 	SD_CHAIN_BUFIO,			/* Index: 0 */
1996 	SD_CHAIN_BUFIO,			/* Index: 1 */
1997 	SD_CHAIN_BUFIO,			/* Index: 2 */
1998 
1999 	/* Chain for buf IO for disk drive targets (PM disabled) */
2000 	SD_CHAIN_BUFIO,			/* Index: 3 */
2001 	SD_CHAIN_BUFIO,			/* Index: 4 */
2002 
2003 	/* Chain for buf IO for removable-media targets (PM enabled) */
2004 	SD_CHAIN_BUFIO,			/* Index: 5 */
2005 	SD_CHAIN_BUFIO,			/* Index: 6 */
2006 	SD_CHAIN_BUFIO,			/* Index: 7 */
2007 	SD_CHAIN_BUFIO,			/* Index: 8 */
2008 
2009 	/* Chain for buf IO for removable-media targets (PM disabled) */
2010 	SD_CHAIN_BUFIO,			/* Index: 9 */
2011 	SD_CHAIN_BUFIO,			/* Index: 10 */
2012 	SD_CHAIN_BUFIO,			/* Index: 11 */
2013 
2014 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
2015 	SD_CHAIN_BUFIO,			/* Index: 12 */
2016 	SD_CHAIN_BUFIO,			/* Index: 13 */
2017 	SD_CHAIN_BUFIO,			/* Index: 14 */
2018 	SD_CHAIN_BUFIO,			/* Index: 15 */
2019 
2020 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
2021 	SD_CHAIN_BUFIO,			/* Index: 16 */
2022 	SD_CHAIN_BUFIO,			/* Index: 17 */
2023 	SD_CHAIN_BUFIO,			/* Index: 18 */
2024 
2025 	/* Chain for USCSI commands (non-checksum targets) */
2026 	SD_CHAIN_USCSI,			/* Index: 19 */
2027 	SD_CHAIN_USCSI,			/* Index: 20 */
2028 
2029 	/* Chain for USCSI commands (checksum targets) */
2030 	SD_CHAIN_USCSI,			/* Index: 21 */
2031 	SD_CHAIN_USCSI,			/* Index: 22 */
2032 	SD_CHAIN_USCSI,			/* Index: 22 */
2033 
2034 	/* Chain for "direct" USCSI commands (all targets) */
2035 	SD_CHAIN_DIRECT,		/* Index: 24 */
2036 
2037 	/* Chain for "direct priority" USCSI commands (all targets) */
2038 	SD_CHAIN_DIRECT_PRIORITY,	/* Index: 25 */
2039 };
2040 
2041 
2042 /* Macro to return TRUE if the IO has come from the sd_buf_iostart() chain. */
2043 #define	SD_IS_BUFIO(xp)			\
2044 	(sd_chain_type_map[(xp)->xb_chain_iostart] == SD_CHAIN_BUFIO)
2045 
2046 /* Macro to return TRUE if the IO has come from the "direct priority" chain. */
2047 #define	SD_IS_DIRECT_PRIORITY(xp)	\
2048 	(sd_chain_type_map[(xp)->xb_chain_iostart] == SD_CHAIN_DIRECT_PRIORITY)
2049 
2050 
2051 
2052 /*
2053  * Struct, array, and macros to map a specific chain to the appropriate
2054  * layering indexes in the sd_iostart_chain[] and sd_iodone_chain[] arrays.
2055  *
2056  * The sd_chain_index_map[] array is used at attach time to set the various
2057  * un_xxx_chain type members of the sd_lun softstate to the specific layering
2058  * chain to be used with the instance. This allows different instances to use
2059  * different chain for buf IO, uscsi IO, etc.. Also, since the xb_chain_iostart
2060  * and xb_chain_iodone index values in the sd_xbuf are initialized to these
2061  * values at sd_xbuf init time, this allows (1) layering chains may be changed
2062  * dynamically & without the use of locking; and (2) a layer may update the
2063  * xb_chain_io[start|done] member in a given xbuf with its current index value,
2064  * to allow for deferred processing of an IO within the same chain from a
2065  * different execution context.
2066  */
2067 
2068 struct sd_chain_index {
2069 	int	sci_iostart_index;
2070 	int	sci_iodone_index;
2071 };
2072 
2073 static struct sd_chain_index	sd_chain_index_map[] = {
2074 	{ SD_CHAIN_DISK_IOSTART,		SD_CHAIN_DISK_IODONE },
2075 	{ SD_CHAIN_DISK_IOSTART_NO_PM,		SD_CHAIN_DISK_IODONE_NO_PM },
2076 	{ SD_CHAIN_RMMEDIA_IOSTART,		SD_CHAIN_RMMEDIA_IODONE },
2077 	{ SD_CHAIN_RMMEDIA_IOSTART_NO_PM,	SD_CHAIN_RMMEDIA_IODONE_NO_PM },
2078 	{ SD_CHAIN_CHKSUM_IOSTART,		SD_CHAIN_CHKSUM_IODONE },
2079 	{ SD_CHAIN_CHKSUM_IOSTART_NO_PM,	SD_CHAIN_CHKSUM_IODONE_NO_PM },
2080 	{ SD_CHAIN_USCSI_CMD_IOSTART,		SD_CHAIN_USCSI_CMD_IODONE },
2081 	{ SD_CHAIN_USCSI_CHKSUM_IOSTART,	SD_CHAIN_USCSI_CHKSUM_IODONE },
2082 	{ SD_CHAIN_DIRECT_CMD_IOSTART,		SD_CHAIN_DIRECT_CMD_IODONE },
2083 	{ SD_CHAIN_PRIORITY_CMD_IOSTART,	SD_CHAIN_PRIORITY_CMD_IODONE },
2084 };
2085 
2086 
2087 /*
2088  * The following are indexes into the sd_chain_index_map[] array.
2089  */
2090 
2091 /* un->un_buf_chain_type must be set to one of these */
2092 #define	SD_CHAIN_INFO_DISK		0
2093 #define	SD_CHAIN_INFO_DISK_NO_PM	1
2094 #define	SD_CHAIN_INFO_RMMEDIA		2
2095 #define	SD_CHAIN_INFO_RMMEDIA_NO_PM	3
2096 #define	SD_CHAIN_INFO_CHKSUM		4
2097 #define	SD_CHAIN_INFO_CHKSUM_NO_PM	5
2098 
2099 /* un->un_uscsi_chain_type must be set to one of these */
2100 #define	SD_CHAIN_INFO_USCSI_CMD		6
2101 /* USCSI with PM disabled is the same as DIRECT */
2102 #define	SD_CHAIN_INFO_USCSI_CMD_NO_PM	8
2103 #define	SD_CHAIN_INFO_USCSI_CHKSUM	7
2104 
2105 /* un->un_direct_chain_type must be set to one of these */
2106 #define	SD_CHAIN_INFO_DIRECT_CMD	8
2107 
2108 /* un->un_priority_chain_type must be set to one of these */
2109 #define	SD_CHAIN_INFO_PRIORITY_CMD	9
2110 
2111 /* size for devid inquiries */
2112 #define	MAX_INQUIRY_SIZE		0xF0
2113 
2114 /*
2115  * Macros used by functions to pass a given buf(9S) struct along to the
2116  * next function in the layering chain for further processing.
2117  *
2118  * In the following macros, passing more than three arguments to the called
2119  * routines causes the optimizer for the SPARC compiler to stop doing tail
2120  * call elimination which results in significant performance degradation.
2121  */
2122 #define	SD_BEGIN_IOSTART(index, un, bp)	\
2123 	((*(sd_iostart_chain[index]))(index, un, bp))
2124 
2125 #define	SD_BEGIN_IODONE(index, un, bp)	\
2126 	((*(sd_iodone_chain[index]))(index, un, bp))
2127 
2128 #define	SD_NEXT_IOSTART(index, un, bp)				\
2129 	((*(sd_iostart_chain[(index) + 1]))((index) + 1, un, bp))
2130 
2131 #define	SD_NEXT_IODONE(index, un, bp)				\
2132 	((*(sd_iodone_chain[(index) - 1]))((index) - 1, un, bp))
2133 
2134 
2135 /*
2136  *    Function: _init
2137  *
2138  * Description: This is the driver _init(9E) entry point.
2139  *
2140  * Return Code: Returns the value from mod_install(9F) or
2141  *		ddi_soft_state_init(9F) as appropriate.
2142  *
2143  *     Context: Called when driver module loaded.
2144  */
2145 
2146 int
2147 _init(void)
2148 {
2149 	int	err;
2150 
2151 	/* establish driver name from module name */
2152 	sd_label = mod_modname(&modlinkage);
2153 
2154 	err = ddi_soft_state_init(&sd_state, sizeof (struct sd_lun),
2155 		SD_MAXUNIT);
2156 
2157 	if (err != 0) {
2158 		return (err);
2159 	}
2160 
2161 	mutex_init(&sd_detach_mutex, NULL, MUTEX_DRIVER, NULL);
2162 	mutex_init(&sd_log_mutex,    NULL, MUTEX_DRIVER, NULL);
2163 	mutex_init(&sd_label_mutex,  NULL, MUTEX_DRIVER, NULL);
2164 
2165 	mutex_init(&sd_tr.srq_resv_reclaim_mutex, NULL, MUTEX_DRIVER, NULL);
2166 	cv_init(&sd_tr.srq_resv_reclaim_cv, NULL, CV_DRIVER, NULL);
2167 	cv_init(&sd_tr.srq_inprocess_cv, NULL, CV_DRIVER, NULL);
2168 
2169 	/*
2170 	 * it's ok to init here even for fibre device
2171 	 */
2172 	sd_scsi_probe_cache_init();
2173 
2174 	/*
2175 	 * Creating taskq before mod_install ensures that all callers (threads)
2176 	 * that enter the module after a successfull mod_install encounter
2177 	 * a valid taskq.
2178 	 */
2179 	sd_taskq_create();
2180 
2181 	err = mod_install(&modlinkage);
2182 	if (err != 0) {
2183 		/* delete taskq if install fails */
2184 		sd_taskq_delete();
2185 
2186 		mutex_destroy(&sd_detach_mutex);
2187 		mutex_destroy(&sd_log_mutex);
2188 		mutex_destroy(&sd_label_mutex);
2189 
2190 		mutex_destroy(&sd_tr.srq_resv_reclaim_mutex);
2191 		cv_destroy(&sd_tr.srq_resv_reclaim_cv);
2192 		cv_destroy(&sd_tr.srq_inprocess_cv);
2193 
2194 		sd_scsi_probe_cache_fini();
2195 
2196 		ddi_soft_state_fini(&sd_state);
2197 		return (err);
2198 	}
2199 
2200 	return (err);
2201 }
2202 
2203 
2204 /*
2205  *    Function: _fini
2206  *
2207  * Description: This is the driver _fini(9E) entry point.
2208  *
2209  * Return Code: Returns the value from mod_remove(9F)
2210  *
2211  *     Context: Called when driver module is unloaded.
2212  */
2213 
2214 int
2215 _fini(void)
2216 {
2217 	int err;
2218 
2219 	if ((err = mod_remove(&modlinkage)) != 0) {
2220 		return (err);
2221 	}
2222 
2223 	sd_taskq_delete();
2224 
2225 	mutex_destroy(&sd_detach_mutex);
2226 	mutex_destroy(&sd_log_mutex);
2227 	mutex_destroy(&sd_label_mutex);
2228 	mutex_destroy(&sd_tr.srq_resv_reclaim_mutex);
2229 
2230 	sd_scsi_probe_cache_fini();
2231 
2232 	cv_destroy(&sd_tr.srq_resv_reclaim_cv);
2233 	cv_destroy(&sd_tr.srq_inprocess_cv);
2234 
2235 	ddi_soft_state_fini(&sd_state);
2236 
2237 	return (err);
2238 }
2239 
2240 
2241 /*
2242  *    Function: _info
2243  *
2244  * Description: This is the driver _info(9E) entry point.
2245  *
2246  *   Arguments: modinfop - pointer to the driver modinfo structure
2247  *
2248  * Return Code: Returns the value from mod_info(9F).
2249  *
2250  *     Context: Kernel thread context
2251  */
2252 
2253 int
2254 _info(struct modinfo *modinfop)
2255 {
2256 	return (mod_info(&modlinkage, modinfop));
2257 }
2258 
2259 
2260 /*
2261  * The following routines implement the driver message logging facility.
2262  * They provide component- and level- based debug output filtering.
2263  * Output may also be restricted to messages for a single instance by
2264  * specifying a soft state pointer in sd_debug_un. If sd_debug_un is set
2265  * to NULL, then messages for all instances are printed.
2266  *
2267  * These routines have been cloned from each other due to the language
2268  * constraints of macros and variable argument list processing.
2269  */
2270 
2271 
2272 /*
2273  *    Function: sd_log_err
2274  *
2275  * Description: This routine is called by the SD_ERROR macro for debug
2276  *		logging of error conditions.
2277  *
2278  *   Arguments: comp - driver component being logged
2279  *		dev  - pointer to driver info structure
2280  *		fmt  - error string and format to be logged
2281  */
2282 
2283 static void
2284 sd_log_err(uint_t comp, struct sd_lun *un, const char *fmt, ...)
2285 {
2286 	va_list		ap;
2287 	dev_info_t	*dev;
2288 
2289 	ASSERT(un != NULL);
2290 	dev = SD_DEVINFO(un);
2291 	ASSERT(dev != NULL);
2292 
2293 	/*
2294 	 * Filter messages based on the global component and level masks.
2295 	 * Also print if un matches the value of sd_debug_un, or if
2296 	 * sd_debug_un is set to NULL.
2297 	 */
2298 	if ((sd_component_mask & comp) && (sd_level_mask & SD_LOGMASK_ERROR) &&
2299 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2300 		mutex_enter(&sd_log_mutex);
2301 		va_start(ap, fmt);
2302 		(void) vsprintf(sd_log_buf, fmt, ap);
2303 		va_end(ap);
2304 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2305 		mutex_exit(&sd_log_mutex);
2306 	}
2307 #ifdef SD_FAULT_INJECTION
2308 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2309 	if (un->sd_injection_mask & comp) {
2310 		mutex_enter(&sd_log_mutex);
2311 		va_start(ap, fmt);
2312 		(void) vsprintf(sd_log_buf, fmt, ap);
2313 		va_end(ap);
2314 		sd_injection_log(sd_log_buf, un);
2315 		mutex_exit(&sd_log_mutex);
2316 	}
2317 #endif
2318 }
2319 
2320 
2321 /*
2322  *    Function: sd_log_info
2323  *
2324  * Description: This routine is called by the SD_INFO macro for debug
2325  *		logging of general purpose informational conditions.
2326  *
2327  *   Arguments: comp - driver component being logged
2328  *		dev  - pointer to driver info structure
2329  *		fmt  - info string and format to be logged
2330  */
2331 
2332 static void
2333 sd_log_info(uint_t component, struct sd_lun *un, const char *fmt, ...)
2334 {
2335 	va_list		ap;
2336 	dev_info_t	*dev;
2337 
2338 	ASSERT(un != NULL);
2339 	dev = SD_DEVINFO(un);
2340 	ASSERT(dev != NULL);
2341 
2342 	/*
2343 	 * Filter messages based on the global component and level masks.
2344 	 * Also print if un matches the value of sd_debug_un, or if
2345 	 * sd_debug_un is set to NULL.
2346 	 */
2347 	if ((sd_component_mask & component) &&
2348 	    (sd_level_mask & SD_LOGMASK_INFO) &&
2349 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2350 		mutex_enter(&sd_log_mutex);
2351 		va_start(ap, fmt);
2352 		(void) vsprintf(sd_log_buf, fmt, ap);
2353 		va_end(ap);
2354 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2355 		mutex_exit(&sd_log_mutex);
2356 	}
2357 #ifdef SD_FAULT_INJECTION
2358 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2359 	if (un->sd_injection_mask & component) {
2360 		mutex_enter(&sd_log_mutex);
2361 		va_start(ap, fmt);
2362 		(void) vsprintf(sd_log_buf, fmt, ap);
2363 		va_end(ap);
2364 		sd_injection_log(sd_log_buf, un);
2365 		mutex_exit(&sd_log_mutex);
2366 	}
2367 #endif
2368 }
2369 
2370 
2371 /*
2372  *    Function: sd_log_trace
2373  *
2374  * Description: This routine is called by the SD_TRACE macro for debug
2375  *		logging of trace conditions (i.e. function entry/exit).
2376  *
2377  *   Arguments: comp - driver component being logged
2378  *		dev  - pointer to driver info structure
2379  *		fmt  - trace string and format to be logged
2380  */
2381 
2382 static void
2383 sd_log_trace(uint_t component, struct sd_lun *un, const char *fmt, ...)
2384 {
2385 	va_list		ap;
2386 	dev_info_t	*dev;
2387 
2388 	ASSERT(un != NULL);
2389 	dev = SD_DEVINFO(un);
2390 	ASSERT(dev != NULL);
2391 
2392 	/*
2393 	 * Filter messages based on the global component and level masks.
2394 	 * Also print if un matches the value of sd_debug_un, or if
2395 	 * sd_debug_un is set to NULL.
2396 	 */
2397 	if ((sd_component_mask & component) &&
2398 	    (sd_level_mask & SD_LOGMASK_TRACE) &&
2399 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2400 		mutex_enter(&sd_log_mutex);
2401 		va_start(ap, fmt);
2402 		(void) vsprintf(sd_log_buf, fmt, ap);
2403 		va_end(ap);
2404 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2405 		mutex_exit(&sd_log_mutex);
2406 	}
2407 #ifdef SD_FAULT_INJECTION
2408 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2409 	if (un->sd_injection_mask & component) {
2410 		mutex_enter(&sd_log_mutex);
2411 		va_start(ap, fmt);
2412 		(void) vsprintf(sd_log_buf, fmt, ap);
2413 		va_end(ap);
2414 		sd_injection_log(sd_log_buf, un);
2415 		mutex_exit(&sd_log_mutex);
2416 	}
2417 #endif
2418 }
2419 
2420 
2421 /*
2422  *    Function: sdprobe
2423  *
2424  * Description: This is the driver probe(9e) entry point function.
2425  *
2426  *   Arguments: devi - opaque device info handle
2427  *
2428  * Return Code: DDI_PROBE_SUCCESS: If the probe was successful.
2429  *              DDI_PROBE_FAILURE: If the probe failed.
2430  *              DDI_PROBE_PARTIAL: If the instance is not present now,
2431  *				   but may be present in the future.
2432  */
2433 
2434 static int
2435 sdprobe(dev_info_t *devi)
2436 {
2437 	struct scsi_device	*devp;
2438 	int			rval;
2439 	int			instance;
2440 
2441 	/*
2442 	 * if it wasn't for pln, sdprobe could actually be nulldev
2443 	 * in the "__fibre" case.
2444 	 */
2445 	if (ddi_dev_is_sid(devi) == DDI_SUCCESS) {
2446 		return (DDI_PROBE_DONTCARE);
2447 	}
2448 
2449 	devp = ddi_get_driver_private(devi);
2450 
2451 	if (devp == NULL) {
2452 		/* Ooops... nexus driver is mis-configured... */
2453 		return (DDI_PROBE_FAILURE);
2454 	}
2455 
2456 	instance = ddi_get_instance(devi);
2457 
2458 	if (ddi_get_soft_state(sd_state, instance) != NULL) {
2459 		return (DDI_PROBE_PARTIAL);
2460 	}
2461 
2462 	/*
2463 	 * Call the SCSA utility probe routine to see if we actually
2464 	 * have a target at this SCSI nexus.
2465 	 */
2466 	switch (sd_scsi_probe_with_cache(devp, NULL_FUNC)) {
2467 	case SCSIPROBE_EXISTS:
2468 		switch (devp->sd_inq->inq_dtype) {
2469 		case DTYPE_DIRECT:
2470 			rval = DDI_PROBE_SUCCESS;
2471 			break;
2472 		case DTYPE_RODIRECT:
2473 			/* CDs etc. Can be removable media */
2474 			rval = DDI_PROBE_SUCCESS;
2475 			break;
2476 		case DTYPE_OPTICAL:
2477 			/*
2478 			 * Rewritable optical driver HP115AA
2479 			 * Can also be removable media
2480 			 */
2481 
2482 			/*
2483 			 * Do not attempt to bind to  DTYPE_OPTICAL if
2484 			 * pre solaris 9 sparc sd behavior is required
2485 			 *
2486 			 * If first time through and sd_dtype_optical_bind
2487 			 * has not been set in /etc/system check properties
2488 			 */
2489 
2490 			if (sd_dtype_optical_bind  < 0) {
2491 			    sd_dtype_optical_bind = ddi_prop_get_int
2492 				(DDI_DEV_T_ANY,	devi,	0,
2493 				"optical-device-bind",	1);
2494 			}
2495 
2496 			if (sd_dtype_optical_bind == 0) {
2497 				rval = DDI_PROBE_FAILURE;
2498 			} else {
2499 				rval = DDI_PROBE_SUCCESS;
2500 			}
2501 			break;
2502 
2503 		case DTYPE_NOTPRESENT:
2504 		default:
2505 			rval = DDI_PROBE_FAILURE;
2506 			break;
2507 		}
2508 		break;
2509 	default:
2510 		rval = DDI_PROBE_PARTIAL;
2511 		break;
2512 	}
2513 
2514 	/*
2515 	 * This routine checks for resource allocation prior to freeing,
2516 	 * so it will take care of the "smart probing" case where a
2517 	 * scsi_probe() may or may not have been issued and will *not*
2518 	 * free previously-freed resources.
2519 	 */
2520 	scsi_unprobe(devp);
2521 	return (rval);
2522 }
2523 
2524 
2525 /*
2526  *    Function: sdinfo
2527  *
2528  * Description: This is the driver getinfo(9e) entry point function.
2529  * 		Given the device number, return the devinfo pointer from
2530  *		the scsi_device structure or the instance number
2531  *		associated with the dev_t.
2532  *
2533  *   Arguments: dip     - pointer to device info structure
2534  *		infocmd - command argument (DDI_INFO_DEVT2DEVINFO,
2535  *			  DDI_INFO_DEVT2INSTANCE)
2536  *		arg     - driver dev_t
2537  *		resultp - user buffer for request response
2538  *
2539  * Return Code: DDI_SUCCESS
2540  *              DDI_FAILURE
2541  */
2542 /* ARGSUSED */
2543 static int
2544 sdinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
2545 {
2546 	struct sd_lun	*un;
2547 	dev_t		dev;
2548 	int		instance;
2549 	int		error;
2550 
2551 	switch (infocmd) {
2552 	case DDI_INFO_DEVT2DEVINFO:
2553 		dev = (dev_t)arg;
2554 		instance = SDUNIT(dev);
2555 		if ((un = ddi_get_soft_state(sd_state, instance)) == NULL) {
2556 			return (DDI_FAILURE);
2557 		}
2558 		*result = (void *) SD_DEVINFO(un);
2559 		error = DDI_SUCCESS;
2560 		break;
2561 	case DDI_INFO_DEVT2INSTANCE:
2562 		dev = (dev_t)arg;
2563 		instance = SDUNIT(dev);
2564 		*result = (void *)(uintptr_t)instance;
2565 		error = DDI_SUCCESS;
2566 		break;
2567 	default:
2568 		error = DDI_FAILURE;
2569 	}
2570 	return (error);
2571 }
2572 
2573 /*
2574  *    Function: sd_prop_op
2575  *
2576  * Description: This is the driver prop_op(9e) entry point function.
2577  *		Return the number of blocks for the partition in question
2578  *		or forward the request to the property facilities.
2579  *
2580  *   Arguments: dev       - device number
2581  *		dip       - pointer to device info structure
2582  *		prop_op   - property operator
2583  *		mod_flags - DDI_PROP_DONTPASS, don't pass to parent
2584  *		name      - pointer to property name
2585  *		valuep    - pointer or address of the user buffer
2586  *		lengthp   - property length
2587  *
2588  * Return Code: DDI_PROP_SUCCESS
2589  *              DDI_PROP_NOT_FOUND
2590  *              DDI_PROP_UNDEFINED
2591  *              DDI_PROP_NO_MEMORY
2592  *              DDI_PROP_BUF_TOO_SMALL
2593  */
2594 
2595 static int
2596 sd_prop_op(dev_t dev, dev_info_t *dip, ddi_prop_op_t prop_op, int mod_flags,
2597 	char *name, caddr_t valuep, int *lengthp)
2598 {
2599 	int		instance = ddi_get_instance(dip);
2600 	struct sd_lun	*un;
2601 	uint64_t	nblocks64;
2602 
2603 	/*
2604 	 * Our dynamic properties are all device specific and size oriented.
2605 	 * Requests issued under conditions where size is valid are passed
2606 	 * to ddi_prop_op_nblocks with the size information, otherwise the
2607 	 * request is passed to ddi_prop_op. Size depends on valid geometry.
2608 	 */
2609 	un = ddi_get_soft_state(sd_state, instance);
2610 	if ((dev == DDI_DEV_T_ANY) || (un == NULL) ||
2611 	    (un->un_f_geometry_is_valid == FALSE)) {
2612 		return (ddi_prop_op(dev, dip, prop_op, mod_flags,
2613 		    name, valuep, lengthp));
2614 	} else {
2615 		/* get nblocks value */
2616 		ASSERT(!mutex_owned(SD_MUTEX(un)));
2617 		mutex_enter(SD_MUTEX(un));
2618 		nblocks64 = (ulong_t)un->un_map[SDPART(dev)].dkl_nblk;
2619 		mutex_exit(SD_MUTEX(un));
2620 
2621 		return (ddi_prop_op_nblocks(dev, dip, prop_op, mod_flags,
2622 		    name, valuep, lengthp, nblocks64));
2623 	}
2624 }
2625 
2626 /*
2627  * The following functions are for smart probing:
2628  * sd_scsi_probe_cache_init()
2629  * sd_scsi_probe_cache_fini()
2630  * sd_scsi_clear_probe_cache()
2631  * sd_scsi_probe_with_cache()
2632  */
2633 
2634 /*
2635  *    Function: sd_scsi_probe_cache_init
2636  *
2637  * Description: Initializes the probe response cache mutex and head pointer.
2638  *
2639  *     Context: Kernel thread context
2640  */
2641 
2642 static void
2643 sd_scsi_probe_cache_init(void)
2644 {
2645 	mutex_init(&sd_scsi_probe_cache_mutex, NULL, MUTEX_DRIVER, NULL);
2646 	sd_scsi_probe_cache_head = NULL;
2647 }
2648 
2649 
2650 /*
2651  *    Function: sd_scsi_probe_cache_fini
2652  *
2653  * Description: Frees all resources associated with the probe response cache.
2654  *
2655  *     Context: Kernel thread context
2656  */
2657 
2658 static void
2659 sd_scsi_probe_cache_fini(void)
2660 {
2661 	struct sd_scsi_probe_cache *cp;
2662 	struct sd_scsi_probe_cache *ncp;
2663 
2664 	/* Clean up our smart probing linked list */
2665 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = ncp) {
2666 		ncp = cp->next;
2667 		kmem_free(cp, sizeof (struct sd_scsi_probe_cache));
2668 	}
2669 	sd_scsi_probe_cache_head = NULL;
2670 	mutex_destroy(&sd_scsi_probe_cache_mutex);
2671 }
2672 
2673 
2674 /*
2675  *    Function: sd_scsi_clear_probe_cache
2676  *
2677  * Description: This routine clears the probe response cache. This is
2678  *		done when open() returns ENXIO so that when deferred
2679  *		attach is attempted (possibly after a device has been
2680  *		turned on) we will retry the probe. Since we don't know
2681  *		which target we failed to open, we just clear the
2682  *		entire cache.
2683  *
2684  *     Context: Kernel thread context
2685  */
2686 
2687 static void
2688 sd_scsi_clear_probe_cache(void)
2689 {
2690 	struct sd_scsi_probe_cache	*cp;
2691 	int				i;
2692 
2693 	mutex_enter(&sd_scsi_probe_cache_mutex);
2694 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = cp->next) {
2695 		/*
2696 		 * Reset all entries to SCSIPROBE_EXISTS.  This will
2697 		 * force probing to be performed the next time
2698 		 * sd_scsi_probe_with_cache is called.
2699 		 */
2700 		for (i = 0; i < NTARGETS_WIDE; i++) {
2701 			cp->cache[i] = SCSIPROBE_EXISTS;
2702 		}
2703 	}
2704 	mutex_exit(&sd_scsi_probe_cache_mutex);
2705 }
2706 
2707 
2708 /*
2709  *    Function: sd_scsi_probe_with_cache
2710  *
2711  * Description: This routine implements support for a scsi device probe
2712  *		with cache. The driver maintains a cache of the target
2713  *		responses to scsi probes. If we get no response from a
2714  *		target during a probe inquiry, we remember that, and we
2715  *		avoid additional calls to scsi_probe on non-zero LUNs
2716  *		on the same target until the cache is cleared. By doing
2717  *		so we avoid the 1/4 sec selection timeout for nonzero
2718  *		LUNs. lun0 of a target is always probed.
2719  *
2720  *   Arguments: devp     - Pointer to a scsi_device(9S) structure
2721  *              waitfunc - indicates what the allocator routines should
2722  *			   do when resources are not available. This value
2723  *			   is passed on to scsi_probe() when that routine
2724  *			   is called.
2725  *
2726  * Return Code: SCSIPROBE_NORESP if a NORESP in probe response cache;
2727  *		otherwise the value returned by scsi_probe(9F).
2728  *
2729  *     Context: Kernel thread context
2730  */
2731 
2732 static int
2733 sd_scsi_probe_with_cache(struct scsi_device *devp, int (*waitfn)())
2734 {
2735 	struct sd_scsi_probe_cache	*cp;
2736 	dev_info_t	*pdip = ddi_get_parent(devp->sd_dev);
2737 	int		lun, tgt;
2738 
2739 	lun = ddi_prop_get_int(DDI_DEV_T_ANY, devp->sd_dev, DDI_PROP_DONTPASS,
2740 	    SCSI_ADDR_PROP_LUN, 0);
2741 	tgt = ddi_prop_get_int(DDI_DEV_T_ANY, devp->sd_dev, DDI_PROP_DONTPASS,
2742 	    SCSI_ADDR_PROP_TARGET, -1);
2743 
2744 	/* Make sure caching enabled and target in range */
2745 	if ((tgt < 0) || (tgt >= NTARGETS_WIDE)) {
2746 		/* do it the old way (no cache) */
2747 		return (scsi_probe(devp, waitfn));
2748 	}
2749 
2750 	mutex_enter(&sd_scsi_probe_cache_mutex);
2751 
2752 	/* Find the cache for this scsi bus instance */
2753 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = cp->next) {
2754 		if (cp->pdip == pdip) {
2755 			break;
2756 		}
2757 	}
2758 
2759 	/* If we can't find a cache for this pdip, create one */
2760 	if (cp == NULL) {
2761 		int i;
2762 
2763 		cp = kmem_zalloc(sizeof (struct sd_scsi_probe_cache),
2764 		    KM_SLEEP);
2765 		cp->pdip = pdip;
2766 		cp->next = sd_scsi_probe_cache_head;
2767 		sd_scsi_probe_cache_head = cp;
2768 		for (i = 0; i < NTARGETS_WIDE; i++) {
2769 			cp->cache[i] = SCSIPROBE_EXISTS;
2770 		}
2771 	}
2772 
2773 	mutex_exit(&sd_scsi_probe_cache_mutex);
2774 
2775 	/* Recompute the cache for this target if LUN zero */
2776 	if (lun == 0) {
2777 		cp->cache[tgt] = SCSIPROBE_EXISTS;
2778 	}
2779 
2780 	/* Don't probe if cache remembers a NORESP from a previous LUN. */
2781 	if (cp->cache[tgt] != SCSIPROBE_EXISTS) {
2782 		return (SCSIPROBE_NORESP);
2783 	}
2784 
2785 	/* Do the actual probe; save & return the result */
2786 	return (cp->cache[tgt] = scsi_probe(devp, waitfn));
2787 }
2788 
2789 
2790 /*
2791  *    Function: sd_spin_up_unit
2792  *
2793  * Description: Issues the following commands to spin-up the device:
2794  *		START STOP UNIT, and INQUIRY.
2795  *
2796  *   Arguments: un - driver soft state (unit) structure
2797  *
2798  * Return Code: 0 - success
2799  *		EIO - failure
2800  *		EACCES - reservation conflict
2801  *
2802  *     Context: Kernel thread context
2803  */
2804 
2805 static int
2806 sd_spin_up_unit(struct sd_lun *un)
2807 {
2808 	size_t	resid		= 0;
2809 	int	has_conflict	= FALSE;
2810 	uchar_t *bufaddr;
2811 
2812 	ASSERT(un != NULL);
2813 
2814 	/*
2815 	 * Send a throwaway START UNIT command.
2816 	 *
2817 	 * If we fail on this, we don't care presently what precisely
2818 	 * is wrong.  EMC's arrays will also fail this with a check
2819 	 * condition (0x2/0x4/0x3) if the device is "inactive," but
2820 	 * we don't want to fail the attach because it may become
2821 	 * "active" later.
2822 	 */
2823 	if (sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START, SD_PATH_DIRECT)
2824 	    == EACCES)
2825 		has_conflict = TRUE;
2826 
2827 	/*
2828 	 * Send another INQUIRY command to the target. This is necessary for
2829 	 * non-removable media direct access devices because their INQUIRY data
2830 	 * may not be fully qualified until they are spun up (perhaps via the
2831 	 * START command above).  Note: This seems to be needed for some
2832 	 * legacy devices only.) The INQUIRY command should succeed even if a
2833 	 * Reservation Conflict is present.
2834 	 */
2835 	bufaddr = kmem_zalloc(SUN_INQSIZE, KM_SLEEP);
2836 	if (sd_send_scsi_INQUIRY(un, bufaddr, SUN_INQSIZE, 0, 0, &resid) != 0) {
2837 		kmem_free(bufaddr, SUN_INQSIZE);
2838 		return (EIO);
2839 	}
2840 
2841 	/*
2842 	 * If we got enough INQUIRY data, copy it over the old INQUIRY data.
2843 	 * Note that this routine does not return a failure here even if the
2844 	 * INQUIRY command did not return any data.  This is a legacy behavior.
2845 	 */
2846 	if ((SUN_INQSIZE - resid) >= SUN_MIN_INQLEN) {
2847 		bcopy(bufaddr, SD_INQUIRY(un), SUN_INQSIZE);
2848 	}
2849 
2850 	kmem_free(bufaddr, SUN_INQSIZE);
2851 
2852 	/* If we hit a reservation conflict above, tell the caller. */
2853 	if (has_conflict == TRUE) {
2854 		return (EACCES);
2855 	}
2856 
2857 	return (0);
2858 }
2859 
2860 #ifdef _LP64
2861 /*
2862  *    Function: sd_enable_descr_sense
2863  *
2864  * Description: This routine attempts to select descriptor sense format
2865  *		using the Control mode page.  Devices that support 64 bit
2866  *		LBAs (for >2TB luns) should also implement descriptor
2867  *		sense data so we will call this function whenever we see
2868  *		a lun larger than 2TB.  If for some reason the device
2869  *		supports 64 bit LBAs but doesn't support descriptor sense
2870  *		presumably the mode select will fail.  Everything will
2871  *		continue to work normally except that we will not get
2872  *		complete sense data for commands that fail with an LBA
2873  *		larger than 32 bits.
2874  *
2875  *   Arguments: un - driver soft state (unit) structure
2876  *
2877  *     Context: Kernel thread context only
2878  */
2879 
2880 static void
2881 sd_enable_descr_sense(struct sd_lun *un)
2882 {
2883 	uchar_t			*header;
2884 	struct mode_control_scsi3 *ctrl_bufp;
2885 	size_t			buflen;
2886 	size_t			bd_len;
2887 
2888 	/*
2889 	 * Read MODE SENSE page 0xA, Control Mode Page
2890 	 */
2891 	buflen = MODE_HEADER_LENGTH + MODE_BLK_DESC_LENGTH +
2892 	    sizeof (struct mode_control_scsi3);
2893 	header = kmem_zalloc(buflen, KM_SLEEP);
2894 	if (sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
2895 	    MODEPAGE_CTRL_MODE, SD_PATH_DIRECT) != 0) {
2896 		SD_ERROR(SD_LOG_COMMON, un,
2897 		    "sd_enable_descr_sense: mode sense ctrl page failed\n");
2898 		goto eds_exit;
2899 	}
2900 
2901 	/*
2902 	 * Determine size of Block Descriptors in order to locate
2903 	 * the mode page data. ATAPI devices return 0, SCSI devices
2904 	 * should return MODE_BLK_DESC_LENGTH.
2905 	 */
2906 	bd_len  = ((struct mode_header *)header)->bdesc_length;
2907 
2908 	ctrl_bufp = (struct mode_control_scsi3 *)
2909 	    (header + MODE_HEADER_LENGTH + bd_len);
2910 
2911 	/*
2912 	 * Clear PS bit for MODE SELECT
2913 	 */
2914 	ctrl_bufp->mode_page.ps = 0;
2915 
2916 	/*
2917 	 * Set D_SENSE to enable descriptor sense format.
2918 	 */
2919 	ctrl_bufp->d_sense = 1;
2920 
2921 	/*
2922 	 * Use MODE SELECT to commit the change to the D_SENSE bit
2923 	 */
2924 	if (sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, header,
2925 	    buflen, SD_DONTSAVE_PAGE, SD_PATH_DIRECT) != 0) {
2926 		SD_INFO(SD_LOG_COMMON, un,
2927 		    "sd_enable_descr_sense: mode select ctrl page failed\n");
2928 		goto eds_exit;
2929 	}
2930 
2931 eds_exit:
2932 	kmem_free(header, buflen);
2933 }
2934 #endif /* _LP64 */
2935 
2936 
2937 /*
2938  *    Function: sd_set_mmc_caps
2939  *
2940  * Description: This routine determines if the device is MMC compliant and if
2941  *		the device supports CDDA via a mode sense of the CDVD
2942  *		capabilities mode page. Also checks if the device is a
2943  *		dvdram writable device.
2944  *
2945  *   Arguments: un - driver soft state (unit) structure
2946  *
2947  *     Context: Kernel thread context only
2948  */
2949 
2950 static void
2951 sd_set_mmc_caps(struct sd_lun *un)
2952 {
2953 	struct mode_header_grp2		*sense_mhp;
2954 	uchar_t				*sense_page;
2955 	caddr_t				buf;
2956 	int				bd_len;
2957 	int				status;
2958 	struct uscsi_cmd		com;
2959 	int				rtn;
2960 	uchar_t				*out_data_rw, *out_data_hd;
2961 	uchar_t				*rqbuf_rw, *rqbuf_hd;
2962 
2963 	ASSERT(un != NULL);
2964 
2965 	/*
2966 	 * The flags which will be set in this function are - mmc compliant,
2967 	 * dvdram writable device, cdda support. Initialize them to FALSE
2968 	 * and if a capability is detected - it will be set to TRUE.
2969 	 */
2970 	un->un_f_mmc_cap = FALSE;
2971 	un->un_f_dvdram_writable_device = FALSE;
2972 	un->un_f_cfg_cdda = FALSE;
2973 
2974 	buf = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
2975 	status = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, (uchar_t *)buf,
2976 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP, SD_PATH_DIRECT);
2977 
2978 	if (status != 0) {
2979 		/* command failed; just return */
2980 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
2981 		return;
2982 	}
2983 	/*
2984 	 * If the mode sense request for the CDROM CAPABILITIES
2985 	 * page (0x2A) succeeds the device is assumed to be MMC.
2986 	 */
2987 	un->un_f_mmc_cap = TRUE;
2988 
2989 	/* Get to the page data */
2990 	sense_mhp = (struct mode_header_grp2 *)buf;
2991 	bd_len = (sense_mhp->bdesc_length_hi << 8) |
2992 	    sense_mhp->bdesc_length_lo;
2993 	if (bd_len > MODE_BLK_DESC_LENGTH) {
2994 		/*
2995 		 * We did not get back the expected block descriptor
2996 		 * length so we cannot determine if the device supports
2997 		 * CDDA. However, we still indicate the device is MMC
2998 		 * according to the successful response to the page
2999 		 * 0x2A mode sense request.
3000 		 */
3001 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3002 		    "sd_set_mmc_caps: Mode Sense returned "
3003 		    "invalid block descriptor length\n");
3004 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3005 		return;
3006 	}
3007 
3008 	/* See if read CDDA is supported */
3009 	sense_page = (uchar_t *)(buf + MODE_HEADER_LENGTH_GRP2 +
3010 	    bd_len);
3011 	un->un_f_cfg_cdda = (sense_page[5] & 0x01) ? TRUE : FALSE;
3012 
3013 	/* See if writing DVD RAM is supported. */
3014 	un->un_f_dvdram_writable_device = (sense_page[3] & 0x20) ? TRUE : FALSE;
3015 	if (un->un_f_dvdram_writable_device == TRUE) {
3016 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3017 		return;
3018 	}
3019 
3020 	/*
3021 	 * If the device presents DVD or CD capabilities in the mode
3022 	 * page, we can return here since a RRD will not have
3023 	 * these capabilities.
3024 	 */
3025 	if ((sense_page[2] & 0x3f) || (sense_page[3] & 0x3f)) {
3026 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3027 		return;
3028 	}
3029 	kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3030 
3031 	/*
3032 	 * If un->un_f_dvdram_writable_device is still FALSE,
3033 	 * check for a Removable Rigid Disk (RRD).  A RRD
3034 	 * device is identified by the features RANDOM_WRITABLE and
3035 	 * HARDWARE_DEFECT_MANAGEMENT.
3036 	 */
3037 	out_data_rw = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3038 	rqbuf_rw = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3039 
3040 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_rw,
3041 	    SENSE_LENGTH, out_data_rw, SD_CURRENT_FEATURE_LEN,
3042 	    RANDOM_WRITABLE);
3043 	if (rtn != 0) {
3044 		kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3045 		kmem_free(rqbuf_rw, SENSE_LENGTH);
3046 		return;
3047 	}
3048 
3049 	out_data_hd = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3050 	rqbuf_hd = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3051 
3052 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_hd,
3053 	    SENSE_LENGTH, out_data_hd, SD_CURRENT_FEATURE_LEN,
3054 	    HARDWARE_DEFECT_MANAGEMENT);
3055 	if (rtn == 0) {
3056 		/*
3057 		 * We have good information, check for random writable
3058 		 * and hardware defect features.
3059 		 */
3060 		if ((out_data_rw[9] & RANDOM_WRITABLE) &&
3061 		    (out_data_hd[9] & HARDWARE_DEFECT_MANAGEMENT)) {
3062 			un->un_f_dvdram_writable_device = TRUE;
3063 		}
3064 	}
3065 
3066 	kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3067 	kmem_free(rqbuf_rw, SENSE_LENGTH);
3068 	kmem_free(out_data_hd, SD_CURRENT_FEATURE_LEN);
3069 	kmem_free(rqbuf_hd, SENSE_LENGTH);
3070 }
3071 
3072 /*
3073  *    Function: sd_check_for_writable_cd
3074  *
3075  * Description: This routine determines if the media in the device is
3076  *		writable or not. It uses the get configuration command (0x46)
3077  *		to determine if the media is writable
3078  *
3079  *   Arguments: un - driver soft state (unit) structure
3080  *
3081  *     Context: Never called at interrupt context.
3082  */
3083 
3084 static void
3085 sd_check_for_writable_cd(struct sd_lun *un)
3086 {
3087 	struct uscsi_cmd		com;
3088 	uchar_t				*out_data;
3089 	uchar_t				*rqbuf;
3090 	int				rtn;
3091 	uchar_t				*out_data_rw, *out_data_hd;
3092 	uchar_t				*rqbuf_rw, *rqbuf_hd;
3093 	struct mode_header_grp2		*sense_mhp;
3094 	uchar_t				*sense_page;
3095 	caddr_t				buf;
3096 	int				bd_len;
3097 	int				status;
3098 
3099 	ASSERT(un != NULL);
3100 	ASSERT(mutex_owned(SD_MUTEX(un)));
3101 
3102 	/*
3103 	 * Initialize the writable media to false, if configuration info.
3104 	 * tells us otherwise then only we will set it.
3105 	 */
3106 	un->un_f_mmc_writable_media = FALSE;
3107 	mutex_exit(SD_MUTEX(un));
3108 
3109 	out_data = kmem_zalloc(SD_PROFILE_HEADER_LEN, KM_SLEEP);
3110 	rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3111 
3112 	rtn = sd_send_scsi_GET_CONFIGURATION(un, &com, rqbuf, SENSE_LENGTH,
3113 	    out_data, SD_PROFILE_HEADER_LEN);
3114 
3115 	mutex_enter(SD_MUTEX(un));
3116 	if (rtn == 0) {
3117 		/*
3118 		 * We have good information, check for writable DVD.
3119 		 */
3120 		if ((out_data[6] == 0) && (out_data[7] == 0x12)) {
3121 			un->un_f_mmc_writable_media = TRUE;
3122 			kmem_free(out_data, SD_PROFILE_HEADER_LEN);
3123 			kmem_free(rqbuf, SENSE_LENGTH);
3124 			return;
3125 		}
3126 	}
3127 
3128 	kmem_free(out_data, SD_PROFILE_HEADER_LEN);
3129 	kmem_free(rqbuf, SENSE_LENGTH);
3130 
3131 	/*
3132 	 * Determine if this is a RRD type device.
3133 	 */
3134 	mutex_exit(SD_MUTEX(un));
3135 	buf = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
3136 	status = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, (uchar_t *)buf,
3137 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP, SD_PATH_DIRECT);
3138 	mutex_enter(SD_MUTEX(un));
3139 	if (status != 0) {
3140 		/* command failed; just return */
3141 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3142 		return;
3143 	}
3144 
3145 	/* Get to the page data */
3146 	sense_mhp = (struct mode_header_grp2 *)buf;
3147 	bd_len = (sense_mhp->bdesc_length_hi << 8) | sense_mhp->bdesc_length_lo;
3148 	if (bd_len > MODE_BLK_DESC_LENGTH) {
3149 		/*
3150 		 * We did not get back the expected block descriptor length so
3151 		 * we cannot check the mode page.
3152 		 */
3153 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3154 		    "sd_check_for_writable_cd: Mode Sense returned "
3155 		    "invalid block descriptor length\n");
3156 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3157 		return;
3158 	}
3159 
3160 	/*
3161 	 * If the device presents DVD or CD capabilities in the mode
3162 	 * page, we can return here since a RRD device will not have
3163 	 * these capabilities.
3164 	 */
3165 	sense_page = (uchar_t *)(buf + MODE_HEADER_LENGTH_GRP2 + bd_len);
3166 	if ((sense_page[2] & 0x3f) || (sense_page[3] & 0x3f)) {
3167 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3168 		return;
3169 	}
3170 	kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3171 
3172 	/*
3173 	 * If un->un_f_mmc_writable_media is still FALSE,
3174 	 * check for RRD type media.  A RRD device is identified
3175 	 * by the features RANDOM_WRITABLE and HARDWARE_DEFECT_MANAGEMENT.
3176 	 */
3177 	mutex_exit(SD_MUTEX(un));
3178 	out_data_rw = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3179 	rqbuf_rw = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3180 
3181 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_rw,
3182 	    SENSE_LENGTH, out_data_rw, SD_CURRENT_FEATURE_LEN,
3183 	    RANDOM_WRITABLE);
3184 	if (rtn != 0) {
3185 		kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3186 		kmem_free(rqbuf_rw, SENSE_LENGTH);
3187 		mutex_enter(SD_MUTEX(un));
3188 		return;
3189 	}
3190 
3191 	out_data_hd = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3192 	rqbuf_hd = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3193 
3194 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_hd,
3195 	    SENSE_LENGTH, out_data_hd, SD_CURRENT_FEATURE_LEN,
3196 	    HARDWARE_DEFECT_MANAGEMENT);
3197 	mutex_enter(SD_MUTEX(un));
3198 	if (rtn == 0) {
3199 		/*
3200 		 * We have good information, check for random writable
3201 		 * and hardware defect features as current.
3202 		 */
3203 		if ((out_data_rw[9] & RANDOM_WRITABLE) &&
3204 		    (out_data_rw[10] & 0x1) &&
3205 		    (out_data_hd[9] & HARDWARE_DEFECT_MANAGEMENT) &&
3206 		    (out_data_hd[10] & 0x1)) {
3207 			un->un_f_mmc_writable_media = TRUE;
3208 		}
3209 	}
3210 
3211 	kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3212 	kmem_free(rqbuf_rw, SENSE_LENGTH);
3213 	kmem_free(out_data_hd, SD_CURRENT_FEATURE_LEN);
3214 	kmem_free(rqbuf_hd, SENSE_LENGTH);
3215 }
3216 
3217 /*
3218  *    Function: sd_read_unit_properties
3219  *
3220  * Description: The following implements a property lookup mechanism.
3221  *		Properties for particular disks (keyed on vendor, model
3222  *		and rev numbers) are sought in the sd.conf file via
3223  *		sd_process_sdconf_file(), and if not found there, are
3224  *		looked for in a list hardcoded in this driver via
3225  *		sd_process_sdconf_table() Once located the properties
3226  *		are used to update the driver unit structure.
3227  *
3228  *   Arguments: un - driver soft state (unit) structure
3229  */
3230 
3231 static void
3232 sd_read_unit_properties(struct sd_lun *un)
3233 {
3234 	/*
3235 	 * sd_process_sdconf_file returns SD_FAILURE if it cannot find
3236 	 * the "sd-config-list" property (from the sd.conf file) or if
3237 	 * there was not a match for the inquiry vid/pid. If this event
3238 	 * occurs the static driver configuration table is searched for
3239 	 * a match.
3240 	 */
3241 	ASSERT(un != NULL);
3242 	if (sd_process_sdconf_file(un) == SD_FAILURE) {
3243 		sd_process_sdconf_table(un);
3244 	}
3245 
3246 	/* check for LSI device */
3247 	sd_is_lsi(un);
3248 
3249 	/*
3250 	 * Set this in sd.conf to 0 in order to disable kstats.  The default
3251 	 * is 1, so they are enabled by default.
3252 	 */
3253 	un->un_f_pkstats_enabled = (ddi_prop_get_int(DDI_DEV_T_ANY,
3254 	    SD_DEVINFO(un), DDI_PROP_DONTPASS, "enable-partition-kstats", 1));
3255 }
3256 
3257 
3258 /*
3259  *    Function: sd_process_sdconf_file
3260  *
3261  * Description: Use ddi_getlongprop to obtain the properties from the
3262  *		driver's config file (ie, sd.conf) and update the driver
3263  *		soft state structure accordingly.
3264  *
3265  *   Arguments: un - driver soft state (unit) structure
3266  *
3267  * Return Code: SD_SUCCESS - The properties were successfully set according
3268  *			     to the driver configuration file.
3269  *		SD_FAILURE - The driver config list was not obtained or
3270  *			     there was no vid/pid match. This indicates that
3271  *			     the static config table should be used.
3272  *
3273  * The config file has a property, "sd-config-list", which consists of
3274  * one or more duplets as follows:
3275  *
3276  *  sd-config-list=
3277  *	<duplet>,
3278  *	[<duplet>,]
3279  *	[<duplet>];
3280  *
3281  * The structure of each duplet is as follows:
3282  *
3283  *  <duplet>:= <vid+pid>,<data-property-name_list>
3284  *
3285  * The first entry of the duplet is the device ID string (the concatenated
3286  * vid & pid; not to be confused with a device_id).  This is defined in
3287  * the same way as in the sd_disk_table.
3288  *
3289  * The second part of the duplet is a string that identifies a
3290  * data-property-name-list. The data-property-name-list is defined as
3291  * follows:
3292  *
3293  *  <data-property-name-list>:=<data-property-name> [<data-property-name>]
3294  *
3295  * The syntax of <data-property-name> depends on the <version> field.
3296  *
3297  * If version = SD_CONF_VERSION_1 we have the following syntax:
3298  *
3299  * 	<data-property-name>:=<version>,<flags>,<prop0>,<prop1>,.....<propN>
3300  *
3301  * where the prop0 value will be used to set prop0 if bit0 set in the
3302  * flags, prop1 if bit1 set, etc. and N = SD_CONF_MAX_ITEMS -1
3303  *
3304  */
3305 
3306 static int
3307 sd_process_sdconf_file(struct sd_lun *un)
3308 {
3309 	char	*config_list = NULL;
3310 	int	config_list_len;
3311 	int	len;
3312 	int	dupletlen = 0;
3313 	char	*vidptr;
3314 	int	vidlen;
3315 	char	*dnlist_ptr;
3316 	char	*dataname_ptr;
3317 	int	dnlist_len;
3318 	int	dataname_len;
3319 	int	*data_list;
3320 	int	data_list_len;
3321 	int	rval = SD_FAILURE;
3322 	int	i;
3323 
3324 	ASSERT(un != NULL);
3325 
3326 	/* Obtain the configuration list associated with the .conf file */
3327 	if (ddi_getlongprop(DDI_DEV_T_ANY, SD_DEVINFO(un), DDI_PROP_DONTPASS,
3328 	    sd_config_list, (caddr_t)&config_list, &config_list_len)
3329 	    != DDI_PROP_SUCCESS) {
3330 		return (SD_FAILURE);
3331 	}
3332 
3333 	/*
3334 	 * Compare vids in each duplet to the inquiry vid - if a match is
3335 	 * made, get the data value and update the soft state structure
3336 	 * accordingly.
3337 	 *
3338 	 * Note: This algorithm is complex and difficult to maintain. It should
3339 	 * be replaced with a more robust implementation.
3340 	 */
3341 	for (len = config_list_len, vidptr = config_list; len > 0;
3342 	    vidptr += dupletlen, len -= dupletlen) {
3343 		/*
3344 		 * Note: The assumption here is that each vid entry is on
3345 		 * a unique line from its associated duplet.
3346 		 */
3347 		vidlen = dupletlen = (int)strlen(vidptr);
3348 		if ((vidlen == 0) ||
3349 		    (sd_sdconf_id_match(un, vidptr, vidlen) != SD_SUCCESS)) {
3350 			dupletlen++;
3351 			continue;
3352 		}
3353 
3354 		/*
3355 		 * dnlist contains 1 or more blank separated
3356 		 * data-property-name entries
3357 		 */
3358 		dnlist_ptr = vidptr + vidlen + 1;
3359 		dnlist_len = (int)strlen(dnlist_ptr);
3360 		dupletlen += dnlist_len + 2;
3361 
3362 		/*
3363 		 * Set a pointer for the first data-property-name
3364 		 * entry in the list
3365 		 */
3366 		dataname_ptr = dnlist_ptr;
3367 		dataname_len = 0;
3368 
3369 		/*
3370 		 * Loop through all data-property-name entries in the
3371 		 * data-property-name-list setting the properties for each.
3372 		 */
3373 		while (dataname_len < dnlist_len) {
3374 			int version;
3375 
3376 			/*
3377 			 * Determine the length of the current
3378 			 * data-property-name entry by indexing until a
3379 			 * blank or NULL is encountered. When the space is
3380 			 * encountered reset it to a NULL for compliance
3381 			 * with ddi_getlongprop().
3382 			 */
3383 			for (i = 0; ((dataname_ptr[i] != ' ') &&
3384 			    (dataname_ptr[i] != '\0')); i++) {
3385 				;
3386 			}
3387 
3388 			dataname_len += i;
3389 			/* If not null terminated, Make it so */
3390 			if (dataname_ptr[i] == ' ') {
3391 				dataname_ptr[i] = '\0';
3392 			}
3393 			dataname_len++;
3394 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3395 			    "sd_process_sdconf_file: disk:%s, data:%s\n",
3396 			    vidptr, dataname_ptr);
3397 
3398 			/* Get the data list */
3399 			if (ddi_getlongprop(DDI_DEV_T_ANY, SD_DEVINFO(un), 0,
3400 			    dataname_ptr, (caddr_t)&data_list, &data_list_len)
3401 			    != DDI_PROP_SUCCESS) {
3402 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
3403 				    "sd_process_sdconf_file: data property (%s)"
3404 				    " has no value\n", dataname_ptr);
3405 				dataname_ptr = dnlist_ptr + dataname_len;
3406 				continue;
3407 			}
3408 
3409 			version = data_list[0];
3410 
3411 			if (version == SD_CONF_VERSION_1) {
3412 				sd_tunables values;
3413 
3414 				/* Set the properties */
3415 				if (sd_chk_vers1_data(un, data_list[1],
3416 				    &data_list[2], data_list_len, dataname_ptr)
3417 				    == SD_SUCCESS) {
3418 					sd_get_tunables_from_conf(un,
3419 					    data_list[1], &data_list[2],
3420 					    &values);
3421 					sd_set_vers1_properties(un,
3422 					    data_list[1], &values);
3423 					rval = SD_SUCCESS;
3424 				} else {
3425 					rval = SD_FAILURE;
3426 				}
3427 			} else {
3428 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3429 				    "data property %s version 0x%x is invalid.",
3430 				    dataname_ptr, version);
3431 				rval = SD_FAILURE;
3432 			}
3433 			kmem_free(data_list, data_list_len);
3434 			dataname_ptr = dnlist_ptr + dataname_len;
3435 		}
3436 	}
3437 
3438 	/* free up the memory allocated by ddi_getlongprop */
3439 	if (config_list) {
3440 		kmem_free(config_list, config_list_len);
3441 	}
3442 
3443 	return (rval);
3444 }
3445 
3446 /*
3447  *    Function: sd_get_tunables_from_conf()
3448  *
3449  *
3450  *    This function reads the data list from the sd.conf file and pulls
3451  *    the values that can have numeric values as arguments and places
3452  *    the values in the apropriate sd_tunables member.
3453  *    Since the order of the data list members varies across platforms
3454  *    This function reads them from the data list in a platform specific
3455  *    order and places them into the correct sd_tunable member that is
3456  *    a consistant across all platforms.
3457  */
3458 static void
3459 sd_get_tunables_from_conf(struct sd_lun *un, int flags, int *data_list,
3460     sd_tunables *values)
3461 {
3462 	int i;
3463 	int mask;
3464 
3465 	bzero(values, sizeof (sd_tunables));
3466 
3467 	for (i = 0; i < SD_CONF_MAX_ITEMS; i++) {
3468 
3469 		mask = 1 << i;
3470 		if (mask > flags) {
3471 			break;
3472 		}
3473 
3474 		switch (mask & flags) {
3475 		case 0:	/* This mask bit not set in flags */
3476 			continue;
3477 		case SD_CONF_BSET_THROTTLE:
3478 			values->sdt_throttle = data_list[i];
3479 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3480 			    "sd_get_tunables_from_conf: throttle = %d\n",
3481 			    values->sdt_throttle);
3482 			break;
3483 		case SD_CONF_BSET_CTYPE:
3484 			values->sdt_ctype = data_list[i];
3485 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3486 			    "sd_get_tunables_from_conf: ctype = %d\n",
3487 			    values->sdt_ctype);
3488 			break;
3489 		case SD_CONF_BSET_NRR_COUNT:
3490 			values->sdt_not_rdy_retries = data_list[i];
3491 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3492 			    "sd_get_tunables_from_conf: not_rdy_retries = %d\n",
3493 			    values->sdt_not_rdy_retries);
3494 			break;
3495 		case SD_CONF_BSET_BSY_RETRY_COUNT:
3496 			values->sdt_busy_retries = data_list[i];
3497 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3498 			    "sd_get_tunables_from_conf: busy_retries = %d\n",
3499 			    values->sdt_busy_retries);
3500 			break;
3501 		case SD_CONF_BSET_RST_RETRIES:
3502 			values->sdt_reset_retries = data_list[i];
3503 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3504 			    "sd_get_tunables_from_conf: reset_retries = %d\n",
3505 			    values->sdt_reset_retries);
3506 			break;
3507 		case SD_CONF_BSET_RSV_REL_TIME:
3508 			values->sdt_reserv_rel_time = data_list[i];
3509 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3510 			    "sd_get_tunables_from_conf: reserv_rel_time = %d\n",
3511 			    values->sdt_reserv_rel_time);
3512 			break;
3513 		case SD_CONF_BSET_MIN_THROTTLE:
3514 			values->sdt_min_throttle = data_list[i];
3515 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3516 			    "sd_get_tunables_from_conf: min_throttle = %d\n",
3517 			    values->sdt_min_throttle);
3518 			break;
3519 		case SD_CONF_BSET_DISKSORT_DISABLED:
3520 			values->sdt_disk_sort_dis = data_list[i];
3521 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3522 			    "sd_get_tunables_from_conf: disk_sort_dis = %d\n",
3523 			    values->sdt_disk_sort_dis);
3524 			break;
3525 		case SD_CONF_BSET_LUN_RESET_ENABLED:
3526 			values->sdt_lun_reset_enable = data_list[i];
3527 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3528 			    "sd_get_tunables_from_conf: lun_reset_enable = %d"
3529 			    "\n", values->sdt_lun_reset_enable);
3530 			break;
3531 		}
3532 	}
3533 }
3534 
3535 /*
3536  *    Function: sd_process_sdconf_table
3537  *
3538  * Description: Search the static configuration table for a match on the
3539  *		inquiry vid/pid and update the driver soft state structure
3540  *		according to the table property values for the device.
3541  *
3542  *		The form of a configuration table entry is:
3543  *		  <vid+pid>,<flags>,<property-data>
3544  *		  "SEAGATE ST42400N",1,63,0,0			(Fibre)
3545  *		  "SEAGATE ST42400N",1,63,0,0,0,0		(Sparc)
3546  *		  "SEAGATE ST42400N",1,63,0,0,0,0,0,0,0,0,0,0	(Intel)
3547  *
3548  *   Arguments: un - driver soft state (unit) structure
3549  */
3550 
3551 static void
3552 sd_process_sdconf_table(struct sd_lun *un)
3553 {
3554 	char	*id = NULL;
3555 	int	table_index;
3556 	int	idlen;
3557 
3558 	ASSERT(un != NULL);
3559 	for (table_index = 0; table_index < sd_disk_table_size;
3560 	    table_index++) {
3561 		id = sd_disk_table[table_index].device_id;
3562 		idlen = strlen(id);
3563 		if (idlen == 0) {
3564 			continue;
3565 		}
3566 
3567 		/*
3568 		 * The static configuration table currently does not
3569 		 * implement version 10 properties. Additionally,
3570 		 * multiple data-property-name entries are not
3571 		 * implemented in the static configuration table.
3572 		 */
3573 		if (sd_sdconf_id_match(un, id, idlen) == SD_SUCCESS) {
3574 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3575 			    "sd_process_sdconf_table: disk %s\n", id);
3576 			sd_set_vers1_properties(un,
3577 			    sd_disk_table[table_index].flags,
3578 			    sd_disk_table[table_index].properties);
3579 			break;
3580 		}
3581 	}
3582 }
3583 
3584 
3585 /*
3586  *    Function: sd_sdconf_id_match
3587  *
3588  * Description: This local function implements a case sensitive vid/pid
3589  *		comparison as well as the boundary cases of wild card and
3590  *		multiple blanks.
3591  *
3592  *		Note: An implicit assumption made here is that the scsi
3593  *		inquiry structure will always keep the vid, pid and
3594  *		revision strings in consecutive sequence, so they can be
3595  *		read as a single string. If this assumption is not the
3596  *		case, a separate string, to be used for the check, needs
3597  *		to be built with these strings concatenated.
3598  *
3599  *   Arguments: un - driver soft state (unit) structure
3600  *		id - table or config file vid/pid
3601  *		idlen  - length of the vid/pid (bytes)
3602  *
3603  * Return Code: SD_SUCCESS - Indicates a match with the inquiry vid/pid
3604  *		SD_FAILURE - Indicates no match with the inquiry vid/pid
3605  */
3606 
3607 static int
3608 sd_sdconf_id_match(struct sd_lun *un, char *id, int idlen)
3609 {
3610 	struct scsi_inquiry	*sd_inq;
3611 	int 			rval = SD_SUCCESS;
3612 
3613 	ASSERT(un != NULL);
3614 	sd_inq = un->un_sd->sd_inq;
3615 	ASSERT(id != NULL);
3616 
3617 	/*
3618 	 * We use the inq_vid as a pointer to a buffer containing the
3619 	 * vid and pid and use the entire vid/pid length of the table
3620 	 * entry for the comparison. This works because the inq_pid
3621 	 * data member follows inq_vid in the scsi_inquiry structure.
3622 	 */
3623 	if (strncasecmp(sd_inq->inq_vid, id, idlen) != 0) {
3624 		/*
3625 		 * The user id string is compared to the inquiry vid/pid
3626 		 * using a case insensitive comparison and ignoring
3627 		 * multiple spaces.
3628 		 */
3629 		rval = sd_blank_cmp(un, id, idlen);
3630 		if (rval != SD_SUCCESS) {
3631 			/*
3632 			 * User id strings that start and end with a "*"
3633 			 * are a special case. These do not have a
3634 			 * specific vendor, and the product string can
3635 			 * appear anywhere in the 16 byte PID portion of
3636 			 * the inquiry data. This is a simple strstr()
3637 			 * type search for the user id in the inquiry data.
3638 			 */
3639 			if ((id[0] == '*') && (id[idlen - 1] == '*')) {
3640 				char	*pidptr = &id[1];
3641 				int	i;
3642 				int	j;
3643 				int	pidstrlen = idlen - 2;
3644 				j = sizeof (SD_INQUIRY(un)->inq_pid) -
3645 				    pidstrlen;
3646 
3647 				if (j < 0) {
3648 					return (SD_FAILURE);
3649 				}
3650 				for (i = 0; i < j; i++) {
3651 					if (bcmp(&SD_INQUIRY(un)->inq_pid[i],
3652 					    pidptr, pidstrlen) == 0) {
3653 						rval = SD_SUCCESS;
3654 						break;
3655 					}
3656 				}
3657 			}
3658 		}
3659 	}
3660 	return (rval);
3661 }
3662 
3663 
3664 /*
3665  *    Function: sd_blank_cmp
3666  *
3667  * Description: If the id string starts and ends with a space, treat
3668  *		multiple consecutive spaces as equivalent to a single
3669  *		space. For example, this causes a sd_disk_table entry
3670  *		of " NEC CDROM " to match a device's id string of
3671  *		"NEC       CDROM".
3672  *
3673  *		Note: The success exit condition for this routine is if
3674  *		the pointer to the table entry is '\0' and the cnt of
3675  *		the inquiry length is zero. This will happen if the inquiry
3676  *		string returned by the device is padded with spaces to be
3677  *		exactly 24 bytes in length (8 byte vid + 16 byte pid). The
3678  *		SCSI spec states that the inquiry string is to be padded with
3679  *		spaces.
3680  *
3681  *   Arguments: un - driver soft state (unit) structure
3682  *		id - table or config file vid/pid
3683  *		idlen  - length of the vid/pid (bytes)
3684  *
3685  * Return Code: SD_SUCCESS - Indicates a match with the inquiry vid/pid
3686  *		SD_FAILURE - Indicates no match with the inquiry vid/pid
3687  */
3688 
3689 static int
3690 sd_blank_cmp(struct sd_lun *un, char *id, int idlen)
3691 {
3692 	char		*p1;
3693 	char		*p2;
3694 	int		cnt;
3695 	cnt = sizeof (SD_INQUIRY(un)->inq_vid) +
3696 	    sizeof (SD_INQUIRY(un)->inq_pid);
3697 
3698 	ASSERT(un != NULL);
3699 	p2 = un->un_sd->sd_inq->inq_vid;
3700 	ASSERT(id != NULL);
3701 	p1 = id;
3702 
3703 	if ((id[0] == ' ') && (id[idlen - 1] == ' ')) {
3704 		/*
3705 		 * Note: string p1 is terminated by a NUL but string p2
3706 		 * isn't.  The end of p2 is determined by cnt.
3707 		 */
3708 		for (;;) {
3709 			/* skip over any extra blanks in both strings */
3710 			while ((*p1 != '\0') && (*p1 == ' ')) {
3711 				p1++;
3712 			}
3713 			while ((cnt != 0) && (*p2 == ' ')) {
3714 				p2++;
3715 				cnt--;
3716 			}
3717 
3718 			/* compare the two strings */
3719 			if ((cnt == 0) ||
3720 			    (SD_TOUPPER(*p1) != SD_TOUPPER(*p2))) {
3721 				break;
3722 			}
3723 			while ((cnt > 0) &&
3724 			    (SD_TOUPPER(*p1) == SD_TOUPPER(*p2))) {
3725 				p1++;
3726 				p2++;
3727 				cnt--;
3728 			}
3729 		}
3730 	}
3731 
3732 	/* return SD_SUCCESS if both strings match */
3733 	return (((*p1 == '\0') && (cnt == 0)) ? SD_SUCCESS : SD_FAILURE);
3734 }
3735 
3736 
3737 /*
3738  *    Function: sd_chk_vers1_data
3739  *
3740  * Description: Verify the version 1 device properties provided by the
3741  *		user via the configuration file
3742  *
3743  *   Arguments: un	     - driver soft state (unit) structure
3744  *		flags	     - integer mask indicating properties to be set
3745  *		prop_list    - integer list of property values
3746  *		list_len     - length of user provided data
3747  *
3748  * Return Code: SD_SUCCESS - Indicates the user provided data is valid
3749  *		SD_FAILURE - Indicates the user provided data is invalid
3750  */
3751 
3752 static int
3753 sd_chk_vers1_data(struct sd_lun *un, int flags, int *prop_list,
3754     int list_len, char *dataname_ptr)
3755 {
3756 	int i;
3757 	int mask = 1;
3758 	int index = 0;
3759 
3760 	ASSERT(un != NULL);
3761 
3762 	/* Check for a NULL property name and list */
3763 	if (dataname_ptr == NULL) {
3764 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3765 		    "sd_chk_vers1_data: NULL data property name.");
3766 		return (SD_FAILURE);
3767 	}
3768 	if (prop_list == NULL) {
3769 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3770 		    "sd_chk_vers1_data: %s NULL data property list.",
3771 		    dataname_ptr);
3772 		return (SD_FAILURE);
3773 	}
3774 
3775 	/* Display a warning if undefined bits are set in the flags */
3776 	if (flags & ~SD_CONF_BIT_MASK) {
3777 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3778 		    "sd_chk_vers1_data: invalid bits 0x%x in data list %s. "
3779 		    "Properties not set.",
3780 		    (flags & ~SD_CONF_BIT_MASK), dataname_ptr);
3781 		return (SD_FAILURE);
3782 	}
3783 
3784 	/*
3785 	 * Verify the length of the list by identifying the highest bit set
3786 	 * in the flags and validating that the property list has a length
3787 	 * up to the index of this bit.
3788 	 */
3789 	for (i = 0; i < SD_CONF_MAX_ITEMS; i++) {
3790 		if (flags & mask) {
3791 			index++;
3792 		}
3793 		mask = 1 << i;
3794 	}
3795 	if ((list_len / sizeof (int)) < (index + 2)) {
3796 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3797 		    "sd_chk_vers1_data: "
3798 		    "Data property list %s size is incorrect. "
3799 		    "Properties not set.", dataname_ptr);
3800 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT, "Size expected: "
3801 		    "version + 1 flagword + %d properties", SD_CONF_MAX_ITEMS);
3802 		return (SD_FAILURE);
3803 	}
3804 	return (SD_SUCCESS);
3805 }
3806 
3807 
3808 /*
3809  *    Function: sd_set_vers1_properties
3810  *
3811  * Description: Set version 1 device properties based on a property list
3812  *		retrieved from the driver configuration file or static
3813  *		configuration table. Version 1 properties have the format:
3814  *
3815  * 	<data-property-name>:=<version>,<flags>,<prop0>,<prop1>,.....<propN>
3816  *
3817  *		where the prop0 value will be used to set prop0 if bit0
3818  *		is set in the flags
3819  *
3820  *   Arguments: un	     - driver soft state (unit) structure
3821  *		flags	     - integer mask indicating properties to be set
3822  *		prop_list    - integer list of property values
3823  */
3824 
3825 static void
3826 sd_set_vers1_properties(struct sd_lun *un, int flags, sd_tunables *prop_list)
3827 {
3828 	ASSERT(un != NULL);
3829 
3830 	/*
3831 	 * Set the flag to indicate cache is to be disabled. An attempt
3832 	 * to disable the cache via sd_disable_caching() will be made
3833 	 * later during attach once the basic initialization is complete.
3834 	 */
3835 	if (flags & SD_CONF_BSET_NOCACHE) {
3836 		un->un_f_opt_disable_cache = TRUE;
3837 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3838 		    "sd_set_vers1_properties: caching disabled flag set\n");
3839 	}
3840 
3841 	/* CD-specific configuration parameters */
3842 	if (flags & SD_CONF_BSET_PLAYMSF_BCD) {
3843 		un->un_f_cfg_playmsf_bcd = TRUE;
3844 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3845 		    "sd_set_vers1_properties: playmsf_bcd set\n");
3846 	}
3847 	if (flags & SD_CONF_BSET_READSUB_BCD) {
3848 		un->un_f_cfg_readsub_bcd = TRUE;
3849 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3850 		    "sd_set_vers1_properties: readsub_bcd set\n");
3851 	}
3852 	if (flags & SD_CONF_BSET_READ_TOC_TRK_BCD) {
3853 		un->un_f_cfg_read_toc_trk_bcd = TRUE;
3854 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3855 		    "sd_set_vers1_properties: read_toc_trk_bcd set\n");
3856 	}
3857 	if (flags & SD_CONF_BSET_READ_TOC_ADDR_BCD) {
3858 		un->un_f_cfg_read_toc_addr_bcd = TRUE;
3859 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3860 		    "sd_set_vers1_properties: read_toc_addr_bcd set\n");
3861 	}
3862 	if (flags & SD_CONF_BSET_NO_READ_HEADER) {
3863 		un->un_f_cfg_no_read_header = TRUE;
3864 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3865 			    "sd_set_vers1_properties: no_read_header set\n");
3866 	}
3867 	if (flags & SD_CONF_BSET_READ_CD_XD4) {
3868 		un->un_f_cfg_read_cd_xd4 = TRUE;
3869 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3870 		    "sd_set_vers1_properties: read_cd_xd4 set\n");
3871 	}
3872 
3873 	/* Support for devices which do not have valid/unique serial numbers */
3874 	if (flags & SD_CONF_BSET_FAB_DEVID) {
3875 		un->un_f_opt_fab_devid = TRUE;
3876 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3877 		    "sd_set_vers1_properties: fab_devid bit set\n");
3878 	}
3879 
3880 	/* Support for user throttle configuration */
3881 	if (flags & SD_CONF_BSET_THROTTLE) {
3882 		ASSERT(prop_list != NULL);
3883 		un->un_saved_throttle = un->un_throttle =
3884 		    prop_list->sdt_throttle;
3885 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3886 		    "sd_set_vers1_properties: throttle set to %d\n",
3887 		    prop_list->sdt_throttle);
3888 	}
3889 
3890 	/* Set the per disk retry count according to the conf file or table. */
3891 	if (flags & SD_CONF_BSET_NRR_COUNT) {
3892 		ASSERT(prop_list != NULL);
3893 		if (prop_list->sdt_not_rdy_retries) {
3894 			un->un_notready_retry_count =
3895 				prop_list->sdt_not_rdy_retries;
3896 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3897 			    "sd_set_vers1_properties: not ready retry count"
3898 			    " set to %d\n", un->un_notready_retry_count);
3899 		}
3900 	}
3901 
3902 	/* The controller type is reported for generic disk driver ioctls */
3903 	if (flags & SD_CONF_BSET_CTYPE) {
3904 		ASSERT(prop_list != NULL);
3905 		switch (prop_list->sdt_ctype) {
3906 		case CTYPE_CDROM:
3907 			un->un_ctype = prop_list->sdt_ctype;
3908 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3909 			    "sd_set_vers1_properties: ctype set to "
3910 			    "CTYPE_CDROM\n");
3911 			break;
3912 		case CTYPE_CCS:
3913 			un->un_ctype = prop_list->sdt_ctype;
3914 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3915 				"sd_set_vers1_properties: ctype set to "
3916 				"CTYPE_CCS\n");
3917 			break;
3918 		case CTYPE_ROD:		/* RW optical */
3919 			un->un_ctype = prop_list->sdt_ctype;
3920 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3921 			    "sd_set_vers1_properties: ctype set to "
3922 			    "CTYPE_ROD\n");
3923 			break;
3924 		default:
3925 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3926 			    "sd_set_vers1_properties: Could not set "
3927 			    "invalid ctype value (%d)",
3928 			    prop_list->sdt_ctype);
3929 		}
3930 	}
3931 
3932 	/* Purple failover timeout */
3933 	if (flags & SD_CONF_BSET_BSY_RETRY_COUNT) {
3934 		ASSERT(prop_list != NULL);
3935 		un->un_busy_retry_count =
3936 			prop_list->sdt_busy_retries;
3937 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3938 		    "sd_set_vers1_properties: "
3939 		    "busy retry count set to %d\n",
3940 		    un->un_busy_retry_count);
3941 	}
3942 
3943 	/* Purple reset retry count */
3944 	if (flags & SD_CONF_BSET_RST_RETRIES) {
3945 		ASSERT(prop_list != NULL);
3946 		un->un_reset_retry_count =
3947 			prop_list->sdt_reset_retries;
3948 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3949 		    "sd_set_vers1_properties: "
3950 		    "reset retry count set to %d\n",
3951 		    un->un_reset_retry_count);
3952 	}
3953 
3954 	/* Purple reservation release timeout */
3955 	if (flags & SD_CONF_BSET_RSV_REL_TIME) {
3956 		ASSERT(prop_list != NULL);
3957 		un->un_reserve_release_time =
3958 			prop_list->sdt_reserv_rel_time;
3959 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3960 		    "sd_set_vers1_properties: "
3961 		    "reservation release timeout set to %d\n",
3962 		    un->un_reserve_release_time);
3963 	}
3964 
3965 	/*
3966 	 * Driver flag telling the driver to verify that no commands are pending
3967 	 * for a device before issuing a Test Unit Ready. This is a workaround
3968 	 * for a firmware bug in some Seagate eliteI drives.
3969 	 */
3970 	if (flags & SD_CONF_BSET_TUR_CHECK) {
3971 		un->un_f_cfg_tur_check = TRUE;
3972 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3973 		    "sd_set_vers1_properties: tur queue check set\n");
3974 	}
3975 
3976 	if (flags & SD_CONF_BSET_MIN_THROTTLE) {
3977 		un->un_min_throttle = prop_list->sdt_min_throttle;
3978 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3979 		    "sd_set_vers1_properties: min throttle set to %d\n",
3980 		    un->un_min_throttle);
3981 	}
3982 
3983 	if (flags & SD_CONF_BSET_DISKSORT_DISABLED) {
3984 		un->un_f_disksort_disabled =
3985 		    (prop_list->sdt_disk_sort_dis != 0) ?
3986 		    TRUE : FALSE;
3987 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3988 		    "sd_set_vers1_properties: disksort disabled "
3989 		    "flag set to %d\n",
3990 		    prop_list->sdt_disk_sort_dis);
3991 	}
3992 
3993 	if (flags & SD_CONF_BSET_LUN_RESET_ENABLED) {
3994 		un->un_f_lun_reset_enabled =
3995 		    (prop_list->sdt_lun_reset_enable != 0) ?
3996 		    TRUE : FALSE;
3997 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3998 		    "sd_set_vers1_properties: lun reset enabled "
3999 		    "flag set to %d\n",
4000 		    prop_list->sdt_lun_reset_enable);
4001 	}
4002 
4003 	/*
4004 	 * Validate the throttle values.
4005 	 * If any of the numbers are invalid, set everything to defaults.
4006 	 */
4007 	if ((un->un_throttle < SD_LOWEST_VALID_THROTTLE) ||
4008 	    (un->un_min_throttle < SD_LOWEST_VALID_THROTTLE) ||
4009 	    (un->un_min_throttle > un->un_throttle)) {
4010 		un->un_saved_throttle = un->un_throttle = sd_max_throttle;
4011 		un->un_min_throttle = sd_min_throttle;
4012 	}
4013 }
4014 
4015 /*
4016  *   Function: sd_is_lsi()
4017  *
4018  *   Description: Check for lsi devices, step throught the static device
4019  *	table to match vid/pid.
4020  *
4021  *   Args: un - ptr to sd_lun
4022  *
4023  *   Notes:  When creating new LSI property, need to add the new LSI property
4024  *		to this function.
4025  */
4026 static void
4027 sd_is_lsi(struct sd_lun *un)
4028 {
4029 	char	*id = NULL;
4030 	int	table_index;
4031 	int	idlen;
4032 	void	*prop;
4033 
4034 	ASSERT(un != NULL);
4035 	for (table_index = 0; table_index < sd_disk_table_size;
4036 	    table_index++) {
4037 		id = sd_disk_table[table_index].device_id;
4038 		idlen = strlen(id);
4039 		if (idlen == 0) {
4040 			continue;
4041 		}
4042 
4043 		if (sd_sdconf_id_match(un, id, idlen) == SD_SUCCESS) {
4044 			prop = sd_disk_table[table_index].properties;
4045 			if (prop == &lsi_properties ||
4046 			    prop == &lsi_oem_properties ||
4047 			    prop == &lsi_properties_scsi ||
4048 			    prop == &symbios_properties) {
4049 				un->un_f_cfg_is_lsi = TRUE;
4050 			}
4051 			break;
4052 		}
4053 	}
4054 }
4055 
4056 
4057 /*
4058  * The following routines support reading and interpretation of disk labels,
4059  * including Solaris BE (8-slice) vtoc's, Solaris LE (16-slice) vtoc's, and
4060  * fdisk tables.
4061  */
4062 
4063 /*
4064  *    Function: sd_validate_geometry
4065  *
4066  * Description: Read the label from the disk (if present). Update the unit's
4067  *		geometry and vtoc information from the data in the label.
4068  *		Verify that the label is valid.
4069  *
4070  *   Arguments: un - driver soft state (unit) structure
4071  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4072  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4073  *			to use the USCSI "direct" chain and bypass the normal
4074  *			command waitq.
4075  *
4076  * Return Code: 0 - Successful completion
4077  *		EINVAL  - Invalid value in un->un_tgt_blocksize or
4078  *			  un->un_blockcount; or label on disk is corrupted
4079  *			  or unreadable.
4080  *		EACCES  - Reservation conflict at the device.
4081  *		ENOMEM  - Resource allocation error
4082  *		ENOTSUP - geometry not applicable
4083  *
4084  *     Context: Kernel thread only (can sleep).
4085  */
4086 
4087 static int
4088 sd_validate_geometry(struct sd_lun *un, int path_flag)
4089 {
4090 	static	char		labelstring[128];
4091 	static	char		buf[256];
4092 	char	*label		= NULL;
4093 	int	label_error	= 0;
4094 	int	gvalid		= un->un_f_geometry_is_valid;
4095 	int	lbasize;
4096 	uint_t	capacity;
4097 	int	count;
4098 
4099 	ASSERT(un != NULL);
4100 	ASSERT(mutex_owned(SD_MUTEX(un)));
4101 
4102 	/*
4103 	 * If the required values are not valid, then try getting them
4104 	 * once via read capacity. If that fails, then fail this call.
4105 	 * This is necessary with the new mpxio failover behavior in
4106 	 * the T300 where we can get an attach for the inactive path
4107 	 * before the active path. The inactive path fails commands with
4108 	 * sense data of 02,04,88 which happens to the read capacity
4109 	 * before mpxio has had sufficient knowledge to know if it should
4110 	 * force a fail over or not. (Which it won't do at attach anyhow).
4111 	 * If the read capacity at attach time fails, un_tgt_blocksize and
4112 	 * un_blockcount won't be valid.
4113 	 */
4114 	if ((un->un_f_tgt_blocksize_is_valid != TRUE) ||
4115 	    (un->un_f_blockcount_is_valid != TRUE)) {
4116 		uint64_t	cap;
4117 		uint32_t	lbasz;
4118 		int		rval;
4119 
4120 		mutex_exit(SD_MUTEX(un));
4121 		rval = sd_send_scsi_READ_CAPACITY(un, &cap,
4122 		    &lbasz, SD_PATH_DIRECT);
4123 		mutex_enter(SD_MUTEX(un));
4124 		if (rval == 0) {
4125 			/*
4126 			 * The following relies on
4127 			 * sd_send_scsi_READ_CAPACITY never
4128 			 * returning 0 for capacity and/or lbasize.
4129 			 */
4130 			sd_update_block_info(un, lbasz, cap);
4131 		}
4132 
4133 		if ((un->un_f_tgt_blocksize_is_valid != TRUE) ||
4134 		    (un->un_f_blockcount_is_valid != TRUE)) {
4135 			return (EINVAL);
4136 		}
4137 	}
4138 
4139 	/*
4140 	 * Copy the lbasize and capacity so that if they're reset while we're
4141 	 * not holding the SD_MUTEX, we will continue to use valid values
4142 	 * after the SD_MUTEX is reacquired. (4119659)
4143 	 */
4144 	lbasize  = un->un_tgt_blocksize;
4145 	capacity = un->un_blockcount;
4146 
4147 #if defined(_SUNOS_VTOC_16)
4148 	/*
4149 	 * Set up the "whole disk" fdisk partition; this should always
4150 	 * exist, regardless of whether the disk contains an fdisk table
4151 	 * or vtoc.
4152 	 */
4153 	un->un_map[P0_RAW_DISK].dkl_cylno = 0;
4154 	un->un_map[P0_RAW_DISK].dkl_nblk  = capacity;
4155 #endif
4156 
4157 	/*
4158 	 * Refresh the logical and physical geometry caches.
4159 	 * (data from MODE SENSE format/rigid disk geometry pages,
4160 	 * and scsi_ifgetcap("geometry").
4161 	 */
4162 	sd_resync_geom_caches(un, capacity, lbasize, path_flag);
4163 
4164 	label_error = sd_use_efi(un, path_flag);
4165 	if (label_error == 0) {
4166 		/* found a valid EFI label */
4167 		SD_TRACE(SD_LOG_IO_PARTITION, un,
4168 			"sd_validate_geometry: found EFI label\n");
4169 		un->un_solaris_offset = 0;
4170 		un->un_solaris_size = capacity;
4171 		return (ENOTSUP);
4172 	}
4173 	if (un->un_blockcount > DK_MAX_BLOCKS) {
4174 		if (label_error == ESRCH) {
4175 			/*
4176 			 * they've configured a LUN over 1TB, but used
4177 			 * format.dat to restrict format's view of the
4178 			 * capacity to be under 1TB
4179 			 */
4180 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
4181 "is >1TB and has a VTOC label: use format(1M) to either decrease the");
4182 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
4183 "size to be < 1TB or relabel the disk with an EFI label");
4184 		} else {
4185 			/* unlabeled disk over 1TB */
4186 			return (ENOTSUP);
4187 		}
4188 	}
4189 	label_error = 0;
4190 
4191 	/*
4192 	 * at this point it is either labeled with a VTOC or it is
4193 	 * under 1TB
4194 	 */
4195 
4196 	/*
4197 	 * Only DIRECT ACCESS devices will have Sun labels.
4198 	 * CD's supposedly have a Sun label, too
4199 	 */
4200 	if (SD_INQUIRY(un)->inq_dtype == DTYPE_DIRECT || ISREMOVABLE(un)) {
4201 		struct	dk_label *dkl;
4202 		offset_t dkl1;
4203 		offset_t label_addr, real_addr;
4204 		int	rval;
4205 		size_t	buffer_size;
4206 
4207 		/*
4208 		 * Note: This will set up un->un_solaris_size and
4209 		 * un->un_solaris_offset.
4210 		 */
4211 		switch (sd_read_fdisk(un, capacity, lbasize, path_flag)) {
4212 		case SD_CMD_RESERVATION_CONFLICT:
4213 			ASSERT(mutex_owned(SD_MUTEX(un)));
4214 			return (EACCES);
4215 		case SD_CMD_FAILURE:
4216 			ASSERT(mutex_owned(SD_MUTEX(un)));
4217 			return (ENOMEM);
4218 		}
4219 
4220 		if (un->un_solaris_size <= DK_LABEL_LOC) {
4221 			/*
4222 			 * Found fdisk table but no Solaris partition entry,
4223 			 * so don't call sd_uselabel() and don't create
4224 			 * a default label.
4225 			 */
4226 			label_error = 0;
4227 			un->un_f_geometry_is_valid = TRUE;
4228 			goto no_solaris_partition;
4229 		}
4230 		label_addr = (daddr_t)(un->un_solaris_offset + DK_LABEL_LOC);
4231 
4232 		/*
4233 		 * sys_blocksize != tgt_blocksize, need to re-adjust
4234 		 * blkno and save the index to beginning of dk_label
4235 		 */
4236 		real_addr = SD_SYS2TGTBLOCK(un, label_addr);
4237 		buffer_size = SD_REQBYTES2TGTBYTES(un,
4238 		    sizeof (struct dk_label));
4239 
4240 		SD_TRACE(SD_LOG_IO_PARTITION, un, "sd_validate_geometry: "
4241 		    "label_addr: 0x%x allocation size: 0x%x\n",
4242 		    label_addr, buffer_size);
4243 		dkl = kmem_zalloc(buffer_size, KM_NOSLEEP);
4244 		if (dkl == NULL) {
4245 			return (ENOMEM);
4246 		}
4247 
4248 		mutex_exit(SD_MUTEX(un));
4249 		rval = sd_send_scsi_READ(un, dkl, buffer_size, real_addr,
4250 		    path_flag);
4251 		mutex_enter(SD_MUTEX(un));
4252 
4253 		switch (rval) {
4254 		case 0:
4255 			/*
4256 			 * sd_uselabel will establish that the geometry
4257 			 * is valid.
4258 			 * For sys_blocksize != tgt_blocksize, need
4259 			 * to index into the beginning of dk_label
4260 			 */
4261 			dkl1 = (daddr_t)dkl
4262 				+ SD_TGTBYTEOFFSET(un, label_addr, real_addr);
4263 			if (sd_uselabel(un, (struct dk_label *)(uintptr_t)dkl1,
4264 			    path_flag) != SD_LABEL_IS_VALID) {
4265 				label_error = EINVAL;
4266 			}
4267 			break;
4268 		case EACCES:
4269 			label_error = EACCES;
4270 			break;
4271 		default:
4272 			label_error = EINVAL;
4273 			break;
4274 		}
4275 
4276 		kmem_free(dkl, buffer_size);
4277 
4278 #if defined(_SUNOS_VTOC_8)
4279 		label = (char *)un->un_asciilabel;
4280 #elif defined(_SUNOS_VTOC_16)
4281 		label = (char *)un->un_vtoc.v_asciilabel;
4282 #else
4283 #error "No VTOC format defined."
4284 #endif
4285 	}
4286 
4287 	/*
4288 	 * If a valid label was not found, AND if no reservation conflict
4289 	 * was detected, then go ahead and create a default label (4069506).
4290 	 *
4291 	 * Note: currently, for VTOC_8 devices, the default label is created
4292 	 * for removables only.  For VTOC_16 devices, the default label will
4293 	 * be created for both removables and non-removables alike.
4294 	 * (see sd_build_default_label)
4295 	 */
4296 #if defined(_SUNOS_VTOC_8)
4297 	if (ISREMOVABLE(un) && (label_error != EACCES)) {
4298 #elif defined(_SUNOS_VTOC_16)
4299 	if (label_error != EACCES) {
4300 #endif
4301 		if (un->un_f_geometry_is_valid == FALSE) {
4302 			sd_build_default_label(un);
4303 		}
4304 		label_error = 0;
4305 	}
4306 
4307 no_solaris_partition:
4308 	if ((!ISREMOVABLE(un) ||
4309 	    (ISREMOVABLE(un) && un->un_mediastate == DKIO_EJECTED)) &&
4310 	    (un->un_state == SD_STATE_NORMAL && gvalid == FALSE)) {
4311 		/*
4312 		 * Print out a message indicating who and what we are.
4313 		 * We do this only when we happen to really validate the
4314 		 * geometry. We may call sd_validate_geometry() at other
4315 		 * times, e.g., ioctl()'s like Get VTOC in which case we
4316 		 * don't want to print the label.
4317 		 * If the geometry is valid, print the label string,
4318 		 * else print vendor and product info, if available
4319 		 */
4320 		if ((un->un_f_geometry_is_valid == TRUE) && (label != NULL)) {
4321 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "?<%s>\n", label);
4322 		} else {
4323 			mutex_enter(&sd_label_mutex);
4324 			sd_inq_fill(SD_INQUIRY(un)->inq_vid, VIDMAX,
4325 			    labelstring);
4326 			sd_inq_fill(SD_INQUIRY(un)->inq_pid, PIDMAX,
4327 			    &labelstring[64]);
4328 			(void) sprintf(buf, "?Vendor '%s', product '%s'",
4329 			    labelstring, &labelstring[64]);
4330 			if (un->un_f_blockcount_is_valid == TRUE) {
4331 				(void) sprintf(&buf[strlen(buf)],
4332 				    ", %llu %u byte blocks\n",
4333 				    (longlong_t)un->un_blockcount,
4334 				    un->un_tgt_blocksize);
4335 			} else {
4336 				(void) sprintf(&buf[strlen(buf)],
4337 				    ", (unknown capacity)\n");
4338 			}
4339 			SD_INFO(SD_LOG_ATTACH_DETACH, un, buf);
4340 			mutex_exit(&sd_label_mutex);
4341 		}
4342 	}
4343 
4344 #if defined(_SUNOS_VTOC_16)
4345 	/*
4346 	 * If we have valid geometry, set up the remaining fdisk partitions.
4347 	 * Note that dkl_cylno is not used for the fdisk map entries, so
4348 	 * we set it to an entirely bogus value.
4349 	 */
4350 	for (count = 0; count < FD_NUMPART; count++) {
4351 		un->un_map[FDISK_P1 + count].dkl_cylno = -1;
4352 		un->un_map[FDISK_P1 + count].dkl_nblk =
4353 		    un->un_fmap[count].fmap_nblk;
4354 
4355 		un->un_offset[FDISK_P1 + count] =
4356 		    un->un_fmap[count].fmap_start;
4357 	}
4358 #endif
4359 
4360 	for (count = 0; count < NDKMAP; count++) {
4361 #if defined(_SUNOS_VTOC_8)
4362 		struct dk_map *lp  = &un->un_map[count];
4363 		un->un_offset[count] =
4364 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
4365 #elif defined(_SUNOS_VTOC_16)
4366 		struct dkl_partition *vp = &un->un_vtoc.v_part[count];
4367 
4368 		un->un_offset[count] = vp->p_start + un->un_solaris_offset;
4369 #else
4370 #error "No VTOC format defined."
4371 #endif
4372 	}
4373 
4374 	return (label_error);
4375 }
4376 
4377 
4378 #if defined(_SUNOS_VTOC_16)
4379 /*
4380  * Macro: MAX_BLKS
4381  *
4382  *	This macro is used for table entries where we need to have the largest
4383  *	possible sector value for that head & SPT (sectors per track)
4384  *	combination.  Other entries for some smaller disk sizes are set by
4385  *	convention to match those used by X86 BIOS usage.
4386  */
4387 #define	MAX_BLKS(heads, spt)	UINT16_MAX * heads * spt, heads, spt
4388 
4389 /*
4390  *    Function: sd_convert_geometry
4391  *
4392  * Description: Convert physical geometry into a dk_geom structure. In
4393  *		other words, make sure we don't wrap 16-bit values.
4394  *		e.g. converting from geom_cache to dk_geom
4395  *
4396  *     Context: Kernel thread only
4397  */
4398 static void
4399 sd_convert_geometry(uint64_t capacity, struct dk_geom *un_g)
4400 {
4401 	int i;
4402 	static const struct chs_values {
4403 		uint_t max_cap;		/* Max Capacity for this HS. */
4404 		uint_t nhead;		/* Heads to use. */
4405 		uint_t nsect;		/* SPT to use. */
4406 	} CHS_values[] = {
4407 		{0x00200000,  64, 32},		/* 1GB or smaller disk. */
4408 		{0x01000000, 128, 32},		/* 8GB or smaller disk. */
4409 		{MAX_BLKS(255,  63)},		/* 502.02GB or smaller disk. */
4410 		{MAX_BLKS(255, 126)},		/* .98TB or smaller disk. */
4411 		{DK_MAX_BLOCKS, 255, 189}	/* Max size is just under 1TB */
4412 	};
4413 
4414 	/* Unlabeled SCSI floppy device */
4415 	if (capacity <= 0x1000) {
4416 		un_g->dkg_nhead = 2;
4417 		un_g->dkg_ncyl = 80;
4418 		un_g->dkg_nsect = capacity / (un_g->dkg_nhead * un_g->dkg_ncyl);
4419 		return;
4420 	}
4421 
4422 	/*
4423 	 * For all devices we calculate cylinders using the
4424 	 * heads and sectors we assign based on capacity of the
4425 	 * device.  The table is designed to be compatible with the
4426 	 * way other operating systems lay out fdisk tables for X86
4427 	 * and to insure that the cylinders never exceed 65535 to
4428 	 * prevent problems with X86 ioctls that report geometry.
4429 	 * We use SPT that are multiples of 63, since other OSes that
4430 	 * are not limited to 16-bits for cylinders stop at 63 SPT
4431 	 * we make do by using multiples of 63 SPT.
4432 	 *
4433 	 * Note than capacities greater than or equal to 1TB will simply
4434 	 * get the largest geometry from the table. This should be okay
4435 	 * since disks this large shouldn't be using CHS values anyway.
4436 	 */
4437 	for (i = 0; CHS_values[i].max_cap < capacity &&
4438 	    CHS_values[i].max_cap != DK_MAX_BLOCKS; i++)
4439 		;
4440 
4441 	un_g->dkg_nhead = CHS_values[i].nhead;
4442 	un_g->dkg_nsect = CHS_values[i].nsect;
4443 }
4444 #endif
4445 
4446 
4447 /*
4448  *    Function: sd_resync_geom_caches
4449  *
4450  * Description: (Re)initialize both geometry caches: the virtual geometry
4451  *		information is extracted from the HBA (the "geometry"
4452  *		capability), and the physical geometry cache data is
4453  *		generated by issuing MODE SENSE commands.
4454  *
4455  *   Arguments: un - driver soft state (unit) structure
4456  *		capacity - disk capacity in #blocks
4457  *		lbasize - disk block size in bytes
4458  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4459  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4460  *			to use the USCSI "direct" chain and bypass the normal
4461  *			command waitq.
4462  *
4463  *     Context: Kernel thread only (can sleep).
4464  */
4465 
4466 static void
4467 sd_resync_geom_caches(struct sd_lun *un, int capacity, int lbasize,
4468 	int path_flag)
4469 {
4470 	struct 	geom_cache 	pgeom;
4471 	struct 	geom_cache	*pgeom_p = &pgeom;
4472 	int 	spc;
4473 	unsigned short nhead;
4474 	unsigned short nsect;
4475 
4476 	ASSERT(un != NULL);
4477 	ASSERT(mutex_owned(SD_MUTEX(un)));
4478 
4479 	/*
4480 	 * Ask the controller for its logical geometry.
4481 	 * Note: if the HBA does not support scsi_ifgetcap("geometry"),
4482 	 * then the lgeom cache will be invalid.
4483 	 */
4484 	sd_get_virtual_geometry(un, capacity, lbasize);
4485 
4486 	/*
4487 	 * Initialize the pgeom cache from lgeom, so that if MODE SENSE
4488 	 * doesn't work, DKIOCG_PHYSGEOM can return reasonable values.
4489 	 */
4490 	if (un->un_lgeom.g_nsect == 0 || un->un_lgeom.g_nhead == 0) {
4491 		/*
4492 		 * Note: Perhaps this needs to be more adaptive? The rationale
4493 		 * is that, if there's no HBA geometry from the HBA driver, any
4494 		 * guess is good, since this is the physical geometry. If MODE
4495 		 * SENSE fails this gives a max cylinder size for non-LBA access
4496 		 */
4497 		nhead = 255;
4498 		nsect = 63;
4499 	} else {
4500 		nhead = un->un_lgeom.g_nhead;
4501 		nsect = un->un_lgeom.g_nsect;
4502 	}
4503 
4504 	if (ISCD(un)) {
4505 		pgeom_p->g_nhead = 1;
4506 		pgeom_p->g_nsect = nsect * nhead;
4507 	} else {
4508 		pgeom_p->g_nhead = nhead;
4509 		pgeom_p->g_nsect = nsect;
4510 	}
4511 
4512 	spc = pgeom_p->g_nhead * pgeom_p->g_nsect;
4513 	pgeom_p->g_capacity = capacity;
4514 	pgeom_p->g_ncyl = pgeom_p->g_capacity / spc;
4515 	pgeom_p->g_acyl = 0;
4516 
4517 	/*
4518 	 * Retrieve fresh geometry data from the hardware, stash it
4519 	 * here temporarily before we rebuild the incore label.
4520 	 *
4521 	 * We want to use the MODE SENSE commands to derive the
4522 	 * physical geometry of the device, but if either command
4523 	 * fails, the logical geometry is used as the fallback for
4524 	 * disk label geometry.
4525 	 */
4526 	mutex_exit(SD_MUTEX(un));
4527 	sd_get_physical_geometry(un, pgeom_p, capacity, lbasize, path_flag);
4528 	mutex_enter(SD_MUTEX(un));
4529 
4530 	/*
4531 	 * Now update the real copy while holding the mutex. This
4532 	 * way the global copy is never in an inconsistent state.
4533 	 */
4534 	bcopy(pgeom_p, &un->un_pgeom,  sizeof (un->un_pgeom));
4535 
4536 	SD_INFO(SD_LOG_COMMON, un, "sd_resync_geom_caches: "
4537 	    "(cached from lgeom)\n");
4538 	SD_INFO(SD_LOG_COMMON, un,
4539 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
4540 	    un->un_pgeom.g_ncyl, un->un_pgeom.g_acyl,
4541 	    un->un_pgeom.g_nhead, un->un_pgeom.g_nsect);
4542 	SD_INFO(SD_LOG_COMMON, un, "   lbasize: %d; capacity: %ld; "
4543 	    "intrlv: %d; rpm: %d\n", un->un_pgeom.g_secsize,
4544 	    un->un_pgeom.g_capacity, un->un_pgeom.g_intrlv,
4545 	    un->un_pgeom.g_rpm);
4546 }
4547 
4548 
4549 /*
4550  *    Function: sd_read_fdisk
4551  *
4552  * Description: utility routine to read the fdisk table.
4553  *
4554  *   Arguments: un - driver soft state (unit) structure
4555  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4556  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4557  *			to use the USCSI "direct" chain and bypass the normal
4558  *			command waitq.
4559  *
4560  * Return Code: SD_CMD_SUCCESS
4561  *		SD_CMD_FAILURE
4562  *
4563  *     Context: Kernel thread only (can sleep).
4564  */
4565 /* ARGSUSED */
4566 static int
4567 sd_read_fdisk(struct sd_lun *un, uint_t capacity, int lbasize, int path_flag)
4568 {
4569 #if defined(_NO_FDISK_PRESENT)
4570 
4571 	un->un_solaris_offset = 0;
4572 	un->un_solaris_size = capacity;
4573 	bzero(un->un_fmap, sizeof (struct fmap) * FD_NUMPART);
4574 	return (SD_CMD_SUCCESS);
4575 
4576 #elif defined(_FIRMWARE_NEEDS_FDISK)
4577 
4578 	struct ipart	*fdp;
4579 	struct mboot	*mbp;
4580 	struct ipart	fdisk[FD_NUMPART];
4581 	int		i;
4582 	char		sigbuf[2];
4583 	caddr_t		bufp;
4584 	int		uidx;
4585 	int		rval;
4586 	int		lba = 0;
4587 	uint_t		solaris_offset;	/* offset to solaris part. */
4588 	daddr_t		solaris_size;	/* size of solaris partition */
4589 	uint32_t	blocksize;
4590 
4591 	ASSERT(un != NULL);
4592 	ASSERT(mutex_owned(SD_MUTEX(un)));
4593 	ASSERT(un->un_f_tgt_blocksize_is_valid == TRUE);
4594 
4595 	blocksize = un->un_tgt_blocksize;
4596 
4597 	/*
4598 	 * Start off assuming no fdisk table
4599 	 */
4600 	solaris_offset = 0;
4601 	solaris_size   = capacity;
4602 
4603 	mutex_exit(SD_MUTEX(un));
4604 	bufp = kmem_zalloc(blocksize, KM_SLEEP);
4605 	rval = sd_send_scsi_READ(un, bufp, blocksize, 0, path_flag);
4606 	mutex_enter(SD_MUTEX(un));
4607 
4608 	if (rval != 0) {
4609 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4610 		    "sd_read_fdisk: fdisk read err\n");
4611 		kmem_free(bufp, blocksize);
4612 		return (SD_CMD_FAILURE);
4613 	}
4614 
4615 	mbp = (struct mboot *)bufp;
4616 
4617 	/*
4618 	 * The fdisk table does not begin on a 4-byte boundary within the
4619 	 * master boot record, so we copy it to an aligned structure to avoid
4620 	 * alignment exceptions on some processors.
4621 	 */
4622 	bcopy(&mbp->parts[0], fdisk, sizeof (fdisk));
4623 
4624 	/*
4625 	 * Check for lba support before verifying sig; sig might not be
4626 	 * there, say on a blank disk, but the max_chs mark may still
4627 	 * be present.
4628 	 *
4629 	 * Note: LBA support and BEFs are an x86-only concept but this
4630 	 * code should work OK on SPARC as well.
4631 	 */
4632 
4633 	/*
4634 	 * First, check for lba-access-ok on root node (or prom root node)
4635 	 * if present there, don't need to search fdisk table.
4636 	 */
4637 	if (ddi_getprop(DDI_DEV_T_ANY, ddi_root_node(), 0,
4638 	    "lba-access-ok", 0) != 0) {
4639 		/* All drives do LBA; don't search fdisk table */
4640 		lba = 1;
4641 	} else {
4642 		/* Okay, look for mark in fdisk table */
4643 		for (fdp = fdisk, i = 0; i < FD_NUMPART; i++, fdp++) {
4644 			/* accumulate "lba" value from all partitions */
4645 			lba = (lba || sd_has_max_chs_vals(fdp));
4646 		}
4647 	}
4648 
4649 	if (lba != 0) {
4650 		dev_t dev = sd_make_device(SD_DEVINFO(un));
4651 
4652 		if (ddi_getprop(dev, SD_DEVINFO(un), DDI_PROP_DONTPASS,
4653 		    "lba-access-ok", 0) == 0) {
4654 			/* not found; create it */
4655 			if (ddi_prop_create(dev, SD_DEVINFO(un), 0,
4656 			    "lba-access-ok", (caddr_t)NULL, 0) !=
4657 			    DDI_PROP_SUCCESS) {
4658 				SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4659 				    "sd_read_fdisk: Can't create lba property "
4660 				    "for instance %d\n",
4661 				    ddi_get_instance(SD_DEVINFO(un)));
4662 			}
4663 		}
4664 	}
4665 
4666 	bcopy(&mbp->signature, sigbuf, sizeof (sigbuf));
4667 
4668 	/*
4669 	 * Endian-independent signature check
4670 	 */
4671 	if (((sigbuf[1] & 0xFF) != ((MBB_MAGIC >> 8) & 0xFF)) ||
4672 	    (sigbuf[0] != (MBB_MAGIC & 0xFF))) {
4673 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4674 		    "sd_read_fdisk: no fdisk\n");
4675 		bzero(un->un_fmap, sizeof (struct fmap) * FD_NUMPART);
4676 		rval = SD_CMD_SUCCESS;
4677 		goto done;
4678 	}
4679 
4680 #ifdef SDDEBUG
4681 	if (sd_level_mask & SD_LOGMASK_INFO) {
4682 		fdp = fdisk;
4683 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_read_fdisk:\n");
4684 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "         relsect    "
4685 		    "numsect         sysid       bootid\n");
4686 		for (i = 0; i < FD_NUMPART; i++, fdp++) {
4687 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
4688 			    "    %d:  %8d   %8d     0x%08x     0x%08x\n",
4689 			    i, fdp->relsect, fdp->numsect,
4690 			    fdp->systid, fdp->bootid);
4691 		}
4692 	}
4693 #endif
4694 
4695 	/*
4696 	 * Try to find the unix partition
4697 	 */
4698 	uidx = -1;
4699 	solaris_offset = 0;
4700 	solaris_size   = 0;
4701 
4702 	for (fdp = fdisk, i = 0; i < FD_NUMPART; i++, fdp++) {
4703 		int	relsect;
4704 		int	numsect;
4705 
4706 		if (fdp->numsect == 0) {
4707 			un->un_fmap[i].fmap_start = 0;
4708 			un->un_fmap[i].fmap_nblk  = 0;
4709 			continue;
4710 		}
4711 
4712 		/*
4713 		 * Data in the fdisk table is little-endian.
4714 		 */
4715 		relsect = LE_32(fdp->relsect);
4716 		numsect = LE_32(fdp->numsect);
4717 
4718 		un->un_fmap[i].fmap_start = relsect;
4719 		un->un_fmap[i].fmap_nblk  = numsect;
4720 
4721 		if (fdp->systid != SUNIXOS &&
4722 		    fdp->systid != SUNIXOS2 &&
4723 		    fdp->systid != EFI_PMBR) {
4724 			continue;
4725 		}
4726 
4727 		/*
4728 		 * use the last active solaris partition id found
4729 		 * (there should only be 1 active partition id)
4730 		 *
4731 		 * if there are no active solaris partition id
4732 		 * then use the first inactive solaris partition id
4733 		 */
4734 		if ((uidx == -1) || (fdp->bootid == ACTIVE)) {
4735 			uidx = i;
4736 			solaris_offset = relsect;
4737 			solaris_size   = numsect;
4738 		}
4739 	}
4740 
4741 	SD_INFO(SD_LOG_ATTACH_DETACH, un, "fdisk 0x%x 0x%lx",
4742 	    un->un_solaris_offset, un->un_solaris_size);
4743 
4744 	rval = SD_CMD_SUCCESS;
4745 
4746 done:
4747 
4748 	/*
4749 	 * Clear the VTOC info, only if the Solaris partition entry
4750 	 * has moved, changed size, been deleted, or if the size of
4751 	 * the partition is too small to even fit the label sector.
4752 	 */
4753 	if ((un->un_solaris_offset != solaris_offset) ||
4754 	    (un->un_solaris_size != solaris_size) ||
4755 	    solaris_size <= DK_LABEL_LOC) {
4756 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "fdisk moved 0x%x 0x%lx",
4757 			solaris_offset, solaris_size);
4758 		bzero(&un->un_g, sizeof (struct dk_geom));
4759 		bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
4760 		bzero(&un->un_map, NDKMAP * (sizeof (struct dk_map)));
4761 		un->un_f_geometry_is_valid = FALSE;
4762 	}
4763 	un->un_solaris_offset = solaris_offset;
4764 	un->un_solaris_size = solaris_size;
4765 	kmem_free(bufp, blocksize);
4766 	return (rval);
4767 
4768 #else	/* #elif defined(_FIRMWARE_NEEDS_FDISK) */
4769 #error "fdisk table presence undetermined for this platform."
4770 #endif	/* #if defined(_NO_FDISK_PRESENT) */
4771 }
4772 
4773 
4774 /*
4775  *    Function: sd_get_physical_geometry
4776  *
4777  * Description: Retrieve the MODE SENSE page 3 (Format Device Page) and
4778  *		MODE SENSE page 4 (Rigid Disk Drive Geometry Page) from the
4779  *		target, and use this information to initialize the physical
4780  *		geometry cache specified by pgeom_p.
4781  *
4782  *		MODE SENSE is an optional command, so failure in this case
4783  *		does not necessarily denote an error. We want to use the
4784  *		MODE SENSE commands to derive the physical geometry of the
4785  *		device, but if either command fails, the logical geometry is
4786  *		used as the fallback for disk label geometry.
4787  *
4788  *		This requires that un->un_blockcount and un->un_tgt_blocksize
4789  *		have already been initialized for the current target and
4790  *		that the current values be passed as args so that we don't
4791  *		end up ever trying to use -1 as a valid value. This could
4792  *		happen if either value is reset while we're not holding
4793  *		the mutex.
4794  *
4795  *   Arguments: un - driver soft state (unit) structure
4796  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4797  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4798  *			to use the USCSI "direct" chain and bypass the normal
4799  *			command waitq.
4800  *
4801  *     Context: Kernel thread only (can sleep).
4802  */
4803 
4804 static void
4805 sd_get_physical_geometry(struct sd_lun *un, struct geom_cache *pgeom_p,
4806 	int capacity, int lbasize, int path_flag)
4807 {
4808 	struct	mode_format	*page3p;
4809 	struct	mode_geometry	*page4p;
4810 	struct	mode_header	*headerp;
4811 	int	sector_size;
4812 	int	nsect;
4813 	int	nhead;
4814 	int	ncyl;
4815 	int	intrlv;
4816 	int	spc;
4817 	int	modesense_capacity;
4818 	int	rpm;
4819 	int	bd_len;
4820 	int	mode_header_length;
4821 	uchar_t	*p3bufp;
4822 	uchar_t	*p4bufp;
4823 	int	cdbsize;
4824 
4825 	ASSERT(un != NULL);
4826 	ASSERT(!(mutex_owned(SD_MUTEX(un))));
4827 
4828 	if (un->un_f_blockcount_is_valid != TRUE) {
4829 		return;
4830 	}
4831 
4832 	if (un->un_f_tgt_blocksize_is_valid != TRUE) {
4833 		return;
4834 	}
4835 
4836 	if (lbasize == 0) {
4837 		if (ISCD(un)) {
4838 			lbasize = 2048;
4839 		} else {
4840 			lbasize = un->un_sys_blocksize;
4841 		}
4842 	}
4843 	pgeom_p->g_secsize = (unsigned short)lbasize;
4844 
4845 	cdbsize = (un->un_f_cfg_is_atapi == TRUE) ? CDB_GROUP2 : CDB_GROUP0;
4846 
4847 	/*
4848 	 * Retrieve MODE SENSE page 3 - Format Device Page
4849 	 */
4850 	p3bufp = kmem_zalloc(SD_MODE_SENSE_PAGE3_LENGTH, KM_SLEEP);
4851 	if (sd_send_scsi_MODE_SENSE(un, cdbsize, p3bufp,
4852 	    SD_MODE_SENSE_PAGE3_LENGTH, SD_MODE_SENSE_PAGE3_CODE, path_flag)
4853 	    != 0) {
4854 		SD_ERROR(SD_LOG_COMMON, un,
4855 		    "sd_get_physical_geometry: mode sense page 3 failed\n");
4856 		goto page3_exit;
4857 	}
4858 
4859 	/*
4860 	 * Determine size of Block Descriptors in order to locate the mode
4861 	 * page data.  ATAPI devices return 0, SCSI devices should return
4862 	 * MODE_BLK_DESC_LENGTH.
4863 	 */
4864 	headerp = (struct mode_header *)p3bufp;
4865 	if (un->un_f_cfg_is_atapi == TRUE) {
4866 		struct mode_header_grp2 *mhp =
4867 		    (struct mode_header_grp2 *)headerp;
4868 		mode_header_length = MODE_HEADER_LENGTH_GRP2;
4869 		bd_len = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
4870 	} else {
4871 		mode_header_length = MODE_HEADER_LENGTH;
4872 		bd_len = ((struct mode_header *)headerp)->bdesc_length;
4873 	}
4874 
4875 	if (bd_len > MODE_BLK_DESC_LENGTH) {
4876 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4877 		    "received unexpected bd_len of %d, page3\n", bd_len);
4878 		goto page3_exit;
4879 	}
4880 
4881 	page3p = (struct mode_format *)
4882 	    ((caddr_t)headerp + mode_header_length + bd_len);
4883 
4884 	if (page3p->mode_page.code != SD_MODE_SENSE_PAGE3_CODE) {
4885 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4886 		    "mode sense pg3 code mismatch %d\n",
4887 		    page3p->mode_page.code);
4888 		goto page3_exit;
4889 	}
4890 
4891 	/*
4892 	 * Use this physical geometry data only if BOTH MODE SENSE commands
4893 	 * complete successfully; otherwise, revert to the logical geometry.
4894 	 * So, we need to save everything in temporary variables.
4895 	 */
4896 	sector_size = BE_16(page3p->data_bytes_sect);
4897 
4898 	/*
4899 	 * 1243403: The NEC D38x7 drives do not support MODE SENSE sector size
4900 	 */
4901 	if (sector_size == 0) {
4902 		sector_size = (ISCD(un)) ? 2048 : un->un_sys_blocksize;
4903 	} else {
4904 		sector_size &= ~(un->un_sys_blocksize - 1);
4905 	}
4906 
4907 	nsect  = BE_16(page3p->sect_track);
4908 	intrlv = BE_16(page3p->interleave);
4909 
4910 	SD_INFO(SD_LOG_COMMON, un,
4911 	    "sd_get_physical_geometry: Format Parameters (page 3)\n");
4912 	SD_INFO(SD_LOG_COMMON, un,
4913 	    "   mode page: %d; nsect: %d; sector size: %d;\n",
4914 	    page3p->mode_page.code, nsect, sector_size);
4915 	SD_INFO(SD_LOG_COMMON, un,
4916 	    "   interleave: %d; track skew: %d; cylinder skew: %d;\n", intrlv,
4917 	    BE_16(page3p->track_skew),
4918 	    BE_16(page3p->cylinder_skew));
4919 
4920 
4921 	/*
4922 	 * Retrieve MODE SENSE page 4 - Rigid Disk Drive Geometry Page
4923 	 */
4924 	p4bufp = kmem_zalloc(SD_MODE_SENSE_PAGE4_LENGTH, KM_SLEEP);
4925 	if (sd_send_scsi_MODE_SENSE(un, cdbsize, p4bufp,
4926 	    SD_MODE_SENSE_PAGE4_LENGTH, SD_MODE_SENSE_PAGE4_CODE, path_flag)
4927 	    != 0) {
4928 		SD_ERROR(SD_LOG_COMMON, un,
4929 		    "sd_get_physical_geometry: mode sense page 4 failed\n");
4930 		goto page4_exit;
4931 	}
4932 
4933 	/*
4934 	 * Determine size of Block Descriptors in order to locate the mode
4935 	 * page data.  ATAPI devices return 0, SCSI devices should return
4936 	 * MODE_BLK_DESC_LENGTH.
4937 	 */
4938 	headerp = (struct mode_header *)p4bufp;
4939 	if (un->un_f_cfg_is_atapi == TRUE) {
4940 		struct mode_header_grp2 *mhp =
4941 		    (struct mode_header_grp2 *)headerp;
4942 		bd_len = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
4943 	} else {
4944 		bd_len = ((struct mode_header *)headerp)->bdesc_length;
4945 	}
4946 
4947 	if (bd_len > MODE_BLK_DESC_LENGTH) {
4948 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4949 		    "received unexpected bd_len of %d, page4\n", bd_len);
4950 		goto page4_exit;
4951 	}
4952 
4953 	page4p = (struct mode_geometry *)
4954 	    ((caddr_t)headerp + mode_header_length + bd_len);
4955 
4956 	if (page4p->mode_page.code != SD_MODE_SENSE_PAGE4_CODE) {
4957 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4958 		    "mode sense pg4 code mismatch %d\n",
4959 		    page4p->mode_page.code);
4960 		goto page4_exit;
4961 	}
4962 
4963 	/*
4964 	 * Stash the data now, after we know that both commands completed.
4965 	 */
4966 
4967 	mutex_enter(SD_MUTEX(un));
4968 
4969 	nhead = (int)page4p->heads;	/* uchar, so no conversion needed */
4970 	spc   = nhead * nsect;
4971 	ncyl  = (page4p->cyl_ub << 16) + (page4p->cyl_mb << 8) + page4p->cyl_lb;
4972 	rpm   = BE_16(page4p->rpm);
4973 
4974 	modesense_capacity = spc * ncyl;
4975 
4976 	SD_INFO(SD_LOG_COMMON, un,
4977 	    "sd_get_physical_geometry: Geometry Parameters (page 4)\n");
4978 	SD_INFO(SD_LOG_COMMON, un,
4979 	    "   cylinders: %d; heads: %d; rpm: %d;\n", ncyl, nhead, rpm);
4980 	SD_INFO(SD_LOG_COMMON, un,
4981 	    "   computed capacity(h*s*c): %d;\n", modesense_capacity);
4982 	SD_INFO(SD_LOG_COMMON, un, "   pgeom_p: %p; read cap: %d\n",
4983 	    (void *)pgeom_p, capacity);
4984 
4985 	/*
4986 	 * Compensate if the drive's geometry is not rectangular, i.e.,
4987 	 * the product of C * H * S returned by MODE SENSE >= that returned
4988 	 * by read capacity. This is an idiosyncrasy of the original x86
4989 	 * disk subsystem.
4990 	 */
4991 	if (modesense_capacity >= capacity) {
4992 		SD_INFO(SD_LOG_COMMON, un,
4993 		    "sd_get_physical_geometry: adjusting acyl; "
4994 		    "old: %d; new: %d\n", pgeom_p->g_acyl,
4995 		    (modesense_capacity - capacity + spc - 1) / spc);
4996 		if (sector_size != 0) {
4997 			/* 1243403: NEC D38x7 drives don't support sec size */
4998 			pgeom_p->g_secsize = (unsigned short)sector_size;
4999 		}
5000 		pgeom_p->g_nsect    = (unsigned short)nsect;
5001 		pgeom_p->g_nhead    = (unsigned short)nhead;
5002 		pgeom_p->g_capacity = capacity;
5003 		pgeom_p->g_acyl	    =
5004 		    (modesense_capacity - pgeom_p->g_capacity + spc - 1) / spc;
5005 		pgeom_p->g_ncyl	    = ncyl - pgeom_p->g_acyl;
5006 	}
5007 
5008 	pgeom_p->g_rpm    = (unsigned short)rpm;
5009 	pgeom_p->g_intrlv = (unsigned short)intrlv;
5010 
5011 	SD_INFO(SD_LOG_COMMON, un,
5012 	    "sd_get_physical_geometry: mode sense geometry:\n");
5013 	SD_INFO(SD_LOG_COMMON, un,
5014 	    "   nsect: %d; sector size: %d; interlv: %d\n",
5015 	    nsect, sector_size, intrlv);
5016 	SD_INFO(SD_LOG_COMMON, un,
5017 	    "   nhead: %d; ncyl: %d; rpm: %d; capacity(ms): %d\n",
5018 	    nhead, ncyl, rpm, modesense_capacity);
5019 	SD_INFO(SD_LOG_COMMON, un,
5020 	    "sd_get_physical_geometry: (cached)\n");
5021 	SD_INFO(SD_LOG_COMMON, un,
5022 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
5023 	    un->un_pgeom.g_ncyl,  un->un_pgeom.g_acyl,
5024 	    un->un_pgeom.g_nhead, un->un_pgeom.g_nsect);
5025 	SD_INFO(SD_LOG_COMMON, un,
5026 	    "   lbasize: %d; capacity: %ld; intrlv: %d; rpm: %d\n",
5027 	    un->un_pgeom.g_secsize, un->un_pgeom.g_capacity,
5028 	    un->un_pgeom.g_intrlv, un->un_pgeom.g_rpm);
5029 
5030 	mutex_exit(SD_MUTEX(un));
5031 
5032 page4_exit:
5033 	kmem_free(p4bufp, SD_MODE_SENSE_PAGE4_LENGTH);
5034 page3_exit:
5035 	kmem_free(p3bufp, SD_MODE_SENSE_PAGE3_LENGTH);
5036 }
5037 
5038 
5039 /*
5040  *    Function: sd_get_virtual_geometry
5041  *
5042  * Description: Ask the controller to tell us about the target device.
5043  *
5044  *   Arguments: un - pointer to softstate
5045  *		capacity - disk capacity in #blocks
5046  *		lbasize - disk block size in bytes
5047  *
5048  *     Context: Kernel thread only
5049  */
5050 
5051 static void
5052 sd_get_virtual_geometry(struct sd_lun *un, int capacity, int lbasize)
5053 {
5054 	struct	geom_cache 	*lgeom_p = &un->un_lgeom;
5055 	uint_t	geombuf;
5056 	int	spc;
5057 
5058 	ASSERT(un != NULL);
5059 	ASSERT(mutex_owned(SD_MUTEX(un)));
5060 
5061 	mutex_exit(SD_MUTEX(un));
5062 
5063 	/* Set sector size, and total number of sectors */
5064 	(void) scsi_ifsetcap(SD_ADDRESS(un), "sector-size",   lbasize,  1);
5065 	(void) scsi_ifsetcap(SD_ADDRESS(un), "total-sectors", capacity, 1);
5066 
5067 	/* Let the HBA tell us its geometry */
5068 	geombuf = (uint_t)scsi_ifgetcap(SD_ADDRESS(un), "geometry", 1);
5069 
5070 	mutex_enter(SD_MUTEX(un));
5071 
5072 	/* A value of -1 indicates an undefined "geometry" property */
5073 	if (geombuf == (-1)) {
5074 		return;
5075 	}
5076 
5077 	/* Initialize the logical geometry cache. */
5078 	lgeom_p->g_nhead   = (geombuf >> 16) & 0xffff;
5079 	lgeom_p->g_nsect   = geombuf & 0xffff;
5080 	lgeom_p->g_secsize = un->un_sys_blocksize;
5081 
5082 	spc = lgeom_p->g_nhead * lgeom_p->g_nsect;
5083 
5084 	/*
5085 	 * Note: The driver originally converted the capacity value from
5086 	 * target blocks to system blocks. However, the capacity value passed
5087 	 * to this routine is already in terms of system blocks (this scaling
5088 	 * is done when the READ CAPACITY command is issued and processed).
5089 	 * This 'error' may have gone undetected because the usage of g_ncyl
5090 	 * (which is based upon g_capacity) is very limited within the driver
5091 	 */
5092 	lgeom_p->g_capacity = capacity;
5093 
5094 	/*
5095 	 * Set ncyl to zero if the hba returned a zero nhead or nsect value. The
5096 	 * hba may return zero values if the device has been removed.
5097 	 */
5098 	if (spc == 0) {
5099 		lgeom_p->g_ncyl = 0;
5100 	} else {
5101 		lgeom_p->g_ncyl = lgeom_p->g_capacity / spc;
5102 	}
5103 	lgeom_p->g_acyl = 0;
5104 
5105 	SD_INFO(SD_LOG_COMMON, un, "sd_get_virtual_geometry: (cached)\n");
5106 	SD_INFO(SD_LOG_COMMON, un,
5107 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
5108 	    un->un_lgeom.g_ncyl,  un->un_lgeom.g_acyl,
5109 	    un->un_lgeom.g_nhead, un->un_lgeom.g_nsect);
5110 	SD_INFO(SD_LOG_COMMON, un, "   lbasize: %d; capacity: %ld; "
5111 	    "intrlv: %d; rpm: %d\n", un->un_lgeom.g_secsize,
5112 	    un->un_lgeom.g_capacity, un->un_lgeom.g_intrlv, un->un_lgeom.g_rpm);
5113 }
5114 
5115 
5116 /*
5117  *    Function: sd_update_block_info
5118  *
5119  * Description: Calculate a byte count to sector count bitshift value
5120  *		from sector size.
5121  *
5122  *   Arguments: un: unit struct.
5123  *		lbasize: new target sector size
5124  *		capacity: new target capacity, ie. block count
5125  *
5126  *     Context: Kernel thread context
5127  */
5128 
5129 static void
5130 sd_update_block_info(struct sd_lun *un, uint32_t lbasize, uint64_t capacity)
5131 {
5132 	if (lbasize != 0) {
5133 		un->un_tgt_blocksize = lbasize;
5134 		un->un_f_tgt_blocksize_is_valid	= TRUE;
5135 	}
5136 
5137 	if (capacity != 0) {
5138 		un->un_blockcount		= capacity;
5139 		un->un_f_blockcount_is_valid	= TRUE;
5140 	}
5141 }
5142 
5143 
5144 static void
5145 sd_swap_efi_gpt(efi_gpt_t *e)
5146 {
5147 	_NOTE(ASSUMING_PROTECTED(*e))
5148 	e->efi_gpt_Signature = LE_64(e->efi_gpt_Signature);
5149 	e->efi_gpt_Revision = LE_32(e->efi_gpt_Revision);
5150 	e->efi_gpt_HeaderSize = LE_32(e->efi_gpt_HeaderSize);
5151 	e->efi_gpt_HeaderCRC32 = LE_32(e->efi_gpt_HeaderCRC32);
5152 	e->efi_gpt_MyLBA = LE_64(e->efi_gpt_MyLBA);
5153 	e->efi_gpt_AlternateLBA = LE_64(e->efi_gpt_AlternateLBA);
5154 	e->efi_gpt_FirstUsableLBA = LE_64(e->efi_gpt_FirstUsableLBA);
5155 	e->efi_gpt_LastUsableLBA = LE_64(e->efi_gpt_LastUsableLBA);
5156 	UUID_LE_CONVERT(e->efi_gpt_DiskGUID, e->efi_gpt_DiskGUID);
5157 	e->efi_gpt_PartitionEntryLBA = LE_64(e->efi_gpt_PartitionEntryLBA);
5158 	e->efi_gpt_NumberOfPartitionEntries =
5159 	    LE_32(e->efi_gpt_NumberOfPartitionEntries);
5160 	e->efi_gpt_SizeOfPartitionEntry =
5161 	    LE_32(e->efi_gpt_SizeOfPartitionEntry);
5162 	e->efi_gpt_PartitionEntryArrayCRC32 =
5163 	    LE_32(e->efi_gpt_PartitionEntryArrayCRC32);
5164 }
5165 
5166 static void
5167 sd_swap_efi_gpe(int nparts, efi_gpe_t *p)
5168 {
5169 	int i;
5170 
5171 	_NOTE(ASSUMING_PROTECTED(*p))
5172 	for (i = 0; i < nparts; i++) {
5173 		UUID_LE_CONVERT(p[i].efi_gpe_PartitionTypeGUID,
5174 		    p[i].efi_gpe_PartitionTypeGUID);
5175 		p[i].efi_gpe_StartingLBA = LE_64(p[i].efi_gpe_StartingLBA);
5176 		p[i].efi_gpe_EndingLBA = LE_64(p[i].efi_gpe_EndingLBA);
5177 		/* PartitionAttrs */
5178 	}
5179 }
5180 
5181 static int
5182 sd_validate_efi(efi_gpt_t *labp)
5183 {
5184 	if (labp->efi_gpt_Signature != EFI_SIGNATURE)
5185 		return (EINVAL);
5186 	/* at least 96 bytes in this version of the spec. */
5187 	if (sizeof (efi_gpt_t) - sizeof (labp->efi_gpt_Reserved2) >
5188 	    labp->efi_gpt_HeaderSize)
5189 		return (EINVAL);
5190 	/* this should be 128 bytes */
5191 	if (labp->efi_gpt_SizeOfPartitionEntry != sizeof (efi_gpe_t))
5192 		return (EINVAL);
5193 	return (0);
5194 }
5195 
5196 static int
5197 sd_use_efi(struct sd_lun *un, int path_flag)
5198 {
5199 	int		i;
5200 	int		rval = 0;
5201 	efi_gpe_t	*partitions;
5202 	uchar_t		*buf;
5203 	uint_t		lbasize;
5204 	uint64_t	cap;
5205 	uint_t		nparts;
5206 	diskaddr_t	gpe_lba;
5207 
5208 	ASSERT(mutex_owned(SD_MUTEX(un)));
5209 	lbasize = un->un_tgt_blocksize;
5210 
5211 	mutex_exit(SD_MUTEX(un));
5212 
5213 	buf = kmem_zalloc(EFI_MIN_ARRAY_SIZE, KM_SLEEP);
5214 
5215 	if (un->un_tgt_blocksize != un->un_sys_blocksize) {
5216 		rval = EINVAL;
5217 		goto done_err;
5218 	}
5219 
5220 	rval = sd_send_scsi_READ(un, buf, lbasize, 0, path_flag);
5221 	if (rval) {
5222 		goto done_err;
5223 	}
5224 	if (((struct dk_label *)buf)->dkl_magic == DKL_MAGIC) {
5225 		/* not ours */
5226 		rval = ESRCH;
5227 		goto done_err;
5228 	}
5229 
5230 	rval = sd_send_scsi_READ(un, buf, lbasize, 1, path_flag);
5231 	if (rval) {
5232 		goto done_err;
5233 	}
5234 	sd_swap_efi_gpt((efi_gpt_t *)buf);
5235 
5236 	if ((rval = sd_validate_efi((efi_gpt_t *)buf)) != 0) {
5237 		/*
5238 		 * Couldn't read the primary, try the backup.  Our
5239 		 * capacity at this point could be based on CHS, so
5240 		 * check what the device reports.
5241 		 */
5242 		rval = sd_send_scsi_READ_CAPACITY(un, &cap, &lbasize,
5243 		    path_flag);
5244 		if (rval) {
5245 			goto done_err;
5246 		}
5247 		if ((rval = sd_send_scsi_READ(un, buf, lbasize,
5248 		    cap - 1, path_flag)) != 0) {
5249 			goto done_err;
5250 		}
5251 		sd_swap_efi_gpt((efi_gpt_t *)buf);
5252 		if ((rval = sd_validate_efi((efi_gpt_t *)buf)) != 0)
5253 			goto done_err;
5254 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5255 		    "primary label corrupt; using backup\n");
5256 	}
5257 
5258 	nparts = ((efi_gpt_t *)buf)->efi_gpt_NumberOfPartitionEntries;
5259 	gpe_lba = ((efi_gpt_t *)buf)->efi_gpt_PartitionEntryLBA;
5260 
5261 	rval = sd_send_scsi_READ(un, buf, EFI_MIN_ARRAY_SIZE, gpe_lba,
5262 	    path_flag);
5263 	if (rval) {
5264 		goto done_err;
5265 	}
5266 	partitions = (efi_gpe_t *)buf;
5267 
5268 	if (nparts > MAXPART) {
5269 		nparts = MAXPART;
5270 	}
5271 	sd_swap_efi_gpe(nparts, partitions);
5272 
5273 	mutex_enter(SD_MUTEX(un));
5274 
5275 	/* Fill in partition table. */
5276 	for (i = 0; i < nparts; i++) {
5277 		if (partitions->efi_gpe_StartingLBA != 0 ||
5278 		    partitions->efi_gpe_EndingLBA != 0) {
5279 			un->un_map[i].dkl_cylno =
5280 			    partitions->efi_gpe_StartingLBA;
5281 			un->un_map[i].dkl_nblk =
5282 			    partitions->efi_gpe_EndingLBA -
5283 			    partitions->efi_gpe_StartingLBA + 1;
5284 			un->un_offset[i] =
5285 			    partitions->efi_gpe_StartingLBA;
5286 		}
5287 		if (i == WD_NODE) {
5288 			/*
5289 			 * minor number 7 corresponds to the whole disk
5290 			 */
5291 			un->un_map[i].dkl_cylno = 0;
5292 			un->un_map[i].dkl_nblk = un->un_blockcount;
5293 			un->un_offset[i] = 0;
5294 		}
5295 		partitions++;
5296 	}
5297 	un->un_solaris_offset = 0;
5298 	un->un_solaris_size = cap;
5299 	un->un_f_geometry_is_valid = TRUE;
5300 	kmem_free(buf, EFI_MIN_ARRAY_SIZE);
5301 	return (0);
5302 
5303 done_err:
5304 	kmem_free(buf, EFI_MIN_ARRAY_SIZE);
5305 	mutex_enter(SD_MUTEX(un));
5306 	/*
5307 	 * if we didn't find something that could look like a VTOC
5308 	 * and the disk is over 1TB, we know there isn't a valid label.
5309 	 * Otherwise let sd_uselabel decide what to do.  We only
5310 	 * want to invalidate this if we're certain the label isn't
5311 	 * valid because sd_prop_op will now fail, which in turn
5312 	 * causes things like opens and stats on the partition to fail.
5313 	 */
5314 	if ((un->un_blockcount > DK_MAX_BLOCKS) && (rval != ESRCH)) {
5315 		un->un_f_geometry_is_valid = FALSE;
5316 	}
5317 	return (rval);
5318 }
5319 
5320 
5321 /*
5322  *    Function: sd_uselabel
5323  *
5324  * Description: Validate the disk label and update the relevant data (geometry,
5325  *		partition, vtoc, and capacity data) in the sd_lun struct.
5326  *		Marks the geometry of the unit as being valid.
5327  *
5328  *   Arguments: un: unit struct.
5329  *		dk_label: disk label
5330  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
5331  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
5332  *			to use the USCSI "direct" chain and bypass the normal
5333  *			command waitq.
5334  *
5335  * Return Code: SD_LABEL_IS_VALID: Label read from disk is OK; geometry,
5336  *		partition, vtoc, and capacity data are good.
5337  *
5338  *		SD_LABEL_IS_INVALID: Magic number or checksum error in the
5339  *		label; or computed capacity does not jibe with capacity
5340  *		reported from the READ CAPACITY command.
5341  *
5342  *     Context: Kernel thread only (can sleep).
5343  */
5344 
5345 static int
5346 sd_uselabel(struct sd_lun *un, struct dk_label *labp, int path_flag)
5347 {
5348 	short	*sp;
5349 	short	sum;
5350 	short	count;
5351 	int	label_error = SD_LABEL_IS_VALID;
5352 	int	i;
5353 	int	capacity;
5354 	int	part_end;
5355 	int	track_capacity;
5356 	int	err;
5357 #if defined(_SUNOS_VTOC_16)
5358 	struct	dkl_partition	*vpartp;
5359 #endif
5360 	ASSERT(un != NULL);
5361 	ASSERT(mutex_owned(SD_MUTEX(un)));
5362 
5363 	/* Validate the magic number of the label. */
5364 	if (labp->dkl_magic != DKL_MAGIC) {
5365 #if defined(__sparc)
5366 		if ((un->un_state == SD_STATE_NORMAL) &&
5367 		    !ISREMOVABLE(un)) {
5368 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5369 			    "Corrupt label; wrong magic number\n");
5370 		}
5371 #endif
5372 		return (SD_LABEL_IS_INVALID);
5373 	}
5374 
5375 	/* Validate the checksum of the label. */
5376 	sp  = (short *)labp;
5377 	sum = 0;
5378 	count = sizeof (struct dk_label) / sizeof (short);
5379 	while (count--)	 {
5380 		sum ^= *sp++;
5381 	}
5382 
5383 	if (sum != 0) {
5384 #if defined(_SUNOS_VTOC_16)
5385 		if (un->un_state == SD_STATE_NORMAL && !ISCD(un)) {
5386 #elif defined(_SUNOS_VTOC_8)
5387 		if (un->un_state == SD_STATE_NORMAL && !ISREMOVABLE(un)) {
5388 #endif
5389 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5390 			    "Corrupt label - label checksum failed\n");
5391 		}
5392 		return (SD_LABEL_IS_INVALID);
5393 	}
5394 
5395 
5396 	/*
5397 	 * Fill in geometry structure with data from label.
5398 	 */
5399 	bzero(&un->un_g, sizeof (struct dk_geom));
5400 	un->un_g.dkg_ncyl   = labp->dkl_ncyl;
5401 	un->un_g.dkg_acyl   = labp->dkl_acyl;
5402 	un->un_g.dkg_bcyl   = 0;
5403 	un->un_g.dkg_nhead  = labp->dkl_nhead;
5404 	un->un_g.dkg_nsect  = labp->dkl_nsect;
5405 	un->un_g.dkg_intrlv = labp->dkl_intrlv;
5406 
5407 #if defined(_SUNOS_VTOC_8)
5408 	un->un_g.dkg_gap1   = labp->dkl_gap1;
5409 	un->un_g.dkg_gap2   = labp->dkl_gap2;
5410 	un->un_g.dkg_bhead  = labp->dkl_bhead;
5411 #endif
5412 #if defined(_SUNOS_VTOC_16)
5413 	un->un_dkg_skew = labp->dkl_skew;
5414 #endif
5415 
5416 #if defined(__i386) || defined(__amd64)
5417 	un->un_g.dkg_apc = labp->dkl_apc;
5418 #endif
5419 
5420 	/*
5421 	 * Currently we rely on the values in the label being accurate. If
5422 	 * dlk_rpm or dlk_pcly are zero in the label, use a default value.
5423 	 *
5424 	 * Note: In the future a MODE SENSE may be used to retrieve this data,
5425 	 * although this command is optional in SCSI-2.
5426 	 */
5427 	un->un_g.dkg_rpm  = (labp->dkl_rpm  != 0) ? labp->dkl_rpm  : 3600;
5428 	un->un_g.dkg_pcyl = (labp->dkl_pcyl != 0) ? labp->dkl_pcyl :
5429 	    (un->un_g.dkg_ncyl + un->un_g.dkg_acyl);
5430 
5431 	/*
5432 	 * The Read and Write reinstruct values may not be valid
5433 	 * for older disks.
5434 	 */
5435 	un->un_g.dkg_read_reinstruct  = labp->dkl_read_reinstruct;
5436 	un->un_g.dkg_write_reinstruct = labp->dkl_write_reinstruct;
5437 
5438 	/* Fill in partition table. */
5439 #if defined(_SUNOS_VTOC_8)
5440 	for (i = 0; i < NDKMAP; i++) {
5441 		un->un_map[i].dkl_cylno = labp->dkl_map[i].dkl_cylno;
5442 		un->un_map[i].dkl_nblk  = labp->dkl_map[i].dkl_nblk;
5443 	}
5444 #endif
5445 #if  defined(_SUNOS_VTOC_16)
5446 	vpartp		= labp->dkl_vtoc.v_part;
5447 	track_capacity	= labp->dkl_nhead * labp->dkl_nsect;
5448 
5449 	/* Prevent divide by zero */
5450 	if (track_capacity == 0) {
5451 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5452 		    "Corrupt label - zero nhead or nsect value\n");
5453 
5454 		return (SD_LABEL_IS_INVALID);
5455 	}
5456 
5457 	for (i = 0; i < NDKMAP; i++, vpartp++) {
5458 		un->un_map[i].dkl_cylno = vpartp->p_start / track_capacity;
5459 		un->un_map[i].dkl_nblk  = vpartp->p_size;
5460 	}
5461 #endif
5462 
5463 	/* Fill in VTOC Structure. */
5464 	bcopy(&labp->dkl_vtoc, &un->un_vtoc, sizeof (struct dk_vtoc));
5465 #if defined(_SUNOS_VTOC_8)
5466 	/*
5467 	 * The 8-slice vtoc does not include the ascii label; save it into
5468 	 * the device's soft state structure here.
5469 	 */
5470 	bcopy(labp->dkl_asciilabel, un->un_asciilabel, LEN_DKL_ASCII);
5471 #endif
5472 
5473 	/* Now look for a valid capacity. */
5474 	track_capacity	= (un->un_g.dkg_nhead * un->un_g.dkg_nsect);
5475 	capacity	= (un->un_g.dkg_ncyl  * track_capacity);
5476 
5477 	if (un->un_g.dkg_acyl) {
5478 #if defined(__i386) || defined(__amd64)
5479 		/* we may have > 1 alts cylinder */
5480 		capacity += (track_capacity * un->un_g.dkg_acyl);
5481 #else
5482 		capacity += track_capacity;
5483 #endif
5484 	}
5485 
5486 	/*
5487 	 * Force check here to ensure the computed capacity is valid.
5488 	 * If capacity is zero, it indicates an invalid label and
5489 	 * we should abort updating the relevant data then.
5490 	 */
5491 	if (capacity == 0) {
5492 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5493 		    "Corrupt label - no valid capacity could be retrieved\n");
5494 
5495 		return (SD_LABEL_IS_INVALID);
5496 	}
5497 
5498 	/* Mark the geometry as valid. */
5499 	un->un_f_geometry_is_valid = TRUE;
5500 
5501 	/*
5502 	 * At this point, un->un_blockcount should contain valid data from
5503 	 * the READ CAPACITY command.
5504 	 */
5505 	if (un->un_f_blockcount_is_valid != TRUE) {
5506 		/*
5507 		 * We have a situation where the target didn't give us a good
5508 		 * READ CAPACITY value, yet there appears to be a valid label.
5509 		 * In this case, we'll fake the capacity.
5510 		 */
5511 		un->un_blockcount = capacity;
5512 		un->un_f_blockcount_is_valid = TRUE;
5513 		goto done;
5514 	}
5515 
5516 
5517 	if ((capacity <= un->un_blockcount) ||
5518 	    (un->un_state != SD_STATE_NORMAL)) {
5519 #if defined(_SUNOS_VTOC_8)
5520 		/*
5521 		 * We can't let this happen on drives that are subdivided
5522 		 * into logical disks (i.e., that have an fdisk table).
5523 		 * The un_blockcount field should always hold the full media
5524 		 * size in sectors, period.  This code would overwrite
5525 		 * un_blockcount with the size of the Solaris fdisk partition.
5526 		 */
5527 		SD_ERROR(SD_LOG_COMMON, un,
5528 		    "sd_uselabel: Label %d blocks; Drive %d blocks\n",
5529 		    capacity, un->un_blockcount);
5530 		un->un_blockcount = capacity;
5531 		un->un_f_blockcount_is_valid = TRUE;
5532 #endif	/* defined(_SUNOS_VTOC_8) */
5533 		goto done;
5534 	}
5535 
5536 	if (ISCD(un)) {
5537 		/* For CDROMs, we trust that the data in the label is OK. */
5538 #if defined(_SUNOS_VTOC_8)
5539 		for (i = 0; i < NDKMAP; i++) {
5540 			part_end = labp->dkl_nhead * labp->dkl_nsect *
5541 			    labp->dkl_map[i].dkl_cylno +
5542 			    labp->dkl_map[i].dkl_nblk  - 1;
5543 
5544 			if ((labp->dkl_map[i].dkl_nblk) &&
5545 			    (part_end > un->un_blockcount)) {
5546 				un->un_f_geometry_is_valid = FALSE;
5547 				break;
5548 			}
5549 		}
5550 #endif
5551 #if defined(_SUNOS_VTOC_16)
5552 		vpartp = &(labp->dkl_vtoc.v_part[0]);
5553 		for (i = 0; i < NDKMAP; i++, vpartp++) {
5554 			part_end = vpartp->p_start + vpartp->p_size;
5555 			if ((vpartp->p_size > 0) &&
5556 			    (part_end > un->un_blockcount)) {
5557 				un->un_f_geometry_is_valid = FALSE;
5558 				break;
5559 			}
5560 		}
5561 #endif
5562 	} else {
5563 		uint64_t t_capacity;
5564 		uint32_t t_lbasize;
5565 
5566 		mutex_exit(SD_MUTEX(un));
5567 		err = sd_send_scsi_READ_CAPACITY(un, &t_capacity, &t_lbasize,
5568 		    path_flag);
5569 		ASSERT(t_capacity <= DK_MAX_BLOCKS);
5570 		mutex_enter(SD_MUTEX(un));
5571 
5572 		if (err == 0) {
5573 			sd_update_block_info(un, t_lbasize, t_capacity);
5574 		}
5575 
5576 		if (capacity > un->un_blockcount) {
5577 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5578 			    "Corrupt label - bad geometry\n");
5579 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
5580 			    "Label says %u blocks; Drive says %llu blocks\n",
5581 			    capacity, (unsigned long long)un->un_blockcount);
5582 			un->un_f_geometry_is_valid = FALSE;
5583 			label_error = SD_LABEL_IS_INVALID;
5584 		}
5585 	}
5586 
5587 done:
5588 
5589 	SD_INFO(SD_LOG_COMMON, un, "sd_uselabel: (label geometry)\n");
5590 	SD_INFO(SD_LOG_COMMON, un,
5591 	    "   ncyl: %d; acyl: %d; nhead: %d; nsect: %d\n",
5592 	    un->un_g.dkg_ncyl,  un->un_g.dkg_acyl,
5593 	    un->un_g.dkg_nhead, un->un_g.dkg_nsect);
5594 	SD_INFO(SD_LOG_COMMON, un,
5595 	    "   lbasize: %d; capacity: %d; intrlv: %d; rpm: %d\n",
5596 	    un->un_tgt_blocksize, un->un_blockcount,
5597 	    un->un_g.dkg_intrlv, un->un_g.dkg_rpm);
5598 	SD_INFO(SD_LOG_COMMON, un, "   wrt_reinstr: %d; rd_reinstr: %d\n",
5599 	    un->un_g.dkg_write_reinstruct, un->un_g.dkg_read_reinstruct);
5600 
5601 	ASSERT(mutex_owned(SD_MUTEX(un)));
5602 
5603 	return (label_error);
5604 }
5605 
5606 
5607 /*
5608  *    Function: sd_build_default_label
5609  *
5610  * Description: Generate a default label for those devices that do not have
5611  *		one, e.g., new media, removable cartridges, etc..
5612  *
5613  *     Context: Kernel thread only
5614  */
5615 
5616 static void
5617 sd_build_default_label(struct sd_lun *un)
5618 {
5619 #if defined(_SUNOS_VTOC_16)
5620 	uint_t	phys_spc;
5621 	uint_t	disksize;
5622 	struct	dk_geom un_g;
5623 #endif
5624 
5625 	ASSERT(un != NULL);
5626 	ASSERT(mutex_owned(SD_MUTEX(un)));
5627 
5628 #if defined(_SUNOS_VTOC_8)
5629 	/*
5630 	 * Note: This is a legacy check for non-removable devices on VTOC_8
5631 	 * only. This may be a valid check for VTOC_16 as well.
5632 	 */
5633 	if (!ISREMOVABLE(un)) {
5634 		return;
5635 	}
5636 #endif
5637 
5638 	bzero(&un->un_g, sizeof (struct dk_geom));
5639 	bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
5640 	bzero(&un->un_map, NDKMAP * (sizeof (struct dk_map)));
5641 
5642 #if defined(_SUNOS_VTOC_8)
5643 
5644 	/*
5645 	 * It's a REMOVABLE media, therefore no label (on sparc, anyway).
5646 	 * But it is still necessary to set up various geometry information,
5647 	 * and we are doing this here.
5648 	 */
5649 
5650 	/*
5651 	 * For the rpm, we use the minimum for the disk.  For the head, cyl,
5652 	 * and number of sector per track, if the capacity <= 1GB, head = 64,
5653 	 * sect = 32.  else head = 255, sect 63 Note: the capacity should be
5654 	 * equal to C*H*S values.  This will cause some truncation of size due
5655 	 * to round off errors. For CD-ROMs, this truncation can have adverse
5656 	 * side effects, so returning ncyl and nhead as 1. The nsect will
5657 	 * overflow for most of CD-ROMs as nsect is of type ushort. (4190569)
5658 	 */
5659 	if (ISCD(un)) {
5660 		/*
5661 		 * Preserve the old behavior for non-writable
5662 		 * medias. Since dkg_nsect is a ushort, it
5663 		 * will lose bits as cdroms have more than
5664 		 * 65536 sectors. So if we recalculate
5665 		 * capacity, it will become much shorter.
5666 		 * But the dkg_* information is not
5667 		 * used for CDROMs so it is OK. But for
5668 		 * Writable CDs we need this information
5669 		 * to be valid (for newfs say). So we
5670 		 * make nsect and nhead > 1 that way
5671 		 * nsect can still stay within ushort limit
5672 		 * without losing any bits.
5673 		 */
5674 		if (un->un_f_mmc_writable_media == TRUE) {
5675 			un->un_g.dkg_nhead = 64;
5676 			un->un_g.dkg_nsect = 32;
5677 			un->un_g.dkg_ncyl = un->un_blockcount / (64 * 32);
5678 			un->un_blockcount = un->un_g.dkg_ncyl *
5679 			    un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5680 		} else {
5681 			un->un_g.dkg_ncyl  = 1;
5682 			un->un_g.dkg_nhead = 1;
5683 			un->un_g.dkg_nsect = un->un_blockcount;
5684 		}
5685 	} else {
5686 		if (un->un_blockcount <= 0x1000) {
5687 			/* unlabeled SCSI floppy device */
5688 			un->un_g.dkg_nhead = 2;
5689 			un->un_g.dkg_ncyl = 80;
5690 			un->un_g.dkg_nsect = un->un_blockcount / (2 * 80);
5691 		} else if (un->un_blockcount <= 0x200000) {
5692 			un->un_g.dkg_nhead = 64;
5693 			un->un_g.dkg_nsect = 32;
5694 			un->un_g.dkg_ncyl  = un->un_blockcount / (64 * 32);
5695 		} else {
5696 			un->un_g.dkg_nhead = 255;
5697 			un->un_g.dkg_nsect = 63;
5698 			un->un_g.dkg_ncyl  = un->un_blockcount / (255 * 63);
5699 		}
5700 		un->un_blockcount =
5701 		    un->un_g.dkg_ncyl * un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5702 	}
5703 
5704 	un->un_g.dkg_acyl	= 0;
5705 	un->un_g.dkg_bcyl	= 0;
5706 	un->un_g.dkg_rpm	= 200;
5707 	un->un_asciilabel[0]	= '\0';
5708 	un->un_g.dkg_pcyl	= un->un_g.dkg_ncyl;
5709 
5710 	un->un_map[0].dkl_cylno = 0;
5711 	un->un_map[0].dkl_nblk  = un->un_blockcount;
5712 	un->un_map[2].dkl_cylno = 0;
5713 	un->un_map[2].dkl_nblk  = un->un_blockcount;
5714 
5715 #elif defined(_SUNOS_VTOC_16)
5716 
5717 	if (un->un_solaris_size == 0) {
5718 		/*
5719 		 * Got fdisk table but no solaris entry therefore
5720 		 * don't create a default label
5721 		 */
5722 		un->un_f_geometry_is_valid = TRUE;
5723 		return;
5724 	}
5725 
5726 	/*
5727 	 * For CDs we continue to use the physical geometry to calculate
5728 	 * number of cylinders. All other devices must convert the
5729 	 * physical geometry (geom_cache) to values that will fit
5730 	 * in a dk_geom structure.
5731 	 */
5732 	if (ISCD(un)) {
5733 		phys_spc = un->un_pgeom.g_nhead * un->un_pgeom.g_nsect;
5734 	} else {
5735 		/* Convert physical geometry to disk geometry */
5736 		bzero(&un_g, sizeof (struct dk_geom));
5737 		sd_convert_geometry(un->un_blockcount, &un_g);
5738 		bcopy(&un_g, &un->un_g, sizeof (un->un_g));
5739 		phys_spc = un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5740 	}
5741 
5742 	ASSERT(phys_spc != 0);
5743 	un->un_g.dkg_pcyl = un->un_solaris_size / phys_spc;
5744 	un->un_g.dkg_acyl = DK_ACYL;
5745 	un->un_g.dkg_ncyl = un->un_g.dkg_pcyl - DK_ACYL;
5746 	disksize = un->un_g.dkg_ncyl * phys_spc;
5747 
5748 	if (ISCD(un)) {
5749 		/*
5750 		 * CD's don't use the "heads * sectors * cyls"-type of
5751 		 * geometry, but instead use the entire capacity of the media.
5752 		 */
5753 		disksize = un->un_solaris_size;
5754 		un->un_g.dkg_nhead = 1;
5755 		un->un_g.dkg_nsect = 1;
5756 		un->un_g.dkg_rpm =
5757 		    (un->un_pgeom.g_rpm == 0) ? 200 : un->un_pgeom.g_rpm;
5758 
5759 		un->un_vtoc.v_part[0].p_start = 0;
5760 		un->un_vtoc.v_part[0].p_size  = disksize;
5761 		un->un_vtoc.v_part[0].p_tag   = V_BACKUP;
5762 		un->un_vtoc.v_part[0].p_flag  = V_UNMNT;
5763 
5764 		un->un_map[0].dkl_cylno = 0;
5765 		un->un_map[0].dkl_nblk  = disksize;
5766 		un->un_offset[0] = 0;
5767 
5768 	} else {
5769 		/*
5770 		 * Hard disks and removable media cartridges
5771 		 */
5772 		un->un_g.dkg_rpm =
5773 		    (un->un_pgeom.g_rpm == 0) ? 3600: un->un_pgeom.g_rpm;
5774 		un->un_vtoc.v_sectorsz = un->un_sys_blocksize;
5775 
5776 		/* Add boot slice */
5777 		un->un_vtoc.v_part[8].p_start = 0;
5778 		un->un_vtoc.v_part[8].p_size  = phys_spc;
5779 		un->un_vtoc.v_part[8].p_tag   = V_BOOT;
5780 		un->un_vtoc.v_part[8].p_flag  = V_UNMNT;
5781 
5782 		un->un_map[8].dkl_cylno = 0;
5783 		un->un_map[8].dkl_nblk  = phys_spc;
5784 		un->un_offset[8] = 0;
5785 	}
5786 
5787 	un->un_g.dkg_apc = 0;
5788 	un->un_vtoc.v_nparts = V_NUMPAR;
5789 	un->un_vtoc.v_version = V_VERSION;
5790 
5791 	/* Add backup slice */
5792 	un->un_vtoc.v_part[2].p_start = 0;
5793 	un->un_vtoc.v_part[2].p_size  = disksize;
5794 	un->un_vtoc.v_part[2].p_tag   = V_BACKUP;
5795 	un->un_vtoc.v_part[2].p_flag  = V_UNMNT;
5796 
5797 	un->un_map[2].dkl_cylno = 0;
5798 	un->un_map[2].dkl_nblk  = disksize;
5799 	un->un_offset[2] = 0;
5800 
5801 	(void) sprintf(un->un_vtoc.v_asciilabel, "DEFAULT cyl %d alt %d"
5802 	    " hd %d sec %d", un->un_g.dkg_ncyl, un->un_g.dkg_acyl,
5803 	    un->un_g.dkg_nhead, un->un_g.dkg_nsect);
5804 
5805 #else
5806 #error "No VTOC format defined."
5807 #endif
5808 
5809 	un->un_g.dkg_read_reinstruct  = 0;
5810 	un->un_g.dkg_write_reinstruct = 0;
5811 
5812 	un->un_g.dkg_intrlv = 1;
5813 
5814 	un->un_vtoc.v_sanity  = VTOC_SANE;
5815 
5816 	un->un_f_geometry_is_valid = TRUE;
5817 
5818 	SD_INFO(SD_LOG_COMMON, un,
5819 	    "sd_build_default_label: Default label created: "
5820 	    "cyl: %d\tacyl: %d\tnhead: %d\tnsect: %d\tcap: %d\n",
5821 	    un->un_g.dkg_ncyl, un->un_g.dkg_acyl, un->un_g.dkg_nhead,
5822 	    un->un_g.dkg_nsect, un->un_blockcount);
5823 }
5824 
5825 
5826 #if defined(_FIRMWARE_NEEDS_FDISK)
5827 /*
5828  * Max CHS values, as they are encoded into bytes, for 1022/254/63
5829  */
5830 #define	LBA_MAX_SECT	(63 | ((1022 & 0x300) >> 2))
5831 #define	LBA_MAX_CYL	(1022 & 0xFF)
5832 #define	LBA_MAX_HEAD	(254)
5833 
5834 
5835 /*
5836  *    Function: sd_has_max_chs_vals
5837  *
5838  * Description: Return TRUE if Cylinder-Head-Sector values are all at maximum.
5839  *
5840  *   Arguments: fdp - ptr to CHS info
5841  *
5842  * Return Code: True or false
5843  *
5844  *     Context: Any.
5845  */
5846 
5847 static int
5848 sd_has_max_chs_vals(struct ipart *fdp)
5849 {
5850 	return ((fdp->begcyl  == LBA_MAX_CYL)	&&
5851 	    (fdp->beghead == LBA_MAX_HEAD)	&&
5852 	    (fdp->begsect == LBA_MAX_SECT)	&&
5853 	    (fdp->endcyl  == LBA_MAX_CYL)	&&
5854 	    (fdp->endhead == LBA_MAX_HEAD)	&&
5855 	    (fdp->endsect == LBA_MAX_SECT));
5856 }
5857 #endif
5858 
5859 
5860 /*
5861  *    Function: sd_inq_fill
5862  *
5863  * Description: Print a piece of inquiry data, cleaned up for non-printable
5864  *		characters and stopping at the first space character after
5865  *		the beginning of the passed string;
5866  *
5867  *   Arguments: p - source string
5868  *		l - maximum length to copy
5869  *		s - destination string
5870  *
5871  *     Context: Any.
5872  */
5873 
5874 static void
5875 sd_inq_fill(char *p, int l, char *s)
5876 {
5877 	unsigned i = 0;
5878 	char c;
5879 
5880 	while (i++ < l) {
5881 		if ((c = *p++) < ' ' || c >= 0x7F) {
5882 			c = '*';
5883 		} else if (i != 1 && c == ' ') {
5884 			break;
5885 		}
5886 		*s++ = c;
5887 	}
5888 	*s++ = 0;
5889 }
5890 
5891 
5892 /*
5893  *    Function: sd_register_devid
5894  *
5895  * Description: This routine will obtain the device id information from the
5896  *		target, obtain the serial number, and register the device
5897  *		id with the ddi framework.
5898  *
5899  *   Arguments: devi - the system's dev_info_t for the device.
5900  *		un - driver soft state (unit) structure
5901  *		reservation_flag - indicates if a reservation conflict
5902  *		occurred during attach
5903  *
5904  *     Context: Kernel Thread
5905  */
5906 static void
5907 sd_register_devid(struct sd_lun *un, dev_info_t *devi, int reservation_flag)
5908 {
5909 	int		rval		= 0;
5910 	uchar_t		*inq80		= NULL;
5911 	size_t		inq80_len	= MAX_INQUIRY_SIZE;
5912 	size_t		inq80_resid	= 0;
5913 	uchar_t		*inq83		= NULL;
5914 	size_t		inq83_len	= MAX_INQUIRY_SIZE;
5915 	size_t		inq83_resid	= 0;
5916 
5917 	ASSERT(un != NULL);
5918 	ASSERT(mutex_owned(SD_MUTEX(un)));
5919 	ASSERT((SD_DEVINFO(un)) == devi);
5920 
5921 	/*
5922 	 * This is the case of antiquated Sun disk drives that have the
5923 	 * FAB_DEVID property set in the disk_table.  These drives
5924 	 * manage the devid's by storing them in last 2 available sectors
5925 	 * on the drive and have them fabricated by the ddi layer by calling
5926 	 * ddi_devid_init and passing the DEVID_FAB flag.
5927 	 */
5928 	if (un->un_f_opt_fab_devid == TRUE) {
5929 		/*
5930 		 * Depending on EINVAL isn't reliable, since a reserved disk
5931 		 * may result in invalid geometry, so check to make sure a
5932 		 * reservation conflict did not occur during attach.
5933 		 */
5934 		if ((sd_get_devid(un) == EINVAL) &&
5935 		    (reservation_flag != SD_TARGET_IS_RESERVED)) {
5936 			/*
5937 			 * The devid is invalid AND there is no reservation
5938 			 * conflict.  Fabricate a new devid.
5939 			 */
5940 			(void) sd_create_devid(un);
5941 		}
5942 
5943 		/* Register the devid if it exists */
5944 		if (un->un_devid != NULL) {
5945 			(void) ddi_devid_register(SD_DEVINFO(un),
5946 			    un->un_devid);
5947 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
5948 			    "sd_register_devid: Devid Fabricated\n");
5949 		}
5950 		return;
5951 	}
5952 
5953 	/*
5954 	 * We check the availibility of the World Wide Name (0x83) and Unit
5955 	 * Serial Number (0x80) pages in sd_check_vpd_page_support(), and using
5956 	 * un_vpd_page_mask from them, we decide which way to get the WWN.  If
5957 	 * 0x83 is availible, that is the best choice.  Our next choice is
5958 	 * 0x80.  If neither are availible, we munge the devid from the device
5959 	 * vid/pid/serial # for Sun qualified disks, or use the ddi framework
5960 	 * to fabricate a devid for non-Sun qualified disks.
5961 	 */
5962 	if (sd_check_vpd_page_support(un) == 0) {
5963 		/* collect page 80 data if available */
5964 		if (un->un_vpd_page_mask & SD_VPD_UNIT_SERIAL_PG) {
5965 
5966 			mutex_exit(SD_MUTEX(un));
5967 			inq80 = kmem_zalloc(inq80_len, KM_SLEEP);
5968 			rval = sd_send_scsi_INQUIRY(un, inq80, inq80_len,
5969 			    0x01, 0x80, &inq80_resid);
5970 
5971 			if (rval != 0) {
5972 				kmem_free(inq80, inq80_len);
5973 				inq80 = NULL;
5974 				inq80_len = 0;
5975 			}
5976 			mutex_enter(SD_MUTEX(un));
5977 		}
5978 
5979 		/* collect page 83 data if available */
5980 		if (un->un_vpd_page_mask & SD_VPD_DEVID_WWN_PG) {
5981 
5982 			mutex_exit(SD_MUTEX(un));
5983 			inq83 = kmem_zalloc(inq83_len, KM_SLEEP);
5984 			rval = sd_send_scsi_INQUIRY(un, inq83, inq83_len,
5985 			    0x01, 0x83, &inq83_resid);
5986 
5987 			if (rval != 0) {
5988 				kmem_free(inq83, inq83_len);
5989 				inq83 = NULL;
5990 				inq83_len = 0;
5991 			}
5992 			mutex_enter(SD_MUTEX(un));
5993 		}
5994 	}
5995 
5996 	/* encode best devid possible based on data available */
5997 	if (ddi_devid_scsi_encode(DEVID_SCSI_ENCODE_VERSION_LATEST,
5998 	    (char *)ddi_driver_name(SD_DEVINFO(un)),
5999 	    (uchar_t *)SD_INQUIRY(un), sizeof (*SD_INQUIRY(un)),
6000 	    inq80, inq80_len - inq80_resid, inq83, inq83_len -
6001 	    inq83_resid, &un->un_devid) == DDI_SUCCESS) {
6002 
6003 		/* devid successfully encoded, register devid */
6004 		(void) ddi_devid_register(SD_DEVINFO(un), un->un_devid);
6005 
6006 	} else {
6007 		/*
6008 		 * Unable to encode a devid based on data available.
6009 		 * This is not a Sun qualified disk.  Older Sun disk
6010 		 * drives that have the SD_FAB_DEVID property
6011 		 * set in the disk_table and non Sun qualified
6012 		 * disks are treated in the same manner.  These
6013 		 * drives manage the devid's by storing them in
6014 		 * last 2 available sectors on the drive and
6015 		 * have them fabricated by the ddi layer by
6016 		 * calling ddi_devid_init and passing the
6017 		 * DEVID_FAB flag.
6018 		 * Create a fabricate devid only if there's no
6019 		 * fabricate devid existed.
6020 		 */
6021 		if (sd_get_devid(un) == EINVAL) {
6022 			(void) sd_create_devid(un);
6023 			un->un_f_opt_fab_devid = TRUE;
6024 		}
6025 
6026 		/* Register the devid if it exists */
6027 		if (un->un_devid != NULL) {
6028 			(void) ddi_devid_register(SD_DEVINFO(un),
6029 			    un->un_devid);
6030 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
6031 			    "sd_register_devid: devid fabricated using "
6032 			    "ddi framework\n");
6033 		}
6034 	}
6035 
6036 	/* clean up resources */
6037 	if (inq80 != NULL) {
6038 		kmem_free(inq80, inq80_len);
6039 	}
6040 	if (inq83 != NULL) {
6041 		kmem_free(inq83, inq83_len);
6042 	}
6043 }
6044 
6045 static daddr_t
6046 sd_get_devid_block(struct sd_lun *un)
6047 {
6048 	daddr_t			spc, blk, head, cyl;
6049 
6050 	if (un->un_blockcount <= DK_MAX_BLOCKS) {
6051 		/* this geometry doesn't allow us to write a devid */
6052 		if (un->un_g.dkg_acyl < 2) {
6053 			return (-1);
6054 		}
6055 
6056 		/*
6057 		 * Subtract 2 guarantees that the next to last cylinder
6058 		 * is used
6059 		 */
6060 		cyl  = un->un_g.dkg_ncyl  + un->un_g.dkg_acyl - 2;
6061 		spc  = un->un_g.dkg_nhead * un->un_g.dkg_nsect;
6062 		head = un->un_g.dkg_nhead - 1;
6063 		blk  = (cyl * (spc - un->un_g.dkg_apc)) +
6064 		    (head * un->un_g.dkg_nsect) + 1;
6065 	} else {
6066 		if (un->un_reserved != -1) {
6067 			blk = un->un_map[un->un_reserved].dkl_cylno + 1;
6068 		} else {
6069 			return (-1);
6070 		}
6071 	}
6072 	return (blk);
6073 }
6074 
6075 /*
6076  *    Function: sd_get_devid
6077  *
6078  * Description: This routine will return 0 if a valid device id has been
6079  *		obtained from the target and stored in the soft state. If a
6080  *		valid device id has not been previously read and stored, a
6081  *		read attempt will be made.
6082  *
6083  *   Arguments: un - driver soft state (unit) structure
6084  *
6085  * Return Code: 0 if we successfully get the device id
6086  *
6087  *     Context: Kernel Thread
6088  */
6089 
6090 static int
6091 sd_get_devid(struct sd_lun *un)
6092 {
6093 	struct dk_devid		*dkdevid;
6094 	ddi_devid_t		tmpid;
6095 	uint_t			*ip;
6096 	size_t			sz;
6097 	daddr_t			blk;
6098 	int			status;
6099 	int			chksum;
6100 	int			i;
6101 	size_t			buffer_size;
6102 
6103 	ASSERT(un != NULL);
6104 	ASSERT(mutex_owned(SD_MUTEX(un)));
6105 
6106 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_get_devid: entry: un: 0x%p\n",
6107 	    un);
6108 
6109 	if (un->un_devid != NULL) {
6110 		return (0);
6111 	}
6112 
6113 	blk = sd_get_devid_block(un);
6114 	if (blk < 0)
6115 		return (EINVAL);
6116 
6117 	/*
6118 	 * Read and verify device id, stored in the reserved cylinders at the
6119 	 * end of the disk. Backup label is on the odd sectors of the last
6120 	 * track of the last cylinder. Device id will be on track of the next
6121 	 * to last cylinder.
6122 	 */
6123 	buffer_size = SD_REQBYTES2TGTBYTES(un, sizeof (struct dk_devid));
6124 	mutex_exit(SD_MUTEX(un));
6125 	dkdevid = kmem_alloc(buffer_size, KM_SLEEP);
6126 	status = sd_send_scsi_READ(un, dkdevid, buffer_size, blk,
6127 	    SD_PATH_DIRECT);
6128 	if (status != 0) {
6129 		goto error;
6130 	}
6131 
6132 	/* Validate the revision */
6133 	if ((dkdevid->dkd_rev_hi != DK_DEVID_REV_MSB) ||
6134 	    (dkdevid->dkd_rev_lo != DK_DEVID_REV_LSB)) {
6135 		status = EINVAL;
6136 		goto error;
6137 	}
6138 
6139 	/* Calculate the checksum */
6140 	chksum = 0;
6141 	ip = (uint_t *)dkdevid;
6142 	for (i = 0; i < ((un->un_sys_blocksize - sizeof (int))/sizeof (int));
6143 	    i++) {
6144 		chksum ^= ip[i];
6145 	}
6146 
6147 	/* Compare the checksums */
6148 	if (DKD_GETCHKSUM(dkdevid) != chksum) {
6149 		status = EINVAL;
6150 		goto error;
6151 	}
6152 
6153 	/* Validate the device id */
6154 	if (ddi_devid_valid((ddi_devid_t)&dkdevid->dkd_devid) != DDI_SUCCESS) {
6155 		status = EINVAL;
6156 		goto error;
6157 	}
6158 
6159 	/*
6160 	 * Store the device id in the driver soft state
6161 	 */
6162 	sz = ddi_devid_sizeof((ddi_devid_t)&dkdevid->dkd_devid);
6163 	tmpid = kmem_alloc(sz, KM_SLEEP);
6164 
6165 	mutex_enter(SD_MUTEX(un));
6166 
6167 	un->un_devid = tmpid;
6168 	bcopy(&dkdevid->dkd_devid, un->un_devid, sz);
6169 
6170 	kmem_free(dkdevid, buffer_size);
6171 
6172 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_get_devid: exit: un:0x%p\n", un);
6173 
6174 	return (status);
6175 error:
6176 	mutex_enter(SD_MUTEX(un));
6177 	kmem_free(dkdevid, buffer_size);
6178 	return (status);
6179 }
6180 
6181 
6182 /*
6183  *    Function: sd_create_devid
6184  *
6185  * Description: This routine will fabricate the device id and write it
6186  *		to the disk.
6187  *
6188  *   Arguments: un - driver soft state (unit) structure
6189  *
6190  * Return Code: value of the fabricated device id
6191  *
6192  *     Context: Kernel Thread
6193  */
6194 
6195 static ddi_devid_t
6196 sd_create_devid(struct sd_lun *un)
6197 {
6198 	ASSERT(un != NULL);
6199 
6200 	/* Fabricate the devid */
6201 	if (ddi_devid_init(SD_DEVINFO(un), DEVID_FAB, 0, NULL, &un->un_devid)
6202 	    == DDI_FAILURE) {
6203 		return (NULL);
6204 	}
6205 
6206 	/* Write the devid to disk */
6207 	if (sd_write_deviceid(un) != 0) {
6208 		ddi_devid_free(un->un_devid);
6209 		un->un_devid = NULL;
6210 	}
6211 
6212 	return (un->un_devid);
6213 }
6214 
6215 
6216 /*
6217  *    Function: sd_write_deviceid
6218  *
6219  * Description: This routine will write the device id to the disk
6220  *		reserved sector.
6221  *
6222  *   Arguments: un - driver soft state (unit) structure
6223  *
6224  * Return Code: EINVAL
6225  *		value returned by sd_send_scsi_cmd
6226  *
6227  *     Context: Kernel Thread
6228  */
6229 
6230 static int
6231 sd_write_deviceid(struct sd_lun *un)
6232 {
6233 	struct dk_devid		*dkdevid;
6234 	daddr_t			blk;
6235 	uint_t			*ip, chksum;
6236 	int			status;
6237 	int			i;
6238 
6239 	ASSERT(mutex_owned(SD_MUTEX(un)));
6240 
6241 	blk = sd_get_devid_block(un);
6242 	if (blk < 0)
6243 		return (-1);
6244 	mutex_exit(SD_MUTEX(un));
6245 
6246 	/* Allocate the buffer */
6247 	dkdevid = kmem_zalloc(un->un_sys_blocksize, KM_SLEEP);
6248 
6249 	/* Fill in the revision */
6250 	dkdevid->dkd_rev_hi = DK_DEVID_REV_MSB;
6251 	dkdevid->dkd_rev_lo = DK_DEVID_REV_LSB;
6252 
6253 	/* Copy in the device id */
6254 	mutex_enter(SD_MUTEX(un));
6255 	bcopy(un->un_devid, &dkdevid->dkd_devid,
6256 	    ddi_devid_sizeof(un->un_devid));
6257 	mutex_exit(SD_MUTEX(un));
6258 
6259 	/* Calculate the checksum */
6260 	chksum = 0;
6261 	ip = (uint_t *)dkdevid;
6262 	for (i = 0; i < ((un->un_sys_blocksize - sizeof (int))/sizeof (int));
6263 	    i++) {
6264 		chksum ^= ip[i];
6265 	}
6266 
6267 	/* Fill-in checksum */
6268 	DKD_FORMCHKSUM(chksum, dkdevid);
6269 
6270 	/* Write the reserved sector */
6271 	status = sd_send_scsi_WRITE(un, dkdevid, un->un_sys_blocksize, blk,
6272 	    SD_PATH_DIRECT);
6273 
6274 	kmem_free(dkdevid, un->un_sys_blocksize);
6275 
6276 	mutex_enter(SD_MUTEX(un));
6277 	return (status);
6278 }
6279 
6280 
6281 /*
6282  *    Function: sd_check_vpd_page_support
6283  *
6284  * Description: This routine sends an inquiry command with the EVPD bit set and
6285  *		a page code of 0x00 to the device. It is used to determine which
6286  *		vital product pages are availible to find the devid. We are
6287  *		looking for pages 0x83 or 0x80.  If we return a negative 1, the
6288  *		device does not support that command.
6289  *
6290  *   Arguments: un  - driver soft state (unit) structure
6291  *
6292  * Return Code: 0 - success
6293  *		1 - check condition
6294  *
6295  *     Context: This routine can sleep.
6296  */
6297 
6298 static int
6299 sd_check_vpd_page_support(struct sd_lun *un)
6300 {
6301 	uchar_t	*page_list	= NULL;
6302 	uchar_t	page_length	= 0xff;	/* Use max possible length */
6303 	uchar_t	evpd		= 0x01;	/* Set the EVPD bit */
6304 	uchar_t	page_code	= 0x00;	/* Supported VPD Pages */
6305 	int    	rval		= 0;
6306 	int	counter;
6307 
6308 	ASSERT(un != NULL);
6309 	ASSERT(mutex_owned(SD_MUTEX(un)));
6310 
6311 	mutex_exit(SD_MUTEX(un));
6312 
6313 	/*
6314 	 * We'll set the page length to the maximum to save figuring it out
6315 	 * with an additional call.
6316 	 */
6317 	page_list =  kmem_zalloc(page_length, KM_SLEEP);
6318 
6319 	rval = sd_send_scsi_INQUIRY(un, page_list, page_length, evpd,
6320 	    page_code, NULL);
6321 
6322 	mutex_enter(SD_MUTEX(un));
6323 
6324 	/*
6325 	 * Now we must validate that the device accepted the command, as some
6326 	 * drives do not support it.  If the drive does support it, we will
6327 	 * return 0, and the supported pages will be in un_vpd_page_mask.  If
6328 	 * not, we return -1.
6329 	 */
6330 	if ((rval == 0) && (page_list[VPD_MODE_PAGE] == 0x00)) {
6331 		/* Loop to find one of the 2 pages we need */
6332 		counter = 4;  /* Supported pages start at byte 4, with 0x00 */
6333 
6334 		/*
6335 		 * Pages are returned in ascending order, and 0x83 is what we
6336 		 * are hoping for.
6337 		 */
6338 		while ((page_list[counter] <= 0x83) &&
6339 		    (counter <= (page_list[VPD_PAGE_LENGTH] +
6340 		    VPD_HEAD_OFFSET))) {
6341 			/*
6342 			 * Add 3 because page_list[3] is the number of
6343 			 * pages minus 3
6344 			 */
6345 
6346 			switch (page_list[counter]) {
6347 			case 0x00:
6348 				un->un_vpd_page_mask |= SD_VPD_SUPPORTED_PG;
6349 				break;
6350 			case 0x80:
6351 				un->un_vpd_page_mask |= SD_VPD_UNIT_SERIAL_PG;
6352 				break;
6353 			case 0x81:
6354 				un->un_vpd_page_mask |= SD_VPD_OPERATING_PG;
6355 				break;
6356 			case 0x82:
6357 				un->un_vpd_page_mask |= SD_VPD_ASCII_OP_PG;
6358 				break;
6359 			case 0x83:
6360 				un->un_vpd_page_mask |= SD_VPD_DEVID_WWN_PG;
6361 				break;
6362 			}
6363 			counter++;
6364 		}
6365 
6366 	} else {
6367 		rval = -1;
6368 
6369 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
6370 		    "sd_check_vpd_page_support: This drive does not implement "
6371 		    "VPD pages.\n");
6372 	}
6373 
6374 	kmem_free(page_list, page_length);
6375 
6376 	return (rval);
6377 }
6378 
6379 
6380 /*
6381  *    Function: sd_setup_pm
6382  *
6383  * Description: Initialize Power Management on the device
6384  *
6385  *     Context: Kernel Thread
6386  */
6387 
6388 static void
6389 sd_setup_pm(struct sd_lun *un, dev_info_t *devi)
6390 {
6391 	uint_t	log_page_size;
6392 	uchar_t	*log_page_data;
6393 	int	rval;
6394 
6395 	/*
6396 	 * Since we are called from attach, holding a mutex for
6397 	 * un is unnecessary. Because some of the routines called
6398 	 * from here require SD_MUTEX to not be held, assert this
6399 	 * right up front.
6400 	 */
6401 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6402 	/*
6403 	 * Since the sd device does not have the 'reg' property,
6404 	 * cpr will not call its DDI_SUSPEND/DDI_RESUME entries.
6405 	 * The following code is to tell cpr that this device
6406 	 * DOES need to be suspended and resumed.
6407 	 */
6408 	(void) ddi_prop_update_string(DDI_DEV_T_NONE, devi,
6409 	    "pm-hardware-state", "needs-suspend-resume");
6410 
6411 	/*
6412 	 * Check if HBA has set the "pm-capable" property.
6413 	 * If "pm-capable" exists and is non-zero then we can
6414 	 * power manage the device without checking the start/stop
6415 	 * cycle count log sense page.
6416 	 *
6417 	 * If "pm-capable" exists and is SD_PM_CAPABLE_FALSE (0)
6418 	 * then we should not power manage the device.
6419 	 *
6420 	 * If "pm-capable" doesn't exist then un->un_pm_capable_prop will
6421 	 * be set to SD_PM_CAPABLE_UNDEFINED (-1).  In this case, sd will
6422 	 * check the start/stop cycle count log sense page and power manage
6423 	 * the device if the cycle count limit has not been exceeded.
6424 	 */
6425 	un->un_pm_capable_prop =
6426 	    ddi_prop_get_int(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS,
6427 		"pm-capable", SD_PM_CAPABLE_UNDEFINED);
6428 	if (un->un_pm_capable_prop != SD_PM_CAPABLE_UNDEFINED) {
6429 		/*
6430 		 * pm-capable property exists.
6431 		 *
6432 		 * Convert "TRUE" values for un_pm_capable_prop to
6433 		 * SD_PM_CAPABLE_TRUE (1) to make it easier to check later.
6434 		 * "TRUE" values are any values except SD_PM_CAPABLE_FALSE (0)
6435 		 *  and SD_PM_CAPABLE_UNDEFINED (-1)
6436 		 */
6437 		if (un->un_pm_capable_prop != SD_PM_CAPABLE_FALSE) {
6438 			un->un_pm_capable_prop = SD_PM_CAPABLE_TRUE;
6439 		}
6440 
6441 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
6442 		    "sd_unit_attach: un:0x%p pm-capable "
6443 		    "property set to %d.\n", un, un->un_pm_capable_prop);
6444 	}
6445 
6446 	/*
6447 	 * This complies with the new power management framework
6448 	 * for certain desktop machines. Create the pm_components
6449 	 * property as a string array property.
6450 	 *
6451 	 * If this is a removable device or if the pm-capable property
6452 	 * is SD_PM_CAPABLE_TRUE (1) then we should create the
6453 	 * pm_components property without checking for the existance of
6454 	 * the start-stop cycle counter log page
6455 	 */
6456 	if (ISREMOVABLE(un) ||
6457 	    un->un_pm_capable_prop == SD_PM_CAPABLE_TRUE) {
6458 		/*
6459 		 * not all devices have a motor, try it first.
6460 		 * some devices may return ILLEGAL REQUEST, some
6461 		 * will hang
6462 		 */
6463 		un->un_f_start_stop_supported = TRUE;
6464 		if (sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
6465 		    SD_PATH_DIRECT) != 0) {
6466 			un->un_f_start_stop_supported = FALSE;
6467 		}
6468 
6469 		/*
6470 		 * create pm properties anyways otherwise the parent can't
6471 		 * go to sleep
6472 		 */
6473 		(void) sd_create_pm_components(devi, un);
6474 		un->un_f_pm_is_enabled = TRUE;
6475 
6476 		/*
6477 		 * Need to create a zero length (Boolean) property
6478 		 * removable-media for the removable media devices.
6479 		 * Note that the return value of the property is not being
6480 		 * checked, since if unable to create the property
6481 		 * then do not want the attach to fail altogether. Consistent
6482 		 * with other property creation in attach.
6483 		 */
6484 		if (ISREMOVABLE(un)) {
6485 			(void) ddi_prop_create(DDI_DEV_T_NONE, devi,
6486 			    DDI_PROP_CANSLEEP, "removable-media", NULL, 0);
6487 		}
6488 		return;
6489 	}
6490 
6491 	rval = sd_log_page_supported(un, START_STOP_CYCLE_PAGE);
6492 
6493 #ifdef	SDDEBUG
6494 	if (sd_force_pm_supported) {
6495 		/* Force a successful result */
6496 		rval = 1;
6497 	}
6498 #endif
6499 
6500 	/*
6501 	 * If the start-stop cycle counter log page is not supported
6502 	 * or if the pm-capable property is SD_PM_CAPABLE_FALSE (0)
6503 	 * then we should not create the pm_components property.
6504 	 */
6505 	if (rval == -1 || un->un_pm_capable_prop == SD_PM_CAPABLE_FALSE) {
6506 		/*
6507 		 * Error.
6508 		 * Reading log sense failed, most likely this is
6509 		 * an older drive that does not support log sense.
6510 		 * If this fails auto-pm is not supported.
6511 		 */
6512 		un->un_power_level = SD_SPINDLE_ON;
6513 		un->un_f_pm_is_enabled = FALSE;
6514 
6515 	} else if (rval == 0) {
6516 		/*
6517 		 * Page not found.
6518 		 * The start stop cycle counter is implemented as page
6519 		 * START_STOP_CYCLE_PAGE_VU_PAGE (0x31) in older disks. For
6520 		 * newer disks it is implemented as START_STOP_CYCLE_PAGE (0xE).
6521 		 */
6522 		if (sd_log_page_supported(un, START_STOP_CYCLE_VU_PAGE) == 1) {
6523 			/*
6524 			 * Page found, use this one.
6525 			 */
6526 			un->un_start_stop_cycle_page = START_STOP_CYCLE_VU_PAGE;
6527 			un->un_f_pm_is_enabled = TRUE;
6528 		} else {
6529 			/*
6530 			 * Error or page not found.
6531 			 * auto-pm is not supported for this device.
6532 			 */
6533 			un->un_power_level = SD_SPINDLE_ON;
6534 			un->un_f_pm_is_enabled = FALSE;
6535 		}
6536 	} else {
6537 		/*
6538 		 * Page found, use it.
6539 		 */
6540 		un->un_start_stop_cycle_page = START_STOP_CYCLE_PAGE;
6541 		un->un_f_pm_is_enabled = TRUE;
6542 	}
6543 
6544 
6545 	if (un->un_f_pm_is_enabled == TRUE) {
6546 		log_page_size = START_STOP_CYCLE_COUNTER_PAGE_SIZE;
6547 		log_page_data = kmem_zalloc(log_page_size, KM_SLEEP);
6548 
6549 		rval = sd_send_scsi_LOG_SENSE(un, log_page_data,
6550 		    log_page_size, un->un_start_stop_cycle_page,
6551 		    0x01, 0, SD_PATH_DIRECT);
6552 #ifdef	SDDEBUG
6553 		if (sd_force_pm_supported) {
6554 			/* Force a successful result */
6555 			rval = 0;
6556 		}
6557 #endif
6558 
6559 		/*
6560 		 * If the Log sense for Page( Start/stop cycle counter page)
6561 		 * succeeds, then power managment is supported and we can
6562 		 * enable auto-pm.
6563 		 */
6564 		if (rval == 0)  {
6565 			(void) sd_create_pm_components(devi, un);
6566 		} else {
6567 			un->un_power_level = SD_SPINDLE_ON;
6568 			un->un_f_pm_is_enabled = FALSE;
6569 		}
6570 
6571 		kmem_free(log_page_data, log_page_size);
6572 	}
6573 }
6574 
6575 
6576 /*
6577  *    Function: sd_create_pm_components
6578  *
6579  * Description: Initialize PM property.
6580  *
6581  *     Context: Kernel thread context
6582  */
6583 
6584 static void
6585 sd_create_pm_components(dev_info_t *devi, struct sd_lun *un)
6586 {
6587 	char *pm_comp[] = { "NAME=spindle-motor", "0=off", "1=on", NULL };
6588 
6589 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6590 
6591 	if (ddi_prop_update_string_array(DDI_DEV_T_NONE, devi,
6592 	    "pm-components", pm_comp, 3) == DDI_PROP_SUCCESS) {
6593 		/*
6594 		 * When components are initially created they are idle,
6595 		 * power up any non-removables.
6596 		 * Note: the return value of pm_raise_power can't be used
6597 		 * for determining if PM should be enabled for this device.
6598 		 * Even if you check the return values and remove this
6599 		 * property created above, the PM framework will not honor the
6600 		 * change after the first call to pm_raise_power. Hence,
6601 		 * removal of that property does not help if pm_raise_power
6602 		 * fails. In the case of removable media, the start/stop
6603 		 * will fail if the media is not present.
6604 		 */
6605 		if ((!ISREMOVABLE(un)) && (pm_raise_power(SD_DEVINFO(un), 0,
6606 		    SD_SPINDLE_ON) == DDI_SUCCESS)) {
6607 			mutex_enter(SD_MUTEX(un));
6608 			un->un_power_level = SD_SPINDLE_ON;
6609 			mutex_enter(&un->un_pm_mutex);
6610 			/* Set to on and not busy. */
6611 			un->un_pm_count = 0;
6612 		} else {
6613 			mutex_enter(SD_MUTEX(un));
6614 			un->un_power_level = SD_SPINDLE_OFF;
6615 			mutex_enter(&un->un_pm_mutex);
6616 			/* Set to off. */
6617 			un->un_pm_count = -1;
6618 		}
6619 		mutex_exit(&un->un_pm_mutex);
6620 		mutex_exit(SD_MUTEX(un));
6621 	} else {
6622 		un->un_power_level = SD_SPINDLE_ON;
6623 		un->un_f_pm_is_enabled = FALSE;
6624 	}
6625 }
6626 
6627 
6628 /*
6629  *    Function: sd_ddi_suspend
6630  *
6631  * Description: Performs system power-down operations. This includes
6632  *		setting the drive state to indicate its suspended so
6633  *		that no new commands will be accepted. Also, wait for
6634  *		all commands that are in transport or queued to a timer
6635  *		for retry to complete. All timeout threads are cancelled.
6636  *
6637  * Return Code: DDI_FAILURE or DDI_SUCCESS
6638  *
6639  *     Context: Kernel thread context
6640  */
6641 
6642 static int
6643 sd_ddi_suspend(dev_info_t *devi)
6644 {
6645 	struct	sd_lun	*un;
6646 	clock_t		wait_cmds_complete;
6647 
6648 	un = ddi_get_soft_state(sd_state, ddi_get_instance(devi));
6649 	if (un == NULL) {
6650 		return (DDI_FAILURE);
6651 	}
6652 
6653 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: entry\n");
6654 
6655 	mutex_enter(SD_MUTEX(un));
6656 
6657 	/* Return success if the device is already suspended. */
6658 	if (un->un_state == SD_STATE_SUSPENDED) {
6659 		mutex_exit(SD_MUTEX(un));
6660 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6661 		    "device already suspended, exiting\n");
6662 		return (DDI_SUCCESS);
6663 	}
6664 
6665 	/* Return failure if the device is being used by HA */
6666 	if (un->un_resvd_status &
6667 	    (SD_RESERVE | SD_WANT_RESERVE | SD_LOST_RESERVE)) {
6668 		mutex_exit(SD_MUTEX(un));
6669 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6670 		    "device in use by HA, exiting\n");
6671 		return (DDI_FAILURE);
6672 	}
6673 
6674 	/*
6675 	 * Return failure if the device is in a resource wait
6676 	 * or power changing state.
6677 	 */
6678 	if ((un->un_state == SD_STATE_RWAIT) ||
6679 	    (un->un_state == SD_STATE_PM_CHANGING)) {
6680 		mutex_exit(SD_MUTEX(un));
6681 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6682 		    "device in resource wait state, exiting\n");
6683 		return (DDI_FAILURE);
6684 	}
6685 
6686 
6687 	un->un_save_state = un->un_last_state;
6688 	New_state(un, SD_STATE_SUSPENDED);
6689 
6690 	/*
6691 	 * Wait for all commands that are in transport or queued to a timer
6692 	 * for retry to complete.
6693 	 *
6694 	 * While waiting, no new commands will be accepted or sent because of
6695 	 * the new state we set above.
6696 	 *
6697 	 * Wait till current operation has completed. If we are in the resource
6698 	 * wait state (with an intr outstanding) then we need to wait till the
6699 	 * intr completes and starts the next cmd. We want to wait for
6700 	 * SD_WAIT_CMDS_COMPLETE seconds before failing the DDI_SUSPEND.
6701 	 */
6702 	wait_cmds_complete = ddi_get_lbolt() +
6703 	    (sd_wait_cmds_complete * drv_usectohz(1000000));
6704 
6705 	while (un->un_ncmds_in_transport != 0) {
6706 		/*
6707 		 * Fail if commands do not finish in the specified time.
6708 		 */
6709 		if (cv_timedwait(&un->un_disk_busy_cv, SD_MUTEX(un),
6710 		    wait_cmds_complete) == -1) {
6711 			/*
6712 			 * Undo the state changes made above. Everything
6713 			 * must go back to it's original value.
6714 			 */
6715 			Restore_state(un);
6716 			un->un_last_state = un->un_save_state;
6717 			/* Wake up any threads that might be waiting. */
6718 			cv_broadcast(&un->un_suspend_cv);
6719 			mutex_exit(SD_MUTEX(un));
6720 			SD_ERROR(SD_LOG_IO_PM, un,
6721 			    "sd_ddi_suspend: failed due to outstanding cmds\n");
6722 			SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: exiting\n");
6723 			return (DDI_FAILURE);
6724 		}
6725 	}
6726 
6727 	/*
6728 	 * Cancel SCSI watch thread and timeouts, if any are active
6729 	 */
6730 
6731 	if (SD_OK_TO_SUSPEND_SCSI_WATCHER(un)) {
6732 		opaque_t temp_token = un->un_swr_token;
6733 		mutex_exit(SD_MUTEX(un));
6734 		scsi_watch_suspend(temp_token);
6735 		mutex_enter(SD_MUTEX(un));
6736 	}
6737 
6738 	if (un->un_reset_throttle_timeid != NULL) {
6739 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
6740 		un->un_reset_throttle_timeid = NULL;
6741 		mutex_exit(SD_MUTEX(un));
6742 		(void) untimeout(temp_id);
6743 		mutex_enter(SD_MUTEX(un));
6744 	}
6745 
6746 	if (un->un_dcvb_timeid != NULL) {
6747 		timeout_id_t temp_id = un->un_dcvb_timeid;
6748 		un->un_dcvb_timeid = NULL;
6749 		mutex_exit(SD_MUTEX(un));
6750 		(void) untimeout(temp_id);
6751 		mutex_enter(SD_MUTEX(un));
6752 	}
6753 
6754 	mutex_enter(&un->un_pm_mutex);
6755 	if (un->un_pm_timeid != NULL) {
6756 		timeout_id_t temp_id = un->un_pm_timeid;
6757 		un->un_pm_timeid = NULL;
6758 		mutex_exit(&un->un_pm_mutex);
6759 		mutex_exit(SD_MUTEX(un));
6760 		(void) untimeout(temp_id);
6761 		mutex_enter(SD_MUTEX(un));
6762 	} else {
6763 		mutex_exit(&un->un_pm_mutex);
6764 	}
6765 
6766 	if (un->un_retry_timeid != NULL) {
6767 		timeout_id_t temp_id = un->un_retry_timeid;
6768 		un->un_retry_timeid = NULL;
6769 		mutex_exit(SD_MUTEX(un));
6770 		(void) untimeout(temp_id);
6771 		mutex_enter(SD_MUTEX(un));
6772 	}
6773 
6774 	if (un->un_direct_priority_timeid != NULL) {
6775 		timeout_id_t temp_id = un->un_direct_priority_timeid;
6776 		un->un_direct_priority_timeid = NULL;
6777 		mutex_exit(SD_MUTEX(un));
6778 		(void) untimeout(temp_id);
6779 		mutex_enter(SD_MUTEX(un));
6780 	}
6781 
6782 	if (un->un_f_is_fibre == TRUE) {
6783 		/*
6784 		 * Remove callbacks for insert and remove events
6785 		 */
6786 		if (un->un_insert_event != NULL) {
6787 			mutex_exit(SD_MUTEX(un));
6788 			(void) ddi_remove_event_handler(un->un_insert_cb_id);
6789 			mutex_enter(SD_MUTEX(un));
6790 			un->un_insert_event = NULL;
6791 		}
6792 
6793 		if (un->un_remove_event != NULL) {
6794 			mutex_exit(SD_MUTEX(un));
6795 			(void) ddi_remove_event_handler(un->un_remove_cb_id);
6796 			mutex_enter(SD_MUTEX(un));
6797 			un->un_remove_event = NULL;
6798 		}
6799 	}
6800 
6801 	mutex_exit(SD_MUTEX(un));
6802 
6803 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: exit\n");
6804 
6805 	return (DDI_SUCCESS);
6806 }
6807 
6808 
6809 /*
6810  *    Function: sd_ddi_pm_suspend
6811  *
6812  * Description: Set the drive state to low power.
6813  *		Someone else is required to actually change the drive
6814  *		power level.
6815  *
6816  *   Arguments: un - driver soft state (unit) structure
6817  *
6818  * Return Code: DDI_FAILURE or DDI_SUCCESS
6819  *
6820  *     Context: Kernel thread context
6821  */
6822 
6823 static int
6824 sd_ddi_pm_suspend(struct sd_lun *un)
6825 {
6826 	ASSERT(un != NULL);
6827 	SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: entry\n");
6828 
6829 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6830 	mutex_enter(SD_MUTEX(un));
6831 
6832 	/*
6833 	 * Exit if power management is not enabled for this device, or if
6834 	 * the device is being used by HA.
6835 	 */
6836 	if ((un->un_f_pm_is_enabled == FALSE) || (un->un_resvd_status &
6837 	    (SD_RESERVE | SD_WANT_RESERVE | SD_LOST_RESERVE))) {
6838 		mutex_exit(SD_MUTEX(un));
6839 		SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: exiting\n");
6840 		return (DDI_SUCCESS);
6841 	}
6842 
6843 	SD_INFO(SD_LOG_POWER, un, "sd_ddi_pm_suspend: un_ncmds_in_driver=%ld\n",
6844 	    un->un_ncmds_in_driver);
6845 
6846 	/*
6847 	 * See if the device is not busy, ie.:
6848 	 *    - we have no commands in the driver for this device
6849 	 *    - not waiting for resources
6850 	 */
6851 	if ((un->un_ncmds_in_driver == 0) &&
6852 	    (un->un_state != SD_STATE_RWAIT)) {
6853 		/*
6854 		 * The device is not busy, so it is OK to go to low power state.
6855 		 * Indicate low power, but rely on someone else to actually
6856 		 * change it.
6857 		 */
6858 		mutex_enter(&un->un_pm_mutex);
6859 		un->un_pm_count = -1;
6860 		mutex_exit(&un->un_pm_mutex);
6861 		un->un_power_level = SD_SPINDLE_OFF;
6862 	}
6863 
6864 	mutex_exit(SD_MUTEX(un));
6865 
6866 	SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: exit\n");
6867 
6868 	return (DDI_SUCCESS);
6869 }
6870 
6871 
6872 /*
6873  *    Function: sd_ddi_resume
6874  *
6875  * Description: Performs system power-up operations..
6876  *
6877  * Return Code: DDI_SUCCESS
6878  *		DDI_FAILURE
6879  *
6880  *     Context: Kernel thread context
6881  */
6882 
6883 static int
6884 sd_ddi_resume(dev_info_t *devi)
6885 {
6886 	struct	sd_lun	*un;
6887 
6888 	un = ddi_get_soft_state(sd_state, ddi_get_instance(devi));
6889 	if (un == NULL) {
6890 		return (DDI_FAILURE);
6891 	}
6892 
6893 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_resume: entry\n");
6894 
6895 	mutex_enter(SD_MUTEX(un));
6896 	Restore_state(un);
6897 
6898 	/*
6899 	 * Restore the state which was saved to give the
6900 	 * the right state in un_last_state
6901 	 */
6902 	un->un_last_state = un->un_save_state;
6903 	/*
6904 	 * Note: throttle comes back at full.
6905 	 * Also note: this MUST be done before calling pm_raise_power
6906 	 * otherwise the system can get hung in biowait. The scenario where
6907 	 * this'll happen is under cpr suspend. Writing of the system
6908 	 * state goes through sddump, which writes 0 to un_throttle. If
6909 	 * writing the system state then fails, example if the partition is
6910 	 * too small, then cpr attempts a resume. If throttle isn't restored
6911 	 * from the saved value until after calling pm_raise_power then
6912 	 * cmds sent in sdpower are not transported and sd_send_scsi_cmd hangs
6913 	 * in biowait.
6914 	 */
6915 	un->un_throttle = un->un_saved_throttle;
6916 
6917 	/*
6918 	 * The chance of failure is very rare as the only command done in power
6919 	 * entry point is START command when you transition from 0->1 or
6920 	 * unknown->1. Put it to SPINDLE ON state irrespective of the state at
6921 	 * which suspend was done. Ignore the return value as the resume should
6922 	 * not be failed. In the case of removable media the media need not be
6923 	 * inserted and hence there is a chance that raise power will fail with
6924 	 * media not present.
6925 	 */
6926 	if (!ISREMOVABLE(un)) {
6927 		mutex_exit(SD_MUTEX(un));
6928 		(void) pm_raise_power(SD_DEVINFO(un), 0, SD_SPINDLE_ON);
6929 		mutex_enter(SD_MUTEX(un));
6930 	}
6931 
6932 	/*
6933 	 * Don't broadcast to the suspend cv and therefore possibly
6934 	 * start I/O until after power has been restored.
6935 	 */
6936 	cv_broadcast(&un->un_suspend_cv);
6937 	cv_broadcast(&un->un_state_cv);
6938 
6939 	/* restart thread */
6940 	if (SD_OK_TO_RESUME_SCSI_WATCHER(un)) {
6941 		scsi_watch_resume(un->un_swr_token);
6942 	}
6943 
6944 #if (defined(__fibre))
6945 	if (un->un_f_is_fibre == TRUE) {
6946 		/*
6947 		 * Add callbacks for insert and remove events
6948 		 */
6949 		if (strcmp(un->un_node_type, DDI_NT_BLOCK_CHAN)) {
6950 			sd_init_event_callbacks(un);
6951 		}
6952 	}
6953 #endif
6954 
6955 	/*
6956 	 * Transport any pending commands to the target.
6957 	 *
6958 	 * If this is a low-activity device commands in queue will have to wait
6959 	 * until new commands come in, which may take awhile. Also, we
6960 	 * specifically don't check un_ncmds_in_transport because we know that
6961 	 * there really are no commands in progress after the unit was
6962 	 * suspended and we could have reached the throttle level, been
6963 	 * suspended, and have no new commands coming in for awhile. Highly
6964 	 * unlikely, but so is the low-activity disk scenario.
6965 	 */
6966 	ddi_xbuf_dispatch(un->un_xbuf_attr);
6967 
6968 	sd_start_cmds(un, NULL);
6969 	mutex_exit(SD_MUTEX(un));
6970 
6971 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_resume: exit\n");
6972 
6973 	return (DDI_SUCCESS);
6974 }
6975 
6976 
6977 /*
6978  *    Function: sd_ddi_pm_resume
6979  *
6980  * Description: Set the drive state to powered on.
6981  *		Someone else is required to actually change the drive
6982  *		power level.
6983  *
6984  *   Arguments: un - driver soft state (unit) structure
6985  *
6986  * Return Code: DDI_SUCCESS
6987  *
6988  *     Context: Kernel thread context
6989  */
6990 
6991 static int
6992 sd_ddi_pm_resume(struct sd_lun *un)
6993 {
6994 	ASSERT(un != NULL);
6995 
6996 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6997 	mutex_enter(SD_MUTEX(un));
6998 	un->un_power_level = SD_SPINDLE_ON;
6999 
7000 	ASSERT(!mutex_owned(&un->un_pm_mutex));
7001 	mutex_enter(&un->un_pm_mutex);
7002 	if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
7003 		un->un_pm_count++;
7004 		ASSERT(un->un_pm_count == 0);
7005 		/*
7006 		 * Note: no longer do the cv_broadcast on un_suspend_cv. The
7007 		 * un_suspend_cv is for a system resume, not a power management
7008 		 * device resume. (4297749)
7009 		 *	 cv_broadcast(&un->un_suspend_cv);
7010 		 */
7011 	}
7012 	mutex_exit(&un->un_pm_mutex);
7013 	mutex_exit(SD_MUTEX(un));
7014 
7015 	return (DDI_SUCCESS);
7016 }
7017 
7018 
7019 /*
7020  *    Function: sd_pm_idletimeout_handler
7021  *
7022  * Description: A timer routine that's active only while a device is busy.
7023  *		The purpose is to extend slightly the pm framework's busy
7024  *		view of the device to prevent busy/idle thrashing for
7025  *		back-to-back commands. Do this by comparing the current time
7026  *		to the time at which the last command completed and when the
7027  *		difference is greater than sd_pm_idletime, call
7028  *		pm_idle_component. In addition to indicating idle to the pm
7029  *		framework, update the chain type to again use the internal pm
7030  *		layers of the driver.
7031  *
7032  *   Arguments: arg - driver soft state (unit) structure
7033  *
7034  *     Context: Executes in a timeout(9F) thread context
7035  */
7036 
7037 static void
7038 sd_pm_idletimeout_handler(void *arg)
7039 {
7040 	struct sd_lun *un = arg;
7041 
7042 	time_t	now;
7043 
7044 	mutex_enter(&sd_detach_mutex);
7045 	if (un->un_detach_count != 0) {
7046 		/* Abort if the instance is detaching */
7047 		mutex_exit(&sd_detach_mutex);
7048 		return;
7049 	}
7050 	mutex_exit(&sd_detach_mutex);
7051 
7052 	now = ddi_get_time();
7053 	/*
7054 	 * Grab both mutexes, in the proper order, since we're accessing
7055 	 * both PM and softstate variables.
7056 	 */
7057 	mutex_enter(SD_MUTEX(un));
7058 	mutex_enter(&un->un_pm_mutex);
7059 	if (((now - un->un_pm_idle_time) > sd_pm_idletime) &&
7060 	    (un->un_ncmds_in_driver == 0) && (un->un_pm_count == 0)) {
7061 		/*
7062 		 * Update the chain types.
7063 		 * This takes affect on the next new command received.
7064 		 */
7065 		if (ISREMOVABLE(un)) {
7066 			un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA;
7067 		} else {
7068 			un->un_buf_chain_type = SD_CHAIN_INFO_DISK;
7069 		}
7070 		un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD;
7071 
7072 		SD_TRACE(SD_LOG_IO_PM, un,
7073 		    "sd_pm_idletimeout_handler: idling device\n");
7074 		(void) pm_idle_component(SD_DEVINFO(un), 0);
7075 		un->un_pm_idle_timeid = NULL;
7076 	} else {
7077 		un->un_pm_idle_timeid =
7078 			timeout(sd_pm_idletimeout_handler, un,
7079 			(drv_usectohz((clock_t)300000))); /* 300 ms. */
7080 	}
7081 	mutex_exit(&un->un_pm_mutex);
7082 	mutex_exit(SD_MUTEX(un));
7083 }
7084 
7085 
7086 /*
7087  *    Function: sd_pm_timeout_handler
7088  *
7089  * Description: Callback to tell framework we are idle.
7090  *
7091  *     Context: timeout(9f) thread context.
7092  */
7093 
7094 static void
7095 sd_pm_timeout_handler(void *arg)
7096 {
7097 	struct sd_lun *un = arg;
7098 
7099 	(void) pm_idle_component(SD_DEVINFO(un), 0);
7100 	mutex_enter(&un->un_pm_mutex);
7101 	un->un_pm_timeid = NULL;
7102 	mutex_exit(&un->un_pm_mutex);
7103 }
7104 
7105 
7106 /*
7107  *    Function: sdpower
7108  *
7109  * Description: PM entry point.
7110  *
7111  * Return Code: DDI_SUCCESS
7112  *		DDI_FAILURE
7113  *
7114  *     Context: Kernel thread context
7115  */
7116 
7117 static int
7118 sdpower(dev_info_t *devi, int component, int level)
7119 {
7120 	struct sd_lun	*un;
7121 	int		instance;
7122 	int		rval = DDI_SUCCESS;
7123 	uint_t		i, log_page_size, maxcycles, ncycles;
7124 	uchar_t		*log_page_data;
7125 	int		log_sense_page;
7126 	int		medium_present;
7127 	time_t		intvlp;
7128 	dev_t		dev;
7129 	struct pm_trans_data	sd_pm_tran_data;
7130 	uchar_t		save_state;
7131 	int		sval;
7132 	uchar_t		state_before_pm;
7133 	int		got_semaphore_here;
7134 
7135 	instance = ddi_get_instance(devi);
7136 
7137 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
7138 	    (SD_SPINDLE_OFF > level) || (level > SD_SPINDLE_ON) ||
7139 	    component != 0) {
7140 		return (DDI_FAILURE);
7141 	}
7142 
7143 	dev = sd_make_device(SD_DEVINFO(un));
7144 
7145 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: entry, level = %d\n", level);
7146 
7147 	/*
7148 	 * Must synchronize power down with close.
7149 	 * Attempt to decrement/acquire the open/close semaphore,
7150 	 * but do NOT wait on it. If it's not greater than zero,
7151 	 * ie. it can't be decremented without waiting, then
7152 	 * someone else, either open or close, already has it
7153 	 * and the try returns 0. Use that knowledge here to determine
7154 	 * if it's OK to change the device power level.
7155 	 * Also, only increment it on exit if it was decremented, ie. gotten,
7156 	 * here.
7157 	 */
7158 	got_semaphore_here = sema_tryp(&un->un_semoclose);
7159 
7160 	mutex_enter(SD_MUTEX(un));
7161 
7162 	SD_INFO(SD_LOG_POWER, un, "sdpower: un_ncmds_in_driver = %ld\n",
7163 	    un->un_ncmds_in_driver);
7164 
7165 	/*
7166 	 * If un_ncmds_in_driver is non-zero it indicates commands are
7167 	 * already being processed in the driver, or if the semaphore was
7168 	 * not gotten here it indicates an open or close is being processed.
7169 	 * At the same time somebody is requesting to go low power which
7170 	 * can't happen, therefore we need to return failure.
7171 	 */
7172 	if ((level == SD_SPINDLE_OFF) &&
7173 	    ((un->un_ncmds_in_driver != 0) || (got_semaphore_here == 0))) {
7174 		mutex_exit(SD_MUTEX(un));
7175 
7176 		if (got_semaphore_here != 0) {
7177 			sema_v(&un->un_semoclose);
7178 		}
7179 		SD_TRACE(SD_LOG_IO_PM, un,
7180 		    "sdpower: exit, device has queued cmds.\n");
7181 		return (DDI_FAILURE);
7182 	}
7183 
7184 	/*
7185 	 * if it is OFFLINE that means the disk is completely dead
7186 	 * in our case we have to put the disk in on or off by sending commands
7187 	 * Of course that will fail anyway so return back here.
7188 	 *
7189 	 * Power changes to a device that's OFFLINE or SUSPENDED
7190 	 * are not allowed.
7191 	 */
7192 	if ((un->un_state == SD_STATE_OFFLINE) ||
7193 	    (un->un_state == SD_STATE_SUSPENDED)) {
7194 		mutex_exit(SD_MUTEX(un));
7195 
7196 		if (got_semaphore_here != 0) {
7197 			sema_v(&un->un_semoclose);
7198 		}
7199 		SD_TRACE(SD_LOG_IO_PM, un,
7200 		    "sdpower: exit, device is off-line.\n");
7201 		return (DDI_FAILURE);
7202 	}
7203 
7204 	/*
7205 	 * Change the device's state to indicate it's power level
7206 	 * is being changed. Do this to prevent a power off in the
7207 	 * middle of commands, which is especially bad on devices
7208 	 * that are really powered off instead of just spun down.
7209 	 */
7210 	state_before_pm = un->un_state;
7211 	un->un_state = SD_STATE_PM_CHANGING;
7212 
7213 	mutex_exit(SD_MUTEX(un));
7214 
7215 	/*
7216 	 * Bypass checking the log sense information for removables
7217 	 * and devices for which the HBA set the pm-capable property.
7218 	 * If un->un_pm_capable_prop is SD_PM_CAPABLE_UNDEFINED (-1)
7219 	 * then the HBA did not create the property.
7220 	 */
7221 	if ((level == SD_SPINDLE_OFF) && (!ISREMOVABLE(un)) &&
7222 	    un->un_pm_capable_prop == SD_PM_CAPABLE_UNDEFINED) {
7223 		/*
7224 		 * Get the log sense information to understand whether the
7225 		 * the powercycle counts have gone beyond the threshhold.
7226 		 */
7227 		log_page_size = START_STOP_CYCLE_COUNTER_PAGE_SIZE;
7228 		log_page_data = kmem_zalloc(log_page_size, KM_SLEEP);
7229 
7230 		mutex_enter(SD_MUTEX(un));
7231 		log_sense_page = un->un_start_stop_cycle_page;
7232 		mutex_exit(SD_MUTEX(un));
7233 
7234 		rval = sd_send_scsi_LOG_SENSE(un, log_page_data,
7235 		    log_page_size, log_sense_page, 0x01, 0, SD_PATH_DIRECT);
7236 #ifdef	SDDEBUG
7237 		if (sd_force_pm_supported) {
7238 			/* Force a successful result */
7239 			rval = 0;
7240 		}
7241 #endif
7242 		if (rval != 0) {
7243 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
7244 			    "Log Sense Failed\n");
7245 			kmem_free(log_page_data, log_page_size);
7246 			/* Cannot support power management on those drives */
7247 
7248 			if (got_semaphore_here != 0) {
7249 				sema_v(&un->un_semoclose);
7250 			}
7251 			/*
7252 			 * On exit put the state back to it's original value
7253 			 * and broadcast to anyone waiting for the power
7254 			 * change completion.
7255 			 */
7256 			mutex_enter(SD_MUTEX(un));
7257 			un->un_state = state_before_pm;
7258 			cv_broadcast(&un->un_suspend_cv);
7259 			mutex_exit(SD_MUTEX(un));
7260 			SD_TRACE(SD_LOG_IO_PM, un,
7261 			    "sdpower: exit, Log Sense Failed.\n");
7262 			return (DDI_FAILURE);
7263 		}
7264 
7265 		/*
7266 		 * From the page data - Convert the essential information to
7267 		 * pm_trans_data
7268 		 */
7269 		maxcycles =
7270 		    (log_page_data[0x1c] << 24) | (log_page_data[0x1d] << 16) |
7271 		    (log_page_data[0x1E] << 8)  | log_page_data[0x1F];
7272 
7273 		sd_pm_tran_data.un.scsi_cycles.lifemax = maxcycles;
7274 
7275 		ncycles =
7276 		    (log_page_data[0x24] << 24) | (log_page_data[0x25] << 16) |
7277 		    (log_page_data[0x26] << 8)  | log_page_data[0x27];
7278 
7279 		sd_pm_tran_data.un.scsi_cycles.ncycles = ncycles;
7280 
7281 		for (i = 0; i < DC_SCSI_MFR_LEN; i++) {
7282 			sd_pm_tran_data.un.scsi_cycles.svc_date[i] =
7283 			    log_page_data[8+i];
7284 		}
7285 
7286 		kmem_free(log_page_data, log_page_size);
7287 
7288 		/*
7289 		 * Call pm_trans_check routine to get the Ok from
7290 		 * the global policy
7291 		 */
7292 
7293 		sd_pm_tran_data.format = DC_SCSI_FORMAT;
7294 		sd_pm_tran_data.un.scsi_cycles.flag = 0;
7295 
7296 		rval = pm_trans_check(&sd_pm_tran_data, &intvlp);
7297 #ifdef	SDDEBUG
7298 		if (sd_force_pm_supported) {
7299 			/* Force a successful result */
7300 			rval = 1;
7301 		}
7302 #endif
7303 		switch (rval) {
7304 		case 0:
7305 			/*
7306 			 * Not Ok to Power cycle or error in parameters passed
7307 			 * Would have given the advised time to consider power
7308 			 * cycle. Based on the new intvlp parameter we are
7309 			 * supposed to pretend we are busy so that pm framework
7310 			 * will never call our power entry point. Because of
7311 			 * that install a timeout handler and wait for the
7312 			 * recommended time to elapse so that power management
7313 			 * can be effective again.
7314 			 *
7315 			 * To effect this behavior, call pm_busy_component to
7316 			 * indicate to the framework this device is busy.
7317 			 * By not adjusting un_pm_count the rest of PM in
7318 			 * the driver will function normally, and independant
7319 			 * of this but because the framework is told the device
7320 			 * is busy it won't attempt powering down until it gets
7321 			 * a matching idle. The timeout handler sends this.
7322 			 * Note: sd_pm_entry can't be called here to do this
7323 			 * because sdpower may have been called as a result
7324 			 * of a call to pm_raise_power from within sd_pm_entry.
7325 			 *
7326 			 * If a timeout handler is already active then
7327 			 * don't install another.
7328 			 */
7329 			mutex_enter(&un->un_pm_mutex);
7330 			if (un->un_pm_timeid == NULL) {
7331 				un->un_pm_timeid =
7332 				    timeout(sd_pm_timeout_handler,
7333 				    un, intvlp * drv_usectohz(1000000));
7334 				mutex_exit(&un->un_pm_mutex);
7335 				(void) pm_busy_component(SD_DEVINFO(un), 0);
7336 			} else {
7337 				mutex_exit(&un->un_pm_mutex);
7338 			}
7339 			if (got_semaphore_here != 0) {
7340 				sema_v(&un->un_semoclose);
7341 			}
7342 			/*
7343 			 * On exit put the state back to it's original value
7344 			 * and broadcast to anyone waiting for the power
7345 			 * change completion.
7346 			 */
7347 			mutex_enter(SD_MUTEX(un));
7348 			un->un_state = state_before_pm;
7349 			cv_broadcast(&un->un_suspend_cv);
7350 			mutex_exit(SD_MUTEX(un));
7351 
7352 			SD_TRACE(SD_LOG_IO_PM, un, "sdpower: exit, "
7353 			    "trans check Failed, not ok to power cycle.\n");
7354 			return (DDI_FAILURE);
7355 
7356 		case -1:
7357 			if (got_semaphore_here != 0) {
7358 				sema_v(&un->un_semoclose);
7359 			}
7360 			/*
7361 			 * On exit put the state back to it's original value
7362 			 * and broadcast to anyone waiting for the power
7363 			 * change completion.
7364 			 */
7365 			mutex_enter(SD_MUTEX(un));
7366 			un->un_state = state_before_pm;
7367 			cv_broadcast(&un->un_suspend_cv);
7368 			mutex_exit(SD_MUTEX(un));
7369 			SD_TRACE(SD_LOG_IO_PM, un,
7370 			    "sdpower: exit, trans check command Failed.\n");
7371 			return (DDI_FAILURE);
7372 		}
7373 	}
7374 
7375 	if (level == SD_SPINDLE_OFF) {
7376 		/*
7377 		 * Save the last state... if the STOP FAILS we need it
7378 		 * for restoring
7379 		 */
7380 		mutex_enter(SD_MUTEX(un));
7381 		save_state = un->un_last_state;
7382 		/*
7383 		 * There must not be any cmds. getting processed
7384 		 * in the driver when we get here. Power to the
7385 		 * device is potentially going off.
7386 		 */
7387 		ASSERT(un->un_ncmds_in_driver == 0);
7388 		mutex_exit(SD_MUTEX(un));
7389 
7390 		/*
7391 		 * For now suspend the device completely before spindle is
7392 		 * turned off
7393 		 */
7394 		if ((rval = sd_ddi_pm_suspend(un)) == DDI_FAILURE) {
7395 			if (got_semaphore_here != 0) {
7396 				sema_v(&un->un_semoclose);
7397 			}
7398 			/*
7399 			 * On exit put the state back to it's original value
7400 			 * and broadcast to anyone waiting for the power
7401 			 * change completion.
7402 			 */
7403 			mutex_enter(SD_MUTEX(un));
7404 			un->un_state = state_before_pm;
7405 			cv_broadcast(&un->un_suspend_cv);
7406 			mutex_exit(SD_MUTEX(un));
7407 			SD_TRACE(SD_LOG_IO_PM, un,
7408 			    "sdpower: exit, PM suspend Failed.\n");
7409 			return (DDI_FAILURE);
7410 		}
7411 	}
7412 
7413 	/*
7414 	 * The transition from SPINDLE_OFF to SPINDLE_ON can happen in open,
7415 	 * close, or strategy. Dump no long uses this routine, it uses it's
7416 	 * own code so it can be done in polled mode.
7417 	 */
7418 
7419 	medium_present = TRUE;
7420 
7421 	/*
7422 	 * When powering up, issue a TUR in case the device is at unit
7423 	 * attention.  Don't do retries. Bypass the PM layer, otherwise
7424 	 * a deadlock on un_pm_busy_cv will occur.
7425 	 */
7426 	if (level == SD_SPINDLE_ON) {
7427 		(void) sd_send_scsi_TEST_UNIT_READY(un,
7428 		    SD_DONT_RETRY_TUR | SD_BYPASS_PM);
7429 	}
7430 
7431 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: sending \'%s\' unit\n",
7432 	    ((level == SD_SPINDLE_ON) ? "START" : "STOP"));
7433 
7434 	sval = sd_send_scsi_START_STOP_UNIT(un,
7435 	    ((level == SD_SPINDLE_ON) ? SD_TARGET_START : SD_TARGET_STOP),
7436 	    SD_PATH_DIRECT);
7437 	/* Command failed, check for media present. */
7438 	if ((sval == ENXIO) && ISREMOVABLE(un)) {
7439 		medium_present = FALSE;
7440 	}
7441 
7442 	/*
7443 	 * The conditions of interest here are:
7444 	 *   if a spindle off with media present fails,
7445 	 *	then restore the state and return an error.
7446 	 *   else if a spindle on fails,
7447 	 *	then return an error (there's no state to restore).
7448 	 * In all other cases we setup for the new state
7449 	 * and return success.
7450 	 */
7451 	switch (level) {
7452 	case SD_SPINDLE_OFF:
7453 		if ((medium_present == TRUE) && (sval != 0)) {
7454 			/* The stop command from above failed */
7455 			rval = DDI_FAILURE;
7456 			/*
7457 			 * The stop command failed, and we have media
7458 			 * present. Put the level back by calling the
7459 			 * sd_pm_resume() and set the state back to
7460 			 * it's previous value.
7461 			 */
7462 			(void) sd_ddi_pm_resume(un);
7463 			mutex_enter(SD_MUTEX(un));
7464 			un->un_last_state = save_state;
7465 			mutex_exit(SD_MUTEX(un));
7466 			break;
7467 		}
7468 		/*
7469 		 * The stop command from above succeeded.
7470 		 */
7471 		if (ISREMOVABLE(un)) {
7472 			/*
7473 			 * Terminate watch thread in case of removable media
7474 			 * devices going into low power state. This is as per
7475 			 * the requirements of pm framework, otherwise commands
7476 			 * will be generated for the device (through watch
7477 			 * thread), even when the device is in low power state.
7478 			 */
7479 			mutex_enter(SD_MUTEX(un));
7480 			un->un_f_watcht_stopped = FALSE;
7481 			if (un->un_swr_token != NULL) {
7482 				opaque_t temp_token = un->un_swr_token;
7483 				un->un_f_watcht_stopped = TRUE;
7484 				un->un_swr_token = NULL;
7485 				mutex_exit(SD_MUTEX(un));
7486 				(void) scsi_watch_request_terminate(temp_token,
7487 				    SCSI_WATCH_TERMINATE_WAIT);
7488 			} else {
7489 				mutex_exit(SD_MUTEX(un));
7490 			}
7491 		}
7492 		break;
7493 
7494 	default:	/* The level requested is spindle on... */
7495 		/*
7496 		 * Legacy behavior: return success on a failed spinup
7497 		 * if there is no media in the drive.
7498 		 * Do this by looking at medium_present here.
7499 		 */
7500 		if ((sval != 0) && medium_present) {
7501 			/* The start command from above failed */
7502 			rval = DDI_FAILURE;
7503 			break;
7504 		}
7505 		/*
7506 		 * The start command from above succeeded
7507 		 * Resume the devices now that we have
7508 		 * started the disks
7509 		 */
7510 		(void) sd_ddi_pm_resume(un);
7511 
7512 		/*
7513 		 * Resume the watch thread since it was suspended
7514 		 * when the device went into low power mode.
7515 		 */
7516 		if (ISREMOVABLE(un)) {
7517 			mutex_enter(SD_MUTEX(un));
7518 			if (un->un_f_watcht_stopped == TRUE) {
7519 				opaque_t temp_token;
7520 
7521 				un->un_f_watcht_stopped = FALSE;
7522 				mutex_exit(SD_MUTEX(un));
7523 				temp_token = scsi_watch_request_submit(
7524 				    SD_SCSI_DEVP(un),
7525 				    sd_check_media_time,
7526 				    SENSE_LENGTH, sd_media_watch_cb,
7527 				    (caddr_t)dev);
7528 				mutex_enter(SD_MUTEX(un));
7529 				un->un_swr_token = temp_token;
7530 			}
7531 			mutex_exit(SD_MUTEX(un));
7532 		}
7533 	}
7534 	if (got_semaphore_here != 0) {
7535 		sema_v(&un->un_semoclose);
7536 	}
7537 	/*
7538 	 * On exit put the state back to it's original value
7539 	 * and broadcast to anyone waiting for the power
7540 	 * change completion.
7541 	 */
7542 	mutex_enter(SD_MUTEX(un));
7543 	un->un_state = state_before_pm;
7544 	cv_broadcast(&un->un_suspend_cv);
7545 	mutex_exit(SD_MUTEX(un));
7546 
7547 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: exit, status = 0x%x\n", rval);
7548 
7549 	return (rval);
7550 }
7551 
7552 
7553 
7554 /*
7555  *    Function: sdattach
7556  *
7557  * Description: Driver's attach(9e) entry point function.
7558  *
7559  *   Arguments: devi - opaque device info handle
7560  *		cmd  - attach  type
7561  *
7562  * Return Code: DDI_SUCCESS
7563  *		DDI_FAILURE
7564  *
7565  *     Context: Kernel thread context
7566  */
7567 
7568 static int
7569 sdattach(dev_info_t *devi, ddi_attach_cmd_t cmd)
7570 {
7571 	switch (cmd) {
7572 	case DDI_ATTACH:
7573 		return (sd_unit_attach(devi));
7574 	case DDI_RESUME:
7575 		return (sd_ddi_resume(devi));
7576 	default:
7577 		break;
7578 	}
7579 	return (DDI_FAILURE);
7580 }
7581 
7582 
7583 /*
7584  *    Function: sddetach
7585  *
7586  * Description: Driver's detach(9E) entry point function.
7587  *
7588  *   Arguments: devi - opaque device info handle
7589  *		cmd  - detach  type
7590  *
7591  * Return Code: DDI_SUCCESS
7592  *		DDI_FAILURE
7593  *
7594  *     Context: Kernel thread context
7595  */
7596 
7597 static int
7598 sddetach(dev_info_t *devi, ddi_detach_cmd_t cmd)
7599 {
7600 	switch (cmd) {
7601 	case DDI_DETACH:
7602 		return (sd_unit_detach(devi));
7603 	case DDI_SUSPEND:
7604 		return (sd_ddi_suspend(devi));
7605 	default:
7606 		break;
7607 	}
7608 	return (DDI_FAILURE);
7609 }
7610 
7611 
7612 /*
7613  *     Function: sd_sync_with_callback
7614  *
7615  *  Description: Prevents sd_unit_attach or sd_unit_detach from freeing the soft
7616  *		 state while the callback routine is active.
7617  *
7618  *    Arguments: un: softstate structure for the instance
7619  *
7620  *	Context: Kernel thread context
7621  */
7622 
7623 static void
7624 sd_sync_with_callback(struct sd_lun *un)
7625 {
7626 	ASSERT(un != NULL);
7627 
7628 	mutex_enter(SD_MUTEX(un));
7629 
7630 	ASSERT(un->un_in_callback >= 0);
7631 
7632 	while (un->un_in_callback > 0) {
7633 		mutex_exit(SD_MUTEX(un));
7634 		delay(2);
7635 		mutex_enter(SD_MUTEX(un));
7636 	}
7637 
7638 	mutex_exit(SD_MUTEX(un));
7639 }
7640 
7641 /*
7642  *    Function: sd_unit_attach
7643  *
7644  * Description: Performs DDI_ATTACH processing for sdattach(). Allocates
7645  *		the soft state structure for the device and performs
7646  *		all necessary structure and device initializations.
7647  *
7648  *   Arguments: devi: the system's dev_info_t for the device.
7649  *
7650  * Return Code: DDI_SUCCESS if attach is successful.
7651  *		DDI_FAILURE if any part of the attach fails.
7652  *
7653  *     Context: Called at attach(9e) time for the DDI_ATTACH flag.
7654  *		Kernel thread context only.  Can sleep.
7655  */
7656 
7657 static int
7658 sd_unit_attach(dev_info_t *devi)
7659 {
7660 	struct	scsi_device	*devp;
7661 	struct	sd_lun		*un;
7662 	char			*variantp;
7663 	int	reservation_flag = SD_TARGET_IS_UNRESERVED;
7664 	int	instance;
7665 	int	rval;
7666 	int	wc_enabled;
7667 	uint64_t	capacity;
7668 	uint_t		lbasize;
7669 
7670 	/*
7671 	 * Retrieve the target driver's private data area. This was set
7672 	 * up by the HBA.
7673 	 */
7674 	devp = ddi_get_driver_private(devi);
7675 
7676 	/*
7677 	 * Since we have no idea what state things were left in by the last
7678 	 * user of the device, set up some 'default' settings, ie. turn 'em
7679 	 * off. The scsi_ifsetcap calls force re-negotiations with the drive.
7680 	 * Do this before the scsi_probe, which sends an inquiry.
7681 	 * This is a fix for bug (4430280).
7682 	 * Of special importance is wide-xfer. The drive could have been left
7683 	 * in wide transfer mode by the last driver to communicate with it,
7684 	 * this includes us. If that's the case, and if the following is not
7685 	 * setup properly or we don't re-negotiate with the drive prior to
7686 	 * transferring data to/from the drive, it causes bus parity errors,
7687 	 * data overruns, and unexpected interrupts. This first occurred when
7688 	 * the fix for bug (4378686) was made.
7689 	 */
7690 	(void) scsi_ifsetcap(&devp->sd_address, "lun-reset", 0, 1);
7691 	(void) scsi_ifsetcap(&devp->sd_address, "wide-xfer", 0, 1);
7692 	(void) scsi_ifsetcap(&devp->sd_address, "tagged-qing", 0, 1);
7693 	(void) scsi_ifsetcap(&devp->sd_address, "auto-rqsense", 0, 1);
7694 
7695 	/*
7696 	 * Use scsi_probe() to issue an INQUIRY command to the device.
7697 	 * This call will allocate and fill in the scsi_inquiry structure
7698 	 * and point the sd_inq member of the scsi_device structure to it.
7699 	 * If the attach succeeds, then this memory will not be de-allocated
7700 	 * (via scsi_unprobe()) until the instance is detached.
7701 	 */
7702 	if (scsi_probe(devp, SLEEP_FUNC) != SCSIPROBE_EXISTS) {
7703 		goto probe_failed;
7704 	}
7705 
7706 	/*
7707 	 * Check the device type as specified in the inquiry data and
7708 	 * claim it if it is of a type that we support.
7709 	 */
7710 	switch (devp->sd_inq->inq_dtype) {
7711 	case DTYPE_DIRECT:
7712 		break;
7713 	case DTYPE_RODIRECT:
7714 		break;
7715 	case DTYPE_OPTICAL:
7716 		break;
7717 	case DTYPE_NOTPRESENT:
7718 	default:
7719 		/* Unsupported device type; fail the attach. */
7720 		goto probe_failed;
7721 	}
7722 
7723 	/*
7724 	 * Allocate the soft state structure for this unit.
7725 	 *
7726 	 * We rely upon this memory being set to all zeroes by
7727 	 * ddi_soft_state_zalloc().  We assume that any member of the
7728 	 * soft state structure that is not explicitly initialized by
7729 	 * this routine will have a value of zero.
7730 	 */
7731 	instance = ddi_get_instance(devp->sd_dev);
7732 	if (ddi_soft_state_zalloc(sd_state, instance) != DDI_SUCCESS) {
7733 		goto probe_failed;
7734 	}
7735 
7736 	/*
7737 	 * Retrieve a pointer to the newly-allocated soft state.
7738 	 *
7739 	 * This should NEVER fail if the ddi_soft_state_zalloc() call above
7740 	 * was successful, unless something has gone horribly wrong and the
7741 	 * ddi's soft state internals are corrupt (in which case it is
7742 	 * probably better to halt here than just fail the attach....)
7743 	 */
7744 	if ((un = ddi_get_soft_state(sd_state, instance)) == NULL) {
7745 		panic("sd_unit_attach: NULL soft state on instance:0x%x",
7746 		    instance);
7747 		/*NOTREACHED*/
7748 	}
7749 
7750 	/*
7751 	 * Link the back ptr of the driver soft state to the scsi_device
7752 	 * struct for this lun.
7753 	 * Save a pointer to the softstate in the driver-private area of
7754 	 * the scsi_device struct.
7755 	 * Note: We cannot call SD_INFO, SD_TRACE, SD_ERROR, or SD_DIAG until
7756 	 * we first set un->un_sd below.
7757 	 */
7758 	un->un_sd = devp;
7759 	devp->sd_private = (opaque_t)un;
7760 
7761 	/*
7762 	 * The following must be after devp is stored in the soft state struct.
7763 	 */
7764 #ifdef SDDEBUG
7765 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
7766 	    "%s_unit_attach: un:0x%p instance:%d\n",
7767 	    ddi_driver_name(devi), un, instance);
7768 #endif
7769 
7770 	/*
7771 	 * Set up the device type and node type (for the minor nodes).
7772 	 * By default we assume that the device can at least support the
7773 	 * Common Command Set. Call it a CD-ROM if it reports itself
7774 	 * as a RODIRECT device.
7775 	 */
7776 	switch (devp->sd_inq->inq_dtype) {
7777 	case DTYPE_RODIRECT:
7778 		un->un_node_type = DDI_NT_CD_CHAN;
7779 		un->un_ctype	 = CTYPE_CDROM;
7780 		break;
7781 	case DTYPE_OPTICAL:
7782 		un->un_node_type = DDI_NT_BLOCK_CHAN;
7783 		un->un_ctype	 = CTYPE_ROD;
7784 		break;
7785 	default:
7786 		un->un_node_type = DDI_NT_BLOCK_CHAN;
7787 		un->un_ctype	 = CTYPE_CCS;
7788 		break;
7789 	}
7790 
7791 	/*
7792 	 * Try to read the interconnect type from the HBA.
7793 	 *
7794 	 * Note: This driver is currently compiled as two binaries, a parallel
7795 	 * scsi version (sd) and a fibre channel version (ssd). All functional
7796 	 * differences are determined at compile time. In the future a single
7797 	 * binary will be provided and the inteconnect type will be used to
7798 	 * differentiate between fibre and parallel scsi behaviors. At that time
7799 	 * it will be necessary for all fibre channel HBAs to support this
7800 	 * property.
7801 	 *
7802 	 * set un_f_is_fiber to TRUE ( default fiber )
7803 	 */
7804 	un->un_f_is_fibre = TRUE;
7805 	switch (scsi_ifgetcap(SD_ADDRESS(un), "interconnect-type", -1)) {
7806 	case INTERCONNECT_SSA:
7807 		un->un_interconnect_type = SD_INTERCONNECT_SSA;
7808 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7809 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_SSA\n", un);
7810 		break;
7811 	case INTERCONNECT_PARALLEL:
7812 		un->un_f_is_fibre = FALSE;
7813 		un->un_interconnect_type = SD_INTERCONNECT_PARALLEL;
7814 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7815 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_PARALLEL\n", un);
7816 		break;
7817 	case INTERCONNECT_FIBRE:
7818 		un->un_interconnect_type = SD_INTERCONNECT_FIBRE;
7819 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7820 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_FIBRE\n", un);
7821 		break;
7822 	case INTERCONNECT_FABRIC:
7823 		un->un_interconnect_type = SD_INTERCONNECT_FABRIC;
7824 		un->un_node_type = DDI_NT_BLOCK_FABRIC;
7825 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7826 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_FABRIC\n", un);
7827 		break;
7828 	default:
7829 #ifdef SD_DEFAULT_INTERCONNECT_TYPE
7830 		/*
7831 		 * The HBA does not support the "interconnect-type" property
7832 		 * (or did not provide a recognized type).
7833 		 *
7834 		 * Note: This will be obsoleted when a single fibre channel
7835 		 * and parallel scsi driver is delivered. In the meantime the
7836 		 * interconnect type will be set to the platform default.If that
7837 		 * type is not parallel SCSI, it means that we should be
7838 		 * assuming "ssd" semantics. However, here this also means that
7839 		 * the FC HBA is not supporting the "interconnect-type" property
7840 		 * like we expect it to, so log this occurrence.
7841 		 */
7842 		un->un_interconnect_type = SD_DEFAULT_INTERCONNECT_TYPE;
7843 		if (!SD_IS_PARALLEL_SCSI(un)) {
7844 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7845 			    "sd_unit_attach: un:0x%p Assuming "
7846 			    "INTERCONNECT_FIBRE\n", un);
7847 		} else {
7848 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7849 			    "sd_unit_attach: un:0x%p Assuming "
7850 			    "INTERCONNECT_PARALLEL\n", un);
7851 			un->un_f_is_fibre = FALSE;
7852 		}
7853 #else
7854 		/*
7855 		 * Note: This source will be implemented when a single fibre
7856 		 * channel and parallel scsi driver is delivered. The default
7857 		 * will be to assume that if a device does not support the
7858 		 * "interconnect-type" property it is a parallel SCSI HBA and
7859 		 * we will set the interconnect type for parallel scsi.
7860 		 */
7861 		un->un_interconnect_type = SD_INTERCONNECT_PARALLEL;
7862 		un->un_f_is_fibre = FALSE;
7863 #endif
7864 		break;
7865 	}
7866 
7867 	if (un->un_f_is_fibre == TRUE) {
7868 		if (scsi_ifgetcap(SD_ADDRESS(un), "scsi-version", 1) ==
7869 			SCSI_VERSION_3) {
7870 			switch (un->un_interconnect_type) {
7871 			case SD_INTERCONNECT_FIBRE:
7872 			case SD_INTERCONNECT_SSA:
7873 				un->un_node_type = DDI_NT_BLOCK_WWN;
7874 				break;
7875 			default:
7876 				break;
7877 			}
7878 		}
7879 	}
7880 
7881 	/*
7882 	 * Initialize the Request Sense command for the target
7883 	 */
7884 	if (sd_alloc_rqs(devp, un) != DDI_SUCCESS) {
7885 		goto alloc_rqs_failed;
7886 	}
7887 
7888 	/*
7889 	 * Set un_retry_count with SD_RETRY_COUNT, this is ok for Sparc
7890 	 * with seperate binary for sd and ssd.
7891 	 *
7892 	 * x86 has 1 binary, un_retry_count is set base on connection type.
7893 	 * The hardcoded values will go away when Sparc uses 1 binary
7894 	 * for sd and ssd.  This hardcoded values need to match
7895 	 * SD_RETRY_COUNT in sddef.h
7896 	 * The value used is base on interconnect type.
7897 	 * fibre = 3, parallel = 5
7898 	 */
7899 #if defined(__i386) || defined(__amd64)
7900 	un->un_retry_count = un->un_f_is_fibre ? 3 : 5;
7901 #else
7902 	un->un_retry_count = SD_RETRY_COUNT;
7903 #endif
7904 
7905 	/*
7906 	 * Set the per disk retry count to the default number of retries
7907 	 * for disks and CDROMs. This value can be overridden by the
7908 	 * disk property list or an entry in sd.conf.
7909 	 */
7910 	un->un_notready_retry_count =
7911 	    ISCD(un) ? CD_NOT_READY_RETRY_COUNT(un)
7912 			: DISK_NOT_READY_RETRY_COUNT(un);
7913 
7914 	/*
7915 	 * Set the busy retry count to the default value of un_retry_count.
7916 	 * This can be overridden by entries in sd.conf or the device
7917 	 * config table.
7918 	 */
7919 	un->un_busy_retry_count = un->un_retry_count;
7920 
7921 	/*
7922 	 * Init the reset threshold for retries.  This number determines
7923 	 * how many retries must be performed before a reset can be issued
7924 	 * (for certain error conditions). This can be overridden by entries
7925 	 * in sd.conf or the device config table.
7926 	 */
7927 	un->un_reset_retry_count = (un->un_retry_count / 2);
7928 
7929 	/*
7930 	 * Set the victim_retry_count to the default un_retry_count
7931 	 */
7932 	un->un_victim_retry_count = (2 * un->un_retry_count);
7933 
7934 	/*
7935 	 * Set the reservation release timeout to the default value of
7936 	 * 5 seconds. This can be overridden by entries in ssd.conf or the
7937 	 * device config table.
7938 	 */
7939 	un->un_reserve_release_time = 5;
7940 
7941 	/*
7942 	 * Set up the default maximum transfer size. Note that this may
7943 	 * get updated later in the attach, when setting up default wide
7944 	 * operations for disks.
7945 	 */
7946 #if defined(__i386) || defined(__amd64)
7947 	un->un_max_xfer_size = (uint_t)SD_DEFAULT_MAX_XFER_SIZE;
7948 #else
7949 	un->un_max_xfer_size = (uint_t)maxphys;
7950 #endif
7951 
7952 	/*
7953 	 * Get "allow bus device reset" property (defaults to "enabled" if
7954 	 * the property was not defined). This is to disable bus resets for
7955 	 * certain kinds of error recovery. Note: In the future when a run-time
7956 	 * fibre check is available the soft state flag should default to
7957 	 * enabled.
7958 	 */
7959 	if (un->un_f_is_fibre == TRUE) {
7960 		un->un_f_allow_bus_device_reset = TRUE;
7961 	} else {
7962 		if (ddi_getprop(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS,
7963 			"allow-bus-device-reset", 1) != 0) {
7964 			un->un_f_allow_bus_device_reset = TRUE;
7965 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7966 			"sd_unit_attach: un:0x%p Bus device reset enabled\n",
7967 				un);
7968 		} else {
7969 			un->un_f_allow_bus_device_reset = FALSE;
7970 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7971 			"sd_unit_attach: un:0x%p Bus device reset disabled\n",
7972 				un);
7973 		}
7974 	}
7975 
7976 	/*
7977 	 * Check if this is an ATAPI device. ATAPI devices use Group 1
7978 	 * Read/Write commands and Group 2 Mode Sense/Select commands.
7979 	 *
7980 	 * Note: The "obsolete" way of doing this is to check for the "atapi"
7981 	 * property. The new "variant" property with a value of "atapi" has been
7982 	 * introduced so that future 'variants' of standard SCSI behavior (like
7983 	 * atapi) could be specified by the underlying HBA drivers by supplying
7984 	 * a new value for the "variant" property, instead of having to define a
7985 	 * new property.
7986 	 */
7987 	if (ddi_prop_get_int(DDI_DEV_T_ANY, devi, 0, "atapi", -1) != -1) {
7988 		un->un_f_cfg_is_atapi = TRUE;
7989 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7990 		    "sd_unit_attach: un:0x%p Atapi device\n", un);
7991 	}
7992 	if (ddi_prop_lookup_string(DDI_DEV_T_ANY, devi, 0, "variant",
7993 	    &variantp) == DDI_PROP_SUCCESS) {
7994 		if (strcmp(variantp, "atapi") == 0) {
7995 			un->un_f_cfg_is_atapi = TRUE;
7996 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7997 			    "sd_unit_attach: un:0x%p Atapi device\n", un);
7998 		}
7999 		ddi_prop_free(variantp);
8000 	}
8001 
8002 	/*
8003 	 * Assume doorlock commands are supported. If not, the first
8004 	 * call to sd_send_scsi_DOORLOCK() will set to FALSE
8005 	 */
8006 	un->un_f_doorlock_supported = TRUE;
8007 
8008 	un->un_cmd_timeout	= SD_IO_TIME;
8009 
8010 	/* Info on current states, statuses, etc. (Updated frequently) */
8011 	un->un_state		= SD_STATE_NORMAL;
8012 	un->un_last_state	= SD_STATE_NORMAL;
8013 
8014 	/* Control & status info for command throttling */
8015 	un->un_throttle		= sd_max_throttle;
8016 	un->un_saved_throttle	= sd_max_throttle;
8017 	un->un_min_throttle	= sd_min_throttle;
8018 
8019 	if (un->un_f_is_fibre == TRUE) {
8020 		un->un_f_use_adaptive_throttle = TRUE;
8021 	} else {
8022 		un->un_f_use_adaptive_throttle = FALSE;
8023 	}
8024 
8025 	/* Removable media support. */
8026 	cv_init(&un->un_state_cv, NULL, CV_DRIVER, NULL);
8027 	un->un_mediastate		= DKIO_NONE;
8028 	un->un_specified_mediastate	= DKIO_NONE;
8029 
8030 	/* CVs for suspend/resume (PM or DR) */
8031 	cv_init(&un->un_suspend_cv,   NULL, CV_DRIVER, NULL);
8032 	cv_init(&un->un_disk_busy_cv, NULL, CV_DRIVER, NULL);
8033 
8034 	/* Power management support. */
8035 	un->un_power_level = SD_SPINDLE_UNINIT;
8036 
8037 	/*
8038 	 * The open/close semaphore is used to serialize threads executing
8039 	 * in the driver's open & close entry point routines for a given
8040 	 * instance.
8041 	 */
8042 	(void) sema_init(&un->un_semoclose, 1, NULL, SEMA_DRIVER, NULL);
8043 
8044 	/*
8045 	 * The conf file entry and softstate variable is a forceful override,
8046 	 * meaning a non-zero value must be entered to change the default.
8047 	 */
8048 	un->un_f_disksort_disabled = FALSE;
8049 
8050 	/*
8051 	 * Retrieve the properties from the static driver table or the driver
8052 	 * configuration file (.conf) for this unit and update the soft state
8053 	 * for the device as needed for the indicated properties.
8054 	 * Note: the property configuration needs to occur here as some of the
8055 	 * following routines may have dependancies on soft state flags set
8056 	 * as part of the driver property configuration.
8057 	 */
8058 	sd_read_unit_properties(un);
8059 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8060 	    "sd_unit_attach: un:0x%p property configuration complete.\n", un);
8061 
8062 	/*
8063 	 * By default, we mark the capacity, lbazize, and geometry
8064 	 * as invalid. Only if we successfully read a valid capacity
8065 	 * will we update the un_blockcount and un_tgt_blocksize with the
8066 	 * valid values (the geometry will be validated later).
8067 	 */
8068 	un->un_f_blockcount_is_valid	= FALSE;
8069 	un->un_f_tgt_blocksize_is_valid	= FALSE;
8070 	un->un_f_geometry_is_valid	= FALSE;
8071 
8072 	/*
8073 	 * Use DEV_BSIZE and DEV_BSHIFT as defaults, until we can determine
8074 	 * otherwise.
8075 	 */
8076 	un->un_tgt_blocksize  = un->un_sys_blocksize  = DEV_BSIZE;
8077 	un->un_blockcount = 0;
8078 
8079 	/*
8080 	 * Set up the per-instance info needed to determine the correct
8081 	 * CDBs and other info for issuing commands to the target.
8082 	 */
8083 	sd_init_cdb_limits(un);
8084 
8085 	/*
8086 	 * Set up the IO chains to use, based upon the target type.
8087 	 */
8088 	if (ISREMOVABLE(un)) {
8089 		un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA;
8090 	} else {
8091 		un->un_buf_chain_type = SD_CHAIN_INFO_DISK;
8092 	}
8093 	un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD;
8094 	un->un_direct_chain_type = SD_CHAIN_INFO_DIRECT_CMD;
8095 	un->un_priority_chain_type = SD_CHAIN_INFO_PRIORITY_CMD;
8096 
8097 	un->un_xbuf_attr = ddi_xbuf_attr_create(sizeof (struct sd_xbuf),
8098 	    sd_xbuf_strategy, un, sd_xbuf_active_limit,  sd_xbuf_reserve_limit,
8099 	    ddi_driver_major(devi), DDI_XBUF_QTHREAD_DRIVER);
8100 	ddi_xbuf_attr_register_devinfo(un->un_xbuf_attr, devi);
8101 
8102 
8103 	if (ISCD(un)) {
8104 		un->un_additional_codes = sd_additional_codes;
8105 	} else {
8106 		un->un_additional_codes = NULL;
8107 	}
8108 
8109 	/*
8110 	 * Create the kstats here so they can be available for attach-time
8111 	 * routines that send commands to the unit (either polled or via
8112 	 * sd_send_scsi_cmd).
8113 	 *
8114 	 * Note: This is a critical sequence that needs to be maintained:
8115 	 *	1) Instantiate the kstats here, before any routines using the
8116 	 *	   iopath (i.e. sd_send_scsi_cmd).
8117 	 *	2) Initialize the error stats (sd_set_errstats) and partition
8118 	 *	   stats (sd_set_pstats), following sd_validate_geometry(),
8119 	 *	   sd_register_devid(), and sd_disable_caching().
8120 	 */
8121 
8122 	un->un_stats = kstat_create(sd_label, instance,
8123 	    NULL, "disk", KSTAT_TYPE_IO, 1, KSTAT_FLAG_PERSISTENT);
8124 	if (un->un_stats != NULL) {
8125 		un->un_stats->ks_lock = SD_MUTEX(un);
8126 		kstat_install(un->un_stats);
8127 	}
8128 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8129 	    "sd_unit_attach: un:0x%p un_stats created\n", un);
8130 
8131 	sd_create_errstats(un, instance);
8132 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8133 	    "sd_unit_attach: un:0x%p errstats created\n", un);
8134 
8135 	/*
8136 	 * The following if/else code was relocated here from below as part
8137 	 * of the fix for bug (4430280). However with the default setup added
8138 	 * on entry to this routine, it's no longer absolutely necessary for
8139 	 * this to be before the call to sd_spin_up_unit.
8140 	 */
8141 	if (SD_IS_PARALLEL_SCSI(un)) {
8142 		/*
8143 		 * If SCSI-2 tagged queueing is supported by the target
8144 		 * and by the host adapter then we will enable it.
8145 		 */
8146 		un->un_tagflags = 0;
8147 		if ((devp->sd_inq->inq_rdf == RDF_SCSI2) &&
8148 		    (devp->sd_inq->inq_cmdque) &&
8149 		    (un->un_f_arq_enabled == TRUE)) {
8150 			if (scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing",
8151 			    1, 1) == 1) {
8152 				un->un_tagflags = FLAG_STAG;
8153 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8154 				    "sd_unit_attach: un:0x%p tag queueing "
8155 				    "enabled\n", un);
8156 			} else if (scsi_ifgetcap(SD_ADDRESS(un),
8157 			    "untagged-qing", 0) == 1) {
8158 				un->un_f_opt_queueing = TRUE;
8159 				un->un_saved_throttle = un->un_throttle =
8160 				    min(un->un_throttle, 3);
8161 			} else {
8162 				un->un_f_opt_queueing = FALSE;
8163 				un->un_saved_throttle = un->un_throttle = 1;
8164 			}
8165 		} else if ((scsi_ifgetcap(SD_ADDRESS(un), "untagged-qing", 0)
8166 		    == 1) && (un->un_f_arq_enabled == TRUE)) {
8167 			/* The Host Adapter supports internal queueing. */
8168 			un->un_f_opt_queueing = TRUE;
8169 			un->un_saved_throttle = un->un_throttle =
8170 			    min(un->un_throttle, 3);
8171 		} else {
8172 			un->un_f_opt_queueing = FALSE;
8173 			un->un_saved_throttle = un->un_throttle = 1;
8174 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8175 			    "sd_unit_attach: un:0x%p no tag queueing\n", un);
8176 		}
8177 
8178 
8179 		/* Setup or tear down default wide operations for disks */
8180 
8181 		/*
8182 		 * Note: Legacy: it may be possible for both "sd_max_xfer_size"
8183 		 * and "ssd_max_xfer_size" to exist simultaneously on the same
8184 		 * system and be set to different values. In the future this
8185 		 * code may need to be updated when the ssd module is
8186 		 * obsoleted and removed from the system. (4299588)
8187 		 */
8188 		if ((devp->sd_inq->inq_rdf == RDF_SCSI2) &&
8189 		    (devp->sd_inq->inq_wbus16 || devp->sd_inq->inq_wbus32)) {
8190 			if (scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer",
8191 			    1, 1) == 1) {
8192 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8193 				    "sd_unit_attach: un:0x%p Wide Transfer "
8194 				    "enabled\n", un);
8195 			}
8196 
8197 			/*
8198 			 * If tagged queuing has also been enabled, then
8199 			 * enable large xfers
8200 			 */
8201 			if (un->un_saved_throttle == sd_max_throttle) {
8202 				un->un_max_xfer_size =
8203 				    ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8204 				    sd_max_xfer_size, SD_MAX_XFER_SIZE);
8205 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8206 				    "sd_unit_attach: un:0x%p max transfer "
8207 				    "size=0x%x\n", un, un->un_max_xfer_size);
8208 			}
8209 		} else {
8210 			if (scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer",
8211 			    0, 1) == 1) {
8212 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8213 				    "sd_unit_attach: un:0x%p "
8214 				    "Wide Transfer disabled\n", un);
8215 			}
8216 		}
8217 	} else {
8218 		un->un_tagflags = FLAG_STAG;
8219 		un->un_max_xfer_size = ddi_getprop(DDI_DEV_T_ANY,
8220 		    devi, 0, sd_max_xfer_size, SD_MAX_XFER_SIZE);
8221 	}
8222 
8223 	/*
8224 	 * If this target supports LUN reset, try to enable it.
8225 	 */
8226 	if (un->un_f_lun_reset_enabled) {
8227 		if (scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 1, 1) == 1) {
8228 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_unit_attach: "
8229 			    "un:0x%p lun_reset capability set\n", un);
8230 		} else {
8231 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_unit_attach: "
8232 			    "un:0x%p lun-reset capability not set\n", un);
8233 		}
8234 	}
8235 
8236 	/*
8237 	 * At this point in the attach, we have enough info in the
8238 	 * soft state to be able to issue commands to the target.
8239 	 *
8240 	 * All command paths used below MUST issue their commands as
8241 	 * SD_PATH_DIRECT. This is important as intermediate layers
8242 	 * are not all initialized yet (such as PM).
8243 	 */
8244 
8245 	/*
8246 	 * Send a TEST UNIT READY command to the device. This should clear
8247 	 * any outstanding UNIT ATTENTION that may be present.
8248 	 *
8249 	 * Note: Don't check for success, just track if there is a reservation,
8250 	 * this is a throw away command to clear any unit attentions.
8251 	 *
8252 	 * Note: This MUST be the first command issued to the target during
8253 	 * attach to ensure power on UNIT ATTENTIONS are cleared.
8254 	 * Pass in flag SD_DONT_RETRY_TUR to prevent the long delays associated
8255 	 * with attempts at spinning up a device with no media.
8256 	 */
8257 	if (sd_send_scsi_TEST_UNIT_READY(un, SD_DONT_RETRY_TUR) == EACCES) {
8258 		reservation_flag = SD_TARGET_IS_RESERVED;
8259 	}
8260 
8261 	/*
8262 	 * If the device is NOT a removable media device, attempt to spin
8263 	 * it up (using the START_STOP_UNIT command) and read its capacity
8264 	 * (using the READ CAPACITY command).  Note, however, that either
8265 	 * of these could fail and in some cases we would continue with
8266 	 * the attach despite the failure (see below).
8267 	 */
8268 	if (devp->sd_inq->inq_dtype == DTYPE_DIRECT && !ISREMOVABLE(un)) {
8269 		switch (sd_spin_up_unit(un)) {
8270 		case 0:
8271 			/*
8272 			 * Spin-up was successful; now try to read the
8273 			 * capacity.  If successful then save the results
8274 			 * and mark the capacity & lbasize as valid.
8275 			 */
8276 			SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8277 			    "sd_unit_attach: un:0x%p spin-up successful\n", un);
8278 
8279 			switch (sd_send_scsi_READ_CAPACITY(un, &capacity,
8280 			    &lbasize, SD_PATH_DIRECT)) {
8281 			case 0: {
8282 				if (capacity > DK_MAX_BLOCKS) {
8283 #ifdef _LP64
8284 					/*
8285 					 * Enable descriptor format sense data
8286 					 * so that we can get 64 bit sense
8287 					 * data fields.
8288 					 */
8289 					sd_enable_descr_sense(un);
8290 #else
8291 					/* 32-bit kernels can't handle this */
8292 					scsi_log(SD_DEVINFO(un),
8293 					    sd_label, CE_WARN,
8294 					    "disk has %llu blocks, which "
8295 					    "is too large for a 32-bit "
8296 					    "kernel", capacity);
8297 					goto spinup_failed;
8298 #endif
8299 				}
8300 				/*
8301 				 * The following relies on
8302 				 * sd_send_scsi_READ_CAPACITY never
8303 				 * returning 0 for capacity and/or lbasize.
8304 				 */
8305 				sd_update_block_info(un, lbasize, capacity);
8306 
8307 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8308 				    "sd_unit_attach: un:0x%p capacity = %ld "
8309 				    "blocks; lbasize= %ld.\n", un,
8310 				    un->un_blockcount, un->un_tgt_blocksize);
8311 
8312 				break;
8313 			}
8314 			case EACCES:
8315 				/*
8316 				 * Should never get here if the spin-up
8317 				 * succeeded, but code it in anyway.
8318 				 * From here, just continue with the attach...
8319 				 */
8320 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8321 				    "sd_unit_attach: un:0x%p "
8322 				    "sd_send_scsi_READ_CAPACITY "
8323 				    "returned reservation conflict\n", un);
8324 				reservation_flag = SD_TARGET_IS_RESERVED;
8325 				break;
8326 			default:
8327 				/*
8328 				 * Likewise, should never get here if the
8329 				 * spin-up succeeded. Just continue with
8330 				 * the attach...
8331 				 */
8332 				break;
8333 			}
8334 			break;
8335 		case EACCES:
8336 			/*
8337 			 * Device is reserved by another host.  In this case
8338 			 * we could not spin it up or read the capacity, but
8339 			 * we continue with the attach anyway.
8340 			 */
8341 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8342 			    "sd_unit_attach: un:0x%p spin-up reservation "
8343 			    "conflict.\n", un);
8344 			reservation_flag = SD_TARGET_IS_RESERVED;
8345 			break;
8346 		default:
8347 			/* Fail the attach if the spin-up failed. */
8348 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8349 			    "sd_unit_attach: un:0x%p spin-up failed.", un);
8350 			goto spinup_failed;
8351 		}
8352 	}
8353 
8354 	/*
8355 	 * Check to see if this is a MMC drive
8356 	 */
8357 	if (ISCD(un)) {
8358 		sd_set_mmc_caps(un);
8359 	}
8360 
8361 	/*
8362 	 * Create the minor nodes for the device.
8363 	 * Note: If we want to support fdisk on both sparc and intel, this will
8364 	 * have to separate out the notion that VTOC8 is always sparc, and
8365 	 * VTOC16 is always intel (tho these can be the defaults).  The vtoc
8366 	 * type will have to be determined at run-time, and the fdisk
8367 	 * partitioning will have to have been read & set up before we
8368 	 * create the minor nodes. (any other inits (such as kstats) that
8369 	 * also ought to be done before creating the minor nodes?) (Doesn't
8370 	 * setting up the minor nodes kind of imply that we're ready to
8371 	 * handle an open from userland?)
8372 	 */
8373 	if (sd_create_minor_nodes(un, devi) != DDI_SUCCESS) {
8374 		goto create_minor_nodes_failed;
8375 	}
8376 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8377 	    "sd_unit_attach: un:0x%p minor nodes created\n", un);
8378 
8379 	/*
8380 	 * Add a zero-length attribute to tell the world we support
8381 	 * kernel ioctls (for layered drivers)
8382 	 */
8383 	(void) ddi_prop_create(DDI_DEV_T_NONE, devi, DDI_PROP_CANSLEEP,
8384 	    DDI_KERNEL_IOCTL, NULL, 0);
8385 
8386 	/*
8387 	 * Add a boolean property to tell the world we support
8388 	 * the B_FAILFAST flag (for layered drivers)
8389 	 */
8390 	(void) ddi_prop_create(DDI_DEV_T_NONE, devi, DDI_PROP_CANSLEEP,
8391 	    "ddi-failfast-supported", NULL, 0);
8392 
8393 	/*
8394 	 * Initialize power management
8395 	 */
8396 	mutex_init(&un->un_pm_mutex, NULL, MUTEX_DRIVER, NULL);
8397 	cv_init(&un->un_pm_busy_cv, NULL, CV_DRIVER, NULL);
8398 	sd_setup_pm(un, devi);
8399 	if (un->un_f_pm_is_enabled == FALSE) {
8400 		/*
8401 		 * For performance, point to a jump table that does
8402 		 * not include pm.
8403 		 * The direct and priority chains don't change with PM.
8404 		 *
8405 		 * Note: this is currently done based on individual device
8406 		 * capabilities. When an interface for determining system
8407 		 * power enabled state becomes available, or when additional
8408 		 * layers are added to the command chain, these values will
8409 		 * have to be re-evaluated for correctness.
8410 		 */
8411 		if (ISREMOVABLE(un)) {
8412 			un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA_NO_PM;
8413 		} else {
8414 			un->un_buf_chain_type = SD_CHAIN_INFO_DISK_NO_PM;
8415 		}
8416 		un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD_NO_PM;
8417 	}
8418 
8419 	/*
8420 	 * This property is set to 0 by HA software to avoid retries
8421 	 * on a reserved disk. (The preferred property name is
8422 	 * "retry-on-reservation-conflict") (1189689)
8423 	 *
8424 	 * Note: The use of a global here can have unintended consequences. A
8425 	 * per instance variable is preferrable to match the capabilities of
8426 	 * different underlying hba's (4402600)
8427 	 */
8428 	sd_retry_on_reservation_conflict = ddi_getprop(DDI_DEV_T_ANY, devi,
8429 	    DDI_PROP_DONTPASS, "retry-on-reservation-conflict",
8430 	    sd_retry_on_reservation_conflict);
8431 	if (sd_retry_on_reservation_conflict != 0) {
8432 		sd_retry_on_reservation_conflict = ddi_getprop(DDI_DEV_T_ANY,
8433 		    devi, DDI_PROP_DONTPASS, sd_resv_conflict_name,
8434 		    sd_retry_on_reservation_conflict);
8435 	}
8436 
8437 	/* Set up options for QFULL handling. */
8438 	if ((rval = ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8439 	    "qfull-retries", -1)) != -1) {
8440 		(void) scsi_ifsetcap(SD_ADDRESS(un), "qfull-retries",
8441 		    rval, 1);
8442 	}
8443 	if ((rval = ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8444 	    "qfull-retry-interval", -1)) != -1) {
8445 		(void) scsi_ifsetcap(SD_ADDRESS(un), "qfull-retry-interval",
8446 		    rval, 1);
8447 	}
8448 
8449 	/*
8450 	 * This just prints a message that announces the existence of the
8451 	 * device. The message is always printed in the system logfile, but
8452 	 * only appears on the console if the system is booted with the
8453 	 * -v (verbose) argument.
8454 	 */
8455 	ddi_report_dev(devi);
8456 
8457 	/*
8458 	 * The framework calls driver attach routines single-threaded
8459 	 * for a given instance.  However we still acquire SD_MUTEX here
8460 	 * because this required for calling the sd_validate_geometry()
8461 	 * and sd_register_devid() functions.
8462 	 */
8463 	mutex_enter(SD_MUTEX(un));
8464 	un->un_f_geometry_is_valid = FALSE;
8465 	un->un_mediastate = DKIO_NONE;
8466 	un->un_reserved = -1;
8467 	if (!ISREMOVABLE(un)) {
8468 		/*
8469 		 * Read and validate the device's geometry (ie, disk label)
8470 		 * A new unformatted drive will not have a valid geometry, but
8471 		 * the driver needs to successfully attach to this device so
8472 		 * the drive can be formatted via ioctls.
8473 		 */
8474 		if (((sd_validate_geometry(un, SD_PATH_DIRECT) ==
8475 		    ENOTSUP)) &&
8476 		    (un->un_blockcount < DK_MAX_BLOCKS)) {
8477 			/*
8478 			 * We found a small disk with an EFI label on it;
8479 			 * we need to fix up the minor nodes accordingly.
8480 			 */
8481 			ddi_remove_minor_node(devi, "h");
8482 			ddi_remove_minor_node(devi, "h,raw");
8483 			(void) ddi_create_minor_node(devi, "wd",
8484 			    S_IFBLK,
8485 			    (instance << SDUNIT_SHIFT) | WD_NODE,
8486 			    un->un_node_type, NULL);
8487 			(void) ddi_create_minor_node(devi, "wd,raw",
8488 			    S_IFCHR,
8489 			    (instance << SDUNIT_SHIFT) | WD_NODE,
8490 			    un->un_node_type, NULL);
8491 		}
8492 	}
8493 
8494 	/*
8495 	 * Read and initialize the devid for the unit.
8496 	 */
8497 	ASSERT(un->un_errstats != NULL);
8498 	if (!ISREMOVABLE(un)) {
8499 		sd_register_devid(un, devi, reservation_flag);
8500 	}
8501 	mutex_exit(SD_MUTEX(un));
8502 
8503 #if (defined(__fibre))
8504 	/*
8505 	 * Register callbacks for fibre only.  You can't do this soley
8506 	 * on the basis of the devid_type because this is hba specific.
8507 	 * We need to query our hba capabilities to find out whether to
8508 	 * register or not.
8509 	 */
8510 	if (un->un_f_is_fibre) {
8511 	    if (strcmp(un->un_node_type, DDI_NT_BLOCK_CHAN)) {
8512 		sd_init_event_callbacks(un);
8513 		SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8514 		    "sd_unit_attach: un:0x%p event callbacks inserted", un);
8515 	    }
8516 	}
8517 #endif
8518 
8519 	if (un->un_f_opt_disable_cache == TRUE) {
8520 		if (sd_disable_caching(un) != 0) {
8521 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8522 			    "sd_unit_attach: un:0x%p Could not disable "
8523 			    "caching", un);
8524 			goto devid_failed;
8525 		}
8526 	}
8527 
8528 	/*
8529 	 * NOTE: Since there is currently no mechanism to
8530 	 * change the state of the Write Cache Enable mode select,
8531 	 * this code just checks the value of the WCE bit
8532 	 * at device attach time.  If a mechanism
8533 	 * is added to the driver to change WCE, un_f_write_cache_enabled
8534 	 * must be updated appropriately.
8535 	 */
8536 	(void) sd_get_write_cache_enabled(un, &wc_enabled);
8537 	mutex_enter(SD_MUTEX(un));
8538 	un->un_f_write_cache_enabled = (wc_enabled != 0);
8539 	mutex_exit(SD_MUTEX(un));
8540 
8541 	/*
8542 	 * Set the pstat and error stat values here, so data obtained during the
8543 	 * previous attach-time routines is available.
8544 	 *
8545 	 * Note: This is a critical sequence that needs to be maintained:
8546 	 *	1) Instantiate the kstats before any routines using the iopath
8547 	 *	   (i.e. sd_send_scsi_cmd).
8548 	 *	2) Initialize the error stats (sd_set_errstats) and partition
8549 	 *	   stats (sd_set_pstats)here, following sd_validate_geometry(),
8550 	 *	   sd_register_devid(), and sd_disable_caching().
8551 	 */
8552 	if (!ISREMOVABLE(un) && (un->un_f_pkstats_enabled == TRUE)) {
8553 		sd_set_pstats(un);
8554 		SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8555 		    "sd_unit_attach: un:0x%p pstats created and set\n", un);
8556 	}
8557 
8558 	sd_set_errstats(un);
8559 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8560 	    "sd_unit_attach: un:0x%p errstats set\n", un);
8561 
8562 	/*
8563 	 * Find out what type of reservation this disk supports.
8564 	 */
8565 	switch (sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_KEYS, 0, NULL)) {
8566 	case 0:
8567 		/*
8568 		 * SCSI-3 reservations are supported.
8569 		 */
8570 		un->un_reservation_type = SD_SCSI3_RESERVATION;
8571 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8572 		    "sd_unit_attach: un:0x%p SCSI-3 reservations\n", un);
8573 		break;
8574 	case ENOTSUP:
8575 		/*
8576 		 * The PERSISTENT RESERVE IN command would not be recognized by
8577 		 * a SCSI-2 device, so assume the reservation type is SCSI-2.
8578 		 */
8579 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8580 		    "sd_unit_attach: un:0x%p SCSI-2 reservations\n", un);
8581 		un->un_reservation_type = SD_SCSI2_RESERVATION;
8582 		break;
8583 	default:
8584 		/*
8585 		 * default to SCSI-3 reservations
8586 		 */
8587 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8588 		    "sd_unit_attach: un:0x%p default SCSI3 reservations\n", un);
8589 		un->un_reservation_type = SD_SCSI3_RESERVATION;
8590 		break;
8591 	}
8592 
8593 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8594 	    "sd_unit_attach: un:0x%p exit success\n", un);
8595 
8596 	return (DDI_SUCCESS);
8597 
8598 	/*
8599 	 * An error occurred during the attach; clean up & return failure.
8600 	 */
8601 
8602 devid_failed:
8603 
8604 setup_pm_failed:
8605 	ddi_remove_minor_node(devi, NULL);
8606 
8607 create_minor_nodes_failed:
8608 	/*
8609 	 * Cleanup from the scsi_ifsetcap() calls (437868)
8610 	 */
8611 	(void) scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 0, 1);
8612 	(void) scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer", 0, 1);
8613 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
8614 
8615 	if (un->un_f_is_fibre == FALSE) {
8616 	    (void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 0, 1);
8617 	}
8618 
8619 spinup_failed:
8620 
8621 	mutex_enter(SD_MUTEX(un));
8622 
8623 	/* Cancel callback for SD_PATH_DIRECT_PRIORITY cmd. restart */
8624 	if (un->un_direct_priority_timeid != NULL) {
8625 		timeout_id_t temp_id = un->un_direct_priority_timeid;
8626 		un->un_direct_priority_timeid = NULL;
8627 		mutex_exit(SD_MUTEX(un));
8628 		(void) untimeout(temp_id);
8629 		mutex_enter(SD_MUTEX(un));
8630 	}
8631 
8632 	/* Cancel any pending start/stop timeouts */
8633 	if (un->un_startstop_timeid != NULL) {
8634 		timeout_id_t temp_id = un->un_startstop_timeid;
8635 		un->un_startstop_timeid = NULL;
8636 		mutex_exit(SD_MUTEX(un));
8637 		(void) untimeout(temp_id);
8638 		mutex_enter(SD_MUTEX(un));
8639 	}
8640 
8641 	/* Cancel any pending reset-throttle timeouts */
8642 	if (un->un_reset_throttle_timeid != NULL) {
8643 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
8644 		un->un_reset_throttle_timeid = NULL;
8645 		mutex_exit(SD_MUTEX(un));
8646 		(void) untimeout(temp_id);
8647 		mutex_enter(SD_MUTEX(un));
8648 	}
8649 
8650 	/* Cancel any pending retry timeouts */
8651 	if (un->un_retry_timeid != NULL) {
8652 		timeout_id_t temp_id = un->un_retry_timeid;
8653 		un->un_retry_timeid = NULL;
8654 		mutex_exit(SD_MUTEX(un));
8655 		(void) untimeout(temp_id);
8656 		mutex_enter(SD_MUTEX(un));
8657 	}
8658 
8659 	/* Cancel any pending delayed cv broadcast timeouts */
8660 	if (un->un_dcvb_timeid != NULL) {
8661 		timeout_id_t temp_id = un->un_dcvb_timeid;
8662 		un->un_dcvb_timeid = NULL;
8663 		mutex_exit(SD_MUTEX(un));
8664 		(void) untimeout(temp_id);
8665 		mutex_enter(SD_MUTEX(un));
8666 	}
8667 
8668 	mutex_exit(SD_MUTEX(un));
8669 
8670 	/* There should not be any in-progress I/O so ASSERT this check */
8671 	ASSERT(un->un_ncmds_in_transport == 0);
8672 	ASSERT(un->un_ncmds_in_driver == 0);
8673 
8674 	/* Do not free the softstate if the callback routine is active */
8675 	sd_sync_with_callback(un);
8676 
8677 	/*
8678 	 * Partition stats apparently are not used with removables. These would
8679 	 * not have been created during attach, so no need to clean them up...
8680 	 */
8681 	if (un->un_stats != NULL) {
8682 		kstat_delete(un->un_stats);
8683 		un->un_stats = NULL;
8684 	}
8685 	if (un->un_errstats != NULL) {
8686 		kstat_delete(un->un_errstats);
8687 		un->un_errstats = NULL;
8688 	}
8689 
8690 	ddi_xbuf_attr_unregister_devinfo(un->un_xbuf_attr, devi);
8691 	ddi_xbuf_attr_destroy(un->un_xbuf_attr);
8692 
8693 	ddi_prop_remove_all(devi);
8694 	sema_destroy(&un->un_semoclose);
8695 	cv_destroy(&un->un_state_cv);
8696 
8697 getrbuf_failed:
8698 
8699 	sd_free_rqs(un);
8700 
8701 alloc_rqs_failed:
8702 
8703 	devp->sd_private = NULL;
8704 	bzero(un, sizeof (struct sd_lun));	/* Clear any stale data! */
8705 
8706 get_softstate_failed:
8707 	/*
8708 	 * Note: the man pages are unclear as to whether or not doing a
8709 	 * ddi_soft_state_free(sd_state, instance) is the right way to
8710 	 * clean up after the ddi_soft_state_zalloc() if the subsequent
8711 	 * ddi_get_soft_state() fails.  The implication seems to be
8712 	 * that the get_soft_state cannot fail if the zalloc succeeds.
8713 	 */
8714 	ddi_soft_state_free(sd_state, instance);
8715 
8716 probe_failed:
8717 	scsi_unprobe(devp);
8718 #ifdef SDDEBUG
8719 	if ((sd_component_mask & SD_LOG_ATTACH_DETACH) &&
8720 	    (sd_level_mask & SD_LOGMASK_TRACE)) {
8721 		cmn_err(CE_CONT, "sd_unit_attach: un:0x%p exit failure\n",
8722 		    (void *)un);
8723 	}
8724 #endif
8725 	return (DDI_FAILURE);
8726 }
8727 
8728 
8729 /*
8730  *    Function: sd_unit_detach
8731  *
8732  * Description: Performs DDI_DETACH processing for sddetach().
8733  *
8734  * Return Code: DDI_SUCCESS
8735  *		DDI_FAILURE
8736  *
8737  *     Context: Kernel thread context
8738  */
8739 
8740 static int
8741 sd_unit_detach(dev_info_t *devi)
8742 {
8743 	struct scsi_device	*devp;
8744 	struct sd_lun		*un;
8745 	int			i;
8746 	dev_t			dev;
8747 #if !(defined(__i386) || defined(__amd64)) && !defined(__fibre)
8748 	int			reset_retval;
8749 #endif
8750 	int			instance = ddi_get_instance(devi);
8751 
8752 	mutex_enter(&sd_detach_mutex);
8753 
8754 	/*
8755 	 * Fail the detach for any of the following:
8756 	 *  - Unable to get the sd_lun struct for the instance
8757 	 *  - A layered driver has an outstanding open on the instance
8758 	 *  - Another thread is already detaching this instance
8759 	 *  - Another thread is currently performing an open
8760 	 */
8761 	devp = ddi_get_driver_private(devi);
8762 	if ((devp == NULL) ||
8763 	    ((un = (struct sd_lun *)devp->sd_private) == NULL) ||
8764 	    (un->un_ncmds_in_driver != 0) || (un->un_layer_count != 0) ||
8765 	    (un->un_detach_count != 0) || (un->un_opens_in_progress != 0)) {
8766 		mutex_exit(&sd_detach_mutex);
8767 		return (DDI_FAILURE);
8768 	}
8769 
8770 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_unit_detach: entry 0x%p\n", un);
8771 
8772 	/*
8773 	 * Mark this instance as currently in a detach, to inhibit any
8774 	 * opens from a layered driver.
8775 	 */
8776 	un->un_detach_count++;
8777 	mutex_exit(&sd_detach_mutex);
8778 
8779 	dev = sd_make_device(SD_DEVINFO(un));
8780 
8781 	_NOTE(COMPETING_THREADS_NOW);
8782 
8783 	mutex_enter(SD_MUTEX(un));
8784 
8785 	/*
8786 	 * Fail the detach if there are any outstanding layered
8787 	 * opens on this device.
8788 	 */
8789 	for (i = 0; i < NDKMAP; i++) {
8790 		if (un->un_ocmap.lyropen[i] != 0) {
8791 			goto err_notclosed;
8792 		}
8793 	}
8794 
8795 	/*
8796 	 * Verify there are NO outstanding commands issued to this device.
8797 	 * ie, un_ncmds_in_transport == 0.
8798 	 * It's possible to have outstanding commands through the physio
8799 	 * code path, even though everything's closed.
8800 	 */
8801 	if ((un->un_ncmds_in_transport != 0) || (un->un_retry_timeid != NULL) ||
8802 	    (un->un_direct_priority_timeid != NULL) ||
8803 	    (un->un_state == SD_STATE_RWAIT)) {
8804 		mutex_exit(SD_MUTEX(un));
8805 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8806 		    "sd_dr_detach: Detach failure due to outstanding cmds\n");
8807 		goto err_stillbusy;
8808 	}
8809 
8810 	/*
8811 	 * If we have the device reserved, release the reservation.
8812 	 */
8813 	if ((un->un_resvd_status & SD_RESERVE) &&
8814 	    !(un->un_resvd_status & SD_LOST_RESERVE)) {
8815 		mutex_exit(SD_MUTEX(un));
8816 		/*
8817 		 * Note: sd_reserve_release sends a command to the device
8818 		 * via the sd_ioctlcmd() path, and can sleep.
8819 		 */
8820 		if (sd_reserve_release(dev, SD_RELEASE) != 0) {
8821 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8822 			    "sd_dr_detach: Cannot release reservation \n");
8823 		}
8824 	} else {
8825 		mutex_exit(SD_MUTEX(un));
8826 	}
8827 
8828 	/*
8829 	 * Untimeout any reserve recover, throttle reset, restart unit
8830 	 * and delayed broadcast timeout threads. Protect the timeout pointer
8831 	 * from getting nulled by their callback functions.
8832 	 */
8833 	mutex_enter(SD_MUTEX(un));
8834 	if (un->un_resvd_timeid != NULL) {
8835 		timeout_id_t temp_id = un->un_resvd_timeid;
8836 		un->un_resvd_timeid = NULL;
8837 		mutex_exit(SD_MUTEX(un));
8838 		(void) untimeout(temp_id);
8839 		mutex_enter(SD_MUTEX(un));
8840 	}
8841 
8842 	if (un->un_reset_throttle_timeid != NULL) {
8843 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
8844 		un->un_reset_throttle_timeid = NULL;
8845 		mutex_exit(SD_MUTEX(un));
8846 		(void) untimeout(temp_id);
8847 		mutex_enter(SD_MUTEX(un));
8848 	}
8849 
8850 	if (un->un_startstop_timeid != NULL) {
8851 		timeout_id_t temp_id = un->un_startstop_timeid;
8852 		un->un_startstop_timeid = NULL;
8853 		mutex_exit(SD_MUTEX(un));
8854 		(void) untimeout(temp_id);
8855 		mutex_enter(SD_MUTEX(un));
8856 	}
8857 
8858 	if (un->un_dcvb_timeid != NULL) {
8859 		timeout_id_t temp_id = un->un_dcvb_timeid;
8860 		un->un_dcvb_timeid = NULL;
8861 		mutex_exit(SD_MUTEX(un));
8862 		(void) untimeout(temp_id);
8863 	} else {
8864 		mutex_exit(SD_MUTEX(un));
8865 	}
8866 
8867 	/* Remove any pending reservation reclaim requests for this device */
8868 	sd_rmv_resv_reclaim_req(dev);
8869 
8870 	mutex_enter(SD_MUTEX(un));
8871 
8872 	/* Cancel any pending callbacks for SD_PATH_DIRECT_PRIORITY cmd. */
8873 	if (un->un_direct_priority_timeid != NULL) {
8874 		timeout_id_t temp_id = un->un_direct_priority_timeid;
8875 		un->un_direct_priority_timeid = NULL;
8876 		mutex_exit(SD_MUTEX(un));
8877 		(void) untimeout(temp_id);
8878 		mutex_enter(SD_MUTEX(un));
8879 	}
8880 
8881 	/* Cancel any active multi-host disk watch thread requests */
8882 	if (un->un_mhd_token != NULL) {
8883 		mutex_exit(SD_MUTEX(un));
8884 		 _NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_mhd_token));
8885 		if (scsi_watch_request_terminate(un->un_mhd_token,
8886 		    SCSI_WATCH_TERMINATE_NOWAIT)) {
8887 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8888 			    "sd_dr_detach: Cannot cancel mhd watch request\n");
8889 			/*
8890 			 * Note: We are returning here after having removed
8891 			 * some driver timeouts above. This is consistent with
8892 			 * the legacy implementation but perhaps the watch
8893 			 * terminate call should be made with the wait flag set.
8894 			 */
8895 			goto err_stillbusy;
8896 		}
8897 		mutex_enter(SD_MUTEX(un));
8898 		un->un_mhd_token = NULL;
8899 	}
8900 
8901 	if (un->un_swr_token != NULL) {
8902 		mutex_exit(SD_MUTEX(un));
8903 		_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_swr_token));
8904 		if (scsi_watch_request_terminate(un->un_swr_token,
8905 		    SCSI_WATCH_TERMINATE_NOWAIT)) {
8906 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8907 			    "sd_dr_detach: Cannot cancel swr watch request\n");
8908 			/*
8909 			 * Note: We are returning here after having removed
8910 			 * some driver timeouts above. This is consistent with
8911 			 * the legacy implementation but perhaps the watch
8912 			 * terminate call should be made with the wait flag set.
8913 			 */
8914 			goto err_stillbusy;
8915 		}
8916 		mutex_enter(SD_MUTEX(un));
8917 		un->un_swr_token = NULL;
8918 	}
8919 
8920 	mutex_exit(SD_MUTEX(un));
8921 
8922 	/*
8923 	 * Clear any scsi_reset_notifies. We clear the reset notifies
8924 	 * if we have not registered one.
8925 	 * Note: The sd_mhd_reset_notify_cb() fn tries to acquire SD_MUTEX!
8926 	 */
8927 	(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_CANCEL,
8928 	    sd_mhd_reset_notify_cb, (caddr_t)un);
8929 
8930 
8931 
8932 #if defined(__i386) || defined(__amd64)
8933 	/*
8934 	 * Gratuitous bus resets sometimes cause an otherwise
8935 	 * okay ATA/ATAPI bus to hang. This is due the lack of
8936 	 * a clear spec of how resets should be implemented by ATA
8937 	 * disk drives.
8938 	 */
8939 #elif !defined(__fibre)		/* "#else if" does NOT work! */
8940 	/*
8941 	 * Reset target/bus.
8942 	 *
8943 	 * Note: This is a legacy workaround for Elite III dual-port drives that
8944 	 * will not come online after an aborted detach and subsequent re-attach
8945 	 * It should be removed when the Elite III FW is fixed, or the drives
8946 	 * are no longer supported.
8947 	 */
8948 	if (un->un_f_cfg_is_atapi == FALSE) {
8949 		reset_retval = 0;
8950 
8951 		/* If the device is in low power mode don't reset it */
8952 
8953 		mutex_enter(&un->un_pm_mutex);
8954 		if (!SD_DEVICE_IS_IN_LOW_POWER(un)) {
8955 			/*
8956 			 * First try a LUN reset if we can, then move on to a
8957 			 * target reset if needed; swat the bus as a last
8958 			 * resort.
8959 			 */
8960 			mutex_exit(&un->un_pm_mutex);
8961 			if (un->un_f_allow_bus_device_reset == TRUE) {
8962 				if (un->un_f_lun_reset_enabled == TRUE) {
8963 					reset_retval =
8964 					    scsi_reset(SD_ADDRESS(un),
8965 					    RESET_LUN);
8966 				}
8967 				if (reset_retval == 0) {
8968 					reset_retval =
8969 					    scsi_reset(SD_ADDRESS(un),
8970 					    RESET_TARGET);
8971 				}
8972 			}
8973 			if (reset_retval == 0) {
8974 				(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
8975 			}
8976 		} else {
8977 			mutex_exit(&un->un_pm_mutex);
8978 		}
8979 	}
8980 #endif
8981 
8982 	/*
8983 	 * protect the timeout pointers from getting nulled by
8984 	 * their callback functions during the cancellation process.
8985 	 * In such a scenario untimeout can be invoked with a null value.
8986 	 */
8987 	_NOTE(NO_COMPETING_THREADS_NOW);
8988 
8989 	mutex_enter(&un->un_pm_mutex);
8990 	if (un->un_pm_idle_timeid != NULL) {
8991 		timeout_id_t temp_id = un->un_pm_idle_timeid;
8992 		un->un_pm_idle_timeid = NULL;
8993 		mutex_exit(&un->un_pm_mutex);
8994 
8995 		/*
8996 		 * Timeout is active; cancel it.
8997 		 * Note that it'll never be active on a device
8998 		 * that does not support PM therefore we don't
8999 		 * have to check before calling pm_idle_component.
9000 		 */
9001 		(void) untimeout(temp_id);
9002 		(void) pm_idle_component(SD_DEVINFO(un), 0);
9003 		mutex_enter(&un->un_pm_mutex);
9004 	}
9005 
9006 	/*
9007 	 * Check whether there is already a timeout scheduled for power
9008 	 * management. If yes then don't lower the power here, that's.
9009 	 * the timeout handler's job.
9010 	 */
9011 	if (un->un_pm_timeid != NULL) {
9012 		timeout_id_t temp_id = un->un_pm_timeid;
9013 		un->un_pm_timeid = NULL;
9014 		mutex_exit(&un->un_pm_mutex);
9015 		/*
9016 		 * Timeout is active; cancel it.
9017 		 * Note that it'll never be active on a device
9018 		 * that does not support PM therefore we don't
9019 		 * have to check before calling pm_idle_component.
9020 		 */
9021 		(void) untimeout(temp_id);
9022 		(void) pm_idle_component(SD_DEVINFO(un), 0);
9023 
9024 	} else {
9025 		mutex_exit(&un->un_pm_mutex);
9026 		if ((un->un_f_pm_is_enabled == TRUE) &&
9027 		    (pm_lower_power(SD_DEVINFO(un), 0, SD_SPINDLE_OFF) !=
9028 		    DDI_SUCCESS)) {
9029 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9030 		    "sd_dr_detach: Lower power request failed, ignoring.\n");
9031 			/*
9032 			 * Fix for bug: 4297749, item # 13
9033 			 * The above test now includes a check to see if PM is
9034 			 * supported by this device before call
9035 			 * pm_lower_power().
9036 			 * Note, the following is not dead code. The call to
9037 			 * pm_lower_power above will generate a call back into
9038 			 * our sdpower routine which might result in a timeout
9039 			 * handler getting activated. Therefore the following
9040 			 * code is valid and necessary.
9041 			 */
9042 			mutex_enter(&un->un_pm_mutex);
9043 			if (un->un_pm_timeid != NULL) {
9044 				timeout_id_t temp_id = un->un_pm_timeid;
9045 				un->un_pm_timeid = NULL;
9046 				mutex_exit(&un->un_pm_mutex);
9047 				(void) untimeout(temp_id);
9048 				(void) pm_idle_component(SD_DEVINFO(un), 0);
9049 			} else {
9050 				mutex_exit(&un->un_pm_mutex);
9051 			}
9052 		}
9053 	}
9054 
9055 	/*
9056 	 * Cleanup from the scsi_ifsetcap() calls (437868)
9057 	 * Relocated here from above to be after the call to
9058 	 * pm_lower_power, which was getting errors.
9059 	 */
9060 	(void) scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 0, 1);
9061 	(void) scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer", 0, 1);
9062 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
9063 
9064 	if (un->un_f_is_fibre == FALSE) {
9065 		(void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 0, 1);
9066 	}
9067 
9068 	/*
9069 	 * Remove any event callbacks, fibre only
9070 	 */
9071 	if (un->un_f_is_fibre == TRUE) {
9072 		if ((un->un_insert_event != NULL) &&
9073 			(ddi_remove_event_handler(un->un_insert_cb_id) !=
9074 				DDI_SUCCESS)) {
9075 			/*
9076 			 * Note: We are returning here after having done
9077 			 * substantial cleanup above. This is consistent
9078 			 * with the legacy implementation but this may not
9079 			 * be the right thing to do.
9080 			 */
9081 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9082 				"sd_dr_detach: Cannot cancel insert event\n");
9083 			goto err_remove_event;
9084 		}
9085 		un->un_insert_event = NULL;
9086 
9087 		if ((un->un_remove_event != NULL) &&
9088 			(ddi_remove_event_handler(un->un_remove_cb_id) !=
9089 				DDI_SUCCESS)) {
9090 			/*
9091 			 * Note: We are returning here after having done
9092 			 * substantial cleanup above. This is consistent
9093 			 * with the legacy implementation but this may not
9094 			 * be the right thing to do.
9095 			 */
9096 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9097 				"sd_dr_detach: Cannot cancel remove event\n");
9098 			goto err_remove_event;
9099 		}
9100 		un->un_remove_event = NULL;
9101 	}
9102 
9103 	/* Do not free the softstate if the callback routine is active */
9104 	sd_sync_with_callback(un);
9105 
9106 	/*
9107 	 * Hold the detach mutex here, to make sure that no other threads ever
9108 	 * can access a (partially) freed soft state structure.
9109 	 */
9110 	mutex_enter(&sd_detach_mutex);
9111 
9112 	/*
9113 	 * Clean up the soft state struct.
9114 	 * Cleanup is done in reverse order of allocs/inits.
9115 	 * At this point there should be no competing threads anymore.
9116 	 */
9117 
9118 	/* Unregister and free device id. */
9119 	ddi_devid_unregister(devi);
9120 	if (un->un_devid) {
9121 		ddi_devid_free(un->un_devid);
9122 		un->un_devid = NULL;
9123 	}
9124 
9125 	/*
9126 	 * Destroy wmap cache if it exists.
9127 	 */
9128 	if (un->un_wm_cache != NULL) {
9129 		kmem_cache_destroy(un->un_wm_cache);
9130 		un->un_wm_cache = NULL;
9131 	}
9132 
9133 	/* Remove minor nodes */
9134 	ddi_remove_minor_node(devi, NULL);
9135 
9136 	/*
9137 	 * kstat cleanup is done in detach for all device types (4363169).
9138 	 * We do not want to fail detach if the device kstats are not deleted
9139 	 * since there is a confusion about the devo_refcnt for the device.
9140 	 * We just delete the kstats and let detach complete successfully.
9141 	 */
9142 	if (un->un_stats != NULL) {
9143 		kstat_delete(un->un_stats);
9144 		un->un_stats = NULL;
9145 	}
9146 	if (un->un_errstats != NULL) {
9147 		kstat_delete(un->un_errstats);
9148 		un->un_errstats = NULL;
9149 	}
9150 
9151 	/* Remove partition stats (not created for removables) */
9152 	if (!ISREMOVABLE(un)) {
9153 		for (i = 0; i < NSDMAP; i++) {
9154 			if (un->un_pstats[i] != NULL) {
9155 				kstat_delete(un->un_pstats[i]);
9156 				un->un_pstats[i] = NULL;
9157 			}
9158 		}
9159 	}
9160 
9161 	/* Remove xbuf registration */
9162 	ddi_xbuf_attr_unregister_devinfo(un->un_xbuf_attr, devi);
9163 	ddi_xbuf_attr_destroy(un->un_xbuf_attr);
9164 
9165 	/* Remove driver properties */
9166 	ddi_prop_remove_all(devi);
9167 
9168 	mutex_destroy(&un->un_pm_mutex);
9169 	cv_destroy(&un->un_pm_busy_cv);
9170 
9171 	/* Open/close semaphore */
9172 	sema_destroy(&un->un_semoclose);
9173 
9174 	/* Removable media condvar. */
9175 	cv_destroy(&un->un_state_cv);
9176 
9177 	/* Suspend/resume condvar. */
9178 	cv_destroy(&un->un_suspend_cv);
9179 	cv_destroy(&un->un_disk_busy_cv);
9180 
9181 	sd_free_rqs(un);
9182 
9183 	/* Free up soft state */
9184 	devp->sd_private = NULL;
9185 	bzero(un, sizeof (struct sd_lun));
9186 	ddi_soft_state_free(sd_state, instance);
9187 
9188 	mutex_exit(&sd_detach_mutex);
9189 
9190 	/* This frees up the INQUIRY data associated with the device. */
9191 	scsi_unprobe(devp);
9192 
9193 	return (DDI_SUCCESS);
9194 
9195 err_notclosed:
9196 	mutex_exit(SD_MUTEX(un));
9197 
9198 err_stillbusy:
9199 	_NOTE(NO_COMPETING_THREADS_NOW);
9200 
9201 err_remove_event:
9202 	mutex_enter(&sd_detach_mutex);
9203 	un->un_detach_count--;
9204 	mutex_exit(&sd_detach_mutex);
9205 
9206 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_unit_detach: exit failure\n");
9207 	return (DDI_FAILURE);
9208 }
9209 
9210 
9211 /*
9212  * Driver minor node structure and data table
9213  */
9214 struct driver_minor_data {
9215 	char	*name;
9216 	minor_t	minor;
9217 	int	type;
9218 };
9219 
9220 static struct driver_minor_data sd_minor_data[] = {
9221 	{"a", 0, S_IFBLK},
9222 	{"b", 1, S_IFBLK},
9223 	{"c", 2, S_IFBLK},
9224 	{"d", 3, S_IFBLK},
9225 	{"e", 4, S_IFBLK},
9226 	{"f", 5, S_IFBLK},
9227 	{"g", 6, S_IFBLK},
9228 	{"h", 7, S_IFBLK},
9229 #if defined(_SUNOS_VTOC_16)
9230 	{"i", 8, S_IFBLK},
9231 	{"j", 9, S_IFBLK},
9232 	{"k", 10, S_IFBLK},
9233 	{"l", 11, S_IFBLK},
9234 	{"m", 12, S_IFBLK},
9235 	{"n", 13, S_IFBLK},
9236 	{"o", 14, S_IFBLK},
9237 	{"p", 15, S_IFBLK},
9238 #endif			/* defined(_SUNOS_VTOC_16) */
9239 #if defined(_FIRMWARE_NEEDS_FDISK)
9240 	{"q", 16, S_IFBLK},
9241 	{"r", 17, S_IFBLK},
9242 	{"s", 18, S_IFBLK},
9243 	{"t", 19, S_IFBLK},
9244 	{"u", 20, S_IFBLK},
9245 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9246 	{"a,raw", 0, S_IFCHR},
9247 	{"b,raw", 1, S_IFCHR},
9248 	{"c,raw", 2, S_IFCHR},
9249 	{"d,raw", 3, S_IFCHR},
9250 	{"e,raw", 4, S_IFCHR},
9251 	{"f,raw", 5, S_IFCHR},
9252 	{"g,raw", 6, S_IFCHR},
9253 	{"h,raw", 7, S_IFCHR},
9254 #if defined(_SUNOS_VTOC_16)
9255 	{"i,raw", 8, S_IFCHR},
9256 	{"j,raw", 9, S_IFCHR},
9257 	{"k,raw", 10, S_IFCHR},
9258 	{"l,raw", 11, S_IFCHR},
9259 	{"m,raw", 12, S_IFCHR},
9260 	{"n,raw", 13, S_IFCHR},
9261 	{"o,raw", 14, S_IFCHR},
9262 	{"p,raw", 15, S_IFCHR},
9263 #endif			/* defined(_SUNOS_VTOC_16) */
9264 #if defined(_FIRMWARE_NEEDS_FDISK)
9265 	{"q,raw", 16, S_IFCHR},
9266 	{"r,raw", 17, S_IFCHR},
9267 	{"s,raw", 18, S_IFCHR},
9268 	{"t,raw", 19, S_IFCHR},
9269 	{"u,raw", 20, S_IFCHR},
9270 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9271 	{0}
9272 };
9273 
9274 static struct driver_minor_data sd_minor_data_efi[] = {
9275 	{"a", 0, S_IFBLK},
9276 	{"b", 1, S_IFBLK},
9277 	{"c", 2, S_IFBLK},
9278 	{"d", 3, S_IFBLK},
9279 	{"e", 4, S_IFBLK},
9280 	{"f", 5, S_IFBLK},
9281 	{"g", 6, S_IFBLK},
9282 	{"wd", 7, S_IFBLK},
9283 #if defined(_FIRMWARE_NEEDS_FDISK)
9284 	{"q", 16, S_IFBLK},
9285 	{"r", 17, S_IFBLK},
9286 	{"s", 18, S_IFBLK},
9287 	{"t", 19, S_IFBLK},
9288 	{"u", 20, S_IFBLK},
9289 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9290 	{"a,raw", 0, S_IFCHR},
9291 	{"b,raw", 1, S_IFCHR},
9292 	{"c,raw", 2, S_IFCHR},
9293 	{"d,raw", 3, S_IFCHR},
9294 	{"e,raw", 4, S_IFCHR},
9295 	{"f,raw", 5, S_IFCHR},
9296 	{"g,raw", 6, S_IFCHR},
9297 	{"wd,raw", 7, S_IFCHR},
9298 #if defined(_FIRMWARE_NEEDS_FDISK)
9299 	{"q,raw", 16, S_IFCHR},
9300 	{"r,raw", 17, S_IFCHR},
9301 	{"s,raw", 18, S_IFCHR},
9302 	{"t,raw", 19, S_IFCHR},
9303 	{"u,raw", 20, S_IFCHR},
9304 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9305 	{0}
9306 };
9307 
9308 
9309 /*
9310  *    Function: sd_create_minor_nodes
9311  *
9312  * Description: Create the minor device nodes for the instance.
9313  *
9314  *   Arguments: un - driver soft state (unit) structure
9315  *		devi - pointer to device info structure
9316  *
9317  * Return Code: DDI_SUCCESS
9318  *		DDI_FAILURE
9319  *
9320  *     Context: Kernel thread context
9321  */
9322 
9323 static int
9324 sd_create_minor_nodes(struct sd_lun *un, dev_info_t *devi)
9325 {
9326 	struct driver_minor_data	*dmdp;
9327 	struct scsi_device		*devp;
9328 	int				instance;
9329 	char				name[48];
9330 
9331 	ASSERT(un != NULL);
9332 	devp = ddi_get_driver_private(devi);
9333 	instance = ddi_get_instance(devp->sd_dev);
9334 
9335 	/*
9336 	 * Create all the minor nodes for this target.
9337 	 */
9338 	if (un->un_blockcount > DK_MAX_BLOCKS)
9339 		dmdp = sd_minor_data_efi;
9340 	else
9341 		dmdp = sd_minor_data;
9342 	while (dmdp->name != NULL) {
9343 
9344 		(void) sprintf(name, "%s", dmdp->name);
9345 
9346 		if (ddi_create_minor_node(devi, name, dmdp->type,
9347 		    (instance << SDUNIT_SHIFT) | dmdp->minor,
9348 		    un->un_node_type, NULL) == DDI_FAILURE) {
9349 			/*
9350 			 * Clean up any nodes that may have been created, in
9351 			 * case this fails in the middle of the loop.
9352 			 */
9353 			ddi_remove_minor_node(devi, NULL);
9354 			return (DDI_FAILURE);
9355 		}
9356 		dmdp++;
9357 	}
9358 
9359 	return (DDI_SUCCESS);
9360 }
9361 
9362 
9363 /*
9364  *    Function: sd_create_errstats
9365  *
9366  * Description: This routine instantiates the device error stats.
9367  *
9368  *		Note: During attach the stats are instantiated first so they are
9369  *		available for attach-time routines that utilize the driver
9370  *		iopath to send commands to the device. The stats are initialized
9371  *		separately so data obtained during some attach-time routines is
9372  *		available. (4362483)
9373  *
9374  *   Arguments: un - driver soft state (unit) structure
9375  *		instance - driver instance
9376  *
9377  *     Context: Kernel thread context
9378  */
9379 
9380 static void
9381 sd_create_errstats(struct sd_lun *un, int instance)
9382 {
9383 	struct	sd_errstats	*stp;
9384 	char	kstatmodule_err[KSTAT_STRLEN];
9385 	char	kstatname[KSTAT_STRLEN];
9386 	int	ndata = (sizeof (struct sd_errstats) / sizeof (kstat_named_t));
9387 
9388 	ASSERT(un != NULL);
9389 
9390 	if (un->un_errstats != NULL) {
9391 		return;
9392 	}
9393 
9394 	(void) snprintf(kstatmodule_err, sizeof (kstatmodule_err),
9395 	    "%serr", sd_label);
9396 	(void) snprintf(kstatname, sizeof (kstatname),
9397 	    "%s%d,err", sd_label, instance);
9398 
9399 	un->un_errstats = kstat_create(kstatmodule_err, instance, kstatname,
9400 	    "device_error", KSTAT_TYPE_NAMED, ndata, KSTAT_FLAG_PERSISTENT);
9401 
9402 	if (un->un_errstats == NULL) {
9403 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9404 		    "sd_create_errstats: Failed kstat_create\n");
9405 		return;
9406 	}
9407 
9408 	stp = (struct sd_errstats *)un->un_errstats->ks_data;
9409 	kstat_named_init(&stp->sd_softerrs,	"Soft Errors",
9410 	    KSTAT_DATA_UINT32);
9411 	kstat_named_init(&stp->sd_harderrs,	"Hard Errors",
9412 	    KSTAT_DATA_UINT32);
9413 	kstat_named_init(&stp->sd_transerrs,	"Transport Errors",
9414 	    KSTAT_DATA_UINT32);
9415 	kstat_named_init(&stp->sd_vid,		"Vendor",
9416 	    KSTAT_DATA_CHAR);
9417 	kstat_named_init(&stp->sd_pid,		"Product",
9418 	    KSTAT_DATA_CHAR);
9419 	kstat_named_init(&stp->sd_revision,	"Revision",
9420 	    KSTAT_DATA_CHAR);
9421 	kstat_named_init(&stp->sd_serial,	"Serial No",
9422 	    KSTAT_DATA_CHAR);
9423 	kstat_named_init(&stp->sd_capacity,	"Size",
9424 	    KSTAT_DATA_ULONGLONG);
9425 	kstat_named_init(&stp->sd_rq_media_err,	"Media Error",
9426 	    KSTAT_DATA_UINT32);
9427 	kstat_named_init(&stp->sd_rq_ntrdy_err,	"Device Not Ready",
9428 	    KSTAT_DATA_UINT32);
9429 	kstat_named_init(&stp->sd_rq_nodev_err,	"No Device",
9430 	    KSTAT_DATA_UINT32);
9431 	kstat_named_init(&stp->sd_rq_recov_err,	"Recoverable",
9432 	    KSTAT_DATA_UINT32);
9433 	kstat_named_init(&stp->sd_rq_illrq_err,	"Illegal Request",
9434 	    KSTAT_DATA_UINT32);
9435 	kstat_named_init(&stp->sd_rq_pfa_err,	"Predictive Failure Analysis",
9436 	    KSTAT_DATA_UINT32);
9437 
9438 	un->un_errstats->ks_private = un;
9439 	un->un_errstats->ks_update  = nulldev;
9440 
9441 	kstat_install(un->un_errstats);
9442 }
9443 
9444 
9445 /*
9446  *    Function: sd_set_errstats
9447  *
9448  * Description: This routine sets the value of the vendor id, product id,
9449  *		revision, serial number, and capacity device error stats.
9450  *
9451  *		Note: During attach the stats are instantiated first so they are
9452  *		available for attach-time routines that utilize the driver
9453  *		iopath to send commands to the device. The stats are initialized
9454  *		separately so data obtained during some attach-time routines is
9455  *		available. (4362483)
9456  *
9457  *   Arguments: un - driver soft state (unit) structure
9458  *
9459  *     Context: Kernel thread context
9460  */
9461 
9462 static void
9463 sd_set_errstats(struct sd_lun *un)
9464 {
9465 	struct	sd_errstats	*stp;
9466 
9467 	ASSERT(un != NULL);
9468 	ASSERT(un->un_errstats != NULL);
9469 	stp = (struct sd_errstats *)un->un_errstats->ks_data;
9470 	ASSERT(stp != NULL);
9471 	(void) strncpy(stp->sd_vid.value.c, un->un_sd->sd_inq->inq_vid, 8);
9472 	(void) strncpy(stp->sd_pid.value.c, un->un_sd->sd_inq->inq_pid, 16);
9473 	(void) strncpy(stp->sd_revision.value.c,
9474 	    un->un_sd->sd_inq->inq_revision, 4);
9475 
9476 	/*
9477 	 * Set the "Serial No" kstat for Sun qualified drives (indicated by
9478 	 * "SUN" in bytes 25-27 of the inquiry data (bytes 9-11 of the pid)
9479 	 * (4376302))
9480 	 */
9481 	if (bcmp(&SD_INQUIRY(un)->inq_pid[9], "SUN", 3) == 0) {
9482 		bcopy(&SD_INQUIRY(un)->inq_serial, stp->sd_serial.value.c,
9483 		    sizeof (SD_INQUIRY(un)->inq_serial));
9484 	}
9485 
9486 	if (un->un_f_blockcount_is_valid != TRUE) {
9487 		/*
9488 		 * Set capacity error stat to 0 for no media. This ensures
9489 		 * a valid capacity is displayed in response to 'iostat -E'
9490 		 * when no media is present in the device.
9491 		 */
9492 		stp->sd_capacity.value.ui64 = 0;
9493 	} else {
9494 		/*
9495 		 * Multiply un_blockcount by un->un_sys_blocksize to get
9496 		 * capacity.
9497 		 *
9498 		 * Note: for non-512 blocksize devices "un_blockcount" has been
9499 		 * "scaled" in sd_send_scsi_READ_CAPACITY by multiplying by
9500 		 * (un_tgt_blocksize / un->un_sys_blocksize).
9501 		 */
9502 		stp->sd_capacity.value.ui64 = (uint64_t)
9503 		    ((uint64_t)un->un_blockcount * un->un_sys_blocksize);
9504 	}
9505 }
9506 
9507 
9508 /*
9509  *    Function: sd_set_pstats
9510  *
9511  * Description: This routine instantiates and initializes the partition
9512  *              stats for each partition with more than zero blocks.
9513  *		(4363169)
9514  *
9515  *   Arguments: un - driver soft state (unit) structure
9516  *
9517  *     Context: Kernel thread context
9518  */
9519 
9520 static void
9521 sd_set_pstats(struct sd_lun *un)
9522 {
9523 	char	kstatname[KSTAT_STRLEN];
9524 	int	instance;
9525 	int	i;
9526 
9527 	ASSERT(un != NULL);
9528 
9529 	instance = ddi_get_instance(SD_DEVINFO(un));
9530 
9531 	/* Note:x86: is this a VTOC8/VTOC16 difference? */
9532 	for (i = 0; i < NSDMAP; i++) {
9533 		if ((un->un_pstats[i] == NULL) &&
9534 		    (un->un_map[i].dkl_nblk != 0)) {
9535 			(void) snprintf(kstatname, sizeof (kstatname),
9536 			    "%s%d,%s", sd_label, instance,
9537 			    sd_minor_data[i].name);
9538 			un->un_pstats[i] = kstat_create(sd_label,
9539 			    instance, kstatname, "partition", KSTAT_TYPE_IO,
9540 			    1, KSTAT_FLAG_PERSISTENT);
9541 			if (un->un_pstats[i] != NULL) {
9542 				un->un_pstats[i]->ks_lock = SD_MUTEX(un);
9543 				kstat_install(un->un_pstats[i]);
9544 			}
9545 		}
9546 	}
9547 }
9548 
9549 
9550 #if (defined(__fibre))
9551 /*
9552  *    Function: sd_init_event_callbacks
9553  *
9554  * Description: This routine initializes the insertion and removal event
9555  *		callbacks. (fibre only)
9556  *
9557  *   Arguments: un - driver soft state (unit) structure
9558  *
9559  *     Context: Kernel thread context
9560  */
9561 
9562 static void
9563 sd_init_event_callbacks(struct sd_lun *un)
9564 {
9565 	ASSERT(un != NULL);
9566 
9567 	if ((un->un_insert_event == NULL) &&
9568 	    (ddi_get_eventcookie(SD_DEVINFO(un), FCAL_INSERT_EVENT,
9569 	    &un->un_insert_event) == DDI_SUCCESS)) {
9570 		/*
9571 		 * Add the callback for an insertion event
9572 		 */
9573 		(void) ddi_add_event_handler(SD_DEVINFO(un),
9574 		    un->un_insert_event, sd_event_callback, (void *)un,
9575 		    &(un->un_insert_cb_id));
9576 	}
9577 
9578 	if ((un->un_remove_event == NULL) &&
9579 	    (ddi_get_eventcookie(SD_DEVINFO(un), FCAL_REMOVE_EVENT,
9580 	    &un->un_remove_event) == DDI_SUCCESS)) {
9581 		/*
9582 		 * Add the callback for a removal event
9583 		 */
9584 		(void) ddi_add_event_handler(SD_DEVINFO(un),
9585 		    un->un_remove_event, sd_event_callback, (void *)un,
9586 		    &(un->un_remove_cb_id));
9587 	}
9588 }
9589 
9590 
9591 /*
9592  *    Function: sd_event_callback
9593  *
9594  * Description: This routine handles insert/remove events (photon). The
9595  *		state is changed to OFFLINE which can be used to supress
9596  *		error msgs. (fibre only)
9597  *
9598  *   Arguments: un - driver soft state (unit) structure
9599  *
9600  *     Context: Callout thread context
9601  */
9602 /* ARGSUSED */
9603 static void
9604 sd_event_callback(dev_info_t *dip, ddi_eventcookie_t event, void *arg,
9605     void *bus_impldata)
9606 {
9607 	struct sd_lun *un = (struct sd_lun *)arg;
9608 
9609 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_insert_event));
9610 	if (event == un->un_insert_event) {
9611 		SD_TRACE(SD_LOG_COMMON, un, "sd_event_callback: insert event");
9612 		mutex_enter(SD_MUTEX(un));
9613 		if (un->un_state == SD_STATE_OFFLINE) {
9614 			if (un->un_last_state != SD_STATE_SUSPENDED) {
9615 				un->un_state = un->un_last_state;
9616 			} else {
9617 				/*
9618 				 * We have gone through SUSPEND/RESUME while
9619 				 * we were offline. Restore the last state
9620 				 */
9621 				un->un_state = un->un_save_state;
9622 			}
9623 		}
9624 		mutex_exit(SD_MUTEX(un));
9625 
9626 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_remove_event));
9627 	} else if (event == un->un_remove_event) {
9628 		SD_TRACE(SD_LOG_COMMON, un, "sd_event_callback: remove event");
9629 		mutex_enter(SD_MUTEX(un));
9630 		/*
9631 		 * We need to handle an event callback that occurs during
9632 		 * the suspend operation, since we don't prevent it.
9633 		 */
9634 		if (un->un_state != SD_STATE_OFFLINE) {
9635 			if (un->un_state != SD_STATE_SUSPENDED) {
9636 				New_state(un, SD_STATE_OFFLINE);
9637 			} else {
9638 				un->un_last_state = SD_STATE_OFFLINE;
9639 			}
9640 		}
9641 		mutex_exit(SD_MUTEX(un));
9642 	} else {
9643 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
9644 		    "!Unknown event\n");
9645 	}
9646 
9647 }
9648 #endif
9649 
9650 
9651 /*
9652  *    Function: sd_disable_caching()
9653  *
9654  * Description: This routine is the driver entry point for disabling
9655  *		read and write caching by modifying the WCE (write cache
9656  *		enable) and RCD (read cache disable) bits of mode
9657  *		page 8 (MODEPAGE_CACHING).
9658  *
9659  *   Arguments: un - driver soft state (unit) structure
9660  *
9661  * Return Code: EIO
9662  *		code returned by sd_send_scsi_MODE_SENSE and
9663  *		sd_send_scsi_MODE_SELECT
9664  *
9665  *     Context: Kernel Thread
9666  */
9667 
9668 static int
9669 sd_disable_caching(struct sd_lun *un)
9670 {
9671 	struct mode_caching	*mode_caching_page;
9672 	uchar_t			*header;
9673 	size_t			buflen;
9674 	int			hdrlen;
9675 	int			bd_len;
9676 	int			rval = 0;
9677 
9678 	ASSERT(un != NULL);
9679 
9680 	/*
9681 	 * Do a test unit ready, otherwise a mode sense may not work if this
9682 	 * is the first command sent to the device after boot.
9683 	 */
9684 	(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
9685 
9686 	if (un->un_f_cfg_is_atapi == TRUE) {
9687 		hdrlen = MODE_HEADER_LENGTH_GRP2;
9688 	} else {
9689 		hdrlen = MODE_HEADER_LENGTH;
9690 	}
9691 
9692 	/*
9693 	 * Allocate memory for the retrieved mode page and its headers.  Set
9694 	 * a pointer to the page itself.
9695 	 */
9696 	buflen = hdrlen + MODE_BLK_DESC_LENGTH + sizeof (struct mode_caching);
9697 	header = kmem_zalloc(buflen, KM_SLEEP);
9698 
9699 	/* Get the information from the device. */
9700 	if (un->un_f_cfg_is_atapi == TRUE) {
9701 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, header, buflen,
9702 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9703 	} else {
9704 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
9705 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9706 	}
9707 	if (rval != 0) {
9708 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
9709 		    "sd_disable_caching: Mode Sense Failed\n");
9710 		kmem_free(header, buflen);
9711 		return (rval);
9712 	}
9713 
9714 	/*
9715 	 * Determine size of Block Descriptors in order to locate
9716 	 * the mode page data. ATAPI devices return 0, SCSI devices
9717 	 * should return MODE_BLK_DESC_LENGTH.
9718 	 */
9719 	if (un->un_f_cfg_is_atapi == TRUE) {
9720 		struct mode_header_grp2	*mhp;
9721 		mhp	= (struct mode_header_grp2 *)header;
9722 		bd_len  = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
9723 	} else {
9724 		bd_len  = ((struct mode_header *)header)->bdesc_length;
9725 	}
9726 
9727 	if (bd_len > MODE_BLK_DESC_LENGTH) {
9728 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
9729 		    "sd_disable_caching: Mode Sense returned invalid "
9730 		    "block descriptor length\n");
9731 		kmem_free(header, buflen);
9732 		return (EIO);
9733 	}
9734 
9735 	mode_caching_page = (struct mode_caching *)(header + hdrlen + bd_len);
9736 
9737 	/* Check the relevant bits on successful mode sense. */
9738 	if ((mode_caching_page->wce) || !(mode_caching_page->rcd)) {
9739 		/*
9740 		 * Read or write caching is enabled.  Disable both of them.
9741 		 */
9742 		mode_caching_page->wce = 0;
9743 		mode_caching_page->rcd = 1;
9744 
9745 		/* Clear reserved bits before mode select. */
9746 		mode_caching_page->mode_page.ps = 0;
9747 
9748 		/*
9749 		 * Clear out mode header for mode select.
9750 		 * The rest of the retrieved page will be reused.
9751 		 */
9752 		bzero(header, hdrlen);
9753 
9754 		/* Change the cache page to disable all caching. */
9755 		if (un->un_f_cfg_is_atapi == TRUE) {
9756 			rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP1, header,
9757 			    buflen, SD_SAVE_PAGE, SD_PATH_DIRECT);
9758 		} else {
9759 			rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, header,
9760 			    buflen, SD_SAVE_PAGE, SD_PATH_DIRECT);
9761 		}
9762 	}
9763 
9764 	kmem_free(header, buflen);
9765 	return (rval);
9766 }
9767 
9768 
9769 /*
9770  *    Function: sd_get_write_cache_enabled()
9771  *
9772  * Description: This routine is the driver entry point for determining if
9773  *		write caching is enabled.  It examines the WCE (write cache
9774  *		enable) bits of mode page 8 (MODEPAGE_CACHING).
9775  *
9776  *   Arguments: un - driver soft state (unit) structure
9777  *   		is_enabled - pointer to int where write cache enabled state
9778  *   			is returned (non-zero -> write cache enabled)
9779  *
9780  *
9781  * Return Code: EIO
9782  *		code returned by sd_send_scsi_MODE_SENSE
9783  *
9784  *     Context: Kernel Thread
9785  *
9786  * NOTE: If ioctl is added to disable write cache, this sequence should
9787  * be followed so that no locking is required for accesses to
9788  * un->un_f_write_cache_enabled:
9789  * 	do mode select to clear wce
9790  * 	do synchronize cache to flush cache
9791  * 	set un->un_f_write_cache_enabled = FALSE
9792  *
9793  * Conversely, an ioctl to enable the write cache should be done
9794  * in this order:
9795  * 	set un->un_f_write_cache_enabled = TRUE
9796  * 	do mode select to set wce
9797  */
9798 
9799 static int
9800 sd_get_write_cache_enabled(struct sd_lun *un, int *is_enabled)
9801 {
9802 	struct mode_caching	*mode_caching_page;
9803 	uchar_t			*header;
9804 	size_t			buflen;
9805 	int			hdrlen;
9806 	int			bd_len;
9807 	int			rval = 0;
9808 
9809 	ASSERT(un != NULL);
9810 	ASSERT(is_enabled != NULL);
9811 
9812 	/* in case of error, flag as enabled */
9813 	*is_enabled = TRUE;
9814 
9815 	/*
9816 	 * Do a test unit ready, otherwise a mode sense may not work if this
9817 	 * is the first command sent to the device after boot.
9818 	 */
9819 	(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
9820 
9821 	if (un->un_f_cfg_is_atapi == TRUE) {
9822 		hdrlen = MODE_HEADER_LENGTH_GRP2;
9823 	} else {
9824 		hdrlen = MODE_HEADER_LENGTH;
9825 	}
9826 
9827 	/*
9828 	 * Allocate memory for the retrieved mode page and its headers.  Set
9829 	 * a pointer to the page itself.
9830 	 */
9831 	buflen = hdrlen + MODE_BLK_DESC_LENGTH + sizeof (struct mode_caching);
9832 	header = kmem_zalloc(buflen, KM_SLEEP);
9833 
9834 	/* Get the information from the device. */
9835 	if (un->un_f_cfg_is_atapi == TRUE) {
9836 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, header, buflen,
9837 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9838 	} else {
9839 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
9840 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9841 	}
9842 	if (rval != 0) {
9843 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
9844 		    "sd_get_write_cache_enabled: Mode Sense Failed\n");
9845 		kmem_free(header, buflen);
9846 		return (rval);
9847 	}
9848 
9849 	/*
9850 	 * Determine size of Block Descriptors in order to locate
9851 	 * the mode page data. ATAPI devices return 0, SCSI devices
9852 	 * should return MODE_BLK_DESC_LENGTH.
9853 	 */
9854 	if (un->un_f_cfg_is_atapi == TRUE) {
9855 		struct mode_header_grp2	*mhp;
9856 		mhp	= (struct mode_header_grp2 *)header;
9857 		bd_len  = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
9858 	} else {
9859 		bd_len  = ((struct mode_header *)header)->bdesc_length;
9860 	}
9861 
9862 	if (bd_len > MODE_BLK_DESC_LENGTH) {
9863 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
9864 		    "sd_get_write_cache_enabled: Mode Sense returned invalid "
9865 		    "block descriptor length\n");
9866 		kmem_free(header, buflen);
9867 		return (EIO);
9868 	}
9869 
9870 	mode_caching_page = (struct mode_caching *)(header + hdrlen + bd_len);
9871 	*is_enabled = mode_caching_page->wce;
9872 
9873 	kmem_free(header, buflen);
9874 	return (0);
9875 }
9876 
9877 
9878 /*
9879  *    Function: sd_make_device
9880  *
9881  * Description: Utility routine to return the Solaris device number from
9882  *		the data in the device's dev_info structure.
9883  *
9884  * Return Code: The Solaris device number
9885  *
9886  *     Context: Any
9887  */
9888 
9889 static dev_t
9890 sd_make_device(dev_info_t *devi)
9891 {
9892 	return (makedevice(ddi_name_to_major(ddi_get_name(devi)),
9893 	    ddi_get_instance(devi) << SDUNIT_SHIFT));
9894 }
9895 
9896 
9897 /*
9898  *    Function: sd_pm_entry
9899  *
9900  * Description: Called at the start of a new command to manage power
9901  *		and busy status of a device. This includes determining whether
9902  *		the current power state of the device is sufficient for
9903  *		performing the command or whether it must be changed.
9904  *		The PM framework is notified appropriately.
9905  *		Only with a return status of DDI_SUCCESS will the
9906  *		component be busy to the framework.
9907  *
9908  *		All callers of sd_pm_entry must check the return status
9909  *		and only call sd_pm_exit it it was DDI_SUCCESS. A status
9910  *		of DDI_FAILURE indicates the device failed to power up.
9911  *		In this case un_pm_count has been adjusted so the result
9912  *		on exit is still powered down, ie. count is less than 0.
9913  *		Calling sd_pm_exit with this count value hits an ASSERT.
9914  *
9915  * Return Code: DDI_SUCCESS or DDI_FAILURE
9916  *
9917  *     Context: Kernel thread context.
9918  */
9919 
9920 static int
9921 sd_pm_entry(struct sd_lun *un)
9922 {
9923 	int return_status = DDI_SUCCESS;
9924 
9925 	ASSERT(!mutex_owned(SD_MUTEX(un)));
9926 	ASSERT(!mutex_owned(&un->un_pm_mutex));
9927 
9928 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_entry: entry\n");
9929 
9930 	if (un->un_f_pm_is_enabled == FALSE) {
9931 		SD_TRACE(SD_LOG_IO_PM, un,
9932 		    "sd_pm_entry: exiting, PM not enabled\n");
9933 		return (return_status);
9934 	}
9935 
9936 	/*
9937 	 * Just increment a counter if PM is enabled. On the transition from
9938 	 * 0 ==> 1, mark the device as busy.  The iodone side will decrement
9939 	 * the count with each IO and mark the device as idle when the count
9940 	 * hits 0.
9941 	 *
9942 	 * If the count is less than 0 the device is powered down. If a powered
9943 	 * down device is successfully powered up then the count must be
9944 	 * incremented to reflect the power up. Note that it'll get incremented
9945 	 * a second time to become busy.
9946 	 *
9947 	 * Because the following has the potential to change the device state
9948 	 * and must release the un_pm_mutex to do so, only one thread can be
9949 	 * allowed through at a time.
9950 	 */
9951 
9952 	mutex_enter(&un->un_pm_mutex);
9953 	while (un->un_pm_busy == TRUE) {
9954 		cv_wait(&un->un_pm_busy_cv, &un->un_pm_mutex);
9955 	}
9956 	un->un_pm_busy = TRUE;
9957 
9958 	if (un->un_pm_count < 1) {
9959 
9960 		SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_entry: busy component\n");
9961 
9962 		/*
9963 		 * Indicate we are now busy so the framework won't attempt to
9964 		 * power down the device. This call will only fail if either
9965 		 * we passed a bad component number or the device has no
9966 		 * components. Neither of these should ever happen.
9967 		 */
9968 		mutex_exit(&un->un_pm_mutex);
9969 		return_status = pm_busy_component(SD_DEVINFO(un), 0);
9970 		ASSERT(return_status == DDI_SUCCESS);
9971 
9972 		mutex_enter(&un->un_pm_mutex);
9973 
9974 		if (un->un_pm_count < 0) {
9975 			mutex_exit(&un->un_pm_mutex);
9976 
9977 			SD_TRACE(SD_LOG_IO_PM, un,
9978 			    "sd_pm_entry: power up component\n");
9979 
9980 			/*
9981 			 * pm_raise_power will cause sdpower to be called
9982 			 * which brings the device power level to the
9983 			 * desired state, ON in this case. If successful,
9984 			 * un_pm_count and un_power_level will be updated
9985 			 * appropriately.
9986 			 */
9987 			return_status = pm_raise_power(SD_DEVINFO(un), 0,
9988 			    SD_SPINDLE_ON);
9989 
9990 			mutex_enter(&un->un_pm_mutex);
9991 
9992 			if (return_status != DDI_SUCCESS) {
9993 				/*
9994 				 * Power up failed.
9995 				 * Idle the device and adjust the count
9996 				 * so the result on exit is that we're
9997 				 * still powered down, ie. count is less than 0.
9998 				 */
9999 				SD_TRACE(SD_LOG_IO_PM, un,
10000 				    "sd_pm_entry: power up failed,"
10001 				    " idle the component\n");
10002 
10003 				(void) pm_idle_component(SD_DEVINFO(un), 0);
10004 				un->un_pm_count--;
10005 			} else {
10006 				/*
10007 				 * Device is powered up, verify the
10008 				 * count is non-negative.
10009 				 * This is debug only.
10010 				 */
10011 				ASSERT(un->un_pm_count == 0);
10012 			}
10013 		}
10014 
10015 		if (return_status == DDI_SUCCESS) {
10016 			/*
10017 			 * For performance, now that the device has been tagged
10018 			 * as busy, and it's known to be powered up, update the
10019 			 * chain types to use jump tables that do not include
10020 			 * pm. This significantly lowers the overhead and
10021 			 * therefore improves performance.
10022 			 */
10023 
10024 			mutex_exit(&un->un_pm_mutex);
10025 			mutex_enter(SD_MUTEX(un));
10026 			SD_TRACE(SD_LOG_IO_PM, un,
10027 			    "sd_pm_entry: changing uscsi_chain_type from %d\n",
10028 			    un->un_uscsi_chain_type);
10029 
10030 			if (ISREMOVABLE(un)) {
10031 				un->un_buf_chain_type =
10032 				    SD_CHAIN_INFO_RMMEDIA_NO_PM;
10033 			} else {
10034 				un->un_buf_chain_type =
10035 				    SD_CHAIN_INFO_DISK_NO_PM;
10036 			}
10037 			un->un_uscsi_chain_type = SD_CHAIN_INFO_USCSI_CMD_NO_PM;
10038 
10039 			SD_TRACE(SD_LOG_IO_PM, un,
10040 			    "             changed  uscsi_chain_type to   %d\n",
10041 			    un->un_uscsi_chain_type);
10042 			mutex_exit(SD_MUTEX(un));
10043 			mutex_enter(&un->un_pm_mutex);
10044 
10045 			if (un->un_pm_idle_timeid == NULL) {
10046 				/* 300 ms. */
10047 				un->un_pm_idle_timeid =
10048 				    timeout(sd_pm_idletimeout_handler, un,
10049 				    (drv_usectohz((clock_t)300000)));
10050 				/*
10051 				 * Include an extra call to busy which keeps the
10052 				 * device busy with-respect-to the PM layer
10053 				 * until the timer fires, at which time it'll
10054 				 * get the extra idle call.
10055 				 */
10056 				(void) pm_busy_component(SD_DEVINFO(un), 0);
10057 			}
10058 		}
10059 	}
10060 	un->un_pm_busy = FALSE;
10061 	/* Next... */
10062 	cv_signal(&un->un_pm_busy_cv);
10063 
10064 	un->un_pm_count++;
10065 
10066 	SD_TRACE(SD_LOG_IO_PM, un,
10067 	    "sd_pm_entry: exiting, un_pm_count = %d\n", un->un_pm_count);
10068 
10069 	mutex_exit(&un->un_pm_mutex);
10070 
10071 	return (return_status);
10072 }
10073 
10074 
10075 /*
10076  *    Function: sd_pm_exit
10077  *
10078  * Description: Called at the completion of a command to manage busy
10079  *		status for the device. If the device becomes idle the
10080  *		PM framework is notified.
10081  *
10082  *     Context: Kernel thread context
10083  */
10084 
10085 static void
10086 sd_pm_exit(struct sd_lun *un)
10087 {
10088 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10089 	ASSERT(!mutex_owned(&un->un_pm_mutex));
10090 
10091 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_exit: entry\n");
10092 
10093 	/*
10094 	 * After attach the following flag is only read, so don't
10095 	 * take the penalty of acquiring a mutex for it.
10096 	 */
10097 	if (un->un_f_pm_is_enabled == TRUE) {
10098 
10099 		mutex_enter(&un->un_pm_mutex);
10100 		un->un_pm_count--;
10101 
10102 		SD_TRACE(SD_LOG_IO_PM, un,
10103 		    "sd_pm_exit: un_pm_count = %d\n", un->un_pm_count);
10104 
10105 		ASSERT(un->un_pm_count >= 0);
10106 		if (un->un_pm_count == 0) {
10107 			mutex_exit(&un->un_pm_mutex);
10108 
10109 			SD_TRACE(SD_LOG_IO_PM, un,
10110 			    "sd_pm_exit: idle component\n");
10111 
10112 			(void) pm_idle_component(SD_DEVINFO(un), 0);
10113 
10114 		} else {
10115 			mutex_exit(&un->un_pm_mutex);
10116 		}
10117 	}
10118 
10119 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_exit: exiting\n");
10120 }
10121 
10122 
10123 /*
10124  *    Function: sdopen
10125  *
10126  * Description: Driver's open(9e) entry point function.
10127  *
10128  *   Arguments: dev_i   - pointer to device number
10129  *		flag    - how to open file (FEXCL, FNDELAY, FREAD, FWRITE)
10130  *		otyp    - open type (OTYP_BLK, OTYP_CHR, OTYP_LYR)
10131  *		cred_p  - user credential pointer
10132  *
10133  * Return Code: EINVAL
10134  *		ENXIO
10135  *		EIO
10136  *		EROFS
10137  *		EBUSY
10138  *
10139  *     Context: Kernel thread context
10140  */
10141 /* ARGSUSED */
10142 static int
10143 sdopen(dev_t *dev_p, int flag, int otyp, cred_t *cred_p)
10144 {
10145 	struct sd_lun	*un;
10146 	int		nodelay;
10147 	int		part;
10148 	uint64_t	partmask;
10149 	int		instance;
10150 	dev_t		dev;
10151 	int		rval = EIO;
10152 
10153 	/* Validate the open type */
10154 	if (otyp >= OTYPCNT) {
10155 		return (EINVAL);
10156 	}
10157 
10158 	dev = *dev_p;
10159 	instance = SDUNIT(dev);
10160 	mutex_enter(&sd_detach_mutex);
10161 
10162 	/*
10163 	 * Fail the open if there is no softstate for the instance, or
10164 	 * if another thread somewhere is trying to detach the instance.
10165 	 */
10166 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
10167 	    (un->un_detach_count != 0)) {
10168 		mutex_exit(&sd_detach_mutex);
10169 		/*
10170 		 * The probe cache only needs to be cleared when open (9e) fails
10171 		 * with ENXIO (4238046).
10172 		 */
10173 		/*
10174 		 * un-conditionally clearing probe cache is ok with
10175 		 * separate sd/ssd binaries
10176 		 * x86 platform can be an issue with both parallel
10177 		 * and fibre in 1 binary
10178 		 */
10179 		sd_scsi_clear_probe_cache();
10180 		return (ENXIO);
10181 	}
10182 
10183 	/*
10184 	 * The un_layer_count is to prevent another thread in specfs from
10185 	 * trying to detach the instance, which can happen when we are
10186 	 * called from a higher-layer driver instead of thru specfs.
10187 	 * This will not be needed when DDI provides a layered driver
10188 	 * interface that allows specfs to know that an instance is in
10189 	 * use by a layered driver & should not be detached.
10190 	 *
10191 	 * Note: the semantics for layered driver opens are exactly one
10192 	 * close for every open.
10193 	 */
10194 	if (otyp == OTYP_LYR) {
10195 		un->un_layer_count++;
10196 	}
10197 
10198 	/*
10199 	 * Keep a count of the current # of opens in progress. This is because
10200 	 * some layered drivers try to call us as a regular open. This can
10201 	 * cause problems that we cannot prevent, however by keeping this count
10202 	 * we can at least keep our open and detach routines from racing against
10203 	 * each other under such conditions.
10204 	 */
10205 	un->un_opens_in_progress++;
10206 	mutex_exit(&sd_detach_mutex);
10207 
10208 	nodelay  = (flag & (FNDELAY | FNONBLOCK));
10209 	part	 = SDPART(dev);
10210 	partmask = 1 << part;
10211 
10212 	/*
10213 	 * We use a semaphore here in order to serialize
10214 	 * open and close requests on the device.
10215 	 */
10216 	sema_p(&un->un_semoclose);
10217 
10218 	mutex_enter(SD_MUTEX(un));
10219 
10220 	/*
10221 	 * All device accesses go thru sdstrategy() where we check
10222 	 * on suspend status but there could be a scsi_poll command,
10223 	 * which bypasses sdstrategy(), so we need to check pm
10224 	 * status.
10225 	 */
10226 
10227 	if (!nodelay) {
10228 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10229 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10230 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10231 		}
10232 
10233 		mutex_exit(SD_MUTEX(un));
10234 		if (sd_pm_entry(un) != DDI_SUCCESS) {
10235 			rval = EIO;
10236 			SD_ERROR(SD_LOG_OPEN_CLOSE, un,
10237 			    "sdopen: sd_pm_entry failed\n");
10238 			goto open_failed_with_pm;
10239 		}
10240 		mutex_enter(SD_MUTEX(un));
10241 	}
10242 
10243 	/* check for previous exclusive open */
10244 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: un=%p\n", (void *)un);
10245 	SD_TRACE(SD_LOG_OPEN_CLOSE, un,
10246 	    "sdopen: exclopen=%x, flag=%x, regopen=%x\n",
10247 	    un->un_exclopen, flag, un->un_ocmap.regopen[otyp]);
10248 
10249 	if (un->un_exclopen & (partmask)) {
10250 		goto excl_open_fail;
10251 	}
10252 
10253 	if (flag & FEXCL) {
10254 		int i;
10255 		if (un->un_ocmap.lyropen[part]) {
10256 			goto excl_open_fail;
10257 		}
10258 		for (i = 0; i < (OTYPCNT - 1); i++) {
10259 			if (un->un_ocmap.regopen[i] & (partmask)) {
10260 				goto excl_open_fail;
10261 			}
10262 		}
10263 	}
10264 
10265 	/*
10266 	 * Check the write permission if this is a removable media device,
10267 	 * NDELAY has not been set, and writable permission is requested.
10268 	 *
10269 	 * Note: If NDELAY was set and this is write-protected media the WRITE
10270 	 * attempt will fail with EIO as part of the I/O processing. This is a
10271 	 * more permissive implementation that allows the open to succeed and
10272 	 * WRITE attempts to fail when appropriate.
10273 	 */
10274 	if (ISREMOVABLE(un)) {
10275 		if ((flag & FWRITE) && (!nodelay)) {
10276 			mutex_exit(SD_MUTEX(un));
10277 			/*
10278 			 * Defer the check for write permission on writable
10279 			 * DVD drive till sdstrategy and will not fail open even
10280 			 * if FWRITE is set as the device can be writable
10281 			 * depending upon the media and the media can change
10282 			 * after the call to open().
10283 			 */
10284 			if (un->un_f_dvdram_writable_device == FALSE) {
10285 				if (ISCD(un) || sr_check_wp(dev)) {
10286 				rval = EROFS;
10287 				mutex_enter(SD_MUTEX(un));
10288 				SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10289 				    "write to cd or write protected media\n");
10290 				goto open_fail;
10291 				}
10292 			}
10293 			mutex_enter(SD_MUTEX(un));
10294 		}
10295 	}
10296 
10297 	/*
10298 	 * If opening in NDELAY/NONBLOCK mode, just return.
10299 	 * Check if disk is ready and has a valid geometry later.
10300 	 */
10301 	if (!nodelay) {
10302 		mutex_exit(SD_MUTEX(un));
10303 		rval = sd_ready_and_valid(un);
10304 		mutex_enter(SD_MUTEX(un));
10305 		/*
10306 		 * Fail if device is not ready or if the number of disk
10307 		 * blocks is zero or negative for non CD devices.
10308 		 */
10309 		if ((rval != SD_READY_VALID) ||
10310 		    (!ISCD(un) && un->un_map[part].dkl_nblk <= 0)) {
10311 			if (ISREMOVABLE(un)) {
10312 				rval = ENXIO;
10313 			} else {
10314 				rval = EIO;
10315 			}
10316 			SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10317 			    "device not ready or invalid disk block value\n");
10318 			goto open_fail;
10319 		}
10320 #if defined(__i386) || defined(__amd64)
10321 	} else {
10322 		uchar_t *cp;
10323 		/*
10324 		 * x86 requires special nodelay handling, so that p0 is
10325 		 * always defined and accessible.
10326 		 * Invalidate geometry only if device is not already open.
10327 		 */
10328 		cp = &un->un_ocmap.chkd[0];
10329 		while (cp < &un->un_ocmap.chkd[OCSIZE]) {
10330 			if (*cp != (uchar_t)0) {
10331 			    break;
10332 			}
10333 			cp++;
10334 		}
10335 		if (cp == &un->un_ocmap.chkd[OCSIZE]) {
10336 			un->un_f_geometry_is_valid = FALSE;
10337 		}
10338 
10339 #endif
10340 	}
10341 
10342 	if (otyp == OTYP_LYR) {
10343 		un->un_ocmap.lyropen[part]++;
10344 	} else {
10345 		un->un_ocmap.regopen[otyp] |= partmask;
10346 	}
10347 
10348 	/* Set up open and exclusive open flags */
10349 	if (flag & FEXCL) {
10350 		un->un_exclopen |= (partmask);
10351 	}
10352 
10353 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10354 	    "open of part %d type %d\n", part, otyp);
10355 
10356 	mutex_exit(SD_MUTEX(un));
10357 	if (!nodelay) {
10358 		sd_pm_exit(un);
10359 	}
10360 
10361 	sema_v(&un->un_semoclose);
10362 
10363 	mutex_enter(&sd_detach_mutex);
10364 	un->un_opens_in_progress--;
10365 	mutex_exit(&sd_detach_mutex);
10366 
10367 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: exit success\n");
10368 	return (DDI_SUCCESS);
10369 
10370 excl_open_fail:
10371 	SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: fail exclusive open\n");
10372 	rval = EBUSY;
10373 
10374 open_fail:
10375 	mutex_exit(SD_MUTEX(un));
10376 
10377 	/*
10378 	 * On a failed open we must exit the pm management.
10379 	 */
10380 	if (!nodelay) {
10381 		sd_pm_exit(un);
10382 	}
10383 open_failed_with_pm:
10384 	sema_v(&un->un_semoclose);
10385 
10386 	mutex_enter(&sd_detach_mutex);
10387 	un->un_opens_in_progress--;
10388 	if (otyp == OTYP_LYR) {
10389 		un->un_layer_count--;
10390 	}
10391 	mutex_exit(&sd_detach_mutex);
10392 
10393 	return (rval);
10394 }
10395 
10396 
10397 /*
10398  *    Function: sdclose
10399  *
10400  * Description: Driver's close(9e) entry point function.
10401  *
10402  *   Arguments: dev    - device number
10403  *		flag   - file status flag, informational only
10404  *		otyp   - close type (OTYP_BLK, OTYP_CHR, OTYP_LYR)
10405  *		cred_p - user credential pointer
10406  *
10407  * Return Code: ENXIO
10408  *
10409  *     Context: Kernel thread context
10410  */
10411 /* ARGSUSED */
10412 static int
10413 sdclose(dev_t dev, int flag, int otyp, cred_t *cred_p)
10414 {
10415 	struct sd_lun	*un;
10416 	uchar_t		*cp;
10417 	int		part;
10418 	int		nodelay;
10419 	int		rval = 0;
10420 
10421 	/* Validate the open type */
10422 	if (otyp >= OTYPCNT) {
10423 		return (ENXIO);
10424 	}
10425 
10426 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10427 		return (ENXIO);
10428 	}
10429 
10430 	part = SDPART(dev);
10431 	nodelay = flag & (FNDELAY | FNONBLOCK);
10432 
10433 	SD_TRACE(SD_LOG_OPEN_CLOSE, un,
10434 	    "sdclose: close of part %d type %d\n", part, otyp);
10435 
10436 	/*
10437 	 * We use a semaphore here in order to serialize
10438 	 * open and close requests on the device.
10439 	 */
10440 	sema_p(&un->un_semoclose);
10441 
10442 	mutex_enter(SD_MUTEX(un));
10443 
10444 	/* Don't proceed if power is being changed. */
10445 	while (un->un_state == SD_STATE_PM_CHANGING) {
10446 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10447 	}
10448 
10449 	if (un->un_exclopen & (1 << part)) {
10450 		un->un_exclopen &= ~(1 << part);
10451 	}
10452 
10453 	/* Update the open partition map */
10454 	if (otyp == OTYP_LYR) {
10455 		un->un_ocmap.lyropen[part] -= 1;
10456 	} else {
10457 		un->un_ocmap.regopen[otyp] &= ~(1 << part);
10458 	}
10459 
10460 	cp = &un->un_ocmap.chkd[0];
10461 	while (cp < &un->un_ocmap.chkd[OCSIZE]) {
10462 		if (*cp != NULL) {
10463 			break;
10464 		}
10465 		cp++;
10466 	}
10467 
10468 	if (cp == &un->un_ocmap.chkd[OCSIZE]) {
10469 		SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdclose: last close\n");
10470 
10471 		/*
10472 		 * We avoid persistance upon the last close, and set
10473 		 * the throttle back to the maximum.
10474 		 */
10475 		un->un_throttle = un->un_saved_throttle;
10476 
10477 		if (un->un_state == SD_STATE_OFFLINE) {
10478 			if (un->un_f_is_fibre == FALSE) {
10479 				scsi_log(SD_DEVINFO(un), sd_label,
10480 					CE_WARN, "offline\n");
10481 			}
10482 			un->un_f_geometry_is_valid = FALSE;
10483 
10484 		} else {
10485 			/*
10486 			 * Flush any outstanding writes in NVRAM cache.
10487 			 * Note: SYNCHRONIZE CACHE is an optional SCSI-2
10488 			 * cmd, it may not work for non-Pluto devices.
10489 			 * SYNCHRONIZE CACHE is not required for removables,
10490 			 * except DVD-RAM drives.
10491 			 *
10492 			 * Also note: because SYNCHRONIZE CACHE is currently
10493 			 * the only command issued here that requires the
10494 			 * drive be powered up, only do the power up before
10495 			 * sending the Sync Cache command. If additional
10496 			 * commands are added which require a powered up
10497 			 * drive, the following sequence may have to change.
10498 			 *
10499 			 * And finally, note that parallel SCSI on SPARC
10500 			 * only issues a Sync Cache to DVD-RAM, a newly
10501 			 * supported device.
10502 			 */
10503 #if defined(__i386) || defined(__amd64)
10504 			if (!ISREMOVABLE(un) ||
10505 			    un->un_f_dvdram_writable_device == TRUE) {
10506 #else
10507 			if (un->un_f_dvdram_writable_device == TRUE) {
10508 #endif
10509 				mutex_exit(SD_MUTEX(un));
10510 				if (sd_pm_entry(un) == DDI_SUCCESS) {
10511 					rval =
10512 					    sd_send_scsi_SYNCHRONIZE_CACHE(un,
10513 					    NULL);
10514 					/* ignore error if not supported */
10515 					if (rval == ENOTSUP) {
10516 						rval = 0;
10517 					} else if (rval != 0) {
10518 						rval = EIO;
10519 					}
10520 					sd_pm_exit(un);
10521 				} else {
10522 					rval = EIO;
10523 				}
10524 				mutex_enter(SD_MUTEX(un));
10525 			}
10526 
10527 			/*
10528 			 * For removable media devices, send an ALLOW MEDIA
10529 			 * REMOVAL command, but don't get upset if it fails.
10530 			 * Also invalidate the geometry. We need to raise
10531 			 * the power of the drive before we can call
10532 			 * sd_send_scsi_DOORLOCK()
10533 			 */
10534 			if (ISREMOVABLE(un)) {
10535 				mutex_exit(SD_MUTEX(un));
10536 				if (sd_pm_entry(un) == DDI_SUCCESS) {
10537 					rval = sd_send_scsi_DOORLOCK(un,
10538 					    SD_REMOVAL_ALLOW, SD_PATH_DIRECT);
10539 
10540 					sd_pm_exit(un);
10541 					if (ISCD(un) && (rval != 0) &&
10542 					    (nodelay != 0)) {
10543 						rval = ENXIO;
10544 					}
10545 				} else {
10546 					rval = EIO;
10547 				}
10548 				mutex_enter(SD_MUTEX(un));
10549 
10550 				sr_ejected(un);
10551 				/*
10552 				 * Destroy the cache (if it exists) which was
10553 				 * allocated for the write maps since this is
10554 				 * the last close for this media.
10555 				 */
10556 				if (un->un_wm_cache) {
10557 					/*
10558 					 * Check if there are pending commands.
10559 					 * and if there are give a warning and
10560 					 * do not destroy the cache.
10561 					 */
10562 					if (un->un_ncmds_in_driver > 0) {
10563 						scsi_log(SD_DEVINFO(un),
10564 						    sd_label, CE_WARN,
10565 						    "Unable to clean up memory "
10566 						    "because of pending I/O\n");
10567 					} else {
10568 						kmem_cache_destroy(
10569 						    un->un_wm_cache);
10570 						un->un_wm_cache = NULL;
10571 					}
10572 				}
10573 			}
10574 		}
10575 	}
10576 
10577 	mutex_exit(SD_MUTEX(un));
10578 	sema_v(&un->un_semoclose);
10579 
10580 	if (otyp == OTYP_LYR) {
10581 		mutex_enter(&sd_detach_mutex);
10582 		/*
10583 		 * The detach routine may run when the layer count
10584 		 * drops to zero.
10585 		 */
10586 		un->un_layer_count--;
10587 		mutex_exit(&sd_detach_mutex);
10588 	}
10589 
10590 	return (rval);
10591 }
10592 
10593 
10594 /*
10595  *    Function: sd_ready_and_valid
10596  *
10597  * Description: Test if device is ready and has a valid geometry.
10598  *
10599  *   Arguments: dev - device number
10600  *		un  - driver soft state (unit) structure
10601  *
10602  * Return Code: SD_READY_VALID		ready and valid label
10603  *		SD_READY_NOT_VALID	ready, geom ops never applicable
10604  *		SD_NOT_READY_VALID	not ready, no label
10605  *
10606  *     Context: Never called at interrupt context.
10607  */
10608 
10609 static int
10610 sd_ready_and_valid(struct sd_lun *un)
10611 {
10612 	struct sd_errstats	*stp;
10613 	uint64_t		capacity;
10614 	uint_t			lbasize;
10615 	int			rval = SD_READY_VALID;
10616 	char			name_str[48];
10617 
10618 	ASSERT(un != NULL);
10619 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10620 
10621 	mutex_enter(SD_MUTEX(un));
10622 	if (ISREMOVABLE(un)) {
10623 		mutex_exit(SD_MUTEX(un));
10624 		if (sd_send_scsi_TEST_UNIT_READY(un, 0) != 0) {
10625 			rval = SD_NOT_READY_VALID;
10626 			mutex_enter(SD_MUTEX(un));
10627 			goto done;
10628 		}
10629 
10630 		mutex_enter(SD_MUTEX(un));
10631 		if ((un->un_f_geometry_is_valid == FALSE) ||
10632 		    (un->un_f_blockcount_is_valid == FALSE) ||
10633 		    (un->un_f_tgt_blocksize_is_valid == FALSE)) {
10634 
10635 			/* capacity has to be read every open. */
10636 			mutex_exit(SD_MUTEX(un));
10637 			if (sd_send_scsi_READ_CAPACITY(un, &capacity,
10638 			    &lbasize, SD_PATH_DIRECT) != 0) {
10639 				mutex_enter(SD_MUTEX(un));
10640 				un->un_f_geometry_is_valid = FALSE;
10641 				rval = SD_NOT_READY_VALID;
10642 				goto done;
10643 			} else {
10644 				mutex_enter(SD_MUTEX(un));
10645 				sd_update_block_info(un, lbasize, capacity);
10646 			}
10647 		}
10648 
10649 		/*
10650 		 * If this is a non 512 block device, allocate space for
10651 		 * the wmap cache. This is being done here since every time
10652 		 * a media is changed this routine will be called and the
10653 		 * block size is a function of media rather than device.
10654 		 */
10655 		if (NOT_DEVBSIZE(un)) {
10656 			if (!(un->un_wm_cache)) {
10657 				(void) snprintf(name_str, sizeof (name_str),
10658 				    "%s%d_cache",
10659 				    ddi_driver_name(SD_DEVINFO(un)),
10660 				    ddi_get_instance(SD_DEVINFO(un)));
10661 				un->un_wm_cache = kmem_cache_create(
10662 				    name_str, sizeof (struct sd_w_map),
10663 				    8, sd_wm_cache_constructor,
10664 				    sd_wm_cache_destructor, NULL,
10665 				    (void *)un, NULL, 0);
10666 				if (!(un->un_wm_cache)) {
10667 					rval = ENOMEM;
10668 					goto done;
10669 				}
10670 			}
10671 		}
10672 
10673 		/*
10674 		 * Check if the media in the device is writable or not.
10675 		 */
10676 		if ((un->un_f_geometry_is_valid == FALSE) && ISCD(un)) {
10677 			sd_check_for_writable_cd(un);
10678 		}
10679 
10680 	} else {
10681 		/*
10682 		 * Do a test unit ready to clear any unit attention from non-cd
10683 		 * devices.
10684 		 */
10685 		mutex_exit(SD_MUTEX(un));
10686 		(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
10687 		mutex_enter(SD_MUTEX(un));
10688 	}
10689 
10690 
10691 	if (un->un_state == SD_STATE_NORMAL) {
10692 		/*
10693 		 * If the target is not yet ready here (defined by a TUR
10694 		 * failure), invalidate the geometry and print an 'offline'
10695 		 * message. This is a legacy message, as the state of the
10696 		 * target is not actually changed to SD_STATE_OFFLINE.
10697 		 *
10698 		 * If the TUR fails for EACCES (Reservation Conflict), it
10699 		 * means there actually is nothing wrong with the target that
10700 		 * would require invalidating the geometry, so continue in
10701 		 * that case as if the TUR was successful.
10702 		 */
10703 		int err;
10704 
10705 		mutex_exit(SD_MUTEX(un));
10706 		err = sd_send_scsi_TEST_UNIT_READY(un, 0);
10707 		mutex_enter(SD_MUTEX(un));
10708 
10709 		if ((err != 0) && (err != EACCES)) {
10710 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
10711 			    "offline\n");
10712 			un->un_f_geometry_is_valid = FALSE;
10713 			rval = SD_NOT_READY_VALID;
10714 			goto done;
10715 		}
10716 	}
10717 
10718 	if (un->un_f_format_in_progress == FALSE) {
10719 		/*
10720 		 * Note: sd_validate_geometry may return TRUE, but that does
10721 		 * not necessarily mean un_f_geometry_is_valid == TRUE!
10722 		 */
10723 		rval = sd_validate_geometry(un, SD_PATH_DIRECT);
10724 		if (rval == ENOTSUP) {
10725 			if (un->un_f_geometry_is_valid == TRUE)
10726 				rval = 0;
10727 			else {
10728 				rval = SD_READY_NOT_VALID;
10729 				goto done;
10730 			}
10731 		}
10732 		if (rval != 0) {
10733 			/*
10734 			 * We don't check the validity of geometry for
10735 			 * CDROMs. Also we assume we have a good label
10736 			 * even if sd_validate_geometry returned ENOMEM.
10737 			 */
10738 			if (!ISCD(un) && rval != ENOMEM) {
10739 				rval = SD_NOT_READY_VALID;
10740 				goto done;
10741 			}
10742 		}
10743 	}
10744 
10745 #ifdef DOESNTWORK /* on eliteII, see 1118607 */
10746 	/*
10747 	 * check to see if this disk is write protected, if it is and we have
10748 	 * not set read-only, then fail
10749 	 */
10750 	if ((flag & FWRITE) && (sr_check_wp(dev))) {
10751 		New_state(un, SD_STATE_CLOSED);
10752 		goto done;
10753 	}
10754 #endif
10755 
10756 	/*
10757 	 * If this is a removable media device, try and send
10758 	 * a PREVENT MEDIA REMOVAL command, but don't get upset
10759 	 * if it fails. For a CD, however, it is an error
10760 	 */
10761 	if (ISREMOVABLE(un)) {
10762 		mutex_exit(SD_MUTEX(un));
10763 		if ((sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
10764 		    SD_PATH_DIRECT) != 0) && ISCD(un)) {
10765 			rval = SD_NOT_READY_VALID;
10766 			mutex_enter(SD_MUTEX(un));
10767 			goto done;
10768 		}
10769 		mutex_enter(SD_MUTEX(un));
10770 	}
10771 
10772 	/* The state has changed, inform the media watch routines */
10773 	un->un_mediastate = DKIO_INSERTED;
10774 	cv_broadcast(&un->un_state_cv);
10775 	rval = SD_READY_VALID;
10776 
10777 done:
10778 
10779 	/*
10780 	 * Initialize the capacity kstat value, if no media previously
10781 	 * (capacity kstat is 0) and a media has been inserted
10782 	 * (un_blockcount > 0).
10783 	 * This is a more generic way then checking for ISREMOVABLE.
10784 	 */
10785 	if (un->un_errstats != NULL) {
10786 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
10787 		if ((stp->sd_capacity.value.ui64 == 0) &&
10788 		    (un->un_f_blockcount_is_valid == TRUE)) {
10789 			stp->sd_capacity.value.ui64 =
10790 			    (uint64_t)((uint64_t)un->un_blockcount *
10791 			    un->un_sys_blocksize);
10792 		}
10793 	}
10794 
10795 	mutex_exit(SD_MUTEX(un));
10796 	return (rval);
10797 }
10798 
10799 
10800 /*
10801  *    Function: sdmin
10802  *
10803  * Description: Routine to limit the size of a data transfer. Used in
10804  *		conjunction with physio(9F).
10805  *
10806  *   Arguments: bp - pointer to the indicated buf(9S) struct.
10807  *
10808  *     Context: Kernel thread context.
10809  */
10810 
10811 static void
10812 sdmin(struct buf *bp)
10813 {
10814 	struct sd_lun	*un;
10815 	int		instance;
10816 
10817 	instance = SDUNIT(bp->b_edev);
10818 
10819 	un = ddi_get_soft_state(sd_state, instance);
10820 	ASSERT(un != NULL);
10821 
10822 	if (bp->b_bcount > un->un_max_xfer_size) {
10823 		bp->b_bcount = un->un_max_xfer_size;
10824 	}
10825 }
10826 
10827 
10828 /*
10829  *    Function: sdread
10830  *
10831  * Description: Driver's read(9e) entry point function.
10832  *
10833  *   Arguments: dev   - device number
10834  *		uio   - structure pointer describing where data is to be stored
10835  *			in user's space
10836  *		cred_p  - user credential pointer
10837  *
10838  * Return Code: ENXIO
10839  *		EIO
10840  *		EINVAL
10841  *		value returned by physio
10842  *
10843  *     Context: Kernel thread context.
10844  */
10845 /* ARGSUSED */
10846 static int
10847 sdread(dev_t dev, struct uio *uio, cred_t *cred_p)
10848 {
10849 	struct sd_lun	*un = NULL;
10850 	int		secmask;
10851 	int		err;
10852 
10853 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10854 		return (ENXIO);
10855 	}
10856 
10857 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10858 
10859 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
10860 		mutex_enter(SD_MUTEX(un));
10861 		/*
10862 		 * Because the call to sd_ready_and_valid will issue I/O we
10863 		 * must wait here if either the device is suspended or
10864 		 * if it's power level is changing.
10865 		 */
10866 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10867 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10868 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10869 		}
10870 		un->un_ncmds_in_driver++;
10871 		mutex_exit(SD_MUTEX(un));
10872 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
10873 			mutex_enter(SD_MUTEX(un));
10874 			un->un_ncmds_in_driver--;
10875 			ASSERT(un->un_ncmds_in_driver >= 0);
10876 			mutex_exit(SD_MUTEX(un));
10877 			return (EIO);
10878 		}
10879 		mutex_enter(SD_MUTEX(un));
10880 		un->un_ncmds_in_driver--;
10881 		ASSERT(un->un_ncmds_in_driver >= 0);
10882 		mutex_exit(SD_MUTEX(un));
10883 	}
10884 
10885 	/*
10886 	 * Read requests are restricted to multiples of the system block size.
10887 	 */
10888 	secmask = un->un_sys_blocksize - 1;
10889 
10890 	if (uio->uio_loffset & ((offset_t)(secmask))) {
10891 		SD_ERROR(SD_LOG_READ_WRITE, un,
10892 		    "sdread: file offset not modulo %d\n",
10893 		    un->un_sys_blocksize);
10894 		err = EINVAL;
10895 	} else if (uio->uio_iov->iov_len & (secmask)) {
10896 		SD_ERROR(SD_LOG_READ_WRITE, un,
10897 		    "sdread: transfer length not modulo %d\n",
10898 		    un->un_sys_blocksize);
10899 		err = EINVAL;
10900 	} else {
10901 		err = physio(sdstrategy, NULL, dev, B_READ, sdmin, uio);
10902 	}
10903 	return (err);
10904 }
10905 
10906 
10907 /*
10908  *    Function: sdwrite
10909  *
10910  * Description: Driver's write(9e) entry point function.
10911  *
10912  *   Arguments: dev   - device number
10913  *		uio   - structure pointer describing where data is stored in
10914  *			user's space
10915  *		cred_p  - user credential pointer
10916  *
10917  * Return Code: ENXIO
10918  *		EIO
10919  *		EINVAL
10920  *		value returned by physio
10921  *
10922  *     Context: Kernel thread context.
10923  */
10924 /* ARGSUSED */
10925 static int
10926 sdwrite(dev_t dev, struct uio *uio, cred_t *cred_p)
10927 {
10928 	struct sd_lun	*un = NULL;
10929 	int		secmask;
10930 	int		err;
10931 
10932 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10933 		return (ENXIO);
10934 	}
10935 
10936 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10937 
10938 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
10939 		mutex_enter(SD_MUTEX(un));
10940 		/*
10941 		 * Because the call to sd_ready_and_valid will issue I/O we
10942 		 * must wait here if either the device is suspended or
10943 		 * if it's power level is changing.
10944 		 */
10945 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10946 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10947 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10948 		}
10949 		un->un_ncmds_in_driver++;
10950 		mutex_exit(SD_MUTEX(un));
10951 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
10952 			mutex_enter(SD_MUTEX(un));
10953 			un->un_ncmds_in_driver--;
10954 			ASSERT(un->un_ncmds_in_driver >= 0);
10955 			mutex_exit(SD_MUTEX(un));
10956 			return (EIO);
10957 		}
10958 		mutex_enter(SD_MUTEX(un));
10959 		un->un_ncmds_in_driver--;
10960 		ASSERT(un->un_ncmds_in_driver >= 0);
10961 		mutex_exit(SD_MUTEX(un));
10962 	}
10963 
10964 	/*
10965 	 * Write requests are restricted to multiples of the system block size.
10966 	 */
10967 	secmask = un->un_sys_blocksize - 1;
10968 
10969 	if (uio->uio_loffset & ((offset_t)(secmask))) {
10970 		SD_ERROR(SD_LOG_READ_WRITE, un,
10971 		    "sdwrite: file offset not modulo %d\n",
10972 		    un->un_sys_blocksize);
10973 		err = EINVAL;
10974 	} else if (uio->uio_iov->iov_len & (secmask)) {
10975 		SD_ERROR(SD_LOG_READ_WRITE, un,
10976 		    "sdwrite: transfer length not modulo %d\n",
10977 		    un->un_sys_blocksize);
10978 		err = EINVAL;
10979 	} else {
10980 		err = physio(sdstrategy, NULL, dev, B_WRITE, sdmin, uio);
10981 	}
10982 	return (err);
10983 }
10984 
10985 
10986 /*
10987  *    Function: sdaread
10988  *
10989  * Description: Driver's aread(9e) entry point function.
10990  *
10991  *   Arguments: dev   - device number
10992  *		aio   - structure pointer describing where data is to be stored
10993  *		cred_p  - user credential pointer
10994  *
10995  * Return Code: ENXIO
10996  *		EIO
10997  *		EINVAL
10998  *		value returned by aphysio
10999  *
11000  *     Context: Kernel thread context.
11001  */
11002 /* ARGSUSED */
11003 static int
11004 sdaread(dev_t dev, struct aio_req *aio, cred_t *cred_p)
11005 {
11006 	struct sd_lun	*un = NULL;
11007 	struct uio	*uio = aio->aio_uio;
11008 	int		secmask;
11009 	int		err;
11010 
11011 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
11012 		return (ENXIO);
11013 	}
11014 
11015 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11016 
11017 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
11018 		mutex_enter(SD_MUTEX(un));
11019 		/*
11020 		 * Because the call to sd_ready_and_valid will issue I/O we
11021 		 * must wait here if either the device is suspended or
11022 		 * if it's power level is changing.
11023 		 */
11024 		while ((un->un_state == SD_STATE_SUSPENDED) ||
11025 		    (un->un_state == SD_STATE_PM_CHANGING)) {
11026 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
11027 		}
11028 		un->un_ncmds_in_driver++;
11029 		mutex_exit(SD_MUTEX(un));
11030 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
11031 			mutex_enter(SD_MUTEX(un));
11032 			un->un_ncmds_in_driver--;
11033 			ASSERT(un->un_ncmds_in_driver >= 0);
11034 			mutex_exit(SD_MUTEX(un));
11035 			return (EIO);
11036 		}
11037 		mutex_enter(SD_MUTEX(un));
11038 		un->un_ncmds_in_driver--;
11039 		ASSERT(un->un_ncmds_in_driver >= 0);
11040 		mutex_exit(SD_MUTEX(un));
11041 	}
11042 
11043 	/*
11044 	 * Read requests are restricted to multiples of the system block size.
11045 	 */
11046 	secmask = un->un_sys_blocksize - 1;
11047 
11048 	if (uio->uio_loffset & ((offset_t)(secmask))) {
11049 		SD_ERROR(SD_LOG_READ_WRITE, un,
11050 		    "sdaread: file offset not modulo %d\n",
11051 		    un->un_sys_blocksize);
11052 		err = EINVAL;
11053 	} else if (uio->uio_iov->iov_len & (secmask)) {
11054 		SD_ERROR(SD_LOG_READ_WRITE, un,
11055 		    "sdaread: transfer length not modulo %d\n",
11056 		    un->un_sys_blocksize);
11057 		err = EINVAL;
11058 	} else {
11059 		err = aphysio(sdstrategy, anocancel, dev, B_READ, sdmin, aio);
11060 	}
11061 	return (err);
11062 }
11063 
11064 
11065 /*
11066  *    Function: sdawrite
11067  *
11068  * Description: Driver's awrite(9e) entry point function.
11069  *
11070  *   Arguments: dev   - device number
11071  *		aio   - structure pointer describing where data is stored
11072  *		cred_p  - user credential pointer
11073  *
11074  * Return Code: ENXIO
11075  *		EIO
11076  *		EINVAL
11077  *		value returned by aphysio
11078  *
11079  *     Context: Kernel thread context.
11080  */
11081 /* ARGSUSED */
11082 static int
11083 sdawrite(dev_t dev, struct aio_req *aio, cred_t *cred_p)
11084 {
11085 	struct sd_lun	*un = NULL;
11086 	struct uio	*uio = aio->aio_uio;
11087 	int		secmask;
11088 	int		err;
11089 
11090 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
11091 		return (ENXIO);
11092 	}
11093 
11094 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11095 
11096 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
11097 		mutex_enter(SD_MUTEX(un));
11098 		/*
11099 		 * Because the call to sd_ready_and_valid will issue I/O we
11100 		 * must wait here if either the device is suspended or
11101 		 * if it's power level is changing.
11102 		 */
11103 		while ((un->un_state == SD_STATE_SUSPENDED) ||
11104 		    (un->un_state == SD_STATE_PM_CHANGING)) {
11105 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
11106 		}
11107 		un->un_ncmds_in_driver++;
11108 		mutex_exit(SD_MUTEX(un));
11109 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
11110 			mutex_enter(SD_MUTEX(un));
11111 			un->un_ncmds_in_driver--;
11112 			ASSERT(un->un_ncmds_in_driver >= 0);
11113 			mutex_exit(SD_MUTEX(un));
11114 			return (EIO);
11115 		}
11116 		mutex_enter(SD_MUTEX(un));
11117 		un->un_ncmds_in_driver--;
11118 		ASSERT(un->un_ncmds_in_driver >= 0);
11119 		mutex_exit(SD_MUTEX(un));
11120 	}
11121 
11122 	/*
11123 	 * Write requests are restricted to multiples of the system block size.
11124 	 */
11125 	secmask = un->un_sys_blocksize - 1;
11126 
11127 	if (uio->uio_loffset & ((offset_t)(secmask))) {
11128 		SD_ERROR(SD_LOG_READ_WRITE, un,
11129 		    "sdawrite: file offset not modulo %d\n",
11130 		    un->un_sys_blocksize);
11131 		err = EINVAL;
11132 	} else if (uio->uio_iov->iov_len & (secmask)) {
11133 		SD_ERROR(SD_LOG_READ_WRITE, un,
11134 		    "sdawrite: transfer length not modulo %d\n",
11135 		    un->un_sys_blocksize);
11136 		err = EINVAL;
11137 	} else {
11138 		err = aphysio(sdstrategy, anocancel, dev, B_WRITE, sdmin, aio);
11139 	}
11140 	return (err);
11141 }
11142 
11143 
11144 
11145 
11146 
11147 /*
11148  * Driver IO processing follows the following sequence:
11149  *
11150  *     sdioctl(9E)     sdstrategy(9E)         biodone(9F)
11151  *         |                |                     ^
11152  *         v                v                     |
11153  * sd_send_scsi_cmd()  ddi_xbuf_qstrategy()       +-------------------+
11154  *         |                |                     |                   |
11155  *         v                |                     |                   |
11156  * sd_uscsi_strategy() sd_xbuf_strategy()   sd_buf_iodone()   sd_uscsi_iodone()
11157  *         |                |                     ^                   ^
11158  *         v                v                     |                   |
11159  * SD_BEGIN_IOSTART()  SD_BEGIN_IOSTART()         |                   |
11160  *         |                |                     |                   |
11161  *     +---+                |                     +------------+      +-------+
11162  *     |                    |                                  |              |
11163  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11164  *     |                    v                                  |              |
11165  *     |         sd_mapblockaddr_iostart()           sd_mapblockaddr_iodone() |
11166  *     |                    |                                  ^              |
11167  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11168  *     |                    v                                  |              |
11169  *     |         sd_mapblocksize_iostart()           sd_mapblocksize_iodone() |
11170  *     |                    |                                  ^              |
11171  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11172  *     |                    v                                  |              |
11173  *     |           sd_checksum_iostart()               sd_checksum_iodone()   |
11174  *     |                    |                                  ^              |
11175  *     +-> SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()+------------->+
11176  *     |                    v                                  |              |
11177  *     |              sd_pm_iostart()                     sd_pm_iodone()      |
11178  *     |                    |                                  ^              |
11179  *     |                    |                                  |              |
11180  *     +-> SD_NEXT_IOSTART()|               SD_BEGIN_IODONE()--+--------------+
11181  *                          |                           ^
11182  *                          v                           |
11183  *                   sd_core_iostart()                  |
11184  *                          |                           |
11185  *                          |                           +------>(*destroypkt)()
11186  *                          +-> sd_start_cmds() <-+     |           |
11187  *                          |                     |     |           v
11188  *                          |                     |     |  scsi_destroy_pkt(9F)
11189  *                          |                     |     |
11190  *                          +->(*initpkt)()       +- sdintr()
11191  *                          |  |                        |  |
11192  *                          |  +-> scsi_init_pkt(9F)    |  +-> sd_handle_xxx()
11193  *                          |  +-> scsi_setup_cdb(9F)   |
11194  *                          |                           |
11195  *                          +--> scsi_transport(9F)     |
11196  *                                     |                |
11197  *                                     +----> SCSA ---->+
11198  *
11199  *
11200  * This code is based upon the following presumtions:
11201  *
11202  *   - iostart and iodone functions operate on buf(9S) structures. These
11203  *     functions perform the necessary operations on the buf(9S) and pass
11204  *     them along to the next function in the chain by using the macros
11205  *     SD_NEXT_IOSTART() (for iostart side functions) and SD_NEXT_IODONE()
11206  *     (for iodone side functions).
11207  *
11208  *   - The iostart side functions may sleep. The iodone side functions
11209  *     are called under interrupt context and may NOT sleep. Therefore
11210  *     iodone side functions also may not call iostart side functions.
11211  *     (NOTE: iostart side functions should NOT sleep for memory, as
11212  *     this could result in deadlock.)
11213  *
11214  *   - An iostart side function may call its corresponding iodone side
11215  *     function directly (if necessary).
11216  *
11217  *   - In the event of an error, an iostart side function can return a buf(9S)
11218  *     to its caller by calling SD_BEGIN_IODONE() (after setting B_ERROR and
11219  *     b_error in the usual way of course).
11220  *
11221  *   - The taskq mechanism may be used by the iodone side functions to dispatch
11222  *     requests to the iostart side functions.  The iostart side functions in
11223  *     this case would be called under the context of a taskq thread, so it's
11224  *     OK for them to block/sleep/spin in this case.
11225  *
11226  *   - iostart side functions may allocate "shadow" buf(9S) structs and
11227  *     pass them along to the next function in the chain.  The corresponding
11228  *     iodone side functions must coalesce the "shadow" bufs and return
11229  *     the "original" buf to the next higher layer.
11230  *
11231  *   - The b_private field of the buf(9S) struct holds a pointer to
11232  *     an sd_xbuf struct, which contains information needed to
11233  *     construct the scsi_pkt for the command.
11234  *
11235  *   - The SD_MUTEX(un) is NOT held across calls to the next layer. Each
11236  *     layer must acquire & release the SD_MUTEX(un) as needed.
11237  */
11238 
11239 
11240 /*
11241  * Create taskq for all targets in the system. This is created at
11242  * _init(9E) and destroyed at _fini(9E).
11243  *
11244  * Note: here we set the minalloc to a reasonably high number to ensure that
11245  * we will have an adequate supply of task entries available at interrupt time.
11246  * This is used in conjunction with the TASKQ_PREPOPULATE flag in
11247  * sd_create_taskq().  Since we do not want to sleep for allocations at
11248  * interrupt time, set maxalloc equal to minalloc. That way we will just fail
11249  * the command if we ever try to dispatch more than SD_TASKQ_MAXALLOC taskq
11250  * requests any one instant in time.
11251  */
11252 #define	SD_TASKQ_NUMTHREADS	8
11253 #define	SD_TASKQ_MINALLOC	256
11254 #define	SD_TASKQ_MAXALLOC	256
11255 
11256 static taskq_t	*sd_tq = NULL;
11257 _NOTE(SCHEME_PROTECTS_DATA("stable data", sd_tq))
11258 
11259 static int	sd_taskq_minalloc = SD_TASKQ_MINALLOC;
11260 static int	sd_taskq_maxalloc = SD_TASKQ_MAXALLOC;
11261 
11262 /*
11263  * The following task queue is being created for the write part of
11264  * read-modify-write of non-512 block size devices.
11265  * Limit the number of threads to 1 for now. This number has been choosen
11266  * considering the fact that it applies only to dvd ram drives/MO drives
11267  * currently. Performance for which is not main criteria at this stage.
11268  * Note: It needs to be explored if we can use a single taskq in future
11269  */
11270 #define	SD_WMR_TASKQ_NUMTHREADS	1
11271 static taskq_t	*sd_wmr_tq = NULL;
11272 _NOTE(SCHEME_PROTECTS_DATA("stable data", sd_wmr_tq))
11273 
11274 /*
11275  *    Function: sd_taskq_create
11276  *
11277  * Description: Create taskq thread(s) and preallocate task entries
11278  *
11279  * Return Code: Returns a pointer to the allocated taskq_t.
11280  *
11281  *     Context: Can sleep. Requires blockable context.
11282  *
11283  *       Notes: - The taskq() facility currently is NOT part of the DDI.
11284  *		  (definitely NOT recommeded for 3rd-party drivers!) :-)
11285  *		- taskq_create() will block for memory, also it will panic
11286  *		  if it cannot create the requested number of threads.
11287  *		- Currently taskq_create() creates threads that cannot be
11288  *		  swapped.
11289  *		- We use TASKQ_PREPOPULATE to ensure we have an adequate
11290  *		  supply of taskq entries at interrupt time (ie, so that we
11291  *		  do not have to sleep for memory)
11292  */
11293 
11294 static void
11295 sd_taskq_create(void)
11296 {
11297 	char	taskq_name[TASKQ_NAMELEN];
11298 
11299 	ASSERT(sd_tq == NULL);
11300 	ASSERT(sd_wmr_tq == NULL);
11301 
11302 	(void) snprintf(taskq_name, sizeof (taskq_name),
11303 	    "%s_drv_taskq", sd_label);
11304 	sd_tq = (taskq_create(taskq_name, SD_TASKQ_NUMTHREADS,
11305 	    (v.v_maxsyspri - 2), sd_taskq_minalloc, sd_taskq_maxalloc,
11306 	    TASKQ_PREPOPULATE));
11307 
11308 	(void) snprintf(taskq_name, sizeof (taskq_name),
11309 	    "%s_rmw_taskq", sd_label);
11310 	sd_wmr_tq = (taskq_create(taskq_name, SD_WMR_TASKQ_NUMTHREADS,
11311 	    (v.v_maxsyspri - 2), sd_taskq_minalloc, sd_taskq_maxalloc,
11312 	    TASKQ_PREPOPULATE));
11313 }
11314 
11315 
11316 /*
11317  *    Function: sd_taskq_delete
11318  *
11319  * Description: Complementary cleanup routine for sd_taskq_create().
11320  *
11321  *     Context: Kernel thread context.
11322  */
11323 
11324 static void
11325 sd_taskq_delete(void)
11326 {
11327 	ASSERT(sd_tq != NULL);
11328 	ASSERT(sd_wmr_tq != NULL);
11329 	taskq_destroy(sd_tq);
11330 	taskq_destroy(sd_wmr_tq);
11331 	sd_tq = NULL;
11332 	sd_wmr_tq = NULL;
11333 }
11334 
11335 
11336 /*
11337  *    Function: sdstrategy
11338  *
11339  * Description: Driver's strategy (9E) entry point function.
11340  *
11341  *   Arguments: bp - pointer to buf(9S)
11342  *
11343  * Return Code: Always returns zero
11344  *
11345  *     Context: Kernel thread context.
11346  */
11347 
11348 static int
11349 sdstrategy(struct buf *bp)
11350 {
11351 	struct sd_lun *un;
11352 
11353 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
11354 	if (un == NULL) {
11355 		bioerror(bp, EIO);
11356 		bp->b_resid = bp->b_bcount;
11357 		biodone(bp);
11358 		return (0);
11359 	}
11360 	/* As was done in the past, fail new cmds. if state is dumping. */
11361 	if (un->un_state == SD_STATE_DUMPING) {
11362 		bioerror(bp, ENXIO);
11363 		bp->b_resid = bp->b_bcount;
11364 		biodone(bp);
11365 		return (0);
11366 	}
11367 
11368 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11369 
11370 	/*
11371 	 * Commands may sneak in while we released the mutex in
11372 	 * DDI_SUSPEND, we should block new commands. However, old
11373 	 * commands that are still in the driver at this point should
11374 	 * still be allowed to drain.
11375 	 */
11376 	mutex_enter(SD_MUTEX(un));
11377 	/*
11378 	 * Must wait here if either the device is suspended or
11379 	 * if it's power level is changing.
11380 	 */
11381 	while ((un->un_state == SD_STATE_SUSPENDED) ||
11382 	    (un->un_state == SD_STATE_PM_CHANGING)) {
11383 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
11384 	}
11385 
11386 	un->un_ncmds_in_driver++;
11387 
11388 	/*
11389 	 * atapi: Since we are running the CD for now in PIO mode we need to
11390 	 * call bp_mapin here to avoid bp_mapin called interrupt context under
11391 	 * the HBA's init_pkt routine.
11392 	 */
11393 	if (un->un_f_cfg_is_atapi == TRUE) {
11394 		mutex_exit(SD_MUTEX(un));
11395 		bp_mapin(bp);
11396 		mutex_enter(SD_MUTEX(un));
11397 	}
11398 	SD_INFO(SD_LOG_IO, un, "sdstrategy: un_ncmds_in_driver = %ld\n",
11399 	    un->un_ncmds_in_driver);
11400 
11401 	mutex_exit(SD_MUTEX(un));
11402 
11403 	/*
11404 	 * This will (eventually) allocate the sd_xbuf area and
11405 	 * call sd_xbuf_strategy().  We just want to return the
11406 	 * result of ddi_xbuf_qstrategy so that we have an opt-
11407 	 * imized tail call which saves us a stack frame.
11408 	 */
11409 	return (ddi_xbuf_qstrategy(bp, un->un_xbuf_attr));
11410 }
11411 
11412 
11413 /*
11414  *    Function: sd_xbuf_strategy
11415  *
11416  * Description: Function for initiating IO operations via the
11417  *		ddi_xbuf_qstrategy() mechanism.
11418  *
11419  *     Context: Kernel thread context.
11420  */
11421 
11422 static void
11423 sd_xbuf_strategy(struct buf *bp, ddi_xbuf_t xp, void *arg)
11424 {
11425 	struct sd_lun *un = arg;
11426 
11427 	ASSERT(bp != NULL);
11428 	ASSERT(xp != NULL);
11429 	ASSERT(un != NULL);
11430 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11431 
11432 	/*
11433 	 * Initialize the fields in the xbuf and save a pointer to the
11434 	 * xbuf in bp->b_private.
11435 	 */
11436 	sd_xbuf_init(un, bp, xp, SD_CHAIN_BUFIO, NULL);
11437 
11438 	/* Send the buf down the iostart chain */
11439 	SD_BEGIN_IOSTART(((struct sd_xbuf *)xp)->xb_chain_iostart, un, bp);
11440 }
11441 
11442 
11443 /*
11444  *    Function: sd_xbuf_init
11445  *
11446  * Description: Prepare the given sd_xbuf struct for use.
11447  *
11448  *   Arguments: un - ptr to softstate
11449  *		bp - ptr to associated buf(9S)
11450  *		xp - ptr to associated sd_xbuf
11451  *		chain_type - IO chain type to use:
11452  *			SD_CHAIN_NULL
11453  *			SD_CHAIN_BUFIO
11454  *			SD_CHAIN_USCSI
11455  *			SD_CHAIN_DIRECT
11456  *			SD_CHAIN_DIRECT_PRIORITY
11457  *		pktinfop - ptr to private data struct for scsi_pkt(9S)
11458  *			initialization; may be NULL if none.
11459  *
11460  *     Context: Kernel thread context
11461  */
11462 
11463 static void
11464 sd_xbuf_init(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
11465 	uchar_t chain_type, void *pktinfop)
11466 {
11467 	int index;
11468 
11469 	ASSERT(un != NULL);
11470 	ASSERT(bp != NULL);
11471 	ASSERT(xp != NULL);
11472 
11473 	SD_INFO(SD_LOG_IO, un, "sd_xbuf_init: buf:0x%p chain type:0x%x\n",
11474 	    bp, chain_type);
11475 
11476 	xp->xb_un	= un;
11477 	xp->xb_pktp	= NULL;
11478 	xp->xb_pktinfo	= pktinfop;
11479 	xp->xb_private	= bp->b_private;
11480 	xp->xb_blkno	= (daddr_t)bp->b_blkno;
11481 
11482 	/*
11483 	 * Set up the iostart and iodone chain indexes in the xbuf, based
11484 	 * upon the specified chain type to use.
11485 	 */
11486 	switch (chain_type) {
11487 	case SD_CHAIN_NULL:
11488 		/*
11489 		 * Fall thru to just use the values for the buf type, even
11490 		 * tho for the NULL chain these values will never be used.
11491 		 */
11492 		/* FALLTHRU */
11493 	case SD_CHAIN_BUFIO:
11494 		index = un->un_buf_chain_type;
11495 		break;
11496 	case SD_CHAIN_USCSI:
11497 		index = un->un_uscsi_chain_type;
11498 		break;
11499 	case SD_CHAIN_DIRECT:
11500 		index = un->un_direct_chain_type;
11501 		break;
11502 	case SD_CHAIN_DIRECT_PRIORITY:
11503 		index = un->un_priority_chain_type;
11504 		break;
11505 	default:
11506 		/* We're really broken if we ever get here... */
11507 		panic("sd_xbuf_init: illegal chain type!");
11508 		/*NOTREACHED*/
11509 	}
11510 
11511 	xp->xb_chain_iostart = sd_chain_index_map[index].sci_iostart_index;
11512 	xp->xb_chain_iodone = sd_chain_index_map[index].sci_iodone_index;
11513 
11514 	/*
11515 	 * It might be a bit easier to simply bzero the entire xbuf above,
11516 	 * but it turns out that since we init a fair number of members anyway,
11517 	 * we save a fair number cycles by doing explicit assignment of zero.
11518 	 */
11519 	xp->xb_pkt_flags	= 0;
11520 	xp->xb_dma_resid	= 0;
11521 	xp->xb_retry_count	= 0;
11522 	xp->xb_victim_retry_count = 0;
11523 	xp->xb_ua_retry_count	= 0;
11524 	xp->xb_sense_bp		= NULL;
11525 	xp->xb_sense_status	= 0;
11526 	xp->xb_sense_state	= 0;
11527 	xp->xb_sense_resid	= 0;
11528 
11529 	bp->b_private	= xp;
11530 	bp->b_flags	&= ~(B_DONE | B_ERROR);
11531 	bp->b_resid	= 0;
11532 	bp->av_forw	= NULL;
11533 	bp->av_back	= NULL;
11534 	bioerror(bp, 0);
11535 
11536 	SD_INFO(SD_LOG_IO, un, "sd_xbuf_init: done.\n");
11537 }
11538 
11539 
11540 /*
11541  *    Function: sd_uscsi_strategy
11542  *
11543  * Description: Wrapper for calling into the USCSI chain via physio(9F)
11544  *
11545  *   Arguments: bp - buf struct ptr
11546  *
11547  * Return Code: Always returns 0
11548  *
11549  *     Context: Kernel thread context
11550  */
11551 
11552 static int
11553 sd_uscsi_strategy(struct buf *bp)
11554 {
11555 	struct sd_lun		*un;
11556 	struct sd_uscsi_info	*uip;
11557 	struct sd_xbuf		*xp;
11558 	uchar_t			chain_type;
11559 
11560 	ASSERT(bp != NULL);
11561 
11562 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
11563 	if (un == NULL) {
11564 		bioerror(bp, EIO);
11565 		bp->b_resid = bp->b_bcount;
11566 		biodone(bp);
11567 		return (0);
11568 	}
11569 
11570 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11571 
11572 	SD_TRACE(SD_LOG_IO, un, "sd_uscsi_strategy: entry: buf:0x%p\n", bp);
11573 
11574 	mutex_enter(SD_MUTEX(un));
11575 	/*
11576 	 * atapi: Since we are running the CD for now in PIO mode we need to
11577 	 * call bp_mapin here to avoid bp_mapin called interrupt context under
11578 	 * the HBA's init_pkt routine.
11579 	 */
11580 	if (un->un_f_cfg_is_atapi == TRUE) {
11581 		mutex_exit(SD_MUTEX(un));
11582 		bp_mapin(bp);
11583 		mutex_enter(SD_MUTEX(un));
11584 	}
11585 	un->un_ncmds_in_driver++;
11586 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_strategy: un_ncmds_in_driver = %ld\n",
11587 	    un->un_ncmds_in_driver);
11588 	mutex_exit(SD_MUTEX(un));
11589 
11590 	/*
11591 	 * A pointer to a struct sd_uscsi_info is expected in bp->b_private
11592 	 */
11593 	ASSERT(bp->b_private != NULL);
11594 	uip = (struct sd_uscsi_info *)bp->b_private;
11595 
11596 	switch (uip->ui_flags) {
11597 	case SD_PATH_DIRECT:
11598 		chain_type = SD_CHAIN_DIRECT;
11599 		break;
11600 	case SD_PATH_DIRECT_PRIORITY:
11601 		chain_type = SD_CHAIN_DIRECT_PRIORITY;
11602 		break;
11603 	default:
11604 		chain_type = SD_CHAIN_USCSI;
11605 		break;
11606 	}
11607 
11608 	xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
11609 	sd_xbuf_init(un, bp, xp, chain_type, uip->ui_cmdp);
11610 
11611 	/* Use the index obtained within xbuf_init */
11612 	SD_BEGIN_IOSTART(xp->xb_chain_iostart, un, bp);
11613 
11614 	SD_TRACE(SD_LOG_IO, un, "sd_uscsi_strategy: exit: buf:0x%p\n", bp);
11615 
11616 	return (0);
11617 }
11618 
11619 
11620 /*
11621  * These routines perform raw i/o operations.
11622  */
11623 /*ARGSUSED*/
11624 static void
11625 sduscsimin(struct buf *bp)
11626 {
11627 	/*
11628 	 * do not break up because the CDB count would then
11629 	 * be incorrect and data underruns would result (incomplete
11630 	 * read/writes which would be retried and then failed, see
11631 	 * sdintr().
11632 	 */
11633 }
11634 
11635 
11636 
11637 /*
11638  *    Function: sd_send_scsi_cmd
11639  *
11640  * Description: Runs a USCSI command for user (when called thru sdioctl),
11641  *		or for the driver
11642  *
11643  *   Arguments: dev - the dev_t for the device
11644  *		incmd - ptr to a valid uscsi_cmd struct
11645  *		cdbspace - UIO_USERSPACE or UIO_SYSSPACE
11646  *		dataspace - UIO_USERSPACE or UIO_SYSSPACE
11647  *		rqbufspace - UIO_USERSPACE or UIO_SYSSPACE
11648  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
11649  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
11650  *			to use the USCSI "direct" chain and bypass the normal
11651  *			command waitq.
11652  *
11653  * Return Code: 0 -  successful completion of the given command
11654  *		EIO - scsi_reset() failed, or see biowait()/physio() codes.
11655  *		ENXIO  - soft state not found for specified dev
11656  *		EINVAL
11657  *		EFAULT - copyin/copyout error
11658  *		return code of biowait(9F) or physio(9F):
11659  *			EIO - IO error, caller may check incmd->uscsi_status
11660  *			ENXIO
11661  *			EACCES - reservation conflict
11662  *
11663  *     Context: Waits for command to complete. Can sleep.
11664  */
11665 
11666 static int
11667 sd_send_scsi_cmd(dev_t dev, struct uscsi_cmd *incmd,
11668 	enum uio_seg cdbspace, enum uio_seg dataspace, enum uio_seg rqbufspace,
11669 	int path_flag)
11670 {
11671 	struct sd_uscsi_info	*uip;
11672 	struct uscsi_cmd	*uscmd;
11673 	struct sd_lun	*un;
11674 	struct buf	*bp;
11675 	int	rval;
11676 	int	flags;
11677 
11678 	un = ddi_get_soft_state(sd_state, SDUNIT(dev));
11679 	if (un == NULL) {
11680 		return (ENXIO);
11681 	}
11682 
11683 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11684 
11685 #ifdef SDDEBUG
11686 	switch (dataspace) {
11687 	case UIO_USERSPACE:
11688 		SD_TRACE(SD_LOG_IO, un,
11689 		    "sd_send_scsi_cmd: entry: un:0x%p UIO_USERSPACE\n", un);
11690 		break;
11691 	case UIO_SYSSPACE:
11692 		SD_TRACE(SD_LOG_IO, un,
11693 		    "sd_send_scsi_cmd: entry: un:0x%p UIO_SYSSPACE\n", un);
11694 		break;
11695 	default:
11696 		SD_TRACE(SD_LOG_IO, un,
11697 		    "sd_send_scsi_cmd: entry: un:0x%p UNEXPECTED SPACE\n", un);
11698 		break;
11699 	}
11700 #endif
11701 
11702 	/*
11703 	 * Perform resets directly; no need to generate a command to do it.
11704 	 */
11705 	if (incmd->uscsi_flags & (USCSI_RESET | USCSI_RESET_ALL)) {
11706 		flags = ((incmd->uscsi_flags & USCSI_RESET_ALL) != 0) ?
11707 		    RESET_ALL : RESET_TARGET;
11708 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: Issuing reset\n");
11709 		if (scsi_reset(SD_ADDRESS(un), flags) == 0) {
11710 			/* Reset attempt was unsuccessful */
11711 			SD_TRACE(SD_LOG_IO, un,
11712 			    "sd_send_scsi_cmd: reset: failure\n");
11713 			return (EIO);
11714 		}
11715 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: reset: success\n");
11716 		return (0);
11717 	}
11718 
11719 	/* Perfunctory sanity check... */
11720 	if (incmd->uscsi_cdblen <= 0) {
11721 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11722 		    "invalid uscsi_cdblen, returning EINVAL\n");
11723 		return (EINVAL);
11724 	}
11725 
11726 	/*
11727 	 * In order to not worry about where the uscsi structure came from
11728 	 * (or where the cdb it points to came from) we're going to make
11729 	 * kmem_alloc'd copies of them here. This will also allow reference
11730 	 * to the data they contain long after this process has gone to
11731 	 * sleep and its kernel stack has been unmapped, etc.
11732 	 *
11733 	 * First get some memory for the uscsi_cmd struct and copy the
11734 	 * contents of the given uscsi_cmd struct into it.
11735 	 */
11736 	uscmd = kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
11737 	bcopy(incmd, uscmd, sizeof (struct uscsi_cmd));
11738 
11739 	SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_cmd: uscsi_cmd",
11740 	    (uchar_t *)uscmd, sizeof (struct uscsi_cmd), SD_LOG_HEX);
11741 
11742 	/*
11743 	 * Now get some space for the CDB, and copy the given CDB into
11744 	 * it. Use ddi_copyin() in case the data is in user space.
11745 	 */
11746 	uscmd->uscsi_cdb = kmem_zalloc((size_t)incmd->uscsi_cdblen, KM_SLEEP);
11747 	flags = (cdbspace == UIO_SYSSPACE) ? FKIOCTL : 0;
11748 	if (ddi_copyin(incmd->uscsi_cdb, uscmd->uscsi_cdb,
11749 	    (uint_t)incmd->uscsi_cdblen, flags) != 0) {
11750 		kmem_free(uscmd->uscsi_cdb, (size_t)incmd->uscsi_cdblen);
11751 		kmem_free(uscmd, sizeof (struct uscsi_cmd));
11752 		return (EFAULT);
11753 	}
11754 
11755 	SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_cmd: CDB",
11756 	    (uchar_t *)uscmd->uscsi_cdb, incmd->uscsi_cdblen, SD_LOG_HEX);
11757 
11758 	bp = getrbuf(KM_SLEEP);
11759 
11760 	/*
11761 	 * Allocate an sd_uscsi_info struct and fill it with the info
11762 	 * needed by sd_initpkt_for_uscsi().  Then put the pointer into
11763 	 * b_private in the buf for sd_initpkt_for_uscsi().  Note that
11764 	 * since we allocate the buf here in this function, we do not
11765 	 * need to preserve the prior contents of b_private.
11766 	 * The sd_uscsi_info struct is also used by sd_uscsi_strategy()
11767 	 */
11768 	uip = kmem_zalloc(sizeof (struct sd_uscsi_info), KM_SLEEP);
11769 	uip->ui_flags = path_flag;
11770 	uip->ui_cmdp  = uscmd;
11771 	bp->b_private = uip;
11772 
11773 	/*
11774 	 * Initialize Request Sense buffering, if requested.
11775 	 */
11776 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
11777 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
11778 		/*
11779 		 * Here uscmd->uscsi_rqbuf currently points to the caller's
11780 		 * buffer, but we replace this with a kernel buffer that
11781 		 * we allocate to use with the sense data. The sense data
11782 		 * (if present) gets copied into this new buffer before the
11783 		 * command is completed.  Then we copy the sense data from
11784 		 * our allocated buf into the caller's buffer below. Note
11785 		 * that incmd->uscsi_rqbuf and incmd->uscsi_rqlen are used
11786 		 * below to perform the copy back to the caller's buf.
11787 		 */
11788 		uscmd->uscsi_rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
11789 		if (rqbufspace == UIO_USERSPACE) {
11790 			uscmd->uscsi_rqlen   = SENSE_LENGTH;
11791 			uscmd->uscsi_rqresid = SENSE_LENGTH;
11792 		} else {
11793 			uchar_t rlen = min(SENSE_LENGTH, uscmd->uscsi_rqlen);
11794 			uscmd->uscsi_rqlen   = rlen;
11795 			uscmd->uscsi_rqresid = rlen;
11796 		}
11797 	} else {
11798 		uscmd->uscsi_rqbuf = NULL;
11799 		uscmd->uscsi_rqlen   = 0;
11800 		uscmd->uscsi_rqresid = 0;
11801 	}
11802 
11803 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: rqbuf:0x%p  rqlen:%d\n",
11804 	    uscmd->uscsi_rqbuf, uscmd->uscsi_rqlen);
11805 
11806 	if (un->un_f_is_fibre == FALSE) {
11807 		/*
11808 		 * Force asynchronous mode, if necessary.  Doing this here
11809 		 * has the unfortunate effect of running other queued
11810 		 * commands async also, but since the main purpose of this
11811 		 * capability is downloading new drive firmware, we can
11812 		 * probably live with it.
11813 		 */
11814 		if ((uscmd->uscsi_flags & USCSI_ASYNC) != 0) {
11815 			if (scsi_ifgetcap(SD_ADDRESS(un), "synchronous", 1)
11816 				== 1) {
11817 				if (scsi_ifsetcap(SD_ADDRESS(un),
11818 					    "synchronous", 0, 1) == 1) {
11819 					SD_TRACE(SD_LOG_IO, un,
11820 					"sd_send_scsi_cmd: forced async ok\n");
11821 				} else {
11822 					SD_TRACE(SD_LOG_IO, un,
11823 					"sd_send_scsi_cmd:\
11824 					forced async failed\n");
11825 					rval = EINVAL;
11826 					goto done;
11827 				}
11828 			}
11829 		}
11830 
11831 		/*
11832 		 * Re-enable synchronous mode, if requested
11833 		 */
11834 		if (uscmd->uscsi_flags & USCSI_SYNC) {
11835 			if (scsi_ifgetcap(SD_ADDRESS(un), "synchronous", 1)
11836 				== 0) {
11837 				int i = scsi_ifsetcap(SD_ADDRESS(un),
11838 						"synchronous", 1, 1);
11839 				SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11840 					"re-enabled sync %s\n",
11841 					(i == 1) ? "ok" : "failed");
11842 			}
11843 		}
11844 	}
11845 
11846 	/*
11847 	 * Commands sent with priority are intended for error recovery
11848 	 * situations, and do not have retries performed.
11849 	 */
11850 	if (path_flag == SD_PATH_DIRECT_PRIORITY) {
11851 		uscmd->uscsi_flags |= USCSI_DIAGNOSE;
11852 	}
11853 
11854 	/*
11855 	 * If we're going to do actual I/O, let physio do all the right things
11856 	 */
11857 	if (uscmd->uscsi_buflen != 0) {
11858 		struct iovec	aiov;
11859 		struct uio	auio;
11860 		struct uio	*uio = &auio;
11861 
11862 		bzero(&auio, sizeof (struct uio));
11863 		bzero(&aiov, sizeof (struct iovec));
11864 		aiov.iov_base = uscmd->uscsi_bufaddr;
11865 		aiov.iov_len  = uscmd->uscsi_buflen;
11866 		uio->uio_iov  = &aiov;
11867 
11868 		uio->uio_iovcnt  = 1;
11869 		uio->uio_resid   = uscmd->uscsi_buflen;
11870 		uio->uio_segflg  = dataspace;
11871 
11872 		/*
11873 		 * physio() will block here until the command completes....
11874 		 */
11875 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: calling physio.\n");
11876 
11877 		rval = physio(sd_uscsi_strategy, bp, dev,
11878 		    ((uscmd->uscsi_flags & USCSI_READ) ? B_READ : B_WRITE),
11879 		    sduscsimin, uio);
11880 
11881 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11882 		    "returned from physio with 0x%x\n", rval);
11883 
11884 	} else {
11885 		/*
11886 		 * We have to mimic what physio would do here! Argh!
11887 		 */
11888 		bp->b_flags  = B_BUSY |
11889 		    ((uscmd->uscsi_flags & USCSI_READ) ? B_READ : B_WRITE);
11890 		bp->b_edev   = dev;
11891 		bp->b_dev    = cmpdev(dev);	/* maybe unnecessary? */
11892 		bp->b_bcount = 0;
11893 		bp->b_blkno  = 0;
11894 
11895 		SD_TRACE(SD_LOG_IO, un,
11896 		    "sd_send_scsi_cmd: calling sd_uscsi_strategy...\n");
11897 
11898 		(void) sd_uscsi_strategy(bp);
11899 
11900 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: calling biowait\n");
11901 
11902 		rval = biowait(bp);
11903 
11904 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11905 		    "returned from  biowait with 0x%x\n", rval);
11906 	}
11907 
11908 done:
11909 
11910 #ifdef SDDEBUG
11911 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11912 	    "uscsi_status: 0x%02x  uscsi_resid:0x%x\n",
11913 	    uscmd->uscsi_status, uscmd->uscsi_resid);
11914 	if (uscmd->uscsi_bufaddr != NULL) {
11915 		SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11916 		    "uscmd->uscsi_bufaddr: 0x%p  uscmd->uscsi_buflen:%d\n",
11917 		    uscmd->uscsi_bufaddr, uscmd->uscsi_buflen);
11918 		if (dataspace == UIO_SYSSPACE) {
11919 			SD_DUMP_MEMORY(un, SD_LOG_IO,
11920 			    "data", (uchar_t *)uscmd->uscsi_bufaddr,
11921 			    uscmd->uscsi_buflen, SD_LOG_HEX);
11922 		}
11923 	}
11924 #endif
11925 
11926 	/*
11927 	 * Get the status and residual to return to the caller.
11928 	 */
11929 	incmd->uscsi_status = uscmd->uscsi_status;
11930 	incmd->uscsi_resid  = uscmd->uscsi_resid;
11931 
11932 	/*
11933 	 * If the caller wants sense data, copy back whatever sense data
11934 	 * we may have gotten, and update the relevant rqsense info.
11935 	 */
11936 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
11937 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
11938 
11939 		int rqlen = uscmd->uscsi_rqlen - uscmd->uscsi_rqresid;
11940 		rqlen = min(((int)incmd->uscsi_rqlen), rqlen);
11941 
11942 		/* Update the Request Sense status and resid */
11943 		incmd->uscsi_rqresid  = incmd->uscsi_rqlen - rqlen;
11944 		incmd->uscsi_rqstatus = uscmd->uscsi_rqstatus;
11945 
11946 		SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11947 		    "uscsi_rqstatus: 0x%02x  uscsi_rqresid:0x%x\n",
11948 		    incmd->uscsi_rqstatus, incmd->uscsi_rqresid);
11949 
11950 		/* Copy out the sense data for user processes */
11951 		if ((incmd->uscsi_rqbuf != NULL) && (rqlen != 0)) {
11952 			int flags =
11953 			    (rqbufspace == UIO_USERSPACE) ? 0 : FKIOCTL;
11954 			if (ddi_copyout(uscmd->uscsi_rqbuf, incmd->uscsi_rqbuf,
11955 			    rqlen, flags) != 0) {
11956 				rval = EFAULT;
11957 			}
11958 			/*
11959 			 * Note: Can't touch incmd->uscsi_rqbuf so use
11960 			 * uscmd->uscsi_rqbuf instead. They're the same.
11961 			 */
11962 			SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11963 			    "incmd->uscsi_rqbuf: 0x%p  rqlen:%d\n",
11964 			    incmd->uscsi_rqbuf, rqlen);
11965 			SD_DUMP_MEMORY(un, SD_LOG_IO, "rq",
11966 			    (uchar_t *)uscmd->uscsi_rqbuf, rqlen, SD_LOG_HEX);
11967 		}
11968 	}
11969 
11970 	/*
11971 	 * Free allocated resources and return; mapout the buf in case it was
11972 	 * mapped in by a lower layer.
11973 	 */
11974 	bp_mapout(bp);
11975 	freerbuf(bp);
11976 	kmem_free(uip, sizeof (struct sd_uscsi_info));
11977 	if (uscmd->uscsi_rqbuf != NULL) {
11978 		kmem_free(uscmd->uscsi_rqbuf, SENSE_LENGTH);
11979 	}
11980 	kmem_free(uscmd->uscsi_cdb, (size_t)uscmd->uscsi_cdblen);
11981 	kmem_free(uscmd, sizeof (struct uscsi_cmd));
11982 
11983 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: exit\n");
11984 
11985 	return (rval);
11986 }
11987 
11988 
11989 /*
11990  *    Function: sd_buf_iodone
11991  *
11992  * Description: Frees the sd_xbuf & returns the buf to its originator.
11993  *
11994  *     Context: May be called from interrupt context.
11995  */
11996 /* ARGSUSED */
11997 static void
11998 sd_buf_iodone(int index, struct sd_lun *un, struct buf *bp)
11999 {
12000 	struct sd_xbuf *xp;
12001 
12002 	ASSERT(un != NULL);
12003 	ASSERT(bp != NULL);
12004 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12005 
12006 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_buf_iodone: entry.\n");
12007 
12008 	xp = SD_GET_XBUF(bp);
12009 	ASSERT(xp != NULL);
12010 
12011 	mutex_enter(SD_MUTEX(un));
12012 
12013 	/*
12014 	 * Grab time when the cmd completed.
12015 	 * This is used for determining if the system has been
12016 	 * idle long enough to make it idle to the PM framework.
12017 	 * This is for lowering the overhead, and therefore improving
12018 	 * performance per I/O operation.
12019 	 */
12020 	un->un_pm_idle_time = ddi_get_time();
12021 
12022 	un->un_ncmds_in_driver--;
12023 	ASSERT(un->un_ncmds_in_driver >= 0);
12024 	SD_INFO(SD_LOG_IO, un, "sd_buf_iodone: un_ncmds_in_driver = %ld\n",
12025 	    un->un_ncmds_in_driver);
12026 
12027 	mutex_exit(SD_MUTEX(un));
12028 
12029 	ddi_xbuf_done(bp, un->un_xbuf_attr);	/* xbuf is gone after this */
12030 	biodone(bp);				/* bp is gone after this */
12031 
12032 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_buf_iodone: exit.\n");
12033 }
12034 
12035 
12036 /*
12037  *    Function: sd_uscsi_iodone
12038  *
12039  * Description: Frees the sd_xbuf & returns the buf to its originator.
12040  *
12041  *     Context: May be called from interrupt context.
12042  */
12043 /* ARGSUSED */
12044 static void
12045 sd_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp)
12046 {
12047 	struct sd_xbuf *xp;
12048 
12049 	ASSERT(un != NULL);
12050 	ASSERT(bp != NULL);
12051 
12052 	xp = SD_GET_XBUF(bp);
12053 	ASSERT(xp != NULL);
12054 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12055 
12056 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: entry.\n");
12057 
12058 	bp->b_private = xp->xb_private;
12059 
12060 	mutex_enter(SD_MUTEX(un));
12061 
12062 	/*
12063 	 * Grab time when the cmd completed.
12064 	 * This is used for determining if the system has been
12065 	 * idle long enough to make it idle to the PM framework.
12066 	 * This is for lowering the overhead, and therefore improving
12067 	 * performance per I/O operation.
12068 	 */
12069 	un->un_pm_idle_time = ddi_get_time();
12070 
12071 	un->un_ncmds_in_driver--;
12072 	ASSERT(un->un_ncmds_in_driver >= 0);
12073 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: un_ncmds_in_driver = %ld\n",
12074 	    un->un_ncmds_in_driver);
12075 
12076 	mutex_exit(SD_MUTEX(un));
12077 
12078 	kmem_free(xp, sizeof (struct sd_xbuf));
12079 	biodone(bp);
12080 
12081 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: exit.\n");
12082 }
12083 
12084 
12085 /*
12086  *    Function: sd_mapblockaddr_iostart
12087  *
12088  * Description: Verify request lies withing the partition limits for
12089  *		the indicated minor device.  Issue "overrun" buf if
12090  *		request would exceed partition range.  Converts
12091  *		partition-relative block address to absolute.
12092  *
12093  *     Context: Can sleep
12094  *
12095  *      Issues: This follows what the old code did, in terms of accessing
12096  *		some of the partition info in the unit struct without holding
12097  *		the mutext.  This is a general issue, if the partition info
12098  *		can be altered while IO is in progress... as soon as we send
12099  *		a buf, its partitioning can be invalid before it gets to the
12100  *		device.  Probably the right fix is to move partitioning out
12101  *		of the driver entirely.
12102  */
12103 
12104 static void
12105 sd_mapblockaddr_iostart(int index, struct sd_lun *un, struct buf *bp)
12106 {
12107 	daddr_t	nblocks;	/* #blocks in the given partition */
12108 	daddr_t	blocknum;	/* Block number specified by the buf */
12109 	size_t	requested_nblocks;
12110 	size_t	available_nblocks;
12111 	int	partition;
12112 	diskaddr_t	partition_offset;
12113 	struct sd_xbuf *xp;
12114 
12115 
12116 	ASSERT(un != NULL);
12117 	ASSERT(bp != NULL);
12118 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12119 
12120 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12121 	    "sd_mapblockaddr_iostart: entry: buf:0x%p\n", bp);
12122 
12123 	xp = SD_GET_XBUF(bp);
12124 	ASSERT(xp != NULL);
12125 
12126 	/*
12127 	 * If the geometry is not indicated as valid, attempt to access
12128 	 * the unit & verify the geometry/label. This can be the case for
12129 	 * removable-media devices, of if the device was opened in
12130 	 * NDELAY/NONBLOCK mode.
12131 	 */
12132 	if ((un->un_f_geometry_is_valid != TRUE) &&
12133 	    (sd_ready_and_valid(un) != SD_READY_VALID)) {
12134 		/*
12135 		 * For removable devices it is possible to start an I/O
12136 		 * without a media by opening the device in nodelay mode.
12137 		 * Also for writable CDs there can be many scenarios where
12138 		 * there is no geometry yet but volume manager is trying to
12139 		 * issue a read() just because it can see TOC on the CD. So
12140 		 * do not print a message for removables.
12141 		 */
12142 		if (!ISREMOVABLE(un)) {
12143 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
12144 			    "i/o to invalid geometry\n");
12145 		}
12146 		bioerror(bp, EIO);
12147 		bp->b_resid = bp->b_bcount;
12148 		SD_BEGIN_IODONE(index, un, bp);
12149 		return;
12150 	}
12151 
12152 	partition = SDPART(bp->b_edev);
12153 
12154 	/* #blocks in partition */
12155 	nblocks = un->un_map[partition].dkl_nblk;    /* #blocks in partition */
12156 
12157 	/* Use of a local variable potentially improves performance slightly */
12158 	partition_offset = un->un_offset[partition];
12159 
12160 	/*
12161 	 * blocknum is the starting block number of the request. At this
12162 	 * point it is still relative to the start of the minor device.
12163 	 */
12164 	blocknum = xp->xb_blkno;
12165 
12166 	/*
12167 	 * Legacy: If the starting block number is one past the last block
12168 	 * in the partition, do not set B_ERROR in the buf.
12169 	 */
12170 	if (blocknum == nblocks)  {
12171 		goto error_exit;
12172 	}
12173 
12174 	/*
12175 	 * Confirm that the first block of the request lies within the
12176 	 * partition limits. Also the requested number of bytes must be
12177 	 * a multiple of the system block size.
12178 	 */
12179 	if ((blocknum < 0) || (blocknum >= nblocks) ||
12180 	    ((bp->b_bcount & (un->un_sys_blocksize - 1)) != 0)) {
12181 		bp->b_flags |= B_ERROR;
12182 		goto error_exit;
12183 	}
12184 
12185 	/*
12186 	 * If the requsted # blocks exceeds the available # blocks, that
12187 	 * is an overrun of the partition.
12188 	 */
12189 	requested_nblocks = SD_BYTES2SYSBLOCKS(un, bp->b_bcount);
12190 	available_nblocks = (size_t)(nblocks - blocknum);
12191 	ASSERT(nblocks >= blocknum);
12192 
12193 	if (requested_nblocks > available_nblocks) {
12194 		/*
12195 		 * Allocate an "overrun" buf to allow the request to proceed
12196 		 * for the amount of space available in the partition. The
12197 		 * amount not transferred will be added into the b_resid
12198 		 * when the operation is complete. The overrun buf
12199 		 * replaces the original buf here, and the original buf
12200 		 * is saved inside the overrun buf, for later use.
12201 		 */
12202 		size_t resid = SD_SYSBLOCKS2BYTES(un,
12203 		    (offset_t)(requested_nblocks - available_nblocks));
12204 		size_t count = bp->b_bcount - resid;
12205 		/*
12206 		 * Note: count is an unsigned entity thus it'll NEVER
12207 		 * be less than 0 so ASSERT the original values are
12208 		 * correct.
12209 		 */
12210 		ASSERT(bp->b_bcount >= resid);
12211 
12212 		bp = sd_bioclone_alloc(bp, count, blocknum,
12213 			(int (*)(struct buf *)) sd_mapblockaddr_iodone);
12214 		xp = SD_GET_XBUF(bp); /* Update for 'new' bp! */
12215 		ASSERT(xp != NULL);
12216 	}
12217 
12218 	/* At this point there should be no residual for this buf. */
12219 	ASSERT(bp->b_resid == 0);
12220 
12221 	/* Convert the block number to an absolute address. */
12222 	xp->xb_blkno += partition_offset;
12223 
12224 	SD_NEXT_IOSTART(index, un, bp);
12225 
12226 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12227 	    "sd_mapblockaddr_iostart: exit 0: buf:0x%p\n", bp);
12228 
12229 	return;
12230 
12231 error_exit:
12232 	bp->b_resid = bp->b_bcount;
12233 	SD_BEGIN_IODONE(index, un, bp);
12234 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12235 	    "sd_mapblockaddr_iostart: exit 1: buf:0x%p\n", bp);
12236 }
12237 
12238 
12239 /*
12240  *    Function: sd_mapblockaddr_iodone
12241  *
12242  * Description: Completion-side processing for partition management.
12243  *
12244  *     Context: May be called under interrupt context
12245  */
12246 
12247 static void
12248 sd_mapblockaddr_iodone(int index, struct sd_lun *un, struct buf *bp)
12249 {
12250 	/* int	partition; */	/* Not used, see below. */
12251 	ASSERT(un != NULL);
12252 	ASSERT(bp != NULL);
12253 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12254 
12255 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12256 	    "sd_mapblockaddr_iodone: entry: buf:0x%p\n", bp);
12257 
12258 	if (bp->b_iodone == (int (*)(struct buf *)) sd_mapblockaddr_iodone) {
12259 		/*
12260 		 * We have an "overrun" buf to deal with...
12261 		 */
12262 		struct sd_xbuf	*xp;
12263 		struct buf	*obp;	/* ptr to the original buf */
12264 
12265 		xp = SD_GET_XBUF(bp);
12266 		ASSERT(xp != NULL);
12267 
12268 		/* Retrieve the pointer to the original buf */
12269 		obp = (struct buf *)xp->xb_private;
12270 		ASSERT(obp != NULL);
12271 
12272 		obp->b_resid = obp->b_bcount - (bp->b_bcount - bp->b_resid);
12273 		bioerror(obp, bp->b_error);
12274 
12275 		sd_bioclone_free(bp);
12276 
12277 		/*
12278 		 * Get back the original buf.
12279 		 * Note that since the restoration of xb_blkno below
12280 		 * was removed, the sd_xbuf is not needed.
12281 		 */
12282 		bp = obp;
12283 		/*
12284 		 * xp = SD_GET_XBUF(bp);
12285 		 * ASSERT(xp != NULL);
12286 		 */
12287 	}
12288 
12289 	/*
12290 	 * Convert sd->xb_blkno back to a minor-device relative value.
12291 	 * Note: this has been commented out, as it is not needed in the
12292 	 * current implementation of the driver (ie, since this function
12293 	 * is at the top of the layering chains, so the info will be
12294 	 * discarded) and it is in the "hot" IO path.
12295 	 *
12296 	 * partition = getminor(bp->b_edev) & SDPART_MASK;
12297 	 * xp->xb_blkno -= un->un_offset[partition];
12298 	 */
12299 
12300 	SD_NEXT_IODONE(index, un, bp);
12301 
12302 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12303 	    "sd_mapblockaddr_iodone: exit: buf:0x%p\n", bp);
12304 }
12305 
12306 
12307 /*
12308  *    Function: sd_mapblocksize_iostart
12309  *
12310  * Description: Convert between system block size (un->un_sys_blocksize)
12311  *		and target block size (un->un_tgt_blocksize).
12312  *
12313  *     Context: Can sleep to allocate resources.
12314  *
12315  * Assumptions: A higher layer has already performed any partition validation,
12316  *		and converted the xp->xb_blkno to an absolute value relative
12317  *		to the start of the device.
12318  *
12319  *		It is also assumed that the higher layer has implemented
12320  *		an "overrun" mechanism for the case where the request would
12321  *		read/write beyond the end of a partition.  In this case we
12322  *		assume (and ASSERT) that bp->b_resid == 0.
12323  *
12324  *		Note: The implementation for this routine assumes the target
12325  *		block size remains constant between allocation and transport.
12326  */
12327 
12328 static void
12329 sd_mapblocksize_iostart(int index, struct sd_lun *un, struct buf *bp)
12330 {
12331 	struct sd_mapblocksize_info	*bsp;
12332 	struct sd_xbuf			*xp;
12333 	offset_t first_byte;
12334 	daddr_t	start_block, end_block;
12335 	daddr_t	request_bytes;
12336 	ushort_t is_aligned = FALSE;
12337 
12338 	ASSERT(un != NULL);
12339 	ASSERT(bp != NULL);
12340 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12341 	ASSERT(bp->b_resid == 0);
12342 
12343 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12344 	    "sd_mapblocksize_iostart: entry: buf:0x%p\n", bp);
12345 
12346 	/*
12347 	 * For a non-writable CD, a write request is an error
12348 	 */
12349 	if (ISCD(un) && ((bp->b_flags & B_READ) == 0) &&
12350 	    (un->un_f_mmc_writable_media == FALSE)) {
12351 		bioerror(bp, EIO);
12352 		bp->b_resid = bp->b_bcount;
12353 		SD_BEGIN_IODONE(index, un, bp);
12354 		return;
12355 	}
12356 
12357 	/*
12358 	 * We do not need a shadow buf if the device is using
12359 	 * un->un_sys_blocksize as its block size or if bcount == 0.
12360 	 * In this case there is no layer-private data block allocated.
12361 	 */
12362 	if ((un->un_tgt_blocksize == un->un_sys_blocksize) ||
12363 	    (bp->b_bcount == 0)) {
12364 		goto done;
12365 	}
12366 
12367 #if defined(__i386) || defined(__amd64)
12368 	/* We do not support non-block-aligned transfers for ROD devices */
12369 	ASSERT(!ISROD(un));
12370 #endif
12371 
12372 	xp = SD_GET_XBUF(bp);
12373 	ASSERT(xp != NULL);
12374 
12375 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12376 	    "tgt_blocksize:0x%x sys_blocksize: 0x%x\n",
12377 	    un->un_tgt_blocksize, un->un_sys_blocksize);
12378 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12379 	    "request start block:0x%x\n", xp->xb_blkno);
12380 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12381 	    "request len:0x%x\n", bp->b_bcount);
12382 
12383 	/*
12384 	 * Allocate the layer-private data area for the mapblocksize layer.
12385 	 * Layers are allowed to use the xp_private member of the sd_xbuf
12386 	 * struct to store the pointer to their layer-private data block, but
12387 	 * each layer also has the responsibility of restoring the prior
12388 	 * contents of xb_private before returning the buf/xbuf to the
12389 	 * higher layer that sent it.
12390 	 *
12391 	 * Here we save the prior contents of xp->xb_private into the
12392 	 * bsp->mbs_oprivate field of our layer-private data area. This value
12393 	 * is restored by sd_mapblocksize_iodone() just prior to freeing up
12394 	 * the layer-private area and returning the buf/xbuf to the layer
12395 	 * that sent it.
12396 	 *
12397 	 * Note that here we use kmem_zalloc for the allocation as there are
12398 	 * parts of the mapblocksize code that expect certain fields to be
12399 	 * zero unless explicitly set to a required value.
12400 	 */
12401 	bsp = kmem_zalloc(sizeof (struct sd_mapblocksize_info), KM_SLEEP);
12402 	bsp->mbs_oprivate = xp->xb_private;
12403 	xp->xb_private = bsp;
12404 
12405 	/*
12406 	 * This treats the data on the disk (target) as an array of bytes.
12407 	 * first_byte is the byte offset, from the beginning of the device,
12408 	 * to the location of the request. This is converted from a
12409 	 * un->un_sys_blocksize block address to a byte offset, and then back
12410 	 * to a block address based upon a un->un_tgt_blocksize block size.
12411 	 *
12412 	 * xp->xb_blkno should be absolute upon entry into this function,
12413 	 * but, but it is based upon partitions that use the "system"
12414 	 * block size. It must be adjusted to reflect the block size of
12415 	 * the target.
12416 	 *
12417 	 * Note that end_block is actually the block that follows the last
12418 	 * block of the request, but that's what is needed for the computation.
12419 	 */
12420 	first_byte  = SD_SYSBLOCKS2BYTES(un, (offset_t)xp->xb_blkno);
12421 	start_block = xp->xb_blkno = first_byte / un->un_tgt_blocksize;
12422 	end_block   = (first_byte + bp->b_bcount + un->un_tgt_blocksize - 1) /
12423 	    un->un_tgt_blocksize;
12424 
12425 	/* request_bytes is rounded up to a multiple of the target block size */
12426 	request_bytes = (end_block - start_block) * un->un_tgt_blocksize;
12427 
12428 	/*
12429 	 * See if the starting address of the request and the request
12430 	 * length are aligned on a un->un_tgt_blocksize boundary. If aligned
12431 	 * then we do not need to allocate a shadow buf to handle the request.
12432 	 */
12433 	if (((first_byte   % un->un_tgt_blocksize) == 0) &&
12434 	    ((bp->b_bcount % un->un_tgt_blocksize) == 0)) {
12435 		is_aligned = TRUE;
12436 	}
12437 
12438 	if ((bp->b_flags & B_READ) == 0) {
12439 		/*
12440 		 * Lock the range for a write operation. An aligned request is
12441 		 * considered a simple write; otherwise the request must be a
12442 		 * read-modify-write.
12443 		 */
12444 		bsp->mbs_wmp = sd_range_lock(un, start_block, end_block - 1,
12445 		    (is_aligned == TRUE) ? SD_WTYPE_SIMPLE : SD_WTYPE_RMW);
12446 	}
12447 
12448 	/*
12449 	 * Alloc a shadow buf if the request is not aligned. Also, this is
12450 	 * where the READ command is generated for a read-modify-write. (The
12451 	 * write phase is deferred until after the read completes.)
12452 	 */
12453 	if (is_aligned == FALSE) {
12454 
12455 		struct sd_mapblocksize_info	*shadow_bsp;
12456 		struct sd_xbuf	*shadow_xp;
12457 		struct buf	*shadow_bp;
12458 
12459 		/*
12460 		 * Allocate the shadow buf and it associated xbuf. Note that
12461 		 * after this call the xb_blkno value in both the original
12462 		 * buf's sd_xbuf _and_ the shadow buf's sd_xbuf will be the
12463 		 * same: absolute relative to the start of the device, and
12464 		 * adjusted for the target block size. The b_blkno in the
12465 		 * shadow buf will also be set to this value. We should never
12466 		 * change b_blkno in the original bp however.
12467 		 *
12468 		 * Note also that the shadow buf will always need to be a
12469 		 * READ command, regardless of whether the incoming command
12470 		 * is a READ or a WRITE.
12471 		 */
12472 		shadow_bp = sd_shadow_buf_alloc(bp, request_bytes, B_READ,
12473 		    xp->xb_blkno,
12474 		    (int (*)(struct buf *)) sd_mapblocksize_iodone);
12475 
12476 		shadow_xp = SD_GET_XBUF(shadow_bp);
12477 
12478 		/*
12479 		 * Allocate the layer-private data for the shadow buf.
12480 		 * (No need to preserve xb_private in the shadow xbuf.)
12481 		 */
12482 		shadow_xp->xb_private = shadow_bsp =
12483 		    kmem_zalloc(sizeof (struct sd_mapblocksize_info), KM_SLEEP);
12484 
12485 		/*
12486 		 * bsp->mbs_copy_offset is used later by sd_mapblocksize_iodone
12487 		 * to figure out where the start of the user data is (based upon
12488 		 * the system block size) in the data returned by the READ
12489 		 * command (which will be based upon the target blocksize). Note
12490 		 * that this is only really used if the request is unaligned.
12491 		 */
12492 		bsp->mbs_copy_offset = (ssize_t)(first_byte -
12493 		    ((offset_t)xp->xb_blkno * un->un_tgt_blocksize));
12494 		ASSERT((bsp->mbs_copy_offset >= 0) &&
12495 		    (bsp->mbs_copy_offset < un->un_tgt_blocksize));
12496 
12497 		shadow_bsp->mbs_copy_offset = bsp->mbs_copy_offset;
12498 
12499 		shadow_bsp->mbs_layer_index = bsp->mbs_layer_index = index;
12500 
12501 		/* Transfer the wmap (if any) to the shadow buf */
12502 		shadow_bsp->mbs_wmp = bsp->mbs_wmp;
12503 		bsp->mbs_wmp = NULL;
12504 
12505 		/*
12506 		 * The shadow buf goes on from here in place of the
12507 		 * original buf.
12508 		 */
12509 		shadow_bsp->mbs_orig_bp = bp;
12510 		bp = shadow_bp;
12511 	}
12512 
12513 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12514 	    "sd_mapblocksize_iostart: tgt start block:0x%x\n", xp->xb_blkno);
12515 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12516 	    "sd_mapblocksize_iostart: tgt request len:0x%x\n",
12517 	    request_bytes);
12518 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12519 	    "sd_mapblocksize_iostart: shadow buf:0x%x\n", bp);
12520 
12521 done:
12522 	SD_NEXT_IOSTART(index, un, bp);
12523 
12524 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12525 	    "sd_mapblocksize_iostart: exit: buf:0x%p\n", bp);
12526 }
12527 
12528 
12529 /*
12530  *    Function: sd_mapblocksize_iodone
12531  *
12532  * Description: Completion side processing for block-size mapping.
12533  *
12534  *     Context: May be called under interrupt context
12535  */
12536 
12537 static void
12538 sd_mapblocksize_iodone(int index, struct sd_lun *un, struct buf *bp)
12539 {
12540 	struct sd_mapblocksize_info	*bsp;
12541 	struct sd_xbuf	*xp;
12542 	struct sd_xbuf	*orig_xp;	/* sd_xbuf for the original buf */
12543 	struct buf	*orig_bp;	/* ptr to the original buf */
12544 	offset_t	shadow_end;
12545 	offset_t	request_end;
12546 	offset_t	shadow_start;
12547 	ssize_t		copy_offset;
12548 	size_t		copy_length;
12549 	size_t		shortfall;
12550 	uint_t		is_write;	/* TRUE if this bp is a WRITE */
12551 	uint_t		has_wmap;	/* TRUE is this bp has a wmap */
12552 
12553 	ASSERT(un != NULL);
12554 	ASSERT(bp != NULL);
12555 
12556 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12557 	    "sd_mapblocksize_iodone: entry: buf:0x%p\n", bp);
12558 
12559 	/*
12560 	 * There is no shadow buf or layer-private data if the target is
12561 	 * using un->un_sys_blocksize as its block size or if bcount == 0.
12562 	 */
12563 	if ((un->un_tgt_blocksize == un->un_sys_blocksize) ||
12564 	    (bp->b_bcount == 0)) {
12565 		goto exit;
12566 	}
12567 
12568 	xp = SD_GET_XBUF(bp);
12569 	ASSERT(xp != NULL);
12570 
12571 	/* Retrieve the pointer to the layer-private data area from the xbuf. */
12572 	bsp = xp->xb_private;
12573 
12574 	is_write = ((bp->b_flags & B_READ) == 0) ? TRUE : FALSE;
12575 	has_wmap = (bsp->mbs_wmp != NULL) ? TRUE : FALSE;
12576 
12577 	if (is_write) {
12578 		/*
12579 		 * For a WRITE request we must free up the block range that
12580 		 * we have locked up.  This holds regardless of whether this is
12581 		 * an aligned write request or a read-modify-write request.
12582 		 */
12583 		sd_range_unlock(un, bsp->mbs_wmp);
12584 		bsp->mbs_wmp = NULL;
12585 	}
12586 
12587 	if ((bp->b_iodone != (int(*)(struct buf *))sd_mapblocksize_iodone)) {
12588 		/*
12589 		 * An aligned read or write command will have no shadow buf;
12590 		 * there is not much else to do with it.
12591 		 */
12592 		goto done;
12593 	}
12594 
12595 	orig_bp = bsp->mbs_orig_bp;
12596 	ASSERT(orig_bp != NULL);
12597 	orig_xp = SD_GET_XBUF(orig_bp);
12598 	ASSERT(orig_xp != NULL);
12599 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12600 
12601 	if (!is_write && has_wmap) {
12602 		/*
12603 		 * A READ with a wmap means this is the READ phase of a
12604 		 * read-modify-write. If an error occurred on the READ then
12605 		 * we do not proceed with the WRITE phase or copy any data.
12606 		 * Just release the write maps and return with an error.
12607 		 */
12608 		if ((bp->b_resid != 0) || (bp->b_error != 0)) {
12609 			orig_bp->b_resid = orig_bp->b_bcount;
12610 			bioerror(orig_bp, bp->b_error);
12611 			sd_range_unlock(un, bsp->mbs_wmp);
12612 			goto freebuf_done;
12613 		}
12614 	}
12615 
12616 	/*
12617 	 * Here is where we set up to copy the data from the shadow buf
12618 	 * into the space associated with the original buf.
12619 	 *
12620 	 * To deal with the conversion between block sizes, these
12621 	 * computations treat the data as an array of bytes, with the
12622 	 * first byte (byte 0) corresponding to the first byte in the
12623 	 * first block on the disk.
12624 	 */
12625 
12626 	/*
12627 	 * shadow_start and shadow_len indicate the location and size of
12628 	 * the data returned with the shadow IO request.
12629 	 */
12630 	shadow_start  = SD_TGTBLOCKS2BYTES(un, (offset_t)xp->xb_blkno);
12631 	shadow_end    = shadow_start + bp->b_bcount - bp->b_resid;
12632 
12633 	/*
12634 	 * copy_offset gives the offset (in bytes) from the start of the first
12635 	 * block of the READ request to the beginning of the data.  We retrieve
12636 	 * this value from xb_pktp in the ORIGINAL xbuf, as it has been saved
12637 	 * there by sd_mapblockize_iostart(). copy_length gives the amount of
12638 	 * data to be copied (in bytes).
12639 	 */
12640 	copy_offset  = bsp->mbs_copy_offset;
12641 	ASSERT((copy_offset >= 0) && (copy_offset < un->un_tgt_blocksize));
12642 	copy_length  = orig_bp->b_bcount;
12643 	request_end  = shadow_start + copy_offset + orig_bp->b_bcount;
12644 
12645 	/*
12646 	 * Set up the resid and error fields of orig_bp as appropriate.
12647 	 */
12648 	if (shadow_end >= request_end) {
12649 		/* We got all the requested data; set resid to zero */
12650 		orig_bp->b_resid = 0;
12651 	} else {
12652 		/*
12653 		 * We failed to get enough data to fully satisfy the original
12654 		 * request. Just copy back whatever data we got and set
12655 		 * up the residual and error code as required.
12656 		 *
12657 		 * 'shortfall' is the amount by which the data received with the
12658 		 * shadow buf has "fallen short" of the requested amount.
12659 		 */
12660 		shortfall = (size_t)(request_end - shadow_end);
12661 
12662 		if (shortfall > orig_bp->b_bcount) {
12663 			/*
12664 			 * We did not get enough data to even partially
12665 			 * fulfill the original request.  The residual is
12666 			 * equal to the amount requested.
12667 			 */
12668 			orig_bp->b_resid = orig_bp->b_bcount;
12669 		} else {
12670 			/*
12671 			 * We did not get all the data that we requested
12672 			 * from the device, but we will try to return what
12673 			 * portion we did get.
12674 			 */
12675 			orig_bp->b_resid = shortfall;
12676 		}
12677 		ASSERT(copy_length >= orig_bp->b_resid);
12678 		copy_length  -= orig_bp->b_resid;
12679 	}
12680 
12681 	/* Propagate the error code from the shadow buf to the original buf */
12682 	bioerror(orig_bp, bp->b_error);
12683 
12684 	if (is_write) {
12685 		goto freebuf_done;	/* No data copying for a WRITE */
12686 	}
12687 
12688 	if (has_wmap) {
12689 		/*
12690 		 * This is a READ command from the READ phase of a
12691 		 * read-modify-write request. We have to copy the data given
12692 		 * by the user OVER the data returned by the READ command,
12693 		 * then convert the command from a READ to a WRITE and send
12694 		 * it back to the target.
12695 		 */
12696 		bcopy(orig_bp->b_un.b_addr, bp->b_un.b_addr + copy_offset,
12697 		    copy_length);
12698 
12699 		bp->b_flags &= ~((int)B_READ);	/* Convert to a WRITE */
12700 
12701 		/*
12702 		 * Dispatch the WRITE command to the taskq thread, which
12703 		 * will in turn send the command to the target. When the
12704 		 * WRITE command completes, we (sd_mapblocksize_iodone())
12705 		 * will get called again as part of the iodone chain
12706 		 * processing for it. Note that we will still be dealing
12707 		 * with the shadow buf at that point.
12708 		 */
12709 		if (taskq_dispatch(sd_wmr_tq, sd_read_modify_write_task, bp,
12710 		    KM_NOSLEEP) != 0) {
12711 			/*
12712 			 * Dispatch was successful so we are done. Return
12713 			 * without going any higher up the iodone chain. Do
12714 			 * not free up any layer-private data until after the
12715 			 * WRITE completes.
12716 			 */
12717 			return;
12718 		}
12719 
12720 		/*
12721 		 * Dispatch of the WRITE command failed; set up the error
12722 		 * condition and send this IO back up the iodone chain.
12723 		 */
12724 		bioerror(orig_bp, EIO);
12725 		orig_bp->b_resid = orig_bp->b_bcount;
12726 
12727 	} else {
12728 		/*
12729 		 * This is a regular READ request (ie, not a RMW). Copy the
12730 		 * data from the shadow buf into the original buf. The
12731 		 * copy_offset compensates for any "misalignment" between the
12732 		 * shadow buf (with its un->un_tgt_blocksize blocks) and the
12733 		 * original buf (with its un->un_sys_blocksize blocks).
12734 		 */
12735 		bcopy(bp->b_un.b_addr + copy_offset, orig_bp->b_un.b_addr,
12736 		    copy_length);
12737 	}
12738 
12739 freebuf_done:
12740 
12741 	/*
12742 	 * At this point we still have both the shadow buf AND the original
12743 	 * buf to deal with, as well as the layer-private data area in each.
12744 	 * Local variables are as follows:
12745 	 *
12746 	 * bp -- points to shadow buf
12747 	 * xp -- points to xbuf of shadow buf
12748 	 * bsp -- points to layer-private data area of shadow buf
12749 	 * orig_bp -- points to original buf
12750 	 *
12751 	 * First free the shadow buf and its associated xbuf, then free the
12752 	 * layer-private data area from the shadow buf. There is no need to
12753 	 * restore xb_private in the shadow xbuf.
12754 	 */
12755 	sd_shadow_buf_free(bp);
12756 	kmem_free(bsp, sizeof (struct sd_mapblocksize_info));
12757 
12758 	/*
12759 	 * Now update the local variables to point to the original buf, xbuf,
12760 	 * and layer-private area.
12761 	 */
12762 	bp = orig_bp;
12763 	xp = SD_GET_XBUF(bp);
12764 	ASSERT(xp != NULL);
12765 	ASSERT(xp == orig_xp);
12766 	bsp = xp->xb_private;
12767 	ASSERT(bsp != NULL);
12768 
12769 done:
12770 	/*
12771 	 * Restore xb_private to whatever it was set to by the next higher
12772 	 * layer in the chain, then free the layer-private data area.
12773 	 */
12774 	xp->xb_private = bsp->mbs_oprivate;
12775 	kmem_free(bsp, sizeof (struct sd_mapblocksize_info));
12776 
12777 exit:
12778 	SD_TRACE(SD_LOG_IO_RMMEDIA, SD_GET_UN(bp),
12779 	    "sd_mapblocksize_iodone: calling SD_NEXT_IODONE: buf:0x%p\n", bp);
12780 
12781 	SD_NEXT_IODONE(index, un, bp);
12782 }
12783 
12784 
12785 /*
12786  *    Function: sd_checksum_iostart
12787  *
12788  * Description: A stub function for a layer that's currently not used.
12789  *		For now just a placeholder.
12790  *
12791  *     Context: Kernel thread context
12792  */
12793 
12794 static void
12795 sd_checksum_iostart(int index, struct sd_lun *un, struct buf *bp)
12796 {
12797 	ASSERT(un != NULL);
12798 	ASSERT(bp != NULL);
12799 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12800 	SD_NEXT_IOSTART(index, un, bp);
12801 }
12802 
12803 
12804 /*
12805  *    Function: sd_checksum_iodone
12806  *
12807  * Description: A stub function for a layer that's currently not used.
12808  *		For now just a placeholder.
12809  *
12810  *     Context: May be called under interrupt context
12811  */
12812 
12813 static void
12814 sd_checksum_iodone(int index, struct sd_lun *un, struct buf *bp)
12815 {
12816 	ASSERT(un != NULL);
12817 	ASSERT(bp != NULL);
12818 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12819 	SD_NEXT_IODONE(index, un, bp);
12820 }
12821 
12822 
12823 /*
12824  *    Function: sd_checksum_uscsi_iostart
12825  *
12826  * Description: A stub function for a layer that's currently not used.
12827  *		For now just a placeholder.
12828  *
12829  *     Context: Kernel thread context
12830  */
12831 
12832 static void
12833 sd_checksum_uscsi_iostart(int index, struct sd_lun *un, struct buf *bp)
12834 {
12835 	ASSERT(un != NULL);
12836 	ASSERT(bp != NULL);
12837 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12838 	SD_NEXT_IOSTART(index, un, bp);
12839 }
12840 
12841 
12842 /*
12843  *    Function: sd_checksum_uscsi_iodone
12844  *
12845  * Description: A stub function for a layer that's currently not used.
12846  *		For now just a placeholder.
12847  *
12848  *     Context: May be called under interrupt context
12849  */
12850 
12851 static void
12852 sd_checksum_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp)
12853 {
12854 	ASSERT(un != NULL);
12855 	ASSERT(bp != NULL);
12856 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12857 	SD_NEXT_IODONE(index, un, bp);
12858 }
12859 
12860 
12861 /*
12862  *    Function: sd_pm_iostart
12863  *
12864  * Description: iostart-side routine for Power mangement.
12865  *
12866  *     Context: Kernel thread context
12867  */
12868 
12869 static void
12870 sd_pm_iostart(int index, struct sd_lun *un, struct buf *bp)
12871 {
12872 	ASSERT(un != NULL);
12873 	ASSERT(bp != NULL);
12874 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12875 	ASSERT(!mutex_owned(&un->un_pm_mutex));
12876 
12877 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: entry\n");
12878 
12879 	if (sd_pm_entry(un) != DDI_SUCCESS) {
12880 		/*
12881 		 * Set up to return the failed buf back up the 'iodone'
12882 		 * side of the calling chain.
12883 		 */
12884 		bioerror(bp, EIO);
12885 		bp->b_resid = bp->b_bcount;
12886 
12887 		SD_BEGIN_IODONE(index, un, bp);
12888 
12889 		SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: exit\n");
12890 		return;
12891 	}
12892 
12893 	SD_NEXT_IOSTART(index, un, bp);
12894 
12895 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: exit\n");
12896 }
12897 
12898 
12899 /*
12900  *    Function: sd_pm_iodone
12901  *
12902  * Description: iodone-side routine for power mangement.
12903  *
12904  *     Context: may be called from interrupt context
12905  */
12906 
12907 static void
12908 sd_pm_iodone(int index, struct sd_lun *un, struct buf *bp)
12909 {
12910 	ASSERT(un != NULL);
12911 	ASSERT(bp != NULL);
12912 	ASSERT(!mutex_owned(&un->un_pm_mutex));
12913 
12914 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iodone: entry\n");
12915 
12916 	/*
12917 	 * After attach the following flag is only read, so don't
12918 	 * take the penalty of acquiring a mutex for it.
12919 	 */
12920 	if (un->un_f_pm_is_enabled == TRUE) {
12921 		sd_pm_exit(un);
12922 	}
12923 
12924 	SD_NEXT_IODONE(index, un, bp);
12925 
12926 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iodone: exit\n");
12927 }
12928 
12929 
12930 /*
12931  *    Function: sd_core_iostart
12932  *
12933  * Description: Primary driver function for enqueuing buf(9S) structs from
12934  *		the system and initiating IO to the target device
12935  *
12936  *     Context: Kernel thread context. Can sleep.
12937  *
12938  * Assumptions:  - The given xp->xb_blkno is absolute
12939  *		   (ie, relative to the start of the device).
12940  *		 - The IO is to be done using the native blocksize of
12941  *		   the device, as specified in un->un_tgt_blocksize.
12942  */
12943 /* ARGSUSED */
12944 static void
12945 sd_core_iostart(int index, struct sd_lun *un, struct buf *bp)
12946 {
12947 	struct sd_xbuf *xp;
12948 
12949 	ASSERT(un != NULL);
12950 	ASSERT(bp != NULL);
12951 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12952 	ASSERT(bp->b_resid == 0);
12953 
12954 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_core_iostart: entry: bp:0x%p\n", bp);
12955 
12956 	xp = SD_GET_XBUF(bp);
12957 	ASSERT(xp != NULL);
12958 
12959 	mutex_enter(SD_MUTEX(un));
12960 
12961 	/*
12962 	 * If we are currently in the failfast state, fail any new IO
12963 	 * that has B_FAILFAST set, then return.
12964 	 */
12965 	if ((bp->b_flags & B_FAILFAST) &&
12966 	    (un->un_failfast_state == SD_FAILFAST_ACTIVE)) {
12967 		mutex_exit(SD_MUTEX(un));
12968 		bioerror(bp, EIO);
12969 		bp->b_resid = bp->b_bcount;
12970 		SD_BEGIN_IODONE(index, un, bp);
12971 		return;
12972 	}
12973 
12974 	if (SD_IS_DIRECT_PRIORITY(xp)) {
12975 		/*
12976 		 * Priority command -- transport it immediately.
12977 		 *
12978 		 * Note: We may want to assert that USCSI_DIAGNOSE is set,
12979 		 * because all direct priority commands should be associated
12980 		 * with error recovery actions which we don't want to retry.
12981 		 */
12982 		sd_start_cmds(un, bp);
12983 	} else {
12984 		/*
12985 		 * Normal command -- add it to the wait queue, then start
12986 		 * transporting commands from the wait queue.
12987 		 */
12988 		sd_add_buf_to_waitq(un, bp);
12989 		SD_UPDATE_KSTATS(un, kstat_waitq_enter, bp);
12990 		sd_start_cmds(un, NULL);
12991 	}
12992 
12993 	mutex_exit(SD_MUTEX(un));
12994 
12995 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_core_iostart: exit: bp:0x%p\n", bp);
12996 }
12997 
12998 
12999 /*
13000  *    Function: sd_init_cdb_limits
13001  *
13002  * Description: This is to handle scsi_pkt initialization differences
13003  *		between the driver platforms.
13004  *
13005  *		Legacy behaviors:
13006  *
13007  *		If the block number or the sector count exceeds the
13008  *		capabilities of a Group 0 command, shift over to a
13009  *		Group 1 command. We don't blindly use Group 1
13010  *		commands because a) some drives (CDC Wren IVs) get a
13011  *		bit confused, and b) there is probably a fair amount
13012  *		of speed difference for a target to receive and decode
13013  *		a 10 byte command instead of a 6 byte command.
13014  *
13015  *		The xfer time difference of 6 vs 10 byte CDBs is
13016  *		still significant so this code is still worthwhile.
13017  *		10 byte CDBs are very inefficient with the fas HBA driver
13018  *		and older disks. Each CDB byte took 1 usec with some
13019  *		popular disks.
13020  *
13021  *     Context: Must be called at attach time
13022  */
13023 
13024 static void
13025 sd_init_cdb_limits(struct sd_lun *un)
13026 {
13027 	/*
13028 	 * Use CDB_GROUP1 commands for most devices except for
13029 	 * parallel SCSI fixed drives in which case we get better
13030 	 * performance using CDB_GROUP0 commands (where applicable).
13031 	 */
13032 	un->un_mincdb = SD_CDB_GROUP1;
13033 #if !defined(__fibre)
13034 	if (!un->un_f_is_fibre && !un->un_f_cfg_is_atapi && !ISROD(un) &&
13035 	    !ISREMOVABLE(un)) {
13036 		un->un_mincdb = SD_CDB_GROUP0;
13037 	}
13038 #endif
13039 
13040 	/*
13041 	 * Use CDB_GROUP5 commands for removable devices.  Use CDB_GROUP4
13042 	 * commands for fixed disks unless we are building for a 32 bit
13043 	 * kernel.
13044 	 */
13045 #ifdef _LP64
13046 	un->un_maxcdb = (ISREMOVABLE(un)) ? SD_CDB_GROUP5 : SD_CDB_GROUP4;
13047 #else
13048 	un->un_maxcdb = (ISREMOVABLE(un)) ? SD_CDB_GROUP5 : SD_CDB_GROUP1;
13049 #endif
13050 
13051 	/*
13052 	 * x86 systems require the PKT_DMA_PARTIAL flag
13053 	 */
13054 #if defined(__x86)
13055 	un->un_pkt_flags = PKT_DMA_PARTIAL;
13056 #else
13057 	un->un_pkt_flags = 0;
13058 #endif
13059 
13060 	un->un_status_len = (int)((un->un_f_arq_enabled == TRUE)
13061 	    ? sizeof (struct scsi_arq_status) : 1);
13062 	un->un_cmd_timeout = (ushort_t)sd_io_time;
13063 	un->un_uscsi_timeout = ((ISCD(un)) ? 2 : 1) * un->un_cmd_timeout;
13064 }
13065 
13066 
13067 /*
13068  *    Function: sd_initpkt_for_buf
13069  *
13070  * Description: Allocate and initialize for transport a scsi_pkt struct,
13071  *		based upon the info specified in the given buf struct.
13072  *
13073  *		Assumes the xb_blkno in the request is absolute (ie,
13074  *		relative to the start of the device (NOT partition!).
13075  *		Also assumes that the request is using the native block
13076  *		size of the device (as returned by the READ CAPACITY
13077  *		command).
13078  *
13079  * Return Code: SD_PKT_ALLOC_SUCCESS
13080  *		SD_PKT_ALLOC_FAILURE
13081  *		SD_PKT_ALLOC_FAILURE_NO_DMA
13082  *		SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13083  *
13084  *     Context: Kernel thread and may be called from software interrupt context
13085  *		as part of a sdrunout callback. This function may not block or
13086  *		call routines that block
13087  */
13088 
13089 static int
13090 sd_initpkt_for_buf(struct buf *bp, struct scsi_pkt **pktpp)
13091 {
13092 	struct sd_xbuf	*xp;
13093 	struct scsi_pkt *pktp = NULL;
13094 	struct sd_lun	*un;
13095 	size_t		blockcount;
13096 	daddr_t		startblock;
13097 	int		rval;
13098 	int		cmd_flags;
13099 
13100 	ASSERT(bp != NULL);
13101 	ASSERT(pktpp != NULL);
13102 	xp = SD_GET_XBUF(bp);
13103 	ASSERT(xp != NULL);
13104 	un = SD_GET_UN(bp);
13105 	ASSERT(un != NULL);
13106 	ASSERT(mutex_owned(SD_MUTEX(un)));
13107 	ASSERT(bp->b_resid == 0);
13108 
13109 	SD_TRACE(SD_LOG_IO_CORE, un,
13110 	    "sd_initpkt_for_buf: entry: buf:0x%p\n", bp);
13111 
13112 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13113 	if (xp->xb_pkt_flags & SD_XB_DMA_FREED) {
13114 		/*
13115 		 * Already have a scsi_pkt -- just need DMA resources.
13116 		 * We must recompute the CDB in case the mapping returns
13117 		 * a nonzero pkt_resid.
13118 		 * Note: if this is a portion of a PKT_DMA_PARTIAL transfer
13119 		 * that is being retried, the unmap/remap of the DMA resouces
13120 		 * will result in the entire transfer starting over again
13121 		 * from the very first block.
13122 		 */
13123 		ASSERT(xp->xb_pktp != NULL);
13124 		pktp = xp->xb_pktp;
13125 	} else {
13126 		pktp = NULL;
13127 	}
13128 #endif /* __i386 || __amd64 */
13129 
13130 	startblock = xp->xb_blkno;	/* Absolute block num. */
13131 	blockcount = SD_BYTES2TGTBLOCKS(un, bp->b_bcount);
13132 
13133 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13134 
13135 	cmd_flags = un->un_pkt_flags | (xp->xb_pkt_flags & SD_XB_INITPKT_MASK);
13136 
13137 #else
13138 
13139 	cmd_flags = un->un_pkt_flags | xp->xb_pkt_flags;
13140 
13141 #endif
13142 
13143 	/*
13144 	 * sd_setup_rw_pkt will determine the appropriate CDB group to use,
13145 	 * call scsi_init_pkt, and build the CDB.
13146 	 */
13147 	rval = sd_setup_rw_pkt(un, &pktp, bp,
13148 	    cmd_flags, sdrunout, (caddr_t)un,
13149 	    startblock, blockcount);
13150 
13151 	if (rval == 0) {
13152 		/*
13153 		 * Success.
13154 		 *
13155 		 * If partial DMA is being used and required for this transfer.
13156 		 * set it up here.
13157 		 */
13158 		if ((un->un_pkt_flags & PKT_DMA_PARTIAL) != 0 &&
13159 		    (pktp->pkt_resid != 0)) {
13160 
13161 			/*
13162 			 * Save the CDB length and pkt_resid for the
13163 			 * next xfer
13164 			 */
13165 			xp->xb_dma_resid = pktp->pkt_resid;
13166 
13167 			/* rezero resid */
13168 			pktp->pkt_resid = 0;
13169 
13170 		} else {
13171 			xp->xb_dma_resid = 0;
13172 		}
13173 
13174 		pktp->pkt_flags = un->un_tagflags;
13175 		pktp->pkt_time  = un->un_cmd_timeout;
13176 		pktp->pkt_comp  = sdintr;
13177 
13178 		pktp->pkt_private = bp;
13179 		*pktpp = pktp;
13180 
13181 		SD_TRACE(SD_LOG_IO_CORE, un,
13182 		    "sd_initpkt_for_buf: exit: buf:0x%p\n", bp);
13183 
13184 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13185 		xp->xb_pkt_flags &= ~SD_XB_DMA_FREED;
13186 #endif
13187 
13188 		return (SD_PKT_ALLOC_SUCCESS);
13189 
13190 	}
13191 
13192 	/*
13193 	 * SD_PKT_ALLOC_FAILURE is the only expected failure code
13194 	 * from sd_setup_rw_pkt.
13195 	 */
13196 	ASSERT(rval == SD_PKT_ALLOC_FAILURE);
13197 
13198 	if (rval == SD_PKT_ALLOC_FAILURE) {
13199 		*pktpp = NULL;
13200 		/*
13201 		 * Set the driver state to RWAIT to indicate the driver
13202 		 * is waiting on resource allocations. The driver will not
13203 		 * suspend, pm_suspend, or detatch while the state is RWAIT.
13204 		 */
13205 		New_state(un, SD_STATE_RWAIT);
13206 
13207 		SD_ERROR(SD_LOG_IO_CORE, un,
13208 		    "sd_initpkt_for_buf: No pktp. exit bp:0x%p\n", bp);
13209 
13210 		if ((bp->b_flags & B_ERROR) != 0) {
13211 			return (SD_PKT_ALLOC_FAILURE_NO_DMA);
13212 		}
13213 		return (SD_PKT_ALLOC_FAILURE);
13214 	} else {
13215 		/*
13216 		 * PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13217 		 *
13218 		 * This should never happen.  Maybe someone messed with the
13219 		 * kernel's minphys?
13220 		 */
13221 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13222 		    "Request rejected: too large for CDB: "
13223 		    "lba:0x%08lx  len:0x%08lx\n", startblock, blockcount);
13224 		SD_ERROR(SD_LOG_IO_CORE, un,
13225 		    "sd_initpkt_for_buf: No cp. exit bp:0x%p\n", bp);
13226 		return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13227 
13228 	}
13229 }
13230 
13231 
13232 /*
13233  *    Function: sd_destroypkt_for_buf
13234  *
13235  * Description: Free the scsi_pkt(9S) for the given bp (buf IO processing).
13236  *
13237  *     Context: Kernel thread or interrupt context
13238  */
13239 
13240 static void
13241 sd_destroypkt_for_buf(struct buf *bp)
13242 {
13243 	ASSERT(bp != NULL);
13244 	ASSERT(SD_GET_UN(bp) != NULL);
13245 
13246 	SD_TRACE(SD_LOG_IO_CORE, SD_GET_UN(bp),
13247 	    "sd_destroypkt_for_buf: entry: buf:0x%p\n", bp);
13248 
13249 	ASSERT(SD_GET_PKTP(bp) != NULL);
13250 	scsi_destroy_pkt(SD_GET_PKTP(bp));
13251 
13252 	SD_TRACE(SD_LOG_IO_CORE, SD_GET_UN(bp),
13253 	    "sd_destroypkt_for_buf: exit: buf:0x%p\n", bp);
13254 }
13255 
13256 /*
13257  *    Function: sd_setup_rw_pkt
13258  *
13259  * Description: Determines appropriate CDB group for the requested LBA
13260  *		and transfer length, calls scsi_init_pkt, and builds
13261  *		the CDB.  Do not use for partial DMA transfers except
13262  *		for the initial transfer since the CDB size must
13263  *		remain constant.
13264  *
13265  *     Context: Kernel thread and may be called from software interrupt
13266  *		context as part of a sdrunout callback. This function may not
13267  *		block or call routines that block
13268  */
13269 
13270 
13271 int
13272 sd_setup_rw_pkt(struct sd_lun *un,
13273     struct scsi_pkt **pktpp, struct buf *bp, int flags,
13274     int (*callback)(caddr_t), caddr_t callback_arg,
13275     diskaddr_t lba, uint32_t blockcount)
13276 {
13277 	struct scsi_pkt *return_pktp;
13278 	union scsi_cdb *cdbp;
13279 	struct sd_cdbinfo *cp = NULL;
13280 	int i;
13281 
13282 	/*
13283 	 * See which size CDB to use, based upon the request.
13284 	 */
13285 	for (i = un->un_mincdb; i <= un->un_maxcdb; i++) {
13286 
13287 		/*
13288 		 * Check lba and block count against sd_cdbtab limits.
13289 		 * In the partial DMA case, we have to use the same size
13290 		 * CDB for all the transfers.  Check lba + blockcount
13291 		 * against the max LBA so we know that segment of the
13292 		 * transfer can use the CDB we select.
13293 		 */
13294 		if ((lba + blockcount - 1 <= sd_cdbtab[i].sc_maxlba) &&
13295 		    (blockcount <= sd_cdbtab[i].sc_maxlen)) {
13296 
13297 			/*
13298 			 * The command will fit into the CDB type
13299 			 * specified by sd_cdbtab[i].
13300 			 */
13301 			cp = sd_cdbtab + i;
13302 
13303 			/*
13304 			 * Call scsi_init_pkt so we can fill in the
13305 			 * CDB.
13306 			 */
13307 			return_pktp = scsi_init_pkt(SD_ADDRESS(un), *pktpp,
13308 			    bp, cp->sc_grpcode, un->un_status_len, 0,
13309 			    flags, callback, callback_arg);
13310 
13311 			if (return_pktp != NULL) {
13312 
13313 				/*
13314 				 * Return new value of pkt
13315 				 */
13316 				*pktpp = return_pktp;
13317 
13318 				/*
13319 				 * To be safe, zero the CDB insuring there is
13320 				 * no leftover data from a previous command.
13321 				 */
13322 				bzero(return_pktp->pkt_cdbp, cp->sc_grpcode);
13323 
13324 				/*
13325 				 * Handle partial DMA mapping
13326 				 */
13327 				if (return_pktp->pkt_resid != 0) {
13328 
13329 					/*
13330 					 * Not going to xfer as many blocks as
13331 					 * originally expected
13332 					 */
13333 					blockcount -=
13334 					    SD_BYTES2TGTBLOCKS(un,
13335 						return_pktp->pkt_resid);
13336 				}
13337 
13338 				cdbp = (union scsi_cdb *)return_pktp->pkt_cdbp;
13339 
13340 				/*
13341 				 * Set command byte based on the CDB
13342 				 * type we matched.
13343 				 */
13344 				cdbp->scc_cmd = cp->sc_grpmask |
13345 				    ((bp->b_flags & B_READ) ?
13346 					SCMD_READ : SCMD_WRITE);
13347 
13348 				SD_FILL_SCSI1_LUN(un, return_pktp);
13349 
13350 				/*
13351 				 * Fill in LBA and length
13352 				 */
13353 				ASSERT((cp->sc_grpcode == CDB_GROUP1) ||
13354 				    (cp->sc_grpcode == CDB_GROUP4) ||
13355 				    (cp->sc_grpcode == CDB_GROUP0) ||
13356 				    (cp->sc_grpcode == CDB_GROUP5));
13357 
13358 				if (cp->sc_grpcode == CDB_GROUP1) {
13359 					FORMG1ADDR(cdbp, lba);
13360 					FORMG1COUNT(cdbp, blockcount);
13361 					return (0);
13362 				} else if (cp->sc_grpcode == CDB_GROUP4) {
13363 					FORMG4LONGADDR(cdbp, lba);
13364 					FORMG4COUNT(cdbp, blockcount);
13365 					return (0);
13366 				} else if (cp->sc_grpcode == CDB_GROUP0) {
13367 					FORMG0ADDR(cdbp, lba);
13368 					FORMG0COUNT(cdbp, blockcount);
13369 					return (0);
13370 				} else if (cp->sc_grpcode == CDB_GROUP5) {
13371 					FORMG5ADDR(cdbp, lba);
13372 					FORMG5COUNT(cdbp, blockcount);
13373 					return (0);
13374 				}
13375 
13376 				/*
13377 				 * It should be impossible to not match one
13378 				 * of the CDB types above, so we should never
13379 				 * reach this point.  Set the CDB command byte
13380 				 * to test-unit-ready to avoid writing
13381 				 * to somewhere we don't intend.
13382 				 */
13383 				cdbp->scc_cmd = SCMD_TEST_UNIT_READY;
13384 				return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13385 			} else {
13386 				/*
13387 				 * Couldn't get scsi_pkt
13388 				 */
13389 				return (SD_PKT_ALLOC_FAILURE);
13390 			}
13391 		}
13392 	}
13393 
13394 	/*
13395 	 * None of the available CDB types were suitable.  This really
13396 	 * should never happen:  on a 64 bit system we support
13397 	 * READ16/WRITE16 which will hold an entire 64 bit disk address
13398 	 * and on a 32 bit system we will refuse to bind to a device
13399 	 * larger than 2TB so addresses will never be larger than 32 bits.
13400 	 */
13401 	return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13402 }
13403 
13404 #if defined(__i386) || defined(__amd64)
13405 /*
13406  *    Function: sd_setup_next_rw_pkt
13407  *
13408  * Description: Setup packet for partial DMA transfers, except for the
13409  * 		initial transfer.  sd_setup_rw_pkt should be used for
13410  *		the initial transfer.
13411  *
13412  *     Context: Kernel thread and may be called from interrupt context.
13413  */
13414 
13415 int
13416 sd_setup_next_rw_pkt(struct sd_lun *un,
13417     struct scsi_pkt *pktp, struct buf *bp,
13418     diskaddr_t lba, uint32_t blockcount)
13419 {
13420 	uchar_t com;
13421 	union scsi_cdb *cdbp;
13422 	uchar_t cdb_group_id;
13423 
13424 	ASSERT(pktp != NULL);
13425 	ASSERT(pktp->pkt_cdbp != NULL);
13426 
13427 	cdbp = (union scsi_cdb *)pktp->pkt_cdbp;
13428 	com = cdbp->scc_cmd;
13429 	cdb_group_id = CDB_GROUPID(com);
13430 
13431 	ASSERT((cdb_group_id == CDB_GROUPID_0) ||
13432 	    (cdb_group_id == CDB_GROUPID_1) ||
13433 	    (cdb_group_id == CDB_GROUPID_4) ||
13434 	    (cdb_group_id == CDB_GROUPID_5));
13435 
13436 	/*
13437 	 * Move pkt to the next portion of the xfer.
13438 	 * func is NULL_FUNC so we do not have to release
13439 	 * the disk mutex here.
13440 	 */
13441 	if (scsi_init_pkt(SD_ADDRESS(un), pktp, bp, 0, 0, 0, 0,
13442 	    NULL_FUNC, NULL) == pktp) {
13443 		/* Success.  Handle partial DMA */
13444 		if (pktp->pkt_resid != 0) {
13445 			blockcount -=
13446 			    SD_BYTES2TGTBLOCKS(un, pktp->pkt_resid);
13447 		}
13448 
13449 		cdbp->scc_cmd = com;
13450 		SD_FILL_SCSI1_LUN(un, pktp);
13451 		if (cdb_group_id == CDB_GROUPID_1) {
13452 			FORMG1ADDR(cdbp, lba);
13453 			FORMG1COUNT(cdbp, blockcount);
13454 			return (0);
13455 		} else if (cdb_group_id == CDB_GROUPID_4) {
13456 			FORMG4LONGADDR(cdbp, lba);
13457 			FORMG4COUNT(cdbp, blockcount);
13458 			return (0);
13459 		} else if (cdb_group_id == CDB_GROUPID_0) {
13460 			FORMG0ADDR(cdbp, lba);
13461 			FORMG0COUNT(cdbp, blockcount);
13462 			return (0);
13463 		} else if (cdb_group_id == CDB_GROUPID_5) {
13464 			FORMG5ADDR(cdbp, lba);
13465 			FORMG5COUNT(cdbp, blockcount);
13466 			return (0);
13467 		}
13468 
13469 		/* Unreachable */
13470 		return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13471 	}
13472 
13473 	/*
13474 	 * Error setting up next portion of cmd transfer.
13475 	 * Something is definitely very wrong and this
13476 	 * should not happen.
13477 	 */
13478 	return (SD_PKT_ALLOC_FAILURE);
13479 }
13480 #endif /* defined(__i386) || defined(__amd64) */
13481 
13482 /*
13483  *    Function: sd_initpkt_for_uscsi
13484  *
13485  * Description: Allocate and initialize for transport a scsi_pkt struct,
13486  *		based upon the info specified in the given uscsi_cmd struct.
13487  *
13488  * Return Code: SD_PKT_ALLOC_SUCCESS
13489  *		SD_PKT_ALLOC_FAILURE
13490  *		SD_PKT_ALLOC_FAILURE_NO_DMA
13491  *		SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13492  *
13493  *     Context: Kernel thread and may be called from software interrupt context
13494  *		as part of a sdrunout callback. This function may not block or
13495  *		call routines that block
13496  */
13497 
13498 static int
13499 sd_initpkt_for_uscsi(struct buf *bp, struct scsi_pkt **pktpp)
13500 {
13501 	struct uscsi_cmd *uscmd;
13502 	struct sd_xbuf	*xp;
13503 	struct scsi_pkt	*pktp;
13504 	struct sd_lun	*un;
13505 	uint32_t	flags = 0;
13506 
13507 	ASSERT(bp != NULL);
13508 	ASSERT(pktpp != NULL);
13509 	xp = SD_GET_XBUF(bp);
13510 	ASSERT(xp != NULL);
13511 	un = SD_GET_UN(bp);
13512 	ASSERT(un != NULL);
13513 	ASSERT(mutex_owned(SD_MUTEX(un)));
13514 
13515 	/* The pointer to the uscsi_cmd struct is expected in xb_pktinfo */
13516 	uscmd = (struct uscsi_cmd *)xp->xb_pktinfo;
13517 	ASSERT(uscmd != NULL);
13518 
13519 	SD_TRACE(SD_LOG_IO_CORE, un,
13520 	    "sd_initpkt_for_uscsi: entry: buf:0x%p\n", bp);
13521 
13522 	/*
13523 	 * Allocate the scsi_pkt for the command.
13524 	 * Note: If PKT_DMA_PARTIAL flag is set, scsi_vhci binds a path
13525 	 *	 during scsi_init_pkt time and will continue to use the
13526 	 *	 same path as long as the same scsi_pkt is used without
13527 	 *	 intervening scsi_dma_free(). Since uscsi command does
13528 	 *	 not call scsi_dmafree() before retry failed command, it
13529 	 *	 is necessary to make sure PKT_DMA_PARTIAL flag is NOT
13530 	 *	 set such that scsi_vhci can use other available path for
13531 	 *	 retry. Besides, ucsci command does not allow DMA breakup,
13532 	 *	 so there is no need to set PKT_DMA_PARTIAL flag.
13533 	 */
13534 	pktp = scsi_init_pkt(SD_ADDRESS(un), NULL,
13535 	    ((bp->b_bcount != 0) ? bp : NULL), uscmd->uscsi_cdblen,
13536 	    sizeof (struct scsi_arq_status), 0,
13537 	    (un->un_pkt_flags & ~PKT_DMA_PARTIAL),
13538 	    sdrunout, (caddr_t)un);
13539 
13540 	if (pktp == NULL) {
13541 		*pktpp = NULL;
13542 		/*
13543 		 * Set the driver state to RWAIT to indicate the driver
13544 		 * is waiting on resource allocations. The driver will not
13545 		 * suspend, pm_suspend, or detatch while the state is RWAIT.
13546 		 */
13547 		New_state(un, SD_STATE_RWAIT);
13548 
13549 		SD_ERROR(SD_LOG_IO_CORE, un,
13550 		    "sd_initpkt_for_uscsi: No pktp. exit bp:0x%p\n", bp);
13551 
13552 		if ((bp->b_flags & B_ERROR) != 0) {
13553 			return (SD_PKT_ALLOC_FAILURE_NO_DMA);
13554 		}
13555 		return (SD_PKT_ALLOC_FAILURE);
13556 	}
13557 
13558 	/*
13559 	 * We do not do DMA breakup for USCSI commands, so return failure
13560 	 * here if all the needed DMA resources were not allocated.
13561 	 */
13562 	if ((un->un_pkt_flags & PKT_DMA_PARTIAL) &&
13563 	    (bp->b_bcount != 0) && (pktp->pkt_resid != 0)) {
13564 		scsi_destroy_pkt(pktp);
13565 		SD_ERROR(SD_LOG_IO_CORE, un, "sd_initpkt_for_uscsi: "
13566 		    "No partial DMA for USCSI. exit: buf:0x%p\n", bp);
13567 		return (SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL);
13568 	}
13569 
13570 	/* Init the cdb from the given uscsi struct */
13571 	(void) scsi_setup_cdb((union scsi_cdb *)pktp->pkt_cdbp,
13572 	    uscmd->uscsi_cdb[0], 0, 0, 0);
13573 
13574 	SD_FILL_SCSI1_LUN(un, pktp);
13575 
13576 	/*
13577 	 * Set up the optional USCSI flags. See the uscsi (7I) man page
13578 	 * for listing of the supported flags.
13579 	 */
13580 
13581 	if (uscmd->uscsi_flags & USCSI_SILENT) {
13582 		flags |= FLAG_SILENT;
13583 	}
13584 
13585 	if (uscmd->uscsi_flags & USCSI_DIAGNOSE) {
13586 		flags |= FLAG_DIAGNOSE;
13587 	}
13588 
13589 	if (uscmd->uscsi_flags & USCSI_ISOLATE) {
13590 		flags |= FLAG_ISOLATE;
13591 	}
13592 
13593 	if (un->un_f_is_fibre == FALSE) {
13594 		if (uscmd->uscsi_flags & USCSI_RENEGOT) {
13595 			flags |= FLAG_RENEGOTIATE_WIDE_SYNC;
13596 		}
13597 	}
13598 
13599 	/*
13600 	 * Set the pkt flags here so we save time later.
13601 	 * Note: These flags are NOT in the uscsi man page!!!
13602 	 */
13603 	if (uscmd->uscsi_flags & USCSI_HEAD) {
13604 		flags |= FLAG_HEAD;
13605 	}
13606 
13607 	if (uscmd->uscsi_flags & USCSI_NOINTR) {
13608 		flags |= FLAG_NOINTR;
13609 	}
13610 
13611 	/*
13612 	 * For tagged queueing, things get a bit complicated.
13613 	 * Check first for head of queue and last for ordered queue.
13614 	 * If neither head nor order, use the default driver tag flags.
13615 	 */
13616 	if ((uscmd->uscsi_flags & USCSI_NOTAG) == 0) {
13617 		if (uscmd->uscsi_flags & USCSI_HTAG) {
13618 			flags |= FLAG_HTAG;
13619 		} else if (uscmd->uscsi_flags & USCSI_OTAG) {
13620 			flags |= FLAG_OTAG;
13621 		} else {
13622 			flags |= un->un_tagflags & FLAG_TAGMASK;
13623 		}
13624 	}
13625 
13626 	if (uscmd->uscsi_flags & USCSI_NODISCON) {
13627 		flags = (flags & ~FLAG_TAGMASK) | FLAG_NODISCON;
13628 	}
13629 
13630 	pktp->pkt_flags = flags;
13631 
13632 	/* Copy the caller's CDB into the pkt... */
13633 	bcopy(uscmd->uscsi_cdb, pktp->pkt_cdbp, uscmd->uscsi_cdblen);
13634 
13635 	if (uscmd->uscsi_timeout == 0) {
13636 		pktp->pkt_time = un->un_uscsi_timeout;
13637 	} else {
13638 		pktp->pkt_time = uscmd->uscsi_timeout;
13639 	}
13640 
13641 	/* need it later to identify USCSI request in sdintr */
13642 	xp->xb_pkt_flags |= SD_XB_USCSICMD;
13643 
13644 	xp->xb_sense_resid = uscmd->uscsi_rqresid;
13645 
13646 	pktp->pkt_private = bp;
13647 	pktp->pkt_comp = sdintr;
13648 	*pktpp = pktp;
13649 
13650 	SD_TRACE(SD_LOG_IO_CORE, un,
13651 	    "sd_initpkt_for_uscsi: exit: buf:0x%p\n", bp);
13652 
13653 	return (SD_PKT_ALLOC_SUCCESS);
13654 }
13655 
13656 
13657 /*
13658  *    Function: sd_destroypkt_for_uscsi
13659  *
13660  * Description: Free the scsi_pkt(9S) struct for the given bp, for uscsi
13661  *		IOs.. Also saves relevant info into the associated uscsi_cmd
13662  *		struct.
13663  *
13664  *     Context: May be called under interrupt context
13665  */
13666 
13667 static void
13668 sd_destroypkt_for_uscsi(struct buf *bp)
13669 {
13670 	struct uscsi_cmd *uscmd;
13671 	struct sd_xbuf	*xp;
13672 	struct scsi_pkt	*pktp;
13673 	struct sd_lun	*un;
13674 
13675 	ASSERT(bp != NULL);
13676 	xp = SD_GET_XBUF(bp);
13677 	ASSERT(xp != NULL);
13678 	un = SD_GET_UN(bp);
13679 	ASSERT(un != NULL);
13680 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13681 	pktp = SD_GET_PKTP(bp);
13682 	ASSERT(pktp != NULL);
13683 
13684 	SD_TRACE(SD_LOG_IO_CORE, un,
13685 	    "sd_destroypkt_for_uscsi: entry: buf:0x%p\n", bp);
13686 
13687 	/* The pointer to the uscsi_cmd struct is expected in xb_pktinfo */
13688 	uscmd = (struct uscsi_cmd *)xp->xb_pktinfo;
13689 	ASSERT(uscmd != NULL);
13690 
13691 	/* Save the status and the residual into the uscsi_cmd struct */
13692 	uscmd->uscsi_status = ((*(pktp)->pkt_scbp) & STATUS_MASK);
13693 	uscmd->uscsi_resid  = bp->b_resid;
13694 
13695 	/*
13696 	 * If enabled, copy any saved sense data into the area specified
13697 	 * by the uscsi command.
13698 	 */
13699 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
13700 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
13701 		/*
13702 		 * Note: uscmd->uscsi_rqbuf should always point to a buffer
13703 		 * at least SENSE_LENGTH bytes in size (see sd_send_scsi_cmd())
13704 		 */
13705 		uscmd->uscsi_rqstatus = xp->xb_sense_status;
13706 		uscmd->uscsi_rqresid  = xp->xb_sense_resid;
13707 		bcopy(xp->xb_sense_data, uscmd->uscsi_rqbuf, SENSE_LENGTH);
13708 	}
13709 
13710 	/* We are done with the scsi_pkt; free it now */
13711 	ASSERT(SD_GET_PKTP(bp) != NULL);
13712 	scsi_destroy_pkt(SD_GET_PKTP(bp));
13713 
13714 	SD_TRACE(SD_LOG_IO_CORE, un,
13715 	    "sd_destroypkt_for_uscsi: exit: buf:0x%p\n", bp);
13716 }
13717 
13718 
13719 /*
13720  *    Function: sd_bioclone_alloc
13721  *
13722  * Description: Allocate a buf(9S) and init it as per the given buf
13723  *		and the various arguments.  The associated sd_xbuf
13724  *		struct is (nearly) duplicated.  The struct buf *bp
13725  *		argument is saved in new_xp->xb_private.
13726  *
13727  *   Arguments: bp - ptr the the buf(9S) to be "shadowed"
13728  *		datalen - size of data area for the shadow bp
13729  *		blkno - starting LBA
13730  *		func - function pointer for b_iodone in the shadow buf. (May
13731  *			be NULL if none.)
13732  *
13733  * Return Code: Pointer to allocates buf(9S) struct
13734  *
13735  *     Context: Can sleep.
13736  */
13737 
13738 static struct buf *
13739 sd_bioclone_alloc(struct buf *bp, size_t datalen,
13740 	daddr_t blkno, int (*func)(struct buf *))
13741 {
13742 	struct	sd_lun	*un;
13743 	struct	sd_xbuf	*xp;
13744 	struct	sd_xbuf	*new_xp;
13745 	struct	buf	*new_bp;
13746 
13747 	ASSERT(bp != NULL);
13748 	xp = SD_GET_XBUF(bp);
13749 	ASSERT(xp != NULL);
13750 	un = SD_GET_UN(bp);
13751 	ASSERT(un != NULL);
13752 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13753 
13754 	new_bp = bioclone(bp, 0, datalen, SD_GET_DEV(un), blkno, func,
13755 	    NULL, KM_SLEEP);
13756 
13757 	new_bp->b_lblkno	= blkno;
13758 
13759 	/*
13760 	 * Allocate an xbuf for the shadow bp and copy the contents of the
13761 	 * original xbuf into it.
13762 	 */
13763 	new_xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
13764 	bcopy(xp, new_xp, sizeof (struct sd_xbuf));
13765 
13766 	/*
13767 	 * The given bp is automatically saved in the xb_private member
13768 	 * of the new xbuf.  Callers are allowed to depend on this.
13769 	 */
13770 	new_xp->xb_private = bp;
13771 
13772 	new_bp->b_private  = new_xp;
13773 
13774 	return (new_bp);
13775 }
13776 
13777 /*
13778  *    Function: sd_shadow_buf_alloc
13779  *
13780  * Description: Allocate a buf(9S) and init it as per the given buf
13781  *		and the various arguments.  The associated sd_xbuf
13782  *		struct is (nearly) duplicated.  The struct buf *bp
13783  *		argument is saved in new_xp->xb_private.
13784  *
13785  *   Arguments: bp - ptr the the buf(9S) to be "shadowed"
13786  *		datalen - size of data area for the shadow bp
13787  *		bflags - B_READ or B_WRITE (pseudo flag)
13788  *		blkno - starting LBA
13789  *		func - function pointer for b_iodone in the shadow buf. (May
13790  *			be NULL if none.)
13791  *
13792  * Return Code: Pointer to allocates buf(9S) struct
13793  *
13794  *     Context: Can sleep.
13795  */
13796 
13797 static struct buf *
13798 sd_shadow_buf_alloc(struct buf *bp, size_t datalen, uint_t bflags,
13799 	daddr_t blkno, int (*func)(struct buf *))
13800 {
13801 	struct	sd_lun	*un;
13802 	struct	sd_xbuf	*xp;
13803 	struct	sd_xbuf	*new_xp;
13804 	struct	buf	*new_bp;
13805 
13806 	ASSERT(bp != NULL);
13807 	xp = SD_GET_XBUF(bp);
13808 	ASSERT(xp != NULL);
13809 	un = SD_GET_UN(bp);
13810 	ASSERT(un != NULL);
13811 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13812 
13813 	if (bp->b_flags & (B_PAGEIO | B_PHYS)) {
13814 		bp_mapin(bp);
13815 	}
13816 
13817 	bflags &= (B_READ | B_WRITE);
13818 #if defined(__i386) || defined(__amd64)
13819 	new_bp = getrbuf(KM_SLEEP);
13820 	new_bp->b_un.b_addr = kmem_zalloc(datalen, KM_SLEEP);
13821 	new_bp->b_bcount = datalen;
13822 	new_bp->b_flags	= bp->b_flags | bflags;
13823 #else
13824 	new_bp = scsi_alloc_consistent_buf(SD_ADDRESS(un), NULL,
13825 	    datalen, bflags, SLEEP_FUNC, NULL);
13826 #endif
13827 	new_bp->av_forw	= NULL;
13828 	new_bp->av_back	= NULL;
13829 	new_bp->b_dev	= bp->b_dev;
13830 	new_bp->b_blkno	= blkno;
13831 	new_bp->b_iodone = func;
13832 	new_bp->b_edev	= bp->b_edev;
13833 	new_bp->b_resid	= 0;
13834 
13835 	/* We need to preserve the B_FAILFAST flag */
13836 	if (bp->b_flags & B_FAILFAST) {
13837 		new_bp->b_flags |= B_FAILFAST;
13838 	}
13839 
13840 	/*
13841 	 * Allocate an xbuf for the shadow bp and copy the contents of the
13842 	 * original xbuf into it.
13843 	 */
13844 	new_xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
13845 	bcopy(xp, new_xp, sizeof (struct sd_xbuf));
13846 
13847 	/* Need later to copy data between the shadow buf & original buf! */
13848 	new_xp->xb_pkt_flags |= PKT_CONSISTENT;
13849 
13850 	/*
13851 	 * The given bp is automatically saved in the xb_private member
13852 	 * of the new xbuf.  Callers are allowed to depend on this.
13853 	 */
13854 	new_xp->xb_private = bp;
13855 
13856 	new_bp->b_private  = new_xp;
13857 
13858 	return (new_bp);
13859 }
13860 
13861 /*
13862  *    Function: sd_bioclone_free
13863  *
13864  * Description: Deallocate a buf(9S) that was used for 'shadow' IO operations
13865  *		in the larger than partition operation.
13866  *
13867  *     Context: May be called under interrupt context
13868  */
13869 
13870 static void
13871 sd_bioclone_free(struct buf *bp)
13872 {
13873 	struct sd_xbuf	*xp;
13874 
13875 	ASSERT(bp != NULL);
13876 	xp = SD_GET_XBUF(bp);
13877 	ASSERT(xp != NULL);
13878 
13879 	/*
13880 	 * Call bp_mapout() before freeing the buf,  in case a lower
13881 	 * layer or HBA  had done a bp_mapin().  we must do this here
13882 	 * as we are the "originator" of the shadow buf.
13883 	 */
13884 	bp_mapout(bp);
13885 
13886 	/*
13887 	 * Null out b_iodone before freeing the bp, to ensure that the driver
13888 	 * never gets confused by a stale value in this field. (Just a little
13889 	 * extra defensiveness here.)
13890 	 */
13891 	bp->b_iodone = NULL;
13892 
13893 	freerbuf(bp);
13894 
13895 	kmem_free(xp, sizeof (struct sd_xbuf));
13896 }
13897 
13898 /*
13899  *    Function: sd_shadow_buf_free
13900  *
13901  * Description: Deallocate a buf(9S) that was used for 'shadow' IO operations.
13902  *
13903  *     Context: May be called under interrupt context
13904  */
13905 
13906 static void
13907 sd_shadow_buf_free(struct buf *bp)
13908 {
13909 	struct sd_xbuf	*xp;
13910 
13911 	ASSERT(bp != NULL);
13912 	xp = SD_GET_XBUF(bp);
13913 	ASSERT(xp != NULL);
13914 
13915 #if defined(__sparc)
13916 	/*
13917 	 * Call bp_mapout() before freeing the buf,  in case a lower
13918 	 * layer or HBA  had done a bp_mapin().  we must do this here
13919 	 * as we are the "originator" of the shadow buf.
13920 	 */
13921 	bp_mapout(bp);
13922 #endif
13923 
13924 	/*
13925 	 * Null out b_iodone before freeing the bp, to ensure that the driver
13926 	 * never gets confused by a stale value in this field. (Just a little
13927 	 * extra defensiveness here.)
13928 	 */
13929 	bp->b_iodone = NULL;
13930 
13931 #if defined(__i386) || defined(__amd64)
13932 	kmem_free(bp->b_un.b_addr, bp->b_bcount);
13933 	freerbuf(bp);
13934 #else
13935 	scsi_free_consistent_buf(bp);
13936 #endif
13937 
13938 	kmem_free(xp, sizeof (struct sd_xbuf));
13939 }
13940 
13941 
13942 /*
13943  *    Function: sd_print_transport_rejected_message
13944  *
13945  * Description: This implements the ludicrously complex rules for printing
13946  *		a "transport rejected" message.  This is to address the
13947  *		specific problem of having a flood of this error message
13948  *		produced when a failover occurs.
13949  *
13950  *     Context: Any.
13951  */
13952 
13953 static void
13954 sd_print_transport_rejected_message(struct sd_lun *un, struct sd_xbuf *xp,
13955 	int code)
13956 {
13957 	ASSERT(un != NULL);
13958 	ASSERT(mutex_owned(SD_MUTEX(un)));
13959 	ASSERT(xp != NULL);
13960 
13961 	/*
13962 	 * Print the "transport rejected" message under the following
13963 	 * conditions:
13964 	 *
13965 	 * - Whenever the SD_LOGMASK_DIAG bit of sd_level_mask is set
13966 	 * - The error code from scsi_transport() is NOT a TRAN_FATAL_ERROR.
13967 	 * - If the error code IS a TRAN_FATAL_ERROR, then the message is
13968 	 *   printed the FIRST time a TRAN_FATAL_ERROR is returned from
13969 	 *   scsi_transport(9F) (which indicates that the target might have
13970 	 *   gone off-line).  This uses the un->un_tran_fatal_count
13971 	 *   count, which is incremented whenever a TRAN_FATAL_ERROR is
13972 	 *   received, and reset to zero whenver a TRAN_ACCEPT is returned
13973 	 *   from scsi_transport().
13974 	 *
13975 	 * The FLAG_SILENT in the scsi_pkt must be CLEARED in ALL of
13976 	 * the preceeding cases in order for the message to be printed.
13977 	 */
13978 	if ((xp->xb_pktp->pkt_flags & FLAG_SILENT) == 0) {
13979 		if ((sd_level_mask & SD_LOGMASK_DIAG) ||
13980 		    (code != TRAN_FATAL_ERROR) ||
13981 		    (un->un_tran_fatal_count == 1)) {
13982 			switch (code) {
13983 			case TRAN_BADPKT:
13984 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13985 				    "transport rejected bad packet\n");
13986 				break;
13987 			case TRAN_FATAL_ERROR:
13988 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13989 				    "transport rejected fatal error\n");
13990 				break;
13991 			default:
13992 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13993 				    "transport rejected (%d)\n", code);
13994 				break;
13995 			}
13996 		}
13997 	}
13998 }
13999 
14000 
14001 /*
14002  *    Function: sd_add_buf_to_waitq
14003  *
14004  * Description: Add the given buf(9S) struct to the wait queue for the
14005  *		instance.  If sorting is enabled, then the buf is added
14006  *		to the queue via an elevator sort algorithm (a la
14007  *		disksort(9F)).  The SD_GET_BLKNO(bp) is used as the sort key.
14008  *		If sorting is not enabled, then the buf is just added
14009  *		to the end of the wait queue.
14010  *
14011  * Return Code: void
14012  *
14013  *     Context: Does not sleep/block, therefore technically can be called
14014  *		from any context.  However if sorting is enabled then the
14015  *		execution time is indeterminate, and may take long if
14016  *		the wait queue grows large.
14017  */
14018 
14019 static void
14020 sd_add_buf_to_waitq(struct sd_lun *un, struct buf *bp)
14021 {
14022 	struct buf *ap;
14023 
14024 	ASSERT(bp != NULL);
14025 	ASSERT(un != NULL);
14026 	ASSERT(mutex_owned(SD_MUTEX(un)));
14027 
14028 	/* If the queue is empty, add the buf as the only entry & return. */
14029 	if (un->un_waitq_headp == NULL) {
14030 		ASSERT(un->un_waitq_tailp == NULL);
14031 		un->un_waitq_headp = un->un_waitq_tailp = bp;
14032 		bp->av_forw = NULL;
14033 		return;
14034 	}
14035 
14036 	ASSERT(un->un_waitq_tailp != NULL);
14037 
14038 	/*
14039 	 * If sorting is disabled, just add the buf to the tail end of
14040 	 * the wait queue and return.
14041 	 */
14042 	if (un->un_f_disksort_disabled) {
14043 		un->un_waitq_tailp->av_forw = bp;
14044 		un->un_waitq_tailp = bp;
14045 		bp->av_forw = NULL;
14046 		return;
14047 	}
14048 
14049 	/*
14050 	 * Sort thru the list of requests currently on the wait queue
14051 	 * and add the new buf request at the appropriate position.
14052 	 *
14053 	 * The un->un_waitq_headp is an activity chain pointer on which
14054 	 * we keep two queues, sorted in ascending SD_GET_BLKNO() order. The
14055 	 * first queue holds those requests which are positioned after
14056 	 * the current SD_GET_BLKNO() (in the first request); the second holds
14057 	 * requests which came in after their SD_GET_BLKNO() number was passed.
14058 	 * Thus we implement a one way scan, retracting after reaching
14059 	 * the end of the drive to the first request on the second
14060 	 * queue, at which time it becomes the first queue.
14061 	 * A one-way scan is natural because of the way UNIX read-ahead
14062 	 * blocks are allocated.
14063 	 *
14064 	 * If we lie after the first request, then we must locate the
14065 	 * second request list and add ourselves to it.
14066 	 */
14067 	ap = un->un_waitq_headp;
14068 	if (SD_GET_BLKNO(bp) < SD_GET_BLKNO(ap)) {
14069 		while (ap->av_forw != NULL) {
14070 			/*
14071 			 * Look for an "inversion" in the (normally
14072 			 * ascending) block numbers. This indicates
14073 			 * the start of the second request list.
14074 			 */
14075 			if (SD_GET_BLKNO(ap->av_forw) < SD_GET_BLKNO(ap)) {
14076 				/*
14077 				 * Search the second request list for the
14078 				 * first request at a larger block number.
14079 				 * We go before that; however if there is
14080 				 * no such request, we go at the end.
14081 				 */
14082 				do {
14083 					if (SD_GET_BLKNO(bp) <
14084 					    SD_GET_BLKNO(ap->av_forw)) {
14085 						goto insert;
14086 					}
14087 					ap = ap->av_forw;
14088 				} while (ap->av_forw != NULL);
14089 				goto insert;		/* after last */
14090 			}
14091 			ap = ap->av_forw;
14092 		}
14093 
14094 		/*
14095 		 * No inversions... we will go after the last, and
14096 		 * be the first request in the second request list.
14097 		 */
14098 		goto insert;
14099 	}
14100 
14101 	/*
14102 	 * Request is at/after the current request...
14103 	 * sort in the first request list.
14104 	 */
14105 	while (ap->av_forw != NULL) {
14106 		/*
14107 		 * We want to go after the current request (1) if
14108 		 * there is an inversion after it (i.e. it is the end
14109 		 * of the first request list), or (2) if the next
14110 		 * request is a larger block no. than our request.
14111 		 */
14112 		if ((SD_GET_BLKNO(ap->av_forw) < SD_GET_BLKNO(ap)) ||
14113 		    (SD_GET_BLKNO(bp) < SD_GET_BLKNO(ap->av_forw))) {
14114 			goto insert;
14115 		}
14116 		ap = ap->av_forw;
14117 	}
14118 
14119 	/*
14120 	 * Neither a second list nor a larger request, therefore
14121 	 * we go at the end of the first list (which is the same
14122 	 * as the end of the whole schebang).
14123 	 */
14124 insert:
14125 	bp->av_forw = ap->av_forw;
14126 	ap->av_forw = bp;
14127 
14128 	/*
14129 	 * If we inserted onto the tail end of the waitq, make sure the
14130 	 * tail pointer is updated.
14131 	 */
14132 	if (ap == un->un_waitq_tailp) {
14133 		un->un_waitq_tailp = bp;
14134 	}
14135 }
14136 
14137 
14138 /*
14139  *    Function: sd_start_cmds
14140  *
14141  * Description: Remove and transport cmds from the driver queues.
14142  *
14143  *   Arguments: un - pointer to the unit (soft state) struct for the target.
14144  *
14145  *		immed_bp - ptr to a buf to be transported immediately. Only
14146  *		the immed_bp is transported; bufs on the waitq are not
14147  *		processed and the un_retry_bp is not checked.  If immed_bp is
14148  *		NULL, then normal queue processing is performed.
14149  *
14150  *     Context: May be called from kernel thread context, interrupt context,
14151  *		or runout callback context. This function may not block or
14152  *		call routines that block.
14153  */
14154 
14155 static void
14156 sd_start_cmds(struct sd_lun *un, struct buf *immed_bp)
14157 {
14158 	struct	sd_xbuf	*xp;
14159 	struct	buf	*bp;
14160 	void	(*statp)(kstat_io_t *);
14161 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14162 	void	(*saved_statp)(kstat_io_t *);
14163 #endif
14164 	int	rval;
14165 
14166 	ASSERT(un != NULL);
14167 	ASSERT(mutex_owned(SD_MUTEX(un)));
14168 	ASSERT(un->un_ncmds_in_transport >= 0);
14169 	ASSERT(un->un_throttle >= 0);
14170 
14171 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_start_cmds: entry\n");
14172 
14173 	do {
14174 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14175 		saved_statp = NULL;
14176 #endif
14177 
14178 		/*
14179 		 * If we are syncing or dumping, fail the command to
14180 		 * avoid recursively calling back into scsi_transport().
14181 		 * The dump I/O itself uses a separate code path so this
14182 		 * only prevents non-dump I/O from being sent while dumping.
14183 		 * File system sync takes place before dumping begins.
14184 		 * During panic, filesystem I/O is allowed provided
14185 		 * un_in_callback is <= 1.  This is to prevent recursion
14186 		 * such as sd_start_cmds -> scsi_transport -> sdintr ->
14187 		 * sd_start_cmds and so on.  See panic.c for more information
14188 		 * about the states the system can be in during panic.
14189 		 */
14190 		if ((un->un_state == SD_STATE_DUMPING) ||
14191 		    (ddi_in_panic() && (un->un_in_callback > 1))) {
14192 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14193 			    "sd_start_cmds: panicking\n");
14194 			goto exit;
14195 		}
14196 
14197 		if ((bp = immed_bp) != NULL) {
14198 			/*
14199 			 * We have a bp that must be transported immediately.
14200 			 * It's OK to transport the immed_bp here without doing
14201 			 * the throttle limit check because the immed_bp is
14202 			 * always used in a retry/recovery case. This means
14203 			 * that we know we are not at the throttle limit by
14204 			 * virtue of the fact that to get here we must have
14205 			 * already gotten a command back via sdintr(). This also
14206 			 * relies on (1) the command on un_retry_bp preventing
14207 			 * further commands from the waitq from being issued;
14208 			 * and (2) the code in sd_retry_command checking the
14209 			 * throttle limit before issuing a delayed or immediate
14210 			 * retry. This holds even if the throttle limit is
14211 			 * currently ratcheted down from its maximum value.
14212 			 */
14213 			statp = kstat_runq_enter;
14214 			if (bp == un->un_retry_bp) {
14215 				ASSERT((un->un_retry_statp == NULL) ||
14216 				    (un->un_retry_statp == kstat_waitq_enter) ||
14217 				    (un->un_retry_statp ==
14218 				    kstat_runq_back_to_waitq));
14219 				/*
14220 				 * If the waitq kstat was incremented when
14221 				 * sd_set_retry_bp() queued this bp for a retry,
14222 				 * then we must set up statp so that the waitq
14223 				 * count will get decremented correctly below.
14224 				 * Also we must clear un->un_retry_statp to
14225 				 * ensure that we do not act on a stale value
14226 				 * in this field.
14227 				 */
14228 				if ((un->un_retry_statp == kstat_waitq_enter) ||
14229 				    (un->un_retry_statp ==
14230 				    kstat_runq_back_to_waitq)) {
14231 					statp = kstat_waitq_to_runq;
14232 				}
14233 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14234 				saved_statp = un->un_retry_statp;
14235 #endif
14236 				un->un_retry_statp = NULL;
14237 
14238 				SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
14239 				    "sd_start_cmds: un:0x%p: GOT retry_bp:0x%p "
14240 				    "un_throttle:%d un_ncmds_in_transport:%d\n",
14241 				    un, un->un_retry_bp, un->un_throttle,
14242 				    un->un_ncmds_in_transport);
14243 			} else {
14244 				SD_TRACE(SD_LOG_IO_CORE, un, "sd_start_cmds: "
14245 				    "processing priority bp:0x%p\n", bp);
14246 			}
14247 
14248 		} else if ((bp = un->un_waitq_headp) != NULL) {
14249 			/*
14250 			 * A command on the waitq is ready to go, but do not
14251 			 * send it if:
14252 			 *
14253 			 * (1) the throttle limit has been reached, or
14254 			 * (2) a retry is pending, or
14255 			 * (3) a START_STOP_UNIT callback pending, or
14256 			 * (4) a callback for a SD_PATH_DIRECT_PRIORITY
14257 			 *	command is pending.
14258 			 *
14259 			 * For all of these conditions, IO processing will
14260 			 * restart after the condition is cleared.
14261 			 */
14262 			if (un->un_ncmds_in_transport >= un->un_throttle) {
14263 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14264 				    "sd_start_cmds: exiting, "
14265 				    "throttle limit reached!\n");
14266 				goto exit;
14267 			}
14268 			if (un->un_retry_bp != NULL) {
14269 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14270 				    "sd_start_cmds: exiting, retry pending!\n");
14271 				goto exit;
14272 			}
14273 			if (un->un_startstop_timeid != NULL) {
14274 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14275 				    "sd_start_cmds: exiting, "
14276 				    "START_STOP pending!\n");
14277 				goto exit;
14278 			}
14279 			if (un->un_direct_priority_timeid != NULL) {
14280 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14281 				    "sd_start_cmds: exiting, "
14282 				    "SD_PATH_DIRECT_PRIORITY cmd. pending!\n");
14283 				goto exit;
14284 			}
14285 
14286 			/* Dequeue the command */
14287 			un->un_waitq_headp = bp->av_forw;
14288 			if (un->un_waitq_headp == NULL) {
14289 				un->un_waitq_tailp = NULL;
14290 			}
14291 			bp->av_forw = NULL;
14292 			statp = kstat_waitq_to_runq;
14293 			SD_TRACE(SD_LOG_IO_CORE, un,
14294 			    "sd_start_cmds: processing waitq bp:0x%p\n", bp);
14295 
14296 		} else {
14297 			/* No work to do so bail out now */
14298 			SD_TRACE(SD_LOG_IO_CORE, un,
14299 			    "sd_start_cmds: no more work, exiting!\n");
14300 			goto exit;
14301 		}
14302 
14303 		/*
14304 		 * Reset the state to normal. This is the mechanism by which
14305 		 * the state transitions from either SD_STATE_RWAIT or
14306 		 * SD_STATE_OFFLINE to SD_STATE_NORMAL.
14307 		 * If state is SD_STATE_PM_CHANGING then this command is
14308 		 * part of the device power control and the state must
14309 		 * not be put back to normal. Doing so would would
14310 		 * allow new commands to proceed when they shouldn't,
14311 		 * the device may be going off.
14312 		 */
14313 		if ((un->un_state != SD_STATE_SUSPENDED) &&
14314 		    (un->un_state != SD_STATE_PM_CHANGING)) {
14315 			New_state(un, SD_STATE_NORMAL);
14316 		    }
14317 
14318 		xp = SD_GET_XBUF(bp);
14319 		ASSERT(xp != NULL);
14320 
14321 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14322 		/*
14323 		 * Allocate the scsi_pkt if we need one, or attach DMA
14324 		 * resources if we have a scsi_pkt that needs them. The
14325 		 * latter should only occur for commands that are being
14326 		 * retried.
14327 		 */
14328 		if ((xp->xb_pktp == NULL) ||
14329 		    ((xp->xb_pkt_flags & SD_XB_DMA_FREED) != 0)) {
14330 #else
14331 		if (xp->xb_pktp == NULL) {
14332 #endif
14333 			/*
14334 			 * There is no scsi_pkt allocated for this buf. Call
14335 			 * the initpkt function to allocate & init one.
14336 			 *
14337 			 * The scsi_init_pkt runout callback functionality is
14338 			 * implemented as follows:
14339 			 *
14340 			 * 1) The initpkt function always calls
14341 			 *    scsi_init_pkt(9F) with sdrunout specified as the
14342 			 *    callback routine.
14343 			 * 2) A successful packet allocation is initialized and
14344 			 *    the I/O is transported.
14345 			 * 3) The I/O associated with an allocation resource
14346 			 *    failure is left on its queue to be retried via
14347 			 *    runout or the next I/O.
14348 			 * 4) The I/O associated with a DMA error is removed
14349 			 *    from the queue and failed with EIO. Processing of
14350 			 *    the transport queues is also halted to be
14351 			 *    restarted via runout or the next I/O.
14352 			 * 5) The I/O associated with a CDB size or packet
14353 			 *    size error is removed from the queue and failed
14354 			 *    with EIO. Processing of the transport queues is
14355 			 *    continued.
14356 			 *
14357 			 * Note: there is no interface for canceling a runout
14358 			 * callback. To prevent the driver from detaching or
14359 			 * suspending while a runout is pending the driver
14360 			 * state is set to SD_STATE_RWAIT
14361 			 *
14362 			 * Note: using the scsi_init_pkt callback facility can
14363 			 * result in an I/O request persisting at the head of
14364 			 * the list which cannot be satisfied even after
14365 			 * multiple retries. In the future the driver may
14366 			 * implement some kind of maximum runout count before
14367 			 * failing an I/O.
14368 			 *
14369 			 * Note: the use of funcp below may seem superfluous,
14370 			 * but it helps warlock figure out the correct
14371 			 * initpkt function calls (see [s]sd.wlcmd).
14372 			 */
14373 			struct scsi_pkt	*pktp;
14374 			int (*funcp)(struct buf *bp, struct scsi_pkt **pktp);
14375 
14376 			ASSERT(bp != un->un_rqs_bp);
14377 
14378 			funcp = sd_initpkt_map[xp->xb_chain_iostart];
14379 			switch ((*funcp)(bp, &pktp)) {
14380 			case  SD_PKT_ALLOC_SUCCESS:
14381 				xp->xb_pktp = pktp;
14382 				SD_TRACE(SD_LOG_IO_CORE, un,
14383 				    "sd_start_cmd: SD_PKT_ALLOC_SUCCESS 0x%p\n",
14384 				    pktp);
14385 				goto got_pkt;
14386 
14387 			case SD_PKT_ALLOC_FAILURE:
14388 				/*
14389 				 * Temporary (hopefully) resource depletion.
14390 				 * Since retries and RQS commands always have a
14391 				 * scsi_pkt allocated, these cases should never
14392 				 * get here. So the only cases this needs to
14393 				 * handle is a bp from the waitq (which we put
14394 				 * back onto the waitq for sdrunout), or a bp
14395 				 * sent as an immed_bp (which we just fail).
14396 				 */
14397 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14398 				    "sd_start_cmds: SD_PKT_ALLOC_FAILURE\n");
14399 
14400 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14401 
14402 				if (bp == immed_bp) {
14403 					/*
14404 					 * If SD_XB_DMA_FREED is clear, then
14405 					 * this is a failure to allocate a
14406 					 * scsi_pkt, and we must fail the
14407 					 * command.
14408 					 */
14409 					if ((xp->xb_pkt_flags &
14410 					    SD_XB_DMA_FREED) == 0) {
14411 						break;
14412 					}
14413 
14414 					/*
14415 					 * If this immediate command is NOT our
14416 					 * un_retry_bp, then we must fail it.
14417 					 */
14418 					if (bp != un->un_retry_bp) {
14419 						break;
14420 					}
14421 
14422 					/*
14423 					 * We get here if this cmd is our
14424 					 * un_retry_bp that was DMAFREED, but
14425 					 * scsi_init_pkt() failed to reallocate
14426 					 * DMA resources when we attempted to
14427 					 * retry it. This can happen when an
14428 					 * mpxio failover is in progress, but
14429 					 * we don't want to just fail the
14430 					 * command in this case.
14431 					 *
14432 					 * Use timeout(9F) to restart it after
14433 					 * a 100ms delay.  We don't want to
14434 					 * let sdrunout() restart it, because
14435 					 * sdrunout() is just supposed to start
14436 					 * commands that are sitting on the
14437 					 * wait queue.  The un_retry_bp stays
14438 					 * set until the command completes, but
14439 					 * sdrunout can be called many times
14440 					 * before that happens.  Since sdrunout
14441 					 * cannot tell if the un_retry_bp is
14442 					 * already in the transport, it could
14443 					 * end up calling scsi_transport() for
14444 					 * the un_retry_bp multiple times.
14445 					 *
14446 					 * Also: don't schedule the callback
14447 					 * if some other callback is already
14448 					 * pending.
14449 					 */
14450 					if (un->un_retry_statp == NULL) {
14451 						/*
14452 						 * restore the kstat pointer to
14453 						 * keep kstat counts coherent
14454 						 * when we do retry the command.
14455 						 */
14456 						un->un_retry_statp =
14457 						    saved_statp;
14458 					}
14459 
14460 					if ((un->un_startstop_timeid == NULL) &&
14461 					    (un->un_retry_timeid == NULL) &&
14462 					    (un->un_direct_priority_timeid ==
14463 					    NULL)) {
14464 
14465 						un->un_retry_timeid =
14466 						    timeout(
14467 						    sd_start_retry_command,
14468 						    un, SD_RESTART_TIMEOUT);
14469 					}
14470 					goto exit;
14471 				}
14472 
14473 #else
14474 				if (bp == immed_bp) {
14475 					break;	/* Just fail the command */
14476 				}
14477 #endif
14478 
14479 				/* Add the buf back to the head of the waitq */
14480 				bp->av_forw = un->un_waitq_headp;
14481 				un->un_waitq_headp = bp;
14482 				if (un->un_waitq_tailp == NULL) {
14483 					un->un_waitq_tailp = bp;
14484 				}
14485 				goto exit;
14486 
14487 			case SD_PKT_ALLOC_FAILURE_NO_DMA:
14488 				/*
14489 				 * HBA DMA resource failure. Fail the command
14490 				 * and continue processing of the queues.
14491 				 */
14492 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14493 				    "sd_start_cmds: "
14494 				    "SD_PKT_ALLOC_FAILURE_NO_DMA\n");
14495 				break;
14496 
14497 			case SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL:
14498 				/*
14499 				 * Note:x86: Partial DMA mapping not supported
14500 				 * for USCSI commands, and all the needed DMA
14501 				 * resources were not allocated.
14502 				 */
14503 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14504 				    "sd_start_cmds: "
14505 				    "SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL\n");
14506 				break;
14507 
14508 			case SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL:
14509 				/*
14510 				 * Note:x86: Request cannot fit into CDB based
14511 				 * on lba and len.
14512 				 */
14513 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14514 				    "sd_start_cmds: "
14515 				    "SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL\n");
14516 				break;
14517 
14518 			default:
14519 				/* Should NEVER get here! */
14520 				panic("scsi_initpkt error");
14521 				/*NOTREACHED*/
14522 			}
14523 
14524 			/*
14525 			 * Fatal error in allocating a scsi_pkt for this buf.
14526 			 * Update kstats & return the buf with an error code.
14527 			 * We must use sd_return_failed_command_no_restart() to
14528 			 * avoid a recursive call back into sd_start_cmds().
14529 			 * However this also means that we must keep processing
14530 			 * the waitq here in order to avoid stalling.
14531 			 */
14532 			if (statp == kstat_waitq_to_runq) {
14533 				SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
14534 			}
14535 			sd_return_failed_command_no_restart(un, bp, EIO);
14536 			if (bp == immed_bp) {
14537 				/* immed_bp is gone by now, so clear this */
14538 				immed_bp = NULL;
14539 			}
14540 			continue;
14541 		}
14542 got_pkt:
14543 		if (bp == immed_bp) {
14544 			/* goto the head of the class.... */
14545 			xp->xb_pktp->pkt_flags |= FLAG_HEAD;
14546 		}
14547 
14548 		un->un_ncmds_in_transport++;
14549 		SD_UPDATE_KSTATS(un, statp, bp);
14550 
14551 		/*
14552 		 * Call scsi_transport() to send the command to the target.
14553 		 * According to SCSA architecture, we must drop the mutex here
14554 		 * before calling scsi_transport() in order to avoid deadlock.
14555 		 * Note that the scsi_pkt's completion routine can be executed
14556 		 * (from interrupt context) even before the call to
14557 		 * scsi_transport() returns.
14558 		 */
14559 		SD_TRACE(SD_LOG_IO_CORE, un,
14560 		    "sd_start_cmds: calling scsi_transport()\n");
14561 		DTRACE_PROBE1(scsi__transport__dispatch, struct buf *, bp);
14562 
14563 		mutex_exit(SD_MUTEX(un));
14564 		rval = scsi_transport(xp->xb_pktp);
14565 		mutex_enter(SD_MUTEX(un));
14566 
14567 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14568 		    "sd_start_cmds: scsi_transport() returned %d\n", rval);
14569 
14570 		switch (rval) {
14571 		case TRAN_ACCEPT:
14572 			/* Clear this with every pkt accepted by the HBA */
14573 			un->un_tran_fatal_count = 0;
14574 			break;	/* Success; try the next cmd (if any) */
14575 
14576 		case TRAN_BUSY:
14577 			un->un_ncmds_in_transport--;
14578 			ASSERT(un->un_ncmds_in_transport >= 0);
14579 
14580 			/*
14581 			 * Don't retry request sense, the sense data
14582 			 * is lost when another request is sent.
14583 			 * Free up the rqs buf and retry
14584 			 * the original failed cmd.  Update kstat.
14585 			 */
14586 			if (bp == un->un_rqs_bp) {
14587 				SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14588 				bp = sd_mark_rqs_idle(un, xp);
14589 				sd_retry_command(un, bp, SD_RETRIES_STANDARD,
14590 					NULL, NULL, EIO, SD_BSY_TIMEOUT / 500,
14591 					kstat_waitq_enter);
14592 				goto exit;
14593 			}
14594 
14595 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14596 			/*
14597 			 * Free the DMA resources for the  scsi_pkt. This will
14598 			 * allow mpxio to select another path the next time
14599 			 * we call scsi_transport() with this scsi_pkt.
14600 			 * See sdintr() for the rationalization behind this.
14601 			 */
14602 			if ((un->un_f_is_fibre == TRUE) &&
14603 			    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
14604 			    ((xp->xb_pktp->pkt_flags & FLAG_SENSING) == 0)) {
14605 				scsi_dmafree(xp->xb_pktp);
14606 				xp->xb_pkt_flags |= SD_XB_DMA_FREED;
14607 			}
14608 #endif
14609 
14610 			if (SD_IS_DIRECT_PRIORITY(SD_GET_XBUF(bp))) {
14611 				/*
14612 				 * Commands that are SD_PATH_DIRECT_PRIORITY
14613 				 * are for error recovery situations. These do
14614 				 * not use the normal command waitq, so if they
14615 				 * get a TRAN_BUSY we cannot put them back onto
14616 				 * the waitq for later retry. One possible
14617 				 * problem is that there could already be some
14618 				 * other command on un_retry_bp that is waiting
14619 				 * for this one to complete, so we would be
14620 				 * deadlocked if we put this command back onto
14621 				 * the waitq for later retry (since un_retry_bp
14622 				 * must complete before the driver gets back to
14623 				 * commands on the waitq).
14624 				 *
14625 				 * To avoid deadlock we must schedule a callback
14626 				 * that will restart this command after a set
14627 				 * interval.  This should keep retrying for as
14628 				 * long as the underlying transport keeps
14629 				 * returning TRAN_BUSY (just like for other
14630 				 * commands).  Use the same timeout interval as
14631 				 * for the ordinary TRAN_BUSY retry.
14632 				 */
14633 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14634 				    "sd_start_cmds: scsi_transport() returned "
14635 				    "TRAN_BUSY for DIRECT_PRIORITY cmd!\n");
14636 
14637 				SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14638 				un->un_direct_priority_timeid =
14639 				    timeout(sd_start_direct_priority_command,
14640 				    bp, SD_BSY_TIMEOUT / 500);
14641 
14642 				goto exit;
14643 			}
14644 
14645 			/*
14646 			 * For TRAN_BUSY, we want to reduce the throttle value,
14647 			 * unless we are retrying a command.
14648 			 */
14649 			if (bp != un->un_retry_bp) {
14650 				sd_reduce_throttle(un, SD_THROTTLE_TRAN_BUSY);
14651 			}
14652 
14653 			/*
14654 			 * Set up the bp to be tried again 10 ms later.
14655 			 * Note:x86: Is there a timeout value in the sd_lun
14656 			 * for this condition?
14657 			 */
14658 			sd_set_retry_bp(un, bp, SD_BSY_TIMEOUT / 500,
14659 				kstat_runq_back_to_waitq);
14660 			goto exit;
14661 
14662 		case TRAN_FATAL_ERROR:
14663 			un->un_tran_fatal_count++;
14664 			/* FALLTHRU */
14665 
14666 		case TRAN_BADPKT:
14667 		default:
14668 			un->un_ncmds_in_transport--;
14669 			ASSERT(un->un_ncmds_in_transport >= 0);
14670 
14671 			/*
14672 			 * If this is our REQUEST SENSE command with a
14673 			 * transport error, we must get back the pointers
14674 			 * to the original buf, and mark the REQUEST
14675 			 * SENSE command as "available".
14676 			 */
14677 			if (bp == un->un_rqs_bp) {
14678 				bp = sd_mark_rqs_idle(un, xp);
14679 				xp = SD_GET_XBUF(bp);
14680 			} else {
14681 				/*
14682 				 * Legacy behavior: do not update transport
14683 				 * error count for request sense commands.
14684 				 */
14685 				SD_UPDATE_ERRSTATS(un, sd_transerrs);
14686 			}
14687 
14688 			SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14689 			sd_print_transport_rejected_message(un, xp, rval);
14690 
14691 			/*
14692 			 * We must use sd_return_failed_command_no_restart() to
14693 			 * avoid a recursive call back into sd_start_cmds().
14694 			 * However this also means that we must keep processing
14695 			 * the waitq here in order to avoid stalling.
14696 			 */
14697 			sd_return_failed_command_no_restart(un, bp, EIO);
14698 
14699 			/*
14700 			 * Notify any threads waiting in sd_ddi_suspend() that
14701 			 * a command completion has occurred.
14702 			 */
14703 			if (un->un_state == SD_STATE_SUSPENDED) {
14704 				cv_broadcast(&un->un_disk_busy_cv);
14705 			}
14706 
14707 			if (bp == immed_bp) {
14708 				/* immed_bp is gone by now, so clear this */
14709 				immed_bp = NULL;
14710 			}
14711 			break;
14712 		}
14713 
14714 	} while (immed_bp == NULL);
14715 
14716 exit:
14717 	ASSERT(mutex_owned(SD_MUTEX(un)));
14718 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_start_cmds: exit\n");
14719 }
14720 
14721 
14722 /*
14723  *    Function: sd_return_command
14724  *
14725  * Description: Returns a command to its originator (with or without an
14726  *		error).  Also starts commands waiting to be transported
14727  *		to the target.
14728  *
14729  *     Context: May be called from interrupt, kernel, or timeout context
14730  */
14731 
14732 static void
14733 sd_return_command(struct sd_lun *un, struct buf *bp)
14734 {
14735 	struct sd_xbuf *xp;
14736 #if defined(__i386) || defined(__amd64)
14737 	struct scsi_pkt *pktp;
14738 #endif
14739 
14740 	ASSERT(bp != NULL);
14741 	ASSERT(un != NULL);
14742 	ASSERT(mutex_owned(SD_MUTEX(un)));
14743 	ASSERT(bp != un->un_rqs_bp);
14744 	xp = SD_GET_XBUF(bp);
14745 	ASSERT(xp != NULL);
14746 
14747 #if defined(__i386) || defined(__amd64)
14748 	pktp = SD_GET_PKTP(bp);
14749 #endif
14750 
14751 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_return_command: entry\n");
14752 
14753 #if defined(__i386) || defined(__amd64)
14754 	/*
14755 	 * Note:x86: check for the "sdrestart failed" case.
14756 	 */
14757 	if (((xp->xb_pkt_flags & SD_XB_USCSICMD) != SD_XB_USCSICMD) &&
14758 		(geterror(bp) == 0) && (xp->xb_dma_resid != 0) &&
14759 		(xp->xb_pktp->pkt_resid == 0)) {
14760 
14761 		if (sd_setup_next_xfer(un, bp, pktp, xp) != 0) {
14762 			/*
14763 			 * Successfully set up next portion of cmd
14764 			 * transfer, try sending it
14765 			 */
14766 			sd_retry_command(un, bp, SD_RETRIES_NOCHECK,
14767 			    NULL, NULL, 0, (clock_t)0, NULL);
14768 			sd_start_cmds(un, NULL);
14769 			return;	/* Note:x86: need a return here? */
14770 		}
14771 	}
14772 #endif
14773 
14774 	/*
14775 	 * If this is the failfast bp, clear it from un_failfast_bp. This
14776 	 * can happen if upon being re-tried the failfast bp either
14777 	 * succeeded or encountered another error (possibly even a different
14778 	 * error than the one that precipitated the failfast state, but in
14779 	 * that case it would have had to exhaust retries as well). Regardless,
14780 	 * this should not occur whenever the instance is in the active
14781 	 * failfast state.
14782 	 */
14783 	if (bp == un->un_failfast_bp) {
14784 		ASSERT(un->un_failfast_state == SD_FAILFAST_INACTIVE);
14785 		un->un_failfast_bp = NULL;
14786 	}
14787 
14788 	/*
14789 	 * Clear the failfast state upon successful completion of ANY cmd.
14790 	 */
14791 	if (bp->b_error == 0) {
14792 		un->un_failfast_state = SD_FAILFAST_INACTIVE;
14793 	}
14794 
14795 	/*
14796 	 * This is used if the command was retried one or more times. Show that
14797 	 * we are done with it, and allow processing of the waitq to resume.
14798 	 */
14799 	if (bp == un->un_retry_bp) {
14800 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14801 		    "sd_return_command: un:0x%p: "
14802 		    "RETURNING retry_bp:0x%p\n", un, un->un_retry_bp);
14803 		un->un_retry_bp = NULL;
14804 		un->un_retry_statp = NULL;
14805 	}
14806 
14807 	SD_UPDATE_RDWR_STATS(un, bp);
14808 	SD_UPDATE_PARTITION_STATS(un, bp);
14809 
14810 	switch (un->un_state) {
14811 	case SD_STATE_SUSPENDED:
14812 		/*
14813 		 * Notify any threads waiting in sd_ddi_suspend() that
14814 		 * a command completion has occurred.
14815 		 */
14816 		cv_broadcast(&un->un_disk_busy_cv);
14817 		break;
14818 	default:
14819 		sd_start_cmds(un, NULL);
14820 		break;
14821 	}
14822 
14823 	/* Return this command up the iodone chain to its originator. */
14824 	mutex_exit(SD_MUTEX(un));
14825 
14826 	(*(sd_destroypkt_map[xp->xb_chain_iodone]))(bp);
14827 	xp->xb_pktp = NULL;
14828 
14829 	SD_BEGIN_IODONE(xp->xb_chain_iodone, un, bp);
14830 
14831 	ASSERT(!mutex_owned(SD_MUTEX(un)));
14832 	mutex_enter(SD_MUTEX(un));
14833 
14834 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_return_command: exit\n");
14835 }
14836 
14837 
14838 /*
14839  *    Function: sd_return_failed_command
14840  *
14841  * Description: Command completion when an error occurred.
14842  *
14843  *     Context: May be called from interrupt context
14844  */
14845 
14846 static void
14847 sd_return_failed_command(struct sd_lun *un, struct buf *bp, int errcode)
14848 {
14849 	ASSERT(bp != NULL);
14850 	ASSERT(un != NULL);
14851 	ASSERT(mutex_owned(SD_MUTEX(un)));
14852 
14853 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14854 	    "sd_return_failed_command: entry\n");
14855 
14856 	/*
14857 	 * b_resid could already be nonzero due to a partial data
14858 	 * transfer, so do not change it here.
14859 	 */
14860 	SD_BIOERROR(bp, errcode);
14861 
14862 	sd_return_command(un, bp);
14863 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14864 	    "sd_return_failed_command: exit\n");
14865 }
14866 
14867 
14868 /*
14869  *    Function: sd_return_failed_command_no_restart
14870  *
14871  * Description: Same as sd_return_failed_command, but ensures that no
14872  *		call back into sd_start_cmds will be issued.
14873  *
14874  *     Context: May be called from interrupt context
14875  */
14876 
14877 static void
14878 sd_return_failed_command_no_restart(struct sd_lun *un, struct buf *bp,
14879 	int errcode)
14880 {
14881 	struct sd_xbuf *xp;
14882 
14883 	ASSERT(bp != NULL);
14884 	ASSERT(un != NULL);
14885 	ASSERT(mutex_owned(SD_MUTEX(un)));
14886 	xp = SD_GET_XBUF(bp);
14887 	ASSERT(xp != NULL);
14888 	ASSERT(errcode != 0);
14889 
14890 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14891 	    "sd_return_failed_command_no_restart: entry\n");
14892 
14893 	/*
14894 	 * b_resid could already be nonzero due to a partial data
14895 	 * transfer, so do not change it here.
14896 	 */
14897 	SD_BIOERROR(bp, errcode);
14898 
14899 	/*
14900 	 * If this is the failfast bp, clear it. This can happen if the
14901 	 * failfast bp encounterd a fatal error when we attempted to
14902 	 * re-try it (such as a scsi_transport(9F) failure).  However
14903 	 * we should NOT be in an active failfast state if the failfast
14904 	 * bp is not NULL.
14905 	 */
14906 	if (bp == un->un_failfast_bp) {
14907 		ASSERT(un->un_failfast_state == SD_FAILFAST_INACTIVE);
14908 		un->un_failfast_bp = NULL;
14909 	}
14910 
14911 	if (bp == un->un_retry_bp) {
14912 		/*
14913 		 * This command was retried one or more times. Show that we are
14914 		 * done with it, and allow processing of the waitq to resume.
14915 		 */
14916 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14917 		    "sd_return_failed_command_no_restart: "
14918 		    " un:0x%p: RETURNING retry_bp:0x%p\n", un, un->un_retry_bp);
14919 		un->un_retry_bp = NULL;
14920 		un->un_retry_statp = NULL;
14921 	}
14922 
14923 	SD_UPDATE_RDWR_STATS(un, bp);
14924 	SD_UPDATE_PARTITION_STATS(un, bp);
14925 
14926 	mutex_exit(SD_MUTEX(un));
14927 
14928 	if (xp->xb_pktp != NULL) {
14929 		(*(sd_destroypkt_map[xp->xb_chain_iodone]))(bp);
14930 		xp->xb_pktp = NULL;
14931 	}
14932 
14933 	SD_BEGIN_IODONE(xp->xb_chain_iodone, un, bp);
14934 
14935 	mutex_enter(SD_MUTEX(un));
14936 
14937 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14938 	    "sd_return_failed_command_no_restart: exit\n");
14939 }
14940 
14941 
14942 /*
14943  *    Function: sd_retry_command
14944  *
14945  * Description: queue up a command for retry, or (optionally) fail it
14946  *		if retry counts are exhausted.
14947  *
14948  *   Arguments: un - Pointer to the sd_lun struct for the target.
14949  *
14950  *		bp - Pointer to the buf for the command to be retried.
14951  *
14952  *		retry_check_flag - Flag to see which (if any) of the retry
14953  *		   counts should be decremented/checked. If the indicated
14954  *		   retry count is exhausted, then the command will not be
14955  *		   retried; it will be failed instead. This should use a
14956  *		   value equal to one of the following:
14957  *
14958  *			SD_RETRIES_NOCHECK
14959  *			SD_RESD_RETRIES_STANDARD
14960  *			SD_RETRIES_VICTIM
14961  *
14962  *		   Optionally may be bitwise-OR'ed with SD_RETRIES_ISOLATE
14963  *		   if the check should be made to see of FLAG_ISOLATE is set
14964  *		   in the pkt. If FLAG_ISOLATE is set, then the command is
14965  *		   not retried, it is simply failed.
14966  *
14967  *		user_funcp - Ptr to function to call before dispatching the
14968  *		   command. May be NULL if no action needs to be performed.
14969  *		   (Primarily intended for printing messages.)
14970  *
14971  *		user_arg - Optional argument to be passed along to
14972  *		   the user_funcp call.
14973  *
14974  *		failure_code - errno return code to set in the bp if the
14975  *		   command is going to be failed.
14976  *
14977  *		retry_delay - Retry delay interval in (clock_t) units. May
14978  *		   be zero which indicates that the retry should be retried
14979  *		   immediately (ie, without an intervening delay).
14980  *
14981  *		statp - Ptr to kstat function to be updated if the command
14982  *		   is queued for a delayed retry. May be NULL if no kstat
14983  *		   update is desired.
14984  *
14985  *     Context: May be called from interupt context.
14986  */
14987 
14988 static void
14989 sd_retry_command(struct sd_lun *un, struct buf *bp, int retry_check_flag,
14990 	void (*user_funcp)(struct sd_lun *un, struct buf *bp, void *argp, int
14991 	code), void *user_arg, int failure_code,  clock_t retry_delay,
14992 	void (*statp)(kstat_io_t *))
14993 {
14994 	struct sd_xbuf	*xp;
14995 	struct scsi_pkt	*pktp;
14996 
14997 	ASSERT(un != NULL);
14998 	ASSERT(mutex_owned(SD_MUTEX(un)));
14999 	ASSERT(bp != NULL);
15000 	xp = SD_GET_XBUF(bp);
15001 	ASSERT(xp != NULL);
15002 	pktp = SD_GET_PKTP(bp);
15003 	ASSERT(pktp != NULL);
15004 
15005 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
15006 	    "sd_retry_command: entry: bp:0x%p xp:0x%p\n", bp, xp);
15007 
15008 	/*
15009 	 * If we are syncing or dumping, fail the command to avoid
15010 	 * recursively calling back into scsi_transport().
15011 	 */
15012 	if (ddi_in_panic()) {
15013 		goto fail_command_no_log;
15014 	}
15015 
15016 	/*
15017 	 * We should never be be retrying a command with FLAG_DIAGNOSE set, so
15018 	 * log an error and fail the command.
15019 	 */
15020 	if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
15021 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
15022 		    "ERROR, retrying FLAG_DIAGNOSE command.\n");
15023 		sd_dump_memory(un, SD_LOG_IO, "CDB",
15024 		    (uchar_t *)pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
15025 		sd_dump_memory(un, SD_LOG_IO, "Sense Data",
15026 		    (uchar_t *)xp->xb_sense_data, SENSE_LENGTH, SD_LOG_HEX);
15027 		goto fail_command;
15028 	}
15029 
15030 	/*
15031 	 * If we are suspended, then put the command onto head of the
15032 	 * wait queue since we don't want to start more commands.
15033 	 */
15034 	switch (un->un_state) {
15035 	case SD_STATE_SUSPENDED:
15036 	case SD_STATE_DUMPING:
15037 		bp->av_forw = un->un_waitq_headp;
15038 		un->un_waitq_headp = bp;
15039 		if (un->un_waitq_tailp == NULL) {
15040 			un->un_waitq_tailp = bp;
15041 		}
15042 		SD_UPDATE_KSTATS(un, kstat_waitq_enter, bp);
15043 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: "
15044 		    "exiting; cmd bp:0x%p requeued for SUSPEND/DUMP\n", bp);
15045 		return;
15046 	default:
15047 		break;
15048 	}
15049 
15050 	/*
15051 	 * If the caller wants us to check FLAG_ISOLATE, then see if that
15052 	 * is set; if it is then we do not want to retry the command.
15053 	 * Normally, FLAG_ISOLATE is only used with USCSI cmds.
15054 	 */
15055 	if ((retry_check_flag & SD_RETRIES_ISOLATE) != 0) {
15056 		if ((pktp->pkt_flags & FLAG_ISOLATE) != 0) {
15057 			goto fail_command;
15058 		}
15059 	}
15060 
15061 
15062 	/*
15063 	 * If SD_RETRIES_FAILFAST is set, it indicates that either a
15064 	 * command timeout or a selection timeout has occurred. This means
15065 	 * that we were unable to establish an kind of communication with
15066 	 * the target, and subsequent retries and/or commands are likely
15067 	 * to encounter similar results and take a long time to complete.
15068 	 *
15069 	 * If this is a failfast error condition, we need to update the
15070 	 * failfast state, even if this bp does not have B_FAILFAST set.
15071 	 */
15072 	if (retry_check_flag & SD_RETRIES_FAILFAST) {
15073 		if (un->un_failfast_state == SD_FAILFAST_ACTIVE) {
15074 			ASSERT(un->un_failfast_bp == NULL);
15075 			/*
15076 			 * If we are already in the active failfast state, and
15077 			 * another failfast error condition has been detected,
15078 			 * then fail this command if it has B_FAILFAST set.
15079 			 * If B_FAILFAST is clear, then maintain the legacy
15080 			 * behavior of retrying heroically, even tho this will
15081 			 * take a lot more time to fail the command.
15082 			 */
15083 			if (bp->b_flags & B_FAILFAST) {
15084 				goto fail_command;
15085 			}
15086 		} else {
15087 			/*
15088 			 * We're not in the active failfast state, but we
15089 			 * have a failfast error condition, so we must begin
15090 			 * transition to the next state. We do this regardless
15091 			 * of whether or not this bp has B_FAILFAST set.
15092 			 */
15093 			if (un->un_failfast_bp == NULL) {
15094 				/*
15095 				 * This is the first bp to meet a failfast
15096 				 * condition so save it on un_failfast_bp &
15097 				 * do normal retry processing. Do not enter
15098 				 * active failfast state yet. This marks
15099 				 * entry into the "failfast pending" state.
15100 				 */
15101 				un->un_failfast_bp = bp;
15102 
15103 			} else if (un->un_failfast_bp == bp) {
15104 				/*
15105 				 * This is the second time *this* bp has
15106 				 * encountered a failfast error condition,
15107 				 * so enter active failfast state & flush
15108 				 * queues as appropriate.
15109 				 */
15110 				un->un_failfast_state = SD_FAILFAST_ACTIVE;
15111 				un->un_failfast_bp = NULL;
15112 				sd_failfast_flushq(un);
15113 
15114 				/*
15115 				 * Fail this bp now if B_FAILFAST set;
15116 				 * otherwise continue with retries. (It would
15117 				 * be pretty ironic if this bp succeeded on a
15118 				 * subsequent retry after we just flushed all
15119 				 * the queues).
15120 				 */
15121 				if (bp->b_flags & B_FAILFAST) {
15122 					goto fail_command;
15123 				}
15124 
15125 #if !defined(lint) && !defined(__lint)
15126 			} else {
15127 				/*
15128 				 * If neither of the preceeding conditionals
15129 				 * was true, it means that there is some
15130 				 * *other* bp that has met an inital failfast
15131 				 * condition and is currently either being
15132 				 * retried or is waiting to be retried. In
15133 				 * that case we should perform normal retry
15134 				 * processing on *this* bp, since there is a
15135 				 * chance that the current failfast condition
15136 				 * is transient and recoverable. If that does
15137 				 * not turn out to be the case, then retries
15138 				 * will be cleared when the wait queue is
15139 				 * flushed anyway.
15140 				 */
15141 #endif
15142 			}
15143 		}
15144 	} else {
15145 		/*
15146 		 * SD_RETRIES_FAILFAST is clear, which indicates that we
15147 		 * likely were able to at least establish some level of
15148 		 * communication with the target and subsequent commands
15149 		 * and/or retries are likely to get through to the target,
15150 		 * In this case we want to be aggressive about clearing
15151 		 * the failfast state. Note that this does not affect
15152 		 * the "failfast pending" condition.
15153 		 */
15154 		un->un_failfast_state = SD_FAILFAST_INACTIVE;
15155 	}
15156 
15157 
15158 	/*
15159 	 * Check the specified retry count to see if we can still do
15160 	 * any retries with this pkt before we should fail it.
15161 	 */
15162 	switch (retry_check_flag & SD_RETRIES_MASK) {
15163 	case SD_RETRIES_VICTIM:
15164 		/*
15165 		 * Check the victim retry count. If exhausted, then fall
15166 		 * thru & check against the standard retry count.
15167 		 */
15168 		if (xp->xb_victim_retry_count < un->un_victim_retry_count) {
15169 			/* Increment count & proceed with the retry */
15170 			xp->xb_victim_retry_count++;
15171 			break;
15172 		}
15173 		/* Victim retries exhausted, fall back to std. retries... */
15174 		/* FALLTHRU */
15175 
15176 	case SD_RETRIES_STANDARD:
15177 		if (xp->xb_retry_count >= un->un_retry_count) {
15178 			/* Retries exhausted, fail the command */
15179 			SD_TRACE(SD_LOG_IO_CORE, un,
15180 			    "sd_retry_command: retries exhausted!\n");
15181 			/*
15182 			 * update b_resid for failed SCMD_READ & SCMD_WRITE
15183 			 * commands with nonzero pkt_resid.
15184 			 */
15185 			if ((pktp->pkt_reason == CMD_CMPLT) &&
15186 			    (SD_GET_PKT_STATUS(pktp) == STATUS_GOOD) &&
15187 			    (pktp->pkt_resid != 0)) {
15188 				uchar_t op = SD_GET_PKT_OPCODE(pktp) & 0x1F;
15189 				if ((op == SCMD_READ) || (op == SCMD_WRITE)) {
15190 					SD_UPDATE_B_RESID(bp, pktp);
15191 				}
15192 			}
15193 			goto fail_command;
15194 		}
15195 		xp->xb_retry_count++;
15196 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15197 		    "sd_retry_command: retry count:%d\n", xp->xb_retry_count);
15198 		break;
15199 
15200 	case SD_RETRIES_UA:
15201 		if (xp->xb_ua_retry_count >= sd_ua_retry_count) {
15202 			/* Retries exhausted, fail the command */
15203 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
15204 			    "Unit Attention retries exhausted. "
15205 			    "Check the target.\n");
15206 			goto fail_command;
15207 		}
15208 		xp->xb_ua_retry_count++;
15209 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15210 		    "sd_retry_command: retry count:%d\n",
15211 			xp->xb_ua_retry_count);
15212 		break;
15213 
15214 	case SD_RETRIES_BUSY:
15215 		if (xp->xb_retry_count >= un->un_busy_retry_count) {
15216 			/* Retries exhausted, fail the command */
15217 			SD_TRACE(SD_LOG_IO_CORE, un,
15218 			    "sd_retry_command: retries exhausted!\n");
15219 			goto fail_command;
15220 		}
15221 		xp->xb_retry_count++;
15222 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15223 		    "sd_retry_command: retry count:%d\n", xp->xb_retry_count);
15224 		break;
15225 
15226 	case SD_RETRIES_NOCHECK:
15227 	default:
15228 		/* No retry count to check. Just proceed with the retry */
15229 		break;
15230 	}
15231 
15232 	xp->xb_pktp->pkt_flags |= FLAG_HEAD;
15233 
15234 	/*
15235 	 * If we were given a zero timeout, we must attempt to retry the
15236 	 * command immediately (ie, without a delay).
15237 	 */
15238 	if (retry_delay == 0) {
15239 		/*
15240 		 * Check some limiting conditions to see if we can actually
15241 		 * do the immediate retry.  If we cannot, then we must
15242 		 * fall back to queueing up a delayed retry.
15243 		 */
15244 		if (un->un_ncmds_in_transport >= un->un_throttle) {
15245 			/*
15246 			 * We are at the throttle limit for the target,
15247 			 * fall back to delayed retry.
15248 			 */
15249 			retry_delay = SD_BSY_TIMEOUT;
15250 			statp = kstat_waitq_enter;
15251 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15252 			    "sd_retry_command: immed. retry hit "
15253 			    "throttle!\n");
15254 		} else {
15255 			/*
15256 			 * We're clear to proceed with the immediate retry.
15257 			 * First call the user-provided function (if any)
15258 			 */
15259 			if (user_funcp != NULL) {
15260 				(*user_funcp)(un, bp, user_arg,
15261 				    SD_IMMEDIATE_RETRY_ISSUED);
15262 			}
15263 
15264 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15265 			    "sd_retry_command: issuing immediate retry\n");
15266 
15267 			/*
15268 			 * Call sd_start_cmds() to transport the command to
15269 			 * the target.
15270 			 */
15271 			sd_start_cmds(un, bp);
15272 
15273 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15274 			    "sd_retry_command exit\n");
15275 			return;
15276 		}
15277 	}
15278 
15279 	/*
15280 	 * Set up to retry the command after a delay.
15281 	 * First call the user-provided function (if any)
15282 	 */
15283 	if (user_funcp != NULL) {
15284 		(*user_funcp)(un, bp, user_arg, SD_DELAYED_RETRY_ISSUED);
15285 	}
15286 
15287 	sd_set_retry_bp(un, bp, retry_delay, statp);
15288 
15289 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: exit\n");
15290 	return;
15291 
15292 fail_command:
15293 
15294 	if (user_funcp != NULL) {
15295 		(*user_funcp)(un, bp, user_arg, SD_NO_RETRY_ISSUED);
15296 	}
15297 
15298 fail_command_no_log:
15299 
15300 	SD_INFO(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15301 	    "sd_retry_command: returning failed command\n");
15302 
15303 	sd_return_failed_command(un, bp, failure_code);
15304 
15305 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: exit\n");
15306 }
15307 
15308 
15309 /*
15310  *    Function: sd_set_retry_bp
15311  *
15312  * Description: Set up the given bp for retry.
15313  *
15314  *   Arguments: un - ptr to associated softstate
15315  *		bp - ptr to buf(9S) for the command
15316  *		retry_delay - time interval before issuing retry (may be 0)
15317  *		statp - optional pointer to kstat function
15318  *
15319  *     Context: May be called under interrupt context
15320  */
15321 
15322 static void
15323 sd_set_retry_bp(struct sd_lun *un, struct buf *bp, clock_t retry_delay,
15324 	void (*statp)(kstat_io_t *))
15325 {
15326 	ASSERT(un != NULL);
15327 	ASSERT(mutex_owned(SD_MUTEX(un)));
15328 	ASSERT(bp != NULL);
15329 
15330 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
15331 	    "sd_set_retry_bp: entry: un:0x%p bp:0x%p\n", un, bp);
15332 
15333 	/*
15334 	 * Indicate that the command is being retried. This will not allow any
15335 	 * other commands on the wait queue to be transported to the target
15336 	 * until this command has been completed (success or failure). The
15337 	 * "retry command" is not transported to the target until the given
15338 	 * time delay expires, unless the user specified a 0 retry_delay.
15339 	 *
15340 	 * Note: the timeout(9F) callback routine is what actually calls
15341 	 * sd_start_cmds() to transport the command, with the exception of a
15342 	 * zero retry_delay. The only current implementor of a zero retry delay
15343 	 * is the case where a START_STOP_UNIT is sent to spin-up a device.
15344 	 */
15345 	if (un->un_retry_bp == NULL) {
15346 		ASSERT(un->un_retry_statp == NULL);
15347 		un->un_retry_bp = bp;
15348 
15349 		/*
15350 		 * If the user has not specified a delay the command should
15351 		 * be queued and no timeout should be scheduled.
15352 		 */
15353 		if (retry_delay == 0) {
15354 			/*
15355 			 * Save the kstat pointer that will be used in the
15356 			 * call to SD_UPDATE_KSTATS() below, so that
15357 			 * sd_start_cmds() can correctly decrement the waitq
15358 			 * count when it is time to transport this command.
15359 			 */
15360 			un->un_retry_statp = statp;
15361 			goto done;
15362 		}
15363 	}
15364 
15365 	if (un->un_retry_bp == bp) {
15366 		/*
15367 		 * Save the kstat pointer that will be used in the call to
15368 		 * SD_UPDATE_KSTATS() below, so that sd_start_cmds() can
15369 		 * correctly decrement the waitq count when it is time to
15370 		 * transport this command.
15371 		 */
15372 		un->un_retry_statp = statp;
15373 
15374 		/*
15375 		 * Schedule a timeout if:
15376 		 *   1) The user has specified a delay.
15377 		 *   2) There is not a START_STOP_UNIT callback pending.
15378 		 *
15379 		 * If no delay has been specified, then it is up to the caller
15380 		 * to ensure that IO processing continues without stalling.
15381 		 * Effectively, this means that the caller will issue the
15382 		 * required call to sd_start_cmds(). The START_STOP_UNIT
15383 		 * callback does this after the START STOP UNIT command has
15384 		 * completed. In either of these cases we should not schedule
15385 		 * a timeout callback here.  Also don't schedule the timeout if
15386 		 * an SD_PATH_DIRECT_PRIORITY command is waiting to restart.
15387 		 */
15388 		if ((retry_delay != 0) && (un->un_startstop_timeid == NULL) &&
15389 		    (un->un_direct_priority_timeid == NULL)) {
15390 			un->un_retry_timeid =
15391 			    timeout(sd_start_retry_command, un, retry_delay);
15392 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15393 			    "sd_set_retry_bp: setting timeout: un: 0x%p"
15394 			    " bp:0x%p un_retry_timeid:0x%p\n",
15395 			    un, bp, un->un_retry_timeid);
15396 		}
15397 	} else {
15398 		/*
15399 		 * We only get in here if there is already another command
15400 		 * waiting to be retried.  In this case, we just put the
15401 		 * given command onto the wait queue, so it can be transported
15402 		 * after the current retry command has completed.
15403 		 *
15404 		 * Also we have to make sure that if the command at the head
15405 		 * of the wait queue is the un_failfast_bp, that we do not
15406 		 * put ahead of it any other commands that are to be retried.
15407 		 */
15408 		if ((un->un_failfast_bp != NULL) &&
15409 		    (un->un_failfast_bp == un->un_waitq_headp)) {
15410 			/*
15411 			 * Enqueue this command AFTER the first command on
15412 			 * the wait queue (which is also un_failfast_bp).
15413 			 */
15414 			bp->av_forw = un->un_waitq_headp->av_forw;
15415 			un->un_waitq_headp->av_forw = bp;
15416 			if (un->un_waitq_headp == un->un_waitq_tailp) {
15417 				un->un_waitq_tailp = bp;
15418 			}
15419 		} else {
15420 			/* Enqueue this command at the head of the waitq. */
15421 			bp->av_forw = un->un_waitq_headp;
15422 			un->un_waitq_headp = bp;
15423 			if (un->un_waitq_tailp == NULL) {
15424 				un->un_waitq_tailp = bp;
15425 			}
15426 		}
15427 
15428 		if (statp == NULL) {
15429 			statp = kstat_waitq_enter;
15430 		}
15431 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15432 		    "sd_set_retry_bp: un:0x%p already delayed retry\n", un);
15433 	}
15434 
15435 done:
15436 	if (statp != NULL) {
15437 		SD_UPDATE_KSTATS(un, statp, bp);
15438 	}
15439 
15440 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15441 	    "sd_set_retry_bp: exit un:0x%p\n", un);
15442 }
15443 
15444 
15445 /*
15446  *    Function: sd_start_retry_command
15447  *
15448  * Description: Start the command that has been waiting on the target's
15449  *		retry queue.  Called from timeout(9F) context after the
15450  *		retry delay interval has expired.
15451  *
15452  *   Arguments: arg - pointer to associated softstate for the device.
15453  *
15454  *     Context: timeout(9F) thread context.  May not sleep.
15455  */
15456 
15457 static void
15458 sd_start_retry_command(void *arg)
15459 {
15460 	struct sd_lun *un = arg;
15461 
15462 	ASSERT(un != NULL);
15463 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15464 
15465 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15466 	    "sd_start_retry_command: entry\n");
15467 
15468 	mutex_enter(SD_MUTEX(un));
15469 
15470 	un->un_retry_timeid = NULL;
15471 
15472 	if (un->un_retry_bp != NULL) {
15473 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15474 		    "sd_start_retry_command: un:0x%p STARTING bp:0x%p\n",
15475 		    un, un->un_retry_bp);
15476 		sd_start_cmds(un, un->un_retry_bp);
15477 	}
15478 
15479 	mutex_exit(SD_MUTEX(un));
15480 
15481 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15482 	    "sd_start_retry_command: exit\n");
15483 }
15484 
15485 
15486 /*
15487  *    Function: sd_start_direct_priority_command
15488  *
15489  * Description: Used to re-start an SD_PATH_DIRECT_PRIORITY command that had
15490  *		received TRAN_BUSY when we called scsi_transport() to send it
15491  *		to the underlying HBA. This function is called from timeout(9F)
15492  *		context after the delay interval has expired.
15493  *
15494  *   Arguments: arg - pointer to associated buf(9S) to be restarted.
15495  *
15496  *     Context: timeout(9F) thread context.  May not sleep.
15497  */
15498 
15499 static void
15500 sd_start_direct_priority_command(void *arg)
15501 {
15502 	struct buf	*priority_bp = arg;
15503 	struct sd_lun	*un;
15504 
15505 	ASSERT(priority_bp != NULL);
15506 	un = SD_GET_UN(priority_bp);
15507 	ASSERT(un != NULL);
15508 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15509 
15510 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15511 	    "sd_start_direct_priority_command: entry\n");
15512 
15513 	mutex_enter(SD_MUTEX(un));
15514 	un->un_direct_priority_timeid = NULL;
15515 	sd_start_cmds(un, priority_bp);
15516 	mutex_exit(SD_MUTEX(un));
15517 
15518 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15519 	    "sd_start_direct_priority_command: exit\n");
15520 }
15521 
15522 
15523 /*
15524  *    Function: sd_send_request_sense_command
15525  *
15526  * Description: Sends a REQUEST SENSE command to the target
15527  *
15528  *     Context: May be called from interrupt context.
15529  */
15530 
15531 static void
15532 sd_send_request_sense_command(struct sd_lun *un, struct buf *bp,
15533 	struct scsi_pkt *pktp)
15534 {
15535 	ASSERT(bp != NULL);
15536 	ASSERT(un != NULL);
15537 	ASSERT(mutex_owned(SD_MUTEX(un)));
15538 
15539 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_send_request_sense_command: "
15540 	    "entry: buf:0x%p\n", bp);
15541 
15542 	/*
15543 	 * If we are syncing or dumping, then fail the command to avoid a
15544 	 * recursive callback into scsi_transport(). Also fail the command
15545 	 * if we are suspended (legacy behavior).
15546 	 */
15547 	if (ddi_in_panic() || (un->un_state == SD_STATE_SUSPENDED) ||
15548 	    (un->un_state == SD_STATE_DUMPING)) {
15549 		sd_return_failed_command(un, bp, EIO);
15550 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15551 		    "sd_send_request_sense_command: syncing/dumping, exit\n");
15552 		return;
15553 	}
15554 
15555 	/*
15556 	 * Retry the failed command and don't issue the request sense if:
15557 	 *    1) the sense buf is busy
15558 	 *    2) we have 1 or more outstanding commands on the target
15559 	 *    (the sense data will be cleared or invalidated any way)
15560 	 *
15561 	 * Note: There could be an issue with not checking a retry limit here,
15562 	 * the problem is determining which retry limit to check.
15563 	 */
15564 	if ((un->un_sense_isbusy != 0) || (un->un_ncmds_in_transport > 0)) {
15565 		/* Don't retry if the command is flagged as non-retryable */
15566 		if ((pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
15567 			sd_retry_command(un, bp, SD_RETRIES_NOCHECK,
15568 			    NULL, NULL, 0, SD_BSY_TIMEOUT, kstat_waitq_enter);
15569 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15570 			    "sd_send_request_sense_command: "
15571 			    "at full throttle, retrying exit\n");
15572 		} else {
15573 			sd_return_failed_command(un, bp, EIO);
15574 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15575 			    "sd_send_request_sense_command: "
15576 			    "at full throttle, non-retryable exit\n");
15577 		}
15578 		return;
15579 	}
15580 
15581 	sd_mark_rqs_busy(un, bp);
15582 	sd_start_cmds(un, un->un_rqs_bp);
15583 
15584 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15585 	    "sd_send_request_sense_command: exit\n");
15586 }
15587 
15588 
15589 /*
15590  *    Function: sd_mark_rqs_busy
15591  *
15592  * Description: Indicate that the request sense bp for this instance is
15593  *		in use.
15594  *
15595  *     Context: May be called under interrupt context
15596  */
15597 
15598 static void
15599 sd_mark_rqs_busy(struct sd_lun *un, struct buf *bp)
15600 {
15601 	struct sd_xbuf	*sense_xp;
15602 
15603 	ASSERT(un != NULL);
15604 	ASSERT(bp != NULL);
15605 	ASSERT(mutex_owned(SD_MUTEX(un)));
15606 	ASSERT(un->un_sense_isbusy == 0);
15607 
15608 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_mark_rqs_busy: entry: "
15609 	    "buf:0x%p xp:0x%p un:0x%p\n", bp, SD_GET_XBUF(bp), un);
15610 
15611 	sense_xp = SD_GET_XBUF(un->un_rqs_bp);
15612 	ASSERT(sense_xp != NULL);
15613 
15614 	SD_INFO(SD_LOG_IO, un,
15615 	    "sd_mark_rqs_busy: entry: sense_xp:0x%p\n", sense_xp);
15616 
15617 	ASSERT(sense_xp->xb_pktp != NULL);
15618 	ASSERT((sense_xp->xb_pktp->pkt_flags & (FLAG_SENSING | FLAG_HEAD))
15619 	    == (FLAG_SENSING | FLAG_HEAD));
15620 
15621 	un->un_sense_isbusy = 1;
15622 	un->un_rqs_bp->b_resid = 0;
15623 	sense_xp->xb_pktp->pkt_resid  = 0;
15624 	sense_xp->xb_pktp->pkt_reason = 0;
15625 
15626 	/* So we can get back the bp at interrupt time! */
15627 	sense_xp->xb_sense_bp = bp;
15628 
15629 	bzero(un->un_rqs_bp->b_un.b_addr, SENSE_LENGTH);
15630 
15631 	/*
15632 	 * Mark this buf as awaiting sense data. (This is already set in
15633 	 * the pkt_flags for the RQS packet.)
15634 	 */
15635 	((SD_GET_XBUF(bp))->xb_pktp)->pkt_flags |= FLAG_SENSING;
15636 
15637 	sense_xp->xb_retry_count	= 0;
15638 	sense_xp->xb_victim_retry_count = 0;
15639 	sense_xp->xb_ua_retry_count	= 0;
15640 	sense_xp->xb_dma_resid  = 0;
15641 
15642 	/* Clean up the fields for auto-request sense */
15643 	sense_xp->xb_sense_status = 0;
15644 	sense_xp->xb_sense_state  = 0;
15645 	sense_xp->xb_sense_resid  = 0;
15646 	bzero(sense_xp->xb_sense_data, sizeof (sense_xp->xb_sense_data));
15647 
15648 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_mark_rqs_busy: exit\n");
15649 }
15650 
15651 
15652 /*
15653  *    Function: sd_mark_rqs_idle
15654  *
15655  * Description: SD_MUTEX must be held continuously through this routine
15656  *		to prevent reuse of the rqs struct before the caller can
15657  *		complete it's processing.
15658  *
15659  * Return Code: Pointer to the RQS buf
15660  *
15661  *     Context: May be called under interrupt context
15662  */
15663 
15664 static struct buf *
15665 sd_mark_rqs_idle(struct sd_lun *un, struct sd_xbuf *sense_xp)
15666 {
15667 	struct buf *bp;
15668 	ASSERT(un != NULL);
15669 	ASSERT(sense_xp != NULL);
15670 	ASSERT(mutex_owned(SD_MUTEX(un)));
15671 	ASSERT(un->un_sense_isbusy != 0);
15672 
15673 	un->un_sense_isbusy = 0;
15674 	bp = sense_xp->xb_sense_bp;
15675 	sense_xp->xb_sense_bp = NULL;
15676 
15677 	/* This pkt is no longer interested in getting sense data */
15678 	((SD_GET_XBUF(bp))->xb_pktp)->pkt_flags &= ~FLAG_SENSING;
15679 
15680 	return (bp);
15681 }
15682 
15683 
15684 
15685 /*
15686  *    Function: sd_alloc_rqs
15687  *
15688  * Description: Set up the unit to receive auto request sense data
15689  *
15690  * Return Code: DDI_SUCCESS or DDI_FAILURE
15691  *
15692  *     Context: Called under attach(9E) context
15693  */
15694 
15695 static int
15696 sd_alloc_rqs(struct scsi_device *devp, struct sd_lun *un)
15697 {
15698 	struct sd_xbuf *xp;
15699 
15700 	ASSERT(un != NULL);
15701 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15702 	ASSERT(un->un_rqs_bp == NULL);
15703 	ASSERT(un->un_rqs_pktp == NULL);
15704 
15705 	/*
15706 	 * First allocate the required buf and scsi_pkt structs, then set up
15707 	 * the CDB in the scsi_pkt for a REQUEST SENSE command.
15708 	 */
15709 	un->un_rqs_bp = scsi_alloc_consistent_buf(&devp->sd_address, NULL,
15710 	    SENSE_LENGTH, B_READ, SLEEP_FUNC, NULL);
15711 	if (un->un_rqs_bp == NULL) {
15712 		return (DDI_FAILURE);
15713 	}
15714 
15715 	un->un_rqs_pktp = scsi_init_pkt(&devp->sd_address, NULL, un->un_rqs_bp,
15716 	    CDB_GROUP0, 1, 0, PKT_CONSISTENT, SLEEP_FUNC, NULL);
15717 
15718 	if (un->un_rqs_pktp == NULL) {
15719 		sd_free_rqs(un);
15720 		return (DDI_FAILURE);
15721 	}
15722 
15723 	/* Set up the CDB in the scsi_pkt for a REQUEST SENSE command. */
15724 	(void) scsi_setup_cdb((union scsi_cdb *)un->un_rqs_pktp->pkt_cdbp,
15725 	    SCMD_REQUEST_SENSE, 0, SENSE_LENGTH, 0);
15726 
15727 	SD_FILL_SCSI1_LUN(un, un->un_rqs_pktp);
15728 
15729 	/* Set up the other needed members in the ARQ scsi_pkt. */
15730 	un->un_rqs_pktp->pkt_comp   = sdintr;
15731 	un->un_rqs_pktp->pkt_time   = sd_io_time;
15732 	un->un_rqs_pktp->pkt_flags |=
15733 	    (FLAG_SENSING | FLAG_HEAD);	/* (1222170) */
15734 
15735 	/*
15736 	 * Allocate  & init the sd_xbuf struct for the RQS command. Do not
15737 	 * provide any intpkt, destroypkt routines as we take care of
15738 	 * scsi_pkt allocation/freeing here and in sd_free_rqs().
15739 	 */
15740 	xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
15741 	sd_xbuf_init(un, un->un_rqs_bp, xp, SD_CHAIN_NULL, NULL);
15742 	xp->xb_pktp = un->un_rqs_pktp;
15743 	SD_INFO(SD_LOG_ATTACH_DETACH, un,
15744 	    "sd_alloc_rqs: un 0x%p, rqs  xp 0x%p,  pkt 0x%p,  buf 0x%p\n",
15745 	    un, xp, un->un_rqs_pktp, un->un_rqs_bp);
15746 
15747 	/*
15748 	 * Save the pointer to the request sense private bp so it can
15749 	 * be retrieved in sdintr.
15750 	 */
15751 	un->un_rqs_pktp->pkt_private = un->un_rqs_bp;
15752 	ASSERT(un->un_rqs_bp->b_private == xp);
15753 
15754 	/*
15755 	 * See if the HBA supports auto-request sense for the specified
15756 	 * target/lun. If it does, then try to enable it (if not already
15757 	 * enabled).
15758 	 *
15759 	 * Note: For some HBAs (ifp & sf), scsi_ifsetcap will always return
15760 	 * failure, while for other HBAs (pln) scsi_ifsetcap will always
15761 	 * return success.  However, in both of these cases ARQ is always
15762 	 * enabled and scsi_ifgetcap will always return true. The best approach
15763 	 * is to issue the scsi_ifgetcap() first, then try the scsi_ifsetcap().
15764 	 *
15765 	 * The 3rd case is the HBA (adp) always return enabled on
15766 	 * scsi_ifgetgetcap even when it's not enable, the best approach
15767 	 * is issue a scsi_ifsetcap then a scsi_ifgetcap
15768 	 * Note: this case is to circumvent the Adaptec bug. (x86 only)
15769 	 */
15770 
15771 	if (un->un_f_is_fibre == TRUE) {
15772 		un->un_f_arq_enabled = TRUE;
15773 	} else {
15774 #if defined(__i386) || defined(__amd64)
15775 		/*
15776 		 * Circumvent the Adaptec bug, remove this code when
15777 		 * the bug is fixed
15778 		 */
15779 		(void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 1, 1);
15780 #endif
15781 		switch (scsi_ifgetcap(SD_ADDRESS(un), "auto-rqsense", 1)) {
15782 		case 0:
15783 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15784 				"sd_alloc_rqs: HBA supports ARQ\n");
15785 			/*
15786 			 * ARQ is supported by this HBA but currently is not
15787 			 * enabled. Attempt to enable it and if successful then
15788 			 * mark this instance as ARQ enabled.
15789 			 */
15790 			if (scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 1, 1)
15791 				== 1) {
15792 				/* Successfully enabled ARQ in the HBA */
15793 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
15794 					"sd_alloc_rqs: ARQ enabled\n");
15795 				un->un_f_arq_enabled = TRUE;
15796 			} else {
15797 				/* Could not enable ARQ in the HBA */
15798 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
15799 				"sd_alloc_rqs: failed ARQ enable\n");
15800 				un->un_f_arq_enabled = FALSE;
15801 			}
15802 			break;
15803 		case 1:
15804 			/*
15805 			 * ARQ is supported by this HBA and is already enabled.
15806 			 * Just mark ARQ as enabled for this instance.
15807 			 */
15808 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15809 				"sd_alloc_rqs: ARQ already enabled\n");
15810 			un->un_f_arq_enabled = TRUE;
15811 			break;
15812 		default:
15813 			/*
15814 			 * ARQ is not supported by this HBA; disable it for this
15815 			 * instance.
15816 			 */
15817 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15818 				"sd_alloc_rqs: HBA does not support ARQ\n");
15819 			un->un_f_arq_enabled = FALSE;
15820 			break;
15821 		}
15822 	}
15823 
15824 	return (DDI_SUCCESS);
15825 }
15826 
15827 
15828 /*
15829  *    Function: sd_free_rqs
15830  *
15831  * Description: Cleanup for the pre-instance RQS command.
15832  *
15833  *     Context: Kernel thread context
15834  */
15835 
15836 static void
15837 sd_free_rqs(struct sd_lun *un)
15838 {
15839 	ASSERT(un != NULL);
15840 
15841 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_free_rqs: entry\n");
15842 
15843 	/*
15844 	 * If consistent memory is bound to a scsi_pkt, the pkt
15845 	 * has to be destroyed *before* freeing the consistent memory.
15846 	 * Don't change the sequence of this operations.
15847 	 * scsi_destroy_pkt() might access memory, which isn't allowed,
15848 	 * after it was freed in scsi_free_consistent_buf().
15849 	 */
15850 	if (un->un_rqs_pktp != NULL) {
15851 		scsi_destroy_pkt(un->un_rqs_pktp);
15852 		un->un_rqs_pktp = NULL;
15853 	}
15854 
15855 	if (un->un_rqs_bp != NULL) {
15856 		kmem_free(SD_GET_XBUF(un->un_rqs_bp), sizeof (struct sd_xbuf));
15857 		scsi_free_consistent_buf(un->un_rqs_bp);
15858 		un->un_rqs_bp = NULL;
15859 	}
15860 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_free_rqs: exit\n");
15861 }
15862 
15863 
15864 
15865 /*
15866  *    Function: sd_reduce_throttle
15867  *
15868  * Description: Reduces the maximun # of outstanding commands on a
15869  *		target to the current number of outstanding commands.
15870  *		Queues a tiemout(9F) callback to restore the limit
15871  *		after a specified interval has elapsed.
15872  *		Typically used when we get a TRAN_BUSY return code
15873  *		back from scsi_transport().
15874  *
15875  *   Arguments: un - ptr to the sd_lun softstate struct
15876  *		throttle_type: SD_THROTTLE_TRAN_BUSY or SD_THROTTLE_QFULL
15877  *
15878  *     Context: May be called from interrupt context
15879  */
15880 
15881 static void
15882 sd_reduce_throttle(struct sd_lun *un, int throttle_type)
15883 {
15884 	ASSERT(un != NULL);
15885 	ASSERT(mutex_owned(SD_MUTEX(un)));
15886 	ASSERT(un->un_ncmds_in_transport >= 0);
15887 
15888 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reduce_throttle: "
15889 	    "entry: un:0x%p un_throttle:%d un_ncmds_in_transport:%d\n",
15890 	    un, un->un_throttle, un->un_ncmds_in_transport);
15891 
15892 	if (un->un_throttle > 1) {
15893 		if (un->un_f_use_adaptive_throttle == TRUE) {
15894 			switch (throttle_type) {
15895 			case SD_THROTTLE_TRAN_BUSY:
15896 				if (un->un_busy_throttle == 0) {
15897 					un->un_busy_throttle = un->un_throttle;
15898 				}
15899 				break;
15900 			case SD_THROTTLE_QFULL:
15901 				un->un_busy_throttle = 0;
15902 				break;
15903 			default:
15904 				ASSERT(FALSE);
15905 			}
15906 
15907 			if (un->un_ncmds_in_transport > 0) {
15908 			    un->un_throttle = un->un_ncmds_in_transport;
15909 			}
15910 
15911 		} else {
15912 			if (un->un_ncmds_in_transport == 0) {
15913 				un->un_throttle = 1;
15914 			} else {
15915 				un->un_throttle = un->un_ncmds_in_transport;
15916 			}
15917 		}
15918 	}
15919 
15920 	/* Reschedule the timeout if none is currently active */
15921 	if (un->un_reset_throttle_timeid == NULL) {
15922 		un->un_reset_throttle_timeid = timeout(sd_restore_throttle,
15923 		    un, SD_THROTTLE_RESET_INTERVAL);
15924 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15925 		    "sd_reduce_throttle: timeout scheduled!\n");
15926 	}
15927 
15928 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reduce_throttle: "
15929 	    "exit: un:0x%p un_throttle:%d\n", un, un->un_throttle);
15930 }
15931 
15932 
15933 
15934 /*
15935  *    Function: sd_restore_throttle
15936  *
15937  * Description: Callback function for timeout(9F).  Resets the current
15938  *		value of un->un_throttle to its default.
15939  *
15940  *   Arguments: arg - pointer to associated softstate for the device.
15941  *
15942  *     Context: May be called from interrupt context
15943  */
15944 
15945 static void
15946 sd_restore_throttle(void *arg)
15947 {
15948 	struct sd_lun	*un = arg;
15949 
15950 	ASSERT(un != NULL);
15951 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15952 
15953 	mutex_enter(SD_MUTEX(un));
15954 
15955 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: "
15956 	    "entry: un:0x%p un_throttle:%d\n", un, un->un_throttle);
15957 
15958 	un->un_reset_throttle_timeid = NULL;
15959 
15960 	if (un->un_f_use_adaptive_throttle == TRUE) {
15961 		/*
15962 		 * If un_busy_throttle is nonzero, then it contains the
15963 		 * value that un_throttle was when we got a TRAN_BUSY back
15964 		 * from scsi_transport(). We want to revert back to this
15965 		 * value.
15966 		 *
15967 		 * In the QFULL case, the throttle limit will incrementally
15968 		 * increase until it reaches max throttle.
15969 		 */
15970 		if (un->un_busy_throttle > 0) {
15971 			un->un_throttle = un->un_busy_throttle;
15972 			un->un_busy_throttle = 0;
15973 		} else {
15974 			/*
15975 			 * increase throttle by 10% open gate slowly, schedule
15976 			 * another restore if saved throttle has not been
15977 			 * reached
15978 			 */
15979 			short throttle;
15980 			if (sd_qfull_throttle_enable) {
15981 				throttle = un->un_throttle +
15982 				    max((un->un_throttle / 10), 1);
15983 				un->un_throttle =
15984 				    (throttle < un->un_saved_throttle) ?
15985 				    throttle : un->un_saved_throttle;
15986 				if (un->un_throttle < un->un_saved_throttle) {
15987 				    un->un_reset_throttle_timeid =
15988 					timeout(sd_restore_throttle,
15989 					un, SD_QFULL_THROTTLE_RESET_INTERVAL);
15990 				}
15991 			}
15992 		}
15993 
15994 		/*
15995 		 * If un_throttle has fallen below the low-water mark, we
15996 		 * restore the maximum value here (and allow it to ratchet
15997 		 * down again if necessary).
15998 		 */
15999 		if (un->un_throttle < un->un_min_throttle) {
16000 			un->un_throttle = un->un_saved_throttle;
16001 		}
16002 	} else {
16003 		SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: "
16004 		    "restoring limit from 0x%x to 0x%x\n",
16005 		    un->un_throttle, un->un_saved_throttle);
16006 		un->un_throttle = un->un_saved_throttle;
16007 	}
16008 
16009 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
16010 	    "sd_restore_throttle: calling sd_start_cmds!\n");
16011 
16012 	sd_start_cmds(un, NULL);
16013 
16014 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
16015 	    "sd_restore_throttle: exit: un:0x%p un_throttle:%d\n",
16016 	    un, un->un_throttle);
16017 
16018 	mutex_exit(SD_MUTEX(un));
16019 
16020 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: exit\n");
16021 }
16022 
16023 /*
16024  *    Function: sdrunout
16025  *
16026  * Description: Callback routine for scsi_init_pkt when a resource allocation
16027  *		fails.
16028  *
16029  *   Arguments: arg - a pointer to the sd_lun unit struct for the particular
16030  *		soft state instance.
16031  *
16032  * Return Code: The scsi_init_pkt routine allows for the callback function to
16033  *		return a 0 indicating the callback should be rescheduled or a 1
16034  *		indicating not to reschedule. This routine always returns 1
16035  *		because the driver always provides a callback function to
16036  *		scsi_init_pkt. This results in a callback always being scheduled
16037  *		(via the scsi_init_pkt callback implementation) if a resource
16038  *		failure occurs.
16039  *
16040  *     Context: This callback function may not block or call routines that block
16041  *
16042  *        Note: Using the scsi_init_pkt callback facility can result in an I/O
16043  *		request persisting at the head of the list which cannot be
16044  *		satisfied even after multiple retries. In the future the driver
16045  *		may implement some time of maximum runout count before failing
16046  *		an I/O.
16047  */
16048 
16049 static int
16050 sdrunout(caddr_t arg)
16051 {
16052 	struct sd_lun	*un = (struct sd_lun *)arg;
16053 
16054 	ASSERT(un != NULL);
16055 	ASSERT(!mutex_owned(SD_MUTEX(un)));
16056 
16057 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdrunout: entry\n");
16058 
16059 	mutex_enter(SD_MUTEX(un));
16060 	sd_start_cmds(un, NULL);
16061 	mutex_exit(SD_MUTEX(un));
16062 	/*
16063 	 * This callback routine always returns 1 (i.e. do not reschedule)
16064 	 * because we always specify sdrunout as the callback handler for
16065 	 * scsi_init_pkt inside the call to sd_start_cmds.
16066 	 */
16067 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdrunout: exit\n");
16068 	return (1);
16069 }
16070 
16071 
16072 /*
16073  *    Function: sdintr
16074  *
16075  * Description: Completion callback routine for scsi_pkt(9S) structs
16076  *		sent to the HBA driver via scsi_transport(9F).
16077  *
16078  *     Context: Interrupt context
16079  */
16080 
16081 static void
16082 sdintr(struct scsi_pkt *pktp)
16083 {
16084 	struct buf	*bp;
16085 	struct sd_xbuf	*xp;
16086 	struct sd_lun	*un;
16087 
16088 	ASSERT(pktp != NULL);
16089 	bp = (struct buf *)pktp->pkt_private;
16090 	ASSERT(bp != NULL);
16091 	xp = SD_GET_XBUF(bp);
16092 	ASSERT(xp != NULL);
16093 	ASSERT(xp->xb_pktp != NULL);
16094 	un = SD_GET_UN(bp);
16095 	ASSERT(un != NULL);
16096 	ASSERT(!mutex_owned(SD_MUTEX(un)));
16097 
16098 #ifdef SD_FAULT_INJECTION
16099 
16100 	SD_INFO(SD_LOG_IOERR, un, "sdintr: sdintr calling Fault injection\n");
16101 	/* SD FaultInjection */
16102 	sd_faultinjection(pktp);
16103 
16104 #endif /* SD_FAULT_INJECTION */
16105 
16106 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdintr: entry: buf:0x%p,"
16107 	    " xp:0x%p, un:0x%p\n", bp, xp, un);
16108 
16109 	mutex_enter(SD_MUTEX(un));
16110 
16111 	/* Reduce the count of the #commands currently in transport */
16112 	un->un_ncmds_in_transport--;
16113 	ASSERT(un->un_ncmds_in_transport >= 0);
16114 
16115 	/* Increment counter to indicate that the callback routine is active */
16116 	un->un_in_callback++;
16117 
16118 	SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
16119 
16120 #ifdef	SDDEBUG
16121 	if (bp == un->un_retry_bp) {
16122 		SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sdintr: "
16123 		    "un:0x%p: GOT retry_bp:0x%p un_ncmds_in_transport:%d\n",
16124 		    un, un->un_retry_bp, un->un_ncmds_in_transport);
16125 	}
16126 #endif
16127 
16128 	/*
16129 	 * If pkt_reason is CMD_DEV_GONE, just fail the command
16130 	 */
16131 	if (pktp->pkt_reason == CMD_DEV_GONE) {
16132 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16133 			    "Device is gone\n");
16134 		sd_return_failed_command(un, bp, EIO);
16135 		goto exit;
16136 	}
16137 
16138 	/*
16139 	 * First see if the pkt has auto-request sense data with it....
16140 	 * Look at the packet state first so we don't take a performance
16141 	 * hit looking at the arq enabled flag unless absolutely necessary.
16142 	 */
16143 	if ((pktp->pkt_state & STATE_ARQ_DONE) &&
16144 	    (un->un_f_arq_enabled == TRUE)) {
16145 		/*
16146 		 * The HBA did an auto request sense for this command so check
16147 		 * for FLAG_DIAGNOSE. If set this indicates a uscsi or internal
16148 		 * driver command that should not be retried.
16149 		 */
16150 		if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
16151 			/*
16152 			 * Save the relevant sense info into the xp for the
16153 			 * original cmd.
16154 			 */
16155 			struct scsi_arq_status *asp;
16156 			asp = (struct scsi_arq_status *)(pktp->pkt_scbp);
16157 			xp->xb_sense_status =
16158 			    *((uchar_t *)(&(asp->sts_rqpkt_status)));
16159 			xp->xb_sense_state  = asp->sts_rqpkt_state;
16160 			xp->xb_sense_resid  = asp->sts_rqpkt_resid;
16161 			bcopy(&asp->sts_sensedata, xp->xb_sense_data,
16162 			    min(sizeof (struct scsi_extended_sense),
16163 			    SENSE_LENGTH));
16164 
16165 			/* fail the command */
16166 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16167 			    "sdintr: arq done and FLAG_DIAGNOSE set\n");
16168 			sd_return_failed_command(un, bp, EIO);
16169 			goto exit;
16170 		}
16171 
16172 #if (defined(__i386) || defined(__amd64))	/* DMAFREE for x86 only */
16173 		/*
16174 		 * We want to either retry or fail this command, so free
16175 		 * the DMA resources here.  If we retry the command then
16176 		 * the DMA resources will be reallocated in sd_start_cmds().
16177 		 * Note that when PKT_DMA_PARTIAL is used, this reallocation
16178 		 * causes the *entire* transfer to start over again from the
16179 		 * beginning of the request, even for PARTIAL chunks that
16180 		 * have already transferred successfully.
16181 		 */
16182 		if ((un->un_f_is_fibre == TRUE) &&
16183 		    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
16184 		    ((pktp->pkt_flags & FLAG_SENSING) == 0))  {
16185 			scsi_dmafree(pktp);
16186 			xp->xb_pkt_flags |= SD_XB_DMA_FREED;
16187 		}
16188 #endif
16189 
16190 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16191 		    "sdintr: arq done, sd_handle_auto_request_sense\n");
16192 
16193 		sd_handle_auto_request_sense(un, bp, xp, pktp);
16194 		goto exit;
16195 	}
16196 
16197 	/* Next see if this is the REQUEST SENSE pkt for the instance */
16198 	if (pktp->pkt_flags & FLAG_SENSING)  {
16199 		/* This pktp is from the unit's REQUEST_SENSE command */
16200 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16201 		    "sdintr: sd_handle_request_sense\n");
16202 		sd_handle_request_sense(un, bp, xp, pktp);
16203 		goto exit;
16204 	}
16205 
16206 	/*
16207 	 * Check to see if the command successfully completed as requested;
16208 	 * this is the most common case (and also the hot performance path).
16209 	 *
16210 	 * Requirements for successful completion are:
16211 	 * pkt_reason is CMD_CMPLT and packet status is status good.
16212 	 * In addition:
16213 	 * - A residual of zero indicates successful completion no matter what
16214 	 *   the command is.
16215 	 * - If the residual is not zero and the command is not a read or
16216 	 *   write, then it's still defined as successful completion. In other
16217 	 *   words, if the command is a read or write the residual must be
16218 	 *   zero for successful completion.
16219 	 * - If the residual is not zero and the command is a read or
16220 	 *   write, and it's a USCSICMD, then it's still defined as
16221 	 *   successful completion.
16222 	 */
16223 	if ((pktp->pkt_reason == CMD_CMPLT) &&
16224 	    (SD_GET_PKT_STATUS(pktp) == STATUS_GOOD)) {
16225 
16226 		/*
16227 		 * Since this command is returned with a good status, we
16228 		 * can reset the count for Sonoma failover.
16229 		 */
16230 		un->un_sonoma_failure_count = 0;
16231 
16232 		/*
16233 		 * Return all USCSI commands on good status
16234 		 */
16235 		if (pktp->pkt_resid == 0) {
16236 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16237 			    "sdintr: returning command for resid == 0\n");
16238 		} else if (((SD_GET_PKT_OPCODE(pktp) & 0x1F) != SCMD_READ) &&
16239 		    ((SD_GET_PKT_OPCODE(pktp) & 0x1F) != SCMD_WRITE)) {
16240 			SD_UPDATE_B_RESID(bp, pktp);
16241 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16242 			    "sdintr: returning command for resid != 0\n");
16243 		} else if (xp->xb_pkt_flags & SD_XB_USCSICMD) {
16244 			SD_UPDATE_B_RESID(bp, pktp);
16245 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16246 				"sdintr: returning uscsi command\n");
16247 		} else {
16248 			goto not_successful;
16249 		}
16250 		sd_return_command(un, bp);
16251 
16252 		/*
16253 		 * Decrement counter to indicate that the callback routine
16254 		 * is done.
16255 		 */
16256 		un->un_in_callback--;
16257 		ASSERT(un->un_in_callback >= 0);
16258 		mutex_exit(SD_MUTEX(un));
16259 
16260 		return;
16261 	}
16262 
16263 not_successful:
16264 
16265 #if (defined(__i386) || defined(__amd64))	/* DMAFREE for x86 only */
16266 	/*
16267 	 * The following is based upon knowledge of the underlying transport
16268 	 * and its use of DMA resources.  This code should be removed when
16269 	 * PKT_DMA_PARTIAL support is taken out of the disk driver in favor
16270 	 * of the new PKT_CMD_BREAKUP protocol. See also sd_initpkt_for_buf()
16271 	 * and sd_start_cmds().
16272 	 *
16273 	 * Free any DMA resources associated with this command if there
16274 	 * is a chance it could be retried or enqueued for later retry.
16275 	 * If we keep the DMA binding then mpxio cannot reissue the
16276 	 * command on another path whenever a path failure occurs.
16277 	 *
16278 	 * Note that when PKT_DMA_PARTIAL is used, free/reallocation
16279 	 * causes the *entire* transfer to start over again from the
16280 	 * beginning of the request, even for PARTIAL chunks that
16281 	 * have already transferred successfully.
16282 	 *
16283 	 * This is only done for non-uscsi commands (and also skipped for the
16284 	 * driver's internal RQS command). Also just do this for Fibre Channel
16285 	 * devices as these are the only ones that support mpxio.
16286 	 */
16287 	if ((un->un_f_is_fibre == TRUE) &&
16288 	    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
16289 	    ((pktp->pkt_flags & FLAG_SENSING) == 0))  {
16290 		scsi_dmafree(pktp);
16291 		xp->xb_pkt_flags |= SD_XB_DMA_FREED;
16292 	}
16293 #endif
16294 
16295 	/*
16296 	 * The command did not successfully complete as requested so check
16297 	 * for FLAG_DIAGNOSE. If set this indicates a uscsi or internal
16298 	 * driver command that should not be retried so just return. If
16299 	 * FLAG_DIAGNOSE is not set the error will be processed below.
16300 	 */
16301 	if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
16302 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16303 		    "sdintr: FLAG_DIAGNOSE: sd_return_failed_command\n");
16304 		/*
16305 		 * Issue a request sense if a check condition caused the error
16306 		 * (we handle the auto request sense case above), otherwise
16307 		 * just fail the command.
16308 		 */
16309 		if ((pktp->pkt_reason == CMD_CMPLT) &&
16310 		    (SD_GET_PKT_STATUS(pktp) == STATUS_CHECK)) {
16311 			sd_send_request_sense_command(un, bp, pktp);
16312 		} else {
16313 			sd_return_failed_command(un, bp, EIO);
16314 		}
16315 		goto exit;
16316 	}
16317 
16318 	/*
16319 	 * The command did not successfully complete as requested so process
16320 	 * the error, retry, and/or attempt recovery.
16321 	 */
16322 	switch (pktp->pkt_reason) {
16323 	case CMD_CMPLT:
16324 		switch (SD_GET_PKT_STATUS(pktp)) {
16325 		case STATUS_GOOD:
16326 			/*
16327 			 * The command completed successfully with a non-zero
16328 			 * residual
16329 			 */
16330 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16331 			    "sdintr: STATUS_GOOD \n");
16332 			sd_pkt_status_good(un, bp, xp, pktp);
16333 			break;
16334 
16335 		case STATUS_CHECK:
16336 		case STATUS_TERMINATED:
16337 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16338 			    "sdintr: STATUS_TERMINATED | STATUS_CHECK\n");
16339 			sd_pkt_status_check_condition(un, bp, xp, pktp);
16340 			break;
16341 
16342 		case STATUS_BUSY:
16343 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16344 			    "sdintr: STATUS_BUSY\n");
16345 			sd_pkt_status_busy(un, bp, xp, pktp);
16346 			break;
16347 
16348 		case STATUS_RESERVATION_CONFLICT:
16349 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16350 			    "sdintr: STATUS_RESERVATION_CONFLICT\n");
16351 			sd_pkt_status_reservation_conflict(un, bp, xp, pktp);
16352 			break;
16353 
16354 		case STATUS_QFULL:
16355 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16356 			    "sdintr: STATUS_QFULL\n");
16357 			sd_pkt_status_qfull(un, bp, xp, pktp);
16358 			break;
16359 
16360 		case STATUS_MET:
16361 		case STATUS_INTERMEDIATE:
16362 		case STATUS_SCSI2:
16363 		case STATUS_INTERMEDIATE_MET:
16364 		case STATUS_ACA_ACTIVE:
16365 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16366 			    "Unexpected SCSI status received: 0x%x\n",
16367 			    SD_GET_PKT_STATUS(pktp));
16368 			sd_return_failed_command(un, bp, EIO);
16369 			break;
16370 
16371 		default:
16372 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16373 			    "Invalid SCSI status received: 0x%x\n",
16374 			    SD_GET_PKT_STATUS(pktp));
16375 			sd_return_failed_command(un, bp, EIO);
16376 			break;
16377 
16378 		}
16379 		break;
16380 
16381 	case CMD_INCOMPLETE:
16382 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16383 		    "sdintr:  CMD_INCOMPLETE\n");
16384 		sd_pkt_reason_cmd_incomplete(un, bp, xp, pktp);
16385 		break;
16386 	case CMD_TRAN_ERR:
16387 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16388 		    "sdintr: CMD_TRAN_ERR\n");
16389 		sd_pkt_reason_cmd_tran_err(un, bp, xp, pktp);
16390 		break;
16391 	case CMD_RESET:
16392 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16393 		    "sdintr: CMD_RESET \n");
16394 		sd_pkt_reason_cmd_reset(un, bp, xp, pktp);
16395 		break;
16396 	case CMD_ABORTED:
16397 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16398 		    "sdintr: CMD_ABORTED \n");
16399 		sd_pkt_reason_cmd_aborted(un, bp, xp, pktp);
16400 		break;
16401 	case CMD_TIMEOUT:
16402 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16403 		    "sdintr: CMD_TIMEOUT\n");
16404 		sd_pkt_reason_cmd_timeout(un, bp, xp, pktp);
16405 		break;
16406 	case CMD_UNX_BUS_FREE:
16407 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16408 		    "sdintr: CMD_UNX_BUS_FREE \n");
16409 		sd_pkt_reason_cmd_unx_bus_free(un, bp, xp, pktp);
16410 		break;
16411 	case CMD_TAG_REJECT:
16412 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16413 		    "sdintr: CMD_TAG_REJECT\n");
16414 		sd_pkt_reason_cmd_tag_reject(un, bp, xp, pktp);
16415 		break;
16416 	default:
16417 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16418 		    "sdintr: default\n");
16419 		sd_pkt_reason_default(un, bp, xp, pktp);
16420 		break;
16421 	}
16422 
16423 exit:
16424 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdintr: exit\n");
16425 
16426 	/* Decrement counter to indicate that the callback routine is done. */
16427 	un->un_in_callback--;
16428 	ASSERT(un->un_in_callback >= 0);
16429 
16430 	/*
16431 	 * At this point, the pkt has been dispatched, ie, it is either
16432 	 * being re-tried or has been returned to its caller and should
16433 	 * not be referenced.
16434 	 */
16435 
16436 	mutex_exit(SD_MUTEX(un));
16437 }
16438 
16439 
16440 /*
16441  *    Function: sd_print_incomplete_msg
16442  *
16443  * Description: Prints the error message for a CMD_INCOMPLETE error.
16444  *
16445  *   Arguments: un - ptr to associated softstate for the device.
16446  *		bp - ptr to the buf(9S) for the command.
16447  *		arg - message string ptr
16448  *		code - SD_DELAYED_RETRY_ISSUED, SD_IMMEDIATE_RETRY_ISSUED,
16449  *			or SD_NO_RETRY_ISSUED.
16450  *
16451  *     Context: May be called under interrupt context
16452  */
16453 
16454 static void
16455 sd_print_incomplete_msg(struct sd_lun *un, struct buf *bp, void *arg, int code)
16456 {
16457 	struct scsi_pkt	*pktp;
16458 	char	*msgp;
16459 	char	*cmdp = arg;
16460 
16461 	ASSERT(un != NULL);
16462 	ASSERT(mutex_owned(SD_MUTEX(un)));
16463 	ASSERT(bp != NULL);
16464 	ASSERT(arg != NULL);
16465 	pktp = SD_GET_PKTP(bp);
16466 	ASSERT(pktp != NULL);
16467 
16468 	switch (code) {
16469 	case SD_DELAYED_RETRY_ISSUED:
16470 	case SD_IMMEDIATE_RETRY_ISSUED:
16471 		msgp = "retrying";
16472 		break;
16473 	case SD_NO_RETRY_ISSUED:
16474 	default:
16475 		msgp = "giving up";
16476 		break;
16477 	}
16478 
16479 	if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
16480 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16481 		    "incomplete %s- %s\n", cmdp, msgp);
16482 	}
16483 }
16484 
16485 
16486 
16487 /*
16488  *    Function: sd_pkt_status_good
16489  *
16490  * Description: Processing for a STATUS_GOOD code in pkt_status.
16491  *
16492  *     Context: May be called under interrupt context
16493  */
16494 
16495 static void
16496 sd_pkt_status_good(struct sd_lun *un, struct buf *bp,
16497 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
16498 {
16499 	char	*cmdp;
16500 
16501 	ASSERT(un != NULL);
16502 	ASSERT(mutex_owned(SD_MUTEX(un)));
16503 	ASSERT(bp != NULL);
16504 	ASSERT(xp != NULL);
16505 	ASSERT(pktp != NULL);
16506 	ASSERT(pktp->pkt_reason == CMD_CMPLT);
16507 	ASSERT(SD_GET_PKT_STATUS(pktp) == STATUS_GOOD);
16508 	ASSERT(pktp->pkt_resid != 0);
16509 
16510 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: entry\n");
16511 
16512 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
16513 	switch (SD_GET_PKT_OPCODE(pktp) & 0x1F) {
16514 	case SCMD_READ:
16515 		cmdp = "read";
16516 		break;
16517 	case SCMD_WRITE:
16518 		cmdp = "write";
16519 		break;
16520 	default:
16521 		SD_UPDATE_B_RESID(bp, pktp);
16522 		sd_return_command(un, bp);
16523 		SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: exit\n");
16524 		return;
16525 	}
16526 
16527 	/*
16528 	 * See if we can retry the read/write, preferrably immediately.
16529 	 * If retries are exhaused, then sd_retry_command() will update
16530 	 * the b_resid count.
16531 	 */
16532 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_incomplete_msg,
16533 	    cmdp, EIO, (clock_t)0, NULL);
16534 
16535 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: exit\n");
16536 }
16537 
16538 
16539 
16540 
16541 
16542 /*
16543  *    Function: sd_handle_request_sense
16544  *
16545  * Description: Processing for non-auto Request Sense command.
16546  *
16547  *   Arguments: un - ptr to associated softstate
16548  *		sense_bp - ptr to buf(9S) for the RQS command
16549  *		sense_xp - ptr to the sd_xbuf for the RQS command
16550  *		sense_pktp - ptr to the scsi_pkt(9S) for the RQS command
16551  *
16552  *     Context: May be called under interrupt context
16553  */
16554 
16555 static void
16556 sd_handle_request_sense(struct sd_lun *un, struct buf *sense_bp,
16557 	struct sd_xbuf *sense_xp, struct scsi_pkt *sense_pktp)
16558 {
16559 	struct buf	*cmd_bp;	/* buf for the original command */
16560 	struct sd_xbuf	*cmd_xp;	/* sd_xbuf for the original command */
16561 	struct scsi_pkt *cmd_pktp;	/* pkt for the original command */
16562 
16563 	ASSERT(un != NULL);
16564 	ASSERT(mutex_owned(SD_MUTEX(un)));
16565 	ASSERT(sense_bp != NULL);
16566 	ASSERT(sense_xp != NULL);
16567 	ASSERT(sense_pktp != NULL);
16568 
16569 	/*
16570 	 * Note the sense_bp, sense_xp, and sense_pktp here are for the
16571 	 * RQS command and not the original command.
16572 	 */
16573 	ASSERT(sense_pktp == un->un_rqs_pktp);
16574 	ASSERT(sense_bp   == un->un_rqs_bp);
16575 	ASSERT((sense_pktp->pkt_flags & (FLAG_SENSING | FLAG_HEAD)) ==
16576 	    (FLAG_SENSING | FLAG_HEAD));
16577 	ASSERT((((SD_GET_XBUF(sense_xp->xb_sense_bp))->xb_pktp->pkt_flags) &
16578 	    FLAG_SENSING) == FLAG_SENSING);
16579 
16580 	/* These are the bp, xp, and pktp for the original command */
16581 	cmd_bp = sense_xp->xb_sense_bp;
16582 	cmd_xp = SD_GET_XBUF(cmd_bp);
16583 	cmd_pktp = SD_GET_PKTP(cmd_bp);
16584 
16585 	if (sense_pktp->pkt_reason != CMD_CMPLT) {
16586 		/*
16587 		 * The REQUEST SENSE command failed.  Release the REQUEST
16588 		 * SENSE command for re-use, get back the bp for the original
16589 		 * command, and attempt to re-try the original command if
16590 		 * FLAG_DIAGNOSE is not set in the original packet.
16591 		 */
16592 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
16593 		if ((cmd_pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
16594 			cmd_bp = sd_mark_rqs_idle(un, sense_xp);
16595 			sd_retry_command(un, cmd_bp, SD_RETRIES_STANDARD,
16596 			    NULL, NULL, EIO, (clock_t)0, NULL);
16597 			return;
16598 		}
16599 	}
16600 
16601 	/*
16602 	 * Save the relevant sense info into the xp for the original cmd.
16603 	 *
16604 	 * Note: if the request sense failed the state info will be zero
16605 	 * as set in sd_mark_rqs_busy()
16606 	 */
16607 	cmd_xp->xb_sense_status = *(sense_pktp->pkt_scbp);
16608 	cmd_xp->xb_sense_state  = sense_pktp->pkt_state;
16609 	cmd_xp->xb_sense_resid  = sense_pktp->pkt_resid;
16610 	bcopy(sense_bp->b_un.b_addr, cmd_xp->xb_sense_data, SENSE_LENGTH);
16611 
16612 	/*
16613 	 *  Free up the RQS command....
16614 	 *  NOTE:
16615 	 *	Must do this BEFORE calling sd_validate_sense_data!
16616 	 *	sd_validate_sense_data may return the original command in
16617 	 *	which case the pkt will be freed and the flags can no
16618 	 *	longer be touched.
16619 	 *	SD_MUTEX is held through this process until the command
16620 	 *	is dispatched based upon the sense data, so there are
16621 	 *	no race conditions.
16622 	 */
16623 	(void) sd_mark_rqs_idle(un, sense_xp);
16624 
16625 	/*
16626 	 * For a retryable command see if we have valid sense data, if so then
16627 	 * turn it over to sd_decode_sense() to figure out the right course of
16628 	 * action. Just fail a non-retryable command.
16629 	 */
16630 	if ((cmd_pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
16631 		if (sd_validate_sense_data(un, cmd_bp, cmd_xp) ==
16632 		    SD_SENSE_DATA_IS_VALID) {
16633 			sd_decode_sense(un, cmd_bp, cmd_xp, cmd_pktp);
16634 		}
16635 	} else {
16636 		SD_DUMP_MEMORY(un, SD_LOG_IO_CORE, "Failed CDB",
16637 		    (uchar_t *)cmd_pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
16638 		SD_DUMP_MEMORY(un, SD_LOG_IO_CORE, "Sense Data",
16639 		    (uchar_t *)cmd_xp->xb_sense_data, SENSE_LENGTH, SD_LOG_HEX);
16640 		sd_return_failed_command(un, cmd_bp, EIO);
16641 	}
16642 }
16643 
16644 
16645 
16646 
16647 /*
16648  *    Function: sd_handle_auto_request_sense
16649  *
16650  * Description: Processing for auto-request sense information.
16651  *
16652  *   Arguments: un - ptr to associated softstate
16653  *		bp - ptr to buf(9S) for the command
16654  *		xp - ptr to the sd_xbuf for the command
16655  *		pktp - ptr to the scsi_pkt(9S) for the command
16656  *
16657  *     Context: May be called under interrupt context
16658  */
16659 
16660 static void
16661 sd_handle_auto_request_sense(struct sd_lun *un, struct buf *bp,
16662 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
16663 {
16664 	struct scsi_arq_status *asp;
16665 
16666 	ASSERT(un != NULL);
16667 	ASSERT(mutex_owned(SD_MUTEX(un)));
16668 	ASSERT(bp != NULL);
16669 	ASSERT(xp != NULL);
16670 	ASSERT(pktp != NULL);
16671 	ASSERT(pktp != un->un_rqs_pktp);
16672 	ASSERT(bp   != un->un_rqs_bp);
16673 
16674 	/*
16675 	 * For auto-request sense, we get a scsi_arq_status back from
16676 	 * the HBA, with the sense data in the sts_sensedata member.
16677 	 * The pkt_scbp of the packet points to this scsi_arq_status.
16678 	 */
16679 	asp = (struct scsi_arq_status *)(pktp->pkt_scbp);
16680 
16681 	if (asp->sts_rqpkt_reason != CMD_CMPLT) {
16682 		/*
16683 		 * The auto REQUEST SENSE failed; see if we can re-try
16684 		 * the original command.
16685 		 */
16686 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16687 		    "auto request sense failed (reason=%s)\n",
16688 		    scsi_rname(asp->sts_rqpkt_reason));
16689 
16690 		sd_reset_target(un, pktp);
16691 
16692 		sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16693 		    NULL, NULL, EIO, (clock_t)0, NULL);
16694 		return;
16695 	}
16696 
16697 	/* Save the relevant sense info into the xp for the original cmd. */
16698 	xp->xb_sense_status = *((uchar_t *)(&(asp->sts_rqpkt_status)));
16699 	xp->xb_sense_state  = asp->sts_rqpkt_state;
16700 	xp->xb_sense_resid  = asp->sts_rqpkt_resid;
16701 	bcopy(&asp->sts_sensedata, xp->xb_sense_data,
16702 	    min(sizeof (struct scsi_extended_sense), SENSE_LENGTH));
16703 
16704 	/*
16705 	 * See if we have valid sense data, if so then turn it over to
16706 	 * sd_decode_sense() to figure out the right course of action.
16707 	 */
16708 	if (sd_validate_sense_data(un, bp, xp) == SD_SENSE_DATA_IS_VALID) {
16709 		sd_decode_sense(un, bp, xp, pktp);
16710 	}
16711 }
16712 
16713 
16714 /*
16715  *    Function: sd_print_sense_failed_msg
16716  *
16717  * Description: Print log message when RQS has failed.
16718  *
16719  *   Arguments: un - ptr to associated softstate
16720  *		bp - ptr to buf(9S) for the command
16721  *		arg - generic message string ptr
16722  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
16723  *			or SD_NO_RETRY_ISSUED
16724  *
16725  *     Context: May be called from interrupt context
16726  */
16727 
16728 static void
16729 sd_print_sense_failed_msg(struct sd_lun *un, struct buf *bp, void *arg,
16730 	int code)
16731 {
16732 	char	*msgp = arg;
16733 
16734 	ASSERT(un != NULL);
16735 	ASSERT(mutex_owned(SD_MUTEX(un)));
16736 	ASSERT(bp != NULL);
16737 
16738 	if ((code == SD_NO_RETRY_ISSUED) && (msgp != NULL)) {
16739 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, msgp);
16740 	}
16741 }
16742 
16743 
16744 /*
16745  *    Function: sd_validate_sense_data
16746  *
16747  * Description: Check the given sense data for validity.
16748  *		If the sense data is not valid, the command will
16749  *		be either failed or retried!
16750  *
16751  * Return Code: SD_SENSE_DATA_IS_INVALID
16752  *		SD_SENSE_DATA_IS_VALID
16753  *
16754  *     Context: May be called from interrupt context
16755  */
16756 
16757 static int
16758 sd_validate_sense_data(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp)
16759 {
16760 	struct scsi_extended_sense *esp;
16761 	struct	scsi_pkt *pktp;
16762 	size_t	actual_len;
16763 	char	*msgp = NULL;
16764 
16765 	ASSERT(un != NULL);
16766 	ASSERT(mutex_owned(SD_MUTEX(un)));
16767 	ASSERT(bp != NULL);
16768 	ASSERT(bp != un->un_rqs_bp);
16769 	ASSERT(xp != NULL);
16770 
16771 	pktp = SD_GET_PKTP(bp);
16772 	ASSERT(pktp != NULL);
16773 
16774 	/*
16775 	 * Check the status of the RQS command (auto or manual).
16776 	 */
16777 	switch (xp->xb_sense_status & STATUS_MASK) {
16778 	case STATUS_GOOD:
16779 		break;
16780 
16781 	case STATUS_RESERVATION_CONFLICT:
16782 		sd_pkt_status_reservation_conflict(un, bp, xp, pktp);
16783 		return (SD_SENSE_DATA_IS_INVALID);
16784 
16785 	case STATUS_BUSY:
16786 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16787 		    "Busy Status on REQUEST SENSE\n");
16788 		sd_retry_command(un, bp, SD_RETRIES_BUSY, NULL,
16789 		    NULL, EIO, SD_BSY_TIMEOUT / 500, kstat_waitq_enter);
16790 		return (SD_SENSE_DATA_IS_INVALID);
16791 
16792 	case STATUS_QFULL:
16793 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16794 		    "QFULL Status on REQUEST SENSE\n");
16795 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL,
16796 		    NULL, EIO, SD_BSY_TIMEOUT / 500, kstat_waitq_enter);
16797 		return (SD_SENSE_DATA_IS_INVALID);
16798 
16799 	case STATUS_CHECK:
16800 	case STATUS_TERMINATED:
16801 		msgp = "Check Condition on REQUEST SENSE\n";
16802 		goto sense_failed;
16803 
16804 	default:
16805 		msgp = "Not STATUS_GOOD on REQUEST_SENSE\n";
16806 		goto sense_failed;
16807 	}
16808 
16809 	/*
16810 	 * See if we got the minimum required amount of sense data.
16811 	 * Note: We are assuming the returned sense data is SENSE_LENGTH bytes
16812 	 * or less.
16813 	 */
16814 	actual_len = (int)(SENSE_LENGTH - xp->xb_sense_resid);
16815 	if (((xp->xb_sense_state & STATE_XFERRED_DATA) == 0) ||
16816 	    (actual_len == 0)) {
16817 		msgp = "Request Sense couldn't get sense data\n";
16818 		goto sense_failed;
16819 	}
16820 
16821 	if (actual_len < SUN_MIN_SENSE_LENGTH) {
16822 		msgp = "Not enough sense information\n";
16823 		goto sense_failed;
16824 	}
16825 
16826 	/*
16827 	 * We require the extended sense data
16828 	 */
16829 	esp = (struct scsi_extended_sense *)xp->xb_sense_data;
16830 	if (esp->es_class != CLASS_EXTENDED_SENSE) {
16831 		if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
16832 			static char tmp[8];
16833 			static char buf[148];
16834 			char *p = (char *)(xp->xb_sense_data);
16835 			int i;
16836 
16837 			mutex_enter(&sd_sense_mutex);
16838 			(void) strcpy(buf, "undecodable sense information:");
16839 			for (i = 0; i < actual_len; i++) {
16840 				(void) sprintf(tmp, " 0x%x", *(p++)&0xff);
16841 				(void) strcpy(&buf[strlen(buf)], tmp);
16842 			}
16843 			i = strlen(buf);
16844 			(void) strcpy(&buf[i], "-(assumed fatal)\n");
16845 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, buf);
16846 			mutex_exit(&sd_sense_mutex);
16847 		}
16848 		/* Note: Legacy behavior, fail the command with no retry */
16849 		sd_return_failed_command(un, bp, EIO);
16850 		return (SD_SENSE_DATA_IS_INVALID);
16851 	}
16852 
16853 	/*
16854 	 * Check that es_code is valid (es_class concatenated with es_code
16855 	 * make up the "response code" field.  es_class will always be 7, so
16856 	 * make sure es_code is 0, 1, 2, 3 or 0xf.  es_code will indicate the
16857 	 * format.
16858 	 */
16859 	if ((esp->es_code != CODE_FMT_FIXED_CURRENT) &&
16860 	    (esp->es_code != CODE_FMT_FIXED_DEFERRED) &&
16861 	    (esp->es_code != CODE_FMT_DESCR_CURRENT) &&
16862 	    (esp->es_code != CODE_FMT_DESCR_DEFERRED) &&
16863 	    (esp->es_code != CODE_FMT_VENDOR_SPECIFIC)) {
16864 		goto sense_failed;
16865 	}
16866 
16867 	return (SD_SENSE_DATA_IS_VALID);
16868 
16869 sense_failed:
16870 	/*
16871 	 * If the request sense failed (for whatever reason), attempt
16872 	 * to retry the original command.
16873 	 */
16874 #if defined(__i386) || defined(__amd64)
16875 	/*
16876 	 * SD_RETRY_DELAY is conditionally compile (#if fibre) in
16877 	 * sddef.h for Sparc platform, and x86 uses 1 binary
16878 	 * for both SCSI/FC.
16879 	 * The SD_RETRY_DELAY value need to be adjusted here
16880 	 * when SD_RETRY_DELAY change in sddef.h
16881 	 */
16882 	sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16883 	    sd_print_sense_failed_msg, msgp, EIO,
16884 		un->un_f_is_fibre?drv_usectohz(100000):(clock_t)0, NULL);
16885 #else
16886 	sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16887 	    sd_print_sense_failed_msg, msgp, EIO, SD_RETRY_DELAY, NULL);
16888 #endif
16889 
16890 	return (SD_SENSE_DATA_IS_INVALID);
16891 }
16892 
16893 
16894 
16895 /*
16896  *    Function: sd_decode_sense
16897  *
16898  * Description: Take recovery action(s) when SCSI Sense Data is received.
16899  *
16900  *     Context: Interrupt context.
16901  */
16902 
16903 static void
16904 sd_decode_sense(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
16905 	struct scsi_pkt *pktp)
16906 {
16907 	struct scsi_extended_sense *esp;
16908 	struct scsi_descr_sense_hdr *sdsp;
16909 	uint8_t asc, ascq, sense_key;
16910 
16911 	ASSERT(un != NULL);
16912 	ASSERT(mutex_owned(SD_MUTEX(un)));
16913 	ASSERT(bp != NULL);
16914 	ASSERT(bp != un->un_rqs_bp);
16915 	ASSERT(xp != NULL);
16916 	ASSERT(pktp != NULL);
16917 
16918 	esp = (struct scsi_extended_sense *)xp->xb_sense_data;
16919 
16920 	switch (esp->es_code) {
16921 	case CODE_FMT_DESCR_CURRENT:
16922 	case CODE_FMT_DESCR_DEFERRED:
16923 		sdsp = (struct scsi_descr_sense_hdr *)xp->xb_sense_data;
16924 		sense_key = sdsp->ds_key;
16925 		asc = sdsp->ds_add_code;
16926 		ascq = sdsp->ds_qual_code;
16927 		break;
16928 	case CODE_FMT_VENDOR_SPECIFIC:
16929 	case CODE_FMT_FIXED_CURRENT:
16930 	case CODE_FMT_FIXED_DEFERRED:
16931 	default:
16932 		sense_key = esp->es_key;
16933 		asc = esp->es_add_code;
16934 		ascq = esp->es_qual_code;
16935 		break;
16936 	}
16937 
16938 	switch (sense_key) {
16939 	case KEY_NO_SENSE:
16940 		sd_sense_key_no_sense(un, bp, xp, pktp);
16941 		break;
16942 	case KEY_RECOVERABLE_ERROR:
16943 		sd_sense_key_recoverable_error(un, asc, bp, xp, pktp);
16944 		break;
16945 	case KEY_NOT_READY:
16946 		sd_sense_key_not_ready(un, asc, ascq, bp, xp, pktp);
16947 		break;
16948 	case KEY_MEDIUM_ERROR:
16949 	case KEY_HARDWARE_ERROR:
16950 		sd_sense_key_medium_or_hardware_error(un,
16951 		    sense_key, asc, bp, xp, pktp);
16952 		break;
16953 	case KEY_ILLEGAL_REQUEST:
16954 		sd_sense_key_illegal_request(un, bp, xp, pktp);
16955 		break;
16956 	case KEY_UNIT_ATTENTION:
16957 		sd_sense_key_unit_attention(un, asc, bp, xp, pktp);
16958 		break;
16959 	case KEY_WRITE_PROTECT:
16960 	case KEY_VOLUME_OVERFLOW:
16961 	case KEY_MISCOMPARE:
16962 		sd_sense_key_fail_command(un, bp, xp, pktp);
16963 		break;
16964 	case KEY_BLANK_CHECK:
16965 		sd_sense_key_blank_check(un, bp, xp, pktp);
16966 		break;
16967 	case KEY_ABORTED_COMMAND:
16968 		sd_sense_key_aborted_command(un, bp, xp, pktp);
16969 		break;
16970 	case KEY_VENDOR_UNIQUE:
16971 	case KEY_COPY_ABORTED:
16972 	case KEY_EQUAL:
16973 	case KEY_RESERVED:
16974 	default:
16975 		sd_sense_key_default(un, sense_key, bp, xp, pktp);
16976 		break;
16977 	}
16978 }
16979 
16980 
16981 /*
16982  *    Function: sd_dump_memory
16983  *
16984  * Description: Debug logging routine to print the contents of a user provided
16985  *		buffer. The output of the buffer is broken up into 256 byte
16986  *		segments due to a size constraint of the scsi_log.
16987  *		implementation.
16988  *
16989  *   Arguments: un - ptr to softstate
16990  *		comp - component mask
16991  *		title - "title" string to preceed data when printed
16992  *		data - ptr to data block to be printed
16993  *		len - size of data block to be printed
16994  *		fmt - SD_LOG_HEX (use 0x%02x format) or SD_LOG_CHAR (use %c)
16995  *
16996  *     Context: May be called from interrupt context
16997  */
16998 
16999 #define	SD_DUMP_MEMORY_BUF_SIZE	256
17000 
17001 static char *sd_dump_format_string[] = {
17002 		" 0x%02x",
17003 		" %c"
17004 };
17005 
17006 static void
17007 sd_dump_memory(struct sd_lun *un, uint_t comp, char *title, uchar_t *data,
17008     int len, int fmt)
17009 {
17010 	int	i, j;
17011 	int	avail_count;
17012 	int	start_offset;
17013 	int	end_offset;
17014 	size_t	entry_len;
17015 	char	*bufp;
17016 	char	*local_buf;
17017 	char	*format_string;
17018 
17019 	ASSERT((fmt == SD_LOG_HEX) || (fmt == SD_LOG_CHAR));
17020 
17021 	/*
17022 	 * In the debug version of the driver, this function is called from a
17023 	 * number of places which are NOPs in the release driver.
17024 	 * The debug driver therefore has additional methods of filtering
17025 	 * debug output.
17026 	 */
17027 #ifdef SDDEBUG
17028 	/*
17029 	 * In the debug version of the driver we can reduce the amount of debug
17030 	 * messages by setting sd_error_level to something other than
17031 	 * SCSI_ERR_ALL and clearing bits in sd_level_mask and
17032 	 * sd_component_mask.
17033 	 */
17034 	if (((sd_level_mask & (SD_LOGMASK_DUMP_MEM | SD_LOGMASK_DIAG)) == 0) ||
17035 	    (sd_error_level != SCSI_ERR_ALL)) {
17036 		return;
17037 	}
17038 	if (((sd_component_mask & comp) == 0) ||
17039 	    (sd_error_level != SCSI_ERR_ALL)) {
17040 		return;
17041 	}
17042 #else
17043 	if (sd_error_level != SCSI_ERR_ALL) {
17044 		return;
17045 	}
17046 #endif
17047 
17048 	local_buf = kmem_zalloc(SD_DUMP_MEMORY_BUF_SIZE, KM_SLEEP);
17049 	bufp = local_buf;
17050 	/*
17051 	 * Available length is the length of local_buf[], minus the
17052 	 * length of the title string, minus one for the ":", minus
17053 	 * one for the newline, minus one for the NULL terminator.
17054 	 * This gives the #bytes available for holding the printed
17055 	 * values from the given data buffer.
17056 	 */
17057 	if (fmt == SD_LOG_HEX) {
17058 		format_string = sd_dump_format_string[0];
17059 	} else /* SD_LOG_CHAR */ {
17060 		format_string = sd_dump_format_string[1];
17061 	}
17062 	/*
17063 	 * Available count is the number of elements from the given
17064 	 * data buffer that we can fit into the available length.
17065 	 * This is based upon the size of the format string used.
17066 	 * Make one entry and find it's size.
17067 	 */
17068 	(void) sprintf(bufp, format_string, data[0]);
17069 	entry_len = strlen(bufp);
17070 	avail_count = (SD_DUMP_MEMORY_BUF_SIZE - strlen(title) - 3) / entry_len;
17071 
17072 	j = 0;
17073 	while (j < len) {
17074 		bufp = local_buf;
17075 		bzero(bufp, SD_DUMP_MEMORY_BUF_SIZE);
17076 		start_offset = j;
17077 
17078 		end_offset = start_offset + avail_count;
17079 
17080 		(void) sprintf(bufp, "%s:", title);
17081 		bufp += strlen(bufp);
17082 		for (i = start_offset; ((i < end_offset) && (j < len));
17083 		    i++, j++) {
17084 			(void) sprintf(bufp, format_string, data[i]);
17085 			bufp += entry_len;
17086 		}
17087 		(void) sprintf(bufp, "\n");
17088 
17089 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE, "%s", local_buf);
17090 	}
17091 	kmem_free(local_buf, SD_DUMP_MEMORY_BUF_SIZE);
17092 }
17093 
17094 /*
17095  *    Function: sd_print_sense_msg
17096  *
17097  * Description: Log a message based upon the given sense data.
17098  *
17099  *   Arguments: un - ptr to associated softstate
17100  *		bp - ptr to buf(9S) for the command
17101  *		arg - ptr to associate sd_sense_info struct
17102  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
17103  *			or SD_NO_RETRY_ISSUED
17104  *
17105  *     Context: May be called from interrupt context
17106  */
17107 
17108 static void
17109 sd_print_sense_msg(struct sd_lun *un, struct buf *bp, void *arg, int code)
17110 {
17111 	struct sd_xbuf	*xp;
17112 	struct scsi_pkt	*pktp;
17113 	struct scsi_extended_sense *sensep;
17114 	daddr_t request_blkno;
17115 	diskaddr_t err_blkno;
17116 	int severity;
17117 	int pfa_flag;
17118 	int fixed_format = TRUE;
17119 	extern struct scsi_key_strings scsi_cmds[];
17120 
17121 	ASSERT(un != NULL);
17122 	ASSERT(mutex_owned(SD_MUTEX(un)));
17123 	ASSERT(bp != NULL);
17124 	xp = SD_GET_XBUF(bp);
17125 	ASSERT(xp != NULL);
17126 	pktp = SD_GET_PKTP(bp);
17127 	ASSERT(pktp != NULL);
17128 	ASSERT(arg != NULL);
17129 
17130 	severity = ((struct sd_sense_info *)(arg))->ssi_severity;
17131 	pfa_flag = ((struct sd_sense_info *)(arg))->ssi_pfa_flag;
17132 
17133 	if ((code == SD_DELAYED_RETRY_ISSUED) ||
17134 	    (code == SD_IMMEDIATE_RETRY_ISSUED)) {
17135 		severity = SCSI_ERR_RETRYABLE;
17136 	}
17137 
17138 	/* Use absolute block number for the request block number */
17139 	request_blkno = xp->xb_blkno;
17140 
17141 	/*
17142 	 * Now try to get the error block number from the sense data
17143 	 */
17144 	sensep = (struct scsi_extended_sense *)xp->xb_sense_data;
17145 	switch (sensep->es_code) {
17146 	case CODE_FMT_DESCR_CURRENT:
17147 	case CODE_FMT_DESCR_DEFERRED:
17148 		err_blkno =
17149 		    sd_extract_sense_info_descr(
17150 			(struct scsi_descr_sense_hdr *)sensep);
17151 		fixed_format = FALSE;
17152 		break;
17153 	case CODE_FMT_FIXED_CURRENT:
17154 	case CODE_FMT_FIXED_DEFERRED:
17155 	case CODE_FMT_VENDOR_SPECIFIC:
17156 	default:
17157 		/*
17158 		 * With the es_valid bit set, we assume that the error
17159 		 * blkno is in the sense data.  Also, if xp->xb_blkno is
17160 		 * greater than 0xffffffff then the target *should* have used
17161 		 * a descriptor sense format (or it shouldn't have set
17162 		 * the es_valid bit), and we may as well ignore the
17163 		 * 32-bit value.
17164 		 */
17165 		if ((sensep->es_valid != 0) && (xp->xb_blkno <= 0xffffffff)) {
17166 			err_blkno = (diskaddr_t)
17167 			    ((sensep->es_info_1 << 24) |
17168 			    (sensep->es_info_2 << 16) |
17169 			    (sensep->es_info_3 << 8)  |
17170 			    (sensep->es_info_4));
17171 		} else {
17172 			err_blkno = (diskaddr_t)-1;
17173 		}
17174 		break;
17175 	}
17176 
17177 	if (err_blkno == (diskaddr_t)-1) {
17178 		/*
17179 		 * Without the es_valid bit set (for fixed format) or an
17180 		 * information descriptor (for descriptor format) we cannot
17181 		 * be certain of the error blkno, so just use the
17182 		 * request_blkno.
17183 		 */
17184 		err_blkno = (diskaddr_t)request_blkno;
17185 	} else {
17186 		/*
17187 		 * We retrieved the error block number from the information
17188 		 * portion of the sense data.
17189 		 *
17190 		 * For USCSI commands we are better off using the error
17191 		 * block no. as the requested block no. (This is the best
17192 		 * we can estimate.)
17193 		 */
17194 		if ((SD_IS_BUFIO(xp) == FALSE) &&
17195 		    ((pktp->pkt_flags & FLAG_SILENT) == 0)) {
17196 			request_blkno = err_blkno;
17197 		}
17198 	}
17199 
17200 	/*
17201 	 * The following will log the buffer contents for the release driver
17202 	 * if the SD_LOGMASK_DIAG bit of sd_level_mask is set, or the error
17203 	 * level is set to verbose.
17204 	 */
17205 	sd_dump_memory(un, SD_LOG_IO, "Failed CDB",
17206 	    (uchar_t *)pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
17207 	sd_dump_memory(un, SD_LOG_IO, "Sense Data",
17208 	    (uchar_t *)sensep, SENSE_LENGTH, SD_LOG_HEX);
17209 
17210 	if (pfa_flag == FALSE) {
17211 		/* This is normally only set for USCSI */
17212 		if ((pktp->pkt_flags & FLAG_SILENT) != 0) {
17213 			return;
17214 		}
17215 
17216 		if ((SD_IS_BUFIO(xp) == TRUE) &&
17217 		    (((sd_level_mask & SD_LOGMASK_DIAG) == 0) &&
17218 		    (severity < sd_error_level))) {
17219 			return;
17220 		}
17221 	}
17222 
17223 	/*
17224 	 * If the data is fixed format then check for Sonoma Failover,
17225 	 * and keep a count of how many failed I/O's.  We should not have
17226 	 * to worry about Sonoma returning descriptor format sense data,
17227 	 * and asc/ascq are in a different location in descriptor format.
17228 	 */
17229 	if (fixed_format &&
17230 	    (SD_IS_LSI(un)) && (sensep->es_key == KEY_ILLEGAL_REQUEST) &&
17231 	    (sensep->es_add_code == 0x94) && (sensep->es_qual_code == 0x01)) {
17232 		un->un_sonoma_failure_count++;
17233 		if (un->un_sonoma_failure_count > 1) {
17234 			return;
17235 		}
17236 	}
17237 
17238 	scsi_vu_errmsg(SD_SCSI_DEVP(un), pktp, sd_label, severity,
17239 	    request_blkno, err_blkno, scsi_cmds, sensep,
17240 	    un->un_additional_codes, NULL);
17241 }
17242 
17243 /*
17244  *    Function: sd_extract_sense_info_descr
17245  *
17246  * Description: Retrieve "information" field from descriptor format
17247  *              sense data.  Iterates through each sense descriptor
17248  *              looking for the information descriptor and returns
17249  *              the information field from that descriptor.
17250  *
17251  *     Context: May be called from interrupt context
17252  */
17253 
17254 static diskaddr_t
17255 sd_extract_sense_info_descr(struct scsi_descr_sense_hdr *sdsp)
17256 {
17257 	diskaddr_t result;
17258 	uint8_t *descr_offset;
17259 	int valid_sense_length;
17260 	struct scsi_information_sense_descr *isd;
17261 
17262 	/*
17263 	 * Initialize result to -1 indicating there is no information
17264 	 * descriptor
17265 	 */
17266 	result = (diskaddr_t)-1;
17267 
17268 	/*
17269 	 * The first descriptor will immediately follow the header
17270 	 */
17271 	descr_offset = (uint8_t *)(sdsp+1); /* Pointer arithmetic */
17272 
17273 	/*
17274 	 * Calculate the amount of valid sense data
17275 	 */
17276 	valid_sense_length =
17277 	    min((sizeof (struct scsi_descr_sense_hdr) +
17278 	    sdsp->ds_addl_sense_length),
17279 	    SENSE_LENGTH);
17280 
17281 	/*
17282 	 * Iterate through the list of descriptors, stopping when we
17283 	 * run out of sense data
17284 	 */
17285 	while ((descr_offset + sizeof (struct scsi_information_sense_descr)) <=
17286 	    (uint8_t *)sdsp + valid_sense_length) {
17287 		/*
17288 		 * Check if this is an information descriptor.  We can
17289 		 * use the scsi_information_sense_descr structure as a
17290 		 * template sense the first two fields are always the
17291 		 * same
17292 		 */
17293 		isd = (struct scsi_information_sense_descr *)descr_offset;
17294 		if (isd->isd_descr_type == DESCR_INFORMATION) {
17295 			/*
17296 			 * Found an information descriptor.  Copy the
17297 			 * information field.  There will only be one
17298 			 * information descriptor so we can stop looking.
17299 			 */
17300 			result =
17301 			    (((diskaddr_t)isd->isd_information[0] << 56) |
17302 				((diskaddr_t)isd->isd_information[1] << 48) |
17303 				((diskaddr_t)isd->isd_information[2] << 40) |
17304 				((diskaddr_t)isd->isd_information[3] << 32) |
17305 				((diskaddr_t)isd->isd_information[4] << 24) |
17306 				((diskaddr_t)isd->isd_information[5] << 16) |
17307 				((diskaddr_t)isd->isd_information[6] << 8)  |
17308 				((diskaddr_t)isd->isd_information[7]));
17309 			break;
17310 		}
17311 
17312 		/*
17313 		 * Get pointer to the next descriptor.  The "additional
17314 		 * length" field holds the length of the descriptor except
17315 		 * for the "type" and "additional length" fields, so
17316 		 * we need to add 2 to get the total length.
17317 		 */
17318 		descr_offset += (isd->isd_addl_length + 2);
17319 	}
17320 
17321 	return (result);
17322 }
17323 
17324 /*
17325  *    Function: sd_sense_key_no_sense
17326  *
17327  * Description: Recovery action when sense data was not received.
17328  *
17329  *     Context: May be called from interrupt context
17330  */
17331 
17332 static void
17333 sd_sense_key_no_sense(struct sd_lun *un, struct buf *bp,
17334 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17335 {
17336 	struct sd_sense_info	si;
17337 
17338 	ASSERT(un != NULL);
17339 	ASSERT(mutex_owned(SD_MUTEX(un)));
17340 	ASSERT(bp != NULL);
17341 	ASSERT(xp != NULL);
17342 	ASSERT(pktp != NULL);
17343 
17344 	si.ssi_severity = SCSI_ERR_FATAL;
17345 	si.ssi_pfa_flag = FALSE;
17346 
17347 	SD_UPDATE_ERRSTATS(un, sd_softerrs);
17348 
17349 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17350 		&si, EIO, (clock_t)0, NULL);
17351 }
17352 
17353 
17354 /*
17355  *    Function: sd_sense_key_recoverable_error
17356  *
17357  * Description: Recovery actions for a SCSI "Recovered Error" sense key.
17358  *
17359  *     Context: May be called from interrupt context
17360  */
17361 
17362 static void
17363 sd_sense_key_recoverable_error(struct sd_lun *un,
17364 	uint8_t asc,
17365 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17366 {
17367 	struct sd_sense_info	si;
17368 
17369 	ASSERT(un != NULL);
17370 	ASSERT(mutex_owned(SD_MUTEX(un)));
17371 	ASSERT(bp != NULL);
17372 	ASSERT(xp != NULL);
17373 	ASSERT(pktp != NULL);
17374 
17375 	/*
17376 	 * 0x5D: FAILURE PREDICTION THRESHOLD EXCEEDED
17377 	 */
17378 	if ((asc == 0x5D) && (sd_report_pfa != 0)) {
17379 		SD_UPDATE_ERRSTATS(un, sd_rq_pfa_err);
17380 		si.ssi_severity = SCSI_ERR_INFO;
17381 		si.ssi_pfa_flag = TRUE;
17382 	} else {
17383 		SD_UPDATE_ERRSTATS(un, sd_softerrs);
17384 		SD_UPDATE_ERRSTATS(un, sd_rq_recov_err);
17385 		si.ssi_severity = SCSI_ERR_RECOVERED;
17386 		si.ssi_pfa_flag = FALSE;
17387 	}
17388 
17389 	if (pktp->pkt_resid == 0) {
17390 		sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17391 		sd_return_command(un, bp);
17392 		return;
17393 	}
17394 
17395 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17396 	    &si, EIO, (clock_t)0, NULL);
17397 }
17398 
17399 
17400 
17401 
17402 /*
17403  *    Function: sd_sense_key_not_ready
17404  *
17405  * Description: Recovery actions for a SCSI "Not Ready" sense key.
17406  *
17407  *     Context: May be called from interrupt context
17408  */
17409 
17410 static void
17411 sd_sense_key_not_ready(struct sd_lun *un,
17412 	uint8_t asc, uint8_t ascq,
17413 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17414 {
17415 	struct sd_sense_info	si;
17416 
17417 	ASSERT(un != NULL);
17418 	ASSERT(mutex_owned(SD_MUTEX(un)));
17419 	ASSERT(bp != NULL);
17420 	ASSERT(xp != NULL);
17421 	ASSERT(pktp != NULL);
17422 
17423 	si.ssi_severity = SCSI_ERR_FATAL;
17424 	si.ssi_pfa_flag = FALSE;
17425 
17426 	/*
17427 	 * Update error stats after first NOT READY error. Disks may have
17428 	 * been powered down and may need to be restarted.  For CDROMs,
17429 	 * report NOT READY errors only if media is present.
17430 	 */
17431 	if ((ISCD(un) && (un->un_f_geometry_is_valid == TRUE)) ||
17432 	    (xp->xb_retry_count > 0)) {
17433 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
17434 		SD_UPDATE_ERRSTATS(un, sd_rq_ntrdy_err);
17435 	}
17436 
17437 	/*
17438 	 * Just fail if the "not ready" retry limit has been reached.
17439 	 */
17440 	if (xp->xb_retry_count >= un->un_notready_retry_count) {
17441 		/* Special check for error message printing for removables. */
17442 		if ((ISREMOVABLE(un)) && (asc == 0x04) &&
17443 		    (ascq >= 0x04)) {
17444 			si.ssi_severity = SCSI_ERR_ALL;
17445 		}
17446 		goto fail_command;
17447 	}
17448 
17449 	/*
17450 	 * Check the ASC and ASCQ in the sense data as needed, to determine
17451 	 * what to do.
17452 	 */
17453 	switch (asc) {
17454 	case 0x04:	/* LOGICAL UNIT NOT READY */
17455 		/*
17456 		 * disk drives that don't spin up result in a very long delay
17457 		 * in format without warning messages. We will log a message
17458 		 * if the error level is set to verbose.
17459 		 */
17460 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17461 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17462 			    "logical unit not ready, resetting disk\n");
17463 		}
17464 
17465 		/*
17466 		 * There are different requirements for CDROMs and disks for
17467 		 * the number of retries.  If a CD-ROM is giving this, it is
17468 		 * probably reading TOC and is in the process of getting
17469 		 * ready, so we should keep on trying for a long time to make
17470 		 * sure that all types of media are taken in account (for
17471 		 * some media the drive takes a long time to read TOC).  For
17472 		 * disks we do not want to retry this too many times as this
17473 		 * can cause a long hang in format when the drive refuses to
17474 		 * spin up (a very common failure).
17475 		 */
17476 		switch (ascq) {
17477 		case 0x00:  /* LUN NOT READY, CAUSE NOT REPORTABLE */
17478 			/*
17479 			 * Disk drives frequently refuse to spin up which
17480 			 * results in a very long hang in format without
17481 			 * warning messages.
17482 			 *
17483 			 * Note: This code preserves the legacy behavior of
17484 			 * comparing xb_retry_count against zero for fibre
17485 			 * channel targets instead of comparing against the
17486 			 * un_reset_retry_count value.  The reason for this
17487 			 * discrepancy has been so utterly lost beneath the
17488 			 * Sands of Time that even Indiana Jones could not
17489 			 * find it.
17490 			 */
17491 			if (un->un_f_is_fibre == TRUE) {
17492 				if (((sd_level_mask & SD_LOGMASK_DIAG) ||
17493 					(xp->xb_retry_count > 0)) &&
17494 					(un->un_startstop_timeid == NULL)) {
17495 					scsi_log(SD_DEVINFO(un), sd_label,
17496 					CE_WARN, "logical unit not ready, "
17497 					"resetting disk\n");
17498 					sd_reset_target(un, pktp);
17499 				}
17500 			} else {
17501 				if (((sd_level_mask & SD_LOGMASK_DIAG) ||
17502 					(xp->xb_retry_count >
17503 					un->un_reset_retry_count)) &&
17504 					(un->un_startstop_timeid == NULL)) {
17505 					scsi_log(SD_DEVINFO(un), sd_label,
17506 					CE_WARN, "logical unit not ready, "
17507 					"resetting disk\n");
17508 					sd_reset_target(un, pktp);
17509 				}
17510 			}
17511 			break;
17512 
17513 		case 0x01:  /* LUN IS IN PROCESS OF BECOMING READY */
17514 			/*
17515 			 * If the target is in the process of becoming
17516 			 * ready, just proceed with the retry. This can
17517 			 * happen with CD-ROMs that take a long time to
17518 			 * read TOC after a power cycle or reset.
17519 			 */
17520 			goto do_retry;
17521 
17522 		case 0x02:  /* LUN NOT READY, INITITIALIZING CMD REQUIRED */
17523 			break;
17524 
17525 		case 0x03:  /* LUN NOT READY, MANUAL INTERVENTION REQUIRED */
17526 			/*
17527 			 * Retries cannot help here so just fail right away.
17528 			 */
17529 			goto fail_command;
17530 
17531 		case 0x88:
17532 			/*
17533 			 * Vendor-unique code for T3/T4: it indicates a
17534 			 * path problem in a mutipathed config, but as far as
17535 			 * the target driver is concerned it equates to a fatal
17536 			 * error, so we should just fail the command right away
17537 			 * (without printing anything to the console). If this
17538 			 * is not a T3/T4, fall thru to the default recovery
17539 			 * action.
17540 			 * T3/T4 is FC only, don't need to check is_fibre
17541 			 */
17542 			if (SD_IS_T3(un) || SD_IS_T4(un)) {
17543 				sd_return_failed_command(un, bp, EIO);
17544 				return;
17545 			}
17546 			/* FALLTHRU */
17547 
17548 		case 0x04:  /* LUN NOT READY, FORMAT IN PROGRESS */
17549 		case 0x05:  /* LUN NOT READY, REBUILD IN PROGRESS */
17550 		case 0x06:  /* LUN NOT READY, RECALCULATION IN PROGRESS */
17551 		case 0x07:  /* LUN NOT READY, OPERATION IN PROGRESS */
17552 		case 0x08:  /* LUN NOT READY, LONG WRITE IN PROGRESS */
17553 		default:    /* Possible future codes in SCSI spec? */
17554 			/*
17555 			 * For removable-media devices, do not retry if
17556 			 * ASCQ > 2 as these result mostly from USCSI commands
17557 			 * on MMC devices issued to check status of an
17558 			 * operation initiated in immediate mode.  Also for
17559 			 * ASCQ >= 4 do not print console messages as these
17560 			 * mainly represent a user-initiated operation
17561 			 * instead of a system failure.
17562 			 */
17563 			if (ISREMOVABLE(un)) {
17564 				si.ssi_severity = SCSI_ERR_ALL;
17565 				goto fail_command;
17566 			}
17567 			break;
17568 		}
17569 
17570 		/*
17571 		 * As part of our recovery attempt for the NOT READY
17572 		 * condition, we issue a START STOP UNIT command. However
17573 		 * we want to wait for a short delay before attempting this
17574 		 * as there may still be more commands coming back from the
17575 		 * target with the check condition. To do this we use
17576 		 * timeout(9F) to call sd_start_stop_unit_callback() after
17577 		 * the delay interval expires. (sd_start_stop_unit_callback()
17578 		 * dispatches sd_start_stop_unit_task(), which will issue
17579 		 * the actual START STOP UNIT command. The delay interval
17580 		 * is one-half of the delay that we will use to retry the
17581 		 * command that generated the NOT READY condition.
17582 		 *
17583 		 * Note that we could just dispatch sd_start_stop_unit_task()
17584 		 * from here and allow it to sleep for the delay interval,
17585 		 * but then we would be tying up the taskq thread
17586 		 * uncesessarily for the duration of the delay.
17587 		 *
17588 		 * Do not issue the START STOP UNIT if the current command
17589 		 * is already a START STOP UNIT.
17590 		 */
17591 		if (pktp->pkt_cdbp[0] == SCMD_START_STOP) {
17592 			break;
17593 		}
17594 
17595 		/*
17596 		 * Do not schedule the timeout if one is already pending.
17597 		 */
17598 		if (un->un_startstop_timeid != NULL) {
17599 			SD_INFO(SD_LOG_ERROR, un,
17600 			    "sd_sense_key_not_ready: restart already issued to"
17601 			    " %s%d\n", ddi_driver_name(SD_DEVINFO(un)),
17602 			    ddi_get_instance(SD_DEVINFO(un)));
17603 			break;
17604 		}
17605 
17606 		/*
17607 		 * Schedule the START STOP UNIT command, then queue the command
17608 		 * for a retry.
17609 		 *
17610 		 * Note: A timeout is not scheduled for this retry because we
17611 		 * want the retry to be serial with the START_STOP_UNIT. The
17612 		 * retry will be started when the START_STOP_UNIT is completed
17613 		 * in sd_start_stop_unit_task.
17614 		 */
17615 		un->un_startstop_timeid = timeout(sd_start_stop_unit_callback,
17616 		    un, SD_BSY_TIMEOUT / 2);
17617 		xp->xb_retry_count++;
17618 		sd_set_retry_bp(un, bp, 0, kstat_waitq_enter);
17619 		return;
17620 
17621 	case 0x05:	/* LOGICAL UNIT DOES NOT RESPOND TO SELECTION */
17622 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17623 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17624 			    "unit does not respond to selection\n");
17625 		}
17626 		break;
17627 
17628 	case 0x3A:	/* MEDIUM NOT PRESENT */
17629 		if (sd_error_level >= SCSI_ERR_FATAL) {
17630 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17631 			    "Caddy not inserted in drive\n");
17632 		}
17633 
17634 		sr_ejected(un);
17635 		un->un_mediastate = DKIO_EJECTED;
17636 		/* The state has changed, inform the media watch routines */
17637 		cv_broadcast(&un->un_state_cv);
17638 		/* Just fail if no media is present in the drive. */
17639 		goto fail_command;
17640 
17641 	default:
17642 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17643 			scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
17644 			    "Unit not Ready. Additional sense code 0x%x\n",
17645 			    asc);
17646 		}
17647 		break;
17648 	}
17649 
17650 do_retry:
17651 
17652 	/*
17653 	 * Retry the command, as some targets may report NOT READY for
17654 	 * several seconds after being reset.
17655 	 */
17656 	xp->xb_retry_count++;
17657 	si.ssi_severity = SCSI_ERR_RETRYABLE;
17658 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, sd_print_sense_msg,
17659 	    &si, EIO, SD_BSY_TIMEOUT, NULL);
17660 
17661 	return;
17662 
17663 fail_command:
17664 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17665 	sd_return_failed_command(un, bp, EIO);
17666 }
17667 
17668 
17669 
17670 /*
17671  *    Function: sd_sense_key_medium_or_hardware_error
17672  *
17673  * Description: Recovery actions for a SCSI "Medium Error" or "Hardware Error"
17674  *		sense key.
17675  *
17676  *     Context: May be called from interrupt context
17677  */
17678 
17679 static void
17680 sd_sense_key_medium_or_hardware_error(struct sd_lun *un,
17681 	int sense_key, uint8_t asc,
17682 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17683 {
17684 	struct sd_sense_info	si;
17685 
17686 	ASSERT(un != NULL);
17687 	ASSERT(mutex_owned(SD_MUTEX(un)));
17688 	ASSERT(bp != NULL);
17689 	ASSERT(xp != NULL);
17690 	ASSERT(pktp != NULL);
17691 
17692 	si.ssi_severity = SCSI_ERR_FATAL;
17693 	si.ssi_pfa_flag = FALSE;
17694 
17695 	if (sense_key == KEY_MEDIUM_ERROR) {
17696 		SD_UPDATE_ERRSTATS(un, sd_rq_media_err);
17697 	}
17698 
17699 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17700 
17701 	if ((un->un_reset_retry_count != 0) &&
17702 	    (xp->xb_retry_count == un->un_reset_retry_count)) {
17703 		mutex_exit(SD_MUTEX(un));
17704 		/* Do NOT do a RESET_ALL here: too intrusive. (4112858) */
17705 		if (un->un_f_allow_bus_device_reset == TRUE) {
17706 
17707 			boolean_t try_resetting_target = B_TRUE;
17708 
17709 			/*
17710 			 * We need to be able to handle specific ASC when we are
17711 			 * handling a KEY_HARDWARE_ERROR. In particular
17712 			 * taking the default action of resetting the target may
17713 			 * not be the appropriate way to attempt recovery.
17714 			 * Resetting a target because of a single LUN failure
17715 			 * victimizes all LUNs on that target.
17716 			 *
17717 			 * This is true for the LSI arrays, if an LSI
17718 			 * array controller returns an ASC of 0x84 (LUN Dead) we
17719 			 * should trust it.
17720 			 */
17721 
17722 			if (sense_key == KEY_HARDWARE_ERROR) {
17723 				switch (asc) {
17724 				case 0x84:
17725 					if (SD_IS_LSI(un)) {
17726 						try_resetting_target = B_FALSE;
17727 					}
17728 					break;
17729 				default:
17730 					break;
17731 				}
17732 			}
17733 
17734 			if (try_resetting_target == B_TRUE) {
17735 				int reset_retval = 0;
17736 				if (un->un_f_lun_reset_enabled == TRUE) {
17737 					SD_TRACE(SD_LOG_IO_CORE, un,
17738 					    "sd_sense_key_medium_or_hardware_"
17739 					    "error: issuing RESET_LUN\n");
17740 					reset_retval =
17741 					    scsi_reset(SD_ADDRESS(un),
17742 					    RESET_LUN);
17743 				}
17744 				if (reset_retval == 0) {
17745 					SD_TRACE(SD_LOG_IO_CORE, un,
17746 					    "sd_sense_key_medium_or_hardware_"
17747 					    "error: issuing RESET_TARGET\n");
17748 					(void) scsi_reset(SD_ADDRESS(un),
17749 					    RESET_TARGET);
17750 				}
17751 			}
17752 		}
17753 		mutex_enter(SD_MUTEX(un));
17754 	}
17755 
17756 	/*
17757 	 * This really ought to be a fatal error, but we will retry anyway
17758 	 * as some drives report this as a spurious error.
17759 	 */
17760 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17761 	    &si, EIO, (clock_t)0, NULL);
17762 }
17763 
17764 
17765 
17766 /*
17767  *    Function: sd_sense_key_illegal_request
17768  *
17769  * Description: Recovery actions for a SCSI "Illegal Request" sense key.
17770  *
17771  *     Context: May be called from interrupt context
17772  */
17773 
17774 static void
17775 sd_sense_key_illegal_request(struct sd_lun *un, struct buf *bp,
17776 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17777 {
17778 	struct sd_sense_info	si;
17779 
17780 	ASSERT(un != NULL);
17781 	ASSERT(mutex_owned(SD_MUTEX(un)));
17782 	ASSERT(bp != NULL);
17783 	ASSERT(xp != NULL);
17784 	ASSERT(pktp != NULL);
17785 
17786 	SD_UPDATE_ERRSTATS(un, sd_softerrs);
17787 	SD_UPDATE_ERRSTATS(un, sd_rq_illrq_err);
17788 
17789 	si.ssi_severity = SCSI_ERR_INFO;
17790 	si.ssi_pfa_flag = FALSE;
17791 
17792 	/* Pointless to retry if the target thinks it's an illegal request */
17793 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17794 	sd_return_failed_command(un, bp, EIO);
17795 }
17796 
17797 
17798 
17799 
17800 /*
17801  *    Function: sd_sense_key_unit_attention
17802  *
17803  * Description: Recovery actions for a SCSI "Unit Attention" sense key.
17804  *
17805  *     Context: May be called from interrupt context
17806  */
17807 
17808 static void
17809 sd_sense_key_unit_attention(struct sd_lun *un,
17810 	uint8_t asc,
17811 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17812 {
17813 	/*
17814 	 * For UNIT ATTENTION we allow retries for one minute. Devices
17815 	 * like Sonoma can return UNIT ATTENTION close to a minute
17816 	 * under certain conditions.
17817 	 */
17818 	int	retry_check_flag = SD_RETRIES_UA;
17819 	struct	sd_sense_info		si;
17820 
17821 	ASSERT(un != NULL);
17822 	ASSERT(mutex_owned(SD_MUTEX(un)));
17823 	ASSERT(bp != NULL);
17824 	ASSERT(xp != NULL);
17825 	ASSERT(pktp != NULL);
17826 
17827 	si.ssi_severity = SCSI_ERR_INFO;
17828 	si.ssi_pfa_flag = FALSE;
17829 
17830 
17831 	switch (asc) {
17832 	case 0x5D:  /* FAILURE PREDICTION THRESHOLD EXCEEDED */
17833 		if (sd_report_pfa != 0) {
17834 			SD_UPDATE_ERRSTATS(un, sd_rq_pfa_err);
17835 			si.ssi_pfa_flag = TRUE;
17836 			retry_check_flag = SD_RETRIES_STANDARD;
17837 			goto do_retry;
17838 		}
17839 		break;
17840 
17841 	case 0x29:  /* POWER ON, RESET, OR BUS DEVICE RESET OCCURRED */
17842 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
17843 			un->un_resvd_status |=
17844 			    (SD_LOST_RESERVE | SD_WANT_RESERVE);
17845 		}
17846 		/* FALLTHRU */
17847 
17848 	case 0x28: /* NOT READY TO READY CHANGE, MEDIUM MAY HAVE CHANGED */
17849 		if (!ISREMOVABLE(un)) {
17850 			break;
17851 		}
17852 
17853 		/*
17854 		 * When we get a unit attention from a removable-media device,
17855 		 * it may be in a state that will take a long time to recover
17856 		 * (e.g., from a reset).  Since we are executing in interrupt
17857 		 * context here, we cannot wait around for the device to come
17858 		 * back. So hand this command off to sd_media_change_task()
17859 		 * for deferred processing under taskq thread context. (Note
17860 		 * that the command still may be failed if a problem is
17861 		 * encountered at a later time.)
17862 		 */
17863 		if (taskq_dispatch(sd_tq, sd_media_change_task, pktp,
17864 		    KM_NOSLEEP) == 0) {
17865 			/*
17866 			 * Cannot dispatch the request so fail the command.
17867 			 */
17868 			SD_UPDATE_ERRSTATS(un, sd_harderrs);
17869 			SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
17870 			si.ssi_severity = SCSI_ERR_FATAL;
17871 			sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17872 			sd_return_failed_command(un, bp, EIO);
17873 		}
17874 		/*
17875 		 * Either the command has been successfully dispatched to a
17876 		 * task Q for retrying, or the dispatch failed. In either case
17877 		 * do NOT retry again by calling sd_retry_command. This sets up
17878 		 * two retries of the same command and when one completes and
17879 		 * frees the resources the other will access freed memory,
17880 		 * a bad thing.
17881 		 */
17882 		return;
17883 
17884 	default:
17885 		break;
17886 	}
17887 
17888 	if (!ISREMOVABLE(un)) {
17889 		/*
17890 		 * Do not update these here for removables. For removables
17891 		 * these stats are updated (1) above if we failed to dispatch
17892 		 * sd_media_change_task(), or (2) sd_media_change_task() may
17893 		 * update these later if it encounters an error.
17894 		 */
17895 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
17896 		SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
17897 	}
17898 
17899 do_retry:
17900 	sd_retry_command(un, bp, retry_check_flag, sd_print_sense_msg, &si,
17901 	    EIO, SD_UA_RETRY_DELAY, NULL);
17902 }
17903 
17904 
17905 
17906 /*
17907  *    Function: sd_sense_key_fail_command
17908  *
17909  * Description: Use to fail a command when we don't like the sense key that
17910  *		was returned.
17911  *
17912  *     Context: May be called from interrupt context
17913  */
17914 
17915 static void
17916 sd_sense_key_fail_command(struct sd_lun *un, struct buf *bp,
17917 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17918 {
17919 	struct sd_sense_info	si;
17920 
17921 	ASSERT(un != NULL);
17922 	ASSERT(mutex_owned(SD_MUTEX(un)));
17923 	ASSERT(bp != NULL);
17924 	ASSERT(xp != NULL);
17925 	ASSERT(pktp != NULL);
17926 
17927 	si.ssi_severity = SCSI_ERR_FATAL;
17928 	si.ssi_pfa_flag = FALSE;
17929 
17930 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17931 	sd_return_failed_command(un, bp, EIO);
17932 }
17933 
17934 
17935 
17936 /*
17937  *    Function: sd_sense_key_blank_check
17938  *
17939  * Description: Recovery actions for a SCSI "Blank Check" sense key.
17940  *		Has no monetary connotation.
17941  *
17942  *     Context: May be called from interrupt context
17943  */
17944 
17945 static void
17946 sd_sense_key_blank_check(struct sd_lun *un, struct buf *bp,
17947 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17948 {
17949 	struct sd_sense_info	si;
17950 
17951 	ASSERT(un != NULL);
17952 	ASSERT(mutex_owned(SD_MUTEX(un)));
17953 	ASSERT(bp != NULL);
17954 	ASSERT(xp != NULL);
17955 	ASSERT(pktp != NULL);
17956 
17957 	/*
17958 	 * Blank check is not fatal for removable devices, therefore
17959 	 * it does not require a console message.
17960 	 */
17961 	si.ssi_severity = (ISREMOVABLE(un)) ? SCSI_ERR_ALL : SCSI_ERR_FATAL;
17962 	si.ssi_pfa_flag = FALSE;
17963 
17964 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17965 	sd_return_failed_command(un, bp, EIO);
17966 }
17967 
17968 
17969 
17970 
17971 /*
17972  *    Function: sd_sense_key_aborted_command
17973  *
17974  * Description: Recovery actions for a SCSI "Aborted Command" sense key.
17975  *
17976  *     Context: May be called from interrupt context
17977  */
17978 
17979 static void
17980 sd_sense_key_aborted_command(struct sd_lun *un, struct buf *bp,
17981 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17982 {
17983 	struct sd_sense_info	si;
17984 
17985 	ASSERT(un != NULL);
17986 	ASSERT(mutex_owned(SD_MUTEX(un)));
17987 	ASSERT(bp != NULL);
17988 	ASSERT(xp != NULL);
17989 	ASSERT(pktp != NULL);
17990 
17991 	si.ssi_severity = SCSI_ERR_FATAL;
17992 	si.ssi_pfa_flag = FALSE;
17993 
17994 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17995 
17996 	/*
17997 	 * This really ought to be a fatal error, but we will retry anyway
17998 	 * as some drives report this as a spurious error.
17999 	 */
18000 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
18001 	    &si, EIO, (clock_t)0, NULL);
18002 }
18003 
18004 
18005 
18006 /*
18007  *    Function: sd_sense_key_default
18008  *
18009  * Description: Default recovery action for several SCSI sense keys (basically
18010  *		attempts a retry).
18011  *
18012  *     Context: May be called from interrupt context
18013  */
18014 
18015 static void
18016 sd_sense_key_default(struct sd_lun *un,
18017 	int sense_key,
18018 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
18019 {
18020 	struct sd_sense_info	si;
18021 
18022 	ASSERT(un != NULL);
18023 	ASSERT(mutex_owned(SD_MUTEX(un)));
18024 	ASSERT(bp != NULL);
18025 	ASSERT(xp != NULL);
18026 	ASSERT(pktp != NULL);
18027 
18028 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18029 
18030 	/*
18031 	 * Undecoded sense key.	Attempt retries and hope that will fix
18032 	 * the problem.  Otherwise, we're dead.
18033 	 */
18034 	if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
18035 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18036 		    "Unhandled Sense Key '%s'\n", sense_keys[sense_key]);
18037 	}
18038 
18039 	si.ssi_severity = SCSI_ERR_FATAL;
18040 	si.ssi_pfa_flag = FALSE;
18041 
18042 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
18043 	    &si, EIO, (clock_t)0, NULL);
18044 }
18045 
18046 
18047 
18048 /*
18049  *    Function: sd_print_retry_msg
18050  *
18051  * Description: Print a message indicating the retry action being taken.
18052  *
18053  *   Arguments: un - ptr to associated softstate
18054  *		bp - ptr to buf(9S) for the command
18055  *		arg - not used.
18056  *		flag - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
18057  *			or SD_NO_RETRY_ISSUED
18058  *
18059  *     Context: May be called from interrupt context
18060  */
18061 /* ARGSUSED */
18062 static void
18063 sd_print_retry_msg(struct sd_lun *un, struct buf *bp, void *arg, int flag)
18064 {
18065 	struct sd_xbuf	*xp;
18066 	struct scsi_pkt *pktp;
18067 	char *reasonp;
18068 	char *msgp;
18069 
18070 	ASSERT(un != NULL);
18071 	ASSERT(mutex_owned(SD_MUTEX(un)));
18072 	ASSERT(bp != NULL);
18073 	pktp = SD_GET_PKTP(bp);
18074 	ASSERT(pktp != NULL);
18075 	xp = SD_GET_XBUF(bp);
18076 	ASSERT(xp != NULL);
18077 
18078 	ASSERT(!mutex_owned(&un->un_pm_mutex));
18079 	mutex_enter(&un->un_pm_mutex);
18080 	if ((un->un_state == SD_STATE_SUSPENDED) ||
18081 	    (SD_DEVICE_IS_IN_LOW_POWER(un)) ||
18082 	    (pktp->pkt_flags & FLAG_SILENT)) {
18083 		mutex_exit(&un->un_pm_mutex);
18084 		goto update_pkt_reason;
18085 	}
18086 	mutex_exit(&un->un_pm_mutex);
18087 
18088 	/*
18089 	 * Suppress messages if they are all the same pkt_reason; with
18090 	 * TQ, many (up to 256) are returned with the same pkt_reason.
18091 	 * If we are in panic, then suppress the retry messages.
18092 	 */
18093 	switch (flag) {
18094 	case SD_NO_RETRY_ISSUED:
18095 		msgp = "giving up";
18096 		break;
18097 	case SD_IMMEDIATE_RETRY_ISSUED:
18098 	case SD_DELAYED_RETRY_ISSUED:
18099 		if (ddi_in_panic() || (un->un_state == SD_STATE_OFFLINE) ||
18100 		    ((pktp->pkt_reason == un->un_last_pkt_reason) &&
18101 		    (sd_error_level != SCSI_ERR_ALL))) {
18102 			return;
18103 		}
18104 		msgp = "retrying command";
18105 		break;
18106 	default:
18107 		goto update_pkt_reason;
18108 	}
18109 
18110 	reasonp = (((pktp->pkt_statistics & STAT_PERR) != 0) ? "parity error" :
18111 	    scsi_rname(pktp->pkt_reason));
18112 
18113 	scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18114 	    "SCSI transport failed: reason '%s': %s\n", reasonp, msgp);
18115 
18116 update_pkt_reason:
18117 	/*
18118 	 * Update un->un_last_pkt_reason with the value in pktp->pkt_reason.
18119 	 * This is to prevent multiple console messages for the same failure
18120 	 * condition.  Note that un->un_last_pkt_reason is NOT restored if &
18121 	 * when the command is retried successfully because there still may be
18122 	 * more commands coming back with the same value of pktp->pkt_reason.
18123 	 */
18124 	if ((pktp->pkt_reason != CMD_CMPLT) || (xp->xb_retry_count == 0)) {
18125 		un->un_last_pkt_reason = pktp->pkt_reason;
18126 	}
18127 }
18128 
18129 
18130 /*
18131  *    Function: sd_print_cmd_incomplete_msg
18132  *
18133  * Description: Message logging fn. for a SCSA "CMD_INCOMPLETE" pkt_reason.
18134  *
18135  *   Arguments: un - ptr to associated softstate
18136  *		bp - ptr to buf(9S) for the command
18137  *		arg - passed to sd_print_retry_msg()
18138  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
18139  *			or SD_NO_RETRY_ISSUED
18140  *
18141  *     Context: May be called from interrupt context
18142  */
18143 
18144 static void
18145 sd_print_cmd_incomplete_msg(struct sd_lun *un, struct buf *bp, void *arg,
18146 	int code)
18147 {
18148 	dev_info_t	*dip;
18149 
18150 	ASSERT(un != NULL);
18151 	ASSERT(mutex_owned(SD_MUTEX(un)));
18152 	ASSERT(bp != NULL);
18153 
18154 	switch (code) {
18155 	case SD_NO_RETRY_ISSUED:
18156 		/* Command was failed. Someone turned off this target? */
18157 		if (un->un_state != SD_STATE_OFFLINE) {
18158 			/*
18159 			 * Suppress message if we are detaching and
18160 			 * device has been disconnected
18161 			 * Note that DEVI_IS_DEVICE_REMOVED is a consolidation
18162 			 * private interface and not part of the DDI
18163 			 */
18164 			dip = un->un_sd->sd_dev;
18165 			if (!(DEVI_IS_DETACHING(dip) &&
18166 			    DEVI_IS_DEVICE_REMOVED(dip))) {
18167 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18168 				"disk not responding to selection\n");
18169 			}
18170 			New_state(un, SD_STATE_OFFLINE);
18171 		}
18172 		break;
18173 
18174 	case SD_DELAYED_RETRY_ISSUED:
18175 	case SD_IMMEDIATE_RETRY_ISSUED:
18176 	default:
18177 		/* Command was successfully queued for retry */
18178 		sd_print_retry_msg(un, bp, arg, code);
18179 		break;
18180 	}
18181 }
18182 
18183 
18184 /*
18185  *    Function: sd_pkt_reason_cmd_incomplete
18186  *
18187  * Description: Recovery actions for a SCSA "CMD_INCOMPLETE" pkt_reason.
18188  *
18189  *     Context: May be called from interrupt context
18190  */
18191 
18192 static void
18193 sd_pkt_reason_cmd_incomplete(struct sd_lun *un, struct buf *bp,
18194 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18195 {
18196 	int flag = SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE;
18197 
18198 	ASSERT(un != NULL);
18199 	ASSERT(mutex_owned(SD_MUTEX(un)));
18200 	ASSERT(bp != NULL);
18201 	ASSERT(xp != NULL);
18202 	ASSERT(pktp != NULL);
18203 
18204 	/* Do not do a reset if selection did not complete */
18205 	/* Note: Should this not just check the bit? */
18206 	if (pktp->pkt_state != STATE_GOT_BUS) {
18207 		SD_UPDATE_ERRSTATS(un, sd_transerrs);
18208 		sd_reset_target(un, pktp);
18209 	}
18210 
18211 	/*
18212 	 * If the target was not successfully selected, then set
18213 	 * SD_RETRIES_FAILFAST to indicate that we lost communication
18214 	 * with the target, and further retries and/or commands are
18215 	 * likely to take a long time.
18216 	 */
18217 	if ((pktp->pkt_state & STATE_GOT_TARGET) == 0) {
18218 		flag |= SD_RETRIES_FAILFAST;
18219 	}
18220 
18221 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18222 
18223 	sd_retry_command(un, bp, flag,
18224 	    sd_print_cmd_incomplete_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18225 }
18226 
18227 
18228 
18229 /*
18230  *    Function: sd_pkt_reason_cmd_tran_err
18231  *
18232  * Description: Recovery actions for a SCSA "CMD_TRAN_ERR" pkt_reason.
18233  *
18234  *     Context: May be called from interrupt context
18235  */
18236 
18237 static void
18238 sd_pkt_reason_cmd_tran_err(struct sd_lun *un, struct buf *bp,
18239 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18240 {
18241 	ASSERT(un != NULL);
18242 	ASSERT(mutex_owned(SD_MUTEX(un)));
18243 	ASSERT(bp != NULL);
18244 	ASSERT(xp != NULL);
18245 	ASSERT(pktp != NULL);
18246 
18247 	/*
18248 	 * Do not reset if we got a parity error, or if
18249 	 * selection did not complete.
18250 	 */
18251 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18252 	/* Note: Should this not just check the bit for pkt_state? */
18253 	if (((pktp->pkt_statistics & STAT_PERR) == 0) &&
18254 	    (pktp->pkt_state != STATE_GOT_BUS)) {
18255 		SD_UPDATE_ERRSTATS(un, sd_transerrs);
18256 		sd_reset_target(un, pktp);
18257 	}
18258 
18259 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18260 
18261 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18262 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18263 }
18264 
18265 
18266 
18267 /*
18268  *    Function: sd_pkt_reason_cmd_reset
18269  *
18270  * Description: Recovery actions for a SCSA "CMD_RESET" pkt_reason.
18271  *
18272  *     Context: May be called from interrupt context
18273  */
18274 
18275 static void
18276 sd_pkt_reason_cmd_reset(struct sd_lun *un, struct buf *bp,
18277 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18278 {
18279 	ASSERT(un != NULL);
18280 	ASSERT(mutex_owned(SD_MUTEX(un)));
18281 	ASSERT(bp != NULL);
18282 	ASSERT(xp != NULL);
18283 	ASSERT(pktp != NULL);
18284 
18285 	/* The target may still be running the command, so try to reset. */
18286 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18287 	sd_reset_target(un, pktp);
18288 
18289 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18290 
18291 	/*
18292 	 * If pkt_reason is CMD_RESET chances are that this pkt got
18293 	 * reset because another target on this bus caused it. The target
18294 	 * that caused it should get CMD_TIMEOUT with pkt_statistics
18295 	 * of STAT_TIMEOUT/STAT_DEV_RESET.
18296 	 */
18297 
18298 	sd_retry_command(un, bp, (SD_RETRIES_VICTIM | SD_RETRIES_ISOLATE),
18299 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18300 }
18301 
18302 
18303 
18304 
18305 /*
18306  *    Function: sd_pkt_reason_cmd_aborted
18307  *
18308  * Description: Recovery actions for a SCSA "CMD_ABORTED" pkt_reason.
18309  *
18310  *     Context: May be called from interrupt context
18311  */
18312 
18313 static void
18314 sd_pkt_reason_cmd_aborted(struct sd_lun *un, struct buf *bp,
18315 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18316 {
18317 	ASSERT(un != NULL);
18318 	ASSERT(mutex_owned(SD_MUTEX(un)));
18319 	ASSERT(bp != NULL);
18320 	ASSERT(xp != NULL);
18321 	ASSERT(pktp != NULL);
18322 
18323 	/* The target may still be running the command, so try to reset. */
18324 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18325 	sd_reset_target(un, pktp);
18326 
18327 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18328 
18329 	/*
18330 	 * If pkt_reason is CMD_ABORTED chances are that this pkt got
18331 	 * aborted because another target on this bus caused it. The target
18332 	 * that caused it should get CMD_TIMEOUT with pkt_statistics
18333 	 * of STAT_TIMEOUT/STAT_DEV_RESET.
18334 	 */
18335 
18336 	sd_retry_command(un, bp, (SD_RETRIES_VICTIM | SD_RETRIES_ISOLATE),
18337 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18338 }
18339 
18340 
18341 
18342 /*
18343  *    Function: sd_pkt_reason_cmd_timeout
18344  *
18345  * Description: Recovery actions for a SCSA "CMD_TIMEOUT" pkt_reason.
18346  *
18347  *     Context: May be called from interrupt context
18348  */
18349 
18350 static void
18351 sd_pkt_reason_cmd_timeout(struct sd_lun *un, struct buf *bp,
18352 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18353 {
18354 	ASSERT(un != NULL);
18355 	ASSERT(mutex_owned(SD_MUTEX(un)));
18356 	ASSERT(bp != NULL);
18357 	ASSERT(xp != NULL);
18358 	ASSERT(pktp != NULL);
18359 
18360 
18361 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18362 	sd_reset_target(un, pktp);
18363 
18364 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18365 
18366 	/*
18367 	 * A command timeout indicates that we could not establish
18368 	 * communication with the target, so set SD_RETRIES_FAILFAST
18369 	 * as further retries/commands are likely to take a long time.
18370 	 */
18371 	sd_retry_command(un, bp,
18372 	    (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE | SD_RETRIES_FAILFAST),
18373 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18374 }
18375 
18376 
18377 
18378 /*
18379  *    Function: sd_pkt_reason_cmd_unx_bus_free
18380  *
18381  * Description: Recovery actions for a SCSA "CMD_UNX_BUS_FREE" pkt_reason.
18382  *
18383  *     Context: May be called from interrupt context
18384  */
18385 
18386 static void
18387 sd_pkt_reason_cmd_unx_bus_free(struct sd_lun *un, struct buf *bp,
18388 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18389 {
18390 	void (*funcp)(struct sd_lun *un, struct buf *bp, void *arg, int code);
18391 
18392 	ASSERT(un != NULL);
18393 	ASSERT(mutex_owned(SD_MUTEX(un)));
18394 	ASSERT(bp != NULL);
18395 	ASSERT(xp != NULL);
18396 	ASSERT(pktp != NULL);
18397 
18398 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18399 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18400 
18401 	funcp = ((pktp->pkt_statistics & STAT_PERR) == 0) ?
18402 	    sd_print_retry_msg : NULL;
18403 
18404 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18405 	    funcp, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18406 }
18407 
18408 
18409 /*
18410  *    Function: sd_pkt_reason_cmd_tag_reject
18411  *
18412  * Description: Recovery actions for a SCSA "CMD_TAG_REJECT" pkt_reason.
18413  *
18414  *     Context: May be called from interrupt context
18415  */
18416 
18417 static void
18418 sd_pkt_reason_cmd_tag_reject(struct sd_lun *un, struct buf *bp,
18419 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18420 {
18421 	ASSERT(un != NULL);
18422 	ASSERT(mutex_owned(SD_MUTEX(un)));
18423 	ASSERT(bp != NULL);
18424 	ASSERT(xp != NULL);
18425 	ASSERT(pktp != NULL);
18426 
18427 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18428 	pktp->pkt_flags = 0;
18429 	un->un_tagflags = 0;
18430 	if (un->un_f_opt_queueing == TRUE) {
18431 		un->un_throttle = min(un->un_throttle, 3);
18432 	} else {
18433 		un->un_throttle = 1;
18434 	}
18435 	mutex_exit(SD_MUTEX(un));
18436 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
18437 	mutex_enter(SD_MUTEX(un));
18438 
18439 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18440 
18441 	/* Legacy behavior not to check retry counts here. */
18442 	sd_retry_command(un, bp, (SD_RETRIES_NOCHECK | SD_RETRIES_ISOLATE),
18443 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18444 }
18445 
18446 
18447 /*
18448  *    Function: sd_pkt_reason_default
18449  *
18450  * Description: Default recovery actions for SCSA pkt_reason values that
18451  *		do not have more explicit recovery actions.
18452  *
18453  *     Context: May be called from interrupt context
18454  */
18455 
18456 static void
18457 sd_pkt_reason_default(struct sd_lun *un, struct buf *bp,
18458 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18459 {
18460 	ASSERT(un != NULL);
18461 	ASSERT(mutex_owned(SD_MUTEX(un)));
18462 	ASSERT(bp != NULL);
18463 	ASSERT(xp != NULL);
18464 	ASSERT(pktp != NULL);
18465 
18466 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18467 	sd_reset_target(un, pktp);
18468 
18469 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18470 
18471 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18472 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18473 }
18474 
18475 
18476 
18477 /*
18478  *    Function: sd_pkt_status_check_condition
18479  *
18480  * Description: Recovery actions for a "STATUS_CHECK" SCSI command status.
18481  *
18482  *     Context: May be called from interrupt context
18483  */
18484 
18485 static void
18486 sd_pkt_status_check_condition(struct sd_lun *un, struct buf *bp,
18487 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18488 {
18489 	ASSERT(un != NULL);
18490 	ASSERT(mutex_owned(SD_MUTEX(un)));
18491 	ASSERT(bp != NULL);
18492 	ASSERT(xp != NULL);
18493 	ASSERT(pktp != NULL);
18494 
18495 	SD_TRACE(SD_LOG_IO, un, "sd_pkt_status_check_condition: "
18496 	    "entry: buf:0x%p xp:0x%p\n", bp, xp);
18497 
18498 	/*
18499 	 * If ARQ is NOT enabled, then issue a REQUEST SENSE command (the
18500 	 * command will be retried after the request sense). Otherwise, retry
18501 	 * the command. Note: we are issuing the request sense even though the
18502 	 * retry limit may have been reached for the failed command.
18503 	 */
18504 	if (un->un_f_arq_enabled == FALSE) {
18505 		SD_INFO(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: "
18506 		    "no ARQ, sending request sense command\n");
18507 		sd_send_request_sense_command(un, bp, pktp);
18508 	} else {
18509 		SD_INFO(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: "
18510 		    "ARQ,retrying request sense command\n");
18511 #if defined(__i386) || defined(__amd64)
18512 		/*
18513 		 * The SD_RETRY_DELAY value need to be adjusted here
18514 		 * when SD_RETRY_DELAY change in sddef.h
18515 		 */
18516 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL, 0,
18517 			un->un_f_is_fibre?drv_usectohz(100000):(clock_t)0,
18518 			NULL);
18519 #else
18520 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL,
18521 		    0, SD_RETRY_DELAY, NULL);
18522 #endif
18523 	}
18524 
18525 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: exit\n");
18526 }
18527 
18528 
18529 /*
18530  *    Function: sd_pkt_status_busy
18531  *
18532  * Description: Recovery actions for a "STATUS_BUSY" SCSI command status.
18533  *
18534  *     Context: May be called from interrupt context
18535  */
18536 
18537 static void
18538 sd_pkt_status_busy(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
18539 	struct scsi_pkt *pktp)
18540 {
18541 	ASSERT(un != NULL);
18542 	ASSERT(mutex_owned(SD_MUTEX(un)));
18543 	ASSERT(bp != NULL);
18544 	ASSERT(xp != NULL);
18545 	ASSERT(pktp != NULL);
18546 
18547 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18548 	    "sd_pkt_status_busy: entry\n");
18549 
18550 	/* If retries are exhausted, just fail the command. */
18551 	if (xp->xb_retry_count >= un->un_busy_retry_count) {
18552 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18553 		    "device busy too long\n");
18554 		sd_return_failed_command(un, bp, EIO);
18555 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18556 		    "sd_pkt_status_busy: exit\n");
18557 		return;
18558 	}
18559 	xp->xb_retry_count++;
18560 
18561 	/*
18562 	 * Try to reset the target. However, we do not want to perform
18563 	 * more than one reset if the device continues to fail. The reset
18564 	 * will be performed when the retry count reaches the reset
18565 	 * threshold.  This threshold should be set such that at least
18566 	 * one retry is issued before the reset is performed.
18567 	 */
18568 	if (xp->xb_retry_count ==
18569 	    ((un->un_reset_retry_count < 2) ? 2 : un->un_reset_retry_count)) {
18570 		int rval = 0;
18571 		mutex_exit(SD_MUTEX(un));
18572 		if (un->un_f_allow_bus_device_reset == TRUE) {
18573 			/*
18574 			 * First try to reset the LUN; if we cannot then
18575 			 * try to reset the target.
18576 			 */
18577 			if (un->un_f_lun_reset_enabled == TRUE) {
18578 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18579 				    "sd_pkt_status_busy: RESET_LUN\n");
18580 				rval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
18581 			}
18582 			if (rval == 0) {
18583 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18584 				    "sd_pkt_status_busy: RESET_TARGET\n");
18585 				rval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
18586 			}
18587 		}
18588 		if (rval == 0) {
18589 			/*
18590 			 * If the RESET_LUN and/or RESET_TARGET failed,
18591 			 * try RESET_ALL
18592 			 */
18593 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18594 			    "sd_pkt_status_busy: RESET_ALL\n");
18595 			rval = scsi_reset(SD_ADDRESS(un), RESET_ALL);
18596 		}
18597 		mutex_enter(SD_MUTEX(un));
18598 		if (rval == 0) {
18599 			/*
18600 			 * The RESET_LUN, RESET_TARGET, and/or RESET_ALL failed.
18601 			 * At this point we give up & fail the command.
18602 			 */
18603 			sd_return_failed_command(un, bp, EIO);
18604 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18605 			    "sd_pkt_status_busy: exit (failed cmd)\n");
18606 			return;
18607 		}
18608 	}
18609 
18610 	/*
18611 	 * Retry the command. Be sure to specify SD_RETRIES_NOCHECK as
18612 	 * we have already checked the retry counts above.
18613 	 */
18614 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, NULL, NULL,
18615 	    EIO, SD_BSY_TIMEOUT, NULL);
18616 
18617 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18618 	    "sd_pkt_status_busy: exit\n");
18619 }
18620 
18621 
18622 /*
18623  *    Function: sd_pkt_status_reservation_conflict
18624  *
18625  * Description: Recovery actions for a "STATUS_RESERVATION_CONFLICT" SCSI
18626  *		command status.
18627  *
18628  *     Context: May be called from interrupt context
18629  */
18630 
18631 static void
18632 sd_pkt_status_reservation_conflict(struct sd_lun *un, struct buf *bp,
18633 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18634 {
18635 	ASSERT(un != NULL);
18636 	ASSERT(mutex_owned(SD_MUTEX(un)));
18637 	ASSERT(bp != NULL);
18638 	ASSERT(xp != NULL);
18639 	ASSERT(pktp != NULL);
18640 
18641 	/*
18642 	 * If the command was PERSISTENT_RESERVATION_[IN|OUT] then reservation
18643 	 * conflict could be due to various reasons like incorrect keys, not
18644 	 * registered or not reserved etc. So, we return EACCES to the caller.
18645 	 */
18646 	if (un->un_reservation_type == SD_SCSI3_RESERVATION) {
18647 		int cmd = SD_GET_PKT_OPCODE(pktp);
18648 		if ((cmd == SCMD_PERSISTENT_RESERVE_IN) ||
18649 		    (cmd == SCMD_PERSISTENT_RESERVE_OUT)) {
18650 			sd_return_failed_command(un, bp, EACCES);
18651 			return;
18652 		}
18653 	}
18654 
18655 	un->un_resvd_status |= SD_RESERVATION_CONFLICT;
18656 
18657 	if ((un->un_resvd_status & SD_FAILFAST) != 0) {
18658 		if (sd_failfast_enable != 0) {
18659 			/* By definition, we must panic here.... */
18660 			panic("Reservation Conflict");
18661 			/*NOTREACHED*/
18662 		}
18663 		SD_ERROR(SD_LOG_IO, un,
18664 		    "sd_handle_resv_conflict: Disk Reserved\n");
18665 		sd_return_failed_command(un, bp, EACCES);
18666 		return;
18667 	}
18668 
18669 	/*
18670 	 * 1147670: retry only if sd_retry_on_reservation_conflict
18671 	 * property is set (default is 1). Retries will not succeed
18672 	 * on a disk reserved by another initiator. HA systems
18673 	 * may reset this via sd.conf to avoid these retries.
18674 	 *
18675 	 * Note: The legacy return code for this failure is EIO, however EACCES
18676 	 * seems more appropriate for a reservation conflict.
18677 	 */
18678 	if (sd_retry_on_reservation_conflict == 0) {
18679 		SD_ERROR(SD_LOG_IO, un,
18680 		    "sd_handle_resv_conflict: Device Reserved\n");
18681 		sd_return_failed_command(un, bp, EIO);
18682 		return;
18683 	}
18684 
18685 	/*
18686 	 * Retry the command if we can.
18687 	 *
18688 	 * Note: The legacy return code for this failure is EIO, however EACCES
18689 	 * seems more appropriate for a reservation conflict.
18690 	 */
18691 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL, EIO,
18692 	    (clock_t)2, NULL);
18693 }
18694 
18695 
18696 
18697 /*
18698  *    Function: sd_pkt_status_qfull
18699  *
18700  * Description: Handle a QUEUE FULL condition from the target.  This can
18701  *		occur if the HBA does not handle the queue full condition.
18702  *		(Basically this means third-party HBAs as Sun HBAs will
18703  *		handle the queue full condition.)  Note that if there are
18704  *		some commands already in the transport, then the queue full
18705  *		has occurred because the queue for this nexus is actually
18706  *		full. If there are no commands in the transport, then the
18707  *		queue full is resulting from some other initiator or lun
18708  *		consuming all the resources at the target.
18709  *
18710  *     Context: May be called from interrupt context
18711  */
18712 
18713 static void
18714 sd_pkt_status_qfull(struct sd_lun *un, struct buf *bp,
18715 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18716 {
18717 	ASSERT(un != NULL);
18718 	ASSERT(mutex_owned(SD_MUTEX(un)));
18719 	ASSERT(bp != NULL);
18720 	ASSERT(xp != NULL);
18721 	ASSERT(pktp != NULL);
18722 
18723 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18724 	    "sd_pkt_status_qfull: entry\n");
18725 
18726 	/*
18727 	 * Just lower the QFULL throttle and retry the command.  Note that
18728 	 * we do not limit the number of retries here.
18729 	 */
18730 	sd_reduce_throttle(un, SD_THROTTLE_QFULL);
18731 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, NULL, NULL, 0,
18732 	    SD_RESTART_TIMEOUT, NULL);
18733 
18734 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18735 	    "sd_pkt_status_qfull: exit\n");
18736 }
18737 
18738 
18739 /*
18740  *    Function: sd_reset_target
18741  *
18742  * Description: Issue a scsi_reset(9F), with either RESET_LUN,
18743  *		RESET_TARGET, or RESET_ALL.
18744  *
18745  *     Context: May be called under interrupt context.
18746  */
18747 
18748 static void
18749 sd_reset_target(struct sd_lun *un, struct scsi_pkt *pktp)
18750 {
18751 	int rval = 0;
18752 
18753 	ASSERT(un != NULL);
18754 	ASSERT(mutex_owned(SD_MUTEX(un)));
18755 	ASSERT(pktp != NULL);
18756 
18757 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reset_target: entry\n");
18758 
18759 	/*
18760 	 * No need to reset if the transport layer has already done so.
18761 	 */
18762 	if ((pktp->pkt_statistics &
18763 	    (STAT_BUS_RESET | STAT_DEV_RESET | STAT_ABORTED)) != 0) {
18764 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18765 		    "sd_reset_target: no reset\n");
18766 		return;
18767 	}
18768 
18769 	mutex_exit(SD_MUTEX(un));
18770 
18771 	if (un->un_f_allow_bus_device_reset == TRUE) {
18772 		if (un->un_f_lun_reset_enabled == TRUE) {
18773 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18774 			    "sd_reset_target: RESET_LUN\n");
18775 			rval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
18776 		}
18777 		if (rval == 0) {
18778 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18779 			    "sd_reset_target: RESET_TARGET\n");
18780 			rval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
18781 		}
18782 	}
18783 
18784 	if (rval == 0) {
18785 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18786 		    "sd_reset_target: RESET_ALL\n");
18787 		(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
18788 	}
18789 
18790 	mutex_enter(SD_MUTEX(un));
18791 
18792 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reset_target: exit\n");
18793 }
18794 
18795 
18796 /*
18797  *    Function: sd_media_change_task
18798  *
18799  * Description: Recovery action for CDROM to become available.
18800  *
18801  *     Context: Executes in a taskq() thread context
18802  */
18803 
18804 static void
18805 sd_media_change_task(void *arg)
18806 {
18807 	struct	scsi_pkt	*pktp = arg;
18808 	struct	sd_lun		*un;
18809 	struct	buf		*bp;
18810 	struct	sd_xbuf		*xp;
18811 	int	err		= 0;
18812 	int	retry_count	= 0;
18813 	int	retry_limit	= SD_UNIT_ATTENTION_RETRY/10;
18814 	struct	sd_sense_info	si;
18815 
18816 	ASSERT(pktp != NULL);
18817 	bp = (struct buf *)pktp->pkt_private;
18818 	ASSERT(bp != NULL);
18819 	xp = SD_GET_XBUF(bp);
18820 	ASSERT(xp != NULL);
18821 	un = SD_GET_UN(bp);
18822 	ASSERT(un != NULL);
18823 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18824 	ASSERT(ISREMOVABLE(un));
18825 
18826 	si.ssi_severity = SCSI_ERR_INFO;
18827 	si.ssi_pfa_flag = FALSE;
18828 
18829 	/*
18830 	 * When a reset is issued on a CDROM, it takes a long time to
18831 	 * recover. First few attempts to read capacity and other things
18832 	 * related to handling unit attention fail (with a ASC 0x4 and
18833 	 * ASCQ 0x1). In that case we want to do enough retries and we want
18834 	 * to limit the retries in other cases of genuine failures like
18835 	 * no media in drive.
18836 	 */
18837 	while (retry_count++ < retry_limit) {
18838 		if ((err = sd_handle_mchange(un)) == 0) {
18839 			break;
18840 		}
18841 		if (err == EAGAIN) {
18842 			retry_limit = SD_UNIT_ATTENTION_RETRY;
18843 		}
18844 		/* Sleep for 0.5 sec. & try again */
18845 		delay(drv_usectohz(500000));
18846 	}
18847 
18848 	/*
18849 	 * Dispatch (retry or fail) the original command here,
18850 	 * along with appropriate console messages....
18851 	 *
18852 	 * Must grab the mutex before calling sd_retry_command,
18853 	 * sd_print_sense_msg and sd_return_failed_command.
18854 	 */
18855 	mutex_enter(SD_MUTEX(un));
18856 	if (err != SD_CMD_SUCCESS) {
18857 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
18858 		SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
18859 		si.ssi_severity = SCSI_ERR_FATAL;
18860 		sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
18861 		sd_return_failed_command(un, bp, EIO);
18862 	} else {
18863 		sd_retry_command(un, bp, SD_RETRIES_NOCHECK, sd_print_sense_msg,
18864 		    &si, EIO, (clock_t)0, NULL);
18865 	}
18866 	mutex_exit(SD_MUTEX(un));
18867 }
18868 
18869 
18870 
18871 /*
18872  *    Function: sd_handle_mchange
18873  *
18874  * Description: Perform geometry validation & other recovery when CDROM
18875  *		has been removed from drive.
18876  *
18877  * Return Code: 0 for success
18878  *		errno-type return code of either sd_send_scsi_DOORLOCK() or
18879  *		sd_send_scsi_READ_CAPACITY()
18880  *
18881  *     Context: Executes in a taskq() thread context
18882  */
18883 
18884 static int
18885 sd_handle_mchange(struct sd_lun *un)
18886 {
18887 	uint64_t	capacity;
18888 	uint32_t	lbasize;
18889 	int		rval;
18890 
18891 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18892 	ASSERT(ISREMOVABLE(un));
18893 
18894 	if ((rval = sd_send_scsi_READ_CAPACITY(un, &capacity, &lbasize,
18895 	    SD_PATH_DIRECT_PRIORITY)) != 0) {
18896 		return (rval);
18897 	}
18898 
18899 	mutex_enter(SD_MUTEX(un));
18900 	sd_update_block_info(un, lbasize, capacity);
18901 
18902 	if (un->un_errstats != NULL) {
18903 		struct	sd_errstats *stp =
18904 		    (struct sd_errstats *)un->un_errstats->ks_data;
18905 		stp->sd_capacity.value.ui64 = (uint64_t)
18906 		    ((uint64_t)un->un_blockcount *
18907 		    (uint64_t)un->un_tgt_blocksize);
18908 	}
18909 
18910 	/*
18911 	 * Note: Maybe let the strategy/partitioning chain worry about getting
18912 	 * valid geometry.
18913 	 */
18914 	un->un_f_geometry_is_valid = FALSE;
18915 	(void) sd_validate_geometry(un, SD_PATH_DIRECT_PRIORITY);
18916 	if (un->un_f_geometry_is_valid == FALSE) {
18917 		mutex_exit(SD_MUTEX(un));
18918 		return (EIO);
18919 	}
18920 
18921 	mutex_exit(SD_MUTEX(un));
18922 
18923 	/*
18924 	 * Try to lock the door
18925 	 */
18926 	return (sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
18927 	    SD_PATH_DIRECT_PRIORITY));
18928 }
18929 
18930 
18931 /*
18932  *    Function: sd_send_scsi_DOORLOCK
18933  *
18934  * Description: Issue the scsi DOOR LOCK command
18935  *
18936  *   Arguments: un    - pointer to driver soft state (unit) structure for
18937  *			this target.
18938  *		flag  - SD_REMOVAL_ALLOW
18939  *			SD_REMOVAL_PREVENT
18940  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
18941  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
18942  *			to use the USCSI "direct" chain and bypass the normal
18943  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
18944  *			command is issued as part of an error recovery action.
18945  *
18946  * Return Code: 0   - Success
18947  *		errno return code from sd_send_scsi_cmd()
18948  *
18949  *     Context: Can sleep.
18950  */
18951 
18952 static int
18953 sd_send_scsi_DOORLOCK(struct sd_lun *un, int flag, int path_flag)
18954 {
18955 	union scsi_cdb		cdb;
18956 	struct uscsi_cmd	ucmd_buf;
18957 	struct scsi_extended_sense	sense_buf;
18958 	int			status;
18959 
18960 	ASSERT(un != NULL);
18961 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18962 
18963 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_DOORLOCK: entry: un:0x%p\n", un);
18964 
18965 	/* already determined doorlock is not supported, fake success */
18966 	if (un->un_f_doorlock_supported == FALSE) {
18967 		return (0);
18968 	}
18969 
18970 	bzero(&cdb, sizeof (cdb));
18971 	bzero(&ucmd_buf, sizeof (ucmd_buf));
18972 
18973 	cdb.scc_cmd = SCMD_DOORLOCK;
18974 	cdb.cdb_opaque[4] = (uchar_t)flag;
18975 
18976 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
18977 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
18978 	ucmd_buf.uscsi_bufaddr	= NULL;
18979 	ucmd_buf.uscsi_buflen	= 0;
18980 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
18981 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
18982 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
18983 	ucmd_buf.uscsi_timeout	= 15;
18984 
18985 	SD_TRACE(SD_LOG_IO, un,
18986 	    "sd_send_scsi_DOORLOCK: returning sd_send_scsi_cmd()\n");
18987 
18988 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
18989 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
18990 
18991 	if ((status == EIO) && (ucmd_buf.uscsi_status == STATUS_CHECK) &&
18992 	    (ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
18993 	    (sense_buf.es_key == KEY_ILLEGAL_REQUEST)) {
18994 		/* fake success and skip subsequent doorlock commands */
18995 		un->un_f_doorlock_supported = FALSE;
18996 		return (0);
18997 	}
18998 
18999 	return (status);
19000 }
19001 
19002 
19003 /*
19004  *    Function: sd_send_scsi_READ_CAPACITY
19005  *
19006  * Description: This routine uses the scsi READ CAPACITY command to determine
19007  *		the device capacity in number of blocks and the device native
19008  *		block size. If this function returns a failure, then the
19009  *		values in *capp and *lbap are undefined.  If the capacity
19010  *		returned is 0xffffffff then the lun is too large for a
19011  *		normal READ CAPACITY command and the results of a
19012  *		READ CAPACITY 16 will be used instead.
19013  *
19014  *   Arguments: un   - ptr to soft state struct for the target
19015  *		capp - ptr to unsigned 64-bit variable to receive the
19016  *			capacity value from the command.
19017  *		lbap - ptr to unsigned 32-bit varaible to receive the
19018  *			block size value from the command
19019  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
19020  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
19021  *			to use the USCSI "direct" chain and bypass the normal
19022  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
19023  *			command is issued as part of an error recovery action.
19024  *
19025  * Return Code: 0   - Success
19026  *		EIO - IO error
19027  *		EACCES - Reservation conflict detected
19028  *		EAGAIN - Device is becoming ready
19029  *		errno return code from sd_send_scsi_cmd()
19030  *
19031  *     Context: Can sleep.  Blocks until command completes.
19032  */
19033 
19034 #define	SD_CAPACITY_SIZE	sizeof (struct scsi_capacity)
19035 
19036 static int
19037 sd_send_scsi_READ_CAPACITY(struct sd_lun *un, uint64_t *capp, uint32_t *lbap,
19038 	int path_flag)
19039 {
19040 	struct	scsi_extended_sense	sense_buf;
19041 	struct	uscsi_cmd	ucmd_buf;
19042 	union	scsi_cdb	cdb;
19043 	uint32_t		*capacity_buf;
19044 	uint64_t		capacity;
19045 	uint32_t		lbasize;
19046 	int			status;
19047 
19048 	ASSERT(un != NULL);
19049 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19050 	ASSERT(capp != NULL);
19051 	ASSERT(lbap != NULL);
19052 
19053 	SD_TRACE(SD_LOG_IO, un,
19054 	    "sd_send_scsi_READ_CAPACITY: entry: un:0x%p\n", un);
19055 
19056 	/*
19057 	 * First send a READ_CAPACITY command to the target.
19058 	 * (This command is mandatory under SCSI-2.)
19059 	 *
19060 	 * Set up the CDB for the READ_CAPACITY command.  The Partial
19061 	 * Medium Indicator bit is cleared.  The address field must be
19062 	 * zero if the PMI bit is zero.
19063 	 */
19064 	bzero(&cdb, sizeof (cdb));
19065 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19066 
19067 	capacity_buf = kmem_zalloc(SD_CAPACITY_SIZE, KM_SLEEP);
19068 
19069 	cdb.scc_cmd = SCMD_READ_CAPACITY;
19070 
19071 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19072 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19073 	ucmd_buf.uscsi_bufaddr	= (caddr_t)capacity_buf;
19074 	ucmd_buf.uscsi_buflen	= SD_CAPACITY_SIZE;
19075 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19076 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
19077 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19078 	ucmd_buf.uscsi_timeout	= 60;
19079 
19080 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19081 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19082 
19083 	switch (status) {
19084 	case 0:
19085 		/* Return failure if we did not get valid capacity data. */
19086 		if (ucmd_buf.uscsi_resid != 0) {
19087 			kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19088 			return (EIO);
19089 		}
19090 
19091 		/*
19092 		 * Read capacity and block size from the READ CAPACITY 10 data.
19093 		 * This data may be adjusted later due to device specific
19094 		 * issues.
19095 		 *
19096 		 * According to the SCSI spec, the READ CAPACITY 10
19097 		 * command returns the following:
19098 		 *
19099 		 *  bytes 0-3: Maximum logical block address available.
19100 		 *		(MSB in byte:0 & LSB in byte:3)
19101 		 *
19102 		 *  bytes 4-7: Block length in bytes
19103 		 *		(MSB in byte:4 & LSB in byte:7)
19104 		 *
19105 		 */
19106 		capacity = BE_32(capacity_buf[0]);
19107 		lbasize = BE_32(capacity_buf[1]);
19108 
19109 		/*
19110 		 * Done with capacity_buf
19111 		 */
19112 		kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19113 
19114 		/*
19115 		 * if the reported capacity is set to all 0xf's, then
19116 		 * this disk is too large and requires SBC-2 commands.
19117 		 * Reissue the request using READ CAPACITY 16.
19118 		 */
19119 		if (capacity == 0xffffffff) {
19120 			status = sd_send_scsi_READ_CAPACITY_16(un, &capacity,
19121 			    &lbasize, path_flag);
19122 			if (status != 0) {
19123 				return (status);
19124 			}
19125 		}
19126 		break;	/* Success! */
19127 	case EIO:
19128 		switch (ucmd_buf.uscsi_status) {
19129 		case STATUS_RESERVATION_CONFLICT:
19130 			status = EACCES;
19131 			break;
19132 		case STATUS_CHECK:
19133 			/*
19134 			 * Check condition; look for ASC/ASCQ of 0x04/0x01
19135 			 * (LOGICAL UNIT IS IN PROCESS OF BECOMING READY)
19136 			 */
19137 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19138 			    (sense_buf.es_add_code  == 0x04) &&
19139 			    (sense_buf.es_qual_code == 0x01)) {
19140 				kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19141 				return (EAGAIN);
19142 			}
19143 			break;
19144 		default:
19145 			break;
19146 		}
19147 		/* FALLTHRU */
19148 	default:
19149 		kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19150 		return (status);
19151 	}
19152 
19153 	/*
19154 	 * Some ATAPI CD-ROM drives report inaccurate LBA size values
19155 	 * (2352 and 0 are common) so for these devices always force the value
19156 	 * to 2048 as required by the ATAPI specs.
19157 	 */
19158 	if ((un->un_f_cfg_is_atapi == TRUE) && (ISCD(un))) {
19159 		lbasize = 2048;
19160 	}
19161 
19162 	/*
19163 	 * Get the maximum LBA value from the READ CAPACITY data.
19164 	 * Here we assume that the Partial Medium Indicator (PMI) bit
19165 	 * was cleared when issuing the command. This means that the LBA
19166 	 * returned from the device is the LBA of the last logical block
19167 	 * on the logical unit.  The actual logical block count will be
19168 	 * this value plus one.
19169 	 *
19170 	 * Currently the capacity is saved in terms of un->un_sys_blocksize,
19171 	 * so scale the capacity value to reflect this.
19172 	 */
19173 	capacity = (capacity + 1) * (lbasize / un->un_sys_blocksize);
19174 
19175 #if defined(__i386) || defined(__amd64)
19176 	/*
19177 	 * On x86, compensate for off-by-1 error (number of sectors on
19178 	 * media)  (1175930)
19179 	 */
19180 	if (!ISREMOVABLE(un) && (lbasize == un->un_sys_blocksize)) {
19181 		capacity -= 1;
19182 	}
19183 #endif
19184 
19185 	/*
19186 	 * Copy the values from the READ CAPACITY command into the space
19187 	 * provided by the caller.
19188 	 */
19189 	*capp = capacity;
19190 	*lbap = lbasize;
19191 
19192 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_READ_CAPACITY: "
19193 	    "capacity:0x%llx  lbasize:0x%x\n", capacity, lbasize);
19194 
19195 	/*
19196 	 * Both the lbasize and capacity from the device must be nonzero,
19197 	 * otherwise we assume that the values are not valid and return
19198 	 * failure to the caller. (4203735)
19199 	 */
19200 	if ((capacity == 0) || (lbasize == 0)) {
19201 		return (EIO);
19202 	}
19203 
19204 	return (0);
19205 }
19206 
19207 /*
19208  *    Function: sd_send_scsi_READ_CAPACITY_16
19209  *
19210  * Description: This routine uses the scsi READ CAPACITY 16 command to
19211  *		determine the device capacity in number of blocks and the
19212  *		device native block size.  If this function returns a failure,
19213  *		then the values in *capp and *lbap are undefined.
19214  *		This routine should always be called by
19215  *		sd_send_scsi_READ_CAPACITY which will appy any device
19216  *		specific adjustments to capacity and lbasize.
19217  *
19218  *   Arguments: un   - ptr to soft state struct for the target
19219  *		capp - ptr to unsigned 64-bit variable to receive the
19220  *			capacity value from the command.
19221  *		lbap - ptr to unsigned 32-bit varaible to receive the
19222  *			block size value from the command
19223  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
19224  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
19225  *			to use the USCSI "direct" chain and bypass the normal
19226  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when
19227  *			this command is issued as part of an error recovery
19228  *			action.
19229  *
19230  * Return Code: 0   - Success
19231  *		EIO - IO error
19232  *		EACCES - Reservation conflict detected
19233  *		EAGAIN - Device is becoming ready
19234  *		errno return code from sd_send_scsi_cmd()
19235  *
19236  *     Context: Can sleep.  Blocks until command completes.
19237  */
19238 
19239 #define	SD_CAPACITY_16_SIZE	sizeof (struct scsi_capacity_16)
19240 
19241 static int
19242 sd_send_scsi_READ_CAPACITY_16(struct sd_lun *un, uint64_t *capp,
19243 	uint32_t *lbap, int path_flag)
19244 {
19245 	struct	scsi_extended_sense	sense_buf;
19246 	struct	uscsi_cmd	ucmd_buf;
19247 	union	scsi_cdb	cdb;
19248 	uint64_t		*capacity16_buf;
19249 	uint64_t		capacity;
19250 	uint32_t		lbasize;
19251 	int			status;
19252 
19253 	ASSERT(un != NULL);
19254 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19255 	ASSERT(capp != NULL);
19256 	ASSERT(lbap != NULL);
19257 
19258 	SD_TRACE(SD_LOG_IO, un,
19259 	    "sd_send_scsi_READ_CAPACITY: entry: un:0x%p\n", un);
19260 
19261 	/*
19262 	 * First send a READ_CAPACITY_16 command to the target.
19263 	 *
19264 	 * Set up the CDB for the READ_CAPACITY_16 command.  The Partial
19265 	 * Medium Indicator bit is cleared.  The address field must be
19266 	 * zero if the PMI bit is zero.
19267 	 */
19268 	bzero(&cdb, sizeof (cdb));
19269 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19270 
19271 	capacity16_buf = kmem_zalloc(SD_CAPACITY_16_SIZE, KM_SLEEP);
19272 
19273 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19274 	ucmd_buf.uscsi_cdblen	= CDB_GROUP4;
19275 	ucmd_buf.uscsi_bufaddr	= (caddr_t)capacity16_buf;
19276 	ucmd_buf.uscsi_buflen	= SD_CAPACITY_16_SIZE;
19277 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19278 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
19279 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19280 	ucmd_buf.uscsi_timeout	= 60;
19281 
19282 	/*
19283 	 * Read Capacity (16) is a Service Action In command.  One
19284 	 * command byte (0x9E) is overloaded for multiple operations,
19285 	 * with the second CDB byte specifying the desired operation
19286 	 */
19287 	cdb.scc_cmd = SCMD_SVC_ACTION_IN_G4;
19288 	cdb.cdb_opaque[1] = SSVC_ACTION_READ_CAPACITY_G4;
19289 
19290 	/*
19291 	 * Fill in allocation length field
19292 	 */
19293 	FORMG4COUNT(&cdb, ucmd_buf.uscsi_buflen);
19294 
19295 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19296 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19297 
19298 	switch (status) {
19299 	case 0:
19300 		/* Return failure if we did not get valid capacity data. */
19301 		if (ucmd_buf.uscsi_resid > 20) {
19302 			kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19303 			return (EIO);
19304 		}
19305 
19306 		/*
19307 		 * Read capacity and block size from the READ CAPACITY 10 data.
19308 		 * This data may be adjusted later due to device specific
19309 		 * issues.
19310 		 *
19311 		 * According to the SCSI spec, the READ CAPACITY 10
19312 		 * command returns the following:
19313 		 *
19314 		 *  bytes 0-7: Maximum logical block address available.
19315 		 *		(MSB in byte:0 & LSB in byte:7)
19316 		 *
19317 		 *  bytes 8-11: Block length in bytes
19318 		 *		(MSB in byte:8 & LSB in byte:11)
19319 		 *
19320 		 */
19321 		capacity = BE_64(capacity16_buf[0]);
19322 		lbasize = BE_32(*(uint32_t *)&capacity16_buf[1]);
19323 
19324 		/*
19325 		 * Done with capacity16_buf
19326 		 */
19327 		kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19328 
19329 		/*
19330 		 * if the reported capacity is set to all 0xf's, then
19331 		 * this disk is too large.  This could only happen with
19332 		 * a device that supports LBAs larger than 64 bits which
19333 		 * are not defined by any current T10 standards.
19334 		 */
19335 		if (capacity == 0xffffffffffffffff) {
19336 			return (EIO);
19337 		}
19338 		break;	/* Success! */
19339 	case EIO:
19340 		switch (ucmd_buf.uscsi_status) {
19341 		case STATUS_RESERVATION_CONFLICT:
19342 			status = EACCES;
19343 			break;
19344 		case STATUS_CHECK:
19345 			/*
19346 			 * Check condition; look for ASC/ASCQ of 0x04/0x01
19347 			 * (LOGICAL UNIT IS IN PROCESS OF BECOMING READY)
19348 			 */
19349 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19350 			    (sense_buf.es_add_code  == 0x04) &&
19351 			    (sense_buf.es_qual_code == 0x01)) {
19352 				kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19353 				return (EAGAIN);
19354 			}
19355 			break;
19356 		default:
19357 			break;
19358 		}
19359 		/* FALLTHRU */
19360 	default:
19361 		kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19362 		return (status);
19363 	}
19364 
19365 	*capp = capacity;
19366 	*lbap = lbasize;
19367 
19368 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_READ_CAPACITY_16: "
19369 	    "capacity:0x%llx  lbasize:0x%x\n", capacity, lbasize);
19370 
19371 	return (0);
19372 }
19373 
19374 
19375 /*
19376  *    Function: sd_send_scsi_START_STOP_UNIT
19377  *
19378  * Description: Issue a scsi START STOP UNIT command to the target.
19379  *
19380  *   Arguments: un    - pointer to driver soft state (unit) structure for
19381  *			this target.
19382  *		flag  - SD_TARGET_START
19383  *			SD_TARGET_STOP
19384  *			SD_TARGET_EJECT
19385  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
19386  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
19387  *			to use the USCSI "direct" chain and bypass the normal
19388  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
19389  *			command is issued as part of an error recovery action.
19390  *
19391  * Return Code: 0   - Success
19392  *		EIO - IO error
19393  *		EACCES - Reservation conflict detected
19394  *		ENXIO  - Not Ready, medium not present
19395  *		errno return code from sd_send_scsi_cmd()
19396  *
19397  *     Context: Can sleep.
19398  */
19399 
19400 static int
19401 sd_send_scsi_START_STOP_UNIT(struct sd_lun *un, int flag, int path_flag)
19402 {
19403 	struct	scsi_extended_sense	sense_buf;
19404 	union scsi_cdb		cdb;
19405 	struct uscsi_cmd	ucmd_buf;
19406 	int			status;
19407 
19408 	ASSERT(un != NULL);
19409 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19410 
19411 	SD_TRACE(SD_LOG_IO, un,
19412 	    "sd_send_scsi_START_STOP_UNIT: entry: un:0x%p\n", un);
19413 
19414 	if (ISREMOVABLE(un) &&
19415 	    ((flag == SD_TARGET_START) || (flag == SD_TARGET_STOP)) &&
19416 	    (un->un_f_start_stop_supported != TRUE)) {
19417 		return (0);
19418 	}
19419 
19420 	bzero(&cdb, sizeof (cdb));
19421 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19422 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19423 
19424 	cdb.scc_cmd = SCMD_START_STOP;
19425 	cdb.cdb_opaque[4] = (uchar_t)flag;
19426 
19427 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19428 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19429 	ucmd_buf.uscsi_bufaddr	= NULL;
19430 	ucmd_buf.uscsi_buflen	= 0;
19431 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19432 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19433 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
19434 	ucmd_buf.uscsi_timeout	= 200;
19435 
19436 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19437 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19438 
19439 	switch (status) {
19440 	case 0:
19441 		break;	/* Success! */
19442 	case EIO:
19443 		switch (ucmd_buf.uscsi_status) {
19444 		case STATUS_RESERVATION_CONFLICT:
19445 			status = EACCES;
19446 			break;
19447 		case STATUS_CHECK:
19448 			if (ucmd_buf.uscsi_rqstatus == STATUS_GOOD) {
19449 				switch (sense_buf.es_key) {
19450 				case KEY_ILLEGAL_REQUEST:
19451 					status = ENOTSUP;
19452 					break;
19453 				case KEY_NOT_READY:
19454 					if (sense_buf.es_add_code == 0x3A) {
19455 						status = ENXIO;
19456 					}
19457 					break;
19458 				default:
19459 					break;
19460 				}
19461 			}
19462 			break;
19463 		default:
19464 			break;
19465 		}
19466 		break;
19467 	default:
19468 		break;
19469 	}
19470 
19471 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_START_STOP_UNIT: exit\n");
19472 
19473 	return (status);
19474 }
19475 
19476 
19477 /*
19478  *    Function: sd_start_stop_unit_callback
19479  *
19480  * Description: timeout(9F) callback to begin recovery process for a
19481  *		device that has spun down.
19482  *
19483  *   Arguments: arg - pointer to associated softstate struct.
19484  *
19485  *     Context: Executes in a timeout(9F) thread context
19486  */
19487 
19488 static void
19489 sd_start_stop_unit_callback(void *arg)
19490 {
19491 	struct sd_lun	*un = arg;
19492 	ASSERT(un != NULL);
19493 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19494 
19495 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_callback: entry\n");
19496 
19497 	(void) taskq_dispatch(sd_tq, sd_start_stop_unit_task, un, KM_NOSLEEP);
19498 }
19499 
19500 
19501 /*
19502  *    Function: sd_start_stop_unit_task
19503  *
19504  * Description: Recovery procedure when a drive is spun down.
19505  *
19506  *   Arguments: arg - pointer to associated softstate struct.
19507  *
19508  *     Context: Executes in a taskq() thread context
19509  */
19510 
19511 static void
19512 sd_start_stop_unit_task(void *arg)
19513 {
19514 	struct sd_lun	*un = arg;
19515 
19516 	ASSERT(un != NULL);
19517 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19518 
19519 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_task: entry\n");
19520 
19521 	/*
19522 	 * Some unformatted drives report not ready error, no need to
19523 	 * restart if format has been initiated.
19524 	 */
19525 	mutex_enter(SD_MUTEX(un));
19526 	if (un->un_f_format_in_progress == TRUE) {
19527 		mutex_exit(SD_MUTEX(un));
19528 		return;
19529 	}
19530 	mutex_exit(SD_MUTEX(un));
19531 
19532 	/*
19533 	 * When a START STOP command is issued from here, it is part of a
19534 	 * failure recovery operation and must be issued before any other
19535 	 * commands, including any pending retries. Thus it must be sent
19536 	 * using SD_PATH_DIRECT_PRIORITY. It doesn't matter if the spin up
19537 	 * succeeds or not, we will start I/O after the attempt.
19538 	 */
19539 	(void) sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
19540 	    SD_PATH_DIRECT_PRIORITY);
19541 
19542 	/*
19543 	 * The above call blocks until the START_STOP_UNIT command completes.
19544 	 * Now that it has completed, we must re-try the original IO that
19545 	 * received the NOT READY condition in the first place. There are
19546 	 * three possible conditions here:
19547 	 *
19548 	 *  (1) The original IO is on un_retry_bp.
19549 	 *  (2) The original IO is on the regular wait queue, and un_retry_bp
19550 	 *	is NULL.
19551 	 *  (3) The original IO is on the regular wait queue, and un_retry_bp
19552 	 *	points to some other, unrelated bp.
19553 	 *
19554 	 * For each case, we must call sd_start_cmds() with un_retry_bp
19555 	 * as the argument. If un_retry_bp is NULL, this will initiate
19556 	 * processing of the regular wait queue.  If un_retry_bp is not NULL,
19557 	 * then this will process the bp on un_retry_bp. That may or may not
19558 	 * be the original IO, but that does not matter: the important thing
19559 	 * is to keep the IO processing going at this point.
19560 	 *
19561 	 * Note: This is a very specific error recovery sequence associated
19562 	 * with a drive that is not spun up. We attempt a START_STOP_UNIT and
19563 	 * serialize the I/O with completion of the spin-up.
19564 	 */
19565 	mutex_enter(SD_MUTEX(un));
19566 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
19567 	    "sd_start_stop_unit_task: un:0x%p starting bp:0x%p\n",
19568 	    un, un->un_retry_bp);
19569 	un->un_startstop_timeid = NULL;	/* Timeout is no longer pending */
19570 	sd_start_cmds(un, un->un_retry_bp);
19571 	mutex_exit(SD_MUTEX(un));
19572 
19573 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_task: exit\n");
19574 }
19575 
19576 
19577 /*
19578  *    Function: sd_send_scsi_INQUIRY
19579  *
19580  * Description: Issue the scsi INQUIRY command.
19581  *
19582  *   Arguments: un
19583  *		bufaddr
19584  *		buflen
19585  *		evpd
19586  *		page_code
19587  *		page_length
19588  *
19589  * Return Code: 0   - Success
19590  *		errno return code from sd_send_scsi_cmd()
19591  *
19592  *     Context: Can sleep. Does not return until command is completed.
19593  */
19594 
19595 static int
19596 sd_send_scsi_INQUIRY(struct sd_lun *un, uchar_t *bufaddr, size_t buflen,
19597 	uchar_t evpd, uchar_t page_code, size_t *residp)
19598 {
19599 	union scsi_cdb		cdb;
19600 	struct uscsi_cmd	ucmd_buf;
19601 	int			status;
19602 
19603 	ASSERT(un != NULL);
19604 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19605 	ASSERT(bufaddr != NULL);
19606 
19607 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_INQUIRY: entry: un:0x%p\n", un);
19608 
19609 	bzero(&cdb, sizeof (cdb));
19610 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19611 	bzero(bufaddr, buflen);
19612 
19613 	cdb.scc_cmd = SCMD_INQUIRY;
19614 	cdb.cdb_opaque[1] = evpd;
19615 	cdb.cdb_opaque[2] = page_code;
19616 	FORMG0COUNT(&cdb, buflen);
19617 
19618 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19619 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19620 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
19621 	ucmd_buf.uscsi_buflen	= buflen;
19622 	ucmd_buf.uscsi_rqbuf	= NULL;
19623 	ucmd_buf.uscsi_rqlen	= 0;
19624 	ucmd_buf.uscsi_flags	= USCSI_READ | USCSI_SILENT;
19625 	ucmd_buf.uscsi_timeout	= 200;	/* Excessive legacy value */
19626 
19627 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19628 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_DIRECT);
19629 
19630 	if ((status == 0) && (residp != NULL)) {
19631 		*residp = ucmd_buf.uscsi_resid;
19632 	}
19633 
19634 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_INQUIRY: exit\n");
19635 
19636 	return (status);
19637 }
19638 
19639 
19640 /*
19641  *    Function: sd_send_scsi_TEST_UNIT_READY
19642  *
19643  * Description: Issue the scsi TEST UNIT READY command.
19644  *		This routine can be told to set the flag USCSI_DIAGNOSE to
19645  *		prevent retrying failed commands. Use this when the intent
19646  *		is either to check for device readiness, to clear a Unit
19647  *		Attention, or to clear any outstanding sense data.
19648  *		However under specific conditions the expected behavior
19649  *		is for retries to bring a device ready, so use the flag
19650  *		with caution.
19651  *
19652  *   Arguments: un
19653  *		flag:   SD_CHECK_FOR_MEDIA: return ENXIO if no media present
19654  *			SD_DONT_RETRY_TUR: include uscsi flag USCSI_DIAGNOSE.
19655  *			0: dont check for media present, do retries on cmd.
19656  *
19657  * Return Code: 0   - Success
19658  *		EIO - IO error
19659  *		EACCES - Reservation conflict detected
19660  *		ENXIO  - Not Ready, medium not present
19661  *		errno return code from sd_send_scsi_cmd()
19662  *
19663  *     Context: Can sleep. Does not return until command is completed.
19664  */
19665 
19666 static int
19667 sd_send_scsi_TEST_UNIT_READY(struct sd_lun *un, int flag)
19668 {
19669 	struct	scsi_extended_sense	sense_buf;
19670 	union scsi_cdb		cdb;
19671 	struct uscsi_cmd	ucmd_buf;
19672 	int			status;
19673 
19674 	ASSERT(un != NULL);
19675 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19676 
19677 	SD_TRACE(SD_LOG_IO, un,
19678 	    "sd_send_scsi_TEST_UNIT_READY: entry: un:0x%p\n", un);
19679 
19680 	/*
19681 	 * Some Seagate elite1 TQ devices get hung with disconnect/reconnect
19682 	 * timeouts when they receive a TUR and the queue is not empty. Check
19683 	 * the configuration flag set during attach (indicating the drive has
19684 	 * this firmware bug) and un_ncmds_in_transport before issuing the
19685 	 * TUR. If there are
19686 	 * pending commands return success, this is a bit arbitrary but is ok
19687 	 * for non-removables (i.e. the eliteI disks) and non-clustering
19688 	 * configurations.
19689 	 */
19690 	if (un->un_f_cfg_tur_check == TRUE) {
19691 		mutex_enter(SD_MUTEX(un));
19692 		if (un->un_ncmds_in_transport != 0) {
19693 			mutex_exit(SD_MUTEX(un));
19694 			return (0);
19695 		}
19696 		mutex_exit(SD_MUTEX(un));
19697 	}
19698 
19699 	bzero(&cdb, sizeof (cdb));
19700 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19701 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19702 
19703 	cdb.scc_cmd = SCMD_TEST_UNIT_READY;
19704 
19705 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19706 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19707 	ucmd_buf.uscsi_bufaddr	= NULL;
19708 	ucmd_buf.uscsi_buflen	= 0;
19709 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19710 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19711 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
19712 
19713 	/* Use flag USCSI_DIAGNOSE to prevent retries if it fails. */
19714 	if ((flag & SD_DONT_RETRY_TUR) != 0) {
19715 		ucmd_buf.uscsi_flags |= USCSI_DIAGNOSE;
19716 	}
19717 	ucmd_buf.uscsi_timeout	= 60;
19718 
19719 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19720 	    UIO_SYSSPACE, UIO_SYSSPACE,
19721 	    ((flag & SD_BYPASS_PM) ? SD_PATH_DIRECT : SD_PATH_STANDARD));
19722 
19723 	switch (status) {
19724 	case 0:
19725 		break;	/* Success! */
19726 	case EIO:
19727 		switch (ucmd_buf.uscsi_status) {
19728 		case STATUS_RESERVATION_CONFLICT:
19729 			status = EACCES;
19730 			break;
19731 		case STATUS_CHECK:
19732 			if ((flag & SD_CHECK_FOR_MEDIA) == 0) {
19733 				break;
19734 			}
19735 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19736 			    (sense_buf.es_key == KEY_NOT_READY) &&
19737 			    (sense_buf.es_add_code == 0x3A)) {
19738 				status = ENXIO;
19739 			}
19740 			break;
19741 		default:
19742 			break;
19743 		}
19744 		break;
19745 	default:
19746 		break;
19747 	}
19748 
19749 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_TEST_UNIT_READY: exit\n");
19750 
19751 	return (status);
19752 }
19753 
19754 
19755 /*
19756  *    Function: sd_send_scsi_PERSISTENT_RESERVE_IN
19757  *
19758  * Description: Issue the scsi PERSISTENT RESERVE IN command.
19759  *
19760  *   Arguments: un
19761  *
19762  * Return Code: 0   - Success
19763  *		EACCES
19764  *		ENOTSUP
19765  *		errno return code from sd_send_scsi_cmd()
19766  *
19767  *     Context: Can sleep. Does not return until command is completed.
19768  */
19769 
19770 static int
19771 sd_send_scsi_PERSISTENT_RESERVE_IN(struct sd_lun *un, uchar_t  usr_cmd,
19772 	uint16_t data_len, uchar_t *data_bufp)
19773 {
19774 	struct scsi_extended_sense	sense_buf;
19775 	union scsi_cdb		cdb;
19776 	struct uscsi_cmd	ucmd_buf;
19777 	int			status;
19778 	int			no_caller_buf = FALSE;
19779 
19780 	ASSERT(un != NULL);
19781 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19782 	ASSERT((usr_cmd == SD_READ_KEYS) || (usr_cmd == SD_READ_RESV));
19783 
19784 	SD_TRACE(SD_LOG_IO, un,
19785 	    "sd_send_scsi_PERSISTENT_RESERVE_IN: entry: un:0x%p\n", un);
19786 
19787 	bzero(&cdb, sizeof (cdb));
19788 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19789 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19790 	if (data_bufp == NULL) {
19791 		/* Allocate a default buf if the caller did not give one */
19792 		ASSERT(data_len == 0);
19793 		data_len  = MHIOC_RESV_KEY_SIZE;
19794 		data_bufp = kmem_zalloc(MHIOC_RESV_KEY_SIZE, KM_SLEEP);
19795 		no_caller_buf = TRUE;
19796 	}
19797 
19798 	cdb.scc_cmd = SCMD_PERSISTENT_RESERVE_IN;
19799 	cdb.cdb_opaque[1] = usr_cmd;
19800 	FORMG1COUNT(&cdb, data_len);
19801 
19802 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19803 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19804 	ucmd_buf.uscsi_bufaddr	= (caddr_t)data_bufp;
19805 	ucmd_buf.uscsi_buflen	= data_len;
19806 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19807 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19808 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19809 	ucmd_buf.uscsi_timeout	= 60;
19810 
19811 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19812 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
19813 
19814 	switch (status) {
19815 	case 0:
19816 		break;	/* Success! */
19817 	case EIO:
19818 		switch (ucmd_buf.uscsi_status) {
19819 		case STATUS_RESERVATION_CONFLICT:
19820 			status = EACCES;
19821 			break;
19822 		case STATUS_CHECK:
19823 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19824 			    (sense_buf.es_key == KEY_ILLEGAL_REQUEST)) {
19825 				status = ENOTSUP;
19826 			}
19827 			break;
19828 		default:
19829 			break;
19830 		}
19831 		break;
19832 	default:
19833 		break;
19834 	}
19835 
19836 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_PERSISTENT_RESERVE_IN: exit\n");
19837 
19838 	if (no_caller_buf == TRUE) {
19839 		kmem_free(data_bufp, data_len);
19840 	}
19841 
19842 	return (status);
19843 }
19844 
19845 
19846 /*
19847  *    Function: sd_send_scsi_PERSISTENT_RESERVE_OUT
19848  *
19849  * Description: This routine is the driver entry point for handling CD-ROM
19850  *		multi-host persistent reservation requests (MHIOCGRP_INKEYS,
19851  *		MHIOCGRP_INRESV) by sending the SCSI-3 PROUT commands to the
19852  *		device.
19853  *
19854  *   Arguments: un  -   Pointer to soft state struct for the target.
19855  *		usr_cmd SCSI-3 reservation facility command (one of
19856  *			SD_SCSI3_REGISTER, SD_SCSI3_RESERVE, SD_SCSI3_RELEASE,
19857  *			SD_SCSI3_PREEMPTANDABORT)
19858  *		usr_bufp - user provided pointer register, reserve descriptor or
19859  *			preempt and abort structure (mhioc_register_t,
19860  *                      mhioc_resv_desc_t, mhioc_preemptandabort_t)
19861  *
19862  * Return Code: 0   - Success
19863  *		EACCES
19864  *		ENOTSUP
19865  *		errno return code from sd_send_scsi_cmd()
19866  *
19867  *     Context: Can sleep. Does not return until command is completed.
19868  */
19869 
19870 static int
19871 sd_send_scsi_PERSISTENT_RESERVE_OUT(struct sd_lun *un, uchar_t usr_cmd,
19872 	uchar_t	*usr_bufp)
19873 {
19874 	struct scsi_extended_sense	sense_buf;
19875 	union scsi_cdb		cdb;
19876 	struct uscsi_cmd	ucmd_buf;
19877 	int			status;
19878 	uchar_t			data_len = sizeof (sd_prout_t);
19879 	sd_prout_t		*prp;
19880 
19881 	ASSERT(un != NULL);
19882 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19883 	ASSERT(data_len == 24);	/* required by scsi spec */
19884 
19885 	SD_TRACE(SD_LOG_IO, un,
19886 	    "sd_send_scsi_PERSISTENT_RESERVE_OUT: entry: un:0x%p\n", un);
19887 
19888 	if (usr_bufp == NULL) {
19889 		return (EINVAL);
19890 	}
19891 
19892 	bzero(&cdb, sizeof (cdb));
19893 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19894 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19895 	prp = kmem_zalloc(data_len, KM_SLEEP);
19896 
19897 	cdb.scc_cmd = SCMD_PERSISTENT_RESERVE_OUT;
19898 	cdb.cdb_opaque[1] = usr_cmd;
19899 	FORMG1COUNT(&cdb, data_len);
19900 
19901 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19902 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19903 	ucmd_buf.uscsi_bufaddr	= (caddr_t)prp;
19904 	ucmd_buf.uscsi_buflen	= data_len;
19905 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19906 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19907 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_WRITE | USCSI_SILENT;
19908 	ucmd_buf.uscsi_timeout	= 60;
19909 
19910 	switch (usr_cmd) {
19911 	case SD_SCSI3_REGISTER: {
19912 		mhioc_register_t *ptr = (mhioc_register_t *)usr_bufp;
19913 
19914 		bcopy(ptr->oldkey.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19915 		bcopy(ptr->newkey.key, prp->service_key,
19916 		    MHIOC_RESV_KEY_SIZE);
19917 		prp->aptpl = ptr->aptpl;
19918 		break;
19919 	}
19920 	case SD_SCSI3_RESERVE:
19921 	case SD_SCSI3_RELEASE: {
19922 		mhioc_resv_desc_t *ptr = (mhioc_resv_desc_t *)usr_bufp;
19923 
19924 		bcopy(ptr->key.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19925 		prp->scope_address = BE_32(ptr->scope_specific_addr);
19926 		cdb.cdb_opaque[2] = ptr->type;
19927 		break;
19928 	}
19929 	case SD_SCSI3_PREEMPTANDABORT: {
19930 		mhioc_preemptandabort_t *ptr =
19931 		    (mhioc_preemptandabort_t *)usr_bufp;
19932 
19933 		bcopy(ptr->resvdesc.key.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19934 		bcopy(ptr->victim_key.key, prp->service_key,
19935 		    MHIOC_RESV_KEY_SIZE);
19936 		prp->scope_address = BE_32(ptr->resvdesc.scope_specific_addr);
19937 		cdb.cdb_opaque[2] = ptr->resvdesc.type;
19938 		ucmd_buf.uscsi_flags |= USCSI_HEAD;
19939 		break;
19940 	}
19941 	case SD_SCSI3_REGISTERANDIGNOREKEY:
19942 	{
19943 		mhioc_registerandignorekey_t *ptr;
19944 		ptr = (mhioc_registerandignorekey_t *)usr_bufp;
19945 		bcopy(ptr->newkey.key,
19946 		    prp->service_key, MHIOC_RESV_KEY_SIZE);
19947 		prp->aptpl = ptr->aptpl;
19948 		break;
19949 	}
19950 	default:
19951 		ASSERT(FALSE);
19952 		break;
19953 	}
19954 
19955 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19956 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
19957 
19958 	switch (status) {
19959 	case 0:
19960 		break;	/* Success! */
19961 	case EIO:
19962 		switch (ucmd_buf.uscsi_status) {
19963 		case STATUS_RESERVATION_CONFLICT:
19964 			status = EACCES;
19965 			break;
19966 		case STATUS_CHECK:
19967 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19968 			    (sense_buf.es_key == KEY_ILLEGAL_REQUEST)) {
19969 				status = ENOTSUP;
19970 			}
19971 			break;
19972 		default:
19973 			break;
19974 		}
19975 		break;
19976 	default:
19977 		break;
19978 	}
19979 
19980 	kmem_free(prp, data_len);
19981 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_PERSISTENT_RESERVE_OUT: exit\n");
19982 	return (status);
19983 }
19984 
19985 
19986 /*
19987  *    Function: sd_send_scsi_SYNCHRONIZE_CACHE
19988  *
19989  * Description: Issues a scsi SYNCHRONIZE CACHE command to the target
19990  *
19991  *   Arguments: un - pointer to the target's soft state struct
19992  *
19993  * Return Code: 0 - success
19994  *		errno-type error code
19995  *
19996  *     Context: kernel thread context only.
19997  */
19998 
19999 static int
20000 sd_send_scsi_SYNCHRONIZE_CACHE(struct sd_lun *un, struct dk_callback *dkc)
20001 {
20002 	struct sd_uscsi_info	*uip;
20003 	struct uscsi_cmd	*uscmd;
20004 	union scsi_cdb		*cdb;
20005 	struct buf		*bp;
20006 	int			rval = 0;
20007 
20008 	SD_TRACE(SD_LOG_IO, un,
20009 	    "sd_send_scsi_SYNCHRONIZE_CACHE: entry: un:0x%p\n", un);
20010 
20011 	ASSERT(un != NULL);
20012 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20013 
20014 	cdb = kmem_zalloc(CDB_GROUP1, KM_SLEEP);
20015 	cdb->scc_cmd = SCMD_SYNCHRONIZE_CACHE;
20016 
20017 	/*
20018 	 * First get some memory for the uscsi_cmd struct and cdb
20019 	 * and initialize for SYNCHRONIZE_CACHE cmd.
20020 	 */
20021 	uscmd = kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
20022 	uscmd->uscsi_cdblen = CDB_GROUP1;
20023 	uscmd->uscsi_cdb = (caddr_t)cdb;
20024 	uscmd->uscsi_bufaddr = NULL;
20025 	uscmd->uscsi_buflen = 0;
20026 	uscmd->uscsi_rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
20027 	uscmd->uscsi_rqlen = SENSE_LENGTH;
20028 	uscmd->uscsi_rqresid = SENSE_LENGTH;
20029 	uscmd->uscsi_flags = USCSI_RQENABLE | USCSI_SILENT;
20030 	uscmd->uscsi_timeout = sd_io_time;
20031 
20032 	/*
20033 	 * Allocate an sd_uscsi_info struct and fill it with the info
20034 	 * needed by sd_initpkt_for_uscsi().  Then put the pointer into
20035 	 * b_private in the buf for sd_initpkt_for_uscsi().  Note that
20036 	 * since we allocate the buf here in this function, we do not
20037 	 * need to preserve the prior contents of b_private.
20038 	 * The sd_uscsi_info struct is also used by sd_uscsi_strategy()
20039 	 */
20040 	uip = kmem_zalloc(sizeof (struct sd_uscsi_info), KM_SLEEP);
20041 	uip->ui_flags = SD_PATH_DIRECT;
20042 	uip->ui_cmdp  = uscmd;
20043 
20044 	bp = getrbuf(KM_SLEEP);
20045 	bp->b_private = uip;
20046 
20047 	/*
20048 	 * Setup buffer to carry uscsi request.
20049 	 */
20050 	bp->b_flags  = B_BUSY;
20051 	bp->b_bcount = 0;
20052 	bp->b_blkno  = 0;
20053 
20054 	if (dkc != NULL) {
20055 		bp->b_iodone = sd_send_scsi_SYNCHRONIZE_CACHE_biodone;
20056 		uip->ui_dkc = *dkc;
20057 	}
20058 
20059 	bp->b_edev = SD_GET_DEV(un);
20060 	bp->b_dev = cmpdev(bp->b_edev);	/* maybe unnecessary? */
20061 
20062 	(void) sd_uscsi_strategy(bp);
20063 
20064 	/*
20065 	 * If synchronous request, wait for completion
20066 	 * If async just return and let b_iodone callback
20067 	 * cleanup.
20068 	 * NOTE: On return, u_ncmds_in_driver will be decremented,
20069 	 * but it was also incremented in sd_uscsi_strategy(), so
20070 	 * we should be ok.
20071 	 */
20072 	if (dkc == NULL) {
20073 		(void) biowait(bp);
20074 		rval = sd_send_scsi_SYNCHRONIZE_CACHE_biodone(bp);
20075 	}
20076 
20077 	return (rval);
20078 }
20079 
20080 
20081 static int
20082 sd_send_scsi_SYNCHRONIZE_CACHE_biodone(struct buf *bp)
20083 {
20084 	struct sd_uscsi_info *uip;
20085 	struct uscsi_cmd *uscmd;
20086 	struct scsi_extended_sense *sense_buf;
20087 	struct sd_lun *un;
20088 	int status;
20089 
20090 	uip = (struct sd_uscsi_info *)(bp->b_private);
20091 	ASSERT(uip != NULL);
20092 
20093 	uscmd = uip->ui_cmdp;
20094 	ASSERT(uscmd != NULL);
20095 
20096 	sense_buf = (struct scsi_extended_sense *)uscmd->uscsi_rqbuf;
20097 	ASSERT(sense_buf != NULL);
20098 
20099 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
20100 	ASSERT(un != NULL);
20101 
20102 	status = geterror(bp);
20103 	switch (status) {
20104 	case 0:
20105 		break;	/* Success! */
20106 	case EIO:
20107 		switch (uscmd->uscsi_status) {
20108 		case STATUS_RESERVATION_CONFLICT:
20109 			/* Ignore reservation conflict */
20110 			status = 0;
20111 			goto done;
20112 
20113 		case STATUS_CHECK:
20114 			if ((uscmd->uscsi_rqstatus == STATUS_GOOD) &&
20115 			    (sense_buf->es_key == KEY_ILLEGAL_REQUEST)) {
20116 				/* Ignore Illegal Request error */
20117 				mutex_enter(SD_MUTEX(un));
20118 				un->un_f_sync_cache_unsupported = TRUE;
20119 				mutex_exit(SD_MUTEX(un));
20120 				status = ENOTSUP;
20121 				goto done;
20122 			}
20123 			break;
20124 		default:
20125 			break;
20126 		}
20127 		/* FALLTHRU */
20128 	default:
20129 		/* Ignore error if the media is not present */
20130 		if (sd_send_scsi_TEST_UNIT_READY(un, 0) != 0) {
20131 			status = 0;
20132 			goto done;
20133 		}
20134 		/* If we reach this, we had an error */
20135 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
20136 		    "SYNCHRONIZE CACHE command failed (%d)\n", status);
20137 		break;
20138 	}
20139 
20140 done:
20141 	if (uip->ui_dkc.dkc_callback != NULL) {
20142 		(*uip->ui_dkc.dkc_callback)(uip->ui_dkc.dkc_cookie, status);
20143 	}
20144 
20145 	ASSERT((bp->b_flags & B_REMAPPED) == 0);
20146 	freerbuf(bp);
20147 	kmem_free(uip, sizeof (struct sd_uscsi_info));
20148 	kmem_free(uscmd->uscsi_rqbuf, SENSE_LENGTH);
20149 	kmem_free(uscmd->uscsi_cdb, (size_t)uscmd->uscsi_cdblen);
20150 	kmem_free(uscmd, sizeof (struct uscsi_cmd));
20151 
20152 	return (status);
20153 }
20154 
20155 
20156 /*
20157  *    Function: sd_send_scsi_GET_CONFIGURATION
20158  *
20159  * Description: Issues the get configuration command to the device.
20160  *		Called from sd_check_for_writable_cd & sd_get_media_info
20161  *		caller needs to ensure that buflen = SD_PROFILE_HEADER_LEN
20162  *   Arguments: un
20163  *		ucmdbuf
20164  *		rqbuf
20165  *		rqbuflen
20166  *		bufaddr
20167  *		buflen
20168  *
20169  * Return Code: 0   - Success
20170  *		errno return code from sd_send_scsi_cmd()
20171  *
20172  *     Context: Can sleep. Does not return until command is completed.
20173  *
20174  */
20175 
20176 static int
20177 sd_send_scsi_GET_CONFIGURATION(struct sd_lun *un, struct uscsi_cmd *ucmdbuf,
20178 	uchar_t *rqbuf, uint_t rqbuflen, uchar_t *bufaddr, uint_t buflen)
20179 {
20180 	char	cdb[CDB_GROUP1];
20181 	int	status;
20182 
20183 	ASSERT(un != NULL);
20184 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20185 	ASSERT(bufaddr != NULL);
20186 	ASSERT(ucmdbuf != NULL);
20187 	ASSERT(rqbuf != NULL);
20188 
20189 	SD_TRACE(SD_LOG_IO, un,
20190 	    "sd_send_scsi_GET_CONFIGURATION: entry: un:0x%p\n", un);
20191 
20192 	bzero(cdb, sizeof (cdb));
20193 	bzero(ucmdbuf, sizeof (struct uscsi_cmd));
20194 	bzero(rqbuf, rqbuflen);
20195 	bzero(bufaddr, buflen);
20196 
20197 	/*
20198 	 * Set up cdb field for the get configuration command.
20199 	 */
20200 	cdb[0] = SCMD_GET_CONFIGURATION;
20201 	cdb[1] = 0x02;  /* Requested Type */
20202 	cdb[8] = SD_PROFILE_HEADER_LEN;
20203 	ucmdbuf->uscsi_cdb = cdb;
20204 	ucmdbuf->uscsi_cdblen = CDB_GROUP1;
20205 	ucmdbuf->uscsi_bufaddr = (caddr_t)bufaddr;
20206 	ucmdbuf->uscsi_buflen = buflen;
20207 	ucmdbuf->uscsi_timeout = sd_io_time;
20208 	ucmdbuf->uscsi_rqbuf = (caddr_t)rqbuf;
20209 	ucmdbuf->uscsi_rqlen = rqbuflen;
20210 	ucmdbuf->uscsi_flags = USCSI_RQENABLE|USCSI_SILENT|USCSI_READ;
20211 
20212 	status = sd_send_scsi_cmd(SD_GET_DEV(un), ucmdbuf, UIO_SYSSPACE,
20213 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
20214 
20215 	switch (status) {
20216 	case 0:
20217 		break;  /* Success! */
20218 	case EIO:
20219 		switch (ucmdbuf->uscsi_status) {
20220 		case STATUS_RESERVATION_CONFLICT:
20221 			status = EACCES;
20222 			break;
20223 		default:
20224 			break;
20225 		}
20226 		break;
20227 	default:
20228 		break;
20229 	}
20230 
20231 	if (status == 0) {
20232 		SD_DUMP_MEMORY(un, SD_LOG_IO,
20233 		    "sd_send_scsi_GET_CONFIGURATION: data",
20234 		    (uchar_t *)bufaddr, SD_PROFILE_HEADER_LEN, SD_LOG_HEX);
20235 	}
20236 
20237 	SD_TRACE(SD_LOG_IO, un,
20238 	    "sd_send_scsi_GET_CONFIGURATION: exit\n");
20239 
20240 	return (status);
20241 }
20242 
20243 /*
20244  *    Function: sd_send_scsi_feature_GET_CONFIGURATION
20245  *
20246  * Description: Issues the get configuration command to the device to
20247  *              retrieve a specfic feature. Called from
20248  *		sd_check_for_writable_cd & sd_set_mmc_caps.
20249  *   Arguments: un
20250  *              ucmdbuf
20251  *              rqbuf
20252  *              rqbuflen
20253  *              bufaddr
20254  *              buflen
20255  *		feature
20256  *
20257  * Return Code: 0   - Success
20258  *              errno return code from sd_send_scsi_cmd()
20259  *
20260  *     Context: Can sleep. Does not return until command is completed.
20261  *
20262  */
20263 static int
20264 sd_send_scsi_feature_GET_CONFIGURATION(struct sd_lun *un,
20265 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
20266 	uchar_t *bufaddr, uint_t buflen, char feature)
20267 {
20268 	char    cdb[CDB_GROUP1];
20269 	int	status;
20270 
20271 	ASSERT(un != NULL);
20272 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20273 	ASSERT(bufaddr != NULL);
20274 	ASSERT(ucmdbuf != NULL);
20275 	ASSERT(rqbuf != NULL);
20276 
20277 	SD_TRACE(SD_LOG_IO, un,
20278 	    "sd_send_scsi_feature_GET_CONFIGURATION: entry: un:0x%p\n", un);
20279 
20280 	bzero(cdb, sizeof (cdb));
20281 	bzero(ucmdbuf, sizeof (struct uscsi_cmd));
20282 	bzero(rqbuf, rqbuflen);
20283 	bzero(bufaddr, buflen);
20284 
20285 	/*
20286 	 * Set up cdb field for the get configuration command.
20287 	 */
20288 	cdb[0] = SCMD_GET_CONFIGURATION;
20289 	cdb[1] = 0x02;  /* Requested Type */
20290 	cdb[3] = feature;
20291 	cdb[8] = buflen;
20292 	ucmdbuf->uscsi_cdb = cdb;
20293 	ucmdbuf->uscsi_cdblen = CDB_GROUP1;
20294 	ucmdbuf->uscsi_bufaddr = (caddr_t)bufaddr;
20295 	ucmdbuf->uscsi_buflen = buflen;
20296 	ucmdbuf->uscsi_timeout = sd_io_time;
20297 	ucmdbuf->uscsi_rqbuf = (caddr_t)rqbuf;
20298 	ucmdbuf->uscsi_rqlen = rqbuflen;
20299 	ucmdbuf->uscsi_flags = USCSI_RQENABLE|USCSI_SILENT|USCSI_READ;
20300 
20301 	status = sd_send_scsi_cmd(SD_GET_DEV(un), ucmdbuf, UIO_SYSSPACE,
20302 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
20303 
20304 	switch (status) {
20305 	case 0:
20306 		break;  /* Success! */
20307 	case EIO:
20308 		switch (ucmdbuf->uscsi_status) {
20309 		case STATUS_RESERVATION_CONFLICT:
20310 			status = EACCES;
20311 			break;
20312 		default:
20313 			break;
20314 		}
20315 		break;
20316 	default:
20317 		break;
20318 	}
20319 
20320 	if (status == 0) {
20321 		SD_DUMP_MEMORY(un, SD_LOG_IO,
20322 		    "sd_send_scsi_feature_GET_CONFIGURATION: data",
20323 		    (uchar_t *)bufaddr, SD_PROFILE_HEADER_LEN, SD_LOG_HEX);
20324 	}
20325 
20326 	SD_TRACE(SD_LOG_IO, un,
20327 	    "sd_send_scsi_feature_GET_CONFIGURATION: exit\n");
20328 
20329 	return (status);
20330 }
20331 
20332 
20333 /*
20334  *    Function: sd_send_scsi_MODE_SENSE
20335  *
20336  * Description: Utility function for issuing a scsi MODE SENSE command.
20337  *		Note: This routine uses a consistent implementation for Group0,
20338  *		Group1, and Group2 commands across all platforms. ATAPI devices
20339  *		use Group 1 Read/Write commands and Group 2 Mode Sense/Select
20340  *
20341  *   Arguments: un - pointer to the softstate struct for the target.
20342  *		cdbsize - size CDB to be used (CDB_GROUP0 (6 byte), or
20343  *			  CDB_GROUP[1|2] (10 byte).
20344  *		bufaddr - buffer for page data retrieved from the target.
20345  *		buflen - size of page to be retrieved.
20346  *		page_code - page code of data to be retrieved from the target.
20347  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20348  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20349  *			to use the USCSI "direct" chain and bypass the normal
20350  *			command waitq.
20351  *
20352  * Return Code: 0   - Success
20353  *		errno return code from sd_send_scsi_cmd()
20354  *
20355  *     Context: Can sleep. Does not return until command is completed.
20356  */
20357 
20358 static int
20359 sd_send_scsi_MODE_SENSE(struct sd_lun *un, int cdbsize, uchar_t *bufaddr,
20360 	size_t buflen,  uchar_t page_code, int path_flag)
20361 {
20362 	struct	scsi_extended_sense	sense_buf;
20363 	union scsi_cdb		cdb;
20364 	struct uscsi_cmd	ucmd_buf;
20365 	int			status;
20366 
20367 	ASSERT(un != NULL);
20368 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20369 	ASSERT(bufaddr != NULL);
20370 	ASSERT((cdbsize == CDB_GROUP0) || (cdbsize == CDB_GROUP1) ||
20371 	    (cdbsize == CDB_GROUP2));
20372 
20373 	SD_TRACE(SD_LOG_IO, un,
20374 	    "sd_send_scsi_MODE_SENSE: entry: un:0x%p\n", un);
20375 
20376 	bzero(&cdb, sizeof (cdb));
20377 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20378 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20379 	bzero(bufaddr, buflen);
20380 
20381 	if (cdbsize == CDB_GROUP0) {
20382 		cdb.scc_cmd = SCMD_MODE_SENSE;
20383 		cdb.cdb_opaque[2] = page_code;
20384 		FORMG0COUNT(&cdb, buflen);
20385 	} else {
20386 		cdb.scc_cmd = SCMD_MODE_SENSE_G1;
20387 		cdb.cdb_opaque[2] = page_code;
20388 		FORMG1COUNT(&cdb, buflen);
20389 	}
20390 
20391 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20392 
20393 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20394 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20395 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20396 	ucmd_buf.uscsi_buflen	= buflen;
20397 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20398 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20399 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
20400 	ucmd_buf.uscsi_timeout	= 60;
20401 
20402 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20403 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20404 
20405 	switch (status) {
20406 	case 0:
20407 		break;	/* Success! */
20408 	case EIO:
20409 		switch (ucmd_buf.uscsi_status) {
20410 		case STATUS_RESERVATION_CONFLICT:
20411 			status = EACCES;
20412 			break;
20413 		default:
20414 			break;
20415 		}
20416 		break;
20417 	default:
20418 		break;
20419 	}
20420 
20421 	if (status == 0) {
20422 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_MODE_SENSE: data",
20423 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20424 	}
20425 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_MODE_SENSE: exit\n");
20426 
20427 	return (status);
20428 }
20429 
20430 
20431 /*
20432  *    Function: sd_send_scsi_MODE_SELECT
20433  *
20434  * Description: Utility function for issuing a scsi MODE SELECT command.
20435  *		Note: This routine uses a consistent implementation for Group0,
20436  *		Group1, and Group2 commands across all platforms. ATAPI devices
20437  *		use Group 1 Read/Write commands and Group 2 Mode Sense/Select
20438  *
20439  *   Arguments: un - pointer to the softstate struct for the target.
20440  *		cdbsize - size CDB to be used (CDB_GROUP0 (6 byte), or
20441  *			  CDB_GROUP[1|2] (10 byte).
20442  *		bufaddr - buffer for page data retrieved from the target.
20443  *		buflen - size of page to be retrieved.
20444  *		save_page - boolean to determin if SP bit should be set.
20445  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20446  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20447  *			to use the USCSI "direct" chain and bypass the normal
20448  *			command waitq.
20449  *
20450  * Return Code: 0   - Success
20451  *		errno return code from sd_send_scsi_cmd()
20452  *
20453  *     Context: Can sleep. Does not return until command is completed.
20454  */
20455 
20456 static int
20457 sd_send_scsi_MODE_SELECT(struct sd_lun *un, int cdbsize, uchar_t *bufaddr,
20458 	size_t buflen,  uchar_t save_page, int path_flag)
20459 {
20460 	struct	scsi_extended_sense	sense_buf;
20461 	union scsi_cdb		cdb;
20462 	struct uscsi_cmd	ucmd_buf;
20463 	int			status;
20464 
20465 	ASSERT(un != NULL);
20466 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20467 	ASSERT(bufaddr != NULL);
20468 	ASSERT((cdbsize == CDB_GROUP0) || (cdbsize == CDB_GROUP1) ||
20469 	    (cdbsize == CDB_GROUP2));
20470 
20471 	SD_TRACE(SD_LOG_IO, un,
20472 	    "sd_send_scsi_MODE_SELECT: entry: un:0x%p\n", un);
20473 
20474 	bzero(&cdb, sizeof (cdb));
20475 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20476 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20477 
20478 	/* Set the PF bit for many third party drives */
20479 	cdb.cdb_opaque[1] = 0x10;
20480 
20481 	/* Set the savepage(SP) bit if given */
20482 	if (save_page == SD_SAVE_PAGE) {
20483 		cdb.cdb_opaque[1] |= 0x01;
20484 	}
20485 
20486 	if (cdbsize == CDB_GROUP0) {
20487 		cdb.scc_cmd = SCMD_MODE_SELECT;
20488 		FORMG0COUNT(&cdb, buflen);
20489 	} else {
20490 		cdb.scc_cmd = SCMD_MODE_SELECT_G1;
20491 		FORMG1COUNT(&cdb, buflen);
20492 	}
20493 
20494 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20495 
20496 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20497 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20498 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20499 	ucmd_buf.uscsi_buflen	= buflen;
20500 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20501 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20502 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_WRITE | USCSI_SILENT;
20503 	ucmd_buf.uscsi_timeout	= 60;
20504 
20505 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20506 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20507 
20508 	switch (status) {
20509 	case 0:
20510 		break;	/* Success! */
20511 	case EIO:
20512 		switch (ucmd_buf.uscsi_status) {
20513 		case STATUS_RESERVATION_CONFLICT:
20514 			status = EACCES;
20515 			break;
20516 		default:
20517 			break;
20518 		}
20519 		break;
20520 	default:
20521 		break;
20522 	}
20523 
20524 	if (status == 0) {
20525 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_MODE_SELECT: data",
20526 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20527 	}
20528 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_MODE_SELECT: exit\n");
20529 
20530 	return (status);
20531 }
20532 
20533 
20534 /*
20535  *    Function: sd_send_scsi_RDWR
20536  *
20537  * Description: Issue a scsi READ or WRITE command with the given parameters.
20538  *
20539  *   Arguments: un:      Pointer to the sd_lun struct for the target.
20540  *		cmd:	 SCMD_READ or SCMD_WRITE
20541  *		bufaddr: Address of caller's buffer to receive the RDWR data
20542  *		buflen:  Length of caller's buffer receive the RDWR data.
20543  *		start_block: Block number for the start of the RDWR operation.
20544  *			 (Assumes target-native block size.)
20545  *		residp:  Pointer to variable to receive the redisual of the
20546  *			 RDWR operation (may be NULL of no residual requested).
20547  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20548  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20549  *			to use the USCSI "direct" chain and bypass the normal
20550  *			command waitq.
20551  *
20552  * Return Code: 0   - Success
20553  *		errno return code from sd_send_scsi_cmd()
20554  *
20555  *     Context: Can sleep. Does not return until command is completed.
20556  */
20557 
20558 static int
20559 sd_send_scsi_RDWR(struct sd_lun *un, uchar_t cmd, void *bufaddr,
20560 	size_t buflen, daddr_t start_block, int path_flag)
20561 {
20562 	struct	scsi_extended_sense	sense_buf;
20563 	union scsi_cdb		cdb;
20564 	struct uscsi_cmd	ucmd_buf;
20565 	uint32_t		block_count;
20566 	int			status;
20567 	int			cdbsize;
20568 	uchar_t			flag;
20569 
20570 	ASSERT(un != NULL);
20571 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20572 	ASSERT(bufaddr != NULL);
20573 	ASSERT((cmd == SCMD_READ) || (cmd == SCMD_WRITE));
20574 
20575 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_RDWR: entry: un:0x%p\n", un);
20576 
20577 	if (un->un_f_tgt_blocksize_is_valid != TRUE) {
20578 		return (EINVAL);
20579 	}
20580 
20581 	mutex_enter(SD_MUTEX(un));
20582 	block_count = SD_BYTES2TGTBLOCKS(un, buflen);
20583 	mutex_exit(SD_MUTEX(un));
20584 
20585 	flag = (cmd == SCMD_READ) ? USCSI_READ : USCSI_WRITE;
20586 
20587 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_RDWR: "
20588 	    "bufaddr:0x%p buflen:0x%x start_block:0x%p block_count:0x%x\n",
20589 	    bufaddr, buflen, start_block, block_count);
20590 
20591 	bzero(&cdb, sizeof (cdb));
20592 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20593 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20594 
20595 	/* Compute CDB size to use */
20596 	if (start_block > 0xffffffff)
20597 		cdbsize = CDB_GROUP4;
20598 	else if ((start_block & 0xFFE00000) ||
20599 	    (un->un_f_cfg_is_atapi == TRUE))
20600 		cdbsize = CDB_GROUP1;
20601 	else
20602 		cdbsize = CDB_GROUP0;
20603 
20604 	switch (cdbsize) {
20605 	case CDB_GROUP0:	/* 6-byte CDBs */
20606 		cdb.scc_cmd = cmd;
20607 		FORMG0ADDR(&cdb, start_block);
20608 		FORMG0COUNT(&cdb, block_count);
20609 		break;
20610 	case CDB_GROUP1:	/* 10-byte CDBs */
20611 		cdb.scc_cmd = cmd | SCMD_GROUP1;
20612 		FORMG1ADDR(&cdb, start_block);
20613 		FORMG1COUNT(&cdb, block_count);
20614 		break;
20615 	case CDB_GROUP4:	/* 16-byte CDBs */
20616 		cdb.scc_cmd = cmd | SCMD_GROUP4;
20617 		FORMG4LONGADDR(&cdb, (uint64_t)start_block);
20618 		FORMG4COUNT(&cdb, block_count);
20619 		break;
20620 	case CDB_GROUP5:	/* 12-byte CDBs (currently unsupported) */
20621 	default:
20622 		/* All others reserved */
20623 		return (EINVAL);
20624 	}
20625 
20626 	/* Set LUN bit(s) in CDB if this is a SCSI-1 device */
20627 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20628 
20629 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20630 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20631 	ucmd_buf.uscsi_bufaddr	= bufaddr;
20632 	ucmd_buf.uscsi_buflen	= buflen;
20633 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20634 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20635 	ucmd_buf.uscsi_flags	= flag | USCSI_RQENABLE | USCSI_SILENT;
20636 	ucmd_buf.uscsi_timeout	= 60;
20637 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20638 				UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20639 	switch (status) {
20640 	case 0:
20641 		break;	/* Success! */
20642 	case EIO:
20643 		switch (ucmd_buf.uscsi_status) {
20644 		case STATUS_RESERVATION_CONFLICT:
20645 			status = EACCES;
20646 			break;
20647 		default:
20648 			break;
20649 		}
20650 		break;
20651 	default:
20652 		break;
20653 	}
20654 
20655 	if (status == 0) {
20656 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_RDWR: data",
20657 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20658 	}
20659 
20660 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_RDWR: exit\n");
20661 
20662 	return (status);
20663 }
20664 
20665 
20666 /*
20667  *    Function: sd_send_scsi_LOG_SENSE
20668  *
20669  * Description: Issue a scsi LOG_SENSE command with the given parameters.
20670  *
20671  *   Arguments: un:      Pointer to the sd_lun struct for the target.
20672  *
20673  * Return Code: 0   - Success
20674  *		errno return code from sd_send_scsi_cmd()
20675  *
20676  *     Context: Can sleep. Does not return until command is completed.
20677  */
20678 
20679 static int
20680 sd_send_scsi_LOG_SENSE(struct sd_lun *un, uchar_t *bufaddr, uint16_t buflen,
20681 	uchar_t page_code, uchar_t page_control, uint16_t param_ptr,
20682 	int path_flag)
20683 
20684 {
20685 	struct	scsi_extended_sense	sense_buf;
20686 	union scsi_cdb		cdb;
20687 	struct uscsi_cmd	ucmd_buf;
20688 	int			status;
20689 
20690 	ASSERT(un != NULL);
20691 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20692 
20693 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_LOG_SENSE: entry: un:0x%p\n", un);
20694 
20695 	bzero(&cdb, sizeof (cdb));
20696 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20697 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20698 
20699 	cdb.scc_cmd = SCMD_LOG_SENSE_G1;
20700 	cdb.cdb_opaque[2] = (page_control << 6) | page_code;
20701 	cdb.cdb_opaque[5] = (uchar_t)((param_ptr & 0xFF00) >> 8);
20702 	cdb.cdb_opaque[6] = (uchar_t)(param_ptr  & 0x00FF);
20703 	FORMG1COUNT(&cdb, buflen);
20704 
20705 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20706 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
20707 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20708 	ucmd_buf.uscsi_buflen	= buflen;
20709 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20710 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20711 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
20712 	ucmd_buf.uscsi_timeout	= 60;
20713 
20714 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20715 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20716 
20717 	switch (status) {
20718 	case 0:
20719 		break;
20720 	case EIO:
20721 		switch (ucmd_buf.uscsi_status) {
20722 		case STATUS_RESERVATION_CONFLICT:
20723 			status = EACCES;
20724 			break;
20725 		case STATUS_CHECK:
20726 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
20727 			    (sense_buf.es_key == KEY_ILLEGAL_REQUEST) &&
20728 			    (sense_buf.es_add_code == 0x24)) {
20729 				/*
20730 				 * ASC 0x24: INVALID FIELD IN CDB
20731 				 */
20732 				switch (page_code) {
20733 				case START_STOP_CYCLE_PAGE:
20734 					/*
20735 					 * The start stop cycle counter is
20736 					 * implemented as page 0x31 in earlier
20737 					 * generation disks. In new generation
20738 					 * disks the start stop cycle counter is
20739 					 * implemented as page 0xE. To properly
20740 					 * handle this case if an attempt for
20741 					 * log page 0xE is made and fails we
20742 					 * will try again using page 0x31.
20743 					 *
20744 					 * Network storage BU committed to
20745 					 * maintain the page 0x31 for this
20746 					 * purpose and will not have any other
20747 					 * page implemented with page code 0x31
20748 					 * until all disks transition to the
20749 					 * standard page.
20750 					 */
20751 					mutex_enter(SD_MUTEX(un));
20752 					un->un_start_stop_cycle_page =
20753 					    START_STOP_CYCLE_VU_PAGE;
20754 					cdb.cdb_opaque[2] =
20755 					    (char)(page_control << 6) |
20756 					    un->un_start_stop_cycle_page;
20757 					mutex_exit(SD_MUTEX(un));
20758 					status = sd_send_scsi_cmd(
20759 					    SD_GET_DEV(un), &ucmd_buf,
20760 					    UIO_SYSSPACE, UIO_SYSSPACE,
20761 					    UIO_SYSSPACE, path_flag);
20762 
20763 					break;
20764 				case TEMPERATURE_PAGE:
20765 					status = ENOTTY;
20766 					break;
20767 				default:
20768 					break;
20769 				}
20770 			}
20771 			break;
20772 		default:
20773 			break;
20774 		}
20775 		break;
20776 	default:
20777 		break;
20778 	}
20779 
20780 	if (status == 0) {
20781 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_LOG_SENSE: data",
20782 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20783 	}
20784 
20785 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_LOG_SENSE: exit\n");
20786 
20787 	return (status);
20788 }
20789 
20790 
20791 /*
20792  *    Function: sdioctl
20793  *
20794  * Description: Driver's ioctl(9e) entry point function.
20795  *
20796  *   Arguments: dev     - device number
20797  *		cmd     - ioctl operation to be performed
20798  *		arg     - user argument, contains data to be set or reference
20799  *			  parameter for get
20800  *		flag    - bit flag, indicating open settings, 32/64 bit type
20801  *		cred_p  - user credential pointer
20802  *		rval_p  - calling process return value (OPT)
20803  *
20804  * Return Code: EINVAL
20805  *		ENOTTY
20806  *		ENXIO
20807  *		EIO
20808  *		EFAULT
20809  *		ENOTSUP
20810  *		EPERM
20811  *
20812  *     Context: Called from the device switch at normal priority.
20813  */
20814 
20815 static int
20816 sdioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cred_p, int *rval_p)
20817 {
20818 	struct sd_lun	*un = NULL;
20819 	int		geom_validated = FALSE;
20820 	int		err = 0;
20821 	int		i = 0;
20822 	cred_t		*cr;
20823 
20824 	/*
20825 	 * All device accesses go thru sdstrategy where we check on suspend
20826 	 * status
20827 	 */
20828 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
20829 		return (ENXIO);
20830 	}
20831 
20832 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20833 
20834 	/*
20835 	 * Moved this wait from sd_uscsi_strategy to here for
20836 	 * reasons of deadlock prevention. Internal driver commands,
20837 	 * specifically those to change a devices power level, result
20838 	 * in a call to sd_uscsi_strategy.
20839 	 */
20840 	mutex_enter(SD_MUTEX(un));
20841 	while ((un->un_state == SD_STATE_SUSPENDED) ||
20842 	    (un->un_state == SD_STATE_PM_CHANGING)) {
20843 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
20844 	}
20845 	/*
20846 	 * Twiddling the counter here protects commands from now
20847 	 * through to the top of sd_uscsi_strategy. Without the
20848 	 * counter inc. a power down, for example, could get in
20849 	 * after the above check for state is made and before
20850 	 * execution gets to the top of sd_uscsi_strategy.
20851 	 * That would cause problems.
20852 	 */
20853 	un->un_ncmds_in_driver++;
20854 
20855 	if ((un->un_f_geometry_is_valid == FALSE) &&
20856 	    (flag & (FNDELAY | FNONBLOCK))) {
20857 		switch (cmd) {
20858 		case CDROMPAUSE:
20859 		case CDROMRESUME:
20860 		case CDROMPLAYMSF:
20861 		case CDROMPLAYTRKIND:
20862 		case CDROMREADTOCHDR:
20863 		case CDROMREADTOCENTRY:
20864 		case CDROMSTOP:
20865 		case CDROMSTART:
20866 		case CDROMVOLCTRL:
20867 		case CDROMSUBCHNL:
20868 		case CDROMREADMODE2:
20869 		case CDROMREADMODE1:
20870 		case CDROMREADOFFSET:
20871 		case CDROMSBLKMODE:
20872 		case CDROMGBLKMODE:
20873 		case CDROMGDRVSPEED:
20874 		case CDROMSDRVSPEED:
20875 		case CDROMCDDA:
20876 		case CDROMCDXA:
20877 		case CDROMSUBCODE:
20878 			if (!ISCD(un)) {
20879 				un->un_ncmds_in_driver--;
20880 				ASSERT(un->un_ncmds_in_driver >= 0);
20881 				mutex_exit(SD_MUTEX(un));
20882 				return (ENOTTY);
20883 			}
20884 			break;
20885 		case FDEJECT:
20886 		case DKIOCEJECT:
20887 		case CDROMEJECT:
20888 			if (!ISREMOVABLE(un)) {
20889 				un->un_ncmds_in_driver--;
20890 				ASSERT(un->un_ncmds_in_driver >= 0);
20891 				mutex_exit(SD_MUTEX(un));
20892 				return (ENOTTY);
20893 			}
20894 			break;
20895 		case DKIOCSVTOC:
20896 		case DKIOCSETEFI:
20897 		case DKIOCSMBOOT:
20898 		case DKIOCFLUSHWRITECACHE:
20899 			mutex_exit(SD_MUTEX(un));
20900 			err = sd_send_scsi_TEST_UNIT_READY(un, 0);
20901 			if (err != 0) {
20902 				mutex_enter(SD_MUTEX(un));
20903 				un->un_ncmds_in_driver--;
20904 				ASSERT(un->un_ncmds_in_driver >= 0);
20905 				mutex_exit(SD_MUTEX(un));
20906 				return (EIO);
20907 			}
20908 			mutex_enter(SD_MUTEX(un));
20909 			/* FALLTHROUGH */
20910 		case DKIOCREMOVABLE:
20911 		case DKIOCINFO:
20912 		case DKIOCGMEDIAINFO:
20913 		case MHIOCENFAILFAST:
20914 		case MHIOCSTATUS:
20915 		case MHIOCTKOWN:
20916 		case MHIOCRELEASE:
20917 		case MHIOCGRP_INKEYS:
20918 		case MHIOCGRP_INRESV:
20919 		case MHIOCGRP_REGISTER:
20920 		case MHIOCGRP_RESERVE:
20921 		case MHIOCGRP_PREEMPTANDABORT:
20922 		case MHIOCGRP_REGISTERANDIGNOREKEY:
20923 		case CDROMCLOSETRAY:
20924 		case USCSICMD:
20925 			goto skip_ready_valid;
20926 		default:
20927 			break;
20928 		}
20929 
20930 		mutex_exit(SD_MUTEX(un));
20931 		err = sd_ready_and_valid(un);
20932 		mutex_enter(SD_MUTEX(un));
20933 		if (err == SD_READY_NOT_VALID) {
20934 			switch (cmd) {
20935 			case DKIOCGAPART:
20936 			case DKIOCGGEOM:
20937 			case DKIOCSGEOM:
20938 			case DKIOCGVTOC:
20939 			case DKIOCSVTOC:
20940 			case DKIOCSAPART:
20941 			case DKIOCG_PHYGEOM:
20942 			case DKIOCG_VIRTGEOM:
20943 				err = ENOTSUP;
20944 				un->un_ncmds_in_driver--;
20945 				ASSERT(un->un_ncmds_in_driver >= 0);
20946 				mutex_exit(SD_MUTEX(un));
20947 				return (err);
20948 			}
20949 		}
20950 		if (err != SD_READY_VALID) {
20951 			switch (cmd) {
20952 			case DKIOCSTATE:
20953 			case CDROMGDRVSPEED:
20954 			case CDROMSDRVSPEED:
20955 			case FDEJECT:	/* for eject command */
20956 			case DKIOCEJECT:
20957 			case CDROMEJECT:
20958 			case DKIOCGETEFI:
20959 			case DKIOCSGEOM:
20960 			case DKIOCREMOVABLE:
20961 			case DKIOCSAPART:
20962 			case DKIOCSETEFI:
20963 				break;
20964 			default:
20965 				if (ISREMOVABLE(un)) {
20966 					err = ENXIO;
20967 				} else {
20968 					/* Do not map EACCES to EIO */
20969 					if (err != EACCES)
20970 						err = EIO;
20971 				}
20972 				un->un_ncmds_in_driver--;
20973 				ASSERT(un->un_ncmds_in_driver >= 0);
20974 				mutex_exit(SD_MUTEX(un));
20975 				return (err);
20976 			}
20977 		}
20978 		geom_validated = TRUE;
20979 	}
20980 	if ((un->un_f_geometry_is_valid == TRUE) &&
20981 	    (un->un_solaris_size > 0)) {
20982 		/*
20983 		 * the "geometry_is_valid" flag could be true if we
20984 		 * have an fdisk table but no Solaris partition
20985 		 */
20986 		if (un->un_vtoc.v_sanity != VTOC_SANE) {
20987 			/* it is EFI, so return ENOTSUP for these */
20988 			switch (cmd) {
20989 			case DKIOCGAPART:
20990 			case DKIOCGGEOM:
20991 			case DKIOCGVTOC:
20992 			case DKIOCSVTOC:
20993 			case DKIOCSAPART:
20994 				err = ENOTSUP;
20995 				un->un_ncmds_in_driver--;
20996 				ASSERT(un->un_ncmds_in_driver >= 0);
20997 				mutex_exit(SD_MUTEX(un));
20998 				return (err);
20999 			}
21000 		}
21001 	}
21002 
21003 skip_ready_valid:
21004 	mutex_exit(SD_MUTEX(un));
21005 
21006 	switch (cmd) {
21007 	case DKIOCINFO:
21008 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCINFO\n");
21009 		err = sd_dkio_ctrl_info(dev, (caddr_t)arg, flag);
21010 		break;
21011 
21012 	case DKIOCGMEDIAINFO:
21013 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGMEDIAINFO\n");
21014 		err = sd_get_media_info(dev, (caddr_t)arg, flag);
21015 		break;
21016 
21017 	case DKIOCGGEOM:
21018 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGGEOM\n");
21019 		err = sd_dkio_get_geometry(dev, (caddr_t)arg, flag,
21020 		    geom_validated);
21021 		break;
21022 
21023 	case DKIOCSGEOM:
21024 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSGEOM\n");
21025 		err = sd_dkio_set_geometry(dev, (caddr_t)arg, flag);
21026 		break;
21027 
21028 	case DKIOCGAPART:
21029 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGAPART\n");
21030 		err = sd_dkio_get_partition(dev, (caddr_t)arg, flag,
21031 		    geom_validated);
21032 		break;
21033 
21034 	case DKIOCSAPART:
21035 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSAPART\n");
21036 		err = sd_dkio_set_partition(dev, (caddr_t)arg, flag);
21037 		break;
21038 
21039 	case DKIOCGVTOC:
21040 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGVTOC\n");
21041 		err = sd_dkio_get_vtoc(dev, (caddr_t)arg, flag,
21042 		    geom_validated);
21043 		break;
21044 
21045 	case DKIOCGETEFI:
21046 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGETEFI\n");
21047 		err = sd_dkio_get_efi(dev, (caddr_t)arg, flag);
21048 		break;
21049 
21050 	case DKIOCPARTITION:
21051 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTITION\n");
21052 		err = sd_dkio_partition(dev, (caddr_t)arg, flag);
21053 		break;
21054 
21055 	case DKIOCSVTOC:
21056 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSVTOC\n");
21057 		err = sd_dkio_set_vtoc(dev, (caddr_t)arg, flag);
21058 		break;
21059 
21060 	case DKIOCSETEFI:
21061 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSETEFI\n");
21062 		err = sd_dkio_set_efi(dev, (caddr_t)arg, flag);
21063 		break;
21064 
21065 	case DKIOCGMBOOT:
21066 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGMBOOT\n");
21067 		err = sd_dkio_get_mboot(dev, (caddr_t)arg, flag);
21068 		break;
21069 
21070 	case DKIOCSMBOOT:
21071 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSMBOOT\n");
21072 		err = sd_dkio_set_mboot(dev, (caddr_t)arg, flag);
21073 		break;
21074 
21075 	case DKIOCLOCK:
21076 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCLOCK\n");
21077 		err = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
21078 		    SD_PATH_STANDARD);
21079 		break;
21080 
21081 	case DKIOCUNLOCK:
21082 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCUNLOCK\n");
21083 		err = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_ALLOW,
21084 		    SD_PATH_STANDARD);
21085 		break;
21086 
21087 	case DKIOCSTATE: {
21088 		enum dkio_state		state;
21089 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSTATE\n");
21090 
21091 		if (ddi_copyin((void *)arg, &state, sizeof (int), flag) != 0) {
21092 			err = EFAULT;
21093 		} else {
21094 			err = sd_check_media(dev, state);
21095 			if (err == 0) {
21096 				if (ddi_copyout(&un->un_mediastate, (void *)arg,
21097 				    sizeof (int), flag) != 0)
21098 					err = EFAULT;
21099 			}
21100 		}
21101 		break;
21102 	}
21103 
21104 	case DKIOCREMOVABLE:
21105 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCREMOVABLE\n");
21106 		if (ISREMOVABLE(un)) {
21107 			i = 1;
21108 		} else {
21109 			i = 0;
21110 		}
21111 		if (ddi_copyout(&i, (void *)arg, sizeof (int), flag) != 0) {
21112 			err = EFAULT;
21113 		} else {
21114 			err = 0;
21115 		}
21116 		break;
21117 
21118 	case DKIOCGTEMPERATURE:
21119 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGTEMPERATURE\n");
21120 		err = sd_dkio_get_temp(dev, (caddr_t)arg, flag);
21121 		break;
21122 
21123 	case MHIOCENFAILFAST:
21124 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCENFAILFAST\n");
21125 		if ((err = drv_priv(cred_p)) == 0) {
21126 			err = sd_mhdioc_failfast(dev, (caddr_t)arg, flag);
21127 		}
21128 		break;
21129 
21130 	case MHIOCTKOWN:
21131 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCTKOWN\n");
21132 		if ((err = drv_priv(cred_p)) == 0) {
21133 			err = sd_mhdioc_takeown(dev, (caddr_t)arg, flag);
21134 		}
21135 		break;
21136 
21137 	case MHIOCRELEASE:
21138 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCRELEASE\n");
21139 		if ((err = drv_priv(cred_p)) == 0) {
21140 			err = sd_mhdioc_release(dev);
21141 		}
21142 		break;
21143 
21144 	case MHIOCSTATUS:
21145 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCSTATUS\n");
21146 		if ((err = drv_priv(cred_p)) == 0) {
21147 			switch (sd_send_scsi_TEST_UNIT_READY(un, 0)) {
21148 			case 0:
21149 				err = 0;
21150 				break;
21151 			case EACCES:
21152 				*rval_p = 1;
21153 				err = 0;
21154 				break;
21155 			default:
21156 				err = EIO;
21157 				break;
21158 			}
21159 		}
21160 		break;
21161 
21162 	case MHIOCQRESERVE:
21163 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCQRESERVE\n");
21164 		if ((err = drv_priv(cred_p)) == 0) {
21165 			err = sd_reserve_release(dev, SD_RESERVE);
21166 		}
21167 		break;
21168 
21169 	case MHIOCREREGISTERDEVID:
21170 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCREREGISTERDEVID\n");
21171 		if (drv_priv(cred_p) == EPERM) {
21172 			err = EPERM;
21173 		} else if (ISREMOVABLE(un) || ISCD(un)) {
21174 			err = ENOTTY;
21175 		} else {
21176 			err = sd_mhdioc_register_devid(dev);
21177 		}
21178 		break;
21179 
21180 	case MHIOCGRP_INKEYS:
21181 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_INKEYS\n");
21182 		if (((err = drv_priv(cred_p)) != EPERM) && arg != NULL) {
21183 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21184 				err = ENOTSUP;
21185 			} else {
21186 				err = sd_mhdioc_inkeys(dev, (caddr_t)arg,
21187 				    flag);
21188 			}
21189 		}
21190 		break;
21191 
21192 	case MHIOCGRP_INRESV:
21193 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_INRESV\n");
21194 		if (((err = drv_priv(cred_p)) != EPERM) && arg != NULL) {
21195 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21196 				err = ENOTSUP;
21197 			} else {
21198 				err = sd_mhdioc_inresv(dev, (caddr_t)arg, flag);
21199 			}
21200 		}
21201 		break;
21202 
21203 	case MHIOCGRP_REGISTER:
21204 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_REGISTER\n");
21205 		if ((err = drv_priv(cred_p)) != EPERM) {
21206 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21207 				err = ENOTSUP;
21208 			} else if (arg != NULL) {
21209 				mhioc_register_t reg;
21210 				if (ddi_copyin((void *)arg, &reg,
21211 				    sizeof (mhioc_register_t), flag) != 0) {
21212 					err = EFAULT;
21213 				} else {
21214 					err =
21215 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21216 					    un, SD_SCSI3_REGISTER,
21217 					    (uchar_t *)&reg);
21218 				}
21219 			}
21220 		}
21221 		break;
21222 
21223 	case MHIOCGRP_RESERVE:
21224 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_RESERVE\n");
21225 		if ((err = drv_priv(cred_p)) != EPERM) {
21226 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21227 				err = ENOTSUP;
21228 			} else if (arg != NULL) {
21229 				mhioc_resv_desc_t resv_desc;
21230 				if (ddi_copyin((void *)arg, &resv_desc,
21231 				    sizeof (mhioc_resv_desc_t), flag) != 0) {
21232 					err = EFAULT;
21233 				} else {
21234 					err =
21235 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21236 					    un, SD_SCSI3_RESERVE,
21237 					    (uchar_t *)&resv_desc);
21238 				}
21239 			}
21240 		}
21241 		break;
21242 
21243 	case MHIOCGRP_PREEMPTANDABORT:
21244 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_PREEMPTANDABORT\n");
21245 		if ((err = drv_priv(cred_p)) != EPERM) {
21246 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21247 				err = ENOTSUP;
21248 			} else if (arg != NULL) {
21249 				mhioc_preemptandabort_t preempt_abort;
21250 				if (ddi_copyin((void *)arg, &preempt_abort,
21251 				    sizeof (mhioc_preemptandabort_t),
21252 				    flag) != 0) {
21253 					err = EFAULT;
21254 				} else {
21255 					err =
21256 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21257 					    un, SD_SCSI3_PREEMPTANDABORT,
21258 					    (uchar_t *)&preempt_abort);
21259 				}
21260 			}
21261 		}
21262 		break;
21263 
21264 	case MHIOCGRP_REGISTERANDIGNOREKEY:
21265 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_PREEMPTANDABORT\n");
21266 		if ((err = drv_priv(cred_p)) != EPERM) {
21267 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21268 				err = ENOTSUP;
21269 			} else if (arg != NULL) {
21270 				mhioc_registerandignorekey_t r_and_i;
21271 				if (ddi_copyin((void *)arg, (void *)&r_and_i,
21272 				    sizeof (mhioc_registerandignorekey_t),
21273 				    flag) != 0) {
21274 					err = EFAULT;
21275 				} else {
21276 					err =
21277 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21278 					    un, SD_SCSI3_REGISTERANDIGNOREKEY,
21279 					    (uchar_t *)&r_and_i);
21280 				}
21281 			}
21282 		}
21283 		break;
21284 
21285 	case USCSICMD:
21286 		SD_TRACE(SD_LOG_IOCTL, un, "USCSICMD\n");
21287 		cr = ddi_get_cred();
21288 		if ((drv_priv(cred_p) != 0) && (drv_priv(cr) != 0)) {
21289 			err = EPERM;
21290 		} else {
21291 			err = sd_uscsi_ioctl(dev, (caddr_t)arg, flag);
21292 		}
21293 		break;
21294 
21295 	case CDROMPAUSE:
21296 	case CDROMRESUME:
21297 		SD_TRACE(SD_LOG_IOCTL, un, "PAUSE-RESUME\n");
21298 		if (!ISCD(un)) {
21299 			err = ENOTTY;
21300 		} else {
21301 			err = sr_pause_resume(dev, cmd);
21302 		}
21303 		break;
21304 
21305 	case CDROMPLAYMSF:
21306 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMPLAYMSF\n");
21307 		if (!ISCD(un)) {
21308 			err = ENOTTY;
21309 		} else {
21310 			err = sr_play_msf(dev, (caddr_t)arg, flag);
21311 		}
21312 		break;
21313 
21314 	case CDROMPLAYTRKIND:
21315 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMPLAYTRKIND\n");
21316 #if defined(__i386) || defined(__amd64)
21317 		/*
21318 		 * not supported on ATAPI CD drives, use CDROMPLAYMSF instead
21319 		 */
21320 		if (!ISCD(un) || (un->un_f_cfg_is_atapi == TRUE)) {
21321 #else
21322 		if (!ISCD(un)) {
21323 #endif
21324 			err = ENOTTY;
21325 		} else {
21326 			err = sr_play_trkind(dev, (caddr_t)arg, flag);
21327 		}
21328 		break;
21329 
21330 	case CDROMREADTOCHDR:
21331 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADTOCHDR\n");
21332 		if (!ISCD(un)) {
21333 			err = ENOTTY;
21334 		} else {
21335 			err = sr_read_tochdr(dev, (caddr_t)arg, flag);
21336 		}
21337 		break;
21338 
21339 	case CDROMREADTOCENTRY:
21340 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADTOCENTRY\n");
21341 		if (!ISCD(un)) {
21342 			err = ENOTTY;
21343 		} else {
21344 			err = sr_read_tocentry(dev, (caddr_t)arg, flag);
21345 		}
21346 		break;
21347 
21348 	case CDROMSTOP:
21349 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSTOP\n");
21350 		if (!ISCD(un)) {
21351 			err = ENOTTY;
21352 		} else {
21353 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_STOP,
21354 			    SD_PATH_STANDARD);
21355 		}
21356 		break;
21357 
21358 	case CDROMSTART:
21359 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSTART\n");
21360 		if (!ISCD(un)) {
21361 			err = ENOTTY;
21362 		} else {
21363 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
21364 			    SD_PATH_STANDARD);
21365 		}
21366 		break;
21367 
21368 	case CDROMCLOSETRAY:
21369 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCLOSETRAY\n");
21370 		if (!ISCD(un)) {
21371 			err = ENOTTY;
21372 		} else {
21373 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_CLOSE,
21374 			    SD_PATH_STANDARD);
21375 		}
21376 		break;
21377 
21378 	case FDEJECT:	/* for eject command */
21379 	case DKIOCEJECT:
21380 	case CDROMEJECT:
21381 		SD_TRACE(SD_LOG_IOCTL, un, "EJECT\n");
21382 		if (!ISREMOVABLE(un)) {
21383 			err = ENOTTY;
21384 		} else {
21385 			err = sr_eject(dev);
21386 		}
21387 		break;
21388 
21389 	case CDROMVOLCTRL:
21390 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMVOLCTRL\n");
21391 		if (!ISCD(un)) {
21392 			err = ENOTTY;
21393 		} else {
21394 			err = sr_volume_ctrl(dev, (caddr_t)arg, flag);
21395 		}
21396 		break;
21397 
21398 	case CDROMSUBCHNL:
21399 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSUBCHNL\n");
21400 		if (!ISCD(un)) {
21401 			err = ENOTTY;
21402 		} else {
21403 			err = sr_read_subchannel(dev, (caddr_t)arg, flag);
21404 		}
21405 		break;
21406 
21407 	case CDROMREADMODE2:
21408 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADMODE2\n");
21409 		if (!ISCD(un)) {
21410 			err = ENOTTY;
21411 		} else if (un->un_f_cfg_is_atapi == TRUE) {
21412 			/*
21413 			 * If the drive supports READ CD, use that instead of
21414 			 * switching the LBA size via a MODE SELECT
21415 			 * Block Descriptor
21416 			 */
21417 			err = sr_read_cd_mode2(dev, (caddr_t)arg, flag);
21418 		} else {
21419 			err = sr_read_mode2(dev, (caddr_t)arg, flag);
21420 		}
21421 		break;
21422 
21423 	case CDROMREADMODE1:
21424 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADMODE1\n");
21425 		if (!ISCD(un)) {
21426 			err = ENOTTY;
21427 		} else {
21428 			err = sr_read_mode1(dev, (caddr_t)arg, flag);
21429 		}
21430 		break;
21431 
21432 	case CDROMREADOFFSET:
21433 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADOFFSET\n");
21434 		if (!ISCD(un)) {
21435 			err = ENOTTY;
21436 		} else {
21437 			err = sr_read_sony_session_offset(dev, (caddr_t)arg,
21438 			    flag);
21439 		}
21440 		break;
21441 
21442 	case CDROMSBLKMODE:
21443 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSBLKMODE\n");
21444 		/*
21445 		 * There is no means of changing block size in case of atapi
21446 		 * drives, thus return ENOTTY if drive type is atapi
21447 		 */
21448 		if (!ISCD(un) || (un->un_f_cfg_is_atapi == TRUE)) {
21449 			err = ENOTTY;
21450 		} else if (un->un_f_mmc_cap == TRUE) {
21451 
21452 			/*
21453 			 * MMC Devices do not support changing the
21454 			 * logical block size
21455 			 *
21456 			 * Note: EINVAL is being returned instead of ENOTTY to
21457 			 * maintain consistancy with the original mmc
21458 			 * driver update.
21459 			 */
21460 			err = EINVAL;
21461 		} else {
21462 			mutex_enter(SD_MUTEX(un));
21463 			if ((!(un->un_exclopen & (1<<SDPART(dev)))) ||
21464 			    (un->un_ncmds_in_transport > 0)) {
21465 				mutex_exit(SD_MUTEX(un));
21466 				err = EINVAL;
21467 			} else {
21468 				mutex_exit(SD_MUTEX(un));
21469 				err = sr_change_blkmode(dev, cmd, arg, flag);
21470 			}
21471 		}
21472 		break;
21473 
21474 	case CDROMGBLKMODE:
21475 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMGBLKMODE\n");
21476 		if (!ISCD(un)) {
21477 			err = ENOTTY;
21478 		} else if ((un->un_f_cfg_is_atapi != FALSE) &&
21479 		    (un->un_f_blockcount_is_valid != FALSE)) {
21480 			/*
21481 			 * Drive is an ATAPI drive so return target block
21482 			 * size for ATAPI drives since we cannot change the
21483 			 * blocksize on ATAPI drives. Used primarily to detect
21484 			 * if an ATAPI cdrom is present.
21485 			 */
21486 			if (ddi_copyout(&un->un_tgt_blocksize, (void *)arg,
21487 			    sizeof (int), flag) != 0) {
21488 				err = EFAULT;
21489 			} else {
21490 				err = 0;
21491 			}
21492 
21493 		} else {
21494 			/*
21495 			 * Drive supports changing block sizes via a Mode
21496 			 * Select.
21497 			 */
21498 			err = sr_change_blkmode(dev, cmd, arg, flag);
21499 		}
21500 		break;
21501 
21502 	case CDROMGDRVSPEED:
21503 	case CDROMSDRVSPEED:
21504 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMXDRVSPEED\n");
21505 		if (!ISCD(un)) {
21506 			err = ENOTTY;
21507 		} else if (un->un_f_mmc_cap == TRUE) {
21508 			/*
21509 			 * Note: In the future the driver implementation
21510 			 * for getting and
21511 			 * setting cd speed should entail:
21512 			 * 1) If non-mmc try the Toshiba mode page
21513 			 *    (sr_change_speed)
21514 			 * 2) If mmc but no support for Real Time Streaming try
21515 			 *    the SET CD SPEED (0xBB) command
21516 			 *   (sr_atapi_change_speed)
21517 			 * 3) If mmc and support for Real Time Streaming
21518 			 *    try the GET PERFORMANCE and SET STREAMING
21519 			 *    commands (not yet implemented, 4380808)
21520 			 */
21521 			/*
21522 			 * As per recent MMC spec, CD-ROM speed is variable
21523 			 * and changes with LBA. Since there is no such
21524 			 * things as drive speed now, fail this ioctl.
21525 			 *
21526 			 * Note: EINVAL is returned for consistancy of original
21527 			 * implementation which included support for getting
21528 			 * the drive speed of mmc devices but not setting
21529 			 * the drive speed. Thus EINVAL would be returned
21530 			 * if a set request was made for an mmc device.
21531 			 * We no longer support get or set speed for
21532 			 * mmc but need to remain consistant with regard
21533 			 * to the error code returned.
21534 			 */
21535 			err = EINVAL;
21536 		} else if (un->un_f_cfg_is_atapi == TRUE) {
21537 			err = sr_atapi_change_speed(dev, cmd, arg, flag);
21538 		} else {
21539 			err = sr_change_speed(dev, cmd, arg, flag);
21540 		}
21541 		break;
21542 
21543 	case CDROMCDDA:
21544 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCDDA\n");
21545 		if (!ISCD(un)) {
21546 			err = ENOTTY;
21547 		} else {
21548 			err = sr_read_cdda(dev, (void *)arg, flag);
21549 		}
21550 		break;
21551 
21552 	case CDROMCDXA:
21553 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCDXA\n");
21554 		if (!ISCD(un)) {
21555 			err = ENOTTY;
21556 		} else {
21557 			err = sr_read_cdxa(dev, (caddr_t)arg, flag);
21558 		}
21559 		break;
21560 
21561 	case CDROMSUBCODE:
21562 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSUBCODE\n");
21563 		if (!ISCD(un)) {
21564 			err = ENOTTY;
21565 		} else {
21566 			err = sr_read_all_subcodes(dev, (caddr_t)arg, flag);
21567 		}
21568 		break;
21569 
21570 	case DKIOCPARTINFO: {
21571 		/*
21572 		 * Return parameters describing the selected disk slice.
21573 		 * Note: this ioctl is for the intel platform only
21574 		 */
21575 #if defined(__i386) || defined(__amd64)
21576 		int part;
21577 
21578 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTINFO\n");
21579 		part = SDPART(dev);
21580 
21581 		/* don't check un_solaris_size for pN */
21582 		if (part < P0_RAW_DISK && un->un_solaris_size == 0) {
21583 			err = EIO;
21584 		} else {
21585 			struct part_info p;
21586 
21587 			p.p_start = (daddr_t)un->un_offset[part];
21588 			p.p_length = (int)un->un_map[part].dkl_nblk;
21589 #ifdef _MULTI_DATAMODEL
21590 			switch (ddi_model_convert_from(flag & FMODELS)) {
21591 			case DDI_MODEL_ILP32:
21592 			{
21593 				struct part_info32 p32;
21594 
21595 				p32.p_start = (daddr32_t)p.p_start;
21596 				p32.p_length = p.p_length;
21597 				if (ddi_copyout(&p32, (void *)arg,
21598 				    sizeof (p32), flag))
21599 					err = EFAULT;
21600 				break;
21601 			}
21602 
21603 			case DDI_MODEL_NONE:
21604 			{
21605 				if (ddi_copyout(&p, (void *)arg, sizeof (p),
21606 				    flag))
21607 					err = EFAULT;
21608 				break;
21609 			}
21610 			}
21611 #else /* ! _MULTI_DATAMODEL */
21612 			if (ddi_copyout(&p, (void *)arg, sizeof (p), flag))
21613 				err = EFAULT;
21614 #endif /* _MULTI_DATAMODEL */
21615 		}
21616 #else
21617 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTINFO\n");
21618 		err = ENOTTY;
21619 #endif
21620 		break;
21621 	}
21622 
21623 	case DKIOCG_PHYGEOM: {
21624 		/* Return the driver's notion of the media physical geometry */
21625 #if defined(__i386) || defined(__amd64)
21626 		struct dk_geom	disk_geom;
21627 		struct dk_geom	*dkgp = &disk_geom;
21628 
21629 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_PHYGEOM\n");
21630 		mutex_enter(SD_MUTEX(un));
21631 
21632 		if (un->un_g.dkg_nhead != 0 &&
21633 		    un->un_g.dkg_nsect != 0) {
21634 			/*
21635 			 * We succeeded in getting a geometry, but
21636 			 * right now it is being reported as just the
21637 			 * Solaris fdisk partition, just like for
21638 			 * DKIOCGGEOM. We need to change that to be
21639 			 * correct for the entire disk now.
21640 			 */
21641 			bcopy(&un->un_g, dkgp, sizeof (*dkgp));
21642 			dkgp->dkg_acyl = 0;
21643 			dkgp->dkg_ncyl = un->un_blockcount /
21644 			    (dkgp->dkg_nhead * dkgp->dkg_nsect);
21645 		} else {
21646 			bzero(dkgp, sizeof (struct dk_geom));
21647 			/*
21648 			 * This disk does not have a Solaris VTOC
21649 			 * so we must present a physical geometry
21650 			 * that will remain consistent regardless
21651 			 * of how the disk is used. This will ensure
21652 			 * that the geometry does not change regardless
21653 			 * of the fdisk partition type (ie. EFI, FAT32,
21654 			 * Solaris, etc).
21655 			 */
21656 			if (ISCD(un)) {
21657 				dkgp->dkg_nhead = un->un_pgeom.g_nhead;
21658 				dkgp->dkg_nsect = un->un_pgeom.g_nsect;
21659 				dkgp->dkg_ncyl = un->un_pgeom.g_ncyl;
21660 				dkgp->dkg_acyl = un->un_pgeom.g_acyl;
21661 			} else {
21662 				/*
21663 				 * Invalid un_blockcount can generate invalid
21664 				 * dk_geom and may result in division by zero
21665 				 * system failure. Should make sure blockcount
21666 				 * is valid before using it here.
21667 				 */
21668 				if (un->un_f_blockcount_is_valid == FALSE) {
21669 					mutex_exit(SD_MUTEX(un));
21670 					err = EIO;
21671 
21672 					break;
21673 				}
21674 				sd_convert_geometry(un->un_blockcount, dkgp);
21675 				dkgp->dkg_acyl = 0;
21676 				dkgp->dkg_ncyl = un->un_blockcount /
21677 				    (dkgp->dkg_nhead * dkgp->dkg_nsect);
21678 			}
21679 		}
21680 		dkgp->dkg_pcyl = dkgp->dkg_ncyl + dkgp->dkg_acyl;
21681 
21682 		if (ddi_copyout(dkgp, (void *)arg,
21683 		    sizeof (struct dk_geom), flag)) {
21684 			mutex_exit(SD_MUTEX(un));
21685 			err = EFAULT;
21686 		} else {
21687 			mutex_exit(SD_MUTEX(un));
21688 			err = 0;
21689 		}
21690 #else
21691 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_PHYGEOM\n");
21692 		err = ENOTTY;
21693 #endif
21694 		break;
21695 	}
21696 
21697 	case DKIOCG_VIRTGEOM: {
21698 		/* Return the driver's notion of the media's logical geometry */
21699 #if defined(__i386) || defined(__amd64)
21700 		struct dk_geom	disk_geom;
21701 		struct dk_geom	*dkgp = &disk_geom;
21702 
21703 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_VIRTGEOM\n");
21704 		mutex_enter(SD_MUTEX(un));
21705 		/*
21706 		 * If there is no HBA geometry available, or
21707 		 * if the HBA returned us something that doesn't
21708 		 * really fit into an Int 13/function 8 geometry
21709 		 * result, just fail the ioctl.  See PSARC 1998/313.
21710 		 */
21711 		if (un->un_lgeom.g_nhead == 0 ||
21712 		    un->un_lgeom.g_nsect == 0 ||
21713 		    un->un_lgeom.g_ncyl > 1024) {
21714 			mutex_exit(SD_MUTEX(un));
21715 			err = EINVAL;
21716 		} else {
21717 			dkgp->dkg_ncyl	= un->un_lgeom.g_ncyl;
21718 			dkgp->dkg_acyl	= un->un_lgeom.g_acyl;
21719 			dkgp->dkg_pcyl	= dkgp->dkg_ncyl + dkgp->dkg_acyl;
21720 			dkgp->dkg_nhead	= un->un_lgeom.g_nhead;
21721 			dkgp->dkg_nsect	= un->un_lgeom.g_nsect;
21722 
21723 			if (ddi_copyout(dkgp, (void *)arg,
21724 			    sizeof (struct dk_geom), flag)) {
21725 				mutex_exit(SD_MUTEX(un));
21726 				err = EFAULT;
21727 			} else {
21728 				mutex_exit(SD_MUTEX(un));
21729 				err = 0;
21730 			}
21731 		}
21732 #else
21733 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_VIRTGEOM\n");
21734 		err = ENOTTY;
21735 #endif
21736 		break;
21737 	}
21738 #ifdef SDDEBUG
21739 /* RESET/ABORTS testing ioctls */
21740 	case DKIOCRESET: {
21741 		int	reset_level;
21742 
21743 		if (ddi_copyin((void *)arg, &reset_level, sizeof (int), flag)) {
21744 			err = EFAULT;
21745 		} else {
21746 			SD_INFO(SD_LOG_IOCTL, un, "sdioctl: DKIOCRESET: "
21747 			    "reset_level = 0x%lx\n", reset_level);
21748 			if (scsi_reset(SD_ADDRESS(un), reset_level)) {
21749 				err = 0;
21750 			} else {
21751 				err = EIO;
21752 			}
21753 		}
21754 		break;
21755 	}
21756 
21757 	case DKIOCABORT:
21758 		SD_INFO(SD_LOG_IOCTL, un, "sdioctl: DKIOCABORT:\n");
21759 		if (scsi_abort(SD_ADDRESS(un), NULL)) {
21760 			err = 0;
21761 		} else {
21762 			err = EIO;
21763 		}
21764 		break;
21765 #endif
21766 
21767 #ifdef SD_FAULT_INJECTION
21768 /* SDIOC FaultInjection testing ioctls */
21769 	case SDIOCSTART:
21770 	case SDIOCSTOP:
21771 	case SDIOCINSERTPKT:
21772 	case SDIOCINSERTXB:
21773 	case SDIOCINSERTUN:
21774 	case SDIOCINSERTARQ:
21775 	case SDIOCPUSH:
21776 	case SDIOCRETRIEVE:
21777 	case SDIOCRUN:
21778 		SD_INFO(SD_LOG_SDTEST, un, "sdioctl:"
21779 		    "SDIOC detected cmd:0x%X:\n", cmd);
21780 		/* call error generator */
21781 		sd_faultinjection_ioctl(cmd, arg, un);
21782 		err = 0;
21783 		break;
21784 
21785 #endif /* SD_FAULT_INJECTION */
21786 
21787 	case DKIOCFLUSHWRITECACHE:
21788 		{
21789 			struct dk_callback *dkc = (struct dk_callback *)arg;
21790 
21791 			mutex_enter(SD_MUTEX(un));
21792 			if (un->un_f_sync_cache_unsupported ||
21793 			    ! un->un_f_write_cache_enabled) {
21794 				err = un->un_f_sync_cache_unsupported ?
21795 					ENOTSUP : 0;
21796 				mutex_exit(SD_MUTEX(un));
21797 				if ((flag & FKIOCTL) && dkc != NULL &&
21798 				    dkc->dkc_callback != NULL) {
21799 					(*dkc->dkc_callback)(dkc->dkc_cookie,
21800 					    err);
21801 					/*
21802 					 * Did callback and reported error.
21803 					 * Since we did a callback, ioctl
21804 					 * should return 0.
21805 					 */
21806 					err = 0;
21807 				}
21808 				break;
21809 			}
21810 			mutex_exit(SD_MUTEX(un));
21811 
21812 			if ((flag & FKIOCTL) && dkc != NULL &&
21813 			    dkc->dkc_callback != NULL) {
21814 				/* async SYNC CACHE request */
21815 				err = sd_send_scsi_SYNCHRONIZE_CACHE(un, dkc);
21816 			} else {
21817 				/* synchronous SYNC CACHE request */
21818 				err = sd_send_scsi_SYNCHRONIZE_CACHE(un, NULL);
21819 			}
21820 		}
21821 		break;
21822 
21823 	default:
21824 		err = ENOTTY;
21825 		break;
21826 	}
21827 	mutex_enter(SD_MUTEX(un));
21828 	un->un_ncmds_in_driver--;
21829 	ASSERT(un->un_ncmds_in_driver >= 0);
21830 	mutex_exit(SD_MUTEX(un));
21831 
21832 	SD_TRACE(SD_LOG_IOCTL, un, "sdioctl: exit: %d\n", err);
21833 	return (err);
21834 }
21835 
21836 
21837 /*
21838  *    Function: sd_uscsi_ioctl
21839  *
21840  * Description: This routine is the driver entry point for handling USCSI ioctl
21841  *		requests (USCSICMD).
21842  *
21843  *   Arguments: dev	- the device number
21844  *		arg	- user provided scsi command
21845  *		flag	- this argument is a pass through to ddi_copyxxx()
21846  *			  directly from the mode argument of ioctl().
21847  *
21848  * Return Code: code returned by sd_send_scsi_cmd
21849  *		ENXIO
21850  *		EFAULT
21851  *		EAGAIN
21852  */
21853 
21854 static int
21855 sd_uscsi_ioctl(dev_t dev, caddr_t arg, int flag)
21856 {
21857 #ifdef _MULTI_DATAMODEL
21858 	/*
21859 	 * For use when a 32 bit app makes a call into a
21860 	 * 64 bit ioctl
21861 	 */
21862 	struct uscsi_cmd32	uscsi_cmd_32_for_64;
21863 	struct uscsi_cmd32	*ucmd32 = &uscsi_cmd_32_for_64;
21864 	model_t			model;
21865 #endif /* _MULTI_DATAMODEL */
21866 	struct uscsi_cmd	*scmd = NULL;
21867 	struct sd_lun		*un = NULL;
21868 	enum uio_seg		uioseg;
21869 	char			cdb[CDB_GROUP0];
21870 	int			rval = 0;
21871 
21872 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
21873 		return (ENXIO);
21874 	}
21875 
21876 	SD_TRACE(SD_LOG_IOCTL, un, "sd_uscsi_ioctl: entry: un:0x%p\n", un);
21877 
21878 	scmd = (struct uscsi_cmd *)
21879 	    kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
21880 
21881 #ifdef _MULTI_DATAMODEL
21882 	switch (model = ddi_model_convert_from(flag & FMODELS)) {
21883 	case DDI_MODEL_ILP32:
21884 	{
21885 		if (ddi_copyin((void *)arg, ucmd32, sizeof (*ucmd32), flag)) {
21886 			rval = EFAULT;
21887 			goto done;
21888 		}
21889 		/*
21890 		 * Convert the ILP32 uscsi data from the
21891 		 * application to LP64 for internal use.
21892 		 */
21893 		uscsi_cmd32touscsi_cmd(ucmd32, scmd);
21894 		break;
21895 	}
21896 	case DDI_MODEL_NONE:
21897 		if (ddi_copyin((void *)arg, scmd, sizeof (*scmd), flag)) {
21898 			rval = EFAULT;
21899 			goto done;
21900 		}
21901 		break;
21902 	}
21903 #else /* ! _MULTI_DATAMODEL */
21904 	if (ddi_copyin((void *)arg, scmd, sizeof (*scmd), flag)) {
21905 		rval = EFAULT;
21906 		goto done;
21907 	}
21908 #endif /* _MULTI_DATAMODEL */
21909 
21910 	scmd->uscsi_flags &= ~USCSI_NOINTR;
21911 	uioseg = (flag & FKIOCTL) ? UIO_SYSSPACE : UIO_USERSPACE;
21912 	if (un->un_f_format_in_progress == TRUE) {
21913 		rval = EAGAIN;
21914 		goto done;
21915 	}
21916 
21917 	/*
21918 	 * Gotta do the ddi_copyin() here on the uscsi_cdb so that
21919 	 * we will have a valid cdb[0] to test.
21920 	 */
21921 	if ((ddi_copyin(scmd->uscsi_cdb, cdb, CDB_GROUP0, flag) == 0) &&
21922 	    (cdb[0] == SCMD_FORMAT)) {
21923 		SD_TRACE(SD_LOG_IOCTL, un,
21924 		    "sd_uscsi_ioctl: scmd->uscsi_cdb 0x%x\n", cdb[0]);
21925 		mutex_enter(SD_MUTEX(un));
21926 		un->un_f_format_in_progress = TRUE;
21927 		mutex_exit(SD_MUTEX(un));
21928 		rval = sd_send_scsi_cmd(dev, scmd, uioseg, uioseg, uioseg,
21929 		    SD_PATH_STANDARD);
21930 		mutex_enter(SD_MUTEX(un));
21931 		un->un_f_format_in_progress = FALSE;
21932 		mutex_exit(SD_MUTEX(un));
21933 	} else {
21934 		SD_TRACE(SD_LOG_IOCTL, un,
21935 		    "sd_uscsi_ioctl: scmd->uscsi_cdb 0x%x\n", cdb[0]);
21936 		/*
21937 		 * It's OK to fall into here even if the ddi_copyin()
21938 		 * on the uscsi_cdb above fails, because sd_send_scsi_cmd()
21939 		 * does this same copyin and will return the EFAULT
21940 		 * if it fails.
21941 		 */
21942 		rval = sd_send_scsi_cmd(dev, scmd, uioseg, uioseg, uioseg,
21943 		    SD_PATH_STANDARD);
21944 	}
21945 #ifdef _MULTI_DATAMODEL
21946 	switch (model) {
21947 	case DDI_MODEL_ILP32:
21948 		/*
21949 		 * Convert back to ILP32 before copyout to the
21950 		 * application
21951 		 */
21952 		uscsi_cmdtouscsi_cmd32(scmd, ucmd32);
21953 		if (ddi_copyout(ucmd32, (void *)arg, sizeof (*ucmd32), flag)) {
21954 			if (rval != 0) {
21955 				rval = EFAULT;
21956 			}
21957 		}
21958 		break;
21959 	case DDI_MODEL_NONE:
21960 		if (ddi_copyout(scmd, (void *)arg, sizeof (*scmd), flag)) {
21961 			if (rval != 0) {
21962 				rval = EFAULT;
21963 			}
21964 		}
21965 		break;
21966 	}
21967 #else /* ! _MULTI_DATAMODE */
21968 	if (ddi_copyout(scmd, (void *)arg, sizeof (*scmd), flag)) {
21969 		if (rval != 0) {
21970 			rval = EFAULT;
21971 		}
21972 	}
21973 #endif /* _MULTI_DATAMODE */
21974 done:
21975 	kmem_free(scmd, sizeof (struct uscsi_cmd));
21976 
21977 	SD_TRACE(SD_LOG_IOCTL, un, "sd_uscsi_ioctl: exit: un:0x%p\n", un);
21978 
21979 	return (rval);
21980 }
21981 
21982 
21983 /*
21984  *    Function: sd_dkio_ctrl_info
21985  *
21986  * Description: This routine is the driver entry point for handling controller
21987  *		information ioctl requests (DKIOCINFO).
21988  *
21989  *   Arguments: dev  - the device number
21990  *		arg  - pointer to user provided dk_cinfo structure
21991  *		       specifying the controller type and attributes.
21992  *		flag - this argument is a pass through to ddi_copyxxx()
21993  *		       directly from the mode argument of ioctl().
21994  *
21995  * Return Code: 0
21996  *		EFAULT
21997  *		ENXIO
21998  */
21999 
22000 static int
22001 sd_dkio_ctrl_info(dev_t dev, caddr_t arg, int flag)
22002 {
22003 	struct sd_lun	*un = NULL;
22004 	struct dk_cinfo	*info;
22005 	dev_info_t	*pdip;
22006 	int		lun, tgt;
22007 
22008 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22009 		return (ENXIO);
22010 	}
22011 
22012 	info = (struct dk_cinfo *)
22013 		kmem_zalloc(sizeof (struct dk_cinfo), KM_SLEEP);
22014 
22015 	switch (un->un_ctype) {
22016 	case CTYPE_CDROM:
22017 		info->dki_ctype = DKC_CDROM;
22018 		break;
22019 	default:
22020 		info->dki_ctype = DKC_SCSI_CCS;
22021 		break;
22022 	}
22023 	pdip = ddi_get_parent(SD_DEVINFO(un));
22024 	info->dki_cnum = ddi_get_instance(pdip);
22025 	if (strlen(ddi_get_name(pdip)) < DK_DEVLEN) {
22026 		(void) strcpy(info->dki_cname, ddi_get_name(pdip));
22027 	} else {
22028 		(void) strncpy(info->dki_cname, ddi_node_name(pdip),
22029 		    DK_DEVLEN - 1);
22030 	}
22031 
22032 	lun = ddi_prop_get_int(DDI_DEV_T_ANY, SD_DEVINFO(un),
22033 	    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_LUN, 0);
22034 	tgt = ddi_prop_get_int(DDI_DEV_T_ANY, SD_DEVINFO(un),
22035 	    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_TARGET, 0);
22036 
22037 	/* Unit Information */
22038 	info->dki_unit = ddi_get_instance(SD_DEVINFO(un));
22039 	info->dki_slave = ((tgt << 3) | lun);
22040 	(void) strncpy(info->dki_dname, ddi_driver_name(SD_DEVINFO(un)),
22041 	    DK_DEVLEN - 1);
22042 	info->dki_flags = DKI_FMTVOL;
22043 	info->dki_partition = SDPART(dev);
22044 
22045 	/* Max Transfer size of this device in blocks */
22046 	info->dki_maxtransfer = un->un_max_xfer_size / un->un_sys_blocksize;
22047 	info->dki_addr = 0;
22048 	info->dki_space = 0;
22049 	info->dki_prio = 0;
22050 	info->dki_vec = 0;
22051 
22052 	if (ddi_copyout(info, arg, sizeof (struct dk_cinfo), flag) != 0) {
22053 		kmem_free(info, sizeof (struct dk_cinfo));
22054 		return (EFAULT);
22055 	} else {
22056 		kmem_free(info, sizeof (struct dk_cinfo));
22057 		return (0);
22058 	}
22059 }
22060 
22061 
22062 /*
22063  *    Function: sd_get_media_info
22064  *
22065  * Description: This routine is the driver entry point for handling ioctl
22066  *		requests for the media type or command set profile used by the
22067  *		drive to operate on the media (DKIOCGMEDIAINFO).
22068  *
22069  *   Arguments: dev	- the device number
22070  *		arg	- pointer to user provided dk_minfo structure
22071  *			  specifying the media type, logical block size and
22072  *			  drive capacity.
22073  *		flag	- this argument is a pass through to ddi_copyxxx()
22074  *			  directly from the mode argument of ioctl().
22075  *
22076  * Return Code: 0
22077  *		EACCESS
22078  *		EFAULT
22079  *		ENXIO
22080  *		EIO
22081  */
22082 
22083 static int
22084 sd_get_media_info(dev_t dev, caddr_t arg, int flag)
22085 {
22086 	struct sd_lun		*un = NULL;
22087 	struct uscsi_cmd	com;
22088 	struct scsi_inquiry	*sinq;
22089 	struct dk_minfo		media_info;
22090 	u_longlong_t		media_capacity;
22091 	uint64_t		capacity;
22092 	uint_t			lbasize;
22093 	uchar_t			*out_data;
22094 	uchar_t			*rqbuf;
22095 	int			rval = 0;
22096 	int			rtn;
22097 
22098 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
22099 	    (un->un_state == SD_STATE_OFFLINE)) {
22100 		return (ENXIO);
22101 	}
22102 
22103 	SD_TRACE(SD_LOG_IOCTL_DKIO, un, "sd_get_media_info: entry\n");
22104 
22105 	out_data = kmem_zalloc(SD_PROFILE_HEADER_LEN, KM_SLEEP);
22106 	rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
22107 
22108 	/* Issue a TUR to determine if the drive is ready with media present */
22109 	rval = sd_send_scsi_TEST_UNIT_READY(un, SD_CHECK_FOR_MEDIA);
22110 	if (rval == ENXIO) {
22111 		goto done;
22112 	}
22113 
22114 	/* Now get configuration data */
22115 	if (ISCD(un)) {
22116 		media_info.dki_media_type = DK_CDROM;
22117 
22118 		/* Allow SCMD_GET_CONFIGURATION to MMC devices only */
22119 		if (un->un_f_mmc_cap == TRUE) {
22120 			rtn = sd_send_scsi_GET_CONFIGURATION(un, &com, rqbuf,
22121 				SENSE_LENGTH, out_data, SD_PROFILE_HEADER_LEN);
22122 
22123 			if (rtn) {
22124 				/*
22125 				 * Failed for other than an illegal request
22126 				 * or command not supported
22127 				 */
22128 				if ((com.uscsi_status == STATUS_CHECK) &&
22129 				    (com.uscsi_rqstatus == STATUS_GOOD)) {
22130 					if ((rqbuf[2] != KEY_ILLEGAL_REQUEST) ||
22131 					    (rqbuf[12] != 0x20)) {
22132 						rval = EIO;
22133 						goto done;
22134 					}
22135 				}
22136 			} else {
22137 				/*
22138 				 * The GET CONFIGURATION command succeeded
22139 				 * so set the media type according to the
22140 				 * returned data
22141 				 */
22142 				media_info.dki_media_type = out_data[6];
22143 				media_info.dki_media_type <<= 8;
22144 				media_info.dki_media_type |= out_data[7];
22145 			}
22146 		}
22147 	} else {
22148 		/*
22149 		 * The profile list is not available, so we attempt to identify
22150 		 * the media type based on the inquiry data
22151 		 */
22152 		sinq = un->un_sd->sd_inq;
22153 		if (sinq->inq_qual == 0) {
22154 			/* This is a direct access device */
22155 			media_info.dki_media_type = DK_FIXED_DISK;
22156 
22157 			if ((bcmp(sinq->inq_vid, "IOMEGA", 6) == 0) ||
22158 			    (bcmp(sinq->inq_vid, "iomega", 6) == 0)) {
22159 				if ((bcmp(sinq->inq_pid, "ZIP", 3) == 0)) {
22160 					media_info.dki_media_type = DK_ZIP;
22161 				} else if (
22162 				    (bcmp(sinq->inq_pid, "jaz", 3) == 0)) {
22163 					media_info.dki_media_type = DK_JAZ;
22164 				}
22165 			}
22166 		} else {
22167 			/* Not a CD or direct access so return unknown media */
22168 			media_info.dki_media_type = DK_UNKNOWN;
22169 		}
22170 	}
22171 
22172 	/* Now read the capacity so we can provide the lbasize and capacity */
22173 	switch (sd_send_scsi_READ_CAPACITY(un, &capacity, &lbasize,
22174 	    SD_PATH_DIRECT)) {
22175 	case 0:
22176 		break;
22177 	case EACCES:
22178 		rval = EACCES;
22179 		goto done;
22180 	default:
22181 		rval = EIO;
22182 		goto done;
22183 	}
22184 
22185 	media_info.dki_lbsize = lbasize;
22186 	media_capacity = capacity;
22187 
22188 	/*
22189 	 * sd_send_scsi_READ_CAPACITY() reports capacity in
22190 	 * un->un_sys_blocksize chunks. So we need to convert it into
22191 	 * cap.lbasize chunks.
22192 	 */
22193 	media_capacity *= un->un_sys_blocksize;
22194 	media_capacity /= lbasize;
22195 	media_info.dki_capacity = media_capacity;
22196 
22197 	if (ddi_copyout(&media_info, arg, sizeof (struct dk_minfo), flag)) {
22198 		rval = EFAULT;
22199 		/* Put goto. Anybody might add some code below in future */
22200 		goto done;
22201 	}
22202 done:
22203 	kmem_free(out_data, SD_PROFILE_HEADER_LEN);
22204 	kmem_free(rqbuf, SENSE_LENGTH);
22205 	return (rval);
22206 }
22207 
22208 
22209 /*
22210  *    Function: sd_dkio_get_geometry
22211  *
22212  * Description: This routine is the driver entry point for handling user
22213  *		requests to get the device geometry (DKIOCGGEOM).
22214  *
22215  *   Arguments: dev  - the device number
22216  *		arg  - pointer to user provided dk_geom structure specifying
22217  *			the controller's notion of the current geometry.
22218  *		flag - this argument is a pass through to ddi_copyxxx()
22219  *		       directly from the mode argument of ioctl().
22220  *		geom_validated - flag indicating if the device geometry has been
22221  *				 previously validated in the sdioctl routine.
22222  *
22223  * Return Code: 0
22224  *		EFAULT
22225  *		ENXIO
22226  *		EIO
22227  */
22228 
22229 static int
22230 sd_dkio_get_geometry(dev_t dev, caddr_t arg, int flag, int geom_validated)
22231 {
22232 	struct sd_lun	*un = NULL;
22233 	struct dk_geom	*tmp_geom = NULL;
22234 	int		rval = 0;
22235 
22236 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22237 		return (ENXIO);
22238 	}
22239 
22240 #if defined(__i386) || defined(__amd64)
22241 	if (un->un_solaris_size == 0) {
22242 		return (EIO);
22243 	}
22244 #endif
22245 	if (geom_validated == FALSE) {
22246 		/*
22247 		 * sd_validate_geometry does not spin a disk up
22248 		 * if it was spun down. We need to make sure it
22249 		 * is ready.
22250 		 */
22251 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22252 			return (rval);
22253 		}
22254 		mutex_enter(SD_MUTEX(un));
22255 		rval = sd_validate_geometry(un, SD_PATH_DIRECT);
22256 		mutex_exit(SD_MUTEX(un));
22257 	}
22258 	if (rval)
22259 		return (rval);
22260 
22261 	/*
22262 	 * Make a local copy of the soft state geometry to avoid some potential
22263 	 * race conditions associated with holding the mutex and updating the
22264 	 * write_reinstruct value
22265 	 */
22266 	tmp_geom = kmem_zalloc(sizeof (struct dk_geom), KM_SLEEP);
22267 	mutex_enter(SD_MUTEX(un));
22268 	bcopy(&un->un_g, tmp_geom, sizeof (struct dk_geom));
22269 	mutex_exit(SD_MUTEX(un));
22270 
22271 	if (tmp_geom->dkg_write_reinstruct == 0) {
22272 		tmp_geom->dkg_write_reinstruct =
22273 		    (int)((int)(tmp_geom->dkg_nsect * tmp_geom->dkg_rpm *
22274 		    sd_rot_delay) / (int)60000);
22275 	}
22276 
22277 	rval = ddi_copyout(tmp_geom, (void *)arg, sizeof (struct dk_geom),
22278 	    flag);
22279 	if (rval != 0) {
22280 		rval = EFAULT;
22281 	}
22282 
22283 	kmem_free(tmp_geom, sizeof (struct dk_geom));
22284 	return (rval);
22285 
22286 }
22287 
22288 
22289 /*
22290  *    Function: sd_dkio_set_geometry
22291  *
22292  * Description: This routine is the driver entry point for handling user
22293  *		requests to set the device geometry (DKIOCSGEOM). The actual
22294  *		device geometry is not updated, just the driver "notion" of it.
22295  *
22296  *   Arguments: dev  - the device number
22297  *		arg  - pointer to user provided dk_geom structure used to set
22298  *			the controller's notion of the current geometry.
22299  *		flag - this argument is a pass through to ddi_copyxxx()
22300  *		       directly from the mode argument of ioctl().
22301  *
22302  * Return Code: 0
22303  *		EFAULT
22304  *		ENXIO
22305  *		EIO
22306  */
22307 
22308 static int
22309 sd_dkio_set_geometry(dev_t dev, caddr_t arg, int flag)
22310 {
22311 	struct sd_lun	*un = NULL;
22312 	struct dk_geom	*tmp_geom;
22313 	struct dk_map	*lp;
22314 	int		rval = 0;
22315 	int		i;
22316 
22317 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22318 		return (ENXIO);
22319 	}
22320 
22321 #if defined(__i386) || defined(__amd64)
22322 	if (un->un_solaris_size == 0) {
22323 		return (EIO);
22324 	}
22325 #endif
22326 	/*
22327 	 * We need to copy the user specified geometry into local
22328 	 * storage and then update the softstate. We don't want to hold
22329 	 * the mutex and copyin directly from the user to the soft state
22330 	 */
22331 	tmp_geom = (struct dk_geom *)
22332 	    kmem_zalloc(sizeof (struct dk_geom), KM_SLEEP);
22333 	rval = ddi_copyin(arg, tmp_geom, sizeof (struct dk_geom), flag);
22334 	if (rval != 0) {
22335 		kmem_free(tmp_geom, sizeof (struct dk_geom));
22336 		return (EFAULT);
22337 	}
22338 
22339 	mutex_enter(SD_MUTEX(un));
22340 	bcopy(tmp_geom, &un->un_g, sizeof (struct dk_geom));
22341 	for (i = 0; i < NDKMAP; i++) {
22342 		lp  = &un->un_map[i];
22343 		un->un_offset[i] =
22344 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
22345 #if defined(__i386) || defined(__amd64)
22346 		un->un_offset[i] += un->un_solaris_offset;
22347 #endif
22348 	}
22349 	un->un_f_geometry_is_valid = FALSE;
22350 	mutex_exit(SD_MUTEX(un));
22351 	kmem_free(tmp_geom, sizeof (struct dk_geom));
22352 
22353 	return (rval);
22354 }
22355 
22356 
22357 /*
22358  *    Function: sd_dkio_get_partition
22359  *
22360  * Description: This routine is the driver entry point for handling user
22361  *		requests to get the partition table (DKIOCGAPART).
22362  *
22363  *   Arguments: dev  - the device number
22364  *		arg  - pointer to user provided dk_allmap structure specifying
22365  *			the controller's notion of the current partition table.
22366  *		flag - this argument is a pass through to ddi_copyxxx()
22367  *		       directly from the mode argument of ioctl().
22368  *		geom_validated - flag indicating if the device geometry has been
22369  *				 previously validated in the sdioctl routine.
22370  *
22371  * Return Code: 0
22372  *		EFAULT
22373  *		ENXIO
22374  *		EIO
22375  */
22376 
22377 static int
22378 sd_dkio_get_partition(dev_t dev, caddr_t arg, int flag, int geom_validated)
22379 {
22380 	struct sd_lun	*un = NULL;
22381 	int		rval = 0;
22382 	int		size;
22383 
22384 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22385 		return (ENXIO);
22386 	}
22387 
22388 #if defined(__i386) || defined(__amd64)
22389 	if (un->un_solaris_size == 0) {
22390 		return (EIO);
22391 	}
22392 #endif
22393 	/*
22394 	 * Make sure the geometry is valid before getting the partition
22395 	 * information.
22396 	 */
22397 	mutex_enter(SD_MUTEX(un));
22398 	if (geom_validated == FALSE) {
22399 		/*
22400 		 * sd_validate_geometry does not spin a disk up
22401 		 * if it was spun down. We need to make sure it
22402 		 * is ready before validating the geometry.
22403 		 */
22404 		mutex_exit(SD_MUTEX(un));
22405 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22406 			return (rval);
22407 		}
22408 		mutex_enter(SD_MUTEX(un));
22409 
22410 		if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT)) != 0) {
22411 			mutex_exit(SD_MUTEX(un));
22412 			return (rval);
22413 		}
22414 	}
22415 	mutex_exit(SD_MUTEX(un));
22416 
22417 #ifdef _MULTI_DATAMODEL
22418 	switch (ddi_model_convert_from(flag & FMODELS)) {
22419 	case DDI_MODEL_ILP32: {
22420 		struct dk_map32 dk_map32[NDKMAP];
22421 		int		i;
22422 
22423 		for (i = 0; i < NDKMAP; i++) {
22424 			dk_map32[i].dkl_cylno = un->un_map[i].dkl_cylno;
22425 			dk_map32[i].dkl_nblk  = un->un_map[i].dkl_nblk;
22426 		}
22427 		size = NDKMAP * sizeof (struct dk_map32);
22428 		rval = ddi_copyout(dk_map32, (void *)arg, size, flag);
22429 		if (rval != 0) {
22430 			rval = EFAULT;
22431 		}
22432 		break;
22433 	}
22434 	case DDI_MODEL_NONE:
22435 		size = NDKMAP * sizeof (struct dk_map);
22436 		rval = ddi_copyout(un->un_map, (void *)arg, size, flag);
22437 		if (rval != 0) {
22438 			rval = EFAULT;
22439 		}
22440 		break;
22441 	}
22442 #else /* ! _MULTI_DATAMODEL */
22443 	size = NDKMAP * sizeof (struct dk_map);
22444 	rval = ddi_copyout(un->un_map, (void *)arg, size, flag);
22445 	if (rval != 0) {
22446 		rval = EFAULT;
22447 	}
22448 #endif /* _MULTI_DATAMODEL */
22449 	return (rval);
22450 }
22451 
22452 
22453 /*
22454  *    Function: sd_dkio_set_partition
22455  *
22456  * Description: This routine is the driver entry point for handling user
22457  *		requests to set the partition table (DKIOCSAPART). The actual
22458  *		device partition is not updated.
22459  *
22460  *   Arguments: dev  - the device number
22461  *		arg  - pointer to user provided dk_allmap structure used to set
22462  *			the controller's notion of the partition table.
22463  *		flag - this argument is a pass through to ddi_copyxxx()
22464  *		       directly from the mode argument of ioctl().
22465  *
22466  * Return Code: 0
22467  *		EINVAL
22468  *		EFAULT
22469  *		ENXIO
22470  *		EIO
22471  */
22472 
22473 static int
22474 sd_dkio_set_partition(dev_t dev, caddr_t arg, int flag)
22475 {
22476 	struct sd_lun	*un = NULL;
22477 	struct dk_map	dk_map[NDKMAP];
22478 	struct dk_map	*lp;
22479 	int		rval = 0;
22480 	int		size;
22481 	int		i;
22482 #if defined(_SUNOS_VTOC_16)
22483 	struct dkl_partition	*vp;
22484 #endif
22485 
22486 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22487 		return (ENXIO);
22488 	}
22489 
22490 	/*
22491 	 * Set the map for all logical partitions.  We lock
22492 	 * the priority just to make sure an interrupt doesn't
22493 	 * come in while the map is half updated.
22494 	 */
22495 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_solaris_size))
22496 	mutex_enter(SD_MUTEX(un));
22497 	if (un->un_blockcount > DK_MAX_BLOCKS) {
22498 		mutex_exit(SD_MUTEX(un));
22499 		return (ENOTSUP);
22500 	}
22501 	mutex_exit(SD_MUTEX(un));
22502 	if (un->un_solaris_size == 0) {
22503 		return (EIO);
22504 	}
22505 
22506 #ifdef _MULTI_DATAMODEL
22507 	switch (ddi_model_convert_from(flag & FMODELS)) {
22508 	case DDI_MODEL_ILP32: {
22509 		struct dk_map32 dk_map32[NDKMAP];
22510 
22511 		size = NDKMAP * sizeof (struct dk_map32);
22512 		rval = ddi_copyin((void *)arg, dk_map32, size, flag);
22513 		if (rval != 0) {
22514 			return (EFAULT);
22515 		}
22516 		for (i = 0; i < NDKMAP; i++) {
22517 			dk_map[i].dkl_cylno = dk_map32[i].dkl_cylno;
22518 			dk_map[i].dkl_nblk  = dk_map32[i].dkl_nblk;
22519 		}
22520 		break;
22521 	}
22522 	case DDI_MODEL_NONE:
22523 		size = NDKMAP * sizeof (struct dk_map);
22524 		rval = ddi_copyin((void *)arg, dk_map, size, flag);
22525 		if (rval != 0) {
22526 			return (EFAULT);
22527 		}
22528 		break;
22529 	}
22530 #else /* ! _MULTI_DATAMODEL */
22531 	size = NDKMAP * sizeof (struct dk_map);
22532 	rval = ddi_copyin((void *)arg, dk_map, size, flag);
22533 	if (rval != 0) {
22534 		return (EFAULT);
22535 	}
22536 #endif /* _MULTI_DATAMODEL */
22537 
22538 	mutex_enter(SD_MUTEX(un));
22539 	/* Note: The size used in this bcopy is set based upon the data model */
22540 	bcopy(dk_map, un->un_map, size);
22541 #if defined(_SUNOS_VTOC_16)
22542 	vp = (struct dkl_partition *)&(un->un_vtoc);
22543 #endif	/* defined(_SUNOS_VTOC_16) */
22544 	for (i = 0; i < NDKMAP; i++) {
22545 		lp  = &un->un_map[i];
22546 		un->un_offset[i] =
22547 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
22548 #if defined(_SUNOS_VTOC_16)
22549 		vp->p_start = un->un_offset[i];
22550 		vp->p_size = lp->dkl_nblk;
22551 		vp++;
22552 #endif	/* defined(_SUNOS_VTOC_16) */
22553 #if defined(__i386) || defined(__amd64)
22554 		un->un_offset[i] += un->un_solaris_offset;
22555 #endif
22556 	}
22557 	mutex_exit(SD_MUTEX(un));
22558 	return (rval);
22559 }
22560 
22561 
22562 /*
22563  *    Function: sd_dkio_get_vtoc
22564  *
22565  * Description: This routine is the driver entry point for handling user
22566  *		requests to get the current volume table of contents
22567  *		(DKIOCGVTOC).
22568  *
22569  *   Arguments: dev  - the device number
22570  *		arg  - pointer to user provided vtoc structure specifying
22571  *			the current vtoc.
22572  *		flag - this argument is a pass through to ddi_copyxxx()
22573  *		       directly from the mode argument of ioctl().
22574  *		geom_validated - flag indicating if the device geometry has been
22575  *				 previously validated in the sdioctl routine.
22576  *
22577  * Return Code: 0
22578  *		EFAULT
22579  *		ENXIO
22580  *		EIO
22581  */
22582 
22583 static int
22584 sd_dkio_get_vtoc(dev_t dev, caddr_t arg, int flag, int geom_validated)
22585 {
22586 	struct sd_lun	*un = NULL;
22587 #if defined(_SUNOS_VTOC_8)
22588 	struct vtoc	user_vtoc;
22589 #endif	/* defined(_SUNOS_VTOC_8) */
22590 	int		rval = 0;
22591 
22592 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22593 		return (ENXIO);
22594 	}
22595 
22596 	mutex_enter(SD_MUTEX(un));
22597 	if (geom_validated == FALSE) {
22598 		/*
22599 		 * sd_validate_geometry does not spin a disk up
22600 		 * if it was spun down. We need to make sure it
22601 		 * is ready.
22602 		 */
22603 		mutex_exit(SD_MUTEX(un));
22604 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22605 			return (rval);
22606 		}
22607 		mutex_enter(SD_MUTEX(un));
22608 		if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT)) != 0) {
22609 			mutex_exit(SD_MUTEX(un));
22610 			return (rval);
22611 		}
22612 	}
22613 
22614 #if defined(_SUNOS_VTOC_8)
22615 	sd_build_user_vtoc(un, &user_vtoc);
22616 	mutex_exit(SD_MUTEX(un));
22617 
22618 #ifdef _MULTI_DATAMODEL
22619 	switch (ddi_model_convert_from(flag & FMODELS)) {
22620 	case DDI_MODEL_ILP32: {
22621 		struct vtoc32 user_vtoc32;
22622 
22623 		vtoctovtoc32(user_vtoc, user_vtoc32);
22624 		if (ddi_copyout(&user_vtoc32, (void *)arg,
22625 		    sizeof (struct vtoc32), flag)) {
22626 			return (EFAULT);
22627 		}
22628 		break;
22629 	}
22630 
22631 	case DDI_MODEL_NONE:
22632 		if (ddi_copyout(&user_vtoc, (void *)arg,
22633 		    sizeof (struct vtoc), flag)) {
22634 			return (EFAULT);
22635 		}
22636 		break;
22637 	}
22638 #else /* ! _MULTI_DATAMODEL */
22639 	if (ddi_copyout(&user_vtoc, (void *)arg, sizeof (struct vtoc), flag)) {
22640 		return (EFAULT);
22641 	}
22642 #endif /* _MULTI_DATAMODEL */
22643 
22644 #elif defined(_SUNOS_VTOC_16)
22645 	mutex_exit(SD_MUTEX(un));
22646 
22647 #ifdef _MULTI_DATAMODEL
22648 	/*
22649 	 * The un_vtoc structure is a "struct dk_vtoc"  which is always
22650 	 * 32-bit to maintain compatibility with existing on-disk
22651 	 * structures.  Thus, we need to convert the structure when copying
22652 	 * it out to a datamodel-dependent "struct vtoc" in a 64-bit
22653 	 * program.  If the target is a 32-bit program, then no conversion
22654 	 * is necessary.
22655 	 */
22656 	/* LINTED: logical expression always true: op "||" */
22657 	ASSERT(sizeof (un->un_vtoc) == sizeof (struct vtoc32));
22658 	switch (ddi_model_convert_from(flag & FMODELS)) {
22659 	case DDI_MODEL_ILP32:
22660 		if (ddi_copyout(&(un->un_vtoc), (void *)arg,
22661 		    sizeof (un->un_vtoc), flag)) {
22662 			return (EFAULT);
22663 		}
22664 		break;
22665 
22666 	case DDI_MODEL_NONE: {
22667 		struct vtoc user_vtoc;
22668 
22669 		vtoc32tovtoc(un->un_vtoc, user_vtoc);
22670 		if (ddi_copyout(&user_vtoc, (void *)arg,
22671 		    sizeof (struct vtoc), flag)) {
22672 			return (EFAULT);
22673 		}
22674 		break;
22675 	}
22676 	}
22677 #else /* ! _MULTI_DATAMODEL */
22678 	if (ddi_copyout(&(un->un_vtoc), (void *)arg, sizeof (un->un_vtoc),
22679 	    flag)) {
22680 		return (EFAULT);
22681 	}
22682 #endif /* _MULTI_DATAMODEL */
22683 #else
22684 #error "No VTOC format defined."
22685 #endif
22686 
22687 	return (rval);
22688 }
22689 
22690 static int
22691 sd_dkio_get_efi(dev_t dev, caddr_t arg, int flag)
22692 {
22693 	struct sd_lun	*un = NULL;
22694 	dk_efi_t	user_efi;
22695 	int		rval = 0;
22696 	void		*buffer;
22697 
22698 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL)
22699 		return (ENXIO);
22700 
22701 	if (ddi_copyin(arg, &user_efi, sizeof (dk_efi_t), flag))
22702 		return (EFAULT);
22703 
22704 	user_efi.dki_data = (void *)(uintptr_t)user_efi.dki_data_64;
22705 
22706 	if ((user_efi.dki_length % un->un_tgt_blocksize) ||
22707 	    (user_efi.dki_length > un->un_max_xfer_size))
22708 		return (EINVAL);
22709 
22710 	buffer = kmem_alloc(user_efi.dki_length, KM_SLEEP);
22711 	rval = sd_send_scsi_READ(un, buffer, user_efi.dki_length,
22712 	    user_efi.dki_lba, SD_PATH_DIRECT);
22713 	if (rval == 0 && ddi_copyout(buffer, user_efi.dki_data,
22714 	    user_efi.dki_length, flag) != 0)
22715 		rval = EFAULT;
22716 
22717 	kmem_free(buffer, user_efi.dki_length);
22718 	return (rval);
22719 }
22720 
22721 /*
22722  *    Function: sd_build_user_vtoc
22723  *
22724  * Description: This routine populates a pass by reference variable with the
22725  *		current volume table of contents.
22726  *
22727  *   Arguments: un - driver soft state (unit) structure
22728  *		user_vtoc - pointer to vtoc structure to be populated
22729  */
22730 
22731 static void
22732 sd_build_user_vtoc(struct sd_lun *un, struct vtoc *user_vtoc)
22733 {
22734 	struct dk_map2		*lpart;
22735 	struct dk_map		*lmap;
22736 	struct partition	*vpart;
22737 	int			nblks;
22738 	int			i;
22739 
22740 	ASSERT(mutex_owned(SD_MUTEX(un)));
22741 
22742 	/*
22743 	 * Return vtoc structure fields in the provided VTOC area, addressed
22744 	 * by *vtoc.
22745 	 */
22746 	bzero(user_vtoc, sizeof (struct vtoc));
22747 	user_vtoc->v_bootinfo[0] = un->un_vtoc.v_bootinfo[0];
22748 	user_vtoc->v_bootinfo[1] = un->un_vtoc.v_bootinfo[1];
22749 	user_vtoc->v_bootinfo[2] = un->un_vtoc.v_bootinfo[2];
22750 	user_vtoc->v_sanity	= VTOC_SANE;
22751 	user_vtoc->v_version	= un->un_vtoc.v_version;
22752 	bcopy(un->un_vtoc.v_volume, user_vtoc->v_volume, LEN_DKL_VVOL);
22753 	user_vtoc->v_sectorsz = un->un_sys_blocksize;
22754 	user_vtoc->v_nparts = un->un_vtoc.v_nparts;
22755 	bcopy(un->un_vtoc.v_reserved, user_vtoc->v_reserved,
22756 	    sizeof (un->un_vtoc.v_reserved));
22757 	/*
22758 	 * Convert partitioning information.
22759 	 *
22760 	 * Note the conversion from starting cylinder number
22761 	 * to starting sector number.
22762 	 */
22763 	lmap = un->un_map;
22764 	lpart = (struct dk_map2 *)un->un_vtoc.v_part;
22765 	vpart = user_vtoc->v_part;
22766 
22767 	nblks = un->un_g.dkg_nsect * un->un_g.dkg_nhead;
22768 
22769 	for (i = 0; i < V_NUMPAR; i++) {
22770 		vpart->p_tag	= lpart->p_tag;
22771 		vpart->p_flag	= lpart->p_flag;
22772 		vpart->p_start	= lmap->dkl_cylno * nblks;
22773 		vpart->p_size	= lmap->dkl_nblk;
22774 		lmap++;
22775 		lpart++;
22776 		vpart++;
22777 
22778 		/* (4364927) */
22779 		user_vtoc->timestamp[i] = (time_t)un->un_vtoc.v_timestamp[i];
22780 	}
22781 
22782 	bcopy(un->un_asciilabel, user_vtoc->v_asciilabel, LEN_DKL_ASCII);
22783 }
22784 
22785 static int
22786 sd_dkio_partition(dev_t dev, caddr_t arg, int flag)
22787 {
22788 	struct sd_lun		*un = NULL;
22789 	struct partition64	p64;
22790 	int			rval = 0;
22791 	uint_t			nparts;
22792 	efi_gpe_t		*partitions;
22793 	efi_gpt_t		*buffer;
22794 	diskaddr_t		gpe_lba;
22795 
22796 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22797 		return (ENXIO);
22798 	}
22799 
22800 	if (ddi_copyin((const void *)arg, &p64,
22801 	    sizeof (struct partition64), flag)) {
22802 		return (EFAULT);
22803 	}
22804 
22805 	buffer = kmem_alloc(EFI_MIN_ARRAY_SIZE, KM_SLEEP);
22806 	rval = sd_send_scsi_READ(un, buffer, DEV_BSIZE,
22807 		1, SD_PATH_DIRECT);
22808 	if (rval != 0)
22809 		goto done_error;
22810 
22811 	sd_swap_efi_gpt(buffer);
22812 
22813 	if ((rval = sd_validate_efi(buffer)) != 0)
22814 		goto done_error;
22815 
22816 	nparts = buffer->efi_gpt_NumberOfPartitionEntries;
22817 	gpe_lba = buffer->efi_gpt_PartitionEntryLBA;
22818 	if (p64.p_partno > nparts) {
22819 		/* couldn't find it */
22820 		rval = ESRCH;
22821 		goto done_error;
22822 	}
22823 	/*
22824 	 * if we're dealing with a partition that's out of the normal
22825 	 * 16K block, adjust accordingly
22826 	 */
22827 	gpe_lba += p64.p_partno / sizeof (efi_gpe_t);
22828 	rval = sd_send_scsi_READ(un, buffer, EFI_MIN_ARRAY_SIZE,
22829 			gpe_lba, SD_PATH_DIRECT);
22830 	if (rval) {
22831 		goto done_error;
22832 	}
22833 	partitions = (efi_gpe_t *)buffer;
22834 
22835 	sd_swap_efi_gpe(nparts, partitions);
22836 
22837 	partitions += p64.p_partno;
22838 	bcopy(&partitions->efi_gpe_PartitionTypeGUID, &p64.p_type,
22839 	    sizeof (struct uuid));
22840 	p64.p_start = partitions->efi_gpe_StartingLBA;
22841 	p64.p_size = partitions->efi_gpe_EndingLBA -
22842 			p64.p_start + 1;
22843 
22844 	if (ddi_copyout(&p64, (void *)arg, sizeof (struct partition64), flag))
22845 		rval = EFAULT;
22846 
22847 done_error:
22848 	kmem_free(buffer, EFI_MIN_ARRAY_SIZE);
22849 	return (rval);
22850 }
22851 
22852 
22853 /*
22854  *    Function: sd_dkio_set_vtoc
22855  *
22856  * Description: This routine is the driver entry point for handling user
22857  *		requests to set the current volume table of contents
22858  *		(DKIOCSVTOC).
22859  *
22860  *   Arguments: dev  - the device number
22861  *		arg  - pointer to user provided vtoc structure used to set the
22862  *			current vtoc.
22863  *		flag - this argument is a pass through to ddi_copyxxx()
22864  *		       directly from the mode argument of ioctl().
22865  *
22866  * Return Code: 0
22867  *		EFAULT
22868  *		ENXIO
22869  *		EINVAL
22870  *		ENOTSUP
22871  */
22872 
22873 static int
22874 sd_dkio_set_vtoc(dev_t dev, caddr_t arg, int flag)
22875 {
22876 	struct sd_lun	*un = NULL;
22877 	struct vtoc	user_vtoc;
22878 	int		rval = 0;
22879 
22880 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22881 		return (ENXIO);
22882 	}
22883 
22884 #if defined(__i386) || defined(__amd64)
22885 	if (un->un_tgt_blocksize != un->un_sys_blocksize) {
22886 		return (EINVAL);
22887 	}
22888 #endif
22889 
22890 #ifdef _MULTI_DATAMODEL
22891 	switch (ddi_model_convert_from(flag & FMODELS)) {
22892 	case DDI_MODEL_ILP32: {
22893 		struct vtoc32 user_vtoc32;
22894 
22895 		if (ddi_copyin((const void *)arg, &user_vtoc32,
22896 		    sizeof (struct vtoc32), flag)) {
22897 			return (EFAULT);
22898 		}
22899 		vtoc32tovtoc(user_vtoc32, user_vtoc);
22900 		break;
22901 	}
22902 
22903 	case DDI_MODEL_NONE:
22904 		if (ddi_copyin((const void *)arg, &user_vtoc,
22905 		    sizeof (struct vtoc), flag)) {
22906 			return (EFAULT);
22907 		}
22908 		break;
22909 	}
22910 #else /* ! _MULTI_DATAMODEL */
22911 	if (ddi_copyin((const void *)arg, &user_vtoc,
22912 	    sizeof (struct vtoc), flag)) {
22913 		return (EFAULT);
22914 	}
22915 #endif /* _MULTI_DATAMODEL */
22916 
22917 	mutex_enter(SD_MUTEX(un));
22918 	if (un->un_blockcount > DK_MAX_BLOCKS) {
22919 		mutex_exit(SD_MUTEX(un));
22920 		return (ENOTSUP);
22921 	}
22922 	if (un->un_g.dkg_ncyl == 0) {
22923 		mutex_exit(SD_MUTEX(un));
22924 		return (EINVAL);
22925 	}
22926 
22927 	mutex_exit(SD_MUTEX(un));
22928 	sd_clear_efi(un);
22929 	ddi_remove_minor_node(SD_DEVINFO(un), "wd");
22930 	ddi_remove_minor_node(SD_DEVINFO(un), "wd,raw");
22931 	(void) ddi_create_minor_node(SD_DEVINFO(un), "h",
22932 	    S_IFBLK, (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
22933 	    un->un_node_type, NULL);
22934 	(void) ddi_create_minor_node(SD_DEVINFO(un), "h,raw",
22935 	    S_IFCHR, (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
22936 	    un->un_node_type, NULL);
22937 	mutex_enter(SD_MUTEX(un));
22938 
22939 	if ((rval = sd_build_label_vtoc(un, &user_vtoc)) == 0) {
22940 		if ((rval = sd_write_label(dev)) == 0) {
22941 			if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT))
22942 			    != 0) {
22943 				SD_ERROR(SD_LOG_IOCTL_DKIO, un,
22944 				    "sd_dkio_set_vtoc: "
22945 				    "Failed validate geometry\n");
22946 			}
22947 		}
22948 	}
22949 
22950 	/*
22951 	 * If sd_build_label_vtoc, or sd_write_label failed above write the
22952 	 * devid anyway, what can it hurt? Also preserve the device id by
22953 	 * writing to the disk acyl for the case where a devid has been
22954 	 * fabricated.
22955 	 */
22956 	if (!ISREMOVABLE(un) && !ISCD(un) &&
22957 	    (un->un_f_opt_fab_devid == TRUE)) {
22958 		if (un->un_devid == NULL) {
22959 			sd_register_devid(un, SD_DEVINFO(un),
22960 			    SD_TARGET_IS_UNRESERVED);
22961 		} else {
22962 			/*
22963 			 * The device id for this disk has been
22964 			 * fabricated. Fabricated device id's are
22965 			 * managed by storing them in the last 2
22966 			 * available sectors on the drive. The device
22967 			 * id must be preserved by writing it back out
22968 			 * to this location.
22969 			 */
22970 			if (sd_write_deviceid(un) != 0) {
22971 				ddi_devid_free(un->un_devid);
22972 				un->un_devid = NULL;
22973 			}
22974 		}
22975 	}
22976 	mutex_exit(SD_MUTEX(un));
22977 	return (rval);
22978 }
22979 
22980 
22981 /*
22982  *    Function: sd_build_label_vtoc
22983  *
22984  * Description: This routine updates the driver soft state current volume table
22985  *		of contents based on a user specified vtoc.
22986  *
22987  *   Arguments: un - driver soft state (unit) structure
22988  *		user_vtoc - pointer to vtoc structure specifying vtoc to be used
22989  *			    to update the driver soft state.
22990  *
22991  * Return Code: 0
22992  *		EINVAL
22993  */
22994 
22995 static int
22996 sd_build_label_vtoc(struct sd_lun *un, struct vtoc *user_vtoc)
22997 {
22998 	struct dk_map		*lmap;
22999 	struct partition	*vpart;
23000 	int			nblks;
23001 #if defined(_SUNOS_VTOC_8)
23002 	int			ncyl;
23003 	struct dk_map2		*lpart;
23004 #endif	/* defined(_SUNOS_VTOC_8) */
23005 	int			i;
23006 
23007 	ASSERT(mutex_owned(SD_MUTEX(un)));
23008 
23009 	/* Sanity-check the vtoc */
23010 	if (user_vtoc->v_sanity != VTOC_SANE ||
23011 	    user_vtoc->v_sectorsz != un->un_sys_blocksize ||
23012 	    user_vtoc->v_nparts != V_NUMPAR) {
23013 		return (EINVAL);
23014 	}
23015 
23016 	nblks = un->un_g.dkg_nsect * un->un_g.dkg_nhead;
23017 	if (nblks == 0) {
23018 		return (EINVAL);
23019 	}
23020 
23021 #if defined(_SUNOS_VTOC_8)
23022 	vpart = user_vtoc->v_part;
23023 	for (i = 0; i < V_NUMPAR; i++) {
23024 		if ((vpart->p_start % nblks) != 0) {
23025 			return (EINVAL);
23026 		}
23027 		ncyl = vpart->p_start / nblks;
23028 		ncyl += vpart->p_size / nblks;
23029 		if ((vpart->p_size % nblks) != 0) {
23030 			ncyl++;
23031 		}
23032 		if (ncyl > (int)un->un_g.dkg_ncyl) {
23033 			return (EINVAL);
23034 		}
23035 		vpart++;
23036 	}
23037 #endif	/* defined(_SUNOS_VTOC_8) */
23038 
23039 	/* Put appropriate vtoc structure fields into the disk label */
23040 #if defined(_SUNOS_VTOC_16)
23041 	/*
23042 	 * The vtoc is always a 32bit data structure to maintain the
23043 	 * on-disk format. Convert "in place" instead of bcopying it.
23044 	 */
23045 	vtoctovtoc32((*user_vtoc), (*((struct vtoc32 *)&(un->un_vtoc))));
23046 
23047 	/*
23048 	 * in the 16-slice vtoc, starting sectors are expressed in
23049 	 * numbers *relative* to the start of the Solaris fdisk partition.
23050 	 */
23051 	lmap = un->un_map;
23052 	vpart = user_vtoc->v_part;
23053 
23054 	for (i = 0; i < (int)user_vtoc->v_nparts; i++, lmap++, vpart++) {
23055 		lmap->dkl_cylno = vpart->p_start / nblks;
23056 		lmap->dkl_nblk = vpart->p_size;
23057 	}
23058 
23059 #elif defined(_SUNOS_VTOC_8)
23060 
23061 	un->un_vtoc.v_bootinfo[0] = (uint32_t)user_vtoc->v_bootinfo[0];
23062 	un->un_vtoc.v_bootinfo[1] = (uint32_t)user_vtoc->v_bootinfo[1];
23063 	un->un_vtoc.v_bootinfo[2] = (uint32_t)user_vtoc->v_bootinfo[2];
23064 
23065 	un->un_vtoc.v_sanity = (uint32_t)user_vtoc->v_sanity;
23066 	un->un_vtoc.v_version = (uint32_t)user_vtoc->v_version;
23067 
23068 	bcopy(user_vtoc->v_volume, un->un_vtoc.v_volume, LEN_DKL_VVOL);
23069 
23070 	un->un_vtoc.v_nparts = user_vtoc->v_nparts;
23071 
23072 	bcopy(user_vtoc->v_reserved, un->un_vtoc.v_reserved,
23073 	    sizeof (un->un_vtoc.v_reserved));
23074 
23075 	/*
23076 	 * Note the conversion from starting sector number
23077 	 * to starting cylinder number.
23078 	 * Return error if division results in a remainder.
23079 	 */
23080 	lmap = un->un_map;
23081 	lpart = un->un_vtoc.v_part;
23082 	vpart = user_vtoc->v_part;
23083 
23084 	for (i = 0; i < (int)user_vtoc->v_nparts; i++) {
23085 		lpart->p_tag  = vpart->p_tag;
23086 		lpart->p_flag = vpart->p_flag;
23087 		lmap->dkl_cylno = vpart->p_start / nblks;
23088 		lmap->dkl_nblk = vpart->p_size;
23089 
23090 		lmap++;
23091 		lpart++;
23092 		vpart++;
23093 
23094 		/* (4387723) */
23095 #ifdef _LP64
23096 		if (user_vtoc->timestamp[i] > TIME32_MAX) {
23097 			un->un_vtoc.v_timestamp[i] = TIME32_MAX;
23098 		} else {
23099 			un->un_vtoc.v_timestamp[i] = user_vtoc->timestamp[i];
23100 		}
23101 #else
23102 		un->un_vtoc.v_timestamp[i] = user_vtoc->timestamp[i];
23103 #endif
23104 	}
23105 
23106 	bcopy(user_vtoc->v_asciilabel, un->un_asciilabel, LEN_DKL_ASCII);
23107 #else
23108 #error "No VTOC format defined."
23109 #endif
23110 	return (0);
23111 }
23112 
23113 /*
23114  *    Function: sd_clear_efi
23115  *
23116  * Description: This routine clears all EFI labels.
23117  *
23118  *   Arguments: un - driver soft state (unit) structure
23119  *
23120  * Return Code: void
23121  */
23122 
23123 static void
23124 sd_clear_efi(struct sd_lun *un)
23125 {
23126 	efi_gpt_t	*gpt;
23127 	uint_t		lbasize;
23128 	uint64_t	cap;
23129 	int rval;
23130 
23131 	ASSERT(!mutex_owned(SD_MUTEX(un)));
23132 
23133 	gpt = kmem_alloc(sizeof (efi_gpt_t), KM_SLEEP);
23134 
23135 	if (sd_send_scsi_READ(un, gpt, DEV_BSIZE, 1, SD_PATH_DIRECT) != 0) {
23136 		goto done;
23137 	}
23138 
23139 	sd_swap_efi_gpt(gpt);
23140 	rval = sd_validate_efi(gpt);
23141 	if (rval == 0) {
23142 		/* clear primary */
23143 		bzero(gpt, sizeof (efi_gpt_t));
23144 		if ((rval = sd_send_scsi_WRITE(un, gpt, EFI_LABEL_SIZE, 1,
23145 			SD_PATH_DIRECT))) {
23146 			SD_INFO(SD_LOG_IO_PARTITION, un,
23147 				"sd_clear_efi: clear primary label failed\n");
23148 		}
23149 	}
23150 	/* the backup */
23151 	rval = sd_send_scsi_READ_CAPACITY(un, &cap, &lbasize,
23152 	    SD_PATH_DIRECT);
23153 	if (rval) {
23154 		goto done;
23155 	}
23156 	if ((rval = sd_send_scsi_READ(un, gpt, lbasize,
23157 	    cap - 1, SD_PATH_DIRECT)) != 0) {
23158 		goto done;
23159 	}
23160 	sd_swap_efi_gpt(gpt);
23161 	rval = sd_validate_efi(gpt);
23162 	if (rval == 0) {
23163 		/* clear backup */
23164 		SD_TRACE(SD_LOG_IOCTL, un, "sd_clear_efi clear backup@%lu\n",
23165 			cap-1);
23166 		bzero(gpt, sizeof (efi_gpt_t));
23167 		if ((rval = sd_send_scsi_WRITE(un, gpt, EFI_LABEL_SIZE,
23168 		    cap-1, SD_PATH_DIRECT))) {
23169 			SD_INFO(SD_LOG_IO_PARTITION, un,
23170 				"sd_clear_efi: clear backup label failed\n");
23171 		}
23172 	}
23173 
23174 done:
23175 	kmem_free(gpt, sizeof (efi_gpt_t));
23176 }
23177 
23178 /*
23179  *    Function: sd_set_vtoc
23180  *
23181  * Description: This routine writes data to the appropriate positions
23182  *
23183  *   Arguments: un - driver soft state (unit) structure
23184  *              dkl  - the data to be written
23185  *
23186  * Return: void
23187  */
23188 
23189 static int
23190 sd_set_vtoc(struct sd_lun *un, struct dk_label *dkl)
23191 {
23192 	void			*shadow_buf;
23193 	uint_t			label_addr;
23194 	int			sec;
23195 	int			blk;
23196 	int			head;
23197 	int			cyl;
23198 	int			rval;
23199 
23200 #if defined(__i386) || defined(__amd64)
23201 	label_addr = un->un_solaris_offset + DK_LABEL_LOC;
23202 #else
23203 	/* Write the primary label at block 0 of the solaris partition. */
23204 	label_addr = 0;
23205 #endif
23206 
23207 	if (NOT_DEVBSIZE(un)) {
23208 		shadow_buf = kmem_zalloc(un->un_tgt_blocksize, KM_SLEEP);
23209 		/*
23210 		 * Read the target's first block.
23211 		 */
23212 		if ((rval = sd_send_scsi_READ(un, shadow_buf,
23213 		    un->un_tgt_blocksize, label_addr,
23214 		    SD_PATH_STANDARD)) != 0) {
23215 			goto exit;
23216 		}
23217 		/*
23218 		 * Copy the contents of the label into the shadow buffer
23219 		 * which is of the size of target block size.
23220 		 */
23221 		bcopy(dkl, shadow_buf, sizeof (struct dk_label));
23222 	}
23223 
23224 	/* Write the primary label */
23225 	if (NOT_DEVBSIZE(un)) {
23226 		rval = sd_send_scsi_WRITE(un, shadow_buf, un->un_tgt_blocksize,
23227 		    label_addr, SD_PATH_STANDARD);
23228 	} else {
23229 		rval = sd_send_scsi_WRITE(un, dkl, un->un_sys_blocksize,
23230 		    label_addr, SD_PATH_STANDARD);
23231 	}
23232 	if (rval != 0) {
23233 		return (rval);
23234 	}
23235 
23236 	/*
23237 	 * Calculate where the backup labels go.  They are always on
23238 	 * the last alternate cylinder, but some older drives put them
23239 	 * on head 2 instead of the last head.	They are always on the
23240 	 * first 5 odd sectors of the appropriate track.
23241 	 *
23242 	 * We have no choice at this point, but to believe that the
23243 	 * disk label is valid.	 Use the geometry of the disk
23244 	 * as described in the label.
23245 	 */
23246 	cyl  = dkl->dkl_ncyl  + dkl->dkl_acyl - 1;
23247 	head = dkl->dkl_nhead - 1;
23248 
23249 	/*
23250 	 * Write and verify the backup labels. Make sure we don't try to
23251 	 * write past the last cylinder.
23252 	 */
23253 	for (sec = 1; ((sec < 5 * 2 + 1) && (sec < dkl->dkl_nsect)); sec += 2) {
23254 		blk = (daddr_t)(
23255 		    (cyl * ((dkl->dkl_nhead * dkl->dkl_nsect) - dkl->dkl_apc)) +
23256 		    (head * dkl->dkl_nsect) + sec);
23257 #if defined(__i386) || defined(__amd64)
23258 		blk += un->un_solaris_offset;
23259 #endif
23260 		if (NOT_DEVBSIZE(un)) {
23261 			uint64_t	tblk;
23262 			/*
23263 			 * Need to read the block first for read modify write.
23264 			 */
23265 			tblk = (uint64_t)blk;
23266 			blk = (int)((tblk * un->un_sys_blocksize) /
23267 			    un->un_tgt_blocksize);
23268 			if ((rval = sd_send_scsi_READ(un, shadow_buf,
23269 			    un->un_tgt_blocksize, blk,
23270 			    SD_PATH_STANDARD)) != 0) {
23271 				goto exit;
23272 			}
23273 			/*
23274 			 * Modify the shadow buffer with the label.
23275 			 */
23276 			bcopy(dkl, shadow_buf, sizeof (struct dk_label));
23277 			rval = sd_send_scsi_WRITE(un, shadow_buf,
23278 			    un->un_tgt_blocksize, blk, SD_PATH_STANDARD);
23279 		} else {
23280 			rval = sd_send_scsi_WRITE(un, dkl, un->un_sys_blocksize,
23281 			    blk, SD_PATH_STANDARD);
23282 			SD_INFO(SD_LOG_IO_PARTITION, un,
23283 			"sd_set_vtoc: wrote backup label %d\n", blk);
23284 		}
23285 		if (rval != 0) {
23286 			goto exit;
23287 		}
23288 	}
23289 exit:
23290 	if (NOT_DEVBSIZE(un)) {
23291 		kmem_free(shadow_buf, un->un_tgt_blocksize);
23292 	}
23293 	return (rval);
23294 }
23295 
23296 /*
23297  *    Function: sd_clear_vtoc
23298  *
23299  * Description: This routine clears out the VTOC labels.
23300  *
23301  *   Arguments: un - driver soft state (unit) structure
23302  *
23303  * Return: void
23304  */
23305 
23306 static void
23307 sd_clear_vtoc(struct sd_lun *un)
23308 {
23309 	struct dk_label		*dkl;
23310 
23311 	mutex_exit(SD_MUTEX(un));
23312 	dkl = kmem_zalloc(sizeof (struct dk_label), KM_SLEEP);
23313 	mutex_enter(SD_MUTEX(un));
23314 	/*
23315 	 * sd_set_vtoc uses these fields in order to figure out
23316 	 * where to overwrite the backup labels
23317 	 */
23318 	dkl->dkl_apc    = un->un_g.dkg_apc;
23319 	dkl->dkl_ncyl   = un->un_g.dkg_ncyl;
23320 	dkl->dkl_acyl   = un->un_g.dkg_acyl;
23321 	dkl->dkl_nhead  = un->un_g.dkg_nhead;
23322 	dkl->dkl_nsect  = un->un_g.dkg_nsect;
23323 	mutex_exit(SD_MUTEX(un));
23324 	(void) sd_set_vtoc(un, dkl);
23325 	kmem_free(dkl, sizeof (struct dk_label));
23326 
23327 	mutex_enter(SD_MUTEX(un));
23328 }
23329 
23330 /*
23331  *    Function: sd_write_label
23332  *
23333  * Description: This routine will validate and write the driver soft state vtoc
23334  *		contents to the device.
23335  *
23336  *   Arguments: dev - the device number
23337  *
23338  * Return Code: the code returned by sd_send_scsi_cmd()
23339  *		0
23340  *		EINVAL
23341  *		ENXIO
23342  *		ENOMEM
23343  */
23344 
23345 static int
23346 sd_write_label(dev_t dev)
23347 {
23348 	struct sd_lun		*un;
23349 	struct dk_label		*dkl;
23350 	short			sum;
23351 	short			*sp;
23352 	int			i;
23353 	int			rval;
23354 
23355 	if (((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) ||
23356 	    (un->un_state == SD_STATE_OFFLINE)) {
23357 		return (ENXIO);
23358 	}
23359 	ASSERT(mutex_owned(SD_MUTEX(un)));
23360 	mutex_exit(SD_MUTEX(un));
23361 	dkl = kmem_zalloc(sizeof (struct dk_label), KM_SLEEP);
23362 	mutex_enter(SD_MUTEX(un));
23363 
23364 	bcopy(&un->un_vtoc, &dkl->dkl_vtoc, sizeof (struct dk_vtoc));
23365 	dkl->dkl_rpm	= un->un_g.dkg_rpm;
23366 	dkl->dkl_pcyl	= un->un_g.dkg_pcyl;
23367 	dkl->dkl_apc	= un->un_g.dkg_apc;
23368 	dkl->dkl_intrlv = un->un_g.dkg_intrlv;
23369 	dkl->dkl_ncyl	= un->un_g.dkg_ncyl;
23370 	dkl->dkl_acyl	= un->un_g.dkg_acyl;
23371 	dkl->dkl_nhead	= un->un_g.dkg_nhead;
23372 	dkl->dkl_nsect	= un->un_g.dkg_nsect;
23373 
23374 #if defined(_SUNOS_VTOC_8)
23375 	dkl->dkl_obs1	= un->un_g.dkg_obs1;
23376 	dkl->dkl_obs2	= un->un_g.dkg_obs2;
23377 	dkl->dkl_obs3	= un->un_g.dkg_obs3;
23378 	for (i = 0; i < NDKMAP; i++) {
23379 		dkl->dkl_map[i].dkl_cylno = un->un_map[i].dkl_cylno;
23380 		dkl->dkl_map[i].dkl_nblk  = un->un_map[i].dkl_nblk;
23381 	}
23382 	bcopy(un->un_asciilabel, dkl->dkl_asciilabel, LEN_DKL_ASCII);
23383 #elif defined(_SUNOS_VTOC_16)
23384 	dkl->dkl_skew	= un->un_dkg_skew;
23385 #else
23386 #error "No VTOC format defined."
23387 #endif
23388 
23389 	dkl->dkl_magic			= DKL_MAGIC;
23390 	dkl->dkl_write_reinstruct	= un->un_g.dkg_write_reinstruct;
23391 	dkl->dkl_read_reinstruct	= un->un_g.dkg_read_reinstruct;
23392 
23393 	/* Construct checksum for the new disk label */
23394 	sum = 0;
23395 	sp = (short *)dkl;
23396 	i = sizeof (struct dk_label) / sizeof (short);
23397 	while (i--) {
23398 		sum ^= *sp++;
23399 	}
23400 	dkl->dkl_cksum = sum;
23401 
23402 	mutex_exit(SD_MUTEX(un));
23403 
23404 	rval = sd_set_vtoc(un, dkl);
23405 exit:
23406 	kmem_free(dkl, sizeof (struct dk_label));
23407 	mutex_enter(SD_MUTEX(un));
23408 	return (rval);
23409 }
23410 
23411 static int
23412 sd_dkio_set_efi(dev_t dev, caddr_t arg, int flag)
23413 {
23414 	struct sd_lun	*un = NULL;
23415 	dk_efi_t	user_efi;
23416 	int		rval = 0;
23417 	void		*buffer;
23418 
23419 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL)
23420 		return (ENXIO);
23421 
23422 	if (ddi_copyin(arg, &user_efi, sizeof (dk_efi_t), flag))
23423 		return (EFAULT);
23424 
23425 	user_efi.dki_data = (void *)(uintptr_t)user_efi.dki_data_64;
23426 
23427 	if ((user_efi.dki_length % un->un_tgt_blocksize) ||
23428 	    (user_efi.dki_length > un->un_max_xfer_size))
23429 		return (EINVAL);
23430 
23431 	buffer = kmem_alloc(user_efi.dki_length, KM_SLEEP);
23432 	if (ddi_copyin(user_efi.dki_data, buffer, user_efi.dki_length, flag)) {
23433 		rval = EFAULT;
23434 	} else {
23435 		/*
23436 		 * let's clear the vtoc labels and clear the softstate
23437 		 * vtoc.
23438 		 */
23439 		mutex_enter(SD_MUTEX(un));
23440 		if (un->un_vtoc.v_sanity == VTOC_SANE) {
23441 			SD_TRACE(SD_LOG_IO_PARTITION, un,
23442 				"sd_dkio_set_efi: CLEAR VTOC\n");
23443 			sd_clear_vtoc(un);
23444 			bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
23445 			mutex_exit(SD_MUTEX(un));
23446 			ddi_remove_minor_node(SD_DEVINFO(un), "h");
23447 			ddi_remove_minor_node(SD_DEVINFO(un), "h,raw");
23448 			(void) ddi_create_minor_node(SD_DEVINFO(un), "wd",
23449 			    S_IFBLK,
23450 			    (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
23451 			    un->un_node_type, NULL);
23452 			(void) ddi_create_minor_node(SD_DEVINFO(un), "wd,raw",
23453 			    S_IFCHR,
23454 			    (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
23455 			    un->un_node_type, NULL);
23456 		} else
23457 			mutex_exit(SD_MUTEX(un));
23458 		rval = sd_send_scsi_WRITE(un, buffer, user_efi.dki_length,
23459 		    user_efi.dki_lba, SD_PATH_DIRECT);
23460 		if (rval == 0) {
23461 			mutex_enter(SD_MUTEX(un));
23462 			un->un_f_geometry_is_valid = FALSE;
23463 			mutex_exit(SD_MUTEX(un));
23464 		}
23465 	}
23466 	kmem_free(buffer, user_efi.dki_length);
23467 	return (rval);
23468 }
23469 
23470 /*
23471  *    Function: sd_dkio_get_mboot
23472  *
23473  * Description: This routine is the driver entry point for handling user
23474  *		requests to get the current device mboot (DKIOCGMBOOT)
23475  *
23476  *   Arguments: dev  - the device number
23477  *		arg  - pointer to user provided mboot structure specifying
23478  *			the current mboot.
23479  *		flag - this argument is a pass through to ddi_copyxxx()
23480  *		       directly from the mode argument of ioctl().
23481  *
23482  * Return Code: 0
23483  *		EINVAL
23484  *		EFAULT
23485  *		ENXIO
23486  */
23487 
23488 static int
23489 sd_dkio_get_mboot(dev_t dev, caddr_t arg, int flag)
23490 {
23491 	struct sd_lun	*un;
23492 	struct mboot	*mboot;
23493 	int		rval;
23494 	size_t		buffer_size;
23495 
23496 	if (((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) ||
23497 	    (un->un_state == SD_STATE_OFFLINE)) {
23498 		return (ENXIO);
23499 	}
23500 
23501 #if defined(_SUNOS_VTOC_8)
23502 	if ((!ISREMOVABLE(un)) || (arg == NULL)) {
23503 #elif defined(_SUNOS_VTOC_16)
23504 	if (arg == NULL) {
23505 #endif
23506 		return (EINVAL);
23507 	}
23508 
23509 	/*
23510 	 * Read the mboot block, located at absolute block 0 on the target.
23511 	 */
23512 	buffer_size = SD_REQBYTES2TGTBYTES(un, sizeof (struct mboot));
23513 
23514 	SD_TRACE(SD_LOG_IO_PARTITION, un,
23515 	    "sd_dkio_get_mboot: allocation size: 0x%x\n", buffer_size);
23516 
23517 	mboot = kmem_zalloc(buffer_size, KM_SLEEP);
23518 	if ((rval = sd_send_scsi_READ(un, mboot, buffer_size, 0,
23519 	    SD_PATH_STANDARD)) == 0) {
23520 		if (ddi_copyout(mboot, (void *)arg,
23521 		    sizeof (struct mboot), flag) != 0) {
23522 			rval = EFAULT;
23523 		}
23524 	}
23525 	kmem_free(mboot, buffer_size);
23526 	return (rval);
23527 }
23528 
23529 
23530 /*
23531  *    Function: sd_dkio_set_mboot
23532  *
23533  * Description: This routine is the driver entry point for handling user
23534  *		requests to validate and set the device master boot
23535  *		(DKIOCSMBOOT).
23536  *
23537  *   Arguments: dev  - the device number
23538  *		arg  - pointer to user provided mboot structure used to set the
23539  *			master boot.
23540  *		flag - this argument is a pass through to ddi_copyxxx()
23541  *		       directly from the mode argument of ioctl().
23542  *
23543  * Return Code: 0
23544  *		EINVAL
23545  *		EFAULT
23546  *		ENXIO
23547  */
23548 
23549 static int
23550 sd_dkio_set_mboot(dev_t dev, caddr_t arg, int flag)
23551 {
23552 	struct sd_lun	*un = NULL;
23553 	struct mboot	*mboot = NULL;
23554 	int		rval;
23555 	ushort_t	magic;
23556 
23557 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
23558 		return (ENXIO);
23559 	}
23560 
23561 	ASSERT(!mutex_owned(SD_MUTEX(un)));
23562 
23563 #if defined(_SUNOS_VTOC_8)
23564 	if (!ISREMOVABLE(un)) {
23565 		return (EINVAL);
23566 	}
23567 #endif
23568 
23569 	if (arg == NULL) {
23570 		return (EINVAL);
23571 	}
23572 
23573 	mboot = kmem_zalloc(sizeof (struct mboot), KM_SLEEP);
23574 
23575 	if (ddi_copyin((const void *)arg, mboot,
23576 	    sizeof (struct mboot), flag) != 0) {
23577 		kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23578 		return (EFAULT);
23579 	}
23580 
23581 	/* Is this really a master boot record? */
23582 	magic = LE_16(mboot->signature);
23583 	if (magic != MBB_MAGIC) {
23584 		kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23585 		return (EINVAL);
23586 	}
23587 
23588 	rval = sd_send_scsi_WRITE(un, mboot, un->un_sys_blocksize, 0,
23589 	    SD_PATH_STANDARD);
23590 
23591 	mutex_enter(SD_MUTEX(un));
23592 #if defined(__i386) || defined(__amd64)
23593 	if (rval == 0) {
23594 		/*
23595 		 * mboot has been written successfully.
23596 		 * update the fdisk and vtoc tables in memory
23597 		 */
23598 		rval = sd_update_fdisk_and_vtoc(un);
23599 		if ((un->un_f_geometry_is_valid == FALSE) || (rval != 0)) {
23600 			mutex_exit(SD_MUTEX(un));
23601 			kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23602 			return (rval);
23603 		}
23604 	}
23605 
23606 	/*
23607 	 * If the mboot write fails, write the devid anyway, what can it hurt?
23608 	 * Also preserve the device id by writing to the disk acyl for the case
23609 	 * where a devid has been fabricated.
23610 	 */
23611 	if (!ISREMOVABLE(un) && !ISCD(un) &&
23612 	    (un->un_f_opt_fab_devid == TRUE)) {
23613 		if (un->un_devid == NULL) {
23614 			sd_register_devid(un, SD_DEVINFO(un),
23615 			    SD_TARGET_IS_UNRESERVED);
23616 		} else {
23617 			/*
23618 			 * The device id for this disk has been
23619 			 * fabricated. Fabricated device id's are
23620 			 * managed by storing them in the last 2
23621 			 * available sectors on the drive. The device
23622 			 * id must be preserved by writing it back out
23623 			 * to this location.
23624 			 */
23625 			if (sd_write_deviceid(un) != 0) {
23626 				ddi_devid_free(un->un_devid);
23627 				un->un_devid = NULL;
23628 			}
23629 		}
23630 	}
23631 #else
23632 	if (rval == 0) {
23633 		/*
23634 		 * mboot has been written successfully.
23635 		 * set up the default geometry and VTOC
23636 		 */
23637 		if (un->un_blockcount <= DK_MAX_BLOCKS)
23638 			sd_setup_default_geometry(un);
23639 	}
23640 #endif
23641 	mutex_exit(SD_MUTEX(un));
23642 	kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23643 	return (rval);
23644 }
23645 
23646 
23647 /*
23648  *    Function: sd_setup_default_geometry
23649  *
23650  * Description: This local utility routine sets the default geometry as part of
23651  *		setting the device mboot.
23652  *
23653  *   Arguments: un - driver soft state (unit) structure
23654  *
23655  * Note: This may be redundant with sd_build_default_label.
23656  */
23657 
23658 static void
23659 sd_setup_default_geometry(struct sd_lun *un)
23660 {
23661 	/* zero out the soft state geometry and partition table. */
23662 	bzero(&un->un_g, sizeof (struct dk_geom));
23663 	bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
23664 	bzero(un->un_map, NDKMAP * (sizeof (struct dk_map)));
23665 	un->un_asciilabel[0] = '\0';
23666 
23667 	/*
23668 	 * For the rpm, we use the minimum for the disk.
23669 	 * For the head, cyl and number of sector per track,
23670 	 * if the capacity <= 1GB, head = 64, sect = 32.
23671 	 * else head = 255, sect 63
23672 	 * Note: the capacity should be equal to C*H*S values.
23673 	 * This will cause some truncation of size due to
23674 	 * round off errors. For CD-ROMs, this truncation can
23675 	 * have adverse side effects, so returning ncyl and
23676 	 * nhead as 1. The nsect will overflow for most of
23677 	 * CD-ROMs as nsect is of type ushort.
23678 	 */
23679 	if (ISCD(un)) {
23680 		un->un_g.dkg_ncyl = 1;
23681 		un->un_g.dkg_nhead = 1;
23682 		un->un_g.dkg_nsect = un->un_blockcount;
23683 	} else {
23684 		if (un->un_blockcount <= 0x1000) {
23685 			/* Needed for unlabeled SCSI floppies. */
23686 			un->un_g.dkg_nhead = 2;
23687 			un->un_g.dkg_ncyl = 80;
23688 			un->un_g.dkg_pcyl = 80;
23689 			un->un_g.dkg_nsect = un->un_blockcount / (2 * 80);
23690 		} else if (un->un_blockcount <= 0x200000) {
23691 			un->un_g.dkg_nhead = 64;
23692 			un->un_g.dkg_nsect = 32;
23693 			un->un_g.dkg_ncyl = un->un_blockcount / (64 * 32);
23694 		} else {
23695 			un->un_g.dkg_nhead = 255;
23696 			un->un_g.dkg_nsect = 63;
23697 			un->un_g.dkg_ncyl = un->un_blockcount / (255 * 63);
23698 		}
23699 		un->un_blockcount = un->un_g.dkg_ncyl *
23700 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect;
23701 	}
23702 	un->un_g.dkg_acyl = 0;
23703 	un->un_g.dkg_bcyl = 0;
23704 	un->un_g.dkg_intrlv = 1;
23705 	un->un_g.dkg_rpm = 200;
23706 	un->un_g.dkg_read_reinstruct = 0;
23707 	un->un_g.dkg_write_reinstruct = 0;
23708 	if (un->un_g.dkg_pcyl == 0) {
23709 		un->un_g.dkg_pcyl = un->un_g.dkg_ncyl + un->un_g.dkg_acyl;
23710 	}
23711 
23712 	un->un_map['a'-'a'].dkl_cylno = 0;
23713 	un->un_map['a'-'a'].dkl_nblk = un->un_blockcount;
23714 	un->un_map['c'-'a'].dkl_cylno = 0;
23715 	un->un_map['c'-'a'].dkl_nblk = un->un_blockcount;
23716 	un->un_f_geometry_is_valid = FALSE;
23717 }
23718 
23719 
23720 #if defined(__i386) || defined(__amd64)
23721 /*
23722  *    Function: sd_update_fdisk_and_vtoc
23723  *
23724  * Description: This local utility routine updates the device fdisk and vtoc
23725  *		as part of setting the device mboot.
23726  *
23727  *   Arguments: un - driver soft state (unit) structure
23728  *
23729  * Return Code: 0 for success or errno-type return code.
23730  *
23731  *    Note:x86: This looks like a duplicate of sd_validate_geometry(), but
23732  *		these did exist seperately in x86 sd.c!!!
23733  */
23734 
23735 static int
23736 sd_update_fdisk_and_vtoc(struct sd_lun *un)
23737 {
23738 	static char	labelstring[128];
23739 	static char	buf[256];
23740 	char		*label = 0;
23741 	int		count;
23742 	int		label_rc = 0;
23743 	int		gvalid = un->un_f_geometry_is_valid;
23744 	int		fdisk_rval;
23745 	int		lbasize;
23746 	int		capacity;
23747 
23748 	ASSERT(mutex_owned(SD_MUTEX(un)));
23749 
23750 	if (un->un_f_tgt_blocksize_is_valid == FALSE) {
23751 		return (EINVAL);
23752 	}
23753 
23754 	if (un->un_f_blockcount_is_valid == FALSE) {
23755 		return (EINVAL);
23756 	}
23757 
23758 #if defined(_SUNOS_VTOC_16)
23759 	/*
23760 	 * Set up the "whole disk" fdisk partition; this should always
23761 	 * exist, regardless of whether the disk contains an fdisk table
23762 	 * or vtoc.
23763 	 */
23764 	un->un_map[P0_RAW_DISK].dkl_cylno = 0;
23765 	un->un_map[P0_RAW_DISK].dkl_nblk = un->un_blockcount;
23766 #endif	/* defined(_SUNOS_VTOC_16) */
23767 
23768 	/*
23769 	 * copy the lbasize and capacity so that if they're
23770 	 * reset while we're not holding the SD_MUTEX(un), we will
23771 	 * continue to use valid values after the SD_MUTEX(un) is
23772 	 * reacquired.
23773 	 */
23774 	lbasize  = un->un_tgt_blocksize;
23775 	capacity = un->un_blockcount;
23776 
23777 	/*
23778 	 * refresh the logical and physical geometry caches.
23779 	 * (data from mode sense format/rigid disk geometry pages,
23780 	 * and scsi_ifgetcap("geometry").
23781 	 */
23782 	sd_resync_geom_caches(un, capacity, lbasize, SD_PATH_DIRECT);
23783 
23784 	/*
23785 	 * Only DIRECT ACCESS devices will have Sun labels.
23786 	 * CD's supposedly have a Sun label, too
23787 	 */
23788 	if (SD_INQUIRY(un)->inq_dtype == DTYPE_DIRECT || ISREMOVABLE(un)) {
23789 		fdisk_rval = sd_read_fdisk(un, capacity, lbasize,
23790 		    SD_PATH_DIRECT);
23791 		if (fdisk_rval == SD_CMD_FAILURE) {
23792 			ASSERT(mutex_owned(SD_MUTEX(un)));
23793 			return (EIO);
23794 		}
23795 
23796 		if (fdisk_rval == SD_CMD_RESERVATION_CONFLICT) {
23797 			ASSERT(mutex_owned(SD_MUTEX(un)));
23798 			return (EACCES);
23799 		}
23800 
23801 		if (un->un_solaris_size <= DK_LABEL_LOC) {
23802 			/*
23803 			 * Found fdisk table but no Solaris partition entry,
23804 			 * so don't call sd_uselabel() and don't create
23805 			 * a default label.
23806 			 */
23807 			label_rc = 0;
23808 			un->un_f_geometry_is_valid = TRUE;
23809 			goto no_solaris_partition;
23810 		}
23811 
23812 #if defined(_SUNOS_VTOC_8)
23813 		label = (char *)un->un_asciilabel;
23814 #elif defined(_SUNOS_VTOC_16)
23815 		label = (char *)un->un_vtoc.v_asciilabel;
23816 #else
23817 #error "No VTOC format defined."
23818 #endif
23819 	} else if (capacity < 0) {
23820 		ASSERT(mutex_owned(SD_MUTEX(un)));
23821 		return (EINVAL);
23822 	}
23823 
23824 	/*
23825 	 * For Removable media We reach here if we have found a
23826 	 * SOLARIS PARTITION.
23827 	 * If un_f_geometry_is_valid is FALSE it indicates that the SOLARIS
23828 	 * PARTITION has changed from the previous one, hence we will setup a
23829 	 * default VTOC in this case.
23830 	 */
23831 	if (un->un_f_geometry_is_valid == FALSE) {
23832 		sd_build_default_label(un);
23833 		label_rc = 0;
23834 	}
23835 
23836 no_solaris_partition:
23837 	if ((!ISREMOVABLE(un) ||
23838 	    (ISREMOVABLE(un) && un->un_mediastate == DKIO_EJECTED)) &&
23839 	    (un->un_state == SD_STATE_NORMAL && gvalid == FALSE)) {
23840 		/*
23841 		 * Print out a message indicating who and what we are.
23842 		 * We do this only when we happen to really validate the
23843 		 * geometry. We may call sd_validate_geometry() at other
23844 		 * times, ioctl()'s like Get VTOC in which case we
23845 		 * don't want to print the label.
23846 		 * If the geometry is valid, print the label string,
23847 		 * else print vendor and product info, if available
23848 		 */
23849 		if ((un->un_f_geometry_is_valid == TRUE) && (label != NULL)) {
23850 			SD_INFO(SD_LOG_IOCTL_DKIO, un, "?<%s>\n", label);
23851 		} else {
23852 			mutex_enter(&sd_label_mutex);
23853 			sd_inq_fill(SD_INQUIRY(un)->inq_vid, VIDMAX,
23854 			    labelstring);
23855 			sd_inq_fill(SD_INQUIRY(un)->inq_pid, PIDMAX,
23856 			    &labelstring[64]);
23857 			(void) sprintf(buf, "?Vendor '%s', product '%s'",
23858 			    labelstring, &labelstring[64]);
23859 			if (un->un_f_blockcount_is_valid == TRUE) {
23860 				(void) sprintf(&buf[strlen(buf)],
23861 				    ", %" PRIu64 " %u byte blocks\n",
23862 				    un->un_blockcount,
23863 				    un->un_tgt_blocksize);
23864 			} else {
23865 				(void) sprintf(&buf[strlen(buf)],
23866 				    ", (unknown capacity)\n");
23867 			}
23868 			SD_INFO(SD_LOG_IOCTL_DKIO, un, buf);
23869 			mutex_exit(&sd_label_mutex);
23870 		}
23871 	}
23872 
23873 #if defined(_SUNOS_VTOC_16)
23874 	/*
23875 	 * If we have valid geometry, set up the remaining fdisk partitions.
23876 	 * Note that dkl_cylno is not used for the fdisk map entries, so
23877 	 * we set it to an entirely bogus value.
23878 	 */
23879 	for (count = 0; count < FD_NUMPART; count++) {
23880 		un->un_map[FDISK_P1 + count].dkl_cylno = -1;
23881 		un->un_map[FDISK_P1 + count].dkl_nblk =
23882 		    un->un_fmap[count].fmap_nblk;
23883 		un->un_offset[FDISK_P1 + count] =
23884 		    un->un_fmap[count].fmap_start;
23885 	}
23886 #endif
23887 
23888 	for (count = 0; count < NDKMAP; count++) {
23889 #if defined(_SUNOS_VTOC_8)
23890 		struct dk_map *lp  = &un->un_map[count];
23891 		un->un_offset[count] =
23892 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
23893 #elif defined(_SUNOS_VTOC_16)
23894 		struct dkl_partition *vp = &un->un_vtoc.v_part[count];
23895 		un->un_offset[count] = vp->p_start + un->un_solaris_offset;
23896 #else
23897 #error "No VTOC format defined."
23898 #endif
23899 	}
23900 
23901 	ASSERT(mutex_owned(SD_MUTEX(un)));
23902 	return (label_rc);
23903 }
23904 #endif
23905 
23906 
23907 /*
23908  *    Function: sd_check_media
23909  *
23910  * Description: This utility routine implements the functionality for the
23911  *		DKIOCSTATE ioctl. This ioctl blocks the user thread until the
23912  *		driver state changes from that specified by the user
23913  *		(inserted or ejected). For example, if the user specifies
23914  *		DKIO_EJECTED and the current media state is inserted this
23915  *		routine will immediately return DKIO_INSERTED. However, if the
23916  *		current media state is not inserted the user thread will be
23917  *		blocked until the drive state changes. If DKIO_NONE is specified
23918  *		the user thread will block until a drive state change occurs.
23919  *
23920  *   Arguments: dev  - the device number
23921  *		state  - user pointer to a dkio_state, updated with the current
23922  *			drive state at return.
23923  *
23924  * Return Code: ENXIO
23925  *		EIO
23926  *		EAGAIN
23927  *		EINTR
23928  */
23929 
23930 static int
23931 sd_check_media(dev_t dev, enum dkio_state state)
23932 {
23933 	struct sd_lun		*un = NULL;
23934 	enum dkio_state		prev_state;
23935 	opaque_t		token = NULL;
23936 	int			rval = 0;
23937 
23938 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
23939 		return (ENXIO);
23940 	}
23941 
23942 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: entry\n");
23943 
23944 	mutex_enter(SD_MUTEX(un));
23945 
23946 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: "
23947 	    "state=%x, mediastate=%x\n", state, un->un_mediastate);
23948 
23949 	prev_state = un->un_mediastate;
23950 
23951 	/* is there anything to do? */
23952 	if (state == un->un_mediastate || un->un_mediastate == DKIO_NONE) {
23953 		/*
23954 		 * submit the request to the scsi_watch service;
23955 		 * scsi_media_watch_cb() does the real work
23956 		 */
23957 		mutex_exit(SD_MUTEX(un));
23958 
23959 		/*
23960 		 * This change handles the case where a scsi watch request is
23961 		 * added to a device that is powered down. To accomplish this
23962 		 * we power up the device before adding the scsi watch request,
23963 		 * since the scsi watch sends a TUR directly to the device
23964 		 * which the device cannot handle if it is powered down.
23965 		 */
23966 		if (sd_pm_entry(un) != DDI_SUCCESS) {
23967 			mutex_enter(SD_MUTEX(un));
23968 			goto done;
23969 		}
23970 
23971 		token = scsi_watch_request_submit(SD_SCSI_DEVP(un),
23972 		    sd_check_media_time, SENSE_LENGTH, sd_media_watch_cb,
23973 		    (caddr_t)dev);
23974 
23975 		sd_pm_exit(un);
23976 
23977 		mutex_enter(SD_MUTEX(un));
23978 		if (token == NULL) {
23979 			rval = EAGAIN;
23980 			goto done;
23981 		}
23982 
23983 		/*
23984 		 * This is a special case IOCTL that doesn't return
23985 		 * until the media state changes. Routine sdpower
23986 		 * knows about and handles this so don't count it
23987 		 * as an active cmd in the driver, which would
23988 		 * keep the device busy to the pm framework.
23989 		 * If the count isn't decremented the device can't
23990 		 * be powered down.
23991 		 */
23992 		un->un_ncmds_in_driver--;
23993 		ASSERT(un->un_ncmds_in_driver >= 0);
23994 
23995 		/*
23996 		 * if a prior request had been made, this will be the same
23997 		 * token, as scsi_watch was designed that way.
23998 		 */
23999 		un->un_swr_token = token;
24000 		un->un_specified_mediastate = state;
24001 
24002 		/*
24003 		 * now wait for media change
24004 		 * we will not be signalled unless mediastate == state but it is
24005 		 * still better to test for this condition, since there is a
24006 		 * 2 sec cv_broadcast delay when mediastate == DKIO_INSERTED
24007 		 */
24008 		SD_TRACE(SD_LOG_COMMON, un,
24009 		    "sd_check_media: waiting for media state change\n");
24010 		while (un->un_mediastate == state) {
24011 			if (cv_wait_sig(&un->un_state_cv, SD_MUTEX(un)) == 0) {
24012 				SD_TRACE(SD_LOG_COMMON, un,
24013 				    "sd_check_media: waiting for media state "
24014 				    "was interrupted\n");
24015 				un->un_ncmds_in_driver++;
24016 				rval = EINTR;
24017 				goto done;
24018 			}
24019 			SD_TRACE(SD_LOG_COMMON, un,
24020 			    "sd_check_media: received signal, state=%x\n",
24021 			    un->un_mediastate);
24022 		}
24023 		/*
24024 		 * Inc the counter to indicate the device once again
24025 		 * has an active outstanding cmd.
24026 		 */
24027 		un->un_ncmds_in_driver++;
24028 	}
24029 
24030 	/* invalidate geometry */
24031 	if (prev_state == DKIO_INSERTED && un->un_mediastate == DKIO_EJECTED) {
24032 		sr_ejected(un);
24033 	}
24034 
24035 	if (un->un_mediastate == DKIO_INSERTED && prev_state != DKIO_INSERTED) {
24036 		uint64_t	capacity;
24037 		uint_t		lbasize;
24038 
24039 		SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: media inserted\n");
24040 		mutex_exit(SD_MUTEX(un));
24041 		/*
24042 		 * Since the following routines use SD_PATH_DIRECT, we must
24043 		 * call PM directly before the upcoming disk accesses. This
24044 		 * may cause the disk to be power/spin up.
24045 		 */
24046 
24047 		if (sd_pm_entry(un) == DDI_SUCCESS) {
24048 			rval = sd_send_scsi_READ_CAPACITY(un,
24049 			    &capacity,
24050 			    &lbasize, SD_PATH_DIRECT);
24051 			if (rval != 0) {
24052 				sd_pm_exit(un);
24053 				mutex_enter(SD_MUTEX(un));
24054 				goto done;
24055 			}
24056 		} else {
24057 			rval = EIO;
24058 			mutex_enter(SD_MUTEX(un));
24059 			goto done;
24060 		}
24061 		mutex_enter(SD_MUTEX(un));
24062 
24063 		sd_update_block_info(un, lbasize, capacity);
24064 
24065 		un->un_f_geometry_is_valid	= FALSE;
24066 		(void) sd_validate_geometry(un, SD_PATH_DIRECT);
24067 
24068 		mutex_exit(SD_MUTEX(un));
24069 		rval = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
24070 		    SD_PATH_DIRECT);
24071 		sd_pm_exit(un);
24072 
24073 		mutex_enter(SD_MUTEX(un));
24074 	}
24075 done:
24076 	un->un_f_watcht_stopped = FALSE;
24077 	if (un->un_swr_token) {
24078 		/*
24079 		 * Use of this local token and the mutex ensures that we avoid
24080 		 * some race conditions associated with terminating the
24081 		 * scsi watch.
24082 		 */
24083 		token = un->un_swr_token;
24084 		un->un_swr_token = (opaque_t)NULL;
24085 		mutex_exit(SD_MUTEX(un));
24086 		(void) scsi_watch_request_terminate(token,
24087 		    SCSI_WATCH_TERMINATE_WAIT);
24088 		mutex_enter(SD_MUTEX(un));
24089 	}
24090 
24091 	/*
24092 	 * Update the capacity kstat value, if no media previously
24093 	 * (capacity kstat is 0) and a media has been inserted
24094 	 * (un_f_blockcount_is_valid == TRUE)
24095 	 * This is a more generic way then checking for ISREMOVABLE.
24096 	 */
24097 	if (un->un_errstats) {
24098 		struct sd_errstats	*stp = NULL;
24099 
24100 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
24101 		if ((stp->sd_capacity.value.ui64 == 0) &&
24102 		    (un->un_f_blockcount_is_valid == TRUE)) {
24103 			stp->sd_capacity.value.ui64 =
24104 			    (uint64_t)((uint64_t)un->un_blockcount *
24105 			    un->un_sys_blocksize);
24106 		}
24107 	}
24108 	mutex_exit(SD_MUTEX(un));
24109 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: done\n");
24110 	return (rval);
24111 }
24112 
24113 
24114 /*
24115  *    Function: sd_delayed_cv_broadcast
24116  *
24117  * Description: Delayed cv_broadcast to allow for target to recover from media
24118  *		insertion.
24119  *
24120  *   Arguments: arg - driver soft state (unit) structure
24121  */
24122 
24123 static void
24124 sd_delayed_cv_broadcast(void *arg)
24125 {
24126 	struct sd_lun *un = arg;
24127 
24128 	SD_TRACE(SD_LOG_COMMON, un, "sd_delayed_cv_broadcast\n");
24129 
24130 	mutex_enter(SD_MUTEX(un));
24131 	un->un_dcvb_timeid = NULL;
24132 	cv_broadcast(&un->un_state_cv);
24133 	mutex_exit(SD_MUTEX(un));
24134 }
24135 
24136 
24137 /*
24138  *    Function: sd_media_watch_cb
24139  *
24140  * Description: Callback routine used for support of the DKIOCSTATE ioctl. This
24141  *		routine processes the TUR sense data and updates the driver
24142  *		state if a transition has occurred. The user thread
24143  *		(sd_check_media) is then signalled.
24144  *
24145  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
24146  *			among multiple watches that share this callback function
24147  *		resultp - scsi watch facility result packet containing scsi
24148  *			  packet, status byte and sense data
24149  *
24150  * Return Code: 0 for success, -1 for failure
24151  */
24152 
24153 static int
24154 sd_media_watch_cb(caddr_t arg, struct scsi_watch_result *resultp)
24155 {
24156 	struct sd_lun			*un;
24157 	struct scsi_status		*statusp = resultp->statusp;
24158 	struct scsi_extended_sense	*sensep = resultp->sensep;
24159 	enum dkio_state			state = DKIO_NONE;
24160 	dev_t				dev = (dev_t)arg;
24161 	uchar_t				actual_sense_length;
24162 
24163 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24164 		return (-1);
24165 	}
24166 	actual_sense_length = resultp->actual_sense_length;
24167 
24168 	mutex_enter(SD_MUTEX(un));
24169 	SD_TRACE(SD_LOG_COMMON, un,
24170 	    "sd_media_watch_cb: status=%x, sensep=%p, len=%x\n",
24171 	    *((char *)statusp), (void *)sensep, actual_sense_length);
24172 
24173 	if (resultp->pkt->pkt_reason == CMD_DEV_GONE) {
24174 		un->un_mediastate = DKIO_DEV_GONE;
24175 		cv_broadcast(&un->un_state_cv);
24176 		mutex_exit(SD_MUTEX(un));
24177 
24178 		return (0);
24179 	}
24180 
24181 	/*
24182 	 * If there was a check condition then sensep points to valid sense data
24183 	 * If status was not a check condition but a reservation or busy status
24184 	 * then the new state is DKIO_NONE
24185 	 */
24186 	if (sensep != NULL) {
24187 		SD_INFO(SD_LOG_COMMON, un,
24188 		    "sd_media_watch_cb: sense KEY=%x, ASC=%x, ASCQ=%x\n",
24189 		    sensep->es_key, sensep->es_add_code, sensep->es_qual_code);
24190 		/* This routine only uses up to 13 bytes of sense data. */
24191 		if (actual_sense_length >= 13) {
24192 			if (sensep->es_key == KEY_UNIT_ATTENTION) {
24193 				if (sensep->es_add_code == 0x28) {
24194 					state = DKIO_INSERTED;
24195 				}
24196 			} else {
24197 				/*
24198 				 * if 02/04/02  means that the host
24199 				 * should send start command. Explicitly
24200 				 * leave the media state as is
24201 				 * (inserted) as the media is inserted
24202 				 * and host has stopped device for PM
24203 				 * reasons. Upon next true read/write
24204 				 * to this media will bring the
24205 				 * device to the right state good for
24206 				 * media access.
24207 				 */
24208 				if ((sensep->es_key == KEY_NOT_READY) &&
24209 				    (sensep->es_add_code == 0x3a)) {
24210 					state = DKIO_EJECTED;
24211 				}
24212 
24213 				/*
24214 				 * If the drivge is busy with an operation
24215 				 * or long write, keep the media in an
24216 				 * inserted state.
24217 				 */
24218 
24219 				if ((sensep->es_key == KEY_NOT_READY) &&
24220 				    (sensep->es_add_code == 0x04) &&
24221 				    ((sensep->es_qual_code == 0x02) ||
24222 				    (sensep->es_qual_code == 0x07) ||
24223 				    (sensep->es_qual_code == 0x08))) {
24224 					state = DKIO_INSERTED;
24225 				}
24226 			}
24227 		}
24228 	} else if ((*((char *)statusp) == STATUS_GOOD) &&
24229 	    (resultp->pkt->pkt_reason == CMD_CMPLT)) {
24230 		state = DKIO_INSERTED;
24231 	}
24232 
24233 	SD_TRACE(SD_LOG_COMMON, un,
24234 	    "sd_media_watch_cb: state=%x, specified=%x\n",
24235 	    state, un->un_specified_mediastate);
24236 
24237 	/*
24238 	 * now signal the waiting thread if this is *not* the specified state;
24239 	 * delay the signal if the state is DKIO_INSERTED to allow the target
24240 	 * to recover
24241 	 */
24242 	if (state != un->un_specified_mediastate) {
24243 		un->un_mediastate = state;
24244 		if (state == DKIO_INSERTED) {
24245 			/*
24246 			 * delay the signal to give the drive a chance
24247 			 * to do what it apparently needs to do
24248 			 */
24249 			SD_TRACE(SD_LOG_COMMON, un,
24250 			    "sd_media_watch_cb: delayed cv_broadcast\n");
24251 			if (un->un_dcvb_timeid == NULL) {
24252 				un->un_dcvb_timeid =
24253 				    timeout(sd_delayed_cv_broadcast, un,
24254 				    drv_usectohz((clock_t)MEDIA_ACCESS_DELAY));
24255 			}
24256 		} else {
24257 			SD_TRACE(SD_LOG_COMMON, un,
24258 			    "sd_media_watch_cb: immediate cv_broadcast\n");
24259 			cv_broadcast(&un->un_state_cv);
24260 		}
24261 	}
24262 	mutex_exit(SD_MUTEX(un));
24263 	return (0);
24264 }
24265 
24266 
24267 /*
24268  *    Function: sd_dkio_get_temp
24269  *
24270  * Description: This routine is the driver entry point for handling ioctl
24271  *		requests to get the disk temperature.
24272  *
24273  *   Arguments: dev  - the device number
24274  *		arg  - pointer to user provided dk_temperature structure.
24275  *		flag - this argument is a pass through to ddi_copyxxx()
24276  *		       directly from the mode argument of ioctl().
24277  *
24278  * Return Code: 0
24279  *		EFAULT
24280  *		ENXIO
24281  *		EAGAIN
24282  */
24283 
24284 static int
24285 sd_dkio_get_temp(dev_t dev, caddr_t arg, int flag)
24286 {
24287 	struct sd_lun		*un = NULL;
24288 	struct dk_temperature	*dktemp = NULL;
24289 	uchar_t			*temperature_page;
24290 	int			rval = 0;
24291 	int			path_flag = SD_PATH_STANDARD;
24292 
24293 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24294 		return (ENXIO);
24295 	}
24296 
24297 	dktemp = kmem_zalloc(sizeof (struct dk_temperature), KM_SLEEP);
24298 
24299 	/* copyin the disk temp argument to get the user flags */
24300 	if (ddi_copyin((void *)arg, dktemp,
24301 	    sizeof (struct dk_temperature), flag) != 0) {
24302 		rval = EFAULT;
24303 		goto done;
24304 	}
24305 
24306 	/* Initialize the temperature to invalid. */
24307 	dktemp->dkt_cur_temp = (short)DKT_INVALID_TEMP;
24308 	dktemp->dkt_ref_temp = (short)DKT_INVALID_TEMP;
24309 
24310 	/*
24311 	 * Note: Investigate removing the "bypass pm" semantic.
24312 	 * Can we just bypass PM always?
24313 	 */
24314 	if (dktemp->dkt_flags & DKT_BYPASS_PM) {
24315 		path_flag = SD_PATH_DIRECT;
24316 		ASSERT(!mutex_owned(&un->un_pm_mutex));
24317 		mutex_enter(&un->un_pm_mutex);
24318 		if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
24319 			/*
24320 			 * If DKT_BYPASS_PM is set, and the drive happens to be
24321 			 * in low power mode, we can not wake it up, Need to
24322 			 * return EAGAIN.
24323 			 */
24324 			mutex_exit(&un->un_pm_mutex);
24325 			rval = EAGAIN;
24326 			goto done;
24327 		} else {
24328 			/*
24329 			 * Indicate to PM the device is busy. This is required
24330 			 * to avoid a race - i.e. the ioctl is issuing a
24331 			 * command and the pm framework brings down the device
24332 			 * to low power mode (possible power cut-off on some
24333 			 * platforms).
24334 			 */
24335 			mutex_exit(&un->un_pm_mutex);
24336 			if (sd_pm_entry(un) != DDI_SUCCESS) {
24337 				rval = EAGAIN;
24338 				goto done;
24339 			}
24340 		}
24341 	}
24342 
24343 	temperature_page = kmem_zalloc(TEMPERATURE_PAGE_SIZE, KM_SLEEP);
24344 
24345 	if ((rval = sd_send_scsi_LOG_SENSE(un, temperature_page,
24346 	    TEMPERATURE_PAGE_SIZE, TEMPERATURE_PAGE, 1, 0, path_flag)) != 0) {
24347 		goto done2;
24348 	}
24349 
24350 	/*
24351 	 * For the current temperature verify that the parameter length is 0x02
24352 	 * and the parameter code is 0x00
24353 	 */
24354 	if ((temperature_page[7] == 0x02) && (temperature_page[4] == 0x00) &&
24355 	    (temperature_page[5] == 0x00)) {
24356 		if (temperature_page[9] == 0xFF) {
24357 			dktemp->dkt_cur_temp = (short)DKT_INVALID_TEMP;
24358 		} else {
24359 			dktemp->dkt_cur_temp = (short)(temperature_page[9]);
24360 		}
24361 	}
24362 
24363 	/*
24364 	 * For the reference temperature verify that the parameter
24365 	 * length is 0x02 and the parameter code is 0x01
24366 	 */
24367 	if ((temperature_page[13] == 0x02) && (temperature_page[10] == 0x00) &&
24368 	    (temperature_page[11] == 0x01)) {
24369 		if (temperature_page[15] == 0xFF) {
24370 			dktemp->dkt_ref_temp = (short)DKT_INVALID_TEMP;
24371 		} else {
24372 			dktemp->dkt_ref_temp = (short)(temperature_page[15]);
24373 		}
24374 	}
24375 
24376 	/* Do the copyout regardless of the temperature commands status. */
24377 	if (ddi_copyout(dktemp, (void *)arg, sizeof (struct dk_temperature),
24378 	    flag) != 0) {
24379 		rval = EFAULT;
24380 	}
24381 
24382 done2:
24383 	if (path_flag == SD_PATH_DIRECT) {
24384 		sd_pm_exit(un);
24385 	}
24386 
24387 	kmem_free(temperature_page, TEMPERATURE_PAGE_SIZE);
24388 done:
24389 	if (dktemp != NULL) {
24390 		kmem_free(dktemp, sizeof (struct dk_temperature));
24391 	}
24392 
24393 	return (rval);
24394 }
24395 
24396 
24397 /*
24398  *    Function: sd_log_page_supported
24399  *
24400  * Description: This routine uses sd_send_scsi_LOG_SENSE to find the list of
24401  *		supported log pages.
24402  *
24403  *   Arguments: un -
24404  *		log_page -
24405  *
24406  * Return Code: -1 - on error (log sense is optional and may not be supported).
24407  *		0  - log page not found.
24408  *  		1  - log page found.
24409  */
24410 
24411 static int
24412 sd_log_page_supported(struct sd_lun *un, int log_page)
24413 {
24414 	uchar_t *log_page_data;
24415 	int	i;
24416 	int	match = 0;
24417 	int	log_size;
24418 
24419 	log_page_data = kmem_zalloc(0xFF, KM_SLEEP);
24420 
24421 	if (sd_send_scsi_LOG_SENSE(un, log_page_data, 0xFF, 0, 0x01, 0,
24422 	    SD_PATH_DIRECT) != 0) {
24423 		SD_ERROR(SD_LOG_COMMON, un,
24424 		    "sd_log_page_supported: failed log page retrieval\n");
24425 		kmem_free(log_page_data, 0xFF);
24426 		return (-1);
24427 	}
24428 	log_size = log_page_data[3];
24429 
24430 	/*
24431 	 * The list of supported log pages start from the fourth byte. Check
24432 	 * until we run out of log pages or a match is found.
24433 	 */
24434 	for (i = 4; (i < (log_size + 4)) && !match; i++) {
24435 		if (log_page_data[i] == log_page) {
24436 			match++;
24437 		}
24438 	}
24439 	kmem_free(log_page_data, 0xFF);
24440 	return (match);
24441 }
24442 
24443 
24444 /*
24445  *    Function: sd_mhdioc_failfast
24446  *
24447  * Description: This routine is the driver entry point for handling ioctl
24448  *		requests to enable/disable the multihost failfast option.
24449  *		(MHIOCENFAILFAST)
24450  *
24451  *   Arguments: dev	- the device number
24452  *		arg	- user specified probing interval.
24453  *		flag	- this argument is a pass through to ddi_copyxxx()
24454  *			  directly from the mode argument of ioctl().
24455  *
24456  * Return Code: 0
24457  *		EFAULT
24458  *		ENXIO
24459  */
24460 
24461 static int
24462 sd_mhdioc_failfast(dev_t dev, caddr_t arg, int flag)
24463 {
24464 	struct sd_lun	*un = NULL;
24465 	int		mh_time;
24466 	int		rval = 0;
24467 
24468 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24469 		return (ENXIO);
24470 	}
24471 
24472 	if (ddi_copyin((void *)arg, &mh_time, sizeof (int), flag))
24473 		return (EFAULT);
24474 
24475 	if (mh_time) {
24476 		mutex_enter(SD_MUTEX(un));
24477 		un->un_resvd_status |= SD_FAILFAST;
24478 		mutex_exit(SD_MUTEX(un));
24479 		/*
24480 		 * If mh_time is INT_MAX, then this ioctl is being used for
24481 		 * SCSI-3 PGR purposes, and we don't need to spawn watch thread.
24482 		 */
24483 		if (mh_time != INT_MAX) {
24484 			rval = sd_check_mhd(dev, mh_time);
24485 		}
24486 	} else {
24487 		(void) sd_check_mhd(dev, 0);
24488 		mutex_enter(SD_MUTEX(un));
24489 		un->un_resvd_status &= ~SD_FAILFAST;
24490 		mutex_exit(SD_MUTEX(un));
24491 	}
24492 	return (rval);
24493 }
24494 
24495 
24496 /*
24497  *    Function: sd_mhdioc_takeown
24498  *
24499  * Description: This routine is the driver entry point for handling ioctl
24500  *		requests to forcefully acquire exclusive access rights to the
24501  *		multihost disk (MHIOCTKOWN).
24502  *
24503  *   Arguments: dev	- the device number
24504  *		arg	- user provided structure specifying the delay
24505  *			  parameters in milliseconds
24506  *		flag	- this argument is a pass through to ddi_copyxxx()
24507  *			  directly from the mode argument of ioctl().
24508  *
24509  * Return Code: 0
24510  *		EFAULT
24511  *		ENXIO
24512  */
24513 
24514 static int
24515 sd_mhdioc_takeown(dev_t dev, caddr_t arg, int flag)
24516 {
24517 	struct sd_lun		*un = NULL;
24518 	struct mhioctkown	*tkown = NULL;
24519 	int			rval = 0;
24520 
24521 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24522 		return (ENXIO);
24523 	}
24524 
24525 	if (arg != NULL) {
24526 		tkown = (struct mhioctkown *)
24527 		    kmem_zalloc(sizeof (struct mhioctkown), KM_SLEEP);
24528 		rval = ddi_copyin(arg, tkown, sizeof (struct mhioctkown), flag);
24529 		if (rval != 0) {
24530 			rval = EFAULT;
24531 			goto error;
24532 		}
24533 	}
24534 
24535 	rval = sd_take_ownership(dev, tkown);
24536 	mutex_enter(SD_MUTEX(un));
24537 	if (rval == 0) {
24538 		un->un_resvd_status |= SD_RESERVE;
24539 		if (tkown != NULL && tkown->reinstate_resv_delay != 0) {
24540 			sd_reinstate_resv_delay =
24541 			    tkown->reinstate_resv_delay * 1000;
24542 		} else {
24543 			sd_reinstate_resv_delay = SD_REINSTATE_RESV_DELAY;
24544 		}
24545 		/*
24546 		 * Give the scsi_watch routine interval set by
24547 		 * the MHIOCENFAILFAST ioctl precedence here.
24548 		 */
24549 		if ((un->un_resvd_status & SD_FAILFAST) == 0) {
24550 			mutex_exit(SD_MUTEX(un));
24551 			(void) sd_check_mhd(dev, sd_reinstate_resv_delay/1000);
24552 			SD_TRACE(SD_LOG_IOCTL_MHD, un,
24553 			    "sd_mhdioc_takeown : %d\n",
24554 			    sd_reinstate_resv_delay);
24555 		} else {
24556 			mutex_exit(SD_MUTEX(un));
24557 		}
24558 		(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_NOTIFY,
24559 		    sd_mhd_reset_notify_cb, (caddr_t)un);
24560 	} else {
24561 		un->un_resvd_status &= ~SD_RESERVE;
24562 		mutex_exit(SD_MUTEX(un));
24563 	}
24564 
24565 error:
24566 	if (tkown != NULL) {
24567 		kmem_free(tkown, sizeof (struct mhioctkown));
24568 	}
24569 	return (rval);
24570 }
24571 
24572 
24573 /*
24574  *    Function: sd_mhdioc_release
24575  *
24576  * Description: This routine is the driver entry point for handling ioctl
24577  *		requests to release exclusive access rights to the multihost
24578  *		disk (MHIOCRELEASE).
24579  *
24580  *   Arguments: dev	- the device number
24581  *
24582  * Return Code: 0
24583  *		ENXIO
24584  */
24585 
24586 static int
24587 sd_mhdioc_release(dev_t dev)
24588 {
24589 	struct sd_lun		*un = NULL;
24590 	timeout_id_t		resvd_timeid_save;
24591 	int			resvd_status_save;
24592 	int			rval = 0;
24593 
24594 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24595 		return (ENXIO);
24596 	}
24597 
24598 	mutex_enter(SD_MUTEX(un));
24599 	resvd_status_save = un->un_resvd_status;
24600 	un->un_resvd_status &=
24601 	    ~(SD_RESERVE | SD_LOST_RESERVE | SD_WANT_RESERVE);
24602 	if (un->un_resvd_timeid) {
24603 		resvd_timeid_save = un->un_resvd_timeid;
24604 		un->un_resvd_timeid = NULL;
24605 		mutex_exit(SD_MUTEX(un));
24606 		(void) untimeout(resvd_timeid_save);
24607 	} else {
24608 		mutex_exit(SD_MUTEX(un));
24609 	}
24610 
24611 	/*
24612 	 * destroy any pending timeout thread that may be attempting to
24613 	 * reinstate reservation on this device.
24614 	 */
24615 	sd_rmv_resv_reclaim_req(dev);
24616 
24617 	if ((rval = sd_reserve_release(dev, SD_RELEASE)) == 0) {
24618 		mutex_enter(SD_MUTEX(un));
24619 		if ((un->un_mhd_token) &&
24620 		    ((un->un_resvd_status & SD_FAILFAST) == 0)) {
24621 			mutex_exit(SD_MUTEX(un));
24622 			(void) sd_check_mhd(dev, 0);
24623 		} else {
24624 			mutex_exit(SD_MUTEX(un));
24625 		}
24626 		(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_CANCEL,
24627 		    sd_mhd_reset_notify_cb, (caddr_t)un);
24628 	} else {
24629 		/*
24630 		 * sd_mhd_watch_cb will restart the resvd recover timeout thread
24631 		 */
24632 		mutex_enter(SD_MUTEX(un));
24633 		un->un_resvd_status = resvd_status_save;
24634 		mutex_exit(SD_MUTEX(un));
24635 	}
24636 	return (rval);
24637 }
24638 
24639 
24640 /*
24641  *    Function: sd_mhdioc_register_devid
24642  *
24643  * Description: This routine is the driver entry point for handling ioctl
24644  *		requests to register the device id (MHIOCREREGISTERDEVID).
24645  *
24646  *		Note: The implementation for this ioctl has been updated to
24647  *		be consistent with the original PSARC case (1999/357)
24648  *		(4375899, 4241671, 4220005)
24649  *
24650  *   Arguments: dev	- the device number
24651  *
24652  * Return Code: 0
24653  *		ENXIO
24654  */
24655 
24656 static int
24657 sd_mhdioc_register_devid(dev_t dev)
24658 {
24659 	struct sd_lun	*un = NULL;
24660 	int		rval = 0;
24661 
24662 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24663 		return (ENXIO);
24664 	}
24665 
24666 	ASSERT(!mutex_owned(SD_MUTEX(un)));
24667 
24668 	mutex_enter(SD_MUTEX(un));
24669 
24670 	/* If a devid already exists, de-register it */
24671 	if (un->un_devid != NULL) {
24672 		ddi_devid_unregister(SD_DEVINFO(un));
24673 		/*
24674 		 * After unregister devid, needs to free devid memory
24675 		 */
24676 		ddi_devid_free(un->un_devid);
24677 		un->un_devid = NULL;
24678 	}
24679 
24680 	/* Check for reservation conflict */
24681 	mutex_exit(SD_MUTEX(un));
24682 	rval = sd_send_scsi_TEST_UNIT_READY(un, 0);
24683 	mutex_enter(SD_MUTEX(un));
24684 
24685 	switch (rval) {
24686 	case 0:
24687 		sd_register_devid(un, SD_DEVINFO(un), SD_TARGET_IS_UNRESERVED);
24688 		break;
24689 	case EACCES:
24690 		break;
24691 	default:
24692 		rval = EIO;
24693 	}
24694 
24695 	mutex_exit(SD_MUTEX(un));
24696 	return (rval);
24697 }
24698 
24699 
24700 /*
24701  *    Function: sd_mhdioc_inkeys
24702  *
24703  * Description: This routine is the driver entry point for handling ioctl
24704  *		requests to issue the SCSI-3 Persistent In Read Keys command
24705  *		to the device (MHIOCGRP_INKEYS).
24706  *
24707  *   Arguments: dev	- the device number
24708  *		arg	- user provided in_keys structure
24709  *		flag	- this argument is a pass through to ddi_copyxxx()
24710  *			  directly from the mode argument of ioctl().
24711  *
24712  * Return Code: code returned by sd_persistent_reservation_in_read_keys()
24713  *		ENXIO
24714  *		EFAULT
24715  */
24716 
24717 static int
24718 sd_mhdioc_inkeys(dev_t dev, caddr_t arg, int flag)
24719 {
24720 	struct sd_lun		*un;
24721 	mhioc_inkeys_t		inkeys;
24722 	int			rval = 0;
24723 
24724 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24725 		return (ENXIO);
24726 	}
24727 
24728 #ifdef _MULTI_DATAMODEL
24729 	switch (ddi_model_convert_from(flag & FMODELS)) {
24730 	case DDI_MODEL_ILP32: {
24731 		struct mhioc_inkeys32	inkeys32;
24732 
24733 		if (ddi_copyin(arg, &inkeys32,
24734 		    sizeof (struct mhioc_inkeys32), flag) != 0) {
24735 			return (EFAULT);
24736 		}
24737 		inkeys.li = (mhioc_key_list_t *)(uintptr_t)inkeys32.li;
24738 		if ((rval = sd_persistent_reservation_in_read_keys(un,
24739 		    &inkeys, flag)) != 0) {
24740 			return (rval);
24741 		}
24742 		inkeys32.generation = inkeys.generation;
24743 		if (ddi_copyout(&inkeys32, arg, sizeof (struct mhioc_inkeys32),
24744 		    flag) != 0) {
24745 			return (EFAULT);
24746 		}
24747 		break;
24748 	}
24749 	case DDI_MODEL_NONE:
24750 		if (ddi_copyin(arg, &inkeys, sizeof (mhioc_inkeys_t),
24751 		    flag) != 0) {
24752 			return (EFAULT);
24753 		}
24754 		if ((rval = sd_persistent_reservation_in_read_keys(un,
24755 		    &inkeys, flag)) != 0) {
24756 			return (rval);
24757 		}
24758 		if (ddi_copyout(&inkeys, arg, sizeof (mhioc_inkeys_t),
24759 		    flag) != 0) {
24760 			return (EFAULT);
24761 		}
24762 		break;
24763 	}
24764 
24765 #else /* ! _MULTI_DATAMODEL */
24766 
24767 	if (ddi_copyin(arg, &inkeys, sizeof (mhioc_inkeys_t), flag) != 0) {
24768 		return (EFAULT);
24769 	}
24770 	rval = sd_persistent_reservation_in_read_keys(un, &inkeys, flag);
24771 	if (rval != 0) {
24772 		return (rval);
24773 	}
24774 	if (ddi_copyout(&inkeys, arg, sizeof (mhioc_inkeys_t), flag) != 0) {
24775 		return (EFAULT);
24776 	}
24777 
24778 #endif /* _MULTI_DATAMODEL */
24779 
24780 	return (rval);
24781 }
24782 
24783 
24784 /*
24785  *    Function: sd_mhdioc_inresv
24786  *
24787  * Description: This routine is the driver entry point for handling ioctl
24788  *		requests to issue the SCSI-3 Persistent In Read Reservations
24789  *		command to the device (MHIOCGRP_INKEYS).
24790  *
24791  *   Arguments: dev	- the device number
24792  *		arg	- user provided in_resv structure
24793  *		flag	- this argument is a pass through to ddi_copyxxx()
24794  *			  directly from the mode argument of ioctl().
24795  *
24796  * Return Code: code returned by sd_persistent_reservation_in_read_resv()
24797  *		ENXIO
24798  *		EFAULT
24799  */
24800 
24801 static int
24802 sd_mhdioc_inresv(dev_t dev, caddr_t arg, int flag)
24803 {
24804 	struct sd_lun		*un;
24805 	mhioc_inresvs_t		inresvs;
24806 	int			rval = 0;
24807 
24808 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24809 		return (ENXIO);
24810 	}
24811 
24812 #ifdef _MULTI_DATAMODEL
24813 
24814 	switch (ddi_model_convert_from(flag & FMODELS)) {
24815 	case DDI_MODEL_ILP32: {
24816 		struct mhioc_inresvs32	inresvs32;
24817 
24818 		if (ddi_copyin(arg, &inresvs32,
24819 		    sizeof (struct mhioc_inresvs32), flag) != 0) {
24820 			return (EFAULT);
24821 		}
24822 		inresvs.li = (mhioc_resv_desc_list_t *)(uintptr_t)inresvs32.li;
24823 		if ((rval = sd_persistent_reservation_in_read_resv(un,
24824 		    &inresvs, flag)) != 0) {
24825 			return (rval);
24826 		}
24827 		inresvs32.generation = inresvs.generation;
24828 		if (ddi_copyout(&inresvs32, arg,
24829 		    sizeof (struct mhioc_inresvs32), flag) != 0) {
24830 			return (EFAULT);
24831 		}
24832 		break;
24833 	}
24834 	case DDI_MODEL_NONE:
24835 		if (ddi_copyin(arg, &inresvs,
24836 		    sizeof (mhioc_inresvs_t), flag) != 0) {
24837 			return (EFAULT);
24838 		}
24839 		if ((rval = sd_persistent_reservation_in_read_resv(un,
24840 		    &inresvs, flag)) != 0) {
24841 			return (rval);
24842 		}
24843 		if (ddi_copyout(&inresvs, arg,
24844 		    sizeof (mhioc_inresvs_t), flag) != 0) {
24845 			return (EFAULT);
24846 		}
24847 		break;
24848 	}
24849 
24850 #else /* ! _MULTI_DATAMODEL */
24851 
24852 	if (ddi_copyin(arg, &inresvs, sizeof (mhioc_inresvs_t), flag) != 0) {
24853 		return (EFAULT);
24854 	}
24855 	rval = sd_persistent_reservation_in_read_resv(un, &inresvs, flag);
24856 	if (rval != 0) {
24857 		return (rval);
24858 	}
24859 	if (ddi_copyout(&inresvs, arg, sizeof (mhioc_inresvs_t), flag)) {
24860 		return (EFAULT);
24861 	}
24862 
24863 #endif /* ! _MULTI_DATAMODEL */
24864 
24865 	return (rval);
24866 }
24867 
24868 
24869 /*
24870  * The following routines support the clustering functionality described below
24871  * and implement lost reservation reclaim functionality.
24872  *
24873  * Clustering
24874  * ----------
24875  * The clustering code uses two different, independent forms of SCSI
24876  * reservation. Traditional SCSI-2 Reserve/Release and the newer SCSI-3
24877  * Persistent Group Reservations. For any particular disk, it will use either
24878  * SCSI-2 or SCSI-3 PGR but never both at the same time for the same disk.
24879  *
24880  * SCSI-2
24881  * The cluster software takes ownership of a multi-hosted disk by issuing the
24882  * MHIOCTKOWN ioctl to the disk driver. It releases ownership by issuing the
24883  * MHIOCRELEASE ioctl.Closely related is the MHIOCENFAILFAST ioctl -- a cluster,
24884  * just after taking ownership of the disk with the MHIOCTKOWN ioctl then issues
24885  * the MHIOCENFAILFAST ioctl.  This ioctl "enables failfast" in the driver. The
24886  * meaning of failfast is that if the driver (on this host) ever encounters the
24887  * scsi error return code RESERVATION_CONFLICT from the device, it should
24888  * immediately panic the host. The motivation for this ioctl is that if this
24889  * host does encounter reservation conflict, the underlying cause is that some
24890  * other host of the cluster has decided that this host is no longer in the
24891  * cluster and has seized control of the disks for itself. Since this host is no
24892  * longer in the cluster, it ought to panic itself. The MHIOCENFAILFAST ioctl
24893  * does two things:
24894  *	(a) it sets a flag that will cause any returned RESERVATION_CONFLICT
24895  *      error to panic the host
24896  *      (b) it sets up a periodic timer to test whether this host still has
24897  *      "access" (in that no other host has reserved the device):  if the
24898  *      periodic timer gets RESERVATION_CONFLICT, the host is panicked. The
24899  *      purpose of that periodic timer is to handle scenarios where the host is
24900  *      otherwise temporarily quiescent, temporarily doing no real i/o.
24901  * The MHIOCTKOWN ioctl will "break" a reservation that is held by another host,
24902  * by issuing a SCSI Bus Device Reset.  It will then issue a SCSI Reserve for
24903  * the device itself.
24904  *
24905  * SCSI-3 PGR
24906  * A direct semantic implementation of the SCSI-3 Persistent Reservation
24907  * facility is supported through the shared multihost disk ioctls
24908  * (MHIOCGRP_INKEYS, MHIOCGRP_INRESV, MHIOCGRP_REGISTER, MHIOCGRP_RESERVE,
24909  * MHIOCGRP_PREEMPTANDABORT)
24910  *
24911  * Reservation Reclaim:
24912  * --------------------
24913  * To support the lost reservation reclaim operations this driver creates a
24914  * single thread to handle reinstating reservations on all devices that have
24915  * lost reservations sd_resv_reclaim_requests are logged for all devices that
24916  * have LOST RESERVATIONS when the scsi watch facility callsback sd_mhd_watch_cb
24917  * and the reservation reclaim thread loops through the requests to regain the
24918  * lost reservations.
24919  */
24920 
24921 /*
24922  *    Function: sd_check_mhd()
24923  *
24924  * Description: This function sets up and submits a scsi watch request or
24925  *		terminates an existing watch request. This routine is used in
24926  *		support of reservation reclaim.
24927  *
24928  *   Arguments: dev    - the device 'dev_t' is used for context to discriminate
24929  *			 among multiple watches that share the callback function
24930  *		interval - the number of microseconds specifying the watch
24931  *			   interval for issuing TEST UNIT READY commands. If
24932  *			   set to 0 the watch should be terminated. If the
24933  *			   interval is set to 0 and if the device is required
24934  *			   to hold reservation while disabling failfast, the
24935  *			   watch is restarted with an interval of
24936  *			   reinstate_resv_delay.
24937  *
24938  * Return Code: 0	   - Successful submit/terminate of scsi watch request
24939  *		ENXIO      - Indicates an invalid device was specified
24940  *		EAGAIN     - Unable to submit the scsi watch request
24941  */
24942 
24943 static int
24944 sd_check_mhd(dev_t dev, int interval)
24945 {
24946 	struct sd_lun	*un;
24947 	opaque_t	token;
24948 
24949 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24950 		return (ENXIO);
24951 	}
24952 
24953 	/* is this a watch termination request? */
24954 	if (interval == 0) {
24955 		mutex_enter(SD_MUTEX(un));
24956 		/* if there is an existing watch task then terminate it */
24957 		if (un->un_mhd_token) {
24958 			token = un->un_mhd_token;
24959 			un->un_mhd_token = NULL;
24960 			mutex_exit(SD_MUTEX(un));
24961 			(void) scsi_watch_request_terminate(token,
24962 			    SCSI_WATCH_TERMINATE_WAIT);
24963 			mutex_enter(SD_MUTEX(un));
24964 		} else {
24965 			mutex_exit(SD_MUTEX(un));
24966 			/*
24967 			 * Note: If we return here we don't check for the
24968 			 * failfast case. This is the original legacy
24969 			 * implementation but perhaps we should be checking
24970 			 * the failfast case.
24971 			 */
24972 			return (0);
24973 		}
24974 		/*
24975 		 * If the device is required to hold reservation while
24976 		 * disabling failfast, we need to restart the scsi_watch
24977 		 * routine with an interval of reinstate_resv_delay.
24978 		 */
24979 		if (un->un_resvd_status & SD_RESERVE) {
24980 			interval = sd_reinstate_resv_delay/1000;
24981 		} else {
24982 			/* no failfast so bail */
24983 			mutex_exit(SD_MUTEX(un));
24984 			return (0);
24985 		}
24986 		mutex_exit(SD_MUTEX(un));
24987 	}
24988 
24989 	/*
24990 	 * adjust minimum time interval to 1 second,
24991 	 * and convert from msecs to usecs
24992 	 */
24993 	if (interval > 0 && interval < 1000) {
24994 		interval = 1000;
24995 	}
24996 	interval *= 1000;
24997 
24998 	/*
24999 	 * submit the request to the scsi_watch service
25000 	 */
25001 	token = scsi_watch_request_submit(SD_SCSI_DEVP(un), interval,
25002 	    SENSE_LENGTH, sd_mhd_watch_cb, (caddr_t)dev);
25003 	if (token == NULL) {
25004 		return (EAGAIN);
25005 	}
25006 
25007 	/*
25008 	 * save token for termination later on
25009 	 */
25010 	mutex_enter(SD_MUTEX(un));
25011 	un->un_mhd_token = token;
25012 	mutex_exit(SD_MUTEX(un));
25013 	return (0);
25014 }
25015 
25016 
25017 /*
25018  *    Function: sd_mhd_watch_cb()
25019  *
25020  * Description: This function is the call back function used by the scsi watch
25021  *		facility. The scsi watch facility sends the "Test Unit Ready"
25022  *		and processes the status. If applicable (i.e. a "Unit Attention"
25023  *		status and automatic "Request Sense" not used) the scsi watch
25024  *		facility will send a "Request Sense" and retrieve the sense data
25025  *		to be passed to this callback function. In either case the
25026  *		automatic "Request Sense" or the facility submitting one, this
25027  *		callback is passed the status and sense data.
25028  *
25029  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
25030  *			among multiple watches that share this callback function
25031  *		resultp - scsi watch facility result packet containing scsi
25032  *			  packet, status byte and sense data
25033  *
25034  * Return Code: 0 - continue the watch task
25035  *		non-zero - terminate the watch task
25036  */
25037 
25038 static int
25039 sd_mhd_watch_cb(caddr_t arg, struct scsi_watch_result *resultp)
25040 {
25041 	struct sd_lun			*un;
25042 	struct scsi_status		*statusp;
25043 	struct scsi_extended_sense	*sensep;
25044 	struct scsi_pkt			*pkt;
25045 	uchar_t				actual_sense_length;
25046 	dev_t  				dev = (dev_t)arg;
25047 
25048 	ASSERT(resultp != NULL);
25049 	statusp			= resultp->statusp;
25050 	sensep			= resultp->sensep;
25051 	pkt			= resultp->pkt;
25052 	actual_sense_length	= resultp->actual_sense_length;
25053 
25054 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25055 		return (ENXIO);
25056 	}
25057 
25058 	SD_TRACE(SD_LOG_IOCTL_MHD, un,
25059 	    "sd_mhd_watch_cb: reason '%s', status '%s'\n",
25060 	    scsi_rname(pkt->pkt_reason), sd_sname(*((unsigned char *)statusp)));
25061 
25062 	/* Begin processing of the status and/or sense data */
25063 	if (pkt->pkt_reason != CMD_CMPLT) {
25064 		/* Handle the incomplete packet */
25065 		sd_mhd_watch_incomplete(un, pkt);
25066 		return (0);
25067 	} else if (*((unsigned char *)statusp) != STATUS_GOOD) {
25068 		if (*((unsigned char *)statusp)
25069 		    == STATUS_RESERVATION_CONFLICT) {
25070 			/*
25071 			 * Handle a reservation conflict by panicking if
25072 			 * configured for failfast or by logging the conflict
25073 			 * and updating the reservation status
25074 			 */
25075 			mutex_enter(SD_MUTEX(un));
25076 			if ((un->un_resvd_status & SD_FAILFAST) &&
25077 			    (sd_failfast_enable)) {
25078 				panic("Reservation Conflict");
25079 				/*NOTREACHED*/
25080 			}
25081 			SD_INFO(SD_LOG_IOCTL_MHD, un,
25082 			    "sd_mhd_watch_cb: Reservation Conflict\n");
25083 			un->un_resvd_status |= SD_RESERVATION_CONFLICT;
25084 			mutex_exit(SD_MUTEX(un));
25085 		}
25086 	}
25087 
25088 	if (sensep != NULL) {
25089 		if (actual_sense_length >= (SENSE_LENGTH - 2)) {
25090 			mutex_enter(SD_MUTEX(un));
25091 			if ((sensep->es_add_code == SD_SCSI_RESET_SENSE_CODE) &&
25092 			    (un->un_resvd_status & SD_RESERVE)) {
25093 				/*
25094 				 * The additional sense code indicates a power
25095 				 * on or bus device reset has occurred; update
25096 				 * the reservation status.
25097 				 */
25098 				un->un_resvd_status |=
25099 				    (SD_LOST_RESERVE | SD_WANT_RESERVE);
25100 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25101 				    "sd_mhd_watch_cb: Lost Reservation\n");
25102 			}
25103 		} else {
25104 			return (0);
25105 		}
25106 	} else {
25107 		mutex_enter(SD_MUTEX(un));
25108 	}
25109 
25110 	if ((un->un_resvd_status & SD_RESERVE) &&
25111 	    (un->un_resvd_status & SD_LOST_RESERVE)) {
25112 		if (un->un_resvd_status & SD_WANT_RESERVE) {
25113 			/*
25114 			 * A reset occurred in between the last probe and this
25115 			 * one so if a timeout is pending cancel it.
25116 			 */
25117 			if (un->un_resvd_timeid) {
25118 				timeout_id_t temp_id = un->un_resvd_timeid;
25119 				un->un_resvd_timeid = NULL;
25120 				mutex_exit(SD_MUTEX(un));
25121 				(void) untimeout(temp_id);
25122 				mutex_enter(SD_MUTEX(un));
25123 			}
25124 			un->un_resvd_status &= ~SD_WANT_RESERVE;
25125 		}
25126 		if (un->un_resvd_timeid == 0) {
25127 			/* Schedule a timeout to handle the lost reservation */
25128 			un->un_resvd_timeid = timeout(sd_mhd_resvd_recover,
25129 			    (void *)dev,
25130 			    drv_usectohz(sd_reinstate_resv_delay));
25131 		}
25132 	}
25133 	mutex_exit(SD_MUTEX(un));
25134 	return (0);
25135 }
25136 
25137 
25138 /*
25139  *    Function: sd_mhd_watch_incomplete()
25140  *
25141  * Description: This function is used to find out why a scsi pkt sent by the
25142  *		scsi watch facility was not completed. Under some scenarios this
25143  *		routine will return. Otherwise it will send a bus reset to see
25144  *		if the drive is still online.
25145  *
25146  *   Arguments: un  - driver soft state (unit) structure
25147  *		pkt - incomplete scsi pkt
25148  */
25149 
25150 static void
25151 sd_mhd_watch_incomplete(struct sd_lun *un, struct scsi_pkt *pkt)
25152 {
25153 	int	be_chatty;
25154 	int	perr;
25155 
25156 	ASSERT(pkt != NULL);
25157 	ASSERT(un != NULL);
25158 	be_chatty	= (!(pkt->pkt_flags & FLAG_SILENT));
25159 	perr		= (pkt->pkt_statistics & STAT_PERR);
25160 
25161 	mutex_enter(SD_MUTEX(un));
25162 	if (un->un_state == SD_STATE_DUMPING) {
25163 		mutex_exit(SD_MUTEX(un));
25164 		return;
25165 	}
25166 
25167 	switch (pkt->pkt_reason) {
25168 	case CMD_UNX_BUS_FREE:
25169 		/*
25170 		 * If we had a parity error that caused the target to drop BSY*,
25171 		 * don't be chatty about it.
25172 		 */
25173 		if (perr && be_chatty) {
25174 			be_chatty = 0;
25175 		}
25176 		break;
25177 	case CMD_TAG_REJECT:
25178 		/*
25179 		 * The SCSI-2 spec states that a tag reject will be sent by the
25180 		 * target if tagged queuing is not supported. A tag reject may
25181 		 * also be sent during certain initialization periods or to
25182 		 * control internal resources. For the latter case the target
25183 		 * may also return Queue Full.
25184 		 *
25185 		 * If this driver receives a tag reject from a target that is
25186 		 * going through an init period or controlling internal
25187 		 * resources tagged queuing will be disabled. This is a less
25188 		 * than optimal behavior but the driver is unable to determine
25189 		 * the target state and assumes tagged queueing is not supported
25190 		 */
25191 		pkt->pkt_flags = 0;
25192 		un->un_tagflags = 0;
25193 
25194 		if (un->un_f_opt_queueing == TRUE) {
25195 			un->un_throttle = min(un->un_throttle, 3);
25196 		} else {
25197 			un->un_throttle = 1;
25198 		}
25199 		mutex_exit(SD_MUTEX(un));
25200 		(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
25201 		mutex_enter(SD_MUTEX(un));
25202 		break;
25203 	case CMD_INCOMPLETE:
25204 		/*
25205 		 * The transport stopped with an abnormal state, fallthrough and
25206 		 * reset the target and/or bus unless selection did not complete
25207 		 * (indicated by STATE_GOT_BUS) in which case we don't want to
25208 		 * go through a target/bus reset
25209 		 */
25210 		if (pkt->pkt_state == STATE_GOT_BUS) {
25211 			break;
25212 		}
25213 		/*FALLTHROUGH*/
25214 
25215 	case CMD_TIMEOUT:
25216 	default:
25217 		/*
25218 		 * The lun may still be running the command, so a lun reset
25219 		 * should be attempted. If the lun reset fails or cannot be
25220 		 * issued, than try a target reset. Lastly try a bus reset.
25221 		 */
25222 		if ((pkt->pkt_statistics &
25223 		    (STAT_BUS_RESET|STAT_DEV_RESET|STAT_ABORTED)) == 0) {
25224 			int reset_retval = 0;
25225 			mutex_exit(SD_MUTEX(un));
25226 			if (un->un_f_allow_bus_device_reset == TRUE) {
25227 				if (un->un_f_lun_reset_enabled == TRUE) {
25228 					reset_retval =
25229 					    scsi_reset(SD_ADDRESS(un),
25230 					    RESET_LUN);
25231 				}
25232 				if (reset_retval == 0) {
25233 					reset_retval =
25234 					    scsi_reset(SD_ADDRESS(un),
25235 					    RESET_TARGET);
25236 				}
25237 			}
25238 			if (reset_retval == 0) {
25239 				(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
25240 			}
25241 			mutex_enter(SD_MUTEX(un));
25242 		}
25243 		break;
25244 	}
25245 
25246 	/* A device/bus reset has occurred; update the reservation status. */
25247 	if ((pkt->pkt_reason == CMD_RESET) || (pkt->pkt_statistics &
25248 	    (STAT_BUS_RESET | STAT_DEV_RESET))) {
25249 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25250 			un->un_resvd_status |=
25251 			    (SD_LOST_RESERVE | SD_WANT_RESERVE);
25252 			SD_INFO(SD_LOG_IOCTL_MHD, un,
25253 			    "sd_mhd_watch_incomplete: Lost Reservation\n");
25254 		}
25255 	}
25256 
25257 	/*
25258 	 * The disk has been turned off; Update the device state.
25259 	 *
25260 	 * Note: Should we be offlining the disk here?
25261 	 */
25262 	if (pkt->pkt_state == STATE_GOT_BUS) {
25263 		SD_INFO(SD_LOG_IOCTL_MHD, un, "sd_mhd_watch_incomplete: "
25264 		    "Disk not responding to selection\n");
25265 		if (un->un_state != SD_STATE_OFFLINE) {
25266 			New_state(un, SD_STATE_OFFLINE);
25267 		}
25268 	} else if (be_chatty) {
25269 		/*
25270 		 * suppress messages if they are all the same pkt reason;
25271 		 * with TQ, many (up to 256) are returned with the same
25272 		 * pkt_reason
25273 		 */
25274 		if (pkt->pkt_reason != un->un_last_pkt_reason) {
25275 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
25276 			    "sd_mhd_watch_incomplete: "
25277 			    "SCSI transport failed: reason '%s'\n",
25278 			    scsi_rname(pkt->pkt_reason));
25279 		}
25280 	}
25281 	un->un_last_pkt_reason = pkt->pkt_reason;
25282 	mutex_exit(SD_MUTEX(un));
25283 }
25284 
25285 
25286 /*
25287  *    Function: sd_sname()
25288  *
25289  * Description: This is a simple little routine to return a string containing
25290  *		a printable description of command status byte for use in
25291  *		logging.
25292  *
25293  *   Arguments: status - pointer to a status byte
25294  *
25295  * Return Code: char * - string containing status description.
25296  */
25297 
25298 static char *
25299 sd_sname(uchar_t status)
25300 {
25301 	switch (status & STATUS_MASK) {
25302 	case STATUS_GOOD:
25303 		return ("good status");
25304 	case STATUS_CHECK:
25305 		return ("check condition");
25306 	case STATUS_MET:
25307 		return ("condition met");
25308 	case STATUS_BUSY:
25309 		return ("busy");
25310 	case STATUS_INTERMEDIATE:
25311 		return ("intermediate");
25312 	case STATUS_INTERMEDIATE_MET:
25313 		return ("intermediate - condition met");
25314 	case STATUS_RESERVATION_CONFLICT:
25315 		return ("reservation_conflict");
25316 	case STATUS_TERMINATED:
25317 		return ("command terminated");
25318 	case STATUS_QFULL:
25319 		return ("queue full");
25320 	default:
25321 		return ("<unknown status>");
25322 	}
25323 }
25324 
25325 
25326 /*
25327  *    Function: sd_mhd_resvd_recover()
25328  *
25329  * Description: This function adds a reservation entry to the
25330  *		sd_resv_reclaim_request list and signals the reservation
25331  *		reclaim thread that there is work pending. If the reservation
25332  *		reclaim thread has not been previously created this function
25333  *		will kick it off.
25334  *
25335  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
25336  *			among multiple watches that share this callback function
25337  *
25338  *     Context: This routine is called by timeout() and is run in interrupt
25339  *		context. It must not sleep or call other functions which may
25340  *		sleep.
25341  */
25342 
25343 static void
25344 sd_mhd_resvd_recover(void *arg)
25345 {
25346 	dev_t			dev = (dev_t)arg;
25347 	struct sd_lun		*un;
25348 	struct sd_thr_request	*sd_treq = NULL;
25349 	struct sd_thr_request	*sd_cur = NULL;
25350 	struct sd_thr_request	*sd_prev = NULL;
25351 	int			already_there = 0;
25352 
25353 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25354 		return;
25355 	}
25356 
25357 	mutex_enter(SD_MUTEX(un));
25358 	un->un_resvd_timeid = NULL;
25359 	if (un->un_resvd_status & SD_WANT_RESERVE) {
25360 		/*
25361 		 * There was a reset so don't issue the reserve, allow the
25362 		 * sd_mhd_watch_cb callback function to notice this and
25363 		 * reschedule the timeout for reservation.
25364 		 */
25365 		mutex_exit(SD_MUTEX(un));
25366 		return;
25367 	}
25368 	mutex_exit(SD_MUTEX(un));
25369 
25370 	/*
25371 	 * Add this device to the sd_resv_reclaim_request list and the
25372 	 * sd_resv_reclaim_thread should take care of the rest.
25373 	 *
25374 	 * Note: We can't sleep in this context so if the memory allocation
25375 	 * fails allow the sd_mhd_watch_cb callback function to notice this and
25376 	 * reschedule the timeout for reservation.  (4378460)
25377 	 */
25378 	sd_treq = (struct sd_thr_request *)
25379 	    kmem_zalloc(sizeof (struct sd_thr_request), KM_NOSLEEP);
25380 	if (sd_treq == NULL) {
25381 		return;
25382 	}
25383 
25384 	sd_treq->sd_thr_req_next = NULL;
25385 	sd_treq->dev = dev;
25386 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25387 	if (sd_tr.srq_thr_req_head == NULL) {
25388 		sd_tr.srq_thr_req_head = sd_treq;
25389 	} else {
25390 		sd_cur = sd_prev = sd_tr.srq_thr_req_head;
25391 		for (; sd_cur != NULL; sd_cur = sd_cur->sd_thr_req_next) {
25392 			if (sd_cur->dev == dev) {
25393 				/*
25394 				 * already in Queue so don't log
25395 				 * another request for the device
25396 				 */
25397 				already_there = 1;
25398 				break;
25399 			}
25400 			sd_prev = sd_cur;
25401 		}
25402 		if (!already_there) {
25403 			SD_INFO(SD_LOG_IOCTL_MHD, un, "sd_mhd_resvd_recover: "
25404 			    "logging request for %lx\n", dev);
25405 			sd_prev->sd_thr_req_next = sd_treq;
25406 		} else {
25407 			kmem_free(sd_treq, sizeof (struct sd_thr_request));
25408 		}
25409 	}
25410 
25411 	/*
25412 	 * Create a kernel thread to do the reservation reclaim and free up this
25413 	 * thread. We cannot block this thread while we go away to do the
25414 	 * reservation reclaim
25415 	 */
25416 	if (sd_tr.srq_resv_reclaim_thread == NULL)
25417 		sd_tr.srq_resv_reclaim_thread = thread_create(NULL, 0,
25418 		    sd_resv_reclaim_thread, NULL,
25419 		    0, &p0, TS_RUN, v.v_maxsyspri - 2);
25420 
25421 	/* Tell the reservation reclaim thread that it has work to do */
25422 	cv_signal(&sd_tr.srq_resv_reclaim_cv);
25423 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25424 }
25425 
25426 /*
25427  *    Function: sd_resv_reclaim_thread()
25428  *
25429  * Description: This function implements the reservation reclaim operations
25430  *
25431  *   Arguments: arg - the device 'dev_t' is used for context to discriminate
25432  *		      among multiple watches that share this callback function
25433  */
25434 
25435 static void
25436 sd_resv_reclaim_thread()
25437 {
25438 	struct sd_lun		*un;
25439 	struct sd_thr_request	*sd_mhreq;
25440 
25441 	/* Wait for work */
25442 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25443 	if (sd_tr.srq_thr_req_head == NULL) {
25444 		cv_wait(&sd_tr.srq_resv_reclaim_cv,
25445 		    &sd_tr.srq_resv_reclaim_mutex);
25446 	}
25447 
25448 	/* Loop while we have work */
25449 	while ((sd_tr.srq_thr_cur_req = sd_tr.srq_thr_req_head) != NULL) {
25450 		un = ddi_get_soft_state(sd_state,
25451 		    SDUNIT(sd_tr.srq_thr_cur_req->dev));
25452 		if (un == NULL) {
25453 			/*
25454 			 * softstate structure is NULL so just
25455 			 * dequeue the request and continue
25456 			 */
25457 			sd_tr.srq_thr_req_head =
25458 			    sd_tr.srq_thr_cur_req->sd_thr_req_next;
25459 			kmem_free(sd_tr.srq_thr_cur_req,
25460 			    sizeof (struct sd_thr_request));
25461 			continue;
25462 		}
25463 
25464 		/* dequeue the request */
25465 		sd_mhreq = sd_tr.srq_thr_cur_req;
25466 		sd_tr.srq_thr_req_head =
25467 		    sd_tr.srq_thr_cur_req->sd_thr_req_next;
25468 		mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25469 
25470 		/*
25471 		 * Reclaim reservation only if SD_RESERVE is still set. There
25472 		 * may have been a call to MHIOCRELEASE before we got here.
25473 		 */
25474 		mutex_enter(SD_MUTEX(un));
25475 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25476 			/*
25477 			 * Note: The SD_LOST_RESERVE flag is cleared before
25478 			 * reclaiming the reservation. If this is done after the
25479 			 * call to sd_reserve_release a reservation loss in the
25480 			 * window between pkt completion of reserve cmd and
25481 			 * mutex_enter below may not be recognized
25482 			 */
25483 			un->un_resvd_status &= ~SD_LOST_RESERVE;
25484 			mutex_exit(SD_MUTEX(un));
25485 
25486 			if (sd_reserve_release(sd_mhreq->dev,
25487 			    SD_RESERVE) == 0) {
25488 				mutex_enter(SD_MUTEX(un));
25489 				un->un_resvd_status |= SD_RESERVE;
25490 				mutex_exit(SD_MUTEX(un));
25491 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25492 				    "sd_resv_reclaim_thread: "
25493 				    "Reservation Recovered\n");
25494 			} else {
25495 				mutex_enter(SD_MUTEX(un));
25496 				un->un_resvd_status |= SD_LOST_RESERVE;
25497 				mutex_exit(SD_MUTEX(un));
25498 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25499 				    "sd_resv_reclaim_thread: Failed "
25500 				    "Reservation Recovery\n");
25501 			}
25502 		} else {
25503 			mutex_exit(SD_MUTEX(un));
25504 		}
25505 		mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25506 		ASSERT(sd_mhreq == sd_tr.srq_thr_cur_req);
25507 		kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25508 		sd_mhreq = sd_tr.srq_thr_cur_req = NULL;
25509 		/*
25510 		 * wakeup the destroy thread if anyone is waiting on
25511 		 * us to complete.
25512 		 */
25513 		cv_signal(&sd_tr.srq_inprocess_cv);
25514 		SD_TRACE(SD_LOG_IOCTL_MHD, un,
25515 		    "sd_resv_reclaim_thread: cv_signalling current request \n");
25516 	}
25517 
25518 	/*
25519 	 * cleanup the sd_tr structure now that this thread will not exist
25520 	 */
25521 	ASSERT(sd_tr.srq_thr_req_head == NULL);
25522 	ASSERT(sd_tr.srq_thr_cur_req == NULL);
25523 	sd_tr.srq_resv_reclaim_thread = NULL;
25524 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25525 	thread_exit();
25526 }
25527 
25528 
25529 /*
25530  *    Function: sd_rmv_resv_reclaim_req()
25531  *
25532  * Description: This function removes any pending reservation reclaim requests
25533  *		for the specified device.
25534  *
25535  *   Arguments: dev - the device 'dev_t'
25536  */
25537 
25538 static void
25539 sd_rmv_resv_reclaim_req(dev_t dev)
25540 {
25541 	struct sd_thr_request *sd_mhreq;
25542 	struct sd_thr_request *sd_prev;
25543 
25544 	/* Remove a reservation reclaim request from the list */
25545 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25546 	if (sd_tr.srq_thr_cur_req && sd_tr.srq_thr_cur_req->dev == dev) {
25547 		/*
25548 		 * We are attempting to reinstate reservation for
25549 		 * this device. We wait for sd_reserve_release()
25550 		 * to return before we return.
25551 		 */
25552 		cv_wait(&sd_tr.srq_inprocess_cv,
25553 		    &sd_tr.srq_resv_reclaim_mutex);
25554 	} else {
25555 		sd_prev = sd_mhreq = sd_tr.srq_thr_req_head;
25556 		if (sd_mhreq && sd_mhreq->dev == dev) {
25557 			sd_tr.srq_thr_req_head = sd_mhreq->sd_thr_req_next;
25558 			kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25559 			mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25560 			return;
25561 		}
25562 		for (; sd_mhreq != NULL; sd_mhreq = sd_mhreq->sd_thr_req_next) {
25563 			if (sd_mhreq && sd_mhreq->dev == dev) {
25564 				break;
25565 			}
25566 			sd_prev = sd_mhreq;
25567 		}
25568 		if (sd_mhreq != NULL) {
25569 			sd_prev->sd_thr_req_next = sd_mhreq->sd_thr_req_next;
25570 			kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25571 		}
25572 	}
25573 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25574 }
25575 
25576 
25577 /*
25578  *    Function: sd_mhd_reset_notify_cb()
25579  *
25580  * Description: This is a call back function for scsi_reset_notify. This
25581  *		function updates the softstate reserved status and logs the
25582  *		reset. The driver scsi watch facility callback function
25583  *		(sd_mhd_watch_cb) and reservation reclaim thread functionality
25584  *		will reclaim the reservation.
25585  *
25586  *   Arguments: arg  - driver soft state (unit) structure
25587  */
25588 
25589 static void
25590 sd_mhd_reset_notify_cb(caddr_t arg)
25591 {
25592 	struct sd_lun *un = (struct sd_lun *)arg;
25593 
25594 	mutex_enter(SD_MUTEX(un));
25595 	if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25596 		un->un_resvd_status |= (SD_LOST_RESERVE | SD_WANT_RESERVE);
25597 		SD_INFO(SD_LOG_IOCTL_MHD, un,
25598 		    "sd_mhd_reset_notify_cb: Lost Reservation\n");
25599 	}
25600 	mutex_exit(SD_MUTEX(un));
25601 }
25602 
25603 
25604 /*
25605  *    Function: sd_take_ownership()
25606  *
25607  * Description: This routine implements an algorithm to achieve a stable
25608  *		reservation on disks which don't implement priority reserve,
25609  *		and makes sure that other host lose re-reservation attempts.
25610  *		This algorithm contains of a loop that keeps issuing the RESERVE
25611  *		for some period of time (min_ownership_delay, default 6 seconds)
25612  *		During that loop, it looks to see if there has been a bus device
25613  *		reset or bus reset (both of which cause an existing reservation
25614  *		to be lost). If the reservation is lost issue RESERVE until a
25615  *		period of min_ownership_delay with no resets has gone by, or
25616  *		until max_ownership_delay has expired. This loop ensures that
25617  *		the host really did manage to reserve the device, in spite of
25618  *		resets. The looping for min_ownership_delay (default six
25619  *		seconds) is important to early generation clustering products,
25620  *		Solstice HA 1.x and Sun Cluster 2.x. Those products use an
25621  *		MHIOCENFAILFAST periodic timer of two seconds. By having
25622  *		MHIOCTKOWN issue Reserves in a loop for six seconds, and having
25623  *		MHIOCENFAILFAST poll every two seconds, the idea is that by the
25624  *		time the MHIOCTKOWN ioctl returns, the other host (if any) will
25625  *		have already noticed, via the MHIOCENFAILFAST polling, that it
25626  *		no longer "owns" the disk and will have panicked itself.  Thus,
25627  *		the host issuing the MHIOCTKOWN is assured (with timing
25628  *		dependencies) that by the time it actually starts to use the
25629  *		disk for real work, the old owner is no longer accessing it.
25630  *
25631  *		min_ownership_delay is the minimum amount of time for which the
25632  *		disk must be reserved continuously devoid of resets before the
25633  *		MHIOCTKOWN ioctl will return success.
25634  *
25635  *		max_ownership_delay indicates the amount of time by which the
25636  *		take ownership should succeed or timeout with an error.
25637  *
25638  *   Arguments: dev - the device 'dev_t'
25639  *		*p  - struct containing timing info.
25640  *
25641  * Return Code: 0 for success or error code
25642  */
25643 
25644 static int
25645 sd_take_ownership(dev_t dev, struct mhioctkown *p)
25646 {
25647 	struct sd_lun	*un;
25648 	int		rval;
25649 	int		err;
25650 	int		reservation_count   = 0;
25651 	int		min_ownership_delay =  6000000; /* in usec */
25652 	int		max_ownership_delay = 30000000; /* in usec */
25653 	clock_t		start_time;	/* starting time of this algorithm */
25654 	clock_t		end_time;	/* time limit for giving up */
25655 	clock_t		ownership_time;	/* time limit for stable ownership */
25656 	clock_t		current_time;
25657 	clock_t		previous_current_time;
25658 
25659 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25660 		return (ENXIO);
25661 	}
25662 
25663 	/*
25664 	 * Attempt a device reservation. A priority reservation is requested.
25665 	 */
25666 	if ((rval = sd_reserve_release(dev, SD_PRIORITY_RESERVE))
25667 	    != SD_SUCCESS) {
25668 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
25669 		    "sd_take_ownership: return(1)=%d\n", rval);
25670 		return (rval);
25671 	}
25672 
25673 	/* Update the softstate reserved status to indicate the reservation */
25674 	mutex_enter(SD_MUTEX(un));
25675 	un->un_resvd_status |= SD_RESERVE;
25676 	un->un_resvd_status &=
25677 	    ~(SD_LOST_RESERVE | SD_WANT_RESERVE | SD_RESERVATION_CONFLICT);
25678 	mutex_exit(SD_MUTEX(un));
25679 
25680 	if (p != NULL) {
25681 		if (p->min_ownership_delay != 0) {
25682 			min_ownership_delay = p->min_ownership_delay * 1000;
25683 		}
25684 		if (p->max_ownership_delay != 0) {
25685 			max_ownership_delay = p->max_ownership_delay * 1000;
25686 		}
25687 	}
25688 	SD_INFO(SD_LOG_IOCTL_MHD, un,
25689 	    "sd_take_ownership: min, max delays: %d, %d\n",
25690 	    min_ownership_delay, max_ownership_delay);
25691 
25692 	start_time = ddi_get_lbolt();
25693 	current_time	= start_time;
25694 	ownership_time	= current_time + drv_usectohz(min_ownership_delay);
25695 	end_time	= start_time + drv_usectohz(max_ownership_delay);
25696 
25697 	while (current_time - end_time < 0) {
25698 		delay(drv_usectohz(500000));
25699 
25700 		if ((err = sd_reserve_release(dev, SD_RESERVE)) != 0) {
25701 			if ((sd_reserve_release(dev, SD_RESERVE)) != 0) {
25702 				mutex_enter(SD_MUTEX(un));
25703 				rval = (un->un_resvd_status &
25704 				    SD_RESERVATION_CONFLICT) ? EACCES : EIO;
25705 				mutex_exit(SD_MUTEX(un));
25706 				break;
25707 			}
25708 		}
25709 		previous_current_time = current_time;
25710 		current_time = ddi_get_lbolt();
25711 		mutex_enter(SD_MUTEX(un));
25712 		if (err || (un->un_resvd_status & SD_LOST_RESERVE)) {
25713 			ownership_time = ddi_get_lbolt() +
25714 			    drv_usectohz(min_ownership_delay);
25715 			reservation_count = 0;
25716 		} else {
25717 			reservation_count++;
25718 		}
25719 		un->un_resvd_status |= SD_RESERVE;
25720 		un->un_resvd_status &= ~(SD_LOST_RESERVE | SD_WANT_RESERVE);
25721 		mutex_exit(SD_MUTEX(un));
25722 
25723 		SD_INFO(SD_LOG_IOCTL_MHD, un,
25724 		    "sd_take_ownership: ticks for loop iteration=%ld, "
25725 		    "reservation=%s\n", (current_time - previous_current_time),
25726 		    reservation_count ? "ok" : "reclaimed");
25727 
25728 		if (current_time - ownership_time >= 0 &&
25729 		    reservation_count >= 4) {
25730 			rval = 0; /* Achieved a stable ownership */
25731 			break;
25732 		}
25733 		if (current_time - end_time >= 0) {
25734 			rval = EACCES; /* No ownership in max possible time */
25735 			break;
25736 		}
25737 	}
25738 	SD_TRACE(SD_LOG_IOCTL_MHD, un,
25739 	    "sd_take_ownership: return(2)=%d\n", rval);
25740 	return (rval);
25741 }
25742 
25743 
25744 /*
25745  *    Function: sd_reserve_release()
25746  *
25747  * Description: This function builds and sends scsi RESERVE, RELEASE, and
25748  *		PRIORITY RESERVE commands based on a user specified command type
25749  *
25750  *   Arguments: dev - the device 'dev_t'
25751  *		cmd - user specified command type; one of SD_PRIORITY_RESERVE,
25752  *		      SD_RESERVE, SD_RELEASE
25753  *
25754  * Return Code: 0 or Error Code
25755  */
25756 
25757 static int
25758 sd_reserve_release(dev_t dev, int cmd)
25759 {
25760 	struct uscsi_cmd	*com = NULL;
25761 	struct sd_lun		*un = NULL;
25762 	char			cdb[CDB_GROUP0];
25763 	int			rval;
25764 
25765 	ASSERT((cmd == SD_RELEASE) || (cmd == SD_RESERVE) ||
25766 	    (cmd == SD_PRIORITY_RESERVE));
25767 
25768 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25769 		return (ENXIO);
25770 	}
25771 
25772 	/* instantiate and initialize the command and cdb */
25773 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
25774 	bzero(cdb, CDB_GROUP0);
25775 	com->uscsi_flags   = USCSI_SILENT;
25776 	com->uscsi_timeout = un->un_reserve_release_time;
25777 	com->uscsi_cdblen  = CDB_GROUP0;
25778 	com->uscsi_cdb	   = cdb;
25779 	if (cmd == SD_RELEASE) {
25780 		cdb[0] = SCMD_RELEASE;
25781 	} else {
25782 		cdb[0] = SCMD_RESERVE;
25783 	}
25784 
25785 	/* Send the command. */
25786 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
25787 	    UIO_SYSSPACE, SD_PATH_STANDARD);
25788 
25789 	/*
25790 	 * "break" a reservation that is held by another host, by issuing a
25791 	 * reset if priority reserve is desired, and we could not get the
25792 	 * device.
25793 	 */
25794 	if ((cmd == SD_PRIORITY_RESERVE) &&
25795 	    (rval != 0) && (com->uscsi_status == STATUS_RESERVATION_CONFLICT)) {
25796 		/*
25797 		 * First try to reset the LUN. If we cannot, then try a target
25798 		 * reset, followed by a bus reset if the target reset fails.
25799 		 */
25800 		int reset_retval = 0;
25801 		if (un->un_f_lun_reset_enabled == TRUE) {
25802 			reset_retval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
25803 		}
25804 		if (reset_retval == 0) {
25805 			/* The LUN reset either failed or was not issued */
25806 			reset_retval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
25807 		}
25808 		if ((reset_retval == 0) &&
25809 		    (scsi_reset(SD_ADDRESS(un), RESET_ALL) == 0)) {
25810 			rval = EIO;
25811 			kmem_free(com, sizeof (*com));
25812 			return (rval);
25813 		}
25814 
25815 		bzero(com, sizeof (struct uscsi_cmd));
25816 		com->uscsi_flags   = USCSI_SILENT;
25817 		com->uscsi_cdb	   = cdb;
25818 		com->uscsi_cdblen  = CDB_GROUP0;
25819 		com->uscsi_timeout = 5;
25820 
25821 		/*
25822 		 * Reissue the last reserve command, this time without request
25823 		 * sense.  Assume that it is just a regular reserve command.
25824 		 */
25825 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
25826 		    UIO_SYSSPACE, SD_PATH_STANDARD);
25827 	}
25828 
25829 	/* Return an error if still getting a reservation conflict. */
25830 	if ((rval != 0) && (com->uscsi_status == STATUS_RESERVATION_CONFLICT)) {
25831 		rval = EACCES;
25832 	}
25833 
25834 	kmem_free(com, sizeof (*com));
25835 	return (rval);
25836 }
25837 
25838 
25839 #define	SD_NDUMP_RETRIES	12
25840 /*
25841  *	System Crash Dump routine
25842  */
25843 
25844 static int
25845 sddump(dev_t dev, caddr_t addr, daddr_t blkno, int nblk)
25846 {
25847 	int		instance;
25848 	int		partition;
25849 	int		i;
25850 	int		err;
25851 	struct sd_lun	*un;
25852 	struct dk_map	*lp;
25853 	struct scsi_pkt *wr_pktp;
25854 	struct buf	*wr_bp;
25855 	struct buf	wr_buf;
25856 	daddr_t		tgt_byte_offset; /* rmw - byte offset for target */
25857 	daddr_t		tgt_blkno;	/* rmw - blkno for target */
25858 	size_t		tgt_byte_count; /* rmw -  # of bytes to xfer */
25859 	size_t		tgt_nblk; /* rmw -  # of tgt blks to xfer */
25860 	size_t		io_start_offset;
25861 	int		doing_rmw = FALSE;
25862 	int		rval;
25863 #if defined(__i386) || defined(__amd64)
25864 	ssize_t dma_resid;
25865 	daddr_t oblkno;
25866 #endif
25867 
25868 	instance = SDUNIT(dev);
25869 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
25870 	    (!un->un_f_geometry_is_valid) || ISCD(un)) {
25871 		return (ENXIO);
25872 	}
25873 
25874 	_NOTE(NOW_INVISIBLE_TO_OTHER_THREADS(*un))
25875 
25876 	SD_TRACE(SD_LOG_DUMP, un, "sddump: entry\n");
25877 
25878 	partition = SDPART(dev);
25879 	SD_INFO(SD_LOG_DUMP, un, "sddump: partition = %d\n", partition);
25880 
25881 	/* Validate blocks to dump at against partition size. */
25882 	lp = &un->un_map[partition];
25883 	if ((blkno + nblk) > lp->dkl_nblk) {
25884 		SD_TRACE(SD_LOG_DUMP, un,
25885 		    "sddump: dump range larger than partition: "
25886 		    "blkno = 0x%x, nblk = 0x%x, dkl_nblk = 0x%x\n",
25887 		    blkno, nblk, lp->dkl_nblk);
25888 		return (EINVAL);
25889 	}
25890 
25891 	mutex_enter(&un->un_pm_mutex);
25892 	if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
25893 		struct scsi_pkt *start_pktp;
25894 
25895 		mutex_exit(&un->un_pm_mutex);
25896 
25897 		/*
25898 		 * use pm framework to power on HBA 1st
25899 		 */
25900 		(void) pm_raise_power(SD_DEVINFO(un), 0, SD_SPINDLE_ON);
25901 
25902 		/*
25903 		 * Dump no long uses sdpower to power on a device, it's
25904 		 * in-line here so it can be done in polled mode.
25905 		 */
25906 
25907 		SD_INFO(SD_LOG_DUMP, un, "sddump: starting device\n");
25908 
25909 		start_pktp = scsi_init_pkt(SD_ADDRESS(un), NULL, NULL,
25910 		    CDB_GROUP0, un->un_status_len, 0, 0, NULL_FUNC, NULL);
25911 
25912 		if (start_pktp == NULL) {
25913 			/* We were not given a SCSI packet, fail. */
25914 			return (EIO);
25915 		}
25916 		bzero(start_pktp->pkt_cdbp, CDB_GROUP0);
25917 		start_pktp->pkt_cdbp[0] = SCMD_START_STOP;
25918 		start_pktp->pkt_cdbp[4] = SD_TARGET_START;
25919 		start_pktp->pkt_flags = FLAG_NOINTR;
25920 
25921 		mutex_enter(SD_MUTEX(un));
25922 		SD_FILL_SCSI1_LUN(un, start_pktp);
25923 		mutex_exit(SD_MUTEX(un));
25924 		/*
25925 		 * Scsi_poll returns 0 (success) if the command completes and
25926 		 * the status block is STATUS_GOOD.
25927 		 */
25928 		if (sd_scsi_poll(un, start_pktp) != 0) {
25929 			scsi_destroy_pkt(start_pktp);
25930 			return (EIO);
25931 		}
25932 		scsi_destroy_pkt(start_pktp);
25933 		(void) sd_ddi_pm_resume(un);
25934 	} else {
25935 		mutex_exit(&un->un_pm_mutex);
25936 	}
25937 
25938 	mutex_enter(SD_MUTEX(un));
25939 	un->un_throttle = 0;
25940 
25941 	/*
25942 	 * The first time through, reset the specific target device.
25943 	 * However, when cpr calls sddump we know that sd is in a
25944 	 * a good state so no bus reset is required.
25945 	 * Clear sense data via Request Sense cmd.
25946 	 * In sddump we don't care about allow_bus_device_reset anymore
25947 	 */
25948 
25949 	if ((un->un_state != SD_STATE_SUSPENDED) &&
25950 	    (un->un_state != SD_STATE_DUMPING)) {
25951 
25952 		New_state(un, SD_STATE_DUMPING);
25953 
25954 		if (un->un_f_is_fibre == FALSE) {
25955 			mutex_exit(SD_MUTEX(un));
25956 			/*
25957 			 * Attempt a bus reset for parallel scsi.
25958 			 *
25959 			 * Note: A bus reset is required because on some host
25960 			 * systems (i.e. E420R) a bus device reset is
25961 			 * insufficient to reset the state of the target.
25962 			 *
25963 			 * Note: Don't issue the reset for fibre-channel,
25964 			 * because this tends to hang the bus (loop) for
25965 			 * too long while everyone is logging out and in
25966 			 * and the deadman timer for dumping will fire
25967 			 * before the dump is complete.
25968 			 */
25969 			if (scsi_reset(SD_ADDRESS(un), RESET_ALL) == 0) {
25970 				mutex_enter(SD_MUTEX(un));
25971 				Restore_state(un);
25972 				mutex_exit(SD_MUTEX(un));
25973 				return (EIO);
25974 			}
25975 
25976 			/* Delay to give the device some recovery time. */
25977 			drv_usecwait(10000);
25978 
25979 			if (sd_send_polled_RQS(un) == SD_FAILURE) {
25980 				SD_INFO(SD_LOG_DUMP, un,
25981 					"sddump: sd_send_polled_RQS failed\n");
25982 			}
25983 			mutex_enter(SD_MUTEX(un));
25984 		}
25985 	}
25986 
25987 	/*
25988 	 * Convert the partition-relative block number to a
25989 	 * disk physical block number.
25990 	 */
25991 	blkno += un->un_offset[partition];
25992 	SD_INFO(SD_LOG_DUMP, un, "sddump: disk blkno = 0x%x\n", blkno);
25993 
25994 
25995 	/*
25996 	 * Check if the device has a non-512 block size.
25997 	 */
25998 	wr_bp = NULL;
25999 	if (NOT_DEVBSIZE(un)) {
26000 		tgt_byte_offset = blkno * un->un_sys_blocksize;
26001 		tgt_byte_count = nblk * un->un_sys_blocksize;
26002 		if ((tgt_byte_offset % un->un_tgt_blocksize) ||
26003 		    (tgt_byte_count % un->un_tgt_blocksize)) {
26004 			doing_rmw = TRUE;
26005 			/*
26006 			 * Calculate the block number and number of block
26007 			 * in terms of the media block size.
26008 			 */
26009 			tgt_blkno = tgt_byte_offset / un->un_tgt_blocksize;
26010 			tgt_nblk =
26011 			    ((tgt_byte_offset + tgt_byte_count +
26012 				(un->un_tgt_blocksize - 1)) /
26013 				un->un_tgt_blocksize) - tgt_blkno;
26014 
26015 			/*
26016 			 * Invoke the routine which is going to do read part
26017 			 * of read-modify-write.
26018 			 * Note that this routine returns a pointer to
26019 			 * a valid bp in wr_bp.
26020 			 */
26021 			err = sddump_do_read_of_rmw(un, tgt_blkno, tgt_nblk,
26022 			    &wr_bp);
26023 			if (err) {
26024 				mutex_exit(SD_MUTEX(un));
26025 				return (err);
26026 			}
26027 			/*
26028 			 * Offset is being calculated as -
26029 			 * (original block # * system block size) -
26030 			 * (new block # * target block size)
26031 			 */
26032 			io_start_offset =
26033 			    ((uint64_t)(blkno * un->un_sys_blocksize)) -
26034 			    ((uint64_t)(tgt_blkno * un->un_tgt_blocksize));
26035 
26036 			ASSERT((io_start_offset >= 0) &&
26037 			    (io_start_offset < un->un_tgt_blocksize));
26038 			/*
26039 			 * Do the modify portion of read modify write.
26040 			 */
26041 			bcopy(addr, &wr_bp->b_un.b_addr[io_start_offset],
26042 			    (size_t)nblk * un->un_sys_blocksize);
26043 		} else {
26044 			doing_rmw = FALSE;
26045 			tgt_blkno = tgt_byte_offset / un->un_tgt_blocksize;
26046 			tgt_nblk = tgt_byte_count / un->un_tgt_blocksize;
26047 		}
26048 
26049 		/* Convert blkno and nblk to target blocks */
26050 		blkno = tgt_blkno;
26051 		nblk = tgt_nblk;
26052 	} else {
26053 		wr_bp = &wr_buf;
26054 		bzero(wr_bp, sizeof (struct buf));
26055 		wr_bp->b_flags		= B_BUSY;
26056 		wr_bp->b_un.b_addr	= addr;
26057 		wr_bp->b_bcount		= nblk << DEV_BSHIFT;
26058 		wr_bp->b_resid		= 0;
26059 	}
26060 
26061 	mutex_exit(SD_MUTEX(un));
26062 
26063 	/*
26064 	 * Obtain a SCSI packet for the write command.
26065 	 * It should be safe to call the allocator here without
26066 	 * worrying about being locked for DVMA mapping because
26067 	 * the address we're passed is already a DVMA mapping
26068 	 *
26069 	 * We are also not going to worry about semaphore ownership
26070 	 * in the dump buffer. Dumping is single threaded at present.
26071 	 */
26072 
26073 	wr_pktp = NULL;
26074 
26075 #if defined(__i386) || defined(__amd64)
26076 	dma_resid = wr_bp->b_bcount;
26077 	oblkno = blkno;
26078 	while (dma_resid != 0) {
26079 #endif
26080 
26081 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
26082 		wr_bp->b_flags &= ~B_ERROR;
26083 
26084 #if defined(__i386) || defined(__amd64)
26085 		blkno = oblkno +
26086 			((wr_bp->b_bcount - dma_resid) /
26087 			    un->un_tgt_blocksize);
26088 		nblk = dma_resid / un->un_tgt_blocksize;
26089 
26090 		if (wr_pktp) {
26091 			/* Partial DMA transfers after initial transfer */
26092 			rval = sd_setup_next_rw_pkt(un, wr_pktp, wr_bp,
26093 			    blkno, nblk);
26094 		} else {
26095 			/* Initial transfer */
26096 			rval = sd_setup_rw_pkt(un, &wr_pktp, wr_bp,
26097 			    un->un_pkt_flags, NULL_FUNC, NULL,
26098 			    blkno, nblk);
26099 		}
26100 #else
26101 		rval = sd_setup_rw_pkt(un, &wr_pktp, wr_bp,
26102 		    0, NULL_FUNC, NULL, blkno, nblk);
26103 #endif
26104 
26105 		if (rval == 0) {
26106 			/* We were given a SCSI packet, continue. */
26107 			break;
26108 		}
26109 
26110 		if (i == 0) {
26111 			if (wr_bp->b_flags & B_ERROR) {
26112 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26113 				    "no resources for dumping; "
26114 				    "error code: 0x%x, retrying",
26115 				    geterror(wr_bp));
26116 			} else {
26117 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26118 				    "no resources for dumping; retrying");
26119 			}
26120 		} else if (i != (SD_NDUMP_RETRIES - 1)) {
26121 			if (wr_bp->b_flags & B_ERROR) {
26122 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26123 				    "no resources for dumping; error code: "
26124 				    "0x%x, retrying\n", geterror(wr_bp));
26125 			}
26126 		} else {
26127 			if (wr_bp->b_flags & B_ERROR) {
26128 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26129 				    "no resources for dumping; "
26130 				    "error code: 0x%x, retries failed, "
26131 				    "giving up.\n", geterror(wr_bp));
26132 			} else {
26133 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26134 				    "no resources for dumping; "
26135 				    "retries failed, giving up.\n");
26136 			}
26137 			mutex_enter(SD_MUTEX(un));
26138 			Restore_state(un);
26139 			if (NOT_DEVBSIZE(un) && (doing_rmw == TRUE)) {
26140 				mutex_exit(SD_MUTEX(un));
26141 				scsi_free_consistent_buf(wr_bp);
26142 			} else {
26143 				mutex_exit(SD_MUTEX(un));
26144 			}
26145 			return (EIO);
26146 		}
26147 		drv_usecwait(10000);
26148 	}
26149 
26150 #if defined(__i386) || defined(__amd64)
26151 	/*
26152 	 * save the resid from PARTIAL_DMA
26153 	 */
26154 	dma_resid = wr_pktp->pkt_resid;
26155 	if (dma_resid != 0)
26156 		nblk -= SD_BYTES2TGTBLOCKS(un, dma_resid);
26157 	wr_pktp->pkt_resid = 0;
26158 #endif
26159 
26160 	/* SunBug 1222170 */
26161 	wr_pktp->pkt_flags = FLAG_NOINTR;
26162 
26163 	err = EIO;
26164 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
26165 
26166 		/*
26167 		 * Scsi_poll returns 0 (success) if the command completes and
26168 		 * the status block is STATUS_GOOD.  We should only check
26169 		 * errors if this condition is not true.  Even then we should
26170 		 * send our own request sense packet only if we have a check
26171 		 * condition and auto request sense has not been performed by
26172 		 * the hba.
26173 		 */
26174 		SD_TRACE(SD_LOG_DUMP, un, "sddump: sending write\n");
26175 
26176 		if ((sd_scsi_poll(un, wr_pktp) == 0) &&
26177 		    (wr_pktp->pkt_resid == 0)) {
26178 			err = SD_SUCCESS;
26179 			break;
26180 		}
26181 
26182 		/*
26183 		 * Check CMD_DEV_GONE 1st, give up if device is gone.
26184 		 */
26185 		if (wr_pktp->pkt_reason == CMD_DEV_GONE) {
26186 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26187 			    "Device is gone\n");
26188 			break;
26189 		}
26190 
26191 		if (SD_GET_PKT_STATUS(wr_pktp) == STATUS_CHECK) {
26192 			SD_INFO(SD_LOG_DUMP, un,
26193 			    "sddump: write failed with CHECK, try # %d\n", i);
26194 			if (((wr_pktp->pkt_state & STATE_ARQ_DONE) == 0)) {
26195 				(void) sd_send_polled_RQS(un);
26196 			}
26197 
26198 			continue;
26199 		}
26200 
26201 		if (SD_GET_PKT_STATUS(wr_pktp) == STATUS_BUSY) {
26202 			int reset_retval = 0;
26203 
26204 			SD_INFO(SD_LOG_DUMP, un,
26205 			    "sddump: write failed with BUSY, try # %d\n", i);
26206 
26207 			if (un->un_f_lun_reset_enabled == TRUE) {
26208 				reset_retval = scsi_reset(SD_ADDRESS(un),
26209 				    RESET_LUN);
26210 			}
26211 			if (reset_retval == 0) {
26212 				(void) scsi_reset(SD_ADDRESS(un), RESET_TARGET);
26213 			}
26214 			(void) sd_send_polled_RQS(un);
26215 
26216 		} else {
26217 			SD_INFO(SD_LOG_DUMP, un,
26218 			    "sddump: write failed with 0x%x, try # %d\n",
26219 			    SD_GET_PKT_STATUS(wr_pktp), i);
26220 			mutex_enter(SD_MUTEX(un));
26221 			sd_reset_target(un, wr_pktp);
26222 			mutex_exit(SD_MUTEX(un));
26223 		}
26224 
26225 		/*
26226 		 * If we are not getting anywhere with lun/target resets,
26227 		 * let's reset the bus.
26228 		 */
26229 		if (i == SD_NDUMP_RETRIES/2) {
26230 			(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
26231 			(void) sd_send_polled_RQS(un);
26232 		}
26233 
26234 	}
26235 #if defined(__i386) || defined(__amd64)
26236 	}	/* dma_resid */
26237 #endif
26238 
26239 	scsi_destroy_pkt(wr_pktp);
26240 	mutex_enter(SD_MUTEX(un));
26241 	if ((NOT_DEVBSIZE(un)) && (doing_rmw == TRUE)) {
26242 		mutex_exit(SD_MUTEX(un));
26243 		scsi_free_consistent_buf(wr_bp);
26244 	} else {
26245 		mutex_exit(SD_MUTEX(un));
26246 	}
26247 	SD_TRACE(SD_LOG_DUMP, un, "sddump: exit: err = %d\n", err);
26248 	return (err);
26249 }
26250 
26251 /*
26252  *    Function: sd_scsi_poll()
26253  *
26254  * Description: This is a wrapper for the scsi_poll call.
26255  *
26256  *   Arguments: sd_lun - The unit structure
26257  *              scsi_pkt - The scsi packet being sent to the device.
26258  *
26259  * Return Code: 0 - Command completed successfully with good status
26260  *             -1 - Command failed.  This could indicate a check condition
26261  *                  or other status value requiring recovery action.
26262  *
26263  */
26264 
26265 static int
26266 sd_scsi_poll(struct sd_lun *un, struct scsi_pkt *pktp)
26267 {
26268 	int status;
26269 
26270 	ASSERT(un != NULL);
26271 	ASSERT(!mutex_owned(SD_MUTEX(un)));
26272 	ASSERT(pktp != NULL);
26273 
26274 	status = SD_SUCCESS;
26275 
26276 	if (scsi_ifgetcap(&pktp->pkt_address, "tagged-qing", 1) == 1) {
26277 		pktp->pkt_flags |= un->un_tagflags;
26278 		pktp->pkt_flags &= ~FLAG_NODISCON;
26279 	}
26280 
26281 	status = sd_ddi_scsi_poll(pktp);
26282 	/*
26283 	 * Scsi_poll returns 0 (success) if the command completes and the
26284 	 * status block is STATUS_GOOD.  We should only check errors if this
26285 	 * condition is not true.  Even then we should send our own request
26286 	 * sense packet only if we have a check condition and auto
26287 	 * request sense has not been performed by the hba.
26288 	 * Don't get RQS data if pkt_reason is CMD_DEV_GONE.
26289 	 */
26290 	if ((status != SD_SUCCESS) &&
26291 	    (SD_GET_PKT_STATUS(pktp) == STATUS_CHECK) &&
26292 	    (pktp->pkt_state & STATE_ARQ_DONE) == 0 &&
26293 	    (pktp->pkt_reason != CMD_DEV_GONE))
26294 		(void) sd_send_polled_RQS(un);
26295 
26296 	return (status);
26297 }
26298 
26299 /*
26300  *    Function: sd_send_polled_RQS()
26301  *
26302  * Description: This sends the request sense command to a device.
26303  *
26304  *   Arguments: sd_lun - The unit structure
26305  *
26306  * Return Code: 0 - Command completed successfully with good status
26307  *             -1 - Command failed.
26308  *
26309  */
26310 
26311 static int
26312 sd_send_polled_RQS(struct sd_lun *un)
26313 {
26314 	int	ret_val;
26315 	struct	scsi_pkt	*rqs_pktp;
26316 	struct	buf		*rqs_bp;
26317 
26318 	ASSERT(un != NULL);
26319 	ASSERT(!mutex_owned(SD_MUTEX(un)));
26320 
26321 	ret_val = SD_SUCCESS;
26322 
26323 	rqs_pktp = un->un_rqs_pktp;
26324 	rqs_bp	 = un->un_rqs_bp;
26325 
26326 	mutex_enter(SD_MUTEX(un));
26327 
26328 	if (un->un_sense_isbusy) {
26329 		ret_val = SD_FAILURE;
26330 		mutex_exit(SD_MUTEX(un));
26331 		return (ret_val);
26332 	}
26333 
26334 	/*
26335 	 * If the request sense buffer (and packet) is not in use,
26336 	 * let's set the un_sense_isbusy and send our packet
26337 	 */
26338 	un->un_sense_isbusy 	= 1;
26339 	rqs_pktp->pkt_resid  	= 0;
26340 	rqs_pktp->pkt_reason 	= 0;
26341 	rqs_pktp->pkt_flags |= FLAG_NOINTR;
26342 	bzero(rqs_bp->b_un.b_addr, SENSE_LENGTH);
26343 
26344 	mutex_exit(SD_MUTEX(un));
26345 
26346 	SD_INFO(SD_LOG_COMMON, un, "sd_send_polled_RQS: req sense buf at"
26347 	    " 0x%p\n", rqs_bp->b_un.b_addr);
26348 
26349 	/*
26350 	 * Can't send this to sd_scsi_poll, we wrap ourselves around the
26351 	 * axle - it has a call into us!
26352 	 */
26353 	if ((ret_val = sd_ddi_scsi_poll(rqs_pktp)) != 0) {
26354 		SD_INFO(SD_LOG_COMMON, un,
26355 		    "sd_send_polled_RQS: RQS failed\n");
26356 	}
26357 
26358 	SD_DUMP_MEMORY(un, SD_LOG_COMMON, "sd_send_polled_RQS:",
26359 	    (uchar_t *)rqs_bp->b_un.b_addr, SENSE_LENGTH, SD_LOG_HEX);
26360 
26361 	mutex_enter(SD_MUTEX(un));
26362 	un->un_sense_isbusy = 0;
26363 	mutex_exit(SD_MUTEX(un));
26364 
26365 	return (ret_val);
26366 }
26367 
26368 /*
26369  * Defines needed for localized version of the scsi_poll routine.
26370  */
26371 #define	SD_CSEC		10000			/* usecs */
26372 #define	SD_SEC_TO_CSEC	(1000000/SD_CSEC)
26373 
26374 
26375 /*
26376  *    Function: sd_ddi_scsi_poll()
26377  *
26378  * Description: Localized version of the scsi_poll routine.  The purpose is to
26379  *		send a scsi_pkt to a device as a polled command.  This version
26380  *		is to ensure more robust handling of transport errors.
26381  *		Specifically this routine cures not ready, coming ready
26382  *		transition for power up and reset of sonoma's.  This can take
26383  *		up to 45 seconds for power-on and 20 seconds for reset of a
26384  * 		sonoma lun.
26385  *
26386  *   Arguments: scsi_pkt - The scsi_pkt being sent to a device
26387  *
26388  * Return Code: 0 - Command completed successfully with good status
26389  *             -1 - Command failed.
26390  *
26391  */
26392 
26393 static int
26394 sd_ddi_scsi_poll(struct scsi_pkt *pkt)
26395 {
26396 	int busy_count;
26397 	int timeout;
26398 	int rval = SD_FAILURE;
26399 	int savef;
26400 	struct scsi_extended_sense *sensep;
26401 	long savet;
26402 	void (*savec)();
26403 	/*
26404 	 * The following is defined in machdep.c and is used in determining if
26405 	 * the scsi transport system will do polled I/O instead of interrupt
26406 	 * I/O when called from xx_dump().
26407 	 */
26408 	extern int do_polled_io;
26409 
26410 	/*
26411 	 * save old flags in pkt, to restore at end
26412 	 */
26413 	savef = pkt->pkt_flags;
26414 	savec = pkt->pkt_comp;
26415 	savet = pkt->pkt_time;
26416 
26417 	pkt->pkt_flags |= FLAG_NOINTR;
26418 
26419 	/*
26420 	 * XXX there is nothing in the SCSA spec that states that we should not
26421 	 * do a callback for polled cmds; however, removing this will break sd
26422 	 * and probably other target drivers
26423 	 */
26424 	pkt->pkt_comp = NULL;
26425 
26426 	/*
26427 	 * we don't like a polled command without timeout.
26428 	 * 60 seconds seems long enough.
26429 	 */
26430 	if (pkt->pkt_time == 0) {
26431 		pkt->pkt_time = SCSI_POLL_TIMEOUT;
26432 	}
26433 
26434 	/*
26435 	 * Send polled cmd.
26436 	 *
26437 	 * We do some error recovery for various errors.  Tran_busy,
26438 	 * queue full, and non-dispatched commands are retried every 10 msec.
26439 	 * as they are typically transient failures.  Busy status and Not
26440 	 * Ready are retried every second as this status takes a while to
26441 	 * change.  Unit attention is retried for pkt_time (60) times
26442 	 * with no delay.
26443 	 */
26444 	timeout = pkt->pkt_time * SD_SEC_TO_CSEC;
26445 
26446 	for (busy_count = 0; busy_count < timeout; busy_count++) {
26447 		int rc;
26448 		int poll_delay;
26449 
26450 		/*
26451 		 * Initialize pkt status variables.
26452 		 */
26453 		*pkt->pkt_scbp = pkt->pkt_reason = pkt->pkt_state = 0;
26454 
26455 		if ((rc = scsi_transport(pkt)) != TRAN_ACCEPT) {
26456 			if (rc != TRAN_BUSY) {
26457 				/* Transport failed - give up. */
26458 				break;
26459 			} else {
26460 				/* Transport busy - try again. */
26461 				poll_delay = 1 * SD_CSEC; /* 10 msec */
26462 			}
26463 		} else {
26464 			/*
26465 			 * Transport accepted - check pkt status.
26466 			 */
26467 			rc = (*pkt->pkt_scbp) & STATUS_MASK;
26468 			if (pkt->pkt_reason == CMD_CMPLT &&
26469 			    rc == STATUS_CHECK &&
26470 			    pkt->pkt_state & STATE_ARQ_DONE) {
26471 				struct scsi_arq_status *arqstat =
26472 				    (struct scsi_arq_status *)(pkt->pkt_scbp);
26473 
26474 				sensep = &arqstat->sts_sensedata;
26475 			} else {
26476 				sensep = NULL;
26477 			}
26478 
26479 			if ((pkt->pkt_reason == CMD_CMPLT) &&
26480 			    (rc == STATUS_GOOD)) {
26481 				/* No error - we're done */
26482 				rval = SD_SUCCESS;
26483 				break;
26484 
26485 			} else if (pkt->pkt_reason == CMD_DEV_GONE) {
26486 				/* Lost connection - give up */
26487 				break;
26488 
26489 			} else if ((pkt->pkt_reason == CMD_INCOMPLETE) &&
26490 			    (pkt->pkt_state == 0)) {
26491 				/* Pkt not dispatched - try again. */
26492 				poll_delay = 1 * SD_CSEC; /* 10 msec. */
26493 
26494 			} else if ((pkt->pkt_reason == CMD_CMPLT) &&
26495 			    (rc == STATUS_QFULL)) {
26496 				/* Queue full - try again. */
26497 				poll_delay = 1 * SD_CSEC; /* 10 msec. */
26498 
26499 			} else if ((pkt->pkt_reason == CMD_CMPLT) &&
26500 			    (rc == STATUS_BUSY)) {
26501 				/* Busy - try again. */
26502 				poll_delay = 100 * SD_CSEC; /* 1 sec. */
26503 				busy_count += (SD_SEC_TO_CSEC - 1);
26504 
26505 			} else if ((sensep != NULL) &&
26506 			    (sensep->es_key == KEY_UNIT_ATTENTION)) {
26507 				/* Unit Attention - try again */
26508 				busy_count += (SD_SEC_TO_CSEC - 1); /* 1 */
26509 				continue;
26510 
26511 			} else if ((sensep != NULL) &&
26512 			    (sensep->es_key == KEY_NOT_READY) &&
26513 			    (sensep->es_add_code == 0x04) &&
26514 			    (sensep->es_qual_code == 0x01)) {
26515 				/* Not ready -> ready - try again. */
26516 				poll_delay = 100 * SD_CSEC; /* 1 sec. */
26517 				busy_count += (SD_SEC_TO_CSEC - 1);
26518 
26519 			} else {
26520 				/* BAD status - give up. */
26521 				break;
26522 			}
26523 		}
26524 
26525 		if ((curthread->t_flag & T_INTR_THREAD) == 0 &&
26526 		    !do_polled_io) {
26527 			delay(drv_usectohz(poll_delay));
26528 		} else {
26529 			/* we busy wait during cpr_dump or interrupt threads */
26530 			drv_usecwait(poll_delay);
26531 		}
26532 	}
26533 
26534 	pkt->pkt_flags = savef;
26535 	pkt->pkt_comp = savec;
26536 	pkt->pkt_time = savet;
26537 	return (rval);
26538 }
26539 
26540 
26541 /*
26542  *    Function: sd_persistent_reservation_in_read_keys
26543  *
26544  * Description: This routine is the driver entry point for handling CD-ROM
26545  *		multi-host persistent reservation requests (MHIOCGRP_INKEYS)
26546  *		by sending the SCSI-3 PRIN commands to the device.
26547  *		Processes the read keys command response by copying the
26548  *		reservation key information into the user provided buffer.
26549  *		Support for the 32/64 bit _MULTI_DATAMODEL is implemented.
26550  *
26551  *   Arguments: un   -  Pointer to soft state struct for the target.
26552  *		usrp -	user provided pointer to multihost Persistent In Read
26553  *			Keys structure (mhioc_inkeys_t)
26554  *		flag -	this argument is a pass through to ddi_copyxxx()
26555  *			directly from the mode argument of ioctl().
26556  *
26557  * Return Code: 0   - Success
26558  *		EACCES
26559  *		ENOTSUP
26560  *		errno return code from sd_send_scsi_cmd()
26561  *
26562  *     Context: Can sleep. Does not return until command is completed.
26563  */
26564 
26565 static int
26566 sd_persistent_reservation_in_read_keys(struct sd_lun *un,
26567     mhioc_inkeys_t *usrp, int flag)
26568 {
26569 #ifdef _MULTI_DATAMODEL
26570 	struct mhioc_key_list32	li32;
26571 #endif
26572 	sd_prin_readkeys_t	*in;
26573 	mhioc_inkeys_t		*ptr;
26574 	mhioc_key_list_t	li;
26575 	uchar_t			*data_bufp;
26576 	int 			data_len;
26577 	int			rval;
26578 	size_t			copysz;
26579 
26580 	if ((ptr = (mhioc_inkeys_t *)usrp) == NULL) {
26581 		return (EINVAL);
26582 	}
26583 	bzero(&li, sizeof (mhioc_key_list_t));
26584 
26585 	/*
26586 	 * Get the listsize from user
26587 	 */
26588 #ifdef _MULTI_DATAMODEL
26589 
26590 	switch (ddi_model_convert_from(flag & FMODELS)) {
26591 	case DDI_MODEL_ILP32:
26592 		copysz = sizeof (struct mhioc_key_list32);
26593 		if (ddi_copyin(ptr->li, &li32, copysz, flag)) {
26594 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26595 			    "sd_persistent_reservation_in_read_keys: "
26596 			    "failed ddi_copyin: mhioc_key_list32_t\n");
26597 			rval = EFAULT;
26598 			goto done;
26599 		}
26600 		li.listsize = li32.listsize;
26601 		li.list = (mhioc_resv_key_t *)(uintptr_t)li32.list;
26602 		break;
26603 
26604 	case DDI_MODEL_NONE:
26605 		copysz = sizeof (mhioc_key_list_t);
26606 		if (ddi_copyin(ptr->li, &li, copysz, flag)) {
26607 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26608 			    "sd_persistent_reservation_in_read_keys: "
26609 			    "failed ddi_copyin: mhioc_key_list_t\n");
26610 			rval = EFAULT;
26611 			goto done;
26612 		}
26613 		break;
26614 	}
26615 
26616 #else /* ! _MULTI_DATAMODEL */
26617 	copysz = sizeof (mhioc_key_list_t);
26618 	if (ddi_copyin(ptr->li, &li, copysz, flag)) {
26619 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26620 		    "sd_persistent_reservation_in_read_keys: "
26621 		    "failed ddi_copyin: mhioc_key_list_t\n");
26622 		rval = EFAULT;
26623 		goto done;
26624 	}
26625 #endif
26626 
26627 	data_len  = li.listsize * MHIOC_RESV_KEY_SIZE;
26628 	data_len += (sizeof (sd_prin_readkeys_t) - sizeof (caddr_t));
26629 	data_bufp = kmem_zalloc(data_len, KM_SLEEP);
26630 
26631 	if ((rval = sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_KEYS,
26632 	    data_len, data_bufp)) != 0) {
26633 		goto done;
26634 	}
26635 	in = (sd_prin_readkeys_t *)data_bufp;
26636 	ptr->generation = BE_32(in->generation);
26637 	li.listlen = BE_32(in->len) / MHIOC_RESV_KEY_SIZE;
26638 
26639 	/*
26640 	 * Return the min(listsize, listlen) keys
26641 	 */
26642 #ifdef _MULTI_DATAMODEL
26643 
26644 	switch (ddi_model_convert_from(flag & FMODELS)) {
26645 	case DDI_MODEL_ILP32:
26646 		li32.listlen = li.listlen;
26647 		if (ddi_copyout(&li32, ptr->li, copysz, flag)) {
26648 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26649 			    "sd_persistent_reservation_in_read_keys: "
26650 			    "failed ddi_copyout: mhioc_key_list32_t\n");
26651 			rval = EFAULT;
26652 			goto done;
26653 		}
26654 		break;
26655 
26656 	case DDI_MODEL_NONE:
26657 		if (ddi_copyout(&li, ptr->li, copysz, flag)) {
26658 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26659 			    "sd_persistent_reservation_in_read_keys: "
26660 			    "failed ddi_copyout: mhioc_key_list_t\n");
26661 			rval = EFAULT;
26662 			goto done;
26663 		}
26664 		break;
26665 	}
26666 
26667 #else /* ! _MULTI_DATAMODEL */
26668 
26669 	if (ddi_copyout(&li, ptr->li, copysz, flag)) {
26670 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26671 		    "sd_persistent_reservation_in_read_keys: "
26672 		    "failed ddi_copyout: mhioc_key_list_t\n");
26673 		rval = EFAULT;
26674 		goto done;
26675 	}
26676 
26677 #endif /* _MULTI_DATAMODEL */
26678 
26679 	copysz = min(li.listlen * MHIOC_RESV_KEY_SIZE,
26680 	    li.listsize * MHIOC_RESV_KEY_SIZE);
26681 	if (ddi_copyout(&in->keylist, li.list, copysz, flag)) {
26682 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26683 		    "sd_persistent_reservation_in_read_keys: "
26684 		    "failed ddi_copyout: keylist\n");
26685 		rval = EFAULT;
26686 	}
26687 done:
26688 	kmem_free(data_bufp, data_len);
26689 	return (rval);
26690 }
26691 
26692 
26693 /*
26694  *    Function: sd_persistent_reservation_in_read_resv
26695  *
26696  * Description: This routine is the driver entry point for handling CD-ROM
26697  *		multi-host persistent reservation requests (MHIOCGRP_INRESV)
26698  *		by sending the SCSI-3 PRIN commands to the device.
26699  *		Process the read persistent reservations command response by
26700  *		copying the reservation information into the user provided
26701  *		buffer. Support for the 32/64 _MULTI_DATAMODEL is implemented.
26702  *
26703  *   Arguments: un   -  Pointer to soft state struct for the target.
26704  *		usrp -	user provided pointer to multihost Persistent In Read
26705  *			Keys structure (mhioc_inkeys_t)
26706  *		flag -	this argument is a pass through to ddi_copyxxx()
26707  *			directly from the mode argument of ioctl().
26708  *
26709  * Return Code: 0   - Success
26710  *		EACCES
26711  *		ENOTSUP
26712  *		errno return code from sd_send_scsi_cmd()
26713  *
26714  *     Context: Can sleep. Does not return until command is completed.
26715  */
26716 
26717 static int
26718 sd_persistent_reservation_in_read_resv(struct sd_lun *un,
26719     mhioc_inresvs_t *usrp, int flag)
26720 {
26721 #ifdef _MULTI_DATAMODEL
26722 	struct mhioc_resv_desc_list32 resvlist32;
26723 #endif
26724 	sd_prin_readresv_t	*in;
26725 	mhioc_inresvs_t		*ptr;
26726 	sd_readresv_desc_t	*readresv_ptr;
26727 	mhioc_resv_desc_list_t	resvlist;
26728 	mhioc_resv_desc_t 	resvdesc;
26729 	uchar_t			*data_bufp;
26730 	int 			data_len;
26731 	int			rval;
26732 	int			i;
26733 	size_t			copysz;
26734 	mhioc_resv_desc_t	*bufp;
26735 
26736 	if ((ptr = usrp) == NULL) {
26737 		return (EINVAL);
26738 	}
26739 
26740 	/*
26741 	 * Get the listsize from user
26742 	 */
26743 #ifdef _MULTI_DATAMODEL
26744 	switch (ddi_model_convert_from(flag & FMODELS)) {
26745 	case DDI_MODEL_ILP32:
26746 		copysz = sizeof (struct mhioc_resv_desc_list32);
26747 		if (ddi_copyin(ptr->li, &resvlist32, copysz, flag)) {
26748 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26749 			    "sd_persistent_reservation_in_read_resv: "
26750 			    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26751 			rval = EFAULT;
26752 			goto done;
26753 		}
26754 		resvlist.listsize = resvlist32.listsize;
26755 		resvlist.list = (mhioc_resv_desc_t *)(uintptr_t)resvlist32.list;
26756 		break;
26757 
26758 	case DDI_MODEL_NONE:
26759 		copysz = sizeof (mhioc_resv_desc_list_t);
26760 		if (ddi_copyin(ptr->li, &resvlist, copysz, flag)) {
26761 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26762 			    "sd_persistent_reservation_in_read_resv: "
26763 			    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26764 			rval = EFAULT;
26765 			goto done;
26766 		}
26767 		break;
26768 	}
26769 #else /* ! _MULTI_DATAMODEL */
26770 	copysz = sizeof (mhioc_resv_desc_list_t);
26771 	if (ddi_copyin(ptr->li, &resvlist, copysz, flag)) {
26772 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26773 		    "sd_persistent_reservation_in_read_resv: "
26774 		    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26775 		rval = EFAULT;
26776 		goto done;
26777 	}
26778 #endif /* ! _MULTI_DATAMODEL */
26779 
26780 	data_len  = resvlist.listsize * SCSI3_RESV_DESC_LEN;
26781 	data_len += (sizeof (sd_prin_readresv_t) - sizeof (caddr_t));
26782 	data_bufp = kmem_zalloc(data_len, KM_SLEEP);
26783 
26784 	if ((rval = sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_RESV,
26785 	    data_len, data_bufp)) != 0) {
26786 		goto done;
26787 	}
26788 	in = (sd_prin_readresv_t *)data_bufp;
26789 	ptr->generation = BE_32(in->generation);
26790 	resvlist.listlen = BE_32(in->len) / SCSI3_RESV_DESC_LEN;
26791 
26792 	/*
26793 	 * Return the min(listsize, listlen( keys
26794 	 */
26795 #ifdef _MULTI_DATAMODEL
26796 
26797 	switch (ddi_model_convert_from(flag & FMODELS)) {
26798 	case DDI_MODEL_ILP32:
26799 		resvlist32.listlen = resvlist.listlen;
26800 		if (ddi_copyout(&resvlist32, ptr->li, copysz, flag)) {
26801 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26802 			    "sd_persistent_reservation_in_read_resv: "
26803 			    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26804 			rval = EFAULT;
26805 			goto done;
26806 		}
26807 		break;
26808 
26809 	case DDI_MODEL_NONE:
26810 		if (ddi_copyout(&resvlist, ptr->li, copysz, flag)) {
26811 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26812 			    "sd_persistent_reservation_in_read_resv: "
26813 			    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26814 			rval = EFAULT;
26815 			goto done;
26816 		}
26817 		break;
26818 	}
26819 
26820 #else /* ! _MULTI_DATAMODEL */
26821 
26822 	if (ddi_copyout(&resvlist, ptr->li, copysz, flag)) {
26823 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26824 		    "sd_persistent_reservation_in_read_resv: "
26825 		    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26826 		rval = EFAULT;
26827 		goto done;
26828 	}
26829 
26830 #endif /* ! _MULTI_DATAMODEL */
26831 
26832 	readresv_ptr = (sd_readresv_desc_t *)&in->readresv_desc;
26833 	bufp = resvlist.list;
26834 	copysz = sizeof (mhioc_resv_desc_t);
26835 	for (i = 0; i < min(resvlist.listlen, resvlist.listsize);
26836 	    i++, readresv_ptr++, bufp++) {
26837 
26838 		bcopy(&readresv_ptr->resvkey, &resvdesc.key,
26839 		    MHIOC_RESV_KEY_SIZE);
26840 		resvdesc.type  = readresv_ptr->type;
26841 		resvdesc.scope = readresv_ptr->scope;
26842 		resvdesc.scope_specific_addr =
26843 		    BE_32(readresv_ptr->scope_specific_addr);
26844 
26845 		if (ddi_copyout(&resvdesc, bufp, copysz, flag)) {
26846 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26847 			    "sd_persistent_reservation_in_read_resv: "
26848 			    "failed ddi_copyout: resvlist\n");
26849 			rval = EFAULT;
26850 			goto done;
26851 		}
26852 	}
26853 done:
26854 	kmem_free(data_bufp, data_len);
26855 	return (rval);
26856 }
26857 
26858 
26859 /*
26860  *    Function: sr_change_blkmode()
26861  *
26862  * Description: This routine is the driver entry point for handling CD-ROM
26863  *		block mode ioctl requests. Support for returning and changing
26864  *		the current block size in use by the device is implemented. The
26865  *		LBA size is changed via a MODE SELECT Block Descriptor.
26866  *
26867  *		This routine issues a mode sense with an allocation length of
26868  *		12 bytes for the mode page header and a single block descriptor.
26869  *
26870  *   Arguments: dev - the device 'dev_t'
26871  *		cmd - the request type; one of CDROMGBLKMODE (get) or
26872  *		      CDROMSBLKMODE (set)
26873  *		data - current block size or requested block size
26874  *		flag - this argument is a pass through to ddi_copyxxx() directly
26875  *		       from the mode argument of ioctl().
26876  *
26877  * Return Code: the code returned by sd_send_scsi_cmd()
26878  *		EINVAL if invalid arguments are provided
26879  *		EFAULT if ddi_copyxxx() fails
26880  *		ENXIO if fail ddi_get_soft_state
26881  *		EIO if invalid mode sense block descriptor length
26882  *
26883  */
26884 
26885 static int
26886 sr_change_blkmode(dev_t dev, int cmd, intptr_t data, int flag)
26887 {
26888 	struct sd_lun			*un = NULL;
26889 	struct mode_header		*sense_mhp, *select_mhp;
26890 	struct block_descriptor		*sense_desc, *select_desc;
26891 	int				current_bsize;
26892 	int				rval = EINVAL;
26893 	uchar_t				*sense = NULL;
26894 	uchar_t				*select = NULL;
26895 
26896 	ASSERT((cmd == CDROMGBLKMODE) || (cmd == CDROMSBLKMODE));
26897 
26898 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
26899 		return (ENXIO);
26900 	}
26901 
26902 	/*
26903 	 * The block length is changed via the Mode Select block descriptor, the
26904 	 * "Read/Write Error Recovery" mode page (0x1) contents are not actually
26905 	 * required as part of this routine. Therefore the mode sense allocation
26906 	 * length is specified to be the length of a mode page header and a
26907 	 * block descriptor.
26908 	 */
26909 	sense = kmem_zalloc(BUFLEN_CHG_BLK_MODE, KM_SLEEP);
26910 
26911 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
26912 	    BUFLEN_CHG_BLK_MODE, MODEPAGE_ERR_RECOV, SD_PATH_STANDARD)) != 0) {
26913 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26914 		    "sr_change_blkmode: Mode Sense Failed\n");
26915 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26916 		return (rval);
26917 	}
26918 
26919 	/* Check the block descriptor len to handle only 1 block descriptor */
26920 	sense_mhp = (struct mode_header *)sense;
26921 	if ((sense_mhp->bdesc_length == 0) ||
26922 	    (sense_mhp->bdesc_length > MODE_BLK_DESC_LENGTH)) {
26923 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26924 		    "sr_change_blkmode: Mode Sense returned invalid block"
26925 		    " descriptor length\n");
26926 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26927 		return (EIO);
26928 	}
26929 	sense_desc = (struct block_descriptor *)(sense + MODE_HEADER_LENGTH);
26930 	current_bsize = ((sense_desc->blksize_hi << 16) |
26931 	    (sense_desc->blksize_mid << 8) | sense_desc->blksize_lo);
26932 
26933 	/* Process command */
26934 	switch (cmd) {
26935 	case CDROMGBLKMODE:
26936 		/* Return the block size obtained during the mode sense */
26937 		if (ddi_copyout(&current_bsize, (void *)data,
26938 		    sizeof (int), flag) != 0)
26939 			rval = EFAULT;
26940 		break;
26941 	case CDROMSBLKMODE:
26942 		/* Validate the requested block size */
26943 		switch (data) {
26944 		case CDROM_BLK_512:
26945 		case CDROM_BLK_1024:
26946 		case CDROM_BLK_2048:
26947 		case CDROM_BLK_2056:
26948 		case CDROM_BLK_2336:
26949 		case CDROM_BLK_2340:
26950 		case CDROM_BLK_2352:
26951 		case CDROM_BLK_2368:
26952 		case CDROM_BLK_2448:
26953 		case CDROM_BLK_2646:
26954 		case CDROM_BLK_2647:
26955 			break;
26956 		default:
26957 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26958 			    "sr_change_blkmode: "
26959 			    "Block Size '%ld' Not Supported\n", data);
26960 			kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26961 			return (EINVAL);
26962 		}
26963 
26964 		/*
26965 		 * The current block size matches the requested block size so
26966 		 * there is no need to send the mode select to change the size
26967 		 */
26968 		if (current_bsize == data) {
26969 			break;
26970 		}
26971 
26972 		/* Build the select data for the requested block size */
26973 		select = kmem_zalloc(BUFLEN_CHG_BLK_MODE, KM_SLEEP);
26974 		select_mhp = (struct mode_header *)select;
26975 		select_desc =
26976 		    (struct block_descriptor *)(select + MODE_HEADER_LENGTH);
26977 		/*
26978 		 * The LBA size is changed via the block descriptor, so the
26979 		 * descriptor is built according to the user data
26980 		 */
26981 		select_mhp->bdesc_length = MODE_BLK_DESC_LENGTH;
26982 		select_desc->blksize_hi  = (char)(((data) & 0x00ff0000) >> 16);
26983 		select_desc->blksize_mid = (char)(((data) & 0x0000ff00) >> 8);
26984 		select_desc->blksize_lo  = (char)((data) & 0x000000ff);
26985 
26986 		/* Send the mode select for the requested block size */
26987 		if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0,
26988 		    select, BUFLEN_CHG_BLK_MODE, SD_DONTSAVE_PAGE,
26989 		    SD_PATH_STANDARD)) != 0) {
26990 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26991 			    "sr_change_blkmode: Mode Select Failed\n");
26992 			/*
26993 			 * The mode select failed for the requested block size,
26994 			 * so reset the data for the original block size and
26995 			 * send it to the target. The error is indicated by the
26996 			 * return value for the failed mode select.
26997 			 */
26998 			select_desc->blksize_hi  = sense_desc->blksize_hi;
26999 			select_desc->blksize_mid = sense_desc->blksize_mid;
27000 			select_desc->blksize_lo  = sense_desc->blksize_lo;
27001 			(void) sd_send_scsi_MODE_SELECT(un, CDB_GROUP0,
27002 			    select, BUFLEN_CHG_BLK_MODE, SD_DONTSAVE_PAGE,
27003 			    SD_PATH_STANDARD);
27004 		} else {
27005 			ASSERT(!mutex_owned(SD_MUTEX(un)));
27006 			mutex_enter(SD_MUTEX(un));
27007 			sd_update_block_info(un, (uint32_t)data, 0);
27008 
27009 			mutex_exit(SD_MUTEX(un));
27010 		}
27011 		break;
27012 	default:
27013 		/* should not reach here, but check anyway */
27014 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27015 		    "sr_change_blkmode: Command '%x' Not Supported\n", cmd);
27016 		rval = EINVAL;
27017 		break;
27018 	}
27019 
27020 	if (select) {
27021 		kmem_free(select, BUFLEN_CHG_BLK_MODE);
27022 	}
27023 	if (sense) {
27024 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
27025 	}
27026 	return (rval);
27027 }
27028 
27029 
27030 /*
27031  * Note: The following sr_change_speed() and sr_atapi_change_speed() routines
27032  * implement driver support for getting and setting the CD speed. The command
27033  * set used will be based on the device type. If the device has not been
27034  * identified as MMC the Toshiba vendor specific mode page will be used. If
27035  * the device is MMC but does not support the Real Time Streaming feature
27036  * the SET CD SPEED command will be used to set speed and mode page 0x2A will
27037  * be used to read the speed.
27038  */
27039 
27040 /*
27041  *    Function: sr_change_speed()
27042  *
27043  * Description: This routine is the driver entry point for handling CD-ROM
27044  *		drive speed ioctl requests for devices supporting the Toshiba
27045  *		vendor specific drive speed mode page. Support for returning
27046  *		and changing the current drive speed in use by the device is
27047  *		implemented.
27048  *
27049  *   Arguments: dev - the device 'dev_t'
27050  *		cmd - the request type; one of CDROMGDRVSPEED (get) or
27051  *		      CDROMSDRVSPEED (set)
27052  *		data - current drive speed or requested drive speed
27053  *		flag - this argument is a pass through to ddi_copyxxx() directly
27054  *		       from the mode argument of ioctl().
27055  *
27056  * Return Code: the code returned by sd_send_scsi_cmd()
27057  *		EINVAL if invalid arguments are provided
27058  *		EFAULT if ddi_copyxxx() fails
27059  *		ENXIO if fail ddi_get_soft_state
27060  *		EIO if invalid mode sense block descriptor length
27061  */
27062 
27063 static int
27064 sr_change_speed(dev_t dev, int cmd, intptr_t data, int flag)
27065 {
27066 	struct sd_lun			*un = NULL;
27067 	struct mode_header		*sense_mhp, *select_mhp;
27068 	struct mode_speed		*sense_page, *select_page;
27069 	int				current_speed;
27070 	int				rval = EINVAL;
27071 	int				bd_len;
27072 	uchar_t				*sense = NULL;
27073 	uchar_t				*select = NULL;
27074 
27075 	ASSERT((cmd == CDROMGDRVSPEED) || (cmd == CDROMSDRVSPEED));
27076 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27077 		return (ENXIO);
27078 	}
27079 
27080 	/*
27081 	 * Note: The drive speed is being modified here according to a Toshiba
27082 	 * vendor specific mode page (0x31).
27083 	 */
27084 	sense = kmem_zalloc(BUFLEN_MODE_CDROM_SPEED, KM_SLEEP);
27085 
27086 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
27087 	    BUFLEN_MODE_CDROM_SPEED, CDROM_MODE_SPEED,
27088 	    SD_PATH_STANDARD)) != 0) {
27089 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27090 		    "sr_change_speed: Mode Sense Failed\n");
27091 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27092 		return (rval);
27093 	}
27094 	sense_mhp  = (struct mode_header *)sense;
27095 
27096 	/* Check the block descriptor len to handle only 1 block descriptor */
27097 	bd_len = sense_mhp->bdesc_length;
27098 	if (bd_len > MODE_BLK_DESC_LENGTH) {
27099 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27100 		    "sr_change_speed: Mode Sense returned invalid block "
27101 		    "descriptor length\n");
27102 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27103 		return (EIO);
27104 	}
27105 
27106 	sense_page = (struct mode_speed *)
27107 	    (sense + MODE_HEADER_LENGTH + sense_mhp->bdesc_length);
27108 	current_speed = sense_page->speed;
27109 
27110 	/* Process command */
27111 	switch (cmd) {
27112 	case CDROMGDRVSPEED:
27113 		/* Return the drive speed obtained during the mode sense */
27114 		if (current_speed == 0x2) {
27115 			current_speed = CDROM_TWELVE_SPEED;
27116 		}
27117 		if (ddi_copyout(&current_speed, (void *)data,
27118 		    sizeof (int), flag) != 0) {
27119 			rval = EFAULT;
27120 		}
27121 		break;
27122 	case CDROMSDRVSPEED:
27123 		/* Validate the requested drive speed */
27124 		switch ((uchar_t)data) {
27125 		case CDROM_TWELVE_SPEED:
27126 			data = 0x2;
27127 			/*FALLTHROUGH*/
27128 		case CDROM_NORMAL_SPEED:
27129 		case CDROM_DOUBLE_SPEED:
27130 		case CDROM_QUAD_SPEED:
27131 		case CDROM_MAXIMUM_SPEED:
27132 			break;
27133 		default:
27134 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27135 			    "sr_change_speed: "
27136 			    "Drive Speed '%d' Not Supported\n", (uchar_t)data);
27137 			kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27138 			return (EINVAL);
27139 		}
27140 
27141 		/*
27142 		 * The current drive speed matches the requested drive speed so
27143 		 * there is no need to send the mode select to change the speed
27144 		 */
27145 		if (current_speed == data) {
27146 			break;
27147 		}
27148 
27149 		/* Build the select data for the requested drive speed */
27150 		select = kmem_zalloc(BUFLEN_MODE_CDROM_SPEED, KM_SLEEP);
27151 		select_mhp = (struct mode_header *)select;
27152 		select_mhp->bdesc_length = 0;
27153 		select_page =
27154 		    (struct mode_speed *)(select + MODE_HEADER_LENGTH);
27155 		select_page =
27156 		    (struct mode_speed *)(select + MODE_HEADER_LENGTH);
27157 		select_page->mode_page.code = CDROM_MODE_SPEED;
27158 		select_page->mode_page.length = 2;
27159 		select_page->speed = (uchar_t)data;
27160 
27161 		/* Send the mode select for the requested block size */
27162 		if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
27163 		    MODEPAGE_CDROM_SPEED_LEN + MODE_HEADER_LENGTH,
27164 		    SD_DONTSAVE_PAGE, SD_PATH_STANDARD)) != 0) {
27165 			/*
27166 			 * The mode select failed for the requested drive speed,
27167 			 * so reset the data for the original drive speed and
27168 			 * send it to the target. The error is indicated by the
27169 			 * return value for the failed mode select.
27170 			 */
27171 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27172 			    "sr_drive_speed: Mode Select Failed\n");
27173 			select_page->speed = sense_page->speed;
27174 			(void) sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
27175 			    MODEPAGE_CDROM_SPEED_LEN + MODE_HEADER_LENGTH,
27176 			    SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
27177 		}
27178 		break;
27179 	default:
27180 		/* should not reach here, but check anyway */
27181 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27182 		    "sr_change_speed: Command '%x' Not Supported\n", cmd);
27183 		rval = EINVAL;
27184 		break;
27185 	}
27186 
27187 	if (select) {
27188 		kmem_free(select, BUFLEN_MODE_CDROM_SPEED);
27189 	}
27190 	if (sense) {
27191 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27192 	}
27193 
27194 	return (rval);
27195 }
27196 
27197 
27198 /*
27199  *    Function: sr_atapi_change_speed()
27200  *
27201  * Description: This routine is the driver entry point for handling CD-ROM
27202  *		drive speed ioctl requests for MMC devices that do not support
27203  *		the Real Time Streaming feature (0x107).
27204  *
27205  *		Note: This routine will use the SET SPEED command which may not
27206  *		be supported by all devices.
27207  *
27208  *   Arguments: dev- the device 'dev_t'
27209  *		cmd- the request type; one of CDROMGDRVSPEED (get) or
27210  *		     CDROMSDRVSPEED (set)
27211  *		data- current drive speed or requested drive speed
27212  *		flag- this argument is a pass through to ddi_copyxxx() directly
27213  *		      from the mode argument of ioctl().
27214  *
27215  * Return Code: the code returned by sd_send_scsi_cmd()
27216  *		EINVAL if invalid arguments are provided
27217  *		EFAULT if ddi_copyxxx() fails
27218  *		ENXIO if fail ddi_get_soft_state
27219  *		EIO if invalid mode sense block descriptor length
27220  */
27221 
27222 static int
27223 sr_atapi_change_speed(dev_t dev, int cmd, intptr_t data, int flag)
27224 {
27225 	struct sd_lun			*un;
27226 	struct uscsi_cmd		*com = NULL;
27227 	struct mode_header_grp2		*sense_mhp;
27228 	uchar_t				*sense_page;
27229 	uchar_t				*sense = NULL;
27230 	char				cdb[CDB_GROUP5];
27231 	int				bd_len;
27232 	int				current_speed = 0;
27233 	int				max_speed = 0;
27234 	int				rval;
27235 
27236 	ASSERT((cmd == CDROMGDRVSPEED) || (cmd == CDROMSDRVSPEED));
27237 
27238 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27239 		return (ENXIO);
27240 	}
27241 
27242 	sense = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
27243 
27244 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense,
27245 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP,
27246 	    SD_PATH_STANDARD)) != 0) {
27247 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27248 		    "sr_atapi_change_speed: Mode Sense Failed\n");
27249 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27250 		return (rval);
27251 	}
27252 
27253 	/* Check the block descriptor len to handle only 1 block descriptor */
27254 	sense_mhp = (struct mode_header_grp2 *)sense;
27255 	bd_len = (sense_mhp->bdesc_length_hi << 8) | sense_mhp->bdesc_length_lo;
27256 	if (bd_len > MODE_BLK_DESC_LENGTH) {
27257 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27258 		    "sr_atapi_change_speed: Mode Sense returned invalid "
27259 		    "block descriptor length\n");
27260 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27261 		return (EIO);
27262 	}
27263 
27264 	/* Calculate the current and maximum drive speeds */
27265 	sense_page = (uchar_t *)(sense + MODE_HEADER_LENGTH_GRP2 + bd_len);
27266 	current_speed = (sense_page[14] << 8) | sense_page[15];
27267 	max_speed = (sense_page[8] << 8) | sense_page[9];
27268 
27269 	/* Process the command */
27270 	switch (cmd) {
27271 	case CDROMGDRVSPEED:
27272 		current_speed /= SD_SPEED_1X;
27273 		if (ddi_copyout(&current_speed, (void *)data,
27274 		    sizeof (int), flag) != 0)
27275 			rval = EFAULT;
27276 		break;
27277 	case CDROMSDRVSPEED:
27278 		/* Convert the speed code to KB/sec */
27279 		switch ((uchar_t)data) {
27280 		case CDROM_NORMAL_SPEED:
27281 			current_speed = SD_SPEED_1X;
27282 			break;
27283 		case CDROM_DOUBLE_SPEED:
27284 			current_speed = 2 * SD_SPEED_1X;
27285 			break;
27286 		case CDROM_QUAD_SPEED:
27287 			current_speed = 4 * SD_SPEED_1X;
27288 			break;
27289 		case CDROM_TWELVE_SPEED:
27290 			current_speed = 12 * SD_SPEED_1X;
27291 			break;
27292 		case CDROM_MAXIMUM_SPEED:
27293 			current_speed = 0xffff;
27294 			break;
27295 		default:
27296 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27297 			    "sr_atapi_change_speed: invalid drive speed %d\n",
27298 			    (uchar_t)data);
27299 			kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27300 			return (EINVAL);
27301 		}
27302 
27303 		/* Check the request against the drive's max speed. */
27304 		if (current_speed != 0xffff) {
27305 			if (current_speed > max_speed) {
27306 				kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27307 				return (EINVAL);
27308 			}
27309 		}
27310 
27311 		/*
27312 		 * Build and send the SET SPEED command
27313 		 *
27314 		 * Note: The SET SPEED (0xBB) command used in this routine is
27315 		 * obsolete per the SCSI MMC spec but still supported in the
27316 		 * MT FUJI vendor spec. Most equipment is adhereing to MT FUJI
27317 		 * therefore the command is still implemented in this routine.
27318 		 */
27319 		bzero(cdb, sizeof (cdb));
27320 		cdb[0] = (char)SCMD_SET_CDROM_SPEED;
27321 		cdb[2] = (uchar_t)(current_speed >> 8);
27322 		cdb[3] = (uchar_t)current_speed;
27323 		com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27324 		com->uscsi_cdb	   = (caddr_t)cdb;
27325 		com->uscsi_cdblen  = CDB_GROUP5;
27326 		com->uscsi_bufaddr = NULL;
27327 		com->uscsi_buflen  = 0;
27328 		com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT;
27329 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, 0,
27330 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27331 		break;
27332 	default:
27333 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27334 		    "sr_atapi_change_speed: Command '%x' Not Supported\n", cmd);
27335 		rval = EINVAL;
27336 	}
27337 
27338 	if (sense) {
27339 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27340 	}
27341 	if (com) {
27342 		kmem_free(com, sizeof (*com));
27343 	}
27344 	return (rval);
27345 }
27346 
27347 
27348 /*
27349  *    Function: sr_pause_resume()
27350  *
27351  * Description: This routine is the driver entry point for handling CD-ROM
27352  *		pause/resume ioctl requests. This only affects the audio play
27353  *		operation.
27354  *
27355  *   Arguments: dev - the device 'dev_t'
27356  *		cmd - the request type; one of CDROMPAUSE or CDROMRESUME, used
27357  *		      for setting the resume bit of the cdb.
27358  *
27359  * Return Code: the code returned by sd_send_scsi_cmd()
27360  *		EINVAL if invalid mode specified
27361  *
27362  */
27363 
27364 static int
27365 sr_pause_resume(dev_t dev, int cmd)
27366 {
27367 	struct sd_lun		*un;
27368 	struct uscsi_cmd	*com;
27369 	char			cdb[CDB_GROUP1];
27370 	int			rval;
27371 
27372 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27373 		return (ENXIO);
27374 	}
27375 
27376 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27377 	bzero(cdb, CDB_GROUP1);
27378 	cdb[0] = SCMD_PAUSE_RESUME;
27379 	switch (cmd) {
27380 	case CDROMRESUME:
27381 		cdb[8] = 1;
27382 		break;
27383 	case CDROMPAUSE:
27384 		cdb[8] = 0;
27385 		break;
27386 	default:
27387 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_pause_resume:"
27388 		    " Command '%x' Not Supported\n", cmd);
27389 		rval = EINVAL;
27390 		goto done;
27391 	}
27392 
27393 	com->uscsi_cdb    = cdb;
27394 	com->uscsi_cdblen = CDB_GROUP1;
27395 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27396 
27397 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27398 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27399 
27400 done:
27401 	kmem_free(com, sizeof (*com));
27402 	return (rval);
27403 }
27404 
27405 
27406 /*
27407  *    Function: sr_play_msf()
27408  *
27409  * Description: This routine is the driver entry point for handling CD-ROM
27410  *		ioctl requests to output the audio signals at the specified
27411  *		starting address and continue the audio play until the specified
27412  *		ending address (CDROMPLAYMSF) The address is in Minute Second
27413  *		Frame (MSF) format.
27414  *
27415  *   Arguments: dev	- the device 'dev_t'
27416  *		data	- pointer to user provided audio msf structure,
27417  *		          specifying start/end addresses.
27418  *		flag	- this argument is a pass through to ddi_copyxxx()
27419  *		          directly from the mode argument of ioctl().
27420  *
27421  * Return Code: the code returned by sd_send_scsi_cmd()
27422  *		EFAULT if ddi_copyxxx() fails
27423  *		ENXIO if fail ddi_get_soft_state
27424  *		EINVAL if data pointer is NULL
27425  */
27426 
27427 static int
27428 sr_play_msf(dev_t dev, caddr_t data, int flag)
27429 {
27430 	struct sd_lun		*un;
27431 	struct uscsi_cmd	*com;
27432 	struct cdrom_msf	msf_struct;
27433 	struct cdrom_msf	*msf = &msf_struct;
27434 	char			cdb[CDB_GROUP1];
27435 	int			rval;
27436 
27437 	if (data == NULL) {
27438 		return (EINVAL);
27439 	}
27440 
27441 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27442 		return (ENXIO);
27443 	}
27444 
27445 	if (ddi_copyin(data, msf, sizeof (struct cdrom_msf), flag)) {
27446 		return (EFAULT);
27447 	}
27448 
27449 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27450 	bzero(cdb, CDB_GROUP1);
27451 	cdb[0] = SCMD_PLAYAUDIO_MSF;
27452 	if (un->un_f_cfg_playmsf_bcd == TRUE) {
27453 		cdb[3] = BYTE_TO_BCD(msf->cdmsf_min0);
27454 		cdb[4] = BYTE_TO_BCD(msf->cdmsf_sec0);
27455 		cdb[5] = BYTE_TO_BCD(msf->cdmsf_frame0);
27456 		cdb[6] = BYTE_TO_BCD(msf->cdmsf_min1);
27457 		cdb[7] = BYTE_TO_BCD(msf->cdmsf_sec1);
27458 		cdb[8] = BYTE_TO_BCD(msf->cdmsf_frame1);
27459 	} else {
27460 		cdb[3] = msf->cdmsf_min0;
27461 		cdb[4] = msf->cdmsf_sec0;
27462 		cdb[5] = msf->cdmsf_frame0;
27463 		cdb[6] = msf->cdmsf_min1;
27464 		cdb[7] = msf->cdmsf_sec1;
27465 		cdb[8] = msf->cdmsf_frame1;
27466 	}
27467 	com->uscsi_cdb    = cdb;
27468 	com->uscsi_cdblen = CDB_GROUP1;
27469 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27470 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27471 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27472 	kmem_free(com, sizeof (*com));
27473 	return (rval);
27474 }
27475 
27476 
27477 /*
27478  *    Function: sr_play_trkind()
27479  *
27480  * Description: This routine is the driver entry point for handling CD-ROM
27481  *		ioctl requests to output the audio signals at the specified
27482  *		starting address and continue the audio play until the specified
27483  *		ending address (CDROMPLAYTRKIND). The address is in Track Index
27484  *		format.
27485  *
27486  *   Arguments: dev	- the device 'dev_t'
27487  *		data	- pointer to user provided audio track/index structure,
27488  *		          specifying start/end addresses.
27489  *		flag	- this argument is a pass through to ddi_copyxxx()
27490  *		          directly from the mode argument of ioctl().
27491  *
27492  * Return Code: the code returned by sd_send_scsi_cmd()
27493  *		EFAULT if ddi_copyxxx() fails
27494  *		ENXIO if fail ddi_get_soft_state
27495  *		EINVAL if data pointer is NULL
27496  */
27497 
27498 static int
27499 sr_play_trkind(dev_t dev, caddr_t data, int flag)
27500 {
27501 	struct cdrom_ti		ti_struct;
27502 	struct cdrom_ti		*ti = &ti_struct;
27503 	struct uscsi_cmd	*com = NULL;
27504 	char			cdb[CDB_GROUP1];
27505 	int			rval;
27506 
27507 	if (data == NULL) {
27508 		return (EINVAL);
27509 	}
27510 
27511 	if (ddi_copyin(data, ti, sizeof (struct cdrom_ti), flag)) {
27512 		return (EFAULT);
27513 	}
27514 
27515 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27516 	bzero(cdb, CDB_GROUP1);
27517 	cdb[0] = SCMD_PLAYAUDIO_TI;
27518 	cdb[4] = ti->cdti_trk0;
27519 	cdb[5] = ti->cdti_ind0;
27520 	cdb[7] = ti->cdti_trk1;
27521 	cdb[8] = ti->cdti_ind1;
27522 	com->uscsi_cdb    = cdb;
27523 	com->uscsi_cdblen = CDB_GROUP1;
27524 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27525 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27526 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27527 	kmem_free(com, sizeof (*com));
27528 	return (rval);
27529 }
27530 
27531 
27532 /*
27533  *    Function: sr_read_all_subcodes()
27534  *
27535  * Description: This routine is the driver entry point for handling CD-ROM
27536  *		ioctl requests to return raw subcode data while the target is
27537  *		playing audio (CDROMSUBCODE).
27538  *
27539  *   Arguments: dev	- the device 'dev_t'
27540  *		data	- pointer to user provided cdrom subcode structure,
27541  *		          specifying the transfer length and address.
27542  *		flag	- this argument is a pass through to ddi_copyxxx()
27543  *		          directly from the mode argument of ioctl().
27544  *
27545  * Return Code: the code returned by sd_send_scsi_cmd()
27546  *		EFAULT if ddi_copyxxx() fails
27547  *		ENXIO if fail ddi_get_soft_state
27548  *		EINVAL if data pointer is NULL
27549  */
27550 
27551 static int
27552 sr_read_all_subcodes(dev_t dev, caddr_t data, int flag)
27553 {
27554 	struct sd_lun		*un = NULL;
27555 	struct uscsi_cmd	*com = NULL;
27556 	struct cdrom_subcode	*subcode = NULL;
27557 	int			rval;
27558 	size_t			buflen;
27559 	char			cdb[CDB_GROUP5];
27560 
27561 #ifdef _MULTI_DATAMODEL
27562 	/* To support ILP32 applications in an LP64 world */
27563 	struct cdrom_subcode32		cdrom_subcode32;
27564 	struct cdrom_subcode32		*cdsc32 = &cdrom_subcode32;
27565 #endif
27566 	if (data == NULL) {
27567 		return (EINVAL);
27568 	}
27569 
27570 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27571 		return (ENXIO);
27572 	}
27573 
27574 	subcode = kmem_zalloc(sizeof (struct cdrom_subcode), KM_SLEEP);
27575 
27576 #ifdef _MULTI_DATAMODEL
27577 	switch (ddi_model_convert_from(flag & FMODELS)) {
27578 	case DDI_MODEL_ILP32:
27579 		if (ddi_copyin(data, cdsc32, sizeof (*cdsc32), flag)) {
27580 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27581 			    "sr_read_all_subcodes: ddi_copyin Failed\n");
27582 			kmem_free(subcode, sizeof (struct cdrom_subcode));
27583 			return (EFAULT);
27584 		}
27585 		/* Convert the ILP32 uscsi data from the application to LP64 */
27586 		cdrom_subcode32tocdrom_subcode(cdsc32, subcode);
27587 		break;
27588 	case DDI_MODEL_NONE:
27589 		if (ddi_copyin(data, subcode,
27590 		    sizeof (struct cdrom_subcode), flag)) {
27591 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27592 			    "sr_read_all_subcodes: ddi_copyin Failed\n");
27593 			kmem_free(subcode, sizeof (struct cdrom_subcode));
27594 			return (EFAULT);
27595 		}
27596 		break;
27597 	}
27598 #else /* ! _MULTI_DATAMODEL */
27599 	if (ddi_copyin(data, subcode, sizeof (struct cdrom_subcode), flag)) {
27600 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27601 		    "sr_read_all_subcodes: ddi_copyin Failed\n");
27602 		kmem_free(subcode, sizeof (struct cdrom_subcode));
27603 		return (EFAULT);
27604 	}
27605 #endif /* _MULTI_DATAMODEL */
27606 
27607 	/*
27608 	 * Since MMC-2 expects max 3 bytes for length, check if the
27609 	 * length input is greater than 3 bytes
27610 	 */
27611 	if ((subcode->cdsc_length & 0xFF000000) != 0) {
27612 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27613 		    "sr_read_all_subcodes: "
27614 		    "cdrom transfer length too large: %d (limit %d)\n",
27615 		    subcode->cdsc_length, 0xFFFFFF);
27616 		kmem_free(subcode, sizeof (struct cdrom_subcode));
27617 		return (EINVAL);
27618 	}
27619 
27620 	buflen = CDROM_BLK_SUBCODE * subcode->cdsc_length;
27621 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27622 	bzero(cdb, CDB_GROUP5);
27623 
27624 	if (un->un_f_mmc_cap == TRUE) {
27625 		cdb[0] = (char)SCMD_READ_CD;
27626 		cdb[2] = (char)0xff;
27627 		cdb[3] = (char)0xff;
27628 		cdb[4] = (char)0xff;
27629 		cdb[5] = (char)0xff;
27630 		cdb[6] = (((subcode->cdsc_length) & 0x00ff0000) >> 16);
27631 		cdb[7] = (((subcode->cdsc_length) & 0x0000ff00) >> 8);
27632 		cdb[8] = ((subcode->cdsc_length) & 0x000000ff);
27633 		cdb[10] = 1;
27634 	} else {
27635 		/*
27636 		 * Note: A vendor specific command (0xDF) is being used her to
27637 		 * request a read of all subcodes.
27638 		 */
27639 		cdb[0] = (char)SCMD_READ_ALL_SUBCODES;
27640 		cdb[6] = (((subcode->cdsc_length) & 0xff000000) >> 24);
27641 		cdb[7] = (((subcode->cdsc_length) & 0x00ff0000) >> 16);
27642 		cdb[8] = (((subcode->cdsc_length) & 0x0000ff00) >> 8);
27643 		cdb[9] = ((subcode->cdsc_length) & 0x000000ff);
27644 	}
27645 	com->uscsi_cdb	   = cdb;
27646 	com->uscsi_cdblen  = CDB_GROUP5;
27647 	com->uscsi_bufaddr = (caddr_t)subcode->cdsc_addr;
27648 	com->uscsi_buflen  = buflen;
27649 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
27650 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
27651 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27652 	kmem_free(subcode, sizeof (struct cdrom_subcode));
27653 	kmem_free(com, sizeof (*com));
27654 	return (rval);
27655 }
27656 
27657 
27658 /*
27659  *    Function: sr_read_subchannel()
27660  *
27661  * Description: This routine is the driver entry point for handling CD-ROM
27662  *		ioctl requests to return the Q sub-channel data of the CD
27663  *		current position block. (CDROMSUBCHNL) The data includes the
27664  *		track number, index number, absolute CD-ROM address (LBA or MSF
27665  *		format per the user) , track relative CD-ROM address (LBA or MSF
27666  *		format per the user), control data and audio status.
27667  *
27668  *   Arguments: dev	- the device 'dev_t'
27669  *		data	- pointer to user provided cdrom sub-channel structure
27670  *		flag	- this argument is a pass through to ddi_copyxxx()
27671  *		          directly from the mode argument of ioctl().
27672  *
27673  * Return Code: the code returned by sd_send_scsi_cmd()
27674  *		EFAULT if ddi_copyxxx() fails
27675  *		ENXIO if fail ddi_get_soft_state
27676  *		EINVAL if data pointer is NULL
27677  */
27678 
27679 static int
27680 sr_read_subchannel(dev_t dev, caddr_t data, int flag)
27681 {
27682 	struct sd_lun		*un;
27683 	struct uscsi_cmd	*com;
27684 	struct cdrom_subchnl	subchanel;
27685 	struct cdrom_subchnl	*subchnl = &subchanel;
27686 	char			cdb[CDB_GROUP1];
27687 	caddr_t			buffer;
27688 	int			rval;
27689 
27690 	if (data == NULL) {
27691 		return (EINVAL);
27692 	}
27693 
27694 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27695 	    (un->un_state == SD_STATE_OFFLINE)) {
27696 		return (ENXIO);
27697 	}
27698 
27699 	if (ddi_copyin(data, subchnl, sizeof (struct cdrom_subchnl), flag)) {
27700 		return (EFAULT);
27701 	}
27702 
27703 	buffer = kmem_zalloc((size_t)16, KM_SLEEP);
27704 	bzero(cdb, CDB_GROUP1);
27705 	cdb[0] = SCMD_READ_SUBCHANNEL;
27706 	/* Set the MSF bit based on the user requested address format */
27707 	cdb[1] = (subchnl->cdsc_format & CDROM_LBA) ? 0 : 0x02;
27708 	/*
27709 	 * Set the Q bit in byte 2 to indicate that Q sub-channel data be
27710 	 * returned
27711 	 */
27712 	cdb[2] = 0x40;
27713 	/*
27714 	 * Set byte 3 to specify the return data format. A value of 0x01
27715 	 * indicates that the CD-ROM current position should be returned.
27716 	 */
27717 	cdb[3] = 0x01;
27718 	cdb[8] = 0x10;
27719 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27720 	com->uscsi_cdb	   = cdb;
27721 	com->uscsi_cdblen  = CDB_GROUP1;
27722 	com->uscsi_bufaddr = buffer;
27723 	com->uscsi_buflen  = 16;
27724 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
27725 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27726 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27727 	if (rval != 0) {
27728 		kmem_free(buffer, 16);
27729 		kmem_free(com, sizeof (*com));
27730 		return (rval);
27731 	}
27732 
27733 	/* Process the returned Q sub-channel data */
27734 	subchnl->cdsc_audiostatus = buffer[1];
27735 	subchnl->cdsc_adr	= (buffer[5] & 0xF0);
27736 	subchnl->cdsc_ctrl	= (buffer[5] & 0x0F);
27737 	subchnl->cdsc_trk	= buffer[6];
27738 	subchnl->cdsc_ind	= buffer[7];
27739 	if (subchnl->cdsc_format & CDROM_LBA) {
27740 		subchnl->cdsc_absaddr.lba =
27741 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
27742 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
27743 		subchnl->cdsc_reladdr.lba =
27744 		    ((uchar_t)buffer[12] << 24) + ((uchar_t)buffer[13] << 16) +
27745 		    ((uchar_t)buffer[14] << 8) + ((uchar_t)buffer[15]);
27746 	} else if (un->un_f_cfg_readsub_bcd == TRUE) {
27747 		subchnl->cdsc_absaddr.msf.minute = BCD_TO_BYTE(buffer[9]);
27748 		subchnl->cdsc_absaddr.msf.second = BCD_TO_BYTE(buffer[10]);
27749 		subchnl->cdsc_absaddr.msf.frame  = BCD_TO_BYTE(buffer[11]);
27750 		subchnl->cdsc_reladdr.msf.minute = BCD_TO_BYTE(buffer[13]);
27751 		subchnl->cdsc_reladdr.msf.second = BCD_TO_BYTE(buffer[14]);
27752 		subchnl->cdsc_reladdr.msf.frame  = BCD_TO_BYTE(buffer[15]);
27753 	} else {
27754 		subchnl->cdsc_absaddr.msf.minute = buffer[9];
27755 		subchnl->cdsc_absaddr.msf.second = buffer[10];
27756 		subchnl->cdsc_absaddr.msf.frame  = buffer[11];
27757 		subchnl->cdsc_reladdr.msf.minute = buffer[13];
27758 		subchnl->cdsc_reladdr.msf.second = buffer[14];
27759 		subchnl->cdsc_reladdr.msf.frame  = buffer[15];
27760 	}
27761 	kmem_free(buffer, 16);
27762 	kmem_free(com, sizeof (*com));
27763 	if (ddi_copyout(subchnl, data, sizeof (struct cdrom_subchnl), flag)
27764 	    != 0) {
27765 		return (EFAULT);
27766 	}
27767 	return (rval);
27768 }
27769 
27770 
27771 /*
27772  *    Function: sr_read_tocentry()
27773  *
27774  * Description: This routine is the driver entry point for handling CD-ROM
27775  *		ioctl requests to read from the Table of Contents (TOC)
27776  *		(CDROMREADTOCENTRY). This routine provides the ADR and CTRL
27777  *		fields, the starting address (LBA or MSF format per the user)
27778  *		and the data mode if the user specified track is a data track.
27779  *
27780  *		Note: The READ HEADER (0x44) command used in this routine is
27781  *		obsolete per the SCSI MMC spec but still supported in the
27782  *		MT FUJI vendor spec. Most equipment is adhereing to MT FUJI
27783  *		therefore the command is still implemented in this routine.
27784  *
27785  *   Arguments: dev	- the device 'dev_t'
27786  *		data	- pointer to user provided toc entry structure,
27787  *			  specifying the track # and the address format
27788  *			  (LBA or MSF).
27789  *		flag	- this argument is a pass through to ddi_copyxxx()
27790  *		          directly from the mode argument of ioctl().
27791  *
27792  * Return Code: the code returned by sd_send_scsi_cmd()
27793  *		EFAULT if ddi_copyxxx() fails
27794  *		ENXIO if fail ddi_get_soft_state
27795  *		EINVAL if data pointer is NULL
27796  */
27797 
27798 static int
27799 sr_read_tocentry(dev_t dev, caddr_t data, int flag)
27800 {
27801 	struct sd_lun		*un = NULL;
27802 	struct uscsi_cmd	*com;
27803 	struct cdrom_tocentry	toc_entry;
27804 	struct cdrom_tocentry	*entry = &toc_entry;
27805 	caddr_t			buffer;
27806 	int			rval;
27807 	char			cdb[CDB_GROUP1];
27808 
27809 	if (data == NULL) {
27810 		return (EINVAL);
27811 	}
27812 
27813 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27814 	    (un->un_state == SD_STATE_OFFLINE)) {
27815 		return (ENXIO);
27816 	}
27817 
27818 	if (ddi_copyin(data, entry, sizeof (struct cdrom_tocentry), flag)) {
27819 		return (EFAULT);
27820 	}
27821 
27822 	/* Validate the requested track and address format */
27823 	if (!(entry->cdte_format & (CDROM_LBA | CDROM_MSF))) {
27824 		return (EINVAL);
27825 	}
27826 
27827 	if (entry->cdte_track == 0) {
27828 		return (EINVAL);
27829 	}
27830 
27831 	buffer = kmem_zalloc((size_t)12, KM_SLEEP);
27832 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27833 	bzero(cdb, CDB_GROUP1);
27834 
27835 	cdb[0] = SCMD_READ_TOC;
27836 	/* Set the MSF bit based on the user requested address format  */
27837 	cdb[1] = ((entry->cdte_format & CDROM_LBA) ? 0 : 2);
27838 	if (un->un_f_cfg_read_toc_trk_bcd == TRUE) {
27839 		cdb[6] = BYTE_TO_BCD(entry->cdte_track);
27840 	} else {
27841 		cdb[6] = entry->cdte_track;
27842 	}
27843 
27844 	/*
27845 	 * Bytes 7 & 8 are the 12 byte allocation length for a single entry.
27846 	 * (4 byte TOC response header + 8 byte track descriptor)
27847 	 */
27848 	cdb[8] = 12;
27849 	com->uscsi_cdb	   = cdb;
27850 	com->uscsi_cdblen  = CDB_GROUP1;
27851 	com->uscsi_bufaddr = buffer;
27852 	com->uscsi_buflen  = 0x0C;
27853 	com->uscsi_flags   = (USCSI_DIAGNOSE | USCSI_SILENT | USCSI_READ);
27854 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27855 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27856 	if (rval != 0) {
27857 		kmem_free(buffer, 12);
27858 		kmem_free(com, sizeof (*com));
27859 		return (rval);
27860 	}
27861 
27862 	/* Process the toc entry */
27863 	entry->cdte_adr		= (buffer[5] & 0xF0) >> 4;
27864 	entry->cdte_ctrl	= (buffer[5] & 0x0F);
27865 	if (entry->cdte_format & CDROM_LBA) {
27866 		entry->cdte_addr.lba =
27867 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
27868 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
27869 	} else if (un->un_f_cfg_read_toc_addr_bcd == TRUE) {
27870 		entry->cdte_addr.msf.minute	= BCD_TO_BYTE(buffer[9]);
27871 		entry->cdte_addr.msf.second	= BCD_TO_BYTE(buffer[10]);
27872 		entry->cdte_addr.msf.frame	= BCD_TO_BYTE(buffer[11]);
27873 		/*
27874 		 * Send a READ TOC command using the LBA address format to get
27875 		 * the LBA for the track requested so it can be used in the
27876 		 * READ HEADER request
27877 		 *
27878 		 * Note: The MSF bit of the READ HEADER command specifies the
27879 		 * output format. The block address specified in that command
27880 		 * must be in LBA format.
27881 		 */
27882 		cdb[1] = 0;
27883 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27884 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27885 		if (rval != 0) {
27886 			kmem_free(buffer, 12);
27887 			kmem_free(com, sizeof (*com));
27888 			return (rval);
27889 		}
27890 	} else {
27891 		entry->cdte_addr.msf.minute	= buffer[9];
27892 		entry->cdte_addr.msf.second	= buffer[10];
27893 		entry->cdte_addr.msf.frame	= buffer[11];
27894 		/*
27895 		 * Send a READ TOC command using the LBA address format to get
27896 		 * the LBA for the track requested so it can be used in the
27897 		 * READ HEADER request
27898 		 *
27899 		 * Note: The MSF bit of the READ HEADER command specifies the
27900 		 * output format. The block address specified in that command
27901 		 * must be in LBA format.
27902 		 */
27903 		cdb[1] = 0;
27904 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27905 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27906 		if (rval != 0) {
27907 			kmem_free(buffer, 12);
27908 			kmem_free(com, sizeof (*com));
27909 			return (rval);
27910 		}
27911 	}
27912 
27913 	/*
27914 	 * Build and send the READ HEADER command to determine the data mode of
27915 	 * the user specified track.
27916 	 */
27917 	if ((entry->cdte_ctrl & CDROM_DATA_TRACK) &&
27918 	    (entry->cdte_track != CDROM_LEADOUT)) {
27919 		bzero(cdb, CDB_GROUP1);
27920 		cdb[0] = SCMD_READ_HEADER;
27921 		cdb[2] = buffer[8];
27922 		cdb[3] = buffer[9];
27923 		cdb[4] = buffer[10];
27924 		cdb[5] = buffer[11];
27925 		cdb[8] = 0x08;
27926 		com->uscsi_buflen = 0x08;
27927 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27928 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27929 		if (rval == 0) {
27930 			entry->cdte_datamode = buffer[0];
27931 		} else {
27932 			/*
27933 			 * READ HEADER command failed, since this is
27934 			 * obsoleted in one spec, its better to return
27935 			 * -1 for an invlid track so that we can still
27936 			 * recieve the rest of the TOC data.
27937 			 */
27938 			entry->cdte_datamode = (uchar_t)-1;
27939 		}
27940 	} else {
27941 		entry->cdte_datamode = (uchar_t)-1;
27942 	}
27943 
27944 	kmem_free(buffer, 12);
27945 	kmem_free(com, sizeof (*com));
27946 	if (ddi_copyout(entry, data, sizeof (struct cdrom_tocentry), flag) != 0)
27947 		return (EFAULT);
27948 
27949 	return (rval);
27950 }
27951 
27952 
27953 /*
27954  *    Function: sr_read_tochdr()
27955  *
27956  * Description: This routine is the driver entry point for handling CD-ROM
27957  * 		ioctl requests to read the Table of Contents (TOC) header
27958  *		(CDROMREADTOHDR). The TOC header consists of the disk starting
27959  *		and ending track numbers
27960  *
27961  *   Arguments: dev	- the device 'dev_t'
27962  *		data	- pointer to user provided toc header structure,
27963  *			  specifying the starting and ending track numbers.
27964  *		flag	- this argument is a pass through to ddi_copyxxx()
27965  *			  directly from the mode argument of ioctl().
27966  *
27967  * Return Code: the code returned by sd_send_scsi_cmd()
27968  *		EFAULT if ddi_copyxxx() fails
27969  *		ENXIO if fail ddi_get_soft_state
27970  *		EINVAL if data pointer is NULL
27971  */
27972 
27973 static int
27974 sr_read_tochdr(dev_t dev, caddr_t data, int flag)
27975 {
27976 	struct sd_lun		*un;
27977 	struct uscsi_cmd	*com;
27978 	struct cdrom_tochdr	toc_header;
27979 	struct cdrom_tochdr	*hdr = &toc_header;
27980 	char			cdb[CDB_GROUP1];
27981 	int			rval;
27982 	caddr_t			buffer;
27983 
27984 	if (data == NULL) {
27985 		return (EINVAL);
27986 	}
27987 
27988 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27989 	    (un->un_state == SD_STATE_OFFLINE)) {
27990 		return (ENXIO);
27991 	}
27992 
27993 	buffer = kmem_zalloc(4, KM_SLEEP);
27994 	bzero(cdb, CDB_GROUP1);
27995 	cdb[0] = SCMD_READ_TOC;
27996 	/*
27997 	 * Specifying a track number of 0x00 in the READ TOC command indicates
27998 	 * that the TOC header should be returned
27999 	 */
28000 	cdb[6] = 0x00;
28001 	/*
28002 	 * Bytes 7 & 8 are the 4 byte allocation length for TOC header.
28003 	 * (2 byte data len + 1 byte starting track # + 1 byte ending track #)
28004 	 */
28005 	cdb[8] = 0x04;
28006 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28007 	com->uscsi_cdb	   = cdb;
28008 	com->uscsi_cdblen  = CDB_GROUP1;
28009 	com->uscsi_bufaddr = buffer;
28010 	com->uscsi_buflen  = 0x04;
28011 	com->uscsi_timeout = 300;
28012 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28013 
28014 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
28015 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28016 	if (un->un_f_cfg_read_toc_trk_bcd == TRUE) {
28017 		hdr->cdth_trk0 = BCD_TO_BYTE(buffer[2]);
28018 		hdr->cdth_trk1 = BCD_TO_BYTE(buffer[3]);
28019 	} else {
28020 		hdr->cdth_trk0 = buffer[2];
28021 		hdr->cdth_trk1 = buffer[3];
28022 	}
28023 	kmem_free(buffer, 4);
28024 	kmem_free(com, sizeof (*com));
28025 	if (ddi_copyout(hdr, data, sizeof (struct cdrom_tochdr), flag) != 0) {
28026 		return (EFAULT);
28027 	}
28028 	return (rval);
28029 }
28030 
28031 
28032 /*
28033  * Note: The following sr_read_mode1(), sr_read_cd_mode2(), sr_read_mode2(),
28034  * sr_read_cdda(), sr_read_cdxa(), routines implement driver support for
28035  * handling CDROMREAD ioctl requests for mode 1 user data, mode 2 user data,
28036  * digital audio and extended architecture digital audio. These modes are
28037  * defined in the IEC908 (Red Book), ISO10149 (Yellow Book), and the SCSI3
28038  * MMC specs.
28039  *
28040  * In addition to support for the various data formats these routines also
28041  * include support for devices that implement only the direct access READ
28042  * commands (0x08, 0x28), devices that implement the READ_CD commands
28043  * (0xBE, 0xD4), and devices that implement the vendor unique READ CDDA and
28044  * READ CDXA commands (0xD8, 0xDB)
28045  */
28046 
28047 /*
28048  *    Function: sr_read_mode1()
28049  *
28050  * Description: This routine is the driver entry point for handling CD-ROM
28051  *		ioctl read mode1 requests (CDROMREADMODE1).
28052  *
28053  *   Arguments: dev	- the device 'dev_t'
28054  *		data	- pointer to user provided cd read structure specifying
28055  *			  the lba buffer address and length.
28056  *		flag	- this argument is a pass through to ddi_copyxxx()
28057  *			  directly from the mode argument of ioctl().
28058  *
28059  * Return Code: the code returned by sd_send_scsi_cmd()
28060  *		EFAULT if ddi_copyxxx() fails
28061  *		ENXIO if fail ddi_get_soft_state
28062  *		EINVAL if data pointer is NULL
28063  */
28064 
28065 static int
28066 sr_read_mode1(dev_t dev, caddr_t data, int flag)
28067 {
28068 	struct sd_lun		*un;
28069 	struct cdrom_read	mode1_struct;
28070 	struct cdrom_read	*mode1 = &mode1_struct;
28071 	int			rval;
28072 #ifdef _MULTI_DATAMODEL
28073 	/* To support ILP32 applications in an LP64 world */
28074 	struct cdrom_read32	cdrom_read32;
28075 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28076 #endif /* _MULTI_DATAMODEL */
28077 
28078 	if (data == NULL) {
28079 		return (EINVAL);
28080 	}
28081 
28082 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28083 	    (un->un_state == SD_STATE_OFFLINE)) {
28084 		return (ENXIO);
28085 	}
28086 
28087 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28088 	    "sd_read_mode1: entry: un:0x%p\n", un);
28089 
28090 #ifdef _MULTI_DATAMODEL
28091 	switch (ddi_model_convert_from(flag & FMODELS)) {
28092 	case DDI_MODEL_ILP32:
28093 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28094 			return (EFAULT);
28095 		}
28096 		/* Convert the ILP32 uscsi data from the application to LP64 */
28097 		cdrom_read32tocdrom_read(cdrd32, mode1);
28098 		break;
28099 	case DDI_MODEL_NONE:
28100 		if (ddi_copyin(data, mode1, sizeof (struct cdrom_read), flag)) {
28101 			return (EFAULT);
28102 		}
28103 	}
28104 #else /* ! _MULTI_DATAMODEL */
28105 	if (ddi_copyin(data, mode1, sizeof (struct cdrom_read), flag)) {
28106 		return (EFAULT);
28107 	}
28108 #endif /* _MULTI_DATAMODEL */
28109 
28110 	rval = sd_send_scsi_READ(un, mode1->cdread_bufaddr,
28111 	    mode1->cdread_buflen, mode1->cdread_lba, SD_PATH_STANDARD);
28112 
28113 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28114 	    "sd_read_mode1: exit: un:0x%p\n", un);
28115 
28116 	return (rval);
28117 }
28118 
28119 
28120 /*
28121  *    Function: sr_read_cd_mode2()
28122  *
28123  * Description: This routine is the driver entry point for handling CD-ROM
28124  *		ioctl read mode2 requests (CDROMREADMODE2) for devices that
28125  *		support the READ CD (0xBE) command or the 1st generation
28126  *		READ CD (0xD4) command.
28127  *
28128  *   Arguments: dev	- the device 'dev_t'
28129  *		data	- pointer to user provided cd read structure specifying
28130  *			  the lba buffer address and length.
28131  *		flag	- this argument is a pass through to ddi_copyxxx()
28132  *			  directly from the mode argument of ioctl().
28133  *
28134  * Return Code: the code returned by sd_send_scsi_cmd()
28135  *		EFAULT if ddi_copyxxx() fails
28136  *		ENXIO if fail ddi_get_soft_state
28137  *		EINVAL if data pointer is NULL
28138  */
28139 
28140 static int
28141 sr_read_cd_mode2(dev_t dev, caddr_t data, int flag)
28142 {
28143 	struct sd_lun		*un;
28144 	struct uscsi_cmd	*com;
28145 	struct cdrom_read	mode2_struct;
28146 	struct cdrom_read	*mode2 = &mode2_struct;
28147 	uchar_t			cdb[CDB_GROUP5];
28148 	int			nblocks;
28149 	int			rval;
28150 #ifdef _MULTI_DATAMODEL
28151 	/*  To support ILP32 applications in an LP64 world */
28152 	struct cdrom_read32	cdrom_read32;
28153 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28154 #endif /* _MULTI_DATAMODEL */
28155 
28156 	if (data == NULL) {
28157 		return (EINVAL);
28158 	}
28159 
28160 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28161 	    (un->un_state == SD_STATE_OFFLINE)) {
28162 		return (ENXIO);
28163 	}
28164 
28165 #ifdef _MULTI_DATAMODEL
28166 	switch (ddi_model_convert_from(flag & FMODELS)) {
28167 	case DDI_MODEL_ILP32:
28168 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28169 			return (EFAULT);
28170 		}
28171 		/* Convert the ILP32 uscsi data from the application to LP64 */
28172 		cdrom_read32tocdrom_read(cdrd32, mode2);
28173 		break;
28174 	case DDI_MODEL_NONE:
28175 		if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28176 			return (EFAULT);
28177 		}
28178 		break;
28179 	}
28180 
28181 #else /* ! _MULTI_DATAMODEL */
28182 	if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28183 		return (EFAULT);
28184 	}
28185 #endif /* _MULTI_DATAMODEL */
28186 
28187 	bzero(cdb, sizeof (cdb));
28188 	if (un->un_f_cfg_read_cd_xd4 == TRUE) {
28189 		/* Read command supported by 1st generation atapi drives */
28190 		cdb[0] = SCMD_READ_CDD4;
28191 	} else {
28192 		/* Universal CD Access Command */
28193 		cdb[0] = SCMD_READ_CD;
28194 	}
28195 
28196 	/*
28197 	 * Set expected sector type to: 2336s byte, Mode 2 Yellow Book
28198 	 */
28199 	cdb[1] = CDROM_SECTOR_TYPE_MODE2;
28200 
28201 	/* set the start address */
28202 	cdb[2] = (uchar_t)((mode2->cdread_lba >> 24) & 0XFF);
28203 	cdb[3] = (uchar_t)((mode2->cdread_lba >> 16) & 0XFF);
28204 	cdb[4] = (uchar_t)((mode2->cdread_lba >> 8) & 0xFF);
28205 	cdb[5] = (uchar_t)(mode2->cdread_lba & 0xFF);
28206 
28207 	/* set the transfer length */
28208 	nblocks = mode2->cdread_buflen / 2336;
28209 	cdb[6] = (uchar_t)(nblocks >> 16);
28210 	cdb[7] = (uchar_t)(nblocks >> 8);
28211 	cdb[8] = (uchar_t)nblocks;
28212 
28213 	/* set the filter bits */
28214 	cdb[9] = CDROM_READ_CD_USERDATA;
28215 
28216 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28217 	com->uscsi_cdb = (caddr_t)cdb;
28218 	com->uscsi_cdblen = sizeof (cdb);
28219 	com->uscsi_bufaddr = mode2->cdread_bufaddr;
28220 	com->uscsi_buflen = mode2->cdread_buflen;
28221 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28222 
28223 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28224 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28225 	kmem_free(com, sizeof (*com));
28226 	return (rval);
28227 }
28228 
28229 
28230 /*
28231  *    Function: sr_read_mode2()
28232  *
28233  * Description: This routine is the driver entry point for handling CD-ROM
28234  *		ioctl read mode2 requests (CDROMREADMODE2) for devices that
28235  *		do not support the READ CD (0xBE) command.
28236  *
28237  *   Arguments: dev	- the device 'dev_t'
28238  *		data	- pointer to user provided cd read structure specifying
28239  *			  the lba buffer address and length.
28240  *		flag	- this argument is a pass through to ddi_copyxxx()
28241  *			  directly from the mode argument of ioctl().
28242  *
28243  * Return Code: the code returned by sd_send_scsi_cmd()
28244  *		EFAULT if ddi_copyxxx() fails
28245  *		ENXIO if fail ddi_get_soft_state
28246  *		EINVAL if data pointer is NULL
28247  *		EIO if fail to reset block size
28248  *		EAGAIN if commands are in progress in the driver
28249  */
28250 
28251 static int
28252 sr_read_mode2(dev_t dev, caddr_t data, int flag)
28253 {
28254 	struct sd_lun		*un;
28255 	struct cdrom_read	mode2_struct;
28256 	struct cdrom_read	*mode2 = &mode2_struct;
28257 	int			rval;
28258 	uint32_t		restore_blksize;
28259 	struct uscsi_cmd	*com;
28260 	uchar_t			cdb[CDB_GROUP0];
28261 	int			nblocks;
28262 
28263 #ifdef _MULTI_DATAMODEL
28264 	/* To support ILP32 applications in an LP64 world */
28265 	struct cdrom_read32	cdrom_read32;
28266 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28267 #endif /* _MULTI_DATAMODEL */
28268 
28269 	if (data == NULL) {
28270 		return (EINVAL);
28271 	}
28272 
28273 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28274 	    (un->un_state == SD_STATE_OFFLINE)) {
28275 		return (ENXIO);
28276 	}
28277 
28278 	/*
28279 	 * Because this routine will update the device and driver block size
28280 	 * being used we want to make sure there are no commands in progress.
28281 	 * If commands are in progress the user will have to try again.
28282 	 *
28283 	 * We check for 1 instead of 0 because we increment un_ncmds_in_driver
28284 	 * in sdioctl to protect commands from sdioctl through to the top of
28285 	 * sd_uscsi_strategy. See sdioctl for details.
28286 	 */
28287 	mutex_enter(SD_MUTEX(un));
28288 	if (un->un_ncmds_in_driver != 1) {
28289 		mutex_exit(SD_MUTEX(un));
28290 		return (EAGAIN);
28291 	}
28292 	mutex_exit(SD_MUTEX(un));
28293 
28294 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28295 	    "sd_read_mode2: entry: un:0x%p\n", un);
28296 
28297 #ifdef _MULTI_DATAMODEL
28298 	switch (ddi_model_convert_from(flag & FMODELS)) {
28299 	case DDI_MODEL_ILP32:
28300 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28301 			return (EFAULT);
28302 		}
28303 		/* Convert the ILP32 uscsi data from the application to LP64 */
28304 		cdrom_read32tocdrom_read(cdrd32, mode2);
28305 		break;
28306 	case DDI_MODEL_NONE:
28307 		if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28308 			return (EFAULT);
28309 		}
28310 		break;
28311 	}
28312 #else /* ! _MULTI_DATAMODEL */
28313 	if (ddi_copyin(data, mode2, sizeof (*mode2), flag)) {
28314 		return (EFAULT);
28315 	}
28316 #endif /* _MULTI_DATAMODEL */
28317 
28318 	/* Store the current target block size for restoration later */
28319 	restore_blksize = un->un_tgt_blocksize;
28320 
28321 	/* Change the device and soft state target block size to 2336 */
28322 	if (sr_sector_mode(dev, SD_MODE2_BLKSIZE) != 0) {
28323 		rval = EIO;
28324 		goto done;
28325 	}
28326 
28327 
28328 	bzero(cdb, sizeof (cdb));
28329 
28330 	/* set READ operation */
28331 	cdb[0] = SCMD_READ;
28332 
28333 	/* adjust lba for 2kbyte blocks from 512 byte blocks */
28334 	mode2->cdread_lba >>= 2;
28335 
28336 	/* set the start address */
28337 	cdb[1] = (uchar_t)((mode2->cdread_lba >> 16) & 0X1F);
28338 	cdb[2] = (uchar_t)((mode2->cdread_lba >> 8) & 0xFF);
28339 	cdb[3] = (uchar_t)(mode2->cdread_lba & 0xFF);
28340 
28341 	/* set the transfer length */
28342 	nblocks = mode2->cdread_buflen / 2336;
28343 	cdb[4] = (uchar_t)nblocks & 0xFF;
28344 
28345 	/* build command */
28346 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28347 	com->uscsi_cdb = (caddr_t)cdb;
28348 	com->uscsi_cdblen = sizeof (cdb);
28349 	com->uscsi_bufaddr = mode2->cdread_bufaddr;
28350 	com->uscsi_buflen = mode2->cdread_buflen;
28351 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28352 
28353 	/*
28354 	 * Issue SCSI command with user space address for read buffer.
28355 	 *
28356 	 * This sends the command through main channel in the driver.
28357 	 *
28358 	 * Since this is accessed via an IOCTL call, we go through the
28359 	 * standard path, so that if the device was powered down, then
28360 	 * it would be 'awakened' to handle the command.
28361 	 */
28362 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28363 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28364 
28365 	kmem_free(com, sizeof (*com));
28366 
28367 	/* Restore the device and soft state target block size */
28368 	if (sr_sector_mode(dev, restore_blksize) != 0) {
28369 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28370 		    "can't do switch back to mode 1\n");
28371 		/*
28372 		 * If sd_send_scsi_READ succeeded we still need to report
28373 		 * an error because we failed to reset the block size
28374 		 */
28375 		if (rval == 0) {
28376 			rval = EIO;
28377 		}
28378 	}
28379 
28380 done:
28381 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28382 	    "sd_read_mode2: exit: un:0x%p\n", un);
28383 
28384 	return (rval);
28385 }
28386 
28387 
28388 /*
28389  *    Function: sr_sector_mode()
28390  *
28391  * Description: This utility function is used by sr_read_mode2 to set the target
28392  *		block size based on the user specified size. This is a legacy
28393  *		implementation based upon a vendor specific mode page
28394  *
28395  *   Arguments: dev	- the device 'dev_t'
28396  *		data	- flag indicating if block size is being set to 2336 or
28397  *			  512.
28398  *
28399  * Return Code: the code returned by sd_send_scsi_cmd()
28400  *		EFAULT if ddi_copyxxx() fails
28401  *		ENXIO if fail ddi_get_soft_state
28402  *		EINVAL if data pointer is NULL
28403  */
28404 
28405 static int
28406 sr_sector_mode(dev_t dev, uint32_t blksize)
28407 {
28408 	struct sd_lun	*un;
28409 	uchar_t		*sense;
28410 	uchar_t		*select;
28411 	int		rval;
28412 
28413 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28414 	    (un->un_state == SD_STATE_OFFLINE)) {
28415 		return (ENXIO);
28416 	}
28417 
28418 	sense = kmem_zalloc(20, KM_SLEEP);
28419 
28420 	/* Note: This is a vendor specific mode page (0x81) */
28421 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense, 20, 0x81,
28422 	    SD_PATH_STANDARD)) != 0) {
28423 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28424 		    "sr_sector_mode: Mode Sense failed\n");
28425 		kmem_free(sense, 20);
28426 		return (rval);
28427 	}
28428 	select = kmem_zalloc(20, KM_SLEEP);
28429 	select[3] = 0x08;
28430 	select[10] = ((blksize >> 8) & 0xff);
28431 	select[11] = (blksize & 0xff);
28432 	select[12] = 0x01;
28433 	select[13] = 0x06;
28434 	select[14] = sense[14];
28435 	select[15] = sense[15];
28436 	if (blksize == SD_MODE2_BLKSIZE) {
28437 		select[14] |= 0x01;
28438 	}
28439 
28440 	if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select, 20,
28441 	    SD_DONTSAVE_PAGE, SD_PATH_STANDARD)) != 0) {
28442 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28443 		    "sr_sector_mode: Mode Select failed\n");
28444 	} else {
28445 		/*
28446 		 * Only update the softstate block size if we successfully
28447 		 * changed the device block mode.
28448 		 */
28449 		mutex_enter(SD_MUTEX(un));
28450 		sd_update_block_info(un, blksize, 0);
28451 		mutex_exit(SD_MUTEX(un));
28452 	}
28453 	kmem_free(sense, 20);
28454 	kmem_free(select, 20);
28455 	return (rval);
28456 }
28457 
28458 
28459 /*
28460  *    Function: sr_read_cdda()
28461  *
28462  * Description: This routine is the driver entry point for handling CD-ROM
28463  *		ioctl requests to return CD-DA or subcode data. (CDROMCDDA) If
28464  *		the target supports CDDA these requests are handled via a vendor
28465  *		specific command (0xD8) If the target does not support CDDA
28466  *		these requests are handled via the READ CD command (0xBE).
28467  *
28468  *   Arguments: dev	- the device 'dev_t'
28469  *		data	- pointer to user provided CD-DA structure specifying
28470  *			  the track starting address, transfer length, and
28471  *			  subcode options.
28472  *		flag	- this argument is a pass through to ddi_copyxxx()
28473  *			  directly from the mode argument of ioctl().
28474  *
28475  * Return Code: the code returned by sd_send_scsi_cmd()
28476  *		EFAULT if ddi_copyxxx() fails
28477  *		ENXIO if fail ddi_get_soft_state
28478  *		EINVAL if invalid arguments are provided
28479  *		ENOTTY
28480  */
28481 
28482 static int
28483 sr_read_cdda(dev_t dev, caddr_t data, int flag)
28484 {
28485 	struct sd_lun			*un;
28486 	struct uscsi_cmd		*com;
28487 	struct cdrom_cdda		*cdda;
28488 	int				rval;
28489 	size_t				buflen;
28490 	char				cdb[CDB_GROUP5];
28491 
28492 #ifdef _MULTI_DATAMODEL
28493 	/* To support ILP32 applications in an LP64 world */
28494 	struct cdrom_cdda32	cdrom_cdda32;
28495 	struct cdrom_cdda32	*cdda32 = &cdrom_cdda32;
28496 #endif /* _MULTI_DATAMODEL */
28497 
28498 	if (data == NULL) {
28499 		return (EINVAL);
28500 	}
28501 
28502 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28503 		return (ENXIO);
28504 	}
28505 
28506 	cdda = kmem_zalloc(sizeof (struct cdrom_cdda), KM_SLEEP);
28507 
28508 #ifdef _MULTI_DATAMODEL
28509 	switch (ddi_model_convert_from(flag & FMODELS)) {
28510 	case DDI_MODEL_ILP32:
28511 		if (ddi_copyin(data, cdda32, sizeof (*cdda32), flag)) {
28512 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28513 			    "sr_read_cdda: ddi_copyin Failed\n");
28514 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28515 			return (EFAULT);
28516 		}
28517 		/* Convert the ILP32 uscsi data from the application to LP64 */
28518 		cdrom_cdda32tocdrom_cdda(cdda32, cdda);
28519 		break;
28520 	case DDI_MODEL_NONE:
28521 		if (ddi_copyin(data, cdda, sizeof (struct cdrom_cdda), flag)) {
28522 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28523 			    "sr_read_cdda: ddi_copyin Failed\n");
28524 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28525 			return (EFAULT);
28526 		}
28527 		break;
28528 	}
28529 #else /* ! _MULTI_DATAMODEL */
28530 	if (ddi_copyin(data, cdda, sizeof (struct cdrom_cdda), flag)) {
28531 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28532 		    "sr_read_cdda: ddi_copyin Failed\n");
28533 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28534 		return (EFAULT);
28535 	}
28536 #endif /* _MULTI_DATAMODEL */
28537 
28538 	/*
28539 	 * Since MMC-2 expects max 3 bytes for length, check if the
28540 	 * length input is greater than 3 bytes
28541 	 */
28542 	if ((cdda->cdda_length & 0xFF000000) != 0) {
28543 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_read_cdda: "
28544 		    "cdrom transfer length too large: %d (limit %d)\n",
28545 		    cdda->cdda_length, 0xFFFFFF);
28546 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28547 		return (EINVAL);
28548 	}
28549 
28550 	switch (cdda->cdda_subcode) {
28551 	case CDROM_DA_NO_SUBCODE:
28552 		buflen = CDROM_BLK_2352 * cdda->cdda_length;
28553 		break;
28554 	case CDROM_DA_SUBQ:
28555 		buflen = CDROM_BLK_2368 * cdda->cdda_length;
28556 		break;
28557 	case CDROM_DA_ALL_SUBCODE:
28558 		buflen = CDROM_BLK_2448 * cdda->cdda_length;
28559 		break;
28560 	case CDROM_DA_SUBCODE_ONLY:
28561 		buflen = CDROM_BLK_SUBCODE * cdda->cdda_length;
28562 		break;
28563 	default:
28564 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28565 		    "sr_read_cdda: Subcode '0x%x' Not Supported\n",
28566 		    cdda->cdda_subcode);
28567 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28568 		return (EINVAL);
28569 	}
28570 
28571 	/* Build and send the command */
28572 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28573 	bzero(cdb, CDB_GROUP5);
28574 
28575 	if (un->un_f_cfg_cdda == TRUE) {
28576 		cdb[0] = (char)SCMD_READ_CD;
28577 		cdb[1] = 0x04;
28578 		cdb[2] = (((cdda->cdda_addr) & 0xff000000) >> 24);
28579 		cdb[3] = (((cdda->cdda_addr) & 0x00ff0000) >> 16);
28580 		cdb[4] = (((cdda->cdda_addr) & 0x0000ff00) >> 8);
28581 		cdb[5] = ((cdda->cdda_addr) & 0x000000ff);
28582 		cdb[6] = (((cdda->cdda_length) & 0x00ff0000) >> 16);
28583 		cdb[7] = (((cdda->cdda_length) & 0x0000ff00) >> 8);
28584 		cdb[8] = ((cdda->cdda_length) & 0x000000ff);
28585 		cdb[9] = 0x10;
28586 		switch (cdda->cdda_subcode) {
28587 		case CDROM_DA_NO_SUBCODE :
28588 			cdb[10] = 0x0;
28589 			break;
28590 		case CDROM_DA_SUBQ :
28591 			cdb[10] = 0x2;
28592 			break;
28593 		case CDROM_DA_ALL_SUBCODE :
28594 			cdb[10] = 0x1;
28595 			break;
28596 		case CDROM_DA_SUBCODE_ONLY :
28597 			/* FALLTHROUGH */
28598 		default :
28599 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28600 			kmem_free(com, sizeof (*com));
28601 			return (ENOTTY);
28602 		}
28603 	} else {
28604 		cdb[0] = (char)SCMD_READ_CDDA;
28605 		cdb[2] = (((cdda->cdda_addr) & 0xff000000) >> 24);
28606 		cdb[3] = (((cdda->cdda_addr) & 0x00ff0000) >> 16);
28607 		cdb[4] = (((cdda->cdda_addr) & 0x0000ff00) >> 8);
28608 		cdb[5] = ((cdda->cdda_addr) & 0x000000ff);
28609 		cdb[6] = (((cdda->cdda_length) & 0xff000000) >> 24);
28610 		cdb[7] = (((cdda->cdda_length) & 0x00ff0000) >> 16);
28611 		cdb[8] = (((cdda->cdda_length) & 0x0000ff00) >> 8);
28612 		cdb[9] = ((cdda->cdda_length) & 0x000000ff);
28613 		cdb[10] = cdda->cdda_subcode;
28614 	}
28615 
28616 	com->uscsi_cdb = cdb;
28617 	com->uscsi_cdblen = CDB_GROUP5;
28618 	com->uscsi_bufaddr = (caddr_t)cdda->cdda_data;
28619 	com->uscsi_buflen = buflen;
28620 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28621 
28622 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28623 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28624 
28625 	kmem_free(cdda, sizeof (struct cdrom_cdda));
28626 	kmem_free(com, sizeof (*com));
28627 	return (rval);
28628 }
28629 
28630 
28631 /*
28632  *    Function: sr_read_cdxa()
28633  *
28634  * Description: This routine is the driver entry point for handling CD-ROM
28635  *		ioctl requests to return CD-XA (Extended Architecture) data.
28636  *		(CDROMCDXA).
28637  *
28638  *   Arguments: dev	- the device 'dev_t'
28639  *		data	- pointer to user provided CD-XA structure specifying
28640  *			  the data starting address, transfer length, and format
28641  *		flag	- this argument is a pass through to ddi_copyxxx()
28642  *			  directly from the mode argument of ioctl().
28643  *
28644  * Return Code: the code returned by sd_send_scsi_cmd()
28645  *		EFAULT if ddi_copyxxx() fails
28646  *		ENXIO if fail ddi_get_soft_state
28647  *		EINVAL if data pointer is NULL
28648  */
28649 
28650 static int
28651 sr_read_cdxa(dev_t dev, caddr_t data, int flag)
28652 {
28653 	struct sd_lun		*un;
28654 	struct uscsi_cmd	*com;
28655 	struct cdrom_cdxa	*cdxa;
28656 	int			rval;
28657 	size_t			buflen;
28658 	char			cdb[CDB_GROUP5];
28659 	uchar_t			read_flags;
28660 
28661 #ifdef _MULTI_DATAMODEL
28662 	/* To support ILP32 applications in an LP64 world */
28663 	struct cdrom_cdxa32		cdrom_cdxa32;
28664 	struct cdrom_cdxa32		*cdxa32 = &cdrom_cdxa32;
28665 #endif /* _MULTI_DATAMODEL */
28666 
28667 	if (data == NULL) {
28668 		return (EINVAL);
28669 	}
28670 
28671 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28672 		return (ENXIO);
28673 	}
28674 
28675 	cdxa = kmem_zalloc(sizeof (struct cdrom_cdxa), KM_SLEEP);
28676 
28677 #ifdef _MULTI_DATAMODEL
28678 	switch (ddi_model_convert_from(flag & FMODELS)) {
28679 	case DDI_MODEL_ILP32:
28680 		if (ddi_copyin(data, cdxa32, sizeof (*cdxa32), flag)) {
28681 			kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28682 			return (EFAULT);
28683 		}
28684 		/*
28685 		 * Convert the ILP32 uscsi data from the
28686 		 * application to LP64 for internal use.
28687 		 */
28688 		cdrom_cdxa32tocdrom_cdxa(cdxa32, cdxa);
28689 		break;
28690 	case DDI_MODEL_NONE:
28691 		if (ddi_copyin(data, cdxa, sizeof (struct cdrom_cdxa), flag)) {
28692 			kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28693 			return (EFAULT);
28694 		}
28695 		break;
28696 	}
28697 #else /* ! _MULTI_DATAMODEL */
28698 	if (ddi_copyin(data, cdxa, sizeof (struct cdrom_cdxa), flag)) {
28699 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28700 		return (EFAULT);
28701 	}
28702 #endif /* _MULTI_DATAMODEL */
28703 
28704 	/*
28705 	 * Since MMC-2 expects max 3 bytes for length, check if the
28706 	 * length input is greater than 3 bytes
28707 	 */
28708 	if ((cdxa->cdxa_length & 0xFF000000) != 0) {
28709 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_read_cdxa: "
28710 		    "cdrom transfer length too large: %d (limit %d)\n",
28711 		    cdxa->cdxa_length, 0xFFFFFF);
28712 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28713 		return (EINVAL);
28714 	}
28715 
28716 	switch (cdxa->cdxa_format) {
28717 	case CDROM_XA_DATA:
28718 		buflen = CDROM_BLK_2048 * cdxa->cdxa_length;
28719 		read_flags = 0x10;
28720 		break;
28721 	case CDROM_XA_SECTOR_DATA:
28722 		buflen = CDROM_BLK_2352 * cdxa->cdxa_length;
28723 		read_flags = 0xf8;
28724 		break;
28725 	case CDROM_XA_DATA_W_ERROR:
28726 		buflen = CDROM_BLK_2646 * cdxa->cdxa_length;
28727 		read_flags = 0xfc;
28728 		break;
28729 	default:
28730 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28731 		    "sr_read_cdxa: Format '0x%x' Not Supported\n",
28732 		    cdxa->cdxa_format);
28733 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28734 		return (EINVAL);
28735 	}
28736 
28737 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28738 	bzero(cdb, CDB_GROUP5);
28739 	if (un->un_f_mmc_cap == TRUE) {
28740 		cdb[0] = (char)SCMD_READ_CD;
28741 		cdb[2] = (((cdxa->cdxa_addr) & 0xff000000) >> 24);
28742 		cdb[3] = (((cdxa->cdxa_addr) & 0x00ff0000) >> 16);
28743 		cdb[4] = (((cdxa->cdxa_addr) & 0x0000ff00) >> 8);
28744 		cdb[5] = ((cdxa->cdxa_addr) & 0x000000ff);
28745 		cdb[6] = (((cdxa->cdxa_length) & 0x00ff0000) >> 16);
28746 		cdb[7] = (((cdxa->cdxa_length) & 0x0000ff00) >> 8);
28747 		cdb[8] = ((cdxa->cdxa_length) & 0x000000ff);
28748 		cdb[9] = (char)read_flags;
28749 	} else {
28750 		/*
28751 		 * Note: A vendor specific command (0xDB) is being used her to
28752 		 * request a read of all subcodes.
28753 		 */
28754 		cdb[0] = (char)SCMD_READ_CDXA;
28755 		cdb[2] = (((cdxa->cdxa_addr) & 0xff000000) >> 24);
28756 		cdb[3] = (((cdxa->cdxa_addr) & 0x00ff0000) >> 16);
28757 		cdb[4] = (((cdxa->cdxa_addr) & 0x0000ff00) >> 8);
28758 		cdb[5] = ((cdxa->cdxa_addr) & 0x000000ff);
28759 		cdb[6] = (((cdxa->cdxa_length) & 0xff000000) >> 24);
28760 		cdb[7] = (((cdxa->cdxa_length) & 0x00ff0000) >> 16);
28761 		cdb[8] = (((cdxa->cdxa_length) & 0x0000ff00) >> 8);
28762 		cdb[9] = ((cdxa->cdxa_length) & 0x000000ff);
28763 		cdb[10] = cdxa->cdxa_format;
28764 	}
28765 	com->uscsi_cdb	   = cdb;
28766 	com->uscsi_cdblen  = CDB_GROUP5;
28767 	com->uscsi_bufaddr = (caddr_t)cdxa->cdxa_data;
28768 	com->uscsi_buflen  = buflen;
28769 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28770 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28771 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28772 	kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28773 	kmem_free(com, sizeof (*com));
28774 	return (rval);
28775 }
28776 
28777 
28778 /*
28779  *    Function: sr_eject()
28780  *
28781  * Description: This routine is the driver entry point for handling CD-ROM
28782  *		eject ioctl requests (FDEJECT, DKIOCEJECT, CDROMEJECT)
28783  *
28784  *   Arguments: dev	- the device 'dev_t'
28785  *
28786  * Return Code: the code returned by sd_send_scsi_cmd()
28787  */
28788 
28789 static int
28790 sr_eject(dev_t dev)
28791 {
28792 	struct sd_lun	*un;
28793 	int		rval;
28794 
28795 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28796 	    (un->un_state == SD_STATE_OFFLINE)) {
28797 		return (ENXIO);
28798 	}
28799 	if ((rval = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_ALLOW,
28800 	    SD_PATH_STANDARD)) != 0) {
28801 		return (rval);
28802 	}
28803 
28804 	rval = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_EJECT,
28805 	    SD_PATH_STANDARD);
28806 
28807 	if (rval == 0) {
28808 		mutex_enter(SD_MUTEX(un));
28809 		sr_ejected(un);
28810 		un->un_mediastate = DKIO_EJECTED;
28811 		cv_broadcast(&un->un_state_cv);
28812 		mutex_exit(SD_MUTEX(un));
28813 	}
28814 	return (rval);
28815 }
28816 
28817 
28818 /*
28819  *    Function: sr_ejected()
28820  *
28821  * Description: This routine updates the soft state structure to invalidate the
28822  *		geometry information after the media has been ejected or a
28823  *		media eject has been detected.
28824  *
28825  *   Arguments: un - driver soft state (unit) structure
28826  */
28827 
28828 static void
28829 sr_ejected(struct sd_lun *un)
28830 {
28831 	struct sd_errstats *stp;
28832 
28833 	ASSERT(un != NULL);
28834 	ASSERT(mutex_owned(SD_MUTEX(un)));
28835 
28836 	un->un_f_blockcount_is_valid	= FALSE;
28837 	un->un_f_tgt_blocksize_is_valid	= FALSE;
28838 	un->un_f_geometry_is_valid	= FALSE;
28839 
28840 	if (un->un_errstats != NULL) {
28841 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
28842 		stp->sd_capacity.value.ui64 = 0;
28843 	}
28844 }
28845 
28846 
28847 /*
28848  *    Function: sr_check_wp()
28849  *
28850  * Description: This routine checks the write protection of a removable media
28851  *		disk via the write protect bit of the Mode Page Header device
28852  *		specific field.  This routine has been implemented to use the
28853  *		error recovery mode page for all device types.
28854  *		Note: In the future use a sd_send_scsi_MODE_SENSE() routine
28855  *
28856  *   Arguments: dev		- the device 'dev_t'
28857  *
28858  * Return Code: int indicating if the device is write protected (1) or not (0)
28859  *
28860  *     Context: Kernel thread.
28861  *
28862  */
28863 
28864 static int
28865 sr_check_wp(dev_t dev)
28866 {
28867 	struct sd_lun	*un;
28868 	uchar_t		device_specific;
28869 	uchar_t		*sense;
28870 	int		hdrlen;
28871 	int		rval;
28872 	int		retry_flag = FALSE;
28873 
28874 	/*
28875 	 * Note: The return codes for this routine should be reworked to
28876 	 * properly handle the case of a NULL softstate.
28877 	 */
28878 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28879 		return (FALSE);
28880 	}
28881 
28882 	if (un->un_f_cfg_is_atapi == TRUE) {
28883 		retry_flag = TRUE;
28884 	}
28885 
28886 retry:
28887 	if (un->un_f_cfg_is_atapi == TRUE) {
28888 		/*
28889 		 * The mode page contents are not required; set the allocation
28890 		 * length for the mode page header only
28891 		 */
28892 		hdrlen = MODE_HEADER_LENGTH_GRP2;
28893 		sense = kmem_zalloc(hdrlen, KM_SLEEP);
28894 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense, hdrlen,
28895 		    MODEPAGE_ERR_RECOV, SD_PATH_STANDARD);
28896 		device_specific =
28897 		    ((struct mode_header_grp2 *)sense)->device_specific;
28898 	} else {
28899 		hdrlen = MODE_HEADER_LENGTH;
28900 		sense = kmem_zalloc(hdrlen, KM_SLEEP);
28901 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense, hdrlen,
28902 		    MODEPAGE_ERR_RECOV, SD_PATH_STANDARD);
28903 		device_specific =
28904 		    ((struct mode_header *)sense)->device_specific;
28905 	}
28906 
28907 	if (rval != 0) {
28908 		if ((un->un_f_cfg_is_atapi == TRUE) && (retry_flag)) {
28909 			/*
28910 			 * For an Atapi Zip drive, observed the drive
28911 			 * reporting check condition for the first attempt.
28912 			 * Sense data indicating power on or bus device/reset.
28913 			 * Hence in case of failure need to try at least once
28914 			 * for Atapi devices.
28915 			 */
28916 			retry_flag = FALSE;
28917 			kmem_free(sense, hdrlen);
28918 			goto retry;
28919 		} else {
28920 			/*
28921 			 * Write protect mode sense failed; not all disks
28922 			 * understand this query. Return FALSE assuming that
28923 			 * these devices are not writable.
28924 			 */
28925 			rval = FALSE;
28926 		}
28927 	} else {
28928 		if (device_specific & WRITE_PROTECT) {
28929 			rval = TRUE;
28930 		} else {
28931 			rval = FALSE;
28932 		}
28933 	}
28934 	kmem_free(sense, hdrlen);
28935 	return (rval);
28936 }
28937 
28938 
28939 /*
28940  *    Function: sr_volume_ctrl()
28941  *
28942  * Description: This routine is the driver entry point for handling CD-ROM
28943  *		audio output volume ioctl requests. (CDROMVOLCTRL)
28944  *
28945  *   Arguments: dev	- the device 'dev_t'
28946  *		data	- pointer to user audio volume control structure
28947  *		flag	- this argument is a pass through to ddi_copyxxx()
28948  *			  directly from the mode argument of ioctl().
28949  *
28950  * Return Code: the code returned by sd_send_scsi_cmd()
28951  *		EFAULT if ddi_copyxxx() fails
28952  *		ENXIO if fail ddi_get_soft_state
28953  *		EINVAL if data pointer is NULL
28954  *
28955  */
28956 
28957 static int
28958 sr_volume_ctrl(dev_t dev, caddr_t data, int flag)
28959 {
28960 	struct sd_lun		*un;
28961 	struct cdrom_volctrl    volume;
28962 	struct cdrom_volctrl    *vol = &volume;
28963 	uchar_t			*sense_page;
28964 	uchar_t			*select_page;
28965 	uchar_t			*sense;
28966 	uchar_t			*select;
28967 	int			sense_buflen;
28968 	int			select_buflen;
28969 	int			rval;
28970 
28971 	if (data == NULL) {
28972 		return (EINVAL);
28973 	}
28974 
28975 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28976 	    (un->un_state == SD_STATE_OFFLINE)) {
28977 		return (ENXIO);
28978 	}
28979 
28980 	if (ddi_copyin(data, vol, sizeof (struct cdrom_volctrl), flag)) {
28981 		return (EFAULT);
28982 	}
28983 
28984 	if ((un->un_f_cfg_is_atapi == TRUE) || (un->un_f_mmc_cap == TRUE)) {
28985 		struct mode_header_grp2		*sense_mhp;
28986 		struct mode_header_grp2		*select_mhp;
28987 		int				bd_len;
28988 
28989 		sense_buflen = MODE_PARAM_LENGTH_GRP2 + MODEPAGE_AUDIO_CTRL_LEN;
28990 		select_buflen = MODE_HEADER_LENGTH_GRP2 +
28991 		    MODEPAGE_AUDIO_CTRL_LEN;
28992 		sense  = kmem_zalloc(sense_buflen, KM_SLEEP);
28993 		select = kmem_zalloc(select_buflen, KM_SLEEP);
28994 		if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense,
28995 		    sense_buflen, MODEPAGE_AUDIO_CTRL,
28996 		    SD_PATH_STANDARD)) != 0) {
28997 			SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28998 			    "sr_volume_ctrl: Mode Sense Failed\n");
28999 			kmem_free(sense, sense_buflen);
29000 			kmem_free(select, select_buflen);
29001 			return (rval);
29002 		}
29003 		sense_mhp = (struct mode_header_grp2 *)sense;
29004 		select_mhp = (struct mode_header_grp2 *)select;
29005 		bd_len = (sense_mhp->bdesc_length_hi << 8) |
29006 		    sense_mhp->bdesc_length_lo;
29007 		if (bd_len > MODE_BLK_DESC_LENGTH) {
29008 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
29009 			    "sr_volume_ctrl: Mode Sense returned invalid "
29010 			    "block descriptor length\n");
29011 			kmem_free(sense, sense_buflen);
29012 			kmem_free(select, select_buflen);
29013 			return (EIO);
29014 		}
29015 		sense_page = (uchar_t *)
29016 		    (sense + MODE_HEADER_LENGTH_GRP2 + bd_len);
29017 		select_page = (uchar_t *)(select + MODE_HEADER_LENGTH_GRP2);
29018 		select_mhp->length_msb = 0;
29019 		select_mhp->length_lsb = 0;
29020 		select_mhp->bdesc_length_hi = 0;
29021 		select_mhp->bdesc_length_lo = 0;
29022 	} else {
29023 		struct mode_header		*sense_mhp, *select_mhp;
29024 
29025 		sense_buflen = MODE_PARAM_LENGTH + MODEPAGE_AUDIO_CTRL_LEN;
29026 		select_buflen = MODE_HEADER_LENGTH + MODEPAGE_AUDIO_CTRL_LEN;
29027 		sense  = kmem_zalloc(sense_buflen, KM_SLEEP);
29028 		select = kmem_zalloc(select_buflen, KM_SLEEP);
29029 		if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
29030 		    sense_buflen, MODEPAGE_AUDIO_CTRL,
29031 		    SD_PATH_STANDARD)) != 0) {
29032 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
29033 			    "sr_volume_ctrl: Mode Sense Failed\n");
29034 			kmem_free(sense, sense_buflen);
29035 			kmem_free(select, select_buflen);
29036 			return (rval);
29037 		}
29038 		sense_mhp  = (struct mode_header *)sense;
29039 		select_mhp = (struct mode_header *)select;
29040 		if (sense_mhp->bdesc_length > MODE_BLK_DESC_LENGTH) {
29041 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
29042 			    "sr_volume_ctrl: Mode Sense returned invalid "
29043 			    "block descriptor length\n");
29044 			kmem_free(sense, sense_buflen);
29045 			kmem_free(select, select_buflen);
29046 			return (EIO);
29047 		}
29048 		sense_page = (uchar_t *)
29049 		    (sense + MODE_HEADER_LENGTH + sense_mhp->bdesc_length);
29050 		select_page = (uchar_t *)(select + MODE_HEADER_LENGTH);
29051 		select_mhp->length = 0;
29052 		select_mhp->bdesc_length = 0;
29053 	}
29054 	/*
29055 	 * Note: An audio control data structure could be created and overlayed
29056 	 * on the following in place of the array indexing method implemented.
29057 	 */
29058 
29059 	/* Build the select data for the user volume data */
29060 	select_page[0] = MODEPAGE_AUDIO_CTRL;
29061 	select_page[1] = 0xE;
29062 	/* Set the immediate bit */
29063 	select_page[2] = 0x04;
29064 	/* Zero out reserved fields */
29065 	select_page[3] = 0x00;
29066 	select_page[4] = 0x00;
29067 	/* Return sense data for fields not to be modified */
29068 	select_page[5] = sense_page[5];
29069 	select_page[6] = sense_page[6];
29070 	select_page[7] = sense_page[7];
29071 	/* Set the user specified volume levels for channel 0 and 1 */
29072 	select_page[8] = 0x01;
29073 	select_page[9] = vol->channel0;
29074 	select_page[10] = 0x02;
29075 	select_page[11] = vol->channel1;
29076 	/* Channel 2 and 3 are currently unsupported so return the sense data */
29077 	select_page[12] = sense_page[12];
29078 	select_page[13] = sense_page[13];
29079 	select_page[14] = sense_page[14];
29080 	select_page[15] = sense_page[15];
29081 
29082 	if ((un->un_f_cfg_is_atapi == TRUE) || (un->un_f_mmc_cap == TRUE)) {
29083 		rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP1, select,
29084 		    select_buflen, SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
29085 	} else {
29086 		rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
29087 		    select_buflen, SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
29088 	}
29089 
29090 	kmem_free(sense, sense_buflen);
29091 	kmem_free(select, select_buflen);
29092 	return (rval);
29093 }
29094 
29095 
29096 /*
29097  *    Function: sr_read_sony_session_offset()
29098  *
29099  * Description: This routine is the driver entry point for handling CD-ROM
29100  *		ioctl requests for session offset information. (CDROMREADOFFSET)
29101  *		The address of the first track in the last session of a
29102  *		multi-session CD-ROM is returned
29103  *
29104  *		Note: This routine uses a vendor specific key value in the
29105  *		command control field without implementing any vendor check here
29106  *		or in the ioctl routine.
29107  *
29108  *   Arguments: dev	- the device 'dev_t'
29109  *		data	- pointer to an int to hold the requested address
29110  *		flag	- this argument is a pass through to ddi_copyxxx()
29111  *			  directly from the mode argument of ioctl().
29112  *
29113  * Return Code: the code returned by sd_send_scsi_cmd()
29114  *		EFAULT if ddi_copyxxx() fails
29115  *		ENXIO if fail ddi_get_soft_state
29116  *		EINVAL if data pointer is NULL
29117  */
29118 
29119 static int
29120 sr_read_sony_session_offset(dev_t dev, caddr_t data, int flag)
29121 {
29122 	struct sd_lun		*un;
29123 	struct uscsi_cmd	*com;
29124 	caddr_t			buffer;
29125 	char			cdb[CDB_GROUP1];
29126 	int			session_offset = 0;
29127 	int			rval;
29128 
29129 	if (data == NULL) {
29130 		return (EINVAL);
29131 	}
29132 
29133 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
29134 	    (un->un_state == SD_STATE_OFFLINE)) {
29135 		return (ENXIO);
29136 	}
29137 
29138 	buffer = kmem_zalloc((size_t)SONY_SESSION_OFFSET_LEN, KM_SLEEP);
29139 	bzero(cdb, CDB_GROUP1);
29140 	cdb[0] = SCMD_READ_TOC;
29141 	/*
29142 	 * Bytes 7 & 8 are the 12 byte allocation length for a single entry.
29143 	 * (4 byte TOC response header + 8 byte response data)
29144 	 */
29145 	cdb[8] = SONY_SESSION_OFFSET_LEN;
29146 	/* Byte 9 is the control byte. A vendor specific value is used */
29147 	cdb[9] = SONY_SESSION_OFFSET_KEY;
29148 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
29149 	com->uscsi_cdb = cdb;
29150 	com->uscsi_cdblen = CDB_GROUP1;
29151 	com->uscsi_bufaddr = buffer;
29152 	com->uscsi_buflen = SONY_SESSION_OFFSET_LEN;
29153 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
29154 
29155 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
29156 	    UIO_SYSSPACE, SD_PATH_STANDARD);
29157 	if (rval != 0) {
29158 		kmem_free(buffer, SONY_SESSION_OFFSET_LEN);
29159 		kmem_free(com, sizeof (*com));
29160 		return (rval);
29161 	}
29162 	if (buffer[1] == SONY_SESSION_OFFSET_VALID) {
29163 		session_offset =
29164 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
29165 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
29166 		/*
29167 		 * Offset returned offset in current lbasize block's. Convert to
29168 		 * 2k block's to return to the user
29169 		 */
29170 		if (un->un_tgt_blocksize == CDROM_BLK_512) {
29171 			session_offset >>= 2;
29172 		} else if (un->un_tgt_blocksize == CDROM_BLK_1024) {
29173 			session_offset >>= 1;
29174 		}
29175 	}
29176 
29177 	if (ddi_copyout(&session_offset, data, sizeof (int), flag) != 0) {
29178 		rval = EFAULT;
29179 	}
29180 
29181 	kmem_free(buffer, SONY_SESSION_OFFSET_LEN);
29182 	kmem_free(com, sizeof (*com));
29183 	return (rval);
29184 }
29185 
29186 
29187 /*
29188  *    Function: sd_wm_cache_constructor()
29189  *
29190  * Description: Cache Constructor for the wmap cache for the read/modify/write
29191  * 		devices.
29192  *
29193  *   Arguments: wm      - A pointer to the sd_w_map to be initialized.
29194  *		un	- sd_lun structure for the device.
29195  *		flag	- the km flags passed to constructor
29196  *
29197  * Return Code: 0 on success.
29198  *		-1 on failure.
29199  */
29200 
29201 /*ARGSUSED*/
29202 static int
29203 sd_wm_cache_constructor(void *wm, void *un, int flags)
29204 {
29205 	bzero(wm, sizeof (struct sd_w_map));
29206 	cv_init(&((struct sd_w_map *)wm)->wm_avail, NULL, CV_DRIVER, NULL);
29207 	return (0);
29208 }
29209 
29210 
29211 /*
29212  *    Function: sd_wm_cache_destructor()
29213  *
29214  * Description: Cache destructor for the wmap cache for the read/modify/write
29215  * 		devices.
29216  *
29217  *   Arguments: wm      - A pointer to the sd_w_map to be initialized.
29218  *		un	- sd_lun structure for the device.
29219  */
29220 /*ARGSUSED*/
29221 static void
29222 sd_wm_cache_destructor(void *wm, void *un)
29223 {
29224 	cv_destroy(&((struct sd_w_map *)wm)->wm_avail);
29225 }
29226 
29227 
29228 /*
29229  *    Function: sd_range_lock()
29230  *
29231  * Description: Lock the range of blocks specified as parameter to ensure
29232  *		that read, modify write is atomic and no other i/o writes
29233  *		to the same location. The range is specified in terms
29234  *		of start and end blocks. Block numbers are the actual
29235  *		media block numbers and not system.
29236  *
29237  *   Arguments: un	- sd_lun structure for the device.
29238  *		startb - The starting block number
29239  *		endb - The end block number
29240  *		typ - type of i/o - simple/read_modify_write
29241  *
29242  * Return Code: wm  - pointer to the wmap structure.
29243  *
29244  *     Context: This routine can sleep.
29245  */
29246 
29247 static struct sd_w_map *
29248 sd_range_lock(struct sd_lun *un, daddr_t startb, daddr_t endb, ushort_t typ)
29249 {
29250 	struct sd_w_map *wmp = NULL;
29251 	struct sd_w_map *sl_wmp = NULL;
29252 	struct sd_w_map *tmp_wmp;
29253 	wm_state state = SD_WM_CHK_LIST;
29254 
29255 
29256 	ASSERT(un != NULL);
29257 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29258 
29259 	mutex_enter(SD_MUTEX(un));
29260 
29261 	while (state != SD_WM_DONE) {
29262 
29263 		switch (state) {
29264 		case SD_WM_CHK_LIST:
29265 			/*
29266 			 * This is the starting state. Check the wmap list
29267 			 * to see if the range is currently available.
29268 			 */
29269 			if (!(typ & SD_WTYPE_RMW) && !(un->un_rmw_count)) {
29270 				/*
29271 				 * If this is a simple write and no rmw
29272 				 * i/o is pending then try to lock the
29273 				 * range as the range should be available.
29274 				 */
29275 				state = SD_WM_LOCK_RANGE;
29276 			} else {
29277 				tmp_wmp = sd_get_range(un, startb, endb);
29278 				if (tmp_wmp != NULL) {
29279 					if ((wmp != NULL) && ONLIST(un, wmp)) {
29280 						/*
29281 						 * Should not keep onlist wmps
29282 						 * while waiting this macro
29283 						 * will also do wmp = NULL;
29284 						 */
29285 						FREE_ONLIST_WMAP(un, wmp);
29286 					}
29287 					/*
29288 					 * sl_wmp is the wmap on which wait
29289 					 * is done, since the tmp_wmp points
29290 					 * to the inuse wmap, set sl_wmp to
29291 					 * tmp_wmp and change the state to sleep
29292 					 */
29293 					sl_wmp = tmp_wmp;
29294 					state = SD_WM_WAIT_MAP;
29295 				} else {
29296 					state = SD_WM_LOCK_RANGE;
29297 				}
29298 
29299 			}
29300 			break;
29301 
29302 		case SD_WM_LOCK_RANGE:
29303 			ASSERT(un->un_wm_cache);
29304 			/*
29305 			 * The range need to be locked, try to get a wmap.
29306 			 * First attempt it with NO_SLEEP, want to avoid a sleep
29307 			 * if possible as we will have to release the sd mutex
29308 			 * if we have to sleep.
29309 			 */
29310 			if (wmp == NULL)
29311 				wmp = kmem_cache_alloc(un->un_wm_cache,
29312 				    KM_NOSLEEP);
29313 			if (wmp == NULL) {
29314 				mutex_exit(SD_MUTEX(un));
29315 				_NOTE(DATA_READABLE_WITHOUT_LOCK
29316 				    (sd_lun::un_wm_cache))
29317 				wmp = kmem_cache_alloc(un->un_wm_cache,
29318 				    KM_SLEEP);
29319 				mutex_enter(SD_MUTEX(un));
29320 				/*
29321 				 * we released the mutex so recheck and go to
29322 				 * check list state.
29323 				 */
29324 				state = SD_WM_CHK_LIST;
29325 			} else {
29326 				/*
29327 				 * We exit out of state machine since we
29328 				 * have the wmap. Do the housekeeping first.
29329 				 * place the wmap on the wmap list if it is not
29330 				 * on it already and then set the state to done.
29331 				 */
29332 				wmp->wm_start = startb;
29333 				wmp->wm_end = endb;
29334 				wmp->wm_flags = typ | SD_WM_BUSY;
29335 				if (typ & SD_WTYPE_RMW) {
29336 					un->un_rmw_count++;
29337 				}
29338 				/*
29339 				 * If not already on the list then link
29340 				 */
29341 				if (!ONLIST(un, wmp)) {
29342 					wmp->wm_next = un->un_wm;
29343 					wmp->wm_prev = NULL;
29344 					if (wmp->wm_next)
29345 						wmp->wm_next->wm_prev = wmp;
29346 					un->un_wm = wmp;
29347 				}
29348 				state = SD_WM_DONE;
29349 			}
29350 			break;
29351 
29352 		case SD_WM_WAIT_MAP:
29353 			ASSERT(sl_wmp->wm_flags & SD_WM_BUSY);
29354 			/*
29355 			 * Wait is done on sl_wmp, which is set in the
29356 			 * check_list state.
29357 			 */
29358 			sl_wmp->wm_wanted_count++;
29359 			cv_wait(&sl_wmp->wm_avail, SD_MUTEX(un));
29360 			sl_wmp->wm_wanted_count--;
29361 			if (!(sl_wmp->wm_flags & SD_WM_BUSY)) {
29362 				if (wmp != NULL)
29363 					CHK_N_FREEWMP(un, wmp);
29364 				wmp = sl_wmp;
29365 			}
29366 			sl_wmp = NULL;
29367 			/*
29368 			 * After waking up, need to recheck for availability of
29369 			 * range.
29370 			 */
29371 			state = SD_WM_CHK_LIST;
29372 			break;
29373 
29374 		default:
29375 			panic("sd_range_lock: "
29376 			    "Unknown state %d in sd_range_lock", state);
29377 			/*NOTREACHED*/
29378 		} /* switch(state) */
29379 
29380 	} /* while(state != SD_WM_DONE) */
29381 
29382 	mutex_exit(SD_MUTEX(un));
29383 
29384 	ASSERT(wmp != NULL);
29385 
29386 	return (wmp);
29387 }
29388 
29389 
29390 /*
29391  *    Function: sd_get_range()
29392  *
29393  * Description: Find if there any overlapping I/O to this one
29394  *		Returns the write-map of 1st such I/O, NULL otherwise.
29395  *
29396  *   Arguments: un	- sd_lun structure for the device.
29397  *		startb - The starting block number
29398  *		endb - The end block number
29399  *
29400  * Return Code: wm  - pointer to the wmap structure.
29401  */
29402 
29403 static struct sd_w_map *
29404 sd_get_range(struct sd_lun *un, daddr_t startb, daddr_t endb)
29405 {
29406 	struct sd_w_map *wmp;
29407 
29408 	ASSERT(un != NULL);
29409 
29410 	for (wmp = un->un_wm; wmp != NULL; wmp = wmp->wm_next) {
29411 		if (!(wmp->wm_flags & SD_WM_BUSY)) {
29412 			continue;
29413 		}
29414 		if ((startb >= wmp->wm_start) && (startb <= wmp->wm_end)) {
29415 			break;
29416 		}
29417 		if ((endb >= wmp->wm_start) && (endb <= wmp->wm_end)) {
29418 			break;
29419 		}
29420 	}
29421 
29422 	return (wmp);
29423 }
29424 
29425 
29426 /*
29427  *    Function: sd_free_inlist_wmap()
29428  *
29429  * Description: Unlink and free a write map struct.
29430  *
29431  *   Arguments: un      - sd_lun structure for the device.
29432  *		wmp	- sd_w_map which needs to be unlinked.
29433  */
29434 
29435 static void
29436 sd_free_inlist_wmap(struct sd_lun *un, struct sd_w_map *wmp)
29437 {
29438 	ASSERT(un != NULL);
29439 
29440 	if (un->un_wm == wmp) {
29441 		un->un_wm = wmp->wm_next;
29442 	} else {
29443 		wmp->wm_prev->wm_next = wmp->wm_next;
29444 	}
29445 
29446 	if (wmp->wm_next) {
29447 		wmp->wm_next->wm_prev = wmp->wm_prev;
29448 	}
29449 
29450 	wmp->wm_next = wmp->wm_prev = NULL;
29451 
29452 	kmem_cache_free(un->un_wm_cache, wmp);
29453 }
29454 
29455 
29456 /*
29457  *    Function: sd_range_unlock()
29458  *
29459  * Description: Unlock the range locked by wm.
29460  *		Free write map if nobody else is waiting on it.
29461  *
29462  *   Arguments: un      - sd_lun structure for the device.
29463  *              wmp     - sd_w_map which needs to be unlinked.
29464  */
29465 
29466 static void
29467 sd_range_unlock(struct sd_lun *un, struct sd_w_map *wm)
29468 {
29469 	ASSERT(un != NULL);
29470 	ASSERT(wm != NULL);
29471 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29472 
29473 	mutex_enter(SD_MUTEX(un));
29474 
29475 	if (wm->wm_flags & SD_WTYPE_RMW) {
29476 		un->un_rmw_count--;
29477 	}
29478 
29479 	if (wm->wm_wanted_count) {
29480 		wm->wm_flags = 0;
29481 		/*
29482 		 * Broadcast that the wmap is available now.
29483 		 */
29484 		cv_broadcast(&wm->wm_avail);
29485 	} else {
29486 		/*
29487 		 * If no one is waiting on the map, it should be free'ed.
29488 		 */
29489 		sd_free_inlist_wmap(un, wm);
29490 	}
29491 
29492 	mutex_exit(SD_MUTEX(un));
29493 }
29494 
29495 
29496 /*
29497  *    Function: sd_read_modify_write_task
29498  *
29499  * Description: Called from a taskq thread to initiate the write phase of
29500  *		a read-modify-write request.  This is used for targets where
29501  *		un->un_sys_blocksize != un->un_tgt_blocksize.
29502  *
29503  *   Arguments: arg - a pointer to the buf(9S) struct for the write command.
29504  *
29505  *     Context: Called under taskq thread context.
29506  */
29507 
29508 static void
29509 sd_read_modify_write_task(void *arg)
29510 {
29511 	struct sd_mapblocksize_info	*bsp;
29512 	struct buf	*bp;
29513 	struct sd_xbuf	*xp;
29514 	struct sd_lun	*un;
29515 
29516 	bp = arg;	/* The bp is given in arg */
29517 	ASSERT(bp != NULL);
29518 
29519 	/* Get the pointer to the layer-private data struct */
29520 	xp = SD_GET_XBUF(bp);
29521 	ASSERT(xp != NULL);
29522 	bsp = xp->xb_private;
29523 	ASSERT(bsp != NULL);
29524 
29525 	un = SD_GET_UN(bp);
29526 	ASSERT(un != NULL);
29527 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29528 
29529 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
29530 	    "sd_read_modify_write_task: entry: buf:0x%p\n", bp);
29531 
29532 	/*
29533 	 * This is the write phase of a read-modify-write request, called
29534 	 * under the context of a taskq thread in response to the completion
29535 	 * of the read portion of the rmw request completing under interrupt
29536 	 * context. The write request must be sent from here down the iostart
29537 	 * chain as if it were being sent from sd_mapblocksize_iostart(), so
29538 	 * we use the layer index saved in the layer-private data area.
29539 	 */
29540 	SD_NEXT_IOSTART(bsp->mbs_layer_index, un, bp);
29541 
29542 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
29543 	    "sd_read_modify_write_task: exit: buf:0x%p\n", bp);
29544 }
29545 
29546 
29547 /*
29548  *    Function: sddump_do_read_of_rmw()
29549  *
29550  * Description: This routine will be called from sddump, If sddump is called
29551  *		with an I/O which not aligned on device blocksize boundary
29552  *		then the write has to be converted to read-modify-write.
29553  *		Do the read part here in order to keep sddump simple.
29554  *		Note - That the sd_mutex is held across the call to this
29555  *		routine.
29556  *
29557  *   Arguments: un	- sd_lun
29558  *		blkno	- block number in terms of media block size.
29559  *		nblk	- number of blocks.
29560  *		bpp	- pointer to pointer to the buf structure. On return
29561  *			from this function, *bpp points to the valid buffer
29562  *			to which the write has to be done.
29563  *
29564  * Return Code: 0 for success or errno-type return code
29565  */
29566 
29567 static int
29568 sddump_do_read_of_rmw(struct sd_lun *un, uint64_t blkno, uint64_t nblk,
29569 	struct buf **bpp)
29570 {
29571 	int err;
29572 	int i;
29573 	int rval;
29574 	struct buf *bp;
29575 	struct scsi_pkt *pkt = NULL;
29576 	uint32_t target_blocksize;
29577 
29578 	ASSERT(un != NULL);
29579 	ASSERT(mutex_owned(SD_MUTEX(un)));
29580 
29581 	target_blocksize = un->un_tgt_blocksize;
29582 
29583 	mutex_exit(SD_MUTEX(un));
29584 
29585 	bp = scsi_alloc_consistent_buf(SD_ADDRESS(un), (struct buf *)NULL,
29586 	    (size_t)(nblk * target_blocksize), B_READ, NULL_FUNC, NULL);
29587 	if (bp == NULL) {
29588 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29589 		    "no resources for dumping; giving up");
29590 		err = ENOMEM;
29591 		goto done;
29592 	}
29593 
29594 	rval = sd_setup_rw_pkt(un, &pkt, bp, 0, NULL_FUNC, NULL,
29595 	    blkno, nblk);
29596 	if (rval != 0) {
29597 		scsi_free_consistent_buf(bp);
29598 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29599 		    "no resources for dumping; giving up");
29600 		err = ENOMEM;
29601 		goto done;
29602 	}
29603 
29604 	pkt->pkt_flags |= FLAG_NOINTR;
29605 
29606 	err = EIO;
29607 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
29608 
29609 		/*
29610 		 * Scsi_poll returns 0 (success) if the command completes and
29611 		 * the status block is STATUS_GOOD.  We should only check
29612 		 * errors if this condition is not true.  Even then we should
29613 		 * send our own request sense packet only if we have a check
29614 		 * condition and auto request sense has not been performed by
29615 		 * the hba.
29616 		 */
29617 		SD_TRACE(SD_LOG_DUMP, un, "sddump: sending read\n");
29618 
29619 		if ((sd_scsi_poll(un, pkt) == 0) && (pkt->pkt_resid == 0)) {
29620 			err = 0;
29621 			break;
29622 		}
29623 
29624 		/*
29625 		 * Check CMD_DEV_GONE 1st, give up if device is gone,
29626 		 * no need to read RQS data.
29627 		 */
29628 		if (pkt->pkt_reason == CMD_DEV_GONE) {
29629 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29630 			    "Device is gone\n");
29631 			break;
29632 		}
29633 
29634 		if (SD_GET_PKT_STATUS(pkt) == STATUS_CHECK) {
29635 			SD_INFO(SD_LOG_DUMP, un,
29636 			    "sddump: read failed with CHECK, try # %d\n", i);
29637 			if (((pkt->pkt_state & STATE_ARQ_DONE) == 0)) {
29638 				(void) sd_send_polled_RQS(un);
29639 			}
29640 
29641 			continue;
29642 		}
29643 
29644 		if (SD_GET_PKT_STATUS(pkt) == STATUS_BUSY) {
29645 			int reset_retval = 0;
29646 
29647 			SD_INFO(SD_LOG_DUMP, un,
29648 			    "sddump: read failed with BUSY, try # %d\n", i);
29649 
29650 			if (un->un_f_lun_reset_enabled == TRUE) {
29651 				reset_retval = scsi_reset(SD_ADDRESS(un),
29652 				    RESET_LUN);
29653 			}
29654 			if (reset_retval == 0) {
29655 				(void) scsi_reset(SD_ADDRESS(un), RESET_TARGET);
29656 			}
29657 			(void) sd_send_polled_RQS(un);
29658 
29659 		} else {
29660 			SD_INFO(SD_LOG_DUMP, un,
29661 			    "sddump: read failed with 0x%x, try # %d\n",
29662 			    SD_GET_PKT_STATUS(pkt), i);
29663 			mutex_enter(SD_MUTEX(un));
29664 			sd_reset_target(un, pkt);
29665 			mutex_exit(SD_MUTEX(un));
29666 		}
29667 
29668 		/*
29669 		 * If we are not getting anywhere with lun/target resets,
29670 		 * let's reset the bus.
29671 		 */
29672 		if (i > SD_NDUMP_RETRIES/2) {
29673 			(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
29674 			(void) sd_send_polled_RQS(un);
29675 		}
29676 
29677 	}
29678 	scsi_destroy_pkt(pkt);
29679 
29680 	if (err != 0) {
29681 		scsi_free_consistent_buf(bp);
29682 		*bpp = NULL;
29683 	} else {
29684 		*bpp = bp;
29685 	}
29686 
29687 done:
29688 	mutex_enter(SD_MUTEX(un));
29689 	return (err);
29690 }
29691 
29692 
29693 /*
29694  *    Function: sd_failfast_flushq
29695  *
29696  * Description: Take all bp's on the wait queue that have B_FAILFAST set
29697  *		in b_flags and move them onto the failfast queue, then kick
29698  *		off a thread to return all bp's on the failfast queue to
29699  *		their owners with an error set.
29700  *
29701  *   Arguments: un - pointer to the soft state struct for the instance.
29702  *
29703  *     Context: may execute in interrupt context.
29704  */
29705 
29706 static void
29707 sd_failfast_flushq(struct sd_lun *un)
29708 {
29709 	struct buf *bp;
29710 	struct buf *next_waitq_bp;
29711 	struct buf *prev_waitq_bp = NULL;
29712 
29713 	ASSERT(un != NULL);
29714 	ASSERT(mutex_owned(SD_MUTEX(un)));
29715 	ASSERT(un->un_failfast_state == SD_FAILFAST_ACTIVE);
29716 	ASSERT(un->un_failfast_bp == NULL);
29717 
29718 	SD_TRACE(SD_LOG_IO_FAILFAST, un,
29719 	    "sd_failfast_flushq: entry: un:0x%p\n", un);
29720 
29721 	/*
29722 	 * Check if we should flush all bufs when entering failfast state, or
29723 	 * just those with B_FAILFAST set.
29724 	 */
29725 	if (sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_BUFS) {
29726 		/*
29727 		 * Move *all* bp's on the wait queue to the failfast flush
29728 		 * queue, including those that do NOT have B_FAILFAST set.
29729 		 */
29730 		if (un->un_failfast_headp == NULL) {
29731 			ASSERT(un->un_failfast_tailp == NULL);
29732 			un->un_failfast_headp = un->un_waitq_headp;
29733 		} else {
29734 			ASSERT(un->un_failfast_tailp != NULL);
29735 			un->un_failfast_tailp->av_forw = un->un_waitq_headp;
29736 		}
29737 
29738 		un->un_failfast_tailp = un->un_waitq_tailp;
29739 
29740 		/* update kstat for each bp moved out of the waitq */
29741 		for (bp = un->un_waitq_headp; bp != NULL; bp = bp->av_forw) {
29742 			SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
29743 		}
29744 
29745 		/* empty the waitq */
29746 		un->un_waitq_headp = un->un_waitq_tailp = NULL;
29747 
29748 	} else {
29749 		/*
29750 		 * Go thru the wait queue, pick off all entries with
29751 		 * B_FAILFAST set, and move these onto the failfast queue.
29752 		 */
29753 		for (bp = un->un_waitq_headp; bp != NULL; bp = next_waitq_bp) {
29754 			/*
29755 			 * Save the pointer to the next bp on the wait queue,
29756 			 * so we get to it on the next iteration of this loop.
29757 			 */
29758 			next_waitq_bp = bp->av_forw;
29759 
29760 			/*
29761 			 * If this bp from the wait queue does NOT have
29762 			 * B_FAILFAST set, just move on to the next element
29763 			 * in the wait queue. Note, this is the only place
29764 			 * where it is correct to set prev_waitq_bp.
29765 			 */
29766 			if ((bp->b_flags & B_FAILFAST) == 0) {
29767 				prev_waitq_bp = bp;
29768 				continue;
29769 			}
29770 
29771 			/*
29772 			 * Remove the bp from the wait queue.
29773 			 */
29774 			if (bp == un->un_waitq_headp) {
29775 				/* The bp is the first element of the waitq. */
29776 				un->un_waitq_headp = next_waitq_bp;
29777 				if (un->un_waitq_headp == NULL) {
29778 					/* The wait queue is now empty */
29779 					un->un_waitq_tailp = NULL;
29780 				}
29781 			} else {
29782 				/*
29783 				 * The bp is either somewhere in the middle
29784 				 * or at the end of the wait queue.
29785 				 */
29786 				ASSERT(un->un_waitq_headp != NULL);
29787 				ASSERT(prev_waitq_bp != NULL);
29788 				ASSERT((prev_waitq_bp->b_flags & B_FAILFAST)
29789 				    == 0);
29790 				if (bp == un->un_waitq_tailp) {
29791 					/* bp is the last entry on the waitq. */
29792 					ASSERT(next_waitq_bp == NULL);
29793 					un->un_waitq_tailp = prev_waitq_bp;
29794 				}
29795 				prev_waitq_bp->av_forw = next_waitq_bp;
29796 			}
29797 			bp->av_forw = NULL;
29798 
29799 			/*
29800 			 * update kstat since the bp is moved out of
29801 			 * the waitq
29802 			 */
29803 			SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
29804 
29805 			/*
29806 			 * Now put the bp onto the failfast queue.
29807 			 */
29808 			if (un->un_failfast_headp == NULL) {
29809 				/* failfast queue is currently empty */
29810 				ASSERT(un->un_failfast_tailp == NULL);
29811 				un->un_failfast_headp =
29812 				    un->un_failfast_tailp = bp;
29813 			} else {
29814 				/* Add the bp to the end of the failfast q */
29815 				ASSERT(un->un_failfast_tailp != NULL);
29816 				ASSERT(un->un_failfast_tailp->b_flags &
29817 				    B_FAILFAST);
29818 				un->un_failfast_tailp->av_forw = bp;
29819 				un->un_failfast_tailp = bp;
29820 			}
29821 		}
29822 	}
29823 
29824 	/*
29825 	 * Now return all bp's on the failfast queue to their owners.
29826 	 */
29827 	while ((bp = un->un_failfast_headp) != NULL) {
29828 
29829 		un->un_failfast_headp = bp->av_forw;
29830 		if (un->un_failfast_headp == NULL) {
29831 			un->un_failfast_tailp = NULL;
29832 		}
29833 
29834 		/*
29835 		 * We want to return the bp with a failure error code, but
29836 		 * we do not want a call to sd_start_cmds() to occur here,
29837 		 * so use sd_return_failed_command_no_restart() instead of
29838 		 * sd_return_failed_command().
29839 		 */
29840 		sd_return_failed_command_no_restart(un, bp, EIO);
29841 	}
29842 
29843 	/* Flush the xbuf queues if required. */
29844 	if (sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_QUEUES) {
29845 		ddi_xbuf_flushq(un->un_xbuf_attr, sd_failfast_flushq_callback);
29846 	}
29847 
29848 	SD_TRACE(SD_LOG_IO_FAILFAST, un,
29849 	    "sd_failfast_flushq: exit: un:0x%p\n", un);
29850 }
29851 
29852 
29853 /*
29854  *    Function: sd_failfast_flushq_callback
29855  *
29856  * Description: Return TRUE if the given bp meets the criteria for failfast
29857  *		flushing. Used with ddi_xbuf_flushq(9F).
29858  *
29859  *   Arguments: bp - ptr to buf struct to be examined.
29860  *
29861  *     Context: Any
29862  */
29863 
29864 static int
29865 sd_failfast_flushq_callback(struct buf *bp)
29866 {
29867 	/*
29868 	 * Return TRUE if (1) we want to flush ALL bufs when the failfast
29869 	 * state is entered; OR (2) the given bp has B_FAILFAST set.
29870 	 */
29871 	return (((sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_BUFS) ||
29872 	    (bp->b_flags & B_FAILFAST)) ? TRUE : FALSE);
29873 }
29874 
29875 
29876 
29877 #if defined(__i386) || defined(__amd64)
29878 /*
29879  * Function: sd_setup_next_xfer
29880  *
29881  * Description: Prepare next I/O operation using DMA_PARTIAL
29882  *
29883  */
29884 
29885 static int
29886 sd_setup_next_xfer(struct sd_lun *un, struct buf *bp,
29887     struct scsi_pkt *pkt, struct sd_xbuf *xp)
29888 {
29889 	ssize_t	num_blks_not_xfered;
29890 	daddr_t	strt_blk_num;
29891 	ssize_t	bytes_not_xfered;
29892 	int	rval;
29893 
29894 	ASSERT(pkt->pkt_resid == 0);
29895 
29896 	/*
29897 	 * Calculate next block number and amount to be transferred.
29898 	 *
29899 	 * How much data NOT transfered to the HBA yet.
29900 	 */
29901 	bytes_not_xfered = xp->xb_dma_resid;
29902 
29903 	/*
29904 	 * figure how many blocks NOT transfered to the HBA yet.
29905 	 */
29906 	num_blks_not_xfered = SD_BYTES2TGTBLOCKS(un, bytes_not_xfered);
29907 
29908 	/*
29909 	 * set starting block number to the end of what WAS transfered.
29910 	 */
29911 	strt_blk_num = xp->xb_blkno +
29912 	    SD_BYTES2TGTBLOCKS(un, bp->b_bcount - bytes_not_xfered);
29913 
29914 	/*
29915 	 * Move pkt to the next portion of the xfer.  sd_setup_next_rw_pkt
29916 	 * will call scsi_initpkt with NULL_FUNC so we do not have to release
29917 	 * the disk mutex here.
29918 	 */
29919 	rval = sd_setup_next_rw_pkt(un, pkt, bp,
29920 	    strt_blk_num, num_blks_not_xfered);
29921 
29922 	if (rval == 0) {
29923 
29924 		/*
29925 		 * Success.
29926 		 *
29927 		 * Adjust things if there are still more blocks to be
29928 		 * transfered.
29929 		 */
29930 		xp->xb_dma_resid = pkt->pkt_resid;
29931 		pkt->pkt_resid = 0;
29932 
29933 		return (1);
29934 	}
29935 
29936 	/*
29937 	 * There's really only one possible return value from
29938 	 * sd_setup_next_rw_pkt which occurs when scsi_init_pkt
29939 	 * returns NULL.
29940 	 */
29941 	ASSERT(rval == SD_PKT_ALLOC_FAILURE);
29942 
29943 	bp->b_resid = bp->b_bcount;
29944 	bp->b_flags |= B_ERROR;
29945 
29946 	scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
29947 	    "Error setting up next portion of DMA transfer\n");
29948 
29949 	return (0);
29950 }
29951 #endif
29952 
29953 /*
29954  * Note: The following sd_faultinjection_ioctl( ) routines implement
29955  * driver support for handling fault injection for error analysis
29956  * causing faults in multiple layers of the driver.
29957  *
29958  */
29959 
29960 #ifdef SD_FAULT_INJECTION
29961 static uint_t   sd_fault_injection_on = 0;
29962 
29963 /*
29964  *    Function: sd_faultinjection_ioctl()
29965  *
29966  * Description: This routine is the driver entry point for handling
29967  *              faultinjection ioctls to inject errors into the
29968  *              layer model
29969  *
29970  *   Arguments: cmd	- the ioctl cmd recieved
29971  *		arg	- the arguments from user and returns
29972  */
29973 
29974 static void
29975 sd_faultinjection_ioctl(int cmd, intptr_t arg,  struct sd_lun *un) {
29976 
29977 	uint_t i;
29978 	uint_t rval;
29979 
29980 	SD_TRACE(SD_LOG_IOERR, un, "sd_faultinjection_ioctl: entry\n");
29981 
29982 	mutex_enter(SD_MUTEX(un));
29983 
29984 	switch (cmd) {
29985 	case SDIOCRUN:
29986 		/* Allow pushed faults to be injected */
29987 		SD_INFO(SD_LOG_SDTEST, un,
29988 		    "sd_faultinjection_ioctl: Injecting Fault Run\n");
29989 
29990 		sd_fault_injection_on = 1;
29991 
29992 		SD_INFO(SD_LOG_IOERR, un,
29993 		    "sd_faultinjection_ioctl: run finished\n");
29994 		break;
29995 
29996 	case SDIOCSTART:
29997 		/* Start Injection Session */
29998 		SD_INFO(SD_LOG_SDTEST, un,
29999 		    "sd_faultinjection_ioctl: Injecting Fault Start\n");
30000 
30001 		sd_fault_injection_on = 0;
30002 		un->sd_injection_mask = 0xFFFFFFFF;
30003 		for (i = 0; i < SD_FI_MAX_ERROR; i++) {
30004 			un->sd_fi_fifo_pkt[i] = NULL;
30005 			un->sd_fi_fifo_xb[i] = NULL;
30006 			un->sd_fi_fifo_un[i] = NULL;
30007 			un->sd_fi_fifo_arq[i] = NULL;
30008 		}
30009 		un->sd_fi_fifo_start = 0;
30010 		un->sd_fi_fifo_end = 0;
30011 
30012 		mutex_enter(&(un->un_fi_mutex));
30013 		un->sd_fi_log[0] = '\0';
30014 		un->sd_fi_buf_len = 0;
30015 		mutex_exit(&(un->un_fi_mutex));
30016 
30017 		SD_INFO(SD_LOG_IOERR, un,
30018 		    "sd_faultinjection_ioctl: start finished\n");
30019 		break;
30020 
30021 	case SDIOCSTOP:
30022 		/* Stop Injection Session */
30023 		SD_INFO(SD_LOG_SDTEST, un,
30024 		    "sd_faultinjection_ioctl: Injecting Fault Stop\n");
30025 		sd_fault_injection_on = 0;
30026 		un->sd_injection_mask = 0x0;
30027 
30028 		/* Empty stray or unuseds structs from fifo */
30029 		for (i = 0; i < SD_FI_MAX_ERROR; i++) {
30030 			if (un->sd_fi_fifo_pkt[i] != NULL) {
30031 				kmem_free(un->sd_fi_fifo_pkt[i],
30032 				    sizeof (struct sd_fi_pkt));
30033 			}
30034 			if (un->sd_fi_fifo_xb[i] != NULL) {
30035 				kmem_free(un->sd_fi_fifo_xb[i],
30036 				    sizeof (struct sd_fi_xb));
30037 			}
30038 			if (un->sd_fi_fifo_un[i] != NULL) {
30039 				kmem_free(un->sd_fi_fifo_un[i],
30040 				    sizeof (struct sd_fi_un));
30041 			}
30042 			if (un->sd_fi_fifo_arq[i] != NULL) {
30043 				kmem_free(un->sd_fi_fifo_arq[i],
30044 				    sizeof (struct sd_fi_arq));
30045 			}
30046 			un->sd_fi_fifo_pkt[i] = NULL;
30047 			un->sd_fi_fifo_un[i] = NULL;
30048 			un->sd_fi_fifo_xb[i] = NULL;
30049 			un->sd_fi_fifo_arq[i] = NULL;
30050 		}
30051 		un->sd_fi_fifo_start = 0;
30052 		un->sd_fi_fifo_end = 0;
30053 
30054 		SD_INFO(SD_LOG_IOERR, un,
30055 		    "sd_faultinjection_ioctl: stop finished\n");
30056 		break;
30057 
30058 	case SDIOCINSERTPKT:
30059 		/* Store a packet struct to be pushed onto fifo */
30060 		SD_INFO(SD_LOG_SDTEST, un,
30061 		    "sd_faultinjection_ioctl: Injecting Fault Insert Pkt\n");
30062 
30063 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30064 
30065 		sd_fault_injection_on = 0;
30066 
30067 		/* No more that SD_FI_MAX_ERROR allowed in Queue */
30068 		if (un->sd_fi_fifo_pkt[i] != NULL) {
30069 			kmem_free(un->sd_fi_fifo_pkt[i],
30070 			    sizeof (struct sd_fi_pkt));
30071 		}
30072 		if (arg != NULL) {
30073 			un->sd_fi_fifo_pkt[i] =
30074 			    kmem_alloc(sizeof (struct sd_fi_pkt), KM_NOSLEEP);
30075 			if (un->sd_fi_fifo_pkt[i] == NULL) {
30076 				/* Alloc failed don't store anything */
30077 				break;
30078 			}
30079 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_pkt[i],
30080 			    sizeof (struct sd_fi_pkt), 0);
30081 			if (rval == -1) {
30082 				kmem_free(un->sd_fi_fifo_pkt[i],
30083 				    sizeof (struct sd_fi_pkt));
30084 				un->sd_fi_fifo_pkt[i] = NULL;
30085 			}
30086 		} else {
30087 			SD_INFO(SD_LOG_IOERR, un,
30088 			    "sd_faultinjection_ioctl: pkt null\n");
30089 		}
30090 		break;
30091 
30092 	case SDIOCINSERTXB:
30093 		/* Store a xb struct to be pushed onto fifo */
30094 		SD_INFO(SD_LOG_SDTEST, un,
30095 		    "sd_faultinjection_ioctl: Injecting Fault Insert XB\n");
30096 
30097 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30098 
30099 		sd_fault_injection_on = 0;
30100 
30101 		if (un->sd_fi_fifo_xb[i] != NULL) {
30102 			kmem_free(un->sd_fi_fifo_xb[i],
30103 			    sizeof (struct sd_fi_xb));
30104 			un->sd_fi_fifo_xb[i] = NULL;
30105 		}
30106 		if (arg != NULL) {
30107 			un->sd_fi_fifo_xb[i] =
30108 			    kmem_alloc(sizeof (struct sd_fi_xb), KM_NOSLEEP);
30109 			if (un->sd_fi_fifo_xb[i] == NULL) {
30110 				/* Alloc failed don't store anything */
30111 				break;
30112 			}
30113 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_xb[i],
30114 			    sizeof (struct sd_fi_xb), 0);
30115 
30116 			if (rval == -1) {
30117 				kmem_free(un->sd_fi_fifo_xb[i],
30118 				    sizeof (struct sd_fi_xb));
30119 				un->sd_fi_fifo_xb[i] = NULL;
30120 			}
30121 		} else {
30122 			SD_INFO(SD_LOG_IOERR, un,
30123 			    "sd_faultinjection_ioctl: xb null\n");
30124 		}
30125 		break;
30126 
30127 	case SDIOCINSERTUN:
30128 		/* Store a un struct to be pushed onto fifo */
30129 		SD_INFO(SD_LOG_SDTEST, un,
30130 		    "sd_faultinjection_ioctl: Injecting Fault Insert UN\n");
30131 
30132 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30133 
30134 		sd_fault_injection_on = 0;
30135 
30136 		if (un->sd_fi_fifo_un[i] != NULL) {
30137 			kmem_free(un->sd_fi_fifo_un[i],
30138 			    sizeof (struct sd_fi_un));
30139 			un->sd_fi_fifo_un[i] = NULL;
30140 		}
30141 		if (arg != NULL) {
30142 			un->sd_fi_fifo_un[i] =
30143 			    kmem_alloc(sizeof (struct sd_fi_un), KM_NOSLEEP);
30144 			if (un->sd_fi_fifo_un[i] == NULL) {
30145 				/* Alloc failed don't store anything */
30146 				break;
30147 			}
30148 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_un[i],
30149 			    sizeof (struct sd_fi_un), 0);
30150 			if (rval == -1) {
30151 				kmem_free(un->sd_fi_fifo_un[i],
30152 				    sizeof (struct sd_fi_un));
30153 				un->sd_fi_fifo_un[i] = NULL;
30154 			}
30155 
30156 		} else {
30157 			SD_INFO(SD_LOG_IOERR, un,
30158 			    "sd_faultinjection_ioctl: un null\n");
30159 		}
30160 
30161 		break;
30162 
30163 	case SDIOCINSERTARQ:
30164 		/* Store a arq struct to be pushed onto fifo */
30165 		SD_INFO(SD_LOG_SDTEST, un,
30166 		    "sd_faultinjection_ioctl: Injecting Fault Insert ARQ\n");
30167 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30168 
30169 		sd_fault_injection_on = 0;
30170 
30171 		if (un->sd_fi_fifo_arq[i] != NULL) {
30172 			kmem_free(un->sd_fi_fifo_arq[i],
30173 			    sizeof (struct sd_fi_arq));
30174 			un->sd_fi_fifo_arq[i] = NULL;
30175 		}
30176 		if (arg != NULL) {
30177 			un->sd_fi_fifo_arq[i] =
30178 			    kmem_alloc(sizeof (struct sd_fi_arq), KM_NOSLEEP);
30179 			if (un->sd_fi_fifo_arq[i] == NULL) {
30180 				/* Alloc failed don't store anything */
30181 				break;
30182 			}
30183 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_arq[i],
30184 			    sizeof (struct sd_fi_arq), 0);
30185 			if (rval == -1) {
30186 				kmem_free(un->sd_fi_fifo_arq[i],
30187 				    sizeof (struct sd_fi_arq));
30188 				un->sd_fi_fifo_arq[i] = NULL;
30189 			}
30190 
30191 		} else {
30192 			SD_INFO(SD_LOG_IOERR, un,
30193 			    "sd_faultinjection_ioctl: arq null\n");
30194 		}
30195 
30196 		break;
30197 
30198 	case SDIOCPUSH:
30199 		/* Push stored xb, pkt, un, and arq onto fifo */
30200 		sd_fault_injection_on = 0;
30201 
30202 		if (arg != NULL) {
30203 			rval = ddi_copyin((void *)arg, &i, sizeof (uint_t), 0);
30204 			if (rval != -1 &&
30205 			    un->sd_fi_fifo_end + i < SD_FI_MAX_ERROR) {
30206 				un->sd_fi_fifo_end += i;
30207 			}
30208 		} else {
30209 			SD_INFO(SD_LOG_IOERR, un,
30210 			    "sd_faultinjection_ioctl: push arg null\n");
30211 			if (un->sd_fi_fifo_end + i < SD_FI_MAX_ERROR) {
30212 				un->sd_fi_fifo_end++;
30213 			}
30214 		}
30215 		SD_INFO(SD_LOG_IOERR, un,
30216 		    "sd_faultinjection_ioctl: push to end=%d\n",
30217 		    un->sd_fi_fifo_end);
30218 		break;
30219 
30220 	case SDIOCRETRIEVE:
30221 		/* Return buffer of log from Injection session */
30222 		SD_INFO(SD_LOG_SDTEST, un,
30223 		    "sd_faultinjection_ioctl: Injecting Fault Retreive");
30224 
30225 		sd_fault_injection_on = 0;
30226 
30227 		mutex_enter(&(un->un_fi_mutex));
30228 		rval = ddi_copyout(un->sd_fi_log, (void *)arg,
30229 		    un->sd_fi_buf_len+1, 0);
30230 		mutex_exit(&(un->un_fi_mutex));
30231 
30232 		if (rval == -1) {
30233 			/*
30234 			 * arg is possibly invalid setting
30235 			 * it to NULL for return
30236 			 */
30237 			arg = NULL;
30238 		}
30239 		break;
30240 	}
30241 
30242 	mutex_exit(SD_MUTEX(un));
30243 	SD_TRACE(SD_LOG_IOERR, un, "sd_faultinjection_ioctl:"
30244 			    " exit\n");
30245 }
30246 
30247 
30248 /*
30249  *    Function: sd_injection_log()
30250  *
30251  * Description: This routine adds buff to the already existing injection log
30252  *              for retrieval via faultinjection_ioctl for use in fault
30253  *              detection and recovery
30254  *
30255  *   Arguments: buf - the string to add to the log
30256  */
30257 
30258 static void
30259 sd_injection_log(char *buf, struct sd_lun *un)
30260 {
30261 	uint_t len;
30262 
30263 	ASSERT(un != NULL);
30264 	ASSERT(buf != NULL);
30265 
30266 	mutex_enter(&(un->un_fi_mutex));
30267 
30268 	len = min(strlen(buf), 255);
30269 	/* Add logged value to Injection log to be returned later */
30270 	if (len + un->sd_fi_buf_len < SD_FI_MAX_BUF) {
30271 		uint_t	offset = strlen((char *)un->sd_fi_log);
30272 		char *destp = (char *)un->sd_fi_log + offset;
30273 		int i;
30274 		for (i = 0; i < len; i++) {
30275 			*destp++ = *buf++;
30276 		}
30277 		un->sd_fi_buf_len += len;
30278 		un->sd_fi_log[un->sd_fi_buf_len] = '\0';
30279 	}
30280 
30281 	mutex_exit(&(un->un_fi_mutex));
30282 }
30283 
30284 
30285 /*
30286  *    Function: sd_faultinjection()
30287  *
30288  * Description: This routine takes the pkt and changes its
30289  *		content based on error injection scenerio.
30290  *
30291  *   Arguments: pktp	- packet to be changed
30292  */
30293 
30294 static void
30295 sd_faultinjection(struct scsi_pkt *pktp)
30296 {
30297 	uint_t i;
30298 	struct sd_fi_pkt *fi_pkt;
30299 	struct sd_fi_xb *fi_xb;
30300 	struct sd_fi_un *fi_un;
30301 	struct sd_fi_arq *fi_arq;
30302 	struct buf *bp;
30303 	struct sd_xbuf *xb;
30304 	struct sd_lun *un;
30305 
30306 	ASSERT(pktp != NULL);
30307 
30308 	/* pull bp xb and un from pktp */
30309 	bp = (struct buf *)pktp->pkt_private;
30310 	xb = SD_GET_XBUF(bp);
30311 	un = SD_GET_UN(bp);
30312 
30313 	ASSERT(un != NULL);
30314 
30315 	mutex_enter(SD_MUTEX(un));
30316 
30317 	SD_TRACE(SD_LOG_SDTEST, un,
30318 	    "sd_faultinjection: entry Injection from sdintr\n");
30319 
30320 	/* if injection is off return */
30321 	if (sd_fault_injection_on == 0 ||
30322 		un->sd_fi_fifo_start == un->sd_fi_fifo_end) {
30323 		mutex_exit(SD_MUTEX(un));
30324 		return;
30325 	}
30326 
30327 
30328 	/* take next set off fifo */
30329 	i = un->sd_fi_fifo_start % SD_FI_MAX_ERROR;
30330 
30331 	fi_pkt = un->sd_fi_fifo_pkt[i];
30332 	fi_xb = un->sd_fi_fifo_xb[i];
30333 	fi_un = un->sd_fi_fifo_un[i];
30334 	fi_arq = un->sd_fi_fifo_arq[i];
30335 
30336 
30337 	/* set variables accordingly */
30338 	/* set pkt if it was on fifo */
30339 	if (fi_pkt != NULL) {
30340 		SD_CONDSET(pktp, pkt, pkt_flags, "pkt_flags");
30341 		SD_CONDSET(*pktp, pkt, pkt_scbp, "pkt_scbp");
30342 		SD_CONDSET(*pktp, pkt, pkt_cdbp, "pkt_cdbp");
30343 		SD_CONDSET(pktp, pkt, pkt_state, "pkt_state");
30344 		SD_CONDSET(pktp, pkt, pkt_statistics, "pkt_statistics");
30345 		SD_CONDSET(pktp, pkt, pkt_reason, "pkt_reason");
30346 
30347 	}
30348 
30349 	/* set xb if it was on fifo */
30350 	if (fi_xb != NULL) {
30351 		SD_CONDSET(xb, xb, xb_blkno, "xb_blkno");
30352 		SD_CONDSET(xb, xb, xb_dma_resid, "xb_dma_resid");
30353 		SD_CONDSET(xb, xb, xb_retry_count, "xb_retry_count");
30354 		SD_CONDSET(xb, xb, xb_victim_retry_count,
30355 		    "xb_victim_retry_count");
30356 		SD_CONDSET(xb, xb, xb_sense_status, "xb_sense_status");
30357 		SD_CONDSET(xb, xb, xb_sense_state, "xb_sense_state");
30358 		SD_CONDSET(xb, xb, xb_sense_resid, "xb_sense_resid");
30359 
30360 		/* copy in block data from sense */
30361 		if (fi_xb->xb_sense_data[0] != -1) {
30362 			bcopy(fi_xb->xb_sense_data, xb->xb_sense_data,
30363 			    SENSE_LENGTH);
30364 		}
30365 
30366 		/* copy in extended sense codes */
30367 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_code,
30368 		    "es_code");
30369 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_key,
30370 		    "es_key");
30371 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_add_code,
30372 		    "es_add_code");
30373 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb,
30374 		    es_qual_code, "es_qual_code");
30375 	}
30376 
30377 	/* set un if it was on fifo */
30378 	if (fi_un != NULL) {
30379 		SD_CONDSET(un->un_sd->sd_inq, un, inq_rmb, "inq_rmb");
30380 		SD_CONDSET(un, un, un_ctype, "un_ctype");
30381 		SD_CONDSET(un, un, un_reset_retry_count,
30382 		    "un_reset_retry_count");
30383 		SD_CONDSET(un, un, un_reservation_type, "un_reservation_type");
30384 		SD_CONDSET(un, un, un_resvd_status, "un_resvd_status");
30385 		SD_CONDSET(un, un, un_f_arq_enabled, "un_f_arq_enabled");
30386 		SD_CONDSET(un, un, un_f_geometry_is_valid,
30387 		    "un_f_geometry_is_valid");
30388 		SD_CONDSET(un, un, un_f_allow_bus_device_reset,
30389 		    "un_f_allow_bus_device_reset");
30390 		SD_CONDSET(un, un, un_f_opt_queueing, "un_f_opt_queueing");
30391 
30392 	}
30393 
30394 	/* copy in auto request sense if it was on fifo */
30395 	if (fi_arq != NULL) {
30396 		bcopy(fi_arq, pktp->pkt_scbp, sizeof (struct sd_fi_arq));
30397 	}
30398 
30399 	/* free structs */
30400 	if (un->sd_fi_fifo_pkt[i] != NULL) {
30401 		kmem_free(un->sd_fi_fifo_pkt[i], sizeof (struct sd_fi_pkt));
30402 	}
30403 	if (un->sd_fi_fifo_xb[i] != NULL) {
30404 		kmem_free(un->sd_fi_fifo_xb[i], sizeof (struct sd_fi_xb));
30405 	}
30406 	if (un->sd_fi_fifo_un[i] != NULL) {
30407 		kmem_free(un->sd_fi_fifo_un[i], sizeof (struct sd_fi_un));
30408 	}
30409 	if (un->sd_fi_fifo_arq[i] != NULL) {
30410 		kmem_free(un->sd_fi_fifo_arq[i], sizeof (struct sd_fi_arq));
30411 	}
30412 
30413 	/*
30414 	 * kmem_free does not gurantee to set to NULL
30415 	 * since we uses these to determine if we set
30416 	 * values or not lets confirm they are always
30417 	 * NULL after free
30418 	 */
30419 	un->sd_fi_fifo_pkt[i] = NULL;
30420 	un->sd_fi_fifo_un[i] = NULL;
30421 	un->sd_fi_fifo_xb[i] = NULL;
30422 	un->sd_fi_fifo_arq[i] = NULL;
30423 
30424 	un->sd_fi_fifo_start++;
30425 
30426 	mutex_exit(SD_MUTEX(un));
30427 
30428 	SD_TRACE(SD_LOG_SDTEST, un, "sd_faultinjection: exit\n");
30429 }
30430 
30431 #endif /* SD_FAULT_INJECTION */
30432