xref: /illumos-gate/usr/src/uts/common/io/scsi/targets/sd.c (revision 09295472) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * SCSI disk target driver.
30  */
31 #include <sys/scsi/scsi.h>
32 #include <sys/dkbad.h>
33 #include <sys/dklabel.h>
34 #include <sys/dkio.h>
35 #include <sys/fdio.h>
36 #include <sys/cdio.h>
37 #include <sys/mhd.h>
38 #include <sys/vtoc.h>
39 #include <sys/dktp/fdisk.h>
40 #include <sys/file.h>
41 #include <sys/stat.h>
42 #include <sys/kstat.h>
43 #include <sys/vtrace.h>
44 #include <sys/note.h>
45 #include <sys/thread.h>
46 #include <sys/proc.h>
47 #include <sys/efi_partition.h>
48 #include <sys/var.h>
49 #include <sys/aio_req.h>
50 
51 #ifdef __lock_lint
52 #define	_LP64
53 #define	__amd64
54 #endif
55 
56 #if (defined(__fibre))
57 /* Note: is there a leadville version of the following? */
58 #include <sys/fc4/fcal_linkapp.h>
59 #endif
60 #include <sys/taskq.h>
61 #include <sys/uuid.h>
62 #include <sys/byteorder.h>
63 #include <sys/sdt.h>
64 
65 #include "sd_xbuf.h"
66 
67 #include <sys/scsi/targets/sddef.h>
68 
69 
70 /*
71  * Loadable module info.
72  */
73 #if (defined(__fibre))
74 #define	SD_MODULE_NAME	"SCSI SSA/FCAL Disk Driver %I%"
75 char _depends_on[]	= "misc/scsi drv/fcp";
76 #else
77 #define	SD_MODULE_NAME	"SCSI Disk Driver %I%"
78 char _depends_on[]	= "misc/scsi";
79 #endif
80 
81 /*
82  * Define the interconnect type, to allow the driver to distinguish
83  * between parallel SCSI (sd) and fibre channel (ssd) behaviors.
84  *
85  * This is really for backward compatability. In the future, the driver
86  * should actually check the "interconnect-type" property as reported by
87  * the HBA; however at present this property is not defined by all HBAs,
88  * so we will use this #define (1) to permit the driver to run in
89  * backward-compatability mode; and (2) to print a notification message
90  * if an FC HBA does not support the "interconnect-type" property.  The
91  * behavior of the driver will be to assume parallel SCSI behaviors unless
92  * the "interconnect-type" property is defined by the HBA **AND** has a
93  * value of either INTERCONNECT_FIBRE, INTERCONNECT_SSA, or
94  * INTERCONNECT_FABRIC, in which case the driver will assume Fibre
95  * Channel behaviors (as per the old ssd).  (Note that the
96  * INTERCONNECT_1394 and INTERCONNECT_USB types are not supported and
97  * will result in the driver assuming parallel SCSI behaviors.)
98  *
99  * (see common/sys/scsi/impl/services.h)
100  *
101  * Note: For ssd semantics, don't use INTERCONNECT_FABRIC as the default
102  * since some FC HBAs may already support that, and there is some code in
103  * the driver that already looks for it.  Using INTERCONNECT_FABRIC as the
104  * default would confuse that code, and besides things should work fine
105  * anyways if the FC HBA already reports INTERCONNECT_FABRIC for the
106  * "interconnect_type" property.
107  */
108 #if (defined(__fibre))
109 #define	SD_DEFAULT_INTERCONNECT_TYPE	SD_INTERCONNECT_FIBRE
110 #else
111 #define	SD_DEFAULT_INTERCONNECT_TYPE	SD_INTERCONNECT_PARALLEL
112 #endif
113 
114 /*
115  * The name of the driver, established from the module name in _init.
116  */
117 static	char *sd_label			= NULL;
118 
119 /*
120  * Driver name is unfortunately prefixed on some driver.conf properties.
121  */
122 #if (defined(__fibre))
123 #define	sd_max_xfer_size		ssd_max_xfer_size
124 #define	sd_config_list			ssd_config_list
125 static	char *sd_max_xfer_size		= "ssd_max_xfer_size";
126 static	char *sd_config_list		= "ssd-config-list";
127 #else
128 static	char *sd_max_xfer_size		= "sd_max_xfer_size";
129 static	char *sd_config_list		= "sd-config-list";
130 #endif
131 
132 /*
133  * Driver global variables
134  */
135 
136 #if (defined(__fibre))
137 /*
138  * These #defines are to avoid namespace collisions that occur because this
139  * code is currently used to compile two seperate driver modules: sd and ssd.
140  * All global variables need to be treated this way (even if declared static)
141  * in order to allow the debugger to resolve the names properly.
142  * It is anticipated that in the near future the ssd module will be obsoleted,
143  * at which time this namespace issue should go away.
144  */
145 #define	sd_state			ssd_state
146 #define	sd_io_time			ssd_io_time
147 #define	sd_failfast_enable		ssd_failfast_enable
148 #define	sd_ua_retry_count		ssd_ua_retry_count
149 #define	sd_report_pfa			ssd_report_pfa
150 #define	sd_max_throttle			ssd_max_throttle
151 #define	sd_min_throttle			ssd_min_throttle
152 #define	sd_rot_delay			ssd_rot_delay
153 
154 #define	sd_retry_on_reservation_conflict	\
155 					ssd_retry_on_reservation_conflict
156 #define	sd_reinstate_resv_delay		ssd_reinstate_resv_delay
157 #define	sd_resv_conflict_name		ssd_resv_conflict_name
158 
159 #define	sd_component_mask		ssd_component_mask
160 #define	sd_level_mask			ssd_level_mask
161 #define	sd_debug_un			ssd_debug_un
162 #define	sd_error_level			ssd_error_level
163 
164 #define	sd_xbuf_active_limit		ssd_xbuf_active_limit
165 #define	sd_xbuf_reserve_limit		ssd_xbuf_reserve_limit
166 
167 #define	sd_tr				ssd_tr
168 #define	sd_reset_throttle_timeout	ssd_reset_throttle_timeout
169 #define	sd_qfull_throttle_timeout	ssd_qfull_throttle_timeout
170 #define	sd_qfull_throttle_enable	ssd_qfull_throttle_enable
171 #define	sd_check_media_time		ssd_check_media_time
172 #define	sd_wait_cmds_complete		ssd_wait_cmds_complete
173 #define	sd_label_mutex			ssd_label_mutex
174 #define	sd_detach_mutex			ssd_detach_mutex
175 #define	sd_log_buf			ssd_log_buf
176 #define	sd_log_mutex			ssd_log_mutex
177 
178 #define	sd_disk_table			ssd_disk_table
179 #define	sd_disk_table_size		ssd_disk_table_size
180 #define	sd_sense_mutex			ssd_sense_mutex
181 #define	sd_cdbtab			ssd_cdbtab
182 
183 #define	sd_cb_ops			ssd_cb_ops
184 #define	sd_ops				ssd_ops
185 #define	sd_additional_codes		ssd_additional_codes
186 
187 #define	sd_minor_data			ssd_minor_data
188 #define	sd_minor_data_efi		ssd_minor_data_efi
189 
190 #define	sd_tq				ssd_tq
191 #define	sd_wmr_tq			ssd_wmr_tq
192 #define	sd_taskq_name			ssd_taskq_name
193 #define	sd_wmr_taskq_name		ssd_wmr_taskq_name
194 #define	sd_taskq_minalloc		ssd_taskq_minalloc
195 #define	sd_taskq_maxalloc		ssd_taskq_maxalloc
196 
197 #define	sd_dump_format_string		ssd_dump_format_string
198 
199 #define	sd_iostart_chain		ssd_iostart_chain
200 #define	sd_iodone_chain			ssd_iodone_chain
201 
202 #define	sd_pm_idletime			ssd_pm_idletime
203 
204 #define	sd_force_pm_supported		ssd_force_pm_supported
205 
206 #define	sd_dtype_optical_bind		ssd_dtype_optical_bind
207 
208 #endif
209 
210 
211 #ifdef	SDDEBUG
212 int	sd_force_pm_supported		= 0;
213 #endif	/* SDDEBUG */
214 
215 void *sd_state				= NULL;
216 int sd_io_time				= SD_IO_TIME;
217 int sd_failfast_enable			= 1;
218 int sd_ua_retry_count			= SD_UA_RETRY_COUNT;
219 int sd_report_pfa			= 1;
220 int sd_max_throttle			= SD_MAX_THROTTLE;
221 int sd_min_throttle			= SD_MIN_THROTTLE;
222 int sd_rot_delay			= 4; /* Default 4ms Rotation delay */
223 int sd_qfull_throttle_enable		= TRUE;
224 
225 int sd_retry_on_reservation_conflict	= 1;
226 int sd_reinstate_resv_delay		= SD_REINSTATE_RESV_DELAY;
227 _NOTE(SCHEME_PROTECTS_DATA("safe sharing", sd_reinstate_resv_delay))
228 
229 static int sd_dtype_optical_bind	= -1;
230 
231 /* Note: the following is not a bug, it really is "sd_" and not "ssd_" */
232 static	char *sd_resv_conflict_name	= "sd_retry_on_reservation_conflict";
233 
234 /*
235  * Global data for debug logging. To enable debug printing, sd_component_mask
236  * and sd_level_mask should be set to the desired bit patterns as outlined in
237  * sddef.h.
238  */
239 uint_t	sd_component_mask		= 0x0;
240 uint_t	sd_level_mask			= 0x0;
241 struct	sd_lun *sd_debug_un		= NULL;
242 uint_t	sd_error_level			= SCSI_ERR_RETRYABLE;
243 
244 /* Note: these may go away in the future... */
245 static uint32_t	sd_xbuf_active_limit	= 512;
246 static uint32_t sd_xbuf_reserve_limit	= 16;
247 
248 static struct sd_resv_reclaim_request	sd_tr = { NULL, NULL, NULL, 0, 0, 0 };
249 
250 /*
251  * Timer value used to reset the throttle after it has been reduced
252  * (typically in response to TRAN_BUSY or STATUS_QFULL)
253  */
254 static int sd_reset_throttle_timeout	= SD_RESET_THROTTLE_TIMEOUT;
255 static int sd_qfull_throttle_timeout	= SD_QFULL_THROTTLE_TIMEOUT;
256 
257 /*
258  * Interval value associated with the media change scsi watch.
259  */
260 static int sd_check_media_time		= 3000000;
261 
262 /*
263  * Wait value used for in progress operations during a DDI_SUSPEND
264  */
265 static int sd_wait_cmds_complete	= SD_WAIT_CMDS_COMPLETE;
266 
267 /*
268  * sd_label_mutex protects a static buffer used in the disk label
269  * component of the driver
270  */
271 static kmutex_t sd_label_mutex;
272 
273 /*
274  * sd_detach_mutex protects un_layer_count, un_detach_count, and
275  * un_opens_in_progress in the sd_lun structure.
276  */
277 static kmutex_t sd_detach_mutex;
278 
279 _NOTE(MUTEX_PROTECTS_DATA(sd_detach_mutex,
280 	sd_lun::{un_layer_count un_detach_count un_opens_in_progress}))
281 
282 /*
283  * Global buffer and mutex for debug logging
284  */
285 static char	sd_log_buf[1024];
286 static kmutex_t	sd_log_mutex;
287 
288 
289 /*
290  * "Smart" Probe Caching structs, globals, #defines, etc.
291  * For parallel scsi and non-self-identify device only.
292  */
293 
294 /*
295  * The following resources and routines are implemented to support
296  * "smart" probing, which caches the scsi_probe() results in an array,
297  * in order to help avoid long probe times.
298  */
299 struct sd_scsi_probe_cache {
300 	struct	sd_scsi_probe_cache	*next;
301 	dev_info_t	*pdip;
302 	int		cache[NTARGETS_WIDE];
303 };
304 
305 static kmutex_t	sd_scsi_probe_cache_mutex;
306 static struct	sd_scsi_probe_cache *sd_scsi_probe_cache_head = NULL;
307 
308 /*
309  * Really we only need protection on the head of the linked list, but
310  * better safe than sorry.
311  */
312 _NOTE(MUTEX_PROTECTS_DATA(sd_scsi_probe_cache_mutex,
313     sd_scsi_probe_cache::next sd_scsi_probe_cache::pdip))
314 
315 _NOTE(MUTEX_PROTECTS_DATA(sd_scsi_probe_cache_mutex,
316     sd_scsi_probe_cache_head))
317 
318 
319 /*
320  * Vendor specific data name property declarations
321  */
322 
323 #if defined(__fibre) || defined(__i386) ||defined(__amd64)
324 
325 static sd_tunables seagate_properties = {
326 	SEAGATE_THROTTLE_VALUE,
327 	0,
328 	0,
329 	0,
330 	0,
331 	0,
332 	0,
333 	0,
334 	0
335 };
336 
337 
338 static sd_tunables fujitsu_properties = {
339 	FUJITSU_THROTTLE_VALUE,
340 	0,
341 	0,
342 	0,
343 	0,
344 	0,
345 	0,
346 	0,
347 	0
348 };
349 
350 static sd_tunables ibm_properties = {
351 	IBM_THROTTLE_VALUE,
352 	0,
353 	0,
354 	0,
355 	0,
356 	0,
357 	0,
358 	0,
359 	0
360 };
361 
362 static sd_tunables purple_properties = {
363 	PURPLE_THROTTLE_VALUE,
364 	0,
365 	0,
366 	PURPLE_BUSY_RETRIES,
367 	PURPLE_RESET_RETRY_COUNT,
368 	PURPLE_RESERVE_RELEASE_TIME,
369 	0,
370 	0,
371 	0
372 };
373 
374 static sd_tunables sve_properties = {
375 	SVE_THROTTLE_VALUE,
376 	0,
377 	0,
378 	SVE_BUSY_RETRIES,
379 	SVE_RESET_RETRY_COUNT,
380 	SVE_RESERVE_RELEASE_TIME,
381 	SVE_MIN_THROTTLE_VALUE,
382 	SVE_DISKSORT_DISABLED_FLAG,
383 	0
384 };
385 
386 static sd_tunables maserati_properties = {
387 	0,
388 	0,
389 	0,
390 	0,
391 	0,
392 	0,
393 	0,
394 	MASERATI_DISKSORT_DISABLED_FLAG,
395 	MASERATI_LUN_RESET_ENABLED_FLAG
396 };
397 
398 static sd_tunables pirus_properties = {
399 	PIRUS_THROTTLE_VALUE,
400 	0,
401 	PIRUS_NRR_COUNT,
402 	PIRUS_BUSY_RETRIES,
403 	PIRUS_RESET_RETRY_COUNT,
404 	0,
405 	PIRUS_MIN_THROTTLE_VALUE,
406 	PIRUS_DISKSORT_DISABLED_FLAG,
407 	PIRUS_LUN_RESET_ENABLED_FLAG
408 };
409 
410 #endif
411 
412 #if (defined(__sparc) && !defined(__fibre)) || \
413 	(defined(__i386) || defined(__amd64))
414 
415 
416 static sd_tunables elite_properties = {
417 	ELITE_THROTTLE_VALUE,
418 	0,
419 	0,
420 	0,
421 	0,
422 	0,
423 	0,
424 	0,
425 	0
426 };
427 
428 static sd_tunables st31200n_properties = {
429 	ST31200N_THROTTLE_VALUE,
430 	0,
431 	0,
432 	0,
433 	0,
434 	0,
435 	0,
436 	0,
437 	0
438 };
439 
440 #endif /* Fibre or not */
441 
442 static sd_tunables lsi_properties_scsi = {
443 	LSI_THROTTLE_VALUE,
444 	0,
445 	LSI_NOTREADY_RETRIES,
446 	0,
447 	0,
448 	0,
449 	0,
450 	0,
451 	0
452 };
453 
454 static sd_tunables symbios_properties = {
455 	SYMBIOS_THROTTLE_VALUE,
456 	0,
457 	SYMBIOS_NOTREADY_RETRIES,
458 	0,
459 	0,
460 	0,
461 	0,
462 	0,
463 	0
464 };
465 
466 static sd_tunables lsi_properties = {
467 	0,
468 	0,
469 	LSI_NOTREADY_RETRIES,
470 	0,
471 	0,
472 	0,
473 	0,
474 	0,
475 	0
476 };
477 
478 static sd_tunables lsi_oem_properties = {
479 	0,
480 	0,
481 	LSI_OEM_NOTREADY_RETRIES,
482 	0,
483 	0,
484 	0,
485 	0,
486 	0,
487 	0
488 };
489 
490 
491 
492 #if (defined(SD_PROP_TST))
493 
494 #define	SD_TST_CTYPE_VAL	CTYPE_CDROM
495 #define	SD_TST_THROTTLE_VAL	16
496 #define	SD_TST_NOTREADY_VAL	12
497 #define	SD_TST_BUSY_VAL		60
498 #define	SD_TST_RST_RETRY_VAL	36
499 #define	SD_TST_RSV_REL_TIME	60
500 
501 static sd_tunables tst_properties = {
502 	SD_TST_THROTTLE_VAL,
503 	SD_TST_CTYPE_VAL,
504 	SD_TST_NOTREADY_VAL,
505 	SD_TST_BUSY_VAL,
506 	SD_TST_RST_RETRY_VAL,
507 	SD_TST_RSV_REL_TIME,
508 	0,
509 	0,
510 	0
511 };
512 #endif
513 
514 /* This is similiar to the ANSI toupper implementation */
515 #define	SD_TOUPPER(C)	(((C) >= 'a' && (C) <= 'z') ? (C) - 'a' + 'A' : (C))
516 
517 /*
518  * Static Driver Configuration Table
519  *
520  * This is the table of disks which need throttle adjustment (or, perhaps
521  * something else as defined by the flags at a future time.)  device_id
522  * is a string consisting of concatenated vid (vendor), pid (product/model)
523  * and revision strings as defined in the scsi_inquiry structure.  Offsets of
524  * the parts of the string are as defined by the sizes in the scsi_inquiry
525  * structure.  Device type is searched as far as the device_id string is
526  * defined.  Flags defines which values are to be set in the driver from the
527  * properties list.
528  *
529  * Entries below which begin and end with a "*" are a special case.
530  * These do not have a specific vendor, and the string which follows
531  * can appear anywhere in the 16 byte PID portion of the inquiry data.
532  *
533  * Entries below which begin and end with a " " (blank) are a special
534  * case. The comparison function will treat multiple consecutive blanks
535  * as equivalent to a single blank. For example, this causes a
536  * sd_disk_table entry of " NEC CDROM " to match a device's id string
537  * of  "NEC       CDROM".
538  *
539  * Note: The MD21 controller type has been obsoleted.
540  *	 ST318202F is a Legacy device
541  *	 MAM3182FC, MAM3364FC, MAM3738FC do not appear to have ever been
542  *	 made with an FC connection. The entries here are a legacy.
543  */
544 static sd_disk_config_t sd_disk_table[] = {
545 #if defined(__fibre) || defined(__i386) || defined(__amd64)
546 	{ "SEAGATE ST34371FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
547 	{ "SEAGATE ST19171FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
548 	{ "SEAGATE ST39102FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
549 	{ "SEAGATE ST39103FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
550 	{ "SEAGATE ST118273F", SD_CONF_BSET_THROTTLE, &seagate_properties },
551 	{ "SEAGATE ST318202F", SD_CONF_BSET_THROTTLE, &seagate_properties },
552 	{ "SEAGATE ST318203F", SD_CONF_BSET_THROTTLE, &seagate_properties },
553 	{ "SEAGATE ST136403F", SD_CONF_BSET_THROTTLE, &seagate_properties },
554 	{ "SEAGATE ST318304F", SD_CONF_BSET_THROTTLE, &seagate_properties },
555 	{ "SEAGATE ST336704F", SD_CONF_BSET_THROTTLE, &seagate_properties },
556 	{ "SEAGATE ST373405F", SD_CONF_BSET_THROTTLE, &seagate_properties },
557 	{ "SEAGATE ST336605F", SD_CONF_BSET_THROTTLE, &seagate_properties },
558 	{ "SEAGATE ST336752F", SD_CONF_BSET_THROTTLE, &seagate_properties },
559 	{ "SEAGATE ST318452F", SD_CONF_BSET_THROTTLE, &seagate_properties },
560 	{ "FUJITSU MAG3091F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
561 	{ "FUJITSU MAG3182F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
562 	{ "FUJITSU MAA3182F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
563 	{ "FUJITSU MAF3364F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
564 	{ "FUJITSU MAL3364F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
565 	{ "FUJITSU MAL3738F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
566 	{ "FUJITSU MAM3182FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
567 	{ "FUJITSU MAM3364FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
568 	{ "FUJITSU MAM3738FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
569 	{ "IBM     DDYFT1835",  SD_CONF_BSET_THROTTLE, &ibm_properties },
570 	{ "IBM     DDYFT3695",  SD_CONF_BSET_THROTTLE, &ibm_properties },
571 	{ "IBM     IC35LF2D2",  SD_CONF_BSET_THROTTLE, &ibm_properties },
572 	{ "IBM     IC35LF2PR",  SD_CONF_BSET_THROTTLE, &ibm_properties },
573 	{ "IBM     3526",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
574 	{ "IBM     3542",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
575 	{ "IBM     3552",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
576 	{ "IBM     1722",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
577 	{ "IBM     1742",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
578 	{ "IBM     1815",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
579 	{ "IBM     FAStT",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
580 	{ "IBM     1814",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
581 	{ "IBM     1814-200",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
582 	{ "LSI     INF",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
583 	{ "ENGENIO INF",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
584 	{ "SGI     TP",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
585 	{ "SGI     IS",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
586 	{ "*CSM100_*",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
587 	{ "*CSM200_*",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
588 	{ "Fujitsu SX300",	SD_CONF_BSET_THROTTLE,  &lsi_oem_properties },
589 	{ "LSI",		SD_CONF_BSET_NRR_COUNT, &lsi_properties },
590 	{ "SUN     T3", SD_CONF_BSET_THROTTLE |
591 			SD_CONF_BSET_BSY_RETRY_COUNT|
592 			SD_CONF_BSET_RST_RETRIES|
593 			SD_CONF_BSET_RSV_REL_TIME,
594 		&purple_properties },
595 	{ "SUN     SESS01", SD_CONF_BSET_THROTTLE |
596 		SD_CONF_BSET_BSY_RETRY_COUNT|
597 		SD_CONF_BSET_RST_RETRIES|
598 		SD_CONF_BSET_RSV_REL_TIME|
599 		SD_CONF_BSET_MIN_THROTTLE|
600 		SD_CONF_BSET_DISKSORT_DISABLED,
601 		&sve_properties },
602 	{ "SUN     T4", SD_CONF_BSET_THROTTLE |
603 			SD_CONF_BSET_BSY_RETRY_COUNT|
604 			SD_CONF_BSET_RST_RETRIES|
605 			SD_CONF_BSET_RSV_REL_TIME,
606 		&purple_properties },
607 	{ "SUN     SVE01", SD_CONF_BSET_DISKSORT_DISABLED |
608 		SD_CONF_BSET_LUN_RESET_ENABLED,
609 		&maserati_properties },
610 	{ "SUN     SE6920", SD_CONF_BSET_THROTTLE |
611 		SD_CONF_BSET_NRR_COUNT|
612 		SD_CONF_BSET_BSY_RETRY_COUNT|
613 		SD_CONF_BSET_RST_RETRIES|
614 		SD_CONF_BSET_MIN_THROTTLE|
615 		SD_CONF_BSET_DISKSORT_DISABLED|
616 		SD_CONF_BSET_LUN_RESET_ENABLED,
617 		&pirus_properties },
618 	{ "SUN     SE6940", SD_CONF_BSET_THROTTLE |
619 		SD_CONF_BSET_NRR_COUNT|
620 		SD_CONF_BSET_BSY_RETRY_COUNT|
621 		SD_CONF_BSET_RST_RETRIES|
622 		SD_CONF_BSET_MIN_THROTTLE|
623 		SD_CONF_BSET_DISKSORT_DISABLED|
624 		SD_CONF_BSET_LUN_RESET_ENABLED,
625 		&pirus_properties },
626 	{ "SUN     StorageTek 6920", SD_CONF_BSET_THROTTLE |
627 		SD_CONF_BSET_NRR_COUNT|
628 		SD_CONF_BSET_BSY_RETRY_COUNT|
629 		SD_CONF_BSET_RST_RETRIES|
630 		SD_CONF_BSET_MIN_THROTTLE|
631 		SD_CONF_BSET_DISKSORT_DISABLED|
632 		SD_CONF_BSET_LUN_RESET_ENABLED,
633 		&pirus_properties },
634 	{ "SUN     StorageTek 6940", SD_CONF_BSET_THROTTLE |
635 		SD_CONF_BSET_NRR_COUNT|
636 		SD_CONF_BSET_BSY_RETRY_COUNT|
637 		SD_CONF_BSET_RST_RETRIES|
638 		SD_CONF_BSET_MIN_THROTTLE|
639 		SD_CONF_BSET_DISKSORT_DISABLED|
640 		SD_CONF_BSET_LUN_RESET_ENABLED,
641 		&pirus_properties },
642 	{ "SUN     PSX1000", SD_CONF_BSET_THROTTLE |
643 		SD_CONF_BSET_NRR_COUNT|
644 		SD_CONF_BSET_BSY_RETRY_COUNT|
645 		SD_CONF_BSET_RST_RETRIES|
646 		SD_CONF_BSET_MIN_THROTTLE|
647 		SD_CONF_BSET_DISKSORT_DISABLED|
648 		SD_CONF_BSET_LUN_RESET_ENABLED,
649 		&pirus_properties },
650 	{ "SUN     SE6330", SD_CONF_BSET_THROTTLE |
651 		SD_CONF_BSET_NRR_COUNT|
652 		SD_CONF_BSET_BSY_RETRY_COUNT|
653 		SD_CONF_BSET_RST_RETRIES|
654 		SD_CONF_BSET_MIN_THROTTLE|
655 		SD_CONF_BSET_DISKSORT_DISABLED|
656 		SD_CONF_BSET_LUN_RESET_ENABLED,
657 		&pirus_properties },
658 	{ "STK     OPENstorage", SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
659 	{ "STK     OpenStorage", SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
660 	{ "STK     BladeCtlr",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
661 	{ "STK     FLEXLINE",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
662 	{ "SYMBIOS", SD_CONF_BSET_NRR_COUNT, &symbios_properties },
663 #endif /* fibre or NON-sparc platforms */
664 #if ((defined(__sparc) && !defined(__fibre)) ||\
665 	(defined(__i386) || defined(__amd64)))
666 	{ "SEAGATE ST42400N", SD_CONF_BSET_THROTTLE, &elite_properties },
667 	{ "SEAGATE ST31200N", SD_CONF_BSET_THROTTLE, &st31200n_properties },
668 	{ "SEAGATE ST41600N", SD_CONF_BSET_TUR_CHECK, NULL },
669 	{ "CONNER  CP30540",  SD_CONF_BSET_NOCACHE,  NULL },
670 	{ "*SUN0104*", SD_CONF_BSET_FAB_DEVID, NULL },
671 	{ "*SUN0207*", SD_CONF_BSET_FAB_DEVID, NULL },
672 	{ "*SUN0327*", SD_CONF_BSET_FAB_DEVID, NULL },
673 	{ "*SUN0340*", SD_CONF_BSET_FAB_DEVID, NULL },
674 	{ "*SUN0424*", SD_CONF_BSET_FAB_DEVID, NULL },
675 	{ "*SUN0669*", SD_CONF_BSET_FAB_DEVID, NULL },
676 	{ "*SUN1.0G*", SD_CONF_BSET_FAB_DEVID, NULL },
677 	{ "SYMBIOS INF-01-00       ", SD_CONF_BSET_FAB_DEVID, NULL },
678 	{ "SYMBIOS", SD_CONF_BSET_THROTTLE|SD_CONF_BSET_NRR_COUNT,
679 	    &symbios_properties },
680 	{ "LSI", SD_CONF_BSET_THROTTLE | SD_CONF_BSET_NRR_COUNT,
681 	    &lsi_properties_scsi },
682 #if defined(__i386) || defined(__amd64)
683 	{ " NEC CD-ROM DRIVE:260 ", (SD_CONF_BSET_PLAYMSF_BCD
684 				    | SD_CONF_BSET_READSUB_BCD
685 				    | SD_CONF_BSET_READ_TOC_ADDR_BCD
686 				    | SD_CONF_BSET_NO_READ_HEADER
687 				    | SD_CONF_BSET_READ_CD_XD4), NULL },
688 
689 	{ " NEC CD-ROM DRIVE:270 ", (SD_CONF_BSET_PLAYMSF_BCD
690 				    | SD_CONF_BSET_READSUB_BCD
691 				    | SD_CONF_BSET_READ_TOC_ADDR_BCD
692 				    | SD_CONF_BSET_NO_READ_HEADER
693 				    | SD_CONF_BSET_READ_CD_XD4), NULL },
694 #endif /* __i386 || __amd64 */
695 #endif /* sparc NON-fibre or NON-sparc platforms */
696 
697 #if (defined(SD_PROP_TST))
698 	{ "VENDOR  PRODUCT ", (SD_CONF_BSET_THROTTLE
699 				| SD_CONF_BSET_CTYPE
700 				| SD_CONF_BSET_NRR_COUNT
701 				| SD_CONF_BSET_FAB_DEVID
702 				| SD_CONF_BSET_NOCACHE
703 				| SD_CONF_BSET_BSY_RETRY_COUNT
704 				| SD_CONF_BSET_PLAYMSF_BCD
705 				| SD_CONF_BSET_READSUB_BCD
706 				| SD_CONF_BSET_READ_TOC_TRK_BCD
707 				| SD_CONF_BSET_READ_TOC_ADDR_BCD
708 				| SD_CONF_BSET_NO_READ_HEADER
709 				| SD_CONF_BSET_READ_CD_XD4
710 				| SD_CONF_BSET_RST_RETRIES
711 				| SD_CONF_BSET_RSV_REL_TIME
712 				| SD_CONF_BSET_TUR_CHECK), &tst_properties},
713 #endif
714 };
715 
716 static const int sd_disk_table_size =
717 	sizeof (sd_disk_table)/ sizeof (sd_disk_config_t);
718 
719 
720 /*
721  * Return codes of sd_uselabel().
722  */
723 #define	SD_LABEL_IS_VALID		0
724 #define	SD_LABEL_IS_INVALID		1
725 
726 #define	SD_INTERCONNECT_PARALLEL	0
727 #define	SD_INTERCONNECT_FABRIC		1
728 #define	SD_INTERCONNECT_FIBRE		2
729 #define	SD_INTERCONNECT_SSA		3
730 #define	SD_IS_PARALLEL_SCSI(un)		\
731 	((un)->un_interconnect_type == SD_INTERCONNECT_PARALLEL)
732 
733 /*
734  * Definitions used by device id registration routines
735  */
736 #define	VPD_HEAD_OFFSET		3	/* size of head for vpd page */
737 #define	VPD_PAGE_LENGTH		3	/* offset for pge length data */
738 #define	VPD_MODE_PAGE		1	/* offset into vpd pg for "page code" */
739 #define	WD_NODE			7	/* the whole disk minor */
740 
741 static kmutex_t sd_sense_mutex = {0};
742 
743 /*
744  * Macros for updates of the driver state
745  */
746 #define	New_state(un, s)        \
747 	(un)->un_last_state = (un)->un_state, (un)->un_state = (s)
748 #define	Restore_state(un)	\
749 	{ uchar_t tmp = (un)->un_last_state; New_state((un), tmp); }
750 
751 static struct sd_cdbinfo sd_cdbtab[] = {
752 	{ CDB_GROUP0, 0x00,	   0x1FFFFF,   0xFF,	    },
753 	{ CDB_GROUP1, SCMD_GROUP1, 0xFFFFFFFF, 0xFFFF,	    },
754 	{ CDB_GROUP5, SCMD_GROUP5, 0xFFFFFFFF, 0xFFFFFFFF,  },
755 	{ CDB_GROUP4, SCMD_GROUP4, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFF, },
756 };
757 
758 /*
759  * Specifies the number of seconds that must have elapsed since the last
760  * cmd. has completed for a device to be declared idle to the PM framework.
761  */
762 static int sd_pm_idletime = 1;
763 
764 /*
765  * Internal function prototypes
766  */
767 
768 #if (defined(__fibre))
769 /*
770  * These #defines are to avoid namespace collisions that occur because this
771  * code is currently used to compile two seperate driver modules: sd and ssd.
772  * All function names need to be treated this way (even if declared static)
773  * in order to allow the debugger to resolve the names properly.
774  * It is anticipated that in the near future the ssd module will be obsoleted,
775  * at which time this ugliness should go away.
776  */
777 #define	sd_log_trace			ssd_log_trace
778 #define	sd_log_info			ssd_log_info
779 #define	sd_log_err			ssd_log_err
780 #define	sdprobe				ssdprobe
781 #define	sdinfo				ssdinfo
782 #define	sd_prop_op			ssd_prop_op
783 #define	sd_scsi_probe_cache_init	ssd_scsi_probe_cache_init
784 #define	sd_scsi_probe_cache_fini	ssd_scsi_probe_cache_fini
785 #define	sd_scsi_clear_probe_cache	ssd_scsi_clear_probe_cache
786 #define	sd_scsi_probe_with_cache	ssd_scsi_probe_with_cache
787 #define	sd_spin_up_unit			ssd_spin_up_unit
788 #define	sd_enable_descr_sense		ssd_enable_descr_sense
789 #define	sd_reenable_dsense_task		ssd_reenable_dsense_task
790 #define	sd_set_mmc_caps			ssd_set_mmc_caps
791 #define	sd_read_unit_properties		ssd_read_unit_properties
792 #define	sd_process_sdconf_file		ssd_process_sdconf_file
793 #define	sd_process_sdconf_table		ssd_process_sdconf_table
794 #define	sd_sdconf_id_match		ssd_sdconf_id_match
795 #define	sd_blank_cmp			ssd_blank_cmp
796 #define	sd_chk_vers1_data		ssd_chk_vers1_data
797 #define	sd_set_vers1_properties		ssd_set_vers1_properties
798 #define	sd_validate_geometry		ssd_validate_geometry
799 
800 #if defined(_SUNOS_VTOC_16)
801 #define	sd_convert_geometry		ssd_convert_geometry
802 #endif
803 
804 #define	sd_resync_geom_caches		ssd_resync_geom_caches
805 #define	sd_read_fdisk			ssd_read_fdisk
806 #define	sd_get_physical_geometry	ssd_get_physical_geometry
807 #define	sd_get_virtual_geometry		ssd_get_virtual_geometry
808 #define	sd_update_block_info		ssd_update_block_info
809 #define	sd_swap_efi_gpt			ssd_swap_efi_gpt
810 #define	sd_swap_efi_gpe			ssd_swap_efi_gpe
811 #define	sd_validate_efi			ssd_validate_efi
812 #define	sd_use_efi			ssd_use_efi
813 #define	sd_uselabel			ssd_uselabel
814 #define	sd_build_default_label		ssd_build_default_label
815 #define	sd_has_max_chs_vals		ssd_has_max_chs_vals
816 #define	sd_inq_fill			ssd_inq_fill
817 #define	sd_register_devid		ssd_register_devid
818 #define	sd_get_devid_block		ssd_get_devid_block
819 #define	sd_get_devid			ssd_get_devid
820 #define	sd_create_devid			ssd_create_devid
821 #define	sd_write_deviceid		ssd_write_deviceid
822 #define	sd_check_vpd_page_support	ssd_check_vpd_page_support
823 #define	sd_setup_pm			ssd_setup_pm
824 #define	sd_create_pm_components		ssd_create_pm_components
825 #define	sd_ddi_suspend			ssd_ddi_suspend
826 #define	sd_ddi_pm_suspend		ssd_ddi_pm_suspend
827 #define	sd_ddi_resume			ssd_ddi_resume
828 #define	sd_ddi_pm_resume		ssd_ddi_pm_resume
829 #define	sdpower				ssdpower
830 #define	sdattach			ssdattach
831 #define	sddetach			ssddetach
832 #define	sd_unit_attach			ssd_unit_attach
833 #define	sd_unit_detach			ssd_unit_detach
834 #define	sd_set_unit_attributes		ssd_set_unit_attributes
835 #define	sd_create_minor_nodes		ssd_create_minor_nodes
836 #define	sd_create_errstats		ssd_create_errstats
837 #define	sd_set_errstats			ssd_set_errstats
838 #define	sd_set_pstats			ssd_set_pstats
839 #define	sddump				ssddump
840 #define	sd_scsi_poll			ssd_scsi_poll
841 #define	sd_send_polled_RQS		ssd_send_polled_RQS
842 #define	sd_ddi_scsi_poll		ssd_ddi_scsi_poll
843 #define	sd_init_event_callbacks		ssd_init_event_callbacks
844 #define	sd_event_callback		ssd_event_callback
845 #define	sd_cache_control		ssd_cache_control
846 #define	sd_get_write_cache_enabled	ssd_get_write_cache_enabled
847 #define	sd_make_device			ssd_make_device
848 #define	sdopen				ssdopen
849 #define	sdclose				ssdclose
850 #define	sd_ready_and_valid		ssd_ready_and_valid
851 #define	sdmin				ssdmin
852 #define	sdread				ssdread
853 #define	sdwrite				ssdwrite
854 #define	sdaread				ssdaread
855 #define	sdawrite			ssdawrite
856 #define	sdstrategy			ssdstrategy
857 #define	sdioctl				ssdioctl
858 #define	sd_mapblockaddr_iostart		ssd_mapblockaddr_iostart
859 #define	sd_mapblocksize_iostart		ssd_mapblocksize_iostart
860 #define	sd_checksum_iostart		ssd_checksum_iostart
861 #define	sd_checksum_uscsi_iostart	ssd_checksum_uscsi_iostart
862 #define	sd_pm_iostart			ssd_pm_iostart
863 #define	sd_core_iostart			ssd_core_iostart
864 #define	sd_mapblockaddr_iodone		ssd_mapblockaddr_iodone
865 #define	sd_mapblocksize_iodone		ssd_mapblocksize_iodone
866 #define	sd_checksum_iodone		ssd_checksum_iodone
867 #define	sd_checksum_uscsi_iodone	ssd_checksum_uscsi_iodone
868 #define	sd_pm_iodone			ssd_pm_iodone
869 #define	sd_initpkt_for_buf		ssd_initpkt_for_buf
870 #define	sd_destroypkt_for_buf		ssd_destroypkt_for_buf
871 #define	sd_setup_rw_pkt			ssd_setup_rw_pkt
872 #define	sd_setup_next_rw_pkt		ssd_setup_next_rw_pkt
873 #define	sd_buf_iodone			ssd_buf_iodone
874 #define	sd_uscsi_strategy		ssd_uscsi_strategy
875 #define	sd_initpkt_for_uscsi		ssd_initpkt_for_uscsi
876 #define	sd_destroypkt_for_uscsi		ssd_destroypkt_for_uscsi
877 #define	sd_uscsi_iodone			ssd_uscsi_iodone
878 #define	sd_xbuf_strategy		ssd_xbuf_strategy
879 #define	sd_xbuf_init			ssd_xbuf_init
880 #define	sd_pm_entry			ssd_pm_entry
881 #define	sd_pm_exit			ssd_pm_exit
882 
883 #define	sd_pm_idletimeout_handler	ssd_pm_idletimeout_handler
884 #define	sd_pm_timeout_handler		ssd_pm_timeout_handler
885 
886 #define	sd_add_buf_to_waitq		ssd_add_buf_to_waitq
887 #define	sdintr				ssdintr
888 #define	sd_start_cmds			ssd_start_cmds
889 #define	sd_send_scsi_cmd		ssd_send_scsi_cmd
890 #define	sd_bioclone_alloc		ssd_bioclone_alloc
891 #define	sd_bioclone_free		ssd_bioclone_free
892 #define	sd_shadow_buf_alloc		ssd_shadow_buf_alloc
893 #define	sd_shadow_buf_free		ssd_shadow_buf_free
894 #define	sd_print_transport_rejected_message	\
895 					ssd_print_transport_rejected_message
896 #define	sd_retry_command		ssd_retry_command
897 #define	sd_set_retry_bp			ssd_set_retry_bp
898 #define	sd_send_request_sense_command	ssd_send_request_sense_command
899 #define	sd_start_retry_command		ssd_start_retry_command
900 #define	sd_start_direct_priority_command	\
901 					ssd_start_direct_priority_command
902 #define	sd_return_failed_command	ssd_return_failed_command
903 #define	sd_return_failed_command_no_restart	\
904 					ssd_return_failed_command_no_restart
905 #define	sd_return_command		ssd_return_command
906 #define	sd_sync_with_callback		ssd_sync_with_callback
907 #define	sdrunout			ssdrunout
908 #define	sd_mark_rqs_busy		ssd_mark_rqs_busy
909 #define	sd_mark_rqs_idle		ssd_mark_rqs_idle
910 #define	sd_reduce_throttle		ssd_reduce_throttle
911 #define	sd_restore_throttle		ssd_restore_throttle
912 #define	sd_print_incomplete_msg		ssd_print_incomplete_msg
913 #define	sd_init_cdb_limits		ssd_init_cdb_limits
914 #define	sd_pkt_status_good		ssd_pkt_status_good
915 #define	sd_pkt_status_check_condition	ssd_pkt_status_check_condition
916 #define	sd_pkt_status_busy		ssd_pkt_status_busy
917 #define	sd_pkt_status_reservation_conflict	\
918 					ssd_pkt_status_reservation_conflict
919 #define	sd_pkt_status_qfull		ssd_pkt_status_qfull
920 #define	sd_handle_request_sense		ssd_handle_request_sense
921 #define	sd_handle_auto_request_sense	ssd_handle_auto_request_sense
922 #define	sd_print_sense_failed_msg	ssd_print_sense_failed_msg
923 #define	sd_validate_sense_data		ssd_validate_sense_data
924 #define	sd_decode_sense			ssd_decode_sense
925 #define	sd_print_sense_msg		ssd_print_sense_msg
926 #define	sd_sense_key_no_sense		ssd_sense_key_no_sense
927 #define	sd_sense_key_recoverable_error	ssd_sense_key_recoverable_error
928 #define	sd_sense_key_not_ready		ssd_sense_key_not_ready
929 #define	sd_sense_key_medium_or_hardware_error	\
930 					ssd_sense_key_medium_or_hardware_error
931 #define	sd_sense_key_illegal_request	ssd_sense_key_illegal_request
932 #define	sd_sense_key_unit_attention	ssd_sense_key_unit_attention
933 #define	sd_sense_key_fail_command	ssd_sense_key_fail_command
934 #define	sd_sense_key_blank_check	ssd_sense_key_blank_check
935 #define	sd_sense_key_aborted_command	ssd_sense_key_aborted_command
936 #define	sd_sense_key_default		ssd_sense_key_default
937 #define	sd_print_retry_msg		ssd_print_retry_msg
938 #define	sd_print_cmd_incomplete_msg	ssd_print_cmd_incomplete_msg
939 #define	sd_pkt_reason_cmd_incomplete	ssd_pkt_reason_cmd_incomplete
940 #define	sd_pkt_reason_cmd_tran_err	ssd_pkt_reason_cmd_tran_err
941 #define	sd_pkt_reason_cmd_reset		ssd_pkt_reason_cmd_reset
942 #define	sd_pkt_reason_cmd_aborted	ssd_pkt_reason_cmd_aborted
943 #define	sd_pkt_reason_cmd_timeout	ssd_pkt_reason_cmd_timeout
944 #define	sd_pkt_reason_cmd_unx_bus_free	ssd_pkt_reason_cmd_unx_bus_free
945 #define	sd_pkt_reason_cmd_tag_reject	ssd_pkt_reason_cmd_tag_reject
946 #define	sd_pkt_reason_default		ssd_pkt_reason_default
947 #define	sd_reset_target			ssd_reset_target
948 #define	sd_start_stop_unit_callback	ssd_start_stop_unit_callback
949 #define	sd_start_stop_unit_task		ssd_start_stop_unit_task
950 #define	sd_taskq_create			ssd_taskq_create
951 #define	sd_taskq_delete			ssd_taskq_delete
952 #define	sd_media_change_task		ssd_media_change_task
953 #define	sd_handle_mchange		ssd_handle_mchange
954 #define	sd_send_scsi_DOORLOCK		ssd_send_scsi_DOORLOCK
955 #define	sd_send_scsi_READ_CAPACITY	ssd_send_scsi_READ_CAPACITY
956 #define	sd_send_scsi_READ_CAPACITY_16	ssd_send_scsi_READ_CAPACITY_16
957 #define	sd_send_scsi_GET_CONFIGURATION	ssd_send_scsi_GET_CONFIGURATION
958 #define	sd_send_scsi_feature_GET_CONFIGURATION	\
959 					sd_send_scsi_feature_GET_CONFIGURATION
960 #define	sd_send_scsi_START_STOP_UNIT	ssd_send_scsi_START_STOP_UNIT
961 #define	sd_send_scsi_INQUIRY		ssd_send_scsi_INQUIRY
962 #define	sd_send_scsi_TEST_UNIT_READY	ssd_send_scsi_TEST_UNIT_READY
963 #define	sd_send_scsi_PERSISTENT_RESERVE_IN	\
964 					ssd_send_scsi_PERSISTENT_RESERVE_IN
965 #define	sd_send_scsi_PERSISTENT_RESERVE_OUT	\
966 					ssd_send_scsi_PERSISTENT_RESERVE_OUT
967 #define	sd_send_scsi_SYNCHRONIZE_CACHE	ssd_send_scsi_SYNCHRONIZE_CACHE
968 #define	sd_send_scsi_SYNCHRONIZE_CACHE_biodone	\
969 					ssd_send_scsi_SYNCHRONIZE_CACHE_biodone
970 #define	sd_send_scsi_MODE_SENSE		ssd_send_scsi_MODE_SENSE
971 #define	sd_send_scsi_MODE_SELECT	ssd_send_scsi_MODE_SELECT
972 #define	sd_send_scsi_RDWR		ssd_send_scsi_RDWR
973 #define	sd_send_scsi_LOG_SENSE		ssd_send_scsi_LOG_SENSE
974 #define	sd_alloc_rqs			ssd_alloc_rqs
975 #define	sd_free_rqs			ssd_free_rqs
976 #define	sd_dump_memory			ssd_dump_memory
977 #define	sd_uscsi_ioctl			ssd_uscsi_ioctl
978 #define	sd_get_media_info		ssd_get_media_info
979 #define	sd_dkio_ctrl_info		ssd_dkio_ctrl_info
980 #define	sd_dkio_get_geometry		ssd_dkio_get_geometry
981 #define	sd_dkio_set_geometry		ssd_dkio_set_geometry
982 #define	sd_dkio_get_partition		ssd_dkio_get_partition
983 #define	sd_dkio_set_partition		ssd_dkio_set_partition
984 #define	sd_dkio_partition		ssd_dkio_partition
985 #define	sd_dkio_get_vtoc		ssd_dkio_get_vtoc
986 #define	sd_dkio_get_efi			ssd_dkio_get_efi
987 #define	sd_build_user_vtoc		ssd_build_user_vtoc
988 #define	sd_dkio_set_vtoc		ssd_dkio_set_vtoc
989 #define	sd_dkio_set_efi			ssd_dkio_set_efi
990 #define	sd_build_label_vtoc		ssd_build_label_vtoc
991 #define	sd_write_label			ssd_write_label
992 #define	sd_clear_vtoc			ssd_clear_vtoc
993 #define	sd_clear_efi			ssd_clear_efi
994 #define	sd_get_tunables_from_conf	ssd_get_tunables_from_conf
995 #define	sd_setup_next_xfer		ssd_setup_next_xfer
996 #define	sd_dkio_get_temp		ssd_dkio_get_temp
997 #define	sd_dkio_get_mboot		ssd_dkio_get_mboot
998 #define	sd_dkio_set_mboot		ssd_dkio_set_mboot
999 #define	sd_setup_default_geometry	ssd_setup_default_geometry
1000 #define	sd_update_fdisk_and_vtoc	ssd_update_fdisk_and_vtoc
1001 #define	sd_check_mhd			ssd_check_mhd
1002 #define	sd_mhd_watch_cb			ssd_mhd_watch_cb
1003 #define	sd_mhd_watch_incomplete		ssd_mhd_watch_incomplete
1004 #define	sd_sname			ssd_sname
1005 #define	sd_mhd_resvd_recover		ssd_mhd_resvd_recover
1006 #define	sd_resv_reclaim_thread		ssd_resv_reclaim_thread
1007 #define	sd_take_ownership		ssd_take_ownership
1008 #define	sd_reserve_release		ssd_reserve_release
1009 #define	sd_rmv_resv_reclaim_req		ssd_rmv_resv_reclaim_req
1010 #define	sd_mhd_reset_notify_cb		ssd_mhd_reset_notify_cb
1011 #define	sd_persistent_reservation_in_read_keys	\
1012 					ssd_persistent_reservation_in_read_keys
1013 #define	sd_persistent_reservation_in_read_resv	\
1014 					ssd_persistent_reservation_in_read_resv
1015 #define	sd_mhdioc_takeown		ssd_mhdioc_takeown
1016 #define	sd_mhdioc_failfast		ssd_mhdioc_failfast
1017 #define	sd_mhdioc_release		ssd_mhdioc_release
1018 #define	sd_mhdioc_register_devid	ssd_mhdioc_register_devid
1019 #define	sd_mhdioc_inkeys		ssd_mhdioc_inkeys
1020 #define	sd_mhdioc_inresv		ssd_mhdioc_inresv
1021 #define	sr_change_blkmode		ssr_change_blkmode
1022 #define	sr_change_speed			ssr_change_speed
1023 #define	sr_atapi_change_speed		ssr_atapi_change_speed
1024 #define	sr_pause_resume			ssr_pause_resume
1025 #define	sr_play_msf			ssr_play_msf
1026 #define	sr_play_trkind			ssr_play_trkind
1027 #define	sr_read_all_subcodes		ssr_read_all_subcodes
1028 #define	sr_read_subchannel		ssr_read_subchannel
1029 #define	sr_read_tocentry		ssr_read_tocentry
1030 #define	sr_read_tochdr			ssr_read_tochdr
1031 #define	sr_read_cdda			ssr_read_cdda
1032 #define	sr_read_cdxa			ssr_read_cdxa
1033 #define	sr_read_mode1			ssr_read_mode1
1034 #define	sr_read_mode2			ssr_read_mode2
1035 #define	sr_read_cd_mode2		ssr_read_cd_mode2
1036 #define	sr_sector_mode			ssr_sector_mode
1037 #define	sr_eject			ssr_eject
1038 #define	sr_ejected			ssr_ejected
1039 #define	sr_check_wp			ssr_check_wp
1040 #define	sd_check_media			ssd_check_media
1041 #define	sd_media_watch_cb		ssd_media_watch_cb
1042 #define	sd_delayed_cv_broadcast		ssd_delayed_cv_broadcast
1043 #define	sr_volume_ctrl			ssr_volume_ctrl
1044 #define	sr_read_sony_session_offset	ssr_read_sony_session_offset
1045 #define	sd_log_page_supported		ssd_log_page_supported
1046 #define	sd_check_for_writable_cd	ssd_check_for_writable_cd
1047 #define	sd_wm_cache_constructor		ssd_wm_cache_constructor
1048 #define	sd_wm_cache_destructor		ssd_wm_cache_destructor
1049 #define	sd_range_lock			ssd_range_lock
1050 #define	sd_get_range			ssd_get_range
1051 #define	sd_free_inlist_wmap		ssd_free_inlist_wmap
1052 #define	sd_range_unlock			ssd_range_unlock
1053 #define	sd_read_modify_write_task	ssd_read_modify_write_task
1054 #define	sddump_do_read_of_rmw		ssddump_do_read_of_rmw
1055 
1056 #define	sd_iostart_chain		ssd_iostart_chain
1057 #define	sd_iodone_chain			ssd_iodone_chain
1058 #define	sd_initpkt_map			ssd_initpkt_map
1059 #define	sd_destroypkt_map		ssd_destroypkt_map
1060 #define	sd_chain_type_map		ssd_chain_type_map
1061 #define	sd_chain_index_map		ssd_chain_index_map
1062 
1063 #define	sd_failfast_flushctl		ssd_failfast_flushctl
1064 #define	sd_failfast_flushq		ssd_failfast_flushq
1065 #define	sd_failfast_flushq_callback	ssd_failfast_flushq_callback
1066 
1067 #define	sd_is_lsi			ssd_is_lsi
1068 
1069 #endif	/* #if (defined(__fibre)) */
1070 
1071 
1072 int _init(void);
1073 int _fini(void);
1074 int _info(struct modinfo *modinfop);
1075 
1076 /*PRINTFLIKE3*/
1077 static void sd_log_trace(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1078 /*PRINTFLIKE3*/
1079 static void sd_log_info(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1080 /*PRINTFLIKE3*/
1081 static void sd_log_err(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1082 
1083 static int sdprobe(dev_info_t *devi);
1084 static int sdinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg,
1085     void **result);
1086 static int sd_prop_op(dev_t dev, dev_info_t *dip, ddi_prop_op_t prop_op,
1087     int mod_flags, char *name, caddr_t valuep, int *lengthp);
1088 
1089 /*
1090  * Smart probe for parallel scsi
1091  */
1092 static void sd_scsi_probe_cache_init(void);
1093 static void sd_scsi_probe_cache_fini(void);
1094 static void sd_scsi_clear_probe_cache(void);
1095 static int  sd_scsi_probe_with_cache(struct scsi_device *devp, int (*fn)());
1096 
1097 static int	sd_spin_up_unit(struct sd_lun *un);
1098 #ifdef _LP64
1099 static void	sd_enable_descr_sense(struct sd_lun *un);
1100 static void	sd_reenable_dsense_task(void *arg);
1101 #endif /* _LP64 */
1102 
1103 static void	sd_set_mmc_caps(struct sd_lun *un);
1104 
1105 static void sd_read_unit_properties(struct sd_lun *un);
1106 static int  sd_process_sdconf_file(struct sd_lun *un);
1107 static void sd_get_tunables_from_conf(struct sd_lun *un, int flags,
1108     int *data_list, sd_tunables *values);
1109 static void sd_process_sdconf_table(struct sd_lun *un);
1110 static int  sd_sdconf_id_match(struct sd_lun *un, char *id, int idlen);
1111 static int  sd_blank_cmp(struct sd_lun *un, char *id, int idlen);
1112 static int  sd_chk_vers1_data(struct sd_lun *un, int flags, int *prop_list,
1113 	int list_len, char *dataname_ptr);
1114 static void sd_set_vers1_properties(struct sd_lun *un, int flags,
1115     sd_tunables *prop_list);
1116 static int  sd_validate_geometry(struct sd_lun *un, int path_flag);
1117 
1118 #if defined(_SUNOS_VTOC_16)
1119 static void sd_convert_geometry(uint64_t capacity, struct dk_geom *un_g);
1120 #endif
1121 
1122 static void sd_resync_geom_caches(struct sd_lun *un, int capacity, int lbasize,
1123 	int path_flag);
1124 static int  sd_read_fdisk(struct sd_lun *un, uint_t capacity, int lbasize,
1125 	int path_flag);
1126 static void sd_get_physical_geometry(struct sd_lun *un,
1127 	struct geom_cache *pgeom_p, int capacity, int lbasize, int path_flag);
1128 static void sd_get_virtual_geometry(struct sd_lun *un, int capacity,
1129 	int lbasize);
1130 static int  sd_uselabel(struct sd_lun *un, struct dk_label *l, int path_flag);
1131 static void sd_swap_efi_gpt(efi_gpt_t *);
1132 static void sd_swap_efi_gpe(int nparts, efi_gpe_t *);
1133 static int sd_validate_efi(efi_gpt_t *);
1134 static int sd_use_efi(struct sd_lun *, int);
1135 static void sd_build_default_label(struct sd_lun *un);
1136 
1137 #if defined(_FIRMWARE_NEEDS_FDISK)
1138 static int  sd_has_max_chs_vals(struct ipart *fdp);
1139 #endif
1140 static void sd_inq_fill(char *p, int l, char *s);
1141 
1142 
1143 static void sd_register_devid(struct sd_lun *un, dev_info_t *devi,
1144     int reservation_flag);
1145 static daddr_t  sd_get_devid_block(struct sd_lun *un);
1146 static int  sd_get_devid(struct sd_lun *un);
1147 static int  sd_get_serialnum(struct sd_lun *un, uchar_t *wwn, int *len);
1148 static ddi_devid_t sd_create_devid(struct sd_lun *un);
1149 static int  sd_write_deviceid(struct sd_lun *un);
1150 static int  sd_get_devid_page(struct sd_lun *un, uchar_t *wwn, int *len);
1151 static int  sd_check_vpd_page_support(struct sd_lun *un);
1152 
1153 static void sd_setup_pm(struct sd_lun *un, dev_info_t *devi);
1154 static void sd_create_pm_components(dev_info_t *devi, struct sd_lun *un);
1155 
1156 static int  sd_ddi_suspend(dev_info_t *devi);
1157 static int  sd_ddi_pm_suspend(struct sd_lun *un);
1158 static int  sd_ddi_resume(dev_info_t *devi);
1159 static int  sd_ddi_pm_resume(struct sd_lun *un);
1160 static int  sdpower(dev_info_t *devi, int component, int level);
1161 
1162 static int  sdattach(dev_info_t *devi, ddi_attach_cmd_t cmd);
1163 static int  sddetach(dev_info_t *devi, ddi_detach_cmd_t cmd);
1164 static int  sd_unit_attach(dev_info_t *devi);
1165 static int  sd_unit_detach(dev_info_t *devi);
1166 
1167 static void sd_set_unit_attributes(struct sd_lun *un, dev_info_t *devi);
1168 static int  sd_create_minor_nodes(struct sd_lun *un, dev_info_t *devi);
1169 static void sd_create_errstats(struct sd_lun *un, int instance);
1170 static void sd_set_errstats(struct sd_lun *un);
1171 static void sd_set_pstats(struct sd_lun *un);
1172 
1173 static int  sddump(dev_t dev, caddr_t addr, daddr_t blkno, int nblk);
1174 static int  sd_scsi_poll(struct sd_lun *un, struct scsi_pkt *pkt);
1175 static int  sd_send_polled_RQS(struct sd_lun *un);
1176 static int  sd_ddi_scsi_poll(struct scsi_pkt *pkt);
1177 
1178 #if (defined(__fibre))
1179 /*
1180  * Event callbacks (photon)
1181  */
1182 static void sd_init_event_callbacks(struct sd_lun *un);
1183 static void  sd_event_callback(dev_info_t *, ddi_eventcookie_t, void *, void *);
1184 #endif
1185 
1186 /*
1187  * Defines for sd_cache_control
1188  */
1189 
1190 #define	SD_CACHE_ENABLE		1
1191 #define	SD_CACHE_DISABLE	0
1192 #define	SD_CACHE_NOCHANGE	-1
1193 
1194 static int   sd_cache_control(struct sd_lun *un, int rcd_flag, int wce_flag);
1195 static int   sd_get_write_cache_enabled(struct sd_lun *un, int *is_enabled);
1196 static dev_t sd_make_device(dev_info_t *devi);
1197 
1198 static void  sd_update_block_info(struct sd_lun *un, uint32_t lbasize,
1199 	uint64_t capacity);
1200 
1201 /*
1202  * Driver entry point functions.
1203  */
1204 static int  sdopen(dev_t *dev_p, int flag, int otyp, cred_t *cred_p);
1205 static int  sdclose(dev_t dev, int flag, int otyp, cred_t *cred_p);
1206 static int  sd_ready_and_valid(struct sd_lun *un);
1207 
1208 static void sdmin(struct buf *bp);
1209 static int sdread(dev_t dev, struct uio *uio, cred_t *cred_p);
1210 static int sdwrite(dev_t dev, struct uio *uio, cred_t *cred_p);
1211 static int sdaread(dev_t dev, struct aio_req *aio, cred_t *cred_p);
1212 static int sdawrite(dev_t dev, struct aio_req *aio, cred_t *cred_p);
1213 
1214 static int sdstrategy(struct buf *bp);
1215 static int sdioctl(dev_t, int, intptr_t, int, cred_t *, int *);
1216 
1217 /*
1218  * Function prototypes for layering functions in the iostart chain.
1219  */
1220 static void sd_mapblockaddr_iostart(int index, struct sd_lun *un,
1221 	struct buf *bp);
1222 static void sd_mapblocksize_iostart(int index, struct sd_lun *un,
1223 	struct buf *bp);
1224 static void sd_checksum_iostart(int index, struct sd_lun *un, struct buf *bp);
1225 static void sd_checksum_uscsi_iostart(int index, struct sd_lun *un,
1226 	struct buf *bp);
1227 static void sd_pm_iostart(int index, struct sd_lun *un, struct buf *bp);
1228 static void sd_core_iostart(int index, struct sd_lun *un, struct buf *bp);
1229 
1230 /*
1231  * Function prototypes for layering functions in the iodone chain.
1232  */
1233 static void sd_buf_iodone(int index, struct sd_lun *un, struct buf *bp);
1234 static void sd_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp);
1235 static void sd_mapblockaddr_iodone(int index, struct sd_lun *un,
1236 	struct buf *bp);
1237 static void sd_mapblocksize_iodone(int index, struct sd_lun *un,
1238 	struct buf *bp);
1239 static void sd_checksum_iodone(int index, struct sd_lun *un, struct buf *bp);
1240 static void sd_checksum_uscsi_iodone(int index, struct sd_lun *un,
1241 	struct buf *bp);
1242 static void sd_pm_iodone(int index, struct sd_lun *un, struct buf *bp);
1243 
1244 /*
1245  * Prototypes for functions to support buf(9S) based IO.
1246  */
1247 static void sd_xbuf_strategy(struct buf *bp, ddi_xbuf_t xp, void *arg);
1248 static int sd_initpkt_for_buf(struct buf *, struct scsi_pkt **);
1249 static void sd_destroypkt_for_buf(struct buf *);
1250 static int sd_setup_rw_pkt(struct sd_lun *un, struct scsi_pkt **pktpp,
1251 	struct buf *bp, int flags,
1252 	int (*callback)(caddr_t), caddr_t callback_arg,
1253 	diskaddr_t lba, uint32_t blockcount);
1254 #if defined(__i386) || defined(__amd64)
1255 static int sd_setup_next_rw_pkt(struct sd_lun *un, struct scsi_pkt *pktp,
1256 	struct buf *bp, diskaddr_t lba, uint32_t blockcount);
1257 #endif /* defined(__i386) || defined(__amd64) */
1258 
1259 /*
1260  * Prototypes for functions to support USCSI IO.
1261  */
1262 static int sd_uscsi_strategy(struct buf *bp);
1263 static int sd_initpkt_for_uscsi(struct buf *, struct scsi_pkt **);
1264 static void sd_destroypkt_for_uscsi(struct buf *);
1265 
1266 static void sd_xbuf_init(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
1267 	uchar_t chain_type, void *pktinfop);
1268 
1269 static int  sd_pm_entry(struct sd_lun *un);
1270 static void sd_pm_exit(struct sd_lun *un);
1271 
1272 static void sd_pm_idletimeout_handler(void *arg);
1273 
1274 /*
1275  * sd_core internal functions (used at the sd_core_io layer).
1276  */
1277 static void sd_add_buf_to_waitq(struct sd_lun *un, struct buf *bp);
1278 static void sdintr(struct scsi_pkt *pktp);
1279 static void sd_start_cmds(struct sd_lun *un, struct buf *immed_bp);
1280 
1281 static int sd_send_scsi_cmd(dev_t dev, struct uscsi_cmd *incmd,
1282 	enum uio_seg cdbspace, enum uio_seg dataspace, enum uio_seg rqbufspace,
1283 	int path_flag);
1284 
1285 static struct buf *sd_bioclone_alloc(struct buf *bp, size_t datalen,
1286 	daddr_t blkno, int (*func)(struct buf *));
1287 static struct buf *sd_shadow_buf_alloc(struct buf *bp, size_t datalen,
1288 	uint_t bflags, daddr_t blkno, int (*func)(struct buf *));
1289 static void sd_bioclone_free(struct buf *bp);
1290 static void sd_shadow_buf_free(struct buf *bp);
1291 
1292 static void sd_print_transport_rejected_message(struct sd_lun *un,
1293 	struct sd_xbuf *xp, int code);
1294 static void sd_print_incomplete_msg(struct sd_lun *un, struct buf *bp,
1295     void *arg, int code);
1296 static void sd_print_sense_failed_msg(struct sd_lun *un, struct buf *bp,
1297     void *arg, int code);
1298 static void sd_print_cmd_incomplete_msg(struct sd_lun *un, struct buf *bp,
1299     void *arg, int code);
1300 
1301 static void sd_retry_command(struct sd_lun *un, struct buf *bp,
1302 	int retry_check_flag,
1303 	void (*user_funcp)(struct sd_lun *un, struct buf *bp, void *argp,
1304 		int c),
1305 	void *user_arg, int failure_code,  clock_t retry_delay,
1306 	void (*statp)(kstat_io_t *));
1307 
1308 static void sd_set_retry_bp(struct sd_lun *un, struct buf *bp,
1309 	clock_t retry_delay, void (*statp)(kstat_io_t *));
1310 
1311 static void sd_send_request_sense_command(struct sd_lun *un, struct buf *bp,
1312 	struct scsi_pkt *pktp);
1313 static void sd_start_retry_command(void *arg);
1314 static void sd_start_direct_priority_command(void *arg);
1315 static void sd_return_failed_command(struct sd_lun *un, struct buf *bp,
1316 	int errcode);
1317 static void sd_return_failed_command_no_restart(struct sd_lun *un,
1318 	struct buf *bp, int errcode);
1319 static void sd_return_command(struct sd_lun *un, struct buf *bp);
1320 static void sd_sync_with_callback(struct sd_lun *un);
1321 static int sdrunout(caddr_t arg);
1322 
1323 static void sd_mark_rqs_busy(struct sd_lun *un, struct buf *bp);
1324 static struct buf *sd_mark_rqs_idle(struct sd_lun *un, struct sd_xbuf *xp);
1325 
1326 static void sd_reduce_throttle(struct sd_lun *un, int throttle_type);
1327 static void sd_restore_throttle(void *arg);
1328 
1329 static void sd_init_cdb_limits(struct sd_lun *un);
1330 
1331 static void sd_pkt_status_good(struct sd_lun *un, struct buf *bp,
1332 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1333 
1334 /*
1335  * Error handling functions
1336  */
1337 static void sd_pkt_status_check_condition(struct sd_lun *un, struct buf *bp,
1338 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1339 static void sd_pkt_status_busy(struct sd_lun *un, struct buf *bp,
1340 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1341 static void sd_pkt_status_reservation_conflict(struct sd_lun *un,
1342 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1343 static void sd_pkt_status_qfull(struct sd_lun *un, struct buf *bp,
1344 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1345 
1346 static void sd_handle_request_sense(struct sd_lun *un, struct buf *bp,
1347 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1348 static void sd_handle_auto_request_sense(struct sd_lun *un, struct buf *bp,
1349 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1350 static int sd_validate_sense_data(struct sd_lun *un, struct buf *bp,
1351 	struct sd_xbuf *xp);
1352 static void sd_decode_sense(struct sd_lun *un, struct buf *bp,
1353 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1354 
1355 static void sd_print_sense_msg(struct sd_lun *un, struct buf *bp,
1356 	void *arg, int code);
1357 
1358 static void sd_sense_key_no_sense(struct sd_lun *un, struct buf *bp,
1359 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1360 static void sd_sense_key_recoverable_error(struct sd_lun *un,
1361 	uint8_t *sense_datap,
1362 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1363 static void sd_sense_key_not_ready(struct sd_lun *un,
1364 	uint8_t *sense_datap,
1365 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1366 static void sd_sense_key_medium_or_hardware_error(struct sd_lun *un,
1367 	uint8_t *sense_datap,
1368 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1369 static void sd_sense_key_illegal_request(struct sd_lun *un, struct buf *bp,
1370 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1371 static void sd_sense_key_unit_attention(struct sd_lun *un,
1372 	uint8_t *sense_datap,
1373 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1374 static void sd_sense_key_fail_command(struct sd_lun *un, struct buf *bp,
1375 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1376 static void sd_sense_key_blank_check(struct sd_lun *un, struct buf *bp,
1377 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1378 static void sd_sense_key_aborted_command(struct sd_lun *un, struct buf *bp,
1379 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1380 static void sd_sense_key_default(struct sd_lun *un,
1381 	uint8_t *sense_datap,
1382 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1383 
1384 static void sd_print_retry_msg(struct sd_lun *un, struct buf *bp,
1385 	void *arg, int flag);
1386 
1387 static void sd_pkt_reason_cmd_incomplete(struct sd_lun *un, struct buf *bp,
1388 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1389 static void sd_pkt_reason_cmd_tran_err(struct sd_lun *un, struct buf *bp,
1390 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1391 static void sd_pkt_reason_cmd_reset(struct sd_lun *un, struct buf *bp,
1392 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1393 static void sd_pkt_reason_cmd_aborted(struct sd_lun *un, struct buf *bp,
1394 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1395 static void sd_pkt_reason_cmd_timeout(struct sd_lun *un, struct buf *bp,
1396 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1397 static void sd_pkt_reason_cmd_unx_bus_free(struct sd_lun *un, struct buf *bp,
1398 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1399 static void sd_pkt_reason_cmd_tag_reject(struct sd_lun *un, struct buf *bp,
1400 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1401 static void sd_pkt_reason_default(struct sd_lun *un, struct buf *bp,
1402 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1403 
1404 static void sd_reset_target(struct sd_lun *un, struct scsi_pkt *pktp);
1405 
1406 static void sd_start_stop_unit_callback(void *arg);
1407 static void sd_start_stop_unit_task(void *arg);
1408 
1409 static void sd_taskq_create(void);
1410 static void sd_taskq_delete(void);
1411 static void sd_media_change_task(void *arg);
1412 
1413 static int sd_handle_mchange(struct sd_lun *un);
1414 static int sd_send_scsi_DOORLOCK(struct sd_lun *un, int flag, int path_flag);
1415 static int sd_send_scsi_READ_CAPACITY(struct sd_lun *un, uint64_t *capp,
1416 	uint32_t *lbap, int path_flag);
1417 static int sd_send_scsi_READ_CAPACITY_16(struct sd_lun *un, uint64_t *capp,
1418 	uint32_t *lbap, int path_flag);
1419 static int sd_send_scsi_START_STOP_UNIT(struct sd_lun *un, int flag,
1420 	int path_flag);
1421 static int sd_send_scsi_INQUIRY(struct sd_lun *un, uchar_t *bufaddr,
1422 	size_t buflen, uchar_t evpd, uchar_t page_code, size_t *residp);
1423 static int sd_send_scsi_TEST_UNIT_READY(struct sd_lun *un, int flag);
1424 static int sd_send_scsi_PERSISTENT_RESERVE_IN(struct sd_lun *un,
1425 	uchar_t usr_cmd, uint16_t data_len, uchar_t *data_bufp);
1426 static int sd_send_scsi_PERSISTENT_RESERVE_OUT(struct sd_lun *un,
1427 	uchar_t usr_cmd, uchar_t *usr_bufp);
1428 static int sd_send_scsi_SYNCHRONIZE_CACHE(struct sd_lun *un,
1429 	struct dk_callback *dkc);
1430 static int sd_send_scsi_SYNCHRONIZE_CACHE_biodone(struct buf *bp);
1431 static int sd_send_scsi_GET_CONFIGURATION(struct sd_lun *un,
1432 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
1433 	uchar_t *bufaddr, uint_t buflen);
1434 static int sd_send_scsi_feature_GET_CONFIGURATION(struct sd_lun *un,
1435 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
1436 	uchar_t *bufaddr, uint_t buflen, char feature);
1437 static int sd_send_scsi_MODE_SENSE(struct sd_lun *un, int cdbsize,
1438 	uchar_t *bufaddr, size_t buflen, uchar_t page_code, int path_flag);
1439 static int sd_send_scsi_MODE_SELECT(struct sd_lun *un, int cdbsize,
1440 	uchar_t *bufaddr, size_t buflen, uchar_t save_page, int path_flag);
1441 static int sd_send_scsi_RDWR(struct sd_lun *un, uchar_t cmd, void *bufaddr,
1442 	size_t buflen, daddr_t start_block, int path_flag);
1443 #define	sd_send_scsi_READ(un, bufaddr, buflen, start_block, path_flag)	\
1444 	sd_send_scsi_RDWR(un, SCMD_READ, bufaddr, buflen, start_block, \
1445 	path_flag)
1446 #define	sd_send_scsi_WRITE(un, bufaddr, buflen, start_block, path_flag)	\
1447 	sd_send_scsi_RDWR(un, SCMD_WRITE, bufaddr, buflen, start_block,\
1448 	path_flag)
1449 
1450 static int sd_send_scsi_LOG_SENSE(struct sd_lun *un, uchar_t *bufaddr,
1451 	uint16_t buflen, uchar_t page_code, uchar_t page_control,
1452 	uint16_t param_ptr, int path_flag);
1453 
1454 static int  sd_alloc_rqs(struct scsi_device *devp, struct sd_lun *un);
1455 static void sd_free_rqs(struct sd_lun *un);
1456 
1457 static void sd_dump_memory(struct sd_lun *un, uint_t comp, char *title,
1458 	uchar_t *data, int len, int fmt);
1459 static void sd_panic_for_res_conflict(struct sd_lun *un);
1460 
1461 /*
1462  * Disk Ioctl Function Prototypes
1463  */
1464 static int sd_uscsi_ioctl(dev_t dev, caddr_t arg, int flag);
1465 static int sd_get_media_info(dev_t dev, caddr_t arg, int flag);
1466 static int sd_dkio_ctrl_info(dev_t dev, caddr_t arg, int flag);
1467 static int sd_dkio_get_geometry(dev_t dev, caddr_t arg, int flag,
1468 	int geom_validated);
1469 static int sd_dkio_set_geometry(dev_t dev, caddr_t arg, int flag);
1470 static int sd_dkio_get_partition(dev_t dev, caddr_t arg, int flag,
1471 	int geom_validated);
1472 static int sd_dkio_set_partition(dev_t dev, caddr_t arg, int flag);
1473 static int sd_dkio_get_vtoc(dev_t dev, caddr_t arg, int flag,
1474 	int geom_validated);
1475 static int sd_dkio_get_efi(dev_t dev, caddr_t arg, int flag);
1476 static int sd_dkio_partition(dev_t dev, caddr_t arg, int flag);
1477 static void sd_build_user_vtoc(struct sd_lun *un, struct vtoc *user_vtoc);
1478 static int sd_dkio_set_vtoc(dev_t dev, caddr_t arg, int flag);
1479 static int sd_dkio_set_efi(dev_t dev, caddr_t arg, int flag);
1480 static int sd_build_label_vtoc(struct sd_lun *un, struct vtoc *user_vtoc);
1481 static int sd_write_label(dev_t dev);
1482 static int sd_set_vtoc(struct sd_lun *un, struct dk_label *dkl);
1483 static void sd_clear_vtoc(struct sd_lun *un);
1484 static void sd_clear_efi(struct sd_lun *un);
1485 static int sd_dkio_get_temp(dev_t dev, caddr_t arg, int flag);
1486 static int sd_dkio_get_mboot(dev_t dev, caddr_t arg, int flag);
1487 static int sd_dkio_set_mboot(dev_t dev, caddr_t arg, int flag);
1488 static void sd_setup_default_geometry(struct sd_lun *un);
1489 #if defined(__i386) || defined(__amd64)
1490 static int sd_update_fdisk_and_vtoc(struct sd_lun *un);
1491 #endif
1492 
1493 /*
1494  * Multi-host Ioctl Prototypes
1495  */
1496 static int sd_check_mhd(dev_t dev, int interval);
1497 static int sd_mhd_watch_cb(caddr_t arg, struct scsi_watch_result *resultp);
1498 static void sd_mhd_watch_incomplete(struct sd_lun *un, struct scsi_pkt *pkt);
1499 static char *sd_sname(uchar_t status);
1500 static void sd_mhd_resvd_recover(void *arg);
1501 static void sd_resv_reclaim_thread();
1502 static int sd_take_ownership(dev_t dev, struct mhioctkown *p);
1503 static int sd_reserve_release(dev_t dev, int cmd);
1504 static void sd_rmv_resv_reclaim_req(dev_t dev);
1505 static void sd_mhd_reset_notify_cb(caddr_t arg);
1506 static int sd_persistent_reservation_in_read_keys(struct sd_lun *un,
1507 	mhioc_inkeys_t *usrp, int flag);
1508 static int sd_persistent_reservation_in_read_resv(struct sd_lun *un,
1509 	mhioc_inresvs_t *usrp, int flag);
1510 static int sd_mhdioc_takeown(dev_t dev, caddr_t arg, int flag);
1511 static int sd_mhdioc_failfast(dev_t dev, caddr_t arg, int flag);
1512 static int sd_mhdioc_release(dev_t dev);
1513 static int sd_mhdioc_register_devid(dev_t dev);
1514 static int sd_mhdioc_inkeys(dev_t dev, caddr_t arg, int flag);
1515 static int sd_mhdioc_inresv(dev_t dev, caddr_t arg, int flag);
1516 
1517 /*
1518  * SCSI removable prototypes
1519  */
1520 static int sr_change_blkmode(dev_t dev, int cmd, intptr_t data, int flag);
1521 static int sr_change_speed(dev_t dev, int cmd, intptr_t data, int flag);
1522 static int sr_atapi_change_speed(dev_t dev, int cmd, intptr_t data, int flag);
1523 static int sr_pause_resume(dev_t dev, int mode);
1524 static int sr_play_msf(dev_t dev, caddr_t data, int flag);
1525 static int sr_play_trkind(dev_t dev, caddr_t data, int flag);
1526 static int sr_read_all_subcodes(dev_t dev, caddr_t data, int flag);
1527 static int sr_read_subchannel(dev_t dev, caddr_t data, int flag);
1528 static int sr_read_tocentry(dev_t dev, caddr_t data, int flag);
1529 static int sr_read_tochdr(dev_t dev, caddr_t data, int flag);
1530 static int sr_read_cdda(dev_t dev, caddr_t data, int flag);
1531 static int sr_read_cdxa(dev_t dev, caddr_t data, int flag);
1532 static int sr_read_mode1(dev_t dev, caddr_t data, int flag);
1533 static int sr_read_mode2(dev_t dev, caddr_t data, int flag);
1534 static int sr_read_cd_mode2(dev_t dev, caddr_t data, int flag);
1535 static int sr_sector_mode(dev_t dev, uint32_t blksize);
1536 static int sr_eject(dev_t dev);
1537 static void sr_ejected(register struct sd_lun *un);
1538 static int sr_check_wp(dev_t dev);
1539 static int sd_check_media(dev_t dev, enum dkio_state state);
1540 static int sd_media_watch_cb(caddr_t arg, struct scsi_watch_result *resultp);
1541 static void sd_delayed_cv_broadcast(void *arg);
1542 static int sr_volume_ctrl(dev_t dev, caddr_t data, int flag);
1543 static int sr_read_sony_session_offset(dev_t dev, caddr_t data, int flag);
1544 
1545 static int sd_log_page_supported(struct sd_lun *un, int log_page);
1546 
1547 /*
1548  * Function Prototype for the non-512 support (DVDRAM, MO etc.) functions.
1549  */
1550 static void sd_check_for_writable_cd(struct sd_lun *un);
1551 static int sd_wm_cache_constructor(void *wm, void *un, int flags);
1552 static void sd_wm_cache_destructor(void *wm, void *un);
1553 static struct sd_w_map *sd_range_lock(struct sd_lun *un, daddr_t startb,
1554 	daddr_t endb, ushort_t typ);
1555 static struct sd_w_map *sd_get_range(struct sd_lun *un, daddr_t startb,
1556 	daddr_t endb);
1557 static void sd_free_inlist_wmap(struct sd_lun *un, struct sd_w_map *wmp);
1558 static void sd_range_unlock(struct sd_lun *un, struct sd_w_map *wm);
1559 static void sd_read_modify_write_task(void * arg);
1560 static int
1561 sddump_do_read_of_rmw(struct sd_lun *un, uint64_t blkno, uint64_t nblk,
1562 	struct buf **bpp);
1563 
1564 
1565 /*
1566  * Function prototypes for failfast support.
1567  */
1568 static void sd_failfast_flushq(struct sd_lun *un);
1569 static int sd_failfast_flushq_callback(struct buf *bp);
1570 
1571 /*
1572  * Function prototypes to check for lsi devices
1573  */
1574 static void sd_is_lsi(struct sd_lun *un);
1575 
1576 /*
1577  * Function prototypes for x86 support
1578  */
1579 #if defined(__i386) || defined(__amd64)
1580 static int sd_setup_next_xfer(struct sd_lun *un, struct buf *bp,
1581 		struct scsi_pkt *pkt, struct sd_xbuf *xp);
1582 #endif
1583 
1584 /*
1585  * Constants for failfast support:
1586  *
1587  * SD_FAILFAST_INACTIVE: Instance is currently in a normal state, with NO
1588  * failfast processing being performed.
1589  *
1590  * SD_FAILFAST_ACTIVE: Instance is in the failfast state and is performing
1591  * failfast processing on all bufs with B_FAILFAST set.
1592  */
1593 
1594 #define	SD_FAILFAST_INACTIVE		0
1595 #define	SD_FAILFAST_ACTIVE		1
1596 
1597 /*
1598  * Bitmask to control behavior of buf(9S) flushes when a transition to
1599  * the failfast state occurs. Optional bits include:
1600  *
1601  * SD_FAILFAST_FLUSH_ALL_BUFS: When set, flush ALL bufs including those that
1602  * do NOT have B_FAILFAST set. When clear, only bufs with B_FAILFAST will
1603  * be flushed.
1604  *
1605  * SD_FAILFAST_FLUSH_ALL_QUEUES: When set, flush any/all other queues in the
1606  * driver, in addition to the regular wait queue. This includes the xbuf
1607  * queues. When clear, only the driver's wait queue will be flushed.
1608  */
1609 #define	SD_FAILFAST_FLUSH_ALL_BUFS	0x01
1610 #define	SD_FAILFAST_FLUSH_ALL_QUEUES	0x02
1611 
1612 /*
1613  * The default behavior is to only flush bufs that have B_FAILFAST set, but
1614  * to flush all queues within the driver.
1615  */
1616 static int sd_failfast_flushctl = SD_FAILFAST_FLUSH_ALL_QUEUES;
1617 
1618 
1619 /*
1620  * SD Testing Fault Injection
1621  */
1622 #ifdef SD_FAULT_INJECTION
1623 static void sd_faultinjection_ioctl(int cmd, intptr_t arg, struct sd_lun *un);
1624 static void sd_faultinjection(struct scsi_pkt *pktp);
1625 static void sd_injection_log(char *buf, struct sd_lun *un);
1626 #endif
1627 
1628 /*
1629  * Device driver ops vector
1630  */
1631 static struct cb_ops sd_cb_ops = {
1632 	sdopen,			/* open */
1633 	sdclose,		/* close */
1634 	sdstrategy,		/* strategy */
1635 	nodev,			/* print */
1636 	sddump,			/* dump */
1637 	sdread,			/* read */
1638 	sdwrite,		/* write */
1639 	sdioctl,		/* ioctl */
1640 	nodev,			/* devmap */
1641 	nodev,			/* mmap */
1642 	nodev,			/* segmap */
1643 	nochpoll,		/* poll */
1644 	sd_prop_op,		/* cb_prop_op */
1645 	0,			/* streamtab  */
1646 	D_64BIT | D_MP | D_NEW | D_HOTPLUG, /* Driver compatibility flags */
1647 	CB_REV,			/* cb_rev */
1648 	sdaread, 		/* async I/O read entry point */
1649 	sdawrite		/* async I/O write entry point */
1650 };
1651 
1652 static struct dev_ops sd_ops = {
1653 	DEVO_REV,		/* devo_rev, */
1654 	0,			/* refcnt  */
1655 	sdinfo,			/* info */
1656 	nulldev,		/* identify */
1657 	sdprobe,		/* probe */
1658 	sdattach,		/* attach */
1659 	sddetach,		/* detach */
1660 	nodev,			/* reset */
1661 	&sd_cb_ops,		/* driver operations */
1662 	NULL,			/* bus operations */
1663 	sdpower			/* power */
1664 };
1665 
1666 
1667 /*
1668  * This is the loadable module wrapper.
1669  */
1670 #include <sys/modctl.h>
1671 
1672 static struct modldrv modldrv = {
1673 	&mod_driverops,		/* Type of module. This one is a driver */
1674 	SD_MODULE_NAME,		/* Module name. */
1675 	&sd_ops			/* driver ops */
1676 };
1677 
1678 
1679 static struct modlinkage modlinkage = {
1680 	MODREV_1,
1681 	&modldrv,
1682 	NULL
1683 };
1684 
1685 
1686 static struct scsi_asq_key_strings sd_additional_codes[] = {
1687 	0x81, 0, "Logical Unit is Reserved",
1688 	0x85, 0, "Audio Address Not Valid",
1689 	0xb6, 0, "Media Load Mechanism Failed",
1690 	0xB9, 0, "Audio Play Operation Aborted",
1691 	0xbf, 0, "Buffer Overflow for Read All Subcodes Command",
1692 	0x53, 2, "Medium removal prevented",
1693 	0x6f, 0, "Authentication failed during key exchange",
1694 	0x6f, 1, "Key not present",
1695 	0x6f, 2, "Key not established",
1696 	0x6f, 3, "Read without proper authentication",
1697 	0x6f, 4, "Mismatched region to this logical unit",
1698 	0x6f, 5, "Region reset count error",
1699 	0xffff, 0x0, NULL
1700 };
1701 
1702 
1703 /*
1704  * Struct for passing printing information for sense data messages
1705  */
1706 struct sd_sense_info {
1707 	int	ssi_severity;
1708 	int	ssi_pfa_flag;
1709 };
1710 
1711 /*
1712  * Table of function pointers for iostart-side routines. Seperate "chains"
1713  * of layered function calls are formed by placing the function pointers
1714  * sequentially in the desired order. Functions are called according to an
1715  * incrementing table index ordering. The last function in each chain must
1716  * be sd_core_iostart(). The corresponding iodone-side routines are expected
1717  * in the sd_iodone_chain[] array.
1718  *
1719  * Note: It may seem more natural to organize both the iostart and iodone
1720  * functions together, into an array of structures (or some similar
1721  * organization) with a common index, rather than two seperate arrays which
1722  * must be maintained in synchronization. The purpose of this division is
1723  * to achiece improved performance: individual arrays allows for more
1724  * effective cache line utilization on certain platforms.
1725  */
1726 
1727 typedef void (*sd_chain_t)(int index, struct sd_lun *un, struct buf *bp);
1728 
1729 
1730 static sd_chain_t sd_iostart_chain[] = {
1731 
1732 	/* Chain for buf IO for disk drive targets (PM enabled) */
1733 	sd_mapblockaddr_iostart,	/* Index: 0 */
1734 	sd_pm_iostart,			/* Index: 1 */
1735 	sd_core_iostart,		/* Index: 2 */
1736 
1737 	/* Chain for buf IO for disk drive targets (PM disabled) */
1738 	sd_mapblockaddr_iostart,	/* Index: 3 */
1739 	sd_core_iostart,		/* Index: 4 */
1740 
1741 	/* Chain for buf IO for removable-media targets (PM enabled) */
1742 	sd_mapblockaddr_iostart,	/* Index: 5 */
1743 	sd_mapblocksize_iostart,	/* Index: 6 */
1744 	sd_pm_iostart,			/* Index: 7 */
1745 	sd_core_iostart,		/* Index: 8 */
1746 
1747 	/* Chain for buf IO for removable-media targets (PM disabled) */
1748 	sd_mapblockaddr_iostart,	/* Index: 9 */
1749 	sd_mapblocksize_iostart,	/* Index: 10 */
1750 	sd_core_iostart,		/* Index: 11 */
1751 
1752 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1753 	sd_mapblockaddr_iostart,	/* Index: 12 */
1754 	sd_checksum_iostart,		/* Index: 13 */
1755 	sd_pm_iostart,			/* Index: 14 */
1756 	sd_core_iostart,		/* Index: 15 */
1757 
1758 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1759 	sd_mapblockaddr_iostart,	/* Index: 16 */
1760 	sd_checksum_iostart,		/* Index: 17 */
1761 	sd_core_iostart,		/* Index: 18 */
1762 
1763 	/* Chain for USCSI commands (all targets) */
1764 	sd_pm_iostart,			/* Index: 19 */
1765 	sd_core_iostart,		/* Index: 20 */
1766 
1767 	/* Chain for checksumming USCSI commands (all targets) */
1768 	sd_checksum_uscsi_iostart,	/* Index: 21 */
1769 	sd_pm_iostart,			/* Index: 22 */
1770 	sd_core_iostart,		/* Index: 23 */
1771 
1772 	/* Chain for "direct" USCSI commands (all targets) */
1773 	sd_core_iostart,		/* Index: 24 */
1774 
1775 	/* Chain for "direct priority" USCSI commands (all targets) */
1776 	sd_core_iostart,		/* Index: 25 */
1777 };
1778 
1779 /*
1780  * Macros to locate the first function of each iostart chain in the
1781  * sd_iostart_chain[] array. These are located by the index in the array.
1782  */
1783 #define	SD_CHAIN_DISK_IOSTART			0
1784 #define	SD_CHAIN_DISK_IOSTART_NO_PM		3
1785 #define	SD_CHAIN_RMMEDIA_IOSTART		5
1786 #define	SD_CHAIN_RMMEDIA_IOSTART_NO_PM		9
1787 #define	SD_CHAIN_CHKSUM_IOSTART			12
1788 #define	SD_CHAIN_CHKSUM_IOSTART_NO_PM		16
1789 #define	SD_CHAIN_USCSI_CMD_IOSTART		19
1790 #define	SD_CHAIN_USCSI_CHKSUM_IOSTART		21
1791 #define	SD_CHAIN_DIRECT_CMD_IOSTART		24
1792 #define	SD_CHAIN_PRIORITY_CMD_IOSTART		25
1793 
1794 
1795 /*
1796  * Table of function pointers for the iodone-side routines for the driver-
1797  * internal layering mechanism.  The calling sequence for iodone routines
1798  * uses a decrementing table index, so the last routine called in a chain
1799  * must be at the lowest array index location for that chain.  The last
1800  * routine for each chain must be either sd_buf_iodone() (for buf(9S) IOs)
1801  * or sd_uscsi_iodone() (for uscsi IOs).  Other than this, the ordering
1802  * of the functions in an iodone side chain must correspond to the ordering
1803  * of the iostart routines for that chain.  Note that there is no iodone
1804  * side routine that corresponds to sd_core_iostart(), so there is no
1805  * entry in the table for this.
1806  */
1807 
1808 static sd_chain_t sd_iodone_chain[] = {
1809 
1810 	/* Chain for buf IO for disk drive targets (PM enabled) */
1811 	sd_buf_iodone,			/* Index: 0 */
1812 	sd_mapblockaddr_iodone,		/* Index: 1 */
1813 	sd_pm_iodone,			/* Index: 2 */
1814 
1815 	/* Chain for buf IO for disk drive targets (PM disabled) */
1816 	sd_buf_iodone,			/* Index: 3 */
1817 	sd_mapblockaddr_iodone,		/* Index: 4 */
1818 
1819 	/* Chain for buf IO for removable-media targets (PM enabled) */
1820 	sd_buf_iodone,			/* Index: 5 */
1821 	sd_mapblockaddr_iodone,		/* Index: 6 */
1822 	sd_mapblocksize_iodone,		/* Index: 7 */
1823 	sd_pm_iodone,			/* Index: 8 */
1824 
1825 	/* Chain for buf IO for removable-media targets (PM disabled) */
1826 	sd_buf_iodone,			/* Index: 9 */
1827 	sd_mapblockaddr_iodone,		/* Index: 10 */
1828 	sd_mapblocksize_iodone,		/* Index: 11 */
1829 
1830 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1831 	sd_buf_iodone,			/* Index: 12 */
1832 	sd_mapblockaddr_iodone,		/* Index: 13 */
1833 	sd_checksum_iodone,		/* Index: 14 */
1834 	sd_pm_iodone,			/* Index: 15 */
1835 
1836 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1837 	sd_buf_iodone,			/* Index: 16 */
1838 	sd_mapblockaddr_iodone,		/* Index: 17 */
1839 	sd_checksum_iodone,		/* Index: 18 */
1840 
1841 	/* Chain for USCSI commands (non-checksum targets) */
1842 	sd_uscsi_iodone,		/* Index: 19 */
1843 	sd_pm_iodone,			/* Index: 20 */
1844 
1845 	/* Chain for USCSI commands (checksum targets) */
1846 	sd_uscsi_iodone,		/* Index: 21 */
1847 	sd_checksum_uscsi_iodone,	/* Index: 22 */
1848 	sd_pm_iodone,			/* Index: 22 */
1849 
1850 	/* Chain for "direct" USCSI commands (all targets) */
1851 	sd_uscsi_iodone,		/* Index: 24 */
1852 
1853 	/* Chain for "direct priority" USCSI commands (all targets) */
1854 	sd_uscsi_iodone,		/* Index: 25 */
1855 };
1856 
1857 
1858 /*
1859  * Macros to locate the "first" function in the sd_iodone_chain[] array for
1860  * each iodone-side chain. These are located by the array index, but as the
1861  * iodone side functions are called in a decrementing-index order, the
1862  * highest index number in each chain must be specified (as these correspond
1863  * to the first function in the iodone chain that will be called by the core
1864  * at IO completion time).
1865  */
1866 
1867 #define	SD_CHAIN_DISK_IODONE			2
1868 #define	SD_CHAIN_DISK_IODONE_NO_PM		4
1869 #define	SD_CHAIN_RMMEDIA_IODONE			8
1870 #define	SD_CHAIN_RMMEDIA_IODONE_NO_PM		11
1871 #define	SD_CHAIN_CHKSUM_IODONE			15
1872 #define	SD_CHAIN_CHKSUM_IODONE_NO_PM		18
1873 #define	SD_CHAIN_USCSI_CMD_IODONE		20
1874 #define	SD_CHAIN_USCSI_CHKSUM_IODONE		22
1875 #define	SD_CHAIN_DIRECT_CMD_IODONE		24
1876 #define	SD_CHAIN_PRIORITY_CMD_IODONE		25
1877 
1878 
1879 
1880 
1881 /*
1882  * Array to map a layering chain index to the appropriate initpkt routine.
1883  * The redundant entries are present so that the index used for accessing
1884  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1885  * with this table as well.
1886  */
1887 typedef int (*sd_initpkt_t)(struct buf *, struct scsi_pkt **);
1888 
1889 static sd_initpkt_t	sd_initpkt_map[] = {
1890 
1891 	/* Chain for buf IO for disk drive targets (PM enabled) */
1892 	sd_initpkt_for_buf,		/* Index: 0 */
1893 	sd_initpkt_for_buf,		/* Index: 1 */
1894 	sd_initpkt_for_buf,		/* Index: 2 */
1895 
1896 	/* Chain for buf IO for disk drive targets (PM disabled) */
1897 	sd_initpkt_for_buf,		/* Index: 3 */
1898 	sd_initpkt_for_buf,		/* Index: 4 */
1899 
1900 	/* Chain for buf IO for removable-media targets (PM enabled) */
1901 	sd_initpkt_for_buf,		/* Index: 5 */
1902 	sd_initpkt_for_buf,		/* Index: 6 */
1903 	sd_initpkt_for_buf,		/* Index: 7 */
1904 	sd_initpkt_for_buf,		/* Index: 8 */
1905 
1906 	/* Chain for buf IO for removable-media targets (PM disabled) */
1907 	sd_initpkt_for_buf,		/* Index: 9 */
1908 	sd_initpkt_for_buf,		/* Index: 10 */
1909 	sd_initpkt_for_buf,		/* Index: 11 */
1910 
1911 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1912 	sd_initpkt_for_buf,		/* Index: 12 */
1913 	sd_initpkt_for_buf,		/* Index: 13 */
1914 	sd_initpkt_for_buf,		/* Index: 14 */
1915 	sd_initpkt_for_buf,		/* Index: 15 */
1916 
1917 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1918 	sd_initpkt_for_buf,		/* Index: 16 */
1919 	sd_initpkt_for_buf,		/* Index: 17 */
1920 	sd_initpkt_for_buf,		/* Index: 18 */
1921 
1922 	/* Chain for USCSI commands (non-checksum targets) */
1923 	sd_initpkt_for_uscsi,		/* Index: 19 */
1924 	sd_initpkt_for_uscsi,		/* Index: 20 */
1925 
1926 	/* Chain for USCSI commands (checksum targets) */
1927 	sd_initpkt_for_uscsi,		/* Index: 21 */
1928 	sd_initpkt_for_uscsi,		/* Index: 22 */
1929 	sd_initpkt_for_uscsi,		/* Index: 22 */
1930 
1931 	/* Chain for "direct" USCSI commands (all targets) */
1932 	sd_initpkt_for_uscsi,		/* Index: 24 */
1933 
1934 	/* Chain for "direct priority" USCSI commands (all targets) */
1935 	sd_initpkt_for_uscsi,		/* Index: 25 */
1936 
1937 };
1938 
1939 
1940 /*
1941  * Array to map a layering chain index to the appropriate destroypktpkt routine.
1942  * The redundant entries are present so that the index used for accessing
1943  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1944  * with this table as well.
1945  */
1946 typedef void (*sd_destroypkt_t)(struct buf *);
1947 
1948 static sd_destroypkt_t	sd_destroypkt_map[] = {
1949 
1950 	/* Chain for buf IO for disk drive targets (PM enabled) */
1951 	sd_destroypkt_for_buf,		/* Index: 0 */
1952 	sd_destroypkt_for_buf,		/* Index: 1 */
1953 	sd_destroypkt_for_buf,		/* Index: 2 */
1954 
1955 	/* Chain for buf IO for disk drive targets (PM disabled) */
1956 	sd_destroypkt_for_buf,		/* Index: 3 */
1957 	sd_destroypkt_for_buf,		/* Index: 4 */
1958 
1959 	/* Chain for buf IO for removable-media targets (PM enabled) */
1960 	sd_destroypkt_for_buf,		/* Index: 5 */
1961 	sd_destroypkt_for_buf,		/* Index: 6 */
1962 	sd_destroypkt_for_buf,		/* Index: 7 */
1963 	sd_destroypkt_for_buf,		/* Index: 8 */
1964 
1965 	/* Chain for buf IO for removable-media targets (PM disabled) */
1966 	sd_destroypkt_for_buf,		/* Index: 9 */
1967 	sd_destroypkt_for_buf,		/* Index: 10 */
1968 	sd_destroypkt_for_buf,		/* Index: 11 */
1969 
1970 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1971 	sd_destroypkt_for_buf,		/* Index: 12 */
1972 	sd_destroypkt_for_buf,		/* Index: 13 */
1973 	sd_destroypkt_for_buf,		/* Index: 14 */
1974 	sd_destroypkt_for_buf,		/* Index: 15 */
1975 
1976 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1977 	sd_destroypkt_for_buf,		/* Index: 16 */
1978 	sd_destroypkt_for_buf,		/* Index: 17 */
1979 	sd_destroypkt_for_buf,		/* Index: 18 */
1980 
1981 	/* Chain for USCSI commands (non-checksum targets) */
1982 	sd_destroypkt_for_uscsi,	/* Index: 19 */
1983 	sd_destroypkt_for_uscsi,	/* Index: 20 */
1984 
1985 	/* Chain for USCSI commands (checksum targets) */
1986 	sd_destroypkt_for_uscsi,	/* Index: 21 */
1987 	sd_destroypkt_for_uscsi,	/* Index: 22 */
1988 	sd_destroypkt_for_uscsi,	/* Index: 22 */
1989 
1990 	/* Chain for "direct" USCSI commands (all targets) */
1991 	sd_destroypkt_for_uscsi,	/* Index: 24 */
1992 
1993 	/* Chain for "direct priority" USCSI commands (all targets) */
1994 	sd_destroypkt_for_uscsi,	/* Index: 25 */
1995 
1996 };
1997 
1998 
1999 
2000 /*
2001  * Array to map a layering chain index to the appropriate chain "type".
2002  * The chain type indicates a specific property/usage of the chain.
2003  * The redundant entries are present so that the index used for accessing
2004  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
2005  * with this table as well.
2006  */
2007 
2008 #define	SD_CHAIN_NULL			0	/* for the special RQS cmd */
2009 #define	SD_CHAIN_BUFIO			1	/* regular buf IO */
2010 #define	SD_CHAIN_USCSI			2	/* regular USCSI commands */
2011 #define	SD_CHAIN_DIRECT			3	/* uscsi, w/ bypass power mgt */
2012 #define	SD_CHAIN_DIRECT_PRIORITY	4	/* uscsi, w/ bypass power mgt */
2013 						/* (for error recovery) */
2014 
2015 static int sd_chain_type_map[] = {
2016 
2017 	/* Chain for buf IO for disk drive targets (PM enabled) */
2018 	SD_CHAIN_BUFIO,			/* Index: 0 */
2019 	SD_CHAIN_BUFIO,			/* Index: 1 */
2020 	SD_CHAIN_BUFIO,			/* Index: 2 */
2021 
2022 	/* Chain for buf IO for disk drive targets (PM disabled) */
2023 	SD_CHAIN_BUFIO,			/* Index: 3 */
2024 	SD_CHAIN_BUFIO,			/* Index: 4 */
2025 
2026 	/* Chain for buf IO for removable-media targets (PM enabled) */
2027 	SD_CHAIN_BUFIO,			/* Index: 5 */
2028 	SD_CHAIN_BUFIO,			/* Index: 6 */
2029 	SD_CHAIN_BUFIO,			/* Index: 7 */
2030 	SD_CHAIN_BUFIO,			/* Index: 8 */
2031 
2032 	/* Chain for buf IO for removable-media targets (PM disabled) */
2033 	SD_CHAIN_BUFIO,			/* Index: 9 */
2034 	SD_CHAIN_BUFIO,			/* Index: 10 */
2035 	SD_CHAIN_BUFIO,			/* Index: 11 */
2036 
2037 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
2038 	SD_CHAIN_BUFIO,			/* Index: 12 */
2039 	SD_CHAIN_BUFIO,			/* Index: 13 */
2040 	SD_CHAIN_BUFIO,			/* Index: 14 */
2041 	SD_CHAIN_BUFIO,			/* Index: 15 */
2042 
2043 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
2044 	SD_CHAIN_BUFIO,			/* Index: 16 */
2045 	SD_CHAIN_BUFIO,			/* Index: 17 */
2046 	SD_CHAIN_BUFIO,			/* Index: 18 */
2047 
2048 	/* Chain for USCSI commands (non-checksum targets) */
2049 	SD_CHAIN_USCSI,			/* Index: 19 */
2050 	SD_CHAIN_USCSI,			/* Index: 20 */
2051 
2052 	/* Chain for USCSI commands (checksum targets) */
2053 	SD_CHAIN_USCSI,			/* Index: 21 */
2054 	SD_CHAIN_USCSI,			/* Index: 22 */
2055 	SD_CHAIN_USCSI,			/* Index: 22 */
2056 
2057 	/* Chain for "direct" USCSI commands (all targets) */
2058 	SD_CHAIN_DIRECT,		/* Index: 24 */
2059 
2060 	/* Chain for "direct priority" USCSI commands (all targets) */
2061 	SD_CHAIN_DIRECT_PRIORITY,	/* Index: 25 */
2062 };
2063 
2064 
2065 /* Macro to return TRUE if the IO has come from the sd_buf_iostart() chain. */
2066 #define	SD_IS_BUFIO(xp)			\
2067 	(sd_chain_type_map[(xp)->xb_chain_iostart] == SD_CHAIN_BUFIO)
2068 
2069 /* Macro to return TRUE if the IO has come from the "direct priority" chain. */
2070 #define	SD_IS_DIRECT_PRIORITY(xp)	\
2071 	(sd_chain_type_map[(xp)->xb_chain_iostart] == SD_CHAIN_DIRECT_PRIORITY)
2072 
2073 
2074 
2075 /*
2076  * Struct, array, and macros to map a specific chain to the appropriate
2077  * layering indexes in the sd_iostart_chain[] and sd_iodone_chain[] arrays.
2078  *
2079  * The sd_chain_index_map[] array is used at attach time to set the various
2080  * un_xxx_chain type members of the sd_lun softstate to the specific layering
2081  * chain to be used with the instance. This allows different instances to use
2082  * different chain for buf IO, uscsi IO, etc.. Also, since the xb_chain_iostart
2083  * and xb_chain_iodone index values in the sd_xbuf are initialized to these
2084  * values at sd_xbuf init time, this allows (1) layering chains may be changed
2085  * dynamically & without the use of locking; and (2) a layer may update the
2086  * xb_chain_io[start|done] member in a given xbuf with its current index value,
2087  * to allow for deferred processing of an IO within the same chain from a
2088  * different execution context.
2089  */
2090 
2091 struct sd_chain_index {
2092 	int	sci_iostart_index;
2093 	int	sci_iodone_index;
2094 };
2095 
2096 static struct sd_chain_index	sd_chain_index_map[] = {
2097 	{ SD_CHAIN_DISK_IOSTART,		SD_CHAIN_DISK_IODONE },
2098 	{ SD_CHAIN_DISK_IOSTART_NO_PM,		SD_CHAIN_DISK_IODONE_NO_PM },
2099 	{ SD_CHAIN_RMMEDIA_IOSTART,		SD_CHAIN_RMMEDIA_IODONE },
2100 	{ SD_CHAIN_RMMEDIA_IOSTART_NO_PM,	SD_CHAIN_RMMEDIA_IODONE_NO_PM },
2101 	{ SD_CHAIN_CHKSUM_IOSTART,		SD_CHAIN_CHKSUM_IODONE },
2102 	{ SD_CHAIN_CHKSUM_IOSTART_NO_PM,	SD_CHAIN_CHKSUM_IODONE_NO_PM },
2103 	{ SD_CHAIN_USCSI_CMD_IOSTART,		SD_CHAIN_USCSI_CMD_IODONE },
2104 	{ SD_CHAIN_USCSI_CHKSUM_IOSTART,	SD_CHAIN_USCSI_CHKSUM_IODONE },
2105 	{ SD_CHAIN_DIRECT_CMD_IOSTART,		SD_CHAIN_DIRECT_CMD_IODONE },
2106 	{ SD_CHAIN_PRIORITY_CMD_IOSTART,	SD_CHAIN_PRIORITY_CMD_IODONE },
2107 };
2108 
2109 
2110 /*
2111  * The following are indexes into the sd_chain_index_map[] array.
2112  */
2113 
2114 /* un->un_buf_chain_type must be set to one of these */
2115 #define	SD_CHAIN_INFO_DISK		0
2116 #define	SD_CHAIN_INFO_DISK_NO_PM	1
2117 #define	SD_CHAIN_INFO_RMMEDIA		2
2118 #define	SD_CHAIN_INFO_RMMEDIA_NO_PM	3
2119 #define	SD_CHAIN_INFO_CHKSUM		4
2120 #define	SD_CHAIN_INFO_CHKSUM_NO_PM	5
2121 
2122 /* un->un_uscsi_chain_type must be set to one of these */
2123 #define	SD_CHAIN_INFO_USCSI_CMD		6
2124 /* USCSI with PM disabled is the same as DIRECT */
2125 #define	SD_CHAIN_INFO_USCSI_CMD_NO_PM	8
2126 #define	SD_CHAIN_INFO_USCSI_CHKSUM	7
2127 
2128 /* un->un_direct_chain_type must be set to one of these */
2129 #define	SD_CHAIN_INFO_DIRECT_CMD	8
2130 
2131 /* un->un_priority_chain_type must be set to one of these */
2132 #define	SD_CHAIN_INFO_PRIORITY_CMD	9
2133 
2134 /* size for devid inquiries */
2135 #define	MAX_INQUIRY_SIZE		0xF0
2136 
2137 /*
2138  * Macros used by functions to pass a given buf(9S) struct along to the
2139  * next function in the layering chain for further processing.
2140  *
2141  * In the following macros, passing more than three arguments to the called
2142  * routines causes the optimizer for the SPARC compiler to stop doing tail
2143  * call elimination which results in significant performance degradation.
2144  */
2145 #define	SD_BEGIN_IOSTART(index, un, bp)	\
2146 	((*(sd_iostart_chain[index]))(index, un, bp))
2147 
2148 #define	SD_BEGIN_IODONE(index, un, bp)	\
2149 	((*(sd_iodone_chain[index]))(index, un, bp))
2150 
2151 #define	SD_NEXT_IOSTART(index, un, bp)				\
2152 	((*(sd_iostart_chain[(index) + 1]))((index) + 1, un, bp))
2153 
2154 #define	SD_NEXT_IODONE(index, un, bp)				\
2155 	((*(sd_iodone_chain[(index) - 1]))((index) - 1, un, bp))
2156 
2157 /*
2158  *    Function: _init
2159  *
2160  * Description: This is the driver _init(9E) entry point.
2161  *
2162  * Return Code: Returns the value from mod_install(9F) or
2163  *		ddi_soft_state_init(9F) as appropriate.
2164  *
2165  *     Context: Called when driver module loaded.
2166  */
2167 
2168 int
2169 _init(void)
2170 {
2171 	int	err;
2172 
2173 	/* establish driver name from module name */
2174 	sd_label = mod_modname(&modlinkage);
2175 
2176 	err = ddi_soft_state_init(&sd_state, sizeof (struct sd_lun),
2177 		SD_MAXUNIT);
2178 
2179 	if (err != 0) {
2180 		return (err);
2181 	}
2182 
2183 	mutex_init(&sd_detach_mutex, NULL, MUTEX_DRIVER, NULL);
2184 	mutex_init(&sd_log_mutex,    NULL, MUTEX_DRIVER, NULL);
2185 	mutex_init(&sd_label_mutex,  NULL, MUTEX_DRIVER, NULL);
2186 
2187 	mutex_init(&sd_tr.srq_resv_reclaim_mutex, NULL, MUTEX_DRIVER, NULL);
2188 	cv_init(&sd_tr.srq_resv_reclaim_cv, NULL, CV_DRIVER, NULL);
2189 	cv_init(&sd_tr.srq_inprocess_cv, NULL, CV_DRIVER, NULL);
2190 
2191 	/*
2192 	 * it's ok to init here even for fibre device
2193 	 */
2194 	sd_scsi_probe_cache_init();
2195 
2196 	/*
2197 	 * Creating taskq before mod_install ensures that all callers (threads)
2198 	 * that enter the module after a successfull mod_install encounter
2199 	 * a valid taskq.
2200 	 */
2201 	sd_taskq_create();
2202 
2203 	err = mod_install(&modlinkage);
2204 	if (err != 0) {
2205 		/* delete taskq if install fails */
2206 		sd_taskq_delete();
2207 
2208 		mutex_destroy(&sd_detach_mutex);
2209 		mutex_destroy(&sd_log_mutex);
2210 		mutex_destroy(&sd_label_mutex);
2211 
2212 		mutex_destroy(&sd_tr.srq_resv_reclaim_mutex);
2213 		cv_destroy(&sd_tr.srq_resv_reclaim_cv);
2214 		cv_destroy(&sd_tr.srq_inprocess_cv);
2215 
2216 		sd_scsi_probe_cache_fini();
2217 
2218 		ddi_soft_state_fini(&sd_state);
2219 		return (err);
2220 	}
2221 
2222 	return (err);
2223 }
2224 
2225 
2226 /*
2227  *    Function: _fini
2228  *
2229  * Description: This is the driver _fini(9E) entry point.
2230  *
2231  * Return Code: Returns the value from mod_remove(9F)
2232  *
2233  *     Context: Called when driver module is unloaded.
2234  */
2235 
2236 int
2237 _fini(void)
2238 {
2239 	int err;
2240 
2241 	if ((err = mod_remove(&modlinkage)) != 0) {
2242 		return (err);
2243 	}
2244 
2245 	sd_taskq_delete();
2246 
2247 	mutex_destroy(&sd_detach_mutex);
2248 	mutex_destroy(&sd_log_mutex);
2249 	mutex_destroy(&sd_label_mutex);
2250 	mutex_destroy(&sd_tr.srq_resv_reclaim_mutex);
2251 
2252 	sd_scsi_probe_cache_fini();
2253 
2254 	cv_destroy(&sd_tr.srq_resv_reclaim_cv);
2255 	cv_destroy(&sd_tr.srq_inprocess_cv);
2256 
2257 	ddi_soft_state_fini(&sd_state);
2258 
2259 	return (err);
2260 }
2261 
2262 
2263 /*
2264  *    Function: _info
2265  *
2266  * Description: This is the driver _info(9E) entry point.
2267  *
2268  *   Arguments: modinfop - pointer to the driver modinfo structure
2269  *
2270  * Return Code: Returns the value from mod_info(9F).
2271  *
2272  *     Context: Kernel thread context
2273  */
2274 
2275 int
2276 _info(struct modinfo *modinfop)
2277 {
2278 	return (mod_info(&modlinkage, modinfop));
2279 }
2280 
2281 
2282 /*
2283  * The following routines implement the driver message logging facility.
2284  * They provide component- and level- based debug output filtering.
2285  * Output may also be restricted to messages for a single instance by
2286  * specifying a soft state pointer in sd_debug_un. If sd_debug_un is set
2287  * to NULL, then messages for all instances are printed.
2288  *
2289  * These routines have been cloned from each other due to the language
2290  * constraints of macros and variable argument list processing.
2291  */
2292 
2293 
2294 /*
2295  *    Function: sd_log_err
2296  *
2297  * Description: This routine is called by the SD_ERROR macro for debug
2298  *		logging of error conditions.
2299  *
2300  *   Arguments: comp - driver component being logged
2301  *		dev  - pointer to driver info structure
2302  *		fmt  - error string and format to be logged
2303  */
2304 
2305 static void
2306 sd_log_err(uint_t comp, struct sd_lun *un, const char *fmt, ...)
2307 {
2308 	va_list		ap;
2309 	dev_info_t	*dev;
2310 
2311 	ASSERT(un != NULL);
2312 	dev = SD_DEVINFO(un);
2313 	ASSERT(dev != NULL);
2314 
2315 	/*
2316 	 * Filter messages based on the global component and level masks.
2317 	 * Also print if un matches the value of sd_debug_un, or if
2318 	 * sd_debug_un is set to NULL.
2319 	 */
2320 	if ((sd_component_mask & comp) && (sd_level_mask & SD_LOGMASK_ERROR) &&
2321 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2322 		mutex_enter(&sd_log_mutex);
2323 		va_start(ap, fmt);
2324 		(void) vsprintf(sd_log_buf, fmt, ap);
2325 		va_end(ap);
2326 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2327 		mutex_exit(&sd_log_mutex);
2328 	}
2329 #ifdef SD_FAULT_INJECTION
2330 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2331 	if (un->sd_injection_mask & comp) {
2332 		mutex_enter(&sd_log_mutex);
2333 		va_start(ap, fmt);
2334 		(void) vsprintf(sd_log_buf, fmt, ap);
2335 		va_end(ap);
2336 		sd_injection_log(sd_log_buf, un);
2337 		mutex_exit(&sd_log_mutex);
2338 	}
2339 #endif
2340 }
2341 
2342 
2343 /*
2344  *    Function: sd_log_info
2345  *
2346  * Description: This routine is called by the SD_INFO macro for debug
2347  *		logging of general purpose informational conditions.
2348  *
2349  *   Arguments: comp - driver component being logged
2350  *		dev  - pointer to driver info structure
2351  *		fmt  - info string and format to be logged
2352  */
2353 
2354 static void
2355 sd_log_info(uint_t component, struct sd_lun *un, const char *fmt, ...)
2356 {
2357 	va_list		ap;
2358 	dev_info_t	*dev;
2359 
2360 	ASSERT(un != NULL);
2361 	dev = SD_DEVINFO(un);
2362 	ASSERT(dev != NULL);
2363 
2364 	/*
2365 	 * Filter messages based on the global component and level masks.
2366 	 * Also print if un matches the value of sd_debug_un, or if
2367 	 * sd_debug_un is set to NULL.
2368 	 */
2369 	if ((sd_component_mask & component) &&
2370 	    (sd_level_mask & SD_LOGMASK_INFO) &&
2371 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2372 		mutex_enter(&sd_log_mutex);
2373 		va_start(ap, fmt);
2374 		(void) vsprintf(sd_log_buf, fmt, ap);
2375 		va_end(ap);
2376 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2377 		mutex_exit(&sd_log_mutex);
2378 	}
2379 #ifdef SD_FAULT_INJECTION
2380 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2381 	if (un->sd_injection_mask & component) {
2382 		mutex_enter(&sd_log_mutex);
2383 		va_start(ap, fmt);
2384 		(void) vsprintf(sd_log_buf, fmt, ap);
2385 		va_end(ap);
2386 		sd_injection_log(sd_log_buf, un);
2387 		mutex_exit(&sd_log_mutex);
2388 	}
2389 #endif
2390 }
2391 
2392 
2393 /*
2394  *    Function: sd_log_trace
2395  *
2396  * Description: This routine is called by the SD_TRACE macro for debug
2397  *		logging of trace conditions (i.e. function entry/exit).
2398  *
2399  *   Arguments: comp - driver component being logged
2400  *		dev  - pointer to driver info structure
2401  *		fmt  - trace string and format to be logged
2402  */
2403 
2404 static void
2405 sd_log_trace(uint_t component, struct sd_lun *un, const char *fmt, ...)
2406 {
2407 	va_list		ap;
2408 	dev_info_t	*dev;
2409 
2410 	ASSERT(un != NULL);
2411 	dev = SD_DEVINFO(un);
2412 	ASSERT(dev != NULL);
2413 
2414 	/*
2415 	 * Filter messages based on the global component and level masks.
2416 	 * Also print if un matches the value of sd_debug_un, or if
2417 	 * sd_debug_un is set to NULL.
2418 	 */
2419 	if ((sd_component_mask & component) &&
2420 	    (sd_level_mask & SD_LOGMASK_TRACE) &&
2421 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2422 		mutex_enter(&sd_log_mutex);
2423 		va_start(ap, fmt);
2424 		(void) vsprintf(sd_log_buf, fmt, ap);
2425 		va_end(ap);
2426 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2427 		mutex_exit(&sd_log_mutex);
2428 	}
2429 #ifdef SD_FAULT_INJECTION
2430 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2431 	if (un->sd_injection_mask & component) {
2432 		mutex_enter(&sd_log_mutex);
2433 		va_start(ap, fmt);
2434 		(void) vsprintf(sd_log_buf, fmt, ap);
2435 		va_end(ap);
2436 		sd_injection_log(sd_log_buf, un);
2437 		mutex_exit(&sd_log_mutex);
2438 	}
2439 #endif
2440 }
2441 
2442 
2443 /*
2444  *    Function: sdprobe
2445  *
2446  * Description: This is the driver probe(9e) entry point function.
2447  *
2448  *   Arguments: devi - opaque device info handle
2449  *
2450  * Return Code: DDI_PROBE_SUCCESS: If the probe was successful.
2451  *              DDI_PROBE_FAILURE: If the probe failed.
2452  *              DDI_PROBE_PARTIAL: If the instance is not present now,
2453  *				   but may be present in the future.
2454  */
2455 
2456 static int
2457 sdprobe(dev_info_t *devi)
2458 {
2459 	struct scsi_device	*devp;
2460 	int			rval;
2461 	int			instance;
2462 
2463 	/*
2464 	 * if it wasn't for pln, sdprobe could actually be nulldev
2465 	 * in the "__fibre" case.
2466 	 */
2467 	if (ddi_dev_is_sid(devi) == DDI_SUCCESS) {
2468 		return (DDI_PROBE_DONTCARE);
2469 	}
2470 
2471 	devp = ddi_get_driver_private(devi);
2472 
2473 	if (devp == NULL) {
2474 		/* Ooops... nexus driver is mis-configured... */
2475 		return (DDI_PROBE_FAILURE);
2476 	}
2477 
2478 	instance = ddi_get_instance(devi);
2479 
2480 	if (ddi_get_soft_state(sd_state, instance) != NULL) {
2481 		return (DDI_PROBE_PARTIAL);
2482 	}
2483 
2484 	/*
2485 	 * Call the SCSA utility probe routine to see if we actually
2486 	 * have a target at this SCSI nexus.
2487 	 */
2488 	switch (sd_scsi_probe_with_cache(devp, NULL_FUNC)) {
2489 	case SCSIPROBE_EXISTS:
2490 		switch (devp->sd_inq->inq_dtype) {
2491 		case DTYPE_DIRECT:
2492 			rval = DDI_PROBE_SUCCESS;
2493 			break;
2494 		case DTYPE_RODIRECT:
2495 			/* CDs etc. Can be removable media */
2496 			rval = DDI_PROBE_SUCCESS;
2497 			break;
2498 		case DTYPE_OPTICAL:
2499 			/*
2500 			 * Rewritable optical driver HP115AA
2501 			 * Can also be removable media
2502 			 */
2503 
2504 			/*
2505 			 * Do not attempt to bind to  DTYPE_OPTICAL if
2506 			 * pre solaris 9 sparc sd behavior is required
2507 			 *
2508 			 * If first time through and sd_dtype_optical_bind
2509 			 * has not been set in /etc/system check properties
2510 			 */
2511 
2512 			if (sd_dtype_optical_bind  < 0) {
2513 			    sd_dtype_optical_bind = ddi_prop_get_int
2514 				(DDI_DEV_T_ANY,	devi,	0,
2515 				"optical-device-bind",	1);
2516 			}
2517 
2518 			if (sd_dtype_optical_bind == 0) {
2519 				rval = DDI_PROBE_FAILURE;
2520 			} else {
2521 				rval = DDI_PROBE_SUCCESS;
2522 			}
2523 			break;
2524 
2525 		case DTYPE_NOTPRESENT:
2526 		default:
2527 			rval = DDI_PROBE_FAILURE;
2528 			break;
2529 		}
2530 		break;
2531 	default:
2532 		rval = DDI_PROBE_PARTIAL;
2533 		break;
2534 	}
2535 
2536 	/*
2537 	 * This routine checks for resource allocation prior to freeing,
2538 	 * so it will take care of the "smart probing" case where a
2539 	 * scsi_probe() may or may not have been issued and will *not*
2540 	 * free previously-freed resources.
2541 	 */
2542 	scsi_unprobe(devp);
2543 	return (rval);
2544 }
2545 
2546 
2547 /*
2548  *    Function: sdinfo
2549  *
2550  * Description: This is the driver getinfo(9e) entry point function.
2551  * 		Given the device number, return the devinfo pointer from
2552  *		the scsi_device structure or the instance number
2553  *		associated with the dev_t.
2554  *
2555  *   Arguments: dip     - pointer to device info structure
2556  *		infocmd - command argument (DDI_INFO_DEVT2DEVINFO,
2557  *			  DDI_INFO_DEVT2INSTANCE)
2558  *		arg     - driver dev_t
2559  *		resultp - user buffer for request response
2560  *
2561  * Return Code: DDI_SUCCESS
2562  *              DDI_FAILURE
2563  */
2564 /* ARGSUSED */
2565 static int
2566 sdinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
2567 {
2568 	struct sd_lun	*un;
2569 	dev_t		dev;
2570 	int		instance;
2571 	int		error;
2572 
2573 	switch (infocmd) {
2574 	case DDI_INFO_DEVT2DEVINFO:
2575 		dev = (dev_t)arg;
2576 		instance = SDUNIT(dev);
2577 		if ((un = ddi_get_soft_state(sd_state, instance)) == NULL) {
2578 			return (DDI_FAILURE);
2579 		}
2580 		*result = (void *) SD_DEVINFO(un);
2581 		error = DDI_SUCCESS;
2582 		break;
2583 	case DDI_INFO_DEVT2INSTANCE:
2584 		dev = (dev_t)arg;
2585 		instance = SDUNIT(dev);
2586 		*result = (void *)(uintptr_t)instance;
2587 		error = DDI_SUCCESS;
2588 		break;
2589 	default:
2590 		error = DDI_FAILURE;
2591 	}
2592 	return (error);
2593 }
2594 
2595 /*
2596  *    Function: sd_prop_op
2597  *
2598  * Description: This is the driver prop_op(9e) entry point function.
2599  *		Return the number of blocks for the partition in question
2600  *		or forward the request to the property facilities.
2601  *
2602  *   Arguments: dev       - device number
2603  *		dip       - pointer to device info structure
2604  *		prop_op   - property operator
2605  *		mod_flags - DDI_PROP_DONTPASS, don't pass to parent
2606  *		name      - pointer to property name
2607  *		valuep    - pointer or address of the user buffer
2608  *		lengthp   - property length
2609  *
2610  * Return Code: DDI_PROP_SUCCESS
2611  *              DDI_PROP_NOT_FOUND
2612  *              DDI_PROP_UNDEFINED
2613  *              DDI_PROP_NO_MEMORY
2614  *              DDI_PROP_BUF_TOO_SMALL
2615  */
2616 
2617 static int
2618 sd_prop_op(dev_t dev, dev_info_t *dip, ddi_prop_op_t prop_op, int mod_flags,
2619 	char *name, caddr_t valuep, int *lengthp)
2620 {
2621 	int		instance = ddi_get_instance(dip);
2622 	struct sd_lun	*un;
2623 	uint64_t	nblocks64;
2624 
2625 	/*
2626 	 * Our dynamic properties are all device specific and size oriented.
2627 	 * Requests issued under conditions where size is valid are passed
2628 	 * to ddi_prop_op_nblocks with the size information, otherwise the
2629 	 * request is passed to ddi_prop_op. Size depends on valid geometry.
2630 	 */
2631 	un = ddi_get_soft_state(sd_state, instance);
2632 	if ((dev == DDI_DEV_T_ANY) || (un == NULL) ||
2633 	    (un->un_f_geometry_is_valid == FALSE)) {
2634 		return (ddi_prop_op(dev, dip, prop_op, mod_flags,
2635 		    name, valuep, lengthp));
2636 	} else {
2637 		/* get nblocks value */
2638 		ASSERT(!mutex_owned(SD_MUTEX(un)));
2639 		mutex_enter(SD_MUTEX(un));
2640 		nblocks64 = (ulong_t)un->un_map[SDPART(dev)].dkl_nblk;
2641 		mutex_exit(SD_MUTEX(un));
2642 
2643 		return (ddi_prop_op_nblocks(dev, dip, prop_op, mod_flags,
2644 		    name, valuep, lengthp, nblocks64));
2645 	}
2646 }
2647 
2648 /*
2649  * The following functions are for smart probing:
2650  * sd_scsi_probe_cache_init()
2651  * sd_scsi_probe_cache_fini()
2652  * sd_scsi_clear_probe_cache()
2653  * sd_scsi_probe_with_cache()
2654  */
2655 
2656 /*
2657  *    Function: sd_scsi_probe_cache_init
2658  *
2659  * Description: Initializes the probe response cache mutex and head pointer.
2660  *
2661  *     Context: Kernel thread context
2662  */
2663 
2664 static void
2665 sd_scsi_probe_cache_init(void)
2666 {
2667 	mutex_init(&sd_scsi_probe_cache_mutex, NULL, MUTEX_DRIVER, NULL);
2668 	sd_scsi_probe_cache_head = NULL;
2669 }
2670 
2671 
2672 /*
2673  *    Function: sd_scsi_probe_cache_fini
2674  *
2675  * Description: Frees all resources associated with the probe response cache.
2676  *
2677  *     Context: Kernel thread context
2678  */
2679 
2680 static void
2681 sd_scsi_probe_cache_fini(void)
2682 {
2683 	struct sd_scsi_probe_cache *cp;
2684 	struct sd_scsi_probe_cache *ncp;
2685 
2686 	/* Clean up our smart probing linked list */
2687 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = ncp) {
2688 		ncp = cp->next;
2689 		kmem_free(cp, sizeof (struct sd_scsi_probe_cache));
2690 	}
2691 	sd_scsi_probe_cache_head = NULL;
2692 	mutex_destroy(&sd_scsi_probe_cache_mutex);
2693 }
2694 
2695 
2696 /*
2697  *    Function: sd_scsi_clear_probe_cache
2698  *
2699  * Description: This routine clears the probe response cache. This is
2700  *		done when open() returns ENXIO so that when deferred
2701  *		attach is attempted (possibly after a device has been
2702  *		turned on) we will retry the probe. Since we don't know
2703  *		which target we failed to open, we just clear the
2704  *		entire cache.
2705  *
2706  *     Context: Kernel thread context
2707  */
2708 
2709 static void
2710 sd_scsi_clear_probe_cache(void)
2711 {
2712 	struct sd_scsi_probe_cache	*cp;
2713 	int				i;
2714 
2715 	mutex_enter(&sd_scsi_probe_cache_mutex);
2716 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = cp->next) {
2717 		/*
2718 		 * Reset all entries to SCSIPROBE_EXISTS.  This will
2719 		 * force probing to be performed the next time
2720 		 * sd_scsi_probe_with_cache is called.
2721 		 */
2722 		for (i = 0; i < NTARGETS_WIDE; i++) {
2723 			cp->cache[i] = SCSIPROBE_EXISTS;
2724 		}
2725 	}
2726 	mutex_exit(&sd_scsi_probe_cache_mutex);
2727 }
2728 
2729 
2730 /*
2731  *    Function: sd_scsi_probe_with_cache
2732  *
2733  * Description: This routine implements support for a scsi device probe
2734  *		with cache. The driver maintains a cache of the target
2735  *		responses to scsi probes. If we get no response from a
2736  *		target during a probe inquiry, we remember that, and we
2737  *		avoid additional calls to scsi_probe on non-zero LUNs
2738  *		on the same target until the cache is cleared. By doing
2739  *		so we avoid the 1/4 sec selection timeout for nonzero
2740  *		LUNs. lun0 of a target is always probed.
2741  *
2742  *   Arguments: devp     - Pointer to a scsi_device(9S) structure
2743  *              waitfunc - indicates what the allocator routines should
2744  *			   do when resources are not available. This value
2745  *			   is passed on to scsi_probe() when that routine
2746  *			   is called.
2747  *
2748  * Return Code: SCSIPROBE_NORESP if a NORESP in probe response cache;
2749  *		otherwise the value returned by scsi_probe(9F).
2750  *
2751  *     Context: Kernel thread context
2752  */
2753 
2754 static int
2755 sd_scsi_probe_with_cache(struct scsi_device *devp, int (*waitfn)())
2756 {
2757 	struct sd_scsi_probe_cache	*cp;
2758 	dev_info_t	*pdip = ddi_get_parent(devp->sd_dev);
2759 	int		lun, tgt;
2760 
2761 	lun = ddi_prop_get_int(DDI_DEV_T_ANY, devp->sd_dev, DDI_PROP_DONTPASS,
2762 	    SCSI_ADDR_PROP_LUN, 0);
2763 	tgt = ddi_prop_get_int(DDI_DEV_T_ANY, devp->sd_dev, DDI_PROP_DONTPASS,
2764 	    SCSI_ADDR_PROP_TARGET, -1);
2765 
2766 	/* Make sure caching enabled and target in range */
2767 	if ((tgt < 0) || (tgt >= NTARGETS_WIDE)) {
2768 		/* do it the old way (no cache) */
2769 		return (scsi_probe(devp, waitfn));
2770 	}
2771 
2772 	mutex_enter(&sd_scsi_probe_cache_mutex);
2773 
2774 	/* Find the cache for this scsi bus instance */
2775 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = cp->next) {
2776 		if (cp->pdip == pdip) {
2777 			break;
2778 		}
2779 	}
2780 
2781 	/* If we can't find a cache for this pdip, create one */
2782 	if (cp == NULL) {
2783 		int i;
2784 
2785 		cp = kmem_zalloc(sizeof (struct sd_scsi_probe_cache),
2786 		    KM_SLEEP);
2787 		cp->pdip = pdip;
2788 		cp->next = sd_scsi_probe_cache_head;
2789 		sd_scsi_probe_cache_head = cp;
2790 		for (i = 0; i < NTARGETS_WIDE; i++) {
2791 			cp->cache[i] = SCSIPROBE_EXISTS;
2792 		}
2793 	}
2794 
2795 	mutex_exit(&sd_scsi_probe_cache_mutex);
2796 
2797 	/* Recompute the cache for this target if LUN zero */
2798 	if (lun == 0) {
2799 		cp->cache[tgt] = SCSIPROBE_EXISTS;
2800 	}
2801 
2802 	/* Don't probe if cache remembers a NORESP from a previous LUN. */
2803 	if (cp->cache[tgt] != SCSIPROBE_EXISTS) {
2804 		return (SCSIPROBE_NORESP);
2805 	}
2806 
2807 	/* Do the actual probe; save & return the result */
2808 	return (cp->cache[tgt] = scsi_probe(devp, waitfn));
2809 }
2810 
2811 
2812 /*
2813  *    Function: sd_spin_up_unit
2814  *
2815  * Description: Issues the following commands to spin-up the device:
2816  *		START STOP UNIT, and INQUIRY.
2817  *
2818  *   Arguments: un - driver soft state (unit) structure
2819  *
2820  * Return Code: 0 - success
2821  *		EIO - failure
2822  *		EACCES - reservation conflict
2823  *
2824  *     Context: Kernel thread context
2825  */
2826 
2827 static int
2828 sd_spin_up_unit(struct sd_lun *un)
2829 {
2830 	size_t	resid		= 0;
2831 	int	has_conflict	= FALSE;
2832 	uchar_t *bufaddr;
2833 
2834 	ASSERT(un != NULL);
2835 
2836 	/*
2837 	 * Send a throwaway START UNIT command.
2838 	 *
2839 	 * If we fail on this, we don't care presently what precisely
2840 	 * is wrong.  EMC's arrays will also fail this with a check
2841 	 * condition (0x2/0x4/0x3) if the device is "inactive," but
2842 	 * we don't want to fail the attach because it may become
2843 	 * "active" later.
2844 	 */
2845 	if (sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START, SD_PATH_DIRECT)
2846 	    == EACCES)
2847 		has_conflict = TRUE;
2848 
2849 	/*
2850 	 * Send another INQUIRY command to the target. This is necessary for
2851 	 * non-removable media direct access devices because their INQUIRY data
2852 	 * may not be fully qualified until they are spun up (perhaps via the
2853 	 * START command above).  Note: This seems to be needed for some
2854 	 * legacy devices only.) The INQUIRY command should succeed even if a
2855 	 * Reservation Conflict is present.
2856 	 */
2857 	bufaddr = kmem_zalloc(SUN_INQSIZE, KM_SLEEP);
2858 	if (sd_send_scsi_INQUIRY(un, bufaddr, SUN_INQSIZE, 0, 0, &resid) != 0) {
2859 		kmem_free(bufaddr, SUN_INQSIZE);
2860 		return (EIO);
2861 	}
2862 
2863 	/*
2864 	 * If we got enough INQUIRY data, copy it over the old INQUIRY data.
2865 	 * Note that this routine does not return a failure here even if the
2866 	 * INQUIRY command did not return any data.  This is a legacy behavior.
2867 	 */
2868 	if ((SUN_INQSIZE - resid) >= SUN_MIN_INQLEN) {
2869 		bcopy(bufaddr, SD_INQUIRY(un), SUN_INQSIZE);
2870 	}
2871 
2872 	kmem_free(bufaddr, SUN_INQSIZE);
2873 
2874 	/* If we hit a reservation conflict above, tell the caller. */
2875 	if (has_conflict == TRUE) {
2876 		return (EACCES);
2877 	}
2878 
2879 	return (0);
2880 }
2881 
2882 #ifdef _LP64
2883 /*
2884  *    Function: sd_enable_descr_sense
2885  *
2886  * Description: This routine attempts to select descriptor sense format
2887  *		using the Control mode page.  Devices that support 64 bit
2888  *		LBAs (for >2TB luns) should also implement descriptor
2889  *		sense data so we will call this function whenever we see
2890  *		a lun larger than 2TB.  If for some reason the device
2891  *		supports 64 bit LBAs but doesn't support descriptor sense
2892  *		presumably the mode select will fail.  Everything will
2893  *		continue to work normally except that we will not get
2894  *		complete sense data for commands that fail with an LBA
2895  *		larger than 32 bits.
2896  *
2897  *   Arguments: un - driver soft state (unit) structure
2898  *
2899  *     Context: Kernel thread context only
2900  */
2901 
2902 static void
2903 sd_enable_descr_sense(struct sd_lun *un)
2904 {
2905 	uchar_t			*header;
2906 	struct mode_control_scsi3 *ctrl_bufp;
2907 	size_t			buflen;
2908 	size_t			bd_len;
2909 
2910 	/*
2911 	 * Read MODE SENSE page 0xA, Control Mode Page
2912 	 */
2913 	buflen = MODE_HEADER_LENGTH + MODE_BLK_DESC_LENGTH +
2914 	    sizeof (struct mode_control_scsi3);
2915 	header = kmem_zalloc(buflen, KM_SLEEP);
2916 	if (sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
2917 	    MODEPAGE_CTRL_MODE, SD_PATH_DIRECT) != 0) {
2918 		SD_ERROR(SD_LOG_COMMON, un,
2919 		    "sd_enable_descr_sense: mode sense ctrl page failed\n");
2920 		goto eds_exit;
2921 	}
2922 
2923 	/*
2924 	 * Determine size of Block Descriptors in order to locate
2925 	 * the mode page data. ATAPI devices return 0, SCSI devices
2926 	 * should return MODE_BLK_DESC_LENGTH.
2927 	 */
2928 	bd_len  = ((struct mode_header *)header)->bdesc_length;
2929 
2930 	ctrl_bufp = (struct mode_control_scsi3 *)
2931 	    (header + MODE_HEADER_LENGTH + bd_len);
2932 
2933 	/*
2934 	 * Clear PS bit for MODE SELECT
2935 	 */
2936 	ctrl_bufp->mode_page.ps = 0;
2937 
2938 	/*
2939 	 * Set D_SENSE to enable descriptor sense format.
2940 	 */
2941 	ctrl_bufp->d_sense = 1;
2942 
2943 	/*
2944 	 * Use MODE SELECT to commit the change to the D_SENSE bit
2945 	 */
2946 	if (sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, header,
2947 	    buflen, SD_DONTSAVE_PAGE, SD_PATH_DIRECT) != 0) {
2948 		SD_INFO(SD_LOG_COMMON, un,
2949 		    "sd_enable_descr_sense: mode select ctrl page failed\n");
2950 		goto eds_exit;
2951 	}
2952 
2953 eds_exit:
2954 	kmem_free(header, buflen);
2955 }
2956 
2957 /*
2958  *    Function: sd_reenable_dsense_task
2959  *
2960  * Description: Re-enable descriptor sense after device or bus reset
2961  *
2962  *     Context: Executes in a taskq() thread context
2963  */
2964 static void
2965 sd_reenable_dsense_task(void *arg)
2966 {
2967 	struct	sd_lun	*un = arg;
2968 
2969 	ASSERT(un != NULL);
2970 	sd_enable_descr_sense(un);
2971 }
2972 #endif /* _LP64 */
2973 
2974 /*
2975  *    Function: sd_set_mmc_caps
2976  *
2977  * Description: This routine determines if the device is MMC compliant and if
2978  *		the device supports CDDA via a mode sense of the CDVD
2979  *		capabilities mode page. Also checks if the device is a
2980  *		dvdram writable device.
2981  *
2982  *   Arguments: un - driver soft state (unit) structure
2983  *
2984  *     Context: Kernel thread context only
2985  */
2986 
2987 static void
2988 sd_set_mmc_caps(struct sd_lun *un)
2989 {
2990 	struct mode_header_grp2		*sense_mhp;
2991 	uchar_t				*sense_page;
2992 	caddr_t				buf;
2993 	int				bd_len;
2994 	int				status;
2995 	struct uscsi_cmd		com;
2996 	int				rtn;
2997 	uchar_t				*out_data_rw, *out_data_hd;
2998 	uchar_t				*rqbuf_rw, *rqbuf_hd;
2999 
3000 	ASSERT(un != NULL);
3001 
3002 	/*
3003 	 * The flags which will be set in this function are - mmc compliant,
3004 	 * dvdram writable device, cdda support. Initialize them to FALSE
3005 	 * and if a capability is detected - it will be set to TRUE.
3006 	 */
3007 	un->un_f_mmc_cap = FALSE;
3008 	un->un_f_dvdram_writable_device = FALSE;
3009 	un->un_f_cfg_cdda = FALSE;
3010 
3011 	buf = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
3012 	status = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, (uchar_t *)buf,
3013 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP, SD_PATH_DIRECT);
3014 
3015 	if (status != 0) {
3016 		/* command failed; just return */
3017 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3018 		return;
3019 	}
3020 	/*
3021 	 * If the mode sense request for the CDROM CAPABILITIES
3022 	 * page (0x2A) succeeds the device is assumed to be MMC.
3023 	 */
3024 	un->un_f_mmc_cap = TRUE;
3025 
3026 	/* Get to the page data */
3027 	sense_mhp = (struct mode_header_grp2 *)buf;
3028 	bd_len = (sense_mhp->bdesc_length_hi << 8) |
3029 	    sense_mhp->bdesc_length_lo;
3030 	if (bd_len > MODE_BLK_DESC_LENGTH) {
3031 		/*
3032 		 * We did not get back the expected block descriptor
3033 		 * length so we cannot determine if the device supports
3034 		 * CDDA. However, we still indicate the device is MMC
3035 		 * according to the successful response to the page
3036 		 * 0x2A mode sense request.
3037 		 */
3038 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3039 		    "sd_set_mmc_caps: Mode Sense returned "
3040 		    "invalid block descriptor length\n");
3041 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3042 		return;
3043 	}
3044 
3045 	/* See if read CDDA is supported */
3046 	sense_page = (uchar_t *)(buf + MODE_HEADER_LENGTH_GRP2 +
3047 	    bd_len);
3048 	un->un_f_cfg_cdda = (sense_page[5] & 0x01) ? TRUE : FALSE;
3049 
3050 	/* See if writing DVD RAM is supported. */
3051 	un->un_f_dvdram_writable_device = (sense_page[3] & 0x20) ? TRUE : FALSE;
3052 	if (un->un_f_dvdram_writable_device == TRUE) {
3053 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3054 		return;
3055 	}
3056 
3057 	/*
3058 	 * If the device presents DVD or CD capabilities in the mode
3059 	 * page, we can return here since a RRD will not have
3060 	 * these capabilities.
3061 	 */
3062 	if ((sense_page[2] & 0x3f) || (sense_page[3] & 0x3f)) {
3063 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3064 		return;
3065 	}
3066 	kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3067 
3068 	/*
3069 	 * If un->un_f_dvdram_writable_device is still FALSE,
3070 	 * check for a Removable Rigid Disk (RRD).  A RRD
3071 	 * device is identified by the features RANDOM_WRITABLE and
3072 	 * HARDWARE_DEFECT_MANAGEMENT.
3073 	 */
3074 	out_data_rw = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3075 	rqbuf_rw = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3076 
3077 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_rw,
3078 	    SENSE_LENGTH, out_data_rw, SD_CURRENT_FEATURE_LEN,
3079 	    RANDOM_WRITABLE);
3080 	if (rtn != 0) {
3081 		kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3082 		kmem_free(rqbuf_rw, SENSE_LENGTH);
3083 		return;
3084 	}
3085 
3086 	out_data_hd = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3087 	rqbuf_hd = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3088 
3089 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_hd,
3090 	    SENSE_LENGTH, out_data_hd, SD_CURRENT_FEATURE_LEN,
3091 	    HARDWARE_DEFECT_MANAGEMENT);
3092 	if (rtn == 0) {
3093 		/*
3094 		 * We have good information, check for random writable
3095 		 * and hardware defect features.
3096 		 */
3097 		if ((out_data_rw[9] & RANDOM_WRITABLE) &&
3098 		    (out_data_hd[9] & HARDWARE_DEFECT_MANAGEMENT)) {
3099 			un->un_f_dvdram_writable_device = TRUE;
3100 		}
3101 	}
3102 
3103 	kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3104 	kmem_free(rqbuf_rw, SENSE_LENGTH);
3105 	kmem_free(out_data_hd, SD_CURRENT_FEATURE_LEN);
3106 	kmem_free(rqbuf_hd, SENSE_LENGTH);
3107 }
3108 
3109 /*
3110  *    Function: sd_check_for_writable_cd
3111  *
3112  * Description: This routine determines if the media in the device is
3113  *		writable or not. It uses the get configuration command (0x46)
3114  *		to determine if the media is writable
3115  *
3116  *   Arguments: un - driver soft state (unit) structure
3117  *
3118  *     Context: Never called at interrupt context.
3119  */
3120 
3121 static void
3122 sd_check_for_writable_cd(struct sd_lun *un)
3123 {
3124 	struct uscsi_cmd		com;
3125 	uchar_t				*out_data;
3126 	uchar_t				*rqbuf;
3127 	int				rtn;
3128 	uchar_t				*out_data_rw, *out_data_hd;
3129 	uchar_t				*rqbuf_rw, *rqbuf_hd;
3130 	struct mode_header_grp2		*sense_mhp;
3131 	uchar_t				*sense_page;
3132 	caddr_t				buf;
3133 	int				bd_len;
3134 	int				status;
3135 
3136 	ASSERT(un != NULL);
3137 	ASSERT(mutex_owned(SD_MUTEX(un)));
3138 
3139 	/*
3140 	 * Initialize the writable media to false, if configuration info.
3141 	 * tells us otherwise then only we will set it.
3142 	 */
3143 	un->un_f_mmc_writable_media = FALSE;
3144 	mutex_exit(SD_MUTEX(un));
3145 
3146 	out_data = kmem_zalloc(SD_PROFILE_HEADER_LEN, KM_SLEEP);
3147 	rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3148 
3149 	rtn = sd_send_scsi_GET_CONFIGURATION(un, &com, rqbuf, SENSE_LENGTH,
3150 	    out_data, SD_PROFILE_HEADER_LEN);
3151 
3152 	mutex_enter(SD_MUTEX(un));
3153 	if (rtn == 0) {
3154 		/*
3155 		 * We have good information, check for writable DVD.
3156 		 */
3157 		if ((out_data[6] == 0) && (out_data[7] == 0x12)) {
3158 			un->un_f_mmc_writable_media = TRUE;
3159 			kmem_free(out_data, SD_PROFILE_HEADER_LEN);
3160 			kmem_free(rqbuf, SENSE_LENGTH);
3161 			return;
3162 		}
3163 	}
3164 
3165 	kmem_free(out_data, SD_PROFILE_HEADER_LEN);
3166 	kmem_free(rqbuf, SENSE_LENGTH);
3167 
3168 	/*
3169 	 * Determine if this is a RRD type device.
3170 	 */
3171 	mutex_exit(SD_MUTEX(un));
3172 	buf = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
3173 	status = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, (uchar_t *)buf,
3174 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP, SD_PATH_DIRECT);
3175 	mutex_enter(SD_MUTEX(un));
3176 	if (status != 0) {
3177 		/* command failed; just return */
3178 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3179 		return;
3180 	}
3181 
3182 	/* Get to the page data */
3183 	sense_mhp = (struct mode_header_grp2 *)buf;
3184 	bd_len = (sense_mhp->bdesc_length_hi << 8) | sense_mhp->bdesc_length_lo;
3185 	if (bd_len > MODE_BLK_DESC_LENGTH) {
3186 		/*
3187 		 * We did not get back the expected block descriptor length so
3188 		 * we cannot check the mode page.
3189 		 */
3190 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3191 		    "sd_check_for_writable_cd: Mode Sense returned "
3192 		    "invalid block descriptor length\n");
3193 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3194 		return;
3195 	}
3196 
3197 	/*
3198 	 * If the device presents DVD or CD capabilities in the mode
3199 	 * page, we can return here since a RRD device will not have
3200 	 * these capabilities.
3201 	 */
3202 	sense_page = (uchar_t *)(buf + MODE_HEADER_LENGTH_GRP2 + bd_len);
3203 	if ((sense_page[2] & 0x3f) || (sense_page[3] & 0x3f)) {
3204 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3205 		return;
3206 	}
3207 	kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3208 
3209 	/*
3210 	 * If un->un_f_mmc_writable_media is still FALSE,
3211 	 * check for RRD type media.  A RRD device is identified
3212 	 * by the features RANDOM_WRITABLE and HARDWARE_DEFECT_MANAGEMENT.
3213 	 */
3214 	mutex_exit(SD_MUTEX(un));
3215 	out_data_rw = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3216 	rqbuf_rw = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3217 
3218 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_rw,
3219 	    SENSE_LENGTH, out_data_rw, SD_CURRENT_FEATURE_LEN,
3220 	    RANDOM_WRITABLE);
3221 	if (rtn != 0) {
3222 		kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3223 		kmem_free(rqbuf_rw, SENSE_LENGTH);
3224 		mutex_enter(SD_MUTEX(un));
3225 		return;
3226 	}
3227 
3228 	out_data_hd = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3229 	rqbuf_hd = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3230 
3231 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_hd,
3232 	    SENSE_LENGTH, out_data_hd, SD_CURRENT_FEATURE_LEN,
3233 	    HARDWARE_DEFECT_MANAGEMENT);
3234 	mutex_enter(SD_MUTEX(un));
3235 	if (rtn == 0) {
3236 		/*
3237 		 * We have good information, check for random writable
3238 		 * and hardware defect features as current.
3239 		 */
3240 		if ((out_data_rw[9] & RANDOM_WRITABLE) &&
3241 		    (out_data_rw[10] & 0x1) &&
3242 		    (out_data_hd[9] & HARDWARE_DEFECT_MANAGEMENT) &&
3243 		    (out_data_hd[10] & 0x1)) {
3244 			un->un_f_mmc_writable_media = TRUE;
3245 		}
3246 	}
3247 
3248 	kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3249 	kmem_free(rqbuf_rw, SENSE_LENGTH);
3250 	kmem_free(out_data_hd, SD_CURRENT_FEATURE_LEN);
3251 	kmem_free(rqbuf_hd, SENSE_LENGTH);
3252 }
3253 
3254 /*
3255  *    Function: sd_read_unit_properties
3256  *
3257  * Description: The following implements a property lookup mechanism.
3258  *		Properties for particular disks (keyed on vendor, model
3259  *		and rev numbers) are sought in the sd.conf file via
3260  *		sd_process_sdconf_file(), and if not found there, are
3261  *		looked for in a list hardcoded in this driver via
3262  *		sd_process_sdconf_table() Once located the properties
3263  *		are used to update the driver unit structure.
3264  *
3265  *   Arguments: un - driver soft state (unit) structure
3266  */
3267 
3268 static void
3269 sd_read_unit_properties(struct sd_lun *un)
3270 {
3271 	/*
3272 	 * sd_process_sdconf_file returns SD_FAILURE if it cannot find
3273 	 * the "sd-config-list" property (from the sd.conf file) or if
3274 	 * there was not a match for the inquiry vid/pid. If this event
3275 	 * occurs the static driver configuration table is searched for
3276 	 * a match.
3277 	 */
3278 	ASSERT(un != NULL);
3279 	if (sd_process_sdconf_file(un) == SD_FAILURE) {
3280 		sd_process_sdconf_table(un);
3281 	}
3282 
3283 	/* check for LSI device */
3284 	sd_is_lsi(un);
3285 
3286 
3287 }
3288 
3289 
3290 /*
3291  *    Function: sd_process_sdconf_file
3292  *
3293  * Description: Use ddi_getlongprop to obtain the properties from the
3294  *		driver's config file (ie, sd.conf) and update the driver
3295  *		soft state structure accordingly.
3296  *
3297  *   Arguments: un - driver soft state (unit) structure
3298  *
3299  * Return Code: SD_SUCCESS - The properties were successfully set according
3300  *			     to the driver configuration file.
3301  *		SD_FAILURE - The driver config list was not obtained or
3302  *			     there was no vid/pid match. This indicates that
3303  *			     the static config table should be used.
3304  *
3305  * The config file has a property, "sd-config-list", which consists of
3306  * one or more duplets as follows:
3307  *
3308  *  sd-config-list=
3309  *	<duplet>,
3310  *	[<duplet>,]
3311  *	[<duplet>];
3312  *
3313  * The structure of each duplet is as follows:
3314  *
3315  *  <duplet>:= <vid+pid>,<data-property-name_list>
3316  *
3317  * The first entry of the duplet is the device ID string (the concatenated
3318  * vid & pid; not to be confused with a device_id).  This is defined in
3319  * the same way as in the sd_disk_table.
3320  *
3321  * The second part of the duplet is a string that identifies a
3322  * data-property-name-list. The data-property-name-list is defined as
3323  * follows:
3324  *
3325  *  <data-property-name-list>:=<data-property-name> [<data-property-name>]
3326  *
3327  * The syntax of <data-property-name> depends on the <version> field.
3328  *
3329  * If version = SD_CONF_VERSION_1 we have the following syntax:
3330  *
3331  * 	<data-property-name>:=<version>,<flags>,<prop0>,<prop1>,.....<propN>
3332  *
3333  * where the prop0 value will be used to set prop0 if bit0 set in the
3334  * flags, prop1 if bit1 set, etc. and N = SD_CONF_MAX_ITEMS -1
3335  *
3336  */
3337 
3338 static int
3339 sd_process_sdconf_file(struct sd_lun *un)
3340 {
3341 	char	*config_list = NULL;
3342 	int	config_list_len;
3343 	int	len;
3344 	int	dupletlen = 0;
3345 	char	*vidptr;
3346 	int	vidlen;
3347 	char	*dnlist_ptr;
3348 	char	*dataname_ptr;
3349 	int	dnlist_len;
3350 	int	dataname_len;
3351 	int	*data_list;
3352 	int	data_list_len;
3353 	int	rval = SD_FAILURE;
3354 	int	i;
3355 
3356 	ASSERT(un != NULL);
3357 
3358 	/* Obtain the configuration list associated with the .conf file */
3359 	if (ddi_getlongprop(DDI_DEV_T_ANY, SD_DEVINFO(un), DDI_PROP_DONTPASS,
3360 	    sd_config_list, (caddr_t)&config_list, &config_list_len)
3361 	    != DDI_PROP_SUCCESS) {
3362 		return (SD_FAILURE);
3363 	}
3364 
3365 	/*
3366 	 * Compare vids in each duplet to the inquiry vid - if a match is
3367 	 * made, get the data value and update the soft state structure
3368 	 * accordingly.
3369 	 *
3370 	 * Note: This algorithm is complex and difficult to maintain. It should
3371 	 * be replaced with a more robust implementation.
3372 	 */
3373 	for (len = config_list_len, vidptr = config_list; len > 0;
3374 	    vidptr += dupletlen, len -= dupletlen) {
3375 		/*
3376 		 * Note: The assumption here is that each vid entry is on
3377 		 * a unique line from its associated duplet.
3378 		 */
3379 		vidlen = dupletlen = (int)strlen(vidptr);
3380 		if ((vidlen == 0) ||
3381 		    (sd_sdconf_id_match(un, vidptr, vidlen) != SD_SUCCESS)) {
3382 			dupletlen++;
3383 			continue;
3384 		}
3385 
3386 		/*
3387 		 * dnlist contains 1 or more blank separated
3388 		 * data-property-name entries
3389 		 */
3390 		dnlist_ptr = vidptr + vidlen + 1;
3391 		dnlist_len = (int)strlen(dnlist_ptr);
3392 		dupletlen += dnlist_len + 2;
3393 
3394 		/*
3395 		 * Set a pointer for the first data-property-name
3396 		 * entry in the list
3397 		 */
3398 		dataname_ptr = dnlist_ptr;
3399 		dataname_len = 0;
3400 
3401 		/*
3402 		 * Loop through all data-property-name entries in the
3403 		 * data-property-name-list setting the properties for each.
3404 		 */
3405 		while (dataname_len < dnlist_len) {
3406 			int version;
3407 
3408 			/*
3409 			 * Determine the length of the current
3410 			 * data-property-name entry by indexing until a
3411 			 * blank or NULL is encountered. When the space is
3412 			 * encountered reset it to a NULL for compliance
3413 			 * with ddi_getlongprop().
3414 			 */
3415 			for (i = 0; ((dataname_ptr[i] != ' ') &&
3416 			    (dataname_ptr[i] != '\0')); i++) {
3417 				;
3418 			}
3419 
3420 			dataname_len += i;
3421 			/* If not null terminated, Make it so */
3422 			if (dataname_ptr[i] == ' ') {
3423 				dataname_ptr[i] = '\0';
3424 			}
3425 			dataname_len++;
3426 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3427 			    "sd_process_sdconf_file: disk:%s, data:%s\n",
3428 			    vidptr, dataname_ptr);
3429 
3430 			/* Get the data list */
3431 			if (ddi_getlongprop(DDI_DEV_T_ANY, SD_DEVINFO(un), 0,
3432 			    dataname_ptr, (caddr_t)&data_list, &data_list_len)
3433 			    != DDI_PROP_SUCCESS) {
3434 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
3435 				    "sd_process_sdconf_file: data property (%s)"
3436 				    " has no value\n", dataname_ptr);
3437 				dataname_ptr = dnlist_ptr + dataname_len;
3438 				continue;
3439 			}
3440 
3441 			version = data_list[0];
3442 
3443 			if (version == SD_CONF_VERSION_1) {
3444 				sd_tunables values;
3445 
3446 				/* Set the properties */
3447 				if (sd_chk_vers1_data(un, data_list[1],
3448 				    &data_list[2], data_list_len, dataname_ptr)
3449 				    == SD_SUCCESS) {
3450 					sd_get_tunables_from_conf(un,
3451 					    data_list[1], &data_list[2],
3452 					    &values);
3453 					sd_set_vers1_properties(un,
3454 					    data_list[1], &values);
3455 					rval = SD_SUCCESS;
3456 				} else {
3457 					rval = SD_FAILURE;
3458 				}
3459 			} else {
3460 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3461 				    "data property %s version 0x%x is invalid.",
3462 				    dataname_ptr, version);
3463 				rval = SD_FAILURE;
3464 			}
3465 			kmem_free(data_list, data_list_len);
3466 			dataname_ptr = dnlist_ptr + dataname_len;
3467 		}
3468 	}
3469 
3470 	/* free up the memory allocated by ddi_getlongprop */
3471 	if (config_list) {
3472 		kmem_free(config_list, config_list_len);
3473 	}
3474 
3475 	return (rval);
3476 }
3477 
3478 /*
3479  *    Function: sd_get_tunables_from_conf()
3480  *
3481  *
3482  *    This function reads the data list from the sd.conf file and pulls
3483  *    the values that can have numeric values as arguments and places
3484  *    the values in the apropriate sd_tunables member.
3485  *    Since the order of the data list members varies across platforms
3486  *    This function reads them from the data list in a platform specific
3487  *    order and places them into the correct sd_tunable member that is
3488  *    a consistant across all platforms.
3489  */
3490 static void
3491 sd_get_tunables_from_conf(struct sd_lun *un, int flags, int *data_list,
3492     sd_tunables *values)
3493 {
3494 	int i;
3495 	int mask;
3496 
3497 	bzero(values, sizeof (sd_tunables));
3498 
3499 	for (i = 0; i < SD_CONF_MAX_ITEMS; i++) {
3500 
3501 		mask = 1 << i;
3502 		if (mask > flags) {
3503 			break;
3504 		}
3505 
3506 		switch (mask & flags) {
3507 		case 0:	/* This mask bit not set in flags */
3508 			continue;
3509 		case SD_CONF_BSET_THROTTLE:
3510 			values->sdt_throttle = data_list[i];
3511 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3512 			    "sd_get_tunables_from_conf: throttle = %d\n",
3513 			    values->sdt_throttle);
3514 			break;
3515 		case SD_CONF_BSET_CTYPE:
3516 			values->sdt_ctype = data_list[i];
3517 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3518 			    "sd_get_tunables_from_conf: ctype = %d\n",
3519 			    values->sdt_ctype);
3520 			break;
3521 		case SD_CONF_BSET_NRR_COUNT:
3522 			values->sdt_not_rdy_retries = data_list[i];
3523 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3524 			    "sd_get_tunables_from_conf: not_rdy_retries = %d\n",
3525 			    values->sdt_not_rdy_retries);
3526 			break;
3527 		case SD_CONF_BSET_BSY_RETRY_COUNT:
3528 			values->sdt_busy_retries = data_list[i];
3529 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3530 			    "sd_get_tunables_from_conf: busy_retries = %d\n",
3531 			    values->sdt_busy_retries);
3532 			break;
3533 		case SD_CONF_BSET_RST_RETRIES:
3534 			values->sdt_reset_retries = data_list[i];
3535 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3536 			    "sd_get_tunables_from_conf: reset_retries = %d\n",
3537 			    values->sdt_reset_retries);
3538 			break;
3539 		case SD_CONF_BSET_RSV_REL_TIME:
3540 			values->sdt_reserv_rel_time = data_list[i];
3541 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3542 			    "sd_get_tunables_from_conf: reserv_rel_time = %d\n",
3543 			    values->sdt_reserv_rel_time);
3544 			break;
3545 		case SD_CONF_BSET_MIN_THROTTLE:
3546 			values->sdt_min_throttle = data_list[i];
3547 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3548 			    "sd_get_tunables_from_conf: min_throttle = %d\n",
3549 			    values->sdt_min_throttle);
3550 			break;
3551 		case SD_CONF_BSET_DISKSORT_DISABLED:
3552 			values->sdt_disk_sort_dis = data_list[i];
3553 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3554 			    "sd_get_tunables_from_conf: disk_sort_dis = %d\n",
3555 			    values->sdt_disk_sort_dis);
3556 			break;
3557 		case SD_CONF_BSET_LUN_RESET_ENABLED:
3558 			values->sdt_lun_reset_enable = data_list[i];
3559 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3560 			    "sd_get_tunables_from_conf: lun_reset_enable = %d"
3561 			    "\n", values->sdt_lun_reset_enable);
3562 			break;
3563 		}
3564 	}
3565 }
3566 
3567 /*
3568  *    Function: sd_process_sdconf_table
3569  *
3570  * Description: Search the static configuration table for a match on the
3571  *		inquiry vid/pid and update the driver soft state structure
3572  *		according to the table property values for the device.
3573  *
3574  *		The form of a configuration table entry is:
3575  *		  <vid+pid>,<flags>,<property-data>
3576  *		  "SEAGATE ST42400N",1,63,0,0			(Fibre)
3577  *		  "SEAGATE ST42400N",1,63,0,0,0,0		(Sparc)
3578  *		  "SEAGATE ST42400N",1,63,0,0,0,0,0,0,0,0,0,0	(Intel)
3579  *
3580  *   Arguments: un - driver soft state (unit) structure
3581  */
3582 
3583 static void
3584 sd_process_sdconf_table(struct sd_lun *un)
3585 {
3586 	char	*id = NULL;
3587 	int	table_index;
3588 	int	idlen;
3589 
3590 	ASSERT(un != NULL);
3591 	for (table_index = 0; table_index < sd_disk_table_size;
3592 	    table_index++) {
3593 		id = sd_disk_table[table_index].device_id;
3594 		idlen = strlen(id);
3595 		if (idlen == 0) {
3596 			continue;
3597 		}
3598 
3599 		/*
3600 		 * The static configuration table currently does not
3601 		 * implement version 10 properties. Additionally,
3602 		 * multiple data-property-name entries are not
3603 		 * implemented in the static configuration table.
3604 		 */
3605 		if (sd_sdconf_id_match(un, id, idlen) == SD_SUCCESS) {
3606 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3607 			    "sd_process_sdconf_table: disk %s\n", id);
3608 			sd_set_vers1_properties(un,
3609 			    sd_disk_table[table_index].flags,
3610 			    sd_disk_table[table_index].properties);
3611 			break;
3612 		}
3613 	}
3614 }
3615 
3616 
3617 /*
3618  *    Function: sd_sdconf_id_match
3619  *
3620  * Description: This local function implements a case sensitive vid/pid
3621  *		comparison as well as the boundary cases of wild card and
3622  *		multiple blanks.
3623  *
3624  *		Note: An implicit assumption made here is that the scsi
3625  *		inquiry structure will always keep the vid, pid and
3626  *		revision strings in consecutive sequence, so they can be
3627  *		read as a single string. If this assumption is not the
3628  *		case, a separate string, to be used for the check, needs
3629  *		to be built with these strings concatenated.
3630  *
3631  *   Arguments: un - driver soft state (unit) structure
3632  *		id - table or config file vid/pid
3633  *		idlen  - length of the vid/pid (bytes)
3634  *
3635  * Return Code: SD_SUCCESS - Indicates a match with the inquiry vid/pid
3636  *		SD_FAILURE - Indicates no match with the inquiry vid/pid
3637  */
3638 
3639 static int
3640 sd_sdconf_id_match(struct sd_lun *un, char *id, int idlen)
3641 {
3642 	struct scsi_inquiry	*sd_inq;
3643 	int 			rval = SD_SUCCESS;
3644 
3645 	ASSERT(un != NULL);
3646 	sd_inq = un->un_sd->sd_inq;
3647 	ASSERT(id != NULL);
3648 
3649 	/*
3650 	 * We use the inq_vid as a pointer to a buffer containing the
3651 	 * vid and pid and use the entire vid/pid length of the table
3652 	 * entry for the comparison. This works because the inq_pid
3653 	 * data member follows inq_vid in the scsi_inquiry structure.
3654 	 */
3655 	if (strncasecmp(sd_inq->inq_vid, id, idlen) != 0) {
3656 		/*
3657 		 * The user id string is compared to the inquiry vid/pid
3658 		 * using a case insensitive comparison and ignoring
3659 		 * multiple spaces.
3660 		 */
3661 		rval = sd_blank_cmp(un, id, idlen);
3662 		if (rval != SD_SUCCESS) {
3663 			/*
3664 			 * User id strings that start and end with a "*"
3665 			 * are a special case. These do not have a
3666 			 * specific vendor, and the product string can
3667 			 * appear anywhere in the 16 byte PID portion of
3668 			 * the inquiry data. This is a simple strstr()
3669 			 * type search for the user id in the inquiry data.
3670 			 */
3671 			if ((id[0] == '*') && (id[idlen - 1] == '*')) {
3672 				char	*pidptr = &id[1];
3673 				int	i;
3674 				int	j;
3675 				int	pidstrlen = idlen - 2;
3676 				j = sizeof (SD_INQUIRY(un)->inq_pid) -
3677 				    pidstrlen;
3678 
3679 				if (j < 0) {
3680 					return (SD_FAILURE);
3681 				}
3682 				for (i = 0; i < j; i++) {
3683 					if (bcmp(&SD_INQUIRY(un)->inq_pid[i],
3684 					    pidptr, pidstrlen) == 0) {
3685 						rval = SD_SUCCESS;
3686 						break;
3687 					}
3688 				}
3689 			}
3690 		}
3691 	}
3692 	return (rval);
3693 }
3694 
3695 
3696 /*
3697  *    Function: sd_blank_cmp
3698  *
3699  * Description: If the id string starts and ends with a space, treat
3700  *		multiple consecutive spaces as equivalent to a single
3701  *		space. For example, this causes a sd_disk_table entry
3702  *		of " NEC CDROM " to match a device's id string of
3703  *		"NEC       CDROM".
3704  *
3705  *		Note: The success exit condition for this routine is if
3706  *		the pointer to the table entry is '\0' and the cnt of
3707  *		the inquiry length is zero. This will happen if the inquiry
3708  *		string returned by the device is padded with spaces to be
3709  *		exactly 24 bytes in length (8 byte vid + 16 byte pid). The
3710  *		SCSI spec states that the inquiry string is to be padded with
3711  *		spaces.
3712  *
3713  *   Arguments: un - driver soft state (unit) structure
3714  *		id - table or config file vid/pid
3715  *		idlen  - length of the vid/pid (bytes)
3716  *
3717  * Return Code: SD_SUCCESS - Indicates a match with the inquiry vid/pid
3718  *		SD_FAILURE - Indicates no match with the inquiry vid/pid
3719  */
3720 
3721 static int
3722 sd_blank_cmp(struct sd_lun *un, char *id, int idlen)
3723 {
3724 	char		*p1;
3725 	char		*p2;
3726 	int		cnt;
3727 	cnt = sizeof (SD_INQUIRY(un)->inq_vid) +
3728 	    sizeof (SD_INQUIRY(un)->inq_pid);
3729 
3730 	ASSERT(un != NULL);
3731 	p2 = un->un_sd->sd_inq->inq_vid;
3732 	ASSERT(id != NULL);
3733 	p1 = id;
3734 
3735 	if ((id[0] == ' ') && (id[idlen - 1] == ' ')) {
3736 		/*
3737 		 * Note: string p1 is terminated by a NUL but string p2
3738 		 * isn't.  The end of p2 is determined by cnt.
3739 		 */
3740 		for (;;) {
3741 			/* skip over any extra blanks in both strings */
3742 			while ((*p1 != '\0') && (*p1 == ' ')) {
3743 				p1++;
3744 			}
3745 			while ((cnt != 0) && (*p2 == ' ')) {
3746 				p2++;
3747 				cnt--;
3748 			}
3749 
3750 			/* compare the two strings */
3751 			if ((cnt == 0) ||
3752 			    (SD_TOUPPER(*p1) != SD_TOUPPER(*p2))) {
3753 				break;
3754 			}
3755 			while ((cnt > 0) &&
3756 			    (SD_TOUPPER(*p1) == SD_TOUPPER(*p2))) {
3757 				p1++;
3758 				p2++;
3759 				cnt--;
3760 			}
3761 		}
3762 	}
3763 
3764 	/* return SD_SUCCESS if both strings match */
3765 	return (((*p1 == '\0') && (cnt == 0)) ? SD_SUCCESS : SD_FAILURE);
3766 }
3767 
3768 
3769 /*
3770  *    Function: sd_chk_vers1_data
3771  *
3772  * Description: Verify the version 1 device properties provided by the
3773  *		user via the configuration file
3774  *
3775  *   Arguments: un	     - driver soft state (unit) structure
3776  *		flags	     - integer mask indicating properties to be set
3777  *		prop_list    - integer list of property values
3778  *		list_len     - length of user provided data
3779  *
3780  * Return Code: SD_SUCCESS - Indicates the user provided data is valid
3781  *		SD_FAILURE - Indicates the user provided data is invalid
3782  */
3783 
3784 static int
3785 sd_chk_vers1_data(struct sd_lun *un, int flags, int *prop_list,
3786     int list_len, char *dataname_ptr)
3787 {
3788 	int i;
3789 	int mask = 1;
3790 	int index = 0;
3791 
3792 	ASSERT(un != NULL);
3793 
3794 	/* Check for a NULL property name and list */
3795 	if (dataname_ptr == NULL) {
3796 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3797 		    "sd_chk_vers1_data: NULL data property name.");
3798 		return (SD_FAILURE);
3799 	}
3800 	if (prop_list == NULL) {
3801 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3802 		    "sd_chk_vers1_data: %s NULL data property list.",
3803 		    dataname_ptr);
3804 		return (SD_FAILURE);
3805 	}
3806 
3807 	/* Display a warning if undefined bits are set in the flags */
3808 	if (flags & ~SD_CONF_BIT_MASK) {
3809 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3810 		    "sd_chk_vers1_data: invalid bits 0x%x in data list %s. "
3811 		    "Properties not set.",
3812 		    (flags & ~SD_CONF_BIT_MASK), dataname_ptr);
3813 		return (SD_FAILURE);
3814 	}
3815 
3816 	/*
3817 	 * Verify the length of the list by identifying the highest bit set
3818 	 * in the flags and validating that the property list has a length
3819 	 * up to the index of this bit.
3820 	 */
3821 	for (i = 0; i < SD_CONF_MAX_ITEMS; i++) {
3822 		if (flags & mask) {
3823 			index++;
3824 		}
3825 		mask = 1 << i;
3826 	}
3827 	if ((list_len / sizeof (int)) < (index + 2)) {
3828 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3829 		    "sd_chk_vers1_data: "
3830 		    "Data property list %s size is incorrect. "
3831 		    "Properties not set.", dataname_ptr);
3832 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT, "Size expected: "
3833 		    "version + 1 flagword + %d properties", SD_CONF_MAX_ITEMS);
3834 		return (SD_FAILURE);
3835 	}
3836 	return (SD_SUCCESS);
3837 }
3838 
3839 
3840 /*
3841  *    Function: sd_set_vers1_properties
3842  *
3843  * Description: Set version 1 device properties based on a property list
3844  *		retrieved from the driver configuration file or static
3845  *		configuration table. Version 1 properties have the format:
3846  *
3847  * 	<data-property-name>:=<version>,<flags>,<prop0>,<prop1>,.....<propN>
3848  *
3849  *		where the prop0 value will be used to set prop0 if bit0
3850  *		is set in the flags
3851  *
3852  *   Arguments: un	     - driver soft state (unit) structure
3853  *		flags	     - integer mask indicating properties to be set
3854  *		prop_list    - integer list of property values
3855  */
3856 
3857 static void
3858 sd_set_vers1_properties(struct sd_lun *un, int flags, sd_tunables *prop_list)
3859 {
3860 	ASSERT(un != NULL);
3861 
3862 	/*
3863 	 * Set the flag to indicate cache is to be disabled. An attempt
3864 	 * to disable the cache via sd_cache_control() will be made
3865 	 * later during attach once the basic initialization is complete.
3866 	 */
3867 	if (flags & SD_CONF_BSET_NOCACHE) {
3868 		un->un_f_opt_disable_cache = TRUE;
3869 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3870 		    "sd_set_vers1_properties: caching disabled flag set\n");
3871 	}
3872 
3873 	/* CD-specific configuration parameters */
3874 	if (flags & SD_CONF_BSET_PLAYMSF_BCD) {
3875 		un->un_f_cfg_playmsf_bcd = TRUE;
3876 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3877 		    "sd_set_vers1_properties: playmsf_bcd set\n");
3878 	}
3879 	if (flags & SD_CONF_BSET_READSUB_BCD) {
3880 		un->un_f_cfg_readsub_bcd = TRUE;
3881 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3882 		    "sd_set_vers1_properties: readsub_bcd set\n");
3883 	}
3884 	if (flags & SD_CONF_BSET_READ_TOC_TRK_BCD) {
3885 		un->un_f_cfg_read_toc_trk_bcd = TRUE;
3886 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3887 		    "sd_set_vers1_properties: read_toc_trk_bcd set\n");
3888 	}
3889 	if (flags & SD_CONF_BSET_READ_TOC_ADDR_BCD) {
3890 		un->un_f_cfg_read_toc_addr_bcd = TRUE;
3891 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3892 		    "sd_set_vers1_properties: read_toc_addr_bcd set\n");
3893 	}
3894 	if (flags & SD_CONF_BSET_NO_READ_HEADER) {
3895 		un->un_f_cfg_no_read_header = TRUE;
3896 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3897 			    "sd_set_vers1_properties: no_read_header set\n");
3898 	}
3899 	if (flags & SD_CONF_BSET_READ_CD_XD4) {
3900 		un->un_f_cfg_read_cd_xd4 = TRUE;
3901 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3902 		    "sd_set_vers1_properties: read_cd_xd4 set\n");
3903 	}
3904 
3905 	/* Support for devices which do not have valid/unique serial numbers */
3906 	if (flags & SD_CONF_BSET_FAB_DEVID) {
3907 		un->un_f_opt_fab_devid = TRUE;
3908 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3909 		    "sd_set_vers1_properties: fab_devid bit set\n");
3910 	}
3911 
3912 	/* Support for user throttle configuration */
3913 	if (flags & SD_CONF_BSET_THROTTLE) {
3914 		ASSERT(prop_list != NULL);
3915 		un->un_saved_throttle = un->un_throttle =
3916 		    prop_list->sdt_throttle;
3917 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3918 		    "sd_set_vers1_properties: throttle set to %d\n",
3919 		    prop_list->sdt_throttle);
3920 	}
3921 
3922 	/* Set the per disk retry count according to the conf file or table. */
3923 	if (flags & SD_CONF_BSET_NRR_COUNT) {
3924 		ASSERT(prop_list != NULL);
3925 		if (prop_list->sdt_not_rdy_retries) {
3926 			un->un_notready_retry_count =
3927 				prop_list->sdt_not_rdy_retries;
3928 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3929 			    "sd_set_vers1_properties: not ready retry count"
3930 			    " set to %d\n", un->un_notready_retry_count);
3931 		}
3932 	}
3933 
3934 	/* The controller type is reported for generic disk driver ioctls */
3935 	if (flags & SD_CONF_BSET_CTYPE) {
3936 		ASSERT(prop_list != NULL);
3937 		switch (prop_list->sdt_ctype) {
3938 		case CTYPE_CDROM:
3939 			un->un_ctype = prop_list->sdt_ctype;
3940 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3941 			    "sd_set_vers1_properties: ctype set to "
3942 			    "CTYPE_CDROM\n");
3943 			break;
3944 		case CTYPE_CCS:
3945 			un->un_ctype = prop_list->sdt_ctype;
3946 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3947 				"sd_set_vers1_properties: ctype set to "
3948 				"CTYPE_CCS\n");
3949 			break;
3950 		case CTYPE_ROD:		/* RW optical */
3951 			un->un_ctype = prop_list->sdt_ctype;
3952 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3953 			    "sd_set_vers1_properties: ctype set to "
3954 			    "CTYPE_ROD\n");
3955 			break;
3956 		default:
3957 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3958 			    "sd_set_vers1_properties: Could not set "
3959 			    "invalid ctype value (%d)",
3960 			    prop_list->sdt_ctype);
3961 		}
3962 	}
3963 
3964 	/* Purple failover timeout */
3965 	if (flags & SD_CONF_BSET_BSY_RETRY_COUNT) {
3966 		ASSERT(prop_list != NULL);
3967 		un->un_busy_retry_count =
3968 			prop_list->sdt_busy_retries;
3969 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3970 		    "sd_set_vers1_properties: "
3971 		    "busy retry count set to %d\n",
3972 		    un->un_busy_retry_count);
3973 	}
3974 
3975 	/* Purple reset retry count */
3976 	if (flags & SD_CONF_BSET_RST_RETRIES) {
3977 		ASSERT(prop_list != NULL);
3978 		un->un_reset_retry_count =
3979 			prop_list->sdt_reset_retries;
3980 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3981 		    "sd_set_vers1_properties: "
3982 		    "reset retry count set to %d\n",
3983 		    un->un_reset_retry_count);
3984 	}
3985 
3986 	/* Purple reservation release timeout */
3987 	if (flags & SD_CONF_BSET_RSV_REL_TIME) {
3988 		ASSERT(prop_list != NULL);
3989 		un->un_reserve_release_time =
3990 			prop_list->sdt_reserv_rel_time;
3991 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3992 		    "sd_set_vers1_properties: "
3993 		    "reservation release timeout set to %d\n",
3994 		    un->un_reserve_release_time);
3995 	}
3996 
3997 	/*
3998 	 * Driver flag telling the driver to verify that no commands are pending
3999 	 * for a device before issuing a Test Unit Ready. This is a workaround
4000 	 * for a firmware bug in some Seagate eliteI drives.
4001 	 */
4002 	if (flags & SD_CONF_BSET_TUR_CHECK) {
4003 		un->un_f_cfg_tur_check = TRUE;
4004 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
4005 		    "sd_set_vers1_properties: tur queue check set\n");
4006 	}
4007 
4008 	if (flags & SD_CONF_BSET_MIN_THROTTLE) {
4009 		un->un_min_throttle = prop_list->sdt_min_throttle;
4010 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
4011 		    "sd_set_vers1_properties: min throttle set to %d\n",
4012 		    un->un_min_throttle);
4013 	}
4014 
4015 	if (flags & SD_CONF_BSET_DISKSORT_DISABLED) {
4016 		un->un_f_disksort_disabled =
4017 		    (prop_list->sdt_disk_sort_dis != 0) ?
4018 		    TRUE : FALSE;
4019 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
4020 		    "sd_set_vers1_properties: disksort disabled "
4021 		    "flag set to %d\n",
4022 		    prop_list->sdt_disk_sort_dis);
4023 	}
4024 
4025 	if (flags & SD_CONF_BSET_LUN_RESET_ENABLED) {
4026 		un->un_f_lun_reset_enabled =
4027 		    (prop_list->sdt_lun_reset_enable != 0) ?
4028 		    TRUE : FALSE;
4029 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
4030 		    "sd_set_vers1_properties: lun reset enabled "
4031 		    "flag set to %d\n",
4032 		    prop_list->sdt_lun_reset_enable);
4033 	}
4034 
4035 	/*
4036 	 * Validate the throttle values.
4037 	 * If any of the numbers are invalid, set everything to defaults.
4038 	 */
4039 	if ((un->un_throttle < SD_LOWEST_VALID_THROTTLE) ||
4040 	    (un->un_min_throttle < SD_LOWEST_VALID_THROTTLE) ||
4041 	    (un->un_min_throttle > un->un_throttle)) {
4042 		un->un_saved_throttle = un->un_throttle = sd_max_throttle;
4043 		un->un_min_throttle = sd_min_throttle;
4044 	}
4045 }
4046 
4047 /*
4048  *   Function: sd_is_lsi()
4049  *
4050  *   Description: Check for lsi devices, step throught the static device
4051  *	table to match vid/pid.
4052  *
4053  *   Args: un - ptr to sd_lun
4054  *
4055  *   Notes:  When creating new LSI property, need to add the new LSI property
4056  *		to this function.
4057  */
4058 static void
4059 sd_is_lsi(struct sd_lun *un)
4060 {
4061 	char	*id = NULL;
4062 	int	table_index;
4063 	int	idlen;
4064 	void	*prop;
4065 
4066 	ASSERT(un != NULL);
4067 	for (table_index = 0; table_index < sd_disk_table_size;
4068 	    table_index++) {
4069 		id = sd_disk_table[table_index].device_id;
4070 		idlen = strlen(id);
4071 		if (idlen == 0) {
4072 			continue;
4073 		}
4074 
4075 		if (sd_sdconf_id_match(un, id, idlen) == SD_SUCCESS) {
4076 			prop = sd_disk_table[table_index].properties;
4077 			if (prop == &lsi_properties ||
4078 			    prop == &lsi_oem_properties ||
4079 			    prop == &lsi_properties_scsi ||
4080 			    prop == &symbios_properties) {
4081 				un->un_f_cfg_is_lsi = TRUE;
4082 			}
4083 			break;
4084 		}
4085 	}
4086 }
4087 
4088 
4089 /*
4090  * The following routines support reading and interpretation of disk labels,
4091  * including Solaris BE (8-slice) vtoc's, Solaris LE (16-slice) vtoc's, and
4092  * fdisk tables.
4093  */
4094 
4095 /*
4096  *    Function: sd_validate_geometry
4097  *
4098  * Description: Read the label from the disk (if present). Update the unit's
4099  *		geometry and vtoc information from the data in the label.
4100  *		Verify that the label is valid.
4101  *
4102  *   Arguments: un - driver soft state (unit) structure
4103  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4104  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4105  *			to use the USCSI "direct" chain and bypass the normal
4106  *			command waitq.
4107  *
4108  * Return Code: 0 - Successful completion
4109  *		EINVAL  - Invalid value in un->un_tgt_blocksize or
4110  *			  un->un_blockcount; or label on disk is corrupted
4111  *			  or unreadable.
4112  *		EACCES  - Reservation conflict at the device.
4113  *		ENOMEM  - Resource allocation error
4114  *		ENOTSUP - geometry not applicable
4115  *
4116  *     Context: Kernel thread only (can sleep).
4117  */
4118 
4119 static int
4120 sd_validate_geometry(struct sd_lun *un, int path_flag)
4121 {
4122 	static	char		labelstring[128];
4123 	static	char		buf[256];
4124 	char	*label		= NULL;
4125 	int	label_error	= 0;
4126 	int	gvalid		= un->un_f_geometry_is_valid;
4127 	int	lbasize;
4128 	uint_t	capacity;
4129 	int	count;
4130 
4131 	ASSERT(un != NULL);
4132 	ASSERT(mutex_owned(SD_MUTEX(un)));
4133 
4134 	/*
4135 	 * If the required values are not valid, then try getting them
4136 	 * once via read capacity. If that fails, then fail this call.
4137 	 * This is necessary with the new mpxio failover behavior in
4138 	 * the T300 where we can get an attach for the inactive path
4139 	 * before the active path. The inactive path fails commands with
4140 	 * sense data of 02,04,88 which happens to the read capacity
4141 	 * before mpxio has had sufficient knowledge to know if it should
4142 	 * force a fail over or not. (Which it won't do at attach anyhow).
4143 	 * If the read capacity at attach time fails, un_tgt_blocksize and
4144 	 * un_blockcount won't be valid.
4145 	 */
4146 	if ((un->un_f_tgt_blocksize_is_valid != TRUE) ||
4147 	    (un->un_f_blockcount_is_valid != TRUE)) {
4148 		uint64_t	cap;
4149 		uint32_t	lbasz;
4150 		int		rval;
4151 
4152 		mutex_exit(SD_MUTEX(un));
4153 		rval = sd_send_scsi_READ_CAPACITY(un, &cap,
4154 		    &lbasz, SD_PATH_DIRECT);
4155 		mutex_enter(SD_MUTEX(un));
4156 		if (rval == 0) {
4157 			/*
4158 			 * The following relies on
4159 			 * sd_send_scsi_READ_CAPACITY never
4160 			 * returning 0 for capacity and/or lbasize.
4161 			 */
4162 			sd_update_block_info(un, lbasz, cap);
4163 		}
4164 
4165 		if ((un->un_f_tgt_blocksize_is_valid != TRUE) ||
4166 		    (un->un_f_blockcount_is_valid != TRUE)) {
4167 			return (EINVAL);
4168 		}
4169 	}
4170 
4171 	/*
4172 	 * Copy the lbasize and capacity so that if they're reset while we're
4173 	 * not holding the SD_MUTEX, we will continue to use valid values
4174 	 * after the SD_MUTEX is reacquired. (4119659)
4175 	 */
4176 	lbasize  = un->un_tgt_blocksize;
4177 	capacity = un->un_blockcount;
4178 
4179 #if defined(_SUNOS_VTOC_16)
4180 	/*
4181 	 * Set up the "whole disk" fdisk partition; this should always
4182 	 * exist, regardless of whether the disk contains an fdisk table
4183 	 * or vtoc.
4184 	 */
4185 	un->un_map[P0_RAW_DISK].dkl_cylno = 0;
4186 	un->un_map[P0_RAW_DISK].dkl_nblk  = capacity;
4187 #endif
4188 
4189 	/*
4190 	 * Refresh the logical and physical geometry caches.
4191 	 * (data from MODE SENSE format/rigid disk geometry pages,
4192 	 * and scsi_ifgetcap("geometry").
4193 	 */
4194 	sd_resync_geom_caches(un, capacity, lbasize, path_flag);
4195 
4196 	label_error = sd_use_efi(un, path_flag);
4197 	if (label_error == 0) {
4198 		/* found a valid EFI label */
4199 		SD_TRACE(SD_LOG_IO_PARTITION, un,
4200 			"sd_validate_geometry: found EFI label\n");
4201 		un->un_solaris_offset = 0;
4202 		un->un_solaris_size = capacity;
4203 		return (ENOTSUP);
4204 	}
4205 	if (un->un_blockcount > DK_MAX_BLOCKS) {
4206 		if (label_error == ESRCH) {
4207 			/*
4208 			 * they've configured a LUN over 1TB, but used
4209 			 * format.dat to restrict format's view of the
4210 			 * capacity to be under 1TB
4211 			 */
4212 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
4213 "is >1TB and has a VTOC label: use format(1M) to either decrease the");
4214 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
4215 "size to be < 1TB or relabel the disk with an EFI label");
4216 		} else {
4217 			/* unlabeled disk over 1TB */
4218 			return (ENOTSUP);
4219 		}
4220 	}
4221 	label_error = 0;
4222 
4223 	/*
4224 	 * at this point it is either labeled with a VTOC or it is
4225 	 * under 1TB
4226 	 */
4227 	if (un->un_f_vtoc_label_supported) {
4228 		struct	dk_label *dkl;
4229 		offset_t dkl1;
4230 		offset_t label_addr, real_addr;
4231 		int	rval;
4232 		size_t	buffer_size;
4233 
4234 		/*
4235 		 * Note: This will set up un->un_solaris_size and
4236 		 * un->un_solaris_offset.
4237 		 */
4238 		switch (sd_read_fdisk(un, capacity, lbasize, path_flag)) {
4239 		case SD_CMD_RESERVATION_CONFLICT:
4240 			ASSERT(mutex_owned(SD_MUTEX(un)));
4241 			return (EACCES);
4242 		case SD_CMD_FAILURE:
4243 			ASSERT(mutex_owned(SD_MUTEX(un)));
4244 			return (ENOMEM);
4245 		}
4246 
4247 		if (un->un_solaris_size <= DK_LABEL_LOC) {
4248 			/*
4249 			 * Found fdisk table but no Solaris partition entry,
4250 			 * so don't call sd_uselabel() and don't create
4251 			 * a default label.
4252 			 */
4253 			label_error = 0;
4254 			un->un_f_geometry_is_valid = TRUE;
4255 			goto no_solaris_partition;
4256 		}
4257 		label_addr = (daddr_t)(un->un_solaris_offset + DK_LABEL_LOC);
4258 
4259 		/*
4260 		 * sys_blocksize != tgt_blocksize, need to re-adjust
4261 		 * blkno and save the index to beginning of dk_label
4262 		 */
4263 		real_addr = SD_SYS2TGTBLOCK(un, label_addr);
4264 		buffer_size = SD_REQBYTES2TGTBYTES(un,
4265 		    sizeof (struct dk_label));
4266 
4267 		SD_TRACE(SD_LOG_IO_PARTITION, un, "sd_validate_geometry: "
4268 		    "label_addr: 0x%x allocation size: 0x%x\n",
4269 		    label_addr, buffer_size);
4270 		dkl = kmem_zalloc(buffer_size, KM_NOSLEEP);
4271 		if (dkl == NULL) {
4272 			return (ENOMEM);
4273 		}
4274 
4275 		mutex_exit(SD_MUTEX(un));
4276 		rval = sd_send_scsi_READ(un, dkl, buffer_size, real_addr,
4277 		    path_flag);
4278 		mutex_enter(SD_MUTEX(un));
4279 
4280 		switch (rval) {
4281 		case 0:
4282 			/*
4283 			 * sd_uselabel will establish that the geometry
4284 			 * is valid.
4285 			 * For sys_blocksize != tgt_blocksize, need
4286 			 * to index into the beginning of dk_label
4287 			 */
4288 			dkl1 = (daddr_t)dkl
4289 				+ SD_TGTBYTEOFFSET(un, label_addr, real_addr);
4290 			if (sd_uselabel(un, (struct dk_label *)(uintptr_t)dkl1,
4291 			    path_flag) != SD_LABEL_IS_VALID) {
4292 				label_error = EINVAL;
4293 			}
4294 			break;
4295 		case EACCES:
4296 			label_error = EACCES;
4297 			break;
4298 		default:
4299 			label_error = EINVAL;
4300 			break;
4301 		}
4302 
4303 		kmem_free(dkl, buffer_size);
4304 
4305 #if defined(_SUNOS_VTOC_8)
4306 		label = (char *)un->un_asciilabel;
4307 #elif defined(_SUNOS_VTOC_16)
4308 		label = (char *)un->un_vtoc.v_asciilabel;
4309 #else
4310 #error "No VTOC format defined."
4311 #endif
4312 	}
4313 
4314 	/*
4315 	 * If a valid label was not found, AND if no reservation conflict
4316 	 * was detected, then go ahead and create a default label (4069506).
4317 	 */
4318 
4319 	if (un->un_f_default_vtoc_supported && (label_error != EACCES)) {
4320 		if (un->un_f_geometry_is_valid == FALSE) {
4321 			sd_build_default_label(un);
4322 		}
4323 		label_error = 0;
4324 	}
4325 
4326 no_solaris_partition:
4327 	if ((!un->un_f_has_removable_media ||
4328 	    (un->un_f_has_removable_media &&
4329 		un->un_mediastate == DKIO_EJECTED)) &&
4330 		(un->un_state == SD_STATE_NORMAL && !gvalid)) {
4331 		/*
4332 		 * Print out a message indicating who and what we are.
4333 		 * We do this only when we happen to really validate the
4334 		 * geometry. We may call sd_validate_geometry() at other
4335 		 * times, e.g., ioctl()'s like Get VTOC in which case we
4336 		 * don't want to print the label.
4337 		 * If the geometry is valid, print the label string,
4338 		 * else print vendor and product info, if available
4339 		 */
4340 		if ((un->un_f_geometry_is_valid == TRUE) && (label != NULL)) {
4341 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "?<%s>\n", label);
4342 		} else {
4343 			mutex_enter(&sd_label_mutex);
4344 			sd_inq_fill(SD_INQUIRY(un)->inq_vid, VIDMAX,
4345 			    labelstring);
4346 			sd_inq_fill(SD_INQUIRY(un)->inq_pid, PIDMAX,
4347 			    &labelstring[64]);
4348 			(void) sprintf(buf, "?Vendor '%s', product '%s'",
4349 			    labelstring, &labelstring[64]);
4350 			if (un->un_f_blockcount_is_valid == TRUE) {
4351 				(void) sprintf(&buf[strlen(buf)],
4352 				    ", %llu %u byte blocks\n",
4353 				    (longlong_t)un->un_blockcount,
4354 				    un->un_tgt_blocksize);
4355 			} else {
4356 				(void) sprintf(&buf[strlen(buf)],
4357 				    ", (unknown capacity)\n");
4358 			}
4359 			SD_INFO(SD_LOG_ATTACH_DETACH, un, buf);
4360 			mutex_exit(&sd_label_mutex);
4361 		}
4362 	}
4363 
4364 #if defined(_SUNOS_VTOC_16)
4365 	/*
4366 	 * If we have valid geometry, set up the remaining fdisk partitions.
4367 	 * Note that dkl_cylno is not used for the fdisk map entries, so
4368 	 * we set it to an entirely bogus value.
4369 	 */
4370 	for (count = 0; count < FD_NUMPART; count++) {
4371 		un->un_map[FDISK_P1 + count].dkl_cylno = -1;
4372 		un->un_map[FDISK_P1 + count].dkl_nblk =
4373 		    un->un_fmap[count].fmap_nblk;
4374 
4375 		un->un_offset[FDISK_P1 + count] =
4376 		    un->un_fmap[count].fmap_start;
4377 	}
4378 #endif
4379 
4380 	for (count = 0; count < NDKMAP; count++) {
4381 #if defined(_SUNOS_VTOC_8)
4382 		struct dk_map *lp  = &un->un_map[count];
4383 		un->un_offset[count] =
4384 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
4385 #elif defined(_SUNOS_VTOC_16)
4386 		struct dkl_partition *vp = &un->un_vtoc.v_part[count];
4387 
4388 		un->un_offset[count] = vp->p_start + un->un_solaris_offset;
4389 #else
4390 #error "No VTOC format defined."
4391 #endif
4392 	}
4393 
4394 	return (label_error);
4395 }
4396 
4397 
4398 #if defined(_SUNOS_VTOC_16)
4399 /*
4400  * Macro: MAX_BLKS
4401  *
4402  *	This macro is used for table entries where we need to have the largest
4403  *	possible sector value for that head & SPT (sectors per track)
4404  *	combination.  Other entries for some smaller disk sizes are set by
4405  *	convention to match those used by X86 BIOS usage.
4406  */
4407 #define	MAX_BLKS(heads, spt)	UINT16_MAX * heads * spt, heads, spt
4408 
4409 /*
4410  *    Function: sd_convert_geometry
4411  *
4412  * Description: Convert physical geometry into a dk_geom structure. In
4413  *		other words, make sure we don't wrap 16-bit values.
4414  *		e.g. converting from geom_cache to dk_geom
4415  *
4416  *     Context: Kernel thread only
4417  */
4418 static void
4419 sd_convert_geometry(uint64_t capacity, struct dk_geom *un_g)
4420 {
4421 	int i;
4422 	static const struct chs_values {
4423 		uint_t max_cap;		/* Max Capacity for this HS. */
4424 		uint_t nhead;		/* Heads to use. */
4425 		uint_t nsect;		/* SPT to use. */
4426 	} CHS_values[] = {
4427 		{0x00200000,  64, 32},		/* 1GB or smaller disk. */
4428 		{0x01000000, 128, 32},		/* 8GB or smaller disk. */
4429 		{MAX_BLKS(255,  63)},		/* 502.02GB or smaller disk. */
4430 		{MAX_BLKS(255, 126)},		/* .98TB or smaller disk. */
4431 		{DK_MAX_BLOCKS, 255, 189}	/* Max size is just under 1TB */
4432 	};
4433 
4434 	/* Unlabeled SCSI floppy device */
4435 	if (capacity <= 0x1000) {
4436 		un_g->dkg_nhead = 2;
4437 		un_g->dkg_ncyl = 80;
4438 		un_g->dkg_nsect = capacity / (un_g->dkg_nhead * un_g->dkg_ncyl);
4439 		return;
4440 	}
4441 
4442 	/*
4443 	 * For all devices we calculate cylinders using the
4444 	 * heads and sectors we assign based on capacity of the
4445 	 * device.  The table is designed to be compatible with the
4446 	 * way other operating systems lay out fdisk tables for X86
4447 	 * and to insure that the cylinders never exceed 65535 to
4448 	 * prevent problems with X86 ioctls that report geometry.
4449 	 * We use SPT that are multiples of 63, since other OSes that
4450 	 * are not limited to 16-bits for cylinders stop at 63 SPT
4451 	 * we make do by using multiples of 63 SPT.
4452 	 *
4453 	 * Note than capacities greater than or equal to 1TB will simply
4454 	 * get the largest geometry from the table. This should be okay
4455 	 * since disks this large shouldn't be using CHS values anyway.
4456 	 */
4457 	for (i = 0; CHS_values[i].max_cap < capacity &&
4458 	    CHS_values[i].max_cap != DK_MAX_BLOCKS; i++)
4459 		;
4460 
4461 	un_g->dkg_nhead = CHS_values[i].nhead;
4462 	un_g->dkg_nsect = CHS_values[i].nsect;
4463 }
4464 #endif
4465 
4466 
4467 /*
4468  *    Function: sd_resync_geom_caches
4469  *
4470  * Description: (Re)initialize both geometry caches: the virtual geometry
4471  *		information is extracted from the HBA (the "geometry"
4472  *		capability), and the physical geometry cache data is
4473  *		generated by issuing MODE SENSE commands.
4474  *
4475  *   Arguments: un - driver soft state (unit) structure
4476  *		capacity - disk capacity in #blocks
4477  *		lbasize - disk block size in bytes
4478  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4479  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4480  *			to use the USCSI "direct" chain and bypass the normal
4481  *			command waitq.
4482  *
4483  *     Context: Kernel thread only (can sleep).
4484  */
4485 
4486 static void
4487 sd_resync_geom_caches(struct sd_lun *un, int capacity, int lbasize,
4488 	int path_flag)
4489 {
4490 	struct 	geom_cache 	pgeom;
4491 	struct 	geom_cache	*pgeom_p = &pgeom;
4492 	int 	spc;
4493 	unsigned short nhead;
4494 	unsigned short nsect;
4495 
4496 	ASSERT(un != NULL);
4497 	ASSERT(mutex_owned(SD_MUTEX(un)));
4498 
4499 	/*
4500 	 * Ask the controller for its logical geometry.
4501 	 * Note: if the HBA does not support scsi_ifgetcap("geometry"),
4502 	 * then the lgeom cache will be invalid.
4503 	 */
4504 	sd_get_virtual_geometry(un, capacity, lbasize);
4505 
4506 	/*
4507 	 * Initialize the pgeom cache from lgeom, so that if MODE SENSE
4508 	 * doesn't work, DKIOCG_PHYSGEOM can return reasonable values.
4509 	 */
4510 	if (un->un_lgeom.g_nsect == 0 || un->un_lgeom.g_nhead == 0) {
4511 		/*
4512 		 * Note: Perhaps this needs to be more adaptive? The rationale
4513 		 * is that, if there's no HBA geometry from the HBA driver, any
4514 		 * guess is good, since this is the physical geometry. If MODE
4515 		 * SENSE fails this gives a max cylinder size for non-LBA access
4516 		 */
4517 		nhead = 255;
4518 		nsect = 63;
4519 	} else {
4520 		nhead = un->un_lgeom.g_nhead;
4521 		nsect = un->un_lgeom.g_nsect;
4522 	}
4523 
4524 	if (ISCD(un)) {
4525 		pgeom_p->g_nhead = 1;
4526 		pgeom_p->g_nsect = nsect * nhead;
4527 	} else {
4528 		pgeom_p->g_nhead = nhead;
4529 		pgeom_p->g_nsect = nsect;
4530 	}
4531 
4532 	spc = pgeom_p->g_nhead * pgeom_p->g_nsect;
4533 	pgeom_p->g_capacity = capacity;
4534 	pgeom_p->g_ncyl = pgeom_p->g_capacity / spc;
4535 	pgeom_p->g_acyl = 0;
4536 
4537 	/*
4538 	 * Retrieve fresh geometry data from the hardware, stash it
4539 	 * here temporarily before we rebuild the incore label.
4540 	 *
4541 	 * We want to use the MODE SENSE commands to derive the
4542 	 * physical geometry of the device, but if either command
4543 	 * fails, the logical geometry is used as the fallback for
4544 	 * disk label geometry.
4545 	 */
4546 	mutex_exit(SD_MUTEX(un));
4547 	sd_get_physical_geometry(un, pgeom_p, capacity, lbasize, path_flag);
4548 	mutex_enter(SD_MUTEX(un));
4549 
4550 	/*
4551 	 * Now update the real copy while holding the mutex. This
4552 	 * way the global copy is never in an inconsistent state.
4553 	 */
4554 	bcopy(pgeom_p, &un->un_pgeom,  sizeof (un->un_pgeom));
4555 
4556 	SD_INFO(SD_LOG_COMMON, un, "sd_resync_geom_caches: "
4557 	    "(cached from lgeom)\n");
4558 	SD_INFO(SD_LOG_COMMON, un,
4559 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
4560 	    un->un_pgeom.g_ncyl, un->un_pgeom.g_acyl,
4561 	    un->un_pgeom.g_nhead, un->un_pgeom.g_nsect);
4562 	SD_INFO(SD_LOG_COMMON, un, "   lbasize: %d; capacity: %ld; "
4563 	    "intrlv: %d; rpm: %d\n", un->un_pgeom.g_secsize,
4564 	    un->un_pgeom.g_capacity, un->un_pgeom.g_intrlv,
4565 	    un->un_pgeom.g_rpm);
4566 }
4567 
4568 
4569 /*
4570  *    Function: sd_read_fdisk
4571  *
4572  * Description: utility routine to read the fdisk table.
4573  *
4574  *   Arguments: un - driver soft state (unit) structure
4575  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4576  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4577  *			to use the USCSI "direct" chain and bypass the normal
4578  *			command waitq.
4579  *
4580  * Return Code: SD_CMD_SUCCESS
4581  *		SD_CMD_FAILURE
4582  *
4583  *     Context: Kernel thread only (can sleep).
4584  */
4585 /* ARGSUSED */
4586 static int
4587 sd_read_fdisk(struct sd_lun *un, uint_t capacity, int lbasize, int path_flag)
4588 {
4589 #if defined(_NO_FDISK_PRESENT)
4590 
4591 	un->un_solaris_offset = 0;
4592 	un->un_solaris_size = capacity;
4593 	bzero(un->un_fmap, sizeof (struct fmap) * FD_NUMPART);
4594 	return (SD_CMD_SUCCESS);
4595 
4596 #elif defined(_FIRMWARE_NEEDS_FDISK)
4597 
4598 	struct ipart	*fdp;
4599 	struct mboot	*mbp;
4600 	struct ipart	fdisk[FD_NUMPART];
4601 	int		i;
4602 	char		sigbuf[2];
4603 	caddr_t		bufp;
4604 	int		uidx;
4605 	int		rval;
4606 	int		lba = 0;
4607 	uint_t		solaris_offset;	/* offset to solaris part. */
4608 	daddr_t		solaris_size;	/* size of solaris partition */
4609 	uint32_t	blocksize;
4610 
4611 	ASSERT(un != NULL);
4612 	ASSERT(mutex_owned(SD_MUTEX(un)));
4613 	ASSERT(un->un_f_tgt_blocksize_is_valid == TRUE);
4614 
4615 	blocksize = un->un_tgt_blocksize;
4616 
4617 	/*
4618 	 * Start off assuming no fdisk table
4619 	 */
4620 	solaris_offset = 0;
4621 	solaris_size   = capacity;
4622 
4623 	mutex_exit(SD_MUTEX(un));
4624 	bufp = kmem_zalloc(blocksize, KM_SLEEP);
4625 	rval = sd_send_scsi_READ(un, bufp, blocksize, 0, path_flag);
4626 	mutex_enter(SD_MUTEX(un));
4627 
4628 	if (rval != 0) {
4629 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4630 		    "sd_read_fdisk: fdisk read err\n");
4631 		kmem_free(bufp, blocksize);
4632 		return (SD_CMD_FAILURE);
4633 	}
4634 
4635 	mbp = (struct mboot *)bufp;
4636 
4637 	/*
4638 	 * The fdisk table does not begin on a 4-byte boundary within the
4639 	 * master boot record, so we copy it to an aligned structure to avoid
4640 	 * alignment exceptions on some processors.
4641 	 */
4642 	bcopy(&mbp->parts[0], fdisk, sizeof (fdisk));
4643 
4644 	/*
4645 	 * Check for lba support before verifying sig; sig might not be
4646 	 * there, say on a blank disk, but the max_chs mark may still
4647 	 * be present.
4648 	 *
4649 	 * Note: LBA support and BEFs are an x86-only concept but this
4650 	 * code should work OK on SPARC as well.
4651 	 */
4652 
4653 	/*
4654 	 * First, check for lba-access-ok on root node (or prom root node)
4655 	 * if present there, don't need to search fdisk table.
4656 	 */
4657 	if (ddi_getprop(DDI_DEV_T_ANY, ddi_root_node(), 0,
4658 	    "lba-access-ok", 0) != 0) {
4659 		/* All drives do LBA; don't search fdisk table */
4660 		lba = 1;
4661 	} else {
4662 		/* Okay, look for mark in fdisk table */
4663 		for (fdp = fdisk, i = 0; i < FD_NUMPART; i++, fdp++) {
4664 			/* accumulate "lba" value from all partitions */
4665 			lba = (lba || sd_has_max_chs_vals(fdp));
4666 		}
4667 	}
4668 
4669 	if (lba != 0) {
4670 		dev_t dev = sd_make_device(SD_DEVINFO(un));
4671 
4672 		if (ddi_getprop(dev, SD_DEVINFO(un), DDI_PROP_DONTPASS,
4673 		    "lba-access-ok", 0) == 0) {
4674 			/* not found; create it */
4675 			if (ddi_prop_create(dev, SD_DEVINFO(un), 0,
4676 			    "lba-access-ok", (caddr_t)NULL, 0) !=
4677 			    DDI_PROP_SUCCESS) {
4678 				SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4679 				    "sd_read_fdisk: Can't create lba property "
4680 				    "for instance %d\n",
4681 				    ddi_get_instance(SD_DEVINFO(un)));
4682 			}
4683 		}
4684 	}
4685 
4686 	bcopy(&mbp->signature, sigbuf, sizeof (sigbuf));
4687 
4688 	/*
4689 	 * Endian-independent signature check
4690 	 */
4691 	if (((sigbuf[1] & 0xFF) != ((MBB_MAGIC >> 8) & 0xFF)) ||
4692 	    (sigbuf[0] != (MBB_MAGIC & 0xFF))) {
4693 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4694 		    "sd_read_fdisk: no fdisk\n");
4695 		bzero(un->un_fmap, sizeof (struct fmap) * FD_NUMPART);
4696 		rval = SD_CMD_SUCCESS;
4697 		goto done;
4698 	}
4699 
4700 #ifdef SDDEBUG
4701 	if (sd_level_mask & SD_LOGMASK_INFO) {
4702 		fdp = fdisk;
4703 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_read_fdisk:\n");
4704 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "         relsect    "
4705 		    "numsect         sysid       bootid\n");
4706 		for (i = 0; i < FD_NUMPART; i++, fdp++) {
4707 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
4708 			    "    %d:  %8d   %8d     0x%08x     0x%08x\n",
4709 			    i, fdp->relsect, fdp->numsect,
4710 			    fdp->systid, fdp->bootid);
4711 		}
4712 	}
4713 #endif
4714 
4715 	/*
4716 	 * Try to find the unix partition
4717 	 */
4718 	uidx = -1;
4719 	solaris_offset = 0;
4720 	solaris_size   = 0;
4721 
4722 	for (fdp = fdisk, i = 0; i < FD_NUMPART; i++, fdp++) {
4723 		int	relsect;
4724 		int	numsect;
4725 
4726 		if (fdp->numsect == 0) {
4727 			un->un_fmap[i].fmap_start = 0;
4728 			un->un_fmap[i].fmap_nblk  = 0;
4729 			continue;
4730 		}
4731 
4732 		/*
4733 		 * Data in the fdisk table is little-endian.
4734 		 */
4735 		relsect = LE_32(fdp->relsect);
4736 		numsect = LE_32(fdp->numsect);
4737 
4738 		un->un_fmap[i].fmap_start = relsect;
4739 		un->un_fmap[i].fmap_nblk  = numsect;
4740 
4741 		if (fdp->systid != SUNIXOS &&
4742 		    fdp->systid != SUNIXOS2 &&
4743 		    fdp->systid != EFI_PMBR) {
4744 			continue;
4745 		}
4746 
4747 		/*
4748 		 * use the last active solaris partition id found
4749 		 * (there should only be 1 active partition id)
4750 		 *
4751 		 * if there are no active solaris partition id
4752 		 * then use the first inactive solaris partition id
4753 		 */
4754 		if ((uidx == -1) || (fdp->bootid == ACTIVE)) {
4755 			uidx = i;
4756 			solaris_offset = relsect;
4757 			solaris_size   = numsect;
4758 		}
4759 	}
4760 
4761 	SD_INFO(SD_LOG_ATTACH_DETACH, un, "fdisk 0x%x 0x%lx",
4762 	    un->un_solaris_offset, un->un_solaris_size);
4763 
4764 	rval = SD_CMD_SUCCESS;
4765 
4766 done:
4767 
4768 	/*
4769 	 * Clear the VTOC info, only if the Solaris partition entry
4770 	 * has moved, changed size, been deleted, or if the size of
4771 	 * the partition is too small to even fit the label sector.
4772 	 */
4773 	if ((un->un_solaris_offset != solaris_offset) ||
4774 	    (un->un_solaris_size != solaris_size) ||
4775 	    solaris_size <= DK_LABEL_LOC) {
4776 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "fdisk moved 0x%x 0x%lx",
4777 			solaris_offset, solaris_size);
4778 		bzero(&un->un_g, sizeof (struct dk_geom));
4779 		bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
4780 		bzero(&un->un_map, NDKMAP * (sizeof (struct dk_map)));
4781 		un->un_f_geometry_is_valid = FALSE;
4782 	}
4783 	un->un_solaris_offset = solaris_offset;
4784 	un->un_solaris_size = solaris_size;
4785 	kmem_free(bufp, blocksize);
4786 	return (rval);
4787 
4788 #else	/* #elif defined(_FIRMWARE_NEEDS_FDISK) */
4789 #error "fdisk table presence undetermined for this platform."
4790 #endif	/* #if defined(_NO_FDISK_PRESENT) */
4791 }
4792 
4793 
4794 /*
4795  *    Function: sd_get_physical_geometry
4796  *
4797  * Description: Retrieve the MODE SENSE page 3 (Format Device Page) and
4798  *		MODE SENSE page 4 (Rigid Disk Drive Geometry Page) from the
4799  *		target, and use this information to initialize the physical
4800  *		geometry cache specified by pgeom_p.
4801  *
4802  *		MODE SENSE is an optional command, so failure in this case
4803  *		does not necessarily denote an error. We want to use the
4804  *		MODE SENSE commands to derive the physical geometry of the
4805  *		device, but if either command fails, the logical geometry is
4806  *		used as the fallback for disk label geometry.
4807  *
4808  *		This requires that un->un_blockcount and un->un_tgt_blocksize
4809  *		have already been initialized for the current target and
4810  *		that the current values be passed as args so that we don't
4811  *		end up ever trying to use -1 as a valid value. This could
4812  *		happen if either value is reset while we're not holding
4813  *		the mutex.
4814  *
4815  *   Arguments: un - driver soft state (unit) structure
4816  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4817  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4818  *			to use the USCSI "direct" chain and bypass the normal
4819  *			command waitq.
4820  *
4821  *     Context: Kernel thread only (can sleep).
4822  */
4823 
4824 static void
4825 sd_get_physical_geometry(struct sd_lun *un, struct geom_cache *pgeom_p,
4826 	int capacity, int lbasize, int path_flag)
4827 {
4828 	struct	mode_format	*page3p;
4829 	struct	mode_geometry	*page4p;
4830 	struct	mode_header	*headerp;
4831 	int	sector_size;
4832 	int	nsect;
4833 	int	nhead;
4834 	int	ncyl;
4835 	int	intrlv;
4836 	int	spc;
4837 	int	modesense_capacity;
4838 	int	rpm;
4839 	int	bd_len;
4840 	int	mode_header_length;
4841 	uchar_t	*p3bufp;
4842 	uchar_t	*p4bufp;
4843 	int	cdbsize;
4844 
4845 	ASSERT(un != NULL);
4846 	ASSERT(!(mutex_owned(SD_MUTEX(un))));
4847 
4848 	if (un->un_f_blockcount_is_valid != TRUE) {
4849 		return;
4850 	}
4851 
4852 	if (un->un_f_tgt_blocksize_is_valid != TRUE) {
4853 		return;
4854 	}
4855 
4856 	if (lbasize == 0) {
4857 		if (ISCD(un)) {
4858 			lbasize = 2048;
4859 		} else {
4860 			lbasize = un->un_sys_blocksize;
4861 		}
4862 	}
4863 	pgeom_p->g_secsize = (unsigned short)lbasize;
4864 
4865 	cdbsize = (un->un_f_cfg_is_atapi == TRUE) ? CDB_GROUP2 : CDB_GROUP0;
4866 
4867 	/*
4868 	 * Retrieve MODE SENSE page 3 - Format Device Page
4869 	 */
4870 	p3bufp = kmem_zalloc(SD_MODE_SENSE_PAGE3_LENGTH, KM_SLEEP);
4871 	if (sd_send_scsi_MODE_SENSE(un, cdbsize, p3bufp,
4872 	    SD_MODE_SENSE_PAGE3_LENGTH, SD_MODE_SENSE_PAGE3_CODE, path_flag)
4873 	    != 0) {
4874 		SD_ERROR(SD_LOG_COMMON, un,
4875 		    "sd_get_physical_geometry: mode sense page 3 failed\n");
4876 		goto page3_exit;
4877 	}
4878 
4879 	/*
4880 	 * Determine size of Block Descriptors in order to locate the mode
4881 	 * page data.  ATAPI devices return 0, SCSI devices should return
4882 	 * MODE_BLK_DESC_LENGTH.
4883 	 */
4884 	headerp = (struct mode_header *)p3bufp;
4885 	if (un->un_f_cfg_is_atapi == TRUE) {
4886 		struct mode_header_grp2 *mhp =
4887 		    (struct mode_header_grp2 *)headerp;
4888 		mode_header_length = MODE_HEADER_LENGTH_GRP2;
4889 		bd_len = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
4890 	} else {
4891 		mode_header_length = MODE_HEADER_LENGTH;
4892 		bd_len = ((struct mode_header *)headerp)->bdesc_length;
4893 	}
4894 
4895 	if (bd_len > MODE_BLK_DESC_LENGTH) {
4896 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4897 		    "received unexpected bd_len of %d, page3\n", bd_len);
4898 		goto page3_exit;
4899 	}
4900 
4901 	page3p = (struct mode_format *)
4902 	    ((caddr_t)headerp + mode_header_length + bd_len);
4903 
4904 	if (page3p->mode_page.code != SD_MODE_SENSE_PAGE3_CODE) {
4905 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4906 		    "mode sense pg3 code mismatch %d\n",
4907 		    page3p->mode_page.code);
4908 		goto page3_exit;
4909 	}
4910 
4911 	/*
4912 	 * Use this physical geometry data only if BOTH MODE SENSE commands
4913 	 * complete successfully; otherwise, revert to the logical geometry.
4914 	 * So, we need to save everything in temporary variables.
4915 	 */
4916 	sector_size = BE_16(page3p->data_bytes_sect);
4917 
4918 	/*
4919 	 * 1243403: The NEC D38x7 drives do not support MODE SENSE sector size
4920 	 */
4921 	if (sector_size == 0) {
4922 		sector_size = (ISCD(un)) ? 2048 : un->un_sys_blocksize;
4923 	} else {
4924 		sector_size &= ~(un->un_sys_blocksize - 1);
4925 	}
4926 
4927 	nsect  = BE_16(page3p->sect_track);
4928 	intrlv = BE_16(page3p->interleave);
4929 
4930 	SD_INFO(SD_LOG_COMMON, un,
4931 	    "sd_get_physical_geometry: Format Parameters (page 3)\n");
4932 	SD_INFO(SD_LOG_COMMON, un,
4933 	    "   mode page: %d; nsect: %d; sector size: %d;\n",
4934 	    page3p->mode_page.code, nsect, sector_size);
4935 	SD_INFO(SD_LOG_COMMON, un,
4936 	    "   interleave: %d; track skew: %d; cylinder skew: %d;\n", intrlv,
4937 	    BE_16(page3p->track_skew),
4938 	    BE_16(page3p->cylinder_skew));
4939 
4940 
4941 	/*
4942 	 * Retrieve MODE SENSE page 4 - Rigid Disk Drive Geometry Page
4943 	 */
4944 	p4bufp = kmem_zalloc(SD_MODE_SENSE_PAGE4_LENGTH, KM_SLEEP);
4945 	if (sd_send_scsi_MODE_SENSE(un, cdbsize, p4bufp,
4946 	    SD_MODE_SENSE_PAGE4_LENGTH, SD_MODE_SENSE_PAGE4_CODE, path_flag)
4947 	    != 0) {
4948 		SD_ERROR(SD_LOG_COMMON, un,
4949 		    "sd_get_physical_geometry: mode sense page 4 failed\n");
4950 		goto page4_exit;
4951 	}
4952 
4953 	/*
4954 	 * Determine size of Block Descriptors in order to locate the mode
4955 	 * page data.  ATAPI devices return 0, SCSI devices should return
4956 	 * MODE_BLK_DESC_LENGTH.
4957 	 */
4958 	headerp = (struct mode_header *)p4bufp;
4959 	if (un->un_f_cfg_is_atapi == TRUE) {
4960 		struct mode_header_grp2 *mhp =
4961 		    (struct mode_header_grp2 *)headerp;
4962 		bd_len = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
4963 	} else {
4964 		bd_len = ((struct mode_header *)headerp)->bdesc_length;
4965 	}
4966 
4967 	if (bd_len > MODE_BLK_DESC_LENGTH) {
4968 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4969 		    "received unexpected bd_len of %d, page4\n", bd_len);
4970 		goto page4_exit;
4971 	}
4972 
4973 	page4p = (struct mode_geometry *)
4974 	    ((caddr_t)headerp + mode_header_length + bd_len);
4975 
4976 	if (page4p->mode_page.code != SD_MODE_SENSE_PAGE4_CODE) {
4977 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4978 		    "mode sense pg4 code mismatch %d\n",
4979 		    page4p->mode_page.code);
4980 		goto page4_exit;
4981 	}
4982 
4983 	/*
4984 	 * Stash the data now, after we know that both commands completed.
4985 	 */
4986 
4987 	mutex_enter(SD_MUTEX(un));
4988 
4989 	nhead = (int)page4p->heads;	/* uchar, so no conversion needed */
4990 	spc   = nhead * nsect;
4991 	ncyl  = (page4p->cyl_ub << 16) + (page4p->cyl_mb << 8) + page4p->cyl_lb;
4992 	rpm   = BE_16(page4p->rpm);
4993 
4994 	modesense_capacity = spc * ncyl;
4995 
4996 	SD_INFO(SD_LOG_COMMON, un,
4997 	    "sd_get_physical_geometry: Geometry Parameters (page 4)\n");
4998 	SD_INFO(SD_LOG_COMMON, un,
4999 	    "   cylinders: %d; heads: %d; rpm: %d;\n", ncyl, nhead, rpm);
5000 	SD_INFO(SD_LOG_COMMON, un,
5001 	    "   computed capacity(h*s*c): %d;\n", modesense_capacity);
5002 	SD_INFO(SD_LOG_COMMON, un, "   pgeom_p: %p; read cap: %d\n",
5003 	    (void *)pgeom_p, capacity);
5004 
5005 	/*
5006 	 * Compensate if the drive's geometry is not rectangular, i.e.,
5007 	 * the product of C * H * S returned by MODE SENSE >= that returned
5008 	 * by read capacity. This is an idiosyncrasy of the original x86
5009 	 * disk subsystem.
5010 	 */
5011 	if (modesense_capacity >= capacity) {
5012 		SD_INFO(SD_LOG_COMMON, un,
5013 		    "sd_get_physical_geometry: adjusting acyl; "
5014 		    "old: %d; new: %d\n", pgeom_p->g_acyl,
5015 		    (modesense_capacity - capacity + spc - 1) / spc);
5016 		if (sector_size != 0) {
5017 			/* 1243403: NEC D38x7 drives don't support sec size */
5018 			pgeom_p->g_secsize = (unsigned short)sector_size;
5019 		}
5020 		pgeom_p->g_nsect    = (unsigned short)nsect;
5021 		pgeom_p->g_nhead    = (unsigned short)nhead;
5022 		pgeom_p->g_capacity = capacity;
5023 		pgeom_p->g_acyl	    =
5024 		    (modesense_capacity - pgeom_p->g_capacity + spc - 1) / spc;
5025 		pgeom_p->g_ncyl	    = ncyl - pgeom_p->g_acyl;
5026 	}
5027 
5028 	pgeom_p->g_rpm    = (unsigned short)rpm;
5029 	pgeom_p->g_intrlv = (unsigned short)intrlv;
5030 
5031 	SD_INFO(SD_LOG_COMMON, un,
5032 	    "sd_get_physical_geometry: mode sense geometry:\n");
5033 	SD_INFO(SD_LOG_COMMON, un,
5034 	    "   nsect: %d; sector size: %d; interlv: %d\n",
5035 	    nsect, sector_size, intrlv);
5036 	SD_INFO(SD_LOG_COMMON, un,
5037 	    "   nhead: %d; ncyl: %d; rpm: %d; capacity(ms): %d\n",
5038 	    nhead, ncyl, rpm, modesense_capacity);
5039 	SD_INFO(SD_LOG_COMMON, un,
5040 	    "sd_get_physical_geometry: (cached)\n");
5041 	SD_INFO(SD_LOG_COMMON, un,
5042 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
5043 	    un->un_pgeom.g_ncyl,  un->un_pgeom.g_acyl,
5044 	    un->un_pgeom.g_nhead, un->un_pgeom.g_nsect);
5045 	SD_INFO(SD_LOG_COMMON, un,
5046 	    "   lbasize: %d; capacity: %ld; intrlv: %d; rpm: %d\n",
5047 	    un->un_pgeom.g_secsize, un->un_pgeom.g_capacity,
5048 	    un->un_pgeom.g_intrlv, un->un_pgeom.g_rpm);
5049 
5050 	mutex_exit(SD_MUTEX(un));
5051 
5052 page4_exit:
5053 	kmem_free(p4bufp, SD_MODE_SENSE_PAGE4_LENGTH);
5054 page3_exit:
5055 	kmem_free(p3bufp, SD_MODE_SENSE_PAGE3_LENGTH);
5056 }
5057 
5058 
5059 /*
5060  *    Function: sd_get_virtual_geometry
5061  *
5062  * Description: Ask the controller to tell us about the target device.
5063  *
5064  *   Arguments: un - pointer to softstate
5065  *		capacity - disk capacity in #blocks
5066  *		lbasize - disk block size in bytes
5067  *
5068  *     Context: Kernel thread only
5069  */
5070 
5071 static void
5072 sd_get_virtual_geometry(struct sd_lun *un, int capacity, int lbasize)
5073 {
5074 	struct	geom_cache 	*lgeom_p = &un->un_lgeom;
5075 	uint_t	geombuf;
5076 	int	spc;
5077 
5078 	ASSERT(un != NULL);
5079 	ASSERT(mutex_owned(SD_MUTEX(un)));
5080 
5081 	mutex_exit(SD_MUTEX(un));
5082 
5083 	/* Set sector size, and total number of sectors */
5084 	(void) scsi_ifsetcap(SD_ADDRESS(un), "sector-size",   lbasize,  1);
5085 	(void) scsi_ifsetcap(SD_ADDRESS(un), "total-sectors", capacity, 1);
5086 
5087 	/* Let the HBA tell us its geometry */
5088 	geombuf = (uint_t)scsi_ifgetcap(SD_ADDRESS(un), "geometry", 1);
5089 
5090 	mutex_enter(SD_MUTEX(un));
5091 
5092 	/* A value of -1 indicates an undefined "geometry" property */
5093 	if (geombuf == (-1)) {
5094 		return;
5095 	}
5096 
5097 	/* Initialize the logical geometry cache. */
5098 	lgeom_p->g_nhead   = (geombuf >> 16) & 0xffff;
5099 	lgeom_p->g_nsect   = geombuf & 0xffff;
5100 	lgeom_p->g_secsize = un->un_sys_blocksize;
5101 
5102 	spc = lgeom_p->g_nhead * lgeom_p->g_nsect;
5103 
5104 	/*
5105 	 * Note: The driver originally converted the capacity value from
5106 	 * target blocks to system blocks. However, the capacity value passed
5107 	 * to this routine is already in terms of system blocks (this scaling
5108 	 * is done when the READ CAPACITY command is issued and processed).
5109 	 * This 'error' may have gone undetected because the usage of g_ncyl
5110 	 * (which is based upon g_capacity) is very limited within the driver
5111 	 */
5112 	lgeom_p->g_capacity = capacity;
5113 
5114 	/*
5115 	 * Set ncyl to zero if the hba returned a zero nhead or nsect value. The
5116 	 * hba may return zero values if the device has been removed.
5117 	 */
5118 	if (spc == 0) {
5119 		lgeom_p->g_ncyl = 0;
5120 	} else {
5121 		lgeom_p->g_ncyl = lgeom_p->g_capacity / spc;
5122 	}
5123 	lgeom_p->g_acyl = 0;
5124 
5125 	SD_INFO(SD_LOG_COMMON, un, "sd_get_virtual_geometry: (cached)\n");
5126 	SD_INFO(SD_LOG_COMMON, un,
5127 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
5128 	    un->un_lgeom.g_ncyl,  un->un_lgeom.g_acyl,
5129 	    un->un_lgeom.g_nhead, un->un_lgeom.g_nsect);
5130 	SD_INFO(SD_LOG_COMMON, un, "   lbasize: %d; capacity: %ld; "
5131 	    "intrlv: %d; rpm: %d\n", un->un_lgeom.g_secsize,
5132 	    un->un_lgeom.g_capacity, un->un_lgeom.g_intrlv, un->un_lgeom.g_rpm);
5133 }
5134 
5135 
5136 /*
5137  *    Function: sd_update_block_info
5138  *
5139  * Description: Calculate a byte count to sector count bitshift value
5140  *		from sector size.
5141  *
5142  *   Arguments: un: unit struct.
5143  *		lbasize: new target sector size
5144  *		capacity: new target capacity, ie. block count
5145  *
5146  *     Context: Kernel thread context
5147  */
5148 
5149 static void
5150 sd_update_block_info(struct sd_lun *un, uint32_t lbasize, uint64_t capacity)
5151 {
5152 	if (lbasize != 0) {
5153 		un->un_tgt_blocksize = lbasize;
5154 		un->un_f_tgt_blocksize_is_valid	= TRUE;
5155 	}
5156 
5157 	if (capacity != 0) {
5158 		un->un_blockcount		= capacity;
5159 		un->un_f_blockcount_is_valid	= TRUE;
5160 	}
5161 }
5162 
5163 
5164 static void
5165 sd_swap_efi_gpt(efi_gpt_t *e)
5166 {
5167 	_NOTE(ASSUMING_PROTECTED(*e))
5168 	e->efi_gpt_Signature = LE_64(e->efi_gpt_Signature);
5169 	e->efi_gpt_Revision = LE_32(e->efi_gpt_Revision);
5170 	e->efi_gpt_HeaderSize = LE_32(e->efi_gpt_HeaderSize);
5171 	e->efi_gpt_HeaderCRC32 = LE_32(e->efi_gpt_HeaderCRC32);
5172 	e->efi_gpt_MyLBA = LE_64(e->efi_gpt_MyLBA);
5173 	e->efi_gpt_AlternateLBA = LE_64(e->efi_gpt_AlternateLBA);
5174 	e->efi_gpt_FirstUsableLBA = LE_64(e->efi_gpt_FirstUsableLBA);
5175 	e->efi_gpt_LastUsableLBA = LE_64(e->efi_gpt_LastUsableLBA);
5176 	UUID_LE_CONVERT(e->efi_gpt_DiskGUID, e->efi_gpt_DiskGUID);
5177 	e->efi_gpt_PartitionEntryLBA = LE_64(e->efi_gpt_PartitionEntryLBA);
5178 	e->efi_gpt_NumberOfPartitionEntries =
5179 	    LE_32(e->efi_gpt_NumberOfPartitionEntries);
5180 	e->efi_gpt_SizeOfPartitionEntry =
5181 	    LE_32(e->efi_gpt_SizeOfPartitionEntry);
5182 	e->efi_gpt_PartitionEntryArrayCRC32 =
5183 	    LE_32(e->efi_gpt_PartitionEntryArrayCRC32);
5184 }
5185 
5186 static void
5187 sd_swap_efi_gpe(int nparts, efi_gpe_t *p)
5188 {
5189 	int i;
5190 
5191 	_NOTE(ASSUMING_PROTECTED(*p))
5192 	for (i = 0; i < nparts; i++) {
5193 		UUID_LE_CONVERT(p[i].efi_gpe_PartitionTypeGUID,
5194 		    p[i].efi_gpe_PartitionTypeGUID);
5195 		p[i].efi_gpe_StartingLBA = LE_64(p[i].efi_gpe_StartingLBA);
5196 		p[i].efi_gpe_EndingLBA = LE_64(p[i].efi_gpe_EndingLBA);
5197 		/* PartitionAttrs */
5198 	}
5199 }
5200 
5201 static int
5202 sd_validate_efi(efi_gpt_t *labp)
5203 {
5204 	if (labp->efi_gpt_Signature != EFI_SIGNATURE)
5205 		return (EINVAL);
5206 	/* at least 96 bytes in this version of the spec. */
5207 	if (sizeof (efi_gpt_t) - sizeof (labp->efi_gpt_Reserved2) >
5208 	    labp->efi_gpt_HeaderSize)
5209 		return (EINVAL);
5210 	/* this should be 128 bytes */
5211 	if (labp->efi_gpt_SizeOfPartitionEntry != sizeof (efi_gpe_t))
5212 		return (EINVAL);
5213 	return (0);
5214 }
5215 
5216 static int
5217 sd_use_efi(struct sd_lun *un, int path_flag)
5218 {
5219 	int		i;
5220 	int		rval = 0;
5221 	efi_gpe_t	*partitions;
5222 	uchar_t		*buf;
5223 	uint_t		lbasize;
5224 	uint64_t	cap;
5225 	uint_t		nparts;
5226 	diskaddr_t	gpe_lba;
5227 
5228 	ASSERT(mutex_owned(SD_MUTEX(un)));
5229 	lbasize = un->un_tgt_blocksize;
5230 
5231 	mutex_exit(SD_MUTEX(un));
5232 
5233 	buf = kmem_zalloc(EFI_MIN_ARRAY_SIZE, KM_SLEEP);
5234 
5235 	if (un->un_tgt_blocksize != un->un_sys_blocksize) {
5236 		rval = EINVAL;
5237 		goto done_err;
5238 	}
5239 
5240 	rval = sd_send_scsi_READ(un, buf, lbasize, 0, path_flag);
5241 	if (rval) {
5242 		goto done_err;
5243 	}
5244 	if (((struct dk_label *)buf)->dkl_magic == DKL_MAGIC) {
5245 		/* not ours */
5246 		rval = ESRCH;
5247 		goto done_err;
5248 	}
5249 
5250 	rval = sd_send_scsi_READ(un, buf, lbasize, 1, path_flag);
5251 	if (rval) {
5252 		goto done_err;
5253 	}
5254 	sd_swap_efi_gpt((efi_gpt_t *)buf);
5255 
5256 	if ((rval = sd_validate_efi((efi_gpt_t *)buf)) != 0) {
5257 		/*
5258 		 * Couldn't read the primary, try the backup.  Our
5259 		 * capacity at this point could be based on CHS, so
5260 		 * check what the device reports.
5261 		 */
5262 		rval = sd_send_scsi_READ_CAPACITY(un, &cap, &lbasize,
5263 		    path_flag);
5264 		if (rval) {
5265 			goto done_err;
5266 		}
5267 
5268 		/*
5269 		 * The MMC standard allows READ CAPACITY to be
5270 		 * inaccurate by a bounded amount (in the interest of
5271 		 * response latency).  As a result, failed READs are
5272 		 * commonplace (due to the reading of metadata and not
5273 		 * data). Depending on the per-Vendor/drive Sense data,
5274 		 * the failed READ can cause many (unnecessary) retries.
5275 		 */
5276 		if ((rval = sd_send_scsi_READ(un, buf, lbasize,
5277 		    cap - 1, (ISCD(un)) ? SD_PATH_DIRECT_PRIORITY :
5278 			path_flag)) != 0) {
5279 				goto done_err;
5280 		}
5281 
5282 		sd_swap_efi_gpt((efi_gpt_t *)buf);
5283 		if ((rval = sd_validate_efi((efi_gpt_t *)buf)) != 0)
5284 			goto done_err;
5285 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5286 		    "primary label corrupt; using backup\n");
5287 	}
5288 
5289 	nparts = ((efi_gpt_t *)buf)->efi_gpt_NumberOfPartitionEntries;
5290 	gpe_lba = ((efi_gpt_t *)buf)->efi_gpt_PartitionEntryLBA;
5291 
5292 	rval = sd_send_scsi_READ(un, buf, EFI_MIN_ARRAY_SIZE, gpe_lba,
5293 	    path_flag);
5294 	if (rval) {
5295 		goto done_err;
5296 	}
5297 	partitions = (efi_gpe_t *)buf;
5298 
5299 	if (nparts > MAXPART) {
5300 		nparts = MAXPART;
5301 	}
5302 	sd_swap_efi_gpe(nparts, partitions);
5303 
5304 	mutex_enter(SD_MUTEX(un));
5305 
5306 	/* Fill in partition table. */
5307 	for (i = 0; i < nparts; i++) {
5308 		if (partitions->efi_gpe_StartingLBA != 0 ||
5309 		    partitions->efi_gpe_EndingLBA != 0) {
5310 			un->un_map[i].dkl_cylno =
5311 			    partitions->efi_gpe_StartingLBA;
5312 			un->un_map[i].dkl_nblk =
5313 			    partitions->efi_gpe_EndingLBA -
5314 			    partitions->efi_gpe_StartingLBA + 1;
5315 			un->un_offset[i] =
5316 			    partitions->efi_gpe_StartingLBA;
5317 		}
5318 		if (i == WD_NODE) {
5319 			/*
5320 			 * minor number 7 corresponds to the whole disk
5321 			 */
5322 			un->un_map[i].dkl_cylno = 0;
5323 			un->un_map[i].dkl_nblk = un->un_blockcount;
5324 			un->un_offset[i] = 0;
5325 		}
5326 		partitions++;
5327 	}
5328 	un->un_solaris_offset = 0;
5329 	un->un_solaris_size = cap;
5330 	un->un_f_geometry_is_valid = TRUE;
5331 
5332 	/* clear the vtoc label */
5333 	bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
5334 
5335 	kmem_free(buf, EFI_MIN_ARRAY_SIZE);
5336 	return (0);
5337 
5338 done_err:
5339 	kmem_free(buf, EFI_MIN_ARRAY_SIZE);
5340 	mutex_enter(SD_MUTEX(un));
5341 	/*
5342 	 * if we didn't find something that could look like a VTOC
5343 	 * and the disk is over 1TB, we know there isn't a valid label.
5344 	 * Otherwise let sd_uselabel decide what to do.  We only
5345 	 * want to invalidate this if we're certain the label isn't
5346 	 * valid because sd_prop_op will now fail, which in turn
5347 	 * causes things like opens and stats on the partition to fail.
5348 	 */
5349 	if ((un->un_blockcount > DK_MAX_BLOCKS) && (rval != ESRCH)) {
5350 		un->un_f_geometry_is_valid = FALSE;
5351 	}
5352 	return (rval);
5353 }
5354 
5355 
5356 /*
5357  *    Function: sd_uselabel
5358  *
5359  * Description: Validate the disk label and update the relevant data (geometry,
5360  *		partition, vtoc, and capacity data) in the sd_lun struct.
5361  *		Marks the geometry of the unit as being valid.
5362  *
5363  *   Arguments: un: unit struct.
5364  *		dk_label: disk label
5365  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
5366  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
5367  *			to use the USCSI "direct" chain and bypass the normal
5368  *			command waitq.
5369  *
5370  * Return Code: SD_LABEL_IS_VALID: Label read from disk is OK; geometry,
5371  *		partition, vtoc, and capacity data are good.
5372  *
5373  *		SD_LABEL_IS_INVALID: Magic number or checksum error in the
5374  *		label; or computed capacity does not jibe with capacity
5375  *		reported from the READ CAPACITY command.
5376  *
5377  *     Context: Kernel thread only (can sleep).
5378  */
5379 
5380 static int
5381 sd_uselabel(struct sd_lun *un, struct dk_label *labp, int path_flag)
5382 {
5383 	short	*sp;
5384 	short	sum;
5385 	short	count;
5386 	int	label_error = SD_LABEL_IS_VALID;
5387 	int	i;
5388 	int	capacity;
5389 	int	part_end;
5390 	int	track_capacity;
5391 	int	err;
5392 #if defined(_SUNOS_VTOC_16)
5393 	struct	dkl_partition	*vpartp;
5394 #endif
5395 	ASSERT(un != NULL);
5396 	ASSERT(mutex_owned(SD_MUTEX(un)));
5397 
5398 	/* Validate the magic number of the label. */
5399 	if (labp->dkl_magic != DKL_MAGIC) {
5400 #if defined(__sparc)
5401 		if ((un->un_state == SD_STATE_NORMAL) &&
5402 			un->un_f_vtoc_errlog_supported) {
5403 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5404 			    "Corrupt label; wrong magic number\n");
5405 		}
5406 #endif
5407 		return (SD_LABEL_IS_INVALID);
5408 	}
5409 
5410 	/* Validate the checksum of the label. */
5411 	sp  = (short *)labp;
5412 	sum = 0;
5413 	count = sizeof (struct dk_label) / sizeof (short);
5414 	while (count--)	 {
5415 		sum ^= *sp++;
5416 	}
5417 
5418 	if (sum != 0) {
5419 #if	defined(_SUNOS_VTOC_16)
5420 		if ((un->un_state == SD_STATE_NORMAL) && !ISCD(un)) {
5421 #elif defined(_SUNOS_VTOC_8)
5422 		if ((un->un_state == SD_STATE_NORMAL) &&
5423 		    un->un_f_vtoc_errlog_supported) {
5424 #endif
5425 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5426 			    "Corrupt label - label checksum failed\n");
5427 		}
5428 		return (SD_LABEL_IS_INVALID);
5429 	}
5430 
5431 
5432 	/*
5433 	 * Fill in geometry structure with data from label.
5434 	 */
5435 	bzero(&un->un_g, sizeof (struct dk_geom));
5436 	un->un_g.dkg_ncyl   = labp->dkl_ncyl;
5437 	un->un_g.dkg_acyl   = labp->dkl_acyl;
5438 	un->un_g.dkg_bcyl   = 0;
5439 	un->un_g.dkg_nhead  = labp->dkl_nhead;
5440 	un->un_g.dkg_nsect  = labp->dkl_nsect;
5441 	un->un_g.dkg_intrlv = labp->dkl_intrlv;
5442 
5443 #if defined(_SUNOS_VTOC_8)
5444 	un->un_g.dkg_gap1   = labp->dkl_gap1;
5445 	un->un_g.dkg_gap2   = labp->dkl_gap2;
5446 	un->un_g.dkg_bhead  = labp->dkl_bhead;
5447 #endif
5448 #if defined(_SUNOS_VTOC_16)
5449 	un->un_dkg_skew = labp->dkl_skew;
5450 #endif
5451 
5452 #if defined(__i386) || defined(__amd64)
5453 	un->un_g.dkg_apc = labp->dkl_apc;
5454 #endif
5455 
5456 	/*
5457 	 * Currently we rely on the values in the label being accurate. If
5458 	 * dlk_rpm or dlk_pcly are zero in the label, use a default value.
5459 	 *
5460 	 * Note: In the future a MODE SENSE may be used to retrieve this data,
5461 	 * although this command is optional in SCSI-2.
5462 	 */
5463 	un->un_g.dkg_rpm  = (labp->dkl_rpm  != 0) ? labp->dkl_rpm  : 3600;
5464 	un->un_g.dkg_pcyl = (labp->dkl_pcyl != 0) ? labp->dkl_pcyl :
5465 	    (un->un_g.dkg_ncyl + un->un_g.dkg_acyl);
5466 
5467 	/*
5468 	 * The Read and Write reinstruct values may not be valid
5469 	 * for older disks.
5470 	 */
5471 	un->un_g.dkg_read_reinstruct  = labp->dkl_read_reinstruct;
5472 	un->un_g.dkg_write_reinstruct = labp->dkl_write_reinstruct;
5473 
5474 	/* Fill in partition table. */
5475 #if defined(_SUNOS_VTOC_8)
5476 	for (i = 0; i < NDKMAP; i++) {
5477 		un->un_map[i].dkl_cylno = labp->dkl_map[i].dkl_cylno;
5478 		un->un_map[i].dkl_nblk  = labp->dkl_map[i].dkl_nblk;
5479 	}
5480 #endif
5481 #if  defined(_SUNOS_VTOC_16)
5482 	vpartp		= labp->dkl_vtoc.v_part;
5483 	track_capacity	= labp->dkl_nhead * labp->dkl_nsect;
5484 
5485 	/* Prevent divide by zero */
5486 	if (track_capacity == 0) {
5487 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5488 		    "Corrupt label - zero nhead or nsect value\n");
5489 
5490 		return (SD_LABEL_IS_INVALID);
5491 	}
5492 
5493 	for (i = 0; i < NDKMAP; i++, vpartp++) {
5494 		un->un_map[i].dkl_cylno = vpartp->p_start / track_capacity;
5495 		un->un_map[i].dkl_nblk  = vpartp->p_size;
5496 	}
5497 #endif
5498 
5499 	/* Fill in VTOC Structure. */
5500 	bcopy(&labp->dkl_vtoc, &un->un_vtoc, sizeof (struct dk_vtoc));
5501 #if defined(_SUNOS_VTOC_8)
5502 	/*
5503 	 * The 8-slice vtoc does not include the ascii label; save it into
5504 	 * the device's soft state structure here.
5505 	 */
5506 	bcopy(labp->dkl_asciilabel, un->un_asciilabel, LEN_DKL_ASCII);
5507 #endif
5508 
5509 	/* Now look for a valid capacity. */
5510 	track_capacity	= (un->un_g.dkg_nhead * un->un_g.dkg_nsect);
5511 	capacity	= (un->un_g.dkg_ncyl  * track_capacity);
5512 
5513 	if (un->un_g.dkg_acyl) {
5514 #if defined(__i386) || defined(__amd64)
5515 		/* we may have > 1 alts cylinder */
5516 		capacity += (track_capacity * un->un_g.dkg_acyl);
5517 #else
5518 		capacity += track_capacity;
5519 #endif
5520 	}
5521 
5522 	/*
5523 	 * Force check here to ensure the computed capacity is valid.
5524 	 * If capacity is zero, it indicates an invalid label and
5525 	 * we should abort updating the relevant data then.
5526 	 */
5527 	if (capacity == 0) {
5528 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5529 		    "Corrupt label - no valid capacity could be retrieved\n");
5530 
5531 		return (SD_LABEL_IS_INVALID);
5532 	}
5533 
5534 	/* Mark the geometry as valid. */
5535 	un->un_f_geometry_is_valid = TRUE;
5536 
5537 	/*
5538 	 * At this point, un->un_blockcount should contain valid data from
5539 	 * the READ CAPACITY command.
5540 	 */
5541 	if (un->un_f_blockcount_is_valid != TRUE) {
5542 		/*
5543 		 * We have a situation where the target didn't give us a good
5544 		 * READ CAPACITY value, yet there appears to be a valid label.
5545 		 * In this case, we'll fake the capacity.
5546 		 */
5547 		un->un_blockcount = capacity;
5548 		un->un_f_blockcount_is_valid = TRUE;
5549 		goto done;
5550 	}
5551 
5552 
5553 	if ((capacity <= un->un_blockcount) ||
5554 	    (un->un_state != SD_STATE_NORMAL)) {
5555 #if defined(_SUNOS_VTOC_8)
5556 		/*
5557 		 * We can't let this happen on drives that are subdivided
5558 		 * into logical disks (i.e., that have an fdisk table).
5559 		 * The un_blockcount field should always hold the full media
5560 		 * size in sectors, period.  This code would overwrite
5561 		 * un_blockcount with the size of the Solaris fdisk partition.
5562 		 */
5563 		SD_ERROR(SD_LOG_COMMON, un,
5564 		    "sd_uselabel: Label %d blocks; Drive %d blocks\n",
5565 		    capacity, un->un_blockcount);
5566 		un->un_blockcount = capacity;
5567 		un->un_f_blockcount_is_valid = TRUE;
5568 #endif	/* defined(_SUNOS_VTOC_8) */
5569 		goto done;
5570 	}
5571 
5572 	if (ISCD(un)) {
5573 		/* For CDROMs, we trust that the data in the label is OK. */
5574 #if defined(_SUNOS_VTOC_8)
5575 		for (i = 0; i < NDKMAP; i++) {
5576 			part_end = labp->dkl_nhead * labp->dkl_nsect *
5577 			    labp->dkl_map[i].dkl_cylno +
5578 			    labp->dkl_map[i].dkl_nblk  - 1;
5579 
5580 			if ((labp->dkl_map[i].dkl_nblk) &&
5581 			    (part_end > un->un_blockcount)) {
5582 				un->un_f_geometry_is_valid = FALSE;
5583 				break;
5584 			}
5585 		}
5586 #endif
5587 #if defined(_SUNOS_VTOC_16)
5588 		vpartp = &(labp->dkl_vtoc.v_part[0]);
5589 		for (i = 0; i < NDKMAP; i++, vpartp++) {
5590 			part_end = vpartp->p_start + vpartp->p_size;
5591 			if ((vpartp->p_size > 0) &&
5592 			    (part_end > un->un_blockcount)) {
5593 				un->un_f_geometry_is_valid = FALSE;
5594 				break;
5595 			}
5596 		}
5597 #endif
5598 	} else {
5599 		uint64_t t_capacity;
5600 		uint32_t t_lbasize;
5601 
5602 		mutex_exit(SD_MUTEX(un));
5603 		err = sd_send_scsi_READ_CAPACITY(un, &t_capacity, &t_lbasize,
5604 		    path_flag);
5605 		ASSERT(t_capacity <= DK_MAX_BLOCKS);
5606 		mutex_enter(SD_MUTEX(un));
5607 
5608 		if (err == 0) {
5609 			sd_update_block_info(un, t_lbasize, t_capacity);
5610 		}
5611 
5612 		if (capacity > un->un_blockcount) {
5613 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5614 			    "Corrupt label - bad geometry\n");
5615 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
5616 			    "Label says %u blocks; Drive says %llu blocks\n",
5617 			    capacity, (unsigned long long)un->un_blockcount);
5618 			un->un_f_geometry_is_valid = FALSE;
5619 			label_error = SD_LABEL_IS_INVALID;
5620 		}
5621 	}
5622 
5623 done:
5624 
5625 	SD_INFO(SD_LOG_COMMON, un, "sd_uselabel: (label geometry)\n");
5626 	SD_INFO(SD_LOG_COMMON, un,
5627 	    "   ncyl: %d; acyl: %d; nhead: %d; nsect: %d\n",
5628 	    un->un_g.dkg_ncyl,  un->un_g.dkg_acyl,
5629 	    un->un_g.dkg_nhead, un->un_g.dkg_nsect);
5630 	SD_INFO(SD_LOG_COMMON, un,
5631 	    "   lbasize: %d; capacity: %d; intrlv: %d; rpm: %d\n",
5632 	    un->un_tgt_blocksize, un->un_blockcount,
5633 	    un->un_g.dkg_intrlv, un->un_g.dkg_rpm);
5634 	SD_INFO(SD_LOG_COMMON, un, "   wrt_reinstr: %d; rd_reinstr: %d\n",
5635 	    un->un_g.dkg_write_reinstruct, un->un_g.dkg_read_reinstruct);
5636 
5637 	ASSERT(mutex_owned(SD_MUTEX(un)));
5638 
5639 	return (label_error);
5640 }
5641 
5642 
5643 /*
5644  *    Function: sd_build_default_label
5645  *
5646  * Description: Generate a default label for those devices that do not have
5647  *		one, e.g., new media, removable cartridges, etc..
5648  *
5649  *     Context: Kernel thread only
5650  */
5651 
5652 static void
5653 sd_build_default_label(struct sd_lun *un)
5654 {
5655 #if defined(_SUNOS_VTOC_16)
5656 	uint_t	phys_spc;
5657 	uint_t	disksize;
5658 	struct	dk_geom un_g;
5659 #endif
5660 
5661 	ASSERT(un != NULL);
5662 	ASSERT(mutex_owned(SD_MUTEX(un)));
5663 
5664 #if defined(_SUNOS_VTOC_8)
5665 	/*
5666 	 * Note: This is a legacy check for non-removable devices on VTOC_8
5667 	 * only. This may be a valid check for VTOC_16 as well.
5668 	 * Once we understand why there is this difference between SPARC and
5669 	 * x86 platform, we could remove this legacy check.
5670 	 */
5671 	ASSERT(un->un_f_default_vtoc_supported);
5672 #endif
5673 
5674 	bzero(&un->un_g, sizeof (struct dk_geom));
5675 	bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
5676 	bzero(&un->un_map, NDKMAP * (sizeof (struct dk_map)));
5677 
5678 #if defined(_SUNOS_VTOC_8)
5679 
5680 	/*
5681 	 * It's a REMOVABLE media, therefore no label (on sparc, anyway).
5682 	 * But it is still necessary to set up various geometry information,
5683 	 * and we are doing this here.
5684 	 */
5685 
5686 	/*
5687 	 * For the rpm, we use the minimum for the disk.  For the head, cyl,
5688 	 * and number of sector per track, if the capacity <= 1GB, head = 64,
5689 	 * sect = 32.  else head = 255, sect 63 Note: the capacity should be
5690 	 * equal to C*H*S values.  This will cause some truncation of size due
5691 	 * to round off errors. For CD-ROMs, this truncation can have adverse
5692 	 * side effects, so returning ncyl and nhead as 1. The nsect will
5693 	 * overflow for most of CD-ROMs as nsect is of type ushort. (4190569)
5694 	 */
5695 	if (ISCD(un)) {
5696 		/*
5697 		 * Preserve the old behavior for non-writable
5698 		 * medias. Since dkg_nsect is a ushort, it
5699 		 * will lose bits as cdroms have more than
5700 		 * 65536 sectors. So if we recalculate
5701 		 * capacity, it will become much shorter.
5702 		 * But the dkg_* information is not
5703 		 * used for CDROMs so it is OK. But for
5704 		 * Writable CDs we need this information
5705 		 * to be valid (for newfs say). So we
5706 		 * make nsect and nhead > 1 that way
5707 		 * nsect can still stay within ushort limit
5708 		 * without losing any bits.
5709 		 */
5710 		if (un->un_f_mmc_writable_media == TRUE) {
5711 			un->un_g.dkg_nhead = 64;
5712 			un->un_g.dkg_nsect = 32;
5713 			un->un_g.dkg_ncyl = un->un_blockcount / (64 * 32);
5714 			un->un_blockcount = un->un_g.dkg_ncyl *
5715 			    un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5716 		} else {
5717 			un->un_g.dkg_ncyl  = 1;
5718 			un->un_g.dkg_nhead = 1;
5719 			un->un_g.dkg_nsect = un->un_blockcount;
5720 		}
5721 	} else {
5722 		if (un->un_blockcount <= 0x1000) {
5723 			/* unlabeled SCSI floppy device */
5724 			un->un_g.dkg_nhead = 2;
5725 			un->un_g.dkg_ncyl = 80;
5726 			un->un_g.dkg_nsect = un->un_blockcount / (2 * 80);
5727 		} else if (un->un_blockcount <= 0x200000) {
5728 			un->un_g.dkg_nhead = 64;
5729 			un->un_g.dkg_nsect = 32;
5730 			un->un_g.dkg_ncyl  = un->un_blockcount / (64 * 32);
5731 		} else {
5732 			un->un_g.dkg_nhead = 255;
5733 			un->un_g.dkg_nsect = 63;
5734 			un->un_g.dkg_ncyl  = un->un_blockcount / (255 * 63);
5735 		}
5736 		un->un_blockcount =
5737 		    un->un_g.dkg_ncyl * un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5738 	}
5739 
5740 	un->un_g.dkg_acyl	= 0;
5741 	un->un_g.dkg_bcyl	= 0;
5742 	un->un_g.dkg_rpm	= 200;
5743 	un->un_asciilabel[0]	= '\0';
5744 	un->un_g.dkg_pcyl	= un->un_g.dkg_ncyl;
5745 
5746 	un->un_map[0].dkl_cylno = 0;
5747 	un->un_map[0].dkl_nblk  = un->un_blockcount;
5748 	un->un_map[2].dkl_cylno = 0;
5749 	un->un_map[2].dkl_nblk  = un->un_blockcount;
5750 
5751 #elif defined(_SUNOS_VTOC_16)
5752 
5753 	if (un->un_solaris_size == 0) {
5754 		/*
5755 		 * Got fdisk table but no solaris entry therefore
5756 		 * don't create a default label
5757 		 */
5758 		un->un_f_geometry_is_valid = TRUE;
5759 		return;
5760 	}
5761 
5762 	/*
5763 	 * For CDs we continue to use the physical geometry to calculate
5764 	 * number of cylinders. All other devices must convert the
5765 	 * physical geometry (geom_cache) to values that will fit
5766 	 * in a dk_geom structure.
5767 	 */
5768 	if (ISCD(un)) {
5769 		phys_spc = un->un_pgeom.g_nhead * un->un_pgeom.g_nsect;
5770 	} else {
5771 		/* Convert physical geometry to disk geometry */
5772 		bzero(&un_g, sizeof (struct dk_geom));
5773 		sd_convert_geometry(un->un_blockcount, &un_g);
5774 		bcopy(&un_g, &un->un_g, sizeof (un->un_g));
5775 		phys_spc = un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5776 	}
5777 
5778 	ASSERT(phys_spc != 0);
5779 	un->un_g.dkg_pcyl = un->un_solaris_size / phys_spc;
5780 	un->un_g.dkg_acyl = DK_ACYL;
5781 	un->un_g.dkg_ncyl = un->un_g.dkg_pcyl - DK_ACYL;
5782 	disksize = un->un_g.dkg_ncyl * phys_spc;
5783 
5784 	if (ISCD(un)) {
5785 		/*
5786 		 * CD's don't use the "heads * sectors * cyls"-type of
5787 		 * geometry, but instead use the entire capacity of the media.
5788 		 */
5789 		disksize = un->un_solaris_size;
5790 		un->un_g.dkg_nhead = 1;
5791 		un->un_g.dkg_nsect = 1;
5792 		un->un_g.dkg_rpm =
5793 		    (un->un_pgeom.g_rpm == 0) ? 200 : un->un_pgeom.g_rpm;
5794 
5795 		un->un_vtoc.v_part[0].p_start = 0;
5796 		un->un_vtoc.v_part[0].p_size  = disksize;
5797 		un->un_vtoc.v_part[0].p_tag   = V_BACKUP;
5798 		un->un_vtoc.v_part[0].p_flag  = V_UNMNT;
5799 
5800 		un->un_map[0].dkl_cylno = 0;
5801 		un->un_map[0].dkl_nblk  = disksize;
5802 		un->un_offset[0] = 0;
5803 
5804 	} else {
5805 		/*
5806 		 * Hard disks and removable media cartridges
5807 		 */
5808 		un->un_g.dkg_rpm =
5809 		    (un->un_pgeom.g_rpm == 0) ? 3600: un->un_pgeom.g_rpm;
5810 		un->un_vtoc.v_sectorsz = un->un_sys_blocksize;
5811 
5812 		/* Add boot slice */
5813 		un->un_vtoc.v_part[8].p_start = 0;
5814 		un->un_vtoc.v_part[8].p_size  = phys_spc;
5815 		un->un_vtoc.v_part[8].p_tag   = V_BOOT;
5816 		un->un_vtoc.v_part[8].p_flag  = V_UNMNT;
5817 
5818 		un->un_map[8].dkl_cylno = 0;
5819 		un->un_map[8].dkl_nblk  = phys_spc;
5820 		un->un_offset[8] = 0;
5821 	}
5822 
5823 	un->un_g.dkg_apc = 0;
5824 	un->un_vtoc.v_nparts = V_NUMPAR;
5825 	un->un_vtoc.v_version = V_VERSION;
5826 
5827 	/* Add backup slice */
5828 	un->un_vtoc.v_part[2].p_start = 0;
5829 	un->un_vtoc.v_part[2].p_size  = disksize;
5830 	un->un_vtoc.v_part[2].p_tag   = V_BACKUP;
5831 	un->un_vtoc.v_part[2].p_flag  = V_UNMNT;
5832 
5833 	un->un_map[2].dkl_cylno = 0;
5834 	un->un_map[2].dkl_nblk  = disksize;
5835 	un->un_offset[2] = 0;
5836 
5837 	(void) sprintf(un->un_vtoc.v_asciilabel, "DEFAULT cyl %d alt %d"
5838 	    " hd %d sec %d", un->un_g.dkg_ncyl, un->un_g.dkg_acyl,
5839 	    un->un_g.dkg_nhead, un->un_g.dkg_nsect);
5840 
5841 #else
5842 #error "No VTOC format defined."
5843 #endif
5844 
5845 	un->un_g.dkg_read_reinstruct  = 0;
5846 	un->un_g.dkg_write_reinstruct = 0;
5847 
5848 	un->un_g.dkg_intrlv = 1;
5849 
5850 	un->un_vtoc.v_sanity  = VTOC_SANE;
5851 
5852 	un->un_f_geometry_is_valid = TRUE;
5853 
5854 	SD_INFO(SD_LOG_COMMON, un,
5855 	    "sd_build_default_label: Default label created: "
5856 	    "cyl: %d\tacyl: %d\tnhead: %d\tnsect: %d\tcap: %d\n",
5857 	    un->un_g.dkg_ncyl, un->un_g.dkg_acyl, un->un_g.dkg_nhead,
5858 	    un->un_g.dkg_nsect, un->un_blockcount);
5859 }
5860 
5861 
5862 #if defined(_FIRMWARE_NEEDS_FDISK)
5863 /*
5864  * Max CHS values, as they are encoded into bytes, for 1022/254/63
5865  */
5866 #define	LBA_MAX_SECT	(63 | ((1022 & 0x300) >> 2))
5867 #define	LBA_MAX_CYL	(1022 & 0xFF)
5868 #define	LBA_MAX_HEAD	(254)
5869 
5870 
5871 /*
5872  *    Function: sd_has_max_chs_vals
5873  *
5874  * Description: Return TRUE if Cylinder-Head-Sector values are all at maximum.
5875  *
5876  *   Arguments: fdp - ptr to CHS info
5877  *
5878  * Return Code: True or false
5879  *
5880  *     Context: Any.
5881  */
5882 
5883 static int
5884 sd_has_max_chs_vals(struct ipart *fdp)
5885 {
5886 	return ((fdp->begcyl  == LBA_MAX_CYL)	&&
5887 	    (fdp->beghead == LBA_MAX_HEAD)	&&
5888 	    (fdp->begsect == LBA_MAX_SECT)	&&
5889 	    (fdp->endcyl  == LBA_MAX_CYL)	&&
5890 	    (fdp->endhead == LBA_MAX_HEAD)	&&
5891 	    (fdp->endsect == LBA_MAX_SECT));
5892 }
5893 #endif
5894 
5895 
5896 /*
5897  *    Function: sd_inq_fill
5898  *
5899  * Description: Print a piece of inquiry data, cleaned up for non-printable
5900  *		characters and stopping at the first space character after
5901  *		the beginning of the passed string;
5902  *
5903  *   Arguments: p - source string
5904  *		l - maximum length to copy
5905  *		s - destination string
5906  *
5907  *     Context: Any.
5908  */
5909 
5910 static void
5911 sd_inq_fill(char *p, int l, char *s)
5912 {
5913 	unsigned i = 0;
5914 	char c;
5915 
5916 	while (i++ < l) {
5917 		if ((c = *p++) < ' ' || c >= 0x7F) {
5918 			c = '*';
5919 		} else if (i != 1 && c == ' ') {
5920 			break;
5921 		}
5922 		*s++ = c;
5923 	}
5924 	*s++ = 0;
5925 }
5926 
5927 
5928 /*
5929  *    Function: sd_register_devid
5930  *
5931  * Description: This routine will obtain the device id information from the
5932  *		target, obtain the serial number, and register the device
5933  *		id with the ddi framework.
5934  *
5935  *   Arguments: devi - the system's dev_info_t for the device.
5936  *		un - driver soft state (unit) structure
5937  *		reservation_flag - indicates if a reservation conflict
5938  *		occurred during attach
5939  *
5940  *     Context: Kernel Thread
5941  */
5942 static void
5943 sd_register_devid(struct sd_lun *un, dev_info_t *devi, int reservation_flag)
5944 {
5945 	int		rval		= 0;
5946 	uchar_t		*inq80		= NULL;
5947 	size_t		inq80_len	= MAX_INQUIRY_SIZE;
5948 	size_t		inq80_resid	= 0;
5949 	uchar_t		*inq83		= NULL;
5950 	size_t		inq83_len	= MAX_INQUIRY_SIZE;
5951 	size_t		inq83_resid	= 0;
5952 
5953 	ASSERT(un != NULL);
5954 	ASSERT(mutex_owned(SD_MUTEX(un)));
5955 	ASSERT((SD_DEVINFO(un)) == devi);
5956 
5957 	/*
5958 	 * This is the case of antiquated Sun disk drives that have the
5959 	 * FAB_DEVID property set in the disk_table.  These drives
5960 	 * manage the devid's by storing them in last 2 available sectors
5961 	 * on the drive and have them fabricated by the ddi layer by calling
5962 	 * ddi_devid_init and passing the DEVID_FAB flag.
5963 	 */
5964 	if (un->un_f_opt_fab_devid == TRUE) {
5965 		/*
5966 		 * Depending on EINVAL isn't reliable, since a reserved disk
5967 		 * may result in invalid geometry, so check to make sure a
5968 		 * reservation conflict did not occur during attach.
5969 		 */
5970 		if ((sd_get_devid(un) == EINVAL) &&
5971 		    (reservation_flag != SD_TARGET_IS_RESERVED)) {
5972 			/*
5973 			 * The devid is invalid AND there is no reservation
5974 			 * conflict.  Fabricate a new devid.
5975 			 */
5976 			(void) sd_create_devid(un);
5977 		}
5978 
5979 		/* Register the devid if it exists */
5980 		if (un->un_devid != NULL) {
5981 			(void) ddi_devid_register(SD_DEVINFO(un),
5982 			    un->un_devid);
5983 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
5984 			    "sd_register_devid: Devid Fabricated\n");
5985 		}
5986 		return;
5987 	}
5988 
5989 	/*
5990 	 * We check the availibility of the World Wide Name (0x83) and Unit
5991 	 * Serial Number (0x80) pages in sd_check_vpd_page_support(), and using
5992 	 * un_vpd_page_mask from them, we decide which way to get the WWN.  If
5993 	 * 0x83 is availible, that is the best choice.  Our next choice is
5994 	 * 0x80.  If neither are availible, we munge the devid from the device
5995 	 * vid/pid/serial # for Sun qualified disks, or use the ddi framework
5996 	 * to fabricate a devid for non-Sun qualified disks.
5997 	 */
5998 	if (sd_check_vpd_page_support(un) == 0) {
5999 		/* collect page 80 data if available */
6000 		if (un->un_vpd_page_mask & SD_VPD_UNIT_SERIAL_PG) {
6001 
6002 			mutex_exit(SD_MUTEX(un));
6003 			inq80 = kmem_zalloc(inq80_len, KM_SLEEP);
6004 			rval = sd_send_scsi_INQUIRY(un, inq80, inq80_len,
6005 			    0x01, 0x80, &inq80_resid);
6006 
6007 			if (rval != 0) {
6008 				kmem_free(inq80, inq80_len);
6009 				inq80 = NULL;
6010 				inq80_len = 0;
6011 			}
6012 			mutex_enter(SD_MUTEX(un));
6013 		}
6014 
6015 		/* collect page 83 data if available */
6016 		if (un->un_vpd_page_mask & SD_VPD_DEVID_WWN_PG) {
6017 			mutex_exit(SD_MUTEX(un));
6018 			inq83 = kmem_zalloc(inq83_len, KM_SLEEP);
6019 			rval = sd_send_scsi_INQUIRY(un, inq83, inq83_len,
6020 			    0x01, 0x83, &inq83_resid);
6021 
6022 			if (rval != 0) {
6023 				kmem_free(inq83, inq83_len);
6024 				inq83 = NULL;
6025 				inq83_len = 0;
6026 			}
6027 			mutex_enter(SD_MUTEX(un));
6028 		}
6029 	}
6030 
6031 	/* encode best devid possible based on data available */
6032 	if (ddi_devid_scsi_encode(DEVID_SCSI_ENCODE_VERSION_LATEST,
6033 	    (char *)ddi_driver_name(SD_DEVINFO(un)),
6034 	    (uchar_t *)SD_INQUIRY(un), sizeof (*SD_INQUIRY(un)),
6035 	    inq80, inq80_len - inq80_resid, inq83, inq83_len -
6036 	    inq83_resid, &un->un_devid) == DDI_SUCCESS) {
6037 
6038 		/* devid successfully encoded, register devid */
6039 		(void) ddi_devid_register(SD_DEVINFO(un), un->un_devid);
6040 
6041 	} else {
6042 		/*
6043 		 * Unable to encode a devid based on data available.
6044 		 * This is not a Sun qualified disk.  Older Sun disk
6045 		 * drives that have the SD_FAB_DEVID property
6046 		 * set in the disk_table and non Sun qualified
6047 		 * disks are treated in the same manner.  These
6048 		 * drives manage the devid's by storing them in
6049 		 * last 2 available sectors on the drive and
6050 		 * have them fabricated by the ddi layer by
6051 		 * calling ddi_devid_init and passing the
6052 		 * DEVID_FAB flag.
6053 		 * Create a fabricate devid only if there's no
6054 		 * fabricate devid existed.
6055 		 */
6056 		if (sd_get_devid(un) == EINVAL) {
6057 			(void) sd_create_devid(un);
6058 			un->un_f_opt_fab_devid = TRUE;
6059 		}
6060 
6061 		/* Register the devid if it exists */
6062 		if (un->un_devid != NULL) {
6063 			(void) ddi_devid_register(SD_DEVINFO(un),
6064 			    un->un_devid);
6065 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
6066 			    "sd_register_devid: devid fabricated using "
6067 			    "ddi framework\n");
6068 		}
6069 	}
6070 
6071 	/* clean up resources */
6072 	if (inq80 != NULL) {
6073 		kmem_free(inq80, inq80_len);
6074 	}
6075 	if (inq83 != NULL) {
6076 		kmem_free(inq83, inq83_len);
6077 	}
6078 }
6079 
6080 static daddr_t
6081 sd_get_devid_block(struct sd_lun *un)
6082 {
6083 	daddr_t			spc, blk, head, cyl;
6084 
6085 	if (un->un_blockcount <= DK_MAX_BLOCKS) {
6086 		/* this geometry doesn't allow us to write a devid */
6087 		if (un->un_g.dkg_acyl < 2) {
6088 			return (-1);
6089 		}
6090 
6091 		/*
6092 		 * Subtract 2 guarantees that the next to last cylinder
6093 		 * is used
6094 		 */
6095 		cyl  = un->un_g.dkg_ncyl  + un->un_g.dkg_acyl - 2;
6096 		spc  = un->un_g.dkg_nhead * un->un_g.dkg_nsect;
6097 		head = un->un_g.dkg_nhead - 1;
6098 		blk  = (cyl * (spc - un->un_g.dkg_apc)) +
6099 		    (head * un->un_g.dkg_nsect) + 1;
6100 	} else {
6101 		if (un->un_reserved != -1) {
6102 			blk = un->un_map[un->un_reserved].dkl_cylno + 1;
6103 		} else {
6104 			return (-1);
6105 		}
6106 	}
6107 	return (blk);
6108 }
6109 
6110 /*
6111  *    Function: sd_get_devid
6112  *
6113  * Description: This routine will return 0 if a valid device id has been
6114  *		obtained from the target and stored in the soft state. If a
6115  *		valid device id has not been previously read and stored, a
6116  *		read attempt will be made.
6117  *
6118  *   Arguments: un - driver soft state (unit) structure
6119  *
6120  * Return Code: 0 if we successfully get the device id
6121  *
6122  *     Context: Kernel Thread
6123  */
6124 
6125 static int
6126 sd_get_devid(struct sd_lun *un)
6127 {
6128 	struct dk_devid		*dkdevid;
6129 	ddi_devid_t		tmpid;
6130 	uint_t			*ip;
6131 	size_t			sz;
6132 	daddr_t			blk;
6133 	int			status;
6134 	int			chksum;
6135 	int			i;
6136 	size_t			buffer_size;
6137 
6138 	ASSERT(un != NULL);
6139 	ASSERT(mutex_owned(SD_MUTEX(un)));
6140 
6141 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_get_devid: entry: un: 0x%p\n",
6142 	    un);
6143 
6144 	if (un->un_devid != NULL) {
6145 		return (0);
6146 	}
6147 
6148 	blk = sd_get_devid_block(un);
6149 	if (blk < 0)
6150 		return (EINVAL);
6151 
6152 	/*
6153 	 * Read and verify device id, stored in the reserved cylinders at the
6154 	 * end of the disk. Backup label is on the odd sectors of the last
6155 	 * track of the last cylinder. Device id will be on track of the next
6156 	 * to last cylinder.
6157 	 */
6158 	buffer_size = SD_REQBYTES2TGTBYTES(un, sizeof (struct dk_devid));
6159 	mutex_exit(SD_MUTEX(un));
6160 	dkdevid = kmem_alloc(buffer_size, KM_SLEEP);
6161 	status = sd_send_scsi_READ(un, dkdevid, buffer_size, blk,
6162 	    SD_PATH_DIRECT);
6163 	if (status != 0) {
6164 		goto error;
6165 	}
6166 
6167 	/* Validate the revision */
6168 	if ((dkdevid->dkd_rev_hi != DK_DEVID_REV_MSB) ||
6169 	    (dkdevid->dkd_rev_lo != DK_DEVID_REV_LSB)) {
6170 		status = EINVAL;
6171 		goto error;
6172 	}
6173 
6174 	/* Calculate the checksum */
6175 	chksum = 0;
6176 	ip = (uint_t *)dkdevid;
6177 	for (i = 0; i < ((un->un_sys_blocksize - sizeof (int))/sizeof (int));
6178 	    i++) {
6179 		chksum ^= ip[i];
6180 	}
6181 
6182 	/* Compare the checksums */
6183 	if (DKD_GETCHKSUM(dkdevid) != chksum) {
6184 		status = EINVAL;
6185 		goto error;
6186 	}
6187 
6188 	/* Validate the device id */
6189 	if (ddi_devid_valid((ddi_devid_t)&dkdevid->dkd_devid) != DDI_SUCCESS) {
6190 		status = EINVAL;
6191 		goto error;
6192 	}
6193 
6194 	/*
6195 	 * Store the device id in the driver soft state
6196 	 */
6197 	sz = ddi_devid_sizeof((ddi_devid_t)&dkdevid->dkd_devid);
6198 	tmpid = kmem_alloc(sz, KM_SLEEP);
6199 
6200 	mutex_enter(SD_MUTEX(un));
6201 
6202 	un->un_devid = tmpid;
6203 	bcopy(&dkdevid->dkd_devid, un->un_devid, sz);
6204 
6205 	kmem_free(dkdevid, buffer_size);
6206 
6207 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_get_devid: exit: un:0x%p\n", un);
6208 
6209 	return (status);
6210 error:
6211 	mutex_enter(SD_MUTEX(un));
6212 	kmem_free(dkdevid, buffer_size);
6213 	return (status);
6214 }
6215 
6216 
6217 /*
6218  *    Function: sd_create_devid
6219  *
6220  * Description: This routine will fabricate the device id and write it
6221  *		to the disk.
6222  *
6223  *   Arguments: un - driver soft state (unit) structure
6224  *
6225  * Return Code: value of the fabricated device id
6226  *
6227  *     Context: Kernel Thread
6228  */
6229 
6230 static ddi_devid_t
6231 sd_create_devid(struct sd_lun *un)
6232 {
6233 	ASSERT(un != NULL);
6234 
6235 	/* Fabricate the devid */
6236 	if (ddi_devid_init(SD_DEVINFO(un), DEVID_FAB, 0, NULL, &un->un_devid)
6237 	    == DDI_FAILURE) {
6238 		return (NULL);
6239 	}
6240 
6241 	/* Write the devid to disk */
6242 	if (sd_write_deviceid(un) != 0) {
6243 		ddi_devid_free(un->un_devid);
6244 		un->un_devid = NULL;
6245 	}
6246 
6247 	return (un->un_devid);
6248 }
6249 
6250 
6251 /*
6252  *    Function: sd_write_deviceid
6253  *
6254  * Description: This routine will write the device id to the disk
6255  *		reserved sector.
6256  *
6257  *   Arguments: un - driver soft state (unit) structure
6258  *
6259  * Return Code: EINVAL
6260  *		value returned by sd_send_scsi_cmd
6261  *
6262  *     Context: Kernel Thread
6263  */
6264 
6265 static int
6266 sd_write_deviceid(struct sd_lun *un)
6267 {
6268 	struct dk_devid		*dkdevid;
6269 	daddr_t			blk;
6270 	uint_t			*ip, chksum;
6271 	int			status;
6272 	int			i;
6273 
6274 	ASSERT(mutex_owned(SD_MUTEX(un)));
6275 
6276 	blk = sd_get_devid_block(un);
6277 	if (blk < 0)
6278 		return (-1);
6279 	mutex_exit(SD_MUTEX(un));
6280 
6281 	/* Allocate the buffer */
6282 	dkdevid = kmem_zalloc(un->un_sys_blocksize, KM_SLEEP);
6283 
6284 	/* Fill in the revision */
6285 	dkdevid->dkd_rev_hi = DK_DEVID_REV_MSB;
6286 	dkdevid->dkd_rev_lo = DK_DEVID_REV_LSB;
6287 
6288 	/* Copy in the device id */
6289 	mutex_enter(SD_MUTEX(un));
6290 	bcopy(un->un_devid, &dkdevid->dkd_devid,
6291 	    ddi_devid_sizeof(un->un_devid));
6292 	mutex_exit(SD_MUTEX(un));
6293 
6294 	/* Calculate the checksum */
6295 	chksum = 0;
6296 	ip = (uint_t *)dkdevid;
6297 	for (i = 0; i < ((un->un_sys_blocksize - sizeof (int))/sizeof (int));
6298 	    i++) {
6299 		chksum ^= ip[i];
6300 	}
6301 
6302 	/* Fill-in checksum */
6303 	DKD_FORMCHKSUM(chksum, dkdevid);
6304 
6305 	/* Write the reserved sector */
6306 	status = sd_send_scsi_WRITE(un, dkdevid, un->un_sys_blocksize, blk,
6307 	    SD_PATH_DIRECT);
6308 
6309 	kmem_free(dkdevid, un->un_sys_blocksize);
6310 
6311 	mutex_enter(SD_MUTEX(un));
6312 	return (status);
6313 }
6314 
6315 
6316 /*
6317  *    Function: sd_check_vpd_page_support
6318  *
6319  * Description: This routine sends an inquiry command with the EVPD bit set and
6320  *		a page code of 0x00 to the device. It is used to determine which
6321  *		vital product pages are availible to find the devid. We are
6322  *		looking for pages 0x83 or 0x80.  If we return a negative 1, the
6323  *		device does not support that command.
6324  *
6325  *   Arguments: un  - driver soft state (unit) structure
6326  *
6327  * Return Code: 0 - success
6328  *		1 - check condition
6329  *
6330  *     Context: This routine can sleep.
6331  */
6332 
6333 static int
6334 sd_check_vpd_page_support(struct sd_lun *un)
6335 {
6336 	uchar_t	*page_list	= NULL;
6337 	uchar_t	page_length	= 0xff;	/* Use max possible length */
6338 	uchar_t	evpd		= 0x01;	/* Set the EVPD bit */
6339 	uchar_t	page_code	= 0x00;	/* Supported VPD Pages */
6340 	int    	rval		= 0;
6341 	int	counter;
6342 
6343 	ASSERT(un != NULL);
6344 	ASSERT(mutex_owned(SD_MUTEX(un)));
6345 
6346 	mutex_exit(SD_MUTEX(un));
6347 
6348 	/*
6349 	 * We'll set the page length to the maximum to save figuring it out
6350 	 * with an additional call.
6351 	 */
6352 	page_list =  kmem_zalloc(page_length, KM_SLEEP);
6353 
6354 	rval = sd_send_scsi_INQUIRY(un, page_list, page_length, evpd,
6355 	    page_code, NULL);
6356 
6357 	mutex_enter(SD_MUTEX(un));
6358 
6359 	/*
6360 	 * Now we must validate that the device accepted the command, as some
6361 	 * drives do not support it.  If the drive does support it, we will
6362 	 * return 0, and the supported pages will be in un_vpd_page_mask.  If
6363 	 * not, we return -1.
6364 	 */
6365 	if ((rval == 0) && (page_list[VPD_MODE_PAGE] == 0x00)) {
6366 		/* Loop to find one of the 2 pages we need */
6367 		counter = 4;  /* Supported pages start at byte 4, with 0x00 */
6368 
6369 		/*
6370 		 * Pages are returned in ascending order, and 0x83 is what we
6371 		 * are hoping for.
6372 		 */
6373 		while ((page_list[counter] <= 0x83) &&
6374 		    (counter <= (page_list[VPD_PAGE_LENGTH] +
6375 		    VPD_HEAD_OFFSET))) {
6376 			/*
6377 			 * Add 3 because page_list[3] is the number of
6378 			 * pages minus 3
6379 			 */
6380 
6381 			switch (page_list[counter]) {
6382 			case 0x00:
6383 				un->un_vpd_page_mask |= SD_VPD_SUPPORTED_PG;
6384 				break;
6385 			case 0x80:
6386 				un->un_vpd_page_mask |= SD_VPD_UNIT_SERIAL_PG;
6387 				break;
6388 			case 0x81:
6389 				un->un_vpd_page_mask |= SD_VPD_OPERATING_PG;
6390 				break;
6391 			case 0x82:
6392 				un->un_vpd_page_mask |= SD_VPD_ASCII_OP_PG;
6393 				break;
6394 			case 0x83:
6395 				un->un_vpd_page_mask |= SD_VPD_DEVID_WWN_PG;
6396 				break;
6397 			}
6398 			counter++;
6399 		}
6400 
6401 	} else {
6402 		rval = -1;
6403 
6404 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
6405 		    "sd_check_vpd_page_support: This drive does not implement "
6406 		    "VPD pages.\n");
6407 	}
6408 
6409 	kmem_free(page_list, page_length);
6410 
6411 	return (rval);
6412 }
6413 
6414 
6415 /*
6416  *    Function: sd_setup_pm
6417  *
6418  * Description: Initialize Power Management on the device
6419  *
6420  *     Context: Kernel Thread
6421  */
6422 
6423 static void
6424 sd_setup_pm(struct sd_lun *un, dev_info_t *devi)
6425 {
6426 	uint_t	log_page_size;
6427 	uchar_t	*log_page_data;
6428 	int	rval;
6429 
6430 	/*
6431 	 * Since we are called from attach, holding a mutex for
6432 	 * un is unnecessary. Because some of the routines called
6433 	 * from here require SD_MUTEX to not be held, assert this
6434 	 * right up front.
6435 	 */
6436 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6437 	/*
6438 	 * Since the sd device does not have the 'reg' property,
6439 	 * cpr will not call its DDI_SUSPEND/DDI_RESUME entries.
6440 	 * The following code is to tell cpr that this device
6441 	 * DOES need to be suspended and resumed.
6442 	 */
6443 	(void) ddi_prop_update_string(DDI_DEV_T_NONE, devi,
6444 	    "pm-hardware-state", "needs-suspend-resume");
6445 
6446 	/*
6447 	 * This complies with the new power management framework
6448 	 * for certain desktop machines. Create the pm_components
6449 	 * property as a string array property.
6450 	 */
6451 	if (un->un_f_pm_supported) {
6452 		/*
6453 		 * not all devices have a motor, try it first.
6454 		 * some devices may return ILLEGAL REQUEST, some
6455 		 * will hang
6456 		 * The following START_STOP_UNIT is used to check if target
6457 		 * device has a motor.
6458 		 */
6459 		un->un_f_start_stop_supported = TRUE;
6460 		if (sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
6461 		    SD_PATH_DIRECT) != 0) {
6462 			un->un_f_start_stop_supported = FALSE;
6463 		}
6464 
6465 		/*
6466 		 * create pm properties anyways otherwise the parent can't
6467 		 * go to sleep
6468 		 */
6469 		(void) sd_create_pm_components(devi, un);
6470 		un->un_f_pm_is_enabled = TRUE;
6471 		return;
6472 	}
6473 
6474 	if (!un->un_f_log_sense_supported) {
6475 		un->un_power_level = SD_SPINDLE_ON;
6476 		un->un_f_pm_is_enabled = FALSE;
6477 		return;
6478 	}
6479 
6480 	rval = sd_log_page_supported(un, START_STOP_CYCLE_PAGE);
6481 
6482 #ifdef	SDDEBUG
6483 	if (sd_force_pm_supported) {
6484 		/* Force a successful result */
6485 		rval = 1;
6486 	}
6487 #endif
6488 
6489 	/*
6490 	 * If the start-stop cycle counter log page is not supported
6491 	 * or if the pm-capable property is SD_PM_CAPABLE_FALSE (0)
6492 	 * then we should not create the pm_components property.
6493 	 */
6494 	if (rval == -1) {
6495 		/*
6496 		 * Error.
6497 		 * Reading log sense failed, most likely this is
6498 		 * an older drive that does not support log sense.
6499 		 * If this fails auto-pm is not supported.
6500 		 */
6501 		un->un_power_level = SD_SPINDLE_ON;
6502 		un->un_f_pm_is_enabled = FALSE;
6503 
6504 	} else if (rval == 0) {
6505 		/*
6506 		 * Page not found.
6507 		 * The start stop cycle counter is implemented as page
6508 		 * START_STOP_CYCLE_PAGE_VU_PAGE (0x31) in older disks. For
6509 		 * newer disks it is implemented as START_STOP_CYCLE_PAGE (0xE).
6510 		 */
6511 		if (sd_log_page_supported(un, START_STOP_CYCLE_VU_PAGE) == 1) {
6512 			/*
6513 			 * Page found, use this one.
6514 			 */
6515 			un->un_start_stop_cycle_page = START_STOP_CYCLE_VU_PAGE;
6516 			un->un_f_pm_is_enabled = TRUE;
6517 		} else {
6518 			/*
6519 			 * Error or page not found.
6520 			 * auto-pm is not supported for this device.
6521 			 */
6522 			un->un_power_level = SD_SPINDLE_ON;
6523 			un->un_f_pm_is_enabled = FALSE;
6524 		}
6525 	} else {
6526 		/*
6527 		 * Page found, use it.
6528 		 */
6529 		un->un_start_stop_cycle_page = START_STOP_CYCLE_PAGE;
6530 		un->un_f_pm_is_enabled = TRUE;
6531 	}
6532 
6533 
6534 	if (un->un_f_pm_is_enabled == TRUE) {
6535 		log_page_size = START_STOP_CYCLE_COUNTER_PAGE_SIZE;
6536 		log_page_data = kmem_zalloc(log_page_size, KM_SLEEP);
6537 
6538 		rval = sd_send_scsi_LOG_SENSE(un, log_page_data,
6539 		    log_page_size, un->un_start_stop_cycle_page,
6540 		    0x01, 0, SD_PATH_DIRECT);
6541 #ifdef	SDDEBUG
6542 		if (sd_force_pm_supported) {
6543 			/* Force a successful result */
6544 			rval = 0;
6545 		}
6546 #endif
6547 
6548 		/*
6549 		 * If the Log sense for Page( Start/stop cycle counter page)
6550 		 * succeeds, then power managment is supported and we can
6551 		 * enable auto-pm.
6552 		 */
6553 		if (rval == 0)  {
6554 			(void) sd_create_pm_components(devi, un);
6555 		} else {
6556 			un->un_power_level = SD_SPINDLE_ON;
6557 			un->un_f_pm_is_enabled = FALSE;
6558 		}
6559 
6560 		kmem_free(log_page_data, log_page_size);
6561 	}
6562 }
6563 
6564 
6565 /*
6566  *    Function: sd_create_pm_components
6567  *
6568  * Description: Initialize PM property.
6569  *
6570  *     Context: Kernel thread context
6571  */
6572 
6573 static void
6574 sd_create_pm_components(dev_info_t *devi, struct sd_lun *un)
6575 {
6576 	char *pm_comp[] = { "NAME=spindle-motor", "0=off", "1=on", NULL };
6577 
6578 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6579 
6580 	if (ddi_prop_update_string_array(DDI_DEV_T_NONE, devi,
6581 	    "pm-components", pm_comp, 3) == DDI_PROP_SUCCESS) {
6582 		/*
6583 		 * When components are initially created they are idle,
6584 		 * power up any non-removables.
6585 		 * Note: the return value of pm_raise_power can't be used
6586 		 * for determining if PM should be enabled for this device.
6587 		 * Even if you check the return values and remove this
6588 		 * property created above, the PM framework will not honor the
6589 		 * change after the first call to pm_raise_power. Hence,
6590 		 * removal of that property does not help if pm_raise_power
6591 		 * fails. In the case of removable media, the start/stop
6592 		 * will fail if the media is not present.
6593 		 */
6594 		if (un->un_f_attach_spinup && (pm_raise_power(SD_DEVINFO(un), 0,
6595 		    SD_SPINDLE_ON) == DDI_SUCCESS)) {
6596 			mutex_enter(SD_MUTEX(un));
6597 			un->un_power_level = SD_SPINDLE_ON;
6598 			mutex_enter(&un->un_pm_mutex);
6599 			/* Set to on and not busy. */
6600 			un->un_pm_count = 0;
6601 		} else {
6602 			mutex_enter(SD_MUTEX(un));
6603 			un->un_power_level = SD_SPINDLE_OFF;
6604 			mutex_enter(&un->un_pm_mutex);
6605 			/* Set to off. */
6606 			un->un_pm_count = -1;
6607 		}
6608 		mutex_exit(&un->un_pm_mutex);
6609 		mutex_exit(SD_MUTEX(un));
6610 	} else {
6611 		un->un_power_level = SD_SPINDLE_ON;
6612 		un->un_f_pm_is_enabled = FALSE;
6613 	}
6614 }
6615 
6616 
6617 /*
6618  *    Function: sd_ddi_suspend
6619  *
6620  * Description: Performs system power-down operations. This includes
6621  *		setting the drive state to indicate its suspended so
6622  *		that no new commands will be accepted. Also, wait for
6623  *		all commands that are in transport or queued to a timer
6624  *		for retry to complete. All timeout threads are cancelled.
6625  *
6626  * Return Code: DDI_FAILURE or DDI_SUCCESS
6627  *
6628  *     Context: Kernel thread context
6629  */
6630 
6631 static int
6632 sd_ddi_suspend(dev_info_t *devi)
6633 {
6634 	struct	sd_lun	*un;
6635 	clock_t		wait_cmds_complete;
6636 
6637 	un = ddi_get_soft_state(sd_state, ddi_get_instance(devi));
6638 	if (un == NULL) {
6639 		return (DDI_FAILURE);
6640 	}
6641 
6642 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: entry\n");
6643 
6644 	mutex_enter(SD_MUTEX(un));
6645 
6646 	/* Return success if the device is already suspended. */
6647 	if (un->un_state == SD_STATE_SUSPENDED) {
6648 		mutex_exit(SD_MUTEX(un));
6649 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6650 		    "device already suspended, exiting\n");
6651 		return (DDI_SUCCESS);
6652 	}
6653 
6654 	/* Return failure if the device is being used by HA */
6655 	if (un->un_resvd_status &
6656 	    (SD_RESERVE | SD_WANT_RESERVE | SD_LOST_RESERVE)) {
6657 		mutex_exit(SD_MUTEX(un));
6658 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6659 		    "device in use by HA, exiting\n");
6660 		return (DDI_FAILURE);
6661 	}
6662 
6663 	/*
6664 	 * Return failure if the device is in a resource wait
6665 	 * or power changing state.
6666 	 */
6667 	if ((un->un_state == SD_STATE_RWAIT) ||
6668 	    (un->un_state == SD_STATE_PM_CHANGING)) {
6669 		mutex_exit(SD_MUTEX(un));
6670 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6671 		    "device in resource wait state, exiting\n");
6672 		return (DDI_FAILURE);
6673 	}
6674 
6675 
6676 	un->un_save_state = un->un_last_state;
6677 	New_state(un, SD_STATE_SUSPENDED);
6678 
6679 	/*
6680 	 * Wait for all commands that are in transport or queued to a timer
6681 	 * for retry to complete.
6682 	 *
6683 	 * While waiting, no new commands will be accepted or sent because of
6684 	 * the new state we set above.
6685 	 *
6686 	 * Wait till current operation has completed. If we are in the resource
6687 	 * wait state (with an intr outstanding) then we need to wait till the
6688 	 * intr completes and starts the next cmd. We want to wait for
6689 	 * SD_WAIT_CMDS_COMPLETE seconds before failing the DDI_SUSPEND.
6690 	 */
6691 	wait_cmds_complete = ddi_get_lbolt() +
6692 	    (sd_wait_cmds_complete * drv_usectohz(1000000));
6693 
6694 	while (un->un_ncmds_in_transport != 0) {
6695 		/*
6696 		 * Fail if commands do not finish in the specified time.
6697 		 */
6698 		if (cv_timedwait(&un->un_disk_busy_cv, SD_MUTEX(un),
6699 		    wait_cmds_complete) == -1) {
6700 			/*
6701 			 * Undo the state changes made above. Everything
6702 			 * must go back to it's original value.
6703 			 */
6704 			Restore_state(un);
6705 			un->un_last_state = un->un_save_state;
6706 			/* Wake up any threads that might be waiting. */
6707 			cv_broadcast(&un->un_suspend_cv);
6708 			mutex_exit(SD_MUTEX(un));
6709 			SD_ERROR(SD_LOG_IO_PM, un,
6710 			    "sd_ddi_suspend: failed due to outstanding cmds\n");
6711 			SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: exiting\n");
6712 			return (DDI_FAILURE);
6713 		}
6714 	}
6715 
6716 	/*
6717 	 * Cancel SCSI watch thread and timeouts, if any are active
6718 	 */
6719 
6720 	if (SD_OK_TO_SUSPEND_SCSI_WATCHER(un)) {
6721 		opaque_t temp_token = un->un_swr_token;
6722 		mutex_exit(SD_MUTEX(un));
6723 		scsi_watch_suspend(temp_token);
6724 		mutex_enter(SD_MUTEX(un));
6725 	}
6726 
6727 	if (un->un_reset_throttle_timeid != NULL) {
6728 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
6729 		un->un_reset_throttle_timeid = NULL;
6730 		mutex_exit(SD_MUTEX(un));
6731 		(void) untimeout(temp_id);
6732 		mutex_enter(SD_MUTEX(un));
6733 	}
6734 
6735 	if (un->un_dcvb_timeid != NULL) {
6736 		timeout_id_t temp_id = un->un_dcvb_timeid;
6737 		un->un_dcvb_timeid = NULL;
6738 		mutex_exit(SD_MUTEX(un));
6739 		(void) untimeout(temp_id);
6740 		mutex_enter(SD_MUTEX(un));
6741 	}
6742 
6743 	mutex_enter(&un->un_pm_mutex);
6744 	if (un->un_pm_timeid != NULL) {
6745 		timeout_id_t temp_id = un->un_pm_timeid;
6746 		un->un_pm_timeid = NULL;
6747 		mutex_exit(&un->un_pm_mutex);
6748 		mutex_exit(SD_MUTEX(un));
6749 		(void) untimeout(temp_id);
6750 		mutex_enter(SD_MUTEX(un));
6751 	} else {
6752 		mutex_exit(&un->un_pm_mutex);
6753 	}
6754 
6755 	if (un->un_retry_timeid != NULL) {
6756 		timeout_id_t temp_id = un->un_retry_timeid;
6757 		un->un_retry_timeid = NULL;
6758 		mutex_exit(SD_MUTEX(un));
6759 		(void) untimeout(temp_id);
6760 		mutex_enter(SD_MUTEX(un));
6761 	}
6762 
6763 	if (un->un_direct_priority_timeid != NULL) {
6764 		timeout_id_t temp_id = un->un_direct_priority_timeid;
6765 		un->un_direct_priority_timeid = NULL;
6766 		mutex_exit(SD_MUTEX(un));
6767 		(void) untimeout(temp_id);
6768 		mutex_enter(SD_MUTEX(un));
6769 	}
6770 
6771 	if (un->un_f_is_fibre == TRUE) {
6772 		/*
6773 		 * Remove callbacks for insert and remove events
6774 		 */
6775 		if (un->un_insert_event != NULL) {
6776 			mutex_exit(SD_MUTEX(un));
6777 			(void) ddi_remove_event_handler(un->un_insert_cb_id);
6778 			mutex_enter(SD_MUTEX(un));
6779 			un->un_insert_event = NULL;
6780 		}
6781 
6782 		if (un->un_remove_event != NULL) {
6783 			mutex_exit(SD_MUTEX(un));
6784 			(void) ddi_remove_event_handler(un->un_remove_cb_id);
6785 			mutex_enter(SD_MUTEX(un));
6786 			un->un_remove_event = NULL;
6787 		}
6788 	}
6789 
6790 	mutex_exit(SD_MUTEX(un));
6791 
6792 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: exit\n");
6793 
6794 	return (DDI_SUCCESS);
6795 }
6796 
6797 
6798 /*
6799  *    Function: sd_ddi_pm_suspend
6800  *
6801  * Description: Set the drive state to low power.
6802  *		Someone else is required to actually change the drive
6803  *		power level.
6804  *
6805  *   Arguments: un - driver soft state (unit) structure
6806  *
6807  * Return Code: DDI_FAILURE or DDI_SUCCESS
6808  *
6809  *     Context: Kernel thread context
6810  */
6811 
6812 static int
6813 sd_ddi_pm_suspend(struct sd_lun *un)
6814 {
6815 	ASSERT(un != NULL);
6816 	SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: entry\n");
6817 
6818 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6819 	mutex_enter(SD_MUTEX(un));
6820 
6821 	/*
6822 	 * Exit if power management is not enabled for this device, or if
6823 	 * the device is being used by HA.
6824 	 */
6825 	if ((un->un_f_pm_is_enabled == FALSE) || (un->un_resvd_status &
6826 	    (SD_RESERVE | SD_WANT_RESERVE | SD_LOST_RESERVE))) {
6827 		mutex_exit(SD_MUTEX(un));
6828 		SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: exiting\n");
6829 		return (DDI_SUCCESS);
6830 	}
6831 
6832 	SD_INFO(SD_LOG_POWER, un, "sd_ddi_pm_suspend: un_ncmds_in_driver=%ld\n",
6833 	    un->un_ncmds_in_driver);
6834 
6835 	/*
6836 	 * See if the device is not busy, ie.:
6837 	 *    - we have no commands in the driver for this device
6838 	 *    - not waiting for resources
6839 	 */
6840 	if ((un->un_ncmds_in_driver == 0) &&
6841 	    (un->un_state != SD_STATE_RWAIT)) {
6842 		/*
6843 		 * The device is not busy, so it is OK to go to low power state.
6844 		 * Indicate low power, but rely on someone else to actually
6845 		 * change it.
6846 		 */
6847 		mutex_enter(&un->un_pm_mutex);
6848 		un->un_pm_count = -1;
6849 		mutex_exit(&un->un_pm_mutex);
6850 		un->un_power_level = SD_SPINDLE_OFF;
6851 	}
6852 
6853 	mutex_exit(SD_MUTEX(un));
6854 
6855 	SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: exit\n");
6856 
6857 	return (DDI_SUCCESS);
6858 }
6859 
6860 
6861 /*
6862  *    Function: sd_ddi_resume
6863  *
6864  * Description: Performs system power-up operations..
6865  *
6866  * Return Code: DDI_SUCCESS
6867  *		DDI_FAILURE
6868  *
6869  *     Context: Kernel thread context
6870  */
6871 
6872 static int
6873 sd_ddi_resume(dev_info_t *devi)
6874 {
6875 	struct	sd_lun	*un;
6876 
6877 	un = ddi_get_soft_state(sd_state, ddi_get_instance(devi));
6878 	if (un == NULL) {
6879 		return (DDI_FAILURE);
6880 	}
6881 
6882 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_resume: entry\n");
6883 
6884 	mutex_enter(SD_MUTEX(un));
6885 	Restore_state(un);
6886 
6887 	/*
6888 	 * Restore the state which was saved to give the
6889 	 * the right state in un_last_state
6890 	 */
6891 	un->un_last_state = un->un_save_state;
6892 	/*
6893 	 * Note: throttle comes back at full.
6894 	 * Also note: this MUST be done before calling pm_raise_power
6895 	 * otherwise the system can get hung in biowait. The scenario where
6896 	 * this'll happen is under cpr suspend. Writing of the system
6897 	 * state goes through sddump, which writes 0 to un_throttle. If
6898 	 * writing the system state then fails, example if the partition is
6899 	 * too small, then cpr attempts a resume. If throttle isn't restored
6900 	 * from the saved value until after calling pm_raise_power then
6901 	 * cmds sent in sdpower are not transported and sd_send_scsi_cmd hangs
6902 	 * in biowait.
6903 	 */
6904 	un->un_throttle = un->un_saved_throttle;
6905 
6906 	/*
6907 	 * The chance of failure is very rare as the only command done in power
6908 	 * entry point is START command when you transition from 0->1 or
6909 	 * unknown->1. Put it to SPINDLE ON state irrespective of the state at
6910 	 * which suspend was done. Ignore the return value as the resume should
6911 	 * not be failed. In the case of removable media the media need not be
6912 	 * inserted and hence there is a chance that raise power will fail with
6913 	 * media not present.
6914 	 */
6915 	if (un->un_f_attach_spinup) {
6916 		mutex_exit(SD_MUTEX(un));
6917 		(void) pm_raise_power(SD_DEVINFO(un), 0, SD_SPINDLE_ON);
6918 		mutex_enter(SD_MUTEX(un));
6919 	}
6920 
6921 	/*
6922 	 * Don't broadcast to the suspend cv and therefore possibly
6923 	 * start I/O until after power has been restored.
6924 	 */
6925 	cv_broadcast(&un->un_suspend_cv);
6926 	cv_broadcast(&un->un_state_cv);
6927 
6928 	/* restart thread */
6929 	if (SD_OK_TO_RESUME_SCSI_WATCHER(un)) {
6930 		scsi_watch_resume(un->un_swr_token);
6931 	}
6932 
6933 #if (defined(__fibre))
6934 	if (un->un_f_is_fibre == TRUE) {
6935 		/*
6936 		 * Add callbacks for insert and remove events
6937 		 */
6938 		if (strcmp(un->un_node_type, DDI_NT_BLOCK_CHAN)) {
6939 			sd_init_event_callbacks(un);
6940 		}
6941 	}
6942 #endif
6943 
6944 	/*
6945 	 * Transport any pending commands to the target.
6946 	 *
6947 	 * If this is a low-activity device commands in queue will have to wait
6948 	 * until new commands come in, which may take awhile. Also, we
6949 	 * specifically don't check un_ncmds_in_transport because we know that
6950 	 * there really are no commands in progress after the unit was
6951 	 * suspended and we could have reached the throttle level, been
6952 	 * suspended, and have no new commands coming in for awhile. Highly
6953 	 * unlikely, but so is the low-activity disk scenario.
6954 	 */
6955 	ddi_xbuf_dispatch(un->un_xbuf_attr);
6956 
6957 	sd_start_cmds(un, NULL);
6958 	mutex_exit(SD_MUTEX(un));
6959 
6960 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_resume: exit\n");
6961 
6962 	return (DDI_SUCCESS);
6963 }
6964 
6965 
6966 /*
6967  *    Function: sd_ddi_pm_resume
6968  *
6969  * Description: Set the drive state to powered on.
6970  *		Someone else is required to actually change the drive
6971  *		power level.
6972  *
6973  *   Arguments: un - driver soft state (unit) structure
6974  *
6975  * Return Code: DDI_SUCCESS
6976  *
6977  *     Context: Kernel thread context
6978  */
6979 
6980 static int
6981 sd_ddi_pm_resume(struct sd_lun *un)
6982 {
6983 	ASSERT(un != NULL);
6984 
6985 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6986 	mutex_enter(SD_MUTEX(un));
6987 	un->un_power_level = SD_SPINDLE_ON;
6988 
6989 	ASSERT(!mutex_owned(&un->un_pm_mutex));
6990 	mutex_enter(&un->un_pm_mutex);
6991 	if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
6992 		un->un_pm_count++;
6993 		ASSERT(un->un_pm_count == 0);
6994 		/*
6995 		 * Note: no longer do the cv_broadcast on un_suspend_cv. The
6996 		 * un_suspend_cv is for a system resume, not a power management
6997 		 * device resume. (4297749)
6998 		 *	 cv_broadcast(&un->un_suspend_cv);
6999 		 */
7000 	}
7001 	mutex_exit(&un->un_pm_mutex);
7002 	mutex_exit(SD_MUTEX(un));
7003 
7004 	return (DDI_SUCCESS);
7005 }
7006 
7007 
7008 /*
7009  *    Function: sd_pm_idletimeout_handler
7010  *
7011  * Description: A timer routine that's active only while a device is busy.
7012  *		The purpose is to extend slightly the pm framework's busy
7013  *		view of the device to prevent busy/idle thrashing for
7014  *		back-to-back commands. Do this by comparing the current time
7015  *		to the time at which the last command completed and when the
7016  *		difference is greater than sd_pm_idletime, call
7017  *		pm_idle_component. In addition to indicating idle to the pm
7018  *		framework, update the chain type to again use the internal pm
7019  *		layers of the driver.
7020  *
7021  *   Arguments: arg - driver soft state (unit) structure
7022  *
7023  *     Context: Executes in a timeout(9F) thread context
7024  */
7025 
7026 static void
7027 sd_pm_idletimeout_handler(void *arg)
7028 {
7029 	struct sd_lun *un = arg;
7030 
7031 	time_t	now;
7032 
7033 	mutex_enter(&sd_detach_mutex);
7034 	if (un->un_detach_count != 0) {
7035 		/* Abort if the instance is detaching */
7036 		mutex_exit(&sd_detach_mutex);
7037 		return;
7038 	}
7039 	mutex_exit(&sd_detach_mutex);
7040 
7041 	now = ddi_get_time();
7042 	/*
7043 	 * Grab both mutexes, in the proper order, since we're accessing
7044 	 * both PM and softstate variables.
7045 	 */
7046 	mutex_enter(SD_MUTEX(un));
7047 	mutex_enter(&un->un_pm_mutex);
7048 	if (((now - un->un_pm_idle_time) > sd_pm_idletime) &&
7049 	    (un->un_ncmds_in_driver == 0) && (un->un_pm_count == 0)) {
7050 		/*
7051 		 * Update the chain types.
7052 		 * This takes affect on the next new command received.
7053 		 */
7054 		if (un->un_f_non_devbsize_supported) {
7055 			un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA;
7056 		} else {
7057 			un->un_buf_chain_type = SD_CHAIN_INFO_DISK;
7058 		}
7059 		un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD;
7060 
7061 		SD_TRACE(SD_LOG_IO_PM, un,
7062 		    "sd_pm_idletimeout_handler: idling device\n");
7063 		(void) pm_idle_component(SD_DEVINFO(un), 0);
7064 		un->un_pm_idle_timeid = NULL;
7065 	} else {
7066 		un->un_pm_idle_timeid =
7067 			timeout(sd_pm_idletimeout_handler, un,
7068 			(drv_usectohz((clock_t)300000))); /* 300 ms. */
7069 	}
7070 	mutex_exit(&un->un_pm_mutex);
7071 	mutex_exit(SD_MUTEX(un));
7072 }
7073 
7074 
7075 /*
7076  *    Function: sd_pm_timeout_handler
7077  *
7078  * Description: Callback to tell framework we are idle.
7079  *
7080  *     Context: timeout(9f) thread context.
7081  */
7082 
7083 static void
7084 sd_pm_timeout_handler(void *arg)
7085 {
7086 	struct sd_lun *un = arg;
7087 
7088 	(void) pm_idle_component(SD_DEVINFO(un), 0);
7089 	mutex_enter(&un->un_pm_mutex);
7090 	un->un_pm_timeid = NULL;
7091 	mutex_exit(&un->un_pm_mutex);
7092 }
7093 
7094 
7095 /*
7096  *    Function: sdpower
7097  *
7098  * Description: PM entry point.
7099  *
7100  * Return Code: DDI_SUCCESS
7101  *		DDI_FAILURE
7102  *
7103  *     Context: Kernel thread context
7104  */
7105 
7106 static int
7107 sdpower(dev_info_t *devi, int component, int level)
7108 {
7109 	struct sd_lun	*un;
7110 	int		instance;
7111 	int		rval = DDI_SUCCESS;
7112 	uint_t		i, log_page_size, maxcycles, ncycles;
7113 	uchar_t		*log_page_data;
7114 	int		log_sense_page;
7115 	int		medium_present;
7116 	time_t		intvlp;
7117 	dev_t		dev;
7118 	struct pm_trans_data	sd_pm_tran_data;
7119 	uchar_t		save_state;
7120 	int		sval;
7121 	uchar_t		state_before_pm;
7122 	int		got_semaphore_here;
7123 
7124 	instance = ddi_get_instance(devi);
7125 
7126 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
7127 	    (SD_SPINDLE_OFF > level) || (level > SD_SPINDLE_ON) ||
7128 	    component != 0) {
7129 		return (DDI_FAILURE);
7130 	}
7131 
7132 	dev = sd_make_device(SD_DEVINFO(un));
7133 
7134 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: entry, level = %d\n", level);
7135 
7136 	/*
7137 	 * Must synchronize power down with close.
7138 	 * Attempt to decrement/acquire the open/close semaphore,
7139 	 * but do NOT wait on it. If it's not greater than zero,
7140 	 * ie. it can't be decremented without waiting, then
7141 	 * someone else, either open or close, already has it
7142 	 * and the try returns 0. Use that knowledge here to determine
7143 	 * if it's OK to change the device power level.
7144 	 * Also, only increment it on exit if it was decremented, ie. gotten,
7145 	 * here.
7146 	 */
7147 	got_semaphore_here = sema_tryp(&un->un_semoclose);
7148 
7149 	mutex_enter(SD_MUTEX(un));
7150 
7151 	SD_INFO(SD_LOG_POWER, un, "sdpower: un_ncmds_in_driver = %ld\n",
7152 	    un->un_ncmds_in_driver);
7153 
7154 	/*
7155 	 * If un_ncmds_in_driver is non-zero it indicates commands are
7156 	 * already being processed in the driver, or if the semaphore was
7157 	 * not gotten here it indicates an open or close is being processed.
7158 	 * At the same time somebody is requesting to go low power which
7159 	 * can't happen, therefore we need to return failure.
7160 	 */
7161 	if ((level == SD_SPINDLE_OFF) &&
7162 	    ((un->un_ncmds_in_driver != 0) || (got_semaphore_here == 0))) {
7163 		mutex_exit(SD_MUTEX(un));
7164 
7165 		if (got_semaphore_here != 0) {
7166 			sema_v(&un->un_semoclose);
7167 		}
7168 		SD_TRACE(SD_LOG_IO_PM, un,
7169 		    "sdpower: exit, device has queued cmds.\n");
7170 		return (DDI_FAILURE);
7171 	}
7172 
7173 	/*
7174 	 * if it is OFFLINE that means the disk is completely dead
7175 	 * in our case we have to put the disk in on or off by sending commands
7176 	 * Of course that will fail anyway so return back here.
7177 	 *
7178 	 * Power changes to a device that's OFFLINE or SUSPENDED
7179 	 * are not allowed.
7180 	 */
7181 	if ((un->un_state == SD_STATE_OFFLINE) ||
7182 	    (un->un_state == SD_STATE_SUSPENDED)) {
7183 		mutex_exit(SD_MUTEX(un));
7184 
7185 		if (got_semaphore_here != 0) {
7186 			sema_v(&un->un_semoclose);
7187 		}
7188 		SD_TRACE(SD_LOG_IO_PM, un,
7189 		    "sdpower: exit, device is off-line.\n");
7190 		return (DDI_FAILURE);
7191 	}
7192 
7193 	/*
7194 	 * Change the device's state to indicate it's power level
7195 	 * is being changed. Do this to prevent a power off in the
7196 	 * middle of commands, which is especially bad on devices
7197 	 * that are really powered off instead of just spun down.
7198 	 */
7199 	state_before_pm = un->un_state;
7200 	un->un_state = SD_STATE_PM_CHANGING;
7201 
7202 	mutex_exit(SD_MUTEX(un));
7203 
7204 	/*
7205 	 * If "pm-capable" property is set to TRUE by HBA drivers,
7206 	 * bypass the following checking, otherwise, check the log
7207 	 * sense information for this device
7208 	 */
7209 	if ((level == SD_SPINDLE_OFF) && un->un_f_log_sense_supported) {
7210 		/*
7211 		 * Get the log sense information to understand whether the
7212 		 * the powercycle counts have gone beyond the threshhold.
7213 		 */
7214 		log_page_size = START_STOP_CYCLE_COUNTER_PAGE_SIZE;
7215 		log_page_data = kmem_zalloc(log_page_size, KM_SLEEP);
7216 
7217 		mutex_enter(SD_MUTEX(un));
7218 		log_sense_page = un->un_start_stop_cycle_page;
7219 		mutex_exit(SD_MUTEX(un));
7220 
7221 		rval = sd_send_scsi_LOG_SENSE(un, log_page_data,
7222 		    log_page_size, log_sense_page, 0x01, 0, SD_PATH_DIRECT);
7223 #ifdef	SDDEBUG
7224 		if (sd_force_pm_supported) {
7225 			/* Force a successful result */
7226 			rval = 0;
7227 		}
7228 #endif
7229 		if (rval != 0) {
7230 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
7231 			    "Log Sense Failed\n");
7232 			kmem_free(log_page_data, log_page_size);
7233 			/* Cannot support power management on those drives */
7234 
7235 			if (got_semaphore_here != 0) {
7236 				sema_v(&un->un_semoclose);
7237 			}
7238 			/*
7239 			 * On exit put the state back to it's original value
7240 			 * and broadcast to anyone waiting for the power
7241 			 * change completion.
7242 			 */
7243 			mutex_enter(SD_MUTEX(un));
7244 			un->un_state = state_before_pm;
7245 			cv_broadcast(&un->un_suspend_cv);
7246 			mutex_exit(SD_MUTEX(un));
7247 			SD_TRACE(SD_LOG_IO_PM, un,
7248 			    "sdpower: exit, Log Sense Failed.\n");
7249 			return (DDI_FAILURE);
7250 		}
7251 
7252 		/*
7253 		 * From the page data - Convert the essential information to
7254 		 * pm_trans_data
7255 		 */
7256 		maxcycles =
7257 		    (log_page_data[0x1c] << 24) | (log_page_data[0x1d] << 16) |
7258 		    (log_page_data[0x1E] << 8)  | log_page_data[0x1F];
7259 
7260 		sd_pm_tran_data.un.scsi_cycles.lifemax = maxcycles;
7261 
7262 		ncycles =
7263 		    (log_page_data[0x24] << 24) | (log_page_data[0x25] << 16) |
7264 		    (log_page_data[0x26] << 8)  | log_page_data[0x27];
7265 
7266 		sd_pm_tran_data.un.scsi_cycles.ncycles = ncycles;
7267 
7268 		for (i = 0; i < DC_SCSI_MFR_LEN; i++) {
7269 			sd_pm_tran_data.un.scsi_cycles.svc_date[i] =
7270 			    log_page_data[8+i];
7271 		}
7272 
7273 		kmem_free(log_page_data, log_page_size);
7274 
7275 		/*
7276 		 * Call pm_trans_check routine to get the Ok from
7277 		 * the global policy
7278 		 */
7279 
7280 		sd_pm_tran_data.format = DC_SCSI_FORMAT;
7281 		sd_pm_tran_data.un.scsi_cycles.flag = 0;
7282 
7283 		rval = pm_trans_check(&sd_pm_tran_data, &intvlp);
7284 #ifdef	SDDEBUG
7285 		if (sd_force_pm_supported) {
7286 			/* Force a successful result */
7287 			rval = 1;
7288 		}
7289 #endif
7290 		switch (rval) {
7291 		case 0:
7292 			/*
7293 			 * Not Ok to Power cycle or error in parameters passed
7294 			 * Would have given the advised time to consider power
7295 			 * cycle. Based on the new intvlp parameter we are
7296 			 * supposed to pretend we are busy so that pm framework
7297 			 * will never call our power entry point. Because of
7298 			 * that install a timeout handler and wait for the
7299 			 * recommended time to elapse so that power management
7300 			 * can be effective again.
7301 			 *
7302 			 * To effect this behavior, call pm_busy_component to
7303 			 * indicate to the framework this device is busy.
7304 			 * By not adjusting un_pm_count the rest of PM in
7305 			 * the driver will function normally, and independant
7306 			 * of this but because the framework is told the device
7307 			 * is busy it won't attempt powering down until it gets
7308 			 * a matching idle. The timeout handler sends this.
7309 			 * Note: sd_pm_entry can't be called here to do this
7310 			 * because sdpower may have been called as a result
7311 			 * of a call to pm_raise_power from within sd_pm_entry.
7312 			 *
7313 			 * If a timeout handler is already active then
7314 			 * don't install another.
7315 			 */
7316 			mutex_enter(&un->un_pm_mutex);
7317 			if (un->un_pm_timeid == NULL) {
7318 				un->un_pm_timeid =
7319 				    timeout(sd_pm_timeout_handler,
7320 				    un, intvlp * drv_usectohz(1000000));
7321 				mutex_exit(&un->un_pm_mutex);
7322 				(void) pm_busy_component(SD_DEVINFO(un), 0);
7323 			} else {
7324 				mutex_exit(&un->un_pm_mutex);
7325 			}
7326 			if (got_semaphore_here != 0) {
7327 				sema_v(&un->un_semoclose);
7328 			}
7329 			/*
7330 			 * On exit put the state back to it's original value
7331 			 * and broadcast to anyone waiting for the power
7332 			 * change completion.
7333 			 */
7334 			mutex_enter(SD_MUTEX(un));
7335 			un->un_state = state_before_pm;
7336 			cv_broadcast(&un->un_suspend_cv);
7337 			mutex_exit(SD_MUTEX(un));
7338 
7339 			SD_TRACE(SD_LOG_IO_PM, un, "sdpower: exit, "
7340 			    "trans check Failed, not ok to power cycle.\n");
7341 			return (DDI_FAILURE);
7342 
7343 		case -1:
7344 			if (got_semaphore_here != 0) {
7345 				sema_v(&un->un_semoclose);
7346 			}
7347 			/*
7348 			 * On exit put the state back to it's original value
7349 			 * and broadcast to anyone waiting for the power
7350 			 * change completion.
7351 			 */
7352 			mutex_enter(SD_MUTEX(un));
7353 			un->un_state = state_before_pm;
7354 			cv_broadcast(&un->un_suspend_cv);
7355 			mutex_exit(SD_MUTEX(un));
7356 			SD_TRACE(SD_LOG_IO_PM, un,
7357 			    "sdpower: exit, trans check command Failed.\n");
7358 			return (DDI_FAILURE);
7359 		}
7360 	}
7361 
7362 	if (level == SD_SPINDLE_OFF) {
7363 		/*
7364 		 * Save the last state... if the STOP FAILS we need it
7365 		 * for restoring
7366 		 */
7367 		mutex_enter(SD_MUTEX(un));
7368 		save_state = un->un_last_state;
7369 		/*
7370 		 * There must not be any cmds. getting processed
7371 		 * in the driver when we get here. Power to the
7372 		 * device is potentially going off.
7373 		 */
7374 		ASSERT(un->un_ncmds_in_driver == 0);
7375 		mutex_exit(SD_MUTEX(un));
7376 
7377 		/*
7378 		 * For now suspend the device completely before spindle is
7379 		 * turned off
7380 		 */
7381 		if ((rval = sd_ddi_pm_suspend(un)) == DDI_FAILURE) {
7382 			if (got_semaphore_here != 0) {
7383 				sema_v(&un->un_semoclose);
7384 			}
7385 			/*
7386 			 * On exit put the state back to it's original value
7387 			 * and broadcast to anyone waiting for the power
7388 			 * change completion.
7389 			 */
7390 			mutex_enter(SD_MUTEX(un));
7391 			un->un_state = state_before_pm;
7392 			cv_broadcast(&un->un_suspend_cv);
7393 			mutex_exit(SD_MUTEX(un));
7394 			SD_TRACE(SD_LOG_IO_PM, un,
7395 			    "sdpower: exit, PM suspend Failed.\n");
7396 			return (DDI_FAILURE);
7397 		}
7398 	}
7399 
7400 	/*
7401 	 * The transition from SPINDLE_OFF to SPINDLE_ON can happen in open,
7402 	 * close, or strategy. Dump no long uses this routine, it uses it's
7403 	 * own code so it can be done in polled mode.
7404 	 */
7405 
7406 	medium_present = TRUE;
7407 
7408 	/*
7409 	 * When powering up, issue a TUR in case the device is at unit
7410 	 * attention.  Don't do retries. Bypass the PM layer, otherwise
7411 	 * a deadlock on un_pm_busy_cv will occur.
7412 	 */
7413 	if (level == SD_SPINDLE_ON) {
7414 		(void) sd_send_scsi_TEST_UNIT_READY(un,
7415 		    SD_DONT_RETRY_TUR | SD_BYPASS_PM);
7416 	}
7417 
7418 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: sending \'%s\' unit\n",
7419 	    ((level == SD_SPINDLE_ON) ? "START" : "STOP"));
7420 
7421 	sval = sd_send_scsi_START_STOP_UNIT(un,
7422 	    ((level == SD_SPINDLE_ON) ? SD_TARGET_START : SD_TARGET_STOP),
7423 	    SD_PATH_DIRECT);
7424 	/* Command failed, check for media present. */
7425 	if ((sval == ENXIO) && un->un_f_has_removable_media) {
7426 		medium_present = FALSE;
7427 	}
7428 
7429 	/*
7430 	 * The conditions of interest here are:
7431 	 *   if a spindle off with media present fails,
7432 	 *	then restore the state and return an error.
7433 	 *   else if a spindle on fails,
7434 	 *	then return an error (there's no state to restore).
7435 	 * In all other cases we setup for the new state
7436 	 * and return success.
7437 	 */
7438 	switch (level) {
7439 	case SD_SPINDLE_OFF:
7440 		if ((medium_present == TRUE) && (sval != 0)) {
7441 			/* The stop command from above failed */
7442 			rval = DDI_FAILURE;
7443 			/*
7444 			 * The stop command failed, and we have media
7445 			 * present. Put the level back by calling the
7446 			 * sd_pm_resume() and set the state back to
7447 			 * it's previous value.
7448 			 */
7449 			(void) sd_ddi_pm_resume(un);
7450 			mutex_enter(SD_MUTEX(un));
7451 			un->un_last_state = save_state;
7452 			mutex_exit(SD_MUTEX(un));
7453 			break;
7454 		}
7455 		/*
7456 		 * The stop command from above succeeded.
7457 		 */
7458 		if (un->un_f_monitor_media_state) {
7459 			/*
7460 			 * Terminate watch thread in case of removable media
7461 			 * devices going into low power state. This is as per
7462 			 * the requirements of pm framework, otherwise commands
7463 			 * will be generated for the device (through watch
7464 			 * thread), even when the device is in low power state.
7465 			 */
7466 			mutex_enter(SD_MUTEX(un));
7467 			un->un_f_watcht_stopped = FALSE;
7468 			if (un->un_swr_token != NULL) {
7469 				opaque_t temp_token = un->un_swr_token;
7470 				un->un_f_watcht_stopped = TRUE;
7471 				un->un_swr_token = NULL;
7472 				mutex_exit(SD_MUTEX(un));
7473 				(void) scsi_watch_request_terminate(temp_token,
7474 				    SCSI_WATCH_TERMINATE_WAIT);
7475 			} else {
7476 				mutex_exit(SD_MUTEX(un));
7477 			}
7478 		}
7479 		break;
7480 
7481 	default:	/* The level requested is spindle on... */
7482 		/*
7483 		 * Legacy behavior: return success on a failed spinup
7484 		 * if there is no media in the drive.
7485 		 * Do this by looking at medium_present here.
7486 		 */
7487 		if ((sval != 0) && medium_present) {
7488 			/* The start command from above failed */
7489 			rval = DDI_FAILURE;
7490 			break;
7491 		}
7492 		/*
7493 		 * The start command from above succeeded
7494 		 * Resume the devices now that we have
7495 		 * started the disks
7496 		 */
7497 		(void) sd_ddi_pm_resume(un);
7498 
7499 		/*
7500 		 * Resume the watch thread since it was suspended
7501 		 * when the device went into low power mode.
7502 		 */
7503 		if (un->un_f_monitor_media_state) {
7504 			mutex_enter(SD_MUTEX(un));
7505 			if (un->un_f_watcht_stopped == TRUE) {
7506 				opaque_t temp_token;
7507 
7508 				un->un_f_watcht_stopped = FALSE;
7509 				mutex_exit(SD_MUTEX(un));
7510 				temp_token = scsi_watch_request_submit(
7511 				    SD_SCSI_DEVP(un),
7512 				    sd_check_media_time,
7513 				    SENSE_LENGTH, sd_media_watch_cb,
7514 				    (caddr_t)dev);
7515 				mutex_enter(SD_MUTEX(un));
7516 				un->un_swr_token = temp_token;
7517 			}
7518 			mutex_exit(SD_MUTEX(un));
7519 		}
7520 	}
7521 	if (got_semaphore_here != 0) {
7522 		sema_v(&un->un_semoclose);
7523 	}
7524 	/*
7525 	 * On exit put the state back to it's original value
7526 	 * and broadcast to anyone waiting for the power
7527 	 * change completion.
7528 	 */
7529 	mutex_enter(SD_MUTEX(un));
7530 	un->un_state = state_before_pm;
7531 	cv_broadcast(&un->un_suspend_cv);
7532 	mutex_exit(SD_MUTEX(un));
7533 
7534 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: exit, status = 0x%x\n", rval);
7535 
7536 	return (rval);
7537 }
7538 
7539 
7540 
7541 /*
7542  *    Function: sdattach
7543  *
7544  * Description: Driver's attach(9e) entry point function.
7545  *
7546  *   Arguments: devi - opaque device info handle
7547  *		cmd  - attach  type
7548  *
7549  * Return Code: DDI_SUCCESS
7550  *		DDI_FAILURE
7551  *
7552  *     Context: Kernel thread context
7553  */
7554 
7555 static int
7556 sdattach(dev_info_t *devi, ddi_attach_cmd_t cmd)
7557 {
7558 	switch (cmd) {
7559 	case DDI_ATTACH:
7560 		return (sd_unit_attach(devi));
7561 	case DDI_RESUME:
7562 		return (sd_ddi_resume(devi));
7563 	default:
7564 		break;
7565 	}
7566 	return (DDI_FAILURE);
7567 }
7568 
7569 
7570 /*
7571  *    Function: sddetach
7572  *
7573  * Description: Driver's detach(9E) entry point function.
7574  *
7575  *   Arguments: devi - opaque device info handle
7576  *		cmd  - detach  type
7577  *
7578  * Return Code: DDI_SUCCESS
7579  *		DDI_FAILURE
7580  *
7581  *     Context: Kernel thread context
7582  */
7583 
7584 static int
7585 sddetach(dev_info_t *devi, ddi_detach_cmd_t cmd)
7586 {
7587 	switch (cmd) {
7588 	case DDI_DETACH:
7589 		return (sd_unit_detach(devi));
7590 	case DDI_SUSPEND:
7591 		return (sd_ddi_suspend(devi));
7592 	default:
7593 		break;
7594 	}
7595 	return (DDI_FAILURE);
7596 }
7597 
7598 
7599 /*
7600  *     Function: sd_sync_with_callback
7601  *
7602  *  Description: Prevents sd_unit_attach or sd_unit_detach from freeing the soft
7603  *		 state while the callback routine is active.
7604  *
7605  *    Arguments: un: softstate structure for the instance
7606  *
7607  *	Context: Kernel thread context
7608  */
7609 
7610 static void
7611 sd_sync_with_callback(struct sd_lun *un)
7612 {
7613 	ASSERT(un != NULL);
7614 
7615 	mutex_enter(SD_MUTEX(un));
7616 
7617 	ASSERT(un->un_in_callback >= 0);
7618 
7619 	while (un->un_in_callback > 0) {
7620 		mutex_exit(SD_MUTEX(un));
7621 		delay(2);
7622 		mutex_enter(SD_MUTEX(un));
7623 	}
7624 
7625 	mutex_exit(SD_MUTEX(un));
7626 }
7627 
7628 /*
7629  *    Function: sd_unit_attach
7630  *
7631  * Description: Performs DDI_ATTACH processing for sdattach(). Allocates
7632  *		the soft state structure for the device and performs
7633  *		all necessary structure and device initializations.
7634  *
7635  *   Arguments: devi: the system's dev_info_t for the device.
7636  *
7637  * Return Code: DDI_SUCCESS if attach is successful.
7638  *		DDI_FAILURE if any part of the attach fails.
7639  *
7640  *     Context: Called at attach(9e) time for the DDI_ATTACH flag.
7641  *		Kernel thread context only.  Can sleep.
7642  */
7643 
7644 static int
7645 sd_unit_attach(dev_info_t *devi)
7646 {
7647 	struct	scsi_device	*devp;
7648 	struct	sd_lun		*un;
7649 	char			*variantp;
7650 	int	reservation_flag = SD_TARGET_IS_UNRESERVED;
7651 	int	instance;
7652 	int	rval;
7653 	int	wc_enabled;
7654 	uint64_t	capacity;
7655 	uint_t		lbasize;
7656 
7657 	/*
7658 	 * Retrieve the target driver's private data area. This was set
7659 	 * up by the HBA.
7660 	 */
7661 	devp = ddi_get_driver_private(devi);
7662 
7663 	/*
7664 	 * Since we have no idea what state things were left in by the last
7665 	 * user of the device, set up some 'default' settings, ie. turn 'em
7666 	 * off. The scsi_ifsetcap calls force re-negotiations with the drive.
7667 	 * Do this before the scsi_probe, which sends an inquiry.
7668 	 * This is a fix for bug (4430280).
7669 	 * Of special importance is wide-xfer. The drive could have been left
7670 	 * in wide transfer mode by the last driver to communicate with it,
7671 	 * this includes us. If that's the case, and if the following is not
7672 	 * setup properly or we don't re-negotiate with the drive prior to
7673 	 * transferring data to/from the drive, it causes bus parity errors,
7674 	 * data overruns, and unexpected interrupts. This first occurred when
7675 	 * the fix for bug (4378686) was made.
7676 	 */
7677 	(void) scsi_ifsetcap(&devp->sd_address, "lun-reset", 0, 1);
7678 	(void) scsi_ifsetcap(&devp->sd_address, "wide-xfer", 0, 1);
7679 	(void) scsi_ifsetcap(&devp->sd_address, "tagged-qing", 0, 1);
7680 	(void) scsi_ifsetcap(&devp->sd_address, "auto-rqsense", 0, 1);
7681 
7682 	/*
7683 	 * Use scsi_probe() to issue an INQUIRY command to the device.
7684 	 * This call will allocate and fill in the scsi_inquiry structure
7685 	 * and point the sd_inq member of the scsi_device structure to it.
7686 	 * If the attach succeeds, then this memory will not be de-allocated
7687 	 * (via scsi_unprobe()) until the instance is detached.
7688 	 */
7689 	if (scsi_probe(devp, SLEEP_FUNC) != SCSIPROBE_EXISTS) {
7690 		goto probe_failed;
7691 	}
7692 
7693 	/*
7694 	 * Check the device type as specified in the inquiry data and
7695 	 * claim it if it is of a type that we support.
7696 	 */
7697 	switch (devp->sd_inq->inq_dtype) {
7698 	case DTYPE_DIRECT:
7699 		break;
7700 	case DTYPE_RODIRECT:
7701 		break;
7702 	case DTYPE_OPTICAL:
7703 		break;
7704 	case DTYPE_NOTPRESENT:
7705 	default:
7706 		/* Unsupported device type; fail the attach. */
7707 		goto probe_failed;
7708 	}
7709 
7710 	/*
7711 	 * Allocate the soft state structure for this unit.
7712 	 *
7713 	 * We rely upon this memory being set to all zeroes by
7714 	 * ddi_soft_state_zalloc().  We assume that any member of the
7715 	 * soft state structure that is not explicitly initialized by
7716 	 * this routine will have a value of zero.
7717 	 */
7718 	instance = ddi_get_instance(devp->sd_dev);
7719 	if (ddi_soft_state_zalloc(sd_state, instance) != DDI_SUCCESS) {
7720 		goto probe_failed;
7721 	}
7722 
7723 	/*
7724 	 * Retrieve a pointer to the newly-allocated soft state.
7725 	 *
7726 	 * This should NEVER fail if the ddi_soft_state_zalloc() call above
7727 	 * was successful, unless something has gone horribly wrong and the
7728 	 * ddi's soft state internals are corrupt (in which case it is
7729 	 * probably better to halt here than just fail the attach....)
7730 	 */
7731 	if ((un = ddi_get_soft_state(sd_state, instance)) == NULL) {
7732 		panic("sd_unit_attach: NULL soft state on instance:0x%x",
7733 		    instance);
7734 		/*NOTREACHED*/
7735 	}
7736 
7737 	/*
7738 	 * Link the back ptr of the driver soft state to the scsi_device
7739 	 * struct for this lun.
7740 	 * Save a pointer to the softstate in the driver-private area of
7741 	 * the scsi_device struct.
7742 	 * Note: We cannot call SD_INFO, SD_TRACE, SD_ERROR, or SD_DIAG until
7743 	 * we first set un->un_sd below.
7744 	 */
7745 	un->un_sd = devp;
7746 	devp->sd_private = (opaque_t)un;
7747 
7748 	/*
7749 	 * The following must be after devp is stored in the soft state struct.
7750 	 */
7751 #ifdef SDDEBUG
7752 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
7753 	    "%s_unit_attach: un:0x%p instance:%d\n",
7754 	    ddi_driver_name(devi), un, instance);
7755 #endif
7756 
7757 	/*
7758 	 * Set up the device type and node type (for the minor nodes).
7759 	 * By default we assume that the device can at least support the
7760 	 * Common Command Set. Call it a CD-ROM if it reports itself
7761 	 * as a RODIRECT device.
7762 	 */
7763 	switch (devp->sd_inq->inq_dtype) {
7764 	case DTYPE_RODIRECT:
7765 		un->un_node_type = DDI_NT_CD_CHAN;
7766 		un->un_ctype	 = CTYPE_CDROM;
7767 		break;
7768 	case DTYPE_OPTICAL:
7769 		un->un_node_type = DDI_NT_BLOCK_CHAN;
7770 		un->un_ctype	 = CTYPE_ROD;
7771 		break;
7772 	default:
7773 		un->un_node_type = DDI_NT_BLOCK_CHAN;
7774 		un->un_ctype	 = CTYPE_CCS;
7775 		break;
7776 	}
7777 
7778 	/*
7779 	 * Try to read the interconnect type from the HBA.
7780 	 *
7781 	 * Note: This driver is currently compiled as two binaries, a parallel
7782 	 * scsi version (sd) and a fibre channel version (ssd). All functional
7783 	 * differences are determined at compile time. In the future a single
7784 	 * binary will be provided and the inteconnect type will be used to
7785 	 * differentiate between fibre and parallel scsi behaviors. At that time
7786 	 * it will be necessary for all fibre channel HBAs to support this
7787 	 * property.
7788 	 *
7789 	 * set un_f_is_fiber to TRUE ( default fiber )
7790 	 */
7791 	un->un_f_is_fibre = TRUE;
7792 	switch (scsi_ifgetcap(SD_ADDRESS(un), "interconnect-type", -1)) {
7793 	case INTERCONNECT_SSA:
7794 		un->un_interconnect_type = SD_INTERCONNECT_SSA;
7795 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7796 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_SSA\n", un);
7797 		break;
7798 	case INTERCONNECT_PARALLEL:
7799 		un->un_f_is_fibre = FALSE;
7800 		un->un_interconnect_type = SD_INTERCONNECT_PARALLEL;
7801 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7802 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_PARALLEL\n", un);
7803 		break;
7804 	case INTERCONNECT_FIBRE:
7805 		un->un_interconnect_type = SD_INTERCONNECT_FIBRE;
7806 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7807 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_FIBRE\n", un);
7808 		break;
7809 	case INTERCONNECT_FABRIC:
7810 		un->un_interconnect_type = SD_INTERCONNECT_FABRIC;
7811 		un->un_node_type = DDI_NT_BLOCK_FABRIC;
7812 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7813 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_FABRIC\n", un);
7814 		break;
7815 	default:
7816 #ifdef SD_DEFAULT_INTERCONNECT_TYPE
7817 		/*
7818 		 * The HBA does not support the "interconnect-type" property
7819 		 * (or did not provide a recognized type).
7820 		 *
7821 		 * Note: This will be obsoleted when a single fibre channel
7822 		 * and parallel scsi driver is delivered. In the meantime the
7823 		 * interconnect type will be set to the platform default.If that
7824 		 * type is not parallel SCSI, it means that we should be
7825 		 * assuming "ssd" semantics. However, here this also means that
7826 		 * the FC HBA is not supporting the "interconnect-type" property
7827 		 * like we expect it to, so log this occurrence.
7828 		 */
7829 		un->un_interconnect_type = SD_DEFAULT_INTERCONNECT_TYPE;
7830 		if (!SD_IS_PARALLEL_SCSI(un)) {
7831 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7832 			    "sd_unit_attach: un:0x%p Assuming "
7833 			    "INTERCONNECT_FIBRE\n", un);
7834 		} else {
7835 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7836 			    "sd_unit_attach: un:0x%p Assuming "
7837 			    "INTERCONNECT_PARALLEL\n", un);
7838 			un->un_f_is_fibre = FALSE;
7839 		}
7840 #else
7841 		/*
7842 		 * Note: This source will be implemented when a single fibre
7843 		 * channel and parallel scsi driver is delivered. The default
7844 		 * will be to assume that if a device does not support the
7845 		 * "interconnect-type" property it is a parallel SCSI HBA and
7846 		 * we will set the interconnect type for parallel scsi.
7847 		 */
7848 		un->un_interconnect_type = SD_INTERCONNECT_PARALLEL;
7849 		un->un_f_is_fibre = FALSE;
7850 #endif
7851 		break;
7852 	}
7853 
7854 	if (un->un_f_is_fibre == TRUE) {
7855 		if (scsi_ifgetcap(SD_ADDRESS(un), "scsi-version", 1) ==
7856 			SCSI_VERSION_3) {
7857 			switch (un->un_interconnect_type) {
7858 			case SD_INTERCONNECT_FIBRE:
7859 			case SD_INTERCONNECT_SSA:
7860 				un->un_node_type = DDI_NT_BLOCK_WWN;
7861 				break;
7862 			default:
7863 				break;
7864 			}
7865 		}
7866 	}
7867 
7868 	/*
7869 	 * Initialize the Request Sense command for the target
7870 	 */
7871 	if (sd_alloc_rqs(devp, un) != DDI_SUCCESS) {
7872 		goto alloc_rqs_failed;
7873 	}
7874 
7875 	/*
7876 	 * Set un_retry_count with SD_RETRY_COUNT, this is ok for Sparc
7877 	 * with seperate binary for sd and ssd.
7878 	 *
7879 	 * x86 has 1 binary, un_retry_count is set base on connection type.
7880 	 * The hardcoded values will go away when Sparc uses 1 binary
7881 	 * for sd and ssd.  This hardcoded values need to match
7882 	 * SD_RETRY_COUNT in sddef.h
7883 	 * The value used is base on interconnect type.
7884 	 * fibre = 3, parallel = 5
7885 	 */
7886 #if defined(__i386) || defined(__amd64)
7887 	un->un_retry_count = un->un_f_is_fibre ? 3 : 5;
7888 #else
7889 	un->un_retry_count = SD_RETRY_COUNT;
7890 #endif
7891 
7892 	/*
7893 	 * Set the per disk retry count to the default number of retries
7894 	 * for disks and CDROMs. This value can be overridden by the
7895 	 * disk property list or an entry in sd.conf.
7896 	 */
7897 	un->un_notready_retry_count =
7898 	    ISCD(un) ? CD_NOT_READY_RETRY_COUNT(un)
7899 			: DISK_NOT_READY_RETRY_COUNT(un);
7900 
7901 	/*
7902 	 * Set the busy retry count to the default value of un_retry_count.
7903 	 * This can be overridden by entries in sd.conf or the device
7904 	 * config table.
7905 	 */
7906 	un->un_busy_retry_count = un->un_retry_count;
7907 
7908 	/*
7909 	 * Init the reset threshold for retries.  This number determines
7910 	 * how many retries must be performed before a reset can be issued
7911 	 * (for certain error conditions). This can be overridden by entries
7912 	 * in sd.conf or the device config table.
7913 	 */
7914 	un->un_reset_retry_count = (un->un_retry_count / 2);
7915 
7916 	/*
7917 	 * Set the victim_retry_count to the default un_retry_count
7918 	 */
7919 	un->un_victim_retry_count = (2 * un->un_retry_count);
7920 
7921 	/*
7922 	 * Set the reservation release timeout to the default value of
7923 	 * 5 seconds. This can be overridden by entries in ssd.conf or the
7924 	 * device config table.
7925 	 */
7926 	un->un_reserve_release_time = 5;
7927 
7928 	/*
7929 	 * Set up the default maximum transfer size. Note that this may
7930 	 * get updated later in the attach, when setting up default wide
7931 	 * operations for disks.
7932 	 */
7933 #if defined(__i386) || defined(__amd64)
7934 	un->un_max_xfer_size = (uint_t)SD_DEFAULT_MAX_XFER_SIZE;
7935 #else
7936 	un->un_max_xfer_size = (uint_t)maxphys;
7937 #endif
7938 
7939 	/*
7940 	 * Get "allow bus device reset" property (defaults to "enabled" if
7941 	 * the property was not defined). This is to disable bus resets for
7942 	 * certain kinds of error recovery. Note: In the future when a run-time
7943 	 * fibre check is available the soft state flag should default to
7944 	 * enabled.
7945 	 */
7946 	if (un->un_f_is_fibre == TRUE) {
7947 		un->un_f_allow_bus_device_reset = TRUE;
7948 	} else {
7949 		if (ddi_getprop(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS,
7950 			"allow-bus-device-reset", 1) != 0) {
7951 			un->un_f_allow_bus_device_reset = TRUE;
7952 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7953 			"sd_unit_attach: un:0x%p Bus device reset enabled\n",
7954 				un);
7955 		} else {
7956 			un->un_f_allow_bus_device_reset = FALSE;
7957 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7958 			"sd_unit_attach: un:0x%p Bus device reset disabled\n",
7959 				un);
7960 		}
7961 	}
7962 
7963 	/*
7964 	 * Check if this is an ATAPI device. ATAPI devices use Group 1
7965 	 * Read/Write commands and Group 2 Mode Sense/Select commands.
7966 	 *
7967 	 * Note: The "obsolete" way of doing this is to check for the "atapi"
7968 	 * property. The new "variant" property with a value of "atapi" has been
7969 	 * introduced so that future 'variants' of standard SCSI behavior (like
7970 	 * atapi) could be specified by the underlying HBA drivers by supplying
7971 	 * a new value for the "variant" property, instead of having to define a
7972 	 * new property.
7973 	 */
7974 	if (ddi_prop_get_int(DDI_DEV_T_ANY, devi, 0, "atapi", -1) != -1) {
7975 		un->un_f_cfg_is_atapi = TRUE;
7976 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7977 		    "sd_unit_attach: un:0x%p Atapi device\n", un);
7978 	}
7979 	if (ddi_prop_lookup_string(DDI_DEV_T_ANY, devi, 0, "variant",
7980 	    &variantp) == DDI_PROP_SUCCESS) {
7981 		if (strcmp(variantp, "atapi") == 0) {
7982 			un->un_f_cfg_is_atapi = TRUE;
7983 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7984 			    "sd_unit_attach: un:0x%p Atapi device\n", un);
7985 		}
7986 		ddi_prop_free(variantp);
7987 	}
7988 
7989 	un->un_cmd_timeout	= SD_IO_TIME;
7990 
7991 	/* Info on current states, statuses, etc. (Updated frequently) */
7992 	un->un_state		= SD_STATE_NORMAL;
7993 	un->un_last_state	= SD_STATE_NORMAL;
7994 
7995 	/* Control & status info for command throttling */
7996 	un->un_throttle		= sd_max_throttle;
7997 	un->un_saved_throttle	= sd_max_throttle;
7998 	un->un_min_throttle	= sd_min_throttle;
7999 
8000 	if (un->un_f_is_fibre == TRUE) {
8001 		un->un_f_use_adaptive_throttle = TRUE;
8002 	} else {
8003 		un->un_f_use_adaptive_throttle = FALSE;
8004 	}
8005 
8006 	/* Removable media support. */
8007 	cv_init(&un->un_state_cv, NULL, CV_DRIVER, NULL);
8008 	un->un_mediastate		= DKIO_NONE;
8009 	un->un_specified_mediastate	= DKIO_NONE;
8010 
8011 	/* CVs for suspend/resume (PM or DR) */
8012 	cv_init(&un->un_suspend_cv,   NULL, CV_DRIVER, NULL);
8013 	cv_init(&un->un_disk_busy_cv, NULL, CV_DRIVER, NULL);
8014 
8015 	/* Power management support. */
8016 	un->un_power_level = SD_SPINDLE_UNINIT;
8017 
8018 	cv_init(&un->un_wcc_cv,   NULL, CV_DRIVER, NULL);
8019 	un->un_f_wcc_inprog = 0;
8020 
8021 	/*
8022 	 * The open/close semaphore is used to serialize threads executing
8023 	 * in the driver's open & close entry point routines for a given
8024 	 * instance.
8025 	 */
8026 	(void) sema_init(&un->un_semoclose, 1, NULL, SEMA_DRIVER, NULL);
8027 
8028 	/*
8029 	 * The conf file entry and softstate variable is a forceful override,
8030 	 * meaning a non-zero value must be entered to change the default.
8031 	 */
8032 	un->un_f_disksort_disabled = FALSE;
8033 
8034 	/*
8035 	 * Retrieve the properties from the static driver table or the driver
8036 	 * configuration file (.conf) for this unit and update the soft state
8037 	 * for the device as needed for the indicated properties.
8038 	 * Note: the property configuration needs to occur here as some of the
8039 	 * following routines may have dependancies on soft state flags set
8040 	 * as part of the driver property configuration.
8041 	 */
8042 	sd_read_unit_properties(un);
8043 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8044 	    "sd_unit_attach: un:0x%p property configuration complete.\n", un);
8045 
8046 	/*
8047 	 * Only if a device has "hotpluggable" property, it is
8048 	 * treated as hotpluggable device. Otherwise, it is
8049 	 * regarded as non-hotpluggable one.
8050 	 */
8051 	if (ddi_prop_get_int(DDI_DEV_T_ANY, devi, 0, "hotpluggable",
8052 	    -1) != -1) {
8053 		un->un_f_is_hotpluggable = TRUE;
8054 	}
8055 
8056 	/*
8057 	 * set unit's attributes(flags) according to "hotpluggable" and
8058 	 * RMB bit in INQUIRY data.
8059 	 */
8060 	sd_set_unit_attributes(un, devi);
8061 
8062 	/*
8063 	 * By default, we mark the capacity, lbasize, and geometry
8064 	 * as invalid. Only if we successfully read a valid capacity
8065 	 * will we update the un_blockcount and un_tgt_blocksize with the
8066 	 * valid values (the geometry will be validated later).
8067 	 */
8068 	un->un_f_blockcount_is_valid	= FALSE;
8069 	un->un_f_tgt_blocksize_is_valid	= FALSE;
8070 	un->un_f_geometry_is_valid	= FALSE;
8071 
8072 	/*
8073 	 * Use DEV_BSIZE and DEV_BSHIFT as defaults, until we can determine
8074 	 * otherwise.
8075 	 */
8076 	un->un_tgt_blocksize  = un->un_sys_blocksize  = DEV_BSIZE;
8077 	un->un_blockcount = 0;
8078 
8079 	/*
8080 	 * Set up the per-instance info needed to determine the correct
8081 	 * CDBs and other info for issuing commands to the target.
8082 	 */
8083 	sd_init_cdb_limits(un);
8084 
8085 	/*
8086 	 * Set up the IO chains to use, based upon the target type.
8087 	 */
8088 	if (un->un_f_non_devbsize_supported) {
8089 		un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA;
8090 	} else {
8091 		un->un_buf_chain_type = SD_CHAIN_INFO_DISK;
8092 	}
8093 	un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD;
8094 	un->un_direct_chain_type = SD_CHAIN_INFO_DIRECT_CMD;
8095 	un->un_priority_chain_type = SD_CHAIN_INFO_PRIORITY_CMD;
8096 
8097 	un->un_xbuf_attr = ddi_xbuf_attr_create(sizeof (struct sd_xbuf),
8098 	    sd_xbuf_strategy, un, sd_xbuf_active_limit,  sd_xbuf_reserve_limit,
8099 	    ddi_driver_major(devi), DDI_XBUF_QTHREAD_DRIVER);
8100 	ddi_xbuf_attr_register_devinfo(un->un_xbuf_attr, devi);
8101 
8102 
8103 	if (ISCD(un)) {
8104 		un->un_additional_codes = sd_additional_codes;
8105 	} else {
8106 		un->un_additional_codes = NULL;
8107 	}
8108 
8109 	/*
8110 	 * Create the kstats here so they can be available for attach-time
8111 	 * routines that send commands to the unit (either polled or via
8112 	 * sd_send_scsi_cmd).
8113 	 *
8114 	 * Note: This is a critical sequence that needs to be maintained:
8115 	 *	1) Instantiate the kstats here, before any routines using the
8116 	 *	   iopath (i.e. sd_send_scsi_cmd).
8117 	 *	2) Initialize the error stats (sd_set_errstats) and partition
8118 	 *	   stats (sd_set_pstats), following sd_validate_geometry(),
8119 	 *	   sd_register_devid(), and sd_cache_control().
8120 	 */
8121 
8122 	un->un_stats = kstat_create(sd_label, instance,
8123 	    NULL, "disk", KSTAT_TYPE_IO, 1, KSTAT_FLAG_PERSISTENT);
8124 	if (un->un_stats != NULL) {
8125 		un->un_stats->ks_lock = SD_MUTEX(un);
8126 		kstat_install(un->un_stats);
8127 	}
8128 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8129 	    "sd_unit_attach: un:0x%p un_stats created\n", un);
8130 
8131 	sd_create_errstats(un, instance);
8132 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8133 	    "sd_unit_attach: un:0x%p errstats created\n", un);
8134 
8135 	/*
8136 	 * The following if/else code was relocated here from below as part
8137 	 * of the fix for bug (4430280). However with the default setup added
8138 	 * on entry to this routine, it's no longer absolutely necessary for
8139 	 * this to be before the call to sd_spin_up_unit.
8140 	 */
8141 	if (SD_IS_PARALLEL_SCSI(un)) {
8142 		/*
8143 		 * If SCSI-2 tagged queueing is supported by the target
8144 		 * and by the host adapter then we will enable it.
8145 		 */
8146 		un->un_tagflags = 0;
8147 		if ((devp->sd_inq->inq_rdf == RDF_SCSI2) &&
8148 		    (devp->sd_inq->inq_cmdque) &&
8149 		    (un->un_f_arq_enabled == TRUE)) {
8150 			if (scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing",
8151 			    1, 1) == 1) {
8152 				un->un_tagflags = FLAG_STAG;
8153 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8154 				    "sd_unit_attach: un:0x%p tag queueing "
8155 				    "enabled\n", un);
8156 			} else if (scsi_ifgetcap(SD_ADDRESS(un),
8157 			    "untagged-qing", 0) == 1) {
8158 				un->un_f_opt_queueing = TRUE;
8159 				un->un_saved_throttle = un->un_throttle =
8160 				    min(un->un_throttle, 3);
8161 			} else {
8162 				un->un_f_opt_queueing = FALSE;
8163 				un->un_saved_throttle = un->un_throttle = 1;
8164 			}
8165 		} else if ((scsi_ifgetcap(SD_ADDRESS(un), "untagged-qing", 0)
8166 		    == 1) && (un->un_f_arq_enabled == TRUE)) {
8167 			/* The Host Adapter supports internal queueing. */
8168 			un->un_f_opt_queueing = TRUE;
8169 			un->un_saved_throttle = un->un_throttle =
8170 			    min(un->un_throttle, 3);
8171 		} else {
8172 			un->un_f_opt_queueing = FALSE;
8173 			un->un_saved_throttle = un->un_throttle = 1;
8174 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8175 			    "sd_unit_attach: un:0x%p no tag queueing\n", un);
8176 		}
8177 
8178 
8179 		/* Setup or tear down default wide operations for disks */
8180 
8181 		/*
8182 		 * Note: Legacy: it may be possible for both "sd_max_xfer_size"
8183 		 * and "ssd_max_xfer_size" to exist simultaneously on the same
8184 		 * system and be set to different values. In the future this
8185 		 * code may need to be updated when the ssd module is
8186 		 * obsoleted and removed from the system. (4299588)
8187 		 */
8188 		if ((devp->sd_inq->inq_rdf == RDF_SCSI2) &&
8189 		    (devp->sd_inq->inq_wbus16 || devp->sd_inq->inq_wbus32)) {
8190 			if (scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer",
8191 			    1, 1) == 1) {
8192 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8193 				    "sd_unit_attach: un:0x%p Wide Transfer "
8194 				    "enabled\n", un);
8195 			}
8196 
8197 			/*
8198 			 * If tagged queuing has also been enabled, then
8199 			 * enable large xfers
8200 			 */
8201 			if (un->un_saved_throttle == sd_max_throttle) {
8202 				un->un_max_xfer_size =
8203 				    ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8204 				    sd_max_xfer_size, SD_MAX_XFER_SIZE);
8205 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8206 				    "sd_unit_attach: un:0x%p max transfer "
8207 				    "size=0x%x\n", un, un->un_max_xfer_size);
8208 			}
8209 		} else {
8210 			if (scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer",
8211 			    0, 1) == 1) {
8212 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8213 				    "sd_unit_attach: un:0x%p "
8214 				    "Wide Transfer disabled\n", un);
8215 			}
8216 		}
8217 	} else {
8218 		un->un_tagflags = FLAG_STAG;
8219 		un->un_max_xfer_size = ddi_getprop(DDI_DEV_T_ANY,
8220 		    devi, 0, sd_max_xfer_size, SD_MAX_XFER_SIZE);
8221 	}
8222 
8223 	/*
8224 	 * If this target supports LUN reset, try to enable it.
8225 	 */
8226 	if (un->un_f_lun_reset_enabled) {
8227 		if (scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 1, 1) == 1) {
8228 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_unit_attach: "
8229 			    "un:0x%p lun_reset capability set\n", un);
8230 		} else {
8231 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_unit_attach: "
8232 			    "un:0x%p lun-reset capability not set\n", un);
8233 		}
8234 	}
8235 
8236 	/*
8237 	 * At this point in the attach, we have enough info in the
8238 	 * soft state to be able to issue commands to the target.
8239 	 *
8240 	 * All command paths used below MUST issue their commands as
8241 	 * SD_PATH_DIRECT. This is important as intermediate layers
8242 	 * are not all initialized yet (such as PM).
8243 	 */
8244 
8245 	/*
8246 	 * Send a TEST UNIT READY command to the device. This should clear
8247 	 * any outstanding UNIT ATTENTION that may be present.
8248 	 *
8249 	 * Note: Don't check for success, just track if there is a reservation,
8250 	 * this is a throw away command to clear any unit attentions.
8251 	 *
8252 	 * Note: This MUST be the first command issued to the target during
8253 	 * attach to ensure power on UNIT ATTENTIONS are cleared.
8254 	 * Pass in flag SD_DONT_RETRY_TUR to prevent the long delays associated
8255 	 * with attempts at spinning up a device with no media.
8256 	 */
8257 	if (sd_send_scsi_TEST_UNIT_READY(un, SD_DONT_RETRY_TUR) == EACCES) {
8258 		reservation_flag = SD_TARGET_IS_RESERVED;
8259 	}
8260 
8261 	/*
8262 	 * If the device is NOT a removable media device, attempt to spin
8263 	 * it up (using the START_STOP_UNIT command) and read its capacity
8264 	 * (using the READ CAPACITY command).  Note, however, that either
8265 	 * of these could fail and in some cases we would continue with
8266 	 * the attach despite the failure (see below).
8267 	 */
8268 	if (un->un_f_descr_format_supported) {
8269 		switch (sd_spin_up_unit(un)) {
8270 		case 0:
8271 			/*
8272 			 * Spin-up was successful; now try to read the
8273 			 * capacity.  If successful then save the results
8274 			 * and mark the capacity & lbasize as valid.
8275 			 */
8276 			SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8277 			    "sd_unit_attach: un:0x%p spin-up successful\n", un);
8278 
8279 			switch (sd_send_scsi_READ_CAPACITY(un, &capacity,
8280 			    &lbasize, SD_PATH_DIRECT)) {
8281 			case 0: {
8282 				if (capacity > DK_MAX_BLOCKS) {
8283 #ifdef _LP64
8284 					if (capacity + 1 >
8285 					    SD_GROUP1_MAX_ADDRESS) {
8286 						/*
8287 						 * Enable descriptor format
8288 						 * sense data so that we can
8289 						 * get 64 bit sense data
8290 						 * fields.
8291 						 */
8292 						sd_enable_descr_sense(un);
8293 					}
8294 #else
8295 					/* 32-bit kernels can't handle this */
8296 					scsi_log(SD_DEVINFO(un),
8297 					    sd_label, CE_WARN,
8298 					    "disk has %llu blocks, which "
8299 					    "is too large for a 32-bit "
8300 					    "kernel", capacity);
8301 					goto spinup_failed;
8302 #endif
8303 				}
8304 
8305 				/*
8306 				 * Here it's not necessary to check the case:
8307 				 * the capacity of the device is bigger than
8308 				 * what the max hba cdb can support. Because
8309 				 * sd_send_scsi_READ_CAPACITY will retrieve
8310 				 * the capacity by sending USCSI command, which
8311 				 * is constrained by the max hba cdb. Actually,
8312 				 * sd_send_scsi_READ_CAPACITY will return
8313 				 * EINVAL when using bigger cdb than required
8314 				 * cdb length. Will handle this case in
8315 				 * "case EINVAL".
8316 				 */
8317 
8318 				/*
8319 				 * The following relies on
8320 				 * sd_send_scsi_READ_CAPACITY never
8321 				 * returning 0 for capacity and/or lbasize.
8322 				 */
8323 				sd_update_block_info(un, lbasize, capacity);
8324 
8325 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8326 				    "sd_unit_attach: un:0x%p capacity = %ld "
8327 				    "blocks; lbasize= %ld.\n", un,
8328 				    un->un_blockcount, un->un_tgt_blocksize);
8329 
8330 				break;
8331 			}
8332 			case EINVAL:
8333 				/*
8334 				 * In the case where the max-cdb-length property
8335 				 * is smaller than the required CDB length for
8336 				 * a SCSI device, a target driver can fail to
8337 				 * attach to that device.
8338 				 */
8339 				scsi_log(SD_DEVINFO(un),
8340 				    sd_label, CE_WARN,
8341 				    "disk capacity is too large "
8342 				    "for current cdb length");
8343 				goto spinup_failed;
8344 			case EACCES:
8345 				/*
8346 				 * Should never get here if the spin-up
8347 				 * succeeded, but code it in anyway.
8348 				 * From here, just continue with the attach...
8349 				 */
8350 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8351 				    "sd_unit_attach: un:0x%p "
8352 				    "sd_send_scsi_READ_CAPACITY "
8353 				    "returned reservation conflict\n", un);
8354 				reservation_flag = SD_TARGET_IS_RESERVED;
8355 				break;
8356 			default:
8357 				/*
8358 				 * Likewise, should never get here if the
8359 				 * spin-up succeeded. Just continue with
8360 				 * the attach...
8361 				 */
8362 				break;
8363 			}
8364 			break;
8365 		case EACCES:
8366 			/*
8367 			 * Device is reserved by another host.  In this case
8368 			 * we could not spin it up or read the capacity, but
8369 			 * we continue with the attach anyway.
8370 			 */
8371 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8372 			    "sd_unit_attach: un:0x%p spin-up reservation "
8373 			    "conflict.\n", un);
8374 			reservation_flag = SD_TARGET_IS_RESERVED;
8375 			break;
8376 		default:
8377 			/* Fail the attach if the spin-up failed. */
8378 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8379 			    "sd_unit_attach: un:0x%p spin-up failed.", un);
8380 			goto spinup_failed;
8381 		}
8382 	}
8383 
8384 	/*
8385 	 * Check to see if this is a MMC drive
8386 	 */
8387 	if (ISCD(un)) {
8388 		sd_set_mmc_caps(un);
8389 	}
8390 
8391 	/*
8392 	 * Create the minor nodes for the device.
8393 	 * Note: If we want to support fdisk on both sparc and intel, this will
8394 	 * have to separate out the notion that VTOC8 is always sparc, and
8395 	 * VTOC16 is always intel (tho these can be the defaults).  The vtoc
8396 	 * type will have to be determined at run-time, and the fdisk
8397 	 * partitioning will have to have been read & set up before we
8398 	 * create the minor nodes. (any other inits (such as kstats) that
8399 	 * also ought to be done before creating the minor nodes?) (Doesn't
8400 	 * setting up the minor nodes kind of imply that we're ready to
8401 	 * handle an open from userland?)
8402 	 */
8403 	if (sd_create_minor_nodes(un, devi) != DDI_SUCCESS) {
8404 		goto create_minor_nodes_failed;
8405 	}
8406 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8407 	    "sd_unit_attach: un:0x%p minor nodes created\n", un);
8408 
8409 	/*
8410 	 * Add a zero-length attribute to tell the world we support
8411 	 * kernel ioctls (for layered drivers)
8412 	 */
8413 	(void) ddi_prop_create(DDI_DEV_T_NONE, devi, DDI_PROP_CANSLEEP,
8414 	    DDI_KERNEL_IOCTL, NULL, 0);
8415 
8416 	/*
8417 	 * Add a boolean property to tell the world we support
8418 	 * the B_FAILFAST flag (for layered drivers)
8419 	 */
8420 	(void) ddi_prop_create(DDI_DEV_T_NONE, devi, DDI_PROP_CANSLEEP,
8421 	    "ddi-failfast-supported", NULL, 0);
8422 
8423 	/*
8424 	 * Initialize power management
8425 	 */
8426 	mutex_init(&un->un_pm_mutex, NULL, MUTEX_DRIVER, NULL);
8427 	cv_init(&un->un_pm_busy_cv, NULL, CV_DRIVER, NULL);
8428 	sd_setup_pm(un, devi);
8429 	if (un->un_f_pm_is_enabled == FALSE) {
8430 		/*
8431 		 * For performance, point to a jump table that does
8432 		 * not include pm.
8433 		 * The direct and priority chains don't change with PM.
8434 		 *
8435 		 * Note: this is currently done based on individual device
8436 		 * capabilities. When an interface for determining system
8437 		 * power enabled state becomes available, or when additional
8438 		 * layers are added to the command chain, these values will
8439 		 * have to be re-evaluated for correctness.
8440 		 */
8441 		if (un->un_f_non_devbsize_supported) {
8442 			un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA_NO_PM;
8443 		} else {
8444 			un->un_buf_chain_type = SD_CHAIN_INFO_DISK_NO_PM;
8445 		}
8446 		un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD_NO_PM;
8447 	}
8448 
8449 	/*
8450 	 * This property is set to 0 by HA software to avoid retries
8451 	 * on a reserved disk. (The preferred property name is
8452 	 * "retry-on-reservation-conflict") (1189689)
8453 	 *
8454 	 * Note: The use of a global here can have unintended consequences. A
8455 	 * per instance variable is preferrable to match the capabilities of
8456 	 * different underlying hba's (4402600)
8457 	 */
8458 	sd_retry_on_reservation_conflict = ddi_getprop(DDI_DEV_T_ANY, devi,
8459 	    DDI_PROP_DONTPASS, "retry-on-reservation-conflict",
8460 	    sd_retry_on_reservation_conflict);
8461 	if (sd_retry_on_reservation_conflict != 0) {
8462 		sd_retry_on_reservation_conflict = ddi_getprop(DDI_DEV_T_ANY,
8463 		    devi, DDI_PROP_DONTPASS, sd_resv_conflict_name,
8464 		    sd_retry_on_reservation_conflict);
8465 	}
8466 
8467 	/* Set up options for QFULL handling. */
8468 	if ((rval = ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8469 	    "qfull-retries", -1)) != -1) {
8470 		(void) scsi_ifsetcap(SD_ADDRESS(un), "qfull-retries",
8471 		    rval, 1);
8472 	}
8473 	if ((rval = ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8474 	    "qfull-retry-interval", -1)) != -1) {
8475 		(void) scsi_ifsetcap(SD_ADDRESS(un), "qfull-retry-interval",
8476 		    rval, 1);
8477 	}
8478 
8479 	/*
8480 	 * This just prints a message that announces the existence of the
8481 	 * device. The message is always printed in the system logfile, but
8482 	 * only appears on the console if the system is booted with the
8483 	 * -v (verbose) argument.
8484 	 */
8485 	ddi_report_dev(devi);
8486 
8487 	/*
8488 	 * The framework calls driver attach routines single-threaded
8489 	 * for a given instance.  However we still acquire SD_MUTEX here
8490 	 * because this required for calling the sd_validate_geometry()
8491 	 * and sd_register_devid() functions.
8492 	 */
8493 	mutex_enter(SD_MUTEX(un));
8494 	un->un_f_geometry_is_valid = FALSE;
8495 	un->un_mediastate = DKIO_NONE;
8496 	un->un_reserved = -1;
8497 
8498 	/*
8499 	 * Read and validate the device's geometry (ie, disk label)
8500 	 * A new unformatted drive will not have a valid geometry, but
8501 	 * the driver needs to successfully attach to this device so
8502 	 * the drive can be formatted via ioctls.
8503 	 */
8504 	if (((sd_validate_geometry(un, SD_PATH_DIRECT) ==
8505 	    ENOTSUP)) &&
8506 	    (un->un_blockcount < DK_MAX_BLOCKS)) {
8507 		/*
8508 		 * We found a small disk with an EFI label on it;
8509 		 * we need to fix up the minor nodes accordingly.
8510 		 */
8511 		ddi_remove_minor_node(devi, "h");
8512 		ddi_remove_minor_node(devi, "h,raw");
8513 		(void) ddi_create_minor_node(devi, "wd",
8514 		    S_IFBLK,
8515 		    (instance << SDUNIT_SHIFT) | WD_NODE,
8516 		    un->un_node_type, NULL);
8517 		(void) ddi_create_minor_node(devi, "wd,raw",
8518 		    S_IFCHR,
8519 		    (instance << SDUNIT_SHIFT) | WD_NODE,
8520 		    un->un_node_type, NULL);
8521 	}
8522 
8523 	/*
8524 	 * Read and initialize the devid for the unit.
8525 	 */
8526 	ASSERT(un->un_errstats != NULL);
8527 	if (un->un_f_devid_supported) {
8528 		sd_register_devid(un, devi, reservation_flag);
8529 	}
8530 	mutex_exit(SD_MUTEX(un));
8531 
8532 #if (defined(__fibre))
8533 	/*
8534 	 * Register callbacks for fibre only.  You can't do this soley
8535 	 * on the basis of the devid_type because this is hba specific.
8536 	 * We need to query our hba capabilities to find out whether to
8537 	 * register or not.
8538 	 */
8539 	if (un->un_f_is_fibre) {
8540 	    if (strcmp(un->un_node_type, DDI_NT_BLOCK_CHAN)) {
8541 		sd_init_event_callbacks(un);
8542 		SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8543 		    "sd_unit_attach: un:0x%p event callbacks inserted", un);
8544 	    }
8545 	}
8546 #endif
8547 
8548 	if (un->un_f_opt_disable_cache == TRUE) {
8549 		/*
8550 		 * Disable both read cache and write cache.  This is
8551 		 * the historic behavior of the keywords in the config file.
8552 		 */
8553 		if (sd_cache_control(un, SD_CACHE_DISABLE, SD_CACHE_DISABLE) !=
8554 		    0) {
8555 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8556 			    "sd_unit_attach: un:0x%p Could not disable "
8557 			    "caching", un);
8558 			goto devid_failed;
8559 		}
8560 	}
8561 
8562 	/*
8563 	 * Check the value of the WCE bit now and
8564 	 * set un_f_write_cache_enabled accordingly.
8565 	 */
8566 	(void) sd_get_write_cache_enabled(un, &wc_enabled);
8567 	mutex_enter(SD_MUTEX(un));
8568 	un->un_f_write_cache_enabled = (wc_enabled != 0);
8569 	mutex_exit(SD_MUTEX(un));
8570 
8571 	/*
8572 	 * Set the pstat and error stat values here, so data obtained during the
8573 	 * previous attach-time routines is available.
8574 	 *
8575 	 * Note: This is a critical sequence that needs to be maintained:
8576 	 *	1) Instantiate the kstats before any routines using the iopath
8577 	 *	   (i.e. sd_send_scsi_cmd).
8578 	 *	2) Initialize the error stats (sd_set_errstats) and partition
8579 	 *	   stats (sd_set_pstats)here, following sd_validate_geometry(),
8580 	 *	   sd_register_devid(), and sd_cache_control().
8581 	 */
8582 	if (un->un_f_pkstats_enabled) {
8583 		sd_set_pstats(un);
8584 		SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8585 		    "sd_unit_attach: un:0x%p pstats created and set\n", un);
8586 	}
8587 
8588 	sd_set_errstats(un);
8589 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8590 	    "sd_unit_attach: un:0x%p errstats set\n", un);
8591 
8592 	/*
8593 	 * Find out what type of reservation this disk supports.
8594 	 */
8595 	switch (sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_KEYS, 0, NULL)) {
8596 	case 0:
8597 		/*
8598 		 * SCSI-3 reservations are supported.
8599 		 */
8600 		un->un_reservation_type = SD_SCSI3_RESERVATION;
8601 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8602 		    "sd_unit_attach: un:0x%p SCSI-3 reservations\n", un);
8603 		break;
8604 	case ENOTSUP:
8605 		/*
8606 		 * The PERSISTENT RESERVE IN command would not be recognized by
8607 		 * a SCSI-2 device, so assume the reservation type is SCSI-2.
8608 		 */
8609 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8610 		    "sd_unit_attach: un:0x%p SCSI-2 reservations\n", un);
8611 		un->un_reservation_type = SD_SCSI2_RESERVATION;
8612 		break;
8613 	default:
8614 		/*
8615 		 * default to SCSI-3 reservations
8616 		 */
8617 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8618 		    "sd_unit_attach: un:0x%p default SCSI3 reservations\n", un);
8619 		un->un_reservation_type = SD_SCSI3_RESERVATION;
8620 		break;
8621 	}
8622 
8623 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8624 	    "sd_unit_attach: un:0x%p exit success\n", un);
8625 
8626 	return (DDI_SUCCESS);
8627 
8628 	/*
8629 	 * An error occurred during the attach; clean up & return failure.
8630 	 */
8631 
8632 devid_failed:
8633 
8634 setup_pm_failed:
8635 	ddi_remove_minor_node(devi, NULL);
8636 
8637 create_minor_nodes_failed:
8638 	/*
8639 	 * Cleanup from the scsi_ifsetcap() calls (437868)
8640 	 */
8641 	(void) scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 0, 1);
8642 	(void) scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer", 0, 1);
8643 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
8644 
8645 	if (un->un_f_is_fibre == FALSE) {
8646 	    (void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 0, 1);
8647 	}
8648 
8649 spinup_failed:
8650 
8651 	mutex_enter(SD_MUTEX(un));
8652 
8653 	/* Cancel callback for SD_PATH_DIRECT_PRIORITY cmd. restart */
8654 	if (un->un_direct_priority_timeid != NULL) {
8655 		timeout_id_t temp_id = un->un_direct_priority_timeid;
8656 		un->un_direct_priority_timeid = NULL;
8657 		mutex_exit(SD_MUTEX(un));
8658 		(void) untimeout(temp_id);
8659 		mutex_enter(SD_MUTEX(un));
8660 	}
8661 
8662 	/* Cancel any pending start/stop timeouts */
8663 	if (un->un_startstop_timeid != NULL) {
8664 		timeout_id_t temp_id = un->un_startstop_timeid;
8665 		un->un_startstop_timeid = NULL;
8666 		mutex_exit(SD_MUTEX(un));
8667 		(void) untimeout(temp_id);
8668 		mutex_enter(SD_MUTEX(un));
8669 	}
8670 
8671 	/* Cancel any pending reset-throttle timeouts */
8672 	if (un->un_reset_throttle_timeid != NULL) {
8673 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
8674 		un->un_reset_throttle_timeid = NULL;
8675 		mutex_exit(SD_MUTEX(un));
8676 		(void) untimeout(temp_id);
8677 		mutex_enter(SD_MUTEX(un));
8678 	}
8679 
8680 	/* Cancel any pending retry timeouts */
8681 	if (un->un_retry_timeid != NULL) {
8682 		timeout_id_t temp_id = un->un_retry_timeid;
8683 		un->un_retry_timeid = NULL;
8684 		mutex_exit(SD_MUTEX(un));
8685 		(void) untimeout(temp_id);
8686 		mutex_enter(SD_MUTEX(un));
8687 	}
8688 
8689 	/* Cancel any pending delayed cv broadcast timeouts */
8690 	if (un->un_dcvb_timeid != NULL) {
8691 		timeout_id_t temp_id = un->un_dcvb_timeid;
8692 		un->un_dcvb_timeid = NULL;
8693 		mutex_exit(SD_MUTEX(un));
8694 		(void) untimeout(temp_id);
8695 		mutex_enter(SD_MUTEX(un));
8696 	}
8697 
8698 	mutex_exit(SD_MUTEX(un));
8699 
8700 	/* There should not be any in-progress I/O so ASSERT this check */
8701 	ASSERT(un->un_ncmds_in_transport == 0);
8702 	ASSERT(un->un_ncmds_in_driver == 0);
8703 
8704 	/* Do not free the softstate if the callback routine is active */
8705 	sd_sync_with_callback(un);
8706 
8707 	/*
8708 	 * Partition stats apparently are not used with removables. These would
8709 	 * not have been created during attach, so no need to clean them up...
8710 	 */
8711 	if (un->un_stats != NULL) {
8712 		kstat_delete(un->un_stats);
8713 		un->un_stats = NULL;
8714 	}
8715 	if (un->un_errstats != NULL) {
8716 		kstat_delete(un->un_errstats);
8717 		un->un_errstats = NULL;
8718 	}
8719 
8720 	ddi_xbuf_attr_unregister_devinfo(un->un_xbuf_attr, devi);
8721 	ddi_xbuf_attr_destroy(un->un_xbuf_attr);
8722 
8723 	ddi_prop_remove_all(devi);
8724 	sema_destroy(&un->un_semoclose);
8725 	cv_destroy(&un->un_state_cv);
8726 
8727 getrbuf_failed:
8728 
8729 	sd_free_rqs(un);
8730 
8731 alloc_rqs_failed:
8732 
8733 	devp->sd_private = NULL;
8734 	bzero(un, sizeof (struct sd_lun));	/* Clear any stale data! */
8735 
8736 get_softstate_failed:
8737 	/*
8738 	 * Note: the man pages are unclear as to whether or not doing a
8739 	 * ddi_soft_state_free(sd_state, instance) is the right way to
8740 	 * clean up after the ddi_soft_state_zalloc() if the subsequent
8741 	 * ddi_get_soft_state() fails.  The implication seems to be
8742 	 * that the get_soft_state cannot fail if the zalloc succeeds.
8743 	 */
8744 	ddi_soft_state_free(sd_state, instance);
8745 
8746 probe_failed:
8747 	scsi_unprobe(devp);
8748 #ifdef SDDEBUG
8749 	if ((sd_component_mask & SD_LOG_ATTACH_DETACH) &&
8750 	    (sd_level_mask & SD_LOGMASK_TRACE)) {
8751 		cmn_err(CE_CONT, "sd_unit_attach: un:0x%p exit failure\n",
8752 		    (void *)un);
8753 	}
8754 #endif
8755 	return (DDI_FAILURE);
8756 }
8757 
8758 
8759 /*
8760  *    Function: sd_unit_detach
8761  *
8762  * Description: Performs DDI_DETACH processing for sddetach().
8763  *
8764  * Return Code: DDI_SUCCESS
8765  *		DDI_FAILURE
8766  *
8767  *     Context: Kernel thread context
8768  */
8769 
8770 static int
8771 sd_unit_detach(dev_info_t *devi)
8772 {
8773 	struct scsi_device	*devp;
8774 	struct sd_lun		*un;
8775 	int			i;
8776 	dev_t			dev;
8777 	int			instance = ddi_get_instance(devi);
8778 
8779 	mutex_enter(&sd_detach_mutex);
8780 
8781 	/*
8782 	 * Fail the detach for any of the following:
8783 	 *  - Unable to get the sd_lun struct for the instance
8784 	 *  - A layered driver has an outstanding open on the instance
8785 	 *  - Another thread is already detaching this instance
8786 	 *  - Another thread is currently performing an open
8787 	 */
8788 	devp = ddi_get_driver_private(devi);
8789 	if ((devp == NULL) ||
8790 	    ((un = (struct sd_lun *)devp->sd_private) == NULL) ||
8791 	    (un->un_ncmds_in_driver != 0) || (un->un_layer_count != 0) ||
8792 	    (un->un_detach_count != 0) || (un->un_opens_in_progress != 0)) {
8793 		mutex_exit(&sd_detach_mutex);
8794 		return (DDI_FAILURE);
8795 	}
8796 
8797 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_unit_detach: entry 0x%p\n", un);
8798 
8799 	/*
8800 	 * Mark this instance as currently in a detach, to inhibit any
8801 	 * opens from a layered driver.
8802 	 */
8803 	un->un_detach_count++;
8804 	mutex_exit(&sd_detach_mutex);
8805 
8806 	dev = sd_make_device(SD_DEVINFO(un));
8807 
8808 	_NOTE(COMPETING_THREADS_NOW);
8809 
8810 	mutex_enter(SD_MUTEX(un));
8811 
8812 	/*
8813 	 * Fail the detach if there are any outstanding layered
8814 	 * opens on this device.
8815 	 */
8816 	for (i = 0; i < NDKMAP; i++) {
8817 		if (un->un_ocmap.lyropen[i] != 0) {
8818 			goto err_notclosed;
8819 		}
8820 	}
8821 
8822 	/*
8823 	 * Verify there are NO outstanding commands issued to this device.
8824 	 * ie, un_ncmds_in_transport == 0.
8825 	 * It's possible to have outstanding commands through the physio
8826 	 * code path, even though everything's closed.
8827 	 */
8828 	if ((un->un_ncmds_in_transport != 0) || (un->un_retry_timeid != NULL) ||
8829 	    (un->un_direct_priority_timeid != NULL) ||
8830 	    (un->un_state == SD_STATE_RWAIT)) {
8831 		mutex_exit(SD_MUTEX(un));
8832 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8833 		    "sd_dr_detach: Detach failure due to outstanding cmds\n");
8834 		goto err_stillbusy;
8835 	}
8836 
8837 	/*
8838 	 * If we have the device reserved, release the reservation.
8839 	 */
8840 	if ((un->un_resvd_status & SD_RESERVE) &&
8841 	    !(un->un_resvd_status & SD_LOST_RESERVE)) {
8842 		mutex_exit(SD_MUTEX(un));
8843 		/*
8844 		 * Note: sd_reserve_release sends a command to the device
8845 		 * via the sd_ioctlcmd() path, and can sleep.
8846 		 */
8847 		if (sd_reserve_release(dev, SD_RELEASE) != 0) {
8848 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8849 			    "sd_dr_detach: Cannot release reservation \n");
8850 		}
8851 	} else {
8852 		mutex_exit(SD_MUTEX(un));
8853 	}
8854 
8855 	/*
8856 	 * Untimeout any reserve recover, throttle reset, restart unit
8857 	 * and delayed broadcast timeout threads. Protect the timeout pointer
8858 	 * from getting nulled by their callback functions.
8859 	 */
8860 	mutex_enter(SD_MUTEX(un));
8861 	if (un->un_resvd_timeid != NULL) {
8862 		timeout_id_t temp_id = un->un_resvd_timeid;
8863 		un->un_resvd_timeid = NULL;
8864 		mutex_exit(SD_MUTEX(un));
8865 		(void) untimeout(temp_id);
8866 		mutex_enter(SD_MUTEX(un));
8867 	}
8868 
8869 	if (un->un_reset_throttle_timeid != NULL) {
8870 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
8871 		un->un_reset_throttle_timeid = NULL;
8872 		mutex_exit(SD_MUTEX(un));
8873 		(void) untimeout(temp_id);
8874 		mutex_enter(SD_MUTEX(un));
8875 	}
8876 
8877 	if (un->un_startstop_timeid != NULL) {
8878 		timeout_id_t temp_id = un->un_startstop_timeid;
8879 		un->un_startstop_timeid = NULL;
8880 		mutex_exit(SD_MUTEX(un));
8881 		(void) untimeout(temp_id);
8882 		mutex_enter(SD_MUTEX(un));
8883 	}
8884 
8885 	if (un->un_dcvb_timeid != NULL) {
8886 		timeout_id_t temp_id = un->un_dcvb_timeid;
8887 		un->un_dcvb_timeid = NULL;
8888 		mutex_exit(SD_MUTEX(un));
8889 		(void) untimeout(temp_id);
8890 	} else {
8891 		mutex_exit(SD_MUTEX(un));
8892 	}
8893 
8894 	/* Remove any pending reservation reclaim requests for this device */
8895 	sd_rmv_resv_reclaim_req(dev);
8896 
8897 	mutex_enter(SD_MUTEX(un));
8898 
8899 	/* Cancel any pending callbacks for SD_PATH_DIRECT_PRIORITY cmd. */
8900 	if (un->un_direct_priority_timeid != NULL) {
8901 		timeout_id_t temp_id = un->un_direct_priority_timeid;
8902 		un->un_direct_priority_timeid = NULL;
8903 		mutex_exit(SD_MUTEX(un));
8904 		(void) untimeout(temp_id);
8905 		mutex_enter(SD_MUTEX(un));
8906 	}
8907 
8908 	/* Cancel any active multi-host disk watch thread requests */
8909 	if (un->un_mhd_token != NULL) {
8910 		mutex_exit(SD_MUTEX(un));
8911 		 _NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_mhd_token));
8912 		if (scsi_watch_request_terminate(un->un_mhd_token,
8913 		    SCSI_WATCH_TERMINATE_NOWAIT)) {
8914 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8915 			    "sd_dr_detach: Cannot cancel mhd watch request\n");
8916 			/*
8917 			 * Note: We are returning here after having removed
8918 			 * some driver timeouts above. This is consistent with
8919 			 * the legacy implementation but perhaps the watch
8920 			 * terminate call should be made with the wait flag set.
8921 			 */
8922 			goto err_stillbusy;
8923 		}
8924 		mutex_enter(SD_MUTEX(un));
8925 		un->un_mhd_token = NULL;
8926 	}
8927 
8928 	if (un->un_swr_token != NULL) {
8929 		mutex_exit(SD_MUTEX(un));
8930 		_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_swr_token));
8931 		if (scsi_watch_request_terminate(un->un_swr_token,
8932 		    SCSI_WATCH_TERMINATE_NOWAIT)) {
8933 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8934 			    "sd_dr_detach: Cannot cancel swr watch request\n");
8935 			/*
8936 			 * Note: We are returning here after having removed
8937 			 * some driver timeouts above. This is consistent with
8938 			 * the legacy implementation but perhaps the watch
8939 			 * terminate call should be made with the wait flag set.
8940 			 */
8941 			goto err_stillbusy;
8942 		}
8943 		mutex_enter(SD_MUTEX(un));
8944 		un->un_swr_token = NULL;
8945 	}
8946 
8947 	mutex_exit(SD_MUTEX(un));
8948 
8949 	/*
8950 	 * Clear any scsi_reset_notifies. We clear the reset notifies
8951 	 * if we have not registered one.
8952 	 * Note: The sd_mhd_reset_notify_cb() fn tries to acquire SD_MUTEX!
8953 	 */
8954 	(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_CANCEL,
8955 	    sd_mhd_reset_notify_cb, (caddr_t)un);
8956 
8957 	/*
8958 	 * protect the timeout pointers from getting nulled by
8959 	 * their callback functions during the cancellation process.
8960 	 * In such a scenario untimeout can be invoked with a null value.
8961 	 */
8962 	_NOTE(NO_COMPETING_THREADS_NOW);
8963 
8964 	mutex_enter(&un->un_pm_mutex);
8965 	if (un->un_pm_idle_timeid != NULL) {
8966 		timeout_id_t temp_id = un->un_pm_idle_timeid;
8967 		un->un_pm_idle_timeid = NULL;
8968 		mutex_exit(&un->un_pm_mutex);
8969 
8970 		/*
8971 		 * Timeout is active; cancel it.
8972 		 * Note that it'll never be active on a device
8973 		 * that does not support PM therefore we don't
8974 		 * have to check before calling pm_idle_component.
8975 		 */
8976 		(void) untimeout(temp_id);
8977 		(void) pm_idle_component(SD_DEVINFO(un), 0);
8978 		mutex_enter(&un->un_pm_mutex);
8979 	}
8980 
8981 	/*
8982 	 * Check whether there is already a timeout scheduled for power
8983 	 * management. If yes then don't lower the power here, that's.
8984 	 * the timeout handler's job.
8985 	 */
8986 	if (un->un_pm_timeid != NULL) {
8987 		timeout_id_t temp_id = un->un_pm_timeid;
8988 		un->un_pm_timeid = NULL;
8989 		mutex_exit(&un->un_pm_mutex);
8990 		/*
8991 		 * Timeout is active; cancel it.
8992 		 * Note that it'll never be active on a device
8993 		 * that does not support PM therefore we don't
8994 		 * have to check before calling pm_idle_component.
8995 		 */
8996 		(void) untimeout(temp_id);
8997 		(void) pm_idle_component(SD_DEVINFO(un), 0);
8998 
8999 	} else {
9000 		mutex_exit(&un->un_pm_mutex);
9001 		if ((un->un_f_pm_is_enabled == TRUE) &&
9002 		    (pm_lower_power(SD_DEVINFO(un), 0, SD_SPINDLE_OFF) !=
9003 		    DDI_SUCCESS)) {
9004 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9005 		    "sd_dr_detach: Lower power request failed, ignoring.\n");
9006 			/*
9007 			 * Fix for bug: 4297749, item # 13
9008 			 * The above test now includes a check to see if PM is
9009 			 * supported by this device before call
9010 			 * pm_lower_power().
9011 			 * Note, the following is not dead code. The call to
9012 			 * pm_lower_power above will generate a call back into
9013 			 * our sdpower routine which might result in a timeout
9014 			 * handler getting activated. Therefore the following
9015 			 * code is valid and necessary.
9016 			 */
9017 			mutex_enter(&un->un_pm_mutex);
9018 			if (un->un_pm_timeid != NULL) {
9019 				timeout_id_t temp_id = un->un_pm_timeid;
9020 				un->un_pm_timeid = NULL;
9021 				mutex_exit(&un->un_pm_mutex);
9022 				(void) untimeout(temp_id);
9023 				(void) pm_idle_component(SD_DEVINFO(un), 0);
9024 			} else {
9025 				mutex_exit(&un->un_pm_mutex);
9026 			}
9027 		}
9028 	}
9029 
9030 	/*
9031 	 * Cleanup from the scsi_ifsetcap() calls (437868)
9032 	 * Relocated here from above to be after the call to
9033 	 * pm_lower_power, which was getting errors.
9034 	 */
9035 	(void) scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 0, 1);
9036 	(void) scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer", 0, 1);
9037 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
9038 
9039 	if (un->un_f_is_fibre == FALSE) {
9040 		(void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 0, 1);
9041 	}
9042 
9043 	/*
9044 	 * Remove any event callbacks, fibre only
9045 	 */
9046 	if (un->un_f_is_fibre == TRUE) {
9047 		if ((un->un_insert_event != NULL) &&
9048 			(ddi_remove_event_handler(un->un_insert_cb_id) !=
9049 				DDI_SUCCESS)) {
9050 			/*
9051 			 * Note: We are returning here after having done
9052 			 * substantial cleanup above. This is consistent
9053 			 * with the legacy implementation but this may not
9054 			 * be the right thing to do.
9055 			 */
9056 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9057 				"sd_dr_detach: Cannot cancel insert event\n");
9058 			goto err_remove_event;
9059 		}
9060 		un->un_insert_event = NULL;
9061 
9062 		if ((un->un_remove_event != NULL) &&
9063 			(ddi_remove_event_handler(un->un_remove_cb_id) !=
9064 				DDI_SUCCESS)) {
9065 			/*
9066 			 * Note: We are returning here after having done
9067 			 * substantial cleanup above. This is consistent
9068 			 * with the legacy implementation but this may not
9069 			 * be the right thing to do.
9070 			 */
9071 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9072 				"sd_dr_detach: Cannot cancel remove event\n");
9073 			goto err_remove_event;
9074 		}
9075 		un->un_remove_event = NULL;
9076 	}
9077 
9078 	/* Do not free the softstate if the callback routine is active */
9079 	sd_sync_with_callback(un);
9080 
9081 	/*
9082 	 * Hold the detach mutex here, to make sure that no other threads ever
9083 	 * can access a (partially) freed soft state structure.
9084 	 */
9085 	mutex_enter(&sd_detach_mutex);
9086 
9087 	/*
9088 	 * Clean up the soft state struct.
9089 	 * Cleanup is done in reverse order of allocs/inits.
9090 	 * At this point there should be no competing threads anymore.
9091 	 */
9092 
9093 	/* Unregister and free device id. */
9094 	ddi_devid_unregister(devi);
9095 	if (un->un_devid) {
9096 		ddi_devid_free(un->un_devid);
9097 		un->un_devid = NULL;
9098 	}
9099 
9100 	/*
9101 	 * Destroy wmap cache if it exists.
9102 	 */
9103 	if (un->un_wm_cache != NULL) {
9104 		kmem_cache_destroy(un->un_wm_cache);
9105 		un->un_wm_cache = NULL;
9106 	}
9107 
9108 	/* Remove minor nodes */
9109 	ddi_remove_minor_node(devi, NULL);
9110 
9111 	/*
9112 	 * kstat cleanup is done in detach for all device types (4363169).
9113 	 * We do not want to fail detach if the device kstats are not deleted
9114 	 * since there is a confusion about the devo_refcnt for the device.
9115 	 * We just delete the kstats and let detach complete successfully.
9116 	 */
9117 	if (un->un_stats != NULL) {
9118 		kstat_delete(un->un_stats);
9119 		un->un_stats = NULL;
9120 	}
9121 	if (un->un_errstats != NULL) {
9122 		kstat_delete(un->un_errstats);
9123 		un->un_errstats = NULL;
9124 	}
9125 
9126 	/* Remove partition stats */
9127 	if (un->un_f_pkstats_enabled) {
9128 		for (i = 0; i < NSDMAP; i++) {
9129 			if (un->un_pstats[i] != NULL) {
9130 				kstat_delete(un->un_pstats[i]);
9131 				un->un_pstats[i] = NULL;
9132 			}
9133 		}
9134 	}
9135 
9136 	/* Remove xbuf registration */
9137 	ddi_xbuf_attr_unregister_devinfo(un->un_xbuf_attr, devi);
9138 	ddi_xbuf_attr_destroy(un->un_xbuf_attr);
9139 
9140 	/* Remove driver properties */
9141 	ddi_prop_remove_all(devi);
9142 
9143 	mutex_destroy(&un->un_pm_mutex);
9144 	cv_destroy(&un->un_pm_busy_cv);
9145 
9146 	cv_destroy(&un->un_wcc_cv);
9147 
9148 	/* Open/close semaphore */
9149 	sema_destroy(&un->un_semoclose);
9150 
9151 	/* Removable media condvar. */
9152 	cv_destroy(&un->un_state_cv);
9153 
9154 	/* Suspend/resume condvar. */
9155 	cv_destroy(&un->un_suspend_cv);
9156 	cv_destroy(&un->un_disk_busy_cv);
9157 
9158 	sd_free_rqs(un);
9159 
9160 	/* Free up soft state */
9161 	devp->sd_private = NULL;
9162 	bzero(un, sizeof (struct sd_lun));
9163 	ddi_soft_state_free(sd_state, instance);
9164 
9165 	mutex_exit(&sd_detach_mutex);
9166 
9167 	/* This frees up the INQUIRY data associated with the device. */
9168 	scsi_unprobe(devp);
9169 
9170 	return (DDI_SUCCESS);
9171 
9172 err_notclosed:
9173 	mutex_exit(SD_MUTEX(un));
9174 
9175 err_stillbusy:
9176 	_NOTE(NO_COMPETING_THREADS_NOW);
9177 
9178 err_remove_event:
9179 	mutex_enter(&sd_detach_mutex);
9180 	un->un_detach_count--;
9181 	mutex_exit(&sd_detach_mutex);
9182 
9183 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_unit_detach: exit failure\n");
9184 	return (DDI_FAILURE);
9185 }
9186 
9187 
9188 /*
9189  * Driver minor node structure and data table
9190  */
9191 struct driver_minor_data {
9192 	char	*name;
9193 	minor_t	minor;
9194 	int	type;
9195 };
9196 
9197 static struct driver_minor_data sd_minor_data[] = {
9198 	{"a", 0, S_IFBLK},
9199 	{"b", 1, S_IFBLK},
9200 	{"c", 2, S_IFBLK},
9201 	{"d", 3, S_IFBLK},
9202 	{"e", 4, S_IFBLK},
9203 	{"f", 5, S_IFBLK},
9204 	{"g", 6, S_IFBLK},
9205 	{"h", 7, S_IFBLK},
9206 #if defined(_SUNOS_VTOC_16)
9207 	{"i", 8, S_IFBLK},
9208 	{"j", 9, S_IFBLK},
9209 	{"k", 10, S_IFBLK},
9210 	{"l", 11, S_IFBLK},
9211 	{"m", 12, S_IFBLK},
9212 	{"n", 13, S_IFBLK},
9213 	{"o", 14, S_IFBLK},
9214 	{"p", 15, S_IFBLK},
9215 #endif			/* defined(_SUNOS_VTOC_16) */
9216 #if defined(_FIRMWARE_NEEDS_FDISK)
9217 	{"q", 16, S_IFBLK},
9218 	{"r", 17, S_IFBLK},
9219 	{"s", 18, S_IFBLK},
9220 	{"t", 19, S_IFBLK},
9221 	{"u", 20, S_IFBLK},
9222 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9223 	{"a,raw", 0, S_IFCHR},
9224 	{"b,raw", 1, S_IFCHR},
9225 	{"c,raw", 2, S_IFCHR},
9226 	{"d,raw", 3, S_IFCHR},
9227 	{"e,raw", 4, S_IFCHR},
9228 	{"f,raw", 5, S_IFCHR},
9229 	{"g,raw", 6, S_IFCHR},
9230 	{"h,raw", 7, S_IFCHR},
9231 #if defined(_SUNOS_VTOC_16)
9232 	{"i,raw", 8, S_IFCHR},
9233 	{"j,raw", 9, S_IFCHR},
9234 	{"k,raw", 10, S_IFCHR},
9235 	{"l,raw", 11, S_IFCHR},
9236 	{"m,raw", 12, S_IFCHR},
9237 	{"n,raw", 13, S_IFCHR},
9238 	{"o,raw", 14, S_IFCHR},
9239 	{"p,raw", 15, S_IFCHR},
9240 #endif			/* defined(_SUNOS_VTOC_16) */
9241 #if defined(_FIRMWARE_NEEDS_FDISK)
9242 	{"q,raw", 16, S_IFCHR},
9243 	{"r,raw", 17, S_IFCHR},
9244 	{"s,raw", 18, S_IFCHR},
9245 	{"t,raw", 19, S_IFCHR},
9246 	{"u,raw", 20, S_IFCHR},
9247 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9248 	{0}
9249 };
9250 
9251 static struct driver_minor_data sd_minor_data_efi[] = {
9252 	{"a", 0, S_IFBLK},
9253 	{"b", 1, S_IFBLK},
9254 	{"c", 2, S_IFBLK},
9255 	{"d", 3, S_IFBLK},
9256 	{"e", 4, S_IFBLK},
9257 	{"f", 5, S_IFBLK},
9258 	{"g", 6, S_IFBLK},
9259 	{"wd", 7, S_IFBLK},
9260 #if defined(_FIRMWARE_NEEDS_FDISK)
9261 	{"q", 16, S_IFBLK},
9262 	{"r", 17, S_IFBLK},
9263 	{"s", 18, S_IFBLK},
9264 	{"t", 19, S_IFBLK},
9265 	{"u", 20, S_IFBLK},
9266 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9267 	{"a,raw", 0, S_IFCHR},
9268 	{"b,raw", 1, S_IFCHR},
9269 	{"c,raw", 2, S_IFCHR},
9270 	{"d,raw", 3, S_IFCHR},
9271 	{"e,raw", 4, S_IFCHR},
9272 	{"f,raw", 5, S_IFCHR},
9273 	{"g,raw", 6, S_IFCHR},
9274 	{"wd,raw", 7, S_IFCHR},
9275 #if defined(_FIRMWARE_NEEDS_FDISK)
9276 	{"q,raw", 16, S_IFCHR},
9277 	{"r,raw", 17, S_IFCHR},
9278 	{"s,raw", 18, S_IFCHR},
9279 	{"t,raw", 19, S_IFCHR},
9280 	{"u,raw", 20, S_IFCHR},
9281 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9282 	{0}
9283 };
9284 
9285 
9286 /*
9287  *    Function: sd_create_minor_nodes
9288  *
9289  * Description: Create the minor device nodes for the instance.
9290  *
9291  *   Arguments: un - driver soft state (unit) structure
9292  *		devi - pointer to device info structure
9293  *
9294  * Return Code: DDI_SUCCESS
9295  *		DDI_FAILURE
9296  *
9297  *     Context: Kernel thread context
9298  */
9299 
9300 static int
9301 sd_create_minor_nodes(struct sd_lun *un, dev_info_t *devi)
9302 {
9303 	struct driver_minor_data	*dmdp;
9304 	struct scsi_device		*devp;
9305 	int				instance;
9306 	char				name[48];
9307 
9308 	ASSERT(un != NULL);
9309 	devp = ddi_get_driver_private(devi);
9310 	instance = ddi_get_instance(devp->sd_dev);
9311 
9312 	/*
9313 	 * Create all the minor nodes for this target.
9314 	 */
9315 	if (un->un_blockcount > DK_MAX_BLOCKS)
9316 		dmdp = sd_minor_data_efi;
9317 	else
9318 		dmdp = sd_minor_data;
9319 	while (dmdp->name != NULL) {
9320 
9321 		(void) sprintf(name, "%s", dmdp->name);
9322 
9323 		if (ddi_create_minor_node(devi, name, dmdp->type,
9324 		    (instance << SDUNIT_SHIFT) | dmdp->minor,
9325 		    un->un_node_type, NULL) == DDI_FAILURE) {
9326 			/*
9327 			 * Clean up any nodes that may have been created, in
9328 			 * case this fails in the middle of the loop.
9329 			 */
9330 			ddi_remove_minor_node(devi, NULL);
9331 			return (DDI_FAILURE);
9332 		}
9333 		dmdp++;
9334 	}
9335 
9336 	return (DDI_SUCCESS);
9337 }
9338 
9339 
9340 /*
9341  *    Function: sd_create_errstats
9342  *
9343  * Description: This routine instantiates the device error stats.
9344  *
9345  *		Note: During attach the stats are instantiated first so they are
9346  *		available for attach-time routines that utilize the driver
9347  *		iopath to send commands to the device. The stats are initialized
9348  *		separately so data obtained during some attach-time routines is
9349  *		available. (4362483)
9350  *
9351  *   Arguments: un - driver soft state (unit) structure
9352  *		instance - driver instance
9353  *
9354  *     Context: Kernel thread context
9355  */
9356 
9357 static void
9358 sd_create_errstats(struct sd_lun *un, int instance)
9359 {
9360 	struct	sd_errstats	*stp;
9361 	char	kstatmodule_err[KSTAT_STRLEN];
9362 	char	kstatname[KSTAT_STRLEN];
9363 	int	ndata = (sizeof (struct sd_errstats) / sizeof (kstat_named_t));
9364 
9365 	ASSERT(un != NULL);
9366 
9367 	if (un->un_errstats != NULL) {
9368 		return;
9369 	}
9370 
9371 	(void) snprintf(kstatmodule_err, sizeof (kstatmodule_err),
9372 	    "%serr", sd_label);
9373 	(void) snprintf(kstatname, sizeof (kstatname),
9374 	    "%s%d,err", sd_label, instance);
9375 
9376 	un->un_errstats = kstat_create(kstatmodule_err, instance, kstatname,
9377 	    "device_error", KSTAT_TYPE_NAMED, ndata, KSTAT_FLAG_PERSISTENT);
9378 
9379 	if (un->un_errstats == NULL) {
9380 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9381 		    "sd_create_errstats: Failed kstat_create\n");
9382 		return;
9383 	}
9384 
9385 	stp = (struct sd_errstats *)un->un_errstats->ks_data;
9386 	kstat_named_init(&stp->sd_softerrs,	"Soft Errors",
9387 	    KSTAT_DATA_UINT32);
9388 	kstat_named_init(&stp->sd_harderrs,	"Hard Errors",
9389 	    KSTAT_DATA_UINT32);
9390 	kstat_named_init(&stp->sd_transerrs,	"Transport Errors",
9391 	    KSTAT_DATA_UINT32);
9392 	kstat_named_init(&stp->sd_vid,		"Vendor",
9393 	    KSTAT_DATA_CHAR);
9394 	kstat_named_init(&stp->sd_pid,		"Product",
9395 	    KSTAT_DATA_CHAR);
9396 	kstat_named_init(&stp->sd_revision,	"Revision",
9397 	    KSTAT_DATA_CHAR);
9398 	kstat_named_init(&stp->sd_serial,	"Serial No",
9399 	    KSTAT_DATA_CHAR);
9400 	kstat_named_init(&stp->sd_capacity,	"Size",
9401 	    KSTAT_DATA_ULONGLONG);
9402 	kstat_named_init(&stp->sd_rq_media_err,	"Media Error",
9403 	    KSTAT_DATA_UINT32);
9404 	kstat_named_init(&stp->sd_rq_ntrdy_err,	"Device Not Ready",
9405 	    KSTAT_DATA_UINT32);
9406 	kstat_named_init(&stp->sd_rq_nodev_err,	"No Device",
9407 	    KSTAT_DATA_UINT32);
9408 	kstat_named_init(&stp->sd_rq_recov_err,	"Recoverable",
9409 	    KSTAT_DATA_UINT32);
9410 	kstat_named_init(&stp->sd_rq_illrq_err,	"Illegal Request",
9411 	    KSTAT_DATA_UINT32);
9412 	kstat_named_init(&stp->sd_rq_pfa_err,	"Predictive Failure Analysis",
9413 	    KSTAT_DATA_UINT32);
9414 
9415 	un->un_errstats->ks_private = un;
9416 	un->un_errstats->ks_update  = nulldev;
9417 
9418 	kstat_install(un->un_errstats);
9419 }
9420 
9421 
9422 /*
9423  *    Function: sd_set_errstats
9424  *
9425  * Description: This routine sets the value of the vendor id, product id,
9426  *		revision, serial number, and capacity device error stats.
9427  *
9428  *		Note: During attach the stats are instantiated first so they are
9429  *		available for attach-time routines that utilize the driver
9430  *		iopath to send commands to the device. The stats are initialized
9431  *		separately so data obtained during some attach-time routines is
9432  *		available. (4362483)
9433  *
9434  *   Arguments: un - driver soft state (unit) structure
9435  *
9436  *     Context: Kernel thread context
9437  */
9438 
9439 static void
9440 sd_set_errstats(struct sd_lun *un)
9441 {
9442 	struct	sd_errstats	*stp;
9443 
9444 	ASSERT(un != NULL);
9445 	ASSERT(un->un_errstats != NULL);
9446 	stp = (struct sd_errstats *)un->un_errstats->ks_data;
9447 	ASSERT(stp != NULL);
9448 	(void) strncpy(stp->sd_vid.value.c, un->un_sd->sd_inq->inq_vid, 8);
9449 	(void) strncpy(stp->sd_pid.value.c, un->un_sd->sd_inq->inq_pid, 16);
9450 	(void) strncpy(stp->sd_revision.value.c,
9451 	    un->un_sd->sd_inq->inq_revision, 4);
9452 
9453 	/*
9454 	 * Set the "Serial No" kstat for Sun qualified drives (indicated by
9455 	 * "SUN" in bytes 25-27 of the inquiry data (bytes 9-11 of the pid)
9456 	 * (4376302))
9457 	 */
9458 	if (bcmp(&SD_INQUIRY(un)->inq_pid[9], "SUN", 3) == 0) {
9459 		bcopy(&SD_INQUIRY(un)->inq_serial, stp->sd_serial.value.c,
9460 		    sizeof (SD_INQUIRY(un)->inq_serial));
9461 	}
9462 
9463 	if (un->un_f_blockcount_is_valid != TRUE) {
9464 		/*
9465 		 * Set capacity error stat to 0 for no media. This ensures
9466 		 * a valid capacity is displayed in response to 'iostat -E'
9467 		 * when no media is present in the device.
9468 		 */
9469 		stp->sd_capacity.value.ui64 = 0;
9470 	} else {
9471 		/*
9472 		 * Multiply un_blockcount by un->un_sys_blocksize to get
9473 		 * capacity.
9474 		 *
9475 		 * Note: for non-512 blocksize devices "un_blockcount" has been
9476 		 * "scaled" in sd_send_scsi_READ_CAPACITY by multiplying by
9477 		 * (un_tgt_blocksize / un->un_sys_blocksize).
9478 		 */
9479 		stp->sd_capacity.value.ui64 = (uint64_t)
9480 		    ((uint64_t)un->un_blockcount * un->un_sys_blocksize);
9481 	}
9482 }
9483 
9484 
9485 /*
9486  *    Function: sd_set_pstats
9487  *
9488  * Description: This routine instantiates and initializes the partition
9489  *              stats for each partition with more than zero blocks.
9490  *		(4363169)
9491  *
9492  *   Arguments: un - driver soft state (unit) structure
9493  *
9494  *     Context: Kernel thread context
9495  */
9496 
9497 static void
9498 sd_set_pstats(struct sd_lun *un)
9499 {
9500 	char	kstatname[KSTAT_STRLEN];
9501 	int	instance;
9502 	int	i;
9503 
9504 	ASSERT(un != NULL);
9505 
9506 	instance = ddi_get_instance(SD_DEVINFO(un));
9507 
9508 	/* Note:x86: is this a VTOC8/VTOC16 difference? */
9509 	for (i = 0; i < NSDMAP; i++) {
9510 		if ((un->un_pstats[i] == NULL) &&
9511 		    (un->un_map[i].dkl_nblk != 0)) {
9512 			(void) snprintf(kstatname, sizeof (kstatname),
9513 			    "%s%d,%s", sd_label, instance,
9514 			    sd_minor_data[i].name);
9515 			un->un_pstats[i] = kstat_create(sd_label,
9516 			    instance, kstatname, "partition", KSTAT_TYPE_IO,
9517 			    1, KSTAT_FLAG_PERSISTENT);
9518 			if (un->un_pstats[i] != NULL) {
9519 				un->un_pstats[i]->ks_lock = SD_MUTEX(un);
9520 				kstat_install(un->un_pstats[i]);
9521 			}
9522 		}
9523 	}
9524 }
9525 
9526 
9527 #if (defined(__fibre))
9528 /*
9529  *    Function: sd_init_event_callbacks
9530  *
9531  * Description: This routine initializes the insertion and removal event
9532  *		callbacks. (fibre only)
9533  *
9534  *   Arguments: un - driver soft state (unit) structure
9535  *
9536  *     Context: Kernel thread context
9537  */
9538 
9539 static void
9540 sd_init_event_callbacks(struct sd_lun *un)
9541 {
9542 	ASSERT(un != NULL);
9543 
9544 	if ((un->un_insert_event == NULL) &&
9545 	    (ddi_get_eventcookie(SD_DEVINFO(un), FCAL_INSERT_EVENT,
9546 	    &un->un_insert_event) == DDI_SUCCESS)) {
9547 		/*
9548 		 * Add the callback for an insertion event
9549 		 */
9550 		(void) ddi_add_event_handler(SD_DEVINFO(un),
9551 		    un->un_insert_event, sd_event_callback, (void *)un,
9552 		    &(un->un_insert_cb_id));
9553 	}
9554 
9555 	if ((un->un_remove_event == NULL) &&
9556 	    (ddi_get_eventcookie(SD_DEVINFO(un), FCAL_REMOVE_EVENT,
9557 	    &un->un_remove_event) == DDI_SUCCESS)) {
9558 		/*
9559 		 * Add the callback for a removal event
9560 		 */
9561 		(void) ddi_add_event_handler(SD_DEVINFO(un),
9562 		    un->un_remove_event, sd_event_callback, (void *)un,
9563 		    &(un->un_remove_cb_id));
9564 	}
9565 }
9566 
9567 
9568 /*
9569  *    Function: sd_event_callback
9570  *
9571  * Description: This routine handles insert/remove events (photon). The
9572  *		state is changed to OFFLINE which can be used to supress
9573  *		error msgs. (fibre only)
9574  *
9575  *   Arguments: un - driver soft state (unit) structure
9576  *
9577  *     Context: Callout thread context
9578  */
9579 /* ARGSUSED */
9580 static void
9581 sd_event_callback(dev_info_t *dip, ddi_eventcookie_t event, void *arg,
9582     void *bus_impldata)
9583 {
9584 	struct sd_lun *un = (struct sd_lun *)arg;
9585 
9586 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_insert_event));
9587 	if (event == un->un_insert_event) {
9588 		SD_TRACE(SD_LOG_COMMON, un, "sd_event_callback: insert event");
9589 		mutex_enter(SD_MUTEX(un));
9590 		if (un->un_state == SD_STATE_OFFLINE) {
9591 			if (un->un_last_state != SD_STATE_SUSPENDED) {
9592 				un->un_state = un->un_last_state;
9593 			} else {
9594 				/*
9595 				 * We have gone through SUSPEND/RESUME while
9596 				 * we were offline. Restore the last state
9597 				 */
9598 				un->un_state = un->un_save_state;
9599 			}
9600 		}
9601 		mutex_exit(SD_MUTEX(un));
9602 
9603 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_remove_event));
9604 	} else if (event == un->un_remove_event) {
9605 		SD_TRACE(SD_LOG_COMMON, un, "sd_event_callback: remove event");
9606 		mutex_enter(SD_MUTEX(un));
9607 		/*
9608 		 * We need to handle an event callback that occurs during
9609 		 * the suspend operation, since we don't prevent it.
9610 		 */
9611 		if (un->un_state != SD_STATE_OFFLINE) {
9612 			if (un->un_state != SD_STATE_SUSPENDED) {
9613 				New_state(un, SD_STATE_OFFLINE);
9614 			} else {
9615 				un->un_last_state = SD_STATE_OFFLINE;
9616 			}
9617 		}
9618 		mutex_exit(SD_MUTEX(un));
9619 	} else {
9620 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
9621 		    "!Unknown event\n");
9622 	}
9623 
9624 }
9625 #endif
9626 
9627 /*
9628  *    Function: sd_cache_control()
9629  *
9630  * Description: This routine is the driver entry point for setting
9631  *		read and write caching by modifying the WCE (write cache
9632  *		enable) and RCD (read cache disable) bits of mode
9633  *		page 8 (MODEPAGE_CACHING).
9634  *
9635  *   Arguments: un - driver soft state (unit) structure
9636  *		rcd_flag - flag for controlling the read cache
9637  *		wce_flag - flag for controlling the write cache
9638  *
9639  * Return Code: EIO
9640  *		code returned by sd_send_scsi_MODE_SENSE and
9641  *		sd_send_scsi_MODE_SELECT
9642  *
9643  *     Context: Kernel Thread
9644  */
9645 
9646 static int
9647 sd_cache_control(struct sd_lun *un, int rcd_flag, int wce_flag)
9648 {
9649 	struct mode_caching	*mode_caching_page;
9650 	uchar_t			*header;
9651 	size_t			buflen;
9652 	int			hdrlen;
9653 	int			bd_len;
9654 	int			rval = 0;
9655 	struct mode_header_grp2	*mhp;
9656 
9657 	ASSERT(un != NULL);
9658 
9659 	/*
9660 	 * Do a test unit ready, otherwise a mode sense may not work if this
9661 	 * is the first command sent to the device after boot.
9662 	 */
9663 	(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
9664 
9665 	if (un->un_f_cfg_is_atapi == TRUE) {
9666 		hdrlen = MODE_HEADER_LENGTH_GRP2;
9667 	} else {
9668 		hdrlen = MODE_HEADER_LENGTH;
9669 	}
9670 
9671 	/*
9672 	 * Allocate memory for the retrieved mode page and its headers.  Set
9673 	 * a pointer to the page itself.  Use mode_cache_scsi3 to insure
9674 	 * we get all of the mode sense data otherwise, the mode select
9675 	 * will fail.  mode_cache_scsi3 is a superset of mode_caching.
9676 	 */
9677 	buflen = hdrlen + MODE_BLK_DESC_LENGTH +
9678 		sizeof (struct mode_cache_scsi3);
9679 
9680 	header = kmem_zalloc(buflen, KM_SLEEP);
9681 
9682 	/* Get the information from the device. */
9683 	if (un->un_f_cfg_is_atapi == TRUE) {
9684 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, header, buflen,
9685 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9686 	} else {
9687 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
9688 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9689 	}
9690 	if (rval != 0) {
9691 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
9692 		    "sd_cache_control: Mode Sense Failed\n");
9693 		kmem_free(header, buflen);
9694 		return (rval);
9695 	}
9696 
9697 	/*
9698 	 * Determine size of Block Descriptors in order to locate
9699 	 * the mode page data. ATAPI devices return 0, SCSI devices
9700 	 * should return MODE_BLK_DESC_LENGTH.
9701 	 */
9702 	if (un->un_f_cfg_is_atapi == TRUE) {
9703 		mhp	= (struct mode_header_grp2 *)header;
9704 		bd_len  = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
9705 	} else {
9706 		bd_len  = ((struct mode_header *)header)->bdesc_length;
9707 	}
9708 
9709 	if (bd_len > MODE_BLK_DESC_LENGTH) {
9710 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
9711 		    "sd_cache_control: Mode Sense returned invalid "
9712 		    "block descriptor length\n");
9713 		kmem_free(header, buflen);
9714 		return (EIO);
9715 	}
9716 
9717 	mode_caching_page = (struct mode_caching *)(header + hdrlen + bd_len);
9718 
9719 	/* Check the relevant bits on successful mode sense. */
9720 	if ((mode_caching_page->rcd && rcd_flag == SD_CACHE_ENABLE) ||
9721 	    (!mode_caching_page->rcd && rcd_flag == SD_CACHE_DISABLE) ||
9722 	    (mode_caching_page->wce && wce_flag == SD_CACHE_DISABLE) ||
9723 	    (!mode_caching_page->wce && wce_flag == SD_CACHE_ENABLE)) {
9724 
9725 		size_t sbuflen;
9726 		uchar_t save_pg;
9727 
9728 		/*
9729 		 * Construct select buffer length based on the
9730 		 * length of the sense data returned.
9731 		 */
9732 		sbuflen =  hdrlen + MODE_BLK_DESC_LENGTH +
9733 				sizeof (struct mode_page) +
9734 				(int)mode_caching_page->mode_page.length;
9735 
9736 		/*
9737 		 * Set the caching bits as requested.
9738 		 */
9739 		if (rcd_flag == SD_CACHE_ENABLE)
9740 			mode_caching_page->rcd = 0;
9741 		else if (rcd_flag == SD_CACHE_DISABLE)
9742 			mode_caching_page->rcd = 1;
9743 
9744 		if (wce_flag == SD_CACHE_ENABLE)
9745 			mode_caching_page->wce = 1;
9746 		else if (wce_flag == SD_CACHE_DISABLE)
9747 			mode_caching_page->wce = 0;
9748 
9749 		/*
9750 		 * Save the page if the mode sense says the
9751 		 * drive supports it.
9752 		 */
9753 		save_pg = mode_caching_page->mode_page.ps ?
9754 				SD_SAVE_PAGE : SD_DONTSAVE_PAGE;
9755 
9756 		/* Clear reserved bits before mode select. */
9757 		mode_caching_page->mode_page.ps = 0;
9758 
9759 		/*
9760 		 * Clear out mode header for mode select.
9761 		 * The rest of the retrieved page will be reused.
9762 		 */
9763 		bzero(header, hdrlen);
9764 
9765 		if (un->un_f_cfg_is_atapi == TRUE) {
9766 			mhp = (struct mode_header_grp2 *)header;
9767 			mhp->bdesc_length_hi = bd_len >> 8;
9768 			mhp->bdesc_length_lo = (uchar_t)bd_len & 0xff;
9769 		} else {
9770 			((struct mode_header *)header)->bdesc_length = bd_len;
9771 		}
9772 
9773 		/* Issue mode select to change the cache settings */
9774 		if (un->un_f_cfg_is_atapi == TRUE) {
9775 			rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP1, header,
9776 			    sbuflen, save_pg, SD_PATH_DIRECT);
9777 		} else {
9778 			rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, header,
9779 			    sbuflen, save_pg, SD_PATH_DIRECT);
9780 		}
9781 	}
9782 
9783 	kmem_free(header, buflen);
9784 	return (rval);
9785 }
9786 
9787 
9788 /*
9789  *    Function: sd_get_write_cache_enabled()
9790  *
9791  * Description: This routine is the driver entry point for determining if
9792  *		write caching is enabled.  It examines the WCE (write cache
9793  *		enable) bits of mode page 8 (MODEPAGE_CACHING).
9794  *
9795  *   Arguments: un - driver soft state (unit) structure
9796  *   		is_enabled - pointer to int where write cache enabled state
9797  *   			is returned (non-zero -> write cache enabled)
9798  *
9799  *
9800  * Return Code: EIO
9801  *		code returned by sd_send_scsi_MODE_SENSE
9802  *
9803  *     Context: Kernel Thread
9804  *
9805  * NOTE: If ioctl is added to disable write cache, this sequence should
9806  * be followed so that no locking is required for accesses to
9807  * un->un_f_write_cache_enabled:
9808  * 	do mode select to clear wce
9809  * 	do synchronize cache to flush cache
9810  * 	set un->un_f_write_cache_enabled = FALSE
9811  *
9812  * Conversely, an ioctl to enable the write cache should be done
9813  * in this order:
9814  * 	set un->un_f_write_cache_enabled = TRUE
9815  * 	do mode select to set wce
9816  */
9817 
9818 static int
9819 sd_get_write_cache_enabled(struct sd_lun *un, int *is_enabled)
9820 {
9821 	struct mode_caching	*mode_caching_page;
9822 	uchar_t			*header;
9823 	size_t			buflen;
9824 	int			hdrlen;
9825 	int			bd_len;
9826 	int			rval = 0;
9827 
9828 	ASSERT(un != NULL);
9829 	ASSERT(is_enabled != NULL);
9830 
9831 	/* in case of error, flag as enabled */
9832 	*is_enabled = TRUE;
9833 
9834 	/*
9835 	 * Do a test unit ready, otherwise a mode sense may not work if this
9836 	 * is the first command sent to the device after boot.
9837 	 */
9838 	(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
9839 
9840 	if (un->un_f_cfg_is_atapi == TRUE) {
9841 		hdrlen = MODE_HEADER_LENGTH_GRP2;
9842 	} else {
9843 		hdrlen = MODE_HEADER_LENGTH;
9844 	}
9845 
9846 	/*
9847 	 * Allocate memory for the retrieved mode page and its headers.  Set
9848 	 * a pointer to the page itself.
9849 	 */
9850 	buflen = hdrlen + MODE_BLK_DESC_LENGTH + sizeof (struct mode_caching);
9851 	header = kmem_zalloc(buflen, KM_SLEEP);
9852 
9853 	/* Get the information from the device. */
9854 	if (un->un_f_cfg_is_atapi == TRUE) {
9855 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, header, buflen,
9856 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9857 	} else {
9858 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
9859 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9860 	}
9861 	if (rval != 0) {
9862 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
9863 		    "sd_get_write_cache_enabled: Mode Sense Failed\n");
9864 		kmem_free(header, buflen);
9865 		return (rval);
9866 	}
9867 
9868 	/*
9869 	 * Determine size of Block Descriptors in order to locate
9870 	 * the mode page data. ATAPI devices return 0, SCSI devices
9871 	 * should return MODE_BLK_DESC_LENGTH.
9872 	 */
9873 	if (un->un_f_cfg_is_atapi == TRUE) {
9874 		struct mode_header_grp2	*mhp;
9875 		mhp	= (struct mode_header_grp2 *)header;
9876 		bd_len  = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
9877 	} else {
9878 		bd_len  = ((struct mode_header *)header)->bdesc_length;
9879 	}
9880 
9881 	if (bd_len > MODE_BLK_DESC_LENGTH) {
9882 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
9883 		    "sd_get_write_cache_enabled: Mode Sense returned invalid "
9884 		    "block descriptor length\n");
9885 		kmem_free(header, buflen);
9886 		return (EIO);
9887 	}
9888 
9889 	mode_caching_page = (struct mode_caching *)(header + hdrlen + bd_len);
9890 	*is_enabled = mode_caching_page->wce;
9891 
9892 	kmem_free(header, buflen);
9893 	return (0);
9894 }
9895 
9896 
9897 /*
9898  *    Function: sd_make_device
9899  *
9900  * Description: Utility routine to return the Solaris device number from
9901  *		the data in the device's dev_info structure.
9902  *
9903  * Return Code: The Solaris device number
9904  *
9905  *     Context: Any
9906  */
9907 
9908 static dev_t
9909 sd_make_device(dev_info_t *devi)
9910 {
9911 	return (makedevice(ddi_name_to_major(ddi_get_name(devi)),
9912 	    ddi_get_instance(devi) << SDUNIT_SHIFT));
9913 }
9914 
9915 
9916 /*
9917  *    Function: sd_pm_entry
9918  *
9919  * Description: Called at the start of a new command to manage power
9920  *		and busy status of a device. This includes determining whether
9921  *		the current power state of the device is sufficient for
9922  *		performing the command or whether it must be changed.
9923  *		The PM framework is notified appropriately.
9924  *		Only with a return status of DDI_SUCCESS will the
9925  *		component be busy to the framework.
9926  *
9927  *		All callers of sd_pm_entry must check the return status
9928  *		and only call sd_pm_exit it it was DDI_SUCCESS. A status
9929  *		of DDI_FAILURE indicates the device failed to power up.
9930  *		In this case un_pm_count has been adjusted so the result
9931  *		on exit is still powered down, ie. count is less than 0.
9932  *		Calling sd_pm_exit with this count value hits an ASSERT.
9933  *
9934  * Return Code: DDI_SUCCESS or DDI_FAILURE
9935  *
9936  *     Context: Kernel thread context.
9937  */
9938 
9939 static int
9940 sd_pm_entry(struct sd_lun *un)
9941 {
9942 	int return_status = DDI_SUCCESS;
9943 
9944 	ASSERT(!mutex_owned(SD_MUTEX(un)));
9945 	ASSERT(!mutex_owned(&un->un_pm_mutex));
9946 
9947 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_entry: entry\n");
9948 
9949 	if (un->un_f_pm_is_enabled == FALSE) {
9950 		SD_TRACE(SD_LOG_IO_PM, un,
9951 		    "sd_pm_entry: exiting, PM not enabled\n");
9952 		return (return_status);
9953 	}
9954 
9955 	/*
9956 	 * Just increment a counter if PM is enabled. On the transition from
9957 	 * 0 ==> 1, mark the device as busy.  The iodone side will decrement
9958 	 * the count with each IO and mark the device as idle when the count
9959 	 * hits 0.
9960 	 *
9961 	 * If the count is less than 0 the device is powered down. If a powered
9962 	 * down device is successfully powered up then the count must be
9963 	 * incremented to reflect the power up. Note that it'll get incremented
9964 	 * a second time to become busy.
9965 	 *
9966 	 * Because the following has the potential to change the device state
9967 	 * and must release the un_pm_mutex to do so, only one thread can be
9968 	 * allowed through at a time.
9969 	 */
9970 
9971 	mutex_enter(&un->un_pm_mutex);
9972 	while (un->un_pm_busy == TRUE) {
9973 		cv_wait(&un->un_pm_busy_cv, &un->un_pm_mutex);
9974 	}
9975 	un->un_pm_busy = TRUE;
9976 
9977 	if (un->un_pm_count < 1) {
9978 
9979 		SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_entry: busy component\n");
9980 
9981 		/*
9982 		 * Indicate we are now busy so the framework won't attempt to
9983 		 * power down the device. This call will only fail if either
9984 		 * we passed a bad component number or the device has no
9985 		 * components. Neither of these should ever happen.
9986 		 */
9987 		mutex_exit(&un->un_pm_mutex);
9988 		return_status = pm_busy_component(SD_DEVINFO(un), 0);
9989 		ASSERT(return_status == DDI_SUCCESS);
9990 
9991 		mutex_enter(&un->un_pm_mutex);
9992 
9993 		if (un->un_pm_count < 0) {
9994 			mutex_exit(&un->un_pm_mutex);
9995 
9996 			SD_TRACE(SD_LOG_IO_PM, un,
9997 			    "sd_pm_entry: power up component\n");
9998 
9999 			/*
10000 			 * pm_raise_power will cause sdpower to be called
10001 			 * which brings the device power level to the
10002 			 * desired state, ON in this case. If successful,
10003 			 * un_pm_count and un_power_level will be updated
10004 			 * appropriately.
10005 			 */
10006 			return_status = pm_raise_power(SD_DEVINFO(un), 0,
10007 			    SD_SPINDLE_ON);
10008 
10009 			mutex_enter(&un->un_pm_mutex);
10010 
10011 			if (return_status != DDI_SUCCESS) {
10012 				/*
10013 				 * Power up failed.
10014 				 * Idle the device and adjust the count
10015 				 * so the result on exit is that we're
10016 				 * still powered down, ie. count is less than 0.
10017 				 */
10018 				SD_TRACE(SD_LOG_IO_PM, un,
10019 				    "sd_pm_entry: power up failed,"
10020 				    " idle the component\n");
10021 
10022 				(void) pm_idle_component(SD_DEVINFO(un), 0);
10023 				un->un_pm_count--;
10024 			} else {
10025 				/*
10026 				 * Device is powered up, verify the
10027 				 * count is non-negative.
10028 				 * This is debug only.
10029 				 */
10030 				ASSERT(un->un_pm_count == 0);
10031 			}
10032 		}
10033 
10034 		if (return_status == DDI_SUCCESS) {
10035 			/*
10036 			 * For performance, now that the device has been tagged
10037 			 * as busy, and it's known to be powered up, update the
10038 			 * chain types to use jump tables that do not include
10039 			 * pm. This significantly lowers the overhead and
10040 			 * therefore improves performance.
10041 			 */
10042 
10043 			mutex_exit(&un->un_pm_mutex);
10044 			mutex_enter(SD_MUTEX(un));
10045 			SD_TRACE(SD_LOG_IO_PM, un,
10046 			    "sd_pm_entry: changing uscsi_chain_type from %d\n",
10047 			    un->un_uscsi_chain_type);
10048 
10049 			if (un->un_f_non_devbsize_supported) {
10050 				un->un_buf_chain_type =
10051 				    SD_CHAIN_INFO_RMMEDIA_NO_PM;
10052 			} else {
10053 				un->un_buf_chain_type =
10054 				    SD_CHAIN_INFO_DISK_NO_PM;
10055 			}
10056 			un->un_uscsi_chain_type = SD_CHAIN_INFO_USCSI_CMD_NO_PM;
10057 
10058 			SD_TRACE(SD_LOG_IO_PM, un,
10059 			    "             changed  uscsi_chain_type to   %d\n",
10060 			    un->un_uscsi_chain_type);
10061 			mutex_exit(SD_MUTEX(un));
10062 			mutex_enter(&un->un_pm_mutex);
10063 
10064 			if (un->un_pm_idle_timeid == NULL) {
10065 				/* 300 ms. */
10066 				un->un_pm_idle_timeid =
10067 				    timeout(sd_pm_idletimeout_handler, un,
10068 				    (drv_usectohz((clock_t)300000)));
10069 				/*
10070 				 * Include an extra call to busy which keeps the
10071 				 * device busy with-respect-to the PM layer
10072 				 * until the timer fires, at which time it'll
10073 				 * get the extra idle call.
10074 				 */
10075 				(void) pm_busy_component(SD_DEVINFO(un), 0);
10076 			}
10077 		}
10078 	}
10079 	un->un_pm_busy = FALSE;
10080 	/* Next... */
10081 	cv_signal(&un->un_pm_busy_cv);
10082 
10083 	un->un_pm_count++;
10084 
10085 	SD_TRACE(SD_LOG_IO_PM, un,
10086 	    "sd_pm_entry: exiting, un_pm_count = %d\n", un->un_pm_count);
10087 
10088 	mutex_exit(&un->un_pm_mutex);
10089 
10090 	return (return_status);
10091 }
10092 
10093 
10094 /*
10095  *    Function: sd_pm_exit
10096  *
10097  * Description: Called at the completion of a command to manage busy
10098  *		status for the device. If the device becomes idle the
10099  *		PM framework is notified.
10100  *
10101  *     Context: Kernel thread context
10102  */
10103 
10104 static void
10105 sd_pm_exit(struct sd_lun *un)
10106 {
10107 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10108 	ASSERT(!mutex_owned(&un->un_pm_mutex));
10109 
10110 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_exit: entry\n");
10111 
10112 	/*
10113 	 * After attach the following flag is only read, so don't
10114 	 * take the penalty of acquiring a mutex for it.
10115 	 */
10116 	if (un->un_f_pm_is_enabled == TRUE) {
10117 
10118 		mutex_enter(&un->un_pm_mutex);
10119 		un->un_pm_count--;
10120 
10121 		SD_TRACE(SD_LOG_IO_PM, un,
10122 		    "sd_pm_exit: un_pm_count = %d\n", un->un_pm_count);
10123 
10124 		ASSERT(un->un_pm_count >= 0);
10125 		if (un->un_pm_count == 0) {
10126 			mutex_exit(&un->un_pm_mutex);
10127 
10128 			SD_TRACE(SD_LOG_IO_PM, un,
10129 			    "sd_pm_exit: idle component\n");
10130 
10131 			(void) pm_idle_component(SD_DEVINFO(un), 0);
10132 
10133 		} else {
10134 			mutex_exit(&un->un_pm_mutex);
10135 		}
10136 	}
10137 
10138 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_exit: exiting\n");
10139 }
10140 
10141 
10142 /*
10143  *    Function: sdopen
10144  *
10145  * Description: Driver's open(9e) entry point function.
10146  *
10147  *   Arguments: dev_i   - pointer to device number
10148  *		flag    - how to open file (FEXCL, FNDELAY, FREAD, FWRITE)
10149  *		otyp    - open type (OTYP_BLK, OTYP_CHR, OTYP_LYR)
10150  *		cred_p  - user credential pointer
10151  *
10152  * Return Code: EINVAL
10153  *		ENXIO
10154  *		EIO
10155  *		EROFS
10156  *		EBUSY
10157  *
10158  *     Context: Kernel thread context
10159  */
10160 /* ARGSUSED */
10161 static int
10162 sdopen(dev_t *dev_p, int flag, int otyp, cred_t *cred_p)
10163 {
10164 	struct sd_lun	*un;
10165 	int		nodelay;
10166 	int		part;
10167 	uint64_t	partmask;
10168 	int		instance;
10169 	dev_t		dev;
10170 	int		rval = EIO;
10171 
10172 	/* Validate the open type */
10173 	if (otyp >= OTYPCNT) {
10174 		return (EINVAL);
10175 	}
10176 
10177 	dev = *dev_p;
10178 	instance = SDUNIT(dev);
10179 	mutex_enter(&sd_detach_mutex);
10180 
10181 	/*
10182 	 * Fail the open if there is no softstate for the instance, or
10183 	 * if another thread somewhere is trying to detach the instance.
10184 	 */
10185 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
10186 	    (un->un_detach_count != 0)) {
10187 		mutex_exit(&sd_detach_mutex);
10188 		/*
10189 		 * The probe cache only needs to be cleared when open (9e) fails
10190 		 * with ENXIO (4238046).
10191 		 */
10192 		/*
10193 		 * un-conditionally clearing probe cache is ok with
10194 		 * separate sd/ssd binaries
10195 		 * x86 platform can be an issue with both parallel
10196 		 * and fibre in 1 binary
10197 		 */
10198 		sd_scsi_clear_probe_cache();
10199 		return (ENXIO);
10200 	}
10201 
10202 	/*
10203 	 * The un_layer_count is to prevent another thread in specfs from
10204 	 * trying to detach the instance, which can happen when we are
10205 	 * called from a higher-layer driver instead of thru specfs.
10206 	 * This will not be needed when DDI provides a layered driver
10207 	 * interface that allows specfs to know that an instance is in
10208 	 * use by a layered driver & should not be detached.
10209 	 *
10210 	 * Note: the semantics for layered driver opens are exactly one
10211 	 * close for every open.
10212 	 */
10213 	if (otyp == OTYP_LYR) {
10214 		un->un_layer_count++;
10215 	}
10216 
10217 	/*
10218 	 * Keep a count of the current # of opens in progress. This is because
10219 	 * some layered drivers try to call us as a regular open. This can
10220 	 * cause problems that we cannot prevent, however by keeping this count
10221 	 * we can at least keep our open and detach routines from racing against
10222 	 * each other under such conditions.
10223 	 */
10224 	un->un_opens_in_progress++;
10225 	mutex_exit(&sd_detach_mutex);
10226 
10227 	nodelay  = (flag & (FNDELAY | FNONBLOCK));
10228 	part	 = SDPART(dev);
10229 	partmask = 1 << part;
10230 
10231 	/*
10232 	 * We use a semaphore here in order to serialize
10233 	 * open and close requests on the device.
10234 	 */
10235 	sema_p(&un->un_semoclose);
10236 
10237 	mutex_enter(SD_MUTEX(un));
10238 
10239 	/*
10240 	 * All device accesses go thru sdstrategy() where we check
10241 	 * on suspend status but there could be a scsi_poll command,
10242 	 * which bypasses sdstrategy(), so we need to check pm
10243 	 * status.
10244 	 */
10245 
10246 	if (!nodelay) {
10247 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10248 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10249 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10250 		}
10251 
10252 		mutex_exit(SD_MUTEX(un));
10253 		if (sd_pm_entry(un) != DDI_SUCCESS) {
10254 			rval = EIO;
10255 			SD_ERROR(SD_LOG_OPEN_CLOSE, un,
10256 			    "sdopen: sd_pm_entry failed\n");
10257 			goto open_failed_with_pm;
10258 		}
10259 		mutex_enter(SD_MUTEX(un));
10260 	}
10261 
10262 	/* check for previous exclusive open */
10263 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: un=%p\n", (void *)un);
10264 	SD_TRACE(SD_LOG_OPEN_CLOSE, un,
10265 	    "sdopen: exclopen=%x, flag=%x, regopen=%x\n",
10266 	    un->un_exclopen, flag, un->un_ocmap.regopen[otyp]);
10267 
10268 	if (un->un_exclopen & (partmask)) {
10269 		goto excl_open_fail;
10270 	}
10271 
10272 	if (flag & FEXCL) {
10273 		int i;
10274 		if (un->un_ocmap.lyropen[part]) {
10275 			goto excl_open_fail;
10276 		}
10277 		for (i = 0; i < (OTYPCNT - 1); i++) {
10278 			if (un->un_ocmap.regopen[i] & (partmask)) {
10279 				goto excl_open_fail;
10280 			}
10281 		}
10282 	}
10283 
10284 	/*
10285 	 * Check the write permission if this is a removable media device,
10286 	 * NDELAY has not been set, and writable permission is requested.
10287 	 *
10288 	 * Note: If NDELAY was set and this is write-protected media the WRITE
10289 	 * attempt will fail with EIO as part of the I/O processing. This is a
10290 	 * more permissive implementation that allows the open to succeed and
10291 	 * WRITE attempts to fail when appropriate.
10292 	 */
10293 	if (un->un_f_chk_wp_open) {
10294 		if ((flag & FWRITE) && (!nodelay)) {
10295 			mutex_exit(SD_MUTEX(un));
10296 			/*
10297 			 * Defer the check for write permission on writable
10298 			 * DVD drive till sdstrategy and will not fail open even
10299 			 * if FWRITE is set as the device can be writable
10300 			 * depending upon the media and the media can change
10301 			 * after the call to open().
10302 			 */
10303 			if (un->un_f_dvdram_writable_device == FALSE) {
10304 				if (ISCD(un) || sr_check_wp(dev)) {
10305 				rval = EROFS;
10306 				mutex_enter(SD_MUTEX(un));
10307 				SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10308 				    "write to cd or write protected media\n");
10309 				goto open_fail;
10310 				}
10311 			}
10312 			mutex_enter(SD_MUTEX(un));
10313 		}
10314 	}
10315 
10316 	/*
10317 	 * If opening in NDELAY/NONBLOCK mode, just return.
10318 	 * Check if disk is ready and has a valid geometry later.
10319 	 */
10320 	if (!nodelay) {
10321 		mutex_exit(SD_MUTEX(un));
10322 		rval = sd_ready_and_valid(un);
10323 		mutex_enter(SD_MUTEX(un));
10324 		/*
10325 		 * Fail if device is not ready or if the number of disk
10326 		 * blocks is zero or negative for non CD devices.
10327 		 */
10328 		if ((rval != SD_READY_VALID) ||
10329 		    (!ISCD(un) && un->un_map[part].dkl_nblk <= 0)) {
10330 			rval = un->un_f_has_removable_media ? ENXIO : EIO;
10331 			SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10332 			    "device not ready or invalid disk block value\n");
10333 			goto open_fail;
10334 		}
10335 #if defined(__i386) || defined(__amd64)
10336 	} else {
10337 		uchar_t *cp;
10338 		/*
10339 		 * x86 requires special nodelay handling, so that p0 is
10340 		 * always defined and accessible.
10341 		 * Invalidate geometry only if device is not already open.
10342 		 */
10343 		cp = &un->un_ocmap.chkd[0];
10344 		while (cp < &un->un_ocmap.chkd[OCSIZE]) {
10345 			if (*cp != (uchar_t)0) {
10346 			    break;
10347 			}
10348 			cp++;
10349 		}
10350 		if (cp == &un->un_ocmap.chkd[OCSIZE]) {
10351 			un->un_f_geometry_is_valid = FALSE;
10352 		}
10353 
10354 #endif
10355 	}
10356 
10357 	if (otyp == OTYP_LYR) {
10358 		un->un_ocmap.lyropen[part]++;
10359 	} else {
10360 		un->un_ocmap.regopen[otyp] |= partmask;
10361 	}
10362 
10363 	/* Set up open and exclusive open flags */
10364 	if (flag & FEXCL) {
10365 		un->un_exclopen |= (partmask);
10366 	}
10367 
10368 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10369 	    "open of part %d type %d\n", part, otyp);
10370 
10371 	mutex_exit(SD_MUTEX(un));
10372 	if (!nodelay) {
10373 		sd_pm_exit(un);
10374 	}
10375 
10376 	sema_v(&un->un_semoclose);
10377 
10378 	mutex_enter(&sd_detach_mutex);
10379 	un->un_opens_in_progress--;
10380 	mutex_exit(&sd_detach_mutex);
10381 
10382 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: exit success\n");
10383 	return (DDI_SUCCESS);
10384 
10385 excl_open_fail:
10386 	SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: fail exclusive open\n");
10387 	rval = EBUSY;
10388 
10389 open_fail:
10390 	mutex_exit(SD_MUTEX(un));
10391 
10392 	/*
10393 	 * On a failed open we must exit the pm management.
10394 	 */
10395 	if (!nodelay) {
10396 		sd_pm_exit(un);
10397 	}
10398 open_failed_with_pm:
10399 	sema_v(&un->un_semoclose);
10400 
10401 	mutex_enter(&sd_detach_mutex);
10402 	un->un_opens_in_progress--;
10403 	if (otyp == OTYP_LYR) {
10404 		un->un_layer_count--;
10405 	}
10406 	mutex_exit(&sd_detach_mutex);
10407 
10408 	return (rval);
10409 }
10410 
10411 
10412 /*
10413  *    Function: sdclose
10414  *
10415  * Description: Driver's close(9e) entry point function.
10416  *
10417  *   Arguments: dev    - device number
10418  *		flag   - file status flag, informational only
10419  *		otyp   - close type (OTYP_BLK, OTYP_CHR, OTYP_LYR)
10420  *		cred_p - user credential pointer
10421  *
10422  * Return Code: ENXIO
10423  *
10424  *     Context: Kernel thread context
10425  */
10426 /* ARGSUSED */
10427 static int
10428 sdclose(dev_t dev, int flag, int otyp, cred_t *cred_p)
10429 {
10430 	struct sd_lun	*un;
10431 	uchar_t		*cp;
10432 	int		part;
10433 	int		nodelay;
10434 	int		rval = 0;
10435 
10436 	/* Validate the open type */
10437 	if (otyp >= OTYPCNT) {
10438 		return (ENXIO);
10439 	}
10440 
10441 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10442 		return (ENXIO);
10443 	}
10444 
10445 	part = SDPART(dev);
10446 	nodelay = flag & (FNDELAY | FNONBLOCK);
10447 
10448 	SD_TRACE(SD_LOG_OPEN_CLOSE, un,
10449 	    "sdclose: close of part %d type %d\n", part, otyp);
10450 
10451 	/*
10452 	 * We use a semaphore here in order to serialize
10453 	 * open and close requests on the device.
10454 	 */
10455 	sema_p(&un->un_semoclose);
10456 
10457 	mutex_enter(SD_MUTEX(un));
10458 
10459 	/* Don't proceed if power is being changed. */
10460 	while (un->un_state == SD_STATE_PM_CHANGING) {
10461 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10462 	}
10463 
10464 	if (un->un_exclopen & (1 << part)) {
10465 		un->un_exclopen &= ~(1 << part);
10466 	}
10467 
10468 	/* Update the open partition map */
10469 	if (otyp == OTYP_LYR) {
10470 		un->un_ocmap.lyropen[part] -= 1;
10471 	} else {
10472 		un->un_ocmap.regopen[otyp] &= ~(1 << part);
10473 	}
10474 
10475 	cp = &un->un_ocmap.chkd[0];
10476 	while (cp < &un->un_ocmap.chkd[OCSIZE]) {
10477 		if (*cp != NULL) {
10478 			break;
10479 		}
10480 		cp++;
10481 	}
10482 
10483 	if (cp == &un->un_ocmap.chkd[OCSIZE]) {
10484 		SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdclose: last close\n");
10485 
10486 		/*
10487 		 * We avoid persistance upon the last close, and set
10488 		 * the throttle back to the maximum.
10489 		 */
10490 		un->un_throttle = un->un_saved_throttle;
10491 
10492 		if (un->un_state == SD_STATE_OFFLINE) {
10493 			if (un->un_f_is_fibre == FALSE) {
10494 				scsi_log(SD_DEVINFO(un), sd_label,
10495 					CE_WARN, "offline\n");
10496 			}
10497 			un->un_f_geometry_is_valid = FALSE;
10498 
10499 		} else {
10500 			/*
10501 			 * Flush any outstanding writes in NVRAM cache.
10502 			 * Note: SYNCHRONIZE CACHE is an optional SCSI-2
10503 			 * cmd, it may not work for non-Pluto devices.
10504 			 * SYNCHRONIZE CACHE is not required for removables,
10505 			 * except DVD-RAM drives.
10506 			 *
10507 			 * Also note: because SYNCHRONIZE CACHE is currently
10508 			 * the only command issued here that requires the
10509 			 * drive be powered up, only do the power up before
10510 			 * sending the Sync Cache command. If additional
10511 			 * commands are added which require a powered up
10512 			 * drive, the following sequence may have to change.
10513 			 *
10514 			 * And finally, note that parallel SCSI on SPARC
10515 			 * only issues a Sync Cache to DVD-RAM, a newly
10516 			 * supported device.
10517 			 */
10518 #if defined(__i386) || defined(__amd64)
10519 			if (un->un_f_sync_cache_supported ||
10520 			    un->un_f_dvdram_writable_device == TRUE) {
10521 #else
10522 			if (un->un_f_dvdram_writable_device == TRUE) {
10523 #endif
10524 				mutex_exit(SD_MUTEX(un));
10525 				if (sd_pm_entry(un) == DDI_SUCCESS) {
10526 					rval =
10527 					    sd_send_scsi_SYNCHRONIZE_CACHE(un,
10528 					    NULL);
10529 					/* ignore error if not supported */
10530 					if (rval == ENOTSUP) {
10531 						rval = 0;
10532 					} else if (rval != 0) {
10533 						rval = EIO;
10534 					}
10535 					sd_pm_exit(un);
10536 				} else {
10537 					rval = EIO;
10538 				}
10539 				mutex_enter(SD_MUTEX(un));
10540 			}
10541 
10542 			/*
10543 			 * For devices which supports DOOR_LOCK, send an ALLOW
10544 			 * MEDIA REMOVAL command, but don't get upset if it
10545 			 * fails. We need to raise the power of the drive before
10546 			 * we can call sd_send_scsi_DOORLOCK()
10547 			 */
10548 			if (un->un_f_doorlock_supported) {
10549 				mutex_exit(SD_MUTEX(un));
10550 				if (sd_pm_entry(un) == DDI_SUCCESS) {
10551 					rval = sd_send_scsi_DOORLOCK(un,
10552 					    SD_REMOVAL_ALLOW, SD_PATH_DIRECT);
10553 
10554 					sd_pm_exit(un);
10555 					if (ISCD(un) && (rval != 0) &&
10556 					    (nodelay != 0)) {
10557 						rval = ENXIO;
10558 					}
10559 				} else {
10560 					rval = EIO;
10561 				}
10562 				mutex_enter(SD_MUTEX(un));
10563 			}
10564 
10565 			/*
10566 			 * If a device has removable media, invalidate all
10567 			 * parameters related to media, such as geometry,
10568 			 * blocksize, and blockcount.
10569 			 */
10570 			if (un->un_f_has_removable_media) {
10571 				sr_ejected(un);
10572 			}
10573 
10574 			/*
10575 			 * Destroy the cache (if it exists) which was
10576 			 * allocated for the write maps since this is
10577 			 * the last close for this media.
10578 			 */
10579 			if (un->un_wm_cache) {
10580 				/*
10581 				 * Check if there are pending commands.
10582 				 * and if there are give a warning and
10583 				 * do not destroy the cache.
10584 				 */
10585 				if (un->un_ncmds_in_driver > 0) {
10586 					scsi_log(SD_DEVINFO(un),
10587 					    sd_label, CE_WARN,
10588 					    "Unable to clean up memory "
10589 					    "because of pending I/O\n");
10590 				} else {
10591 					kmem_cache_destroy(
10592 					    un->un_wm_cache);
10593 					un->un_wm_cache = NULL;
10594 				}
10595 			}
10596 		}
10597 	}
10598 
10599 	mutex_exit(SD_MUTEX(un));
10600 	sema_v(&un->un_semoclose);
10601 
10602 	if (otyp == OTYP_LYR) {
10603 		mutex_enter(&sd_detach_mutex);
10604 		/*
10605 		 * The detach routine may run when the layer count
10606 		 * drops to zero.
10607 		 */
10608 		un->un_layer_count--;
10609 		mutex_exit(&sd_detach_mutex);
10610 	}
10611 
10612 	return (rval);
10613 }
10614 
10615 
10616 /*
10617  *    Function: sd_ready_and_valid
10618  *
10619  * Description: Test if device is ready and has a valid geometry.
10620  *
10621  *   Arguments: dev - device number
10622  *		un  - driver soft state (unit) structure
10623  *
10624  * Return Code: SD_READY_VALID		ready and valid label
10625  *		SD_READY_NOT_VALID	ready, geom ops never applicable
10626  *		SD_NOT_READY_VALID	not ready, no label
10627  *
10628  *     Context: Never called at interrupt context.
10629  */
10630 
10631 static int
10632 sd_ready_and_valid(struct sd_lun *un)
10633 {
10634 	struct sd_errstats	*stp;
10635 	uint64_t		capacity;
10636 	uint_t			lbasize;
10637 	int			rval = SD_READY_VALID;
10638 	char			name_str[48];
10639 
10640 	ASSERT(un != NULL);
10641 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10642 
10643 	mutex_enter(SD_MUTEX(un));
10644 	/*
10645 	 * If a device has removable media, we must check if media is
10646 	 * ready when checking if this device is ready and valid.
10647 	 */
10648 	if (un->un_f_has_removable_media) {
10649 		mutex_exit(SD_MUTEX(un));
10650 		if (sd_send_scsi_TEST_UNIT_READY(un, 0) != 0) {
10651 			rval = SD_NOT_READY_VALID;
10652 			mutex_enter(SD_MUTEX(un));
10653 			goto done;
10654 		}
10655 
10656 		mutex_enter(SD_MUTEX(un));
10657 		if ((un->un_f_geometry_is_valid == FALSE) ||
10658 		    (un->un_f_blockcount_is_valid == FALSE) ||
10659 		    (un->un_f_tgt_blocksize_is_valid == FALSE)) {
10660 
10661 			/* capacity has to be read every open. */
10662 			mutex_exit(SD_MUTEX(un));
10663 			if (sd_send_scsi_READ_CAPACITY(un, &capacity,
10664 			    &lbasize, SD_PATH_DIRECT) != 0) {
10665 				mutex_enter(SD_MUTEX(un));
10666 				un->un_f_geometry_is_valid = FALSE;
10667 				rval = SD_NOT_READY_VALID;
10668 				goto done;
10669 			} else {
10670 				mutex_enter(SD_MUTEX(un));
10671 				sd_update_block_info(un, lbasize, capacity);
10672 			}
10673 		}
10674 
10675 		/*
10676 		 * Check if the media in the device is writable or not.
10677 		 */
10678 		if ((un->un_f_geometry_is_valid == FALSE) && ISCD(un)) {
10679 			sd_check_for_writable_cd(un);
10680 		}
10681 
10682 	} else {
10683 		/*
10684 		 * Do a test unit ready to clear any unit attention from non-cd
10685 		 * devices.
10686 		 */
10687 		mutex_exit(SD_MUTEX(un));
10688 		(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
10689 		mutex_enter(SD_MUTEX(un));
10690 	}
10691 
10692 
10693 	/*
10694 	 * If this is a non 512 block device, allocate space for
10695 	 * the wmap cache. This is being done here since every time
10696 	 * a media is changed this routine will be called and the
10697 	 * block size is a function of media rather than device.
10698 	 */
10699 	if (un->un_f_non_devbsize_supported && NOT_DEVBSIZE(un)) {
10700 		if (!(un->un_wm_cache)) {
10701 			(void) snprintf(name_str, sizeof (name_str),
10702 			    "%s%d_cache",
10703 			    ddi_driver_name(SD_DEVINFO(un)),
10704 			    ddi_get_instance(SD_DEVINFO(un)));
10705 			un->un_wm_cache = kmem_cache_create(
10706 			    name_str, sizeof (struct sd_w_map),
10707 			    8, sd_wm_cache_constructor,
10708 			    sd_wm_cache_destructor, NULL,
10709 			    (void *)un, NULL, 0);
10710 			if (!(un->un_wm_cache)) {
10711 					rval = ENOMEM;
10712 					goto done;
10713 			}
10714 		}
10715 	}
10716 
10717 	if (un->un_state == SD_STATE_NORMAL) {
10718 		/*
10719 		 * If the target is not yet ready here (defined by a TUR
10720 		 * failure), invalidate the geometry and print an 'offline'
10721 		 * message. This is a legacy message, as the state of the
10722 		 * target is not actually changed to SD_STATE_OFFLINE.
10723 		 *
10724 		 * If the TUR fails for EACCES (Reservation Conflict), it
10725 		 * means there actually is nothing wrong with the target that
10726 		 * would require invalidating the geometry, so continue in
10727 		 * that case as if the TUR was successful.
10728 		 */
10729 		int err;
10730 
10731 		mutex_exit(SD_MUTEX(un));
10732 		err = sd_send_scsi_TEST_UNIT_READY(un, 0);
10733 		mutex_enter(SD_MUTEX(un));
10734 
10735 		if ((err != 0) && (err != EACCES)) {
10736 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
10737 			    "offline\n");
10738 			un->un_f_geometry_is_valid = FALSE;
10739 			rval = SD_NOT_READY_VALID;
10740 			goto done;
10741 		}
10742 	}
10743 
10744 	if (un->un_f_format_in_progress == FALSE) {
10745 		/*
10746 		 * Note: sd_validate_geometry may return TRUE, but that does
10747 		 * not necessarily mean un_f_geometry_is_valid == TRUE!
10748 		 */
10749 		rval = sd_validate_geometry(un, SD_PATH_DIRECT);
10750 		if (rval == ENOTSUP) {
10751 			if (un->un_f_geometry_is_valid == TRUE)
10752 				rval = 0;
10753 			else {
10754 				rval = SD_READY_NOT_VALID;
10755 				goto done;
10756 			}
10757 		}
10758 		if (rval != 0) {
10759 			/*
10760 			 * We don't check the validity of geometry for
10761 			 * CDROMs. Also we assume we have a good label
10762 			 * even if sd_validate_geometry returned ENOMEM.
10763 			 */
10764 			if (!ISCD(un) && rval != ENOMEM) {
10765 				rval = SD_NOT_READY_VALID;
10766 				goto done;
10767 			}
10768 		}
10769 	}
10770 
10771 	/*
10772 	 * If this device supports DOOR_LOCK command, try and send
10773 	 * this command to PREVENT MEDIA REMOVAL, but don't get upset
10774 	 * if it fails. For a CD, however, it is an error
10775 	 */
10776 	if (un->un_f_doorlock_supported) {
10777 		mutex_exit(SD_MUTEX(un));
10778 		if ((sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
10779 		    SD_PATH_DIRECT) != 0) && ISCD(un)) {
10780 			rval = SD_NOT_READY_VALID;
10781 			mutex_enter(SD_MUTEX(un));
10782 			goto done;
10783 		}
10784 		mutex_enter(SD_MUTEX(un));
10785 	}
10786 
10787 	/* The state has changed, inform the media watch routines */
10788 	un->un_mediastate = DKIO_INSERTED;
10789 	cv_broadcast(&un->un_state_cv);
10790 	rval = SD_READY_VALID;
10791 
10792 done:
10793 
10794 	/*
10795 	 * Initialize the capacity kstat value, if no media previously
10796 	 * (capacity kstat is 0) and a media has been inserted
10797 	 * (un_blockcount > 0).
10798 	 */
10799 	if (un->un_errstats != NULL) {
10800 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
10801 		if ((stp->sd_capacity.value.ui64 == 0) &&
10802 		    (un->un_f_blockcount_is_valid == TRUE)) {
10803 			stp->sd_capacity.value.ui64 =
10804 			    (uint64_t)((uint64_t)un->un_blockcount *
10805 			    un->un_sys_blocksize);
10806 		}
10807 	}
10808 
10809 	mutex_exit(SD_MUTEX(un));
10810 	return (rval);
10811 }
10812 
10813 
10814 /*
10815  *    Function: sdmin
10816  *
10817  * Description: Routine to limit the size of a data transfer. Used in
10818  *		conjunction with physio(9F).
10819  *
10820  *   Arguments: bp - pointer to the indicated buf(9S) struct.
10821  *
10822  *     Context: Kernel thread context.
10823  */
10824 
10825 static void
10826 sdmin(struct buf *bp)
10827 {
10828 	struct sd_lun	*un;
10829 	int		instance;
10830 
10831 	instance = SDUNIT(bp->b_edev);
10832 
10833 	un = ddi_get_soft_state(sd_state, instance);
10834 	ASSERT(un != NULL);
10835 
10836 	if (bp->b_bcount > un->un_max_xfer_size) {
10837 		bp->b_bcount = un->un_max_xfer_size;
10838 	}
10839 }
10840 
10841 
10842 /*
10843  *    Function: sdread
10844  *
10845  * Description: Driver's read(9e) entry point function.
10846  *
10847  *   Arguments: dev   - device number
10848  *		uio   - structure pointer describing where data is to be stored
10849  *			in user's space
10850  *		cred_p  - user credential pointer
10851  *
10852  * Return Code: ENXIO
10853  *		EIO
10854  *		EINVAL
10855  *		value returned by physio
10856  *
10857  *     Context: Kernel thread context.
10858  */
10859 /* ARGSUSED */
10860 static int
10861 sdread(dev_t dev, struct uio *uio, cred_t *cred_p)
10862 {
10863 	struct sd_lun	*un = NULL;
10864 	int		secmask;
10865 	int		err;
10866 
10867 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10868 		return (ENXIO);
10869 	}
10870 
10871 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10872 
10873 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
10874 		mutex_enter(SD_MUTEX(un));
10875 		/*
10876 		 * Because the call to sd_ready_and_valid will issue I/O we
10877 		 * must wait here if either the device is suspended or
10878 		 * if it's power level is changing.
10879 		 */
10880 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10881 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10882 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10883 		}
10884 		un->un_ncmds_in_driver++;
10885 		mutex_exit(SD_MUTEX(un));
10886 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
10887 			mutex_enter(SD_MUTEX(un));
10888 			un->un_ncmds_in_driver--;
10889 			ASSERT(un->un_ncmds_in_driver >= 0);
10890 			mutex_exit(SD_MUTEX(un));
10891 			return (EIO);
10892 		}
10893 		mutex_enter(SD_MUTEX(un));
10894 		un->un_ncmds_in_driver--;
10895 		ASSERT(un->un_ncmds_in_driver >= 0);
10896 		mutex_exit(SD_MUTEX(un));
10897 	}
10898 
10899 	/*
10900 	 * Read requests are restricted to multiples of the system block size.
10901 	 */
10902 	secmask = un->un_sys_blocksize - 1;
10903 
10904 	if (uio->uio_loffset & ((offset_t)(secmask))) {
10905 		SD_ERROR(SD_LOG_READ_WRITE, un,
10906 		    "sdread: file offset not modulo %d\n",
10907 		    un->un_sys_blocksize);
10908 		err = EINVAL;
10909 	} else if (uio->uio_iov->iov_len & (secmask)) {
10910 		SD_ERROR(SD_LOG_READ_WRITE, un,
10911 		    "sdread: transfer length not modulo %d\n",
10912 		    un->un_sys_blocksize);
10913 		err = EINVAL;
10914 	} else {
10915 		err = physio(sdstrategy, NULL, dev, B_READ, sdmin, uio);
10916 	}
10917 	return (err);
10918 }
10919 
10920 
10921 /*
10922  *    Function: sdwrite
10923  *
10924  * Description: Driver's write(9e) entry point function.
10925  *
10926  *   Arguments: dev   - device number
10927  *		uio   - structure pointer describing where data is stored in
10928  *			user's space
10929  *		cred_p  - user credential pointer
10930  *
10931  * Return Code: ENXIO
10932  *		EIO
10933  *		EINVAL
10934  *		value returned by physio
10935  *
10936  *     Context: Kernel thread context.
10937  */
10938 /* ARGSUSED */
10939 static int
10940 sdwrite(dev_t dev, struct uio *uio, cred_t *cred_p)
10941 {
10942 	struct sd_lun	*un = NULL;
10943 	int		secmask;
10944 	int		err;
10945 
10946 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10947 		return (ENXIO);
10948 	}
10949 
10950 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10951 
10952 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
10953 		mutex_enter(SD_MUTEX(un));
10954 		/*
10955 		 * Because the call to sd_ready_and_valid will issue I/O we
10956 		 * must wait here if either the device is suspended or
10957 		 * if it's power level is changing.
10958 		 */
10959 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10960 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10961 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10962 		}
10963 		un->un_ncmds_in_driver++;
10964 		mutex_exit(SD_MUTEX(un));
10965 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
10966 			mutex_enter(SD_MUTEX(un));
10967 			un->un_ncmds_in_driver--;
10968 			ASSERT(un->un_ncmds_in_driver >= 0);
10969 			mutex_exit(SD_MUTEX(un));
10970 			return (EIO);
10971 		}
10972 		mutex_enter(SD_MUTEX(un));
10973 		un->un_ncmds_in_driver--;
10974 		ASSERT(un->un_ncmds_in_driver >= 0);
10975 		mutex_exit(SD_MUTEX(un));
10976 	}
10977 
10978 	/*
10979 	 * Write requests are restricted to multiples of the system block size.
10980 	 */
10981 	secmask = un->un_sys_blocksize - 1;
10982 
10983 	if (uio->uio_loffset & ((offset_t)(secmask))) {
10984 		SD_ERROR(SD_LOG_READ_WRITE, un,
10985 		    "sdwrite: file offset not modulo %d\n",
10986 		    un->un_sys_blocksize);
10987 		err = EINVAL;
10988 	} else if (uio->uio_iov->iov_len & (secmask)) {
10989 		SD_ERROR(SD_LOG_READ_WRITE, un,
10990 		    "sdwrite: transfer length not modulo %d\n",
10991 		    un->un_sys_blocksize);
10992 		err = EINVAL;
10993 	} else {
10994 		err = physio(sdstrategy, NULL, dev, B_WRITE, sdmin, uio);
10995 	}
10996 	return (err);
10997 }
10998 
10999 
11000 /*
11001  *    Function: sdaread
11002  *
11003  * Description: Driver's aread(9e) entry point function.
11004  *
11005  *   Arguments: dev   - device number
11006  *		aio   - structure pointer describing where data is to be stored
11007  *		cred_p  - user credential pointer
11008  *
11009  * Return Code: ENXIO
11010  *		EIO
11011  *		EINVAL
11012  *		value returned by aphysio
11013  *
11014  *     Context: Kernel thread context.
11015  */
11016 /* ARGSUSED */
11017 static int
11018 sdaread(dev_t dev, struct aio_req *aio, cred_t *cred_p)
11019 {
11020 	struct sd_lun	*un = NULL;
11021 	struct uio	*uio = aio->aio_uio;
11022 	int		secmask;
11023 	int		err;
11024 
11025 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
11026 		return (ENXIO);
11027 	}
11028 
11029 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11030 
11031 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
11032 		mutex_enter(SD_MUTEX(un));
11033 		/*
11034 		 * Because the call to sd_ready_and_valid will issue I/O we
11035 		 * must wait here if either the device is suspended or
11036 		 * if it's power level is changing.
11037 		 */
11038 		while ((un->un_state == SD_STATE_SUSPENDED) ||
11039 		    (un->un_state == SD_STATE_PM_CHANGING)) {
11040 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
11041 		}
11042 		un->un_ncmds_in_driver++;
11043 		mutex_exit(SD_MUTEX(un));
11044 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
11045 			mutex_enter(SD_MUTEX(un));
11046 			un->un_ncmds_in_driver--;
11047 			ASSERT(un->un_ncmds_in_driver >= 0);
11048 			mutex_exit(SD_MUTEX(un));
11049 			return (EIO);
11050 		}
11051 		mutex_enter(SD_MUTEX(un));
11052 		un->un_ncmds_in_driver--;
11053 		ASSERT(un->un_ncmds_in_driver >= 0);
11054 		mutex_exit(SD_MUTEX(un));
11055 	}
11056 
11057 	/*
11058 	 * Read requests are restricted to multiples of the system block size.
11059 	 */
11060 	secmask = un->un_sys_blocksize - 1;
11061 
11062 	if (uio->uio_loffset & ((offset_t)(secmask))) {
11063 		SD_ERROR(SD_LOG_READ_WRITE, un,
11064 		    "sdaread: file offset not modulo %d\n",
11065 		    un->un_sys_blocksize);
11066 		err = EINVAL;
11067 	} else if (uio->uio_iov->iov_len & (secmask)) {
11068 		SD_ERROR(SD_LOG_READ_WRITE, un,
11069 		    "sdaread: transfer length not modulo %d\n",
11070 		    un->un_sys_blocksize);
11071 		err = EINVAL;
11072 	} else {
11073 		err = aphysio(sdstrategy, anocancel, dev, B_READ, sdmin, aio);
11074 	}
11075 	return (err);
11076 }
11077 
11078 
11079 /*
11080  *    Function: sdawrite
11081  *
11082  * Description: Driver's awrite(9e) entry point function.
11083  *
11084  *   Arguments: dev   - device number
11085  *		aio   - structure pointer describing where data is stored
11086  *		cred_p  - user credential pointer
11087  *
11088  * Return Code: ENXIO
11089  *		EIO
11090  *		EINVAL
11091  *		value returned by aphysio
11092  *
11093  *     Context: Kernel thread context.
11094  */
11095 /* ARGSUSED */
11096 static int
11097 sdawrite(dev_t dev, struct aio_req *aio, cred_t *cred_p)
11098 {
11099 	struct sd_lun	*un = NULL;
11100 	struct uio	*uio = aio->aio_uio;
11101 	int		secmask;
11102 	int		err;
11103 
11104 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
11105 		return (ENXIO);
11106 	}
11107 
11108 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11109 
11110 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
11111 		mutex_enter(SD_MUTEX(un));
11112 		/*
11113 		 * Because the call to sd_ready_and_valid will issue I/O we
11114 		 * must wait here if either the device is suspended or
11115 		 * if it's power level is changing.
11116 		 */
11117 		while ((un->un_state == SD_STATE_SUSPENDED) ||
11118 		    (un->un_state == SD_STATE_PM_CHANGING)) {
11119 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
11120 		}
11121 		un->un_ncmds_in_driver++;
11122 		mutex_exit(SD_MUTEX(un));
11123 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
11124 			mutex_enter(SD_MUTEX(un));
11125 			un->un_ncmds_in_driver--;
11126 			ASSERT(un->un_ncmds_in_driver >= 0);
11127 			mutex_exit(SD_MUTEX(un));
11128 			return (EIO);
11129 		}
11130 		mutex_enter(SD_MUTEX(un));
11131 		un->un_ncmds_in_driver--;
11132 		ASSERT(un->un_ncmds_in_driver >= 0);
11133 		mutex_exit(SD_MUTEX(un));
11134 	}
11135 
11136 	/*
11137 	 * Write requests are restricted to multiples of the system block size.
11138 	 */
11139 	secmask = un->un_sys_blocksize - 1;
11140 
11141 	if (uio->uio_loffset & ((offset_t)(secmask))) {
11142 		SD_ERROR(SD_LOG_READ_WRITE, un,
11143 		    "sdawrite: file offset not modulo %d\n",
11144 		    un->un_sys_blocksize);
11145 		err = EINVAL;
11146 	} else if (uio->uio_iov->iov_len & (secmask)) {
11147 		SD_ERROR(SD_LOG_READ_WRITE, un,
11148 		    "sdawrite: transfer length not modulo %d\n",
11149 		    un->un_sys_blocksize);
11150 		err = EINVAL;
11151 	} else {
11152 		err = aphysio(sdstrategy, anocancel, dev, B_WRITE, sdmin, aio);
11153 	}
11154 	return (err);
11155 }
11156 
11157 
11158 
11159 
11160 
11161 /*
11162  * Driver IO processing follows the following sequence:
11163  *
11164  *     sdioctl(9E)     sdstrategy(9E)         biodone(9F)
11165  *         |                |                     ^
11166  *         v                v                     |
11167  * sd_send_scsi_cmd()  ddi_xbuf_qstrategy()       +-------------------+
11168  *         |                |                     |                   |
11169  *         v                |                     |                   |
11170  * sd_uscsi_strategy() sd_xbuf_strategy()   sd_buf_iodone()   sd_uscsi_iodone()
11171  *         |                |                     ^                   ^
11172  *         v                v                     |                   |
11173  * SD_BEGIN_IOSTART()  SD_BEGIN_IOSTART()         |                   |
11174  *         |                |                     |                   |
11175  *     +---+                |                     +------------+      +-------+
11176  *     |                    |                                  |              |
11177  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11178  *     |                    v                                  |              |
11179  *     |         sd_mapblockaddr_iostart()           sd_mapblockaddr_iodone() |
11180  *     |                    |                                  ^              |
11181  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11182  *     |                    v                                  |              |
11183  *     |         sd_mapblocksize_iostart()           sd_mapblocksize_iodone() |
11184  *     |                    |                                  ^              |
11185  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11186  *     |                    v                                  |              |
11187  *     |           sd_checksum_iostart()               sd_checksum_iodone()   |
11188  *     |                    |                                  ^              |
11189  *     +-> SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()+------------->+
11190  *     |                    v                                  |              |
11191  *     |              sd_pm_iostart()                     sd_pm_iodone()      |
11192  *     |                    |                                  ^              |
11193  *     |                    |                                  |              |
11194  *     +-> SD_NEXT_IOSTART()|               SD_BEGIN_IODONE()--+--------------+
11195  *                          |                           ^
11196  *                          v                           |
11197  *                   sd_core_iostart()                  |
11198  *                          |                           |
11199  *                          |                           +------>(*destroypkt)()
11200  *                          +-> sd_start_cmds() <-+     |           |
11201  *                          |                     |     |           v
11202  *                          |                     |     |  scsi_destroy_pkt(9F)
11203  *                          |                     |     |
11204  *                          +->(*initpkt)()       +- sdintr()
11205  *                          |  |                        |  |
11206  *                          |  +-> scsi_init_pkt(9F)    |  +-> sd_handle_xxx()
11207  *                          |  +-> scsi_setup_cdb(9F)   |
11208  *                          |                           |
11209  *                          +--> scsi_transport(9F)     |
11210  *                                     |                |
11211  *                                     +----> SCSA ---->+
11212  *
11213  *
11214  * This code is based upon the following presumtions:
11215  *
11216  *   - iostart and iodone functions operate on buf(9S) structures. These
11217  *     functions perform the necessary operations on the buf(9S) and pass
11218  *     them along to the next function in the chain by using the macros
11219  *     SD_NEXT_IOSTART() (for iostart side functions) and SD_NEXT_IODONE()
11220  *     (for iodone side functions).
11221  *
11222  *   - The iostart side functions may sleep. The iodone side functions
11223  *     are called under interrupt context and may NOT sleep. Therefore
11224  *     iodone side functions also may not call iostart side functions.
11225  *     (NOTE: iostart side functions should NOT sleep for memory, as
11226  *     this could result in deadlock.)
11227  *
11228  *   - An iostart side function may call its corresponding iodone side
11229  *     function directly (if necessary).
11230  *
11231  *   - In the event of an error, an iostart side function can return a buf(9S)
11232  *     to its caller by calling SD_BEGIN_IODONE() (after setting B_ERROR and
11233  *     b_error in the usual way of course).
11234  *
11235  *   - The taskq mechanism may be used by the iodone side functions to dispatch
11236  *     requests to the iostart side functions.  The iostart side functions in
11237  *     this case would be called under the context of a taskq thread, so it's
11238  *     OK for them to block/sleep/spin in this case.
11239  *
11240  *   - iostart side functions may allocate "shadow" buf(9S) structs and
11241  *     pass them along to the next function in the chain.  The corresponding
11242  *     iodone side functions must coalesce the "shadow" bufs and return
11243  *     the "original" buf to the next higher layer.
11244  *
11245  *   - The b_private field of the buf(9S) struct holds a pointer to
11246  *     an sd_xbuf struct, which contains information needed to
11247  *     construct the scsi_pkt for the command.
11248  *
11249  *   - The SD_MUTEX(un) is NOT held across calls to the next layer. Each
11250  *     layer must acquire & release the SD_MUTEX(un) as needed.
11251  */
11252 
11253 
11254 /*
11255  * Create taskq for all targets in the system. This is created at
11256  * _init(9E) and destroyed at _fini(9E).
11257  *
11258  * Note: here we set the minalloc to a reasonably high number to ensure that
11259  * we will have an adequate supply of task entries available at interrupt time.
11260  * This is used in conjunction with the TASKQ_PREPOPULATE flag in
11261  * sd_create_taskq().  Since we do not want to sleep for allocations at
11262  * interrupt time, set maxalloc equal to minalloc. That way we will just fail
11263  * the command if we ever try to dispatch more than SD_TASKQ_MAXALLOC taskq
11264  * requests any one instant in time.
11265  */
11266 #define	SD_TASKQ_NUMTHREADS	8
11267 #define	SD_TASKQ_MINALLOC	256
11268 #define	SD_TASKQ_MAXALLOC	256
11269 
11270 static taskq_t	*sd_tq = NULL;
11271 _NOTE(SCHEME_PROTECTS_DATA("stable data", sd_tq))
11272 
11273 static int	sd_taskq_minalloc = SD_TASKQ_MINALLOC;
11274 static int	sd_taskq_maxalloc = SD_TASKQ_MAXALLOC;
11275 
11276 /*
11277  * The following task queue is being created for the write part of
11278  * read-modify-write of non-512 block size devices.
11279  * Limit the number of threads to 1 for now. This number has been choosen
11280  * considering the fact that it applies only to dvd ram drives/MO drives
11281  * currently. Performance for which is not main criteria at this stage.
11282  * Note: It needs to be explored if we can use a single taskq in future
11283  */
11284 #define	SD_WMR_TASKQ_NUMTHREADS	1
11285 static taskq_t	*sd_wmr_tq = NULL;
11286 _NOTE(SCHEME_PROTECTS_DATA("stable data", sd_wmr_tq))
11287 
11288 /*
11289  *    Function: sd_taskq_create
11290  *
11291  * Description: Create taskq thread(s) and preallocate task entries
11292  *
11293  * Return Code: Returns a pointer to the allocated taskq_t.
11294  *
11295  *     Context: Can sleep. Requires blockable context.
11296  *
11297  *       Notes: - The taskq() facility currently is NOT part of the DDI.
11298  *		  (definitely NOT recommeded for 3rd-party drivers!) :-)
11299  *		- taskq_create() will block for memory, also it will panic
11300  *		  if it cannot create the requested number of threads.
11301  *		- Currently taskq_create() creates threads that cannot be
11302  *		  swapped.
11303  *		- We use TASKQ_PREPOPULATE to ensure we have an adequate
11304  *		  supply of taskq entries at interrupt time (ie, so that we
11305  *		  do not have to sleep for memory)
11306  */
11307 
11308 static void
11309 sd_taskq_create(void)
11310 {
11311 	char	taskq_name[TASKQ_NAMELEN];
11312 
11313 	ASSERT(sd_tq == NULL);
11314 	ASSERT(sd_wmr_tq == NULL);
11315 
11316 	(void) snprintf(taskq_name, sizeof (taskq_name),
11317 	    "%s_drv_taskq", sd_label);
11318 	sd_tq = (taskq_create(taskq_name, SD_TASKQ_NUMTHREADS,
11319 	    (v.v_maxsyspri - 2), sd_taskq_minalloc, sd_taskq_maxalloc,
11320 	    TASKQ_PREPOPULATE));
11321 
11322 	(void) snprintf(taskq_name, sizeof (taskq_name),
11323 	    "%s_rmw_taskq", sd_label);
11324 	sd_wmr_tq = (taskq_create(taskq_name, SD_WMR_TASKQ_NUMTHREADS,
11325 	    (v.v_maxsyspri - 2), sd_taskq_minalloc, sd_taskq_maxalloc,
11326 	    TASKQ_PREPOPULATE));
11327 }
11328 
11329 
11330 /*
11331  *    Function: sd_taskq_delete
11332  *
11333  * Description: Complementary cleanup routine for sd_taskq_create().
11334  *
11335  *     Context: Kernel thread context.
11336  */
11337 
11338 static void
11339 sd_taskq_delete(void)
11340 {
11341 	ASSERT(sd_tq != NULL);
11342 	ASSERT(sd_wmr_tq != NULL);
11343 	taskq_destroy(sd_tq);
11344 	taskq_destroy(sd_wmr_tq);
11345 	sd_tq = NULL;
11346 	sd_wmr_tq = NULL;
11347 }
11348 
11349 
11350 /*
11351  *    Function: sdstrategy
11352  *
11353  * Description: Driver's strategy (9E) entry point function.
11354  *
11355  *   Arguments: bp - pointer to buf(9S)
11356  *
11357  * Return Code: Always returns zero
11358  *
11359  *     Context: Kernel thread context.
11360  */
11361 
11362 static int
11363 sdstrategy(struct buf *bp)
11364 {
11365 	struct sd_lun *un;
11366 
11367 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
11368 	if (un == NULL) {
11369 		bioerror(bp, EIO);
11370 		bp->b_resid = bp->b_bcount;
11371 		biodone(bp);
11372 		return (0);
11373 	}
11374 	/* As was done in the past, fail new cmds. if state is dumping. */
11375 	if (un->un_state == SD_STATE_DUMPING) {
11376 		bioerror(bp, ENXIO);
11377 		bp->b_resid = bp->b_bcount;
11378 		biodone(bp);
11379 		return (0);
11380 	}
11381 
11382 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11383 
11384 	/*
11385 	 * Commands may sneak in while we released the mutex in
11386 	 * DDI_SUSPEND, we should block new commands. However, old
11387 	 * commands that are still in the driver at this point should
11388 	 * still be allowed to drain.
11389 	 */
11390 	mutex_enter(SD_MUTEX(un));
11391 	/*
11392 	 * Must wait here if either the device is suspended or
11393 	 * if it's power level is changing.
11394 	 */
11395 	while ((un->un_state == SD_STATE_SUSPENDED) ||
11396 	    (un->un_state == SD_STATE_PM_CHANGING)) {
11397 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
11398 	}
11399 
11400 	un->un_ncmds_in_driver++;
11401 
11402 	/*
11403 	 * atapi: Since we are running the CD for now in PIO mode we need to
11404 	 * call bp_mapin here to avoid bp_mapin called interrupt context under
11405 	 * the HBA's init_pkt routine.
11406 	 */
11407 	if (un->un_f_cfg_is_atapi == TRUE) {
11408 		mutex_exit(SD_MUTEX(un));
11409 		bp_mapin(bp);
11410 		mutex_enter(SD_MUTEX(un));
11411 	}
11412 	SD_INFO(SD_LOG_IO, un, "sdstrategy: un_ncmds_in_driver = %ld\n",
11413 	    un->un_ncmds_in_driver);
11414 
11415 	mutex_exit(SD_MUTEX(un));
11416 
11417 	/*
11418 	 * This will (eventually) allocate the sd_xbuf area and
11419 	 * call sd_xbuf_strategy().  We just want to return the
11420 	 * result of ddi_xbuf_qstrategy so that we have an opt-
11421 	 * imized tail call which saves us a stack frame.
11422 	 */
11423 	return (ddi_xbuf_qstrategy(bp, un->un_xbuf_attr));
11424 }
11425 
11426 
11427 /*
11428  *    Function: sd_xbuf_strategy
11429  *
11430  * Description: Function for initiating IO operations via the
11431  *		ddi_xbuf_qstrategy() mechanism.
11432  *
11433  *     Context: Kernel thread context.
11434  */
11435 
11436 static void
11437 sd_xbuf_strategy(struct buf *bp, ddi_xbuf_t xp, void *arg)
11438 {
11439 	struct sd_lun *un = arg;
11440 
11441 	ASSERT(bp != NULL);
11442 	ASSERT(xp != NULL);
11443 	ASSERT(un != NULL);
11444 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11445 
11446 	/*
11447 	 * Initialize the fields in the xbuf and save a pointer to the
11448 	 * xbuf in bp->b_private.
11449 	 */
11450 	sd_xbuf_init(un, bp, xp, SD_CHAIN_BUFIO, NULL);
11451 
11452 	/* Send the buf down the iostart chain */
11453 	SD_BEGIN_IOSTART(((struct sd_xbuf *)xp)->xb_chain_iostart, un, bp);
11454 }
11455 
11456 
11457 /*
11458  *    Function: sd_xbuf_init
11459  *
11460  * Description: Prepare the given sd_xbuf struct for use.
11461  *
11462  *   Arguments: un - ptr to softstate
11463  *		bp - ptr to associated buf(9S)
11464  *		xp - ptr to associated sd_xbuf
11465  *		chain_type - IO chain type to use:
11466  *			SD_CHAIN_NULL
11467  *			SD_CHAIN_BUFIO
11468  *			SD_CHAIN_USCSI
11469  *			SD_CHAIN_DIRECT
11470  *			SD_CHAIN_DIRECT_PRIORITY
11471  *		pktinfop - ptr to private data struct for scsi_pkt(9S)
11472  *			initialization; may be NULL if none.
11473  *
11474  *     Context: Kernel thread context
11475  */
11476 
11477 static void
11478 sd_xbuf_init(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
11479 	uchar_t chain_type, void *pktinfop)
11480 {
11481 	int index;
11482 
11483 	ASSERT(un != NULL);
11484 	ASSERT(bp != NULL);
11485 	ASSERT(xp != NULL);
11486 
11487 	SD_INFO(SD_LOG_IO, un, "sd_xbuf_init: buf:0x%p chain type:0x%x\n",
11488 	    bp, chain_type);
11489 
11490 	xp->xb_un	= un;
11491 	xp->xb_pktp	= NULL;
11492 	xp->xb_pktinfo	= pktinfop;
11493 	xp->xb_private	= bp->b_private;
11494 	xp->xb_blkno	= (daddr_t)bp->b_blkno;
11495 
11496 	/*
11497 	 * Set up the iostart and iodone chain indexes in the xbuf, based
11498 	 * upon the specified chain type to use.
11499 	 */
11500 	switch (chain_type) {
11501 	case SD_CHAIN_NULL:
11502 		/*
11503 		 * Fall thru to just use the values for the buf type, even
11504 		 * tho for the NULL chain these values will never be used.
11505 		 */
11506 		/* FALLTHRU */
11507 	case SD_CHAIN_BUFIO:
11508 		index = un->un_buf_chain_type;
11509 		break;
11510 	case SD_CHAIN_USCSI:
11511 		index = un->un_uscsi_chain_type;
11512 		break;
11513 	case SD_CHAIN_DIRECT:
11514 		index = un->un_direct_chain_type;
11515 		break;
11516 	case SD_CHAIN_DIRECT_PRIORITY:
11517 		index = un->un_priority_chain_type;
11518 		break;
11519 	default:
11520 		/* We're really broken if we ever get here... */
11521 		panic("sd_xbuf_init: illegal chain type!");
11522 		/*NOTREACHED*/
11523 	}
11524 
11525 	xp->xb_chain_iostart = sd_chain_index_map[index].sci_iostart_index;
11526 	xp->xb_chain_iodone = sd_chain_index_map[index].sci_iodone_index;
11527 
11528 	/*
11529 	 * It might be a bit easier to simply bzero the entire xbuf above,
11530 	 * but it turns out that since we init a fair number of members anyway,
11531 	 * we save a fair number cycles by doing explicit assignment of zero.
11532 	 */
11533 	xp->xb_pkt_flags	= 0;
11534 	xp->xb_dma_resid	= 0;
11535 	xp->xb_retry_count	= 0;
11536 	xp->xb_victim_retry_count = 0;
11537 	xp->xb_ua_retry_count	= 0;
11538 	xp->xb_sense_bp		= NULL;
11539 	xp->xb_sense_status	= 0;
11540 	xp->xb_sense_state	= 0;
11541 	xp->xb_sense_resid	= 0;
11542 
11543 	bp->b_private	= xp;
11544 	bp->b_flags	&= ~(B_DONE | B_ERROR);
11545 	bp->b_resid	= 0;
11546 	bp->av_forw	= NULL;
11547 	bp->av_back	= NULL;
11548 	bioerror(bp, 0);
11549 
11550 	SD_INFO(SD_LOG_IO, un, "sd_xbuf_init: done.\n");
11551 }
11552 
11553 
11554 /*
11555  *    Function: sd_uscsi_strategy
11556  *
11557  * Description: Wrapper for calling into the USCSI chain via physio(9F)
11558  *
11559  *   Arguments: bp - buf struct ptr
11560  *
11561  * Return Code: Always returns 0
11562  *
11563  *     Context: Kernel thread context
11564  */
11565 
11566 static int
11567 sd_uscsi_strategy(struct buf *bp)
11568 {
11569 	struct sd_lun		*un;
11570 	struct sd_uscsi_info	*uip;
11571 	struct sd_xbuf		*xp;
11572 	uchar_t			chain_type;
11573 
11574 	ASSERT(bp != NULL);
11575 
11576 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
11577 	if (un == NULL) {
11578 		bioerror(bp, EIO);
11579 		bp->b_resid = bp->b_bcount;
11580 		biodone(bp);
11581 		return (0);
11582 	}
11583 
11584 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11585 
11586 	SD_TRACE(SD_LOG_IO, un, "sd_uscsi_strategy: entry: buf:0x%p\n", bp);
11587 
11588 	mutex_enter(SD_MUTEX(un));
11589 	/*
11590 	 * atapi: Since we are running the CD for now in PIO mode we need to
11591 	 * call bp_mapin here to avoid bp_mapin called interrupt context under
11592 	 * the HBA's init_pkt routine.
11593 	 */
11594 	if (un->un_f_cfg_is_atapi == TRUE) {
11595 		mutex_exit(SD_MUTEX(un));
11596 		bp_mapin(bp);
11597 		mutex_enter(SD_MUTEX(un));
11598 	}
11599 	un->un_ncmds_in_driver++;
11600 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_strategy: un_ncmds_in_driver = %ld\n",
11601 	    un->un_ncmds_in_driver);
11602 	mutex_exit(SD_MUTEX(un));
11603 
11604 	/*
11605 	 * A pointer to a struct sd_uscsi_info is expected in bp->b_private
11606 	 */
11607 	ASSERT(bp->b_private != NULL);
11608 	uip = (struct sd_uscsi_info *)bp->b_private;
11609 
11610 	switch (uip->ui_flags) {
11611 	case SD_PATH_DIRECT:
11612 		chain_type = SD_CHAIN_DIRECT;
11613 		break;
11614 	case SD_PATH_DIRECT_PRIORITY:
11615 		chain_type = SD_CHAIN_DIRECT_PRIORITY;
11616 		break;
11617 	default:
11618 		chain_type = SD_CHAIN_USCSI;
11619 		break;
11620 	}
11621 
11622 	xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
11623 	sd_xbuf_init(un, bp, xp, chain_type, uip->ui_cmdp);
11624 
11625 	/* Use the index obtained within xbuf_init */
11626 	SD_BEGIN_IOSTART(xp->xb_chain_iostart, un, bp);
11627 
11628 	SD_TRACE(SD_LOG_IO, un, "sd_uscsi_strategy: exit: buf:0x%p\n", bp);
11629 
11630 	return (0);
11631 }
11632 
11633 
11634 /*
11635  * These routines perform raw i/o operations.
11636  */
11637 /*ARGSUSED*/
11638 static void
11639 sduscsimin(struct buf *bp)
11640 {
11641 	/*
11642 	 * do not break up because the CDB count would then
11643 	 * be incorrect and data underruns would result (incomplete
11644 	 * read/writes which would be retried and then failed, see
11645 	 * sdintr().
11646 	 */
11647 }
11648 
11649 
11650 
11651 /*
11652  *    Function: sd_send_scsi_cmd
11653  *
11654  * Description: Runs a USCSI command for user (when called thru sdioctl),
11655  *		or for the driver
11656  *
11657  *   Arguments: dev - the dev_t for the device
11658  *		incmd - ptr to a valid uscsi_cmd struct
11659  *		cdbspace - UIO_USERSPACE or UIO_SYSSPACE
11660  *		dataspace - UIO_USERSPACE or UIO_SYSSPACE
11661  *		rqbufspace - UIO_USERSPACE or UIO_SYSSPACE
11662  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
11663  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
11664  *			to use the USCSI "direct" chain and bypass the normal
11665  *			command waitq.
11666  *
11667  * Return Code: 0 -  successful completion of the given command
11668  *		EIO - scsi_reset() failed, or see biowait()/physio() codes.
11669  *		ENXIO  - soft state not found for specified dev
11670  *		EINVAL
11671  *		EFAULT - copyin/copyout error
11672  *		return code of biowait(9F) or physio(9F):
11673  *			EIO - IO error, caller may check incmd->uscsi_status
11674  *			ENXIO
11675  *			EACCES - reservation conflict
11676  *
11677  *     Context: Waits for command to complete. Can sleep.
11678  */
11679 
11680 static int
11681 sd_send_scsi_cmd(dev_t dev, struct uscsi_cmd *incmd,
11682 	enum uio_seg cdbspace, enum uio_seg dataspace, enum uio_seg rqbufspace,
11683 	int path_flag)
11684 {
11685 	struct sd_uscsi_info	*uip;
11686 	struct uscsi_cmd	*uscmd;
11687 	struct sd_lun	*un;
11688 	struct buf	*bp;
11689 	int	rval;
11690 	int	flags;
11691 
11692 	un = ddi_get_soft_state(sd_state, SDUNIT(dev));
11693 	if (un == NULL) {
11694 		return (ENXIO);
11695 	}
11696 
11697 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11698 
11699 #ifdef SDDEBUG
11700 	switch (dataspace) {
11701 	case UIO_USERSPACE:
11702 		SD_TRACE(SD_LOG_IO, un,
11703 		    "sd_send_scsi_cmd: entry: un:0x%p UIO_USERSPACE\n", un);
11704 		break;
11705 	case UIO_SYSSPACE:
11706 		SD_TRACE(SD_LOG_IO, un,
11707 		    "sd_send_scsi_cmd: entry: un:0x%p UIO_SYSSPACE\n", un);
11708 		break;
11709 	default:
11710 		SD_TRACE(SD_LOG_IO, un,
11711 		    "sd_send_scsi_cmd: entry: un:0x%p UNEXPECTED SPACE\n", un);
11712 		break;
11713 	}
11714 #endif
11715 
11716 	/*
11717 	 * Perform resets directly; no need to generate a command to do it.
11718 	 */
11719 	if (incmd->uscsi_flags & (USCSI_RESET | USCSI_RESET_ALL)) {
11720 		flags = ((incmd->uscsi_flags & USCSI_RESET_ALL) != 0) ?
11721 		    RESET_ALL : RESET_TARGET;
11722 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: Issuing reset\n");
11723 		if (scsi_reset(SD_ADDRESS(un), flags) == 0) {
11724 			/* Reset attempt was unsuccessful */
11725 			SD_TRACE(SD_LOG_IO, un,
11726 			    "sd_send_scsi_cmd: reset: failure\n");
11727 			return (EIO);
11728 		}
11729 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: reset: success\n");
11730 		return (0);
11731 	}
11732 
11733 	/* Perfunctory sanity check... */
11734 	if (incmd->uscsi_cdblen <= 0) {
11735 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11736 		    "invalid uscsi_cdblen, returning EINVAL\n");
11737 		return (EINVAL);
11738 	} else if (incmd->uscsi_cdblen > un->un_max_hba_cdb) {
11739 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11740 		    "unsupported uscsi_cdblen, returning EINVAL\n");
11741 		return (EINVAL);
11742 	}
11743 
11744 	/*
11745 	 * In order to not worry about where the uscsi structure came from
11746 	 * (or where the cdb it points to came from) we're going to make
11747 	 * kmem_alloc'd copies of them here. This will also allow reference
11748 	 * to the data they contain long after this process has gone to
11749 	 * sleep and its kernel stack has been unmapped, etc.
11750 	 *
11751 	 * First get some memory for the uscsi_cmd struct and copy the
11752 	 * contents of the given uscsi_cmd struct into it.
11753 	 */
11754 	uscmd = kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
11755 	bcopy(incmd, uscmd, sizeof (struct uscsi_cmd));
11756 
11757 	SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_cmd: uscsi_cmd",
11758 	    (uchar_t *)uscmd, sizeof (struct uscsi_cmd), SD_LOG_HEX);
11759 
11760 	/*
11761 	 * Now get some space for the CDB, and copy the given CDB into
11762 	 * it. Use ddi_copyin() in case the data is in user space.
11763 	 */
11764 	uscmd->uscsi_cdb = kmem_zalloc((size_t)incmd->uscsi_cdblen, KM_SLEEP);
11765 	flags = (cdbspace == UIO_SYSSPACE) ? FKIOCTL : 0;
11766 	if (ddi_copyin(incmd->uscsi_cdb, uscmd->uscsi_cdb,
11767 	    (uint_t)incmd->uscsi_cdblen, flags) != 0) {
11768 		kmem_free(uscmd->uscsi_cdb, (size_t)incmd->uscsi_cdblen);
11769 		kmem_free(uscmd, sizeof (struct uscsi_cmd));
11770 		return (EFAULT);
11771 	}
11772 
11773 	SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_cmd: CDB",
11774 	    (uchar_t *)uscmd->uscsi_cdb, incmd->uscsi_cdblen, SD_LOG_HEX);
11775 
11776 	bp = getrbuf(KM_SLEEP);
11777 
11778 	/*
11779 	 * Allocate an sd_uscsi_info struct and fill it with the info
11780 	 * needed by sd_initpkt_for_uscsi().  Then put the pointer into
11781 	 * b_private in the buf for sd_initpkt_for_uscsi().  Note that
11782 	 * since we allocate the buf here in this function, we do not
11783 	 * need to preserve the prior contents of b_private.
11784 	 * The sd_uscsi_info struct is also used by sd_uscsi_strategy()
11785 	 */
11786 	uip = kmem_zalloc(sizeof (struct sd_uscsi_info), KM_SLEEP);
11787 	uip->ui_flags = path_flag;
11788 	uip->ui_cmdp  = uscmd;
11789 	bp->b_private = uip;
11790 
11791 	/*
11792 	 * Initialize Request Sense buffering, if requested.
11793 	 */
11794 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
11795 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
11796 		/*
11797 		 * Here uscmd->uscsi_rqbuf currently points to the caller's
11798 		 * buffer, but we replace this with a kernel buffer that
11799 		 * we allocate to use with the sense data. The sense data
11800 		 * (if present) gets copied into this new buffer before the
11801 		 * command is completed.  Then we copy the sense data from
11802 		 * our allocated buf into the caller's buffer below. Note
11803 		 * that incmd->uscsi_rqbuf and incmd->uscsi_rqlen are used
11804 		 * below to perform the copy back to the caller's buf.
11805 		 */
11806 		uscmd->uscsi_rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
11807 		if (rqbufspace == UIO_USERSPACE) {
11808 			uscmd->uscsi_rqlen   = SENSE_LENGTH;
11809 			uscmd->uscsi_rqresid = SENSE_LENGTH;
11810 		} else {
11811 			uchar_t rlen = min(SENSE_LENGTH, uscmd->uscsi_rqlen);
11812 			uscmd->uscsi_rqlen   = rlen;
11813 			uscmd->uscsi_rqresid = rlen;
11814 		}
11815 	} else {
11816 		uscmd->uscsi_rqbuf = NULL;
11817 		uscmd->uscsi_rqlen   = 0;
11818 		uscmd->uscsi_rqresid = 0;
11819 	}
11820 
11821 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: rqbuf:0x%p  rqlen:%d\n",
11822 	    uscmd->uscsi_rqbuf, uscmd->uscsi_rqlen);
11823 
11824 	if (un->un_f_is_fibre == FALSE) {
11825 		/*
11826 		 * Force asynchronous mode, if necessary.  Doing this here
11827 		 * has the unfortunate effect of running other queued
11828 		 * commands async also, but since the main purpose of this
11829 		 * capability is downloading new drive firmware, we can
11830 		 * probably live with it.
11831 		 */
11832 		if ((uscmd->uscsi_flags & USCSI_ASYNC) != 0) {
11833 			if (scsi_ifgetcap(SD_ADDRESS(un), "synchronous", 1)
11834 				== 1) {
11835 				if (scsi_ifsetcap(SD_ADDRESS(un),
11836 					    "synchronous", 0, 1) == 1) {
11837 					SD_TRACE(SD_LOG_IO, un,
11838 					"sd_send_scsi_cmd: forced async ok\n");
11839 				} else {
11840 					SD_TRACE(SD_LOG_IO, un,
11841 					"sd_send_scsi_cmd:\
11842 					forced async failed\n");
11843 					rval = EINVAL;
11844 					goto done;
11845 				}
11846 			}
11847 		}
11848 
11849 		/*
11850 		 * Re-enable synchronous mode, if requested
11851 		 */
11852 		if (uscmd->uscsi_flags & USCSI_SYNC) {
11853 			if (scsi_ifgetcap(SD_ADDRESS(un), "synchronous", 1)
11854 				== 0) {
11855 				int i = scsi_ifsetcap(SD_ADDRESS(un),
11856 						"synchronous", 1, 1);
11857 				SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11858 					"re-enabled sync %s\n",
11859 					(i == 1) ? "ok" : "failed");
11860 			}
11861 		}
11862 	}
11863 
11864 	/*
11865 	 * Commands sent with priority are intended for error recovery
11866 	 * situations, and do not have retries performed.
11867 	 */
11868 	if (path_flag == SD_PATH_DIRECT_PRIORITY) {
11869 		uscmd->uscsi_flags |= USCSI_DIAGNOSE;
11870 	}
11871 
11872 	/*
11873 	 * If we're going to do actual I/O, let physio do all the right things
11874 	 */
11875 	if (uscmd->uscsi_buflen != 0) {
11876 		struct iovec	aiov;
11877 		struct uio	auio;
11878 		struct uio	*uio = &auio;
11879 
11880 		bzero(&auio, sizeof (struct uio));
11881 		bzero(&aiov, sizeof (struct iovec));
11882 		aiov.iov_base = uscmd->uscsi_bufaddr;
11883 		aiov.iov_len  = uscmd->uscsi_buflen;
11884 		uio->uio_iov  = &aiov;
11885 
11886 		uio->uio_iovcnt  = 1;
11887 		uio->uio_resid   = uscmd->uscsi_buflen;
11888 		uio->uio_segflg  = dataspace;
11889 
11890 		/*
11891 		 * physio() will block here until the command completes....
11892 		 */
11893 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: calling physio.\n");
11894 
11895 		rval = physio(sd_uscsi_strategy, bp, dev,
11896 		    ((uscmd->uscsi_flags & USCSI_READ) ? B_READ : B_WRITE),
11897 		    sduscsimin, uio);
11898 
11899 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11900 		    "returned from physio with 0x%x\n", rval);
11901 
11902 	} else {
11903 		/*
11904 		 * We have to mimic what physio would do here! Argh!
11905 		 */
11906 		bp->b_flags  = B_BUSY |
11907 		    ((uscmd->uscsi_flags & USCSI_READ) ? B_READ : B_WRITE);
11908 		bp->b_edev   = dev;
11909 		bp->b_dev    = cmpdev(dev);	/* maybe unnecessary? */
11910 		bp->b_bcount = 0;
11911 		bp->b_blkno  = 0;
11912 
11913 		SD_TRACE(SD_LOG_IO, un,
11914 		    "sd_send_scsi_cmd: calling sd_uscsi_strategy...\n");
11915 
11916 		(void) sd_uscsi_strategy(bp);
11917 
11918 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: calling biowait\n");
11919 
11920 		rval = biowait(bp);
11921 
11922 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11923 		    "returned from  biowait with 0x%x\n", rval);
11924 	}
11925 
11926 done:
11927 
11928 #ifdef SDDEBUG
11929 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11930 	    "uscsi_status: 0x%02x  uscsi_resid:0x%x\n",
11931 	    uscmd->uscsi_status, uscmd->uscsi_resid);
11932 	if (uscmd->uscsi_bufaddr != NULL) {
11933 		SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11934 		    "uscmd->uscsi_bufaddr: 0x%p  uscmd->uscsi_buflen:%d\n",
11935 		    uscmd->uscsi_bufaddr, uscmd->uscsi_buflen);
11936 		if (dataspace == UIO_SYSSPACE) {
11937 			SD_DUMP_MEMORY(un, SD_LOG_IO,
11938 			    "data", (uchar_t *)uscmd->uscsi_bufaddr,
11939 			    uscmd->uscsi_buflen, SD_LOG_HEX);
11940 		}
11941 	}
11942 #endif
11943 
11944 	/*
11945 	 * Get the status and residual to return to the caller.
11946 	 */
11947 	incmd->uscsi_status = uscmd->uscsi_status;
11948 	incmd->uscsi_resid  = uscmd->uscsi_resid;
11949 
11950 	/*
11951 	 * If the caller wants sense data, copy back whatever sense data
11952 	 * we may have gotten, and update the relevant rqsense info.
11953 	 */
11954 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
11955 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
11956 
11957 		int rqlen = uscmd->uscsi_rqlen - uscmd->uscsi_rqresid;
11958 		rqlen = min(((int)incmd->uscsi_rqlen), rqlen);
11959 
11960 		/* Update the Request Sense status and resid */
11961 		incmd->uscsi_rqresid  = incmd->uscsi_rqlen - rqlen;
11962 		incmd->uscsi_rqstatus = uscmd->uscsi_rqstatus;
11963 
11964 		SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11965 		    "uscsi_rqstatus: 0x%02x  uscsi_rqresid:0x%x\n",
11966 		    incmd->uscsi_rqstatus, incmd->uscsi_rqresid);
11967 
11968 		/* Copy out the sense data for user processes */
11969 		if ((incmd->uscsi_rqbuf != NULL) && (rqlen != 0)) {
11970 			int flags =
11971 			    (rqbufspace == UIO_USERSPACE) ? 0 : FKIOCTL;
11972 			if (ddi_copyout(uscmd->uscsi_rqbuf, incmd->uscsi_rqbuf,
11973 			    rqlen, flags) != 0) {
11974 				rval = EFAULT;
11975 			}
11976 			/*
11977 			 * Note: Can't touch incmd->uscsi_rqbuf so use
11978 			 * uscmd->uscsi_rqbuf instead. They're the same.
11979 			 */
11980 			SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11981 			    "incmd->uscsi_rqbuf: 0x%p  rqlen:%d\n",
11982 			    incmd->uscsi_rqbuf, rqlen);
11983 			SD_DUMP_MEMORY(un, SD_LOG_IO, "rq",
11984 			    (uchar_t *)uscmd->uscsi_rqbuf, rqlen, SD_LOG_HEX);
11985 		}
11986 	}
11987 
11988 	/*
11989 	 * Free allocated resources and return; mapout the buf in case it was
11990 	 * mapped in by a lower layer.
11991 	 */
11992 	bp_mapout(bp);
11993 	freerbuf(bp);
11994 	kmem_free(uip, sizeof (struct sd_uscsi_info));
11995 	if (uscmd->uscsi_rqbuf != NULL) {
11996 		kmem_free(uscmd->uscsi_rqbuf, SENSE_LENGTH);
11997 	}
11998 	kmem_free(uscmd->uscsi_cdb, (size_t)uscmd->uscsi_cdblen);
11999 	kmem_free(uscmd, sizeof (struct uscsi_cmd));
12000 
12001 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: exit\n");
12002 
12003 	return (rval);
12004 }
12005 
12006 
12007 /*
12008  *    Function: sd_buf_iodone
12009  *
12010  * Description: Frees the sd_xbuf & returns the buf to its originator.
12011  *
12012  *     Context: May be called from interrupt context.
12013  */
12014 /* ARGSUSED */
12015 static void
12016 sd_buf_iodone(int index, struct sd_lun *un, struct buf *bp)
12017 {
12018 	struct sd_xbuf *xp;
12019 
12020 	ASSERT(un != NULL);
12021 	ASSERT(bp != NULL);
12022 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12023 
12024 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_buf_iodone: entry.\n");
12025 
12026 	xp = SD_GET_XBUF(bp);
12027 	ASSERT(xp != NULL);
12028 
12029 	mutex_enter(SD_MUTEX(un));
12030 
12031 	/*
12032 	 * Grab time when the cmd completed.
12033 	 * This is used for determining if the system has been
12034 	 * idle long enough to make it idle to the PM framework.
12035 	 * This is for lowering the overhead, and therefore improving
12036 	 * performance per I/O operation.
12037 	 */
12038 	un->un_pm_idle_time = ddi_get_time();
12039 
12040 	un->un_ncmds_in_driver--;
12041 	ASSERT(un->un_ncmds_in_driver >= 0);
12042 	SD_INFO(SD_LOG_IO, un, "sd_buf_iodone: un_ncmds_in_driver = %ld\n",
12043 	    un->un_ncmds_in_driver);
12044 
12045 	mutex_exit(SD_MUTEX(un));
12046 
12047 	ddi_xbuf_done(bp, un->un_xbuf_attr);	/* xbuf is gone after this */
12048 	biodone(bp);				/* bp is gone after this */
12049 
12050 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_buf_iodone: exit.\n");
12051 }
12052 
12053 
12054 /*
12055  *    Function: sd_uscsi_iodone
12056  *
12057  * Description: Frees the sd_xbuf & returns the buf to its originator.
12058  *
12059  *     Context: May be called from interrupt context.
12060  */
12061 /* ARGSUSED */
12062 static void
12063 sd_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp)
12064 {
12065 	struct sd_xbuf *xp;
12066 
12067 	ASSERT(un != NULL);
12068 	ASSERT(bp != NULL);
12069 
12070 	xp = SD_GET_XBUF(bp);
12071 	ASSERT(xp != NULL);
12072 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12073 
12074 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: entry.\n");
12075 
12076 	bp->b_private = xp->xb_private;
12077 
12078 	mutex_enter(SD_MUTEX(un));
12079 
12080 	/*
12081 	 * Grab time when the cmd completed.
12082 	 * This is used for determining if the system has been
12083 	 * idle long enough to make it idle to the PM framework.
12084 	 * This is for lowering the overhead, and therefore improving
12085 	 * performance per I/O operation.
12086 	 */
12087 	un->un_pm_idle_time = ddi_get_time();
12088 
12089 	un->un_ncmds_in_driver--;
12090 	ASSERT(un->un_ncmds_in_driver >= 0);
12091 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: un_ncmds_in_driver = %ld\n",
12092 	    un->un_ncmds_in_driver);
12093 
12094 	mutex_exit(SD_MUTEX(un));
12095 
12096 	kmem_free(xp, sizeof (struct sd_xbuf));
12097 	biodone(bp);
12098 
12099 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: exit.\n");
12100 }
12101 
12102 
12103 /*
12104  *    Function: sd_mapblockaddr_iostart
12105  *
12106  * Description: Verify request lies withing the partition limits for
12107  *		the indicated minor device.  Issue "overrun" buf if
12108  *		request would exceed partition range.  Converts
12109  *		partition-relative block address to absolute.
12110  *
12111  *     Context: Can sleep
12112  *
12113  *      Issues: This follows what the old code did, in terms of accessing
12114  *		some of the partition info in the unit struct without holding
12115  *		the mutext.  This is a general issue, if the partition info
12116  *		can be altered while IO is in progress... as soon as we send
12117  *		a buf, its partitioning can be invalid before it gets to the
12118  *		device.  Probably the right fix is to move partitioning out
12119  *		of the driver entirely.
12120  */
12121 
12122 static void
12123 sd_mapblockaddr_iostart(int index, struct sd_lun *un, struct buf *bp)
12124 {
12125 	daddr_t	nblocks;	/* #blocks in the given partition */
12126 	daddr_t	blocknum;	/* Block number specified by the buf */
12127 	size_t	requested_nblocks;
12128 	size_t	available_nblocks;
12129 	int	partition;
12130 	diskaddr_t	partition_offset;
12131 	struct sd_xbuf *xp;
12132 
12133 
12134 	ASSERT(un != NULL);
12135 	ASSERT(bp != NULL);
12136 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12137 
12138 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12139 	    "sd_mapblockaddr_iostart: entry: buf:0x%p\n", bp);
12140 
12141 	xp = SD_GET_XBUF(bp);
12142 	ASSERT(xp != NULL);
12143 
12144 	/*
12145 	 * If the geometry is not indicated as valid, attempt to access
12146 	 * the unit & verify the geometry/label. This can be the case for
12147 	 * removable-media devices, of if the device was opened in
12148 	 * NDELAY/NONBLOCK mode.
12149 	 */
12150 	if ((un->un_f_geometry_is_valid != TRUE) &&
12151 	    (sd_ready_and_valid(un) != SD_READY_VALID)) {
12152 		/*
12153 		 * For removable devices it is possible to start an I/O
12154 		 * without a media by opening the device in nodelay mode.
12155 		 * Also for writable CDs there can be many scenarios where
12156 		 * there is no geometry yet but volume manager is trying to
12157 		 * issue a read() just because it can see TOC on the CD. So
12158 		 * do not print a message for removables.
12159 		 */
12160 		if (!un->un_f_has_removable_media) {
12161 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
12162 			    "i/o to invalid geometry\n");
12163 		}
12164 		bioerror(bp, EIO);
12165 		bp->b_resid = bp->b_bcount;
12166 		SD_BEGIN_IODONE(index, un, bp);
12167 		return;
12168 	}
12169 
12170 	partition = SDPART(bp->b_edev);
12171 
12172 	/* #blocks in partition */
12173 	nblocks = un->un_map[partition].dkl_nblk;    /* #blocks in partition */
12174 
12175 	/* Use of a local variable potentially improves performance slightly */
12176 	partition_offset = un->un_offset[partition];
12177 
12178 	/*
12179 	 * blocknum is the starting block number of the request. At this
12180 	 * point it is still relative to the start of the minor device.
12181 	 */
12182 	blocknum = xp->xb_blkno;
12183 
12184 	/*
12185 	 * Legacy: If the starting block number is one past the last block
12186 	 * in the partition, do not set B_ERROR in the buf.
12187 	 */
12188 	if (blocknum == nblocks)  {
12189 		goto error_exit;
12190 	}
12191 
12192 	/*
12193 	 * Confirm that the first block of the request lies within the
12194 	 * partition limits. Also the requested number of bytes must be
12195 	 * a multiple of the system block size.
12196 	 */
12197 	if ((blocknum < 0) || (blocknum >= nblocks) ||
12198 	    ((bp->b_bcount & (un->un_sys_blocksize - 1)) != 0)) {
12199 		bp->b_flags |= B_ERROR;
12200 		goto error_exit;
12201 	}
12202 
12203 	/*
12204 	 * If the requsted # blocks exceeds the available # blocks, that
12205 	 * is an overrun of the partition.
12206 	 */
12207 	requested_nblocks = SD_BYTES2SYSBLOCKS(un, bp->b_bcount);
12208 	available_nblocks = (size_t)(nblocks - blocknum);
12209 	ASSERT(nblocks >= blocknum);
12210 
12211 	if (requested_nblocks > available_nblocks) {
12212 		/*
12213 		 * Allocate an "overrun" buf to allow the request to proceed
12214 		 * for the amount of space available in the partition. The
12215 		 * amount not transferred will be added into the b_resid
12216 		 * when the operation is complete. The overrun buf
12217 		 * replaces the original buf here, and the original buf
12218 		 * is saved inside the overrun buf, for later use.
12219 		 */
12220 		size_t resid = SD_SYSBLOCKS2BYTES(un,
12221 		    (offset_t)(requested_nblocks - available_nblocks));
12222 		size_t count = bp->b_bcount - resid;
12223 		/*
12224 		 * Note: count is an unsigned entity thus it'll NEVER
12225 		 * be less than 0 so ASSERT the original values are
12226 		 * correct.
12227 		 */
12228 		ASSERT(bp->b_bcount >= resid);
12229 
12230 		bp = sd_bioclone_alloc(bp, count, blocknum,
12231 			(int (*)(struct buf *)) sd_mapblockaddr_iodone);
12232 		xp = SD_GET_XBUF(bp); /* Update for 'new' bp! */
12233 		ASSERT(xp != NULL);
12234 	}
12235 
12236 	/* At this point there should be no residual for this buf. */
12237 	ASSERT(bp->b_resid == 0);
12238 
12239 	/* Convert the block number to an absolute address. */
12240 	xp->xb_blkno += partition_offset;
12241 
12242 	SD_NEXT_IOSTART(index, un, bp);
12243 
12244 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12245 	    "sd_mapblockaddr_iostart: exit 0: buf:0x%p\n", bp);
12246 
12247 	return;
12248 
12249 error_exit:
12250 	bp->b_resid = bp->b_bcount;
12251 	SD_BEGIN_IODONE(index, un, bp);
12252 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12253 	    "sd_mapblockaddr_iostart: exit 1: buf:0x%p\n", bp);
12254 }
12255 
12256 
12257 /*
12258  *    Function: sd_mapblockaddr_iodone
12259  *
12260  * Description: Completion-side processing for partition management.
12261  *
12262  *     Context: May be called under interrupt context
12263  */
12264 
12265 static void
12266 sd_mapblockaddr_iodone(int index, struct sd_lun *un, struct buf *bp)
12267 {
12268 	/* int	partition; */	/* Not used, see below. */
12269 	ASSERT(un != NULL);
12270 	ASSERT(bp != NULL);
12271 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12272 
12273 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12274 	    "sd_mapblockaddr_iodone: entry: buf:0x%p\n", bp);
12275 
12276 	if (bp->b_iodone == (int (*)(struct buf *)) sd_mapblockaddr_iodone) {
12277 		/*
12278 		 * We have an "overrun" buf to deal with...
12279 		 */
12280 		struct sd_xbuf	*xp;
12281 		struct buf	*obp;	/* ptr to the original buf */
12282 
12283 		xp = SD_GET_XBUF(bp);
12284 		ASSERT(xp != NULL);
12285 
12286 		/* Retrieve the pointer to the original buf */
12287 		obp = (struct buf *)xp->xb_private;
12288 		ASSERT(obp != NULL);
12289 
12290 		obp->b_resid = obp->b_bcount - (bp->b_bcount - bp->b_resid);
12291 		bioerror(obp, bp->b_error);
12292 
12293 		sd_bioclone_free(bp);
12294 
12295 		/*
12296 		 * Get back the original buf.
12297 		 * Note that since the restoration of xb_blkno below
12298 		 * was removed, the sd_xbuf is not needed.
12299 		 */
12300 		bp = obp;
12301 		/*
12302 		 * xp = SD_GET_XBUF(bp);
12303 		 * ASSERT(xp != NULL);
12304 		 */
12305 	}
12306 
12307 	/*
12308 	 * Convert sd->xb_blkno back to a minor-device relative value.
12309 	 * Note: this has been commented out, as it is not needed in the
12310 	 * current implementation of the driver (ie, since this function
12311 	 * is at the top of the layering chains, so the info will be
12312 	 * discarded) and it is in the "hot" IO path.
12313 	 *
12314 	 * partition = getminor(bp->b_edev) & SDPART_MASK;
12315 	 * xp->xb_blkno -= un->un_offset[partition];
12316 	 */
12317 
12318 	SD_NEXT_IODONE(index, un, bp);
12319 
12320 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12321 	    "sd_mapblockaddr_iodone: exit: buf:0x%p\n", bp);
12322 }
12323 
12324 
12325 /*
12326  *    Function: sd_mapblocksize_iostart
12327  *
12328  * Description: Convert between system block size (un->un_sys_blocksize)
12329  *		and target block size (un->un_tgt_blocksize).
12330  *
12331  *     Context: Can sleep to allocate resources.
12332  *
12333  * Assumptions: A higher layer has already performed any partition validation,
12334  *		and converted the xp->xb_blkno to an absolute value relative
12335  *		to the start of the device.
12336  *
12337  *		It is also assumed that the higher layer has implemented
12338  *		an "overrun" mechanism for the case where the request would
12339  *		read/write beyond the end of a partition.  In this case we
12340  *		assume (and ASSERT) that bp->b_resid == 0.
12341  *
12342  *		Note: The implementation for this routine assumes the target
12343  *		block size remains constant between allocation and transport.
12344  */
12345 
12346 static void
12347 sd_mapblocksize_iostart(int index, struct sd_lun *un, struct buf *bp)
12348 {
12349 	struct sd_mapblocksize_info	*bsp;
12350 	struct sd_xbuf			*xp;
12351 	offset_t first_byte;
12352 	daddr_t	start_block, end_block;
12353 	daddr_t	request_bytes;
12354 	ushort_t is_aligned = FALSE;
12355 
12356 	ASSERT(un != NULL);
12357 	ASSERT(bp != NULL);
12358 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12359 	ASSERT(bp->b_resid == 0);
12360 
12361 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12362 	    "sd_mapblocksize_iostart: entry: buf:0x%p\n", bp);
12363 
12364 	/*
12365 	 * For a non-writable CD, a write request is an error
12366 	 */
12367 	if (ISCD(un) && ((bp->b_flags & B_READ) == 0) &&
12368 	    (un->un_f_mmc_writable_media == FALSE)) {
12369 		bioerror(bp, EIO);
12370 		bp->b_resid = bp->b_bcount;
12371 		SD_BEGIN_IODONE(index, un, bp);
12372 		return;
12373 	}
12374 
12375 	/*
12376 	 * We do not need a shadow buf if the device is using
12377 	 * un->un_sys_blocksize as its block size or if bcount == 0.
12378 	 * In this case there is no layer-private data block allocated.
12379 	 */
12380 	if ((un->un_tgt_blocksize == un->un_sys_blocksize) ||
12381 	    (bp->b_bcount == 0)) {
12382 		goto done;
12383 	}
12384 
12385 #if defined(__i386) || defined(__amd64)
12386 	/* We do not support non-block-aligned transfers for ROD devices */
12387 	ASSERT(!ISROD(un));
12388 #endif
12389 
12390 	xp = SD_GET_XBUF(bp);
12391 	ASSERT(xp != NULL);
12392 
12393 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12394 	    "tgt_blocksize:0x%x sys_blocksize: 0x%x\n",
12395 	    un->un_tgt_blocksize, un->un_sys_blocksize);
12396 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12397 	    "request start block:0x%x\n", xp->xb_blkno);
12398 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12399 	    "request len:0x%x\n", bp->b_bcount);
12400 
12401 	/*
12402 	 * Allocate the layer-private data area for the mapblocksize layer.
12403 	 * Layers are allowed to use the xp_private member of the sd_xbuf
12404 	 * struct to store the pointer to their layer-private data block, but
12405 	 * each layer also has the responsibility of restoring the prior
12406 	 * contents of xb_private before returning the buf/xbuf to the
12407 	 * higher layer that sent it.
12408 	 *
12409 	 * Here we save the prior contents of xp->xb_private into the
12410 	 * bsp->mbs_oprivate field of our layer-private data area. This value
12411 	 * is restored by sd_mapblocksize_iodone() just prior to freeing up
12412 	 * the layer-private area and returning the buf/xbuf to the layer
12413 	 * that sent it.
12414 	 *
12415 	 * Note that here we use kmem_zalloc for the allocation as there are
12416 	 * parts of the mapblocksize code that expect certain fields to be
12417 	 * zero unless explicitly set to a required value.
12418 	 */
12419 	bsp = kmem_zalloc(sizeof (struct sd_mapblocksize_info), KM_SLEEP);
12420 	bsp->mbs_oprivate = xp->xb_private;
12421 	xp->xb_private = bsp;
12422 
12423 	/*
12424 	 * This treats the data on the disk (target) as an array of bytes.
12425 	 * first_byte is the byte offset, from the beginning of the device,
12426 	 * to the location of the request. This is converted from a
12427 	 * un->un_sys_blocksize block address to a byte offset, and then back
12428 	 * to a block address based upon a un->un_tgt_blocksize block size.
12429 	 *
12430 	 * xp->xb_blkno should be absolute upon entry into this function,
12431 	 * but, but it is based upon partitions that use the "system"
12432 	 * block size. It must be adjusted to reflect the block size of
12433 	 * the target.
12434 	 *
12435 	 * Note that end_block is actually the block that follows the last
12436 	 * block of the request, but that's what is needed for the computation.
12437 	 */
12438 	first_byte  = SD_SYSBLOCKS2BYTES(un, (offset_t)xp->xb_blkno);
12439 	start_block = xp->xb_blkno = first_byte / un->un_tgt_blocksize;
12440 	end_block   = (first_byte + bp->b_bcount + un->un_tgt_blocksize - 1) /
12441 	    un->un_tgt_blocksize;
12442 
12443 	/* request_bytes is rounded up to a multiple of the target block size */
12444 	request_bytes = (end_block - start_block) * un->un_tgt_blocksize;
12445 
12446 	/*
12447 	 * See if the starting address of the request and the request
12448 	 * length are aligned on a un->un_tgt_blocksize boundary. If aligned
12449 	 * then we do not need to allocate a shadow buf to handle the request.
12450 	 */
12451 	if (((first_byte   % un->un_tgt_blocksize) == 0) &&
12452 	    ((bp->b_bcount % un->un_tgt_blocksize) == 0)) {
12453 		is_aligned = TRUE;
12454 	}
12455 
12456 	if ((bp->b_flags & B_READ) == 0) {
12457 		/*
12458 		 * Lock the range for a write operation. An aligned request is
12459 		 * considered a simple write; otherwise the request must be a
12460 		 * read-modify-write.
12461 		 */
12462 		bsp->mbs_wmp = sd_range_lock(un, start_block, end_block - 1,
12463 		    (is_aligned == TRUE) ? SD_WTYPE_SIMPLE : SD_WTYPE_RMW);
12464 	}
12465 
12466 	/*
12467 	 * Alloc a shadow buf if the request is not aligned. Also, this is
12468 	 * where the READ command is generated for a read-modify-write. (The
12469 	 * write phase is deferred until after the read completes.)
12470 	 */
12471 	if (is_aligned == FALSE) {
12472 
12473 		struct sd_mapblocksize_info	*shadow_bsp;
12474 		struct sd_xbuf	*shadow_xp;
12475 		struct buf	*shadow_bp;
12476 
12477 		/*
12478 		 * Allocate the shadow buf and it associated xbuf. Note that
12479 		 * after this call the xb_blkno value in both the original
12480 		 * buf's sd_xbuf _and_ the shadow buf's sd_xbuf will be the
12481 		 * same: absolute relative to the start of the device, and
12482 		 * adjusted for the target block size. The b_blkno in the
12483 		 * shadow buf will also be set to this value. We should never
12484 		 * change b_blkno in the original bp however.
12485 		 *
12486 		 * Note also that the shadow buf will always need to be a
12487 		 * READ command, regardless of whether the incoming command
12488 		 * is a READ or a WRITE.
12489 		 */
12490 		shadow_bp = sd_shadow_buf_alloc(bp, request_bytes, B_READ,
12491 		    xp->xb_blkno,
12492 		    (int (*)(struct buf *)) sd_mapblocksize_iodone);
12493 
12494 		shadow_xp = SD_GET_XBUF(shadow_bp);
12495 
12496 		/*
12497 		 * Allocate the layer-private data for the shadow buf.
12498 		 * (No need to preserve xb_private in the shadow xbuf.)
12499 		 */
12500 		shadow_xp->xb_private = shadow_bsp =
12501 		    kmem_zalloc(sizeof (struct sd_mapblocksize_info), KM_SLEEP);
12502 
12503 		/*
12504 		 * bsp->mbs_copy_offset is used later by sd_mapblocksize_iodone
12505 		 * to figure out where the start of the user data is (based upon
12506 		 * the system block size) in the data returned by the READ
12507 		 * command (which will be based upon the target blocksize). Note
12508 		 * that this is only really used if the request is unaligned.
12509 		 */
12510 		bsp->mbs_copy_offset = (ssize_t)(first_byte -
12511 		    ((offset_t)xp->xb_blkno * un->un_tgt_blocksize));
12512 		ASSERT((bsp->mbs_copy_offset >= 0) &&
12513 		    (bsp->mbs_copy_offset < un->un_tgt_blocksize));
12514 
12515 		shadow_bsp->mbs_copy_offset = bsp->mbs_copy_offset;
12516 
12517 		shadow_bsp->mbs_layer_index = bsp->mbs_layer_index = index;
12518 
12519 		/* Transfer the wmap (if any) to the shadow buf */
12520 		shadow_bsp->mbs_wmp = bsp->mbs_wmp;
12521 		bsp->mbs_wmp = NULL;
12522 
12523 		/*
12524 		 * The shadow buf goes on from here in place of the
12525 		 * original buf.
12526 		 */
12527 		shadow_bsp->mbs_orig_bp = bp;
12528 		bp = shadow_bp;
12529 	}
12530 
12531 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12532 	    "sd_mapblocksize_iostart: tgt start block:0x%x\n", xp->xb_blkno);
12533 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12534 	    "sd_mapblocksize_iostart: tgt request len:0x%x\n",
12535 	    request_bytes);
12536 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12537 	    "sd_mapblocksize_iostart: shadow buf:0x%x\n", bp);
12538 
12539 done:
12540 	SD_NEXT_IOSTART(index, un, bp);
12541 
12542 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12543 	    "sd_mapblocksize_iostart: exit: buf:0x%p\n", bp);
12544 }
12545 
12546 
12547 /*
12548  *    Function: sd_mapblocksize_iodone
12549  *
12550  * Description: Completion side processing for block-size mapping.
12551  *
12552  *     Context: May be called under interrupt context
12553  */
12554 
12555 static void
12556 sd_mapblocksize_iodone(int index, struct sd_lun *un, struct buf *bp)
12557 {
12558 	struct sd_mapblocksize_info	*bsp;
12559 	struct sd_xbuf	*xp;
12560 	struct sd_xbuf	*orig_xp;	/* sd_xbuf for the original buf */
12561 	struct buf	*orig_bp;	/* ptr to the original buf */
12562 	offset_t	shadow_end;
12563 	offset_t	request_end;
12564 	offset_t	shadow_start;
12565 	ssize_t		copy_offset;
12566 	size_t		copy_length;
12567 	size_t		shortfall;
12568 	uint_t		is_write;	/* TRUE if this bp is a WRITE */
12569 	uint_t		has_wmap;	/* TRUE is this bp has a wmap */
12570 
12571 	ASSERT(un != NULL);
12572 	ASSERT(bp != NULL);
12573 
12574 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12575 	    "sd_mapblocksize_iodone: entry: buf:0x%p\n", bp);
12576 
12577 	/*
12578 	 * There is no shadow buf or layer-private data if the target is
12579 	 * using un->un_sys_blocksize as its block size or if bcount == 0.
12580 	 */
12581 	if ((un->un_tgt_blocksize == un->un_sys_blocksize) ||
12582 	    (bp->b_bcount == 0)) {
12583 		goto exit;
12584 	}
12585 
12586 	xp = SD_GET_XBUF(bp);
12587 	ASSERT(xp != NULL);
12588 
12589 	/* Retrieve the pointer to the layer-private data area from the xbuf. */
12590 	bsp = xp->xb_private;
12591 
12592 	is_write = ((bp->b_flags & B_READ) == 0) ? TRUE : FALSE;
12593 	has_wmap = (bsp->mbs_wmp != NULL) ? TRUE : FALSE;
12594 
12595 	if (is_write) {
12596 		/*
12597 		 * For a WRITE request we must free up the block range that
12598 		 * we have locked up.  This holds regardless of whether this is
12599 		 * an aligned write request or a read-modify-write request.
12600 		 */
12601 		sd_range_unlock(un, bsp->mbs_wmp);
12602 		bsp->mbs_wmp = NULL;
12603 	}
12604 
12605 	if ((bp->b_iodone != (int(*)(struct buf *))sd_mapblocksize_iodone)) {
12606 		/*
12607 		 * An aligned read or write command will have no shadow buf;
12608 		 * there is not much else to do with it.
12609 		 */
12610 		goto done;
12611 	}
12612 
12613 	orig_bp = bsp->mbs_orig_bp;
12614 	ASSERT(orig_bp != NULL);
12615 	orig_xp = SD_GET_XBUF(orig_bp);
12616 	ASSERT(orig_xp != NULL);
12617 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12618 
12619 	if (!is_write && has_wmap) {
12620 		/*
12621 		 * A READ with a wmap means this is the READ phase of a
12622 		 * read-modify-write. If an error occurred on the READ then
12623 		 * we do not proceed with the WRITE phase or copy any data.
12624 		 * Just release the write maps and return with an error.
12625 		 */
12626 		if ((bp->b_resid != 0) || (bp->b_error != 0)) {
12627 			orig_bp->b_resid = orig_bp->b_bcount;
12628 			bioerror(orig_bp, bp->b_error);
12629 			sd_range_unlock(un, bsp->mbs_wmp);
12630 			goto freebuf_done;
12631 		}
12632 	}
12633 
12634 	/*
12635 	 * Here is where we set up to copy the data from the shadow buf
12636 	 * into the space associated with the original buf.
12637 	 *
12638 	 * To deal with the conversion between block sizes, these
12639 	 * computations treat the data as an array of bytes, with the
12640 	 * first byte (byte 0) corresponding to the first byte in the
12641 	 * first block on the disk.
12642 	 */
12643 
12644 	/*
12645 	 * shadow_start and shadow_len indicate the location and size of
12646 	 * the data returned with the shadow IO request.
12647 	 */
12648 	shadow_start  = SD_TGTBLOCKS2BYTES(un, (offset_t)xp->xb_blkno);
12649 	shadow_end    = shadow_start + bp->b_bcount - bp->b_resid;
12650 
12651 	/*
12652 	 * copy_offset gives the offset (in bytes) from the start of the first
12653 	 * block of the READ request to the beginning of the data.  We retrieve
12654 	 * this value from xb_pktp in the ORIGINAL xbuf, as it has been saved
12655 	 * there by sd_mapblockize_iostart(). copy_length gives the amount of
12656 	 * data to be copied (in bytes).
12657 	 */
12658 	copy_offset  = bsp->mbs_copy_offset;
12659 	ASSERT((copy_offset >= 0) && (copy_offset < un->un_tgt_blocksize));
12660 	copy_length  = orig_bp->b_bcount;
12661 	request_end  = shadow_start + copy_offset + orig_bp->b_bcount;
12662 
12663 	/*
12664 	 * Set up the resid and error fields of orig_bp as appropriate.
12665 	 */
12666 	if (shadow_end >= request_end) {
12667 		/* We got all the requested data; set resid to zero */
12668 		orig_bp->b_resid = 0;
12669 	} else {
12670 		/*
12671 		 * We failed to get enough data to fully satisfy the original
12672 		 * request. Just copy back whatever data we got and set
12673 		 * up the residual and error code as required.
12674 		 *
12675 		 * 'shortfall' is the amount by which the data received with the
12676 		 * shadow buf has "fallen short" of the requested amount.
12677 		 */
12678 		shortfall = (size_t)(request_end - shadow_end);
12679 
12680 		if (shortfall > orig_bp->b_bcount) {
12681 			/*
12682 			 * We did not get enough data to even partially
12683 			 * fulfill the original request.  The residual is
12684 			 * equal to the amount requested.
12685 			 */
12686 			orig_bp->b_resid = orig_bp->b_bcount;
12687 		} else {
12688 			/*
12689 			 * We did not get all the data that we requested
12690 			 * from the device, but we will try to return what
12691 			 * portion we did get.
12692 			 */
12693 			orig_bp->b_resid = shortfall;
12694 		}
12695 		ASSERT(copy_length >= orig_bp->b_resid);
12696 		copy_length  -= orig_bp->b_resid;
12697 	}
12698 
12699 	/* Propagate the error code from the shadow buf to the original buf */
12700 	bioerror(orig_bp, bp->b_error);
12701 
12702 	if (is_write) {
12703 		goto freebuf_done;	/* No data copying for a WRITE */
12704 	}
12705 
12706 	if (has_wmap) {
12707 		/*
12708 		 * This is a READ command from the READ phase of a
12709 		 * read-modify-write request. We have to copy the data given
12710 		 * by the user OVER the data returned by the READ command,
12711 		 * then convert the command from a READ to a WRITE and send
12712 		 * it back to the target.
12713 		 */
12714 		bcopy(orig_bp->b_un.b_addr, bp->b_un.b_addr + copy_offset,
12715 		    copy_length);
12716 
12717 		bp->b_flags &= ~((int)B_READ);	/* Convert to a WRITE */
12718 
12719 		/*
12720 		 * Dispatch the WRITE command to the taskq thread, which
12721 		 * will in turn send the command to the target. When the
12722 		 * WRITE command completes, we (sd_mapblocksize_iodone())
12723 		 * will get called again as part of the iodone chain
12724 		 * processing for it. Note that we will still be dealing
12725 		 * with the shadow buf at that point.
12726 		 */
12727 		if (taskq_dispatch(sd_wmr_tq, sd_read_modify_write_task, bp,
12728 		    KM_NOSLEEP) != 0) {
12729 			/*
12730 			 * Dispatch was successful so we are done. Return
12731 			 * without going any higher up the iodone chain. Do
12732 			 * not free up any layer-private data until after the
12733 			 * WRITE completes.
12734 			 */
12735 			return;
12736 		}
12737 
12738 		/*
12739 		 * Dispatch of the WRITE command failed; set up the error
12740 		 * condition and send this IO back up the iodone chain.
12741 		 */
12742 		bioerror(orig_bp, EIO);
12743 		orig_bp->b_resid = orig_bp->b_bcount;
12744 
12745 	} else {
12746 		/*
12747 		 * This is a regular READ request (ie, not a RMW). Copy the
12748 		 * data from the shadow buf into the original buf. The
12749 		 * copy_offset compensates for any "misalignment" between the
12750 		 * shadow buf (with its un->un_tgt_blocksize blocks) and the
12751 		 * original buf (with its un->un_sys_blocksize blocks).
12752 		 */
12753 		bcopy(bp->b_un.b_addr + copy_offset, orig_bp->b_un.b_addr,
12754 		    copy_length);
12755 	}
12756 
12757 freebuf_done:
12758 
12759 	/*
12760 	 * At this point we still have both the shadow buf AND the original
12761 	 * buf to deal with, as well as the layer-private data area in each.
12762 	 * Local variables are as follows:
12763 	 *
12764 	 * bp -- points to shadow buf
12765 	 * xp -- points to xbuf of shadow buf
12766 	 * bsp -- points to layer-private data area of shadow buf
12767 	 * orig_bp -- points to original buf
12768 	 *
12769 	 * First free the shadow buf and its associated xbuf, then free the
12770 	 * layer-private data area from the shadow buf. There is no need to
12771 	 * restore xb_private in the shadow xbuf.
12772 	 */
12773 	sd_shadow_buf_free(bp);
12774 	kmem_free(bsp, sizeof (struct sd_mapblocksize_info));
12775 
12776 	/*
12777 	 * Now update the local variables to point to the original buf, xbuf,
12778 	 * and layer-private area.
12779 	 */
12780 	bp = orig_bp;
12781 	xp = SD_GET_XBUF(bp);
12782 	ASSERT(xp != NULL);
12783 	ASSERT(xp == orig_xp);
12784 	bsp = xp->xb_private;
12785 	ASSERT(bsp != NULL);
12786 
12787 done:
12788 	/*
12789 	 * Restore xb_private to whatever it was set to by the next higher
12790 	 * layer in the chain, then free the layer-private data area.
12791 	 */
12792 	xp->xb_private = bsp->mbs_oprivate;
12793 	kmem_free(bsp, sizeof (struct sd_mapblocksize_info));
12794 
12795 exit:
12796 	SD_TRACE(SD_LOG_IO_RMMEDIA, SD_GET_UN(bp),
12797 	    "sd_mapblocksize_iodone: calling SD_NEXT_IODONE: buf:0x%p\n", bp);
12798 
12799 	SD_NEXT_IODONE(index, un, bp);
12800 }
12801 
12802 
12803 /*
12804  *    Function: sd_checksum_iostart
12805  *
12806  * Description: A stub function for a layer that's currently not used.
12807  *		For now just a placeholder.
12808  *
12809  *     Context: Kernel thread context
12810  */
12811 
12812 static void
12813 sd_checksum_iostart(int index, struct sd_lun *un, struct buf *bp)
12814 {
12815 	ASSERT(un != NULL);
12816 	ASSERT(bp != NULL);
12817 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12818 	SD_NEXT_IOSTART(index, un, bp);
12819 }
12820 
12821 
12822 /*
12823  *    Function: sd_checksum_iodone
12824  *
12825  * Description: A stub function for a layer that's currently not used.
12826  *		For now just a placeholder.
12827  *
12828  *     Context: May be called under interrupt context
12829  */
12830 
12831 static void
12832 sd_checksum_iodone(int index, struct sd_lun *un, struct buf *bp)
12833 {
12834 	ASSERT(un != NULL);
12835 	ASSERT(bp != NULL);
12836 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12837 	SD_NEXT_IODONE(index, un, bp);
12838 }
12839 
12840 
12841 /*
12842  *    Function: sd_checksum_uscsi_iostart
12843  *
12844  * Description: A stub function for a layer that's currently not used.
12845  *		For now just a placeholder.
12846  *
12847  *     Context: Kernel thread context
12848  */
12849 
12850 static void
12851 sd_checksum_uscsi_iostart(int index, struct sd_lun *un, struct buf *bp)
12852 {
12853 	ASSERT(un != NULL);
12854 	ASSERT(bp != NULL);
12855 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12856 	SD_NEXT_IOSTART(index, un, bp);
12857 }
12858 
12859 
12860 /*
12861  *    Function: sd_checksum_uscsi_iodone
12862  *
12863  * Description: A stub function for a layer that's currently not used.
12864  *		For now just a placeholder.
12865  *
12866  *     Context: May be called under interrupt context
12867  */
12868 
12869 static void
12870 sd_checksum_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp)
12871 {
12872 	ASSERT(un != NULL);
12873 	ASSERT(bp != NULL);
12874 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12875 	SD_NEXT_IODONE(index, un, bp);
12876 }
12877 
12878 
12879 /*
12880  *    Function: sd_pm_iostart
12881  *
12882  * Description: iostart-side routine for Power mangement.
12883  *
12884  *     Context: Kernel thread context
12885  */
12886 
12887 static void
12888 sd_pm_iostart(int index, struct sd_lun *un, struct buf *bp)
12889 {
12890 	ASSERT(un != NULL);
12891 	ASSERT(bp != NULL);
12892 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12893 	ASSERT(!mutex_owned(&un->un_pm_mutex));
12894 
12895 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: entry\n");
12896 
12897 	if (sd_pm_entry(un) != DDI_SUCCESS) {
12898 		/*
12899 		 * Set up to return the failed buf back up the 'iodone'
12900 		 * side of the calling chain.
12901 		 */
12902 		bioerror(bp, EIO);
12903 		bp->b_resid = bp->b_bcount;
12904 
12905 		SD_BEGIN_IODONE(index, un, bp);
12906 
12907 		SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: exit\n");
12908 		return;
12909 	}
12910 
12911 	SD_NEXT_IOSTART(index, un, bp);
12912 
12913 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: exit\n");
12914 }
12915 
12916 
12917 /*
12918  *    Function: sd_pm_iodone
12919  *
12920  * Description: iodone-side routine for power mangement.
12921  *
12922  *     Context: may be called from interrupt context
12923  */
12924 
12925 static void
12926 sd_pm_iodone(int index, struct sd_lun *un, struct buf *bp)
12927 {
12928 	ASSERT(un != NULL);
12929 	ASSERT(bp != NULL);
12930 	ASSERT(!mutex_owned(&un->un_pm_mutex));
12931 
12932 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iodone: entry\n");
12933 
12934 	/*
12935 	 * After attach the following flag is only read, so don't
12936 	 * take the penalty of acquiring a mutex for it.
12937 	 */
12938 	if (un->un_f_pm_is_enabled == TRUE) {
12939 		sd_pm_exit(un);
12940 	}
12941 
12942 	SD_NEXT_IODONE(index, un, bp);
12943 
12944 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iodone: exit\n");
12945 }
12946 
12947 
12948 /*
12949  *    Function: sd_core_iostart
12950  *
12951  * Description: Primary driver function for enqueuing buf(9S) structs from
12952  *		the system and initiating IO to the target device
12953  *
12954  *     Context: Kernel thread context. Can sleep.
12955  *
12956  * Assumptions:  - The given xp->xb_blkno is absolute
12957  *		   (ie, relative to the start of the device).
12958  *		 - The IO is to be done using the native blocksize of
12959  *		   the device, as specified in un->un_tgt_blocksize.
12960  */
12961 /* ARGSUSED */
12962 static void
12963 sd_core_iostart(int index, struct sd_lun *un, struct buf *bp)
12964 {
12965 	struct sd_xbuf *xp;
12966 
12967 	ASSERT(un != NULL);
12968 	ASSERT(bp != NULL);
12969 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12970 	ASSERT(bp->b_resid == 0);
12971 
12972 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_core_iostart: entry: bp:0x%p\n", bp);
12973 
12974 	xp = SD_GET_XBUF(bp);
12975 	ASSERT(xp != NULL);
12976 
12977 	mutex_enter(SD_MUTEX(un));
12978 
12979 	/*
12980 	 * If we are currently in the failfast state, fail any new IO
12981 	 * that has B_FAILFAST set, then return.
12982 	 */
12983 	if ((bp->b_flags & B_FAILFAST) &&
12984 	    (un->un_failfast_state == SD_FAILFAST_ACTIVE)) {
12985 		mutex_exit(SD_MUTEX(un));
12986 		bioerror(bp, EIO);
12987 		bp->b_resid = bp->b_bcount;
12988 		SD_BEGIN_IODONE(index, un, bp);
12989 		return;
12990 	}
12991 
12992 	if (SD_IS_DIRECT_PRIORITY(xp)) {
12993 		/*
12994 		 * Priority command -- transport it immediately.
12995 		 *
12996 		 * Note: We may want to assert that USCSI_DIAGNOSE is set,
12997 		 * because all direct priority commands should be associated
12998 		 * with error recovery actions which we don't want to retry.
12999 		 */
13000 		sd_start_cmds(un, bp);
13001 	} else {
13002 		/*
13003 		 * Normal command -- add it to the wait queue, then start
13004 		 * transporting commands from the wait queue.
13005 		 */
13006 		sd_add_buf_to_waitq(un, bp);
13007 		SD_UPDATE_KSTATS(un, kstat_waitq_enter, bp);
13008 		sd_start_cmds(un, NULL);
13009 	}
13010 
13011 	mutex_exit(SD_MUTEX(un));
13012 
13013 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_core_iostart: exit: bp:0x%p\n", bp);
13014 }
13015 
13016 
13017 /*
13018  *    Function: sd_init_cdb_limits
13019  *
13020  * Description: This is to handle scsi_pkt initialization differences
13021  *		between the driver platforms.
13022  *
13023  *		Legacy behaviors:
13024  *
13025  *		If the block number or the sector count exceeds the
13026  *		capabilities of a Group 0 command, shift over to a
13027  *		Group 1 command. We don't blindly use Group 1
13028  *		commands because a) some drives (CDC Wren IVs) get a
13029  *		bit confused, and b) there is probably a fair amount
13030  *		of speed difference for a target to receive and decode
13031  *		a 10 byte command instead of a 6 byte command.
13032  *
13033  *		The xfer time difference of 6 vs 10 byte CDBs is
13034  *		still significant so this code is still worthwhile.
13035  *		10 byte CDBs are very inefficient with the fas HBA driver
13036  *		and older disks. Each CDB byte took 1 usec with some
13037  *		popular disks.
13038  *
13039  *     Context: Must be called at attach time
13040  */
13041 
13042 static void
13043 sd_init_cdb_limits(struct sd_lun *un)
13044 {
13045 	int hba_cdb_limit;
13046 
13047 	/*
13048 	 * Use CDB_GROUP1 commands for most devices except for
13049 	 * parallel SCSI fixed drives in which case we get better
13050 	 * performance using CDB_GROUP0 commands (where applicable).
13051 	 */
13052 	un->un_mincdb = SD_CDB_GROUP1;
13053 #if !defined(__fibre)
13054 	if (!un->un_f_is_fibre && !un->un_f_cfg_is_atapi && !ISROD(un) &&
13055 	    !un->un_f_has_removable_media) {
13056 		un->un_mincdb = SD_CDB_GROUP0;
13057 	}
13058 #endif
13059 
13060 	/*
13061 	 * Try to read the max-cdb-length supported by HBA.
13062 	 */
13063 	un->un_max_hba_cdb = scsi_ifgetcap(SD_ADDRESS(un), "max-cdb-length", 1);
13064 	if (0 >= un->un_max_hba_cdb) {
13065 		un->un_max_hba_cdb = CDB_GROUP4;
13066 		hba_cdb_limit = SD_CDB_GROUP4;
13067 	} else if (0 < un->un_max_hba_cdb &&
13068 	    un->un_max_hba_cdb < CDB_GROUP1) {
13069 		hba_cdb_limit = SD_CDB_GROUP0;
13070 	} else if (CDB_GROUP1 <= un->un_max_hba_cdb &&
13071 	    un->un_max_hba_cdb < CDB_GROUP5) {
13072 		hba_cdb_limit = SD_CDB_GROUP1;
13073 	} else if (CDB_GROUP5 <= un->un_max_hba_cdb &&
13074 	    un->un_max_hba_cdb < CDB_GROUP4) {
13075 		hba_cdb_limit = SD_CDB_GROUP5;
13076 	} else {
13077 		hba_cdb_limit = SD_CDB_GROUP4;
13078 	}
13079 
13080 	/*
13081 	 * Use CDB_GROUP5 commands for removable devices.  Use CDB_GROUP4
13082 	 * commands for fixed disks unless we are building for a 32 bit
13083 	 * kernel.
13084 	 */
13085 #ifdef _LP64
13086 	un->un_maxcdb = (un->un_f_has_removable_media) ? SD_CDB_GROUP5 :
13087 	    min(hba_cdb_limit, SD_CDB_GROUP4);
13088 #else
13089 	un->un_maxcdb = (un->un_f_has_removable_media) ? SD_CDB_GROUP5 :
13090 	    min(hba_cdb_limit, SD_CDB_GROUP1);
13091 #endif
13092 
13093 	/*
13094 	 * x86 systems require the PKT_DMA_PARTIAL flag
13095 	 */
13096 #if defined(__x86)
13097 	un->un_pkt_flags = PKT_DMA_PARTIAL;
13098 #else
13099 	un->un_pkt_flags = 0;
13100 #endif
13101 
13102 	un->un_status_len = (int)((un->un_f_arq_enabled == TRUE)
13103 	    ? sizeof (struct scsi_arq_status) : 1);
13104 	un->un_cmd_timeout = (ushort_t)sd_io_time;
13105 	un->un_uscsi_timeout = ((ISCD(un)) ? 2 : 1) * un->un_cmd_timeout;
13106 }
13107 
13108 
13109 /*
13110  *    Function: sd_initpkt_for_buf
13111  *
13112  * Description: Allocate and initialize for transport a scsi_pkt struct,
13113  *		based upon the info specified in the given buf struct.
13114  *
13115  *		Assumes the xb_blkno in the request is absolute (ie,
13116  *		relative to the start of the device (NOT partition!).
13117  *		Also assumes that the request is using the native block
13118  *		size of the device (as returned by the READ CAPACITY
13119  *		command).
13120  *
13121  * Return Code: SD_PKT_ALLOC_SUCCESS
13122  *		SD_PKT_ALLOC_FAILURE
13123  *		SD_PKT_ALLOC_FAILURE_NO_DMA
13124  *		SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13125  *
13126  *     Context: Kernel thread and may be called from software interrupt context
13127  *		as part of a sdrunout callback. This function may not block or
13128  *		call routines that block
13129  */
13130 
13131 static int
13132 sd_initpkt_for_buf(struct buf *bp, struct scsi_pkt **pktpp)
13133 {
13134 	struct sd_xbuf	*xp;
13135 	struct scsi_pkt *pktp = NULL;
13136 	struct sd_lun	*un;
13137 	size_t		blockcount;
13138 	daddr_t		startblock;
13139 	int		rval;
13140 	int		cmd_flags;
13141 
13142 	ASSERT(bp != NULL);
13143 	ASSERT(pktpp != NULL);
13144 	xp = SD_GET_XBUF(bp);
13145 	ASSERT(xp != NULL);
13146 	un = SD_GET_UN(bp);
13147 	ASSERT(un != NULL);
13148 	ASSERT(mutex_owned(SD_MUTEX(un)));
13149 	ASSERT(bp->b_resid == 0);
13150 
13151 	SD_TRACE(SD_LOG_IO_CORE, un,
13152 	    "sd_initpkt_for_buf: entry: buf:0x%p\n", bp);
13153 
13154 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13155 	if (xp->xb_pkt_flags & SD_XB_DMA_FREED) {
13156 		/*
13157 		 * Already have a scsi_pkt -- just need DMA resources.
13158 		 * We must recompute the CDB in case the mapping returns
13159 		 * a nonzero pkt_resid.
13160 		 * Note: if this is a portion of a PKT_DMA_PARTIAL transfer
13161 		 * that is being retried, the unmap/remap of the DMA resouces
13162 		 * will result in the entire transfer starting over again
13163 		 * from the very first block.
13164 		 */
13165 		ASSERT(xp->xb_pktp != NULL);
13166 		pktp = xp->xb_pktp;
13167 	} else {
13168 		pktp = NULL;
13169 	}
13170 #endif /* __i386 || __amd64 */
13171 
13172 	startblock = xp->xb_blkno;	/* Absolute block num. */
13173 	blockcount = SD_BYTES2TGTBLOCKS(un, bp->b_bcount);
13174 
13175 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13176 
13177 	cmd_flags = un->un_pkt_flags | (xp->xb_pkt_flags & SD_XB_INITPKT_MASK);
13178 
13179 #else
13180 
13181 	cmd_flags = un->un_pkt_flags | xp->xb_pkt_flags;
13182 
13183 #endif
13184 
13185 	/*
13186 	 * sd_setup_rw_pkt will determine the appropriate CDB group to use,
13187 	 * call scsi_init_pkt, and build the CDB.
13188 	 */
13189 	rval = sd_setup_rw_pkt(un, &pktp, bp,
13190 	    cmd_flags, sdrunout, (caddr_t)un,
13191 	    startblock, blockcount);
13192 
13193 	if (rval == 0) {
13194 		/*
13195 		 * Success.
13196 		 *
13197 		 * If partial DMA is being used and required for this transfer.
13198 		 * set it up here.
13199 		 */
13200 		if ((un->un_pkt_flags & PKT_DMA_PARTIAL) != 0 &&
13201 		    (pktp->pkt_resid != 0)) {
13202 
13203 			/*
13204 			 * Save the CDB length and pkt_resid for the
13205 			 * next xfer
13206 			 */
13207 			xp->xb_dma_resid = pktp->pkt_resid;
13208 
13209 			/* rezero resid */
13210 			pktp->pkt_resid = 0;
13211 
13212 		} else {
13213 			xp->xb_dma_resid = 0;
13214 		}
13215 
13216 		pktp->pkt_flags = un->un_tagflags;
13217 		pktp->pkt_time  = un->un_cmd_timeout;
13218 		pktp->pkt_comp  = sdintr;
13219 
13220 		pktp->pkt_private = bp;
13221 		*pktpp = pktp;
13222 
13223 		SD_TRACE(SD_LOG_IO_CORE, un,
13224 		    "sd_initpkt_for_buf: exit: buf:0x%p\n", bp);
13225 
13226 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13227 		xp->xb_pkt_flags &= ~SD_XB_DMA_FREED;
13228 #endif
13229 
13230 		return (SD_PKT_ALLOC_SUCCESS);
13231 
13232 	}
13233 
13234 	/*
13235 	 * SD_PKT_ALLOC_FAILURE is the only expected failure code
13236 	 * from sd_setup_rw_pkt.
13237 	 */
13238 	ASSERT(rval == SD_PKT_ALLOC_FAILURE);
13239 
13240 	if (rval == SD_PKT_ALLOC_FAILURE) {
13241 		*pktpp = NULL;
13242 		/*
13243 		 * Set the driver state to RWAIT to indicate the driver
13244 		 * is waiting on resource allocations. The driver will not
13245 		 * suspend, pm_suspend, or detatch while the state is RWAIT.
13246 		 */
13247 		New_state(un, SD_STATE_RWAIT);
13248 
13249 		SD_ERROR(SD_LOG_IO_CORE, un,
13250 		    "sd_initpkt_for_buf: No pktp. exit bp:0x%p\n", bp);
13251 
13252 		if ((bp->b_flags & B_ERROR) != 0) {
13253 			return (SD_PKT_ALLOC_FAILURE_NO_DMA);
13254 		}
13255 		return (SD_PKT_ALLOC_FAILURE);
13256 	} else {
13257 		/*
13258 		 * PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13259 		 *
13260 		 * This should never happen.  Maybe someone messed with the
13261 		 * kernel's minphys?
13262 		 */
13263 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13264 		    "Request rejected: too large for CDB: "
13265 		    "lba:0x%08lx  len:0x%08lx\n", startblock, blockcount);
13266 		SD_ERROR(SD_LOG_IO_CORE, un,
13267 		    "sd_initpkt_for_buf: No cp. exit bp:0x%p\n", bp);
13268 		return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13269 
13270 	}
13271 }
13272 
13273 
13274 /*
13275  *    Function: sd_destroypkt_for_buf
13276  *
13277  * Description: Free the scsi_pkt(9S) for the given bp (buf IO processing).
13278  *
13279  *     Context: Kernel thread or interrupt context
13280  */
13281 
13282 static void
13283 sd_destroypkt_for_buf(struct buf *bp)
13284 {
13285 	ASSERT(bp != NULL);
13286 	ASSERT(SD_GET_UN(bp) != NULL);
13287 
13288 	SD_TRACE(SD_LOG_IO_CORE, SD_GET_UN(bp),
13289 	    "sd_destroypkt_for_buf: entry: buf:0x%p\n", bp);
13290 
13291 	ASSERT(SD_GET_PKTP(bp) != NULL);
13292 	scsi_destroy_pkt(SD_GET_PKTP(bp));
13293 
13294 	SD_TRACE(SD_LOG_IO_CORE, SD_GET_UN(bp),
13295 	    "sd_destroypkt_for_buf: exit: buf:0x%p\n", bp);
13296 }
13297 
13298 /*
13299  *    Function: sd_setup_rw_pkt
13300  *
13301  * Description: Determines appropriate CDB group for the requested LBA
13302  *		and transfer length, calls scsi_init_pkt, and builds
13303  *		the CDB.  Do not use for partial DMA transfers except
13304  *		for the initial transfer since the CDB size must
13305  *		remain constant.
13306  *
13307  *     Context: Kernel thread and may be called from software interrupt
13308  *		context as part of a sdrunout callback. This function may not
13309  *		block or call routines that block
13310  */
13311 
13312 
13313 int
13314 sd_setup_rw_pkt(struct sd_lun *un,
13315     struct scsi_pkt **pktpp, struct buf *bp, int flags,
13316     int (*callback)(caddr_t), caddr_t callback_arg,
13317     diskaddr_t lba, uint32_t blockcount)
13318 {
13319 	struct scsi_pkt *return_pktp;
13320 	union scsi_cdb *cdbp;
13321 	struct sd_cdbinfo *cp = NULL;
13322 	int i;
13323 
13324 	/*
13325 	 * See which size CDB to use, based upon the request.
13326 	 */
13327 	for (i = un->un_mincdb; i <= un->un_maxcdb; i++) {
13328 
13329 		/*
13330 		 * Check lba and block count against sd_cdbtab limits.
13331 		 * In the partial DMA case, we have to use the same size
13332 		 * CDB for all the transfers.  Check lba + blockcount
13333 		 * against the max LBA so we know that segment of the
13334 		 * transfer can use the CDB we select.
13335 		 */
13336 		if ((lba + blockcount - 1 <= sd_cdbtab[i].sc_maxlba) &&
13337 		    (blockcount <= sd_cdbtab[i].sc_maxlen)) {
13338 
13339 			/*
13340 			 * The command will fit into the CDB type
13341 			 * specified by sd_cdbtab[i].
13342 			 */
13343 			cp = sd_cdbtab + i;
13344 
13345 			/*
13346 			 * Call scsi_init_pkt so we can fill in the
13347 			 * CDB.
13348 			 */
13349 			return_pktp = scsi_init_pkt(SD_ADDRESS(un), *pktpp,
13350 			    bp, cp->sc_grpcode, un->un_status_len, 0,
13351 			    flags, callback, callback_arg);
13352 
13353 			if (return_pktp != NULL) {
13354 
13355 				/*
13356 				 * Return new value of pkt
13357 				 */
13358 				*pktpp = return_pktp;
13359 
13360 				/*
13361 				 * To be safe, zero the CDB insuring there is
13362 				 * no leftover data from a previous command.
13363 				 */
13364 				bzero(return_pktp->pkt_cdbp, cp->sc_grpcode);
13365 
13366 				/*
13367 				 * Handle partial DMA mapping
13368 				 */
13369 				if (return_pktp->pkt_resid != 0) {
13370 
13371 					/*
13372 					 * Not going to xfer as many blocks as
13373 					 * originally expected
13374 					 */
13375 					blockcount -=
13376 					    SD_BYTES2TGTBLOCKS(un,
13377 						return_pktp->pkt_resid);
13378 				}
13379 
13380 				cdbp = (union scsi_cdb *)return_pktp->pkt_cdbp;
13381 
13382 				/*
13383 				 * Set command byte based on the CDB
13384 				 * type we matched.
13385 				 */
13386 				cdbp->scc_cmd = cp->sc_grpmask |
13387 				    ((bp->b_flags & B_READ) ?
13388 					SCMD_READ : SCMD_WRITE);
13389 
13390 				SD_FILL_SCSI1_LUN(un, return_pktp);
13391 
13392 				/*
13393 				 * Fill in LBA and length
13394 				 */
13395 				ASSERT((cp->sc_grpcode == CDB_GROUP1) ||
13396 				    (cp->sc_grpcode == CDB_GROUP4) ||
13397 				    (cp->sc_grpcode == CDB_GROUP0) ||
13398 				    (cp->sc_grpcode == CDB_GROUP5));
13399 
13400 				if (cp->sc_grpcode == CDB_GROUP1) {
13401 					FORMG1ADDR(cdbp, lba);
13402 					FORMG1COUNT(cdbp, blockcount);
13403 					return (0);
13404 				} else if (cp->sc_grpcode == CDB_GROUP4) {
13405 					FORMG4LONGADDR(cdbp, lba);
13406 					FORMG4COUNT(cdbp, blockcount);
13407 					return (0);
13408 				} else if (cp->sc_grpcode == CDB_GROUP0) {
13409 					FORMG0ADDR(cdbp, lba);
13410 					FORMG0COUNT(cdbp, blockcount);
13411 					return (0);
13412 				} else if (cp->sc_grpcode == CDB_GROUP5) {
13413 					FORMG5ADDR(cdbp, lba);
13414 					FORMG5COUNT(cdbp, blockcount);
13415 					return (0);
13416 				}
13417 
13418 				/*
13419 				 * It should be impossible to not match one
13420 				 * of the CDB types above, so we should never
13421 				 * reach this point.  Set the CDB command byte
13422 				 * to test-unit-ready to avoid writing
13423 				 * to somewhere we don't intend.
13424 				 */
13425 				cdbp->scc_cmd = SCMD_TEST_UNIT_READY;
13426 				return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13427 			} else {
13428 				/*
13429 				 * Couldn't get scsi_pkt
13430 				 */
13431 				return (SD_PKT_ALLOC_FAILURE);
13432 			}
13433 		}
13434 	}
13435 
13436 	/*
13437 	 * None of the available CDB types were suitable.  This really
13438 	 * should never happen:  on a 64 bit system we support
13439 	 * READ16/WRITE16 which will hold an entire 64 bit disk address
13440 	 * and on a 32 bit system we will refuse to bind to a device
13441 	 * larger than 2TB so addresses will never be larger than 32 bits.
13442 	 */
13443 	return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13444 }
13445 
13446 #if defined(__i386) || defined(__amd64)
13447 /*
13448  *    Function: sd_setup_next_rw_pkt
13449  *
13450  * Description: Setup packet for partial DMA transfers, except for the
13451  * 		initial transfer.  sd_setup_rw_pkt should be used for
13452  *		the initial transfer.
13453  *
13454  *     Context: Kernel thread and may be called from interrupt context.
13455  */
13456 
13457 int
13458 sd_setup_next_rw_pkt(struct sd_lun *un,
13459     struct scsi_pkt *pktp, struct buf *bp,
13460     diskaddr_t lba, uint32_t blockcount)
13461 {
13462 	uchar_t com;
13463 	union scsi_cdb *cdbp;
13464 	uchar_t cdb_group_id;
13465 
13466 	ASSERT(pktp != NULL);
13467 	ASSERT(pktp->pkt_cdbp != NULL);
13468 
13469 	cdbp = (union scsi_cdb *)pktp->pkt_cdbp;
13470 	com = cdbp->scc_cmd;
13471 	cdb_group_id = CDB_GROUPID(com);
13472 
13473 	ASSERT((cdb_group_id == CDB_GROUPID_0) ||
13474 	    (cdb_group_id == CDB_GROUPID_1) ||
13475 	    (cdb_group_id == CDB_GROUPID_4) ||
13476 	    (cdb_group_id == CDB_GROUPID_5));
13477 
13478 	/*
13479 	 * Move pkt to the next portion of the xfer.
13480 	 * func is NULL_FUNC so we do not have to release
13481 	 * the disk mutex here.
13482 	 */
13483 	if (scsi_init_pkt(SD_ADDRESS(un), pktp, bp, 0, 0, 0, 0,
13484 	    NULL_FUNC, NULL) == pktp) {
13485 		/* Success.  Handle partial DMA */
13486 		if (pktp->pkt_resid != 0) {
13487 			blockcount -=
13488 			    SD_BYTES2TGTBLOCKS(un, pktp->pkt_resid);
13489 		}
13490 
13491 		cdbp->scc_cmd = com;
13492 		SD_FILL_SCSI1_LUN(un, pktp);
13493 		if (cdb_group_id == CDB_GROUPID_1) {
13494 			FORMG1ADDR(cdbp, lba);
13495 			FORMG1COUNT(cdbp, blockcount);
13496 			return (0);
13497 		} else if (cdb_group_id == CDB_GROUPID_4) {
13498 			FORMG4LONGADDR(cdbp, lba);
13499 			FORMG4COUNT(cdbp, blockcount);
13500 			return (0);
13501 		} else if (cdb_group_id == CDB_GROUPID_0) {
13502 			FORMG0ADDR(cdbp, lba);
13503 			FORMG0COUNT(cdbp, blockcount);
13504 			return (0);
13505 		} else if (cdb_group_id == CDB_GROUPID_5) {
13506 			FORMG5ADDR(cdbp, lba);
13507 			FORMG5COUNT(cdbp, blockcount);
13508 			return (0);
13509 		}
13510 
13511 		/* Unreachable */
13512 		return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13513 	}
13514 
13515 	/*
13516 	 * Error setting up next portion of cmd transfer.
13517 	 * Something is definitely very wrong and this
13518 	 * should not happen.
13519 	 */
13520 	return (SD_PKT_ALLOC_FAILURE);
13521 }
13522 #endif /* defined(__i386) || defined(__amd64) */
13523 
13524 /*
13525  *    Function: sd_initpkt_for_uscsi
13526  *
13527  * Description: Allocate and initialize for transport a scsi_pkt struct,
13528  *		based upon the info specified in the given uscsi_cmd struct.
13529  *
13530  * Return Code: SD_PKT_ALLOC_SUCCESS
13531  *		SD_PKT_ALLOC_FAILURE
13532  *		SD_PKT_ALLOC_FAILURE_NO_DMA
13533  *		SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13534  *
13535  *     Context: Kernel thread and may be called from software interrupt context
13536  *		as part of a sdrunout callback. This function may not block or
13537  *		call routines that block
13538  */
13539 
13540 static int
13541 sd_initpkt_for_uscsi(struct buf *bp, struct scsi_pkt **pktpp)
13542 {
13543 	struct uscsi_cmd *uscmd;
13544 	struct sd_xbuf	*xp;
13545 	struct scsi_pkt	*pktp;
13546 	struct sd_lun	*un;
13547 	uint32_t	flags = 0;
13548 
13549 	ASSERT(bp != NULL);
13550 	ASSERT(pktpp != NULL);
13551 	xp = SD_GET_XBUF(bp);
13552 	ASSERT(xp != NULL);
13553 	un = SD_GET_UN(bp);
13554 	ASSERT(un != NULL);
13555 	ASSERT(mutex_owned(SD_MUTEX(un)));
13556 
13557 	/* The pointer to the uscsi_cmd struct is expected in xb_pktinfo */
13558 	uscmd = (struct uscsi_cmd *)xp->xb_pktinfo;
13559 	ASSERT(uscmd != NULL);
13560 
13561 	SD_TRACE(SD_LOG_IO_CORE, un,
13562 	    "sd_initpkt_for_uscsi: entry: buf:0x%p\n", bp);
13563 
13564 	/*
13565 	 * Allocate the scsi_pkt for the command.
13566 	 * Note: If PKT_DMA_PARTIAL flag is set, scsi_vhci binds a path
13567 	 *	 during scsi_init_pkt time and will continue to use the
13568 	 *	 same path as long as the same scsi_pkt is used without
13569 	 *	 intervening scsi_dma_free(). Since uscsi command does
13570 	 *	 not call scsi_dmafree() before retry failed command, it
13571 	 *	 is necessary to make sure PKT_DMA_PARTIAL flag is NOT
13572 	 *	 set such that scsi_vhci can use other available path for
13573 	 *	 retry. Besides, ucsci command does not allow DMA breakup,
13574 	 *	 so there is no need to set PKT_DMA_PARTIAL flag.
13575 	 */
13576 	pktp = scsi_init_pkt(SD_ADDRESS(un), NULL,
13577 	    ((bp->b_bcount != 0) ? bp : NULL), uscmd->uscsi_cdblen,
13578 	    sizeof (struct scsi_arq_status), 0,
13579 	    (un->un_pkt_flags & ~PKT_DMA_PARTIAL),
13580 	    sdrunout, (caddr_t)un);
13581 
13582 	if (pktp == NULL) {
13583 		*pktpp = NULL;
13584 		/*
13585 		 * Set the driver state to RWAIT to indicate the driver
13586 		 * is waiting on resource allocations. The driver will not
13587 		 * suspend, pm_suspend, or detatch while the state is RWAIT.
13588 		 */
13589 		New_state(un, SD_STATE_RWAIT);
13590 
13591 		SD_ERROR(SD_LOG_IO_CORE, un,
13592 		    "sd_initpkt_for_uscsi: No pktp. exit bp:0x%p\n", bp);
13593 
13594 		if ((bp->b_flags & B_ERROR) != 0) {
13595 			return (SD_PKT_ALLOC_FAILURE_NO_DMA);
13596 		}
13597 		return (SD_PKT_ALLOC_FAILURE);
13598 	}
13599 
13600 	/*
13601 	 * We do not do DMA breakup for USCSI commands, so return failure
13602 	 * here if all the needed DMA resources were not allocated.
13603 	 */
13604 	if ((un->un_pkt_flags & PKT_DMA_PARTIAL) &&
13605 	    (bp->b_bcount != 0) && (pktp->pkt_resid != 0)) {
13606 		scsi_destroy_pkt(pktp);
13607 		SD_ERROR(SD_LOG_IO_CORE, un, "sd_initpkt_for_uscsi: "
13608 		    "No partial DMA for USCSI. exit: buf:0x%p\n", bp);
13609 		return (SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL);
13610 	}
13611 
13612 	/* Init the cdb from the given uscsi struct */
13613 	(void) scsi_setup_cdb((union scsi_cdb *)pktp->pkt_cdbp,
13614 	    uscmd->uscsi_cdb[0], 0, 0, 0);
13615 
13616 	SD_FILL_SCSI1_LUN(un, pktp);
13617 
13618 	/*
13619 	 * Set up the optional USCSI flags. See the uscsi (7I) man page
13620 	 * for listing of the supported flags.
13621 	 */
13622 
13623 	if (uscmd->uscsi_flags & USCSI_SILENT) {
13624 		flags |= FLAG_SILENT;
13625 	}
13626 
13627 	if (uscmd->uscsi_flags & USCSI_DIAGNOSE) {
13628 		flags |= FLAG_DIAGNOSE;
13629 	}
13630 
13631 	if (uscmd->uscsi_flags & USCSI_ISOLATE) {
13632 		flags |= FLAG_ISOLATE;
13633 	}
13634 
13635 	if (un->un_f_is_fibre == FALSE) {
13636 		if (uscmd->uscsi_flags & USCSI_RENEGOT) {
13637 			flags |= FLAG_RENEGOTIATE_WIDE_SYNC;
13638 		}
13639 	}
13640 
13641 	/*
13642 	 * Set the pkt flags here so we save time later.
13643 	 * Note: These flags are NOT in the uscsi man page!!!
13644 	 */
13645 	if (uscmd->uscsi_flags & USCSI_HEAD) {
13646 		flags |= FLAG_HEAD;
13647 	}
13648 
13649 	if (uscmd->uscsi_flags & USCSI_NOINTR) {
13650 		flags |= FLAG_NOINTR;
13651 	}
13652 
13653 	/*
13654 	 * For tagged queueing, things get a bit complicated.
13655 	 * Check first for head of queue and last for ordered queue.
13656 	 * If neither head nor order, use the default driver tag flags.
13657 	 */
13658 	if ((uscmd->uscsi_flags & USCSI_NOTAG) == 0) {
13659 		if (uscmd->uscsi_flags & USCSI_HTAG) {
13660 			flags |= FLAG_HTAG;
13661 		} else if (uscmd->uscsi_flags & USCSI_OTAG) {
13662 			flags |= FLAG_OTAG;
13663 		} else {
13664 			flags |= un->un_tagflags & FLAG_TAGMASK;
13665 		}
13666 	}
13667 
13668 	if (uscmd->uscsi_flags & USCSI_NODISCON) {
13669 		flags = (flags & ~FLAG_TAGMASK) | FLAG_NODISCON;
13670 	}
13671 
13672 	pktp->pkt_flags = flags;
13673 
13674 	/* Copy the caller's CDB into the pkt... */
13675 	bcopy(uscmd->uscsi_cdb, pktp->pkt_cdbp, uscmd->uscsi_cdblen);
13676 
13677 	if (uscmd->uscsi_timeout == 0) {
13678 		pktp->pkt_time = un->un_uscsi_timeout;
13679 	} else {
13680 		pktp->pkt_time = uscmd->uscsi_timeout;
13681 	}
13682 
13683 	/* need it later to identify USCSI request in sdintr */
13684 	xp->xb_pkt_flags |= SD_XB_USCSICMD;
13685 
13686 	xp->xb_sense_resid = uscmd->uscsi_rqresid;
13687 
13688 	pktp->pkt_private = bp;
13689 	pktp->pkt_comp = sdintr;
13690 	*pktpp = pktp;
13691 
13692 	SD_TRACE(SD_LOG_IO_CORE, un,
13693 	    "sd_initpkt_for_uscsi: exit: buf:0x%p\n", bp);
13694 
13695 	return (SD_PKT_ALLOC_SUCCESS);
13696 }
13697 
13698 
13699 /*
13700  *    Function: sd_destroypkt_for_uscsi
13701  *
13702  * Description: Free the scsi_pkt(9S) struct for the given bp, for uscsi
13703  *		IOs.. Also saves relevant info into the associated uscsi_cmd
13704  *		struct.
13705  *
13706  *     Context: May be called under interrupt context
13707  */
13708 
13709 static void
13710 sd_destroypkt_for_uscsi(struct buf *bp)
13711 {
13712 	struct uscsi_cmd *uscmd;
13713 	struct sd_xbuf	*xp;
13714 	struct scsi_pkt	*pktp;
13715 	struct sd_lun	*un;
13716 
13717 	ASSERT(bp != NULL);
13718 	xp = SD_GET_XBUF(bp);
13719 	ASSERT(xp != NULL);
13720 	un = SD_GET_UN(bp);
13721 	ASSERT(un != NULL);
13722 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13723 	pktp = SD_GET_PKTP(bp);
13724 	ASSERT(pktp != NULL);
13725 
13726 	SD_TRACE(SD_LOG_IO_CORE, un,
13727 	    "sd_destroypkt_for_uscsi: entry: buf:0x%p\n", bp);
13728 
13729 	/* The pointer to the uscsi_cmd struct is expected in xb_pktinfo */
13730 	uscmd = (struct uscsi_cmd *)xp->xb_pktinfo;
13731 	ASSERT(uscmd != NULL);
13732 
13733 	/* Save the status and the residual into the uscsi_cmd struct */
13734 	uscmd->uscsi_status = ((*(pktp)->pkt_scbp) & STATUS_MASK);
13735 	uscmd->uscsi_resid  = bp->b_resid;
13736 
13737 	/*
13738 	 * If enabled, copy any saved sense data into the area specified
13739 	 * by the uscsi command.
13740 	 */
13741 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
13742 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
13743 		/*
13744 		 * Note: uscmd->uscsi_rqbuf should always point to a buffer
13745 		 * at least SENSE_LENGTH bytes in size (see sd_send_scsi_cmd())
13746 		 */
13747 		uscmd->uscsi_rqstatus = xp->xb_sense_status;
13748 		uscmd->uscsi_rqresid  = xp->xb_sense_resid;
13749 		bcopy(xp->xb_sense_data, uscmd->uscsi_rqbuf, SENSE_LENGTH);
13750 	}
13751 
13752 	/* We are done with the scsi_pkt; free it now */
13753 	ASSERT(SD_GET_PKTP(bp) != NULL);
13754 	scsi_destroy_pkt(SD_GET_PKTP(bp));
13755 
13756 	SD_TRACE(SD_LOG_IO_CORE, un,
13757 	    "sd_destroypkt_for_uscsi: exit: buf:0x%p\n", bp);
13758 }
13759 
13760 
13761 /*
13762  *    Function: sd_bioclone_alloc
13763  *
13764  * Description: Allocate a buf(9S) and init it as per the given buf
13765  *		and the various arguments.  The associated sd_xbuf
13766  *		struct is (nearly) duplicated.  The struct buf *bp
13767  *		argument is saved in new_xp->xb_private.
13768  *
13769  *   Arguments: bp - ptr the the buf(9S) to be "shadowed"
13770  *		datalen - size of data area for the shadow bp
13771  *		blkno - starting LBA
13772  *		func - function pointer for b_iodone in the shadow buf. (May
13773  *			be NULL if none.)
13774  *
13775  * Return Code: Pointer to allocates buf(9S) struct
13776  *
13777  *     Context: Can sleep.
13778  */
13779 
13780 static struct buf *
13781 sd_bioclone_alloc(struct buf *bp, size_t datalen,
13782 	daddr_t blkno, int (*func)(struct buf *))
13783 {
13784 	struct	sd_lun	*un;
13785 	struct	sd_xbuf	*xp;
13786 	struct	sd_xbuf	*new_xp;
13787 	struct	buf	*new_bp;
13788 
13789 	ASSERT(bp != NULL);
13790 	xp = SD_GET_XBUF(bp);
13791 	ASSERT(xp != NULL);
13792 	un = SD_GET_UN(bp);
13793 	ASSERT(un != NULL);
13794 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13795 
13796 	new_bp = bioclone(bp, 0, datalen, SD_GET_DEV(un), blkno, func,
13797 	    NULL, KM_SLEEP);
13798 
13799 	new_bp->b_lblkno	= blkno;
13800 
13801 	/*
13802 	 * Allocate an xbuf for the shadow bp and copy the contents of the
13803 	 * original xbuf into it.
13804 	 */
13805 	new_xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
13806 	bcopy(xp, new_xp, sizeof (struct sd_xbuf));
13807 
13808 	/*
13809 	 * The given bp is automatically saved in the xb_private member
13810 	 * of the new xbuf.  Callers are allowed to depend on this.
13811 	 */
13812 	new_xp->xb_private = bp;
13813 
13814 	new_bp->b_private  = new_xp;
13815 
13816 	return (new_bp);
13817 }
13818 
13819 /*
13820  *    Function: sd_shadow_buf_alloc
13821  *
13822  * Description: Allocate a buf(9S) and init it as per the given buf
13823  *		and the various arguments.  The associated sd_xbuf
13824  *		struct is (nearly) duplicated.  The struct buf *bp
13825  *		argument is saved in new_xp->xb_private.
13826  *
13827  *   Arguments: bp - ptr the the buf(9S) to be "shadowed"
13828  *		datalen - size of data area for the shadow bp
13829  *		bflags - B_READ or B_WRITE (pseudo flag)
13830  *		blkno - starting LBA
13831  *		func - function pointer for b_iodone in the shadow buf. (May
13832  *			be NULL if none.)
13833  *
13834  * Return Code: Pointer to allocates buf(9S) struct
13835  *
13836  *     Context: Can sleep.
13837  */
13838 
13839 static struct buf *
13840 sd_shadow_buf_alloc(struct buf *bp, size_t datalen, uint_t bflags,
13841 	daddr_t blkno, int (*func)(struct buf *))
13842 {
13843 	struct	sd_lun	*un;
13844 	struct	sd_xbuf	*xp;
13845 	struct	sd_xbuf	*new_xp;
13846 	struct	buf	*new_bp;
13847 
13848 	ASSERT(bp != NULL);
13849 	xp = SD_GET_XBUF(bp);
13850 	ASSERT(xp != NULL);
13851 	un = SD_GET_UN(bp);
13852 	ASSERT(un != NULL);
13853 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13854 
13855 	if (bp->b_flags & (B_PAGEIO | B_PHYS)) {
13856 		bp_mapin(bp);
13857 	}
13858 
13859 	bflags &= (B_READ | B_WRITE);
13860 #if defined(__i386) || defined(__amd64)
13861 	new_bp = getrbuf(KM_SLEEP);
13862 	new_bp->b_un.b_addr = kmem_zalloc(datalen, KM_SLEEP);
13863 	new_bp->b_bcount = datalen;
13864 	new_bp->b_flags = bflags |
13865 	    (bp->b_flags & ~(B_PAGEIO | B_PHYS | B_REMAPPED | B_SHADOW));
13866 #else
13867 	new_bp = scsi_alloc_consistent_buf(SD_ADDRESS(un), NULL,
13868 	    datalen, bflags, SLEEP_FUNC, NULL);
13869 #endif
13870 	new_bp->av_forw	= NULL;
13871 	new_bp->av_back	= NULL;
13872 	new_bp->b_dev	= bp->b_dev;
13873 	new_bp->b_blkno	= blkno;
13874 	new_bp->b_iodone = func;
13875 	new_bp->b_edev	= bp->b_edev;
13876 	new_bp->b_resid	= 0;
13877 
13878 	/* We need to preserve the B_FAILFAST flag */
13879 	if (bp->b_flags & B_FAILFAST) {
13880 		new_bp->b_flags |= B_FAILFAST;
13881 	}
13882 
13883 	/*
13884 	 * Allocate an xbuf for the shadow bp and copy the contents of the
13885 	 * original xbuf into it.
13886 	 */
13887 	new_xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
13888 	bcopy(xp, new_xp, sizeof (struct sd_xbuf));
13889 
13890 	/* Need later to copy data between the shadow buf & original buf! */
13891 	new_xp->xb_pkt_flags |= PKT_CONSISTENT;
13892 
13893 	/*
13894 	 * The given bp is automatically saved in the xb_private member
13895 	 * of the new xbuf.  Callers are allowed to depend on this.
13896 	 */
13897 	new_xp->xb_private = bp;
13898 
13899 	new_bp->b_private  = new_xp;
13900 
13901 	return (new_bp);
13902 }
13903 
13904 /*
13905  *    Function: sd_bioclone_free
13906  *
13907  * Description: Deallocate a buf(9S) that was used for 'shadow' IO operations
13908  *		in the larger than partition operation.
13909  *
13910  *     Context: May be called under interrupt context
13911  */
13912 
13913 static void
13914 sd_bioclone_free(struct buf *bp)
13915 {
13916 	struct sd_xbuf	*xp;
13917 
13918 	ASSERT(bp != NULL);
13919 	xp = SD_GET_XBUF(bp);
13920 	ASSERT(xp != NULL);
13921 
13922 	/*
13923 	 * Call bp_mapout() before freeing the buf,  in case a lower
13924 	 * layer or HBA  had done a bp_mapin().  we must do this here
13925 	 * as we are the "originator" of the shadow buf.
13926 	 */
13927 	bp_mapout(bp);
13928 
13929 	/*
13930 	 * Null out b_iodone before freeing the bp, to ensure that the driver
13931 	 * never gets confused by a stale value in this field. (Just a little
13932 	 * extra defensiveness here.)
13933 	 */
13934 	bp->b_iodone = NULL;
13935 
13936 	freerbuf(bp);
13937 
13938 	kmem_free(xp, sizeof (struct sd_xbuf));
13939 }
13940 
13941 /*
13942  *    Function: sd_shadow_buf_free
13943  *
13944  * Description: Deallocate a buf(9S) that was used for 'shadow' IO operations.
13945  *
13946  *     Context: May be called under interrupt context
13947  */
13948 
13949 static void
13950 sd_shadow_buf_free(struct buf *bp)
13951 {
13952 	struct sd_xbuf	*xp;
13953 
13954 	ASSERT(bp != NULL);
13955 	xp = SD_GET_XBUF(bp);
13956 	ASSERT(xp != NULL);
13957 
13958 #if defined(__sparc)
13959 	/*
13960 	 * Call bp_mapout() before freeing the buf,  in case a lower
13961 	 * layer or HBA  had done a bp_mapin().  we must do this here
13962 	 * as we are the "originator" of the shadow buf.
13963 	 */
13964 	bp_mapout(bp);
13965 #endif
13966 
13967 	/*
13968 	 * Null out b_iodone before freeing the bp, to ensure that the driver
13969 	 * never gets confused by a stale value in this field. (Just a little
13970 	 * extra defensiveness here.)
13971 	 */
13972 	bp->b_iodone = NULL;
13973 
13974 #if defined(__i386) || defined(__amd64)
13975 	kmem_free(bp->b_un.b_addr, bp->b_bcount);
13976 	freerbuf(bp);
13977 #else
13978 	scsi_free_consistent_buf(bp);
13979 #endif
13980 
13981 	kmem_free(xp, sizeof (struct sd_xbuf));
13982 }
13983 
13984 
13985 /*
13986  *    Function: sd_print_transport_rejected_message
13987  *
13988  * Description: This implements the ludicrously complex rules for printing
13989  *		a "transport rejected" message.  This is to address the
13990  *		specific problem of having a flood of this error message
13991  *		produced when a failover occurs.
13992  *
13993  *     Context: Any.
13994  */
13995 
13996 static void
13997 sd_print_transport_rejected_message(struct sd_lun *un, struct sd_xbuf *xp,
13998 	int code)
13999 {
14000 	ASSERT(un != NULL);
14001 	ASSERT(mutex_owned(SD_MUTEX(un)));
14002 	ASSERT(xp != NULL);
14003 
14004 	/*
14005 	 * Print the "transport rejected" message under the following
14006 	 * conditions:
14007 	 *
14008 	 * - Whenever the SD_LOGMASK_DIAG bit of sd_level_mask is set
14009 	 * - The error code from scsi_transport() is NOT a TRAN_FATAL_ERROR.
14010 	 * - If the error code IS a TRAN_FATAL_ERROR, then the message is
14011 	 *   printed the FIRST time a TRAN_FATAL_ERROR is returned from
14012 	 *   scsi_transport(9F) (which indicates that the target might have
14013 	 *   gone off-line).  This uses the un->un_tran_fatal_count
14014 	 *   count, which is incremented whenever a TRAN_FATAL_ERROR is
14015 	 *   received, and reset to zero whenver a TRAN_ACCEPT is returned
14016 	 *   from scsi_transport().
14017 	 *
14018 	 * The FLAG_SILENT in the scsi_pkt must be CLEARED in ALL of
14019 	 * the preceeding cases in order for the message to be printed.
14020 	 */
14021 	if ((xp->xb_pktp->pkt_flags & FLAG_SILENT) == 0) {
14022 		if ((sd_level_mask & SD_LOGMASK_DIAG) ||
14023 		    (code != TRAN_FATAL_ERROR) ||
14024 		    (un->un_tran_fatal_count == 1)) {
14025 			switch (code) {
14026 			case TRAN_BADPKT:
14027 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
14028 				    "transport rejected bad packet\n");
14029 				break;
14030 			case TRAN_FATAL_ERROR:
14031 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
14032 				    "transport rejected fatal error\n");
14033 				break;
14034 			default:
14035 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
14036 				    "transport rejected (%d)\n", code);
14037 				break;
14038 			}
14039 		}
14040 	}
14041 }
14042 
14043 
14044 /*
14045  *    Function: sd_add_buf_to_waitq
14046  *
14047  * Description: Add the given buf(9S) struct to the wait queue for the
14048  *		instance.  If sorting is enabled, then the buf is added
14049  *		to the queue via an elevator sort algorithm (a la
14050  *		disksort(9F)).  The SD_GET_BLKNO(bp) is used as the sort key.
14051  *		If sorting is not enabled, then the buf is just added
14052  *		to the end of the wait queue.
14053  *
14054  * Return Code: void
14055  *
14056  *     Context: Does not sleep/block, therefore technically can be called
14057  *		from any context.  However if sorting is enabled then the
14058  *		execution time is indeterminate, and may take long if
14059  *		the wait queue grows large.
14060  */
14061 
14062 static void
14063 sd_add_buf_to_waitq(struct sd_lun *un, struct buf *bp)
14064 {
14065 	struct buf *ap;
14066 
14067 	ASSERT(bp != NULL);
14068 	ASSERT(un != NULL);
14069 	ASSERT(mutex_owned(SD_MUTEX(un)));
14070 
14071 	/* If the queue is empty, add the buf as the only entry & return. */
14072 	if (un->un_waitq_headp == NULL) {
14073 		ASSERT(un->un_waitq_tailp == NULL);
14074 		un->un_waitq_headp = un->un_waitq_tailp = bp;
14075 		bp->av_forw = NULL;
14076 		return;
14077 	}
14078 
14079 	ASSERT(un->un_waitq_tailp != NULL);
14080 
14081 	/*
14082 	 * If sorting is disabled, just add the buf to the tail end of
14083 	 * the wait queue and return.
14084 	 */
14085 	if (un->un_f_disksort_disabled) {
14086 		un->un_waitq_tailp->av_forw = bp;
14087 		un->un_waitq_tailp = bp;
14088 		bp->av_forw = NULL;
14089 		return;
14090 	}
14091 
14092 	/*
14093 	 * Sort thru the list of requests currently on the wait queue
14094 	 * and add the new buf request at the appropriate position.
14095 	 *
14096 	 * The un->un_waitq_headp is an activity chain pointer on which
14097 	 * we keep two queues, sorted in ascending SD_GET_BLKNO() order. The
14098 	 * first queue holds those requests which are positioned after
14099 	 * the current SD_GET_BLKNO() (in the first request); the second holds
14100 	 * requests which came in after their SD_GET_BLKNO() number was passed.
14101 	 * Thus we implement a one way scan, retracting after reaching
14102 	 * the end of the drive to the first request on the second
14103 	 * queue, at which time it becomes the first queue.
14104 	 * A one-way scan is natural because of the way UNIX read-ahead
14105 	 * blocks are allocated.
14106 	 *
14107 	 * If we lie after the first request, then we must locate the
14108 	 * second request list and add ourselves to it.
14109 	 */
14110 	ap = un->un_waitq_headp;
14111 	if (SD_GET_BLKNO(bp) < SD_GET_BLKNO(ap)) {
14112 		while (ap->av_forw != NULL) {
14113 			/*
14114 			 * Look for an "inversion" in the (normally
14115 			 * ascending) block numbers. This indicates
14116 			 * the start of the second request list.
14117 			 */
14118 			if (SD_GET_BLKNO(ap->av_forw) < SD_GET_BLKNO(ap)) {
14119 				/*
14120 				 * Search the second request list for the
14121 				 * first request at a larger block number.
14122 				 * We go before that; however if there is
14123 				 * no such request, we go at the end.
14124 				 */
14125 				do {
14126 					if (SD_GET_BLKNO(bp) <
14127 					    SD_GET_BLKNO(ap->av_forw)) {
14128 						goto insert;
14129 					}
14130 					ap = ap->av_forw;
14131 				} while (ap->av_forw != NULL);
14132 				goto insert;		/* after last */
14133 			}
14134 			ap = ap->av_forw;
14135 		}
14136 
14137 		/*
14138 		 * No inversions... we will go after the last, and
14139 		 * be the first request in the second request list.
14140 		 */
14141 		goto insert;
14142 	}
14143 
14144 	/*
14145 	 * Request is at/after the current request...
14146 	 * sort in the first request list.
14147 	 */
14148 	while (ap->av_forw != NULL) {
14149 		/*
14150 		 * We want to go after the current request (1) if
14151 		 * there is an inversion after it (i.e. it is the end
14152 		 * of the first request list), or (2) if the next
14153 		 * request is a larger block no. than our request.
14154 		 */
14155 		if ((SD_GET_BLKNO(ap->av_forw) < SD_GET_BLKNO(ap)) ||
14156 		    (SD_GET_BLKNO(bp) < SD_GET_BLKNO(ap->av_forw))) {
14157 			goto insert;
14158 		}
14159 		ap = ap->av_forw;
14160 	}
14161 
14162 	/*
14163 	 * Neither a second list nor a larger request, therefore
14164 	 * we go at the end of the first list (which is the same
14165 	 * as the end of the whole schebang).
14166 	 */
14167 insert:
14168 	bp->av_forw = ap->av_forw;
14169 	ap->av_forw = bp;
14170 
14171 	/*
14172 	 * If we inserted onto the tail end of the waitq, make sure the
14173 	 * tail pointer is updated.
14174 	 */
14175 	if (ap == un->un_waitq_tailp) {
14176 		un->un_waitq_tailp = bp;
14177 	}
14178 }
14179 
14180 
14181 /*
14182  *    Function: sd_start_cmds
14183  *
14184  * Description: Remove and transport cmds from the driver queues.
14185  *
14186  *   Arguments: un - pointer to the unit (soft state) struct for the target.
14187  *
14188  *		immed_bp - ptr to a buf to be transported immediately. Only
14189  *		the immed_bp is transported; bufs on the waitq are not
14190  *		processed and the un_retry_bp is not checked.  If immed_bp is
14191  *		NULL, then normal queue processing is performed.
14192  *
14193  *     Context: May be called from kernel thread context, interrupt context,
14194  *		or runout callback context. This function may not block or
14195  *		call routines that block.
14196  */
14197 
14198 static void
14199 sd_start_cmds(struct sd_lun *un, struct buf *immed_bp)
14200 {
14201 	struct	sd_xbuf	*xp;
14202 	struct	buf	*bp;
14203 	void	(*statp)(kstat_io_t *);
14204 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14205 	void	(*saved_statp)(kstat_io_t *);
14206 #endif
14207 	int	rval;
14208 
14209 	ASSERT(un != NULL);
14210 	ASSERT(mutex_owned(SD_MUTEX(un)));
14211 	ASSERT(un->un_ncmds_in_transport >= 0);
14212 	ASSERT(un->un_throttle >= 0);
14213 
14214 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_start_cmds: entry\n");
14215 
14216 	do {
14217 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14218 		saved_statp = NULL;
14219 #endif
14220 
14221 		/*
14222 		 * If we are syncing or dumping, fail the command to
14223 		 * avoid recursively calling back into scsi_transport().
14224 		 * The dump I/O itself uses a separate code path so this
14225 		 * only prevents non-dump I/O from being sent while dumping.
14226 		 * File system sync takes place before dumping begins.
14227 		 * During panic, filesystem I/O is allowed provided
14228 		 * un_in_callback is <= 1.  This is to prevent recursion
14229 		 * such as sd_start_cmds -> scsi_transport -> sdintr ->
14230 		 * sd_start_cmds and so on.  See panic.c for more information
14231 		 * about the states the system can be in during panic.
14232 		 */
14233 		if ((un->un_state == SD_STATE_DUMPING) ||
14234 		    (ddi_in_panic() && (un->un_in_callback > 1))) {
14235 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14236 			    "sd_start_cmds: panicking\n");
14237 			goto exit;
14238 		}
14239 
14240 		if ((bp = immed_bp) != NULL) {
14241 			/*
14242 			 * We have a bp that must be transported immediately.
14243 			 * It's OK to transport the immed_bp here without doing
14244 			 * the throttle limit check because the immed_bp is
14245 			 * always used in a retry/recovery case. This means
14246 			 * that we know we are not at the throttle limit by
14247 			 * virtue of the fact that to get here we must have
14248 			 * already gotten a command back via sdintr(). This also
14249 			 * relies on (1) the command on un_retry_bp preventing
14250 			 * further commands from the waitq from being issued;
14251 			 * and (2) the code in sd_retry_command checking the
14252 			 * throttle limit before issuing a delayed or immediate
14253 			 * retry. This holds even if the throttle limit is
14254 			 * currently ratcheted down from its maximum value.
14255 			 */
14256 			statp = kstat_runq_enter;
14257 			if (bp == un->un_retry_bp) {
14258 				ASSERT((un->un_retry_statp == NULL) ||
14259 				    (un->un_retry_statp == kstat_waitq_enter) ||
14260 				    (un->un_retry_statp ==
14261 				    kstat_runq_back_to_waitq));
14262 				/*
14263 				 * If the waitq kstat was incremented when
14264 				 * sd_set_retry_bp() queued this bp for a retry,
14265 				 * then we must set up statp so that the waitq
14266 				 * count will get decremented correctly below.
14267 				 * Also we must clear un->un_retry_statp to
14268 				 * ensure that we do not act on a stale value
14269 				 * in this field.
14270 				 */
14271 				if ((un->un_retry_statp == kstat_waitq_enter) ||
14272 				    (un->un_retry_statp ==
14273 				    kstat_runq_back_to_waitq)) {
14274 					statp = kstat_waitq_to_runq;
14275 				}
14276 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14277 				saved_statp = un->un_retry_statp;
14278 #endif
14279 				un->un_retry_statp = NULL;
14280 
14281 				SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
14282 				    "sd_start_cmds: un:0x%p: GOT retry_bp:0x%p "
14283 				    "un_throttle:%d un_ncmds_in_transport:%d\n",
14284 				    un, un->un_retry_bp, un->un_throttle,
14285 				    un->un_ncmds_in_transport);
14286 			} else {
14287 				SD_TRACE(SD_LOG_IO_CORE, un, "sd_start_cmds: "
14288 				    "processing priority bp:0x%p\n", bp);
14289 			}
14290 
14291 		} else if ((bp = un->un_waitq_headp) != NULL) {
14292 			/*
14293 			 * A command on the waitq is ready to go, but do not
14294 			 * send it if:
14295 			 *
14296 			 * (1) the throttle limit has been reached, or
14297 			 * (2) a retry is pending, or
14298 			 * (3) a START_STOP_UNIT callback pending, or
14299 			 * (4) a callback for a SD_PATH_DIRECT_PRIORITY
14300 			 *	command is pending.
14301 			 *
14302 			 * For all of these conditions, IO processing will
14303 			 * restart after the condition is cleared.
14304 			 */
14305 			if (un->un_ncmds_in_transport >= un->un_throttle) {
14306 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14307 				    "sd_start_cmds: exiting, "
14308 				    "throttle limit reached!\n");
14309 				goto exit;
14310 			}
14311 			if (un->un_retry_bp != NULL) {
14312 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14313 				    "sd_start_cmds: exiting, retry pending!\n");
14314 				goto exit;
14315 			}
14316 			if (un->un_startstop_timeid != NULL) {
14317 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14318 				    "sd_start_cmds: exiting, "
14319 				    "START_STOP pending!\n");
14320 				goto exit;
14321 			}
14322 			if (un->un_direct_priority_timeid != NULL) {
14323 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14324 				    "sd_start_cmds: exiting, "
14325 				    "SD_PATH_DIRECT_PRIORITY cmd. pending!\n");
14326 				goto exit;
14327 			}
14328 
14329 			/* Dequeue the command */
14330 			un->un_waitq_headp = bp->av_forw;
14331 			if (un->un_waitq_headp == NULL) {
14332 				un->un_waitq_tailp = NULL;
14333 			}
14334 			bp->av_forw = NULL;
14335 			statp = kstat_waitq_to_runq;
14336 			SD_TRACE(SD_LOG_IO_CORE, un,
14337 			    "sd_start_cmds: processing waitq bp:0x%p\n", bp);
14338 
14339 		} else {
14340 			/* No work to do so bail out now */
14341 			SD_TRACE(SD_LOG_IO_CORE, un,
14342 			    "sd_start_cmds: no more work, exiting!\n");
14343 			goto exit;
14344 		}
14345 
14346 		/*
14347 		 * Reset the state to normal. This is the mechanism by which
14348 		 * the state transitions from either SD_STATE_RWAIT or
14349 		 * SD_STATE_OFFLINE to SD_STATE_NORMAL.
14350 		 * If state is SD_STATE_PM_CHANGING then this command is
14351 		 * part of the device power control and the state must
14352 		 * not be put back to normal. Doing so would would
14353 		 * allow new commands to proceed when they shouldn't,
14354 		 * the device may be going off.
14355 		 */
14356 		if ((un->un_state != SD_STATE_SUSPENDED) &&
14357 		    (un->un_state != SD_STATE_PM_CHANGING)) {
14358 			New_state(un, SD_STATE_NORMAL);
14359 		    }
14360 
14361 		xp = SD_GET_XBUF(bp);
14362 		ASSERT(xp != NULL);
14363 
14364 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14365 		/*
14366 		 * Allocate the scsi_pkt if we need one, or attach DMA
14367 		 * resources if we have a scsi_pkt that needs them. The
14368 		 * latter should only occur for commands that are being
14369 		 * retried.
14370 		 */
14371 		if ((xp->xb_pktp == NULL) ||
14372 		    ((xp->xb_pkt_flags & SD_XB_DMA_FREED) != 0)) {
14373 #else
14374 		if (xp->xb_pktp == NULL) {
14375 #endif
14376 			/*
14377 			 * There is no scsi_pkt allocated for this buf. Call
14378 			 * the initpkt function to allocate & init one.
14379 			 *
14380 			 * The scsi_init_pkt runout callback functionality is
14381 			 * implemented as follows:
14382 			 *
14383 			 * 1) The initpkt function always calls
14384 			 *    scsi_init_pkt(9F) with sdrunout specified as the
14385 			 *    callback routine.
14386 			 * 2) A successful packet allocation is initialized and
14387 			 *    the I/O is transported.
14388 			 * 3) The I/O associated with an allocation resource
14389 			 *    failure is left on its queue to be retried via
14390 			 *    runout or the next I/O.
14391 			 * 4) The I/O associated with a DMA error is removed
14392 			 *    from the queue and failed with EIO. Processing of
14393 			 *    the transport queues is also halted to be
14394 			 *    restarted via runout or the next I/O.
14395 			 * 5) The I/O associated with a CDB size or packet
14396 			 *    size error is removed from the queue and failed
14397 			 *    with EIO. Processing of the transport queues is
14398 			 *    continued.
14399 			 *
14400 			 * Note: there is no interface for canceling a runout
14401 			 * callback. To prevent the driver from detaching or
14402 			 * suspending while a runout is pending the driver
14403 			 * state is set to SD_STATE_RWAIT
14404 			 *
14405 			 * Note: using the scsi_init_pkt callback facility can
14406 			 * result in an I/O request persisting at the head of
14407 			 * the list which cannot be satisfied even after
14408 			 * multiple retries. In the future the driver may
14409 			 * implement some kind of maximum runout count before
14410 			 * failing an I/O.
14411 			 *
14412 			 * Note: the use of funcp below may seem superfluous,
14413 			 * but it helps warlock figure out the correct
14414 			 * initpkt function calls (see [s]sd.wlcmd).
14415 			 */
14416 			struct scsi_pkt	*pktp;
14417 			int (*funcp)(struct buf *bp, struct scsi_pkt **pktp);
14418 
14419 			ASSERT(bp != un->un_rqs_bp);
14420 
14421 			funcp = sd_initpkt_map[xp->xb_chain_iostart];
14422 			switch ((*funcp)(bp, &pktp)) {
14423 			case  SD_PKT_ALLOC_SUCCESS:
14424 				xp->xb_pktp = pktp;
14425 				SD_TRACE(SD_LOG_IO_CORE, un,
14426 				    "sd_start_cmd: SD_PKT_ALLOC_SUCCESS 0x%p\n",
14427 				    pktp);
14428 				goto got_pkt;
14429 
14430 			case SD_PKT_ALLOC_FAILURE:
14431 				/*
14432 				 * Temporary (hopefully) resource depletion.
14433 				 * Since retries and RQS commands always have a
14434 				 * scsi_pkt allocated, these cases should never
14435 				 * get here. So the only cases this needs to
14436 				 * handle is a bp from the waitq (which we put
14437 				 * back onto the waitq for sdrunout), or a bp
14438 				 * sent as an immed_bp (which we just fail).
14439 				 */
14440 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14441 				    "sd_start_cmds: SD_PKT_ALLOC_FAILURE\n");
14442 
14443 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14444 
14445 				if (bp == immed_bp) {
14446 					/*
14447 					 * If SD_XB_DMA_FREED is clear, then
14448 					 * this is a failure to allocate a
14449 					 * scsi_pkt, and we must fail the
14450 					 * command.
14451 					 */
14452 					if ((xp->xb_pkt_flags &
14453 					    SD_XB_DMA_FREED) == 0) {
14454 						break;
14455 					}
14456 
14457 					/*
14458 					 * If this immediate command is NOT our
14459 					 * un_retry_bp, then we must fail it.
14460 					 */
14461 					if (bp != un->un_retry_bp) {
14462 						break;
14463 					}
14464 
14465 					/*
14466 					 * We get here if this cmd is our
14467 					 * un_retry_bp that was DMAFREED, but
14468 					 * scsi_init_pkt() failed to reallocate
14469 					 * DMA resources when we attempted to
14470 					 * retry it. This can happen when an
14471 					 * mpxio failover is in progress, but
14472 					 * we don't want to just fail the
14473 					 * command in this case.
14474 					 *
14475 					 * Use timeout(9F) to restart it after
14476 					 * a 100ms delay.  We don't want to
14477 					 * let sdrunout() restart it, because
14478 					 * sdrunout() is just supposed to start
14479 					 * commands that are sitting on the
14480 					 * wait queue.  The un_retry_bp stays
14481 					 * set until the command completes, but
14482 					 * sdrunout can be called many times
14483 					 * before that happens.  Since sdrunout
14484 					 * cannot tell if the un_retry_bp is
14485 					 * already in the transport, it could
14486 					 * end up calling scsi_transport() for
14487 					 * the un_retry_bp multiple times.
14488 					 *
14489 					 * Also: don't schedule the callback
14490 					 * if some other callback is already
14491 					 * pending.
14492 					 */
14493 					if (un->un_retry_statp == NULL) {
14494 						/*
14495 						 * restore the kstat pointer to
14496 						 * keep kstat counts coherent
14497 						 * when we do retry the command.
14498 						 */
14499 						un->un_retry_statp =
14500 						    saved_statp;
14501 					}
14502 
14503 					if ((un->un_startstop_timeid == NULL) &&
14504 					    (un->un_retry_timeid == NULL) &&
14505 					    (un->un_direct_priority_timeid ==
14506 					    NULL)) {
14507 
14508 						un->un_retry_timeid =
14509 						    timeout(
14510 						    sd_start_retry_command,
14511 						    un, SD_RESTART_TIMEOUT);
14512 					}
14513 					goto exit;
14514 				}
14515 
14516 #else
14517 				if (bp == immed_bp) {
14518 					break;	/* Just fail the command */
14519 				}
14520 #endif
14521 
14522 				/* Add the buf back to the head of the waitq */
14523 				bp->av_forw = un->un_waitq_headp;
14524 				un->un_waitq_headp = bp;
14525 				if (un->un_waitq_tailp == NULL) {
14526 					un->un_waitq_tailp = bp;
14527 				}
14528 				goto exit;
14529 
14530 			case SD_PKT_ALLOC_FAILURE_NO_DMA:
14531 				/*
14532 				 * HBA DMA resource failure. Fail the command
14533 				 * and continue processing of the queues.
14534 				 */
14535 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14536 				    "sd_start_cmds: "
14537 				    "SD_PKT_ALLOC_FAILURE_NO_DMA\n");
14538 				break;
14539 
14540 			case SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL:
14541 				/*
14542 				 * Note:x86: Partial DMA mapping not supported
14543 				 * for USCSI commands, and all the needed DMA
14544 				 * resources were not allocated.
14545 				 */
14546 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14547 				    "sd_start_cmds: "
14548 				    "SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL\n");
14549 				break;
14550 
14551 			case SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL:
14552 				/*
14553 				 * Note:x86: Request cannot fit into CDB based
14554 				 * on lba and len.
14555 				 */
14556 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14557 				    "sd_start_cmds: "
14558 				    "SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL\n");
14559 				break;
14560 
14561 			default:
14562 				/* Should NEVER get here! */
14563 				panic("scsi_initpkt error");
14564 				/*NOTREACHED*/
14565 			}
14566 
14567 			/*
14568 			 * Fatal error in allocating a scsi_pkt for this buf.
14569 			 * Update kstats & return the buf with an error code.
14570 			 * We must use sd_return_failed_command_no_restart() to
14571 			 * avoid a recursive call back into sd_start_cmds().
14572 			 * However this also means that we must keep processing
14573 			 * the waitq here in order to avoid stalling.
14574 			 */
14575 			if (statp == kstat_waitq_to_runq) {
14576 				SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
14577 			}
14578 			sd_return_failed_command_no_restart(un, bp, EIO);
14579 			if (bp == immed_bp) {
14580 				/* immed_bp is gone by now, so clear this */
14581 				immed_bp = NULL;
14582 			}
14583 			continue;
14584 		}
14585 got_pkt:
14586 		if (bp == immed_bp) {
14587 			/* goto the head of the class.... */
14588 			xp->xb_pktp->pkt_flags |= FLAG_HEAD;
14589 		}
14590 
14591 		un->un_ncmds_in_transport++;
14592 		SD_UPDATE_KSTATS(un, statp, bp);
14593 
14594 		/*
14595 		 * Call scsi_transport() to send the command to the target.
14596 		 * According to SCSA architecture, we must drop the mutex here
14597 		 * before calling scsi_transport() in order to avoid deadlock.
14598 		 * Note that the scsi_pkt's completion routine can be executed
14599 		 * (from interrupt context) even before the call to
14600 		 * scsi_transport() returns.
14601 		 */
14602 		SD_TRACE(SD_LOG_IO_CORE, un,
14603 		    "sd_start_cmds: calling scsi_transport()\n");
14604 		DTRACE_PROBE1(scsi__transport__dispatch, struct buf *, bp);
14605 
14606 		mutex_exit(SD_MUTEX(un));
14607 		rval = scsi_transport(xp->xb_pktp);
14608 		mutex_enter(SD_MUTEX(un));
14609 
14610 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14611 		    "sd_start_cmds: scsi_transport() returned %d\n", rval);
14612 
14613 		switch (rval) {
14614 		case TRAN_ACCEPT:
14615 			/* Clear this with every pkt accepted by the HBA */
14616 			un->un_tran_fatal_count = 0;
14617 			break;	/* Success; try the next cmd (if any) */
14618 
14619 		case TRAN_BUSY:
14620 			un->un_ncmds_in_transport--;
14621 			ASSERT(un->un_ncmds_in_transport >= 0);
14622 
14623 			/*
14624 			 * Don't retry request sense, the sense data
14625 			 * is lost when another request is sent.
14626 			 * Free up the rqs buf and retry
14627 			 * the original failed cmd.  Update kstat.
14628 			 */
14629 			if (bp == un->un_rqs_bp) {
14630 				SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14631 				bp = sd_mark_rqs_idle(un, xp);
14632 				sd_retry_command(un, bp, SD_RETRIES_STANDARD,
14633 					NULL, NULL, EIO, SD_BSY_TIMEOUT / 500,
14634 					kstat_waitq_enter);
14635 				goto exit;
14636 			}
14637 
14638 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14639 			/*
14640 			 * Free the DMA resources for the  scsi_pkt. This will
14641 			 * allow mpxio to select another path the next time
14642 			 * we call scsi_transport() with this scsi_pkt.
14643 			 * See sdintr() for the rationalization behind this.
14644 			 */
14645 			if ((un->un_f_is_fibre == TRUE) &&
14646 			    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
14647 			    ((xp->xb_pktp->pkt_flags & FLAG_SENSING) == 0)) {
14648 				scsi_dmafree(xp->xb_pktp);
14649 				xp->xb_pkt_flags |= SD_XB_DMA_FREED;
14650 			}
14651 #endif
14652 
14653 			if (SD_IS_DIRECT_PRIORITY(SD_GET_XBUF(bp))) {
14654 				/*
14655 				 * Commands that are SD_PATH_DIRECT_PRIORITY
14656 				 * are for error recovery situations. These do
14657 				 * not use the normal command waitq, so if they
14658 				 * get a TRAN_BUSY we cannot put them back onto
14659 				 * the waitq for later retry. One possible
14660 				 * problem is that there could already be some
14661 				 * other command on un_retry_bp that is waiting
14662 				 * for this one to complete, so we would be
14663 				 * deadlocked if we put this command back onto
14664 				 * the waitq for later retry (since un_retry_bp
14665 				 * must complete before the driver gets back to
14666 				 * commands on the waitq).
14667 				 *
14668 				 * To avoid deadlock we must schedule a callback
14669 				 * that will restart this command after a set
14670 				 * interval.  This should keep retrying for as
14671 				 * long as the underlying transport keeps
14672 				 * returning TRAN_BUSY (just like for other
14673 				 * commands).  Use the same timeout interval as
14674 				 * for the ordinary TRAN_BUSY retry.
14675 				 */
14676 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14677 				    "sd_start_cmds: scsi_transport() returned "
14678 				    "TRAN_BUSY for DIRECT_PRIORITY cmd!\n");
14679 
14680 				SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14681 				un->un_direct_priority_timeid =
14682 				    timeout(sd_start_direct_priority_command,
14683 				    bp, SD_BSY_TIMEOUT / 500);
14684 
14685 				goto exit;
14686 			}
14687 
14688 			/*
14689 			 * For TRAN_BUSY, we want to reduce the throttle value,
14690 			 * unless we are retrying a command.
14691 			 */
14692 			if (bp != un->un_retry_bp) {
14693 				sd_reduce_throttle(un, SD_THROTTLE_TRAN_BUSY);
14694 			}
14695 
14696 			/*
14697 			 * Set up the bp to be tried again 10 ms later.
14698 			 * Note:x86: Is there a timeout value in the sd_lun
14699 			 * for this condition?
14700 			 */
14701 			sd_set_retry_bp(un, bp, SD_BSY_TIMEOUT / 500,
14702 				kstat_runq_back_to_waitq);
14703 			goto exit;
14704 
14705 		case TRAN_FATAL_ERROR:
14706 			un->un_tran_fatal_count++;
14707 			/* FALLTHRU */
14708 
14709 		case TRAN_BADPKT:
14710 		default:
14711 			un->un_ncmds_in_transport--;
14712 			ASSERT(un->un_ncmds_in_transport >= 0);
14713 
14714 			/*
14715 			 * If this is our REQUEST SENSE command with a
14716 			 * transport error, we must get back the pointers
14717 			 * to the original buf, and mark the REQUEST
14718 			 * SENSE command as "available".
14719 			 */
14720 			if (bp == un->un_rqs_bp) {
14721 				bp = sd_mark_rqs_idle(un, xp);
14722 				xp = SD_GET_XBUF(bp);
14723 			} else {
14724 				/*
14725 				 * Legacy behavior: do not update transport
14726 				 * error count for request sense commands.
14727 				 */
14728 				SD_UPDATE_ERRSTATS(un, sd_transerrs);
14729 			}
14730 
14731 			SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14732 			sd_print_transport_rejected_message(un, xp, rval);
14733 
14734 			/*
14735 			 * We must use sd_return_failed_command_no_restart() to
14736 			 * avoid a recursive call back into sd_start_cmds().
14737 			 * However this also means that we must keep processing
14738 			 * the waitq here in order to avoid stalling.
14739 			 */
14740 			sd_return_failed_command_no_restart(un, bp, EIO);
14741 
14742 			/*
14743 			 * Notify any threads waiting in sd_ddi_suspend() that
14744 			 * a command completion has occurred.
14745 			 */
14746 			if (un->un_state == SD_STATE_SUSPENDED) {
14747 				cv_broadcast(&un->un_disk_busy_cv);
14748 			}
14749 
14750 			if (bp == immed_bp) {
14751 				/* immed_bp is gone by now, so clear this */
14752 				immed_bp = NULL;
14753 			}
14754 			break;
14755 		}
14756 
14757 	} while (immed_bp == NULL);
14758 
14759 exit:
14760 	ASSERT(mutex_owned(SD_MUTEX(un)));
14761 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_start_cmds: exit\n");
14762 }
14763 
14764 
14765 /*
14766  *    Function: sd_return_command
14767  *
14768  * Description: Returns a command to its originator (with or without an
14769  *		error).  Also starts commands waiting to be transported
14770  *		to the target.
14771  *
14772  *     Context: May be called from interrupt, kernel, or timeout context
14773  */
14774 
14775 static void
14776 sd_return_command(struct sd_lun *un, struct buf *bp)
14777 {
14778 	struct sd_xbuf *xp;
14779 #if defined(__i386) || defined(__amd64)
14780 	struct scsi_pkt *pktp;
14781 #endif
14782 
14783 	ASSERT(bp != NULL);
14784 	ASSERT(un != NULL);
14785 	ASSERT(mutex_owned(SD_MUTEX(un)));
14786 	ASSERT(bp != un->un_rqs_bp);
14787 	xp = SD_GET_XBUF(bp);
14788 	ASSERT(xp != NULL);
14789 
14790 #if defined(__i386) || defined(__amd64)
14791 	pktp = SD_GET_PKTP(bp);
14792 #endif
14793 
14794 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_return_command: entry\n");
14795 
14796 #if defined(__i386) || defined(__amd64)
14797 	/*
14798 	 * Note:x86: check for the "sdrestart failed" case.
14799 	 */
14800 	if (((xp->xb_pkt_flags & SD_XB_USCSICMD) != SD_XB_USCSICMD) &&
14801 		(geterror(bp) == 0) && (xp->xb_dma_resid != 0) &&
14802 		(xp->xb_pktp->pkt_resid == 0)) {
14803 
14804 		if (sd_setup_next_xfer(un, bp, pktp, xp) != 0) {
14805 			/*
14806 			 * Successfully set up next portion of cmd
14807 			 * transfer, try sending it
14808 			 */
14809 			sd_retry_command(un, bp, SD_RETRIES_NOCHECK,
14810 			    NULL, NULL, 0, (clock_t)0, NULL);
14811 			sd_start_cmds(un, NULL);
14812 			return;	/* Note:x86: need a return here? */
14813 		}
14814 	}
14815 #endif
14816 
14817 	/*
14818 	 * If this is the failfast bp, clear it from un_failfast_bp. This
14819 	 * can happen if upon being re-tried the failfast bp either
14820 	 * succeeded or encountered another error (possibly even a different
14821 	 * error than the one that precipitated the failfast state, but in
14822 	 * that case it would have had to exhaust retries as well). Regardless,
14823 	 * this should not occur whenever the instance is in the active
14824 	 * failfast state.
14825 	 */
14826 	if (bp == un->un_failfast_bp) {
14827 		ASSERT(un->un_failfast_state == SD_FAILFAST_INACTIVE);
14828 		un->un_failfast_bp = NULL;
14829 	}
14830 
14831 	/*
14832 	 * Clear the failfast state upon successful completion of ANY cmd.
14833 	 */
14834 	if (bp->b_error == 0) {
14835 		un->un_failfast_state = SD_FAILFAST_INACTIVE;
14836 	}
14837 
14838 	/*
14839 	 * This is used if the command was retried one or more times. Show that
14840 	 * we are done with it, and allow processing of the waitq to resume.
14841 	 */
14842 	if (bp == un->un_retry_bp) {
14843 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14844 		    "sd_return_command: un:0x%p: "
14845 		    "RETURNING retry_bp:0x%p\n", un, un->un_retry_bp);
14846 		un->un_retry_bp = NULL;
14847 		un->un_retry_statp = NULL;
14848 	}
14849 
14850 	SD_UPDATE_RDWR_STATS(un, bp);
14851 	SD_UPDATE_PARTITION_STATS(un, bp);
14852 
14853 	switch (un->un_state) {
14854 	case SD_STATE_SUSPENDED:
14855 		/*
14856 		 * Notify any threads waiting in sd_ddi_suspend() that
14857 		 * a command completion has occurred.
14858 		 */
14859 		cv_broadcast(&un->un_disk_busy_cv);
14860 		break;
14861 	default:
14862 		sd_start_cmds(un, NULL);
14863 		break;
14864 	}
14865 
14866 	/* Return this command up the iodone chain to its originator. */
14867 	mutex_exit(SD_MUTEX(un));
14868 
14869 	(*(sd_destroypkt_map[xp->xb_chain_iodone]))(bp);
14870 	xp->xb_pktp = NULL;
14871 
14872 	SD_BEGIN_IODONE(xp->xb_chain_iodone, un, bp);
14873 
14874 	ASSERT(!mutex_owned(SD_MUTEX(un)));
14875 	mutex_enter(SD_MUTEX(un));
14876 
14877 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_return_command: exit\n");
14878 }
14879 
14880 
14881 /*
14882  *    Function: sd_return_failed_command
14883  *
14884  * Description: Command completion when an error occurred.
14885  *
14886  *     Context: May be called from interrupt context
14887  */
14888 
14889 static void
14890 sd_return_failed_command(struct sd_lun *un, struct buf *bp, int errcode)
14891 {
14892 	ASSERT(bp != NULL);
14893 	ASSERT(un != NULL);
14894 	ASSERT(mutex_owned(SD_MUTEX(un)));
14895 
14896 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14897 	    "sd_return_failed_command: entry\n");
14898 
14899 	/*
14900 	 * b_resid could already be nonzero due to a partial data
14901 	 * transfer, so do not change it here.
14902 	 */
14903 	SD_BIOERROR(bp, errcode);
14904 
14905 	sd_return_command(un, bp);
14906 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14907 	    "sd_return_failed_command: exit\n");
14908 }
14909 
14910 
14911 /*
14912  *    Function: sd_return_failed_command_no_restart
14913  *
14914  * Description: Same as sd_return_failed_command, but ensures that no
14915  *		call back into sd_start_cmds will be issued.
14916  *
14917  *     Context: May be called from interrupt context
14918  */
14919 
14920 static void
14921 sd_return_failed_command_no_restart(struct sd_lun *un, struct buf *bp,
14922 	int errcode)
14923 {
14924 	struct sd_xbuf *xp;
14925 
14926 	ASSERT(bp != NULL);
14927 	ASSERT(un != NULL);
14928 	ASSERT(mutex_owned(SD_MUTEX(un)));
14929 	xp = SD_GET_XBUF(bp);
14930 	ASSERT(xp != NULL);
14931 	ASSERT(errcode != 0);
14932 
14933 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14934 	    "sd_return_failed_command_no_restart: entry\n");
14935 
14936 	/*
14937 	 * b_resid could already be nonzero due to a partial data
14938 	 * transfer, so do not change it here.
14939 	 */
14940 	SD_BIOERROR(bp, errcode);
14941 
14942 	/*
14943 	 * If this is the failfast bp, clear it. This can happen if the
14944 	 * failfast bp encounterd a fatal error when we attempted to
14945 	 * re-try it (such as a scsi_transport(9F) failure).  However
14946 	 * we should NOT be in an active failfast state if the failfast
14947 	 * bp is not NULL.
14948 	 */
14949 	if (bp == un->un_failfast_bp) {
14950 		ASSERT(un->un_failfast_state == SD_FAILFAST_INACTIVE);
14951 		un->un_failfast_bp = NULL;
14952 	}
14953 
14954 	if (bp == un->un_retry_bp) {
14955 		/*
14956 		 * This command was retried one or more times. Show that we are
14957 		 * done with it, and allow processing of the waitq to resume.
14958 		 */
14959 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14960 		    "sd_return_failed_command_no_restart: "
14961 		    " un:0x%p: RETURNING retry_bp:0x%p\n", un, un->un_retry_bp);
14962 		un->un_retry_bp = NULL;
14963 		un->un_retry_statp = NULL;
14964 	}
14965 
14966 	SD_UPDATE_RDWR_STATS(un, bp);
14967 	SD_UPDATE_PARTITION_STATS(un, bp);
14968 
14969 	mutex_exit(SD_MUTEX(un));
14970 
14971 	if (xp->xb_pktp != NULL) {
14972 		(*(sd_destroypkt_map[xp->xb_chain_iodone]))(bp);
14973 		xp->xb_pktp = NULL;
14974 	}
14975 
14976 	SD_BEGIN_IODONE(xp->xb_chain_iodone, un, bp);
14977 
14978 	mutex_enter(SD_MUTEX(un));
14979 
14980 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14981 	    "sd_return_failed_command_no_restart: exit\n");
14982 }
14983 
14984 
14985 /*
14986  *    Function: sd_retry_command
14987  *
14988  * Description: queue up a command for retry, or (optionally) fail it
14989  *		if retry counts are exhausted.
14990  *
14991  *   Arguments: un - Pointer to the sd_lun struct for the target.
14992  *
14993  *		bp - Pointer to the buf for the command to be retried.
14994  *
14995  *		retry_check_flag - Flag to see which (if any) of the retry
14996  *		   counts should be decremented/checked. If the indicated
14997  *		   retry count is exhausted, then the command will not be
14998  *		   retried; it will be failed instead. This should use a
14999  *		   value equal to one of the following:
15000  *
15001  *			SD_RETRIES_NOCHECK
15002  *			SD_RESD_RETRIES_STANDARD
15003  *			SD_RETRIES_VICTIM
15004  *
15005  *		   Optionally may be bitwise-OR'ed with SD_RETRIES_ISOLATE
15006  *		   if the check should be made to see of FLAG_ISOLATE is set
15007  *		   in the pkt. If FLAG_ISOLATE is set, then the command is
15008  *		   not retried, it is simply failed.
15009  *
15010  *		user_funcp - Ptr to function to call before dispatching the
15011  *		   command. May be NULL if no action needs to be performed.
15012  *		   (Primarily intended for printing messages.)
15013  *
15014  *		user_arg - Optional argument to be passed along to
15015  *		   the user_funcp call.
15016  *
15017  *		failure_code - errno return code to set in the bp if the
15018  *		   command is going to be failed.
15019  *
15020  *		retry_delay - Retry delay interval in (clock_t) units. May
15021  *		   be zero which indicates that the retry should be retried
15022  *		   immediately (ie, without an intervening delay).
15023  *
15024  *		statp - Ptr to kstat function to be updated if the command
15025  *		   is queued for a delayed retry. May be NULL if no kstat
15026  *		   update is desired.
15027  *
15028  *     Context: May be called from interupt context.
15029  */
15030 
15031 static void
15032 sd_retry_command(struct sd_lun *un, struct buf *bp, int retry_check_flag,
15033 	void (*user_funcp)(struct sd_lun *un, struct buf *bp, void *argp, int
15034 	code), void *user_arg, int failure_code,  clock_t retry_delay,
15035 	void (*statp)(kstat_io_t *))
15036 {
15037 	struct sd_xbuf	*xp;
15038 	struct scsi_pkt	*pktp;
15039 
15040 	ASSERT(un != NULL);
15041 	ASSERT(mutex_owned(SD_MUTEX(un)));
15042 	ASSERT(bp != NULL);
15043 	xp = SD_GET_XBUF(bp);
15044 	ASSERT(xp != NULL);
15045 	pktp = SD_GET_PKTP(bp);
15046 	ASSERT(pktp != NULL);
15047 
15048 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
15049 	    "sd_retry_command: entry: bp:0x%p xp:0x%p\n", bp, xp);
15050 
15051 	/*
15052 	 * If we are syncing or dumping, fail the command to avoid
15053 	 * recursively calling back into scsi_transport().
15054 	 */
15055 	if (ddi_in_panic()) {
15056 		goto fail_command_no_log;
15057 	}
15058 
15059 	/*
15060 	 * We should never be be retrying a command with FLAG_DIAGNOSE set, so
15061 	 * log an error and fail the command.
15062 	 */
15063 	if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
15064 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
15065 		    "ERROR, retrying FLAG_DIAGNOSE command.\n");
15066 		sd_dump_memory(un, SD_LOG_IO, "CDB",
15067 		    (uchar_t *)pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
15068 		sd_dump_memory(un, SD_LOG_IO, "Sense Data",
15069 		    (uchar_t *)xp->xb_sense_data, SENSE_LENGTH, SD_LOG_HEX);
15070 		goto fail_command;
15071 	}
15072 
15073 	/*
15074 	 * If we are suspended, then put the command onto head of the
15075 	 * wait queue since we don't want to start more commands.
15076 	 */
15077 	switch (un->un_state) {
15078 	case SD_STATE_SUSPENDED:
15079 	case SD_STATE_DUMPING:
15080 		bp->av_forw = un->un_waitq_headp;
15081 		un->un_waitq_headp = bp;
15082 		if (un->un_waitq_tailp == NULL) {
15083 			un->un_waitq_tailp = bp;
15084 		}
15085 		SD_UPDATE_KSTATS(un, kstat_waitq_enter, bp);
15086 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: "
15087 		    "exiting; cmd bp:0x%p requeued for SUSPEND/DUMP\n", bp);
15088 		return;
15089 	default:
15090 		break;
15091 	}
15092 
15093 	/*
15094 	 * If the caller wants us to check FLAG_ISOLATE, then see if that
15095 	 * is set; if it is then we do not want to retry the command.
15096 	 * Normally, FLAG_ISOLATE is only used with USCSI cmds.
15097 	 */
15098 	if ((retry_check_flag & SD_RETRIES_ISOLATE) != 0) {
15099 		if ((pktp->pkt_flags & FLAG_ISOLATE) != 0) {
15100 			goto fail_command;
15101 		}
15102 	}
15103 
15104 
15105 	/*
15106 	 * If SD_RETRIES_FAILFAST is set, it indicates that either a
15107 	 * command timeout or a selection timeout has occurred. This means
15108 	 * that we were unable to establish an kind of communication with
15109 	 * the target, and subsequent retries and/or commands are likely
15110 	 * to encounter similar results and take a long time to complete.
15111 	 *
15112 	 * If this is a failfast error condition, we need to update the
15113 	 * failfast state, even if this bp does not have B_FAILFAST set.
15114 	 */
15115 	if (retry_check_flag & SD_RETRIES_FAILFAST) {
15116 		if (un->un_failfast_state == SD_FAILFAST_ACTIVE) {
15117 			ASSERT(un->un_failfast_bp == NULL);
15118 			/*
15119 			 * If we are already in the active failfast state, and
15120 			 * another failfast error condition has been detected,
15121 			 * then fail this command if it has B_FAILFAST set.
15122 			 * If B_FAILFAST is clear, then maintain the legacy
15123 			 * behavior of retrying heroically, even tho this will
15124 			 * take a lot more time to fail the command.
15125 			 */
15126 			if (bp->b_flags & B_FAILFAST) {
15127 				goto fail_command;
15128 			}
15129 		} else {
15130 			/*
15131 			 * We're not in the active failfast state, but we
15132 			 * have a failfast error condition, so we must begin
15133 			 * transition to the next state. We do this regardless
15134 			 * of whether or not this bp has B_FAILFAST set.
15135 			 */
15136 			if (un->un_failfast_bp == NULL) {
15137 				/*
15138 				 * This is the first bp to meet a failfast
15139 				 * condition so save it on un_failfast_bp &
15140 				 * do normal retry processing. Do not enter
15141 				 * active failfast state yet. This marks
15142 				 * entry into the "failfast pending" state.
15143 				 */
15144 				un->un_failfast_bp = bp;
15145 
15146 			} else if (un->un_failfast_bp == bp) {
15147 				/*
15148 				 * This is the second time *this* bp has
15149 				 * encountered a failfast error condition,
15150 				 * so enter active failfast state & flush
15151 				 * queues as appropriate.
15152 				 */
15153 				un->un_failfast_state = SD_FAILFAST_ACTIVE;
15154 				un->un_failfast_bp = NULL;
15155 				sd_failfast_flushq(un);
15156 
15157 				/*
15158 				 * Fail this bp now if B_FAILFAST set;
15159 				 * otherwise continue with retries. (It would
15160 				 * be pretty ironic if this bp succeeded on a
15161 				 * subsequent retry after we just flushed all
15162 				 * the queues).
15163 				 */
15164 				if (bp->b_flags & B_FAILFAST) {
15165 					goto fail_command;
15166 				}
15167 
15168 #if !defined(lint) && !defined(__lint)
15169 			} else {
15170 				/*
15171 				 * If neither of the preceeding conditionals
15172 				 * was true, it means that there is some
15173 				 * *other* bp that has met an inital failfast
15174 				 * condition and is currently either being
15175 				 * retried or is waiting to be retried. In
15176 				 * that case we should perform normal retry
15177 				 * processing on *this* bp, since there is a
15178 				 * chance that the current failfast condition
15179 				 * is transient and recoverable. If that does
15180 				 * not turn out to be the case, then retries
15181 				 * will be cleared when the wait queue is
15182 				 * flushed anyway.
15183 				 */
15184 #endif
15185 			}
15186 		}
15187 	} else {
15188 		/*
15189 		 * SD_RETRIES_FAILFAST is clear, which indicates that we
15190 		 * likely were able to at least establish some level of
15191 		 * communication with the target and subsequent commands
15192 		 * and/or retries are likely to get through to the target,
15193 		 * In this case we want to be aggressive about clearing
15194 		 * the failfast state. Note that this does not affect
15195 		 * the "failfast pending" condition.
15196 		 */
15197 		un->un_failfast_state = SD_FAILFAST_INACTIVE;
15198 	}
15199 
15200 
15201 	/*
15202 	 * Check the specified retry count to see if we can still do
15203 	 * any retries with this pkt before we should fail it.
15204 	 */
15205 	switch (retry_check_flag & SD_RETRIES_MASK) {
15206 	case SD_RETRIES_VICTIM:
15207 		/*
15208 		 * Check the victim retry count. If exhausted, then fall
15209 		 * thru & check against the standard retry count.
15210 		 */
15211 		if (xp->xb_victim_retry_count < un->un_victim_retry_count) {
15212 			/* Increment count & proceed with the retry */
15213 			xp->xb_victim_retry_count++;
15214 			break;
15215 		}
15216 		/* Victim retries exhausted, fall back to std. retries... */
15217 		/* FALLTHRU */
15218 
15219 	case SD_RETRIES_STANDARD:
15220 		if (xp->xb_retry_count >= un->un_retry_count) {
15221 			/* Retries exhausted, fail the command */
15222 			SD_TRACE(SD_LOG_IO_CORE, un,
15223 			    "sd_retry_command: retries exhausted!\n");
15224 			/*
15225 			 * update b_resid for failed SCMD_READ & SCMD_WRITE
15226 			 * commands with nonzero pkt_resid.
15227 			 */
15228 			if ((pktp->pkt_reason == CMD_CMPLT) &&
15229 			    (SD_GET_PKT_STATUS(pktp) == STATUS_GOOD) &&
15230 			    (pktp->pkt_resid != 0)) {
15231 				uchar_t op = SD_GET_PKT_OPCODE(pktp) & 0x1F;
15232 				if ((op == SCMD_READ) || (op == SCMD_WRITE)) {
15233 					SD_UPDATE_B_RESID(bp, pktp);
15234 				}
15235 			}
15236 			goto fail_command;
15237 		}
15238 		xp->xb_retry_count++;
15239 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15240 		    "sd_retry_command: retry count:%d\n", xp->xb_retry_count);
15241 		break;
15242 
15243 	case SD_RETRIES_UA:
15244 		if (xp->xb_ua_retry_count >= sd_ua_retry_count) {
15245 			/* Retries exhausted, fail the command */
15246 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
15247 			    "Unit Attention retries exhausted. "
15248 			    "Check the target.\n");
15249 			goto fail_command;
15250 		}
15251 		xp->xb_ua_retry_count++;
15252 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15253 		    "sd_retry_command: retry count:%d\n",
15254 			xp->xb_ua_retry_count);
15255 		break;
15256 
15257 	case SD_RETRIES_BUSY:
15258 		if (xp->xb_retry_count >= un->un_busy_retry_count) {
15259 			/* Retries exhausted, fail the command */
15260 			SD_TRACE(SD_LOG_IO_CORE, un,
15261 			    "sd_retry_command: retries exhausted!\n");
15262 			goto fail_command;
15263 		}
15264 		xp->xb_retry_count++;
15265 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15266 		    "sd_retry_command: retry count:%d\n", xp->xb_retry_count);
15267 		break;
15268 
15269 	case SD_RETRIES_NOCHECK:
15270 	default:
15271 		/* No retry count to check. Just proceed with the retry */
15272 		break;
15273 	}
15274 
15275 	xp->xb_pktp->pkt_flags |= FLAG_HEAD;
15276 
15277 	/*
15278 	 * If we were given a zero timeout, we must attempt to retry the
15279 	 * command immediately (ie, without a delay).
15280 	 */
15281 	if (retry_delay == 0) {
15282 		/*
15283 		 * Check some limiting conditions to see if we can actually
15284 		 * do the immediate retry.  If we cannot, then we must
15285 		 * fall back to queueing up a delayed retry.
15286 		 */
15287 		if (un->un_ncmds_in_transport >= un->un_throttle) {
15288 			/*
15289 			 * We are at the throttle limit for the target,
15290 			 * fall back to delayed retry.
15291 			 */
15292 			retry_delay = SD_BSY_TIMEOUT;
15293 			statp = kstat_waitq_enter;
15294 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15295 			    "sd_retry_command: immed. retry hit "
15296 			    "throttle!\n");
15297 		} else {
15298 			/*
15299 			 * We're clear to proceed with the immediate retry.
15300 			 * First call the user-provided function (if any)
15301 			 */
15302 			if (user_funcp != NULL) {
15303 				(*user_funcp)(un, bp, user_arg,
15304 				    SD_IMMEDIATE_RETRY_ISSUED);
15305 #ifdef __lock_lint
15306 				sd_print_incomplete_msg(un, bp, user_arg,
15307 				    SD_IMMEDIATE_RETRY_ISSUED);
15308 				sd_print_cmd_incomplete_msg(un, bp, user_arg,
15309 				    SD_IMMEDIATE_RETRY_ISSUED);
15310 				sd_print_sense_failed_msg(un, bp, user_arg,
15311 				    SD_IMMEDIATE_RETRY_ISSUED);
15312 #endif
15313 			}
15314 
15315 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15316 			    "sd_retry_command: issuing immediate retry\n");
15317 
15318 			/*
15319 			 * Call sd_start_cmds() to transport the command to
15320 			 * the target.
15321 			 */
15322 			sd_start_cmds(un, bp);
15323 
15324 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15325 			    "sd_retry_command exit\n");
15326 			return;
15327 		}
15328 	}
15329 
15330 	/*
15331 	 * Set up to retry the command after a delay.
15332 	 * First call the user-provided function (if any)
15333 	 */
15334 	if (user_funcp != NULL) {
15335 		(*user_funcp)(un, bp, user_arg, SD_DELAYED_RETRY_ISSUED);
15336 	}
15337 
15338 	sd_set_retry_bp(un, bp, retry_delay, statp);
15339 
15340 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: exit\n");
15341 	return;
15342 
15343 fail_command:
15344 
15345 	if (user_funcp != NULL) {
15346 		(*user_funcp)(un, bp, user_arg, SD_NO_RETRY_ISSUED);
15347 	}
15348 
15349 fail_command_no_log:
15350 
15351 	SD_INFO(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15352 	    "sd_retry_command: returning failed command\n");
15353 
15354 	sd_return_failed_command(un, bp, failure_code);
15355 
15356 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: exit\n");
15357 }
15358 
15359 
15360 /*
15361  *    Function: sd_set_retry_bp
15362  *
15363  * Description: Set up the given bp for retry.
15364  *
15365  *   Arguments: un - ptr to associated softstate
15366  *		bp - ptr to buf(9S) for the command
15367  *		retry_delay - time interval before issuing retry (may be 0)
15368  *		statp - optional pointer to kstat function
15369  *
15370  *     Context: May be called under interrupt context
15371  */
15372 
15373 static void
15374 sd_set_retry_bp(struct sd_lun *un, struct buf *bp, clock_t retry_delay,
15375 	void (*statp)(kstat_io_t *))
15376 {
15377 	ASSERT(un != NULL);
15378 	ASSERT(mutex_owned(SD_MUTEX(un)));
15379 	ASSERT(bp != NULL);
15380 
15381 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
15382 	    "sd_set_retry_bp: entry: un:0x%p bp:0x%p\n", un, bp);
15383 
15384 	/*
15385 	 * Indicate that the command is being retried. This will not allow any
15386 	 * other commands on the wait queue to be transported to the target
15387 	 * until this command has been completed (success or failure). The
15388 	 * "retry command" is not transported to the target until the given
15389 	 * time delay expires, unless the user specified a 0 retry_delay.
15390 	 *
15391 	 * Note: the timeout(9F) callback routine is what actually calls
15392 	 * sd_start_cmds() to transport the command, with the exception of a
15393 	 * zero retry_delay. The only current implementor of a zero retry delay
15394 	 * is the case where a START_STOP_UNIT is sent to spin-up a device.
15395 	 */
15396 	if (un->un_retry_bp == NULL) {
15397 		ASSERT(un->un_retry_statp == NULL);
15398 		un->un_retry_bp = bp;
15399 
15400 		/*
15401 		 * If the user has not specified a delay the command should
15402 		 * be queued and no timeout should be scheduled.
15403 		 */
15404 		if (retry_delay == 0) {
15405 			/*
15406 			 * Save the kstat pointer that will be used in the
15407 			 * call to SD_UPDATE_KSTATS() below, so that
15408 			 * sd_start_cmds() can correctly decrement the waitq
15409 			 * count when it is time to transport this command.
15410 			 */
15411 			un->un_retry_statp = statp;
15412 			goto done;
15413 		}
15414 	}
15415 
15416 	if (un->un_retry_bp == bp) {
15417 		/*
15418 		 * Save the kstat pointer that will be used in the call to
15419 		 * SD_UPDATE_KSTATS() below, so that sd_start_cmds() can
15420 		 * correctly decrement the waitq count when it is time to
15421 		 * transport this command.
15422 		 */
15423 		un->un_retry_statp = statp;
15424 
15425 		/*
15426 		 * Schedule a timeout if:
15427 		 *   1) The user has specified a delay.
15428 		 *   2) There is not a START_STOP_UNIT callback pending.
15429 		 *
15430 		 * If no delay has been specified, then it is up to the caller
15431 		 * to ensure that IO processing continues without stalling.
15432 		 * Effectively, this means that the caller will issue the
15433 		 * required call to sd_start_cmds(). The START_STOP_UNIT
15434 		 * callback does this after the START STOP UNIT command has
15435 		 * completed. In either of these cases we should not schedule
15436 		 * a timeout callback here.  Also don't schedule the timeout if
15437 		 * an SD_PATH_DIRECT_PRIORITY command is waiting to restart.
15438 		 */
15439 		if ((retry_delay != 0) && (un->un_startstop_timeid == NULL) &&
15440 		    (un->un_direct_priority_timeid == NULL)) {
15441 			un->un_retry_timeid =
15442 			    timeout(sd_start_retry_command, un, retry_delay);
15443 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15444 			    "sd_set_retry_bp: setting timeout: un: 0x%p"
15445 			    " bp:0x%p un_retry_timeid:0x%p\n",
15446 			    un, bp, un->un_retry_timeid);
15447 		}
15448 	} else {
15449 		/*
15450 		 * We only get in here if there is already another command
15451 		 * waiting to be retried.  In this case, we just put the
15452 		 * given command onto the wait queue, so it can be transported
15453 		 * after the current retry command has completed.
15454 		 *
15455 		 * Also we have to make sure that if the command at the head
15456 		 * of the wait queue is the un_failfast_bp, that we do not
15457 		 * put ahead of it any other commands that are to be retried.
15458 		 */
15459 		if ((un->un_failfast_bp != NULL) &&
15460 		    (un->un_failfast_bp == un->un_waitq_headp)) {
15461 			/*
15462 			 * Enqueue this command AFTER the first command on
15463 			 * the wait queue (which is also un_failfast_bp).
15464 			 */
15465 			bp->av_forw = un->un_waitq_headp->av_forw;
15466 			un->un_waitq_headp->av_forw = bp;
15467 			if (un->un_waitq_headp == un->un_waitq_tailp) {
15468 				un->un_waitq_tailp = bp;
15469 			}
15470 		} else {
15471 			/* Enqueue this command at the head of the waitq. */
15472 			bp->av_forw = un->un_waitq_headp;
15473 			un->un_waitq_headp = bp;
15474 			if (un->un_waitq_tailp == NULL) {
15475 				un->un_waitq_tailp = bp;
15476 			}
15477 		}
15478 
15479 		if (statp == NULL) {
15480 			statp = kstat_waitq_enter;
15481 		}
15482 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15483 		    "sd_set_retry_bp: un:0x%p already delayed retry\n", un);
15484 	}
15485 
15486 done:
15487 	if (statp != NULL) {
15488 		SD_UPDATE_KSTATS(un, statp, bp);
15489 	}
15490 
15491 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15492 	    "sd_set_retry_bp: exit un:0x%p\n", un);
15493 }
15494 
15495 
15496 /*
15497  *    Function: sd_start_retry_command
15498  *
15499  * Description: Start the command that has been waiting on the target's
15500  *		retry queue.  Called from timeout(9F) context after the
15501  *		retry delay interval has expired.
15502  *
15503  *   Arguments: arg - pointer to associated softstate for the device.
15504  *
15505  *     Context: timeout(9F) thread context.  May not sleep.
15506  */
15507 
15508 static void
15509 sd_start_retry_command(void *arg)
15510 {
15511 	struct sd_lun *un = arg;
15512 
15513 	ASSERT(un != NULL);
15514 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15515 
15516 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15517 	    "sd_start_retry_command: entry\n");
15518 
15519 	mutex_enter(SD_MUTEX(un));
15520 
15521 	un->un_retry_timeid = NULL;
15522 
15523 	if (un->un_retry_bp != NULL) {
15524 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15525 		    "sd_start_retry_command: un:0x%p STARTING bp:0x%p\n",
15526 		    un, un->un_retry_bp);
15527 		sd_start_cmds(un, un->un_retry_bp);
15528 	}
15529 
15530 	mutex_exit(SD_MUTEX(un));
15531 
15532 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15533 	    "sd_start_retry_command: exit\n");
15534 }
15535 
15536 
15537 /*
15538  *    Function: sd_start_direct_priority_command
15539  *
15540  * Description: Used to re-start an SD_PATH_DIRECT_PRIORITY command that had
15541  *		received TRAN_BUSY when we called scsi_transport() to send it
15542  *		to the underlying HBA. This function is called from timeout(9F)
15543  *		context after the delay interval has expired.
15544  *
15545  *   Arguments: arg - pointer to associated buf(9S) to be restarted.
15546  *
15547  *     Context: timeout(9F) thread context.  May not sleep.
15548  */
15549 
15550 static void
15551 sd_start_direct_priority_command(void *arg)
15552 {
15553 	struct buf	*priority_bp = arg;
15554 	struct sd_lun	*un;
15555 
15556 	ASSERT(priority_bp != NULL);
15557 	un = SD_GET_UN(priority_bp);
15558 	ASSERT(un != NULL);
15559 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15560 
15561 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15562 	    "sd_start_direct_priority_command: entry\n");
15563 
15564 	mutex_enter(SD_MUTEX(un));
15565 	un->un_direct_priority_timeid = NULL;
15566 	sd_start_cmds(un, priority_bp);
15567 	mutex_exit(SD_MUTEX(un));
15568 
15569 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15570 	    "sd_start_direct_priority_command: exit\n");
15571 }
15572 
15573 
15574 /*
15575  *    Function: sd_send_request_sense_command
15576  *
15577  * Description: Sends a REQUEST SENSE command to the target
15578  *
15579  *     Context: May be called from interrupt context.
15580  */
15581 
15582 static void
15583 sd_send_request_sense_command(struct sd_lun *un, struct buf *bp,
15584 	struct scsi_pkt *pktp)
15585 {
15586 	ASSERT(bp != NULL);
15587 	ASSERT(un != NULL);
15588 	ASSERT(mutex_owned(SD_MUTEX(un)));
15589 
15590 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_send_request_sense_command: "
15591 	    "entry: buf:0x%p\n", bp);
15592 
15593 	/*
15594 	 * If we are syncing or dumping, then fail the command to avoid a
15595 	 * recursive callback into scsi_transport(). Also fail the command
15596 	 * if we are suspended (legacy behavior).
15597 	 */
15598 	if (ddi_in_panic() || (un->un_state == SD_STATE_SUSPENDED) ||
15599 	    (un->un_state == SD_STATE_DUMPING)) {
15600 		sd_return_failed_command(un, bp, EIO);
15601 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15602 		    "sd_send_request_sense_command: syncing/dumping, exit\n");
15603 		return;
15604 	}
15605 
15606 	/*
15607 	 * Retry the failed command and don't issue the request sense if:
15608 	 *    1) the sense buf is busy
15609 	 *    2) we have 1 or more outstanding commands on the target
15610 	 *    (the sense data will be cleared or invalidated any way)
15611 	 *
15612 	 * Note: There could be an issue with not checking a retry limit here,
15613 	 * the problem is determining which retry limit to check.
15614 	 */
15615 	if ((un->un_sense_isbusy != 0) || (un->un_ncmds_in_transport > 0)) {
15616 		/* Don't retry if the command is flagged as non-retryable */
15617 		if ((pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
15618 			sd_retry_command(un, bp, SD_RETRIES_NOCHECK,
15619 			    NULL, NULL, 0, SD_BSY_TIMEOUT, kstat_waitq_enter);
15620 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15621 			    "sd_send_request_sense_command: "
15622 			    "at full throttle, retrying exit\n");
15623 		} else {
15624 			sd_return_failed_command(un, bp, EIO);
15625 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15626 			    "sd_send_request_sense_command: "
15627 			    "at full throttle, non-retryable exit\n");
15628 		}
15629 		return;
15630 	}
15631 
15632 	sd_mark_rqs_busy(un, bp);
15633 	sd_start_cmds(un, un->un_rqs_bp);
15634 
15635 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15636 	    "sd_send_request_sense_command: exit\n");
15637 }
15638 
15639 
15640 /*
15641  *    Function: sd_mark_rqs_busy
15642  *
15643  * Description: Indicate that the request sense bp for this instance is
15644  *		in use.
15645  *
15646  *     Context: May be called under interrupt context
15647  */
15648 
15649 static void
15650 sd_mark_rqs_busy(struct sd_lun *un, struct buf *bp)
15651 {
15652 	struct sd_xbuf	*sense_xp;
15653 
15654 	ASSERT(un != NULL);
15655 	ASSERT(bp != NULL);
15656 	ASSERT(mutex_owned(SD_MUTEX(un)));
15657 	ASSERT(un->un_sense_isbusy == 0);
15658 
15659 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_mark_rqs_busy: entry: "
15660 	    "buf:0x%p xp:0x%p un:0x%p\n", bp, SD_GET_XBUF(bp), un);
15661 
15662 	sense_xp = SD_GET_XBUF(un->un_rqs_bp);
15663 	ASSERT(sense_xp != NULL);
15664 
15665 	SD_INFO(SD_LOG_IO, un,
15666 	    "sd_mark_rqs_busy: entry: sense_xp:0x%p\n", sense_xp);
15667 
15668 	ASSERT(sense_xp->xb_pktp != NULL);
15669 	ASSERT((sense_xp->xb_pktp->pkt_flags & (FLAG_SENSING | FLAG_HEAD))
15670 	    == (FLAG_SENSING | FLAG_HEAD));
15671 
15672 	un->un_sense_isbusy = 1;
15673 	un->un_rqs_bp->b_resid = 0;
15674 	sense_xp->xb_pktp->pkt_resid  = 0;
15675 	sense_xp->xb_pktp->pkt_reason = 0;
15676 
15677 	/* So we can get back the bp at interrupt time! */
15678 	sense_xp->xb_sense_bp = bp;
15679 
15680 	bzero(un->un_rqs_bp->b_un.b_addr, SENSE_LENGTH);
15681 
15682 	/*
15683 	 * Mark this buf as awaiting sense data. (This is already set in
15684 	 * the pkt_flags for the RQS packet.)
15685 	 */
15686 	((SD_GET_XBUF(bp))->xb_pktp)->pkt_flags |= FLAG_SENSING;
15687 
15688 	sense_xp->xb_retry_count	= 0;
15689 	sense_xp->xb_victim_retry_count = 0;
15690 	sense_xp->xb_ua_retry_count	= 0;
15691 	sense_xp->xb_dma_resid  = 0;
15692 
15693 	/* Clean up the fields for auto-request sense */
15694 	sense_xp->xb_sense_status = 0;
15695 	sense_xp->xb_sense_state  = 0;
15696 	sense_xp->xb_sense_resid  = 0;
15697 	bzero(sense_xp->xb_sense_data, sizeof (sense_xp->xb_sense_data));
15698 
15699 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_mark_rqs_busy: exit\n");
15700 }
15701 
15702 
15703 /*
15704  *    Function: sd_mark_rqs_idle
15705  *
15706  * Description: SD_MUTEX must be held continuously through this routine
15707  *		to prevent reuse of the rqs struct before the caller can
15708  *		complete it's processing.
15709  *
15710  * Return Code: Pointer to the RQS buf
15711  *
15712  *     Context: May be called under interrupt context
15713  */
15714 
15715 static struct buf *
15716 sd_mark_rqs_idle(struct sd_lun *un, struct sd_xbuf *sense_xp)
15717 {
15718 	struct buf *bp;
15719 	ASSERT(un != NULL);
15720 	ASSERT(sense_xp != NULL);
15721 	ASSERT(mutex_owned(SD_MUTEX(un)));
15722 	ASSERT(un->un_sense_isbusy != 0);
15723 
15724 	un->un_sense_isbusy = 0;
15725 	bp = sense_xp->xb_sense_bp;
15726 	sense_xp->xb_sense_bp = NULL;
15727 
15728 	/* This pkt is no longer interested in getting sense data */
15729 	((SD_GET_XBUF(bp))->xb_pktp)->pkt_flags &= ~FLAG_SENSING;
15730 
15731 	return (bp);
15732 }
15733 
15734 
15735 
15736 /*
15737  *    Function: sd_alloc_rqs
15738  *
15739  * Description: Set up the unit to receive auto request sense data
15740  *
15741  * Return Code: DDI_SUCCESS or DDI_FAILURE
15742  *
15743  *     Context: Called under attach(9E) context
15744  */
15745 
15746 static int
15747 sd_alloc_rqs(struct scsi_device *devp, struct sd_lun *un)
15748 {
15749 	struct sd_xbuf *xp;
15750 
15751 	ASSERT(un != NULL);
15752 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15753 	ASSERT(un->un_rqs_bp == NULL);
15754 	ASSERT(un->un_rqs_pktp == NULL);
15755 
15756 	/*
15757 	 * First allocate the required buf and scsi_pkt structs, then set up
15758 	 * the CDB in the scsi_pkt for a REQUEST SENSE command.
15759 	 */
15760 	un->un_rqs_bp = scsi_alloc_consistent_buf(&devp->sd_address, NULL,
15761 	    SENSE_LENGTH, B_READ, SLEEP_FUNC, NULL);
15762 	if (un->un_rqs_bp == NULL) {
15763 		return (DDI_FAILURE);
15764 	}
15765 
15766 	un->un_rqs_pktp = scsi_init_pkt(&devp->sd_address, NULL, un->un_rqs_bp,
15767 	    CDB_GROUP0, 1, 0, PKT_CONSISTENT, SLEEP_FUNC, NULL);
15768 
15769 	if (un->un_rqs_pktp == NULL) {
15770 		sd_free_rqs(un);
15771 		return (DDI_FAILURE);
15772 	}
15773 
15774 	/* Set up the CDB in the scsi_pkt for a REQUEST SENSE command. */
15775 	(void) scsi_setup_cdb((union scsi_cdb *)un->un_rqs_pktp->pkt_cdbp,
15776 	    SCMD_REQUEST_SENSE, 0, SENSE_LENGTH, 0);
15777 
15778 	SD_FILL_SCSI1_LUN(un, un->un_rqs_pktp);
15779 
15780 	/* Set up the other needed members in the ARQ scsi_pkt. */
15781 	un->un_rqs_pktp->pkt_comp   = sdintr;
15782 	un->un_rqs_pktp->pkt_time   = sd_io_time;
15783 	un->un_rqs_pktp->pkt_flags |=
15784 	    (FLAG_SENSING | FLAG_HEAD);	/* (1222170) */
15785 
15786 	/*
15787 	 * Allocate  & init the sd_xbuf struct for the RQS command. Do not
15788 	 * provide any intpkt, destroypkt routines as we take care of
15789 	 * scsi_pkt allocation/freeing here and in sd_free_rqs().
15790 	 */
15791 	xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
15792 	sd_xbuf_init(un, un->un_rqs_bp, xp, SD_CHAIN_NULL, NULL);
15793 	xp->xb_pktp = un->un_rqs_pktp;
15794 	SD_INFO(SD_LOG_ATTACH_DETACH, un,
15795 	    "sd_alloc_rqs: un 0x%p, rqs  xp 0x%p,  pkt 0x%p,  buf 0x%p\n",
15796 	    un, xp, un->un_rqs_pktp, un->un_rqs_bp);
15797 
15798 	/*
15799 	 * Save the pointer to the request sense private bp so it can
15800 	 * be retrieved in sdintr.
15801 	 */
15802 	un->un_rqs_pktp->pkt_private = un->un_rqs_bp;
15803 	ASSERT(un->un_rqs_bp->b_private == xp);
15804 
15805 	/*
15806 	 * See if the HBA supports auto-request sense for the specified
15807 	 * target/lun. If it does, then try to enable it (if not already
15808 	 * enabled).
15809 	 *
15810 	 * Note: For some HBAs (ifp & sf), scsi_ifsetcap will always return
15811 	 * failure, while for other HBAs (pln) scsi_ifsetcap will always
15812 	 * return success.  However, in both of these cases ARQ is always
15813 	 * enabled and scsi_ifgetcap will always return true. The best approach
15814 	 * is to issue the scsi_ifgetcap() first, then try the scsi_ifsetcap().
15815 	 *
15816 	 * The 3rd case is the HBA (adp) always return enabled on
15817 	 * scsi_ifgetgetcap even when it's not enable, the best approach
15818 	 * is issue a scsi_ifsetcap then a scsi_ifgetcap
15819 	 * Note: this case is to circumvent the Adaptec bug. (x86 only)
15820 	 */
15821 
15822 	if (un->un_f_is_fibre == TRUE) {
15823 		un->un_f_arq_enabled = TRUE;
15824 	} else {
15825 #if defined(__i386) || defined(__amd64)
15826 		/*
15827 		 * Circumvent the Adaptec bug, remove this code when
15828 		 * the bug is fixed
15829 		 */
15830 		(void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 1, 1);
15831 #endif
15832 		switch (scsi_ifgetcap(SD_ADDRESS(un), "auto-rqsense", 1)) {
15833 		case 0:
15834 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15835 				"sd_alloc_rqs: HBA supports ARQ\n");
15836 			/*
15837 			 * ARQ is supported by this HBA but currently is not
15838 			 * enabled. Attempt to enable it and if successful then
15839 			 * mark this instance as ARQ enabled.
15840 			 */
15841 			if (scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 1, 1)
15842 				== 1) {
15843 				/* Successfully enabled ARQ in the HBA */
15844 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
15845 					"sd_alloc_rqs: ARQ enabled\n");
15846 				un->un_f_arq_enabled = TRUE;
15847 			} else {
15848 				/* Could not enable ARQ in the HBA */
15849 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
15850 				"sd_alloc_rqs: failed ARQ enable\n");
15851 				un->un_f_arq_enabled = FALSE;
15852 			}
15853 			break;
15854 		case 1:
15855 			/*
15856 			 * ARQ is supported by this HBA and is already enabled.
15857 			 * Just mark ARQ as enabled for this instance.
15858 			 */
15859 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15860 				"sd_alloc_rqs: ARQ already enabled\n");
15861 			un->un_f_arq_enabled = TRUE;
15862 			break;
15863 		default:
15864 			/*
15865 			 * ARQ is not supported by this HBA; disable it for this
15866 			 * instance.
15867 			 */
15868 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15869 				"sd_alloc_rqs: HBA does not support ARQ\n");
15870 			un->un_f_arq_enabled = FALSE;
15871 			break;
15872 		}
15873 	}
15874 
15875 	return (DDI_SUCCESS);
15876 }
15877 
15878 
15879 /*
15880  *    Function: sd_free_rqs
15881  *
15882  * Description: Cleanup for the pre-instance RQS command.
15883  *
15884  *     Context: Kernel thread context
15885  */
15886 
15887 static void
15888 sd_free_rqs(struct sd_lun *un)
15889 {
15890 	ASSERT(un != NULL);
15891 
15892 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_free_rqs: entry\n");
15893 
15894 	/*
15895 	 * If consistent memory is bound to a scsi_pkt, the pkt
15896 	 * has to be destroyed *before* freeing the consistent memory.
15897 	 * Don't change the sequence of this operations.
15898 	 * scsi_destroy_pkt() might access memory, which isn't allowed,
15899 	 * after it was freed in scsi_free_consistent_buf().
15900 	 */
15901 	if (un->un_rqs_pktp != NULL) {
15902 		scsi_destroy_pkt(un->un_rqs_pktp);
15903 		un->un_rqs_pktp = NULL;
15904 	}
15905 
15906 	if (un->un_rqs_bp != NULL) {
15907 		kmem_free(SD_GET_XBUF(un->un_rqs_bp), sizeof (struct sd_xbuf));
15908 		scsi_free_consistent_buf(un->un_rqs_bp);
15909 		un->un_rqs_bp = NULL;
15910 	}
15911 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_free_rqs: exit\n");
15912 }
15913 
15914 
15915 
15916 /*
15917  *    Function: sd_reduce_throttle
15918  *
15919  * Description: Reduces the maximun # of outstanding commands on a
15920  *		target to the current number of outstanding commands.
15921  *		Queues a tiemout(9F) callback to restore the limit
15922  *		after a specified interval has elapsed.
15923  *		Typically used when we get a TRAN_BUSY return code
15924  *		back from scsi_transport().
15925  *
15926  *   Arguments: un - ptr to the sd_lun softstate struct
15927  *		throttle_type: SD_THROTTLE_TRAN_BUSY or SD_THROTTLE_QFULL
15928  *
15929  *     Context: May be called from interrupt context
15930  */
15931 
15932 static void
15933 sd_reduce_throttle(struct sd_lun *un, int throttle_type)
15934 {
15935 	ASSERT(un != NULL);
15936 	ASSERT(mutex_owned(SD_MUTEX(un)));
15937 	ASSERT(un->un_ncmds_in_transport >= 0);
15938 
15939 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reduce_throttle: "
15940 	    "entry: un:0x%p un_throttle:%d un_ncmds_in_transport:%d\n",
15941 	    un, un->un_throttle, un->un_ncmds_in_transport);
15942 
15943 	if (un->un_throttle > 1) {
15944 		if (un->un_f_use_adaptive_throttle == TRUE) {
15945 			switch (throttle_type) {
15946 			case SD_THROTTLE_TRAN_BUSY:
15947 				if (un->un_busy_throttle == 0) {
15948 					un->un_busy_throttle = un->un_throttle;
15949 				}
15950 				break;
15951 			case SD_THROTTLE_QFULL:
15952 				un->un_busy_throttle = 0;
15953 				break;
15954 			default:
15955 				ASSERT(FALSE);
15956 			}
15957 
15958 			if (un->un_ncmds_in_transport > 0) {
15959 			    un->un_throttle = un->un_ncmds_in_transport;
15960 			}
15961 
15962 		} else {
15963 			if (un->un_ncmds_in_transport == 0) {
15964 				un->un_throttle = 1;
15965 			} else {
15966 				un->un_throttle = un->un_ncmds_in_transport;
15967 			}
15968 		}
15969 	}
15970 
15971 	/* Reschedule the timeout if none is currently active */
15972 	if (un->un_reset_throttle_timeid == NULL) {
15973 		un->un_reset_throttle_timeid = timeout(sd_restore_throttle,
15974 		    un, SD_THROTTLE_RESET_INTERVAL);
15975 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15976 		    "sd_reduce_throttle: timeout scheduled!\n");
15977 	}
15978 
15979 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reduce_throttle: "
15980 	    "exit: un:0x%p un_throttle:%d\n", un, un->un_throttle);
15981 }
15982 
15983 
15984 
15985 /*
15986  *    Function: sd_restore_throttle
15987  *
15988  * Description: Callback function for timeout(9F).  Resets the current
15989  *		value of un->un_throttle to its default.
15990  *
15991  *   Arguments: arg - pointer to associated softstate for the device.
15992  *
15993  *     Context: May be called from interrupt context
15994  */
15995 
15996 static void
15997 sd_restore_throttle(void *arg)
15998 {
15999 	struct sd_lun	*un = arg;
16000 
16001 	ASSERT(un != NULL);
16002 	ASSERT(!mutex_owned(SD_MUTEX(un)));
16003 
16004 	mutex_enter(SD_MUTEX(un));
16005 
16006 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: "
16007 	    "entry: un:0x%p un_throttle:%d\n", un, un->un_throttle);
16008 
16009 	un->un_reset_throttle_timeid = NULL;
16010 
16011 	if (un->un_f_use_adaptive_throttle == TRUE) {
16012 		/*
16013 		 * If un_busy_throttle is nonzero, then it contains the
16014 		 * value that un_throttle was when we got a TRAN_BUSY back
16015 		 * from scsi_transport(). We want to revert back to this
16016 		 * value.
16017 		 *
16018 		 * In the QFULL case, the throttle limit will incrementally
16019 		 * increase until it reaches max throttle.
16020 		 */
16021 		if (un->un_busy_throttle > 0) {
16022 			un->un_throttle = un->un_busy_throttle;
16023 			un->un_busy_throttle = 0;
16024 		} else {
16025 			/*
16026 			 * increase throttle by 10% open gate slowly, schedule
16027 			 * another restore if saved throttle has not been
16028 			 * reached
16029 			 */
16030 			short throttle;
16031 			if (sd_qfull_throttle_enable) {
16032 				throttle = un->un_throttle +
16033 				    max((un->un_throttle / 10), 1);
16034 				un->un_throttle =
16035 				    (throttle < un->un_saved_throttle) ?
16036 				    throttle : un->un_saved_throttle;
16037 				if (un->un_throttle < un->un_saved_throttle) {
16038 				    un->un_reset_throttle_timeid =
16039 					timeout(sd_restore_throttle,
16040 					un, SD_QFULL_THROTTLE_RESET_INTERVAL);
16041 				}
16042 			}
16043 		}
16044 
16045 		/*
16046 		 * If un_throttle has fallen below the low-water mark, we
16047 		 * restore the maximum value here (and allow it to ratchet
16048 		 * down again if necessary).
16049 		 */
16050 		if (un->un_throttle < un->un_min_throttle) {
16051 			un->un_throttle = un->un_saved_throttle;
16052 		}
16053 	} else {
16054 		SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: "
16055 		    "restoring limit from 0x%x to 0x%x\n",
16056 		    un->un_throttle, un->un_saved_throttle);
16057 		un->un_throttle = un->un_saved_throttle;
16058 	}
16059 
16060 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
16061 	    "sd_restore_throttle: calling sd_start_cmds!\n");
16062 
16063 	sd_start_cmds(un, NULL);
16064 
16065 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
16066 	    "sd_restore_throttle: exit: un:0x%p un_throttle:%d\n",
16067 	    un, un->un_throttle);
16068 
16069 	mutex_exit(SD_MUTEX(un));
16070 
16071 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: exit\n");
16072 }
16073 
16074 /*
16075  *    Function: sdrunout
16076  *
16077  * Description: Callback routine for scsi_init_pkt when a resource allocation
16078  *		fails.
16079  *
16080  *   Arguments: arg - a pointer to the sd_lun unit struct for the particular
16081  *		soft state instance.
16082  *
16083  * Return Code: The scsi_init_pkt routine allows for the callback function to
16084  *		return a 0 indicating the callback should be rescheduled or a 1
16085  *		indicating not to reschedule. This routine always returns 1
16086  *		because the driver always provides a callback function to
16087  *		scsi_init_pkt. This results in a callback always being scheduled
16088  *		(via the scsi_init_pkt callback implementation) if a resource
16089  *		failure occurs.
16090  *
16091  *     Context: This callback function may not block or call routines that block
16092  *
16093  *        Note: Using the scsi_init_pkt callback facility can result in an I/O
16094  *		request persisting at the head of the list which cannot be
16095  *		satisfied even after multiple retries. In the future the driver
16096  *		may implement some time of maximum runout count before failing
16097  *		an I/O.
16098  */
16099 
16100 static int
16101 sdrunout(caddr_t arg)
16102 {
16103 	struct sd_lun	*un = (struct sd_lun *)arg;
16104 
16105 	ASSERT(un != NULL);
16106 	ASSERT(!mutex_owned(SD_MUTEX(un)));
16107 
16108 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdrunout: entry\n");
16109 
16110 	mutex_enter(SD_MUTEX(un));
16111 	sd_start_cmds(un, NULL);
16112 	mutex_exit(SD_MUTEX(un));
16113 	/*
16114 	 * This callback routine always returns 1 (i.e. do not reschedule)
16115 	 * because we always specify sdrunout as the callback handler for
16116 	 * scsi_init_pkt inside the call to sd_start_cmds.
16117 	 */
16118 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdrunout: exit\n");
16119 	return (1);
16120 }
16121 
16122 
16123 /*
16124  *    Function: sdintr
16125  *
16126  * Description: Completion callback routine for scsi_pkt(9S) structs
16127  *		sent to the HBA driver via scsi_transport(9F).
16128  *
16129  *     Context: Interrupt context
16130  */
16131 
16132 static void
16133 sdintr(struct scsi_pkt *pktp)
16134 {
16135 	struct buf	*bp;
16136 	struct sd_xbuf	*xp;
16137 	struct sd_lun	*un;
16138 
16139 	ASSERT(pktp != NULL);
16140 	bp = (struct buf *)pktp->pkt_private;
16141 	ASSERT(bp != NULL);
16142 	xp = SD_GET_XBUF(bp);
16143 	ASSERT(xp != NULL);
16144 	ASSERT(xp->xb_pktp != NULL);
16145 	un = SD_GET_UN(bp);
16146 	ASSERT(un != NULL);
16147 	ASSERT(!mutex_owned(SD_MUTEX(un)));
16148 
16149 #ifdef SD_FAULT_INJECTION
16150 
16151 	SD_INFO(SD_LOG_IOERR, un, "sdintr: sdintr calling Fault injection\n");
16152 	/* SD FaultInjection */
16153 	sd_faultinjection(pktp);
16154 
16155 #endif /* SD_FAULT_INJECTION */
16156 
16157 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdintr: entry: buf:0x%p,"
16158 	    " xp:0x%p, un:0x%p\n", bp, xp, un);
16159 
16160 	mutex_enter(SD_MUTEX(un));
16161 
16162 	/* Reduce the count of the #commands currently in transport */
16163 	un->un_ncmds_in_transport--;
16164 	ASSERT(un->un_ncmds_in_transport >= 0);
16165 
16166 	/* Increment counter to indicate that the callback routine is active */
16167 	un->un_in_callback++;
16168 
16169 	SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
16170 
16171 #ifdef	SDDEBUG
16172 	if (bp == un->un_retry_bp) {
16173 		SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sdintr: "
16174 		    "un:0x%p: GOT retry_bp:0x%p un_ncmds_in_transport:%d\n",
16175 		    un, un->un_retry_bp, un->un_ncmds_in_transport);
16176 	}
16177 #endif
16178 
16179 	/*
16180 	 * If pkt_reason is CMD_DEV_GONE, just fail the command
16181 	 */
16182 	if (pktp->pkt_reason == CMD_DEV_GONE) {
16183 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16184 			    "Device is gone\n");
16185 		sd_return_failed_command(un, bp, EIO);
16186 		goto exit;
16187 	}
16188 
16189 	/*
16190 	 * First see if the pkt has auto-request sense data with it....
16191 	 * Look at the packet state first so we don't take a performance
16192 	 * hit looking at the arq enabled flag unless absolutely necessary.
16193 	 */
16194 	if ((pktp->pkt_state & STATE_ARQ_DONE) &&
16195 	    (un->un_f_arq_enabled == TRUE)) {
16196 		/*
16197 		 * The HBA did an auto request sense for this command so check
16198 		 * for FLAG_DIAGNOSE. If set this indicates a uscsi or internal
16199 		 * driver command that should not be retried.
16200 		 */
16201 		if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
16202 			/*
16203 			 * Save the relevant sense info into the xp for the
16204 			 * original cmd.
16205 			 */
16206 			struct scsi_arq_status *asp;
16207 			asp = (struct scsi_arq_status *)(pktp->pkt_scbp);
16208 			xp->xb_sense_status =
16209 			    *((uchar_t *)(&(asp->sts_rqpkt_status)));
16210 			xp->xb_sense_state  = asp->sts_rqpkt_state;
16211 			xp->xb_sense_resid  = asp->sts_rqpkt_resid;
16212 			bcopy(&asp->sts_sensedata, xp->xb_sense_data,
16213 			    min(sizeof (struct scsi_extended_sense),
16214 			    SENSE_LENGTH));
16215 
16216 			/* fail the command */
16217 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16218 			    "sdintr: arq done and FLAG_DIAGNOSE set\n");
16219 			sd_return_failed_command(un, bp, EIO);
16220 			goto exit;
16221 		}
16222 
16223 #if (defined(__i386) || defined(__amd64))	/* DMAFREE for x86 only */
16224 		/*
16225 		 * We want to either retry or fail this command, so free
16226 		 * the DMA resources here.  If we retry the command then
16227 		 * the DMA resources will be reallocated in sd_start_cmds().
16228 		 * Note that when PKT_DMA_PARTIAL is used, this reallocation
16229 		 * causes the *entire* transfer to start over again from the
16230 		 * beginning of the request, even for PARTIAL chunks that
16231 		 * have already transferred successfully.
16232 		 */
16233 		if ((un->un_f_is_fibre == TRUE) &&
16234 		    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
16235 		    ((pktp->pkt_flags & FLAG_SENSING) == 0))  {
16236 			scsi_dmafree(pktp);
16237 			xp->xb_pkt_flags |= SD_XB_DMA_FREED;
16238 		}
16239 #endif
16240 
16241 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16242 		    "sdintr: arq done, sd_handle_auto_request_sense\n");
16243 
16244 		sd_handle_auto_request_sense(un, bp, xp, pktp);
16245 		goto exit;
16246 	}
16247 
16248 	/* Next see if this is the REQUEST SENSE pkt for the instance */
16249 	if (pktp->pkt_flags & FLAG_SENSING)  {
16250 		/* This pktp is from the unit's REQUEST_SENSE command */
16251 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16252 		    "sdintr: sd_handle_request_sense\n");
16253 		sd_handle_request_sense(un, bp, xp, pktp);
16254 		goto exit;
16255 	}
16256 
16257 	/*
16258 	 * Check to see if the command successfully completed as requested;
16259 	 * this is the most common case (and also the hot performance path).
16260 	 *
16261 	 * Requirements for successful completion are:
16262 	 * pkt_reason is CMD_CMPLT and packet status is status good.
16263 	 * In addition:
16264 	 * - A residual of zero indicates successful completion no matter what
16265 	 *   the command is.
16266 	 * - If the residual is not zero and the command is not a read or
16267 	 *   write, then it's still defined as successful completion. In other
16268 	 *   words, if the command is a read or write the residual must be
16269 	 *   zero for successful completion.
16270 	 * - If the residual is not zero and the command is a read or
16271 	 *   write, and it's a USCSICMD, then it's still defined as
16272 	 *   successful completion.
16273 	 */
16274 	if ((pktp->pkt_reason == CMD_CMPLT) &&
16275 	    (SD_GET_PKT_STATUS(pktp) == STATUS_GOOD)) {
16276 
16277 		/*
16278 		 * Since this command is returned with a good status, we
16279 		 * can reset the count for Sonoma failover.
16280 		 */
16281 		un->un_sonoma_failure_count = 0;
16282 
16283 		/*
16284 		 * Return all USCSI commands on good status
16285 		 */
16286 		if (pktp->pkt_resid == 0) {
16287 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16288 			    "sdintr: returning command for resid == 0\n");
16289 		} else if (((SD_GET_PKT_OPCODE(pktp) & 0x1F) != SCMD_READ) &&
16290 		    ((SD_GET_PKT_OPCODE(pktp) & 0x1F) != SCMD_WRITE)) {
16291 			SD_UPDATE_B_RESID(bp, pktp);
16292 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16293 			    "sdintr: returning command for resid != 0\n");
16294 		} else if (xp->xb_pkt_flags & SD_XB_USCSICMD) {
16295 			SD_UPDATE_B_RESID(bp, pktp);
16296 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16297 				"sdintr: returning uscsi command\n");
16298 		} else {
16299 			goto not_successful;
16300 		}
16301 		sd_return_command(un, bp);
16302 
16303 		/*
16304 		 * Decrement counter to indicate that the callback routine
16305 		 * is done.
16306 		 */
16307 		un->un_in_callback--;
16308 		ASSERT(un->un_in_callback >= 0);
16309 		mutex_exit(SD_MUTEX(un));
16310 
16311 		return;
16312 	}
16313 
16314 not_successful:
16315 
16316 #if (defined(__i386) || defined(__amd64))	/* DMAFREE for x86 only */
16317 	/*
16318 	 * The following is based upon knowledge of the underlying transport
16319 	 * and its use of DMA resources.  This code should be removed when
16320 	 * PKT_DMA_PARTIAL support is taken out of the disk driver in favor
16321 	 * of the new PKT_CMD_BREAKUP protocol. See also sd_initpkt_for_buf()
16322 	 * and sd_start_cmds().
16323 	 *
16324 	 * Free any DMA resources associated with this command if there
16325 	 * is a chance it could be retried or enqueued for later retry.
16326 	 * If we keep the DMA binding then mpxio cannot reissue the
16327 	 * command on another path whenever a path failure occurs.
16328 	 *
16329 	 * Note that when PKT_DMA_PARTIAL is used, free/reallocation
16330 	 * causes the *entire* transfer to start over again from the
16331 	 * beginning of the request, even for PARTIAL chunks that
16332 	 * have already transferred successfully.
16333 	 *
16334 	 * This is only done for non-uscsi commands (and also skipped for the
16335 	 * driver's internal RQS command). Also just do this for Fibre Channel
16336 	 * devices as these are the only ones that support mpxio.
16337 	 */
16338 	if ((un->un_f_is_fibre == TRUE) &&
16339 	    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
16340 	    ((pktp->pkt_flags & FLAG_SENSING) == 0))  {
16341 		scsi_dmafree(pktp);
16342 		xp->xb_pkt_flags |= SD_XB_DMA_FREED;
16343 	}
16344 #endif
16345 
16346 	/*
16347 	 * The command did not successfully complete as requested so check
16348 	 * for FLAG_DIAGNOSE. If set this indicates a uscsi or internal
16349 	 * driver command that should not be retried so just return. If
16350 	 * FLAG_DIAGNOSE is not set the error will be processed below.
16351 	 */
16352 	if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
16353 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16354 		    "sdintr: FLAG_DIAGNOSE: sd_return_failed_command\n");
16355 		/*
16356 		 * Issue a request sense if a check condition caused the error
16357 		 * (we handle the auto request sense case above), otherwise
16358 		 * just fail the command.
16359 		 */
16360 		if ((pktp->pkt_reason == CMD_CMPLT) &&
16361 		    (SD_GET_PKT_STATUS(pktp) == STATUS_CHECK)) {
16362 			sd_send_request_sense_command(un, bp, pktp);
16363 		} else {
16364 			sd_return_failed_command(un, bp, EIO);
16365 		}
16366 		goto exit;
16367 	}
16368 
16369 	/*
16370 	 * The command did not successfully complete as requested so process
16371 	 * the error, retry, and/or attempt recovery.
16372 	 */
16373 	switch (pktp->pkt_reason) {
16374 	case CMD_CMPLT:
16375 		switch (SD_GET_PKT_STATUS(pktp)) {
16376 		case STATUS_GOOD:
16377 			/*
16378 			 * The command completed successfully with a non-zero
16379 			 * residual
16380 			 */
16381 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16382 			    "sdintr: STATUS_GOOD \n");
16383 			sd_pkt_status_good(un, bp, xp, pktp);
16384 			break;
16385 
16386 		case STATUS_CHECK:
16387 		case STATUS_TERMINATED:
16388 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16389 			    "sdintr: STATUS_TERMINATED | STATUS_CHECK\n");
16390 			sd_pkt_status_check_condition(un, bp, xp, pktp);
16391 			break;
16392 
16393 		case STATUS_BUSY:
16394 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16395 			    "sdintr: STATUS_BUSY\n");
16396 			sd_pkt_status_busy(un, bp, xp, pktp);
16397 			break;
16398 
16399 		case STATUS_RESERVATION_CONFLICT:
16400 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16401 			    "sdintr: STATUS_RESERVATION_CONFLICT\n");
16402 			sd_pkt_status_reservation_conflict(un, bp, xp, pktp);
16403 			break;
16404 
16405 		case STATUS_QFULL:
16406 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16407 			    "sdintr: STATUS_QFULL\n");
16408 			sd_pkt_status_qfull(un, bp, xp, pktp);
16409 			break;
16410 
16411 		case STATUS_MET:
16412 		case STATUS_INTERMEDIATE:
16413 		case STATUS_SCSI2:
16414 		case STATUS_INTERMEDIATE_MET:
16415 		case STATUS_ACA_ACTIVE:
16416 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16417 			    "Unexpected SCSI status received: 0x%x\n",
16418 			    SD_GET_PKT_STATUS(pktp));
16419 			sd_return_failed_command(un, bp, EIO);
16420 			break;
16421 
16422 		default:
16423 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16424 			    "Invalid SCSI status received: 0x%x\n",
16425 			    SD_GET_PKT_STATUS(pktp));
16426 			sd_return_failed_command(un, bp, EIO);
16427 			break;
16428 
16429 		}
16430 		break;
16431 
16432 	case CMD_INCOMPLETE:
16433 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16434 		    "sdintr:  CMD_INCOMPLETE\n");
16435 		sd_pkt_reason_cmd_incomplete(un, bp, xp, pktp);
16436 		break;
16437 	case CMD_TRAN_ERR:
16438 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16439 		    "sdintr: CMD_TRAN_ERR\n");
16440 		sd_pkt_reason_cmd_tran_err(un, bp, xp, pktp);
16441 		break;
16442 	case CMD_RESET:
16443 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16444 		    "sdintr: CMD_RESET \n");
16445 		sd_pkt_reason_cmd_reset(un, bp, xp, pktp);
16446 		break;
16447 	case CMD_ABORTED:
16448 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16449 		    "sdintr: CMD_ABORTED \n");
16450 		sd_pkt_reason_cmd_aborted(un, bp, xp, pktp);
16451 		break;
16452 	case CMD_TIMEOUT:
16453 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16454 		    "sdintr: CMD_TIMEOUT\n");
16455 		sd_pkt_reason_cmd_timeout(un, bp, xp, pktp);
16456 		break;
16457 	case CMD_UNX_BUS_FREE:
16458 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16459 		    "sdintr: CMD_UNX_BUS_FREE \n");
16460 		sd_pkt_reason_cmd_unx_bus_free(un, bp, xp, pktp);
16461 		break;
16462 	case CMD_TAG_REJECT:
16463 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16464 		    "sdintr: CMD_TAG_REJECT\n");
16465 		sd_pkt_reason_cmd_tag_reject(un, bp, xp, pktp);
16466 		break;
16467 	default:
16468 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16469 		    "sdintr: default\n");
16470 		sd_pkt_reason_default(un, bp, xp, pktp);
16471 		break;
16472 	}
16473 
16474 exit:
16475 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdintr: exit\n");
16476 
16477 	/* Decrement counter to indicate that the callback routine is done. */
16478 	un->un_in_callback--;
16479 	ASSERT(un->un_in_callback >= 0);
16480 
16481 	/*
16482 	 * At this point, the pkt has been dispatched, ie, it is either
16483 	 * being re-tried or has been returned to its caller and should
16484 	 * not be referenced.
16485 	 */
16486 
16487 	mutex_exit(SD_MUTEX(un));
16488 }
16489 
16490 
16491 /*
16492  *    Function: sd_print_incomplete_msg
16493  *
16494  * Description: Prints the error message for a CMD_INCOMPLETE error.
16495  *
16496  *   Arguments: un - ptr to associated softstate for the device.
16497  *		bp - ptr to the buf(9S) for the command.
16498  *		arg - message string ptr
16499  *		code - SD_DELAYED_RETRY_ISSUED, SD_IMMEDIATE_RETRY_ISSUED,
16500  *			or SD_NO_RETRY_ISSUED.
16501  *
16502  *     Context: May be called under interrupt context
16503  */
16504 
16505 static void
16506 sd_print_incomplete_msg(struct sd_lun *un, struct buf *bp, void *arg, int code)
16507 {
16508 	struct scsi_pkt	*pktp;
16509 	char	*msgp;
16510 	char	*cmdp = arg;
16511 
16512 	ASSERT(un != NULL);
16513 	ASSERT(mutex_owned(SD_MUTEX(un)));
16514 	ASSERT(bp != NULL);
16515 	ASSERT(arg != NULL);
16516 	pktp = SD_GET_PKTP(bp);
16517 	ASSERT(pktp != NULL);
16518 
16519 	switch (code) {
16520 	case SD_DELAYED_RETRY_ISSUED:
16521 	case SD_IMMEDIATE_RETRY_ISSUED:
16522 		msgp = "retrying";
16523 		break;
16524 	case SD_NO_RETRY_ISSUED:
16525 	default:
16526 		msgp = "giving up";
16527 		break;
16528 	}
16529 
16530 	if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
16531 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16532 		    "incomplete %s- %s\n", cmdp, msgp);
16533 	}
16534 }
16535 
16536 
16537 
16538 /*
16539  *    Function: sd_pkt_status_good
16540  *
16541  * Description: Processing for a STATUS_GOOD code in pkt_status.
16542  *
16543  *     Context: May be called under interrupt context
16544  */
16545 
16546 static void
16547 sd_pkt_status_good(struct sd_lun *un, struct buf *bp,
16548 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
16549 {
16550 	char	*cmdp;
16551 
16552 	ASSERT(un != NULL);
16553 	ASSERT(mutex_owned(SD_MUTEX(un)));
16554 	ASSERT(bp != NULL);
16555 	ASSERT(xp != NULL);
16556 	ASSERT(pktp != NULL);
16557 	ASSERT(pktp->pkt_reason == CMD_CMPLT);
16558 	ASSERT(SD_GET_PKT_STATUS(pktp) == STATUS_GOOD);
16559 	ASSERT(pktp->pkt_resid != 0);
16560 
16561 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: entry\n");
16562 
16563 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
16564 	switch (SD_GET_PKT_OPCODE(pktp) & 0x1F) {
16565 	case SCMD_READ:
16566 		cmdp = "read";
16567 		break;
16568 	case SCMD_WRITE:
16569 		cmdp = "write";
16570 		break;
16571 	default:
16572 		SD_UPDATE_B_RESID(bp, pktp);
16573 		sd_return_command(un, bp);
16574 		SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: exit\n");
16575 		return;
16576 	}
16577 
16578 	/*
16579 	 * See if we can retry the read/write, preferrably immediately.
16580 	 * If retries are exhaused, then sd_retry_command() will update
16581 	 * the b_resid count.
16582 	 */
16583 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_incomplete_msg,
16584 	    cmdp, EIO, (clock_t)0, NULL);
16585 
16586 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: exit\n");
16587 }
16588 
16589 
16590 
16591 
16592 
16593 /*
16594  *    Function: sd_handle_request_sense
16595  *
16596  * Description: Processing for non-auto Request Sense command.
16597  *
16598  *   Arguments: un - ptr to associated softstate
16599  *		sense_bp - ptr to buf(9S) for the RQS command
16600  *		sense_xp - ptr to the sd_xbuf for the RQS command
16601  *		sense_pktp - ptr to the scsi_pkt(9S) for the RQS command
16602  *
16603  *     Context: May be called under interrupt context
16604  */
16605 
16606 static void
16607 sd_handle_request_sense(struct sd_lun *un, struct buf *sense_bp,
16608 	struct sd_xbuf *sense_xp, struct scsi_pkt *sense_pktp)
16609 {
16610 	struct buf	*cmd_bp;	/* buf for the original command */
16611 	struct sd_xbuf	*cmd_xp;	/* sd_xbuf for the original command */
16612 	struct scsi_pkt *cmd_pktp;	/* pkt for the original command */
16613 
16614 	ASSERT(un != NULL);
16615 	ASSERT(mutex_owned(SD_MUTEX(un)));
16616 	ASSERT(sense_bp != NULL);
16617 	ASSERT(sense_xp != NULL);
16618 	ASSERT(sense_pktp != NULL);
16619 
16620 	/*
16621 	 * Note the sense_bp, sense_xp, and sense_pktp here are for the
16622 	 * RQS command and not the original command.
16623 	 */
16624 	ASSERT(sense_pktp == un->un_rqs_pktp);
16625 	ASSERT(sense_bp   == un->un_rqs_bp);
16626 	ASSERT((sense_pktp->pkt_flags & (FLAG_SENSING | FLAG_HEAD)) ==
16627 	    (FLAG_SENSING | FLAG_HEAD));
16628 	ASSERT((((SD_GET_XBUF(sense_xp->xb_sense_bp))->xb_pktp->pkt_flags) &
16629 	    FLAG_SENSING) == FLAG_SENSING);
16630 
16631 	/* These are the bp, xp, and pktp for the original command */
16632 	cmd_bp = sense_xp->xb_sense_bp;
16633 	cmd_xp = SD_GET_XBUF(cmd_bp);
16634 	cmd_pktp = SD_GET_PKTP(cmd_bp);
16635 
16636 	if (sense_pktp->pkt_reason != CMD_CMPLT) {
16637 		/*
16638 		 * The REQUEST SENSE command failed.  Release the REQUEST
16639 		 * SENSE command for re-use, get back the bp for the original
16640 		 * command, and attempt to re-try the original command if
16641 		 * FLAG_DIAGNOSE is not set in the original packet.
16642 		 */
16643 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
16644 		if ((cmd_pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
16645 			cmd_bp = sd_mark_rqs_idle(un, sense_xp);
16646 			sd_retry_command(un, cmd_bp, SD_RETRIES_STANDARD,
16647 			    NULL, NULL, EIO, (clock_t)0, NULL);
16648 			return;
16649 		}
16650 	}
16651 
16652 	/*
16653 	 * Save the relevant sense info into the xp for the original cmd.
16654 	 *
16655 	 * Note: if the request sense failed the state info will be zero
16656 	 * as set in sd_mark_rqs_busy()
16657 	 */
16658 	cmd_xp->xb_sense_status = *(sense_pktp->pkt_scbp);
16659 	cmd_xp->xb_sense_state  = sense_pktp->pkt_state;
16660 	cmd_xp->xb_sense_resid  = sense_pktp->pkt_resid;
16661 	bcopy(sense_bp->b_un.b_addr, cmd_xp->xb_sense_data, SENSE_LENGTH);
16662 
16663 	/*
16664 	 *  Free up the RQS command....
16665 	 *  NOTE:
16666 	 *	Must do this BEFORE calling sd_validate_sense_data!
16667 	 *	sd_validate_sense_data may return the original command in
16668 	 *	which case the pkt will be freed and the flags can no
16669 	 *	longer be touched.
16670 	 *	SD_MUTEX is held through this process until the command
16671 	 *	is dispatched based upon the sense data, so there are
16672 	 *	no race conditions.
16673 	 */
16674 	(void) sd_mark_rqs_idle(un, sense_xp);
16675 
16676 	/*
16677 	 * For a retryable command see if we have valid sense data, if so then
16678 	 * turn it over to sd_decode_sense() to figure out the right course of
16679 	 * action. Just fail a non-retryable command.
16680 	 */
16681 	if ((cmd_pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
16682 		if (sd_validate_sense_data(un, cmd_bp, cmd_xp) ==
16683 		    SD_SENSE_DATA_IS_VALID) {
16684 			sd_decode_sense(un, cmd_bp, cmd_xp, cmd_pktp);
16685 		}
16686 	} else {
16687 		SD_DUMP_MEMORY(un, SD_LOG_IO_CORE, "Failed CDB",
16688 		    (uchar_t *)cmd_pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
16689 		SD_DUMP_MEMORY(un, SD_LOG_IO_CORE, "Sense Data",
16690 		    (uchar_t *)cmd_xp->xb_sense_data, SENSE_LENGTH, SD_LOG_HEX);
16691 		sd_return_failed_command(un, cmd_bp, EIO);
16692 	}
16693 }
16694 
16695 
16696 
16697 
16698 /*
16699  *    Function: sd_handle_auto_request_sense
16700  *
16701  * Description: Processing for auto-request sense information.
16702  *
16703  *   Arguments: un - ptr to associated softstate
16704  *		bp - ptr to buf(9S) for the command
16705  *		xp - ptr to the sd_xbuf for the command
16706  *		pktp - ptr to the scsi_pkt(9S) for the command
16707  *
16708  *     Context: May be called under interrupt context
16709  */
16710 
16711 static void
16712 sd_handle_auto_request_sense(struct sd_lun *un, struct buf *bp,
16713 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
16714 {
16715 	struct scsi_arq_status *asp;
16716 
16717 	ASSERT(un != NULL);
16718 	ASSERT(mutex_owned(SD_MUTEX(un)));
16719 	ASSERT(bp != NULL);
16720 	ASSERT(xp != NULL);
16721 	ASSERT(pktp != NULL);
16722 	ASSERT(pktp != un->un_rqs_pktp);
16723 	ASSERT(bp   != un->un_rqs_bp);
16724 
16725 	/*
16726 	 * For auto-request sense, we get a scsi_arq_status back from
16727 	 * the HBA, with the sense data in the sts_sensedata member.
16728 	 * The pkt_scbp of the packet points to this scsi_arq_status.
16729 	 */
16730 	asp = (struct scsi_arq_status *)(pktp->pkt_scbp);
16731 
16732 	if (asp->sts_rqpkt_reason != CMD_CMPLT) {
16733 		/*
16734 		 * The auto REQUEST SENSE failed; see if we can re-try
16735 		 * the original command.
16736 		 */
16737 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16738 		    "auto request sense failed (reason=%s)\n",
16739 		    scsi_rname(asp->sts_rqpkt_reason));
16740 
16741 		sd_reset_target(un, pktp);
16742 
16743 		sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16744 		    NULL, NULL, EIO, (clock_t)0, NULL);
16745 		return;
16746 	}
16747 
16748 	/* Save the relevant sense info into the xp for the original cmd. */
16749 	xp->xb_sense_status = *((uchar_t *)(&(asp->sts_rqpkt_status)));
16750 	xp->xb_sense_state  = asp->sts_rqpkt_state;
16751 	xp->xb_sense_resid  = asp->sts_rqpkt_resid;
16752 	bcopy(&asp->sts_sensedata, xp->xb_sense_data,
16753 	    min(sizeof (struct scsi_extended_sense), SENSE_LENGTH));
16754 
16755 	/*
16756 	 * See if we have valid sense data, if so then turn it over to
16757 	 * sd_decode_sense() to figure out the right course of action.
16758 	 */
16759 	if (sd_validate_sense_data(un, bp, xp) == SD_SENSE_DATA_IS_VALID) {
16760 		sd_decode_sense(un, bp, xp, pktp);
16761 	}
16762 }
16763 
16764 
16765 /*
16766  *    Function: sd_print_sense_failed_msg
16767  *
16768  * Description: Print log message when RQS has failed.
16769  *
16770  *   Arguments: un - ptr to associated softstate
16771  *		bp - ptr to buf(9S) for the command
16772  *		arg - generic message string ptr
16773  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
16774  *			or SD_NO_RETRY_ISSUED
16775  *
16776  *     Context: May be called from interrupt context
16777  */
16778 
16779 static void
16780 sd_print_sense_failed_msg(struct sd_lun *un, struct buf *bp, void *arg,
16781 	int code)
16782 {
16783 	char	*msgp = arg;
16784 
16785 	ASSERT(un != NULL);
16786 	ASSERT(mutex_owned(SD_MUTEX(un)));
16787 	ASSERT(bp != NULL);
16788 
16789 	if ((code == SD_NO_RETRY_ISSUED) && (msgp != NULL)) {
16790 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, msgp);
16791 	}
16792 }
16793 
16794 
16795 /*
16796  *    Function: sd_validate_sense_data
16797  *
16798  * Description: Check the given sense data for validity.
16799  *		If the sense data is not valid, the command will
16800  *		be either failed or retried!
16801  *
16802  * Return Code: SD_SENSE_DATA_IS_INVALID
16803  *		SD_SENSE_DATA_IS_VALID
16804  *
16805  *     Context: May be called from interrupt context
16806  */
16807 
16808 static int
16809 sd_validate_sense_data(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp)
16810 {
16811 	struct scsi_extended_sense *esp;
16812 	struct	scsi_pkt *pktp;
16813 	size_t	actual_len;
16814 	char	*msgp = NULL;
16815 
16816 	ASSERT(un != NULL);
16817 	ASSERT(mutex_owned(SD_MUTEX(un)));
16818 	ASSERT(bp != NULL);
16819 	ASSERT(bp != un->un_rqs_bp);
16820 	ASSERT(xp != NULL);
16821 
16822 	pktp = SD_GET_PKTP(bp);
16823 	ASSERT(pktp != NULL);
16824 
16825 	/*
16826 	 * Check the status of the RQS command (auto or manual).
16827 	 */
16828 	switch (xp->xb_sense_status & STATUS_MASK) {
16829 	case STATUS_GOOD:
16830 		break;
16831 
16832 	case STATUS_RESERVATION_CONFLICT:
16833 		sd_pkt_status_reservation_conflict(un, bp, xp, pktp);
16834 		return (SD_SENSE_DATA_IS_INVALID);
16835 
16836 	case STATUS_BUSY:
16837 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16838 		    "Busy Status on REQUEST SENSE\n");
16839 		sd_retry_command(un, bp, SD_RETRIES_BUSY, NULL,
16840 		    NULL, EIO, SD_BSY_TIMEOUT / 500, kstat_waitq_enter);
16841 		return (SD_SENSE_DATA_IS_INVALID);
16842 
16843 	case STATUS_QFULL:
16844 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16845 		    "QFULL Status on REQUEST SENSE\n");
16846 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL,
16847 		    NULL, EIO, SD_BSY_TIMEOUT / 500, kstat_waitq_enter);
16848 		return (SD_SENSE_DATA_IS_INVALID);
16849 
16850 	case STATUS_CHECK:
16851 	case STATUS_TERMINATED:
16852 		msgp = "Check Condition on REQUEST SENSE\n";
16853 		goto sense_failed;
16854 
16855 	default:
16856 		msgp = "Not STATUS_GOOD on REQUEST_SENSE\n";
16857 		goto sense_failed;
16858 	}
16859 
16860 	/*
16861 	 * See if we got the minimum required amount of sense data.
16862 	 * Note: We are assuming the returned sense data is SENSE_LENGTH bytes
16863 	 * or less.
16864 	 */
16865 	actual_len = (int)(SENSE_LENGTH - xp->xb_sense_resid);
16866 	if (((xp->xb_sense_state & STATE_XFERRED_DATA) == 0) ||
16867 	    (actual_len == 0)) {
16868 		msgp = "Request Sense couldn't get sense data\n";
16869 		goto sense_failed;
16870 	}
16871 
16872 	if (actual_len < SUN_MIN_SENSE_LENGTH) {
16873 		msgp = "Not enough sense information\n";
16874 		goto sense_failed;
16875 	}
16876 
16877 	/*
16878 	 * We require the extended sense data
16879 	 */
16880 	esp = (struct scsi_extended_sense *)xp->xb_sense_data;
16881 	if (esp->es_class != CLASS_EXTENDED_SENSE) {
16882 		if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
16883 			static char tmp[8];
16884 			static char buf[148];
16885 			char *p = (char *)(xp->xb_sense_data);
16886 			int i;
16887 
16888 			mutex_enter(&sd_sense_mutex);
16889 			(void) strcpy(buf, "undecodable sense information:");
16890 			for (i = 0; i < actual_len; i++) {
16891 				(void) sprintf(tmp, " 0x%x", *(p++)&0xff);
16892 				(void) strcpy(&buf[strlen(buf)], tmp);
16893 			}
16894 			i = strlen(buf);
16895 			(void) strcpy(&buf[i], "-(assumed fatal)\n");
16896 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, buf);
16897 			mutex_exit(&sd_sense_mutex);
16898 		}
16899 		/* Note: Legacy behavior, fail the command with no retry */
16900 		sd_return_failed_command(un, bp, EIO);
16901 		return (SD_SENSE_DATA_IS_INVALID);
16902 	}
16903 
16904 	/*
16905 	 * Check that es_code is valid (es_class concatenated with es_code
16906 	 * make up the "response code" field.  es_class will always be 7, so
16907 	 * make sure es_code is 0, 1, 2, 3 or 0xf.  es_code will indicate the
16908 	 * format.
16909 	 */
16910 	if ((esp->es_code != CODE_FMT_FIXED_CURRENT) &&
16911 	    (esp->es_code != CODE_FMT_FIXED_DEFERRED) &&
16912 	    (esp->es_code != CODE_FMT_DESCR_CURRENT) &&
16913 	    (esp->es_code != CODE_FMT_DESCR_DEFERRED) &&
16914 	    (esp->es_code != CODE_FMT_VENDOR_SPECIFIC)) {
16915 		goto sense_failed;
16916 	}
16917 
16918 	return (SD_SENSE_DATA_IS_VALID);
16919 
16920 sense_failed:
16921 	/*
16922 	 * If the request sense failed (for whatever reason), attempt
16923 	 * to retry the original command.
16924 	 */
16925 #if defined(__i386) || defined(__amd64)
16926 	/*
16927 	 * SD_RETRY_DELAY is conditionally compile (#if fibre) in
16928 	 * sddef.h for Sparc platform, and x86 uses 1 binary
16929 	 * for both SCSI/FC.
16930 	 * The SD_RETRY_DELAY value need to be adjusted here
16931 	 * when SD_RETRY_DELAY change in sddef.h
16932 	 */
16933 	sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16934 	    sd_print_sense_failed_msg, msgp, EIO,
16935 		un->un_f_is_fibre?drv_usectohz(100000):(clock_t)0, NULL);
16936 #else
16937 	sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16938 	    sd_print_sense_failed_msg, msgp, EIO, SD_RETRY_DELAY, NULL);
16939 #endif
16940 
16941 	return (SD_SENSE_DATA_IS_INVALID);
16942 }
16943 
16944 
16945 
16946 /*
16947  *    Function: sd_decode_sense
16948  *
16949  * Description: Take recovery action(s) when SCSI Sense Data is received.
16950  *
16951  *     Context: Interrupt context.
16952  */
16953 
16954 static void
16955 sd_decode_sense(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
16956 	struct scsi_pkt *pktp)
16957 {
16958 	uint8_t sense_key;
16959 
16960 	ASSERT(un != NULL);
16961 	ASSERT(mutex_owned(SD_MUTEX(un)));
16962 	ASSERT(bp != NULL);
16963 	ASSERT(bp != un->un_rqs_bp);
16964 	ASSERT(xp != NULL);
16965 	ASSERT(pktp != NULL);
16966 
16967 	sense_key = scsi_sense_key(xp->xb_sense_data);
16968 
16969 	switch (sense_key) {
16970 	case KEY_NO_SENSE:
16971 		sd_sense_key_no_sense(un, bp, xp, pktp);
16972 		break;
16973 	case KEY_RECOVERABLE_ERROR:
16974 		sd_sense_key_recoverable_error(un, xp->xb_sense_data,
16975 		    bp, xp, pktp);
16976 		break;
16977 	case KEY_NOT_READY:
16978 		sd_sense_key_not_ready(un, xp->xb_sense_data,
16979 		    bp, xp, pktp);
16980 		break;
16981 	case KEY_MEDIUM_ERROR:
16982 	case KEY_HARDWARE_ERROR:
16983 		sd_sense_key_medium_or_hardware_error(un,
16984 		    xp->xb_sense_data, bp, xp, pktp);
16985 		break;
16986 	case KEY_ILLEGAL_REQUEST:
16987 		sd_sense_key_illegal_request(un, bp, xp, pktp);
16988 		break;
16989 	case KEY_UNIT_ATTENTION:
16990 		sd_sense_key_unit_attention(un, xp->xb_sense_data,
16991 		    bp, xp, pktp);
16992 		break;
16993 	case KEY_WRITE_PROTECT:
16994 	case KEY_VOLUME_OVERFLOW:
16995 	case KEY_MISCOMPARE:
16996 		sd_sense_key_fail_command(un, bp, xp, pktp);
16997 		break;
16998 	case KEY_BLANK_CHECK:
16999 		sd_sense_key_blank_check(un, bp, xp, pktp);
17000 		break;
17001 	case KEY_ABORTED_COMMAND:
17002 		sd_sense_key_aborted_command(un, bp, xp, pktp);
17003 		break;
17004 	case KEY_VENDOR_UNIQUE:
17005 	case KEY_COPY_ABORTED:
17006 	case KEY_EQUAL:
17007 	case KEY_RESERVED:
17008 	default:
17009 		sd_sense_key_default(un, xp->xb_sense_data,
17010 		    bp, xp, pktp);
17011 		break;
17012 	}
17013 }
17014 
17015 
17016 /*
17017  *    Function: sd_dump_memory
17018  *
17019  * Description: Debug logging routine to print the contents of a user provided
17020  *		buffer. The output of the buffer is broken up into 256 byte
17021  *		segments due to a size constraint of the scsi_log.
17022  *		implementation.
17023  *
17024  *   Arguments: un - ptr to softstate
17025  *		comp - component mask
17026  *		title - "title" string to preceed data when printed
17027  *		data - ptr to data block to be printed
17028  *		len - size of data block to be printed
17029  *		fmt - SD_LOG_HEX (use 0x%02x format) or SD_LOG_CHAR (use %c)
17030  *
17031  *     Context: May be called from interrupt context
17032  */
17033 
17034 #define	SD_DUMP_MEMORY_BUF_SIZE	256
17035 
17036 static char *sd_dump_format_string[] = {
17037 		" 0x%02x",
17038 		" %c"
17039 };
17040 
17041 static void
17042 sd_dump_memory(struct sd_lun *un, uint_t comp, char *title, uchar_t *data,
17043     int len, int fmt)
17044 {
17045 	int	i, j;
17046 	int	avail_count;
17047 	int	start_offset;
17048 	int	end_offset;
17049 	size_t	entry_len;
17050 	char	*bufp;
17051 	char	*local_buf;
17052 	char	*format_string;
17053 
17054 	ASSERT((fmt == SD_LOG_HEX) || (fmt == SD_LOG_CHAR));
17055 
17056 	/*
17057 	 * In the debug version of the driver, this function is called from a
17058 	 * number of places which are NOPs in the release driver.
17059 	 * The debug driver therefore has additional methods of filtering
17060 	 * debug output.
17061 	 */
17062 #ifdef SDDEBUG
17063 	/*
17064 	 * In the debug version of the driver we can reduce the amount of debug
17065 	 * messages by setting sd_error_level to something other than
17066 	 * SCSI_ERR_ALL and clearing bits in sd_level_mask and
17067 	 * sd_component_mask.
17068 	 */
17069 	if (((sd_level_mask & (SD_LOGMASK_DUMP_MEM | SD_LOGMASK_DIAG)) == 0) ||
17070 	    (sd_error_level != SCSI_ERR_ALL)) {
17071 		return;
17072 	}
17073 	if (((sd_component_mask & comp) == 0) ||
17074 	    (sd_error_level != SCSI_ERR_ALL)) {
17075 		return;
17076 	}
17077 #else
17078 	if (sd_error_level != SCSI_ERR_ALL) {
17079 		return;
17080 	}
17081 #endif
17082 
17083 	local_buf = kmem_zalloc(SD_DUMP_MEMORY_BUF_SIZE, KM_SLEEP);
17084 	bufp = local_buf;
17085 	/*
17086 	 * Available length is the length of local_buf[], minus the
17087 	 * length of the title string, minus one for the ":", minus
17088 	 * one for the newline, minus one for the NULL terminator.
17089 	 * This gives the #bytes available for holding the printed
17090 	 * values from the given data buffer.
17091 	 */
17092 	if (fmt == SD_LOG_HEX) {
17093 		format_string = sd_dump_format_string[0];
17094 	} else /* SD_LOG_CHAR */ {
17095 		format_string = sd_dump_format_string[1];
17096 	}
17097 	/*
17098 	 * Available count is the number of elements from the given
17099 	 * data buffer that we can fit into the available length.
17100 	 * This is based upon the size of the format string used.
17101 	 * Make one entry and find it's size.
17102 	 */
17103 	(void) sprintf(bufp, format_string, data[0]);
17104 	entry_len = strlen(bufp);
17105 	avail_count = (SD_DUMP_MEMORY_BUF_SIZE - strlen(title) - 3) / entry_len;
17106 
17107 	j = 0;
17108 	while (j < len) {
17109 		bufp = local_buf;
17110 		bzero(bufp, SD_DUMP_MEMORY_BUF_SIZE);
17111 		start_offset = j;
17112 
17113 		end_offset = start_offset + avail_count;
17114 
17115 		(void) sprintf(bufp, "%s:", title);
17116 		bufp += strlen(bufp);
17117 		for (i = start_offset; ((i < end_offset) && (j < len));
17118 		    i++, j++) {
17119 			(void) sprintf(bufp, format_string, data[i]);
17120 			bufp += entry_len;
17121 		}
17122 		(void) sprintf(bufp, "\n");
17123 
17124 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE, "%s", local_buf);
17125 	}
17126 	kmem_free(local_buf, SD_DUMP_MEMORY_BUF_SIZE);
17127 }
17128 
17129 /*
17130  *    Function: sd_print_sense_msg
17131  *
17132  * Description: Log a message based upon the given sense data.
17133  *
17134  *   Arguments: un - ptr to associated softstate
17135  *		bp - ptr to buf(9S) for the command
17136  *		arg - ptr to associate sd_sense_info struct
17137  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
17138  *			or SD_NO_RETRY_ISSUED
17139  *
17140  *     Context: May be called from interrupt context
17141  */
17142 
17143 static void
17144 sd_print_sense_msg(struct sd_lun *un, struct buf *bp, void *arg, int code)
17145 {
17146 	struct sd_xbuf	*xp;
17147 	struct scsi_pkt	*pktp;
17148 	uint8_t *sensep;
17149 	daddr_t request_blkno;
17150 	diskaddr_t err_blkno;
17151 	int severity;
17152 	int pfa_flag;
17153 	extern struct scsi_key_strings scsi_cmds[];
17154 
17155 	ASSERT(un != NULL);
17156 	ASSERT(mutex_owned(SD_MUTEX(un)));
17157 	ASSERT(bp != NULL);
17158 	xp = SD_GET_XBUF(bp);
17159 	ASSERT(xp != NULL);
17160 	pktp = SD_GET_PKTP(bp);
17161 	ASSERT(pktp != NULL);
17162 	ASSERT(arg != NULL);
17163 
17164 	severity = ((struct sd_sense_info *)(arg))->ssi_severity;
17165 	pfa_flag = ((struct sd_sense_info *)(arg))->ssi_pfa_flag;
17166 
17167 	if ((code == SD_DELAYED_RETRY_ISSUED) ||
17168 	    (code == SD_IMMEDIATE_RETRY_ISSUED)) {
17169 		severity = SCSI_ERR_RETRYABLE;
17170 	}
17171 
17172 	/* Use absolute block number for the request block number */
17173 	request_blkno = xp->xb_blkno;
17174 
17175 	/*
17176 	 * Now try to get the error block number from the sense data
17177 	 */
17178 	sensep = xp->xb_sense_data;
17179 
17180 	if (scsi_sense_info_uint64(sensep, SENSE_LENGTH,
17181 		(uint64_t *)&err_blkno)) {
17182 		/*
17183 		 * We retrieved the error block number from the information
17184 		 * portion of the sense data.
17185 		 *
17186 		 * For USCSI commands we are better off using the error
17187 		 * block no. as the requested block no. (This is the best
17188 		 * we can estimate.)
17189 		 */
17190 		if ((SD_IS_BUFIO(xp) == FALSE) &&
17191 		    ((pktp->pkt_flags & FLAG_SILENT) == 0)) {
17192 			request_blkno = err_blkno;
17193 		}
17194 	} else {
17195 		/*
17196 		 * Without the es_valid bit set (for fixed format) or an
17197 		 * information descriptor (for descriptor format) we cannot
17198 		 * be certain of the error blkno, so just use the
17199 		 * request_blkno.
17200 		 */
17201 		err_blkno = (diskaddr_t)request_blkno;
17202 	}
17203 
17204 	/*
17205 	 * The following will log the buffer contents for the release driver
17206 	 * if the SD_LOGMASK_DIAG bit of sd_level_mask is set, or the error
17207 	 * level is set to verbose.
17208 	 */
17209 	sd_dump_memory(un, SD_LOG_IO, "Failed CDB",
17210 	    (uchar_t *)pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
17211 	sd_dump_memory(un, SD_LOG_IO, "Sense Data",
17212 	    (uchar_t *)sensep, SENSE_LENGTH, SD_LOG_HEX);
17213 
17214 	if (pfa_flag == FALSE) {
17215 		/* This is normally only set for USCSI */
17216 		if ((pktp->pkt_flags & FLAG_SILENT) != 0) {
17217 			return;
17218 		}
17219 
17220 		if ((SD_IS_BUFIO(xp) == TRUE) &&
17221 		    (((sd_level_mask & SD_LOGMASK_DIAG) == 0) &&
17222 		    (severity < sd_error_level))) {
17223 			return;
17224 		}
17225 	}
17226 
17227 	/*
17228 	 * Check for Sonoma Failover and keep a count of how many failed I/O's
17229 	 */
17230 	if ((SD_IS_LSI(un)) &&
17231 	    (scsi_sense_key(sensep) == KEY_ILLEGAL_REQUEST) &&
17232 	    (scsi_sense_asc(sensep) == 0x94) &&
17233 	    (scsi_sense_ascq(sensep) == 0x01)) {
17234 		un->un_sonoma_failure_count++;
17235 		if (un->un_sonoma_failure_count > 1) {
17236 			return;
17237 		}
17238 	}
17239 
17240 	scsi_vu_errmsg(SD_SCSI_DEVP(un), pktp, sd_label, severity,
17241 	    request_blkno, err_blkno, scsi_cmds,
17242 	    (struct scsi_extended_sense *)sensep,
17243 	    un->un_additional_codes, NULL);
17244 }
17245 
17246 /*
17247  *    Function: sd_sense_key_no_sense
17248  *
17249  * Description: Recovery action when sense data was not received.
17250  *
17251  *     Context: May be called from interrupt context
17252  */
17253 
17254 static void
17255 sd_sense_key_no_sense(struct sd_lun *un, struct buf *bp,
17256 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17257 {
17258 	struct sd_sense_info	si;
17259 
17260 	ASSERT(un != NULL);
17261 	ASSERT(mutex_owned(SD_MUTEX(un)));
17262 	ASSERT(bp != NULL);
17263 	ASSERT(xp != NULL);
17264 	ASSERT(pktp != NULL);
17265 
17266 	si.ssi_severity = SCSI_ERR_FATAL;
17267 	si.ssi_pfa_flag = FALSE;
17268 
17269 	SD_UPDATE_ERRSTATS(un, sd_softerrs);
17270 
17271 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17272 		&si, EIO, (clock_t)0, NULL);
17273 }
17274 
17275 
17276 /*
17277  *    Function: sd_sense_key_recoverable_error
17278  *
17279  * Description: Recovery actions for a SCSI "Recovered Error" sense key.
17280  *
17281  *     Context: May be called from interrupt context
17282  */
17283 
17284 static void
17285 sd_sense_key_recoverable_error(struct sd_lun *un,
17286 	uint8_t *sense_datap,
17287 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17288 {
17289 	struct sd_sense_info	si;
17290 	uint8_t asc = scsi_sense_asc(sense_datap);
17291 
17292 	ASSERT(un != NULL);
17293 	ASSERT(mutex_owned(SD_MUTEX(un)));
17294 	ASSERT(bp != NULL);
17295 	ASSERT(xp != NULL);
17296 	ASSERT(pktp != NULL);
17297 
17298 	/*
17299 	 * 0x5D: FAILURE PREDICTION THRESHOLD EXCEEDED
17300 	 */
17301 	if ((asc == 0x5D) && (sd_report_pfa != 0)) {
17302 		SD_UPDATE_ERRSTATS(un, sd_rq_pfa_err);
17303 		si.ssi_severity = SCSI_ERR_INFO;
17304 		si.ssi_pfa_flag = TRUE;
17305 	} else {
17306 		SD_UPDATE_ERRSTATS(un, sd_softerrs);
17307 		SD_UPDATE_ERRSTATS(un, sd_rq_recov_err);
17308 		si.ssi_severity = SCSI_ERR_RECOVERED;
17309 		si.ssi_pfa_flag = FALSE;
17310 	}
17311 
17312 	if (pktp->pkt_resid == 0) {
17313 		sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17314 		sd_return_command(un, bp);
17315 		return;
17316 	}
17317 
17318 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17319 	    &si, EIO, (clock_t)0, NULL);
17320 }
17321 
17322 
17323 
17324 
17325 /*
17326  *    Function: sd_sense_key_not_ready
17327  *
17328  * Description: Recovery actions for a SCSI "Not Ready" sense key.
17329  *
17330  *     Context: May be called from interrupt context
17331  */
17332 
17333 static void
17334 sd_sense_key_not_ready(struct sd_lun *un,
17335 	uint8_t *sense_datap,
17336 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17337 {
17338 	struct sd_sense_info	si;
17339 	uint8_t asc = scsi_sense_asc(sense_datap);
17340 	uint8_t ascq = scsi_sense_ascq(sense_datap);
17341 
17342 	ASSERT(un != NULL);
17343 	ASSERT(mutex_owned(SD_MUTEX(un)));
17344 	ASSERT(bp != NULL);
17345 	ASSERT(xp != NULL);
17346 	ASSERT(pktp != NULL);
17347 
17348 	si.ssi_severity = SCSI_ERR_FATAL;
17349 	si.ssi_pfa_flag = FALSE;
17350 
17351 	/*
17352 	 * Update error stats after first NOT READY error. Disks may have
17353 	 * been powered down and may need to be restarted.  For CDROMs,
17354 	 * report NOT READY errors only if media is present.
17355 	 */
17356 	if ((ISCD(un) && (un->un_f_geometry_is_valid == TRUE)) ||
17357 	    (xp->xb_retry_count > 0)) {
17358 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
17359 		SD_UPDATE_ERRSTATS(un, sd_rq_ntrdy_err);
17360 	}
17361 
17362 	/*
17363 	 * Just fail if the "not ready" retry limit has been reached.
17364 	 */
17365 	if (xp->xb_retry_count >= un->un_notready_retry_count) {
17366 		/* Special check for error message printing for removables. */
17367 		if (un->un_f_has_removable_media && (asc == 0x04) &&
17368 		    (ascq >= 0x04)) {
17369 			si.ssi_severity = SCSI_ERR_ALL;
17370 		}
17371 		goto fail_command;
17372 	}
17373 
17374 	/*
17375 	 * Check the ASC and ASCQ in the sense data as needed, to determine
17376 	 * what to do.
17377 	 */
17378 	switch (asc) {
17379 	case 0x04:	/* LOGICAL UNIT NOT READY */
17380 		/*
17381 		 * disk drives that don't spin up result in a very long delay
17382 		 * in format without warning messages. We will log a message
17383 		 * if the error level is set to verbose.
17384 		 */
17385 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17386 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17387 			    "logical unit not ready, resetting disk\n");
17388 		}
17389 
17390 		/*
17391 		 * There are different requirements for CDROMs and disks for
17392 		 * the number of retries.  If a CD-ROM is giving this, it is
17393 		 * probably reading TOC and is in the process of getting
17394 		 * ready, so we should keep on trying for a long time to make
17395 		 * sure that all types of media are taken in account (for
17396 		 * some media the drive takes a long time to read TOC).  For
17397 		 * disks we do not want to retry this too many times as this
17398 		 * can cause a long hang in format when the drive refuses to
17399 		 * spin up (a very common failure).
17400 		 */
17401 		switch (ascq) {
17402 		case 0x00:  /* LUN NOT READY, CAUSE NOT REPORTABLE */
17403 			/*
17404 			 * Disk drives frequently refuse to spin up which
17405 			 * results in a very long hang in format without
17406 			 * warning messages.
17407 			 *
17408 			 * Note: This code preserves the legacy behavior of
17409 			 * comparing xb_retry_count against zero for fibre
17410 			 * channel targets instead of comparing against the
17411 			 * un_reset_retry_count value.  The reason for this
17412 			 * discrepancy has been so utterly lost beneath the
17413 			 * Sands of Time that even Indiana Jones could not
17414 			 * find it.
17415 			 */
17416 			if (un->un_f_is_fibre == TRUE) {
17417 				if (((sd_level_mask & SD_LOGMASK_DIAG) ||
17418 					(xp->xb_retry_count > 0)) &&
17419 					(un->un_startstop_timeid == NULL)) {
17420 					scsi_log(SD_DEVINFO(un), sd_label,
17421 					CE_WARN, "logical unit not ready, "
17422 					"resetting disk\n");
17423 					sd_reset_target(un, pktp);
17424 				}
17425 			} else {
17426 				if (((sd_level_mask & SD_LOGMASK_DIAG) ||
17427 					(xp->xb_retry_count >
17428 					un->un_reset_retry_count)) &&
17429 					(un->un_startstop_timeid == NULL)) {
17430 					scsi_log(SD_DEVINFO(un), sd_label,
17431 					CE_WARN, "logical unit not ready, "
17432 					"resetting disk\n");
17433 					sd_reset_target(un, pktp);
17434 				}
17435 			}
17436 			break;
17437 
17438 		case 0x01:  /* LUN IS IN PROCESS OF BECOMING READY */
17439 			/*
17440 			 * If the target is in the process of becoming
17441 			 * ready, just proceed with the retry. This can
17442 			 * happen with CD-ROMs that take a long time to
17443 			 * read TOC after a power cycle or reset.
17444 			 */
17445 			goto do_retry;
17446 
17447 		case 0x02:  /* LUN NOT READY, INITITIALIZING CMD REQUIRED */
17448 			break;
17449 
17450 		case 0x03:  /* LUN NOT READY, MANUAL INTERVENTION REQUIRED */
17451 			/*
17452 			 * Retries cannot help here so just fail right away.
17453 			 */
17454 			goto fail_command;
17455 
17456 		case 0x88:
17457 			/*
17458 			 * Vendor-unique code for T3/T4: it indicates a
17459 			 * path problem in a mutipathed config, but as far as
17460 			 * the target driver is concerned it equates to a fatal
17461 			 * error, so we should just fail the command right away
17462 			 * (without printing anything to the console). If this
17463 			 * is not a T3/T4, fall thru to the default recovery
17464 			 * action.
17465 			 * T3/T4 is FC only, don't need to check is_fibre
17466 			 */
17467 			if (SD_IS_T3(un) || SD_IS_T4(un)) {
17468 				sd_return_failed_command(un, bp, EIO);
17469 				return;
17470 			}
17471 			/* FALLTHRU */
17472 
17473 		case 0x04:  /* LUN NOT READY, FORMAT IN PROGRESS */
17474 		case 0x05:  /* LUN NOT READY, REBUILD IN PROGRESS */
17475 		case 0x06:  /* LUN NOT READY, RECALCULATION IN PROGRESS */
17476 		case 0x07:  /* LUN NOT READY, OPERATION IN PROGRESS */
17477 		case 0x08:  /* LUN NOT READY, LONG WRITE IN PROGRESS */
17478 		default:    /* Possible future codes in SCSI spec? */
17479 			/*
17480 			 * For removable-media devices, do not retry if
17481 			 * ASCQ > 2 as these result mostly from USCSI commands
17482 			 * on MMC devices issued to check status of an
17483 			 * operation initiated in immediate mode.  Also for
17484 			 * ASCQ >= 4 do not print console messages as these
17485 			 * mainly represent a user-initiated operation
17486 			 * instead of a system failure.
17487 			 */
17488 			if (un->un_f_has_removable_media) {
17489 				si.ssi_severity = SCSI_ERR_ALL;
17490 				goto fail_command;
17491 			}
17492 			break;
17493 		}
17494 
17495 		/*
17496 		 * As part of our recovery attempt for the NOT READY
17497 		 * condition, we issue a START STOP UNIT command. However
17498 		 * we want to wait for a short delay before attempting this
17499 		 * as there may still be more commands coming back from the
17500 		 * target with the check condition. To do this we use
17501 		 * timeout(9F) to call sd_start_stop_unit_callback() after
17502 		 * the delay interval expires. (sd_start_stop_unit_callback()
17503 		 * dispatches sd_start_stop_unit_task(), which will issue
17504 		 * the actual START STOP UNIT command. The delay interval
17505 		 * is one-half of the delay that we will use to retry the
17506 		 * command that generated the NOT READY condition.
17507 		 *
17508 		 * Note that we could just dispatch sd_start_stop_unit_task()
17509 		 * from here and allow it to sleep for the delay interval,
17510 		 * but then we would be tying up the taskq thread
17511 		 * uncesessarily for the duration of the delay.
17512 		 *
17513 		 * Do not issue the START STOP UNIT if the current command
17514 		 * is already a START STOP UNIT.
17515 		 */
17516 		if (pktp->pkt_cdbp[0] == SCMD_START_STOP) {
17517 			break;
17518 		}
17519 
17520 		/*
17521 		 * Do not schedule the timeout if one is already pending.
17522 		 */
17523 		if (un->un_startstop_timeid != NULL) {
17524 			SD_INFO(SD_LOG_ERROR, un,
17525 			    "sd_sense_key_not_ready: restart already issued to"
17526 			    " %s%d\n", ddi_driver_name(SD_DEVINFO(un)),
17527 			    ddi_get_instance(SD_DEVINFO(un)));
17528 			break;
17529 		}
17530 
17531 		/*
17532 		 * Schedule the START STOP UNIT command, then queue the command
17533 		 * for a retry.
17534 		 *
17535 		 * Note: A timeout is not scheduled for this retry because we
17536 		 * want the retry to be serial with the START_STOP_UNIT. The
17537 		 * retry will be started when the START_STOP_UNIT is completed
17538 		 * in sd_start_stop_unit_task.
17539 		 */
17540 		un->un_startstop_timeid = timeout(sd_start_stop_unit_callback,
17541 		    un, SD_BSY_TIMEOUT / 2);
17542 		xp->xb_retry_count++;
17543 		sd_set_retry_bp(un, bp, 0, kstat_waitq_enter);
17544 		return;
17545 
17546 	case 0x05:	/* LOGICAL UNIT DOES NOT RESPOND TO SELECTION */
17547 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17548 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17549 			    "unit does not respond to selection\n");
17550 		}
17551 		break;
17552 
17553 	case 0x3A:	/* MEDIUM NOT PRESENT */
17554 		if (sd_error_level >= SCSI_ERR_FATAL) {
17555 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17556 			    "Caddy not inserted in drive\n");
17557 		}
17558 
17559 		sr_ejected(un);
17560 		un->un_mediastate = DKIO_EJECTED;
17561 		/* The state has changed, inform the media watch routines */
17562 		cv_broadcast(&un->un_state_cv);
17563 		/* Just fail if no media is present in the drive. */
17564 		goto fail_command;
17565 
17566 	default:
17567 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17568 			scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
17569 			    "Unit not Ready. Additional sense code 0x%x\n",
17570 			    asc);
17571 		}
17572 		break;
17573 	}
17574 
17575 do_retry:
17576 
17577 	/*
17578 	 * Retry the command, as some targets may report NOT READY for
17579 	 * several seconds after being reset.
17580 	 */
17581 	xp->xb_retry_count++;
17582 	si.ssi_severity = SCSI_ERR_RETRYABLE;
17583 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, sd_print_sense_msg,
17584 	    &si, EIO, SD_BSY_TIMEOUT, NULL);
17585 
17586 	return;
17587 
17588 fail_command:
17589 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17590 	sd_return_failed_command(un, bp, EIO);
17591 }
17592 
17593 
17594 
17595 /*
17596  *    Function: sd_sense_key_medium_or_hardware_error
17597  *
17598  * Description: Recovery actions for a SCSI "Medium Error" or "Hardware Error"
17599  *		sense key.
17600  *
17601  *     Context: May be called from interrupt context
17602  */
17603 
17604 static void
17605 sd_sense_key_medium_or_hardware_error(struct sd_lun *un,
17606 	uint8_t *sense_datap,
17607 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17608 {
17609 	struct sd_sense_info	si;
17610 	uint8_t sense_key = scsi_sense_key(sense_datap);
17611 	uint8_t asc = scsi_sense_asc(sense_datap);
17612 
17613 	ASSERT(un != NULL);
17614 	ASSERT(mutex_owned(SD_MUTEX(un)));
17615 	ASSERT(bp != NULL);
17616 	ASSERT(xp != NULL);
17617 	ASSERT(pktp != NULL);
17618 
17619 	si.ssi_severity = SCSI_ERR_FATAL;
17620 	si.ssi_pfa_flag = FALSE;
17621 
17622 	if (sense_key == KEY_MEDIUM_ERROR) {
17623 		SD_UPDATE_ERRSTATS(un, sd_rq_media_err);
17624 	}
17625 
17626 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17627 
17628 	if ((un->un_reset_retry_count != 0) &&
17629 	    (xp->xb_retry_count == un->un_reset_retry_count)) {
17630 		mutex_exit(SD_MUTEX(un));
17631 		/* Do NOT do a RESET_ALL here: too intrusive. (4112858) */
17632 		if (un->un_f_allow_bus_device_reset == TRUE) {
17633 
17634 			boolean_t try_resetting_target = B_TRUE;
17635 
17636 			/*
17637 			 * We need to be able to handle specific ASC when we are
17638 			 * handling a KEY_HARDWARE_ERROR. In particular
17639 			 * taking the default action of resetting the target may
17640 			 * not be the appropriate way to attempt recovery.
17641 			 * Resetting a target because of a single LUN failure
17642 			 * victimizes all LUNs on that target.
17643 			 *
17644 			 * This is true for the LSI arrays, if an LSI
17645 			 * array controller returns an ASC of 0x84 (LUN Dead) we
17646 			 * should trust it.
17647 			 */
17648 
17649 			if (sense_key == KEY_HARDWARE_ERROR) {
17650 				switch (asc) {
17651 				case 0x84:
17652 					if (SD_IS_LSI(un)) {
17653 						try_resetting_target = B_FALSE;
17654 					}
17655 					break;
17656 				default:
17657 					break;
17658 				}
17659 			}
17660 
17661 			if (try_resetting_target == B_TRUE) {
17662 				int reset_retval = 0;
17663 				if (un->un_f_lun_reset_enabled == TRUE) {
17664 					SD_TRACE(SD_LOG_IO_CORE, un,
17665 					    "sd_sense_key_medium_or_hardware_"
17666 					    "error: issuing RESET_LUN\n");
17667 					reset_retval =
17668 					    scsi_reset(SD_ADDRESS(un),
17669 					    RESET_LUN);
17670 				}
17671 				if (reset_retval == 0) {
17672 					SD_TRACE(SD_LOG_IO_CORE, un,
17673 					    "sd_sense_key_medium_or_hardware_"
17674 					    "error: issuing RESET_TARGET\n");
17675 					(void) scsi_reset(SD_ADDRESS(un),
17676 					    RESET_TARGET);
17677 				}
17678 			}
17679 		}
17680 		mutex_enter(SD_MUTEX(un));
17681 	}
17682 
17683 	/*
17684 	 * This really ought to be a fatal error, but we will retry anyway
17685 	 * as some drives report this as a spurious error.
17686 	 */
17687 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17688 	    &si, EIO, (clock_t)0, NULL);
17689 }
17690 
17691 
17692 
17693 /*
17694  *    Function: sd_sense_key_illegal_request
17695  *
17696  * Description: Recovery actions for a SCSI "Illegal Request" sense key.
17697  *
17698  *     Context: May be called from interrupt context
17699  */
17700 
17701 static void
17702 sd_sense_key_illegal_request(struct sd_lun *un, struct buf *bp,
17703 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17704 {
17705 	struct sd_sense_info	si;
17706 
17707 	ASSERT(un != NULL);
17708 	ASSERT(mutex_owned(SD_MUTEX(un)));
17709 	ASSERT(bp != NULL);
17710 	ASSERT(xp != NULL);
17711 	ASSERT(pktp != NULL);
17712 
17713 	SD_UPDATE_ERRSTATS(un, sd_softerrs);
17714 	SD_UPDATE_ERRSTATS(un, sd_rq_illrq_err);
17715 
17716 	si.ssi_severity = SCSI_ERR_INFO;
17717 	si.ssi_pfa_flag = FALSE;
17718 
17719 	/* Pointless to retry if the target thinks it's an illegal request */
17720 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17721 	sd_return_failed_command(un, bp, EIO);
17722 }
17723 
17724 
17725 
17726 
17727 /*
17728  *    Function: sd_sense_key_unit_attention
17729  *
17730  * Description: Recovery actions for a SCSI "Unit Attention" sense key.
17731  *
17732  *     Context: May be called from interrupt context
17733  */
17734 
17735 static void
17736 sd_sense_key_unit_attention(struct sd_lun *un,
17737 	uint8_t *sense_datap,
17738 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17739 {
17740 	/*
17741 	 * For UNIT ATTENTION we allow retries for one minute. Devices
17742 	 * like Sonoma can return UNIT ATTENTION close to a minute
17743 	 * under certain conditions.
17744 	 */
17745 	int	retry_check_flag = SD_RETRIES_UA;
17746 	boolean_t	kstat_updated = B_FALSE;
17747 	struct	sd_sense_info		si;
17748 	uint8_t asc = scsi_sense_asc(sense_datap);
17749 
17750 	ASSERT(un != NULL);
17751 	ASSERT(mutex_owned(SD_MUTEX(un)));
17752 	ASSERT(bp != NULL);
17753 	ASSERT(xp != NULL);
17754 	ASSERT(pktp != NULL);
17755 
17756 	si.ssi_severity = SCSI_ERR_INFO;
17757 	si.ssi_pfa_flag = FALSE;
17758 
17759 
17760 	switch (asc) {
17761 	case 0x5D:  /* FAILURE PREDICTION THRESHOLD EXCEEDED */
17762 		if (sd_report_pfa != 0) {
17763 			SD_UPDATE_ERRSTATS(un, sd_rq_pfa_err);
17764 			si.ssi_pfa_flag = TRUE;
17765 			retry_check_flag = SD_RETRIES_STANDARD;
17766 			goto do_retry;
17767 		}
17768 
17769 		break;
17770 
17771 	case 0x29:  /* POWER ON, RESET, OR BUS DEVICE RESET OCCURRED */
17772 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
17773 			un->un_resvd_status |=
17774 			    (SD_LOST_RESERVE | SD_WANT_RESERVE);
17775 		}
17776 #ifdef _LP64
17777 		if (un->un_blockcount + 1 > SD_GROUP1_MAX_ADDRESS) {
17778 			if (taskq_dispatch(sd_tq, sd_reenable_dsense_task,
17779 			    un, KM_NOSLEEP) == 0) {
17780 				/*
17781 				 * If we can't dispatch the task we'll just
17782 				 * live without descriptor sense.  We can
17783 				 * try again on the next "unit attention"
17784 				 */
17785 				SD_ERROR(SD_LOG_ERROR, un,
17786 				    "sd_sense_key_unit_attention: "
17787 				    "Could not dispatch "
17788 				    "sd_reenable_dsense_task\n");
17789 			}
17790 		}
17791 #endif /* _LP64 */
17792 		/* FALLTHRU */
17793 
17794 	case 0x28: /* NOT READY TO READY CHANGE, MEDIUM MAY HAVE CHANGED */
17795 		if (!un->un_f_has_removable_media) {
17796 			break;
17797 		}
17798 
17799 		/*
17800 		 * When we get a unit attention from a removable-media device,
17801 		 * it may be in a state that will take a long time to recover
17802 		 * (e.g., from a reset).  Since we are executing in interrupt
17803 		 * context here, we cannot wait around for the device to come
17804 		 * back. So hand this command off to sd_media_change_task()
17805 		 * for deferred processing under taskq thread context. (Note
17806 		 * that the command still may be failed if a problem is
17807 		 * encountered at a later time.)
17808 		 */
17809 		if (taskq_dispatch(sd_tq, sd_media_change_task, pktp,
17810 		    KM_NOSLEEP) == 0) {
17811 			/*
17812 			 * Cannot dispatch the request so fail the command.
17813 			 */
17814 			SD_UPDATE_ERRSTATS(un, sd_harderrs);
17815 			SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
17816 			si.ssi_severity = SCSI_ERR_FATAL;
17817 			sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17818 			sd_return_failed_command(un, bp, EIO);
17819 		}
17820 
17821 		/*
17822 		 * If failed to dispatch sd_media_change_task(), we already
17823 		 * updated kstat. If succeed to dispatch sd_media_change_task(),
17824 		 * we should update kstat later if it encounters an error. So,
17825 		 * we update kstat_updated flag here.
17826 		 */
17827 		kstat_updated = B_TRUE;
17828 
17829 		/*
17830 		 * Either the command has been successfully dispatched to a
17831 		 * task Q for retrying, or the dispatch failed. In either case
17832 		 * do NOT retry again by calling sd_retry_command. This sets up
17833 		 * two retries of the same command and when one completes and
17834 		 * frees the resources the other will access freed memory,
17835 		 * a bad thing.
17836 		 */
17837 		return;
17838 
17839 	default:
17840 		break;
17841 	}
17842 
17843 	/*
17844 	 * Update kstat if we haven't done that.
17845 	 */
17846 	if (!kstat_updated) {
17847 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
17848 		SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
17849 	}
17850 
17851 do_retry:
17852 	sd_retry_command(un, bp, retry_check_flag, sd_print_sense_msg, &si,
17853 	    EIO, SD_UA_RETRY_DELAY, NULL);
17854 }
17855 
17856 
17857 
17858 /*
17859  *    Function: sd_sense_key_fail_command
17860  *
17861  * Description: Use to fail a command when we don't like the sense key that
17862  *		was returned.
17863  *
17864  *     Context: May be called from interrupt context
17865  */
17866 
17867 static void
17868 sd_sense_key_fail_command(struct sd_lun *un, struct buf *bp,
17869 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17870 {
17871 	struct sd_sense_info	si;
17872 
17873 	ASSERT(un != NULL);
17874 	ASSERT(mutex_owned(SD_MUTEX(un)));
17875 	ASSERT(bp != NULL);
17876 	ASSERT(xp != NULL);
17877 	ASSERT(pktp != NULL);
17878 
17879 	si.ssi_severity = SCSI_ERR_FATAL;
17880 	si.ssi_pfa_flag = FALSE;
17881 
17882 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17883 	sd_return_failed_command(un, bp, EIO);
17884 }
17885 
17886 
17887 
17888 /*
17889  *    Function: sd_sense_key_blank_check
17890  *
17891  * Description: Recovery actions for a SCSI "Blank Check" sense key.
17892  *		Has no monetary connotation.
17893  *
17894  *     Context: May be called from interrupt context
17895  */
17896 
17897 static void
17898 sd_sense_key_blank_check(struct sd_lun *un, struct buf *bp,
17899 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17900 {
17901 	struct sd_sense_info	si;
17902 
17903 	ASSERT(un != NULL);
17904 	ASSERT(mutex_owned(SD_MUTEX(un)));
17905 	ASSERT(bp != NULL);
17906 	ASSERT(xp != NULL);
17907 	ASSERT(pktp != NULL);
17908 
17909 	/*
17910 	 * Blank check is not fatal for removable devices, therefore
17911 	 * it does not require a console message.
17912 	 */
17913 	si.ssi_severity = (un->un_f_has_removable_media) ? SCSI_ERR_ALL :
17914 	    SCSI_ERR_FATAL;
17915 	si.ssi_pfa_flag = FALSE;
17916 
17917 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17918 	sd_return_failed_command(un, bp, EIO);
17919 }
17920 
17921 
17922 
17923 
17924 /*
17925  *    Function: sd_sense_key_aborted_command
17926  *
17927  * Description: Recovery actions for a SCSI "Aborted Command" sense key.
17928  *
17929  *     Context: May be called from interrupt context
17930  */
17931 
17932 static void
17933 sd_sense_key_aborted_command(struct sd_lun *un, struct buf *bp,
17934 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17935 {
17936 	struct sd_sense_info	si;
17937 
17938 	ASSERT(un != NULL);
17939 	ASSERT(mutex_owned(SD_MUTEX(un)));
17940 	ASSERT(bp != NULL);
17941 	ASSERT(xp != NULL);
17942 	ASSERT(pktp != NULL);
17943 
17944 	si.ssi_severity = SCSI_ERR_FATAL;
17945 	si.ssi_pfa_flag = FALSE;
17946 
17947 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17948 
17949 	/*
17950 	 * This really ought to be a fatal error, but we will retry anyway
17951 	 * as some drives report this as a spurious error.
17952 	 */
17953 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17954 	    &si, EIO, (clock_t)0, NULL);
17955 }
17956 
17957 
17958 
17959 /*
17960  *    Function: sd_sense_key_default
17961  *
17962  * Description: Default recovery action for several SCSI sense keys (basically
17963  *		attempts a retry).
17964  *
17965  *     Context: May be called from interrupt context
17966  */
17967 
17968 static void
17969 sd_sense_key_default(struct sd_lun *un,
17970 	uint8_t *sense_datap,
17971 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17972 {
17973 	struct sd_sense_info	si;
17974 	uint8_t sense_key = scsi_sense_key(sense_datap);
17975 
17976 	ASSERT(un != NULL);
17977 	ASSERT(mutex_owned(SD_MUTEX(un)));
17978 	ASSERT(bp != NULL);
17979 	ASSERT(xp != NULL);
17980 	ASSERT(pktp != NULL);
17981 
17982 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17983 
17984 	/*
17985 	 * Undecoded sense key.	Attempt retries and hope that will fix
17986 	 * the problem.  Otherwise, we're dead.
17987 	 */
17988 	if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
17989 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17990 		    "Unhandled Sense Key '%s'\n", sense_keys[sense_key]);
17991 	}
17992 
17993 	si.ssi_severity = SCSI_ERR_FATAL;
17994 	si.ssi_pfa_flag = FALSE;
17995 
17996 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17997 	    &si, EIO, (clock_t)0, NULL);
17998 }
17999 
18000 
18001 
18002 /*
18003  *    Function: sd_print_retry_msg
18004  *
18005  * Description: Print a message indicating the retry action being taken.
18006  *
18007  *   Arguments: un - ptr to associated softstate
18008  *		bp - ptr to buf(9S) for the command
18009  *		arg - not used.
18010  *		flag - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
18011  *			or SD_NO_RETRY_ISSUED
18012  *
18013  *     Context: May be called from interrupt context
18014  */
18015 /* ARGSUSED */
18016 static void
18017 sd_print_retry_msg(struct sd_lun *un, struct buf *bp, void *arg, int flag)
18018 {
18019 	struct sd_xbuf	*xp;
18020 	struct scsi_pkt *pktp;
18021 	char *reasonp;
18022 	char *msgp;
18023 
18024 	ASSERT(un != NULL);
18025 	ASSERT(mutex_owned(SD_MUTEX(un)));
18026 	ASSERT(bp != NULL);
18027 	pktp = SD_GET_PKTP(bp);
18028 	ASSERT(pktp != NULL);
18029 	xp = SD_GET_XBUF(bp);
18030 	ASSERT(xp != NULL);
18031 
18032 	ASSERT(!mutex_owned(&un->un_pm_mutex));
18033 	mutex_enter(&un->un_pm_mutex);
18034 	if ((un->un_state == SD_STATE_SUSPENDED) ||
18035 	    (SD_DEVICE_IS_IN_LOW_POWER(un)) ||
18036 	    (pktp->pkt_flags & FLAG_SILENT)) {
18037 		mutex_exit(&un->un_pm_mutex);
18038 		goto update_pkt_reason;
18039 	}
18040 	mutex_exit(&un->un_pm_mutex);
18041 
18042 	/*
18043 	 * Suppress messages if they are all the same pkt_reason; with
18044 	 * TQ, many (up to 256) are returned with the same pkt_reason.
18045 	 * If we are in panic, then suppress the retry messages.
18046 	 */
18047 	switch (flag) {
18048 	case SD_NO_RETRY_ISSUED:
18049 		msgp = "giving up";
18050 		break;
18051 	case SD_IMMEDIATE_RETRY_ISSUED:
18052 	case SD_DELAYED_RETRY_ISSUED:
18053 		if (ddi_in_panic() || (un->un_state == SD_STATE_OFFLINE) ||
18054 		    ((pktp->pkt_reason == un->un_last_pkt_reason) &&
18055 		    (sd_error_level != SCSI_ERR_ALL))) {
18056 			return;
18057 		}
18058 		msgp = "retrying command";
18059 		break;
18060 	default:
18061 		goto update_pkt_reason;
18062 	}
18063 
18064 	reasonp = (((pktp->pkt_statistics & STAT_PERR) != 0) ? "parity error" :
18065 	    scsi_rname(pktp->pkt_reason));
18066 
18067 	scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18068 	    "SCSI transport failed: reason '%s': %s\n", reasonp, msgp);
18069 
18070 update_pkt_reason:
18071 	/*
18072 	 * Update un->un_last_pkt_reason with the value in pktp->pkt_reason.
18073 	 * This is to prevent multiple console messages for the same failure
18074 	 * condition.  Note that un->un_last_pkt_reason is NOT restored if &
18075 	 * when the command is retried successfully because there still may be
18076 	 * more commands coming back with the same value of pktp->pkt_reason.
18077 	 */
18078 	if ((pktp->pkt_reason != CMD_CMPLT) || (xp->xb_retry_count == 0)) {
18079 		un->un_last_pkt_reason = pktp->pkt_reason;
18080 	}
18081 }
18082 
18083 
18084 /*
18085  *    Function: sd_print_cmd_incomplete_msg
18086  *
18087  * Description: Message logging fn. for a SCSA "CMD_INCOMPLETE" pkt_reason.
18088  *
18089  *   Arguments: un - ptr to associated softstate
18090  *		bp - ptr to buf(9S) for the command
18091  *		arg - passed to sd_print_retry_msg()
18092  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
18093  *			or SD_NO_RETRY_ISSUED
18094  *
18095  *     Context: May be called from interrupt context
18096  */
18097 
18098 static void
18099 sd_print_cmd_incomplete_msg(struct sd_lun *un, struct buf *bp, void *arg,
18100 	int code)
18101 {
18102 	dev_info_t	*dip;
18103 
18104 	ASSERT(un != NULL);
18105 	ASSERT(mutex_owned(SD_MUTEX(un)));
18106 	ASSERT(bp != NULL);
18107 
18108 	switch (code) {
18109 	case SD_NO_RETRY_ISSUED:
18110 		/* Command was failed. Someone turned off this target? */
18111 		if (un->un_state != SD_STATE_OFFLINE) {
18112 			/*
18113 			 * Suppress message if we are detaching and
18114 			 * device has been disconnected
18115 			 * Note that DEVI_IS_DEVICE_REMOVED is a consolidation
18116 			 * private interface and not part of the DDI
18117 			 */
18118 			dip = un->un_sd->sd_dev;
18119 			if (!(DEVI_IS_DETACHING(dip) &&
18120 			    DEVI_IS_DEVICE_REMOVED(dip))) {
18121 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18122 				"disk not responding to selection\n");
18123 			}
18124 			New_state(un, SD_STATE_OFFLINE);
18125 		}
18126 		break;
18127 
18128 	case SD_DELAYED_RETRY_ISSUED:
18129 	case SD_IMMEDIATE_RETRY_ISSUED:
18130 	default:
18131 		/* Command was successfully queued for retry */
18132 		sd_print_retry_msg(un, bp, arg, code);
18133 		break;
18134 	}
18135 }
18136 
18137 
18138 /*
18139  *    Function: sd_pkt_reason_cmd_incomplete
18140  *
18141  * Description: Recovery actions for a SCSA "CMD_INCOMPLETE" pkt_reason.
18142  *
18143  *     Context: May be called from interrupt context
18144  */
18145 
18146 static void
18147 sd_pkt_reason_cmd_incomplete(struct sd_lun *un, struct buf *bp,
18148 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18149 {
18150 	int flag = SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE;
18151 
18152 	ASSERT(un != NULL);
18153 	ASSERT(mutex_owned(SD_MUTEX(un)));
18154 	ASSERT(bp != NULL);
18155 	ASSERT(xp != NULL);
18156 	ASSERT(pktp != NULL);
18157 
18158 	/* Do not do a reset if selection did not complete */
18159 	/* Note: Should this not just check the bit? */
18160 	if (pktp->pkt_state != STATE_GOT_BUS) {
18161 		SD_UPDATE_ERRSTATS(un, sd_transerrs);
18162 		sd_reset_target(un, pktp);
18163 	}
18164 
18165 	/*
18166 	 * If the target was not successfully selected, then set
18167 	 * SD_RETRIES_FAILFAST to indicate that we lost communication
18168 	 * with the target, and further retries and/or commands are
18169 	 * likely to take a long time.
18170 	 */
18171 	if ((pktp->pkt_state & STATE_GOT_TARGET) == 0) {
18172 		flag |= SD_RETRIES_FAILFAST;
18173 	}
18174 
18175 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18176 
18177 	sd_retry_command(un, bp, flag,
18178 	    sd_print_cmd_incomplete_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18179 }
18180 
18181 
18182 
18183 /*
18184  *    Function: sd_pkt_reason_cmd_tran_err
18185  *
18186  * Description: Recovery actions for a SCSA "CMD_TRAN_ERR" pkt_reason.
18187  *
18188  *     Context: May be called from interrupt context
18189  */
18190 
18191 static void
18192 sd_pkt_reason_cmd_tran_err(struct sd_lun *un, struct buf *bp,
18193 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18194 {
18195 	ASSERT(un != NULL);
18196 	ASSERT(mutex_owned(SD_MUTEX(un)));
18197 	ASSERT(bp != NULL);
18198 	ASSERT(xp != NULL);
18199 	ASSERT(pktp != NULL);
18200 
18201 	/*
18202 	 * Do not reset if we got a parity error, or if
18203 	 * selection did not complete.
18204 	 */
18205 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18206 	/* Note: Should this not just check the bit for pkt_state? */
18207 	if (((pktp->pkt_statistics & STAT_PERR) == 0) &&
18208 	    (pktp->pkt_state != STATE_GOT_BUS)) {
18209 		SD_UPDATE_ERRSTATS(un, sd_transerrs);
18210 		sd_reset_target(un, pktp);
18211 	}
18212 
18213 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18214 
18215 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18216 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18217 }
18218 
18219 
18220 
18221 /*
18222  *    Function: sd_pkt_reason_cmd_reset
18223  *
18224  * Description: Recovery actions for a SCSA "CMD_RESET" pkt_reason.
18225  *
18226  *     Context: May be called from interrupt context
18227  */
18228 
18229 static void
18230 sd_pkt_reason_cmd_reset(struct sd_lun *un, struct buf *bp,
18231 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18232 {
18233 	ASSERT(un != NULL);
18234 	ASSERT(mutex_owned(SD_MUTEX(un)));
18235 	ASSERT(bp != NULL);
18236 	ASSERT(xp != NULL);
18237 	ASSERT(pktp != NULL);
18238 
18239 	/* The target may still be running the command, so try to reset. */
18240 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18241 	sd_reset_target(un, pktp);
18242 
18243 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18244 
18245 	/*
18246 	 * If pkt_reason is CMD_RESET chances are that this pkt got
18247 	 * reset because another target on this bus caused it. The target
18248 	 * that caused it should get CMD_TIMEOUT with pkt_statistics
18249 	 * of STAT_TIMEOUT/STAT_DEV_RESET.
18250 	 */
18251 
18252 	sd_retry_command(un, bp, (SD_RETRIES_VICTIM | SD_RETRIES_ISOLATE),
18253 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18254 }
18255 
18256 
18257 
18258 
18259 /*
18260  *    Function: sd_pkt_reason_cmd_aborted
18261  *
18262  * Description: Recovery actions for a SCSA "CMD_ABORTED" pkt_reason.
18263  *
18264  *     Context: May be called from interrupt context
18265  */
18266 
18267 static void
18268 sd_pkt_reason_cmd_aborted(struct sd_lun *un, struct buf *bp,
18269 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18270 {
18271 	ASSERT(un != NULL);
18272 	ASSERT(mutex_owned(SD_MUTEX(un)));
18273 	ASSERT(bp != NULL);
18274 	ASSERT(xp != NULL);
18275 	ASSERT(pktp != NULL);
18276 
18277 	/* The target may still be running the command, so try to reset. */
18278 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18279 	sd_reset_target(un, pktp);
18280 
18281 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18282 
18283 	/*
18284 	 * If pkt_reason is CMD_ABORTED chances are that this pkt got
18285 	 * aborted because another target on this bus caused it. The target
18286 	 * that caused it should get CMD_TIMEOUT with pkt_statistics
18287 	 * of STAT_TIMEOUT/STAT_DEV_RESET.
18288 	 */
18289 
18290 	sd_retry_command(un, bp, (SD_RETRIES_VICTIM | SD_RETRIES_ISOLATE),
18291 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18292 }
18293 
18294 
18295 
18296 /*
18297  *    Function: sd_pkt_reason_cmd_timeout
18298  *
18299  * Description: Recovery actions for a SCSA "CMD_TIMEOUT" pkt_reason.
18300  *
18301  *     Context: May be called from interrupt context
18302  */
18303 
18304 static void
18305 sd_pkt_reason_cmd_timeout(struct sd_lun *un, struct buf *bp,
18306 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18307 {
18308 	ASSERT(un != NULL);
18309 	ASSERT(mutex_owned(SD_MUTEX(un)));
18310 	ASSERT(bp != NULL);
18311 	ASSERT(xp != NULL);
18312 	ASSERT(pktp != NULL);
18313 
18314 
18315 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18316 	sd_reset_target(un, pktp);
18317 
18318 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18319 
18320 	/*
18321 	 * A command timeout indicates that we could not establish
18322 	 * communication with the target, so set SD_RETRIES_FAILFAST
18323 	 * as further retries/commands are likely to take a long time.
18324 	 */
18325 	sd_retry_command(un, bp,
18326 	    (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE | SD_RETRIES_FAILFAST),
18327 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18328 }
18329 
18330 
18331 
18332 /*
18333  *    Function: sd_pkt_reason_cmd_unx_bus_free
18334  *
18335  * Description: Recovery actions for a SCSA "CMD_UNX_BUS_FREE" pkt_reason.
18336  *
18337  *     Context: May be called from interrupt context
18338  */
18339 
18340 static void
18341 sd_pkt_reason_cmd_unx_bus_free(struct sd_lun *un, struct buf *bp,
18342 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18343 {
18344 	void (*funcp)(struct sd_lun *un, struct buf *bp, void *arg, int code);
18345 
18346 	ASSERT(un != NULL);
18347 	ASSERT(mutex_owned(SD_MUTEX(un)));
18348 	ASSERT(bp != NULL);
18349 	ASSERT(xp != NULL);
18350 	ASSERT(pktp != NULL);
18351 
18352 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18353 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18354 
18355 	funcp = ((pktp->pkt_statistics & STAT_PERR) == 0) ?
18356 	    sd_print_retry_msg : NULL;
18357 
18358 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18359 	    funcp, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18360 }
18361 
18362 
18363 /*
18364  *    Function: sd_pkt_reason_cmd_tag_reject
18365  *
18366  * Description: Recovery actions for a SCSA "CMD_TAG_REJECT" pkt_reason.
18367  *
18368  *     Context: May be called from interrupt context
18369  */
18370 
18371 static void
18372 sd_pkt_reason_cmd_tag_reject(struct sd_lun *un, struct buf *bp,
18373 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18374 {
18375 	ASSERT(un != NULL);
18376 	ASSERT(mutex_owned(SD_MUTEX(un)));
18377 	ASSERT(bp != NULL);
18378 	ASSERT(xp != NULL);
18379 	ASSERT(pktp != NULL);
18380 
18381 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18382 	pktp->pkt_flags = 0;
18383 	un->un_tagflags = 0;
18384 	if (un->un_f_opt_queueing == TRUE) {
18385 		un->un_throttle = min(un->un_throttle, 3);
18386 	} else {
18387 		un->un_throttle = 1;
18388 	}
18389 	mutex_exit(SD_MUTEX(un));
18390 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
18391 	mutex_enter(SD_MUTEX(un));
18392 
18393 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18394 
18395 	/* Legacy behavior not to check retry counts here. */
18396 	sd_retry_command(un, bp, (SD_RETRIES_NOCHECK | SD_RETRIES_ISOLATE),
18397 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18398 }
18399 
18400 
18401 /*
18402  *    Function: sd_pkt_reason_default
18403  *
18404  * Description: Default recovery actions for SCSA pkt_reason values that
18405  *		do not have more explicit recovery actions.
18406  *
18407  *     Context: May be called from interrupt context
18408  */
18409 
18410 static void
18411 sd_pkt_reason_default(struct sd_lun *un, struct buf *bp,
18412 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18413 {
18414 	ASSERT(un != NULL);
18415 	ASSERT(mutex_owned(SD_MUTEX(un)));
18416 	ASSERT(bp != NULL);
18417 	ASSERT(xp != NULL);
18418 	ASSERT(pktp != NULL);
18419 
18420 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18421 	sd_reset_target(un, pktp);
18422 
18423 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18424 
18425 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18426 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18427 }
18428 
18429 
18430 
18431 /*
18432  *    Function: sd_pkt_status_check_condition
18433  *
18434  * Description: Recovery actions for a "STATUS_CHECK" SCSI command status.
18435  *
18436  *     Context: May be called from interrupt context
18437  */
18438 
18439 static void
18440 sd_pkt_status_check_condition(struct sd_lun *un, struct buf *bp,
18441 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18442 {
18443 	ASSERT(un != NULL);
18444 	ASSERT(mutex_owned(SD_MUTEX(un)));
18445 	ASSERT(bp != NULL);
18446 	ASSERT(xp != NULL);
18447 	ASSERT(pktp != NULL);
18448 
18449 	SD_TRACE(SD_LOG_IO, un, "sd_pkt_status_check_condition: "
18450 	    "entry: buf:0x%p xp:0x%p\n", bp, xp);
18451 
18452 	/*
18453 	 * If ARQ is NOT enabled, then issue a REQUEST SENSE command (the
18454 	 * command will be retried after the request sense). Otherwise, retry
18455 	 * the command. Note: we are issuing the request sense even though the
18456 	 * retry limit may have been reached for the failed command.
18457 	 */
18458 	if (un->un_f_arq_enabled == FALSE) {
18459 		SD_INFO(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: "
18460 		    "no ARQ, sending request sense command\n");
18461 		sd_send_request_sense_command(un, bp, pktp);
18462 	} else {
18463 		SD_INFO(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: "
18464 		    "ARQ,retrying request sense command\n");
18465 #if defined(__i386) || defined(__amd64)
18466 		/*
18467 		 * The SD_RETRY_DELAY value need to be adjusted here
18468 		 * when SD_RETRY_DELAY change in sddef.h
18469 		 */
18470 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL, EIO,
18471 			un->un_f_is_fibre?drv_usectohz(100000):(clock_t)0,
18472 			NULL);
18473 #else
18474 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL,
18475 		    EIO, SD_RETRY_DELAY, NULL);
18476 #endif
18477 	}
18478 
18479 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: exit\n");
18480 }
18481 
18482 
18483 /*
18484  *    Function: sd_pkt_status_busy
18485  *
18486  * Description: Recovery actions for a "STATUS_BUSY" SCSI command status.
18487  *
18488  *     Context: May be called from interrupt context
18489  */
18490 
18491 static void
18492 sd_pkt_status_busy(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
18493 	struct scsi_pkt *pktp)
18494 {
18495 	ASSERT(un != NULL);
18496 	ASSERT(mutex_owned(SD_MUTEX(un)));
18497 	ASSERT(bp != NULL);
18498 	ASSERT(xp != NULL);
18499 	ASSERT(pktp != NULL);
18500 
18501 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18502 	    "sd_pkt_status_busy: entry\n");
18503 
18504 	/* If retries are exhausted, just fail the command. */
18505 	if (xp->xb_retry_count >= un->un_busy_retry_count) {
18506 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18507 		    "device busy too long\n");
18508 		sd_return_failed_command(un, bp, EIO);
18509 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18510 		    "sd_pkt_status_busy: exit\n");
18511 		return;
18512 	}
18513 	xp->xb_retry_count++;
18514 
18515 	/*
18516 	 * Try to reset the target. However, we do not want to perform
18517 	 * more than one reset if the device continues to fail. The reset
18518 	 * will be performed when the retry count reaches the reset
18519 	 * threshold.  This threshold should be set such that at least
18520 	 * one retry is issued before the reset is performed.
18521 	 */
18522 	if (xp->xb_retry_count ==
18523 	    ((un->un_reset_retry_count < 2) ? 2 : un->un_reset_retry_count)) {
18524 		int rval = 0;
18525 		mutex_exit(SD_MUTEX(un));
18526 		if (un->un_f_allow_bus_device_reset == TRUE) {
18527 			/*
18528 			 * First try to reset the LUN; if we cannot then
18529 			 * try to reset the target.
18530 			 */
18531 			if (un->un_f_lun_reset_enabled == TRUE) {
18532 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18533 				    "sd_pkt_status_busy: RESET_LUN\n");
18534 				rval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
18535 			}
18536 			if (rval == 0) {
18537 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18538 				    "sd_pkt_status_busy: RESET_TARGET\n");
18539 				rval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
18540 			}
18541 		}
18542 		if (rval == 0) {
18543 			/*
18544 			 * If the RESET_LUN and/or RESET_TARGET failed,
18545 			 * try RESET_ALL
18546 			 */
18547 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18548 			    "sd_pkt_status_busy: RESET_ALL\n");
18549 			rval = scsi_reset(SD_ADDRESS(un), RESET_ALL);
18550 		}
18551 		mutex_enter(SD_MUTEX(un));
18552 		if (rval == 0) {
18553 			/*
18554 			 * The RESET_LUN, RESET_TARGET, and/or RESET_ALL failed.
18555 			 * At this point we give up & fail the command.
18556 			 */
18557 			sd_return_failed_command(un, bp, EIO);
18558 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18559 			    "sd_pkt_status_busy: exit (failed cmd)\n");
18560 			return;
18561 		}
18562 	}
18563 
18564 	/*
18565 	 * Retry the command. Be sure to specify SD_RETRIES_NOCHECK as
18566 	 * we have already checked the retry counts above.
18567 	 */
18568 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, NULL, NULL,
18569 	    EIO, SD_BSY_TIMEOUT, NULL);
18570 
18571 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18572 	    "sd_pkt_status_busy: exit\n");
18573 }
18574 
18575 
18576 /*
18577  *    Function: sd_pkt_status_reservation_conflict
18578  *
18579  * Description: Recovery actions for a "STATUS_RESERVATION_CONFLICT" SCSI
18580  *		command status.
18581  *
18582  *     Context: May be called from interrupt context
18583  */
18584 
18585 static void
18586 sd_pkt_status_reservation_conflict(struct sd_lun *un, struct buf *bp,
18587 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18588 {
18589 	ASSERT(un != NULL);
18590 	ASSERT(mutex_owned(SD_MUTEX(un)));
18591 	ASSERT(bp != NULL);
18592 	ASSERT(xp != NULL);
18593 	ASSERT(pktp != NULL);
18594 
18595 	/*
18596 	 * If the command was PERSISTENT_RESERVATION_[IN|OUT] then reservation
18597 	 * conflict could be due to various reasons like incorrect keys, not
18598 	 * registered or not reserved etc. So, we return EACCES to the caller.
18599 	 */
18600 	if (un->un_reservation_type == SD_SCSI3_RESERVATION) {
18601 		int cmd = SD_GET_PKT_OPCODE(pktp);
18602 		if ((cmd == SCMD_PERSISTENT_RESERVE_IN) ||
18603 		    (cmd == SCMD_PERSISTENT_RESERVE_OUT)) {
18604 			sd_return_failed_command(un, bp, EACCES);
18605 			return;
18606 		}
18607 	}
18608 
18609 	un->un_resvd_status |= SD_RESERVATION_CONFLICT;
18610 
18611 	if ((un->un_resvd_status & SD_FAILFAST) != 0) {
18612 		if (sd_failfast_enable != 0) {
18613 			/* By definition, we must panic here.... */
18614 			sd_panic_for_res_conflict(un);
18615 			/*NOTREACHED*/
18616 		}
18617 		SD_ERROR(SD_LOG_IO, un,
18618 		    "sd_handle_resv_conflict: Disk Reserved\n");
18619 		sd_return_failed_command(un, bp, EACCES);
18620 		return;
18621 	}
18622 
18623 	/*
18624 	 * 1147670: retry only if sd_retry_on_reservation_conflict
18625 	 * property is set (default is 1). Retries will not succeed
18626 	 * on a disk reserved by another initiator. HA systems
18627 	 * may reset this via sd.conf to avoid these retries.
18628 	 *
18629 	 * Note: The legacy return code for this failure is EIO, however EACCES
18630 	 * seems more appropriate for a reservation conflict.
18631 	 */
18632 	if (sd_retry_on_reservation_conflict == 0) {
18633 		SD_ERROR(SD_LOG_IO, un,
18634 		    "sd_handle_resv_conflict: Device Reserved\n");
18635 		sd_return_failed_command(un, bp, EIO);
18636 		return;
18637 	}
18638 
18639 	/*
18640 	 * Retry the command if we can.
18641 	 *
18642 	 * Note: The legacy return code for this failure is EIO, however EACCES
18643 	 * seems more appropriate for a reservation conflict.
18644 	 */
18645 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL, EIO,
18646 	    (clock_t)2, NULL);
18647 }
18648 
18649 
18650 
18651 /*
18652  *    Function: sd_pkt_status_qfull
18653  *
18654  * Description: Handle a QUEUE FULL condition from the target.  This can
18655  *		occur if the HBA does not handle the queue full condition.
18656  *		(Basically this means third-party HBAs as Sun HBAs will
18657  *		handle the queue full condition.)  Note that if there are
18658  *		some commands already in the transport, then the queue full
18659  *		has occurred because the queue for this nexus is actually
18660  *		full. If there are no commands in the transport, then the
18661  *		queue full is resulting from some other initiator or lun
18662  *		consuming all the resources at the target.
18663  *
18664  *     Context: May be called from interrupt context
18665  */
18666 
18667 static void
18668 sd_pkt_status_qfull(struct sd_lun *un, struct buf *bp,
18669 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18670 {
18671 	ASSERT(un != NULL);
18672 	ASSERT(mutex_owned(SD_MUTEX(un)));
18673 	ASSERT(bp != NULL);
18674 	ASSERT(xp != NULL);
18675 	ASSERT(pktp != NULL);
18676 
18677 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18678 	    "sd_pkt_status_qfull: entry\n");
18679 
18680 	/*
18681 	 * Just lower the QFULL throttle and retry the command.  Note that
18682 	 * we do not limit the number of retries here.
18683 	 */
18684 	sd_reduce_throttle(un, SD_THROTTLE_QFULL);
18685 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, NULL, NULL, 0,
18686 	    SD_RESTART_TIMEOUT, NULL);
18687 
18688 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18689 	    "sd_pkt_status_qfull: exit\n");
18690 }
18691 
18692 
18693 /*
18694  *    Function: sd_reset_target
18695  *
18696  * Description: Issue a scsi_reset(9F), with either RESET_LUN,
18697  *		RESET_TARGET, or RESET_ALL.
18698  *
18699  *     Context: May be called under interrupt context.
18700  */
18701 
18702 static void
18703 sd_reset_target(struct sd_lun *un, struct scsi_pkt *pktp)
18704 {
18705 	int rval = 0;
18706 
18707 	ASSERT(un != NULL);
18708 	ASSERT(mutex_owned(SD_MUTEX(un)));
18709 	ASSERT(pktp != NULL);
18710 
18711 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reset_target: entry\n");
18712 
18713 	/*
18714 	 * No need to reset if the transport layer has already done so.
18715 	 */
18716 	if ((pktp->pkt_statistics &
18717 	    (STAT_BUS_RESET | STAT_DEV_RESET | STAT_ABORTED)) != 0) {
18718 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18719 		    "sd_reset_target: no reset\n");
18720 		return;
18721 	}
18722 
18723 	mutex_exit(SD_MUTEX(un));
18724 
18725 	if (un->un_f_allow_bus_device_reset == TRUE) {
18726 		if (un->un_f_lun_reset_enabled == TRUE) {
18727 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18728 			    "sd_reset_target: RESET_LUN\n");
18729 			rval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
18730 		}
18731 		if (rval == 0) {
18732 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18733 			    "sd_reset_target: RESET_TARGET\n");
18734 			rval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
18735 		}
18736 	}
18737 
18738 	if (rval == 0) {
18739 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18740 		    "sd_reset_target: RESET_ALL\n");
18741 		(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
18742 	}
18743 
18744 	mutex_enter(SD_MUTEX(un));
18745 
18746 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reset_target: exit\n");
18747 }
18748 
18749 
18750 /*
18751  *    Function: sd_media_change_task
18752  *
18753  * Description: Recovery action for CDROM to become available.
18754  *
18755  *     Context: Executes in a taskq() thread context
18756  */
18757 
18758 static void
18759 sd_media_change_task(void *arg)
18760 {
18761 	struct	scsi_pkt	*pktp = arg;
18762 	struct	sd_lun		*un;
18763 	struct	buf		*bp;
18764 	struct	sd_xbuf		*xp;
18765 	int	err		= 0;
18766 	int	retry_count	= 0;
18767 	int	retry_limit	= SD_UNIT_ATTENTION_RETRY/10;
18768 	struct	sd_sense_info	si;
18769 
18770 	ASSERT(pktp != NULL);
18771 	bp = (struct buf *)pktp->pkt_private;
18772 	ASSERT(bp != NULL);
18773 	xp = SD_GET_XBUF(bp);
18774 	ASSERT(xp != NULL);
18775 	un = SD_GET_UN(bp);
18776 	ASSERT(un != NULL);
18777 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18778 	ASSERT(un->un_f_monitor_media_state);
18779 
18780 	si.ssi_severity = SCSI_ERR_INFO;
18781 	si.ssi_pfa_flag = FALSE;
18782 
18783 	/*
18784 	 * When a reset is issued on a CDROM, it takes a long time to
18785 	 * recover. First few attempts to read capacity and other things
18786 	 * related to handling unit attention fail (with a ASC 0x4 and
18787 	 * ASCQ 0x1). In that case we want to do enough retries and we want
18788 	 * to limit the retries in other cases of genuine failures like
18789 	 * no media in drive.
18790 	 */
18791 	while (retry_count++ < retry_limit) {
18792 		if ((err = sd_handle_mchange(un)) == 0) {
18793 			break;
18794 		}
18795 		if (err == EAGAIN) {
18796 			retry_limit = SD_UNIT_ATTENTION_RETRY;
18797 		}
18798 		/* Sleep for 0.5 sec. & try again */
18799 		delay(drv_usectohz(500000));
18800 	}
18801 
18802 	/*
18803 	 * Dispatch (retry or fail) the original command here,
18804 	 * along with appropriate console messages....
18805 	 *
18806 	 * Must grab the mutex before calling sd_retry_command,
18807 	 * sd_print_sense_msg and sd_return_failed_command.
18808 	 */
18809 	mutex_enter(SD_MUTEX(un));
18810 	if (err != SD_CMD_SUCCESS) {
18811 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
18812 		SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
18813 		si.ssi_severity = SCSI_ERR_FATAL;
18814 		sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
18815 		sd_return_failed_command(un, bp, EIO);
18816 	} else {
18817 		sd_retry_command(un, bp, SD_RETRIES_NOCHECK, sd_print_sense_msg,
18818 		    &si, EIO, (clock_t)0, NULL);
18819 	}
18820 	mutex_exit(SD_MUTEX(un));
18821 }
18822 
18823 
18824 
18825 /*
18826  *    Function: sd_handle_mchange
18827  *
18828  * Description: Perform geometry validation & other recovery when CDROM
18829  *		has been removed from drive.
18830  *
18831  * Return Code: 0 for success
18832  *		errno-type return code of either sd_send_scsi_DOORLOCK() or
18833  *		sd_send_scsi_READ_CAPACITY()
18834  *
18835  *     Context: Executes in a taskq() thread context
18836  */
18837 
18838 static int
18839 sd_handle_mchange(struct sd_lun *un)
18840 {
18841 	uint64_t	capacity;
18842 	uint32_t	lbasize;
18843 	int		rval;
18844 
18845 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18846 	ASSERT(un->un_f_monitor_media_state);
18847 
18848 	if ((rval = sd_send_scsi_READ_CAPACITY(un, &capacity, &lbasize,
18849 	    SD_PATH_DIRECT_PRIORITY)) != 0) {
18850 		return (rval);
18851 	}
18852 
18853 	mutex_enter(SD_MUTEX(un));
18854 	sd_update_block_info(un, lbasize, capacity);
18855 
18856 	if (un->un_errstats != NULL) {
18857 		struct	sd_errstats *stp =
18858 		    (struct sd_errstats *)un->un_errstats->ks_data;
18859 		stp->sd_capacity.value.ui64 = (uint64_t)
18860 		    ((uint64_t)un->un_blockcount *
18861 		    (uint64_t)un->un_tgt_blocksize);
18862 	}
18863 
18864 	/*
18865 	 * Note: Maybe let the strategy/partitioning chain worry about getting
18866 	 * valid geometry.
18867 	 */
18868 	un->un_f_geometry_is_valid = FALSE;
18869 	(void) sd_validate_geometry(un, SD_PATH_DIRECT_PRIORITY);
18870 	if (un->un_f_geometry_is_valid == FALSE) {
18871 		mutex_exit(SD_MUTEX(un));
18872 		return (EIO);
18873 	}
18874 
18875 	mutex_exit(SD_MUTEX(un));
18876 
18877 	/*
18878 	 * Try to lock the door
18879 	 */
18880 	return (sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
18881 	    SD_PATH_DIRECT_PRIORITY));
18882 }
18883 
18884 
18885 /*
18886  *    Function: sd_send_scsi_DOORLOCK
18887  *
18888  * Description: Issue the scsi DOOR LOCK command
18889  *
18890  *   Arguments: un    - pointer to driver soft state (unit) structure for
18891  *			this target.
18892  *		flag  - SD_REMOVAL_ALLOW
18893  *			SD_REMOVAL_PREVENT
18894  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
18895  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
18896  *			to use the USCSI "direct" chain and bypass the normal
18897  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
18898  *			command is issued as part of an error recovery action.
18899  *
18900  * Return Code: 0   - Success
18901  *		errno return code from sd_send_scsi_cmd()
18902  *
18903  *     Context: Can sleep.
18904  */
18905 
18906 static int
18907 sd_send_scsi_DOORLOCK(struct sd_lun *un, int flag, int path_flag)
18908 {
18909 	union scsi_cdb		cdb;
18910 	struct uscsi_cmd	ucmd_buf;
18911 	struct scsi_extended_sense	sense_buf;
18912 	int			status;
18913 
18914 	ASSERT(un != NULL);
18915 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18916 
18917 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_DOORLOCK: entry: un:0x%p\n", un);
18918 
18919 	/* already determined doorlock is not supported, fake success */
18920 	if (un->un_f_doorlock_supported == FALSE) {
18921 		return (0);
18922 	}
18923 
18924 	bzero(&cdb, sizeof (cdb));
18925 	bzero(&ucmd_buf, sizeof (ucmd_buf));
18926 
18927 	cdb.scc_cmd = SCMD_DOORLOCK;
18928 	cdb.cdb_opaque[4] = (uchar_t)flag;
18929 
18930 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
18931 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
18932 	ucmd_buf.uscsi_bufaddr	= NULL;
18933 	ucmd_buf.uscsi_buflen	= 0;
18934 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
18935 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
18936 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
18937 	ucmd_buf.uscsi_timeout	= 15;
18938 
18939 	SD_TRACE(SD_LOG_IO, un,
18940 	    "sd_send_scsi_DOORLOCK: returning sd_send_scsi_cmd()\n");
18941 
18942 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
18943 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
18944 
18945 	if ((status == EIO) && (ucmd_buf.uscsi_status == STATUS_CHECK) &&
18946 	    (ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
18947 	    (scsi_sense_key((uint8_t *)&sense_buf) == KEY_ILLEGAL_REQUEST)) {
18948 		/* fake success and skip subsequent doorlock commands */
18949 		un->un_f_doorlock_supported = FALSE;
18950 		return (0);
18951 	}
18952 
18953 	return (status);
18954 }
18955 
18956 /*
18957  *    Function: sd_send_scsi_READ_CAPACITY
18958  *
18959  * Description: This routine uses the scsi READ CAPACITY command to determine
18960  *		the device capacity in number of blocks and the device native
18961  *		block size. If this function returns a failure, then the
18962  *		values in *capp and *lbap are undefined.  If the capacity
18963  *		returned is 0xffffffff then the lun is too large for a
18964  *		normal READ CAPACITY command and the results of a
18965  *		READ CAPACITY 16 will be used instead.
18966  *
18967  *   Arguments: un   - ptr to soft state struct for the target
18968  *		capp - ptr to unsigned 64-bit variable to receive the
18969  *			capacity value from the command.
18970  *		lbap - ptr to unsigned 32-bit varaible to receive the
18971  *			block size value from the command
18972  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
18973  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
18974  *			to use the USCSI "direct" chain and bypass the normal
18975  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
18976  *			command is issued as part of an error recovery action.
18977  *
18978  * Return Code: 0   - Success
18979  *		EIO - IO error
18980  *		EACCES - Reservation conflict detected
18981  *		EAGAIN - Device is becoming ready
18982  *		errno return code from sd_send_scsi_cmd()
18983  *
18984  *     Context: Can sleep.  Blocks until command completes.
18985  */
18986 
18987 #define	SD_CAPACITY_SIZE	sizeof (struct scsi_capacity)
18988 
18989 static int
18990 sd_send_scsi_READ_CAPACITY(struct sd_lun *un, uint64_t *capp, uint32_t *lbap,
18991 	int path_flag)
18992 {
18993 	struct	scsi_extended_sense	sense_buf;
18994 	struct	uscsi_cmd	ucmd_buf;
18995 	union	scsi_cdb	cdb;
18996 	uint32_t		*capacity_buf;
18997 	uint64_t		capacity;
18998 	uint32_t		lbasize;
18999 	int			status;
19000 
19001 	ASSERT(un != NULL);
19002 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19003 	ASSERT(capp != NULL);
19004 	ASSERT(lbap != NULL);
19005 
19006 	SD_TRACE(SD_LOG_IO, un,
19007 	    "sd_send_scsi_READ_CAPACITY: entry: un:0x%p\n", un);
19008 
19009 	/*
19010 	 * First send a READ_CAPACITY command to the target.
19011 	 * (This command is mandatory under SCSI-2.)
19012 	 *
19013 	 * Set up the CDB for the READ_CAPACITY command.  The Partial
19014 	 * Medium Indicator bit is cleared.  The address field must be
19015 	 * zero if the PMI bit is zero.
19016 	 */
19017 	bzero(&cdb, sizeof (cdb));
19018 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19019 
19020 	capacity_buf = kmem_zalloc(SD_CAPACITY_SIZE, KM_SLEEP);
19021 
19022 	cdb.scc_cmd = SCMD_READ_CAPACITY;
19023 
19024 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19025 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19026 	ucmd_buf.uscsi_bufaddr	= (caddr_t)capacity_buf;
19027 	ucmd_buf.uscsi_buflen	= SD_CAPACITY_SIZE;
19028 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19029 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
19030 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19031 	ucmd_buf.uscsi_timeout	= 60;
19032 
19033 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19034 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19035 
19036 	switch (status) {
19037 	case 0:
19038 		/* Return failure if we did not get valid capacity data. */
19039 		if (ucmd_buf.uscsi_resid != 0) {
19040 			kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19041 			return (EIO);
19042 		}
19043 
19044 		/*
19045 		 * Read capacity and block size from the READ CAPACITY 10 data.
19046 		 * This data may be adjusted later due to device specific
19047 		 * issues.
19048 		 *
19049 		 * According to the SCSI spec, the READ CAPACITY 10
19050 		 * command returns the following:
19051 		 *
19052 		 *  bytes 0-3: Maximum logical block address available.
19053 		 *		(MSB in byte:0 & LSB in byte:3)
19054 		 *
19055 		 *  bytes 4-7: Block length in bytes
19056 		 *		(MSB in byte:4 & LSB in byte:7)
19057 		 *
19058 		 */
19059 		capacity = BE_32(capacity_buf[0]);
19060 		lbasize = BE_32(capacity_buf[1]);
19061 
19062 		/*
19063 		 * Done with capacity_buf
19064 		 */
19065 		kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19066 
19067 		/*
19068 		 * if the reported capacity is set to all 0xf's, then
19069 		 * this disk is too large and requires SBC-2 commands.
19070 		 * Reissue the request using READ CAPACITY 16.
19071 		 */
19072 		if (capacity == 0xffffffff) {
19073 			status = sd_send_scsi_READ_CAPACITY_16(un, &capacity,
19074 			    &lbasize, path_flag);
19075 			if (status != 0) {
19076 				return (status);
19077 			}
19078 		}
19079 		break;	/* Success! */
19080 	case EIO:
19081 		switch (ucmd_buf.uscsi_status) {
19082 		case STATUS_RESERVATION_CONFLICT:
19083 			status = EACCES;
19084 			break;
19085 		case STATUS_CHECK:
19086 			/*
19087 			 * Check condition; look for ASC/ASCQ of 0x04/0x01
19088 			 * (LOGICAL UNIT IS IN PROCESS OF BECOMING READY)
19089 			 */
19090 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19091 			    (scsi_sense_asc((uint8_t *)&sense_buf) == 0x04) &&
19092 			    (scsi_sense_ascq((uint8_t *)&sense_buf) == 0x01)) {
19093 				kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19094 				return (EAGAIN);
19095 			}
19096 			break;
19097 		default:
19098 			break;
19099 		}
19100 		/* FALLTHRU */
19101 	default:
19102 		kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19103 		return (status);
19104 	}
19105 
19106 	/*
19107 	 * Some ATAPI CD-ROM drives report inaccurate LBA size values
19108 	 * (2352 and 0 are common) so for these devices always force the value
19109 	 * to 2048 as required by the ATAPI specs.
19110 	 */
19111 	if ((un->un_f_cfg_is_atapi == TRUE) && (ISCD(un))) {
19112 		lbasize = 2048;
19113 	}
19114 
19115 	/*
19116 	 * Get the maximum LBA value from the READ CAPACITY data.
19117 	 * Here we assume that the Partial Medium Indicator (PMI) bit
19118 	 * was cleared when issuing the command. This means that the LBA
19119 	 * returned from the device is the LBA of the last logical block
19120 	 * on the logical unit.  The actual logical block count will be
19121 	 * this value plus one.
19122 	 *
19123 	 * Currently the capacity is saved in terms of un->un_sys_blocksize,
19124 	 * so scale the capacity value to reflect this.
19125 	 */
19126 	capacity = (capacity + 1) * (lbasize / un->un_sys_blocksize);
19127 
19128 #if defined(__i386) || defined(__amd64)
19129 	/*
19130 	 * On x86, compensate for off-by-1 error (number of sectors on
19131 	 * media)  (1175930)
19132 	 */
19133 	if (!un->un_f_has_removable_media && !un->un_f_is_hotpluggable &&
19134 	    (lbasize == un->un_sys_blocksize)) {
19135 		capacity -= 1;
19136 	}
19137 #endif
19138 
19139 	/*
19140 	 * Copy the values from the READ CAPACITY command into the space
19141 	 * provided by the caller.
19142 	 */
19143 	*capp = capacity;
19144 	*lbap = lbasize;
19145 
19146 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_READ_CAPACITY: "
19147 	    "capacity:0x%llx  lbasize:0x%x\n", capacity, lbasize);
19148 
19149 	/*
19150 	 * Both the lbasize and capacity from the device must be nonzero,
19151 	 * otherwise we assume that the values are not valid and return
19152 	 * failure to the caller. (4203735)
19153 	 */
19154 	if ((capacity == 0) || (lbasize == 0)) {
19155 		return (EIO);
19156 	}
19157 
19158 	return (0);
19159 }
19160 
19161 /*
19162  *    Function: sd_send_scsi_READ_CAPACITY_16
19163  *
19164  * Description: This routine uses the scsi READ CAPACITY 16 command to
19165  *		determine the device capacity in number of blocks and the
19166  *		device native block size.  If this function returns a failure,
19167  *		then the values in *capp and *lbap are undefined.
19168  *		This routine should always be called by
19169  *		sd_send_scsi_READ_CAPACITY which will appy any device
19170  *		specific adjustments to capacity and lbasize.
19171  *
19172  *   Arguments: un   - ptr to soft state struct for the target
19173  *		capp - ptr to unsigned 64-bit variable to receive the
19174  *			capacity value from the command.
19175  *		lbap - ptr to unsigned 32-bit varaible to receive the
19176  *			block size value from the command
19177  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
19178  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
19179  *			to use the USCSI "direct" chain and bypass the normal
19180  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when
19181  *			this command is issued as part of an error recovery
19182  *			action.
19183  *
19184  * Return Code: 0   - Success
19185  *		EIO - IO error
19186  *		EACCES - Reservation conflict detected
19187  *		EAGAIN - Device is becoming ready
19188  *		errno return code from sd_send_scsi_cmd()
19189  *
19190  *     Context: Can sleep.  Blocks until command completes.
19191  */
19192 
19193 #define	SD_CAPACITY_16_SIZE	sizeof (struct scsi_capacity_16)
19194 
19195 static int
19196 sd_send_scsi_READ_CAPACITY_16(struct sd_lun *un, uint64_t *capp,
19197 	uint32_t *lbap, int path_flag)
19198 {
19199 	struct	scsi_extended_sense	sense_buf;
19200 	struct	uscsi_cmd	ucmd_buf;
19201 	union	scsi_cdb	cdb;
19202 	uint64_t		*capacity16_buf;
19203 	uint64_t		capacity;
19204 	uint32_t		lbasize;
19205 	int			status;
19206 
19207 	ASSERT(un != NULL);
19208 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19209 	ASSERT(capp != NULL);
19210 	ASSERT(lbap != NULL);
19211 
19212 	SD_TRACE(SD_LOG_IO, un,
19213 	    "sd_send_scsi_READ_CAPACITY: entry: un:0x%p\n", un);
19214 
19215 	/*
19216 	 * First send a READ_CAPACITY_16 command to the target.
19217 	 *
19218 	 * Set up the CDB for the READ_CAPACITY_16 command.  The Partial
19219 	 * Medium Indicator bit is cleared.  The address field must be
19220 	 * zero if the PMI bit is zero.
19221 	 */
19222 	bzero(&cdb, sizeof (cdb));
19223 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19224 
19225 	capacity16_buf = kmem_zalloc(SD_CAPACITY_16_SIZE, KM_SLEEP);
19226 
19227 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19228 	ucmd_buf.uscsi_cdblen	= CDB_GROUP4;
19229 	ucmd_buf.uscsi_bufaddr	= (caddr_t)capacity16_buf;
19230 	ucmd_buf.uscsi_buflen	= SD_CAPACITY_16_SIZE;
19231 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19232 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
19233 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19234 	ucmd_buf.uscsi_timeout	= 60;
19235 
19236 	/*
19237 	 * Read Capacity (16) is a Service Action In command.  One
19238 	 * command byte (0x9E) is overloaded for multiple operations,
19239 	 * with the second CDB byte specifying the desired operation
19240 	 */
19241 	cdb.scc_cmd = SCMD_SVC_ACTION_IN_G4;
19242 	cdb.cdb_opaque[1] = SSVC_ACTION_READ_CAPACITY_G4;
19243 
19244 	/*
19245 	 * Fill in allocation length field
19246 	 */
19247 	FORMG4COUNT(&cdb, ucmd_buf.uscsi_buflen);
19248 
19249 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19250 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19251 
19252 	switch (status) {
19253 	case 0:
19254 		/* Return failure if we did not get valid capacity data. */
19255 		if (ucmd_buf.uscsi_resid > 20) {
19256 			kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19257 			return (EIO);
19258 		}
19259 
19260 		/*
19261 		 * Read capacity and block size from the READ CAPACITY 10 data.
19262 		 * This data may be adjusted later due to device specific
19263 		 * issues.
19264 		 *
19265 		 * According to the SCSI spec, the READ CAPACITY 10
19266 		 * command returns the following:
19267 		 *
19268 		 *  bytes 0-7: Maximum logical block address available.
19269 		 *		(MSB in byte:0 & LSB in byte:7)
19270 		 *
19271 		 *  bytes 8-11: Block length in bytes
19272 		 *		(MSB in byte:8 & LSB in byte:11)
19273 		 *
19274 		 */
19275 		capacity = BE_64(capacity16_buf[0]);
19276 		lbasize = BE_32(*(uint32_t *)&capacity16_buf[1]);
19277 
19278 		/*
19279 		 * Done with capacity16_buf
19280 		 */
19281 		kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19282 
19283 		/*
19284 		 * if the reported capacity is set to all 0xf's, then
19285 		 * this disk is too large.  This could only happen with
19286 		 * a device that supports LBAs larger than 64 bits which
19287 		 * are not defined by any current T10 standards.
19288 		 */
19289 		if (capacity == 0xffffffffffffffff) {
19290 			return (EIO);
19291 		}
19292 		break;	/* Success! */
19293 	case EIO:
19294 		switch (ucmd_buf.uscsi_status) {
19295 		case STATUS_RESERVATION_CONFLICT:
19296 			status = EACCES;
19297 			break;
19298 		case STATUS_CHECK:
19299 			/*
19300 			 * Check condition; look for ASC/ASCQ of 0x04/0x01
19301 			 * (LOGICAL UNIT IS IN PROCESS OF BECOMING READY)
19302 			 */
19303 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19304 			    (scsi_sense_asc((uint8_t *)&sense_buf) == 0x04) &&
19305 			    (scsi_sense_ascq((uint8_t *)&sense_buf) == 0x01)) {
19306 				kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19307 				return (EAGAIN);
19308 			}
19309 			break;
19310 		default:
19311 			break;
19312 		}
19313 		/* FALLTHRU */
19314 	default:
19315 		kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19316 		return (status);
19317 	}
19318 
19319 	*capp = capacity;
19320 	*lbap = lbasize;
19321 
19322 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_READ_CAPACITY_16: "
19323 	    "capacity:0x%llx  lbasize:0x%x\n", capacity, lbasize);
19324 
19325 	return (0);
19326 }
19327 
19328 
19329 /*
19330  *    Function: sd_send_scsi_START_STOP_UNIT
19331  *
19332  * Description: Issue a scsi START STOP UNIT command to the target.
19333  *
19334  *   Arguments: un    - pointer to driver soft state (unit) structure for
19335  *			this target.
19336  *		flag  - SD_TARGET_START
19337  *			SD_TARGET_STOP
19338  *			SD_TARGET_EJECT
19339  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
19340  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
19341  *			to use the USCSI "direct" chain and bypass the normal
19342  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
19343  *			command is issued as part of an error recovery action.
19344  *
19345  * Return Code: 0   - Success
19346  *		EIO - IO error
19347  *		EACCES - Reservation conflict detected
19348  *		ENXIO  - Not Ready, medium not present
19349  *		errno return code from sd_send_scsi_cmd()
19350  *
19351  *     Context: Can sleep.
19352  */
19353 
19354 static int
19355 sd_send_scsi_START_STOP_UNIT(struct sd_lun *un, int flag, int path_flag)
19356 {
19357 	struct	scsi_extended_sense	sense_buf;
19358 	union scsi_cdb		cdb;
19359 	struct uscsi_cmd	ucmd_buf;
19360 	int			status;
19361 
19362 	ASSERT(un != NULL);
19363 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19364 
19365 	SD_TRACE(SD_LOG_IO, un,
19366 	    "sd_send_scsi_START_STOP_UNIT: entry: un:0x%p\n", un);
19367 
19368 	if (un->un_f_check_start_stop &&
19369 	    ((flag == SD_TARGET_START) || (flag == SD_TARGET_STOP)) &&
19370 	    (un->un_f_start_stop_supported != TRUE)) {
19371 		return (0);
19372 	}
19373 
19374 	bzero(&cdb, sizeof (cdb));
19375 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19376 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19377 
19378 	cdb.scc_cmd = SCMD_START_STOP;
19379 	cdb.cdb_opaque[4] = (uchar_t)flag;
19380 
19381 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19382 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19383 	ucmd_buf.uscsi_bufaddr	= NULL;
19384 	ucmd_buf.uscsi_buflen	= 0;
19385 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19386 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19387 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
19388 	ucmd_buf.uscsi_timeout	= 200;
19389 
19390 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19391 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19392 
19393 	switch (status) {
19394 	case 0:
19395 		break;	/* Success! */
19396 	case EIO:
19397 		switch (ucmd_buf.uscsi_status) {
19398 		case STATUS_RESERVATION_CONFLICT:
19399 			status = EACCES;
19400 			break;
19401 		case STATUS_CHECK:
19402 			if (ucmd_buf.uscsi_rqstatus == STATUS_GOOD) {
19403 				switch (scsi_sense_key(
19404 						(uint8_t *)&sense_buf)) {
19405 				case KEY_ILLEGAL_REQUEST:
19406 					status = ENOTSUP;
19407 					break;
19408 				case KEY_NOT_READY:
19409 					if (scsi_sense_asc(
19410 						    (uint8_t *)&sense_buf)
19411 					    == 0x3A) {
19412 						status = ENXIO;
19413 					}
19414 					break;
19415 				default:
19416 					break;
19417 				}
19418 			}
19419 			break;
19420 		default:
19421 			break;
19422 		}
19423 		break;
19424 	default:
19425 		break;
19426 	}
19427 
19428 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_START_STOP_UNIT: exit\n");
19429 
19430 	return (status);
19431 }
19432 
19433 
19434 /*
19435  *    Function: sd_start_stop_unit_callback
19436  *
19437  * Description: timeout(9F) callback to begin recovery process for a
19438  *		device that has spun down.
19439  *
19440  *   Arguments: arg - pointer to associated softstate struct.
19441  *
19442  *     Context: Executes in a timeout(9F) thread context
19443  */
19444 
19445 static void
19446 sd_start_stop_unit_callback(void *arg)
19447 {
19448 	struct sd_lun	*un = arg;
19449 	ASSERT(un != NULL);
19450 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19451 
19452 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_callback: entry\n");
19453 
19454 	(void) taskq_dispatch(sd_tq, sd_start_stop_unit_task, un, KM_NOSLEEP);
19455 }
19456 
19457 
19458 /*
19459  *    Function: sd_start_stop_unit_task
19460  *
19461  * Description: Recovery procedure when a drive is spun down.
19462  *
19463  *   Arguments: arg - pointer to associated softstate struct.
19464  *
19465  *     Context: Executes in a taskq() thread context
19466  */
19467 
19468 static void
19469 sd_start_stop_unit_task(void *arg)
19470 {
19471 	struct sd_lun	*un = arg;
19472 
19473 	ASSERT(un != NULL);
19474 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19475 
19476 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_task: entry\n");
19477 
19478 	/*
19479 	 * Some unformatted drives report not ready error, no need to
19480 	 * restart if format has been initiated.
19481 	 */
19482 	mutex_enter(SD_MUTEX(un));
19483 	if (un->un_f_format_in_progress == TRUE) {
19484 		mutex_exit(SD_MUTEX(un));
19485 		return;
19486 	}
19487 	mutex_exit(SD_MUTEX(un));
19488 
19489 	/*
19490 	 * When a START STOP command is issued from here, it is part of a
19491 	 * failure recovery operation and must be issued before any other
19492 	 * commands, including any pending retries. Thus it must be sent
19493 	 * using SD_PATH_DIRECT_PRIORITY. It doesn't matter if the spin up
19494 	 * succeeds or not, we will start I/O after the attempt.
19495 	 */
19496 	(void) sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
19497 	    SD_PATH_DIRECT_PRIORITY);
19498 
19499 	/*
19500 	 * The above call blocks until the START_STOP_UNIT command completes.
19501 	 * Now that it has completed, we must re-try the original IO that
19502 	 * received the NOT READY condition in the first place. There are
19503 	 * three possible conditions here:
19504 	 *
19505 	 *  (1) The original IO is on un_retry_bp.
19506 	 *  (2) The original IO is on the regular wait queue, and un_retry_bp
19507 	 *	is NULL.
19508 	 *  (3) The original IO is on the regular wait queue, and un_retry_bp
19509 	 *	points to some other, unrelated bp.
19510 	 *
19511 	 * For each case, we must call sd_start_cmds() with un_retry_bp
19512 	 * as the argument. If un_retry_bp is NULL, this will initiate
19513 	 * processing of the regular wait queue.  If un_retry_bp is not NULL,
19514 	 * then this will process the bp on un_retry_bp. That may or may not
19515 	 * be the original IO, but that does not matter: the important thing
19516 	 * is to keep the IO processing going at this point.
19517 	 *
19518 	 * Note: This is a very specific error recovery sequence associated
19519 	 * with a drive that is not spun up. We attempt a START_STOP_UNIT and
19520 	 * serialize the I/O with completion of the spin-up.
19521 	 */
19522 	mutex_enter(SD_MUTEX(un));
19523 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
19524 	    "sd_start_stop_unit_task: un:0x%p starting bp:0x%p\n",
19525 	    un, un->un_retry_bp);
19526 	un->un_startstop_timeid = NULL;	/* Timeout is no longer pending */
19527 	sd_start_cmds(un, un->un_retry_bp);
19528 	mutex_exit(SD_MUTEX(un));
19529 
19530 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_task: exit\n");
19531 }
19532 
19533 
19534 /*
19535  *    Function: sd_send_scsi_INQUIRY
19536  *
19537  * Description: Issue the scsi INQUIRY command.
19538  *
19539  *   Arguments: un
19540  *		bufaddr
19541  *		buflen
19542  *		evpd
19543  *		page_code
19544  *		page_length
19545  *
19546  * Return Code: 0   - Success
19547  *		errno return code from sd_send_scsi_cmd()
19548  *
19549  *     Context: Can sleep. Does not return until command is completed.
19550  */
19551 
19552 static int
19553 sd_send_scsi_INQUIRY(struct sd_lun *un, uchar_t *bufaddr, size_t buflen,
19554 	uchar_t evpd, uchar_t page_code, size_t *residp)
19555 {
19556 	union scsi_cdb		cdb;
19557 	struct uscsi_cmd	ucmd_buf;
19558 	int			status;
19559 
19560 	ASSERT(un != NULL);
19561 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19562 	ASSERT(bufaddr != NULL);
19563 
19564 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_INQUIRY: entry: un:0x%p\n", un);
19565 
19566 	bzero(&cdb, sizeof (cdb));
19567 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19568 	bzero(bufaddr, buflen);
19569 
19570 	cdb.scc_cmd = SCMD_INQUIRY;
19571 	cdb.cdb_opaque[1] = evpd;
19572 	cdb.cdb_opaque[2] = page_code;
19573 	FORMG0COUNT(&cdb, buflen);
19574 
19575 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19576 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19577 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
19578 	ucmd_buf.uscsi_buflen	= buflen;
19579 	ucmd_buf.uscsi_rqbuf	= NULL;
19580 	ucmd_buf.uscsi_rqlen	= 0;
19581 	ucmd_buf.uscsi_flags	= USCSI_READ | USCSI_SILENT;
19582 	ucmd_buf.uscsi_timeout	= 200;	/* Excessive legacy value */
19583 
19584 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19585 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_DIRECT);
19586 
19587 	if ((status == 0) && (residp != NULL)) {
19588 		*residp = ucmd_buf.uscsi_resid;
19589 	}
19590 
19591 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_INQUIRY: exit\n");
19592 
19593 	return (status);
19594 }
19595 
19596 
19597 /*
19598  *    Function: sd_send_scsi_TEST_UNIT_READY
19599  *
19600  * Description: Issue the scsi TEST UNIT READY command.
19601  *		This routine can be told to set the flag USCSI_DIAGNOSE to
19602  *		prevent retrying failed commands. Use this when the intent
19603  *		is either to check for device readiness, to clear a Unit
19604  *		Attention, or to clear any outstanding sense data.
19605  *		However under specific conditions the expected behavior
19606  *		is for retries to bring a device ready, so use the flag
19607  *		with caution.
19608  *
19609  *   Arguments: un
19610  *		flag:   SD_CHECK_FOR_MEDIA: return ENXIO if no media present
19611  *			SD_DONT_RETRY_TUR: include uscsi flag USCSI_DIAGNOSE.
19612  *			0: dont check for media present, do retries on cmd.
19613  *
19614  * Return Code: 0   - Success
19615  *		EIO - IO error
19616  *		EACCES - Reservation conflict detected
19617  *		ENXIO  - Not Ready, medium not present
19618  *		errno return code from sd_send_scsi_cmd()
19619  *
19620  *     Context: Can sleep. Does not return until command is completed.
19621  */
19622 
19623 static int
19624 sd_send_scsi_TEST_UNIT_READY(struct sd_lun *un, int flag)
19625 {
19626 	struct	scsi_extended_sense	sense_buf;
19627 	union scsi_cdb		cdb;
19628 	struct uscsi_cmd	ucmd_buf;
19629 	int			status;
19630 
19631 	ASSERT(un != NULL);
19632 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19633 
19634 	SD_TRACE(SD_LOG_IO, un,
19635 	    "sd_send_scsi_TEST_UNIT_READY: entry: un:0x%p\n", un);
19636 
19637 	/*
19638 	 * Some Seagate elite1 TQ devices get hung with disconnect/reconnect
19639 	 * timeouts when they receive a TUR and the queue is not empty. Check
19640 	 * the configuration flag set during attach (indicating the drive has
19641 	 * this firmware bug) and un_ncmds_in_transport before issuing the
19642 	 * TUR. If there are
19643 	 * pending commands return success, this is a bit arbitrary but is ok
19644 	 * for non-removables (i.e. the eliteI disks) and non-clustering
19645 	 * configurations.
19646 	 */
19647 	if (un->un_f_cfg_tur_check == TRUE) {
19648 		mutex_enter(SD_MUTEX(un));
19649 		if (un->un_ncmds_in_transport != 0) {
19650 			mutex_exit(SD_MUTEX(un));
19651 			return (0);
19652 		}
19653 		mutex_exit(SD_MUTEX(un));
19654 	}
19655 
19656 	bzero(&cdb, sizeof (cdb));
19657 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19658 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19659 
19660 	cdb.scc_cmd = SCMD_TEST_UNIT_READY;
19661 
19662 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19663 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19664 	ucmd_buf.uscsi_bufaddr	= NULL;
19665 	ucmd_buf.uscsi_buflen	= 0;
19666 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19667 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19668 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
19669 
19670 	/* Use flag USCSI_DIAGNOSE to prevent retries if it fails. */
19671 	if ((flag & SD_DONT_RETRY_TUR) != 0) {
19672 		ucmd_buf.uscsi_flags |= USCSI_DIAGNOSE;
19673 	}
19674 	ucmd_buf.uscsi_timeout	= 60;
19675 
19676 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19677 	    UIO_SYSSPACE, UIO_SYSSPACE,
19678 	    ((flag & SD_BYPASS_PM) ? SD_PATH_DIRECT : SD_PATH_STANDARD));
19679 
19680 	switch (status) {
19681 	case 0:
19682 		break;	/* Success! */
19683 	case EIO:
19684 		switch (ucmd_buf.uscsi_status) {
19685 		case STATUS_RESERVATION_CONFLICT:
19686 			status = EACCES;
19687 			break;
19688 		case STATUS_CHECK:
19689 			if ((flag & SD_CHECK_FOR_MEDIA) == 0) {
19690 				break;
19691 			}
19692 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19693 			    (scsi_sense_key((uint8_t *)&sense_buf) ==
19694 				KEY_NOT_READY) &&
19695 			    (scsi_sense_asc((uint8_t *)&sense_buf) == 0x3A)) {
19696 				status = ENXIO;
19697 			}
19698 			break;
19699 		default:
19700 			break;
19701 		}
19702 		break;
19703 	default:
19704 		break;
19705 	}
19706 
19707 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_TEST_UNIT_READY: exit\n");
19708 
19709 	return (status);
19710 }
19711 
19712 
19713 /*
19714  *    Function: sd_send_scsi_PERSISTENT_RESERVE_IN
19715  *
19716  * Description: Issue the scsi PERSISTENT RESERVE IN command.
19717  *
19718  *   Arguments: un
19719  *
19720  * Return Code: 0   - Success
19721  *		EACCES
19722  *		ENOTSUP
19723  *		errno return code from sd_send_scsi_cmd()
19724  *
19725  *     Context: Can sleep. Does not return until command is completed.
19726  */
19727 
19728 static int
19729 sd_send_scsi_PERSISTENT_RESERVE_IN(struct sd_lun *un, uchar_t  usr_cmd,
19730 	uint16_t data_len, uchar_t *data_bufp)
19731 {
19732 	struct scsi_extended_sense	sense_buf;
19733 	union scsi_cdb		cdb;
19734 	struct uscsi_cmd	ucmd_buf;
19735 	int			status;
19736 	int			no_caller_buf = FALSE;
19737 
19738 	ASSERT(un != NULL);
19739 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19740 	ASSERT((usr_cmd == SD_READ_KEYS) || (usr_cmd == SD_READ_RESV));
19741 
19742 	SD_TRACE(SD_LOG_IO, un,
19743 	    "sd_send_scsi_PERSISTENT_RESERVE_IN: entry: un:0x%p\n", un);
19744 
19745 	bzero(&cdb, sizeof (cdb));
19746 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19747 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19748 	if (data_bufp == NULL) {
19749 		/* Allocate a default buf if the caller did not give one */
19750 		ASSERT(data_len == 0);
19751 		data_len  = MHIOC_RESV_KEY_SIZE;
19752 		data_bufp = kmem_zalloc(MHIOC_RESV_KEY_SIZE, KM_SLEEP);
19753 		no_caller_buf = TRUE;
19754 	}
19755 
19756 	cdb.scc_cmd = SCMD_PERSISTENT_RESERVE_IN;
19757 	cdb.cdb_opaque[1] = usr_cmd;
19758 	FORMG1COUNT(&cdb, data_len);
19759 
19760 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19761 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19762 	ucmd_buf.uscsi_bufaddr	= (caddr_t)data_bufp;
19763 	ucmd_buf.uscsi_buflen	= data_len;
19764 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19765 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19766 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19767 	ucmd_buf.uscsi_timeout	= 60;
19768 
19769 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19770 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
19771 
19772 	switch (status) {
19773 	case 0:
19774 		break;	/* Success! */
19775 	case EIO:
19776 		switch (ucmd_buf.uscsi_status) {
19777 		case STATUS_RESERVATION_CONFLICT:
19778 			status = EACCES;
19779 			break;
19780 		case STATUS_CHECK:
19781 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19782 			    (scsi_sense_key((uint8_t *)&sense_buf) ==
19783 				KEY_ILLEGAL_REQUEST)) {
19784 				status = ENOTSUP;
19785 			}
19786 			break;
19787 		default:
19788 			break;
19789 		}
19790 		break;
19791 	default:
19792 		break;
19793 	}
19794 
19795 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_PERSISTENT_RESERVE_IN: exit\n");
19796 
19797 	if (no_caller_buf == TRUE) {
19798 		kmem_free(data_bufp, data_len);
19799 	}
19800 
19801 	return (status);
19802 }
19803 
19804 
19805 /*
19806  *    Function: sd_send_scsi_PERSISTENT_RESERVE_OUT
19807  *
19808  * Description: This routine is the driver entry point for handling CD-ROM
19809  *		multi-host persistent reservation requests (MHIOCGRP_INKEYS,
19810  *		MHIOCGRP_INRESV) by sending the SCSI-3 PROUT commands to the
19811  *		device.
19812  *
19813  *   Arguments: un  -   Pointer to soft state struct for the target.
19814  *		usr_cmd SCSI-3 reservation facility command (one of
19815  *			SD_SCSI3_REGISTER, SD_SCSI3_RESERVE, SD_SCSI3_RELEASE,
19816  *			SD_SCSI3_PREEMPTANDABORT)
19817  *		usr_bufp - user provided pointer register, reserve descriptor or
19818  *			preempt and abort structure (mhioc_register_t,
19819  *                      mhioc_resv_desc_t, mhioc_preemptandabort_t)
19820  *
19821  * Return Code: 0   - Success
19822  *		EACCES
19823  *		ENOTSUP
19824  *		errno return code from sd_send_scsi_cmd()
19825  *
19826  *     Context: Can sleep. Does not return until command is completed.
19827  */
19828 
19829 static int
19830 sd_send_scsi_PERSISTENT_RESERVE_OUT(struct sd_lun *un, uchar_t usr_cmd,
19831 	uchar_t	*usr_bufp)
19832 {
19833 	struct scsi_extended_sense	sense_buf;
19834 	union scsi_cdb		cdb;
19835 	struct uscsi_cmd	ucmd_buf;
19836 	int			status;
19837 	uchar_t			data_len = sizeof (sd_prout_t);
19838 	sd_prout_t		*prp;
19839 
19840 	ASSERT(un != NULL);
19841 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19842 	ASSERT(data_len == 24);	/* required by scsi spec */
19843 
19844 	SD_TRACE(SD_LOG_IO, un,
19845 	    "sd_send_scsi_PERSISTENT_RESERVE_OUT: entry: un:0x%p\n", un);
19846 
19847 	if (usr_bufp == NULL) {
19848 		return (EINVAL);
19849 	}
19850 
19851 	bzero(&cdb, sizeof (cdb));
19852 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19853 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19854 	prp = kmem_zalloc(data_len, KM_SLEEP);
19855 
19856 	cdb.scc_cmd = SCMD_PERSISTENT_RESERVE_OUT;
19857 	cdb.cdb_opaque[1] = usr_cmd;
19858 	FORMG1COUNT(&cdb, data_len);
19859 
19860 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19861 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19862 	ucmd_buf.uscsi_bufaddr	= (caddr_t)prp;
19863 	ucmd_buf.uscsi_buflen	= data_len;
19864 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19865 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19866 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_WRITE | USCSI_SILENT;
19867 	ucmd_buf.uscsi_timeout	= 60;
19868 
19869 	switch (usr_cmd) {
19870 	case SD_SCSI3_REGISTER: {
19871 		mhioc_register_t *ptr = (mhioc_register_t *)usr_bufp;
19872 
19873 		bcopy(ptr->oldkey.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19874 		bcopy(ptr->newkey.key, prp->service_key,
19875 		    MHIOC_RESV_KEY_SIZE);
19876 		prp->aptpl = ptr->aptpl;
19877 		break;
19878 	}
19879 	case SD_SCSI3_RESERVE:
19880 	case SD_SCSI3_RELEASE: {
19881 		mhioc_resv_desc_t *ptr = (mhioc_resv_desc_t *)usr_bufp;
19882 
19883 		bcopy(ptr->key.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19884 		prp->scope_address = BE_32(ptr->scope_specific_addr);
19885 		cdb.cdb_opaque[2] = ptr->type;
19886 		break;
19887 	}
19888 	case SD_SCSI3_PREEMPTANDABORT: {
19889 		mhioc_preemptandabort_t *ptr =
19890 		    (mhioc_preemptandabort_t *)usr_bufp;
19891 
19892 		bcopy(ptr->resvdesc.key.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19893 		bcopy(ptr->victim_key.key, prp->service_key,
19894 		    MHIOC_RESV_KEY_SIZE);
19895 		prp->scope_address = BE_32(ptr->resvdesc.scope_specific_addr);
19896 		cdb.cdb_opaque[2] = ptr->resvdesc.type;
19897 		ucmd_buf.uscsi_flags |= USCSI_HEAD;
19898 		break;
19899 	}
19900 	case SD_SCSI3_REGISTERANDIGNOREKEY:
19901 	{
19902 		mhioc_registerandignorekey_t *ptr;
19903 		ptr = (mhioc_registerandignorekey_t *)usr_bufp;
19904 		bcopy(ptr->newkey.key,
19905 		    prp->service_key, MHIOC_RESV_KEY_SIZE);
19906 		prp->aptpl = ptr->aptpl;
19907 		break;
19908 	}
19909 	default:
19910 		ASSERT(FALSE);
19911 		break;
19912 	}
19913 
19914 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19915 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
19916 
19917 	switch (status) {
19918 	case 0:
19919 		break;	/* Success! */
19920 	case EIO:
19921 		switch (ucmd_buf.uscsi_status) {
19922 		case STATUS_RESERVATION_CONFLICT:
19923 			status = EACCES;
19924 			break;
19925 		case STATUS_CHECK:
19926 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19927 			    (scsi_sense_key((uint8_t *)&sense_buf) ==
19928 				KEY_ILLEGAL_REQUEST)) {
19929 				status = ENOTSUP;
19930 			}
19931 			break;
19932 		default:
19933 			break;
19934 		}
19935 		break;
19936 	default:
19937 		break;
19938 	}
19939 
19940 	kmem_free(prp, data_len);
19941 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_PERSISTENT_RESERVE_OUT: exit\n");
19942 	return (status);
19943 }
19944 
19945 
19946 /*
19947  *    Function: sd_send_scsi_SYNCHRONIZE_CACHE
19948  *
19949  * Description: Issues a scsi SYNCHRONIZE CACHE command to the target
19950  *
19951  *   Arguments: un - pointer to the target's soft state struct
19952  *
19953  * Return Code: 0 - success
19954  *		errno-type error code
19955  *
19956  *     Context: kernel thread context only.
19957  */
19958 
19959 static int
19960 sd_send_scsi_SYNCHRONIZE_CACHE(struct sd_lun *un, struct dk_callback *dkc)
19961 {
19962 	struct sd_uscsi_info	*uip;
19963 	struct uscsi_cmd	*uscmd;
19964 	union scsi_cdb		*cdb;
19965 	struct buf		*bp;
19966 	int			rval = 0;
19967 
19968 	SD_TRACE(SD_LOG_IO, un,
19969 	    "sd_send_scsi_SYNCHRONIZE_CACHE: entry: un:0x%p\n", un);
19970 
19971 	ASSERT(un != NULL);
19972 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19973 
19974 	cdb = kmem_zalloc(CDB_GROUP1, KM_SLEEP);
19975 	cdb->scc_cmd = SCMD_SYNCHRONIZE_CACHE;
19976 
19977 	/*
19978 	 * First get some memory for the uscsi_cmd struct and cdb
19979 	 * and initialize for SYNCHRONIZE_CACHE cmd.
19980 	 */
19981 	uscmd = kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
19982 	uscmd->uscsi_cdblen = CDB_GROUP1;
19983 	uscmd->uscsi_cdb = (caddr_t)cdb;
19984 	uscmd->uscsi_bufaddr = NULL;
19985 	uscmd->uscsi_buflen = 0;
19986 	uscmd->uscsi_rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
19987 	uscmd->uscsi_rqlen = SENSE_LENGTH;
19988 	uscmd->uscsi_rqresid = SENSE_LENGTH;
19989 	uscmd->uscsi_flags = USCSI_RQENABLE | USCSI_SILENT;
19990 	uscmd->uscsi_timeout = sd_io_time;
19991 
19992 	/*
19993 	 * Allocate an sd_uscsi_info struct and fill it with the info
19994 	 * needed by sd_initpkt_for_uscsi().  Then put the pointer into
19995 	 * b_private in the buf for sd_initpkt_for_uscsi().  Note that
19996 	 * since we allocate the buf here in this function, we do not
19997 	 * need to preserve the prior contents of b_private.
19998 	 * The sd_uscsi_info struct is also used by sd_uscsi_strategy()
19999 	 */
20000 	uip = kmem_zalloc(sizeof (struct sd_uscsi_info), KM_SLEEP);
20001 	uip->ui_flags = SD_PATH_DIRECT;
20002 	uip->ui_cmdp  = uscmd;
20003 
20004 	bp = getrbuf(KM_SLEEP);
20005 	bp->b_private = uip;
20006 
20007 	/*
20008 	 * Setup buffer to carry uscsi request.
20009 	 */
20010 	bp->b_flags  = B_BUSY;
20011 	bp->b_bcount = 0;
20012 	bp->b_blkno  = 0;
20013 
20014 	if (dkc != NULL) {
20015 		bp->b_iodone = sd_send_scsi_SYNCHRONIZE_CACHE_biodone;
20016 		uip->ui_dkc = *dkc;
20017 	}
20018 
20019 	bp->b_edev = SD_GET_DEV(un);
20020 	bp->b_dev = cmpdev(bp->b_edev);	/* maybe unnecessary? */
20021 
20022 	(void) sd_uscsi_strategy(bp);
20023 
20024 	/*
20025 	 * If synchronous request, wait for completion
20026 	 * If async just return and let b_iodone callback
20027 	 * cleanup.
20028 	 * NOTE: On return, u_ncmds_in_driver will be decremented,
20029 	 * but it was also incremented in sd_uscsi_strategy(), so
20030 	 * we should be ok.
20031 	 */
20032 	if (dkc == NULL) {
20033 		(void) biowait(bp);
20034 		rval = sd_send_scsi_SYNCHRONIZE_CACHE_biodone(bp);
20035 	}
20036 
20037 	return (rval);
20038 }
20039 
20040 
20041 static int
20042 sd_send_scsi_SYNCHRONIZE_CACHE_biodone(struct buf *bp)
20043 {
20044 	struct sd_uscsi_info *uip;
20045 	struct uscsi_cmd *uscmd;
20046 	uint8_t *sense_buf;
20047 	struct sd_lun *un;
20048 	int status;
20049 
20050 	uip = (struct sd_uscsi_info *)(bp->b_private);
20051 	ASSERT(uip != NULL);
20052 
20053 	uscmd = uip->ui_cmdp;
20054 	ASSERT(uscmd != NULL);
20055 
20056 	sense_buf = (uint8_t *)uscmd->uscsi_rqbuf;
20057 	ASSERT(sense_buf != NULL);
20058 
20059 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
20060 	ASSERT(un != NULL);
20061 
20062 	status = geterror(bp);
20063 	switch (status) {
20064 	case 0:
20065 		break;	/* Success! */
20066 	case EIO:
20067 		switch (uscmd->uscsi_status) {
20068 		case STATUS_RESERVATION_CONFLICT:
20069 			/* Ignore reservation conflict */
20070 			status = 0;
20071 			goto done;
20072 
20073 		case STATUS_CHECK:
20074 			if ((uscmd->uscsi_rqstatus == STATUS_GOOD) &&
20075 			    (scsi_sense_key(sense_buf) ==
20076 				KEY_ILLEGAL_REQUEST)) {
20077 				/* Ignore Illegal Request error */
20078 				mutex_enter(SD_MUTEX(un));
20079 				un->un_f_sync_cache_supported = FALSE;
20080 				mutex_exit(SD_MUTEX(un));
20081 				status = ENOTSUP;
20082 				goto done;
20083 			}
20084 			break;
20085 		default:
20086 			break;
20087 		}
20088 		/* FALLTHRU */
20089 	default:
20090 		/* Ignore error if the media is not present */
20091 		if (sd_send_scsi_TEST_UNIT_READY(un, 0) != 0) {
20092 			status = 0;
20093 			goto done;
20094 		}
20095 		/* If we reach this, we had an error */
20096 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
20097 		    "SYNCHRONIZE CACHE command failed (%d)\n", status);
20098 		break;
20099 	}
20100 
20101 done:
20102 	if (uip->ui_dkc.dkc_callback != NULL) {
20103 		(*uip->ui_dkc.dkc_callback)(uip->ui_dkc.dkc_cookie, status);
20104 	}
20105 
20106 	ASSERT((bp->b_flags & B_REMAPPED) == 0);
20107 	freerbuf(bp);
20108 	kmem_free(uip, sizeof (struct sd_uscsi_info));
20109 	kmem_free(uscmd->uscsi_rqbuf, SENSE_LENGTH);
20110 	kmem_free(uscmd->uscsi_cdb, (size_t)uscmd->uscsi_cdblen);
20111 	kmem_free(uscmd, sizeof (struct uscsi_cmd));
20112 
20113 	return (status);
20114 }
20115 
20116 
20117 /*
20118  *    Function: sd_send_scsi_GET_CONFIGURATION
20119  *
20120  * Description: Issues the get configuration command to the device.
20121  *		Called from sd_check_for_writable_cd & sd_get_media_info
20122  *		caller needs to ensure that buflen = SD_PROFILE_HEADER_LEN
20123  *   Arguments: un
20124  *		ucmdbuf
20125  *		rqbuf
20126  *		rqbuflen
20127  *		bufaddr
20128  *		buflen
20129  *
20130  * Return Code: 0   - Success
20131  *		errno return code from sd_send_scsi_cmd()
20132  *
20133  *     Context: Can sleep. Does not return until command is completed.
20134  *
20135  */
20136 
20137 static int
20138 sd_send_scsi_GET_CONFIGURATION(struct sd_lun *un, struct uscsi_cmd *ucmdbuf,
20139 	uchar_t *rqbuf, uint_t rqbuflen, uchar_t *bufaddr, uint_t buflen)
20140 {
20141 	char	cdb[CDB_GROUP1];
20142 	int	status;
20143 
20144 	ASSERT(un != NULL);
20145 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20146 	ASSERT(bufaddr != NULL);
20147 	ASSERT(ucmdbuf != NULL);
20148 	ASSERT(rqbuf != NULL);
20149 
20150 	SD_TRACE(SD_LOG_IO, un,
20151 	    "sd_send_scsi_GET_CONFIGURATION: entry: un:0x%p\n", un);
20152 
20153 	bzero(cdb, sizeof (cdb));
20154 	bzero(ucmdbuf, sizeof (struct uscsi_cmd));
20155 	bzero(rqbuf, rqbuflen);
20156 	bzero(bufaddr, buflen);
20157 
20158 	/*
20159 	 * Set up cdb field for the get configuration command.
20160 	 */
20161 	cdb[0] = SCMD_GET_CONFIGURATION;
20162 	cdb[1] = 0x02;  /* Requested Type */
20163 	cdb[8] = SD_PROFILE_HEADER_LEN;
20164 	ucmdbuf->uscsi_cdb = cdb;
20165 	ucmdbuf->uscsi_cdblen = CDB_GROUP1;
20166 	ucmdbuf->uscsi_bufaddr = (caddr_t)bufaddr;
20167 	ucmdbuf->uscsi_buflen = buflen;
20168 	ucmdbuf->uscsi_timeout = sd_io_time;
20169 	ucmdbuf->uscsi_rqbuf = (caddr_t)rqbuf;
20170 	ucmdbuf->uscsi_rqlen = rqbuflen;
20171 	ucmdbuf->uscsi_flags = USCSI_RQENABLE|USCSI_SILENT|USCSI_READ;
20172 
20173 	status = sd_send_scsi_cmd(SD_GET_DEV(un), ucmdbuf, UIO_SYSSPACE,
20174 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
20175 
20176 	switch (status) {
20177 	case 0:
20178 		break;  /* Success! */
20179 	case EIO:
20180 		switch (ucmdbuf->uscsi_status) {
20181 		case STATUS_RESERVATION_CONFLICT:
20182 			status = EACCES;
20183 			break;
20184 		default:
20185 			break;
20186 		}
20187 		break;
20188 	default:
20189 		break;
20190 	}
20191 
20192 	if (status == 0) {
20193 		SD_DUMP_MEMORY(un, SD_LOG_IO,
20194 		    "sd_send_scsi_GET_CONFIGURATION: data",
20195 		    (uchar_t *)bufaddr, SD_PROFILE_HEADER_LEN, SD_LOG_HEX);
20196 	}
20197 
20198 	SD_TRACE(SD_LOG_IO, un,
20199 	    "sd_send_scsi_GET_CONFIGURATION: exit\n");
20200 
20201 	return (status);
20202 }
20203 
20204 /*
20205  *    Function: sd_send_scsi_feature_GET_CONFIGURATION
20206  *
20207  * Description: Issues the get configuration command to the device to
20208  *              retrieve a specfic feature. Called from
20209  *		sd_check_for_writable_cd & sd_set_mmc_caps.
20210  *   Arguments: un
20211  *              ucmdbuf
20212  *              rqbuf
20213  *              rqbuflen
20214  *              bufaddr
20215  *              buflen
20216  *		feature
20217  *
20218  * Return Code: 0   - Success
20219  *              errno return code from sd_send_scsi_cmd()
20220  *
20221  *     Context: Can sleep. Does not return until command is completed.
20222  *
20223  */
20224 static int
20225 sd_send_scsi_feature_GET_CONFIGURATION(struct sd_lun *un,
20226 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
20227 	uchar_t *bufaddr, uint_t buflen, char feature)
20228 {
20229 	char    cdb[CDB_GROUP1];
20230 	int	status;
20231 
20232 	ASSERT(un != NULL);
20233 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20234 	ASSERT(bufaddr != NULL);
20235 	ASSERT(ucmdbuf != NULL);
20236 	ASSERT(rqbuf != NULL);
20237 
20238 	SD_TRACE(SD_LOG_IO, un,
20239 	    "sd_send_scsi_feature_GET_CONFIGURATION: entry: un:0x%p\n", un);
20240 
20241 	bzero(cdb, sizeof (cdb));
20242 	bzero(ucmdbuf, sizeof (struct uscsi_cmd));
20243 	bzero(rqbuf, rqbuflen);
20244 	bzero(bufaddr, buflen);
20245 
20246 	/*
20247 	 * Set up cdb field for the get configuration command.
20248 	 */
20249 	cdb[0] = SCMD_GET_CONFIGURATION;
20250 	cdb[1] = 0x02;  /* Requested Type */
20251 	cdb[3] = feature;
20252 	cdb[8] = buflen;
20253 	ucmdbuf->uscsi_cdb = cdb;
20254 	ucmdbuf->uscsi_cdblen = CDB_GROUP1;
20255 	ucmdbuf->uscsi_bufaddr = (caddr_t)bufaddr;
20256 	ucmdbuf->uscsi_buflen = buflen;
20257 	ucmdbuf->uscsi_timeout = sd_io_time;
20258 	ucmdbuf->uscsi_rqbuf = (caddr_t)rqbuf;
20259 	ucmdbuf->uscsi_rqlen = rqbuflen;
20260 	ucmdbuf->uscsi_flags = USCSI_RQENABLE|USCSI_SILENT|USCSI_READ;
20261 
20262 	status = sd_send_scsi_cmd(SD_GET_DEV(un), ucmdbuf, UIO_SYSSPACE,
20263 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
20264 
20265 	switch (status) {
20266 	case 0:
20267 		break;  /* Success! */
20268 	case EIO:
20269 		switch (ucmdbuf->uscsi_status) {
20270 		case STATUS_RESERVATION_CONFLICT:
20271 			status = EACCES;
20272 			break;
20273 		default:
20274 			break;
20275 		}
20276 		break;
20277 	default:
20278 		break;
20279 	}
20280 
20281 	if (status == 0) {
20282 		SD_DUMP_MEMORY(un, SD_LOG_IO,
20283 		    "sd_send_scsi_feature_GET_CONFIGURATION: data",
20284 		    (uchar_t *)bufaddr, SD_PROFILE_HEADER_LEN, SD_LOG_HEX);
20285 	}
20286 
20287 	SD_TRACE(SD_LOG_IO, un,
20288 	    "sd_send_scsi_feature_GET_CONFIGURATION: exit\n");
20289 
20290 	return (status);
20291 }
20292 
20293 
20294 /*
20295  *    Function: sd_send_scsi_MODE_SENSE
20296  *
20297  * Description: Utility function for issuing a scsi MODE SENSE command.
20298  *		Note: This routine uses a consistent implementation for Group0,
20299  *		Group1, and Group2 commands across all platforms. ATAPI devices
20300  *		use Group 1 Read/Write commands and Group 2 Mode Sense/Select
20301  *
20302  *   Arguments: un - pointer to the softstate struct for the target.
20303  *		cdbsize - size CDB to be used (CDB_GROUP0 (6 byte), or
20304  *			  CDB_GROUP[1|2] (10 byte).
20305  *		bufaddr - buffer for page data retrieved from the target.
20306  *		buflen - size of page to be retrieved.
20307  *		page_code - page code of data to be retrieved from the target.
20308  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20309  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20310  *			to use the USCSI "direct" chain and bypass the normal
20311  *			command waitq.
20312  *
20313  * Return Code: 0   - Success
20314  *		errno return code from sd_send_scsi_cmd()
20315  *
20316  *     Context: Can sleep. Does not return until command is completed.
20317  */
20318 
20319 static int
20320 sd_send_scsi_MODE_SENSE(struct sd_lun *un, int cdbsize, uchar_t *bufaddr,
20321 	size_t buflen,  uchar_t page_code, int path_flag)
20322 {
20323 	struct	scsi_extended_sense	sense_buf;
20324 	union scsi_cdb		cdb;
20325 	struct uscsi_cmd	ucmd_buf;
20326 	int			status;
20327 	int			headlen;
20328 
20329 	ASSERT(un != NULL);
20330 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20331 	ASSERT(bufaddr != NULL);
20332 	ASSERT((cdbsize == CDB_GROUP0) || (cdbsize == CDB_GROUP1) ||
20333 	    (cdbsize == CDB_GROUP2));
20334 
20335 	SD_TRACE(SD_LOG_IO, un,
20336 	    "sd_send_scsi_MODE_SENSE: entry: un:0x%p\n", un);
20337 
20338 	bzero(&cdb, sizeof (cdb));
20339 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20340 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20341 	bzero(bufaddr, buflen);
20342 
20343 	if (cdbsize == CDB_GROUP0) {
20344 		cdb.scc_cmd = SCMD_MODE_SENSE;
20345 		cdb.cdb_opaque[2] = page_code;
20346 		FORMG0COUNT(&cdb, buflen);
20347 		headlen = MODE_HEADER_LENGTH;
20348 	} else {
20349 		cdb.scc_cmd = SCMD_MODE_SENSE_G1;
20350 		cdb.cdb_opaque[2] = page_code;
20351 		FORMG1COUNT(&cdb, buflen);
20352 		headlen = MODE_HEADER_LENGTH_GRP2;
20353 	}
20354 
20355 	ASSERT(headlen <= buflen);
20356 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20357 
20358 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20359 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20360 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20361 	ucmd_buf.uscsi_buflen	= buflen;
20362 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20363 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20364 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
20365 	ucmd_buf.uscsi_timeout	= 60;
20366 
20367 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20368 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20369 
20370 	switch (status) {
20371 	case 0:
20372 		/*
20373 		 * sr_check_wp() uses 0x3f page code and check the header of
20374 		 * mode page to determine if target device is write-protected.
20375 		 * But some USB devices return 0 bytes for 0x3f page code. For
20376 		 * this case, make sure that mode page header is returned at
20377 		 * least.
20378 		 */
20379 		if (buflen - ucmd_buf.uscsi_resid <  headlen)
20380 			status = EIO;
20381 		break;	/* Success! */
20382 	case EIO:
20383 		switch (ucmd_buf.uscsi_status) {
20384 		case STATUS_RESERVATION_CONFLICT:
20385 			status = EACCES;
20386 			break;
20387 		default:
20388 			break;
20389 		}
20390 		break;
20391 	default:
20392 		break;
20393 	}
20394 
20395 	if (status == 0) {
20396 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_MODE_SENSE: data",
20397 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20398 	}
20399 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_MODE_SENSE: exit\n");
20400 
20401 	return (status);
20402 }
20403 
20404 
20405 /*
20406  *    Function: sd_send_scsi_MODE_SELECT
20407  *
20408  * Description: Utility function for issuing a scsi MODE SELECT command.
20409  *		Note: This routine uses a consistent implementation for Group0,
20410  *		Group1, and Group2 commands across all platforms. ATAPI devices
20411  *		use Group 1 Read/Write commands and Group 2 Mode Sense/Select
20412  *
20413  *   Arguments: un - pointer to the softstate struct for the target.
20414  *		cdbsize - size CDB to be used (CDB_GROUP0 (6 byte), or
20415  *			  CDB_GROUP[1|2] (10 byte).
20416  *		bufaddr - buffer for page data retrieved from the target.
20417  *		buflen - size of page to be retrieved.
20418  *		save_page - boolean to determin if SP bit should be set.
20419  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20420  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20421  *			to use the USCSI "direct" chain and bypass the normal
20422  *			command waitq.
20423  *
20424  * Return Code: 0   - Success
20425  *		errno return code from sd_send_scsi_cmd()
20426  *
20427  *     Context: Can sleep. Does not return until command is completed.
20428  */
20429 
20430 static int
20431 sd_send_scsi_MODE_SELECT(struct sd_lun *un, int cdbsize, uchar_t *bufaddr,
20432 	size_t buflen,  uchar_t save_page, int path_flag)
20433 {
20434 	struct	scsi_extended_sense	sense_buf;
20435 	union scsi_cdb		cdb;
20436 	struct uscsi_cmd	ucmd_buf;
20437 	int			status;
20438 
20439 	ASSERT(un != NULL);
20440 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20441 	ASSERT(bufaddr != NULL);
20442 	ASSERT((cdbsize == CDB_GROUP0) || (cdbsize == CDB_GROUP1) ||
20443 	    (cdbsize == CDB_GROUP2));
20444 
20445 	SD_TRACE(SD_LOG_IO, un,
20446 	    "sd_send_scsi_MODE_SELECT: entry: un:0x%p\n", un);
20447 
20448 	bzero(&cdb, sizeof (cdb));
20449 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20450 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20451 
20452 	/* Set the PF bit for many third party drives */
20453 	cdb.cdb_opaque[1] = 0x10;
20454 
20455 	/* Set the savepage(SP) bit if given */
20456 	if (save_page == SD_SAVE_PAGE) {
20457 		cdb.cdb_opaque[1] |= 0x01;
20458 	}
20459 
20460 	if (cdbsize == CDB_GROUP0) {
20461 		cdb.scc_cmd = SCMD_MODE_SELECT;
20462 		FORMG0COUNT(&cdb, buflen);
20463 	} else {
20464 		cdb.scc_cmd = SCMD_MODE_SELECT_G1;
20465 		FORMG1COUNT(&cdb, buflen);
20466 	}
20467 
20468 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20469 
20470 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20471 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20472 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20473 	ucmd_buf.uscsi_buflen	= buflen;
20474 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20475 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20476 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_WRITE | USCSI_SILENT;
20477 	ucmd_buf.uscsi_timeout	= 60;
20478 
20479 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20480 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20481 
20482 	switch (status) {
20483 	case 0:
20484 		break;	/* Success! */
20485 	case EIO:
20486 		switch (ucmd_buf.uscsi_status) {
20487 		case STATUS_RESERVATION_CONFLICT:
20488 			status = EACCES;
20489 			break;
20490 		default:
20491 			break;
20492 		}
20493 		break;
20494 	default:
20495 		break;
20496 	}
20497 
20498 	if (status == 0) {
20499 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_MODE_SELECT: data",
20500 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20501 	}
20502 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_MODE_SELECT: exit\n");
20503 
20504 	return (status);
20505 }
20506 
20507 
20508 /*
20509  *    Function: sd_send_scsi_RDWR
20510  *
20511  * Description: Issue a scsi READ or WRITE command with the given parameters.
20512  *
20513  *   Arguments: un:      Pointer to the sd_lun struct for the target.
20514  *		cmd:	 SCMD_READ or SCMD_WRITE
20515  *		bufaddr: Address of caller's buffer to receive the RDWR data
20516  *		buflen:  Length of caller's buffer receive the RDWR data.
20517  *		start_block: Block number for the start of the RDWR operation.
20518  *			 (Assumes target-native block size.)
20519  *		residp:  Pointer to variable to receive the redisual of the
20520  *			 RDWR operation (may be NULL of no residual requested).
20521  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20522  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20523  *			to use the USCSI "direct" chain and bypass the normal
20524  *			command waitq.
20525  *
20526  * Return Code: 0   - Success
20527  *		errno return code from sd_send_scsi_cmd()
20528  *
20529  *     Context: Can sleep. Does not return until command is completed.
20530  */
20531 
20532 static int
20533 sd_send_scsi_RDWR(struct sd_lun *un, uchar_t cmd, void *bufaddr,
20534 	size_t buflen, daddr_t start_block, int path_flag)
20535 {
20536 	struct	scsi_extended_sense	sense_buf;
20537 	union scsi_cdb		cdb;
20538 	struct uscsi_cmd	ucmd_buf;
20539 	uint32_t		block_count;
20540 	int			status;
20541 	int			cdbsize;
20542 	uchar_t			flag;
20543 
20544 	ASSERT(un != NULL);
20545 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20546 	ASSERT(bufaddr != NULL);
20547 	ASSERT((cmd == SCMD_READ) || (cmd == SCMD_WRITE));
20548 
20549 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_RDWR: entry: un:0x%p\n", un);
20550 
20551 	if (un->un_f_tgt_blocksize_is_valid != TRUE) {
20552 		return (EINVAL);
20553 	}
20554 
20555 	mutex_enter(SD_MUTEX(un));
20556 	block_count = SD_BYTES2TGTBLOCKS(un, buflen);
20557 	mutex_exit(SD_MUTEX(un));
20558 
20559 	flag = (cmd == SCMD_READ) ? USCSI_READ : USCSI_WRITE;
20560 
20561 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_RDWR: "
20562 	    "bufaddr:0x%p buflen:0x%x start_block:0x%p block_count:0x%x\n",
20563 	    bufaddr, buflen, start_block, block_count);
20564 
20565 	bzero(&cdb, sizeof (cdb));
20566 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20567 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20568 
20569 	/* Compute CDB size to use */
20570 	if (start_block > 0xffffffff)
20571 		cdbsize = CDB_GROUP4;
20572 	else if ((start_block & 0xFFE00000) ||
20573 	    (un->un_f_cfg_is_atapi == TRUE))
20574 		cdbsize = CDB_GROUP1;
20575 	else
20576 		cdbsize = CDB_GROUP0;
20577 
20578 	switch (cdbsize) {
20579 	case CDB_GROUP0:	/* 6-byte CDBs */
20580 		cdb.scc_cmd = cmd;
20581 		FORMG0ADDR(&cdb, start_block);
20582 		FORMG0COUNT(&cdb, block_count);
20583 		break;
20584 	case CDB_GROUP1:	/* 10-byte CDBs */
20585 		cdb.scc_cmd = cmd | SCMD_GROUP1;
20586 		FORMG1ADDR(&cdb, start_block);
20587 		FORMG1COUNT(&cdb, block_count);
20588 		break;
20589 	case CDB_GROUP4:	/* 16-byte CDBs */
20590 		cdb.scc_cmd = cmd | SCMD_GROUP4;
20591 		FORMG4LONGADDR(&cdb, (uint64_t)start_block);
20592 		FORMG4COUNT(&cdb, block_count);
20593 		break;
20594 	case CDB_GROUP5:	/* 12-byte CDBs (currently unsupported) */
20595 	default:
20596 		/* All others reserved */
20597 		return (EINVAL);
20598 	}
20599 
20600 	/* Set LUN bit(s) in CDB if this is a SCSI-1 device */
20601 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20602 
20603 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20604 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20605 	ucmd_buf.uscsi_bufaddr	= bufaddr;
20606 	ucmd_buf.uscsi_buflen	= buflen;
20607 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20608 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20609 	ucmd_buf.uscsi_flags	= flag | USCSI_RQENABLE | USCSI_SILENT;
20610 	ucmd_buf.uscsi_timeout	= 60;
20611 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20612 				UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20613 	switch (status) {
20614 	case 0:
20615 		break;	/* Success! */
20616 	case EIO:
20617 		switch (ucmd_buf.uscsi_status) {
20618 		case STATUS_RESERVATION_CONFLICT:
20619 			status = EACCES;
20620 			break;
20621 		default:
20622 			break;
20623 		}
20624 		break;
20625 	default:
20626 		break;
20627 	}
20628 
20629 	if (status == 0) {
20630 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_RDWR: data",
20631 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20632 	}
20633 
20634 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_RDWR: exit\n");
20635 
20636 	return (status);
20637 }
20638 
20639 
20640 /*
20641  *    Function: sd_send_scsi_LOG_SENSE
20642  *
20643  * Description: Issue a scsi LOG_SENSE command with the given parameters.
20644  *
20645  *   Arguments: un:      Pointer to the sd_lun struct for the target.
20646  *
20647  * Return Code: 0   - Success
20648  *		errno return code from sd_send_scsi_cmd()
20649  *
20650  *     Context: Can sleep. Does not return until command is completed.
20651  */
20652 
20653 static int
20654 sd_send_scsi_LOG_SENSE(struct sd_lun *un, uchar_t *bufaddr, uint16_t buflen,
20655 	uchar_t page_code, uchar_t page_control, uint16_t param_ptr,
20656 	int path_flag)
20657 
20658 {
20659 	struct	scsi_extended_sense	sense_buf;
20660 	union scsi_cdb		cdb;
20661 	struct uscsi_cmd	ucmd_buf;
20662 	int			status;
20663 
20664 	ASSERT(un != NULL);
20665 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20666 
20667 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_LOG_SENSE: entry: un:0x%p\n", un);
20668 
20669 	bzero(&cdb, sizeof (cdb));
20670 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20671 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20672 
20673 	cdb.scc_cmd = SCMD_LOG_SENSE_G1;
20674 	cdb.cdb_opaque[2] = (page_control << 6) | page_code;
20675 	cdb.cdb_opaque[5] = (uchar_t)((param_ptr & 0xFF00) >> 8);
20676 	cdb.cdb_opaque[6] = (uchar_t)(param_ptr  & 0x00FF);
20677 	FORMG1COUNT(&cdb, buflen);
20678 
20679 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20680 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
20681 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20682 	ucmd_buf.uscsi_buflen	= buflen;
20683 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20684 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20685 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
20686 	ucmd_buf.uscsi_timeout	= 60;
20687 
20688 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20689 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20690 
20691 	switch (status) {
20692 	case 0:
20693 		break;
20694 	case EIO:
20695 		switch (ucmd_buf.uscsi_status) {
20696 		case STATUS_RESERVATION_CONFLICT:
20697 			status = EACCES;
20698 			break;
20699 		case STATUS_CHECK:
20700 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
20701 			    (scsi_sense_key((uint8_t *)&sense_buf) ==
20702 				KEY_ILLEGAL_REQUEST) &&
20703 			    (scsi_sense_asc((uint8_t *)&sense_buf) == 0x24)) {
20704 				/*
20705 				 * ASC 0x24: INVALID FIELD IN CDB
20706 				 */
20707 				switch (page_code) {
20708 				case START_STOP_CYCLE_PAGE:
20709 					/*
20710 					 * The start stop cycle counter is
20711 					 * implemented as page 0x31 in earlier
20712 					 * generation disks. In new generation
20713 					 * disks the start stop cycle counter is
20714 					 * implemented as page 0xE. To properly
20715 					 * handle this case if an attempt for
20716 					 * log page 0xE is made and fails we
20717 					 * will try again using page 0x31.
20718 					 *
20719 					 * Network storage BU committed to
20720 					 * maintain the page 0x31 for this
20721 					 * purpose and will not have any other
20722 					 * page implemented with page code 0x31
20723 					 * until all disks transition to the
20724 					 * standard page.
20725 					 */
20726 					mutex_enter(SD_MUTEX(un));
20727 					un->un_start_stop_cycle_page =
20728 					    START_STOP_CYCLE_VU_PAGE;
20729 					cdb.cdb_opaque[2] =
20730 					    (char)(page_control << 6) |
20731 					    un->un_start_stop_cycle_page;
20732 					mutex_exit(SD_MUTEX(un));
20733 					status = sd_send_scsi_cmd(
20734 					    SD_GET_DEV(un), &ucmd_buf,
20735 					    UIO_SYSSPACE, UIO_SYSSPACE,
20736 					    UIO_SYSSPACE, path_flag);
20737 
20738 					break;
20739 				case TEMPERATURE_PAGE:
20740 					status = ENOTTY;
20741 					break;
20742 				default:
20743 					break;
20744 				}
20745 			}
20746 			break;
20747 		default:
20748 			break;
20749 		}
20750 		break;
20751 	default:
20752 		break;
20753 	}
20754 
20755 	if (status == 0) {
20756 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_LOG_SENSE: data",
20757 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20758 	}
20759 
20760 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_LOG_SENSE: exit\n");
20761 
20762 	return (status);
20763 }
20764 
20765 
20766 /*
20767  *    Function: sdioctl
20768  *
20769  * Description: Driver's ioctl(9e) entry point function.
20770  *
20771  *   Arguments: dev     - device number
20772  *		cmd     - ioctl operation to be performed
20773  *		arg     - user argument, contains data to be set or reference
20774  *			  parameter for get
20775  *		flag    - bit flag, indicating open settings, 32/64 bit type
20776  *		cred_p  - user credential pointer
20777  *		rval_p  - calling process return value (OPT)
20778  *
20779  * Return Code: EINVAL
20780  *		ENOTTY
20781  *		ENXIO
20782  *		EIO
20783  *		EFAULT
20784  *		ENOTSUP
20785  *		EPERM
20786  *
20787  *     Context: Called from the device switch at normal priority.
20788  */
20789 
20790 static int
20791 sdioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cred_p, int *rval_p)
20792 {
20793 	struct sd_lun	*un = NULL;
20794 	int		geom_validated = FALSE;
20795 	int		err = 0;
20796 	int		i = 0;
20797 	cred_t		*cr;
20798 
20799 	/*
20800 	 * All device accesses go thru sdstrategy where we check on suspend
20801 	 * status
20802 	 */
20803 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
20804 		return (ENXIO);
20805 	}
20806 
20807 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20808 
20809 	/*
20810 	 * Moved this wait from sd_uscsi_strategy to here for
20811 	 * reasons of deadlock prevention. Internal driver commands,
20812 	 * specifically those to change a devices power level, result
20813 	 * in a call to sd_uscsi_strategy.
20814 	 */
20815 	mutex_enter(SD_MUTEX(un));
20816 	while ((un->un_state == SD_STATE_SUSPENDED) ||
20817 	    (un->un_state == SD_STATE_PM_CHANGING)) {
20818 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
20819 	}
20820 	/*
20821 	 * Twiddling the counter here protects commands from now
20822 	 * through to the top of sd_uscsi_strategy. Without the
20823 	 * counter inc. a power down, for example, could get in
20824 	 * after the above check for state is made and before
20825 	 * execution gets to the top of sd_uscsi_strategy.
20826 	 * That would cause problems.
20827 	 */
20828 	un->un_ncmds_in_driver++;
20829 
20830 	if ((un->un_f_geometry_is_valid == FALSE) &&
20831 	    (flag & (FNDELAY | FNONBLOCK))) {
20832 		switch (cmd) {
20833 		case CDROMPAUSE:
20834 		case CDROMRESUME:
20835 		case CDROMPLAYMSF:
20836 		case CDROMPLAYTRKIND:
20837 		case CDROMREADTOCHDR:
20838 		case CDROMREADTOCENTRY:
20839 		case CDROMSTOP:
20840 		case CDROMSTART:
20841 		case CDROMVOLCTRL:
20842 		case CDROMSUBCHNL:
20843 		case CDROMREADMODE2:
20844 		case CDROMREADMODE1:
20845 		case CDROMREADOFFSET:
20846 		case CDROMSBLKMODE:
20847 		case CDROMGBLKMODE:
20848 		case CDROMGDRVSPEED:
20849 		case CDROMSDRVSPEED:
20850 		case CDROMCDDA:
20851 		case CDROMCDXA:
20852 		case CDROMSUBCODE:
20853 			if (!ISCD(un)) {
20854 				un->un_ncmds_in_driver--;
20855 				ASSERT(un->un_ncmds_in_driver >= 0);
20856 				mutex_exit(SD_MUTEX(un));
20857 				return (ENOTTY);
20858 			}
20859 			break;
20860 		case FDEJECT:
20861 		case DKIOCEJECT:
20862 		case CDROMEJECT:
20863 			if (!un->un_f_eject_media_supported) {
20864 				un->un_ncmds_in_driver--;
20865 				ASSERT(un->un_ncmds_in_driver >= 0);
20866 				mutex_exit(SD_MUTEX(un));
20867 				return (ENOTTY);
20868 			}
20869 			break;
20870 		case DKIOCSVTOC:
20871 		case DKIOCSETEFI:
20872 		case DKIOCSMBOOT:
20873 		case DKIOCFLUSHWRITECACHE:
20874 			mutex_exit(SD_MUTEX(un));
20875 			err = sd_send_scsi_TEST_UNIT_READY(un, 0);
20876 			if (err != 0) {
20877 				mutex_enter(SD_MUTEX(un));
20878 				un->un_ncmds_in_driver--;
20879 				ASSERT(un->un_ncmds_in_driver >= 0);
20880 				mutex_exit(SD_MUTEX(un));
20881 				return (EIO);
20882 			}
20883 			mutex_enter(SD_MUTEX(un));
20884 			/* FALLTHROUGH */
20885 		case DKIOCREMOVABLE:
20886 		case DKIOCHOTPLUGGABLE:
20887 		case DKIOCINFO:
20888 		case DKIOCGMEDIAINFO:
20889 		case MHIOCENFAILFAST:
20890 		case MHIOCSTATUS:
20891 		case MHIOCTKOWN:
20892 		case MHIOCRELEASE:
20893 		case MHIOCGRP_INKEYS:
20894 		case MHIOCGRP_INRESV:
20895 		case MHIOCGRP_REGISTER:
20896 		case MHIOCGRP_RESERVE:
20897 		case MHIOCGRP_PREEMPTANDABORT:
20898 		case MHIOCGRP_REGISTERANDIGNOREKEY:
20899 		case CDROMCLOSETRAY:
20900 		case USCSICMD:
20901 			goto skip_ready_valid;
20902 		default:
20903 			break;
20904 		}
20905 
20906 		mutex_exit(SD_MUTEX(un));
20907 		err = sd_ready_and_valid(un);
20908 		mutex_enter(SD_MUTEX(un));
20909 		if (err == SD_READY_NOT_VALID) {
20910 			switch (cmd) {
20911 			case DKIOCGAPART:
20912 			case DKIOCGGEOM:
20913 			case DKIOCSGEOM:
20914 			case DKIOCGVTOC:
20915 			case DKIOCSVTOC:
20916 			case DKIOCSAPART:
20917 			case DKIOCG_PHYGEOM:
20918 			case DKIOCG_VIRTGEOM:
20919 				err = ENOTSUP;
20920 				un->un_ncmds_in_driver--;
20921 				ASSERT(un->un_ncmds_in_driver >= 0);
20922 				mutex_exit(SD_MUTEX(un));
20923 				return (err);
20924 			}
20925 		}
20926 		if (err != SD_READY_VALID) {
20927 			switch (cmd) {
20928 			case DKIOCSTATE:
20929 			case CDROMGDRVSPEED:
20930 			case CDROMSDRVSPEED:
20931 			case FDEJECT:	/* for eject command */
20932 			case DKIOCEJECT:
20933 			case CDROMEJECT:
20934 			case DKIOCGETEFI:
20935 			case DKIOCSGEOM:
20936 			case DKIOCREMOVABLE:
20937 			case DKIOCHOTPLUGGABLE:
20938 			case DKIOCSAPART:
20939 			case DKIOCSETEFI:
20940 				break;
20941 			default:
20942 				if (un->un_f_has_removable_media) {
20943 					err = ENXIO;
20944 				} else {
20945 					/* Do not map EACCES to EIO */
20946 					if (err != EACCES)
20947 						err = EIO;
20948 				}
20949 				un->un_ncmds_in_driver--;
20950 				ASSERT(un->un_ncmds_in_driver >= 0);
20951 				mutex_exit(SD_MUTEX(un));
20952 				return (err);
20953 			}
20954 		}
20955 		geom_validated = TRUE;
20956 	}
20957 	if ((un->un_f_geometry_is_valid == TRUE) &&
20958 	    (un->un_solaris_size > 0)) {
20959 		/*
20960 		 * the "geometry_is_valid" flag could be true if we
20961 		 * have an fdisk table but no Solaris partition
20962 		 */
20963 		if (un->un_vtoc.v_sanity != VTOC_SANE) {
20964 			/* it is EFI, so return ENOTSUP for these */
20965 			switch (cmd) {
20966 			case DKIOCGAPART:
20967 			case DKIOCGGEOM:
20968 			case DKIOCGVTOC:
20969 			case DKIOCSVTOC:
20970 			case DKIOCSAPART:
20971 				err = ENOTSUP;
20972 				un->un_ncmds_in_driver--;
20973 				ASSERT(un->un_ncmds_in_driver >= 0);
20974 				mutex_exit(SD_MUTEX(un));
20975 				return (err);
20976 			}
20977 		}
20978 	}
20979 
20980 skip_ready_valid:
20981 	mutex_exit(SD_MUTEX(un));
20982 
20983 	switch (cmd) {
20984 	case DKIOCINFO:
20985 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCINFO\n");
20986 		err = sd_dkio_ctrl_info(dev, (caddr_t)arg, flag);
20987 		break;
20988 
20989 	case DKIOCGMEDIAINFO:
20990 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGMEDIAINFO\n");
20991 		err = sd_get_media_info(dev, (caddr_t)arg, flag);
20992 		break;
20993 
20994 	case DKIOCGGEOM:
20995 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGGEOM\n");
20996 		err = sd_dkio_get_geometry(dev, (caddr_t)arg, flag,
20997 		    geom_validated);
20998 		break;
20999 
21000 	case DKIOCSGEOM:
21001 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSGEOM\n");
21002 		err = sd_dkio_set_geometry(dev, (caddr_t)arg, flag);
21003 		break;
21004 
21005 	case DKIOCGAPART:
21006 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGAPART\n");
21007 		err = sd_dkio_get_partition(dev, (caddr_t)arg, flag,
21008 		    geom_validated);
21009 		break;
21010 
21011 	case DKIOCSAPART:
21012 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSAPART\n");
21013 		err = sd_dkio_set_partition(dev, (caddr_t)arg, flag);
21014 		break;
21015 
21016 	case DKIOCGVTOC:
21017 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGVTOC\n");
21018 		err = sd_dkio_get_vtoc(dev, (caddr_t)arg, flag,
21019 		    geom_validated);
21020 		break;
21021 
21022 	case DKIOCGETEFI:
21023 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGETEFI\n");
21024 		err = sd_dkio_get_efi(dev, (caddr_t)arg, flag);
21025 		break;
21026 
21027 	case DKIOCPARTITION:
21028 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTITION\n");
21029 		err = sd_dkio_partition(dev, (caddr_t)arg, flag);
21030 		break;
21031 
21032 	case DKIOCSVTOC:
21033 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSVTOC\n");
21034 		err = sd_dkio_set_vtoc(dev, (caddr_t)arg, flag);
21035 		break;
21036 
21037 	case DKIOCSETEFI:
21038 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSETEFI\n");
21039 		err = sd_dkio_set_efi(dev, (caddr_t)arg, flag);
21040 		break;
21041 
21042 	case DKIOCGMBOOT:
21043 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGMBOOT\n");
21044 		err = sd_dkio_get_mboot(dev, (caddr_t)arg, flag);
21045 		break;
21046 
21047 	case DKIOCSMBOOT:
21048 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSMBOOT\n");
21049 		err = sd_dkio_set_mboot(dev, (caddr_t)arg, flag);
21050 		break;
21051 
21052 	case DKIOCLOCK:
21053 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCLOCK\n");
21054 		err = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
21055 		    SD_PATH_STANDARD);
21056 		break;
21057 
21058 	case DKIOCUNLOCK:
21059 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCUNLOCK\n");
21060 		err = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_ALLOW,
21061 		    SD_PATH_STANDARD);
21062 		break;
21063 
21064 	case DKIOCSTATE: {
21065 		enum dkio_state		state;
21066 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSTATE\n");
21067 
21068 		if (ddi_copyin((void *)arg, &state, sizeof (int), flag) != 0) {
21069 			err = EFAULT;
21070 		} else {
21071 			err = sd_check_media(dev, state);
21072 			if (err == 0) {
21073 				if (ddi_copyout(&un->un_mediastate, (void *)arg,
21074 				    sizeof (int), flag) != 0)
21075 					err = EFAULT;
21076 			}
21077 		}
21078 		break;
21079 	}
21080 
21081 	case DKIOCREMOVABLE:
21082 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCREMOVABLE\n");
21083 		/*
21084 		 * At present, vold only does automount for removable-media
21085 		 * devices, in order not to break current applications, we
21086 		 * still let hopluggable devices pretend to be removable media
21087 		 * devices for vold. In the near future, once vold is EOL'ed,
21088 		 * we should remove this workaround.
21089 		 */
21090 		if (un->un_f_has_removable_media || un->un_f_is_hotpluggable) {
21091 			i = 1;
21092 		} else {
21093 			i = 0;
21094 		}
21095 		if (ddi_copyout(&i, (void *)arg, sizeof (int), flag) != 0) {
21096 			err = EFAULT;
21097 		} else {
21098 			err = 0;
21099 		}
21100 		break;
21101 
21102 	case DKIOCHOTPLUGGABLE:
21103 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCHOTPLUGGABLE\n");
21104 		if (un->un_f_is_hotpluggable) {
21105 			i = 1;
21106 		} else {
21107 			i = 0;
21108 		}
21109 		if (ddi_copyout(&i, (void *)arg, sizeof (int), flag) != 0) {
21110 			err = EFAULT;
21111 		} else {
21112 			err = 0;
21113 		}
21114 		break;
21115 
21116 	case DKIOCGTEMPERATURE:
21117 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGTEMPERATURE\n");
21118 		err = sd_dkio_get_temp(dev, (caddr_t)arg, flag);
21119 		break;
21120 
21121 	case MHIOCENFAILFAST:
21122 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCENFAILFAST\n");
21123 		if ((err = drv_priv(cred_p)) == 0) {
21124 			err = sd_mhdioc_failfast(dev, (caddr_t)arg, flag);
21125 		}
21126 		break;
21127 
21128 	case MHIOCTKOWN:
21129 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCTKOWN\n");
21130 		if ((err = drv_priv(cred_p)) == 0) {
21131 			err = sd_mhdioc_takeown(dev, (caddr_t)arg, flag);
21132 		}
21133 		break;
21134 
21135 	case MHIOCRELEASE:
21136 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCRELEASE\n");
21137 		if ((err = drv_priv(cred_p)) == 0) {
21138 			err = sd_mhdioc_release(dev);
21139 		}
21140 		break;
21141 
21142 	case MHIOCSTATUS:
21143 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCSTATUS\n");
21144 		if ((err = drv_priv(cred_p)) == 0) {
21145 			switch (sd_send_scsi_TEST_UNIT_READY(un, 0)) {
21146 			case 0:
21147 				err = 0;
21148 				break;
21149 			case EACCES:
21150 				*rval_p = 1;
21151 				err = 0;
21152 				break;
21153 			default:
21154 				err = EIO;
21155 				break;
21156 			}
21157 		}
21158 		break;
21159 
21160 	case MHIOCQRESERVE:
21161 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCQRESERVE\n");
21162 		if ((err = drv_priv(cred_p)) == 0) {
21163 			err = sd_reserve_release(dev, SD_RESERVE);
21164 		}
21165 		break;
21166 
21167 	case MHIOCREREGISTERDEVID:
21168 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCREREGISTERDEVID\n");
21169 		if (drv_priv(cred_p) == EPERM) {
21170 			err = EPERM;
21171 		} else if (!un->un_f_devid_supported) {
21172 			err = ENOTTY;
21173 		} else {
21174 			err = sd_mhdioc_register_devid(dev);
21175 		}
21176 		break;
21177 
21178 	case MHIOCGRP_INKEYS:
21179 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_INKEYS\n");
21180 		if (((err = drv_priv(cred_p)) != EPERM) && arg != NULL) {
21181 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21182 				err = ENOTSUP;
21183 			} else {
21184 				err = sd_mhdioc_inkeys(dev, (caddr_t)arg,
21185 				    flag);
21186 			}
21187 		}
21188 		break;
21189 
21190 	case MHIOCGRP_INRESV:
21191 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_INRESV\n");
21192 		if (((err = drv_priv(cred_p)) != EPERM) && arg != NULL) {
21193 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21194 				err = ENOTSUP;
21195 			} else {
21196 				err = sd_mhdioc_inresv(dev, (caddr_t)arg, flag);
21197 			}
21198 		}
21199 		break;
21200 
21201 	case MHIOCGRP_REGISTER:
21202 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_REGISTER\n");
21203 		if ((err = drv_priv(cred_p)) != EPERM) {
21204 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21205 				err = ENOTSUP;
21206 			} else if (arg != NULL) {
21207 				mhioc_register_t reg;
21208 				if (ddi_copyin((void *)arg, &reg,
21209 				    sizeof (mhioc_register_t), flag) != 0) {
21210 					err = EFAULT;
21211 				} else {
21212 					err =
21213 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21214 					    un, SD_SCSI3_REGISTER,
21215 					    (uchar_t *)&reg);
21216 				}
21217 			}
21218 		}
21219 		break;
21220 
21221 	case MHIOCGRP_RESERVE:
21222 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_RESERVE\n");
21223 		if ((err = drv_priv(cred_p)) != EPERM) {
21224 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21225 				err = ENOTSUP;
21226 			} else if (arg != NULL) {
21227 				mhioc_resv_desc_t resv_desc;
21228 				if (ddi_copyin((void *)arg, &resv_desc,
21229 				    sizeof (mhioc_resv_desc_t), flag) != 0) {
21230 					err = EFAULT;
21231 				} else {
21232 					err =
21233 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21234 					    un, SD_SCSI3_RESERVE,
21235 					    (uchar_t *)&resv_desc);
21236 				}
21237 			}
21238 		}
21239 		break;
21240 
21241 	case MHIOCGRP_PREEMPTANDABORT:
21242 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_PREEMPTANDABORT\n");
21243 		if ((err = drv_priv(cred_p)) != EPERM) {
21244 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21245 				err = ENOTSUP;
21246 			} else if (arg != NULL) {
21247 				mhioc_preemptandabort_t preempt_abort;
21248 				if (ddi_copyin((void *)arg, &preempt_abort,
21249 				    sizeof (mhioc_preemptandabort_t),
21250 				    flag) != 0) {
21251 					err = EFAULT;
21252 				} else {
21253 					err =
21254 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21255 					    un, SD_SCSI3_PREEMPTANDABORT,
21256 					    (uchar_t *)&preempt_abort);
21257 				}
21258 			}
21259 		}
21260 		break;
21261 
21262 	case MHIOCGRP_REGISTERANDIGNOREKEY:
21263 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_PREEMPTANDABORT\n");
21264 		if ((err = drv_priv(cred_p)) != EPERM) {
21265 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21266 				err = ENOTSUP;
21267 			} else if (arg != NULL) {
21268 				mhioc_registerandignorekey_t r_and_i;
21269 				if (ddi_copyin((void *)arg, (void *)&r_and_i,
21270 				    sizeof (mhioc_registerandignorekey_t),
21271 				    flag) != 0) {
21272 					err = EFAULT;
21273 				} else {
21274 					err =
21275 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21276 					    un, SD_SCSI3_REGISTERANDIGNOREKEY,
21277 					    (uchar_t *)&r_and_i);
21278 				}
21279 			}
21280 		}
21281 		break;
21282 
21283 	case USCSICMD:
21284 		SD_TRACE(SD_LOG_IOCTL, un, "USCSICMD\n");
21285 		cr = ddi_get_cred();
21286 		if ((drv_priv(cred_p) != 0) && (drv_priv(cr) != 0)) {
21287 			err = EPERM;
21288 		} else {
21289 			err = sd_uscsi_ioctl(dev, (caddr_t)arg, flag);
21290 		}
21291 		break;
21292 
21293 	case CDROMPAUSE:
21294 	case CDROMRESUME:
21295 		SD_TRACE(SD_LOG_IOCTL, un, "PAUSE-RESUME\n");
21296 		if (!ISCD(un)) {
21297 			err = ENOTTY;
21298 		} else {
21299 			err = sr_pause_resume(dev, cmd);
21300 		}
21301 		break;
21302 
21303 	case CDROMPLAYMSF:
21304 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMPLAYMSF\n");
21305 		if (!ISCD(un)) {
21306 			err = ENOTTY;
21307 		} else {
21308 			err = sr_play_msf(dev, (caddr_t)arg, flag);
21309 		}
21310 		break;
21311 
21312 	case CDROMPLAYTRKIND:
21313 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMPLAYTRKIND\n");
21314 #if defined(__i386) || defined(__amd64)
21315 		/*
21316 		 * not supported on ATAPI CD drives, use CDROMPLAYMSF instead
21317 		 */
21318 		if (!ISCD(un) || (un->un_f_cfg_is_atapi == TRUE)) {
21319 #else
21320 		if (!ISCD(un)) {
21321 #endif
21322 			err = ENOTTY;
21323 		} else {
21324 			err = sr_play_trkind(dev, (caddr_t)arg, flag);
21325 		}
21326 		break;
21327 
21328 	case CDROMREADTOCHDR:
21329 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADTOCHDR\n");
21330 		if (!ISCD(un)) {
21331 			err = ENOTTY;
21332 		} else {
21333 			err = sr_read_tochdr(dev, (caddr_t)arg, flag);
21334 		}
21335 		break;
21336 
21337 	case CDROMREADTOCENTRY:
21338 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADTOCENTRY\n");
21339 		if (!ISCD(un)) {
21340 			err = ENOTTY;
21341 		} else {
21342 			err = sr_read_tocentry(dev, (caddr_t)arg, flag);
21343 		}
21344 		break;
21345 
21346 	case CDROMSTOP:
21347 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSTOP\n");
21348 		if (!ISCD(un)) {
21349 			err = ENOTTY;
21350 		} else {
21351 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_STOP,
21352 			    SD_PATH_STANDARD);
21353 		}
21354 		break;
21355 
21356 	case CDROMSTART:
21357 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSTART\n");
21358 		if (!ISCD(un)) {
21359 			err = ENOTTY;
21360 		} else {
21361 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
21362 			    SD_PATH_STANDARD);
21363 		}
21364 		break;
21365 
21366 	case CDROMCLOSETRAY:
21367 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCLOSETRAY\n");
21368 		if (!ISCD(un)) {
21369 			err = ENOTTY;
21370 		} else {
21371 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_CLOSE,
21372 			    SD_PATH_STANDARD);
21373 		}
21374 		break;
21375 
21376 	case FDEJECT:	/* for eject command */
21377 	case DKIOCEJECT:
21378 	case CDROMEJECT:
21379 		SD_TRACE(SD_LOG_IOCTL, un, "EJECT\n");
21380 		if (!un->un_f_eject_media_supported) {
21381 			err = ENOTTY;
21382 		} else {
21383 			err = sr_eject(dev);
21384 		}
21385 		break;
21386 
21387 	case CDROMVOLCTRL:
21388 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMVOLCTRL\n");
21389 		if (!ISCD(un)) {
21390 			err = ENOTTY;
21391 		} else {
21392 			err = sr_volume_ctrl(dev, (caddr_t)arg, flag);
21393 		}
21394 		break;
21395 
21396 	case CDROMSUBCHNL:
21397 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSUBCHNL\n");
21398 		if (!ISCD(un)) {
21399 			err = ENOTTY;
21400 		} else {
21401 			err = sr_read_subchannel(dev, (caddr_t)arg, flag);
21402 		}
21403 		break;
21404 
21405 	case CDROMREADMODE2:
21406 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADMODE2\n");
21407 		if (!ISCD(un)) {
21408 			err = ENOTTY;
21409 		} else if (un->un_f_cfg_is_atapi == TRUE) {
21410 			/*
21411 			 * If the drive supports READ CD, use that instead of
21412 			 * switching the LBA size via a MODE SELECT
21413 			 * Block Descriptor
21414 			 */
21415 			err = sr_read_cd_mode2(dev, (caddr_t)arg, flag);
21416 		} else {
21417 			err = sr_read_mode2(dev, (caddr_t)arg, flag);
21418 		}
21419 		break;
21420 
21421 	case CDROMREADMODE1:
21422 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADMODE1\n");
21423 		if (!ISCD(un)) {
21424 			err = ENOTTY;
21425 		} else {
21426 			err = sr_read_mode1(dev, (caddr_t)arg, flag);
21427 		}
21428 		break;
21429 
21430 	case CDROMREADOFFSET:
21431 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADOFFSET\n");
21432 		if (!ISCD(un)) {
21433 			err = ENOTTY;
21434 		} else {
21435 			err = sr_read_sony_session_offset(dev, (caddr_t)arg,
21436 			    flag);
21437 		}
21438 		break;
21439 
21440 	case CDROMSBLKMODE:
21441 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSBLKMODE\n");
21442 		/*
21443 		 * There is no means of changing block size in case of atapi
21444 		 * drives, thus return ENOTTY if drive type is atapi
21445 		 */
21446 		if (!ISCD(un) || (un->un_f_cfg_is_atapi == TRUE)) {
21447 			err = ENOTTY;
21448 		} else if (un->un_f_mmc_cap == TRUE) {
21449 
21450 			/*
21451 			 * MMC Devices do not support changing the
21452 			 * logical block size
21453 			 *
21454 			 * Note: EINVAL is being returned instead of ENOTTY to
21455 			 * maintain consistancy with the original mmc
21456 			 * driver update.
21457 			 */
21458 			err = EINVAL;
21459 		} else {
21460 			mutex_enter(SD_MUTEX(un));
21461 			if ((!(un->un_exclopen & (1<<SDPART(dev)))) ||
21462 			    (un->un_ncmds_in_transport > 0)) {
21463 				mutex_exit(SD_MUTEX(un));
21464 				err = EINVAL;
21465 			} else {
21466 				mutex_exit(SD_MUTEX(un));
21467 				err = sr_change_blkmode(dev, cmd, arg, flag);
21468 			}
21469 		}
21470 		break;
21471 
21472 	case CDROMGBLKMODE:
21473 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMGBLKMODE\n");
21474 		if (!ISCD(un)) {
21475 			err = ENOTTY;
21476 		} else if ((un->un_f_cfg_is_atapi != FALSE) &&
21477 		    (un->un_f_blockcount_is_valid != FALSE)) {
21478 			/*
21479 			 * Drive is an ATAPI drive so return target block
21480 			 * size for ATAPI drives since we cannot change the
21481 			 * blocksize on ATAPI drives. Used primarily to detect
21482 			 * if an ATAPI cdrom is present.
21483 			 */
21484 			if (ddi_copyout(&un->un_tgt_blocksize, (void *)arg,
21485 			    sizeof (int), flag) != 0) {
21486 				err = EFAULT;
21487 			} else {
21488 				err = 0;
21489 			}
21490 
21491 		} else {
21492 			/*
21493 			 * Drive supports changing block sizes via a Mode
21494 			 * Select.
21495 			 */
21496 			err = sr_change_blkmode(dev, cmd, arg, flag);
21497 		}
21498 		break;
21499 
21500 	case CDROMGDRVSPEED:
21501 	case CDROMSDRVSPEED:
21502 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMXDRVSPEED\n");
21503 		if (!ISCD(un)) {
21504 			err = ENOTTY;
21505 		} else if (un->un_f_mmc_cap == TRUE) {
21506 			/*
21507 			 * Note: In the future the driver implementation
21508 			 * for getting and
21509 			 * setting cd speed should entail:
21510 			 * 1) If non-mmc try the Toshiba mode page
21511 			 *    (sr_change_speed)
21512 			 * 2) If mmc but no support for Real Time Streaming try
21513 			 *    the SET CD SPEED (0xBB) command
21514 			 *   (sr_atapi_change_speed)
21515 			 * 3) If mmc and support for Real Time Streaming
21516 			 *    try the GET PERFORMANCE and SET STREAMING
21517 			 *    commands (not yet implemented, 4380808)
21518 			 */
21519 			/*
21520 			 * As per recent MMC spec, CD-ROM speed is variable
21521 			 * and changes with LBA. Since there is no such
21522 			 * things as drive speed now, fail this ioctl.
21523 			 *
21524 			 * Note: EINVAL is returned for consistancy of original
21525 			 * implementation which included support for getting
21526 			 * the drive speed of mmc devices but not setting
21527 			 * the drive speed. Thus EINVAL would be returned
21528 			 * if a set request was made for an mmc device.
21529 			 * We no longer support get or set speed for
21530 			 * mmc but need to remain consistant with regard
21531 			 * to the error code returned.
21532 			 */
21533 			err = EINVAL;
21534 		} else if (un->un_f_cfg_is_atapi == TRUE) {
21535 			err = sr_atapi_change_speed(dev, cmd, arg, flag);
21536 		} else {
21537 			err = sr_change_speed(dev, cmd, arg, flag);
21538 		}
21539 		break;
21540 
21541 	case CDROMCDDA:
21542 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCDDA\n");
21543 		if (!ISCD(un)) {
21544 			err = ENOTTY;
21545 		} else {
21546 			err = sr_read_cdda(dev, (void *)arg, flag);
21547 		}
21548 		break;
21549 
21550 	case CDROMCDXA:
21551 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCDXA\n");
21552 		if (!ISCD(un)) {
21553 			err = ENOTTY;
21554 		} else {
21555 			err = sr_read_cdxa(dev, (caddr_t)arg, flag);
21556 		}
21557 		break;
21558 
21559 	case CDROMSUBCODE:
21560 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSUBCODE\n");
21561 		if (!ISCD(un)) {
21562 			err = ENOTTY;
21563 		} else {
21564 			err = sr_read_all_subcodes(dev, (caddr_t)arg, flag);
21565 		}
21566 		break;
21567 
21568 	case DKIOCPARTINFO: {
21569 		/*
21570 		 * Return parameters describing the selected disk slice.
21571 		 * Note: this ioctl is for the intel platform only
21572 		 */
21573 #if defined(__i386) || defined(__amd64)
21574 		int part;
21575 
21576 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTINFO\n");
21577 		part = SDPART(dev);
21578 
21579 		/* don't check un_solaris_size for pN */
21580 		if (part < P0_RAW_DISK && un->un_solaris_size == 0) {
21581 			err = EIO;
21582 		} else {
21583 			struct part_info p;
21584 
21585 			p.p_start = (daddr_t)un->un_offset[part];
21586 			p.p_length = (int)un->un_map[part].dkl_nblk;
21587 #ifdef _MULTI_DATAMODEL
21588 			switch (ddi_model_convert_from(flag & FMODELS)) {
21589 			case DDI_MODEL_ILP32:
21590 			{
21591 				struct part_info32 p32;
21592 
21593 				p32.p_start = (daddr32_t)p.p_start;
21594 				p32.p_length = p.p_length;
21595 				if (ddi_copyout(&p32, (void *)arg,
21596 				    sizeof (p32), flag))
21597 					err = EFAULT;
21598 				break;
21599 			}
21600 
21601 			case DDI_MODEL_NONE:
21602 			{
21603 				if (ddi_copyout(&p, (void *)arg, sizeof (p),
21604 				    flag))
21605 					err = EFAULT;
21606 				break;
21607 			}
21608 			}
21609 #else /* ! _MULTI_DATAMODEL */
21610 			if (ddi_copyout(&p, (void *)arg, sizeof (p), flag))
21611 				err = EFAULT;
21612 #endif /* _MULTI_DATAMODEL */
21613 		}
21614 #else
21615 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTINFO\n");
21616 		err = ENOTTY;
21617 #endif
21618 		break;
21619 	}
21620 
21621 	case DKIOCG_PHYGEOM: {
21622 		/* Return the driver's notion of the media physical geometry */
21623 #if defined(__i386) || defined(__amd64)
21624 		struct dk_geom	disk_geom;
21625 		struct dk_geom	*dkgp = &disk_geom;
21626 
21627 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_PHYGEOM\n");
21628 		mutex_enter(SD_MUTEX(un));
21629 
21630 		if (un->un_g.dkg_nhead != 0 &&
21631 		    un->un_g.dkg_nsect != 0) {
21632 			/*
21633 			 * We succeeded in getting a geometry, but
21634 			 * right now it is being reported as just the
21635 			 * Solaris fdisk partition, just like for
21636 			 * DKIOCGGEOM. We need to change that to be
21637 			 * correct for the entire disk now.
21638 			 */
21639 			bcopy(&un->un_g, dkgp, sizeof (*dkgp));
21640 			dkgp->dkg_acyl = 0;
21641 			dkgp->dkg_ncyl = un->un_blockcount /
21642 			    (dkgp->dkg_nhead * dkgp->dkg_nsect);
21643 		} else {
21644 			bzero(dkgp, sizeof (struct dk_geom));
21645 			/*
21646 			 * This disk does not have a Solaris VTOC
21647 			 * so we must present a physical geometry
21648 			 * that will remain consistent regardless
21649 			 * of how the disk is used. This will ensure
21650 			 * that the geometry does not change regardless
21651 			 * of the fdisk partition type (ie. EFI, FAT32,
21652 			 * Solaris, etc).
21653 			 */
21654 			if (ISCD(un)) {
21655 				dkgp->dkg_nhead = un->un_pgeom.g_nhead;
21656 				dkgp->dkg_nsect = un->un_pgeom.g_nsect;
21657 				dkgp->dkg_ncyl = un->un_pgeom.g_ncyl;
21658 				dkgp->dkg_acyl = un->un_pgeom.g_acyl;
21659 			} else {
21660 				/*
21661 				 * Invalid un_blockcount can generate invalid
21662 				 * dk_geom and may result in division by zero
21663 				 * system failure. Should make sure blockcount
21664 				 * is valid before using it here.
21665 				 */
21666 				if (un->un_f_blockcount_is_valid == FALSE) {
21667 					mutex_exit(SD_MUTEX(un));
21668 					err = EIO;
21669 
21670 					break;
21671 				}
21672 				sd_convert_geometry(un->un_blockcount, dkgp);
21673 				dkgp->dkg_acyl = 0;
21674 				dkgp->dkg_ncyl = un->un_blockcount /
21675 				    (dkgp->dkg_nhead * dkgp->dkg_nsect);
21676 			}
21677 		}
21678 		dkgp->dkg_pcyl = dkgp->dkg_ncyl + dkgp->dkg_acyl;
21679 
21680 		if (ddi_copyout(dkgp, (void *)arg,
21681 		    sizeof (struct dk_geom), flag)) {
21682 			mutex_exit(SD_MUTEX(un));
21683 			err = EFAULT;
21684 		} else {
21685 			mutex_exit(SD_MUTEX(un));
21686 			err = 0;
21687 		}
21688 #else
21689 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_PHYGEOM\n");
21690 		err = ENOTTY;
21691 #endif
21692 		break;
21693 	}
21694 
21695 	case DKIOCG_VIRTGEOM: {
21696 		/* Return the driver's notion of the media's logical geometry */
21697 #if defined(__i386) || defined(__amd64)
21698 		struct dk_geom	disk_geom;
21699 		struct dk_geom	*dkgp = &disk_geom;
21700 
21701 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_VIRTGEOM\n");
21702 		mutex_enter(SD_MUTEX(un));
21703 		/*
21704 		 * If there is no HBA geometry available, or
21705 		 * if the HBA returned us something that doesn't
21706 		 * really fit into an Int 13/function 8 geometry
21707 		 * result, just fail the ioctl.  See PSARC 1998/313.
21708 		 */
21709 		if (un->un_lgeom.g_nhead == 0 ||
21710 		    un->un_lgeom.g_nsect == 0 ||
21711 		    un->un_lgeom.g_ncyl > 1024) {
21712 			mutex_exit(SD_MUTEX(un));
21713 			err = EINVAL;
21714 		} else {
21715 			dkgp->dkg_ncyl	= un->un_lgeom.g_ncyl;
21716 			dkgp->dkg_acyl	= un->un_lgeom.g_acyl;
21717 			dkgp->dkg_pcyl	= dkgp->dkg_ncyl + dkgp->dkg_acyl;
21718 			dkgp->dkg_nhead	= un->un_lgeom.g_nhead;
21719 			dkgp->dkg_nsect	= un->un_lgeom.g_nsect;
21720 
21721 			if (ddi_copyout(dkgp, (void *)arg,
21722 			    sizeof (struct dk_geom), flag)) {
21723 				mutex_exit(SD_MUTEX(un));
21724 				err = EFAULT;
21725 			} else {
21726 				mutex_exit(SD_MUTEX(un));
21727 				err = 0;
21728 			}
21729 		}
21730 #else
21731 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_VIRTGEOM\n");
21732 		err = ENOTTY;
21733 #endif
21734 		break;
21735 	}
21736 #ifdef SDDEBUG
21737 /* RESET/ABORTS testing ioctls */
21738 	case DKIOCRESET: {
21739 		int	reset_level;
21740 
21741 		if (ddi_copyin((void *)arg, &reset_level, sizeof (int), flag)) {
21742 			err = EFAULT;
21743 		} else {
21744 			SD_INFO(SD_LOG_IOCTL, un, "sdioctl: DKIOCRESET: "
21745 			    "reset_level = 0x%lx\n", reset_level);
21746 			if (scsi_reset(SD_ADDRESS(un), reset_level)) {
21747 				err = 0;
21748 			} else {
21749 				err = EIO;
21750 			}
21751 		}
21752 		break;
21753 	}
21754 
21755 	case DKIOCABORT:
21756 		SD_INFO(SD_LOG_IOCTL, un, "sdioctl: DKIOCABORT:\n");
21757 		if (scsi_abort(SD_ADDRESS(un), NULL)) {
21758 			err = 0;
21759 		} else {
21760 			err = EIO;
21761 		}
21762 		break;
21763 #endif
21764 
21765 #ifdef SD_FAULT_INJECTION
21766 /* SDIOC FaultInjection testing ioctls */
21767 	case SDIOCSTART:
21768 	case SDIOCSTOP:
21769 	case SDIOCINSERTPKT:
21770 	case SDIOCINSERTXB:
21771 	case SDIOCINSERTUN:
21772 	case SDIOCINSERTARQ:
21773 	case SDIOCPUSH:
21774 	case SDIOCRETRIEVE:
21775 	case SDIOCRUN:
21776 		SD_INFO(SD_LOG_SDTEST, un, "sdioctl:"
21777 		    "SDIOC detected cmd:0x%X:\n", cmd);
21778 		/* call error generator */
21779 		sd_faultinjection_ioctl(cmd, arg, un);
21780 		err = 0;
21781 		break;
21782 
21783 #endif /* SD_FAULT_INJECTION */
21784 
21785 	case DKIOCFLUSHWRITECACHE:
21786 		{
21787 			struct dk_callback *dkc = (struct dk_callback *)arg;
21788 
21789 			mutex_enter(SD_MUTEX(un));
21790 			if (!un->un_f_sync_cache_supported ||
21791 			    !un->un_f_write_cache_enabled) {
21792 				err = un->un_f_sync_cache_supported ?
21793 					0 : ENOTSUP;
21794 				mutex_exit(SD_MUTEX(un));
21795 				if ((flag & FKIOCTL) && dkc != NULL &&
21796 				    dkc->dkc_callback != NULL) {
21797 					(*dkc->dkc_callback)(dkc->dkc_cookie,
21798 					    err);
21799 					/*
21800 					 * Did callback and reported error.
21801 					 * Since we did a callback, ioctl
21802 					 * should return 0.
21803 					 */
21804 					err = 0;
21805 				}
21806 				break;
21807 			}
21808 			mutex_exit(SD_MUTEX(un));
21809 
21810 			if ((flag & FKIOCTL) && dkc != NULL &&
21811 			    dkc->dkc_callback != NULL) {
21812 				/* async SYNC CACHE request */
21813 				err = sd_send_scsi_SYNCHRONIZE_CACHE(un, dkc);
21814 			} else {
21815 				/* synchronous SYNC CACHE request */
21816 				err = sd_send_scsi_SYNCHRONIZE_CACHE(un, NULL);
21817 			}
21818 		}
21819 		break;
21820 
21821 	case DKIOCGETWCE: {
21822 
21823 		int wce;
21824 
21825 		if ((err = sd_get_write_cache_enabled(un, &wce)) != 0) {
21826 			break;
21827 		}
21828 
21829 		if (ddi_copyout(&wce, (void *)arg, sizeof (wce), flag)) {
21830 			err = EFAULT;
21831 		}
21832 		break;
21833 	}
21834 
21835 	case DKIOCSETWCE: {
21836 
21837 		int wce, sync_supported;
21838 
21839 		if (ddi_copyin((void *)arg, &wce, sizeof (wce), flag)) {
21840 			err = EFAULT;
21841 			break;
21842 		}
21843 
21844 		/*
21845 		 * Synchronize multiple threads trying to enable
21846 		 * or disable the cache via the un_f_wcc_cv
21847 		 * condition variable.
21848 		 */
21849 		mutex_enter(SD_MUTEX(un));
21850 
21851 		/*
21852 		 * Don't allow the cache to be enabled if the
21853 		 * config file has it disabled.
21854 		 */
21855 		if (un->un_f_opt_disable_cache && wce) {
21856 			mutex_exit(SD_MUTEX(un));
21857 			err = EINVAL;
21858 			break;
21859 		}
21860 
21861 		/*
21862 		 * Wait for write cache change in progress
21863 		 * bit to be clear before proceeding.
21864 		 */
21865 		while (un->un_f_wcc_inprog)
21866 			cv_wait(&un->un_wcc_cv, SD_MUTEX(un));
21867 
21868 		un->un_f_wcc_inprog = 1;
21869 
21870 		if (un->un_f_write_cache_enabled && wce == 0) {
21871 			/*
21872 			 * Disable the write cache.  Don't clear
21873 			 * un_f_write_cache_enabled until after
21874 			 * the mode select and flush are complete.
21875 			 */
21876 			sync_supported = un->un_f_sync_cache_supported;
21877 			mutex_exit(SD_MUTEX(un));
21878 			if ((err = sd_cache_control(un, SD_CACHE_NOCHANGE,
21879 			    SD_CACHE_DISABLE)) == 0 && sync_supported) {
21880 				err = sd_send_scsi_SYNCHRONIZE_CACHE(un, NULL);
21881 			}
21882 
21883 			mutex_enter(SD_MUTEX(un));
21884 			if (err == 0) {
21885 				un->un_f_write_cache_enabled = 0;
21886 			}
21887 
21888 		} else if (!un->un_f_write_cache_enabled && wce != 0) {
21889 			/*
21890 			 * Set un_f_write_cache_enabled first, so there is
21891 			 * no window where the cache is enabled, but the
21892 			 * bit says it isn't.
21893 			 */
21894 			un->un_f_write_cache_enabled = 1;
21895 			mutex_exit(SD_MUTEX(un));
21896 
21897 			err = sd_cache_control(un, SD_CACHE_NOCHANGE,
21898 				SD_CACHE_ENABLE);
21899 
21900 			mutex_enter(SD_MUTEX(un));
21901 
21902 			if (err) {
21903 				un->un_f_write_cache_enabled = 0;
21904 			}
21905 		}
21906 
21907 		un->un_f_wcc_inprog = 0;
21908 		cv_broadcast(&un->un_wcc_cv);
21909 		mutex_exit(SD_MUTEX(un));
21910 		break;
21911 	}
21912 
21913 	default:
21914 		err = ENOTTY;
21915 		break;
21916 	}
21917 	mutex_enter(SD_MUTEX(un));
21918 	un->un_ncmds_in_driver--;
21919 	ASSERT(un->un_ncmds_in_driver >= 0);
21920 	mutex_exit(SD_MUTEX(un));
21921 
21922 	SD_TRACE(SD_LOG_IOCTL, un, "sdioctl: exit: %d\n", err);
21923 	return (err);
21924 }
21925 
21926 
21927 /*
21928  *    Function: sd_uscsi_ioctl
21929  *
21930  * Description: This routine is the driver entry point for handling USCSI ioctl
21931  *		requests (USCSICMD).
21932  *
21933  *   Arguments: dev	- the device number
21934  *		arg	- user provided scsi command
21935  *		flag	- this argument is a pass through to ddi_copyxxx()
21936  *			  directly from the mode argument of ioctl().
21937  *
21938  * Return Code: code returned by sd_send_scsi_cmd
21939  *		ENXIO
21940  *		EFAULT
21941  *		EAGAIN
21942  */
21943 
21944 static int
21945 sd_uscsi_ioctl(dev_t dev, caddr_t arg, int flag)
21946 {
21947 #ifdef _MULTI_DATAMODEL
21948 	/*
21949 	 * For use when a 32 bit app makes a call into a
21950 	 * 64 bit ioctl
21951 	 */
21952 	struct uscsi_cmd32	uscsi_cmd_32_for_64;
21953 	struct uscsi_cmd32	*ucmd32 = &uscsi_cmd_32_for_64;
21954 	model_t			model;
21955 #endif /* _MULTI_DATAMODEL */
21956 	struct uscsi_cmd	*scmd = NULL;
21957 	struct sd_lun		*un = NULL;
21958 	enum uio_seg		uioseg;
21959 	char			cdb[CDB_GROUP0];
21960 	int			rval = 0;
21961 
21962 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
21963 		return (ENXIO);
21964 	}
21965 
21966 	SD_TRACE(SD_LOG_IOCTL, un, "sd_uscsi_ioctl: entry: un:0x%p\n", un);
21967 
21968 	scmd = (struct uscsi_cmd *)
21969 	    kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
21970 
21971 #ifdef _MULTI_DATAMODEL
21972 	switch (model = ddi_model_convert_from(flag & FMODELS)) {
21973 	case DDI_MODEL_ILP32:
21974 	{
21975 		if (ddi_copyin((void *)arg, ucmd32, sizeof (*ucmd32), flag)) {
21976 			rval = EFAULT;
21977 			goto done;
21978 		}
21979 		/*
21980 		 * Convert the ILP32 uscsi data from the
21981 		 * application to LP64 for internal use.
21982 		 */
21983 		uscsi_cmd32touscsi_cmd(ucmd32, scmd);
21984 		break;
21985 	}
21986 	case DDI_MODEL_NONE:
21987 		if (ddi_copyin((void *)arg, scmd, sizeof (*scmd), flag)) {
21988 			rval = EFAULT;
21989 			goto done;
21990 		}
21991 		break;
21992 	}
21993 #else /* ! _MULTI_DATAMODEL */
21994 	if (ddi_copyin((void *)arg, scmd, sizeof (*scmd), flag)) {
21995 		rval = EFAULT;
21996 		goto done;
21997 	}
21998 #endif /* _MULTI_DATAMODEL */
21999 
22000 	scmd->uscsi_flags &= ~USCSI_NOINTR;
22001 	uioseg = (flag & FKIOCTL) ? UIO_SYSSPACE : UIO_USERSPACE;
22002 	if (un->un_f_format_in_progress == TRUE) {
22003 		rval = EAGAIN;
22004 		goto done;
22005 	}
22006 
22007 	/*
22008 	 * Gotta do the ddi_copyin() here on the uscsi_cdb so that
22009 	 * we will have a valid cdb[0] to test.
22010 	 */
22011 	if ((ddi_copyin(scmd->uscsi_cdb, cdb, CDB_GROUP0, flag) == 0) &&
22012 	    (cdb[0] == SCMD_FORMAT)) {
22013 		SD_TRACE(SD_LOG_IOCTL, un,
22014 		    "sd_uscsi_ioctl: scmd->uscsi_cdb 0x%x\n", cdb[0]);
22015 		mutex_enter(SD_MUTEX(un));
22016 		un->un_f_format_in_progress = TRUE;
22017 		mutex_exit(SD_MUTEX(un));
22018 		rval = sd_send_scsi_cmd(dev, scmd, uioseg, uioseg, uioseg,
22019 		    SD_PATH_STANDARD);
22020 		mutex_enter(SD_MUTEX(un));
22021 		un->un_f_format_in_progress = FALSE;
22022 		mutex_exit(SD_MUTEX(un));
22023 	} else {
22024 		SD_TRACE(SD_LOG_IOCTL, un,
22025 		    "sd_uscsi_ioctl: scmd->uscsi_cdb 0x%x\n", cdb[0]);
22026 		/*
22027 		 * It's OK to fall into here even if the ddi_copyin()
22028 		 * on the uscsi_cdb above fails, because sd_send_scsi_cmd()
22029 		 * does this same copyin and will return the EFAULT
22030 		 * if it fails.
22031 		 */
22032 		rval = sd_send_scsi_cmd(dev, scmd, uioseg, uioseg, uioseg,
22033 		    SD_PATH_STANDARD);
22034 	}
22035 #ifdef _MULTI_DATAMODEL
22036 	switch (model) {
22037 	case DDI_MODEL_ILP32:
22038 		/*
22039 		 * Convert back to ILP32 before copyout to the
22040 		 * application
22041 		 */
22042 		uscsi_cmdtouscsi_cmd32(scmd, ucmd32);
22043 		if (ddi_copyout(ucmd32, (void *)arg, sizeof (*ucmd32), flag)) {
22044 			if (rval != 0) {
22045 				rval = EFAULT;
22046 			}
22047 		}
22048 		break;
22049 	case DDI_MODEL_NONE:
22050 		if (ddi_copyout(scmd, (void *)arg, sizeof (*scmd), flag)) {
22051 			if (rval != 0) {
22052 				rval = EFAULT;
22053 			}
22054 		}
22055 		break;
22056 	}
22057 #else /* ! _MULTI_DATAMODE */
22058 	if (ddi_copyout(scmd, (void *)arg, sizeof (*scmd), flag)) {
22059 		if (rval != 0) {
22060 			rval = EFAULT;
22061 		}
22062 	}
22063 #endif /* _MULTI_DATAMODE */
22064 done:
22065 	kmem_free(scmd, sizeof (struct uscsi_cmd));
22066 
22067 	SD_TRACE(SD_LOG_IOCTL, un, "sd_uscsi_ioctl: exit: un:0x%p\n", un);
22068 
22069 	return (rval);
22070 }
22071 
22072 
22073 /*
22074  *    Function: sd_dkio_ctrl_info
22075  *
22076  * Description: This routine is the driver entry point for handling controller
22077  *		information ioctl requests (DKIOCINFO).
22078  *
22079  *   Arguments: dev  - the device number
22080  *		arg  - pointer to user provided dk_cinfo structure
22081  *		       specifying the controller type and attributes.
22082  *		flag - this argument is a pass through to ddi_copyxxx()
22083  *		       directly from the mode argument of ioctl().
22084  *
22085  * Return Code: 0
22086  *		EFAULT
22087  *		ENXIO
22088  */
22089 
22090 static int
22091 sd_dkio_ctrl_info(dev_t dev, caddr_t arg, int flag)
22092 {
22093 	struct sd_lun	*un = NULL;
22094 	struct dk_cinfo	*info;
22095 	dev_info_t	*pdip;
22096 	int		lun, tgt;
22097 
22098 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22099 		return (ENXIO);
22100 	}
22101 
22102 	info = (struct dk_cinfo *)
22103 		kmem_zalloc(sizeof (struct dk_cinfo), KM_SLEEP);
22104 
22105 	switch (un->un_ctype) {
22106 	case CTYPE_CDROM:
22107 		info->dki_ctype = DKC_CDROM;
22108 		break;
22109 	default:
22110 		info->dki_ctype = DKC_SCSI_CCS;
22111 		break;
22112 	}
22113 	pdip = ddi_get_parent(SD_DEVINFO(un));
22114 	info->dki_cnum = ddi_get_instance(pdip);
22115 	if (strlen(ddi_get_name(pdip)) < DK_DEVLEN) {
22116 		(void) strcpy(info->dki_cname, ddi_get_name(pdip));
22117 	} else {
22118 		(void) strncpy(info->dki_cname, ddi_node_name(pdip),
22119 		    DK_DEVLEN - 1);
22120 	}
22121 
22122 	lun = ddi_prop_get_int(DDI_DEV_T_ANY, SD_DEVINFO(un),
22123 	    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_LUN, 0);
22124 	tgt = ddi_prop_get_int(DDI_DEV_T_ANY, SD_DEVINFO(un),
22125 	    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_TARGET, 0);
22126 
22127 	/* Unit Information */
22128 	info->dki_unit = ddi_get_instance(SD_DEVINFO(un));
22129 	info->dki_slave = ((tgt << 3) | lun);
22130 	(void) strncpy(info->dki_dname, ddi_driver_name(SD_DEVINFO(un)),
22131 	    DK_DEVLEN - 1);
22132 	info->dki_flags = DKI_FMTVOL;
22133 	info->dki_partition = SDPART(dev);
22134 
22135 	/* Max Transfer size of this device in blocks */
22136 	info->dki_maxtransfer = un->un_max_xfer_size / un->un_sys_blocksize;
22137 	info->dki_addr = 0;
22138 	info->dki_space = 0;
22139 	info->dki_prio = 0;
22140 	info->dki_vec = 0;
22141 
22142 	if (ddi_copyout(info, arg, sizeof (struct dk_cinfo), flag) != 0) {
22143 		kmem_free(info, sizeof (struct dk_cinfo));
22144 		return (EFAULT);
22145 	} else {
22146 		kmem_free(info, sizeof (struct dk_cinfo));
22147 		return (0);
22148 	}
22149 }
22150 
22151 
22152 /*
22153  *    Function: sd_get_media_info
22154  *
22155  * Description: This routine is the driver entry point for handling ioctl
22156  *		requests for the media type or command set profile used by the
22157  *		drive to operate on the media (DKIOCGMEDIAINFO).
22158  *
22159  *   Arguments: dev	- the device number
22160  *		arg	- pointer to user provided dk_minfo structure
22161  *			  specifying the media type, logical block size and
22162  *			  drive capacity.
22163  *		flag	- this argument is a pass through to ddi_copyxxx()
22164  *			  directly from the mode argument of ioctl().
22165  *
22166  * Return Code: 0
22167  *		EACCESS
22168  *		EFAULT
22169  *		ENXIO
22170  *		EIO
22171  */
22172 
22173 static int
22174 sd_get_media_info(dev_t dev, caddr_t arg, int flag)
22175 {
22176 	struct sd_lun		*un = NULL;
22177 	struct uscsi_cmd	com;
22178 	struct scsi_inquiry	*sinq;
22179 	struct dk_minfo		media_info;
22180 	u_longlong_t		media_capacity;
22181 	uint64_t		capacity;
22182 	uint_t			lbasize;
22183 	uchar_t			*out_data;
22184 	uchar_t			*rqbuf;
22185 	int			rval = 0;
22186 	int			rtn;
22187 
22188 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
22189 	    (un->un_state == SD_STATE_OFFLINE)) {
22190 		return (ENXIO);
22191 	}
22192 
22193 	SD_TRACE(SD_LOG_IOCTL_DKIO, un, "sd_get_media_info: entry\n");
22194 
22195 	out_data = kmem_zalloc(SD_PROFILE_HEADER_LEN, KM_SLEEP);
22196 	rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
22197 
22198 	/* Issue a TUR to determine if the drive is ready with media present */
22199 	rval = sd_send_scsi_TEST_UNIT_READY(un, SD_CHECK_FOR_MEDIA);
22200 	if (rval == ENXIO) {
22201 		goto done;
22202 	}
22203 
22204 	/* Now get configuration data */
22205 	if (ISCD(un)) {
22206 		media_info.dki_media_type = DK_CDROM;
22207 
22208 		/* Allow SCMD_GET_CONFIGURATION to MMC devices only */
22209 		if (un->un_f_mmc_cap == TRUE) {
22210 			rtn = sd_send_scsi_GET_CONFIGURATION(un, &com, rqbuf,
22211 				SENSE_LENGTH, out_data, SD_PROFILE_HEADER_LEN);
22212 
22213 			if (rtn) {
22214 				/*
22215 				 * Failed for other than an illegal request
22216 				 * or command not supported
22217 				 */
22218 				if ((com.uscsi_status == STATUS_CHECK) &&
22219 				    (com.uscsi_rqstatus == STATUS_GOOD)) {
22220 					if ((rqbuf[2] != KEY_ILLEGAL_REQUEST) ||
22221 					    (rqbuf[12] != 0x20)) {
22222 						rval = EIO;
22223 						goto done;
22224 					}
22225 				}
22226 			} else {
22227 				/*
22228 				 * The GET CONFIGURATION command succeeded
22229 				 * so set the media type according to the
22230 				 * returned data
22231 				 */
22232 				media_info.dki_media_type = out_data[6];
22233 				media_info.dki_media_type <<= 8;
22234 				media_info.dki_media_type |= out_data[7];
22235 			}
22236 		}
22237 	} else {
22238 		/*
22239 		 * The profile list is not available, so we attempt to identify
22240 		 * the media type based on the inquiry data
22241 		 */
22242 		sinq = un->un_sd->sd_inq;
22243 		if (sinq->inq_qual == 0) {
22244 			/* This is a direct access device */
22245 			media_info.dki_media_type = DK_FIXED_DISK;
22246 
22247 			if ((bcmp(sinq->inq_vid, "IOMEGA", 6) == 0) ||
22248 			    (bcmp(sinq->inq_vid, "iomega", 6) == 0)) {
22249 				if ((bcmp(sinq->inq_pid, "ZIP", 3) == 0)) {
22250 					media_info.dki_media_type = DK_ZIP;
22251 				} else if (
22252 				    (bcmp(sinq->inq_pid, "jaz", 3) == 0)) {
22253 					media_info.dki_media_type = DK_JAZ;
22254 				}
22255 			}
22256 		} else {
22257 			/* Not a CD or direct access so return unknown media */
22258 			media_info.dki_media_type = DK_UNKNOWN;
22259 		}
22260 	}
22261 
22262 	/* Now read the capacity so we can provide the lbasize and capacity */
22263 	switch (sd_send_scsi_READ_CAPACITY(un, &capacity, &lbasize,
22264 	    SD_PATH_DIRECT)) {
22265 	case 0:
22266 		break;
22267 	case EACCES:
22268 		rval = EACCES;
22269 		goto done;
22270 	default:
22271 		rval = EIO;
22272 		goto done;
22273 	}
22274 
22275 	media_info.dki_lbsize = lbasize;
22276 	media_capacity = capacity;
22277 
22278 	/*
22279 	 * sd_send_scsi_READ_CAPACITY() reports capacity in
22280 	 * un->un_sys_blocksize chunks. So we need to convert it into
22281 	 * cap.lbasize chunks.
22282 	 */
22283 	media_capacity *= un->un_sys_blocksize;
22284 	media_capacity /= lbasize;
22285 	media_info.dki_capacity = media_capacity;
22286 
22287 	if (ddi_copyout(&media_info, arg, sizeof (struct dk_minfo), flag)) {
22288 		rval = EFAULT;
22289 		/* Put goto. Anybody might add some code below in future */
22290 		goto done;
22291 	}
22292 done:
22293 	kmem_free(out_data, SD_PROFILE_HEADER_LEN);
22294 	kmem_free(rqbuf, SENSE_LENGTH);
22295 	return (rval);
22296 }
22297 
22298 
22299 /*
22300  *    Function: sd_dkio_get_geometry
22301  *
22302  * Description: This routine is the driver entry point for handling user
22303  *		requests to get the device geometry (DKIOCGGEOM).
22304  *
22305  *   Arguments: dev  - the device number
22306  *		arg  - pointer to user provided dk_geom structure specifying
22307  *			the controller's notion of the current geometry.
22308  *		flag - this argument is a pass through to ddi_copyxxx()
22309  *		       directly from the mode argument of ioctl().
22310  *		geom_validated - flag indicating if the device geometry has been
22311  *				 previously validated in the sdioctl routine.
22312  *
22313  * Return Code: 0
22314  *		EFAULT
22315  *		ENXIO
22316  *		EIO
22317  */
22318 
22319 static int
22320 sd_dkio_get_geometry(dev_t dev, caddr_t arg, int flag, int geom_validated)
22321 {
22322 	struct sd_lun	*un = NULL;
22323 	struct dk_geom	*tmp_geom = NULL;
22324 	int		rval = 0;
22325 
22326 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22327 		return (ENXIO);
22328 	}
22329 
22330 	if (geom_validated == FALSE) {
22331 		/*
22332 		 * sd_validate_geometry does not spin a disk up
22333 		 * if it was spun down. We need to make sure it
22334 		 * is ready.
22335 		 */
22336 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22337 			return (rval);
22338 		}
22339 		mutex_enter(SD_MUTEX(un));
22340 		rval = sd_validate_geometry(un, SD_PATH_DIRECT);
22341 		mutex_exit(SD_MUTEX(un));
22342 	}
22343 	if (rval)
22344 		return (rval);
22345 
22346 	/*
22347 	 * It is possible that un_solaris_size is 0(uninitialized)
22348 	 * after sd_unit_attach. Reservation conflict may cause the
22349 	 * above situation. Thus, the zero check of un_solaris_size
22350 	 * should occur after the sd_validate_geometry() call.
22351 	 */
22352 #if defined(__i386) || defined(__amd64)
22353 	if (un->un_solaris_size == 0) {
22354 		return (EIO);
22355 	}
22356 #endif
22357 
22358 	/*
22359 	 * Make a local copy of the soft state geometry to avoid some potential
22360 	 * race conditions associated with holding the mutex and updating the
22361 	 * write_reinstruct value
22362 	 */
22363 	tmp_geom = kmem_zalloc(sizeof (struct dk_geom), KM_SLEEP);
22364 	mutex_enter(SD_MUTEX(un));
22365 	bcopy(&un->un_g, tmp_geom, sizeof (struct dk_geom));
22366 	mutex_exit(SD_MUTEX(un));
22367 
22368 	if (tmp_geom->dkg_write_reinstruct == 0) {
22369 		tmp_geom->dkg_write_reinstruct =
22370 		    (int)((int)(tmp_geom->dkg_nsect * tmp_geom->dkg_rpm *
22371 		    sd_rot_delay) / (int)60000);
22372 	}
22373 
22374 	rval = ddi_copyout(tmp_geom, (void *)arg, sizeof (struct dk_geom),
22375 	    flag);
22376 	if (rval != 0) {
22377 		rval = EFAULT;
22378 	}
22379 
22380 	kmem_free(tmp_geom, sizeof (struct dk_geom));
22381 	return (rval);
22382 
22383 }
22384 
22385 
22386 /*
22387  *    Function: sd_dkio_set_geometry
22388  *
22389  * Description: This routine is the driver entry point for handling user
22390  *		requests to set the device geometry (DKIOCSGEOM). The actual
22391  *		device geometry is not updated, just the driver "notion" of it.
22392  *
22393  *   Arguments: dev  - the device number
22394  *		arg  - pointer to user provided dk_geom structure used to set
22395  *			the controller's notion of the current geometry.
22396  *		flag - this argument is a pass through to ddi_copyxxx()
22397  *		       directly from the mode argument of ioctl().
22398  *
22399  * Return Code: 0
22400  *		EFAULT
22401  *		ENXIO
22402  *		EIO
22403  */
22404 
22405 static int
22406 sd_dkio_set_geometry(dev_t dev, caddr_t arg, int flag)
22407 {
22408 	struct sd_lun	*un = NULL;
22409 	struct dk_geom	*tmp_geom;
22410 	struct dk_map	*lp;
22411 	int		rval = 0;
22412 	int		i;
22413 
22414 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22415 		return (ENXIO);
22416 	}
22417 
22418 	/*
22419 	 * Make sure there is no reservation conflict on the lun.
22420 	 */
22421 	if (sd_send_scsi_TEST_UNIT_READY(un, 0) == EACCES) {
22422 		return (EACCES);
22423 	}
22424 
22425 #if defined(__i386) || defined(__amd64)
22426 	if (un->un_solaris_size == 0) {
22427 		return (EIO);
22428 	}
22429 #endif
22430 
22431 	/*
22432 	 * We need to copy the user specified geometry into local
22433 	 * storage and then update the softstate. We don't want to hold
22434 	 * the mutex and copyin directly from the user to the soft state
22435 	 */
22436 	tmp_geom = (struct dk_geom *)
22437 	    kmem_zalloc(sizeof (struct dk_geom), KM_SLEEP);
22438 	rval = ddi_copyin(arg, tmp_geom, sizeof (struct dk_geom), flag);
22439 	if (rval != 0) {
22440 		kmem_free(tmp_geom, sizeof (struct dk_geom));
22441 		return (EFAULT);
22442 	}
22443 
22444 	mutex_enter(SD_MUTEX(un));
22445 	bcopy(tmp_geom, &un->un_g, sizeof (struct dk_geom));
22446 	for (i = 0; i < NDKMAP; i++) {
22447 		lp  = &un->un_map[i];
22448 		un->un_offset[i] =
22449 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
22450 #if defined(__i386) || defined(__amd64)
22451 		un->un_offset[i] += un->un_solaris_offset;
22452 #endif
22453 	}
22454 	un->un_f_geometry_is_valid = FALSE;
22455 	mutex_exit(SD_MUTEX(un));
22456 	kmem_free(tmp_geom, sizeof (struct dk_geom));
22457 
22458 	return (rval);
22459 }
22460 
22461 
22462 /*
22463  *    Function: sd_dkio_get_partition
22464  *
22465  * Description: This routine is the driver entry point for handling user
22466  *		requests to get the partition table (DKIOCGAPART).
22467  *
22468  *   Arguments: dev  - the device number
22469  *		arg  - pointer to user provided dk_allmap structure specifying
22470  *			the controller's notion of the current partition table.
22471  *		flag - this argument is a pass through to ddi_copyxxx()
22472  *		       directly from the mode argument of ioctl().
22473  *		geom_validated - flag indicating if the device geometry has been
22474  *				 previously validated in the sdioctl routine.
22475  *
22476  * Return Code: 0
22477  *		EFAULT
22478  *		ENXIO
22479  *		EIO
22480  */
22481 
22482 static int
22483 sd_dkio_get_partition(dev_t dev, caddr_t arg, int flag, int geom_validated)
22484 {
22485 	struct sd_lun	*un = NULL;
22486 	int		rval = 0;
22487 	int		size;
22488 
22489 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22490 		return (ENXIO);
22491 	}
22492 
22493 	/*
22494 	 * Make sure the geometry is valid before getting the partition
22495 	 * information.
22496 	 */
22497 	mutex_enter(SD_MUTEX(un));
22498 	if (geom_validated == FALSE) {
22499 		/*
22500 		 * sd_validate_geometry does not spin a disk up
22501 		 * if it was spun down. We need to make sure it
22502 		 * is ready before validating the geometry.
22503 		 */
22504 		mutex_exit(SD_MUTEX(un));
22505 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22506 			return (rval);
22507 		}
22508 		mutex_enter(SD_MUTEX(un));
22509 
22510 		if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT)) != 0) {
22511 			mutex_exit(SD_MUTEX(un));
22512 			return (rval);
22513 		}
22514 	}
22515 	mutex_exit(SD_MUTEX(un));
22516 
22517 	/*
22518 	 * It is possible that un_solaris_size is 0(uninitialized)
22519 	 * after sd_unit_attach. Reservation conflict may cause the
22520 	 * above situation. Thus, the zero check of un_solaris_size
22521 	 * should occur after the sd_validate_geometry() call.
22522 	 */
22523 #if defined(__i386) || defined(__amd64)
22524 	if (un->un_solaris_size == 0) {
22525 		return (EIO);
22526 	}
22527 #endif
22528 
22529 #ifdef _MULTI_DATAMODEL
22530 	switch (ddi_model_convert_from(flag & FMODELS)) {
22531 	case DDI_MODEL_ILP32: {
22532 		struct dk_map32 dk_map32[NDKMAP];
22533 		int		i;
22534 
22535 		for (i = 0; i < NDKMAP; i++) {
22536 			dk_map32[i].dkl_cylno = un->un_map[i].dkl_cylno;
22537 			dk_map32[i].dkl_nblk  = un->un_map[i].dkl_nblk;
22538 		}
22539 		size = NDKMAP * sizeof (struct dk_map32);
22540 		rval = ddi_copyout(dk_map32, (void *)arg, size, flag);
22541 		if (rval != 0) {
22542 			rval = EFAULT;
22543 		}
22544 		break;
22545 	}
22546 	case DDI_MODEL_NONE:
22547 		size = NDKMAP * sizeof (struct dk_map);
22548 		rval = ddi_copyout(un->un_map, (void *)arg, size, flag);
22549 		if (rval != 0) {
22550 			rval = EFAULT;
22551 		}
22552 		break;
22553 	}
22554 #else /* ! _MULTI_DATAMODEL */
22555 	size = NDKMAP * sizeof (struct dk_map);
22556 	rval = ddi_copyout(un->un_map, (void *)arg, size, flag);
22557 	if (rval != 0) {
22558 		rval = EFAULT;
22559 	}
22560 #endif /* _MULTI_DATAMODEL */
22561 	return (rval);
22562 }
22563 
22564 
22565 /*
22566  *    Function: sd_dkio_set_partition
22567  *
22568  * Description: This routine is the driver entry point for handling user
22569  *		requests to set the partition table (DKIOCSAPART). The actual
22570  *		device partition is not updated.
22571  *
22572  *   Arguments: dev  - the device number
22573  *		arg  - pointer to user provided dk_allmap structure used to set
22574  *			the controller's notion of the partition table.
22575  *		flag - this argument is a pass through to ddi_copyxxx()
22576  *		       directly from the mode argument of ioctl().
22577  *
22578  * Return Code: 0
22579  *		EINVAL
22580  *		EFAULT
22581  *		ENXIO
22582  *		EIO
22583  */
22584 
22585 static int
22586 sd_dkio_set_partition(dev_t dev, caddr_t arg, int flag)
22587 {
22588 	struct sd_lun	*un = NULL;
22589 	struct dk_map	dk_map[NDKMAP];
22590 	struct dk_map	*lp;
22591 	int		rval = 0;
22592 	int		size;
22593 	int		i;
22594 #if defined(_SUNOS_VTOC_16)
22595 	struct dkl_partition	*vp;
22596 #endif
22597 
22598 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22599 		return (ENXIO);
22600 	}
22601 
22602 	/*
22603 	 * Set the map for all logical partitions.  We lock
22604 	 * the priority just to make sure an interrupt doesn't
22605 	 * come in while the map is half updated.
22606 	 */
22607 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_solaris_size))
22608 	mutex_enter(SD_MUTEX(un));
22609 	if (un->un_blockcount > DK_MAX_BLOCKS) {
22610 		mutex_exit(SD_MUTEX(un));
22611 		return (ENOTSUP);
22612 	}
22613 	mutex_exit(SD_MUTEX(un));
22614 
22615 	/*
22616 	 * Make sure there is no reservation conflict on the lun.
22617 	 */
22618 	if (sd_send_scsi_TEST_UNIT_READY(un, 0) == EACCES) {
22619 		return (EACCES);
22620 	}
22621 
22622 #if defined(__i386) || defined(__amd64)
22623 	if (un->un_solaris_size == 0) {
22624 		return (EIO);
22625 	}
22626 #endif
22627 
22628 #ifdef _MULTI_DATAMODEL
22629 	switch (ddi_model_convert_from(flag & FMODELS)) {
22630 	case DDI_MODEL_ILP32: {
22631 		struct dk_map32 dk_map32[NDKMAP];
22632 
22633 		size = NDKMAP * sizeof (struct dk_map32);
22634 		rval = ddi_copyin((void *)arg, dk_map32, size, flag);
22635 		if (rval != 0) {
22636 			return (EFAULT);
22637 		}
22638 		for (i = 0; i < NDKMAP; i++) {
22639 			dk_map[i].dkl_cylno = dk_map32[i].dkl_cylno;
22640 			dk_map[i].dkl_nblk  = dk_map32[i].dkl_nblk;
22641 		}
22642 		break;
22643 	}
22644 	case DDI_MODEL_NONE:
22645 		size = NDKMAP * sizeof (struct dk_map);
22646 		rval = ddi_copyin((void *)arg, dk_map, size, flag);
22647 		if (rval != 0) {
22648 			return (EFAULT);
22649 		}
22650 		break;
22651 	}
22652 #else /* ! _MULTI_DATAMODEL */
22653 	size = NDKMAP * sizeof (struct dk_map);
22654 	rval = ddi_copyin((void *)arg, dk_map, size, flag);
22655 	if (rval != 0) {
22656 		return (EFAULT);
22657 	}
22658 #endif /* _MULTI_DATAMODEL */
22659 
22660 	mutex_enter(SD_MUTEX(un));
22661 	/* Note: The size used in this bcopy is set based upon the data model */
22662 	bcopy(dk_map, un->un_map, size);
22663 #if defined(_SUNOS_VTOC_16)
22664 	vp = (struct dkl_partition *)&(un->un_vtoc);
22665 #endif	/* defined(_SUNOS_VTOC_16) */
22666 	for (i = 0; i < NDKMAP; i++) {
22667 		lp  = &un->un_map[i];
22668 		un->un_offset[i] =
22669 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
22670 #if defined(_SUNOS_VTOC_16)
22671 		vp->p_start = un->un_offset[i];
22672 		vp->p_size = lp->dkl_nblk;
22673 		vp++;
22674 #endif	/* defined(_SUNOS_VTOC_16) */
22675 #if defined(__i386) || defined(__amd64)
22676 		un->un_offset[i] += un->un_solaris_offset;
22677 #endif
22678 	}
22679 	mutex_exit(SD_MUTEX(un));
22680 	return (rval);
22681 }
22682 
22683 
22684 /*
22685  *    Function: sd_dkio_get_vtoc
22686  *
22687  * Description: This routine is the driver entry point for handling user
22688  *		requests to get the current volume table of contents
22689  *		(DKIOCGVTOC).
22690  *
22691  *   Arguments: dev  - the device number
22692  *		arg  - pointer to user provided vtoc structure specifying
22693  *			the current vtoc.
22694  *		flag - this argument is a pass through to ddi_copyxxx()
22695  *		       directly from the mode argument of ioctl().
22696  *		geom_validated - flag indicating if the device geometry has been
22697  *				 previously validated in the sdioctl routine.
22698  *
22699  * Return Code: 0
22700  *		EFAULT
22701  *		ENXIO
22702  *		EIO
22703  */
22704 
22705 static int
22706 sd_dkio_get_vtoc(dev_t dev, caddr_t arg, int flag, int geom_validated)
22707 {
22708 	struct sd_lun	*un = NULL;
22709 #if defined(_SUNOS_VTOC_8)
22710 	struct vtoc	user_vtoc;
22711 #endif	/* defined(_SUNOS_VTOC_8) */
22712 	int		rval = 0;
22713 
22714 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22715 		return (ENXIO);
22716 	}
22717 
22718 	mutex_enter(SD_MUTEX(un));
22719 	if (geom_validated == FALSE) {
22720 		/*
22721 		 * sd_validate_geometry does not spin a disk up
22722 		 * if it was spun down. We need to make sure it
22723 		 * is ready.
22724 		 */
22725 		mutex_exit(SD_MUTEX(un));
22726 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22727 			return (rval);
22728 		}
22729 		mutex_enter(SD_MUTEX(un));
22730 		if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT)) != 0) {
22731 			mutex_exit(SD_MUTEX(un));
22732 			return (rval);
22733 		}
22734 	}
22735 
22736 #if defined(_SUNOS_VTOC_8)
22737 	sd_build_user_vtoc(un, &user_vtoc);
22738 	mutex_exit(SD_MUTEX(un));
22739 
22740 #ifdef _MULTI_DATAMODEL
22741 	switch (ddi_model_convert_from(flag & FMODELS)) {
22742 	case DDI_MODEL_ILP32: {
22743 		struct vtoc32 user_vtoc32;
22744 
22745 		vtoctovtoc32(user_vtoc, user_vtoc32);
22746 		if (ddi_copyout(&user_vtoc32, (void *)arg,
22747 		    sizeof (struct vtoc32), flag)) {
22748 			return (EFAULT);
22749 		}
22750 		break;
22751 	}
22752 
22753 	case DDI_MODEL_NONE:
22754 		if (ddi_copyout(&user_vtoc, (void *)arg,
22755 		    sizeof (struct vtoc), flag)) {
22756 			return (EFAULT);
22757 		}
22758 		break;
22759 	}
22760 #else /* ! _MULTI_DATAMODEL */
22761 	if (ddi_copyout(&user_vtoc, (void *)arg, sizeof (struct vtoc), flag)) {
22762 		return (EFAULT);
22763 	}
22764 #endif /* _MULTI_DATAMODEL */
22765 
22766 #elif defined(_SUNOS_VTOC_16)
22767 	mutex_exit(SD_MUTEX(un));
22768 
22769 #ifdef _MULTI_DATAMODEL
22770 	/*
22771 	 * The un_vtoc structure is a "struct dk_vtoc"  which is always
22772 	 * 32-bit to maintain compatibility with existing on-disk
22773 	 * structures.  Thus, we need to convert the structure when copying
22774 	 * it out to a datamodel-dependent "struct vtoc" in a 64-bit
22775 	 * program.  If the target is a 32-bit program, then no conversion
22776 	 * is necessary.
22777 	 */
22778 	/* LINTED: logical expression always true: op "||" */
22779 	ASSERT(sizeof (un->un_vtoc) == sizeof (struct vtoc32));
22780 	switch (ddi_model_convert_from(flag & FMODELS)) {
22781 	case DDI_MODEL_ILP32:
22782 		if (ddi_copyout(&(un->un_vtoc), (void *)arg,
22783 		    sizeof (un->un_vtoc), flag)) {
22784 			return (EFAULT);
22785 		}
22786 		break;
22787 
22788 	case DDI_MODEL_NONE: {
22789 		struct vtoc user_vtoc;
22790 
22791 		vtoc32tovtoc(un->un_vtoc, user_vtoc);
22792 		if (ddi_copyout(&user_vtoc, (void *)arg,
22793 		    sizeof (struct vtoc), flag)) {
22794 			return (EFAULT);
22795 		}
22796 		break;
22797 	}
22798 	}
22799 #else /* ! _MULTI_DATAMODEL */
22800 	if (ddi_copyout(&(un->un_vtoc), (void *)arg, sizeof (un->un_vtoc),
22801 	    flag)) {
22802 		return (EFAULT);
22803 	}
22804 #endif /* _MULTI_DATAMODEL */
22805 #else
22806 #error "No VTOC format defined."
22807 #endif
22808 
22809 	return (rval);
22810 }
22811 
22812 static int
22813 sd_dkio_get_efi(dev_t dev, caddr_t arg, int flag)
22814 {
22815 	struct sd_lun	*un = NULL;
22816 	dk_efi_t	user_efi;
22817 	int		rval = 0;
22818 	void		*buffer;
22819 
22820 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL)
22821 		return (ENXIO);
22822 
22823 	if (ddi_copyin(arg, &user_efi, sizeof (dk_efi_t), flag))
22824 		return (EFAULT);
22825 
22826 	user_efi.dki_data = (void *)(uintptr_t)user_efi.dki_data_64;
22827 
22828 	if ((user_efi.dki_length % un->un_tgt_blocksize) ||
22829 	    (user_efi.dki_length > un->un_max_xfer_size))
22830 		return (EINVAL);
22831 
22832 	buffer = kmem_alloc(user_efi.dki_length, KM_SLEEP);
22833 	rval = sd_send_scsi_READ(un, buffer, user_efi.dki_length,
22834 	    user_efi.dki_lba, SD_PATH_DIRECT);
22835 	if (rval == 0 && ddi_copyout(buffer, user_efi.dki_data,
22836 	    user_efi.dki_length, flag) != 0)
22837 		rval = EFAULT;
22838 
22839 	kmem_free(buffer, user_efi.dki_length);
22840 	return (rval);
22841 }
22842 
22843 /*
22844  *    Function: sd_build_user_vtoc
22845  *
22846  * Description: This routine populates a pass by reference variable with the
22847  *		current volume table of contents.
22848  *
22849  *   Arguments: un - driver soft state (unit) structure
22850  *		user_vtoc - pointer to vtoc structure to be populated
22851  */
22852 
22853 static void
22854 sd_build_user_vtoc(struct sd_lun *un, struct vtoc *user_vtoc)
22855 {
22856 	struct dk_map2		*lpart;
22857 	struct dk_map		*lmap;
22858 	struct partition	*vpart;
22859 	int			nblks;
22860 	int			i;
22861 
22862 	ASSERT(mutex_owned(SD_MUTEX(un)));
22863 
22864 	/*
22865 	 * Return vtoc structure fields in the provided VTOC area, addressed
22866 	 * by *vtoc.
22867 	 */
22868 	bzero(user_vtoc, sizeof (struct vtoc));
22869 	user_vtoc->v_bootinfo[0] = un->un_vtoc.v_bootinfo[0];
22870 	user_vtoc->v_bootinfo[1] = un->un_vtoc.v_bootinfo[1];
22871 	user_vtoc->v_bootinfo[2] = un->un_vtoc.v_bootinfo[2];
22872 	user_vtoc->v_sanity	= VTOC_SANE;
22873 	user_vtoc->v_version	= un->un_vtoc.v_version;
22874 	bcopy(un->un_vtoc.v_volume, user_vtoc->v_volume, LEN_DKL_VVOL);
22875 	user_vtoc->v_sectorsz = un->un_sys_blocksize;
22876 	user_vtoc->v_nparts = un->un_vtoc.v_nparts;
22877 	bcopy(un->un_vtoc.v_reserved, user_vtoc->v_reserved,
22878 	    sizeof (un->un_vtoc.v_reserved));
22879 	/*
22880 	 * Convert partitioning information.
22881 	 *
22882 	 * Note the conversion from starting cylinder number
22883 	 * to starting sector number.
22884 	 */
22885 	lmap = un->un_map;
22886 	lpart = (struct dk_map2 *)un->un_vtoc.v_part;
22887 	vpart = user_vtoc->v_part;
22888 
22889 	nblks = un->un_g.dkg_nsect * un->un_g.dkg_nhead;
22890 
22891 	for (i = 0; i < V_NUMPAR; i++) {
22892 		vpart->p_tag	= lpart->p_tag;
22893 		vpart->p_flag	= lpart->p_flag;
22894 		vpart->p_start	= lmap->dkl_cylno * nblks;
22895 		vpart->p_size	= lmap->dkl_nblk;
22896 		lmap++;
22897 		lpart++;
22898 		vpart++;
22899 
22900 		/* (4364927) */
22901 		user_vtoc->timestamp[i] = (time_t)un->un_vtoc.v_timestamp[i];
22902 	}
22903 
22904 	bcopy(un->un_asciilabel, user_vtoc->v_asciilabel, LEN_DKL_ASCII);
22905 }
22906 
22907 static int
22908 sd_dkio_partition(dev_t dev, caddr_t arg, int flag)
22909 {
22910 	struct sd_lun		*un = NULL;
22911 	struct partition64	p64;
22912 	int			rval = 0;
22913 	uint_t			nparts;
22914 	efi_gpe_t		*partitions;
22915 	efi_gpt_t		*buffer;
22916 	diskaddr_t		gpe_lba;
22917 
22918 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22919 		return (ENXIO);
22920 	}
22921 
22922 	if (ddi_copyin((const void *)arg, &p64,
22923 	    sizeof (struct partition64), flag)) {
22924 		return (EFAULT);
22925 	}
22926 
22927 	buffer = kmem_alloc(EFI_MIN_ARRAY_SIZE, KM_SLEEP);
22928 	rval = sd_send_scsi_READ(un, buffer, DEV_BSIZE,
22929 		1, SD_PATH_DIRECT);
22930 	if (rval != 0)
22931 		goto done_error;
22932 
22933 	sd_swap_efi_gpt(buffer);
22934 
22935 	if ((rval = sd_validate_efi(buffer)) != 0)
22936 		goto done_error;
22937 
22938 	nparts = buffer->efi_gpt_NumberOfPartitionEntries;
22939 	gpe_lba = buffer->efi_gpt_PartitionEntryLBA;
22940 	if (p64.p_partno > nparts) {
22941 		/* couldn't find it */
22942 		rval = ESRCH;
22943 		goto done_error;
22944 	}
22945 	/*
22946 	 * if we're dealing with a partition that's out of the normal
22947 	 * 16K block, adjust accordingly
22948 	 */
22949 	gpe_lba += p64.p_partno / sizeof (efi_gpe_t);
22950 	rval = sd_send_scsi_READ(un, buffer, EFI_MIN_ARRAY_SIZE,
22951 			gpe_lba, SD_PATH_DIRECT);
22952 	if (rval) {
22953 		goto done_error;
22954 	}
22955 	partitions = (efi_gpe_t *)buffer;
22956 
22957 	sd_swap_efi_gpe(nparts, partitions);
22958 
22959 	partitions += p64.p_partno;
22960 	bcopy(&partitions->efi_gpe_PartitionTypeGUID, &p64.p_type,
22961 	    sizeof (struct uuid));
22962 	p64.p_start = partitions->efi_gpe_StartingLBA;
22963 	p64.p_size = partitions->efi_gpe_EndingLBA -
22964 			p64.p_start + 1;
22965 
22966 	if (ddi_copyout(&p64, (void *)arg, sizeof (struct partition64), flag))
22967 		rval = EFAULT;
22968 
22969 done_error:
22970 	kmem_free(buffer, EFI_MIN_ARRAY_SIZE);
22971 	return (rval);
22972 }
22973 
22974 
22975 /*
22976  *    Function: sd_dkio_set_vtoc
22977  *
22978  * Description: This routine is the driver entry point for handling user
22979  *		requests to set the current volume table of contents
22980  *		(DKIOCSVTOC).
22981  *
22982  *   Arguments: dev  - the device number
22983  *		arg  - pointer to user provided vtoc structure used to set the
22984  *			current vtoc.
22985  *		flag - this argument is a pass through to ddi_copyxxx()
22986  *		       directly from the mode argument of ioctl().
22987  *
22988  * Return Code: 0
22989  *		EFAULT
22990  *		ENXIO
22991  *		EINVAL
22992  *		ENOTSUP
22993  */
22994 
22995 static int
22996 sd_dkio_set_vtoc(dev_t dev, caddr_t arg, int flag)
22997 {
22998 	struct sd_lun	*un = NULL;
22999 	struct vtoc	user_vtoc;
23000 	int		rval = 0;
23001 
23002 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
23003 		return (ENXIO);
23004 	}
23005 
23006 #if defined(__i386) || defined(__amd64)
23007 	if (un->un_tgt_blocksize != un->un_sys_blocksize) {
23008 		return (EINVAL);
23009 	}
23010 #endif
23011 
23012 #ifdef _MULTI_DATAMODEL
23013 	switch (ddi_model_convert_from(flag & FMODELS)) {
23014 	case DDI_MODEL_ILP32: {
23015 		struct vtoc32 user_vtoc32;
23016 
23017 		if (ddi_copyin((const void *)arg, &user_vtoc32,
23018 		    sizeof (struct vtoc32), flag)) {
23019 			return (EFAULT);
23020 		}
23021 		vtoc32tovtoc(user_vtoc32, user_vtoc);
23022 		break;
23023 	}
23024 
23025 	case DDI_MODEL_NONE:
23026 		if (ddi_copyin((const void *)arg, &user_vtoc,
23027 		    sizeof (struct vtoc), flag)) {
23028 			return (EFAULT);
23029 		}
23030 		break;
23031 	}
23032 #else /* ! _MULTI_DATAMODEL */
23033 	if (ddi_copyin((const void *)arg, &user_vtoc,
23034 	    sizeof (struct vtoc), flag)) {
23035 		return (EFAULT);
23036 	}
23037 #endif /* _MULTI_DATAMODEL */
23038 
23039 	mutex_enter(SD_MUTEX(un));
23040 	if (un->un_blockcount > DK_MAX_BLOCKS) {
23041 		mutex_exit(SD_MUTEX(un));
23042 		return (ENOTSUP);
23043 	}
23044 	if (un->un_g.dkg_ncyl == 0) {
23045 		mutex_exit(SD_MUTEX(un));
23046 		return (EINVAL);
23047 	}
23048 
23049 	mutex_exit(SD_MUTEX(un));
23050 	sd_clear_efi(un);
23051 	ddi_remove_minor_node(SD_DEVINFO(un), "wd");
23052 	ddi_remove_minor_node(SD_DEVINFO(un), "wd,raw");
23053 	(void) ddi_create_minor_node(SD_DEVINFO(un), "h",
23054 	    S_IFBLK, (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
23055 	    un->un_node_type, NULL);
23056 	(void) ddi_create_minor_node(SD_DEVINFO(un), "h,raw",
23057 	    S_IFCHR, (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
23058 	    un->un_node_type, NULL);
23059 	mutex_enter(SD_MUTEX(un));
23060 
23061 	if ((rval = sd_build_label_vtoc(un, &user_vtoc)) == 0) {
23062 		if ((rval = sd_write_label(dev)) == 0) {
23063 			if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT))
23064 			    != 0) {
23065 				SD_ERROR(SD_LOG_IOCTL_DKIO, un,
23066 				    "sd_dkio_set_vtoc: "
23067 				    "Failed validate geometry\n");
23068 			}
23069 		}
23070 	}
23071 
23072 	/*
23073 	 * If sd_build_label_vtoc, or sd_write_label failed above write the
23074 	 * devid anyway, what can it hurt? Also preserve the device id by
23075 	 * writing to the disk acyl for the case where a devid has been
23076 	 * fabricated.
23077 	 */
23078 	if (un->un_f_devid_supported &&
23079 	    (un->un_f_opt_fab_devid == TRUE)) {
23080 		if (un->un_devid == NULL) {
23081 			sd_register_devid(un, SD_DEVINFO(un),
23082 			    SD_TARGET_IS_UNRESERVED);
23083 		} else {
23084 			/*
23085 			 * The device id for this disk has been
23086 			 * fabricated. Fabricated device id's are
23087 			 * managed by storing them in the last 2
23088 			 * available sectors on the drive. The device
23089 			 * id must be preserved by writing it back out
23090 			 * to this location.
23091 			 */
23092 			if (sd_write_deviceid(un) != 0) {
23093 				ddi_devid_free(un->un_devid);
23094 				un->un_devid = NULL;
23095 			}
23096 		}
23097 	}
23098 	mutex_exit(SD_MUTEX(un));
23099 	return (rval);
23100 }
23101 
23102 
23103 /*
23104  *    Function: sd_build_label_vtoc
23105  *
23106  * Description: This routine updates the driver soft state current volume table
23107  *		of contents based on a user specified vtoc.
23108  *
23109  *   Arguments: un - driver soft state (unit) structure
23110  *		user_vtoc - pointer to vtoc structure specifying vtoc to be used
23111  *			    to update the driver soft state.
23112  *
23113  * Return Code: 0
23114  *		EINVAL
23115  */
23116 
23117 static int
23118 sd_build_label_vtoc(struct sd_lun *un, struct vtoc *user_vtoc)
23119 {
23120 	struct dk_map		*lmap;
23121 	struct partition	*vpart;
23122 	int			nblks;
23123 #if defined(_SUNOS_VTOC_8)
23124 	int			ncyl;
23125 	struct dk_map2		*lpart;
23126 #endif	/* defined(_SUNOS_VTOC_8) */
23127 	int			i;
23128 
23129 	ASSERT(mutex_owned(SD_MUTEX(un)));
23130 
23131 	/* Sanity-check the vtoc */
23132 	if (user_vtoc->v_sanity != VTOC_SANE ||
23133 	    user_vtoc->v_sectorsz != un->un_sys_blocksize ||
23134 	    user_vtoc->v_nparts != V_NUMPAR) {
23135 		return (EINVAL);
23136 	}
23137 
23138 	nblks = un->un_g.dkg_nsect * un->un_g.dkg_nhead;
23139 	if (nblks == 0) {
23140 		return (EINVAL);
23141 	}
23142 
23143 #if defined(_SUNOS_VTOC_8)
23144 	vpart = user_vtoc->v_part;
23145 	for (i = 0; i < V_NUMPAR; i++) {
23146 		if ((vpart->p_start % nblks) != 0) {
23147 			return (EINVAL);
23148 		}
23149 		ncyl = vpart->p_start / nblks;
23150 		ncyl += vpart->p_size / nblks;
23151 		if ((vpart->p_size % nblks) != 0) {
23152 			ncyl++;
23153 		}
23154 		if (ncyl > (int)un->un_g.dkg_ncyl) {
23155 			return (EINVAL);
23156 		}
23157 		vpart++;
23158 	}
23159 #endif	/* defined(_SUNOS_VTOC_8) */
23160 
23161 	/* Put appropriate vtoc structure fields into the disk label */
23162 #if defined(_SUNOS_VTOC_16)
23163 	/*
23164 	 * The vtoc is always a 32bit data structure to maintain the
23165 	 * on-disk format. Convert "in place" instead of bcopying it.
23166 	 */
23167 	vtoctovtoc32((*user_vtoc), (*((struct vtoc32 *)&(un->un_vtoc))));
23168 
23169 	/*
23170 	 * in the 16-slice vtoc, starting sectors are expressed in
23171 	 * numbers *relative* to the start of the Solaris fdisk partition.
23172 	 */
23173 	lmap = un->un_map;
23174 	vpart = user_vtoc->v_part;
23175 
23176 	for (i = 0; i < (int)user_vtoc->v_nparts; i++, lmap++, vpart++) {
23177 		lmap->dkl_cylno = vpart->p_start / nblks;
23178 		lmap->dkl_nblk = vpart->p_size;
23179 	}
23180 
23181 #elif defined(_SUNOS_VTOC_8)
23182 
23183 	un->un_vtoc.v_bootinfo[0] = (uint32_t)user_vtoc->v_bootinfo[0];
23184 	un->un_vtoc.v_bootinfo[1] = (uint32_t)user_vtoc->v_bootinfo[1];
23185 	un->un_vtoc.v_bootinfo[2] = (uint32_t)user_vtoc->v_bootinfo[2];
23186 
23187 	un->un_vtoc.v_sanity = (uint32_t)user_vtoc->v_sanity;
23188 	un->un_vtoc.v_version = (uint32_t)user_vtoc->v_version;
23189 
23190 	bcopy(user_vtoc->v_volume, un->un_vtoc.v_volume, LEN_DKL_VVOL);
23191 
23192 	un->un_vtoc.v_nparts = user_vtoc->v_nparts;
23193 
23194 	bcopy(user_vtoc->v_reserved, un->un_vtoc.v_reserved,
23195 	    sizeof (un->un_vtoc.v_reserved));
23196 
23197 	/*
23198 	 * Note the conversion from starting sector number
23199 	 * to starting cylinder number.
23200 	 * Return error if division results in a remainder.
23201 	 */
23202 	lmap = un->un_map;
23203 	lpart = un->un_vtoc.v_part;
23204 	vpart = user_vtoc->v_part;
23205 
23206 	for (i = 0; i < (int)user_vtoc->v_nparts; i++) {
23207 		lpart->p_tag  = vpart->p_tag;
23208 		lpart->p_flag = vpart->p_flag;
23209 		lmap->dkl_cylno = vpart->p_start / nblks;
23210 		lmap->dkl_nblk = vpart->p_size;
23211 
23212 		lmap++;
23213 		lpart++;
23214 		vpart++;
23215 
23216 		/* (4387723) */
23217 #ifdef _LP64
23218 		if (user_vtoc->timestamp[i] > TIME32_MAX) {
23219 			un->un_vtoc.v_timestamp[i] = TIME32_MAX;
23220 		} else {
23221 			un->un_vtoc.v_timestamp[i] = user_vtoc->timestamp[i];
23222 		}
23223 #else
23224 		un->un_vtoc.v_timestamp[i] = user_vtoc->timestamp[i];
23225 #endif
23226 	}
23227 
23228 	bcopy(user_vtoc->v_asciilabel, un->un_asciilabel, LEN_DKL_ASCII);
23229 #else
23230 #error "No VTOC format defined."
23231 #endif
23232 	return (0);
23233 }
23234 
23235 /*
23236  *    Function: sd_clear_efi
23237  *
23238  * Description: This routine clears all EFI labels.
23239  *
23240  *   Arguments: un - driver soft state (unit) structure
23241  *
23242  * Return Code: void
23243  */
23244 
23245 static void
23246 sd_clear_efi(struct sd_lun *un)
23247 {
23248 	efi_gpt_t	*gpt;
23249 	uint_t		lbasize;
23250 	uint64_t	cap;
23251 	int rval;
23252 
23253 	ASSERT(!mutex_owned(SD_MUTEX(un)));
23254 
23255 	gpt = kmem_alloc(sizeof (efi_gpt_t), KM_SLEEP);
23256 
23257 	if (sd_send_scsi_READ(un, gpt, DEV_BSIZE, 1, SD_PATH_DIRECT) != 0) {
23258 		goto done;
23259 	}
23260 
23261 	sd_swap_efi_gpt(gpt);
23262 	rval = sd_validate_efi(gpt);
23263 	if (rval == 0) {
23264 		/* clear primary */
23265 		bzero(gpt, sizeof (efi_gpt_t));
23266 		if ((rval = sd_send_scsi_WRITE(un, gpt, EFI_LABEL_SIZE, 1,
23267 			SD_PATH_DIRECT))) {
23268 			SD_INFO(SD_LOG_IO_PARTITION, un,
23269 				"sd_clear_efi: clear primary label failed\n");
23270 		}
23271 	}
23272 	/* the backup */
23273 	rval = sd_send_scsi_READ_CAPACITY(un, &cap, &lbasize,
23274 	    SD_PATH_DIRECT);
23275 	if (rval) {
23276 		goto done;
23277 	}
23278 	/*
23279 	 * The MMC standard allows READ CAPACITY to be
23280 	 * inaccurate by a bounded amount (in the interest of
23281 	 * response latency).  As a result, failed READs are
23282 	 * commonplace (due to the reading of metadata and not
23283 	 * data). Depending on the per-Vendor/drive Sense data,
23284 	 * the failed READ can cause many (unnecessary) retries.
23285 	 */
23286 	if ((rval = sd_send_scsi_READ(un, gpt, lbasize,
23287 	    cap - 1, ISCD(un) ? SD_PATH_DIRECT_PRIORITY :
23288 		SD_PATH_DIRECT)) != 0) {
23289 		goto done;
23290 	}
23291 	sd_swap_efi_gpt(gpt);
23292 	rval = sd_validate_efi(gpt);
23293 	if (rval == 0) {
23294 		/* clear backup */
23295 		SD_TRACE(SD_LOG_IOCTL, un, "sd_clear_efi clear backup@%lu\n",
23296 			cap-1);
23297 		bzero(gpt, sizeof (efi_gpt_t));
23298 		if ((rval = sd_send_scsi_WRITE(un, gpt, EFI_LABEL_SIZE,
23299 		    cap-1, SD_PATH_DIRECT))) {
23300 			SD_INFO(SD_LOG_IO_PARTITION, un,
23301 				"sd_clear_efi: clear backup label failed\n");
23302 		}
23303 	}
23304 
23305 done:
23306 	kmem_free(gpt, sizeof (efi_gpt_t));
23307 }
23308 
23309 /*
23310  *    Function: sd_set_vtoc
23311  *
23312  * Description: This routine writes data to the appropriate positions
23313  *
23314  *   Arguments: un - driver soft state (unit) structure
23315  *              dkl  - the data to be written
23316  *
23317  * Return: void
23318  */
23319 
23320 static int
23321 sd_set_vtoc(struct sd_lun *un, struct dk_label *dkl)
23322 {
23323 	void			*shadow_buf;
23324 	uint_t			label_addr;
23325 	int			sec;
23326 	int			blk;
23327 	int			head;
23328 	int			cyl;
23329 	int			rval;
23330 
23331 #if defined(__i386) || defined(__amd64)
23332 	label_addr = un->un_solaris_offset + DK_LABEL_LOC;
23333 #else
23334 	/* Write the primary label at block 0 of the solaris partition. */
23335 	label_addr = 0;
23336 #endif
23337 
23338 	if (NOT_DEVBSIZE(un)) {
23339 		shadow_buf = kmem_zalloc(un->un_tgt_blocksize, KM_SLEEP);
23340 		/*
23341 		 * Read the target's first block.
23342 		 */
23343 		if ((rval = sd_send_scsi_READ(un, shadow_buf,
23344 		    un->un_tgt_blocksize, label_addr,
23345 		    SD_PATH_STANDARD)) != 0) {
23346 			goto exit;
23347 		}
23348 		/*
23349 		 * Copy the contents of the label into the shadow buffer
23350 		 * which is of the size of target block size.
23351 		 */
23352 		bcopy(dkl, shadow_buf, sizeof (struct dk_label));
23353 	}
23354 
23355 	/* Write the primary label */
23356 	if (NOT_DEVBSIZE(un)) {
23357 		rval = sd_send_scsi_WRITE(un, shadow_buf, un->un_tgt_blocksize,
23358 		    label_addr, SD_PATH_STANDARD);
23359 	} else {
23360 		rval = sd_send_scsi_WRITE(un, dkl, un->un_sys_blocksize,
23361 		    label_addr, SD_PATH_STANDARD);
23362 	}
23363 	if (rval != 0) {
23364 		return (rval);
23365 	}
23366 
23367 	/*
23368 	 * Calculate where the backup labels go.  They are always on
23369 	 * the last alternate cylinder, but some older drives put them
23370 	 * on head 2 instead of the last head.	They are always on the
23371 	 * first 5 odd sectors of the appropriate track.
23372 	 *
23373 	 * We have no choice at this point, but to believe that the
23374 	 * disk label is valid.	 Use the geometry of the disk
23375 	 * as described in the label.
23376 	 */
23377 	cyl  = dkl->dkl_ncyl  + dkl->dkl_acyl - 1;
23378 	head = dkl->dkl_nhead - 1;
23379 
23380 	/*
23381 	 * Write and verify the backup labels. Make sure we don't try to
23382 	 * write past the last cylinder.
23383 	 */
23384 	for (sec = 1; ((sec < 5 * 2 + 1) && (sec < dkl->dkl_nsect)); sec += 2) {
23385 		blk = (daddr_t)(
23386 		    (cyl * ((dkl->dkl_nhead * dkl->dkl_nsect) - dkl->dkl_apc)) +
23387 		    (head * dkl->dkl_nsect) + sec);
23388 #if defined(__i386) || defined(__amd64)
23389 		blk += un->un_solaris_offset;
23390 #endif
23391 		if (NOT_DEVBSIZE(un)) {
23392 			uint64_t	tblk;
23393 			/*
23394 			 * Need to read the block first for read modify write.
23395 			 */
23396 			tblk = (uint64_t)blk;
23397 			blk = (int)((tblk * un->un_sys_blocksize) /
23398 			    un->un_tgt_blocksize);
23399 			if ((rval = sd_send_scsi_READ(un, shadow_buf,
23400 			    un->un_tgt_blocksize, blk,
23401 			    SD_PATH_STANDARD)) != 0) {
23402 				goto exit;
23403 			}
23404 			/*
23405 			 * Modify the shadow buffer with the label.
23406 			 */
23407 			bcopy(dkl, shadow_buf, sizeof (struct dk_label));
23408 			rval = sd_send_scsi_WRITE(un, shadow_buf,
23409 			    un->un_tgt_blocksize, blk, SD_PATH_STANDARD);
23410 		} else {
23411 			rval = sd_send_scsi_WRITE(un, dkl, un->un_sys_blocksize,
23412 			    blk, SD_PATH_STANDARD);
23413 			SD_INFO(SD_LOG_IO_PARTITION, un,
23414 			"sd_set_vtoc: wrote backup label %d\n", blk);
23415 		}
23416 		if (rval != 0) {
23417 			goto exit;
23418 		}
23419 	}
23420 exit:
23421 	if (NOT_DEVBSIZE(un)) {
23422 		kmem_free(shadow_buf, un->un_tgt_blocksize);
23423 	}
23424 	return (rval);
23425 }
23426 
23427 /*
23428  *    Function: sd_clear_vtoc
23429  *
23430  * Description: This routine clears out the VTOC labels.
23431  *
23432  *   Arguments: un - driver soft state (unit) structure
23433  *
23434  * Return: void
23435  */
23436 
23437 static void
23438 sd_clear_vtoc(struct sd_lun *un)
23439 {
23440 	struct dk_label		*dkl;
23441 
23442 	mutex_exit(SD_MUTEX(un));
23443 	dkl = kmem_zalloc(sizeof (struct dk_label), KM_SLEEP);
23444 	mutex_enter(SD_MUTEX(un));
23445 	/*
23446 	 * sd_set_vtoc uses these fields in order to figure out
23447 	 * where to overwrite the backup labels
23448 	 */
23449 	dkl->dkl_apc    = un->un_g.dkg_apc;
23450 	dkl->dkl_ncyl   = un->un_g.dkg_ncyl;
23451 	dkl->dkl_acyl   = un->un_g.dkg_acyl;
23452 	dkl->dkl_nhead  = un->un_g.dkg_nhead;
23453 	dkl->dkl_nsect  = un->un_g.dkg_nsect;
23454 	mutex_exit(SD_MUTEX(un));
23455 	(void) sd_set_vtoc(un, dkl);
23456 	kmem_free(dkl, sizeof (struct dk_label));
23457 
23458 	mutex_enter(SD_MUTEX(un));
23459 }
23460 
23461 /*
23462  *    Function: sd_write_label
23463  *
23464  * Description: This routine will validate and write the driver soft state vtoc
23465  *		contents to the device.
23466  *
23467  *   Arguments: dev - the device number
23468  *
23469  * Return Code: the code returned by sd_send_scsi_cmd()
23470  *		0
23471  *		EINVAL
23472  *		ENXIO
23473  *		ENOMEM
23474  */
23475 
23476 static int
23477 sd_write_label(dev_t dev)
23478 {
23479 	struct sd_lun		*un;
23480 	struct dk_label		*dkl;
23481 	short			sum;
23482 	short			*sp;
23483 	int			i;
23484 	int			rval;
23485 
23486 	if (((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) ||
23487 	    (un->un_state == SD_STATE_OFFLINE)) {
23488 		return (ENXIO);
23489 	}
23490 	ASSERT(mutex_owned(SD_MUTEX(un)));
23491 	mutex_exit(SD_MUTEX(un));
23492 	dkl = kmem_zalloc(sizeof (struct dk_label), KM_SLEEP);
23493 	mutex_enter(SD_MUTEX(un));
23494 
23495 	bcopy(&un->un_vtoc, &dkl->dkl_vtoc, sizeof (struct dk_vtoc));
23496 	dkl->dkl_rpm	= un->un_g.dkg_rpm;
23497 	dkl->dkl_pcyl	= un->un_g.dkg_pcyl;
23498 	dkl->dkl_apc	= un->un_g.dkg_apc;
23499 	dkl->dkl_intrlv = un->un_g.dkg_intrlv;
23500 	dkl->dkl_ncyl	= un->un_g.dkg_ncyl;
23501 	dkl->dkl_acyl	= un->un_g.dkg_acyl;
23502 	dkl->dkl_nhead	= un->un_g.dkg_nhead;
23503 	dkl->dkl_nsect	= un->un_g.dkg_nsect;
23504 
23505 #if defined(_SUNOS_VTOC_8)
23506 	dkl->dkl_obs1	= un->un_g.dkg_obs1;
23507 	dkl->dkl_obs2	= un->un_g.dkg_obs2;
23508 	dkl->dkl_obs3	= un->un_g.dkg_obs3;
23509 	for (i = 0; i < NDKMAP; i++) {
23510 		dkl->dkl_map[i].dkl_cylno = un->un_map[i].dkl_cylno;
23511 		dkl->dkl_map[i].dkl_nblk  = un->un_map[i].dkl_nblk;
23512 	}
23513 	bcopy(un->un_asciilabel, dkl->dkl_asciilabel, LEN_DKL_ASCII);
23514 #elif defined(_SUNOS_VTOC_16)
23515 	dkl->dkl_skew	= un->un_dkg_skew;
23516 #else
23517 #error "No VTOC format defined."
23518 #endif
23519 
23520 	dkl->dkl_magic			= DKL_MAGIC;
23521 	dkl->dkl_write_reinstruct	= un->un_g.dkg_write_reinstruct;
23522 	dkl->dkl_read_reinstruct	= un->un_g.dkg_read_reinstruct;
23523 
23524 	/* Construct checksum for the new disk label */
23525 	sum = 0;
23526 	sp = (short *)dkl;
23527 	i = sizeof (struct dk_label) / sizeof (short);
23528 	while (i--) {
23529 		sum ^= *sp++;
23530 	}
23531 	dkl->dkl_cksum = sum;
23532 
23533 	mutex_exit(SD_MUTEX(un));
23534 
23535 	rval = sd_set_vtoc(un, dkl);
23536 exit:
23537 	kmem_free(dkl, sizeof (struct dk_label));
23538 	mutex_enter(SD_MUTEX(un));
23539 	return (rval);
23540 }
23541 
23542 static int
23543 sd_dkio_set_efi(dev_t dev, caddr_t arg, int flag)
23544 {
23545 	struct sd_lun	*un = NULL;
23546 	dk_efi_t	user_efi;
23547 	int		rval = 0;
23548 	void		*buffer;
23549 
23550 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL)
23551 		return (ENXIO);
23552 
23553 	if (ddi_copyin(arg, &user_efi, sizeof (dk_efi_t), flag))
23554 		return (EFAULT);
23555 
23556 	user_efi.dki_data = (void *)(uintptr_t)user_efi.dki_data_64;
23557 
23558 	if ((user_efi.dki_length % un->un_tgt_blocksize) ||
23559 	    (user_efi.dki_length > un->un_max_xfer_size))
23560 		return (EINVAL);
23561 
23562 	buffer = kmem_alloc(user_efi.dki_length, KM_SLEEP);
23563 	if (ddi_copyin(user_efi.dki_data, buffer, user_efi.dki_length, flag)) {
23564 		rval = EFAULT;
23565 	} else {
23566 		/*
23567 		 * let's clear the vtoc labels and clear the softstate
23568 		 * vtoc.
23569 		 */
23570 		mutex_enter(SD_MUTEX(un));
23571 		if (un->un_vtoc.v_sanity == VTOC_SANE) {
23572 			SD_TRACE(SD_LOG_IO_PARTITION, un,
23573 				"sd_dkio_set_efi: CLEAR VTOC\n");
23574 			sd_clear_vtoc(un);
23575 			bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
23576 			mutex_exit(SD_MUTEX(un));
23577 			ddi_remove_minor_node(SD_DEVINFO(un), "h");
23578 			ddi_remove_minor_node(SD_DEVINFO(un), "h,raw");
23579 			(void) ddi_create_minor_node(SD_DEVINFO(un), "wd",
23580 			    S_IFBLK,
23581 			    (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
23582 			    un->un_node_type, NULL);
23583 			(void) ddi_create_minor_node(SD_DEVINFO(un), "wd,raw",
23584 			    S_IFCHR,
23585 			    (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
23586 			    un->un_node_type, NULL);
23587 		} else
23588 			mutex_exit(SD_MUTEX(un));
23589 		rval = sd_send_scsi_WRITE(un, buffer, user_efi.dki_length,
23590 		    user_efi.dki_lba, SD_PATH_DIRECT);
23591 		if (rval == 0) {
23592 			mutex_enter(SD_MUTEX(un));
23593 			un->un_f_geometry_is_valid = FALSE;
23594 			mutex_exit(SD_MUTEX(un));
23595 		}
23596 	}
23597 	kmem_free(buffer, user_efi.dki_length);
23598 	return (rval);
23599 }
23600 
23601 /*
23602  *    Function: sd_dkio_get_mboot
23603  *
23604  * Description: This routine is the driver entry point for handling user
23605  *		requests to get the current device mboot (DKIOCGMBOOT)
23606  *
23607  *   Arguments: dev  - the device number
23608  *		arg  - pointer to user provided mboot structure specifying
23609  *			the current mboot.
23610  *		flag - this argument is a pass through to ddi_copyxxx()
23611  *		       directly from the mode argument of ioctl().
23612  *
23613  * Return Code: 0
23614  *		EINVAL
23615  *		EFAULT
23616  *		ENXIO
23617  */
23618 
23619 static int
23620 sd_dkio_get_mboot(dev_t dev, caddr_t arg, int flag)
23621 {
23622 	struct sd_lun	*un;
23623 	struct mboot	*mboot;
23624 	int		rval;
23625 	size_t		buffer_size;
23626 
23627 	if (((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) ||
23628 	    (un->un_state == SD_STATE_OFFLINE)) {
23629 		return (ENXIO);
23630 	}
23631 
23632 	if (!un->un_f_mboot_supported || arg == NULL) {
23633 		return (EINVAL);
23634 	}
23635 
23636 	/*
23637 	 * Read the mboot block, located at absolute block 0 on the target.
23638 	 */
23639 	buffer_size = SD_REQBYTES2TGTBYTES(un, sizeof (struct mboot));
23640 
23641 	SD_TRACE(SD_LOG_IO_PARTITION, un,
23642 	    "sd_dkio_get_mboot: allocation size: 0x%x\n", buffer_size);
23643 
23644 	mboot = kmem_zalloc(buffer_size, KM_SLEEP);
23645 	if ((rval = sd_send_scsi_READ(un, mboot, buffer_size, 0,
23646 	    SD_PATH_STANDARD)) == 0) {
23647 		if (ddi_copyout(mboot, (void *)arg,
23648 		    sizeof (struct mboot), flag) != 0) {
23649 			rval = EFAULT;
23650 		}
23651 	}
23652 	kmem_free(mboot, buffer_size);
23653 	return (rval);
23654 }
23655 
23656 
23657 /*
23658  *    Function: sd_dkio_set_mboot
23659  *
23660  * Description: This routine is the driver entry point for handling user
23661  *		requests to validate and set the device master boot
23662  *		(DKIOCSMBOOT).
23663  *
23664  *   Arguments: dev  - the device number
23665  *		arg  - pointer to user provided mboot structure used to set the
23666  *			master boot.
23667  *		flag - this argument is a pass through to ddi_copyxxx()
23668  *		       directly from the mode argument of ioctl().
23669  *
23670  * Return Code: 0
23671  *		EINVAL
23672  *		EFAULT
23673  *		ENXIO
23674  */
23675 
23676 static int
23677 sd_dkio_set_mboot(dev_t dev, caddr_t arg, int flag)
23678 {
23679 	struct sd_lun	*un = NULL;
23680 	struct mboot	*mboot = NULL;
23681 	int		rval;
23682 	ushort_t	magic;
23683 
23684 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
23685 		return (ENXIO);
23686 	}
23687 
23688 	ASSERT(!mutex_owned(SD_MUTEX(un)));
23689 
23690 	if (!un->un_f_mboot_supported) {
23691 		return (EINVAL);
23692 	}
23693 
23694 	if (arg == NULL) {
23695 		return (EINVAL);
23696 	}
23697 
23698 	mboot = kmem_zalloc(sizeof (struct mboot), KM_SLEEP);
23699 
23700 	if (ddi_copyin((const void *)arg, mboot,
23701 	    sizeof (struct mboot), flag) != 0) {
23702 		kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23703 		return (EFAULT);
23704 	}
23705 
23706 	/* Is this really a master boot record? */
23707 	magic = LE_16(mboot->signature);
23708 	if (magic != MBB_MAGIC) {
23709 		kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23710 		return (EINVAL);
23711 	}
23712 
23713 	rval = sd_send_scsi_WRITE(un, mboot, un->un_sys_blocksize, 0,
23714 	    SD_PATH_STANDARD);
23715 
23716 	mutex_enter(SD_MUTEX(un));
23717 #if defined(__i386) || defined(__amd64)
23718 	if (rval == 0) {
23719 		/*
23720 		 * mboot has been written successfully.
23721 		 * update the fdisk and vtoc tables in memory
23722 		 */
23723 		rval = sd_update_fdisk_and_vtoc(un);
23724 		if ((un->un_f_geometry_is_valid == FALSE) || (rval != 0)) {
23725 			mutex_exit(SD_MUTEX(un));
23726 			kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23727 			return (rval);
23728 		}
23729 	}
23730 
23731 	/*
23732 	 * If the mboot write fails, write the devid anyway, what can it hurt?
23733 	 * Also preserve the device id by writing to the disk acyl for the case
23734 	 * where a devid has been fabricated.
23735 	 */
23736 	if (un->un_f_devid_supported && un->un_f_opt_fab_devid) {
23737 		if (un->un_devid == NULL) {
23738 			sd_register_devid(un, SD_DEVINFO(un),
23739 			    SD_TARGET_IS_UNRESERVED);
23740 		} else {
23741 			/*
23742 			 * The device id for this disk has been
23743 			 * fabricated. Fabricated device id's are
23744 			 * managed by storing them in the last 2
23745 			 * available sectors on the drive. The device
23746 			 * id must be preserved by writing it back out
23747 			 * to this location.
23748 			 */
23749 			if (sd_write_deviceid(un) != 0) {
23750 				ddi_devid_free(un->un_devid);
23751 				un->un_devid = NULL;
23752 			}
23753 		}
23754 	}
23755 
23756 #ifdef __lock_lint
23757 	sd_setup_default_geometry(un);
23758 #endif
23759 
23760 #else
23761 	if (rval == 0) {
23762 		/*
23763 		 * mboot has been written successfully.
23764 		 * set up the default geometry and VTOC
23765 		 */
23766 		if (un->un_blockcount <= DK_MAX_BLOCKS)
23767 			sd_setup_default_geometry(un);
23768 	}
23769 #endif
23770 	mutex_exit(SD_MUTEX(un));
23771 	kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23772 	return (rval);
23773 }
23774 
23775 
23776 /*
23777  *    Function: sd_setup_default_geometry
23778  *
23779  * Description: This local utility routine sets the default geometry as part of
23780  *		setting the device mboot.
23781  *
23782  *   Arguments: un - driver soft state (unit) structure
23783  *
23784  * Note: This may be redundant with sd_build_default_label.
23785  */
23786 
23787 static void
23788 sd_setup_default_geometry(struct sd_lun *un)
23789 {
23790 	/* zero out the soft state geometry and partition table. */
23791 	bzero(&un->un_g, sizeof (struct dk_geom));
23792 	bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
23793 	bzero(un->un_map, NDKMAP * (sizeof (struct dk_map)));
23794 	un->un_asciilabel[0] = '\0';
23795 
23796 	/*
23797 	 * For the rpm, we use the minimum for the disk.
23798 	 * For the head, cyl and number of sector per track,
23799 	 * if the capacity <= 1GB, head = 64, sect = 32.
23800 	 * else head = 255, sect 63
23801 	 * Note: the capacity should be equal to C*H*S values.
23802 	 * This will cause some truncation of size due to
23803 	 * round off errors. For CD-ROMs, this truncation can
23804 	 * have adverse side effects, so returning ncyl and
23805 	 * nhead as 1. The nsect will overflow for most of
23806 	 * CD-ROMs as nsect is of type ushort.
23807 	 */
23808 	if (ISCD(un)) {
23809 		un->un_g.dkg_ncyl = 1;
23810 		un->un_g.dkg_nhead = 1;
23811 		un->un_g.dkg_nsect = un->un_blockcount;
23812 	} else {
23813 		if (un->un_blockcount <= 0x1000) {
23814 			/* Needed for unlabeled SCSI floppies. */
23815 			un->un_g.dkg_nhead = 2;
23816 			un->un_g.dkg_ncyl = 80;
23817 			un->un_g.dkg_pcyl = 80;
23818 			un->un_g.dkg_nsect = un->un_blockcount / (2 * 80);
23819 		} else if (un->un_blockcount <= 0x200000) {
23820 			un->un_g.dkg_nhead = 64;
23821 			un->un_g.dkg_nsect = 32;
23822 			un->un_g.dkg_ncyl = un->un_blockcount / (64 * 32);
23823 		} else {
23824 			un->un_g.dkg_nhead = 255;
23825 			un->un_g.dkg_nsect = 63;
23826 			un->un_g.dkg_ncyl = un->un_blockcount / (255 * 63);
23827 		}
23828 		un->un_blockcount = un->un_g.dkg_ncyl *
23829 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect;
23830 	}
23831 	un->un_g.dkg_acyl = 0;
23832 	un->un_g.dkg_bcyl = 0;
23833 	un->un_g.dkg_intrlv = 1;
23834 	un->un_g.dkg_rpm = 200;
23835 	un->un_g.dkg_read_reinstruct = 0;
23836 	un->un_g.dkg_write_reinstruct = 0;
23837 	if (un->un_g.dkg_pcyl == 0) {
23838 		un->un_g.dkg_pcyl = un->un_g.dkg_ncyl + un->un_g.dkg_acyl;
23839 	}
23840 
23841 	un->un_map['a'-'a'].dkl_cylno = 0;
23842 	un->un_map['a'-'a'].dkl_nblk = un->un_blockcount;
23843 	un->un_map['c'-'a'].dkl_cylno = 0;
23844 	un->un_map['c'-'a'].dkl_nblk = un->un_blockcount;
23845 	un->un_f_geometry_is_valid = FALSE;
23846 }
23847 
23848 
23849 #if defined(__i386) || defined(__amd64)
23850 /*
23851  *    Function: sd_update_fdisk_and_vtoc
23852  *
23853  * Description: This local utility routine updates the device fdisk and vtoc
23854  *		as part of setting the device mboot.
23855  *
23856  *   Arguments: un - driver soft state (unit) structure
23857  *
23858  * Return Code: 0 for success or errno-type return code.
23859  *
23860  *    Note:x86: This looks like a duplicate of sd_validate_geometry(), but
23861  *		these did exist seperately in x86 sd.c!!!
23862  */
23863 
23864 static int
23865 sd_update_fdisk_and_vtoc(struct sd_lun *un)
23866 {
23867 	static char	labelstring[128];
23868 	static char	buf[256];
23869 	char		*label = 0;
23870 	int		count;
23871 	int		label_rc = 0;
23872 	int		gvalid = un->un_f_geometry_is_valid;
23873 	int		fdisk_rval;
23874 	int		lbasize;
23875 	int		capacity;
23876 
23877 	ASSERT(mutex_owned(SD_MUTEX(un)));
23878 
23879 	if (un->un_f_tgt_blocksize_is_valid == FALSE) {
23880 		return (EINVAL);
23881 	}
23882 
23883 	if (un->un_f_blockcount_is_valid == FALSE) {
23884 		return (EINVAL);
23885 	}
23886 
23887 #if defined(_SUNOS_VTOC_16)
23888 	/*
23889 	 * Set up the "whole disk" fdisk partition; this should always
23890 	 * exist, regardless of whether the disk contains an fdisk table
23891 	 * or vtoc.
23892 	 */
23893 	un->un_map[P0_RAW_DISK].dkl_cylno = 0;
23894 	un->un_map[P0_RAW_DISK].dkl_nblk = un->un_blockcount;
23895 #endif	/* defined(_SUNOS_VTOC_16) */
23896 
23897 	/*
23898 	 * copy the lbasize and capacity so that if they're
23899 	 * reset while we're not holding the SD_MUTEX(un), we will
23900 	 * continue to use valid values after the SD_MUTEX(un) is
23901 	 * reacquired.
23902 	 */
23903 	lbasize  = un->un_tgt_blocksize;
23904 	capacity = un->un_blockcount;
23905 
23906 	/*
23907 	 * refresh the logical and physical geometry caches.
23908 	 * (data from mode sense format/rigid disk geometry pages,
23909 	 * and scsi_ifgetcap("geometry").
23910 	 */
23911 	sd_resync_geom_caches(un, capacity, lbasize, SD_PATH_DIRECT);
23912 
23913 	/*
23914 	 * Only DIRECT ACCESS devices will have Sun labels.
23915 	 * CD's supposedly have a Sun label, too
23916 	 */
23917 	if (un->un_f_vtoc_label_supported) {
23918 		fdisk_rval = sd_read_fdisk(un, capacity, lbasize,
23919 		    SD_PATH_DIRECT);
23920 		if (fdisk_rval == SD_CMD_FAILURE) {
23921 			ASSERT(mutex_owned(SD_MUTEX(un)));
23922 			return (EIO);
23923 		}
23924 
23925 		if (fdisk_rval == SD_CMD_RESERVATION_CONFLICT) {
23926 			ASSERT(mutex_owned(SD_MUTEX(un)));
23927 			return (EACCES);
23928 		}
23929 
23930 		if (un->un_solaris_size <= DK_LABEL_LOC) {
23931 			/*
23932 			 * Found fdisk table but no Solaris partition entry,
23933 			 * so don't call sd_uselabel() and don't create
23934 			 * a default label.
23935 			 */
23936 			label_rc = 0;
23937 			un->un_f_geometry_is_valid = TRUE;
23938 			goto no_solaris_partition;
23939 		}
23940 
23941 #if defined(_SUNOS_VTOC_8)
23942 		label = (char *)un->un_asciilabel;
23943 #elif defined(_SUNOS_VTOC_16)
23944 		label = (char *)un->un_vtoc.v_asciilabel;
23945 #else
23946 #error "No VTOC format defined."
23947 #endif
23948 	} else if (capacity < 0) {
23949 		ASSERT(mutex_owned(SD_MUTEX(un)));
23950 		return (EINVAL);
23951 	}
23952 
23953 	/*
23954 	 * For Removable media We reach here if we have found a
23955 	 * SOLARIS PARTITION.
23956 	 * If un_f_geometry_is_valid is FALSE it indicates that the SOLARIS
23957 	 * PARTITION has changed from the previous one, hence we will setup a
23958 	 * default VTOC in this case.
23959 	 */
23960 	if (un->un_f_geometry_is_valid == FALSE) {
23961 		sd_build_default_label(un);
23962 		label_rc = 0;
23963 	}
23964 
23965 no_solaris_partition:
23966 	if ((!un->un_f_has_removable_media ||
23967 	    (un->un_f_has_removable_media &&
23968 	    un->un_mediastate == DKIO_EJECTED)) &&
23969 		(un->un_state == SD_STATE_NORMAL && !gvalid)) {
23970 		/*
23971 		 * Print out a message indicating who and what we are.
23972 		 * We do this only when we happen to really validate the
23973 		 * geometry. We may call sd_validate_geometry() at other
23974 		 * times, ioctl()'s like Get VTOC in which case we
23975 		 * don't want to print the label.
23976 		 * If the geometry is valid, print the label string,
23977 		 * else print vendor and product info, if available
23978 		 */
23979 		if ((un->un_f_geometry_is_valid == TRUE) && (label != NULL)) {
23980 			SD_INFO(SD_LOG_IOCTL_DKIO, un, "?<%s>\n", label);
23981 		} else {
23982 			mutex_enter(&sd_label_mutex);
23983 			sd_inq_fill(SD_INQUIRY(un)->inq_vid, VIDMAX,
23984 			    labelstring);
23985 			sd_inq_fill(SD_INQUIRY(un)->inq_pid, PIDMAX,
23986 			    &labelstring[64]);
23987 			(void) sprintf(buf, "?Vendor '%s', product '%s'",
23988 			    labelstring, &labelstring[64]);
23989 			if (un->un_f_blockcount_is_valid == TRUE) {
23990 				(void) sprintf(&buf[strlen(buf)],
23991 				    ", %" PRIu64 " %u byte blocks\n",
23992 				    un->un_blockcount,
23993 				    un->un_tgt_blocksize);
23994 			} else {
23995 				(void) sprintf(&buf[strlen(buf)],
23996 				    ", (unknown capacity)\n");
23997 			}
23998 			SD_INFO(SD_LOG_IOCTL_DKIO, un, buf);
23999 			mutex_exit(&sd_label_mutex);
24000 		}
24001 	}
24002 
24003 #if defined(_SUNOS_VTOC_16)
24004 	/*
24005 	 * If we have valid geometry, set up the remaining fdisk partitions.
24006 	 * Note that dkl_cylno is not used for the fdisk map entries, so
24007 	 * we set it to an entirely bogus value.
24008 	 */
24009 	for (count = 0; count < FD_NUMPART; count++) {
24010 		un->un_map[FDISK_P1 + count].dkl_cylno = -1;
24011 		un->un_map[FDISK_P1 + count].dkl_nblk =
24012 		    un->un_fmap[count].fmap_nblk;
24013 		un->un_offset[FDISK_P1 + count] =
24014 		    un->un_fmap[count].fmap_start;
24015 	}
24016 #endif
24017 
24018 	for (count = 0; count < NDKMAP; count++) {
24019 #if defined(_SUNOS_VTOC_8)
24020 		struct dk_map *lp  = &un->un_map[count];
24021 		un->un_offset[count] =
24022 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
24023 #elif defined(_SUNOS_VTOC_16)
24024 		struct dkl_partition *vp = &un->un_vtoc.v_part[count];
24025 		un->un_offset[count] = vp->p_start + un->un_solaris_offset;
24026 #else
24027 #error "No VTOC format defined."
24028 #endif
24029 	}
24030 
24031 	ASSERT(mutex_owned(SD_MUTEX(un)));
24032 	return (label_rc);
24033 }
24034 #endif
24035 
24036 
24037 /*
24038  *    Function: sd_check_media
24039  *
24040  * Description: This utility routine implements the functionality for the
24041  *		DKIOCSTATE ioctl. This ioctl blocks the user thread until the
24042  *		driver state changes from that specified by the user
24043  *		(inserted or ejected). For example, if the user specifies
24044  *		DKIO_EJECTED and the current media state is inserted this
24045  *		routine will immediately return DKIO_INSERTED. However, if the
24046  *		current media state is not inserted the user thread will be
24047  *		blocked until the drive state changes. If DKIO_NONE is specified
24048  *		the user thread will block until a drive state change occurs.
24049  *
24050  *   Arguments: dev  - the device number
24051  *		state  - user pointer to a dkio_state, updated with the current
24052  *			drive state at return.
24053  *
24054  * Return Code: ENXIO
24055  *		EIO
24056  *		EAGAIN
24057  *		EINTR
24058  */
24059 
24060 static int
24061 sd_check_media(dev_t dev, enum dkio_state state)
24062 {
24063 	struct sd_lun		*un = NULL;
24064 	enum dkio_state		prev_state;
24065 	opaque_t		token = NULL;
24066 	int			rval = 0;
24067 
24068 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24069 		return (ENXIO);
24070 	}
24071 
24072 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: entry\n");
24073 
24074 	mutex_enter(SD_MUTEX(un));
24075 
24076 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: "
24077 	    "state=%x, mediastate=%x\n", state, un->un_mediastate);
24078 
24079 	prev_state = un->un_mediastate;
24080 
24081 	/* is there anything to do? */
24082 	if (state == un->un_mediastate || un->un_mediastate == DKIO_NONE) {
24083 		/*
24084 		 * submit the request to the scsi_watch service;
24085 		 * scsi_media_watch_cb() does the real work
24086 		 */
24087 		mutex_exit(SD_MUTEX(un));
24088 
24089 		/*
24090 		 * This change handles the case where a scsi watch request is
24091 		 * added to a device that is powered down. To accomplish this
24092 		 * we power up the device before adding the scsi watch request,
24093 		 * since the scsi watch sends a TUR directly to the device
24094 		 * which the device cannot handle if it is powered down.
24095 		 */
24096 		if (sd_pm_entry(un) != DDI_SUCCESS) {
24097 			mutex_enter(SD_MUTEX(un));
24098 			goto done;
24099 		}
24100 
24101 		token = scsi_watch_request_submit(SD_SCSI_DEVP(un),
24102 		    sd_check_media_time, SENSE_LENGTH, sd_media_watch_cb,
24103 		    (caddr_t)dev);
24104 
24105 		sd_pm_exit(un);
24106 
24107 		mutex_enter(SD_MUTEX(un));
24108 		if (token == NULL) {
24109 			rval = EAGAIN;
24110 			goto done;
24111 		}
24112 
24113 		/*
24114 		 * This is a special case IOCTL that doesn't return
24115 		 * until the media state changes. Routine sdpower
24116 		 * knows about and handles this so don't count it
24117 		 * as an active cmd in the driver, which would
24118 		 * keep the device busy to the pm framework.
24119 		 * If the count isn't decremented the device can't
24120 		 * be powered down.
24121 		 */
24122 		un->un_ncmds_in_driver--;
24123 		ASSERT(un->un_ncmds_in_driver >= 0);
24124 
24125 		/*
24126 		 * if a prior request had been made, this will be the same
24127 		 * token, as scsi_watch was designed that way.
24128 		 */
24129 		un->un_swr_token = token;
24130 		un->un_specified_mediastate = state;
24131 
24132 		/*
24133 		 * now wait for media change
24134 		 * we will not be signalled unless mediastate == state but it is
24135 		 * still better to test for this condition, since there is a
24136 		 * 2 sec cv_broadcast delay when mediastate == DKIO_INSERTED
24137 		 */
24138 		SD_TRACE(SD_LOG_COMMON, un,
24139 		    "sd_check_media: waiting for media state change\n");
24140 		while (un->un_mediastate == state) {
24141 			if (cv_wait_sig(&un->un_state_cv, SD_MUTEX(un)) == 0) {
24142 				SD_TRACE(SD_LOG_COMMON, un,
24143 				    "sd_check_media: waiting for media state "
24144 				    "was interrupted\n");
24145 				un->un_ncmds_in_driver++;
24146 				rval = EINTR;
24147 				goto done;
24148 			}
24149 			SD_TRACE(SD_LOG_COMMON, un,
24150 			    "sd_check_media: received signal, state=%x\n",
24151 			    un->un_mediastate);
24152 		}
24153 		/*
24154 		 * Inc the counter to indicate the device once again
24155 		 * has an active outstanding cmd.
24156 		 */
24157 		un->un_ncmds_in_driver++;
24158 	}
24159 
24160 	/* invalidate geometry */
24161 	if (prev_state == DKIO_INSERTED && un->un_mediastate == DKIO_EJECTED) {
24162 		sr_ejected(un);
24163 	}
24164 
24165 	if (un->un_mediastate == DKIO_INSERTED && prev_state != DKIO_INSERTED) {
24166 		uint64_t	capacity;
24167 		uint_t		lbasize;
24168 
24169 		SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: media inserted\n");
24170 		mutex_exit(SD_MUTEX(un));
24171 		/*
24172 		 * Since the following routines use SD_PATH_DIRECT, we must
24173 		 * call PM directly before the upcoming disk accesses. This
24174 		 * may cause the disk to be power/spin up.
24175 		 */
24176 
24177 		if (sd_pm_entry(un) == DDI_SUCCESS) {
24178 			rval = sd_send_scsi_READ_CAPACITY(un,
24179 			    &capacity,
24180 			    &lbasize, SD_PATH_DIRECT);
24181 			if (rval != 0) {
24182 				sd_pm_exit(un);
24183 				mutex_enter(SD_MUTEX(un));
24184 				goto done;
24185 			}
24186 		} else {
24187 			rval = EIO;
24188 			mutex_enter(SD_MUTEX(un));
24189 			goto done;
24190 		}
24191 		mutex_enter(SD_MUTEX(un));
24192 
24193 		sd_update_block_info(un, lbasize, capacity);
24194 
24195 		un->un_f_geometry_is_valid	= FALSE;
24196 		(void) sd_validate_geometry(un, SD_PATH_DIRECT);
24197 
24198 		mutex_exit(SD_MUTEX(un));
24199 		rval = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
24200 		    SD_PATH_DIRECT);
24201 		sd_pm_exit(un);
24202 
24203 		mutex_enter(SD_MUTEX(un));
24204 	}
24205 done:
24206 	un->un_f_watcht_stopped = FALSE;
24207 	if (un->un_swr_token) {
24208 		/*
24209 		 * Use of this local token and the mutex ensures that we avoid
24210 		 * some race conditions associated with terminating the
24211 		 * scsi watch.
24212 		 */
24213 		token = un->un_swr_token;
24214 		un->un_swr_token = (opaque_t)NULL;
24215 		mutex_exit(SD_MUTEX(un));
24216 		(void) scsi_watch_request_terminate(token,
24217 		    SCSI_WATCH_TERMINATE_WAIT);
24218 		mutex_enter(SD_MUTEX(un));
24219 	}
24220 
24221 	/*
24222 	 * Update the capacity kstat value, if no media previously
24223 	 * (capacity kstat is 0) and a media has been inserted
24224 	 * (un_f_blockcount_is_valid == TRUE)
24225 	 */
24226 	if (un->un_errstats) {
24227 		struct sd_errstats	*stp = NULL;
24228 
24229 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
24230 		if ((stp->sd_capacity.value.ui64 == 0) &&
24231 		    (un->un_f_blockcount_is_valid == TRUE)) {
24232 			stp->sd_capacity.value.ui64 =
24233 			    (uint64_t)((uint64_t)un->un_blockcount *
24234 			    un->un_sys_blocksize);
24235 		}
24236 	}
24237 	mutex_exit(SD_MUTEX(un));
24238 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: done\n");
24239 	return (rval);
24240 }
24241 
24242 
24243 /*
24244  *    Function: sd_delayed_cv_broadcast
24245  *
24246  * Description: Delayed cv_broadcast to allow for target to recover from media
24247  *		insertion.
24248  *
24249  *   Arguments: arg - driver soft state (unit) structure
24250  */
24251 
24252 static void
24253 sd_delayed_cv_broadcast(void *arg)
24254 {
24255 	struct sd_lun *un = arg;
24256 
24257 	SD_TRACE(SD_LOG_COMMON, un, "sd_delayed_cv_broadcast\n");
24258 
24259 	mutex_enter(SD_MUTEX(un));
24260 	un->un_dcvb_timeid = NULL;
24261 	cv_broadcast(&un->un_state_cv);
24262 	mutex_exit(SD_MUTEX(un));
24263 }
24264 
24265 
24266 /*
24267  *    Function: sd_media_watch_cb
24268  *
24269  * Description: Callback routine used for support of the DKIOCSTATE ioctl. This
24270  *		routine processes the TUR sense data and updates the driver
24271  *		state if a transition has occurred. The user thread
24272  *		(sd_check_media) is then signalled.
24273  *
24274  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
24275  *			among multiple watches that share this callback function
24276  *		resultp - scsi watch facility result packet containing scsi
24277  *			  packet, status byte and sense data
24278  *
24279  * Return Code: 0 for success, -1 for failure
24280  */
24281 
24282 static int
24283 sd_media_watch_cb(caddr_t arg, struct scsi_watch_result *resultp)
24284 {
24285 	struct sd_lun			*un;
24286 	struct scsi_status		*statusp = resultp->statusp;
24287 	uint8_t				*sensep = (uint8_t *)resultp->sensep;
24288 	enum dkio_state			state = DKIO_NONE;
24289 	dev_t				dev = (dev_t)arg;
24290 	uchar_t				actual_sense_length;
24291 	uint8_t				skey, asc, ascq;
24292 
24293 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24294 		return (-1);
24295 	}
24296 	actual_sense_length = resultp->actual_sense_length;
24297 
24298 	mutex_enter(SD_MUTEX(un));
24299 	SD_TRACE(SD_LOG_COMMON, un,
24300 	    "sd_media_watch_cb: status=%x, sensep=%p, len=%x\n",
24301 	    *((char *)statusp), (void *)sensep, actual_sense_length);
24302 
24303 	if (resultp->pkt->pkt_reason == CMD_DEV_GONE) {
24304 		un->un_mediastate = DKIO_DEV_GONE;
24305 		cv_broadcast(&un->un_state_cv);
24306 		mutex_exit(SD_MUTEX(un));
24307 
24308 		return (0);
24309 	}
24310 
24311 	/*
24312 	 * If there was a check condition then sensep points to valid sense data
24313 	 * If status was not a check condition but a reservation or busy status
24314 	 * then the new state is DKIO_NONE
24315 	 */
24316 	if (sensep != NULL) {
24317 		skey = scsi_sense_key(sensep);
24318 		asc = scsi_sense_asc(sensep);
24319 		ascq = scsi_sense_ascq(sensep);
24320 
24321 		SD_INFO(SD_LOG_COMMON, un,
24322 		    "sd_media_watch_cb: sense KEY=%x, ASC=%x, ASCQ=%x\n",
24323 		    skey, asc, ascq);
24324 		/* This routine only uses up to 13 bytes of sense data. */
24325 		if (actual_sense_length >= 13) {
24326 			if (skey == KEY_UNIT_ATTENTION) {
24327 				if (asc == 0x28) {
24328 					state = DKIO_INSERTED;
24329 				}
24330 			} else {
24331 				/*
24332 				 * if 02/04/02  means that the host
24333 				 * should send start command. Explicitly
24334 				 * leave the media state as is
24335 				 * (inserted) as the media is inserted
24336 				 * and host has stopped device for PM
24337 				 * reasons. Upon next true read/write
24338 				 * to this media will bring the
24339 				 * device to the right state good for
24340 				 * media access.
24341 				 */
24342 				if ((skey == KEY_NOT_READY) &&
24343 				    (asc == 0x3a)) {
24344 					state = DKIO_EJECTED;
24345 				}
24346 
24347 				/*
24348 				 * If the drivge is busy with an operation
24349 				 * or long write, keep the media in an
24350 				 * inserted state.
24351 				 */
24352 
24353 				if ((skey == KEY_NOT_READY) &&
24354 				    (asc == 0x04) &&
24355 				    ((ascq == 0x02) ||
24356 				    (ascq == 0x07) ||
24357 				    (ascq == 0x08))) {
24358 					state = DKIO_INSERTED;
24359 				}
24360 			}
24361 		}
24362 	} else if ((*((char *)statusp) == STATUS_GOOD) &&
24363 	    (resultp->pkt->pkt_reason == CMD_CMPLT)) {
24364 		state = DKIO_INSERTED;
24365 	}
24366 
24367 	SD_TRACE(SD_LOG_COMMON, un,
24368 	    "sd_media_watch_cb: state=%x, specified=%x\n",
24369 	    state, un->un_specified_mediastate);
24370 
24371 	/*
24372 	 * now signal the waiting thread if this is *not* the specified state;
24373 	 * delay the signal if the state is DKIO_INSERTED to allow the target
24374 	 * to recover
24375 	 */
24376 	if (state != un->un_specified_mediastate) {
24377 		un->un_mediastate = state;
24378 		if (state == DKIO_INSERTED) {
24379 			/*
24380 			 * delay the signal to give the drive a chance
24381 			 * to do what it apparently needs to do
24382 			 */
24383 			SD_TRACE(SD_LOG_COMMON, un,
24384 			    "sd_media_watch_cb: delayed cv_broadcast\n");
24385 			if (un->un_dcvb_timeid == NULL) {
24386 				un->un_dcvb_timeid =
24387 				    timeout(sd_delayed_cv_broadcast, un,
24388 				    drv_usectohz((clock_t)MEDIA_ACCESS_DELAY));
24389 			}
24390 		} else {
24391 			SD_TRACE(SD_LOG_COMMON, un,
24392 			    "sd_media_watch_cb: immediate cv_broadcast\n");
24393 			cv_broadcast(&un->un_state_cv);
24394 		}
24395 	}
24396 	mutex_exit(SD_MUTEX(un));
24397 	return (0);
24398 }
24399 
24400 
24401 /*
24402  *    Function: sd_dkio_get_temp
24403  *
24404  * Description: This routine is the driver entry point for handling ioctl
24405  *		requests to get the disk temperature.
24406  *
24407  *   Arguments: dev  - the device number
24408  *		arg  - pointer to user provided dk_temperature structure.
24409  *		flag - this argument is a pass through to ddi_copyxxx()
24410  *		       directly from the mode argument of ioctl().
24411  *
24412  * Return Code: 0
24413  *		EFAULT
24414  *		ENXIO
24415  *		EAGAIN
24416  */
24417 
24418 static int
24419 sd_dkio_get_temp(dev_t dev, caddr_t arg, int flag)
24420 {
24421 	struct sd_lun		*un = NULL;
24422 	struct dk_temperature	*dktemp = NULL;
24423 	uchar_t			*temperature_page;
24424 	int			rval = 0;
24425 	int			path_flag = SD_PATH_STANDARD;
24426 
24427 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24428 		return (ENXIO);
24429 	}
24430 
24431 	dktemp = kmem_zalloc(sizeof (struct dk_temperature), KM_SLEEP);
24432 
24433 	/* copyin the disk temp argument to get the user flags */
24434 	if (ddi_copyin((void *)arg, dktemp,
24435 	    sizeof (struct dk_temperature), flag) != 0) {
24436 		rval = EFAULT;
24437 		goto done;
24438 	}
24439 
24440 	/* Initialize the temperature to invalid. */
24441 	dktemp->dkt_cur_temp = (short)DKT_INVALID_TEMP;
24442 	dktemp->dkt_ref_temp = (short)DKT_INVALID_TEMP;
24443 
24444 	/*
24445 	 * Note: Investigate removing the "bypass pm" semantic.
24446 	 * Can we just bypass PM always?
24447 	 */
24448 	if (dktemp->dkt_flags & DKT_BYPASS_PM) {
24449 		path_flag = SD_PATH_DIRECT;
24450 		ASSERT(!mutex_owned(&un->un_pm_mutex));
24451 		mutex_enter(&un->un_pm_mutex);
24452 		if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
24453 			/*
24454 			 * If DKT_BYPASS_PM is set, and the drive happens to be
24455 			 * in low power mode, we can not wake it up, Need to
24456 			 * return EAGAIN.
24457 			 */
24458 			mutex_exit(&un->un_pm_mutex);
24459 			rval = EAGAIN;
24460 			goto done;
24461 		} else {
24462 			/*
24463 			 * Indicate to PM the device is busy. This is required
24464 			 * to avoid a race - i.e. the ioctl is issuing a
24465 			 * command and the pm framework brings down the device
24466 			 * to low power mode (possible power cut-off on some
24467 			 * platforms).
24468 			 */
24469 			mutex_exit(&un->un_pm_mutex);
24470 			if (sd_pm_entry(un) != DDI_SUCCESS) {
24471 				rval = EAGAIN;
24472 				goto done;
24473 			}
24474 		}
24475 	}
24476 
24477 	temperature_page = kmem_zalloc(TEMPERATURE_PAGE_SIZE, KM_SLEEP);
24478 
24479 	if ((rval = sd_send_scsi_LOG_SENSE(un, temperature_page,
24480 	    TEMPERATURE_PAGE_SIZE, TEMPERATURE_PAGE, 1, 0, path_flag)) != 0) {
24481 		goto done2;
24482 	}
24483 
24484 	/*
24485 	 * For the current temperature verify that the parameter length is 0x02
24486 	 * and the parameter code is 0x00
24487 	 */
24488 	if ((temperature_page[7] == 0x02) && (temperature_page[4] == 0x00) &&
24489 	    (temperature_page[5] == 0x00)) {
24490 		if (temperature_page[9] == 0xFF) {
24491 			dktemp->dkt_cur_temp = (short)DKT_INVALID_TEMP;
24492 		} else {
24493 			dktemp->dkt_cur_temp = (short)(temperature_page[9]);
24494 		}
24495 	}
24496 
24497 	/*
24498 	 * For the reference temperature verify that the parameter
24499 	 * length is 0x02 and the parameter code is 0x01
24500 	 */
24501 	if ((temperature_page[13] == 0x02) && (temperature_page[10] == 0x00) &&
24502 	    (temperature_page[11] == 0x01)) {
24503 		if (temperature_page[15] == 0xFF) {
24504 			dktemp->dkt_ref_temp = (short)DKT_INVALID_TEMP;
24505 		} else {
24506 			dktemp->dkt_ref_temp = (short)(temperature_page[15]);
24507 		}
24508 	}
24509 
24510 	/* Do the copyout regardless of the temperature commands status. */
24511 	if (ddi_copyout(dktemp, (void *)arg, sizeof (struct dk_temperature),
24512 	    flag) != 0) {
24513 		rval = EFAULT;
24514 	}
24515 
24516 done2:
24517 	if (path_flag == SD_PATH_DIRECT) {
24518 		sd_pm_exit(un);
24519 	}
24520 
24521 	kmem_free(temperature_page, TEMPERATURE_PAGE_SIZE);
24522 done:
24523 	if (dktemp != NULL) {
24524 		kmem_free(dktemp, sizeof (struct dk_temperature));
24525 	}
24526 
24527 	return (rval);
24528 }
24529 
24530 
24531 /*
24532  *    Function: sd_log_page_supported
24533  *
24534  * Description: This routine uses sd_send_scsi_LOG_SENSE to find the list of
24535  *		supported log pages.
24536  *
24537  *   Arguments: un -
24538  *		log_page -
24539  *
24540  * Return Code: -1 - on error (log sense is optional and may not be supported).
24541  *		0  - log page not found.
24542  *  		1  - log page found.
24543  */
24544 
24545 static int
24546 sd_log_page_supported(struct sd_lun *un, int log_page)
24547 {
24548 	uchar_t *log_page_data;
24549 	int	i;
24550 	int	match = 0;
24551 	int	log_size;
24552 
24553 	log_page_data = kmem_zalloc(0xFF, KM_SLEEP);
24554 
24555 	if (sd_send_scsi_LOG_SENSE(un, log_page_data, 0xFF, 0, 0x01, 0,
24556 	    SD_PATH_DIRECT) != 0) {
24557 		SD_ERROR(SD_LOG_COMMON, un,
24558 		    "sd_log_page_supported: failed log page retrieval\n");
24559 		kmem_free(log_page_data, 0xFF);
24560 		return (-1);
24561 	}
24562 	log_size = log_page_data[3];
24563 
24564 	/*
24565 	 * The list of supported log pages start from the fourth byte. Check
24566 	 * until we run out of log pages or a match is found.
24567 	 */
24568 	for (i = 4; (i < (log_size + 4)) && !match; i++) {
24569 		if (log_page_data[i] == log_page) {
24570 			match++;
24571 		}
24572 	}
24573 	kmem_free(log_page_data, 0xFF);
24574 	return (match);
24575 }
24576 
24577 
24578 /*
24579  *    Function: sd_mhdioc_failfast
24580  *
24581  * Description: This routine is the driver entry point for handling ioctl
24582  *		requests to enable/disable the multihost failfast option.
24583  *		(MHIOCENFAILFAST)
24584  *
24585  *   Arguments: dev	- the device number
24586  *		arg	- user specified probing interval.
24587  *		flag	- this argument is a pass through to ddi_copyxxx()
24588  *			  directly from the mode argument of ioctl().
24589  *
24590  * Return Code: 0
24591  *		EFAULT
24592  *		ENXIO
24593  */
24594 
24595 static int
24596 sd_mhdioc_failfast(dev_t dev, caddr_t arg, int flag)
24597 {
24598 	struct sd_lun	*un = NULL;
24599 	int		mh_time;
24600 	int		rval = 0;
24601 
24602 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24603 		return (ENXIO);
24604 	}
24605 
24606 	if (ddi_copyin((void *)arg, &mh_time, sizeof (int), flag))
24607 		return (EFAULT);
24608 
24609 	if (mh_time) {
24610 		mutex_enter(SD_MUTEX(un));
24611 		un->un_resvd_status |= SD_FAILFAST;
24612 		mutex_exit(SD_MUTEX(un));
24613 		/*
24614 		 * If mh_time is INT_MAX, then this ioctl is being used for
24615 		 * SCSI-3 PGR purposes, and we don't need to spawn watch thread.
24616 		 */
24617 		if (mh_time != INT_MAX) {
24618 			rval = sd_check_mhd(dev, mh_time);
24619 		}
24620 	} else {
24621 		(void) sd_check_mhd(dev, 0);
24622 		mutex_enter(SD_MUTEX(un));
24623 		un->un_resvd_status &= ~SD_FAILFAST;
24624 		mutex_exit(SD_MUTEX(un));
24625 	}
24626 	return (rval);
24627 }
24628 
24629 
24630 /*
24631  *    Function: sd_mhdioc_takeown
24632  *
24633  * Description: This routine is the driver entry point for handling ioctl
24634  *		requests to forcefully acquire exclusive access rights to the
24635  *		multihost disk (MHIOCTKOWN).
24636  *
24637  *   Arguments: dev	- the device number
24638  *		arg	- user provided structure specifying the delay
24639  *			  parameters in milliseconds
24640  *		flag	- this argument is a pass through to ddi_copyxxx()
24641  *			  directly from the mode argument of ioctl().
24642  *
24643  * Return Code: 0
24644  *		EFAULT
24645  *		ENXIO
24646  */
24647 
24648 static int
24649 sd_mhdioc_takeown(dev_t dev, caddr_t arg, int flag)
24650 {
24651 	struct sd_lun		*un = NULL;
24652 	struct mhioctkown	*tkown = NULL;
24653 	int			rval = 0;
24654 
24655 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24656 		return (ENXIO);
24657 	}
24658 
24659 	if (arg != NULL) {
24660 		tkown = (struct mhioctkown *)
24661 		    kmem_zalloc(sizeof (struct mhioctkown), KM_SLEEP);
24662 		rval = ddi_copyin(arg, tkown, sizeof (struct mhioctkown), flag);
24663 		if (rval != 0) {
24664 			rval = EFAULT;
24665 			goto error;
24666 		}
24667 	}
24668 
24669 	rval = sd_take_ownership(dev, tkown);
24670 	mutex_enter(SD_MUTEX(un));
24671 	if (rval == 0) {
24672 		un->un_resvd_status |= SD_RESERVE;
24673 		if (tkown != NULL && tkown->reinstate_resv_delay != 0) {
24674 			sd_reinstate_resv_delay =
24675 			    tkown->reinstate_resv_delay * 1000;
24676 		} else {
24677 			sd_reinstate_resv_delay = SD_REINSTATE_RESV_DELAY;
24678 		}
24679 		/*
24680 		 * Give the scsi_watch routine interval set by
24681 		 * the MHIOCENFAILFAST ioctl precedence here.
24682 		 */
24683 		if ((un->un_resvd_status & SD_FAILFAST) == 0) {
24684 			mutex_exit(SD_MUTEX(un));
24685 			(void) sd_check_mhd(dev, sd_reinstate_resv_delay/1000);
24686 			SD_TRACE(SD_LOG_IOCTL_MHD, un,
24687 			    "sd_mhdioc_takeown : %d\n",
24688 			    sd_reinstate_resv_delay);
24689 		} else {
24690 			mutex_exit(SD_MUTEX(un));
24691 		}
24692 		(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_NOTIFY,
24693 		    sd_mhd_reset_notify_cb, (caddr_t)un);
24694 	} else {
24695 		un->un_resvd_status &= ~SD_RESERVE;
24696 		mutex_exit(SD_MUTEX(un));
24697 	}
24698 
24699 error:
24700 	if (tkown != NULL) {
24701 		kmem_free(tkown, sizeof (struct mhioctkown));
24702 	}
24703 	return (rval);
24704 }
24705 
24706 
24707 /*
24708  *    Function: sd_mhdioc_release
24709  *
24710  * Description: This routine is the driver entry point for handling ioctl
24711  *		requests to release exclusive access rights to the multihost
24712  *		disk (MHIOCRELEASE).
24713  *
24714  *   Arguments: dev	- the device number
24715  *
24716  * Return Code: 0
24717  *		ENXIO
24718  */
24719 
24720 static int
24721 sd_mhdioc_release(dev_t dev)
24722 {
24723 	struct sd_lun		*un = NULL;
24724 	timeout_id_t		resvd_timeid_save;
24725 	int			resvd_status_save;
24726 	int			rval = 0;
24727 
24728 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24729 		return (ENXIO);
24730 	}
24731 
24732 	mutex_enter(SD_MUTEX(un));
24733 	resvd_status_save = un->un_resvd_status;
24734 	un->un_resvd_status &=
24735 	    ~(SD_RESERVE | SD_LOST_RESERVE | SD_WANT_RESERVE);
24736 	if (un->un_resvd_timeid) {
24737 		resvd_timeid_save = un->un_resvd_timeid;
24738 		un->un_resvd_timeid = NULL;
24739 		mutex_exit(SD_MUTEX(un));
24740 		(void) untimeout(resvd_timeid_save);
24741 	} else {
24742 		mutex_exit(SD_MUTEX(un));
24743 	}
24744 
24745 	/*
24746 	 * destroy any pending timeout thread that may be attempting to
24747 	 * reinstate reservation on this device.
24748 	 */
24749 	sd_rmv_resv_reclaim_req(dev);
24750 
24751 	if ((rval = sd_reserve_release(dev, SD_RELEASE)) == 0) {
24752 		mutex_enter(SD_MUTEX(un));
24753 		if ((un->un_mhd_token) &&
24754 		    ((un->un_resvd_status & SD_FAILFAST) == 0)) {
24755 			mutex_exit(SD_MUTEX(un));
24756 			(void) sd_check_mhd(dev, 0);
24757 		} else {
24758 			mutex_exit(SD_MUTEX(un));
24759 		}
24760 		(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_CANCEL,
24761 		    sd_mhd_reset_notify_cb, (caddr_t)un);
24762 	} else {
24763 		/*
24764 		 * sd_mhd_watch_cb will restart the resvd recover timeout thread
24765 		 */
24766 		mutex_enter(SD_MUTEX(un));
24767 		un->un_resvd_status = resvd_status_save;
24768 		mutex_exit(SD_MUTEX(un));
24769 	}
24770 	return (rval);
24771 }
24772 
24773 
24774 /*
24775  *    Function: sd_mhdioc_register_devid
24776  *
24777  * Description: This routine is the driver entry point for handling ioctl
24778  *		requests to register the device id (MHIOCREREGISTERDEVID).
24779  *
24780  *		Note: The implementation for this ioctl has been updated to
24781  *		be consistent with the original PSARC case (1999/357)
24782  *		(4375899, 4241671, 4220005)
24783  *
24784  *   Arguments: dev	- the device number
24785  *
24786  * Return Code: 0
24787  *		ENXIO
24788  */
24789 
24790 static int
24791 sd_mhdioc_register_devid(dev_t dev)
24792 {
24793 	struct sd_lun	*un = NULL;
24794 	int		rval = 0;
24795 
24796 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24797 		return (ENXIO);
24798 	}
24799 
24800 	ASSERT(!mutex_owned(SD_MUTEX(un)));
24801 
24802 	mutex_enter(SD_MUTEX(un));
24803 
24804 	/* If a devid already exists, de-register it */
24805 	if (un->un_devid != NULL) {
24806 		ddi_devid_unregister(SD_DEVINFO(un));
24807 		/*
24808 		 * After unregister devid, needs to free devid memory
24809 		 */
24810 		ddi_devid_free(un->un_devid);
24811 		un->un_devid = NULL;
24812 	}
24813 
24814 	/* Check for reservation conflict */
24815 	mutex_exit(SD_MUTEX(un));
24816 	rval = sd_send_scsi_TEST_UNIT_READY(un, 0);
24817 	mutex_enter(SD_MUTEX(un));
24818 
24819 	switch (rval) {
24820 	case 0:
24821 		sd_register_devid(un, SD_DEVINFO(un), SD_TARGET_IS_UNRESERVED);
24822 		break;
24823 	case EACCES:
24824 		break;
24825 	default:
24826 		rval = EIO;
24827 	}
24828 
24829 	mutex_exit(SD_MUTEX(un));
24830 	return (rval);
24831 }
24832 
24833 
24834 /*
24835  *    Function: sd_mhdioc_inkeys
24836  *
24837  * Description: This routine is the driver entry point for handling ioctl
24838  *		requests to issue the SCSI-3 Persistent In Read Keys command
24839  *		to the device (MHIOCGRP_INKEYS).
24840  *
24841  *   Arguments: dev	- the device number
24842  *		arg	- user provided in_keys structure
24843  *		flag	- this argument is a pass through to ddi_copyxxx()
24844  *			  directly from the mode argument of ioctl().
24845  *
24846  * Return Code: code returned by sd_persistent_reservation_in_read_keys()
24847  *		ENXIO
24848  *		EFAULT
24849  */
24850 
24851 static int
24852 sd_mhdioc_inkeys(dev_t dev, caddr_t arg, int flag)
24853 {
24854 	struct sd_lun		*un;
24855 	mhioc_inkeys_t		inkeys;
24856 	int			rval = 0;
24857 
24858 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24859 		return (ENXIO);
24860 	}
24861 
24862 #ifdef _MULTI_DATAMODEL
24863 	switch (ddi_model_convert_from(flag & FMODELS)) {
24864 	case DDI_MODEL_ILP32: {
24865 		struct mhioc_inkeys32	inkeys32;
24866 
24867 		if (ddi_copyin(arg, &inkeys32,
24868 		    sizeof (struct mhioc_inkeys32), flag) != 0) {
24869 			return (EFAULT);
24870 		}
24871 		inkeys.li = (mhioc_key_list_t *)(uintptr_t)inkeys32.li;
24872 		if ((rval = sd_persistent_reservation_in_read_keys(un,
24873 		    &inkeys, flag)) != 0) {
24874 			return (rval);
24875 		}
24876 		inkeys32.generation = inkeys.generation;
24877 		if (ddi_copyout(&inkeys32, arg, sizeof (struct mhioc_inkeys32),
24878 		    flag) != 0) {
24879 			return (EFAULT);
24880 		}
24881 		break;
24882 	}
24883 	case DDI_MODEL_NONE:
24884 		if (ddi_copyin(arg, &inkeys, sizeof (mhioc_inkeys_t),
24885 		    flag) != 0) {
24886 			return (EFAULT);
24887 		}
24888 		if ((rval = sd_persistent_reservation_in_read_keys(un,
24889 		    &inkeys, flag)) != 0) {
24890 			return (rval);
24891 		}
24892 		if (ddi_copyout(&inkeys, arg, sizeof (mhioc_inkeys_t),
24893 		    flag) != 0) {
24894 			return (EFAULT);
24895 		}
24896 		break;
24897 	}
24898 
24899 #else /* ! _MULTI_DATAMODEL */
24900 
24901 	if (ddi_copyin(arg, &inkeys, sizeof (mhioc_inkeys_t), flag) != 0) {
24902 		return (EFAULT);
24903 	}
24904 	rval = sd_persistent_reservation_in_read_keys(un, &inkeys, flag);
24905 	if (rval != 0) {
24906 		return (rval);
24907 	}
24908 	if (ddi_copyout(&inkeys, arg, sizeof (mhioc_inkeys_t), flag) != 0) {
24909 		return (EFAULT);
24910 	}
24911 
24912 #endif /* _MULTI_DATAMODEL */
24913 
24914 	return (rval);
24915 }
24916 
24917 
24918 /*
24919  *    Function: sd_mhdioc_inresv
24920  *
24921  * Description: This routine is the driver entry point for handling ioctl
24922  *		requests to issue the SCSI-3 Persistent In Read Reservations
24923  *		command to the device (MHIOCGRP_INKEYS).
24924  *
24925  *   Arguments: dev	- the device number
24926  *		arg	- user provided in_resv structure
24927  *		flag	- this argument is a pass through to ddi_copyxxx()
24928  *			  directly from the mode argument of ioctl().
24929  *
24930  * Return Code: code returned by sd_persistent_reservation_in_read_resv()
24931  *		ENXIO
24932  *		EFAULT
24933  */
24934 
24935 static int
24936 sd_mhdioc_inresv(dev_t dev, caddr_t arg, int flag)
24937 {
24938 	struct sd_lun		*un;
24939 	mhioc_inresvs_t		inresvs;
24940 	int			rval = 0;
24941 
24942 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24943 		return (ENXIO);
24944 	}
24945 
24946 #ifdef _MULTI_DATAMODEL
24947 
24948 	switch (ddi_model_convert_from(flag & FMODELS)) {
24949 	case DDI_MODEL_ILP32: {
24950 		struct mhioc_inresvs32	inresvs32;
24951 
24952 		if (ddi_copyin(arg, &inresvs32,
24953 		    sizeof (struct mhioc_inresvs32), flag) != 0) {
24954 			return (EFAULT);
24955 		}
24956 		inresvs.li = (mhioc_resv_desc_list_t *)(uintptr_t)inresvs32.li;
24957 		if ((rval = sd_persistent_reservation_in_read_resv(un,
24958 		    &inresvs, flag)) != 0) {
24959 			return (rval);
24960 		}
24961 		inresvs32.generation = inresvs.generation;
24962 		if (ddi_copyout(&inresvs32, arg,
24963 		    sizeof (struct mhioc_inresvs32), flag) != 0) {
24964 			return (EFAULT);
24965 		}
24966 		break;
24967 	}
24968 	case DDI_MODEL_NONE:
24969 		if (ddi_copyin(arg, &inresvs,
24970 		    sizeof (mhioc_inresvs_t), flag) != 0) {
24971 			return (EFAULT);
24972 		}
24973 		if ((rval = sd_persistent_reservation_in_read_resv(un,
24974 		    &inresvs, flag)) != 0) {
24975 			return (rval);
24976 		}
24977 		if (ddi_copyout(&inresvs, arg,
24978 		    sizeof (mhioc_inresvs_t), flag) != 0) {
24979 			return (EFAULT);
24980 		}
24981 		break;
24982 	}
24983 
24984 #else /* ! _MULTI_DATAMODEL */
24985 
24986 	if (ddi_copyin(arg, &inresvs, sizeof (mhioc_inresvs_t), flag) != 0) {
24987 		return (EFAULT);
24988 	}
24989 	rval = sd_persistent_reservation_in_read_resv(un, &inresvs, flag);
24990 	if (rval != 0) {
24991 		return (rval);
24992 	}
24993 	if (ddi_copyout(&inresvs, arg, sizeof (mhioc_inresvs_t), flag)) {
24994 		return (EFAULT);
24995 	}
24996 
24997 #endif /* ! _MULTI_DATAMODEL */
24998 
24999 	return (rval);
25000 }
25001 
25002 
25003 /*
25004  * The following routines support the clustering functionality described below
25005  * and implement lost reservation reclaim functionality.
25006  *
25007  * Clustering
25008  * ----------
25009  * The clustering code uses two different, independent forms of SCSI
25010  * reservation. Traditional SCSI-2 Reserve/Release and the newer SCSI-3
25011  * Persistent Group Reservations. For any particular disk, it will use either
25012  * SCSI-2 or SCSI-3 PGR but never both at the same time for the same disk.
25013  *
25014  * SCSI-2
25015  * The cluster software takes ownership of a multi-hosted disk by issuing the
25016  * MHIOCTKOWN ioctl to the disk driver. It releases ownership by issuing the
25017  * MHIOCRELEASE ioctl.Closely related is the MHIOCENFAILFAST ioctl -- a cluster,
25018  * just after taking ownership of the disk with the MHIOCTKOWN ioctl then issues
25019  * the MHIOCENFAILFAST ioctl.  This ioctl "enables failfast" in the driver. The
25020  * meaning of failfast is that if the driver (on this host) ever encounters the
25021  * scsi error return code RESERVATION_CONFLICT from the device, it should
25022  * immediately panic the host. The motivation for this ioctl is that if this
25023  * host does encounter reservation conflict, the underlying cause is that some
25024  * other host of the cluster has decided that this host is no longer in the
25025  * cluster and has seized control of the disks for itself. Since this host is no
25026  * longer in the cluster, it ought to panic itself. The MHIOCENFAILFAST ioctl
25027  * does two things:
25028  *	(a) it sets a flag that will cause any returned RESERVATION_CONFLICT
25029  *      error to panic the host
25030  *      (b) it sets up a periodic timer to test whether this host still has
25031  *      "access" (in that no other host has reserved the device):  if the
25032  *      periodic timer gets RESERVATION_CONFLICT, the host is panicked. The
25033  *      purpose of that periodic timer is to handle scenarios where the host is
25034  *      otherwise temporarily quiescent, temporarily doing no real i/o.
25035  * The MHIOCTKOWN ioctl will "break" a reservation that is held by another host,
25036  * by issuing a SCSI Bus Device Reset.  It will then issue a SCSI Reserve for
25037  * the device itself.
25038  *
25039  * SCSI-3 PGR
25040  * A direct semantic implementation of the SCSI-3 Persistent Reservation
25041  * facility is supported through the shared multihost disk ioctls
25042  * (MHIOCGRP_INKEYS, MHIOCGRP_INRESV, MHIOCGRP_REGISTER, MHIOCGRP_RESERVE,
25043  * MHIOCGRP_PREEMPTANDABORT)
25044  *
25045  * Reservation Reclaim:
25046  * --------------------
25047  * To support the lost reservation reclaim operations this driver creates a
25048  * single thread to handle reinstating reservations on all devices that have
25049  * lost reservations sd_resv_reclaim_requests are logged for all devices that
25050  * have LOST RESERVATIONS when the scsi watch facility callsback sd_mhd_watch_cb
25051  * and the reservation reclaim thread loops through the requests to regain the
25052  * lost reservations.
25053  */
25054 
25055 /*
25056  *    Function: sd_check_mhd()
25057  *
25058  * Description: This function sets up and submits a scsi watch request or
25059  *		terminates an existing watch request. This routine is used in
25060  *		support of reservation reclaim.
25061  *
25062  *   Arguments: dev    - the device 'dev_t' is used for context to discriminate
25063  *			 among multiple watches that share the callback function
25064  *		interval - the number of microseconds specifying the watch
25065  *			   interval for issuing TEST UNIT READY commands. If
25066  *			   set to 0 the watch should be terminated. If the
25067  *			   interval is set to 0 and if the device is required
25068  *			   to hold reservation while disabling failfast, the
25069  *			   watch is restarted with an interval of
25070  *			   reinstate_resv_delay.
25071  *
25072  * Return Code: 0	   - Successful submit/terminate of scsi watch request
25073  *		ENXIO      - Indicates an invalid device was specified
25074  *		EAGAIN     - Unable to submit the scsi watch request
25075  */
25076 
25077 static int
25078 sd_check_mhd(dev_t dev, int interval)
25079 {
25080 	struct sd_lun	*un;
25081 	opaque_t	token;
25082 
25083 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25084 		return (ENXIO);
25085 	}
25086 
25087 	/* is this a watch termination request? */
25088 	if (interval == 0) {
25089 		mutex_enter(SD_MUTEX(un));
25090 		/* if there is an existing watch task then terminate it */
25091 		if (un->un_mhd_token) {
25092 			token = un->un_mhd_token;
25093 			un->un_mhd_token = NULL;
25094 			mutex_exit(SD_MUTEX(un));
25095 			(void) scsi_watch_request_terminate(token,
25096 			    SCSI_WATCH_TERMINATE_WAIT);
25097 			mutex_enter(SD_MUTEX(un));
25098 		} else {
25099 			mutex_exit(SD_MUTEX(un));
25100 			/*
25101 			 * Note: If we return here we don't check for the
25102 			 * failfast case. This is the original legacy
25103 			 * implementation but perhaps we should be checking
25104 			 * the failfast case.
25105 			 */
25106 			return (0);
25107 		}
25108 		/*
25109 		 * If the device is required to hold reservation while
25110 		 * disabling failfast, we need to restart the scsi_watch
25111 		 * routine with an interval of reinstate_resv_delay.
25112 		 */
25113 		if (un->un_resvd_status & SD_RESERVE) {
25114 			interval = sd_reinstate_resv_delay/1000;
25115 		} else {
25116 			/* no failfast so bail */
25117 			mutex_exit(SD_MUTEX(un));
25118 			return (0);
25119 		}
25120 		mutex_exit(SD_MUTEX(un));
25121 	}
25122 
25123 	/*
25124 	 * adjust minimum time interval to 1 second,
25125 	 * and convert from msecs to usecs
25126 	 */
25127 	if (interval > 0 && interval < 1000) {
25128 		interval = 1000;
25129 	}
25130 	interval *= 1000;
25131 
25132 	/*
25133 	 * submit the request to the scsi_watch service
25134 	 */
25135 	token = scsi_watch_request_submit(SD_SCSI_DEVP(un), interval,
25136 	    SENSE_LENGTH, sd_mhd_watch_cb, (caddr_t)dev);
25137 	if (token == NULL) {
25138 		return (EAGAIN);
25139 	}
25140 
25141 	/*
25142 	 * save token for termination later on
25143 	 */
25144 	mutex_enter(SD_MUTEX(un));
25145 	un->un_mhd_token = token;
25146 	mutex_exit(SD_MUTEX(un));
25147 	return (0);
25148 }
25149 
25150 
25151 /*
25152  *    Function: sd_mhd_watch_cb()
25153  *
25154  * Description: This function is the call back function used by the scsi watch
25155  *		facility. The scsi watch facility sends the "Test Unit Ready"
25156  *		and processes the status. If applicable (i.e. a "Unit Attention"
25157  *		status and automatic "Request Sense" not used) the scsi watch
25158  *		facility will send a "Request Sense" and retrieve the sense data
25159  *		to be passed to this callback function. In either case the
25160  *		automatic "Request Sense" or the facility submitting one, this
25161  *		callback is passed the status and sense data.
25162  *
25163  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
25164  *			among multiple watches that share this callback function
25165  *		resultp - scsi watch facility result packet containing scsi
25166  *			  packet, status byte and sense data
25167  *
25168  * Return Code: 0 - continue the watch task
25169  *		non-zero - terminate the watch task
25170  */
25171 
25172 static int
25173 sd_mhd_watch_cb(caddr_t arg, struct scsi_watch_result *resultp)
25174 {
25175 	struct sd_lun			*un;
25176 	struct scsi_status		*statusp;
25177 	uint8_t				*sensep;
25178 	struct scsi_pkt			*pkt;
25179 	uchar_t				actual_sense_length;
25180 	dev_t  				dev = (dev_t)arg;
25181 
25182 	ASSERT(resultp != NULL);
25183 	statusp			= resultp->statusp;
25184 	sensep			= (uint8_t *)resultp->sensep;
25185 	pkt			= resultp->pkt;
25186 	actual_sense_length	= resultp->actual_sense_length;
25187 
25188 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25189 		return (ENXIO);
25190 	}
25191 
25192 	SD_TRACE(SD_LOG_IOCTL_MHD, un,
25193 	    "sd_mhd_watch_cb: reason '%s', status '%s'\n",
25194 	    scsi_rname(pkt->pkt_reason), sd_sname(*((unsigned char *)statusp)));
25195 
25196 	/* Begin processing of the status and/or sense data */
25197 	if (pkt->pkt_reason != CMD_CMPLT) {
25198 		/* Handle the incomplete packet */
25199 		sd_mhd_watch_incomplete(un, pkt);
25200 		return (0);
25201 	} else if (*((unsigned char *)statusp) != STATUS_GOOD) {
25202 		if (*((unsigned char *)statusp)
25203 		    == STATUS_RESERVATION_CONFLICT) {
25204 			/*
25205 			 * Handle a reservation conflict by panicking if
25206 			 * configured for failfast or by logging the conflict
25207 			 * and updating the reservation status
25208 			 */
25209 			mutex_enter(SD_MUTEX(un));
25210 			if ((un->un_resvd_status & SD_FAILFAST) &&
25211 			    (sd_failfast_enable)) {
25212 				sd_panic_for_res_conflict(un);
25213 				/*NOTREACHED*/
25214 			}
25215 			SD_INFO(SD_LOG_IOCTL_MHD, un,
25216 			    "sd_mhd_watch_cb: Reservation Conflict\n");
25217 			un->un_resvd_status |= SD_RESERVATION_CONFLICT;
25218 			mutex_exit(SD_MUTEX(un));
25219 		}
25220 	}
25221 
25222 	if (sensep != NULL) {
25223 		if (actual_sense_length >= (SENSE_LENGTH - 2)) {
25224 			mutex_enter(SD_MUTEX(un));
25225 			if ((scsi_sense_asc(sensep) ==
25226 			    SD_SCSI_RESET_SENSE_CODE) &&
25227 			    (un->un_resvd_status & SD_RESERVE)) {
25228 				/*
25229 				 * The additional sense code indicates a power
25230 				 * on or bus device reset has occurred; update
25231 				 * the reservation status.
25232 				 */
25233 				un->un_resvd_status |=
25234 				    (SD_LOST_RESERVE | SD_WANT_RESERVE);
25235 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25236 				    "sd_mhd_watch_cb: Lost Reservation\n");
25237 			}
25238 		} else {
25239 			return (0);
25240 		}
25241 	} else {
25242 		mutex_enter(SD_MUTEX(un));
25243 	}
25244 
25245 	if ((un->un_resvd_status & SD_RESERVE) &&
25246 	    (un->un_resvd_status & SD_LOST_RESERVE)) {
25247 		if (un->un_resvd_status & SD_WANT_RESERVE) {
25248 			/*
25249 			 * A reset occurred in between the last probe and this
25250 			 * one so if a timeout is pending cancel it.
25251 			 */
25252 			if (un->un_resvd_timeid) {
25253 				timeout_id_t temp_id = un->un_resvd_timeid;
25254 				un->un_resvd_timeid = NULL;
25255 				mutex_exit(SD_MUTEX(un));
25256 				(void) untimeout(temp_id);
25257 				mutex_enter(SD_MUTEX(un));
25258 			}
25259 			un->un_resvd_status &= ~SD_WANT_RESERVE;
25260 		}
25261 		if (un->un_resvd_timeid == 0) {
25262 			/* Schedule a timeout to handle the lost reservation */
25263 			un->un_resvd_timeid = timeout(sd_mhd_resvd_recover,
25264 			    (void *)dev,
25265 			    drv_usectohz(sd_reinstate_resv_delay));
25266 		}
25267 	}
25268 	mutex_exit(SD_MUTEX(un));
25269 	return (0);
25270 }
25271 
25272 
25273 /*
25274  *    Function: sd_mhd_watch_incomplete()
25275  *
25276  * Description: This function is used to find out why a scsi pkt sent by the
25277  *		scsi watch facility was not completed. Under some scenarios this
25278  *		routine will return. Otherwise it will send a bus reset to see
25279  *		if the drive is still online.
25280  *
25281  *   Arguments: un  - driver soft state (unit) structure
25282  *		pkt - incomplete scsi pkt
25283  */
25284 
25285 static void
25286 sd_mhd_watch_incomplete(struct sd_lun *un, struct scsi_pkt *pkt)
25287 {
25288 	int	be_chatty;
25289 	int	perr;
25290 
25291 	ASSERT(pkt != NULL);
25292 	ASSERT(un != NULL);
25293 	be_chatty	= (!(pkt->pkt_flags & FLAG_SILENT));
25294 	perr		= (pkt->pkt_statistics & STAT_PERR);
25295 
25296 	mutex_enter(SD_MUTEX(un));
25297 	if (un->un_state == SD_STATE_DUMPING) {
25298 		mutex_exit(SD_MUTEX(un));
25299 		return;
25300 	}
25301 
25302 	switch (pkt->pkt_reason) {
25303 	case CMD_UNX_BUS_FREE:
25304 		/*
25305 		 * If we had a parity error that caused the target to drop BSY*,
25306 		 * don't be chatty about it.
25307 		 */
25308 		if (perr && be_chatty) {
25309 			be_chatty = 0;
25310 		}
25311 		break;
25312 	case CMD_TAG_REJECT:
25313 		/*
25314 		 * The SCSI-2 spec states that a tag reject will be sent by the
25315 		 * target if tagged queuing is not supported. A tag reject may
25316 		 * also be sent during certain initialization periods or to
25317 		 * control internal resources. For the latter case the target
25318 		 * may also return Queue Full.
25319 		 *
25320 		 * If this driver receives a tag reject from a target that is
25321 		 * going through an init period or controlling internal
25322 		 * resources tagged queuing will be disabled. This is a less
25323 		 * than optimal behavior but the driver is unable to determine
25324 		 * the target state and assumes tagged queueing is not supported
25325 		 */
25326 		pkt->pkt_flags = 0;
25327 		un->un_tagflags = 0;
25328 
25329 		if (un->un_f_opt_queueing == TRUE) {
25330 			un->un_throttle = min(un->un_throttle, 3);
25331 		} else {
25332 			un->un_throttle = 1;
25333 		}
25334 		mutex_exit(SD_MUTEX(un));
25335 		(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
25336 		mutex_enter(SD_MUTEX(un));
25337 		break;
25338 	case CMD_INCOMPLETE:
25339 		/*
25340 		 * The transport stopped with an abnormal state, fallthrough and
25341 		 * reset the target and/or bus unless selection did not complete
25342 		 * (indicated by STATE_GOT_BUS) in which case we don't want to
25343 		 * go through a target/bus reset
25344 		 */
25345 		if (pkt->pkt_state == STATE_GOT_BUS) {
25346 			break;
25347 		}
25348 		/*FALLTHROUGH*/
25349 
25350 	case CMD_TIMEOUT:
25351 	default:
25352 		/*
25353 		 * The lun may still be running the command, so a lun reset
25354 		 * should be attempted. If the lun reset fails or cannot be
25355 		 * issued, than try a target reset. Lastly try a bus reset.
25356 		 */
25357 		if ((pkt->pkt_statistics &
25358 		    (STAT_BUS_RESET|STAT_DEV_RESET|STAT_ABORTED)) == 0) {
25359 			int reset_retval = 0;
25360 			mutex_exit(SD_MUTEX(un));
25361 			if (un->un_f_allow_bus_device_reset == TRUE) {
25362 				if (un->un_f_lun_reset_enabled == TRUE) {
25363 					reset_retval =
25364 					    scsi_reset(SD_ADDRESS(un),
25365 					    RESET_LUN);
25366 				}
25367 				if (reset_retval == 0) {
25368 					reset_retval =
25369 					    scsi_reset(SD_ADDRESS(un),
25370 					    RESET_TARGET);
25371 				}
25372 			}
25373 			if (reset_retval == 0) {
25374 				(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
25375 			}
25376 			mutex_enter(SD_MUTEX(un));
25377 		}
25378 		break;
25379 	}
25380 
25381 	/* A device/bus reset has occurred; update the reservation status. */
25382 	if ((pkt->pkt_reason == CMD_RESET) || (pkt->pkt_statistics &
25383 	    (STAT_BUS_RESET | STAT_DEV_RESET))) {
25384 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25385 			un->un_resvd_status |=
25386 			    (SD_LOST_RESERVE | SD_WANT_RESERVE);
25387 			SD_INFO(SD_LOG_IOCTL_MHD, un,
25388 			    "sd_mhd_watch_incomplete: Lost Reservation\n");
25389 		}
25390 	}
25391 
25392 	/*
25393 	 * The disk has been turned off; Update the device state.
25394 	 *
25395 	 * Note: Should we be offlining the disk here?
25396 	 */
25397 	if (pkt->pkt_state == STATE_GOT_BUS) {
25398 		SD_INFO(SD_LOG_IOCTL_MHD, un, "sd_mhd_watch_incomplete: "
25399 		    "Disk not responding to selection\n");
25400 		if (un->un_state != SD_STATE_OFFLINE) {
25401 			New_state(un, SD_STATE_OFFLINE);
25402 		}
25403 	} else if (be_chatty) {
25404 		/*
25405 		 * suppress messages if they are all the same pkt reason;
25406 		 * with TQ, many (up to 256) are returned with the same
25407 		 * pkt_reason
25408 		 */
25409 		if (pkt->pkt_reason != un->un_last_pkt_reason) {
25410 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
25411 			    "sd_mhd_watch_incomplete: "
25412 			    "SCSI transport failed: reason '%s'\n",
25413 			    scsi_rname(pkt->pkt_reason));
25414 		}
25415 	}
25416 	un->un_last_pkt_reason = pkt->pkt_reason;
25417 	mutex_exit(SD_MUTEX(un));
25418 }
25419 
25420 
25421 /*
25422  *    Function: sd_sname()
25423  *
25424  * Description: This is a simple little routine to return a string containing
25425  *		a printable description of command status byte for use in
25426  *		logging.
25427  *
25428  *   Arguments: status - pointer to a status byte
25429  *
25430  * Return Code: char * - string containing status description.
25431  */
25432 
25433 static char *
25434 sd_sname(uchar_t status)
25435 {
25436 	switch (status & STATUS_MASK) {
25437 	case STATUS_GOOD:
25438 		return ("good status");
25439 	case STATUS_CHECK:
25440 		return ("check condition");
25441 	case STATUS_MET:
25442 		return ("condition met");
25443 	case STATUS_BUSY:
25444 		return ("busy");
25445 	case STATUS_INTERMEDIATE:
25446 		return ("intermediate");
25447 	case STATUS_INTERMEDIATE_MET:
25448 		return ("intermediate - condition met");
25449 	case STATUS_RESERVATION_CONFLICT:
25450 		return ("reservation_conflict");
25451 	case STATUS_TERMINATED:
25452 		return ("command terminated");
25453 	case STATUS_QFULL:
25454 		return ("queue full");
25455 	default:
25456 		return ("<unknown status>");
25457 	}
25458 }
25459 
25460 
25461 /*
25462  *    Function: sd_mhd_resvd_recover()
25463  *
25464  * Description: This function adds a reservation entry to the
25465  *		sd_resv_reclaim_request list and signals the reservation
25466  *		reclaim thread that there is work pending. If the reservation
25467  *		reclaim thread has not been previously created this function
25468  *		will kick it off.
25469  *
25470  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
25471  *			among multiple watches that share this callback function
25472  *
25473  *     Context: This routine is called by timeout() and is run in interrupt
25474  *		context. It must not sleep or call other functions which may
25475  *		sleep.
25476  */
25477 
25478 static void
25479 sd_mhd_resvd_recover(void *arg)
25480 {
25481 	dev_t			dev = (dev_t)arg;
25482 	struct sd_lun		*un;
25483 	struct sd_thr_request	*sd_treq = NULL;
25484 	struct sd_thr_request	*sd_cur = NULL;
25485 	struct sd_thr_request	*sd_prev = NULL;
25486 	int			already_there = 0;
25487 
25488 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25489 		return;
25490 	}
25491 
25492 	mutex_enter(SD_MUTEX(un));
25493 	un->un_resvd_timeid = NULL;
25494 	if (un->un_resvd_status & SD_WANT_RESERVE) {
25495 		/*
25496 		 * There was a reset so don't issue the reserve, allow the
25497 		 * sd_mhd_watch_cb callback function to notice this and
25498 		 * reschedule the timeout for reservation.
25499 		 */
25500 		mutex_exit(SD_MUTEX(un));
25501 		return;
25502 	}
25503 	mutex_exit(SD_MUTEX(un));
25504 
25505 	/*
25506 	 * Add this device to the sd_resv_reclaim_request list and the
25507 	 * sd_resv_reclaim_thread should take care of the rest.
25508 	 *
25509 	 * Note: We can't sleep in this context so if the memory allocation
25510 	 * fails allow the sd_mhd_watch_cb callback function to notice this and
25511 	 * reschedule the timeout for reservation.  (4378460)
25512 	 */
25513 	sd_treq = (struct sd_thr_request *)
25514 	    kmem_zalloc(sizeof (struct sd_thr_request), KM_NOSLEEP);
25515 	if (sd_treq == NULL) {
25516 		return;
25517 	}
25518 
25519 	sd_treq->sd_thr_req_next = NULL;
25520 	sd_treq->dev = dev;
25521 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25522 	if (sd_tr.srq_thr_req_head == NULL) {
25523 		sd_tr.srq_thr_req_head = sd_treq;
25524 	} else {
25525 		sd_cur = sd_prev = sd_tr.srq_thr_req_head;
25526 		for (; sd_cur != NULL; sd_cur = sd_cur->sd_thr_req_next) {
25527 			if (sd_cur->dev == dev) {
25528 				/*
25529 				 * already in Queue so don't log
25530 				 * another request for the device
25531 				 */
25532 				already_there = 1;
25533 				break;
25534 			}
25535 			sd_prev = sd_cur;
25536 		}
25537 		if (!already_there) {
25538 			SD_INFO(SD_LOG_IOCTL_MHD, un, "sd_mhd_resvd_recover: "
25539 			    "logging request for %lx\n", dev);
25540 			sd_prev->sd_thr_req_next = sd_treq;
25541 		} else {
25542 			kmem_free(sd_treq, sizeof (struct sd_thr_request));
25543 		}
25544 	}
25545 
25546 	/*
25547 	 * Create a kernel thread to do the reservation reclaim and free up this
25548 	 * thread. We cannot block this thread while we go away to do the
25549 	 * reservation reclaim
25550 	 */
25551 	if (sd_tr.srq_resv_reclaim_thread == NULL)
25552 		sd_tr.srq_resv_reclaim_thread = thread_create(NULL, 0,
25553 		    sd_resv_reclaim_thread, NULL,
25554 		    0, &p0, TS_RUN, v.v_maxsyspri - 2);
25555 
25556 	/* Tell the reservation reclaim thread that it has work to do */
25557 	cv_signal(&sd_tr.srq_resv_reclaim_cv);
25558 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25559 }
25560 
25561 /*
25562  *    Function: sd_resv_reclaim_thread()
25563  *
25564  * Description: This function implements the reservation reclaim operations
25565  *
25566  *   Arguments: arg - the device 'dev_t' is used for context to discriminate
25567  *		      among multiple watches that share this callback function
25568  */
25569 
25570 static void
25571 sd_resv_reclaim_thread()
25572 {
25573 	struct sd_lun		*un;
25574 	struct sd_thr_request	*sd_mhreq;
25575 
25576 	/* Wait for work */
25577 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25578 	if (sd_tr.srq_thr_req_head == NULL) {
25579 		cv_wait(&sd_tr.srq_resv_reclaim_cv,
25580 		    &sd_tr.srq_resv_reclaim_mutex);
25581 	}
25582 
25583 	/* Loop while we have work */
25584 	while ((sd_tr.srq_thr_cur_req = sd_tr.srq_thr_req_head) != NULL) {
25585 		un = ddi_get_soft_state(sd_state,
25586 		    SDUNIT(sd_tr.srq_thr_cur_req->dev));
25587 		if (un == NULL) {
25588 			/*
25589 			 * softstate structure is NULL so just
25590 			 * dequeue the request and continue
25591 			 */
25592 			sd_tr.srq_thr_req_head =
25593 			    sd_tr.srq_thr_cur_req->sd_thr_req_next;
25594 			kmem_free(sd_tr.srq_thr_cur_req,
25595 			    sizeof (struct sd_thr_request));
25596 			continue;
25597 		}
25598 
25599 		/* dequeue the request */
25600 		sd_mhreq = sd_tr.srq_thr_cur_req;
25601 		sd_tr.srq_thr_req_head =
25602 		    sd_tr.srq_thr_cur_req->sd_thr_req_next;
25603 		mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25604 
25605 		/*
25606 		 * Reclaim reservation only if SD_RESERVE is still set. There
25607 		 * may have been a call to MHIOCRELEASE before we got here.
25608 		 */
25609 		mutex_enter(SD_MUTEX(un));
25610 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25611 			/*
25612 			 * Note: The SD_LOST_RESERVE flag is cleared before
25613 			 * reclaiming the reservation. If this is done after the
25614 			 * call to sd_reserve_release a reservation loss in the
25615 			 * window between pkt completion of reserve cmd and
25616 			 * mutex_enter below may not be recognized
25617 			 */
25618 			un->un_resvd_status &= ~SD_LOST_RESERVE;
25619 			mutex_exit(SD_MUTEX(un));
25620 
25621 			if (sd_reserve_release(sd_mhreq->dev,
25622 			    SD_RESERVE) == 0) {
25623 				mutex_enter(SD_MUTEX(un));
25624 				un->un_resvd_status |= SD_RESERVE;
25625 				mutex_exit(SD_MUTEX(un));
25626 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25627 				    "sd_resv_reclaim_thread: "
25628 				    "Reservation Recovered\n");
25629 			} else {
25630 				mutex_enter(SD_MUTEX(un));
25631 				un->un_resvd_status |= SD_LOST_RESERVE;
25632 				mutex_exit(SD_MUTEX(un));
25633 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25634 				    "sd_resv_reclaim_thread: Failed "
25635 				    "Reservation Recovery\n");
25636 			}
25637 		} else {
25638 			mutex_exit(SD_MUTEX(un));
25639 		}
25640 		mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25641 		ASSERT(sd_mhreq == sd_tr.srq_thr_cur_req);
25642 		kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25643 		sd_mhreq = sd_tr.srq_thr_cur_req = NULL;
25644 		/*
25645 		 * wakeup the destroy thread if anyone is waiting on
25646 		 * us to complete.
25647 		 */
25648 		cv_signal(&sd_tr.srq_inprocess_cv);
25649 		SD_TRACE(SD_LOG_IOCTL_MHD, un,
25650 		    "sd_resv_reclaim_thread: cv_signalling current request \n");
25651 	}
25652 
25653 	/*
25654 	 * cleanup the sd_tr structure now that this thread will not exist
25655 	 */
25656 	ASSERT(sd_tr.srq_thr_req_head == NULL);
25657 	ASSERT(sd_tr.srq_thr_cur_req == NULL);
25658 	sd_tr.srq_resv_reclaim_thread = NULL;
25659 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25660 	thread_exit();
25661 }
25662 
25663 
25664 /*
25665  *    Function: sd_rmv_resv_reclaim_req()
25666  *
25667  * Description: This function removes any pending reservation reclaim requests
25668  *		for the specified device.
25669  *
25670  *   Arguments: dev - the device 'dev_t'
25671  */
25672 
25673 static void
25674 sd_rmv_resv_reclaim_req(dev_t dev)
25675 {
25676 	struct sd_thr_request *sd_mhreq;
25677 	struct sd_thr_request *sd_prev;
25678 
25679 	/* Remove a reservation reclaim request from the list */
25680 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25681 	if (sd_tr.srq_thr_cur_req && sd_tr.srq_thr_cur_req->dev == dev) {
25682 		/*
25683 		 * We are attempting to reinstate reservation for
25684 		 * this device. We wait for sd_reserve_release()
25685 		 * to return before we return.
25686 		 */
25687 		cv_wait(&sd_tr.srq_inprocess_cv,
25688 		    &sd_tr.srq_resv_reclaim_mutex);
25689 	} else {
25690 		sd_prev = sd_mhreq = sd_tr.srq_thr_req_head;
25691 		if (sd_mhreq && sd_mhreq->dev == dev) {
25692 			sd_tr.srq_thr_req_head = sd_mhreq->sd_thr_req_next;
25693 			kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25694 			mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25695 			return;
25696 		}
25697 		for (; sd_mhreq != NULL; sd_mhreq = sd_mhreq->sd_thr_req_next) {
25698 			if (sd_mhreq && sd_mhreq->dev == dev) {
25699 				break;
25700 			}
25701 			sd_prev = sd_mhreq;
25702 		}
25703 		if (sd_mhreq != NULL) {
25704 			sd_prev->sd_thr_req_next = sd_mhreq->sd_thr_req_next;
25705 			kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25706 		}
25707 	}
25708 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25709 }
25710 
25711 
25712 /*
25713  *    Function: sd_mhd_reset_notify_cb()
25714  *
25715  * Description: This is a call back function for scsi_reset_notify. This
25716  *		function updates the softstate reserved status and logs the
25717  *		reset. The driver scsi watch facility callback function
25718  *		(sd_mhd_watch_cb) and reservation reclaim thread functionality
25719  *		will reclaim the reservation.
25720  *
25721  *   Arguments: arg  - driver soft state (unit) structure
25722  */
25723 
25724 static void
25725 sd_mhd_reset_notify_cb(caddr_t arg)
25726 {
25727 	struct sd_lun *un = (struct sd_lun *)arg;
25728 
25729 	mutex_enter(SD_MUTEX(un));
25730 	if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25731 		un->un_resvd_status |= (SD_LOST_RESERVE | SD_WANT_RESERVE);
25732 		SD_INFO(SD_LOG_IOCTL_MHD, un,
25733 		    "sd_mhd_reset_notify_cb: Lost Reservation\n");
25734 	}
25735 	mutex_exit(SD_MUTEX(un));
25736 }
25737 
25738 
25739 /*
25740  *    Function: sd_take_ownership()
25741  *
25742  * Description: This routine implements an algorithm to achieve a stable
25743  *		reservation on disks which don't implement priority reserve,
25744  *		and makes sure that other host lose re-reservation attempts.
25745  *		This algorithm contains of a loop that keeps issuing the RESERVE
25746  *		for some period of time (min_ownership_delay, default 6 seconds)
25747  *		During that loop, it looks to see if there has been a bus device
25748  *		reset or bus reset (both of which cause an existing reservation
25749  *		to be lost). If the reservation is lost issue RESERVE until a
25750  *		period of min_ownership_delay with no resets has gone by, or
25751  *		until max_ownership_delay has expired. This loop ensures that
25752  *		the host really did manage to reserve the device, in spite of
25753  *		resets. The looping for min_ownership_delay (default six
25754  *		seconds) is important to early generation clustering products,
25755  *		Solstice HA 1.x and Sun Cluster 2.x. Those products use an
25756  *		MHIOCENFAILFAST periodic timer of two seconds. By having
25757  *		MHIOCTKOWN issue Reserves in a loop for six seconds, and having
25758  *		MHIOCENFAILFAST poll every two seconds, the idea is that by the
25759  *		time the MHIOCTKOWN ioctl returns, the other host (if any) will
25760  *		have already noticed, via the MHIOCENFAILFAST polling, that it
25761  *		no longer "owns" the disk and will have panicked itself.  Thus,
25762  *		the host issuing the MHIOCTKOWN is assured (with timing
25763  *		dependencies) that by the time it actually starts to use the
25764  *		disk for real work, the old owner is no longer accessing it.
25765  *
25766  *		min_ownership_delay is the minimum amount of time for which the
25767  *		disk must be reserved continuously devoid of resets before the
25768  *		MHIOCTKOWN ioctl will return success.
25769  *
25770  *		max_ownership_delay indicates the amount of time by which the
25771  *		take ownership should succeed or timeout with an error.
25772  *
25773  *   Arguments: dev - the device 'dev_t'
25774  *		*p  - struct containing timing info.
25775  *
25776  * Return Code: 0 for success or error code
25777  */
25778 
25779 static int
25780 sd_take_ownership(dev_t dev, struct mhioctkown *p)
25781 {
25782 	struct sd_lun	*un;
25783 	int		rval;
25784 	int		err;
25785 	int		reservation_count   = 0;
25786 	int		min_ownership_delay =  6000000; /* in usec */
25787 	int		max_ownership_delay = 30000000; /* in usec */
25788 	clock_t		start_time;	/* starting time of this algorithm */
25789 	clock_t		end_time;	/* time limit for giving up */
25790 	clock_t		ownership_time;	/* time limit for stable ownership */
25791 	clock_t		current_time;
25792 	clock_t		previous_current_time;
25793 
25794 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25795 		return (ENXIO);
25796 	}
25797 
25798 	/*
25799 	 * Attempt a device reservation. A priority reservation is requested.
25800 	 */
25801 	if ((rval = sd_reserve_release(dev, SD_PRIORITY_RESERVE))
25802 	    != SD_SUCCESS) {
25803 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
25804 		    "sd_take_ownership: return(1)=%d\n", rval);
25805 		return (rval);
25806 	}
25807 
25808 	/* Update the softstate reserved status to indicate the reservation */
25809 	mutex_enter(SD_MUTEX(un));
25810 	un->un_resvd_status |= SD_RESERVE;
25811 	un->un_resvd_status &=
25812 	    ~(SD_LOST_RESERVE | SD_WANT_RESERVE | SD_RESERVATION_CONFLICT);
25813 	mutex_exit(SD_MUTEX(un));
25814 
25815 	if (p != NULL) {
25816 		if (p->min_ownership_delay != 0) {
25817 			min_ownership_delay = p->min_ownership_delay * 1000;
25818 		}
25819 		if (p->max_ownership_delay != 0) {
25820 			max_ownership_delay = p->max_ownership_delay * 1000;
25821 		}
25822 	}
25823 	SD_INFO(SD_LOG_IOCTL_MHD, un,
25824 	    "sd_take_ownership: min, max delays: %d, %d\n",
25825 	    min_ownership_delay, max_ownership_delay);
25826 
25827 	start_time = ddi_get_lbolt();
25828 	current_time	= start_time;
25829 	ownership_time	= current_time + drv_usectohz(min_ownership_delay);
25830 	end_time	= start_time + drv_usectohz(max_ownership_delay);
25831 
25832 	while (current_time - end_time < 0) {
25833 		delay(drv_usectohz(500000));
25834 
25835 		if ((err = sd_reserve_release(dev, SD_RESERVE)) != 0) {
25836 			if ((sd_reserve_release(dev, SD_RESERVE)) != 0) {
25837 				mutex_enter(SD_MUTEX(un));
25838 				rval = (un->un_resvd_status &
25839 				    SD_RESERVATION_CONFLICT) ? EACCES : EIO;
25840 				mutex_exit(SD_MUTEX(un));
25841 				break;
25842 			}
25843 		}
25844 		previous_current_time = current_time;
25845 		current_time = ddi_get_lbolt();
25846 		mutex_enter(SD_MUTEX(un));
25847 		if (err || (un->un_resvd_status & SD_LOST_RESERVE)) {
25848 			ownership_time = ddi_get_lbolt() +
25849 			    drv_usectohz(min_ownership_delay);
25850 			reservation_count = 0;
25851 		} else {
25852 			reservation_count++;
25853 		}
25854 		un->un_resvd_status |= SD_RESERVE;
25855 		un->un_resvd_status &= ~(SD_LOST_RESERVE | SD_WANT_RESERVE);
25856 		mutex_exit(SD_MUTEX(un));
25857 
25858 		SD_INFO(SD_LOG_IOCTL_MHD, un,
25859 		    "sd_take_ownership: ticks for loop iteration=%ld, "
25860 		    "reservation=%s\n", (current_time - previous_current_time),
25861 		    reservation_count ? "ok" : "reclaimed");
25862 
25863 		if (current_time - ownership_time >= 0 &&
25864 		    reservation_count >= 4) {
25865 			rval = 0; /* Achieved a stable ownership */
25866 			break;
25867 		}
25868 		if (current_time - end_time >= 0) {
25869 			rval = EACCES; /* No ownership in max possible time */
25870 			break;
25871 		}
25872 	}
25873 	SD_TRACE(SD_LOG_IOCTL_MHD, un,
25874 	    "sd_take_ownership: return(2)=%d\n", rval);
25875 	return (rval);
25876 }
25877 
25878 
25879 /*
25880  *    Function: sd_reserve_release()
25881  *
25882  * Description: This function builds and sends scsi RESERVE, RELEASE, and
25883  *		PRIORITY RESERVE commands based on a user specified command type
25884  *
25885  *   Arguments: dev - the device 'dev_t'
25886  *		cmd - user specified command type; one of SD_PRIORITY_RESERVE,
25887  *		      SD_RESERVE, SD_RELEASE
25888  *
25889  * Return Code: 0 or Error Code
25890  */
25891 
25892 static int
25893 sd_reserve_release(dev_t dev, int cmd)
25894 {
25895 	struct uscsi_cmd	*com = NULL;
25896 	struct sd_lun		*un = NULL;
25897 	char			cdb[CDB_GROUP0];
25898 	int			rval;
25899 
25900 	ASSERT((cmd == SD_RELEASE) || (cmd == SD_RESERVE) ||
25901 	    (cmd == SD_PRIORITY_RESERVE));
25902 
25903 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25904 		return (ENXIO);
25905 	}
25906 
25907 	/* instantiate and initialize the command and cdb */
25908 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
25909 	bzero(cdb, CDB_GROUP0);
25910 	com->uscsi_flags   = USCSI_SILENT;
25911 	com->uscsi_timeout = un->un_reserve_release_time;
25912 	com->uscsi_cdblen  = CDB_GROUP0;
25913 	com->uscsi_cdb	   = cdb;
25914 	if (cmd == SD_RELEASE) {
25915 		cdb[0] = SCMD_RELEASE;
25916 	} else {
25917 		cdb[0] = SCMD_RESERVE;
25918 	}
25919 
25920 	/* Send the command. */
25921 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
25922 	    UIO_SYSSPACE, SD_PATH_STANDARD);
25923 
25924 	/*
25925 	 * "break" a reservation that is held by another host, by issuing a
25926 	 * reset if priority reserve is desired, and we could not get the
25927 	 * device.
25928 	 */
25929 	if ((cmd == SD_PRIORITY_RESERVE) &&
25930 	    (rval != 0) && (com->uscsi_status == STATUS_RESERVATION_CONFLICT)) {
25931 		/*
25932 		 * First try to reset the LUN. If we cannot, then try a target
25933 		 * reset, followed by a bus reset if the target reset fails.
25934 		 */
25935 		int reset_retval = 0;
25936 		if (un->un_f_lun_reset_enabled == TRUE) {
25937 			reset_retval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
25938 		}
25939 		if (reset_retval == 0) {
25940 			/* The LUN reset either failed or was not issued */
25941 			reset_retval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
25942 		}
25943 		if ((reset_retval == 0) &&
25944 		    (scsi_reset(SD_ADDRESS(un), RESET_ALL) == 0)) {
25945 			rval = EIO;
25946 			kmem_free(com, sizeof (*com));
25947 			return (rval);
25948 		}
25949 
25950 		bzero(com, sizeof (struct uscsi_cmd));
25951 		com->uscsi_flags   = USCSI_SILENT;
25952 		com->uscsi_cdb	   = cdb;
25953 		com->uscsi_cdblen  = CDB_GROUP0;
25954 		com->uscsi_timeout = 5;
25955 
25956 		/*
25957 		 * Reissue the last reserve command, this time without request
25958 		 * sense.  Assume that it is just a regular reserve command.
25959 		 */
25960 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
25961 		    UIO_SYSSPACE, SD_PATH_STANDARD);
25962 	}
25963 
25964 	/* Return an error if still getting a reservation conflict. */
25965 	if ((rval != 0) && (com->uscsi_status == STATUS_RESERVATION_CONFLICT)) {
25966 		rval = EACCES;
25967 	}
25968 
25969 	kmem_free(com, sizeof (*com));
25970 	return (rval);
25971 }
25972 
25973 
25974 #define	SD_NDUMP_RETRIES	12
25975 /*
25976  *	System Crash Dump routine
25977  */
25978 
25979 static int
25980 sddump(dev_t dev, caddr_t addr, daddr_t blkno, int nblk)
25981 {
25982 	int		instance;
25983 	int		partition;
25984 	int		i;
25985 	int		err;
25986 	struct sd_lun	*un;
25987 	struct dk_map	*lp;
25988 	struct scsi_pkt *wr_pktp;
25989 	struct buf	*wr_bp;
25990 	struct buf	wr_buf;
25991 	daddr_t		tgt_byte_offset; /* rmw - byte offset for target */
25992 	daddr_t		tgt_blkno;	/* rmw - blkno for target */
25993 	size_t		tgt_byte_count; /* rmw -  # of bytes to xfer */
25994 	size_t		tgt_nblk; /* rmw -  # of tgt blks to xfer */
25995 	size_t		io_start_offset;
25996 	int		doing_rmw = FALSE;
25997 	int		rval;
25998 #if defined(__i386) || defined(__amd64)
25999 	ssize_t dma_resid;
26000 	daddr_t oblkno;
26001 #endif
26002 
26003 	instance = SDUNIT(dev);
26004 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
26005 	    (!un->un_f_geometry_is_valid) || ISCD(un)) {
26006 		return (ENXIO);
26007 	}
26008 
26009 	_NOTE(NOW_INVISIBLE_TO_OTHER_THREADS(*un))
26010 
26011 	SD_TRACE(SD_LOG_DUMP, un, "sddump: entry\n");
26012 
26013 	partition = SDPART(dev);
26014 	SD_INFO(SD_LOG_DUMP, un, "sddump: partition = %d\n", partition);
26015 
26016 	/* Validate blocks to dump at against partition size. */
26017 	lp = &un->un_map[partition];
26018 	if ((blkno + nblk) > lp->dkl_nblk) {
26019 		SD_TRACE(SD_LOG_DUMP, un,
26020 		    "sddump: dump range larger than partition: "
26021 		    "blkno = 0x%x, nblk = 0x%x, dkl_nblk = 0x%x\n",
26022 		    blkno, nblk, lp->dkl_nblk);
26023 		return (EINVAL);
26024 	}
26025 
26026 	mutex_enter(&un->un_pm_mutex);
26027 	if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
26028 		struct scsi_pkt *start_pktp;
26029 
26030 		mutex_exit(&un->un_pm_mutex);
26031 
26032 		/*
26033 		 * use pm framework to power on HBA 1st
26034 		 */
26035 		(void) pm_raise_power(SD_DEVINFO(un), 0, SD_SPINDLE_ON);
26036 
26037 		/*
26038 		 * Dump no long uses sdpower to power on a device, it's
26039 		 * in-line here so it can be done in polled mode.
26040 		 */
26041 
26042 		SD_INFO(SD_LOG_DUMP, un, "sddump: starting device\n");
26043 
26044 		start_pktp = scsi_init_pkt(SD_ADDRESS(un), NULL, NULL,
26045 		    CDB_GROUP0, un->un_status_len, 0, 0, NULL_FUNC, NULL);
26046 
26047 		if (start_pktp == NULL) {
26048 			/* We were not given a SCSI packet, fail. */
26049 			return (EIO);
26050 		}
26051 		bzero(start_pktp->pkt_cdbp, CDB_GROUP0);
26052 		start_pktp->pkt_cdbp[0] = SCMD_START_STOP;
26053 		start_pktp->pkt_cdbp[4] = SD_TARGET_START;
26054 		start_pktp->pkt_flags = FLAG_NOINTR;
26055 
26056 		mutex_enter(SD_MUTEX(un));
26057 		SD_FILL_SCSI1_LUN(un, start_pktp);
26058 		mutex_exit(SD_MUTEX(un));
26059 		/*
26060 		 * Scsi_poll returns 0 (success) if the command completes and
26061 		 * the status block is STATUS_GOOD.
26062 		 */
26063 		if (sd_scsi_poll(un, start_pktp) != 0) {
26064 			scsi_destroy_pkt(start_pktp);
26065 			return (EIO);
26066 		}
26067 		scsi_destroy_pkt(start_pktp);
26068 		(void) sd_ddi_pm_resume(un);
26069 	} else {
26070 		mutex_exit(&un->un_pm_mutex);
26071 	}
26072 
26073 	mutex_enter(SD_MUTEX(un));
26074 	un->un_throttle = 0;
26075 
26076 	/*
26077 	 * The first time through, reset the specific target device.
26078 	 * However, when cpr calls sddump we know that sd is in a
26079 	 * a good state so no bus reset is required.
26080 	 * Clear sense data via Request Sense cmd.
26081 	 * In sddump we don't care about allow_bus_device_reset anymore
26082 	 */
26083 
26084 	if ((un->un_state != SD_STATE_SUSPENDED) &&
26085 	    (un->un_state != SD_STATE_DUMPING)) {
26086 
26087 		New_state(un, SD_STATE_DUMPING);
26088 
26089 		if (un->un_f_is_fibre == FALSE) {
26090 			mutex_exit(SD_MUTEX(un));
26091 			/*
26092 			 * Attempt a bus reset for parallel scsi.
26093 			 *
26094 			 * Note: A bus reset is required because on some host
26095 			 * systems (i.e. E420R) a bus device reset is
26096 			 * insufficient to reset the state of the target.
26097 			 *
26098 			 * Note: Don't issue the reset for fibre-channel,
26099 			 * because this tends to hang the bus (loop) for
26100 			 * too long while everyone is logging out and in
26101 			 * and the deadman timer for dumping will fire
26102 			 * before the dump is complete.
26103 			 */
26104 			if (scsi_reset(SD_ADDRESS(un), RESET_ALL) == 0) {
26105 				mutex_enter(SD_MUTEX(un));
26106 				Restore_state(un);
26107 				mutex_exit(SD_MUTEX(un));
26108 				return (EIO);
26109 			}
26110 
26111 			/* Delay to give the device some recovery time. */
26112 			drv_usecwait(10000);
26113 
26114 			if (sd_send_polled_RQS(un) == SD_FAILURE) {
26115 				SD_INFO(SD_LOG_DUMP, un,
26116 					"sddump: sd_send_polled_RQS failed\n");
26117 			}
26118 			mutex_enter(SD_MUTEX(un));
26119 		}
26120 	}
26121 
26122 	/*
26123 	 * Convert the partition-relative block number to a
26124 	 * disk physical block number.
26125 	 */
26126 	blkno += un->un_offset[partition];
26127 	SD_INFO(SD_LOG_DUMP, un, "sddump: disk blkno = 0x%x\n", blkno);
26128 
26129 
26130 	/*
26131 	 * Check if the device has a non-512 block size.
26132 	 */
26133 	wr_bp = NULL;
26134 	if (NOT_DEVBSIZE(un)) {
26135 		tgt_byte_offset = blkno * un->un_sys_blocksize;
26136 		tgt_byte_count = nblk * un->un_sys_blocksize;
26137 		if ((tgt_byte_offset % un->un_tgt_blocksize) ||
26138 		    (tgt_byte_count % un->un_tgt_blocksize)) {
26139 			doing_rmw = TRUE;
26140 			/*
26141 			 * Calculate the block number and number of block
26142 			 * in terms of the media block size.
26143 			 */
26144 			tgt_blkno = tgt_byte_offset / un->un_tgt_blocksize;
26145 			tgt_nblk =
26146 			    ((tgt_byte_offset + tgt_byte_count +
26147 				(un->un_tgt_blocksize - 1)) /
26148 				un->un_tgt_blocksize) - tgt_blkno;
26149 
26150 			/*
26151 			 * Invoke the routine which is going to do read part
26152 			 * of read-modify-write.
26153 			 * Note that this routine returns a pointer to
26154 			 * a valid bp in wr_bp.
26155 			 */
26156 			err = sddump_do_read_of_rmw(un, tgt_blkno, tgt_nblk,
26157 			    &wr_bp);
26158 			if (err) {
26159 				mutex_exit(SD_MUTEX(un));
26160 				return (err);
26161 			}
26162 			/*
26163 			 * Offset is being calculated as -
26164 			 * (original block # * system block size) -
26165 			 * (new block # * target block size)
26166 			 */
26167 			io_start_offset =
26168 			    ((uint64_t)(blkno * un->un_sys_blocksize)) -
26169 			    ((uint64_t)(tgt_blkno * un->un_tgt_blocksize));
26170 
26171 			ASSERT((io_start_offset >= 0) &&
26172 			    (io_start_offset < un->un_tgt_blocksize));
26173 			/*
26174 			 * Do the modify portion of read modify write.
26175 			 */
26176 			bcopy(addr, &wr_bp->b_un.b_addr[io_start_offset],
26177 			    (size_t)nblk * un->un_sys_blocksize);
26178 		} else {
26179 			doing_rmw = FALSE;
26180 			tgt_blkno = tgt_byte_offset / un->un_tgt_blocksize;
26181 			tgt_nblk = tgt_byte_count / un->un_tgt_blocksize;
26182 		}
26183 
26184 		/* Convert blkno and nblk to target blocks */
26185 		blkno = tgt_blkno;
26186 		nblk = tgt_nblk;
26187 	} else {
26188 		wr_bp = &wr_buf;
26189 		bzero(wr_bp, sizeof (struct buf));
26190 		wr_bp->b_flags		= B_BUSY;
26191 		wr_bp->b_un.b_addr	= addr;
26192 		wr_bp->b_bcount		= nblk << DEV_BSHIFT;
26193 		wr_bp->b_resid		= 0;
26194 	}
26195 
26196 	mutex_exit(SD_MUTEX(un));
26197 
26198 	/*
26199 	 * Obtain a SCSI packet for the write command.
26200 	 * It should be safe to call the allocator here without
26201 	 * worrying about being locked for DVMA mapping because
26202 	 * the address we're passed is already a DVMA mapping
26203 	 *
26204 	 * We are also not going to worry about semaphore ownership
26205 	 * in the dump buffer. Dumping is single threaded at present.
26206 	 */
26207 
26208 	wr_pktp = NULL;
26209 
26210 #if defined(__i386) || defined(__amd64)
26211 	dma_resid = wr_bp->b_bcount;
26212 	oblkno = blkno;
26213 	while (dma_resid != 0) {
26214 #endif
26215 
26216 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
26217 		wr_bp->b_flags &= ~B_ERROR;
26218 
26219 #if defined(__i386) || defined(__amd64)
26220 		blkno = oblkno +
26221 			((wr_bp->b_bcount - dma_resid) /
26222 			    un->un_tgt_blocksize);
26223 		nblk = dma_resid / un->un_tgt_blocksize;
26224 
26225 		if (wr_pktp) {
26226 			/* Partial DMA transfers after initial transfer */
26227 			rval = sd_setup_next_rw_pkt(un, wr_pktp, wr_bp,
26228 			    blkno, nblk);
26229 		} else {
26230 			/* Initial transfer */
26231 			rval = sd_setup_rw_pkt(un, &wr_pktp, wr_bp,
26232 			    un->un_pkt_flags, NULL_FUNC, NULL,
26233 			    blkno, nblk);
26234 		}
26235 #else
26236 		rval = sd_setup_rw_pkt(un, &wr_pktp, wr_bp,
26237 		    0, NULL_FUNC, NULL, blkno, nblk);
26238 #endif
26239 
26240 		if (rval == 0) {
26241 			/* We were given a SCSI packet, continue. */
26242 			break;
26243 		}
26244 
26245 		if (i == 0) {
26246 			if (wr_bp->b_flags & B_ERROR) {
26247 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26248 				    "no resources for dumping; "
26249 				    "error code: 0x%x, retrying",
26250 				    geterror(wr_bp));
26251 			} else {
26252 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26253 				    "no resources for dumping; retrying");
26254 			}
26255 		} else if (i != (SD_NDUMP_RETRIES - 1)) {
26256 			if (wr_bp->b_flags & B_ERROR) {
26257 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26258 				    "no resources for dumping; error code: "
26259 				    "0x%x, retrying\n", geterror(wr_bp));
26260 			}
26261 		} else {
26262 			if (wr_bp->b_flags & B_ERROR) {
26263 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26264 				    "no resources for dumping; "
26265 				    "error code: 0x%x, retries failed, "
26266 				    "giving up.\n", geterror(wr_bp));
26267 			} else {
26268 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26269 				    "no resources for dumping; "
26270 				    "retries failed, giving up.\n");
26271 			}
26272 			mutex_enter(SD_MUTEX(un));
26273 			Restore_state(un);
26274 			if (NOT_DEVBSIZE(un) && (doing_rmw == TRUE)) {
26275 				mutex_exit(SD_MUTEX(un));
26276 				scsi_free_consistent_buf(wr_bp);
26277 			} else {
26278 				mutex_exit(SD_MUTEX(un));
26279 			}
26280 			return (EIO);
26281 		}
26282 		drv_usecwait(10000);
26283 	}
26284 
26285 #if defined(__i386) || defined(__amd64)
26286 	/*
26287 	 * save the resid from PARTIAL_DMA
26288 	 */
26289 	dma_resid = wr_pktp->pkt_resid;
26290 	if (dma_resid != 0)
26291 		nblk -= SD_BYTES2TGTBLOCKS(un, dma_resid);
26292 	wr_pktp->pkt_resid = 0;
26293 #endif
26294 
26295 	/* SunBug 1222170 */
26296 	wr_pktp->pkt_flags = FLAG_NOINTR;
26297 
26298 	err = EIO;
26299 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
26300 
26301 		/*
26302 		 * Scsi_poll returns 0 (success) if the command completes and
26303 		 * the status block is STATUS_GOOD.  We should only check
26304 		 * errors if this condition is not true.  Even then we should
26305 		 * send our own request sense packet only if we have a check
26306 		 * condition and auto request sense has not been performed by
26307 		 * the hba.
26308 		 */
26309 		SD_TRACE(SD_LOG_DUMP, un, "sddump: sending write\n");
26310 
26311 		if ((sd_scsi_poll(un, wr_pktp) == 0) &&
26312 		    (wr_pktp->pkt_resid == 0)) {
26313 			err = SD_SUCCESS;
26314 			break;
26315 		}
26316 
26317 		/*
26318 		 * Check CMD_DEV_GONE 1st, give up if device is gone.
26319 		 */
26320 		if (wr_pktp->pkt_reason == CMD_DEV_GONE) {
26321 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26322 			    "Device is gone\n");
26323 			break;
26324 		}
26325 
26326 		if (SD_GET_PKT_STATUS(wr_pktp) == STATUS_CHECK) {
26327 			SD_INFO(SD_LOG_DUMP, un,
26328 			    "sddump: write failed with CHECK, try # %d\n", i);
26329 			if (((wr_pktp->pkt_state & STATE_ARQ_DONE) == 0)) {
26330 				(void) sd_send_polled_RQS(un);
26331 			}
26332 
26333 			continue;
26334 		}
26335 
26336 		if (SD_GET_PKT_STATUS(wr_pktp) == STATUS_BUSY) {
26337 			int reset_retval = 0;
26338 
26339 			SD_INFO(SD_LOG_DUMP, un,
26340 			    "sddump: write failed with BUSY, try # %d\n", i);
26341 
26342 			if (un->un_f_lun_reset_enabled == TRUE) {
26343 				reset_retval = scsi_reset(SD_ADDRESS(un),
26344 				    RESET_LUN);
26345 			}
26346 			if (reset_retval == 0) {
26347 				(void) scsi_reset(SD_ADDRESS(un), RESET_TARGET);
26348 			}
26349 			(void) sd_send_polled_RQS(un);
26350 
26351 		} else {
26352 			SD_INFO(SD_LOG_DUMP, un,
26353 			    "sddump: write failed with 0x%x, try # %d\n",
26354 			    SD_GET_PKT_STATUS(wr_pktp), i);
26355 			mutex_enter(SD_MUTEX(un));
26356 			sd_reset_target(un, wr_pktp);
26357 			mutex_exit(SD_MUTEX(un));
26358 		}
26359 
26360 		/*
26361 		 * If we are not getting anywhere with lun/target resets,
26362 		 * let's reset the bus.
26363 		 */
26364 		if (i == SD_NDUMP_RETRIES/2) {
26365 			(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
26366 			(void) sd_send_polled_RQS(un);
26367 		}
26368 
26369 	}
26370 #if defined(__i386) || defined(__amd64)
26371 	}	/* dma_resid */
26372 #endif
26373 
26374 	scsi_destroy_pkt(wr_pktp);
26375 	mutex_enter(SD_MUTEX(un));
26376 	if ((NOT_DEVBSIZE(un)) && (doing_rmw == TRUE)) {
26377 		mutex_exit(SD_MUTEX(un));
26378 		scsi_free_consistent_buf(wr_bp);
26379 	} else {
26380 		mutex_exit(SD_MUTEX(un));
26381 	}
26382 	SD_TRACE(SD_LOG_DUMP, un, "sddump: exit: err = %d\n", err);
26383 	return (err);
26384 }
26385 
26386 /*
26387  *    Function: sd_scsi_poll()
26388  *
26389  * Description: This is a wrapper for the scsi_poll call.
26390  *
26391  *   Arguments: sd_lun - The unit structure
26392  *              scsi_pkt - The scsi packet being sent to the device.
26393  *
26394  * Return Code: 0 - Command completed successfully with good status
26395  *             -1 - Command failed.  This could indicate a check condition
26396  *                  or other status value requiring recovery action.
26397  *
26398  */
26399 
26400 static int
26401 sd_scsi_poll(struct sd_lun *un, struct scsi_pkt *pktp)
26402 {
26403 	int status;
26404 
26405 	ASSERT(un != NULL);
26406 	ASSERT(!mutex_owned(SD_MUTEX(un)));
26407 	ASSERT(pktp != NULL);
26408 
26409 	status = SD_SUCCESS;
26410 
26411 	if (scsi_ifgetcap(&pktp->pkt_address, "tagged-qing", 1) == 1) {
26412 		pktp->pkt_flags |= un->un_tagflags;
26413 		pktp->pkt_flags &= ~FLAG_NODISCON;
26414 	}
26415 
26416 	status = sd_ddi_scsi_poll(pktp);
26417 	/*
26418 	 * Scsi_poll returns 0 (success) if the command completes and the
26419 	 * status block is STATUS_GOOD.  We should only check errors if this
26420 	 * condition is not true.  Even then we should send our own request
26421 	 * sense packet only if we have a check condition and auto
26422 	 * request sense has not been performed by the hba.
26423 	 * Don't get RQS data if pkt_reason is CMD_DEV_GONE.
26424 	 */
26425 	if ((status != SD_SUCCESS) &&
26426 	    (SD_GET_PKT_STATUS(pktp) == STATUS_CHECK) &&
26427 	    (pktp->pkt_state & STATE_ARQ_DONE) == 0 &&
26428 	    (pktp->pkt_reason != CMD_DEV_GONE))
26429 		(void) sd_send_polled_RQS(un);
26430 
26431 	return (status);
26432 }
26433 
26434 /*
26435  *    Function: sd_send_polled_RQS()
26436  *
26437  * Description: This sends the request sense command to a device.
26438  *
26439  *   Arguments: sd_lun - The unit structure
26440  *
26441  * Return Code: 0 - Command completed successfully with good status
26442  *             -1 - Command failed.
26443  *
26444  */
26445 
26446 static int
26447 sd_send_polled_RQS(struct sd_lun *un)
26448 {
26449 	int	ret_val;
26450 	struct	scsi_pkt	*rqs_pktp;
26451 	struct	buf		*rqs_bp;
26452 
26453 	ASSERT(un != NULL);
26454 	ASSERT(!mutex_owned(SD_MUTEX(un)));
26455 
26456 	ret_val = SD_SUCCESS;
26457 
26458 	rqs_pktp = un->un_rqs_pktp;
26459 	rqs_bp	 = un->un_rqs_bp;
26460 
26461 	mutex_enter(SD_MUTEX(un));
26462 
26463 	if (un->un_sense_isbusy) {
26464 		ret_val = SD_FAILURE;
26465 		mutex_exit(SD_MUTEX(un));
26466 		return (ret_val);
26467 	}
26468 
26469 	/*
26470 	 * If the request sense buffer (and packet) is not in use,
26471 	 * let's set the un_sense_isbusy and send our packet
26472 	 */
26473 	un->un_sense_isbusy 	= 1;
26474 	rqs_pktp->pkt_resid  	= 0;
26475 	rqs_pktp->pkt_reason 	= 0;
26476 	rqs_pktp->pkt_flags |= FLAG_NOINTR;
26477 	bzero(rqs_bp->b_un.b_addr, SENSE_LENGTH);
26478 
26479 	mutex_exit(SD_MUTEX(un));
26480 
26481 	SD_INFO(SD_LOG_COMMON, un, "sd_send_polled_RQS: req sense buf at"
26482 	    " 0x%p\n", rqs_bp->b_un.b_addr);
26483 
26484 	/*
26485 	 * Can't send this to sd_scsi_poll, we wrap ourselves around the
26486 	 * axle - it has a call into us!
26487 	 */
26488 	if ((ret_val = sd_ddi_scsi_poll(rqs_pktp)) != 0) {
26489 		SD_INFO(SD_LOG_COMMON, un,
26490 		    "sd_send_polled_RQS: RQS failed\n");
26491 	}
26492 
26493 	SD_DUMP_MEMORY(un, SD_LOG_COMMON, "sd_send_polled_RQS:",
26494 	    (uchar_t *)rqs_bp->b_un.b_addr, SENSE_LENGTH, SD_LOG_HEX);
26495 
26496 	mutex_enter(SD_MUTEX(un));
26497 	un->un_sense_isbusy = 0;
26498 	mutex_exit(SD_MUTEX(un));
26499 
26500 	return (ret_val);
26501 }
26502 
26503 /*
26504  * Defines needed for localized version of the scsi_poll routine.
26505  */
26506 #define	SD_CSEC		10000			/* usecs */
26507 #define	SD_SEC_TO_CSEC	(1000000/SD_CSEC)
26508 
26509 
26510 /*
26511  *    Function: sd_ddi_scsi_poll()
26512  *
26513  * Description: Localized version of the scsi_poll routine.  The purpose is to
26514  *		send a scsi_pkt to a device as a polled command.  This version
26515  *		is to ensure more robust handling of transport errors.
26516  *		Specifically this routine cures not ready, coming ready
26517  *		transition for power up and reset of sonoma's.  This can take
26518  *		up to 45 seconds for power-on and 20 seconds for reset of a
26519  * 		sonoma lun.
26520  *
26521  *   Arguments: scsi_pkt - The scsi_pkt being sent to a device
26522  *
26523  * Return Code: 0 - Command completed successfully with good status
26524  *             -1 - Command failed.
26525  *
26526  */
26527 
26528 static int
26529 sd_ddi_scsi_poll(struct scsi_pkt *pkt)
26530 {
26531 	int busy_count;
26532 	int timeout;
26533 	int rval = SD_FAILURE;
26534 	int savef;
26535 	uint8_t *sensep;
26536 	long savet;
26537 	void (*savec)();
26538 	/*
26539 	 * The following is defined in machdep.c and is used in determining if
26540 	 * the scsi transport system will do polled I/O instead of interrupt
26541 	 * I/O when called from xx_dump().
26542 	 */
26543 	extern int do_polled_io;
26544 
26545 	/*
26546 	 * save old flags in pkt, to restore at end
26547 	 */
26548 	savef = pkt->pkt_flags;
26549 	savec = pkt->pkt_comp;
26550 	savet = pkt->pkt_time;
26551 
26552 	pkt->pkt_flags |= FLAG_NOINTR;
26553 
26554 	/*
26555 	 * XXX there is nothing in the SCSA spec that states that we should not
26556 	 * do a callback for polled cmds; however, removing this will break sd
26557 	 * and probably other target drivers
26558 	 */
26559 	pkt->pkt_comp = NULL;
26560 
26561 	/*
26562 	 * we don't like a polled command without timeout.
26563 	 * 60 seconds seems long enough.
26564 	 */
26565 	if (pkt->pkt_time == 0) {
26566 		pkt->pkt_time = SCSI_POLL_TIMEOUT;
26567 	}
26568 
26569 	/*
26570 	 * Send polled cmd.
26571 	 *
26572 	 * We do some error recovery for various errors.  Tran_busy,
26573 	 * queue full, and non-dispatched commands are retried every 10 msec.
26574 	 * as they are typically transient failures.  Busy status and Not
26575 	 * Ready are retried every second as this status takes a while to
26576 	 * change.  Unit attention is retried for pkt_time (60) times
26577 	 * with no delay.
26578 	 */
26579 	timeout = pkt->pkt_time * SD_SEC_TO_CSEC;
26580 
26581 	for (busy_count = 0; busy_count < timeout; busy_count++) {
26582 		int rc;
26583 		int poll_delay;
26584 
26585 		/*
26586 		 * Initialize pkt status variables.
26587 		 */
26588 		*pkt->pkt_scbp = pkt->pkt_reason = pkt->pkt_state = 0;
26589 
26590 		if ((rc = scsi_transport(pkt)) != TRAN_ACCEPT) {
26591 			if (rc != TRAN_BUSY) {
26592 				/* Transport failed - give up. */
26593 				break;
26594 			} else {
26595 				/* Transport busy - try again. */
26596 				poll_delay = 1 * SD_CSEC; /* 10 msec */
26597 			}
26598 		} else {
26599 			/*
26600 			 * Transport accepted - check pkt status.
26601 			 */
26602 			rc = (*pkt->pkt_scbp) & STATUS_MASK;
26603 			if (pkt->pkt_reason == CMD_CMPLT &&
26604 			    rc == STATUS_CHECK &&
26605 			    pkt->pkt_state & STATE_ARQ_DONE) {
26606 				struct scsi_arq_status *arqstat =
26607 				    (struct scsi_arq_status *)(pkt->pkt_scbp);
26608 
26609 				sensep = (uint8_t *)&arqstat->sts_sensedata;
26610 			} else {
26611 				sensep = NULL;
26612 			}
26613 
26614 			if ((pkt->pkt_reason == CMD_CMPLT) &&
26615 			    (rc == STATUS_GOOD)) {
26616 				/* No error - we're done */
26617 				rval = SD_SUCCESS;
26618 				break;
26619 
26620 			} else if (pkt->pkt_reason == CMD_DEV_GONE) {
26621 				/* Lost connection - give up */
26622 				break;
26623 
26624 			} else if ((pkt->pkt_reason == CMD_INCOMPLETE) &&
26625 			    (pkt->pkt_state == 0)) {
26626 				/* Pkt not dispatched - try again. */
26627 				poll_delay = 1 * SD_CSEC; /* 10 msec. */
26628 
26629 			} else if ((pkt->pkt_reason == CMD_CMPLT) &&
26630 			    (rc == STATUS_QFULL)) {
26631 				/* Queue full - try again. */
26632 				poll_delay = 1 * SD_CSEC; /* 10 msec. */
26633 
26634 			} else if ((pkt->pkt_reason == CMD_CMPLT) &&
26635 			    (rc == STATUS_BUSY)) {
26636 				/* Busy - try again. */
26637 				poll_delay = 100 * SD_CSEC; /* 1 sec. */
26638 				busy_count += (SD_SEC_TO_CSEC - 1);
26639 
26640 			} else if ((sensep != NULL) &&
26641 			    (scsi_sense_key(sensep) ==
26642 				KEY_UNIT_ATTENTION)) {
26643 				/* Unit Attention - try again */
26644 				busy_count += (SD_SEC_TO_CSEC - 1); /* 1 */
26645 				continue;
26646 
26647 			} else if ((sensep != NULL) &&
26648 			    (scsi_sense_key(sensep) == KEY_NOT_READY) &&
26649 			    (scsi_sense_asc(sensep) == 0x04) &&
26650 			    (scsi_sense_ascq(sensep) == 0x01)) {
26651 				/* Not ready -> ready - try again. */
26652 				poll_delay = 100 * SD_CSEC; /* 1 sec. */
26653 				busy_count += (SD_SEC_TO_CSEC - 1);
26654 
26655 			} else {
26656 				/* BAD status - give up. */
26657 				break;
26658 			}
26659 		}
26660 
26661 		if ((curthread->t_flag & T_INTR_THREAD) == 0 &&
26662 		    !do_polled_io) {
26663 			delay(drv_usectohz(poll_delay));
26664 		} else {
26665 			/* we busy wait during cpr_dump or interrupt threads */
26666 			drv_usecwait(poll_delay);
26667 		}
26668 	}
26669 
26670 	pkt->pkt_flags = savef;
26671 	pkt->pkt_comp = savec;
26672 	pkt->pkt_time = savet;
26673 	return (rval);
26674 }
26675 
26676 
26677 /*
26678  *    Function: sd_persistent_reservation_in_read_keys
26679  *
26680  * Description: This routine is the driver entry point for handling CD-ROM
26681  *		multi-host persistent reservation requests (MHIOCGRP_INKEYS)
26682  *		by sending the SCSI-3 PRIN commands to the device.
26683  *		Processes the read keys command response by copying the
26684  *		reservation key information into the user provided buffer.
26685  *		Support for the 32/64 bit _MULTI_DATAMODEL is implemented.
26686  *
26687  *   Arguments: un   -  Pointer to soft state struct for the target.
26688  *		usrp -	user provided pointer to multihost Persistent In Read
26689  *			Keys structure (mhioc_inkeys_t)
26690  *		flag -	this argument is a pass through to ddi_copyxxx()
26691  *			directly from the mode argument of ioctl().
26692  *
26693  * Return Code: 0   - Success
26694  *		EACCES
26695  *		ENOTSUP
26696  *		errno return code from sd_send_scsi_cmd()
26697  *
26698  *     Context: Can sleep. Does not return until command is completed.
26699  */
26700 
26701 static int
26702 sd_persistent_reservation_in_read_keys(struct sd_lun *un,
26703     mhioc_inkeys_t *usrp, int flag)
26704 {
26705 #ifdef _MULTI_DATAMODEL
26706 	struct mhioc_key_list32	li32;
26707 #endif
26708 	sd_prin_readkeys_t	*in;
26709 	mhioc_inkeys_t		*ptr;
26710 	mhioc_key_list_t	li;
26711 	uchar_t			*data_bufp;
26712 	int 			data_len;
26713 	int			rval;
26714 	size_t			copysz;
26715 
26716 	if ((ptr = (mhioc_inkeys_t *)usrp) == NULL) {
26717 		return (EINVAL);
26718 	}
26719 	bzero(&li, sizeof (mhioc_key_list_t));
26720 
26721 	/*
26722 	 * Get the listsize from user
26723 	 */
26724 #ifdef _MULTI_DATAMODEL
26725 
26726 	switch (ddi_model_convert_from(flag & FMODELS)) {
26727 	case DDI_MODEL_ILP32:
26728 		copysz = sizeof (struct mhioc_key_list32);
26729 		if (ddi_copyin(ptr->li, &li32, copysz, flag)) {
26730 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26731 			    "sd_persistent_reservation_in_read_keys: "
26732 			    "failed ddi_copyin: mhioc_key_list32_t\n");
26733 			rval = EFAULT;
26734 			goto done;
26735 		}
26736 		li.listsize = li32.listsize;
26737 		li.list = (mhioc_resv_key_t *)(uintptr_t)li32.list;
26738 		break;
26739 
26740 	case DDI_MODEL_NONE:
26741 		copysz = sizeof (mhioc_key_list_t);
26742 		if (ddi_copyin(ptr->li, &li, copysz, flag)) {
26743 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26744 			    "sd_persistent_reservation_in_read_keys: "
26745 			    "failed ddi_copyin: mhioc_key_list_t\n");
26746 			rval = EFAULT;
26747 			goto done;
26748 		}
26749 		break;
26750 	}
26751 
26752 #else /* ! _MULTI_DATAMODEL */
26753 	copysz = sizeof (mhioc_key_list_t);
26754 	if (ddi_copyin(ptr->li, &li, copysz, flag)) {
26755 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26756 		    "sd_persistent_reservation_in_read_keys: "
26757 		    "failed ddi_copyin: mhioc_key_list_t\n");
26758 		rval = EFAULT;
26759 		goto done;
26760 	}
26761 #endif
26762 
26763 	data_len  = li.listsize * MHIOC_RESV_KEY_SIZE;
26764 	data_len += (sizeof (sd_prin_readkeys_t) - sizeof (caddr_t));
26765 	data_bufp = kmem_zalloc(data_len, KM_SLEEP);
26766 
26767 	if ((rval = sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_KEYS,
26768 	    data_len, data_bufp)) != 0) {
26769 		goto done;
26770 	}
26771 	in = (sd_prin_readkeys_t *)data_bufp;
26772 	ptr->generation = BE_32(in->generation);
26773 	li.listlen = BE_32(in->len) / MHIOC_RESV_KEY_SIZE;
26774 
26775 	/*
26776 	 * Return the min(listsize, listlen) keys
26777 	 */
26778 #ifdef _MULTI_DATAMODEL
26779 
26780 	switch (ddi_model_convert_from(flag & FMODELS)) {
26781 	case DDI_MODEL_ILP32:
26782 		li32.listlen = li.listlen;
26783 		if (ddi_copyout(&li32, ptr->li, copysz, flag)) {
26784 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26785 			    "sd_persistent_reservation_in_read_keys: "
26786 			    "failed ddi_copyout: mhioc_key_list32_t\n");
26787 			rval = EFAULT;
26788 			goto done;
26789 		}
26790 		break;
26791 
26792 	case DDI_MODEL_NONE:
26793 		if (ddi_copyout(&li, ptr->li, copysz, flag)) {
26794 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26795 			    "sd_persistent_reservation_in_read_keys: "
26796 			    "failed ddi_copyout: mhioc_key_list_t\n");
26797 			rval = EFAULT;
26798 			goto done;
26799 		}
26800 		break;
26801 	}
26802 
26803 #else /* ! _MULTI_DATAMODEL */
26804 
26805 	if (ddi_copyout(&li, ptr->li, copysz, flag)) {
26806 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26807 		    "sd_persistent_reservation_in_read_keys: "
26808 		    "failed ddi_copyout: mhioc_key_list_t\n");
26809 		rval = EFAULT;
26810 		goto done;
26811 	}
26812 
26813 #endif /* _MULTI_DATAMODEL */
26814 
26815 	copysz = min(li.listlen * MHIOC_RESV_KEY_SIZE,
26816 	    li.listsize * MHIOC_RESV_KEY_SIZE);
26817 	if (ddi_copyout(&in->keylist, li.list, copysz, flag)) {
26818 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26819 		    "sd_persistent_reservation_in_read_keys: "
26820 		    "failed ddi_copyout: keylist\n");
26821 		rval = EFAULT;
26822 	}
26823 done:
26824 	kmem_free(data_bufp, data_len);
26825 	return (rval);
26826 }
26827 
26828 
26829 /*
26830  *    Function: sd_persistent_reservation_in_read_resv
26831  *
26832  * Description: This routine is the driver entry point for handling CD-ROM
26833  *		multi-host persistent reservation requests (MHIOCGRP_INRESV)
26834  *		by sending the SCSI-3 PRIN commands to the device.
26835  *		Process the read persistent reservations command response by
26836  *		copying the reservation information into the user provided
26837  *		buffer. Support for the 32/64 _MULTI_DATAMODEL is implemented.
26838  *
26839  *   Arguments: un   -  Pointer to soft state struct for the target.
26840  *		usrp -	user provided pointer to multihost Persistent In Read
26841  *			Keys structure (mhioc_inkeys_t)
26842  *		flag -	this argument is a pass through to ddi_copyxxx()
26843  *			directly from the mode argument of ioctl().
26844  *
26845  * Return Code: 0   - Success
26846  *		EACCES
26847  *		ENOTSUP
26848  *		errno return code from sd_send_scsi_cmd()
26849  *
26850  *     Context: Can sleep. Does not return until command is completed.
26851  */
26852 
26853 static int
26854 sd_persistent_reservation_in_read_resv(struct sd_lun *un,
26855     mhioc_inresvs_t *usrp, int flag)
26856 {
26857 #ifdef _MULTI_DATAMODEL
26858 	struct mhioc_resv_desc_list32 resvlist32;
26859 #endif
26860 	sd_prin_readresv_t	*in;
26861 	mhioc_inresvs_t		*ptr;
26862 	sd_readresv_desc_t	*readresv_ptr;
26863 	mhioc_resv_desc_list_t	resvlist;
26864 	mhioc_resv_desc_t 	resvdesc;
26865 	uchar_t			*data_bufp;
26866 	int 			data_len;
26867 	int			rval;
26868 	int			i;
26869 	size_t			copysz;
26870 	mhioc_resv_desc_t	*bufp;
26871 
26872 	if ((ptr = usrp) == NULL) {
26873 		return (EINVAL);
26874 	}
26875 
26876 	/*
26877 	 * Get the listsize from user
26878 	 */
26879 #ifdef _MULTI_DATAMODEL
26880 	switch (ddi_model_convert_from(flag & FMODELS)) {
26881 	case DDI_MODEL_ILP32:
26882 		copysz = sizeof (struct mhioc_resv_desc_list32);
26883 		if (ddi_copyin(ptr->li, &resvlist32, copysz, flag)) {
26884 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26885 			    "sd_persistent_reservation_in_read_resv: "
26886 			    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26887 			rval = EFAULT;
26888 			goto done;
26889 		}
26890 		resvlist.listsize = resvlist32.listsize;
26891 		resvlist.list = (mhioc_resv_desc_t *)(uintptr_t)resvlist32.list;
26892 		break;
26893 
26894 	case DDI_MODEL_NONE:
26895 		copysz = sizeof (mhioc_resv_desc_list_t);
26896 		if (ddi_copyin(ptr->li, &resvlist, copysz, flag)) {
26897 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26898 			    "sd_persistent_reservation_in_read_resv: "
26899 			    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26900 			rval = EFAULT;
26901 			goto done;
26902 		}
26903 		break;
26904 	}
26905 #else /* ! _MULTI_DATAMODEL */
26906 	copysz = sizeof (mhioc_resv_desc_list_t);
26907 	if (ddi_copyin(ptr->li, &resvlist, copysz, flag)) {
26908 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26909 		    "sd_persistent_reservation_in_read_resv: "
26910 		    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26911 		rval = EFAULT;
26912 		goto done;
26913 	}
26914 #endif /* ! _MULTI_DATAMODEL */
26915 
26916 	data_len  = resvlist.listsize * SCSI3_RESV_DESC_LEN;
26917 	data_len += (sizeof (sd_prin_readresv_t) - sizeof (caddr_t));
26918 	data_bufp = kmem_zalloc(data_len, KM_SLEEP);
26919 
26920 	if ((rval = sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_RESV,
26921 	    data_len, data_bufp)) != 0) {
26922 		goto done;
26923 	}
26924 	in = (sd_prin_readresv_t *)data_bufp;
26925 	ptr->generation = BE_32(in->generation);
26926 	resvlist.listlen = BE_32(in->len) / SCSI3_RESV_DESC_LEN;
26927 
26928 	/*
26929 	 * Return the min(listsize, listlen( keys
26930 	 */
26931 #ifdef _MULTI_DATAMODEL
26932 
26933 	switch (ddi_model_convert_from(flag & FMODELS)) {
26934 	case DDI_MODEL_ILP32:
26935 		resvlist32.listlen = resvlist.listlen;
26936 		if (ddi_copyout(&resvlist32, ptr->li, copysz, flag)) {
26937 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26938 			    "sd_persistent_reservation_in_read_resv: "
26939 			    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26940 			rval = EFAULT;
26941 			goto done;
26942 		}
26943 		break;
26944 
26945 	case DDI_MODEL_NONE:
26946 		if (ddi_copyout(&resvlist, ptr->li, copysz, flag)) {
26947 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26948 			    "sd_persistent_reservation_in_read_resv: "
26949 			    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26950 			rval = EFAULT;
26951 			goto done;
26952 		}
26953 		break;
26954 	}
26955 
26956 #else /* ! _MULTI_DATAMODEL */
26957 
26958 	if (ddi_copyout(&resvlist, ptr->li, copysz, flag)) {
26959 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26960 		    "sd_persistent_reservation_in_read_resv: "
26961 		    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26962 		rval = EFAULT;
26963 		goto done;
26964 	}
26965 
26966 #endif /* ! _MULTI_DATAMODEL */
26967 
26968 	readresv_ptr = (sd_readresv_desc_t *)&in->readresv_desc;
26969 	bufp = resvlist.list;
26970 	copysz = sizeof (mhioc_resv_desc_t);
26971 	for (i = 0; i < min(resvlist.listlen, resvlist.listsize);
26972 	    i++, readresv_ptr++, bufp++) {
26973 
26974 		bcopy(&readresv_ptr->resvkey, &resvdesc.key,
26975 		    MHIOC_RESV_KEY_SIZE);
26976 		resvdesc.type  = readresv_ptr->type;
26977 		resvdesc.scope = readresv_ptr->scope;
26978 		resvdesc.scope_specific_addr =
26979 		    BE_32(readresv_ptr->scope_specific_addr);
26980 
26981 		if (ddi_copyout(&resvdesc, bufp, copysz, flag)) {
26982 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26983 			    "sd_persistent_reservation_in_read_resv: "
26984 			    "failed ddi_copyout: resvlist\n");
26985 			rval = EFAULT;
26986 			goto done;
26987 		}
26988 	}
26989 done:
26990 	kmem_free(data_bufp, data_len);
26991 	return (rval);
26992 }
26993 
26994 
26995 /*
26996  *    Function: sr_change_blkmode()
26997  *
26998  * Description: This routine is the driver entry point for handling CD-ROM
26999  *		block mode ioctl requests. Support for returning and changing
27000  *		the current block size in use by the device is implemented. The
27001  *		LBA size is changed via a MODE SELECT Block Descriptor.
27002  *
27003  *		This routine issues a mode sense with an allocation length of
27004  *		12 bytes for the mode page header and a single block descriptor.
27005  *
27006  *   Arguments: dev - the device 'dev_t'
27007  *		cmd - the request type; one of CDROMGBLKMODE (get) or
27008  *		      CDROMSBLKMODE (set)
27009  *		data - current block size or requested block size
27010  *		flag - this argument is a pass through to ddi_copyxxx() directly
27011  *		       from the mode argument of ioctl().
27012  *
27013  * Return Code: the code returned by sd_send_scsi_cmd()
27014  *		EINVAL if invalid arguments are provided
27015  *		EFAULT if ddi_copyxxx() fails
27016  *		ENXIO if fail ddi_get_soft_state
27017  *		EIO if invalid mode sense block descriptor length
27018  *
27019  */
27020 
27021 static int
27022 sr_change_blkmode(dev_t dev, int cmd, intptr_t data, int flag)
27023 {
27024 	struct sd_lun			*un = NULL;
27025 	struct mode_header		*sense_mhp, *select_mhp;
27026 	struct block_descriptor		*sense_desc, *select_desc;
27027 	int				current_bsize;
27028 	int				rval = EINVAL;
27029 	uchar_t				*sense = NULL;
27030 	uchar_t				*select = NULL;
27031 
27032 	ASSERT((cmd == CDROMGBLKMODE) || (cmd == CDROMSBLKMODE));
27033 
27034 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27035 		return (ENXIO);
27036 	}
27037 
27038 	/*
27039 	 * The block length is changed via the Mode Select block descriptor, the
27040 	 * "Read/Write Error Recovery" mode page (0x1) contents are not actually
27041 	 * required as part of this routine. Therefore the mode sense allocation
27042 	 * length is specified to be the length of a mode page header and a
27043 	 * block descriptor.
27044 	 */
27045 	sense = kmem_zalloc(BUFLEN_CHG_BLK_MODE, KM_SLEEP);
27046 
27047 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
27048 	    BUFLEN_CHG_BLK_MODE, MODEPAGE_ERR_RECOV, SD_PATH_STANDARD)) != 0) {
27049 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27050 		    "sr_change_blkmode: Mode Sense Failed\n");
27051 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
27052 		return (rval);
27053 	}
27054 
27055 	/* Check the block descriptor len to handle only 1 block descriptor */
27056 	sense_mhp = (struct mode_header *)sense;
27057 	if ((sense_mhp->bdesc_length == 0) ||
27058 	    (sense_mhp->bdesc_length > MODE_BLK_DESC_LENGTH)) {
27059 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27060 		    "sr_change_blkmode: Mode Sense returned invalid block"
27061 		    " descriptor length\n");
27062 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
27063 		return (EIO);
27064 	}
27065 	sense_desc = (struct block_descriptor *)(sense + MODE_HEADER_LENGTH);
27066 	current_bsize = ((sense_desc->blksize_hi << 16) |
27067 	    (sense_desc->blksize_mid << 8) | sense_desc->blksize_lo);
27068 
27069 	/* Process command */
27070 	switch (cmd) {
27071 	case CDROMGBLKMODE:
27072 		/* Return the block size obtained during the mode sense */
27073 		if (ddi_copyout(&current_bsize, (void *)data,
27074 		    sizeof (int), flag) != 0)
27075 			rval = EFAULT;
27076 		break;
27077 	case CDROMSBLKMODE:
27078 		/* Validate the requested block size */
27079 		switch (data) {
27080 		case CDROM_BLK_512:
27081 		case CDROM_BLK_1024:
27082 		case CDROM_BLK_2048:
27083 		case CDROM_BLK_2056:
27084 		case CDROM_BLK_2336:
27085 		case CDROM_BLK_2340:
27086 		case CDROM_BLK_2352:
27087 		case CDROM_BLK_2368:
27088 		case CDROM_BLK_2448:
27089 		case CDROM_BLK_2646:
27090 		case CDROM_BLK_2647:
27091 			break;
27092 		default:
27093 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27094 			    "sr_change_blkmode: "
27095 			    "Block Size '%ld' Not Supported\n", data);
27096 			kmem_free(sense, BUFLEN_CHG_BLK_MODE);
27097 			return (EINVAL);
27098 		}
27099 
27100 		/*
27101 		 * The current block size matches the requested block size so
27102 		 * there is no need to send the mode select to change the size
27103 		 */
27104 		if (current_bsize == data) {
27105 			break;
27106 		}
27107 
27108 		/* Build the select data for the requested block size */
27109 		select = kmem_zalloc(BUFLEN_CHG_BLK_MODE, KM_SLEEP);
27110 		select_mhp = (struct mode_header *)select;
27111 		select_desc =
27112 		    (struct block_descriptor *)(select + MODE_HEADER_LENGTH);
27113 		/*
27114 		 * The LBA size is changed via the block descriptor, so the
27115 		 * descriptor is built according to the user data
27116 		 */
27117 		select_mhp->bdesc_length = MODE_BLK_DESC_LENGTH;
27118 		select_desc->blksize_hi  = (char)(((data) & 0x00ff0000) >> 16);
27119 		select_desc->blksize_mid = (char)(((data) & 0x0000ff00) >> 8);
27120 		select_desc->blksize_lo  = (char)((data) & 0x000000ff);
27121 
27122 		/* Send the mode select for the requested block size */
27123 		if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0,
27124 		    select, BUFLEN_CHG_BLK_MODE, SD_DONTSAVE_PAGE,
27125 		    SD_PATH_STANDARD)) != 0) {
27126 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27127 			    "sr_change_blkmode: Mode Select Failed\n");
27128 			/*
27129 			 * The mode select failed for the requested block size,
27130 			 * so reset the data for the original block size and
27131 			 * send it to the target. The error is indicated by the
27132 			 * return value for the failed mode select.
27133 			 */
27134 			select_desc->blksize_hi  = sense_desc->blksize_hi;
27135 			select_desc->blksize_mid = sense_desc->blksize_mid;
27136 			select_desc->blksize_lo  = sense_desc->blksize_lo;
27137 			(void) sd_send_scsi_MODE_SELECT(un, CDB_GROUP0,
27138 			    select, BUFLEN_CHG_BLK_MODE, SD_DONTSAVE_PAGE,
27139 			    SD_PATH_STANDARD);
27140 		} else {
27141 			ASSERT(!mutex_owned(SD_MUTEX(un)));
27142 			mutex_enter(SD_MUTEX(un));
27143 			sd_update_block_info(un, (uint32_t)data, 0);
27144 
27145 			mutex_exit(SD_MUTEX(un));
27146 		}
27147 		break;
27148 	default:
27149 		/* should not reach here, but check anyway */
27150 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27151 		    "sr_change_blkmode: Command '%x' Not Supported\n", cmd);
27152 		rval = EINVAL;
27153 		break;
27154 	}
27155 
27156 	if (select) {
27157 		kmem_free(select, BUFLEN_CHG_BLK_MODE);
27158 	}
27159 	if (sense) {
27160 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
27161 	}
27162 	return (rval);
27163 }
27164 
27165 
27166 /*
27167  * Note: The following sr_change_speed() and sr_atapi_change_speed() routines
27168  * implement driver support for getting and setting the CD speed. The command
27169  * set used will be based on the device type. If the device has not been
27170  * identified as MMC the Toshiba vendor specific mode page will be used. If
27171  * the device is MMC but does not support the Real Time Streaming feature
27172  * the SET CD SPEED command will be used to set speed and mode page 0x2A will
27173  * be used to read the speed.
27174  */
27175 
27176 /*
27177  *    Function: sr_change_speed()
27178  *
27179  * Description: This routine is the driver entry point for handling CD-ROM
27180  *		drive speed ioctl requests for devices supporting the Toshiba
27181  *		vendor specific drive speed mode page. Support for returning
27182  *		and changing the current drive speed in use by the device is
27183  *		implemented.
27184  *
27185  *   Arguments: dev - the device 'dev_t'
27186  *		cmd - the request type; one of CDROMGDRVSPEED (get) or
27187  *		      CDROMSDRVSPEED (set)
27188  *		data - current drive speed or requested drive speed
27189  *		flag - this argument is a pass through to ddi_copyxxx() directly
27190  *		       from the mode argument of ioctl().
27191  *
27192  * Return Code: the code returned by sd_send_scsi_cmd()
27193  *		EINVAL if invalid arguments are provided
27194  *		EFAULT if ddi_copyxxx() fails
27195  *		ENXIO if fail ddi_get_soft_state
27196  *		EIO if invalid mode sense block descriptor length
27197  */
27198 
27199 static int
27200 sr_change_speed(dev_t dev, int cmd, intptr_t data, int flag)
27201 {
27202 	struct sd_lun			*un = NULL;
27203 	struct mode_header		*sense_mhp, *select_mhp;
27204 	struct mode_speed		*sense_page, *select_page;
27205 	int				current_speed;
27206 	int				rval = EINVAL;
27207 	int				bd_len;
27208 	uchar_t				*sense = NULL;
27209 	uchar_t				*select = NULL;
27210 
27211 	ASSERT((cmd == CDROMGDRVSPEED) || (cmd == CDROMSDRVSPEED));
27212 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27213 		return (ENXIO);
27214 	}
27215 
27216 	/*
27217 	 * Note: The drive speed is being modified here according to a Toshiba
27218 	 * vendor specific mode page (0x31).
27219 	 */
27220 	sense = kmem_zalloc(BUFLEN_MODE_CDROM_SPEED, KM_SLEEP);
27221 
27222 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
27223 	    BUFLEN_MODE_CDROM_SPEED, CDROM_MODE_SPEED,
27224 		SD_PATH_STANDARD)) != 0) {
27225 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27226 		    "sr_change_speed: Mode Sense Failed\n");
27227 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27228 		return (rval);
27229 	}
27230 	sense_mhp  = (struct mode_header *)sense;
27231 
27232 	/* Check the block descriptor len to handle only 1 block descriptor */
27233 	bd_len = sense_mhp->bdesc_length;
27234 	if (bd_len > MODE_BLK_DESC_LENGTH) {
27235 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27236 		    "sr_change_speed: Mode Sense returned invalid block "
27237 		    "descriptor length\n");
27238 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27239 		return (EIO);
27240 	}
27241 
27242 	sense_page = (struct mode_speed *)
27243 	    (sense + MODE_HEADER_LENGTH + sense_mhp->bdesc_length);
27244 	current_speed = sense_page->speed;
27245 
27246 	/* Process command */
27247 	switch (cmd) {
27248 	case CDROMGDRVSPEED:
27249 		/* Return the drive speed obtained during the mode sense */
27250 		if (current_speed == 0x2) {
27251 			current_speed = CDROM_TWELVE_SPEED;
27252 		}
27253 		if (ddi_copyout(&current_speed, (void *)data,
27254 		    sizeof (int), flag) != 0) {
27255 			rval = EFAULT;
27256 		}
27257 		break;
27258 	case CDROMSDRVSPEED:
27259 		/* Validate the requested drive speed */
27260 		switch ((uchar_t)data) {
27261 		case CDROM_TWELVE_SPEED:
27262 			data = 0x2;
27263 			/*FALLTHROUGH*/
27264 		case CDROM_NORMAL_SPEED:
27265 		case CDROM_DOUBLE_SPEED:
27266 		case CDROM_QUAD_SPEED:
27267 		case CDROM_MAXIMUM_SPEED:
27268 			break;
27269 		default:
27270 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27271 			    "sr_change_speed: "
27272 			    "Drive Speed '%d' Not Supported\n", (uchar_t)data);
27273 			kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27274 			return (EINVAL);
27275 		}
27276 
27277 		/*
27278 		 * The current drive speed matches the requested drive speed so
27279 		 * there is no need to send the mode select to change the speed
27280 		 */
27281 		if (current_speed == data) {
27282 			break;
27283 		}
27284 
27285 		/* Build the select data for the requested drive speed */
27286 		select = kmem_zalloc(BUFLEN_MODE_CDROM_SPEED, KM_SLEEP);
27287 		select_mhp = (struct mode_header *)select;
27288 		select_mhp->bdesc_length = 0;
27289 		select_page =
27290 		    (struct mode_speed *)(select + MODE_HEADER_LENGTH);
27291 		select_page =
27292 		    (struct mode_speed *)(select + MODE_HEADER_LENGTH);
27293 		select_page->mode_page.code = CDROM_MODE_SPEED;
27294 		select_page->mode_page.length = 2;
27295 		select_page->speed = (uchar_t)data;
27296 
27297 		/* Send the mode select for the requested block size */
27298 		if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
27299 		    MODEPAGE_CDROM_SPEED_LEN + MODE_HEADER_LENGTH,
27300 		    SD_DONTSAVE_PAGE, SD_PATH_STANDARD)) != 0) {
27301 			/*
27302 			 * The mode select failed for the requested drive speed,
27303 			 * so reset the data for the original drive speed and
27304 			 * send it to the target. The error is indicated by the
27305 			 * return value for the failed mode select.
27306 			 */
27307 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27308 			    "sr_drive_speed: Mode Select Failed\n");
27309 			select_page->speed = sense_page->speed;
27310 			(void) sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
27311 			    MODEPAGE_CDROM_SPEED_LEN + MODE_HEADER_LENGTH,
27312 			    SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
27313 		}
27314 		break;
27315 	default:
27316 		/* should not reach here, but check anyway */
27317 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27318 		    "sr_change_speed: Command '%x' Not Supported\n", cmd);
27319 		rval = EINVAL;
27320 		break;
27321 	}
27322 
27323 	if (select) {
27324 		kmem_free(select, BUFLEN_MODE_CDROM_SPEED);
27325 	}
27326 	if (sense) {
27327 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27328 	}
27329 
27330 	return (rval);
27331 }
27332 
27333 
27334 /*
27335  *    Function: sr_atapi_change_speed()
27336  *
27337  * Description: This routine is the driver entry point for handling CD-ROM
27338  *		drive speed ioctl requests for MMC devices that do not support
27339  *		the Real Time Streaming feature (0x107).
27340  *
27341  *		Note: This routine will use the SET SPEED command which may not
27342  *		be supported by all devices.
27343  *
27344  *   Arguments: dev- the device 'dev_t'
27345  *		cmd- the request type; one of CDROMGDRVSPEED (get) or
27346  *		     CDROMSDRVSPEED (set)
27347  *		data- current drive speed or requested drive speed
27348  *		flag- this argument is a pass through to ddi_copyxxx() directly
27349  *		      from the mode argument of ioctl().
27350  *
27351  * Return Code: the code returned by sd_send_scsi_cmd()
27352  *		EINVAL if invalid arguments are provided
27353  *		EFAULT if ddi_copyxxx() fails
27354  *		ENXIO if fail ddi_get_soft_state
27355  *		EIO if invalid mode sense block descriptor length
27356  */
27357 
27358 static int
27359 sr_atapi_change_speed(dev_t dev, int cmd, intptr_t data, int flag)
27360 {
27361 	struct sd_lun			*un;
27362 	struct uscsi_cmd		*com = NULL;
27363 	struct mode_header_grp2		*sense_mhp;
27364 	uchar_t				*sense_page;
27365 	uchar_t				*sense = NULL;
27366 	char				cdb[CDB_GROUP5];
27367 	int				bd_len;
27368 	int				current_speed = 0;
27369 	int				max_speed = 0;
27370 	int				rval;
27371 
27372 	ASSERT((cmd == CDROMGDRVSPEED) || (cmd == CDROMSDRVSPEED));
27373 
27374 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27375 		return (ENXIO);
27376 	}
27377 
27378 	sense = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
27379 
27380 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense,
27381 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP,
27382 	    SD_PATH_STANDARD)) != 0) {
27383 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27384 		    "sr_atapi_change_speed: Mode Sense Failed\n");
27385 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27386 		return (rval);
27387 	}
27388 
27389 	/* Check the block descriptor len to handle only 1 block descriptor */
27390 	sense_mhp = (struct mode_header_grp2 *)sense;
27391 	bd_len = (sense_mhp->bdesc_length_hi << 8) | sense_mhp->bdesc_length_lo;
27392 	if (bd_len > MODE_BLK_DESC_LENGTH) {
27393 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27394 		    "sr_atapi_change_speed: Mode Sense returned invalid "
27395 		    "block descriptor length\n");
27396 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27397 		return (EIO);
27398 	}
27399 
27400 	/* Calculate the current and maximum drive speeds */
27401 	sense_page = (uchar_t *)(sense + MODE_HEADER_LENGTH_GRP2 + bd_len);
27402 	current_speed = (sense_page[14] << 8) | sense_page[15];
27403 	max_speed = (sense_page[8] << 8) | sense_page[9];
27404 
27405 	/* Process the command */
27406 	switch (cmd) {
27407 	case CDROMGDRVSPEED:
27408 		current_speed /= SD_SPEED_1X;
27409 		if (ddi_copyout(&current_speed, (void *)data,
27410 		    sizeof (int), flag) != 0)
27411 			rval = EFAULT;
27412 		break;
27413 	case CDROMSDRVSPEED:
27414 		/* Convert the speed code to KB/sec */
27415 		switch ((uchar_t)data) {
27416 		case CDROM_NORMAL_SPEED:
27417 			current_speed = SD_SPEED_1X;
27418 			break;
27419 		case CDROM_DOUBLE_SPEED:
27420 			current_speed = 2 * SD_SPEED_1X;
27421 			break;
27422 		case CDROM_QUAD_SPEED:
27423 			current_speed = 4 * SD_SPEED_1X;
27424 			break;
27425 		case CDROM_TWELVE_SPEED:
27426 			current_speed = 12 * SD_SPEED_1X;
27427 			break;
27428 		case CDROM_MAXIMUM_SPEED:
27429 			current_speed = 0xffff;
27430 			break;
27431 		default:
27432 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27433 			    "sr_atapi_change_speed: invalid drive speed %d\n",
27434 			    (uchar_t)data);
27435 			kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27436 			return (EINVAL);
27437 		}
27438 
27439 		/* Check the request against the drive's max speed. */
27440 		if (current_speed != 0xffff) {
27441 			if (current_speed > max_speed) {
27442 				kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27443 				return (EINVAL);
27444 			}
27445 		}
27446 
27447 		/*
27448 		 * Build and send the SET SPEED command
27449 		 *
27450 		 * Note: The SET SPEED (0xBB) command used in this routine is
27451 		 * obsolete per the SCSI MMC spec but still supported in the
27452 		 * MT FUJI vendor spec. Most equipment is adhereing to MT FUJI
27453 		 * therefore the command is still implemented in this routine.
27454 		 */
27455 		bzero(cdb, sizeof (cdb));
27456 		cdb[0] = (char)SCMD_SET_CDROM_SPEED;
27457 		cdb[2] = (uchar_t)(current_speed >> 8);
27458 		cdb[3] = (uchar_t)current_speed;
27459 		com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27460 		com->uscsi_cdb	   = (caddr_t)cdb;
27461 		com->uscsi_cdblen  = CDB_GROUP5;
27462 		com->uscsi_bufaddr = NULL;
27463 		com->uscsi_buflen  = 0;
27464 		com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT;
27465 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, 0,
27466 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27467 		break;
27468 	default:
27469 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27470 		    "sr_atapi_change_speed: Command '%x' Not Supported\n", cmd);
27471 		rval = EINVAL;
27472 	}
27473 
27474 	if (sense) {
27475 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27476 	}
27477 	if (com) {
27478 		kmem_free(com, sizeof (*com));
27479 	}
27480 	return (rval);
27481 }
27482 
27483 
27484 /*
27485  *    Function: sr_pause_resume()
27486  *
27487  * Description: This routine is the driver entry point for handling CD-ROM
27488  *		pause/resume ioctl requests. This only affects the audio play
27489  *		operation.
27490  *
27491  *   Arguments: dev - the device 'dev_t'
27492  *		cmd - the request type; one of CDROMPAUSE or CDROMRESUME, used
27493  *		      for setting the resume bit of the cdb.
27494  *
27495  * Return Code: the code returned by sd_send_scsi_cmd()
27496  *		EINVAL if invalid mode specified
27497  *
27498  */
27499 
27500 static int
27501 sr_pause_resume(dev_t dev, int cmd)
27502 {
27503 	struct sd_lun		*un;
27504 	struct uscsi_cmd	*com;
27505 	char			cdb[CDB_GROUP1];
27506 	int			rval;
27507 
27508 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27509 		return (ENXIO);
27510 	}
27511 
27512 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27513 	bzero(cdb, CDB_GROUP1);
27514 	cdb[0] = SCMD_PAUSE_RESUME;
27515 	switch (cmd) {
27516 	case CDROMRESUME:
27517 		cdb[8] = 1;
27518 		break;
27519 	case CDROMPAUSE:
27520 		cdb[8] = 0;
27521 		break;
27522 	default:
27523 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_pause_resume:"
27524 		    " Command '%x' Not Supported\n", cmd);
27525 		rval = EINVAL;
27526 		goto done;
27527 	}
27528 
27529 	com->uscsi_cdb    = cdb;
27530 	com->uscsi_cdblen = CDB_GROUP1;
27531 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27532 
27533 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27534 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27535 
27536 done:
27537 	kmem_free(com, sizeof (*com));
27538 	return (rval);
27539 }
27540 
27541 
27542 /*
27543  *    Function: sr_play_msf()
27544  *
27545  * Description: This routine is the driver entry point for handling CD-ROM
27546  *		ioctl requests to output the audio signals at the specified
27547  *		starting address and continue the audio play until the specified
27548  *		ending address (CDROMPLAYMSF) The address is in Minute Second
27549  *		Frame (MSF) format.
27550  *
27551  *   Arguments: dev	- the device 'dev_t'
27552  *		data	- pointer to user provided audio msf structure,
27553  *		          specifying start/end addresses.
27554  *		flag	- this argument is a pass through to ddi_copyxxx()
27555  *		          directly from the mode argument of ioctl().
27556  *
27557  * Return Code: the code returned by sd_send_scsi_cmd()
27558  *		EFAULT if ddi_copyxxx() fails
27559  *		ENXIO if fail ddi_get_soft_state
27560  *		EINVAL if data pointer is NULL
27561  */
27562 
27563 static int
27564 sr_play_msf(dev_t dev, caddr_t data, int flag)
27565 {
27566 	struct sd_lun		*un;
27567 	struct uscsi_cmd	*com;
27568 	struct cdrom_msf	msf_struct;
27569 	struct cdrom_msf	*msf = &msf_struct;
27570 	char			cdb[CDB_GROUP1];
27571 	int			rval;
27572 
27573 	if (data == NULL) {
27574 		return (EINVAL);
27575 	}
27576 
27577 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27578 		return (ENXIO);
27579 	}
27580 
27581 	if (ddi_copyin(data, msf, sizeof (struct cdrom_msf), flag)) {
27582 		return (EFAULT);
27583 	}
27584 
27585 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27586 	bzero(cdb, CDB_GROUP1);
27587 	cdb[0] = SCMD_PLAYAUDIO_MSF;
27588 	if (un->un_f_cfg_playmsf_bcd == TRUE) {
27589 		cdb[3] = BYTE_TO_BCD(msf->cdmsf_min0);
27590 		cdb[4] = BYTE_TO_BCD(msf->cdmsf_sec0);
27591 		cdb[5] = BYTE_TO_BCD(msf->cdmsf_frame0);
27592 		cdb[6] = BYTE_TO_BCD(msf->cdmsf_min1);
27593 		cdb[7] = BYTE_TO_BCD(msf->cdmsf_sec1);
27594 		cdb[8] = BYTE_TO_BCD(msf->cdmsf_frame1);
27595 	} else {
27596 		cdb[3] = msf->cdmsf_min0;
27597 		cdb[4] = msf->cdmsf_sec0;
27598 		cdb[5] = msf->cdmsf_frame0;
27599 		cdb[6] = msf->cdmsf_min1;
27600 		cdb[7] = msf->cdmsf_sec1;
27601 		cdb[8] = msf->cdmsf_frame1;
27602 	}
27603 	com->uscsi_cdb    = cdb;
27604 	com->uscsi_cdblen = CDB_GROUP1;
27605 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27606 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27607 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27608 	kmem_free(com, sizeof (*com));
27609 	return (rval);
27610 }
27611 
27612 
27613 /*
27614  *    Function: sr_play_trkind()
27615  *
27616  * Description: This routine is the driver entry point for handling CD-ROM
27617  *		ioctl requests to output the audio signals at the specified
27618  *		starting address and continue the audio play until the specified
27619  *		ending address (CDROMPLAYTRKIND). The address is in Track Index
27620  *		format.
27621  *
27622  *   Arguments: dev	- the device 'dev_t'
27623  *		data	- pointer to user provided audio track/index structure,
27624  *		          specifying start/end addresses.
27625  *		flag	- this argument is a pass through to ddi_copyxxx()
27626  *		          directly from the mode argument of ioctl().
27627  *
27628  * Return Code: the code returned by sd_send_scsi_cmd()
27629  *		EFAULT if ddi_copyxxx() fails
27630  *		ENXIO if fail ddi_get_soft_state
27631  *		EINVAL if data pointer is NULL
27632  */
27633 
27634 static int
27635 sr_play_trkind(dev_t dev, caddr_t data, int flag)
27636 {
27637 	struct cdrom_ti		ti_struct;
27638 	struct cdrom_ti		*ti = &ti_struct;
27639 	struct uscsi_cmd	*com = NULL;
27640 	char			cdb[CDB_GROUP1];
27641 	int			rval;
27642 
27643 	if (data == NULL) {
27644 		return (EINVAL);
27645 	}
27646 
27647 	if (ddi_copyin(data, ti, sizeof (struct cdrom_ti), flag)) {
27648 		return (EFAULT);
27649 	}
27650 
27651 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27652 	bzero(cdb, CDB_GROUP1);
27653 	cdb[0] = SCMD_PLAYAUDIO_TI;
27654 	cdb[4] = ti->cdti_trk0;
27655 	cdb[5] = ti->cdti_ind0;
27656 	cdb[7] = ti->cdti_trk1;
27657 	cdb[8] = ti->cdti_ind1;
27658 	com->uscsi_cdb    = cdb;
27659 	com->uscsi_cdblen = CDB_GROUP1;
27660 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27661 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27662 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27663 	kmem_free(com, sizeof (*com));
27664 	return (rval);
27665 }
27666 
27667 
27668 /*
27669  *    Function: sr_read_all_subcodes()
27670  *
27671  * Description: This routine is the driver entry point for handling CD-ROM
27672  *		ioctl requests to return raw subcode data while the target is
27673  *		playing audio (CDROMSUBCODE).
27674  *
27675  *   Arguments: dev	- the device 'dev_t'
27676  *		data	- pointer to user provided cdrom subcode structure,
27677  *		          specifying the transfer length and address.
27678  *		flag	- this argument is a pass through to ddi_copyxxx()
27679  *		          directly from the mode argument of ioctl().
27680  *
27681  * Return Code: the code returned by sd_send_scsi_cmd()
27682  *		EFAULT if ddi_copyxxx() fails
27683  *		ENXIO if fail ddi_get_soft_state
27684  *		EINVAL if data pointer is NULL
27685  */
27686 
27687 static int
27688 sr_read_all_subcodes(dev_t dev, caddr_t data, int flag)
27689 {
27690 	struct sd_lun		*un = NULL;
27691 	struct uscsi_cmd	*com = NULL;
27692 	struct cdrom_subcode	*subcode = NULL;
27693 	int			rval;
27694 	size_t			buflen;
27695 	char			cdb[CDB_GROUP5];
27696 
27697 #ifdef _MULTI_DATAMODEL
27698 	/* To support ILP32 applications in an LP64 world */
27699 	struct cdrom_subcode32		cdrom_subcode32;
27700 	struct cdrom_subcode32		*cdsc32 = &cdrom_subcode32;
27701 #endif
27702 	if (data == NULL) {
27703 		return (EINVAL);
27704 	}
27705 
27706 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27707 		return (ENXIO);
27708 	}
27709 
27710 	subcode = kmem_zalloc(sizeof (struct cdrom_subcode), KM_SLEEP);
27711 
27712 #ifdef _MULTI_DATAMODEL
27713 	switch (ddi_model_convert_from(flag & FMODELS)) {
27714 	case DDI_MODEL_ILP32:
27715 		if (ddi_copyin(data, cdsc32, sizeof (*cdsc32), flag)) {
27716 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27717 			    "sr_read_all_subcodes: ddi_copyin Failed\n");
27718 			kmem_free(subcode, sizeof (struct cdrom_subcode));
27719 			return (EFAULT);
27720 		}
27721 		/* Convert the ILP32 uscsi data from the application to LP64 */
27722 		cdrom_subcode32tocdrom_subcode(cdsc32, subcode);
27723 		break;
27724 	case DDI_MODEL_NONE:
27725 		if (ddi_copyin(data, subcode,
27726 		    sizeof (struct cdrom_subcode), flag)) {
27727 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27728 			    "sr_read_all_subcodes: ddi_copyin Failed\n");
27729 			kmem_free(subcode, sizeof (struct cdrom_subcode));
27730 			return (EFAULT);
27731 		}
27732 		break;
27733 	}
27734 #else /* ! _MULTI_DATAMODEL */
27735 	if (ddi_copyin(data, subcode, sizeof (struct cdrom_subcode), flag)) {
27736 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27737 		    "sr_read_all_subcodes: ddi_copyin Failed\n");
27738 		kmem_free(subcode, sizeof (struct cdrom_subcode));
27739 		return (EFAULT);
27740 	}
27741 #endif /* _MULTI_DATAMODEL */
27742 
27743 	/*
27744 	 * Since MMC-2 expects max 3 bytes for length, check if the
27745 	 * length input is greater than 3 bytes
27746 	 */
27747 	if ((subcode->cdsc_length & 0xFF000000) != 0) {
27748 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27749 		    "sr_read_all_subcodes: "
27750 		    "cdrom transfer length too large: %d (limit %d)\n",
27751 		    subcode->cdsc_length, 0xFFFFFF);
27752 		kmem_free(subcode, sizeof (struct cdrom_subcode));
27753 		return (EINVAL);
27754 	}
27755 
27756 	buflen = CDROM_BLK_SUBCODE * subcode->cdsc_length;
27757 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27758 	bzero(cdb, CDB_GROUP5);
27759 
27760 	if (un->un_f_mmc_cap == TRUE) {
27761 		cdb[0] = (char)SCMD_READ_CD;
27762 		cdb[2] = (char)0xff;
27763 		cdb[3] = (char)0xff;
27764 		cdb[4] = (char)0xff;
27765 		cdb[5] = (char)0xff;
27766 		cdb[6] = (((subcode->cdsc_length) & 0x00ff0000) >> 16);
27767 		cdb[7] = (((subcode->cdsc_length) & 0x0000ff00) >> 8);
27768 		cdb[8] = ((subcode->cdsc_length) & 0x000000ff);
27769 		cdb[10] = 1;
27770 	} else {
27771 		/*
27772 		 * Note: A vendor specific command (0xDF) is being used her to
27773 		 * request a read of all subcodes.
27774 		 */
27775 		cdb[0] = (char)SCMD_READ_ALL_SUBCODES;
27776 		cdb[6] = (((subcode->cdsc_length) & 0xff000000) >> 24);
27777 		cdb[7] = (((subcode->cdsc_length) & 0x00ff0000) >> 16);
27778 		cdb[8] = (((subcode->cdsc_length) & 0x0000ff00) >> 8);
27779 		cdb[9] = ((subcode->cdsc_length) & 0x000000ff);
27780 	}
27781 	com->uscsi_cdb	   = cdb;
27782 	com->uscsi_cdblen  = CDB_GROUP5;
27783 	com->uscsi_bufaddr = (caddr_t)subcode->cdsc_addr;
27784 	com->uscsi_buflen  = buflen;
27785 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
27786 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
27787 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27788 	kmem_free(subcode, sizeof (struct cdrom_subcode));
27789 	kmem_free(com, sizeof (*com));
27790 	return (rval);
27791 }
27792 
27793 
27794 /*
27795  *    Function: sr_read_subchannel()
27796  *
27797  * Description: This routine is the driver entry point for handling CD-ROM
27798  *		ioctl requests to return the Q sub-channel data of the CD
27799  *		current position block. (CDROMSUBCHNL) The data includes the
27800  *		track number, index number, absolute CD-ROM address (LBA or MSF
27801  *		format per the user) , track relative CD-ROM address (LBA or MSF
27802  *		format per the user), control data and audio status.
27803  *
27804  *   Arguments: dev	- the device 'dev_t'
27805  *		data	- pointer to user provided cdrom sub-channel structure
27806  *		flag	- this argument is a pass through to ddi_copyxxx()
27807  *		          directly from the mode argument of ioctl().
27808  *
27809  * Return Code: the code returned by sd_send_scsi_cmd()
27810  *		EFAULT if ddi_copyxxx() fails
27811  *		ENXIO if fail ddi_get_soft_state
27812  *		EINVAL if data pointer is NULL
27813  */
27814 
27815 static int
27816 sr_read_subchannel(dev_t dev, caddr_t data, int flag)
27817 {
27818 	struct sd_lun		*un;
27819 	struct uscsi_cmd	*com;
27820 	struct cdrom_subchnl	subchanel;
27821 	struct cdrom_subchnl	*subchnl = &subchanel;
27822 	char			cdb[CDB_GROUP1];
27823 	caddr_t			buffer;
27824 	int			rval;
27825 
27826 	if (data == NULL) {
27827 		return (EINVAL);
27828 	}
27829 
27830 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27831 	    (un->un_state == SD_STATE_OFFLINE)) {
27832 		return (ENXIO);
27833 	}
27834 
27835 	if (ddi_copyin(data, subchnl, sizeof (struct cdrom_subchnl), flag)) {
27836 		return (EFAULT);
27837 	}
27838 
27839 	buffer = kmem_zalloc((size_t)16, KM_SLEEP);
27840 	bzero(cdb, CDB_GROUP1);
27841 	cdb[0] = SCMD_READ_SUBCHANNEL;
27842 	/* Set the MSF bit based on the user requested address format */
27843 	cdb[1] = (subchnl->cdsc_format & CDROM_LBA) ? 0 : 0x02;
27844 	/*
27845 	 * Set the Q bit in byte 2 to indicate that Q sub-channel data be
27846 	 * returned
27847 	 */
27848 	cdb[2] = 0x40;
27849 	/*
27850 	 * Set byte 3 to specify the return data format. A value of 0x01
27851 	 * indicates that the CD-ROM current position should be returned.
27852 	 */
27853 	cdb[3] = 0x01;
27854 	cdb[8] = 0x10;
27855 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27856 	com->uscsi_cdb	   = cdb;
27857 	com->uscsi_cdblen  = CDB_GROUP1;
27858 	com->uscsi_bufaddr = buffer;
27859 	com->uscsi_buflen  = 16;
27860 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
27861 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27862 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27863 	if (rval != 0) {
27864 		kmem_free(buffer, 16);
27865 		kmem_free(com, sizeof (*com));
27866 		return (rval);
27867 	}
27868 
27869 	/* Process the returned Q sub-channel data */
27870 	subchnl->cdsc_audiostatus = buffer[1];
27871 	subchnl->cdsc_adr	= (buffer[5] & 0xF0);
27872 	subchnl->cdsc_ctrl	= (buffer[5] & 0x0F);
27873 	subchnl->cdsc_trk	= buffer[6];
27874 	subchnl->cdsc_ind	= buffer[7];
27875 	if (subchnl->cdsc_format & CDROM_LBA) {
27876 		subchnl->cdsc_absaddr.lba =
27877 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
27878 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
27879 		subchnl->cdsc_reladdr.lba =
27880 		    ((uchar_t)buffer[12] << 24) + ((uchar_t)buffer[13] << 16) +
27881 		    ((uchar_t)buffer[14] << 8) + ((uchar_t)buffer[15]);
27882 	} else if (un->un_f_cfg_readsub_bcd == TRUE) {
27883 		subchnl->cdsc_absaddr.msf.minute = BCD_TO_BYTE(buffer[9]);
27884 		subchnl->cdsc_absaddr.msf.second = BCD_TO_BYTE(buffer[10]);
27885 		subchnl->cdsc_absaddr.msf.frame  = BCD_TO_BYTE(buffer[11]);
27886 		subchnl->cdsc_reladdr.msf.minute = BCD_TO_BYTE(buffer[13]);
27887 		subchnl->cdsc_reladdr.msf.second = BCD_TO_BYTE(buffer[14]);
27888 		subchnl->cdsc_reladdr.msf.frame  = BCD_TO_BYTE(buffer[15]);
27889 	} else {
27890 		subchnl->cdsc_absaddr.msf.minute = buffer[9];
27891 		subchnl->cdsc_absaddr.msf.second = buffer[10];
27892 		subchnl->cdsc_absaddr.msf.frame  = buffer[11];
27893 		subchnl->cdsc_reladdr.msf.minute = buffer[13];
27894 		subchnl->cdsc_reladdr.msf.second = buffer[14];
27895 		subchnl->cdsc_reladdr.msf.frame  = buffer[15];
27896 	}
27897 	kmem_free(buffer, 16);
27898 	kmem_free(com, sizeof (*com));
27899 	if (ddi_copyout(subchnl, data, sizeof (struct cdrom_subchnl), flag)
27900 	    != 0) {
27901 		return (EFAULT);
27902 	}
27903 	return (rval);
27904 }
27905 
27906 
27907 /*
27908  *    Function: sr_read_tocentry()
27909  *
27910  * Description: This routine is the driver entry point for handling CD-ROM
27911  *		ioctl requests to read from the Table of Contents (TOC)
27912  *		(CDROMREADTOCENTRY). This routine provides the ADR and CTRL
27913  *		fields, the starting address (LBA or MSF format per the user)
27914  *		and the data mode if the user specified track is a data track.
27915  *
27916  *		Note: The READ HEADER (0x44) command used in this routine is
27917  *		obsolete per the SCSI MMC spec but still supported in the
27918  *		MT FUJI vendor spec. Most equipment is adhereing to MT FUJI
27919  *		therefore the command is still implemented in this routine.
27920  *
27921  *   Arguments: dev	- the device 'dev_t'
27922  *		data	- pointer to user provided toc entry structure,
27923  *			  specifying the track # and the address format
27924  *			  (LBA or MSF).
27925  *		flag	- this argument is a pass through to ddi_copyxxx()
27926  *		          directly from the mode argument of ioctl().
27927  *
27928  * Return Code: the code returned by sd_send_scsi_cmd()
27929  *		EFAULT if ddi_copyxxx() fails
27930  *		ENXIO if fail ddi_get_soft_state
27931  *		EINVAL if data pointer is NULL
27932  */
27933 
27934 static int
27935 sr_read_tocentry(dev_t dev, caddr_t data, int flag)
27936 {
27937 	struct sd_lun		*un = NULL;
27938 	struct uscsi_cmd	*com;
27939 	struct cdrom_tocentry	toc_entry;
27940 	struct cdrom_tocentry	*entry = &toc_entry;
27941 	caddr_t			buffer;
27942 	int			rval;
27943 	char			cdb[CDB_GROUP1];
27944 
27945 	if (data == NULL) {
27946 		return (EINVAL);
27947 	}
27948 
27949 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27950 	    (un->un_state == SD_STATE_OFFLINE)) {
27951 		return (ENXIO);
27952 	}
27953 
27954 	if (ddi_copyin(data, entry, sizeof (struct cdrom_tocentry), flag)) {
27955 		return (EFAULT);
27956 	}
27957 
27958 	/* Validate the requested track and address format */
27959 	if (!(entry->cdte_format & (CDROM_LBA | CDROM_MSF))) {
27960 		return (EINVAL);
27961 	}
27962 
27963 	if (entry->cdte_track == 0) {
27964 		return (EINVAL);
27965 	}
27966 
27967 	buffer = kmem_zalloc((size_t)12, KM_SLEEP);
27968 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27969 	bzero(cdb, CDB_GROUP1);
27970 
27971 	cdb[0] = SCMD_READ_TOC;
27972 	/* Set the MSF bit based on the user requested address format  */
27973 	cdb[1] = ((entry->cdte_format & CDROM_LBA) ? 0 : 2);
27974 	if (un->un_f_cfg_read_toc_trk_bcd == TRUE) {
27975 		cdb[6] = BYTE_TO_BCD(entry->cdte_track);
27976 	} else {
27977 		cdb[6] = entry->cdte_track;
27978 	}
27979 
27980 	/*
27981 	 * Bytes 7 & 8 are the 12 byte allocation length for a single entry.
27982 	 * (4 byte TOC response header + 8 byte track descriptor)
27983 	 */
27984 	cdb[8] = 12;
27985 	com->uscsi_cdb	   = cdb;
27986 	com->uscsi_cdblen  = CDB_GROUP1;
27987 	com->uscsi_bufaddr = buffer;
27988 	com->uscsi_buflen  = 0x0C;
27989 	com->uscsi_flags   = (USCSI_DIAGNOSE | USCSI_SILENT | USCSI_READ);
27990 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27991 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27992 	if (rval != 0) {
27993 		kmem_free(buffer, 12);
27994 		kmem_free(com, sizeof (*com));
27995 		return (rval);
27996 	}
27997 
27998 	/* Process the toc entry */
27999 	entry->cdte_adr		= (buffer[5] & 0xF0) >> 4;
28000 	entry->cdte_ctrl	= (buffer[5] & 0x0F);
28001 	if (entry->cdte_format & CDROM_LBA) {
28002 		entry->cdte_addr.lba =
28003 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
28004 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
28005 	} else if (un->un_f_cfg_read_toc_addr_bcd == TRUE) {
28006 		entry->cdte_addr.msf.minute	= BCD_TO_BYTE(buffer[9]);
28007 		entry->cdte_addr.msf.second	= BCD_TO_BYTE(buffer[10]);
28008 		entry->cdte_addr.msf.frame	= BCD_TO_BYTE(buffer[11]);
28009 		/*
28010 		 * Send a READ TOC command using the LBA address format to get
28011 		 * the LBA for the track requested so it can be used in the
28012 		 * READ HEADER request
28013 		 *
28014 		 * Note: The MSF bit of the READ HEADER command specifies the
28015 		 * output format. The block address specified in that command
28016 		 * must be in LBA format.
28017 		 */
28018 		cdb[1] = 0;
28019 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
28020 		    UIO_SYSSPACE, SD_PATH_STANDARD);
28021 		if (rval != 0) {
28022 			kmem_free(buffer, 12);
28023 			kmem_free(com, sizeof (*com));
28024 			return (rval);
28025 		}
28026 	} else {
28027 		entry->cdte_addr.msf.minute	= buffer[9];
28028 		entry->cdte_addr.msf.second	= buffer[10];
28029 		entry->cdte_addr.msf.frame	= buffer[11];
28030 		/*
28031 		 * Send a READ TOC command using the LBA address format to get
28032 		 * the LBA for the track requested so it can be used in the
28033 		 * READ HEADER request
28034 		 *
28035 		 * Note: The MSF bit of the READ HEADER command specifies the
28036 		 * output format. The block address specified in that command
28037 		 * must be in LBA format.
28038 		 */
28039 		cdb[1] = 0;
28040 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
28041 		    UIO_SYSSPACE, SD_PATH_STANDARD);
28042 		if (rval != 0) {
28043 			kmem_free(buffer, 12);
28044 			kmem_free(com, sizeof (*com));
28045 			return (rval);
28046 		}
28047 	}
28048 
28049 	/*
28050 	 * Build and send the READ HEADER command to determine the data mode of
28051 	 * the user specified track.
28052 	 */
28053 	if ((entry->cdte_ctrl & CDROM_DATA_TRACK) &&
28054 	    (entry->cdte_track != CDROM_LEADOUT)) {
28055 		bzero(cdb, CDB_GROUP1);
28056 		cdb[0] = SCMD_READ_HEADER;
28057 		cdb[2] = buffer[8];
28058 		cdb[3] = buffer[9];
28059 		cdb[4] = buffer[10];
28060 		cdb[5] = buffer[11];
28061 		cdb[8] = 0x08;
28062 		com->uscsi_buflen = 0x08;
28063 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
28064 		    UIO_SYSSPACE, SD_PATH_STANDARD);
28065 		if (rval == 0) {
28066 			entry->cdte_datamode = buffer[0];
28067 		} else {
28068 			/*
28069 			 * READ HEADER command failed, since this is
28070 			 * obsoleted in one spec, its better to return
28071 			 * -1 for an invlid track so that we can still
28072 			 * recieve the rest of the TOC data.
28073 			 */
28074 			entry->cdte_datamode = (uchar_t)-1;
28075 		}
28076 	} else {
28077 		entry->cdte_datamode = (uchar_t)-1;
28078 	}
28079 
28080 	kmem_free(buffer, 12);
28081 	kmem_free(com, sizeof (*com));
28082 	if (ddi_copyout(entry, data, sizeof (struct cdrom_tocentry), flag) != 0)
28083 		return (EFAULT);
28084 
28085 	return (rval);
28086 }
28087 
28088 
28089 /*
28090  *    Function: sr_read_tochdr()
28091  *
28092  * Description: This routine is the driver entry point for handling CD-ROM
28093  * 		ioctl requests to read the Table of Contents (TOC) header
28094  *		(CDROMREADTOHDR). The TOC header consists of the disk starting
28095  *		and ending track numbers
28096  *
28097  *   Arguments: dev	- the device 'dev_t'
28098  *		data	- pointer to user provided toc header structure,
28099  *			  specifying the starting and ending track numbers.
28100  *		flag	- this argument is a pass through to ddi_copyxxx()
28101  *			  directly from the mode argument of ioctl().
28102  *
28103  * Return Code: the code returned by sd_send_scsi_cmd()
28104  *		EFAULT if ddi_copyxxx() fails
28105  *		ENXIO if fail ddi_get_soft_state
28106  *		EINVAL if data pointer is NULL
28107  */
28108 
28109 static int
28110 sr_read_tochdr(dev_t dev, caddr_t data, int flag)
28111 {
28112 	struct sd_lun		*un;
28113 	struct uscsi_cmd	*com;
28114 	struct cdrom_tochdr	toc_header;
28115 	struct cdrom_tochdr	*hdr = &toc_header;
28116 	char			cdb[CDB_GROUP1];
28117 	int			rval;
28118 	caddr_t			buffer;
28119 
28120 	if (data == NULL) {
28121 		return (EINVAL);
28122 	}
28123 
28124 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28125 	    (un->un_state == SD_STATE_OFFLINE)) {
28126 		return (ENXIO);
28127 	}
28128 
28129 	buffer = kmem_zalloc(4, KM_SLEEP);
28130 	bzero(cdb, CDB_GROUP1);
28131 	cdb[0] = SCMD_READ_TOC;
28132 	/*
28133 	 * Specifying a track number of 0x00 in the READ TOC command indicates
28134 	 * that the TOC header should be returned
28135 	 */
28136 	cdb[6] = 0x00;
28137 	/*
28138 	 * Bytes 7 & 8 are the 4 byte allocation length for TOC header.
28139 	 * (2 byte data len + 1 byte starting track # + 1 byte ending track #)
28140 	 */
28141 	cdb[8] = 0x04;
28142 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28143 	com->uscsi_cdb	   = cdb;
28144 	com->uscsi_cdblen  = CDB_GROUP1;
28145 	com->uscsi_bufaddr = buffer;
28146 	com->uscsi_buflen  = 0x04;
28147 	com->uscsi_timeout = 300;
28148 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28149 
28150 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
28151 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28152 	if (un->un_f_cfg_read_toc_trk_bcd == TRUE) {
28153 		hdr->cdth_trk0 = BCD_TO_BYTE(buffer[2]);
28154 		hdr->cdth_trk1 = BCD_TO_BYTE(buffer[3]);
28155 	} else {
28156 		hdr->cdth_trk0 = buffer[2];
28157 		hdr->cdth_trk1 = buffer[3];
28158 	}
28159 	kmem_free(buffer, 4);
28160 	kmem_free(com, sizeof (*com));
28161 	if (ddi_copyout(hdr, data, sizeof (struct cdrom_tochdr), flag) != 0) {
28162 		return (EFAULT);
28163 	}
28164 	return (rval);
28165 }
28166 
28167 
28168 /*
28169  * Note: The following sr_read_mode1(), sr_read_cd_mode2(), sr_read_mode2(),
28170  * sr_read_cdda(), sr_read_cdxa(), routines implement driver support for
28171  * handling CDROMREAD ioctl requests for mode 1 user data, mode 2 user data,
28172  * digital audio and extended architecture digital audio. These modes are
28173  * defined in the IEC908 (Red Book), ISO10149 (Yellow Book), and the SCSI3
28174  * MMC specs.
28175  *
28176  * In addition to support for the various data formats these routines also
28177  * include support for devices that implement only the direct access READ
28178  * commands (0x08, 0x28), devices that implement the READ_CD commands
28179  * (0xBE, 0xD4), and devices that implement the vendor unique READ CDDA and
28180  * READ CDXA commands (0xD8, 0xDB)
28181  */
28182 
28183 /*
28184  *    Function: sr_read_mode1()
28185  *
28186  * Description: This routine is the driver entry point for handling CD-ROM
28187  *		ioctl read mode1 requests (CDROMREADMODE1).
28188  *
28189  *   Arguments: dev	- the device 'dev_t'
28190  *		data	- pointer to user provided cd read structure specifying
28191  *			  the lba buffer address and length.
28192  *		flag	- this argument is a pass through to ddi_copyxxx()
28193  *			  directly from the mode argument of ioctl().
28194  *
28195  * Return Code: the code returned by sd_send_scsi_cmd()
28196  *		EFAULT if ddi_copyxxx() fails
28197  *		ENXIO if fail ddi_get_soft_state
28198  *		EINVAL if data pointer is NULL
28199  */
28200 
28201 static int
28202 sr_read_mode1(dev_t dev, caddr_t data, int flag)
28203 {
28204 	struct sd_lun		*un;
28205 	struct cdrom_read	mode1_struct;
28206 	struct cdrom_read	*mode1 = &mode1_struct;
28207 	int			rval;
28208 #ifdef _MULTI_DATAMODEL
28209 	/* To support ILP32 applications in an LP64 world */
28210 	struct cdrom_read32	cdrom_read32;
28211 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28212 #endif /* _MULTI_DATAMODEL */
28213 
28214 	if (data == NULL) {
28215 		return (EINVAL);
28216 	}
28217 
28218 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28219 	    (un->un_state == SD_STATE_OFFLINE)) {
28220 		return (ENXIO);
28221 	}
28222 
28223 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28224 	    "sd_read_mode1: entry: un:0x%p\n", un);
28225 
28226 #ifdef _MULTI_DATAMODEL
28227 	switch (ddi_model_convert_from(flag & FMODELS)) {
28228 	case DDI_MODEL_ILP32:
28229 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28230 			return (EFAULT);
28231 		}
28232 		/* Convert the ILP32 uscsi data from the application to LP64 */
28233 		cdrom_read32tocdrom_read(cdrd32, mode1);
28234 		break;
28235 	case DDI_MODEL_NONE:
28236 		if (ddi_copyin(data, mode1, sizeof (struct cdrom_read), flag)) {
28237 			return (EFAULT);
28238 		}
28239 	}
28240 #else /* ! _MULTI_DATAMODEL */
28241 	if (ddi_copyin(data, mode1, sizeof (struct cdrom_read), flag)) {
28242 		return (EFAULT);
28243 	}
28244 #endif /* _MULTI_DATAMODEL */
28245 
28246 	rval = sd_send_scsi_READ(un, mode1->cdread_bufaddr,
28247 	    mode1->cdread_buflen, mode1->cdread_lba, SD_PATH_STANDARD);
28248 
28249 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28250 	    "sd_read_mode1: exit: un:0x%p\n", un);
28251 
28252 	return (rval);
28253 }
28254 
28255 
28256 /*
28257  *    Function: sr_read_cd_mode2()
28258  *
28259  * Description: This routine is the driver entry point for handling CD-ROM
28260  *		ioctl read mode2 requests (CDROMREADMODE2) for devices that
28261  *		support the READ CD (0xBE) command or the 1st generation
28262  *		READ CD (0xD4) command.
28263  *
28264  *   Arguments: dev	- the device 'dev_t'
28265  *		data	- pointer to user provided cd read structure specifying
28266  *			  the lba buffer address and length.
28267  *		flag	- this argument is a pass through to ddi_copyxxx()
28268  *			  directly from the mode argument of ioctl().
28269  *
28270  * Return Code: the code returned by sd_send_scsi_cmd()
28271  *		EFAULT if ddi_copyxxx() fails
28272  *		ENXIO if fail ddi_get_soft_state
28273  *		EINVAL if data pointer is NULL
28274  */
28275 
28276 static int
28277 sr_read_cd_mode2(dev_t dev, caddr_t data, int flag)
28278 {
28279 	struct sd_lun		*un;
28280 	struct uscsi_cmd	*com;
28281 	struct cdrom_read	mode2_struct;
28282 	struct cdrom_read	*mode2 = &mode2_struct;
28283 	uchar_t			cdb[CDB_GROUP5];
28284 	int			nblocks;
28285 	int			rval;
28286 #ifdef _MULTI_DATAMODEL
28287 	/*  To support ILP32 applications in an LP64 world */
28288 	struct cdrom_read32	cdrom_read32;
28289 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28290 #endif /* _MULTI_DATAMODEL */
28291 
28292 	if (data == NULL) {
28293 		return (EINVAL);
28294 	}
28295 
28296 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28297 	    (un->un_state == SD_STATE_OFFLINE)) {
28298 		return (ENXIO);
28299 	}
28300 
28301 #ifdef _MULTI_DATAMODEL
28302 	switch (ddi_model_convert_from(flag & FMODELS)) {
28303 	case DDI_MODEL_ILP32:
28304 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28305 			return (EFAULT);
28306 		}
28307 		/* Convert the ILP32 uscsi data from the application to LP64 */
28308 		cdrom_read32tocdrom_read(cdrd32, mode2);
28309 		break;
28310 	case DDI_MODEL_NONE:
28311 		if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28312 			return (EFAULT);
28313 		}
28314 		break;
28315 	}
28316 
28317 #else /* ! _MULTI_DATAMODEL */
28318 	if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28319 		return (EFAULT);
28320 	}
28321 #endif /* _MULTI_DATAMODEL */
28322 
28323 	bzero(cdb, sizeof (cdb));
28324 	if (un->un_f_cfg_read_cd_xd4 == TRUE) {
28325 		/* Read command supported by 1st generation atapi drives */
28326 		cdb[0] = SCMD_READ_CDD4;
28327 	} else {
28328 		/* Universal CD Access Command */
28329 		cdb[0] = SCMD_READ_CD;
28330 	}
28331 
28332 	/*
28333 	 * Set expected sector type to: 2336s byte, Mode 2 Yellow Book
28334 	 */
28335 	cdb[1] = CDROM_SECTOR_TYPE_MODE2;
28336 
28337 	/* set the start address */
28338 	cdb[2] = (uchar_t)((mode2->cdread_lba >> 24) & 0XFF);
28339 	cdb[3] = (uchar_t)((mode2->cdread_lba >> 16) & 0XFF);
28340 	cdb[4] = (uchar_t)((mode2->cdread_lba >> 8) & 0xFF);
28341 	cdb[5] = (uchar_t)(mode2->cdread_lba & 0xFF);
28342 
28343 	/* set the transfer length */
28344 	nblocks = mode2->cdread_buflen / 2336;
28345 	cdb[6] = (uchar_t)(nblocks >> 16);
28346 	cdb[7] = (uchar_t)(nblocks >> 8);
28347 	cdb[8] = (uchar_t)nblocks;
28348 
28349 	/* set the filter bits */
28350 	cdb[9] = CDROM_READ_CD_USERDATA;
28351 
28352 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28353 	com->uscsi_cdb = (caddr_t)cdb;
28354 	com->uscsi_cdblen = sizeof (cdb);
28355 	com->uscsi_bufaddr = mode2->cdread_bufaddr;
28356 	com->uscsi_buflen = mode2->cdread_buflen;
28357 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28358 
28359 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28360 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28361 	kmem_free(com, sizeof (*com));
28362 	return (rval);
28363 }
28364 
28365 
28366 /*
28367  *    Function: sr_read_mode2()
28368  *
28369  * Description: This routine is the driver entry point for handling CD-ROM
28370  *		ioctl read mode2 requests (CDROMREADMODE2) for devices that
28371  *		do not support the READ CD (0xBE) command.
28372  *
28373  *   Arguments: dev	- the device 'dev_t'
28374  *		data	- pointer to user provided cd read structure specifying
28375  *			  the lba buffer address and length.
28376  *		flag	- this argument is a pass through to ddi_copyxxx()
28377  *			  directly from the mode argument of ioctl().
28378  *
28379  * Return Code: the code returned by sd_send_scsi_cmd()
28380  *		EFAULT if ddi_copyxxx() fails
28381  *		ENXIO if fail ddi_get_soft_state
28382  *		EINVAL if data pointer is NULL
28383  *		EIO if fail to reset block size
28384  *		EAGAIN if commands are in progress in the driver
28385  */
28386 
28387 static int
28388 sr_read_mode2(dev_t dev, caddr_t data, int flag)
28389 {
28390 	struct sd_lun		*un;
28391 	struct cdrom_read	mode2_struct;
28392 	struct cdrom_read	*mode2 = &mode2_struct;
28393 	int			rval;
28394 	uint32_t		restore_blksize;
28395 	struct uscsi_cmd	*com;
28396 	uchar_t			cdb[CDB_GROUP0];
28397 	int			nblocks;
28398 
28399 #ifdef _MULTI_DATAMODEL
28400 	/* To support ILP32 applications in an LP64 world */
28401 	struct cdrom_read32	cdrom_read32;
28402 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28403 #endif /* _MULTI_DATAMODEL */
28404 
28405 	if (data == NULL) {
28406 		return (EINVAL);
28407 	}
28408 
28409 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28410 	    (un->un_state == SD_STATE_OFFLINE)) {
28411 		return (ENXIO);
28412 	}
28413 
28414 	/*
28415 	 * Because this routine will update the device and driver block size
28416 	 * being used we want to make sure there are no commands in progress.
28417 	 * If commands are in progress the user will have to try again.
28418 	 *
28419 	 * We check for 1 instead of 0 because we increment un_ncmds_in_driver
28420 	 * in sdioctl to protect commands from sdioctl through to the top of
28421 	 * sd_uscsi_strategy. See sdioctl for details.
28422 	 */
28423 	mutex_enter(SD_MUTEX(un));
28424 	if (un->un_ncmds_in_driver != 1) {
28425 		mutex_exit(SD_MUTEX(un));
28426 		return (EAGAIN);
28427 	}
28428 	mutex_exit(SD_MUTEX(un));
28429 
28430 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28431 	    "sd_read_mode2: entry: un:0x%p\n", un);
28432 
28433 #ifdef _MULTI_DATAMODEL
28434 	switch (ddi_model_convert_from(flag & FMODELS)) {
28435 	case DDI_MODEL_ILP32:
28436 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28437 			return (EFAULT);
28438 		}
28439 		/* Convert the ILP32 uscsi data from the application to LP64 */
28440 		cdrom_read32tocdrom_read(cdrd32, mode2);
28441 		break;
28442 	case DDI_MODEL_NONE:
28443 		if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28444 			return (EFAULT);
28445 		}
28446 		break;
28447 	}
28448 #else /* ! _MULTI_DATAMODEL */
28449 	if (ddi_copyin(data, mode2, sizeof (*mode2), flag)) {
28450 		return (EFAULT);
28451 	}
28452 #endif /* _MULTI_DATAMODEL */
28453 
28454 	/* Store the current target block size for restoration later */
28455 	restore_blksize = un->un_tgt_blocksize;
28456 
28457 	/* Change the device and soft state target block size to 2336 */
28458 	if (sr_sector_mode(dev, SD_MODE2_BLKSIZE) != 0) {
28459 		rval = EIO;
28460 		goto done;
28461 	}
28462 
28463 
28464 	bzero(cdb, sizeof (cdb));
28465 
28466 	/* set READ operation */
28467 	cdb[0] = SCMD_READ;
28468 
28469 	/* adjust lba for 2kbyte blocks from 512 byte blocks */
28470 	mode2->cdread_lba >>= 2;
28471 
28472 	/* set the start address */
28473 	cdb[1] = (uchar_t)((mode2->cdread_lba >> 16) & 0X1F);
28474 	cdb[2] = (uchar_t)((mode2->cdread_lba >> 8) & 0xFF);
28475 	cdb[3] = (uchar_t)(mode2->cdread_lba & 0xFF);
28476 
28477 	/* set the transfer length */
28478 	nblocks = mode2->cdread_buflen / 2336;
28479 	cdb[4] = (uchar_t)nblocks & 0xFF;
28480 
28481 	/* build command */
28482 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28483 	com->uscsi_cdb = (caddr_t)cdb;
28484 	com->uscsi_cdblen = sizeof (cdb);
28485 	com->uscsi_bufaddr = mode2->cdread_bufaddr;
28486 	com->uscsi_buflen = mode2->cdread_buflen;
28487 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28488 
28489 	/*
28490 	 * Issue SCSI command with user space address for read buffer.
28491 	 *
28492 	 * This sends the command through main channel in the driver.
28493 	 *
28494 	 * Since this is accessed via an IOCTL call, we go through the
28495 	 * standard path, so that if the device was powered down, then
28496 	 * it would be 'awakened' to handle the command.
28497 	 */
28498 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28499 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28500 
28501 	kmem_free(com, sizeof (*com));
28502 
28503 	/* Restore the device and soft state target block size */
28504 	if (sr_sector_mode(dev, restore_blksize) != 0) {
28505 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28506 		    "can't do switch back to mode 1\n");
28507 		/*
28508 		 * If sd_send_scsi_READ succeeded we still need to report
28509 		 * an error because we failed to reset the block size
28510 		 */
28511 		if (rval == 0) {
28512 			rval = EIO;
28513 		}
28514 	}
28515 
28516 done:
28517 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28518 	    "sd_read_mode2: exit: un:0x%p\n", un);
28519 
28520 	return (rval);
28521 }
28522 
28523 
28524 /*
28525  *    Function: sr_sector_mode()
28526  *
28527  * Description: This utility function is used by sr_read_mode2 to set the target
28528  *		block size based on the user specified size. This is a legacy
28529  *		implementation based upon a vendor specific mode page
28530  *
28531  *   Arguments: dev	- the device 'dev_t'
28532  *		data	- flag indicating if block size is being set to 2336 or
28533  *			  512.
28534  *
28535  * Return Code: the code returned by sd_send_scsi_cmd()
28536  *		EFAULT if ddi_copyxxx() fails
28537  *		ENXIO if fail ddi_get_soft_state
28538  *		EINVAL if data pointer is NULL
28539  */
28540 
28541 static int
28542 sr_sector_mode(dev_t dev, uint32_t blksize)
28543 {
28544 	struct sd_lun	*un;
28545 	uchar_t		*sense;
28546 	uchar_t		*select;
28547 	int		rval;
28548 
28549 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28550 	    (un->un_state == SD_STATE_OFFLINE)) {
28551 		return (ENXIO);
28552 	}
28553 
28554 	sense = kmem_zalloc(20, KM_SLEEP);
28555 
28556 	/* Note: This is a vendor specific mode page (0x81) */
28557 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense, 20, 0x81,
28558 	    SD_PATH_STANDARD)) != 0) {
28559 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28560 		    "sr_sector_mode: Mode Sense failed\n");
28561 		kmem_free(sense, 20);
28562 		return (rval);
28563 	}
28564 	select = kmem_zalloc(20, KM_SLEEP);
28565 	select[3] = 0x08;
28566 	select[10] = ((blksize >> 8) & 0xff);
28567 	select[11] = (blksize & 0xff);
28568 	select[12] = 0x01;
28569 	select[13] = 0x06;
28570 	select[14] = sense[14];
28571 	select[15] = sense[15];
28572 	if (blksize == SD_MODE2_BLKSIZE) {
28573 		select[14] |= 0x01;
28574 	}
28575 
28576 	if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select, 20,
28577 	    SD_DONTSAVE_PAGE, SD_PATH_STANDARD)) != 0) {
28578 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28579 		    "sr_sector_mode: Mode Select failed\n");
28580 	} else {
28581 		/*
28582 		 * Only update the softstate block size if we successfully
28583 		 * changed the device block mode.
28584 		 */
28585 		mutex_enter(SD_MUTEX(un));
28586 		sd_update_block_info(un, blksize, 0);
28587 		mutex_exit(SD_MUTEX(un));
28588 	}
28589 	kmem_free(sense, 20);
28590 	kmem_free(select, 20);
28591 	return (rval);
28592 }
28593 
28594 
28595 /*
28596  *    Function: sr_read_cdda()
28597  *
28598  * Description: This routine is the driver entry point for handling CD-ROM
28599  *		ioctl requests to return CD-DA or subcode data. (CDROMCDDA) If
28600  *		the target supports CDDA these requests are handled via a vendor
28601  *		specific command (0xD8) If the target does not support CDDA
28602  *		these requests are handled via the READ CD command (0xBE).
28603  *
28604  *   Arguments: dev	- the device 'dev_t'
28605  *		data	- pointer to user provided CD-DA structure specifying
28606  *			  the track starting address, transfer length, and
28607  *			  subcode options.
28608  *		flag	- this argument is a pass through to ddi_copyxxx()
28609  *			  directly from the mode argument of ioctl().
28610  *
28611  * Return Code: the code returned by sd_send_scsi_cmd()
28612  *		EFAULT if ddi_copyxxx() fails
28613  *		ENXIO if fail ddi_get_soft_state
28614  *		EINVAL if invalid arguments are provided
28615  *		ENOTTY
28616  */
28617 
28618 static int
28619 sr_read_cdda(dev_t dev, caddr_t data, int flag)
28620 {
28621 	struct sd_lun			*un;
28622 	struct uscsi_cmd		*com;
28623 	struct cdrom_cdda		*cdda;
28624 	int				rval;
28625 	size_t				buflen;
28626 	char				cdb[CDB_GROUP5];
28627 
28628 #ifdef _MULTI_DATAMODEL
28629 	/* To support ILP32 applications in an LP64 world */
28630 	struct cdrom_cdda32	cdrom_cdda32;
28631 	struct cdrom_cdda32	*cdda32 = &cdrom_cdda32;
28632 #endif /* _MULTI_DATAMODEL */
28633 
28634 	if (data == NULL) {
28635 		return (EINVAL);
28636 	}
28637 
28638 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28639 		return (ENXIO);
28640 	}
28641 
28642 	cdda = kmem_zalloc(sizeof (struct cdrom_cdda), KM_SLEEP);
28643 
28644 #ifdef _MULTI_DATAMODEL
28645 	switch (ddi_model_convert_from(flag & FMODELS)) {
28646 	case DDI_MODEL_ILP32:
28647 		if (ddi_copyin(data, cdda32, sizeof (*cdda32), flag)) {
28648 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28649 			    "sr_read_cdda: ddi_copyin Failed\n");
28650 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28651 			return (EFAULT);
28652 		}
28653 		/* Convert the ILP32 uscsi data from the application to LP64 */
28654 		cdrom_cdda32tocdrom_cdda(cdda32, cdda);
28655 		break;
28656 	case DDI_MODEL_NONE:
28657 		if (ddi_copyin(data, cdda, sizeof (struct cdrom_cdda), flag)) {
28658 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28659 			    "sr_read_cdda: ddi_copyin Failed\n");
28660 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28661 			return (EFAULT);
28662 		}
28663 		break;
28664 	}
28665 #else /* ! _MULTI_DATAMODEL */
28666 	if (ddi_copyin(data, cdda, sizeof (struct cdrom_cdda), flag)) {
28667 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28668 		    "sr_read_cdda: ddi_copyin Failed\n");
28669 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28670 		return (EFAULT);
28671 	}
28672 #endif /* _MULTI_DATAMODEL */
28673 
28674 	/*
28675 	 * Since MMC-2 expects max 3 bytes for length, check if the
28676 	 * length input is greater than 3 bytes
28677 	 */
28678 	if ((cdda->cdda_length & 0xFF000000) != 0) {
28679 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_read_cdda: "
28680 		    "cdrom transfer length too large: %d (limit %d)\n",
28681 		    cdda->cdda_length, 0xFFFFFF);
28682 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28683 		return (EINVAL);
28684 	}
28685 
28686 	switch (cdda->cdda_subcode) {
28687 	case CDROM_DA_NO_SUBCODE:
28688 		buflen = CDROM_BLK_2352 * cdda->cdda_length;
28689 		break;
28690 	case CDROM_DA_SUBQ:
28691 		buflen = CDROM_BLK_2368 * cdda->cdda_length;
28692 		break;
28693 	case CDROM_DA_ALL_SUBCODE:
28694 		buflen = CDROM_BLK_2448 * cdda->cdda_length;
28695 		break;
28696 	case CDROM_DA_SUBCODE_ONLY:
28697 		buflen = CDROM_BLK_SUBCODE * cdda->cdda_length;
28698 		break;
28699 	default:
28700 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28701 		    "sr_read_cdda: Subcode '0x%x' Not Supported\n",
28702 		    cdda->cdda_subcode);
28703 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28704 		return (EINVAL);
28705 	}
28706 
28707 	/* Build and send the command */
28708 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28709 	bzero(cdb, CDB_GROUP5);
28710 
28711 	if (un->un_f_cfg_cdda == TRUE) {
28712 		cdb[0] = (char)SCMD_READ_CD;
28713 		cdb[1] = 0x04;
28714 		cdb[2] = (((cdda->cdda_addr) & 0xff000000) >> 24);
28715 		cdb[3] = (((cdda->cdda_addr) & 0x00ff0000) >> 16);
28716 		cdb[4] = (((cdda->cdda_addr) & 0x0000ff00) >> 8);
28717 		cdb[5] = ((cdda->cdda_addr) & 0x000000ff);
28718 		cdb[6] = (((cdda->cdda_length) & 0x00ff0000) >> 16);
28719 		cdb[7] = (((cdda->cdda_length) & 0x0000ff00) >> 8);
28720 		cdb[8] = ((cdda->cdda_length) & 0x000000ff);
28721 		cdb[9] = 0x10;
28722 		switch (cdda->cdda_subcode) {
28723 		case CDROM_DA_NO_SUBCODE :
28724 			cdb[10] = 0x0;
28725 			break;
28726 		case CDROM_DA_SUBQ :
28727 			cdb[10] = 0x2;
28728 			break;
28729 		case CDROM_DA_ALL_SUBCODE :
28730 			cdb[10] = 0x1;
28731 			break;
28732 		case CDROM_DA_SUBCODE_ONLY :
28733 			/* FALLTHROUGH */
28734 		default :
28735 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28736 			kmem_free(com, sizeof (*com));
28737 			return (ENOTTY);
28738 		}
28739 	} else {
28740 		cdb[0] = (char)SCMD_READ_CDDA;
28741 		cdb[2] = (((cdda->cdda_addr) & 0xff000000) >> 24);
28742 		cdb[3] = (((cdda->cdda_addr) & 0x00ff0000) >> 16);
28743 		cdb[4] = (((cdda->cdda_addr) & 0x0000ff00) >> 8);
28744 		cdb[5] = ((cdda->cdda_addr) & 0x000000ff);
28745 		cdb[6] = (((cdda->cdda_length) & 0xff000000) >> 24);
28746 		cdb[7] = (((cdda->cdda_length) & 0x00ff0000) >> 16);
28747 		cdb[8] = (((cdda->cdda_length) & 0x0000ff00) >> 8);
28748 		cdb[9] = ((cdda->cdda_length) & 0x000000ff);
28749 		cdb[10] = cdda->cdda_subcode;
28750 	}
28751 
28752 	com->uscsi_cdb = cdb;
28753 	com->uscsi_cdblen = CDB_GROUP5;
28754 	com->uscsi_bufaddr = (caddr_t)cdda->cdda_data;
28755 	com->uscsi_buflen = buflen;
28756 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28757 
28758 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28759 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28760 
28761 	kmem_free(cdda, sizeof (struct cdrom_cdda));
28762 	kmem_free(com, sizeof (*com));
28763 	return (rval);
28764 }
28765 
28766 
28767 /*
28768  *    Function: sr_read_cdxa()
28769  *
28770  * Description: This routine is the driver entry point for handling CD-ROM
28771  *		ioctl requests to return CD-XA (Extended Architecture) data.
28772  *		(CDROMCDXA).
28773  *
28774  *   Arguments: dev	- the device 'dev_t'
28775  *		data	- pointer to user provided CD-XA structure specifying
28776  *			  the data starting address, transfer length, and format
28777  *		flag	- this argument is a pass through to ddi_copyxxx()
28778  *			  directly from the mode argument of ioctl().
28779  *
28780  * Return Code: the code returned by sd_send_scsi_cmd()
28781  *		EFAULT if ddi_copyxxx() fails
28782  *		ENXIO if fail ddi_get_soft_state
28783  *		EINVAL if data pointer is NULL
28784  */
28785 
28786 static int
28787 sr_read_cdxa(dev_t dev, caddr_t data, int flag)
28788 {
28789 	struct sd_lun		*un;
28790 	struct uscsi_cmd	*com;
28791 	struct cdrom_cdxa	*cdxa;
28792 	int			rval;
28793 	size_t			buflen;
28794 	char			cdb[CDB_GROUP5];
28795 	uchar_t			read_flags;
28796 
28797 #ifdef _MULTI_DATAMODEL
28798 	/* To support ILP32 applications in an LP64 world */
28799 	struct cdrom_cdxa32		cdrom_cdxa32;
28800 	struct cdrom_cdxa32		*cdxa32 = &cdrom_cdxa32;
28801 #endif /* _MULTI_DATAMODEL */
28802 
28803 	if (data == NULL) {
28804 		return (EINVAL);
28805 	}
28806 
28807 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28808 		return (ENXIO);
28809 	}
28810 
28811 	cdxa = kmem_zalloc(sizeof (struct cdrom_cdxa), KM_SLEEP);
28812 
28813 #ifdef _MULTI_DATAMODEL
28814 	switch (ddi_model_convert_from(flag & FMODELS)) {
28815 	case DDI_MODEL_ILP32:
28816 		if (ddi_copyin(data, cdxa32, sizeof (*cdxa32), flag)) {
28817 			kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28818 			return (EFAULT);
28819 		}
28820 		/*
28821 		 * Convert the ILP32 uscsi data from the
28822 		 * application to LP64 for internal use.
28823 		 */
28824 		cdrom_cdxa32tocdrom_cdxa(cdxa32, cdxa);
28825 		break;
28826 	case DDI_MODEL_NONE:
28827 		if (ddi_copyin(data, cdxa, sizeof (struct cdrom_cdxa), flag)) {
28828 			kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28829 			return (EFAULT);
28830 		}
28831 		break;
28832 	}
28833 #else /* ! _MULTI_DATAMODEL */
28834 	if (ddi_copyin(data, cdxa, sizeof (struct cdrom_cdxa), flag)) {
28835 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28836 		return (EFAULT);
28837 	}
28838 #endif /* _MULTI_DATAMODEL */
28839 
28840 	/*
28841 	 * Since MMC-2 expects max 3 bytes for length, check if the
28842 	 * length input is greater than 3 bytes
28843 	 */
28844 	if ((cdxa->cdxa_length & 0xFF000000) != 0) {
28845 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_read_cdxa: "
28846 		    "cdrom transfer length too large: %d (limit %d)\n",
28847 		    cdxa->cdxa_length, 0xFFFFFF);
28848 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28849 		return (EINVAL);
28850 	}
28851 
28852 	switch (cdxa->cdxa_format) {
28853 	case CDROM_XA_DATA:
28854 		buflen = CDROM_BLK_2048 * cdxa->cdxa_length;
28855 		read_flags = 0x10;
28856 		break;
28857 	case CDROM_XA_SECTOR_DATA:
28858 		buflen = CDROM_BLK_2352 * cdxa->cdxa_length;
28859 		read_flags = 0xf8;
28860 		break;
28861 	case CDROM_XA_DATA_W_ERROR:
28862 		buflen = CDROM_BLK_2646 * cdxa->cdxa_length;
28863 		read_flags = 0xfc;
28864 		break;
28865 	default:
28866 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28867 		    "sr_read_cdxa: Format '0x%x' Not Supported\n",
28868 		    cdxa->cdxa_format);
28869 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28870 		return (EINVAL);
28871 	}
28872 
28873 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28874 	bzero(cdb, CDB_GROUP5);
28875 	if (un->un_f_mmc_cap == TRUE) {
28876 		cdb[0] = (char)SCMD_READ_CD;
28877 		cdb[2] = (((cdxa->cdxa_addr) & 0xff000000) >> 24);
28878 		cdb[3] = (((cdxa->cdxa_addr) & 0x00ff0000) >> 16);
28879 		cdb[4] = (((cdxa->cdxa_addr) & 0x0000ff00) >> 8);
28880 		cdb[5] = ((cdxa->cdxa_addr) & 0x000000ff);
28881 		cdb[6] = (((cdxa->cdxa_length) & 0x00ff0000) >> 16);
28882 		cdb[7] = (((cdxa->cdxa_length) & 0x0000ff00) >> 8);
28883 		cdb[8] = ((cdxa->cdxa_length) & 0x000000ff);
28884 		cdb[9] = (char)read_flags;
28885 	} else {
28886 		/*
28887 		 * Note: A vendor specific command (0xDB) is being used her to
28888 		 * request a read of all subcodes.
28889 		 */
28890 		cdb[0] = (char)SCMD_READ_CDXA;
28891 		cdb[2] = (((cdxa->cdxa_addr) & 0xff000000) >> 24);
28892 		cdb[3] = (((cdxa->cdxa_addr) & 0x00ff0000) >> 16);
28893 		cdb[4] = (((cdxa->cdxa_addr) & 0x0000ff00) >> 8);
28894 		cdb[5] = ((cdxa->cdxa_addr) & 0x000000ff);
28895 		cdb[6] = (((cdxa->cdxa_length) & 0xff000000) >> 24);
28896 		cdb[7] = (((cdxa->cdxa_length) & 0x00ff0000) >> 16);
28897 		cdb[8] = (((cdxa->cdxa_length) & 0x0000ff00) >> 8);
28898 		cdb[9] = ((cdxa->cdxa_length) & 0x000000ff);
28899 		cdb[10] = cdxa->cdxa_format;
28900 	}
28901 	com->uscsi_cdb	   = cdb;
28902 	com->uscsi_cdblen  = CDB_GROUP5;
28903 	com->uscsi_bufaddr = (caddr_t)cdxa->cdxa_data;
28904 	com->uscsi_buflen  = buflen;
28905 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28906 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28907 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28908 	kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28909 	kmem_free(com, sizeof (*com));
28910 	return (rval);
28911 }
28912 
28913 
28914 /*
28915  *    Function: sr_eject()
28916  *
28917  * Description: This routine is the driver entry point for handling CD-ROM
28918  *		eject ioctl requests (FDEJECT, DKIOCEJECT, CDROMEJECT)
28919  *
28920  *   Arguments: dev	- the device 'dev_t'
28921  *
28922  * Return Code: the code returned by sd_send_scsi_cmd()
28923  */
28924 
28925 static int
28926 sr_eject(dev_t dev)
28927 {
28928 	struct sd_lun	*un;
28929 	int		rval;
28930 
28931 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28932 	    (un->un_state == SD_STATE_OFFLINE)) {
28933 		return (ENXIO);
28934 	}
28935 	if ((rval = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_ALLOW,
28936 	    SD_PATH_STANDARD)) != 0) {
28937 		return (rval);
28938 	}
28939 
28940 	rval = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_EJECT,
28941 	    SD_PATH_STANDARD);
28942 
28943 	if (rval == 0) {
28944 		mutex_enter(SD_MUTEX(un));
28945 		sr_ejected(un);
28946 		un->un_mediastate = DKIO_EJECTED;
28947 		cv_broadcast(&un->un_state_cv);
28948 		mutex_exit(SD_MUTEX(un));
28949 	}
28950 	return (rval);
28951 }
28952 
28953 
28954 /*
28955  *    Function: sr_ejected()
28956  *
28957  * Description: This routine updates the soft state structure to invalidate the
28958  *		geometry information after the media has been ejected or a
28959  *		media eject has been detected.
28960  *
28961  *   Arguments: un - driver soft state (unit) structure
28962  */
28963 
28964 static void
28965 sr_ejected(struct sd_lun *un)
28966 {
28967 	struct sd_errstats *stp;
28968 
28969 	ASSERT(un != NULL);
28970 	ASSERT(mutex_owned(SD_MUTEX(un)));
28971 
28972 	un->un_f_blockcount_is_valid	= FALSE;
28973 	un->un_f_tgt_blocksize_is_valid	= FALSE;
28974 	un->un_f_geometry_is_valid	= FALSE;
28975 
28976 	if (un->un_errstats != NULL) {
28977 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
28978 		stp->sd_capacity.value.ui64 = 0;
28979 	}
28980 }
28981 
28982 
28983 /*
28984  *    Function: sr_check_wp()
28985  *
28986  * Description: This routine checks the write protection of a removable
28987  *      media disk and hotpluggable devices via the write protect bit of
28988  *      the Mode Page Header device specific field. Some devices choke
28989  *      on unsupported mode page. In order to workaround this issue,
28990  *      this routine has been implemented to use 0x3f mode page(request
28991  *      for all pages) for all device types.
28992  *
28993  *   Arguments: dev		- the device 'dev_t'
28994  *
28995  * Return Code: int indicating if the device is write protected (1) or not (0)
28996  *
28997  *     Context: Kernel thread.
28998  *
28999  */
29000 
29001 static int
29002 sr_check_wp(dev_t dev)
29003 {
29004 	struct sd_lun	*un;
29005 	uchar_t		device_specific;
29006 	uchar_t		*sense;
29007 	int		hdrlen;
29008 	int		rval = FALSE;
29009 
29010 	/*
29011 	 * Note: The return codes for this routine should be reworked to
29012 	 * properly handle the case of a NULL softstate.
29013 	 */
29014 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
29015 		return (FALSE);
29016 	}
29017 
29018 	if (un->un_f_cfg_is_atapi == TRUE) {
29019 		/*
29020 		 * The mode page contents are not required; set the allocation
29021 		 * length for the mode page header only
29022 		 */
29023 		hdrlen = MODE_HEADER_LENGTH_GRP2;
29024 		sense = kmem_zalloc(hdrlen, KM_SLEEP);
29025 		if (sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense, hdrlen,
29026 		    MODEPAGE_ALLPAGES, SD_PATH_STANDARD) != 0)
29027 			goto err_exit;
29028 		device_specific =
29029 		    ((struct mode_header_grp2 *)sense)->device_specific;
29030 	} else {
29031 		hdrlen = MODE_HEADER_LENGTH;
29032 		sense = kmem_zalloc(hdrlen, KM_SLEEP);
29033 		if (sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense, hdrlen,
29034 		    MODEPAGE_ALLPAGES, SD_PATH_STANDARD) != 0)
29035 			goto err_exit;
29036 		device_specific =
29037 		    ((struct mode_header *)sense)->device_specific;
29038 	}
29039 
29040 	/*
29041 	 * Write protect mode sense failed; not all disks
29042 	 * understand this query. Return FALSE assuming that
29043 	 * these devices are not writable.
29044 	 */
29045 	if (device_specific & WRITE_PROTECT) {
29046 		rval = TRUE;
29047 	}
29048 
29049 err_exit:
29050 	kmem_free(sense, hdrlen);
29051 	return (rval);
29052 }
29053 
29054 /*
29055  *    Function: sr_volume_ctrl()
29056  *
29057  * Description: This routine is the driver entry point for handling CD-ROM
29058  *		audio output volume ioctl requests. (CDROMVOLCTRL)
29059  *
29060  *   Arguments: dev	- the device 'dev_t'
29061  *		data	- pointer to user audio volume control structure
29062  *		flag	- this argument is a pass through to ddi_copyxxx()
29063  *			  directly from the mode argument of ioctl().
29064  *
29065  * Return Code: the code returned by sd_send_scsi_cmd()
29066  *		EFAULT if ddi_copyxxx() fails
29067  *		ENXIO if fail ddi_get_soft_state
29068  *		EINVAL if data pointer is NULL
29069  *
29070  */
29071 
29072 static int
29073 sr_volume_ctrl(dev_t dev, caddr_t data, int flag)
29074 {
29075 	struct sd_lun		*un;
29076 	struct cdrom_volctrl    volume;
29077 	struct cdrom_volctrl    *vol = &volume;
29078 	uchar_t			*sense_page;
29079 	uchar_t			*select_page;
29080 	uchar_t			*sense;
29081 	uchar_t			*select;
29082 	int			sense_buflen;
29083 	int			select_buflen;
29084 	int			rval;
29085 
29086 	if (data == NULL) {
29087 		return (EINVAL);
29088 	}
29089 
29090 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
29091 	    (un->un_state == SD_STATE_OFFLINE)) {
29092 		return (ENXIO);
29093 	}
29094 
29095 	if (ddi_copyin(data, vol, sizeof (struct cdrom_volctrl), flag)) {
29096 		return (EFAULT);
29097 	}
29098 
29099 	if ((un->un_f_cfg_is_atapi == TRUE) || (un->un_f_mmc_cap == TRUE)) {
29100 		struct mode_header_grp2		*sense_mhp;
29101 		struct mode_header_grp2		*select_mhp;
29102 		int				bd_len;
29103 
29104 		sense_buflen = MODE_PARAM_LENGTH_GRP2 + MODEPAGE_AUDIO_CTRL_LEN;
29105 		select_buflen = MODE_HEADER_LENGTH_GRP2 +
29106 		    MODEPAGE_AUDIO_CTRL_LEN;
29107 		sense  = kmem_zalloc(sense_buflen, KM_SLEEP);
29108 		select = kmem_zalloc(select_buflen, KM_SLEEP);
29109 		if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense,
29110 		    sense_buflen, MODEPAGE_AUDIO_CTRL,
29111 		    SD_PATH_STANDARD)) != 0) {
29112 			SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
29113 			    "sr_volume_ctrl: Mode Sense Failed\n");
29114 			kmem_free(sense, sense_buflen);
29115 			kmem_free(select, select_buflen);
29116 			return (rval);
29117 		}
29118 		sense_mhp = (struct mode_header_grp2 *)sense;
29119 		select_mhp = (struct mode_header_grp2 *)select;
29120 		bd_len = (sense_mhp->bdesc_length_hi << 8) |
29121 		    sense_mhp->bdesc_length_lo;
29122 		if (bd_len > MODE_BLK_DESC_LENGTH) {
29123 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
29124 			    "sr_volume_ctrl: Mode Sense returned invalid "
29125 			    "block descriptor length\n");
29126 			kmem_free(sense, sense_buflen);
29127 			kmem_free(select, select_buflen);
29128 			return (EIO);
29129 		}
29130 		sense_page = (uchar_t *)
29131 		    (sense + MODE_HEADER_LENGTH_GRP2 + bd_len);
29132 		select_page = (uchar_t *)(select + MODE_HEADER_LENGTH_GRP2);
29133 		select_mhp->length_msb = 0;
29134 		select_mhp->length_lsb = 0;
29135 		select_mhp->bdesc_length_hi = 0;
29136 		select_mhp->bdesc_length_lo = 0;
29137 	} else {
29138 		struct mode_header		*sense_mhp, *select_mhp;
29139 
29140 		sense_buflen = MODE_PARAM_LENGTH + MODEPAGE_AUDIO_CTRL_LEN;
29141 		select_buflen = MODE_HEADER_LENGTH + MODEPAGE_AUDIO_CTRL_LEN;
29142 		sense  = kmem_zalloc(sense_buflen, KM_SLEEP);
29143 		select = kmem_zalloc(select_buflen, KM_SLEEP);
29144 		if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
29145 		    sense_buflen, MODEPAGE_AUDIO_CTRL,
29146 		    SD_PATH_STANDARD)) != 0) {
29147 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
29148 			    "sr_volume_ctrl: Mode Sense Failed\n");
29149 			kmem_free(sense, sense_buflen);
29150 			kmem_free(select, select_buflen);
29151 			return (rval);
29152 		}
29153 		sense_mhp  = (struct mode_header *)sense;
29154 		select_mhp = (struct mode_header *)select;
29155 		if (sense_mhp->bdesc_length > MODE_BLK_DESC_LENGTH) {
29156 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
29157 			    "sr_volume_ctrl: Mode Sense returned invalid "
29158 			    "block descriptor length\n");
29159 			kmem_free(sense, sense_buflen);
29160 			kmem_free(select, select_buflen);
29161 			return (EIO);
29162 		}
29163 		sense_page = (uchar_t *)
29164 		    (sense + MODE_HEADER_LENGTH + sense_mhp->bdesc_length);
29165 		select_page = (uchar_t *)(select + MODE_HEADER_LENGTH);
29166 		select_mhp->length = 0;
29167 		select_mhp->bdesc_length = 0;
29168 	}
29169 	/*
29170 	 * Note: An audio control data structure could be created and overlayed
29171 	 * on the following in place of the array indexing method implemented.
29172 	 */
29173 
29174 	/* Build the select data for the user volume data */
29175 	select_page[0] = MODEPAGE_AUDIO_CTRL;
29176 	select_page[1] = 0xE;
29177 	/* Set the immediate bit */
29178 	select_page[2] = 0x04;
29179 	/* Zero out reserved fields */
29180 	select_page[3] = 0x00;
29181 	select_page[4] = 0x00;
29182 	/* Return sense data for fields not to be modified */
29183 	select_page[5] = sense_page[5];
29184 	select_page[6] = sense_page[6];
29185 	select_page[7] = sense_page[7];
29186 	/* Set the user specified volume levels for channel 0 and 1 */
29187 	select_page[8] = 0x01;
29188 	select_page[9] = vol->channel0;
29189 	select_page[10] = 0x02;
29190 	select_page[11] = vol->channel1;
29191 	/* Channel 2 and 3 are currently unsupported so return the sense data */
29192 	select_page[12] = sense_page[12];
29193 	select_page[13] = sense_page[13];
29194 	select_page[14] = sense_page[14];
29195 	select_page[15] = sense_page[15];
29196 
29197 	if ((un->un_f_cfg_is_atapi == TRUE) || (un->un_f_mmc_cap == TRUE)) {
29198 		rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP1, select,
29199 		    select_buflen, SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
29200 	} else {
29201 		rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
29202 		    select_buflen, SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
29203 	}
29204 
29205 	kmem_free(sense, sense_buflen);
29206 	kmem_free(select, select_buflen);
29207 	return (rval);
29208 }
29209 
29210 
29211 /*
29212  *    Function: sr_read_sony_session_offset()
29213  *
29214  * Description: This routine is the driver entry point for handling CD-ROM
29215  *		ioctl requests for session offset information. (CDROMREADOFFSET)
29216  *		The address of the first track in the last session of a
29217  *		multi-session CD-ROM is returned
29218  *
29219  *		Note: This routine uses a vendor specific key value in the
29220  *		command control field without implementing any vendor check here
29221  *		or in the ioctl routine.
29222  *
29223  *   Arguments: dev	- the device 'dev_t'
29224  *		data	- pointer to an int to hold the requested address
29225  *		flag	- this argument is a pass through to ddi_copyxxx()
29226  *			  directly from the mode argument of ioctl().
29227  *
29228  * Return Code: the code returned by sd_send_scsi_cmd()
29229  *		EFAULT if ddi_copyxxx() fails
29230  *		ENXIO if fail ddi_get_soft_state
29231  *		EINVAL if data pointer is NULL
29232  */
29233 
29234 static int
29235 sr_read_sony_session_offset(dev_t dev, caddr_t data, int flag)
29236 {
29237 	struct sd_lun		*un;
29238 	struct uscsi_cmd	*com;
29239 	caddr_t			buffer;
29240 	char			cdb[CDB_GROUP1];
29241 	int			session_offset = 0;
29242 	int			rval;
29243 
29244 	if (data == NULL) {
29245 		return (EINVAL);
29246 	}
29247 
29248 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
29249 	    (un->un_state == SD_STATE_OFFLINE)) {
29250 		return (ENXIO);
29251 	}
29252 
29253 	buffer = kmem_zalloc((size_t)SONY_SESSION_OFFSET_LEN, KM_SLEEP);
29254 	bzero(cdb, CDB_GROUP1);
29255 	cdb[0] = SCMD_READ_TOC;
29256 	/*
29257 	 * Bytes 7 & 8 are the 12 byte allocation length for a single entry.
29258 	 * (4 byte TOC response header + 8 byte response data)
29259 	 */
29260 	cdb[8] = SONY_SESSION_OFFSET_LEN;
29261 	/* Byte 9 is the control byte. A vendor specific value is used */
29262 	cdb[9] = SONY_SESSION_OFFSET_KEY;
29263 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
29264 	com->uscsi_cdb = cdb;
29265 	com->uscsi_cdblen = CDB_GROUP1;
29266 	com->uscsi_bufaddr = buffer;
29267 	com->uscsi_buflen = SONY_SESSION_OFFSET_LEN;
29268 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
29269 
29270 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
29271 	    UIO_SYSSPACE, SD_PATH_STANDARD);
29272 	if (rval != 0) {
29273 		kmem_free(buffer, SONY_SESSION_OFFSET_LEN);
29274 		kmem_free(com, sizeof (*com));
29275 		return (rval);
29276 	}
29277 	if (buffer[1] == SONY_SESSION_OFFSET_VALID) {
29278 		session_offset =
29279 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
29280 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
29281 		/*
29282 		 * Offset returned offset in current lbasize block's. Convert to
29283 		 * 2k block's to return to the user
29284 		 */
29285 		if (un->un_tgt_blocksize == CDROM_BLK_512) {
29286 			session_offset >>= 2;
29287 		} else if (un->un_tgt_blocksize == CDROM_BLK_1024) {
29288 			session_offset >>= 1;
29289 		}
29290 	}
29291 
29292 	if (ddi_copyout(&session_offset, data, sizeof (int), flag) != 0) {
29293 		rval = EFAULT;
29294 	}
29295 
29296 	kmem_free(buffer, SONY_SESSION_OFFSET_LEN);
29297 	kmem_free(com, sizeof (*com));
29298 	return (rval);
29299 }
29300 
29301 
29302 /*
29303  *    Function: sd_wm_cache_constructor()
29304  *
29305  * Description: Cache Constructor for the wmap cache for the read/modify/write
29306  * 		devices.
29307  *
29308  *   Arguments: wm      - A pointer to the sd_w_map to be initialized.
29309  *		un	- sd_lun structure for the device.
29310  *		flag	- the km flags passed to constructor
29311  *
29312  * Return Code: 0 on success.
29313  *		-1 on failure.
29314  */
29315 
29316 /*ARGSUSED*/
29317 static int
29318 sd_wm_cache_constructor(void *wm, void *un, int flags)
29319 {
29320 	bzero(wm, sizeof (struct sd_w_map));
29321 	cv_init(&((struct sd_w_map *)wm)->wm_avail, NULL, CV_DRIVER, NULL);
29322 	return (0);
29323 }
29324 
29325 
29326 /*
29327  *    Function: sd_wm_cache_destructor()
29328  *
29329  * Description: Cache destructor for the wmap cache for the read/modify/write
29330  * 		devices.
29331  *
29332  *   Arguments: wm      - A pointer to the sd_w_map to be initialized.
29333  *		un	- sd_lun structure for the device.
29334  */
29335 /*ARGSUSED*/
29336 static void
29337 sd_wm_cache_destructor(void *wm, void *un)
29338 {
29339 	cv_destroy(&((struct sd_w_map *)wm)->wm_avail);
29340 }
29341 
29342 
29343 /*
29344  *    Function: sd_range_lock()
29345  *
29346  * Description: Lock the range of blocks specified as parameter to ensure
29347  *		that read, modify write is atomic and no other i/o writes
29348  *		to the same location. The range is specified in terms
29349  *		of start and end blocks. Block numbers are the actual
29350  *		media block numbers and not system.
29351  *
29352  *   Arguments: un	- sd_lun structure for the device.
29353  *		startb - The starting block number
29354  *		endb - The end block number
29355  *		typ - type of i/o - simple/read_modify_write
29356  *
29357  * Return Code: wm  - pointer to the wmap structure.
29358  *
29359  *     Context: This routine can sleep.
29360  */
29361 
29362 static struct sd_w_map *
29363 sd_range_lock(struct sd_lun *un, daddr_t startb, daddr_t endb, ushort_t typ)
29364 {
29365 	struct sd_w_map *wmp = NULL;
29366 	struct sd_w_map *sl_wmp = NULL;
29367 	struct sd_w_map *tmp_wmp;
29368 	wm_state state = SD_WM_CHK_LIST;
29369 
29370 
29371 	ASSERT(un != NULL);
29372 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29373 
29374 	mutex_enter(SD_MUTEX(un));
29375 
29376 	while (state != SD_WM_DONE) {
29377 
29378 		switch (state) {
29379 		case SD_WM_CHK_LIST:
29380 			/*
29381 			 * This is the starting state. Check the wmap list
29382 			 * to see if the range is currently available.
29383 			 */
29384 			if (!(typ & SD_WTYPE_RMW) && !(un->un_rmw_count)) {
29385 				/*
29386 				 * If this is a simple write and no rmw
29387 				 * i/o is pending then try to lock the
29388 				 * range as the range should be available.
29389 				 */
29390 				state = SD_WM_LOCK_RANGE;
29391 			} else {
29392 				tmp_wmp = sd_get_range(un, startb, endb);
29393 				if (tmp_wmp != NULL) {
29394 					if ((wmp != NULL) && ONLIST(un, wmp)) {
29395 						/*
29396 						 * Should not keep onlist wmps
29397 						 * while waiting this macro
29398 						 * will also do wmp = NULL;
29399 						 */
29400 						FREE_ONLIST_WMAP(un, wmp);
29401 					}
29402 					/*
29403 					 * sl_wmp is the wmap on which wait
29404 					 * is done, since the tmp_wmp points
29405 					 * to the inuse wmap, set sl_wmp to
29406 					 * tmp_wmp and change the state to sleep
29407 					 */
29408 					sl_wmp = tmp_wmp;
29409 					state = SD_WM_WAIT_MAP;
29410 				} else {
29411 					state = SD_WM_LOCK_RANGE;
29412 				}
29413 
29414 			}
29415 			break;
29416 
29417 		case SD_WM_LOCK_RANGE:
29418 			ASSERT(un->un_wm_cache);
29419 			/*
29420 			 * The range need to be locked, try to get a wmap.
29421 			 * First attempt it with NO_SLEEP, want to avoid a sleep
29422 			 * if possible as we will have to release the sd mutex
29423 			 * if we have to sleep.
29424 			 */
29425 			if (wmp == NULL)
29426 				wmp = kmem_cache_alloc(un->un_wm_cache,
29427 				    KM_NOSLEEP);
29428 			if (wmp == NULL) {
29429 				mutex_exit(SD_MUTEX(un));
29430 				_NOTE(DATA_READABLE_WITHOUT_LOCK
29431 				    (sd_lun::un_wm_cache))
29432 				wmp = kmem_cache_alloc(un->un_wm_cache,
29433 				    KM_SLEEP);
29434 				mutex_enter(SD_MUTEX(un));
29435 				/*
29436 				 * we released the mutex so recheck and go to
29437 				 * check list state.
29438 				 */
29439 				state = SD_WM_CHK_LIST;
29440 			} else {
29441 				/*
29442 				 * We exit out of state machine since we
29443 				 * have the wmap. Do the housekeeping first.
29444 				 * place the wmap on the wmap list if it is not
29445 				 * on it already and then set the state to done.
29446 				 */
29447 				wmp->wm_start = startb;
29448 				wmp->wm_end = endb;
29449 				wmp->wm_flags = typ | SD_WM_BUSY;
29450 				if (typ & SD_WTYPE_RMW) {
29451 					un->un_rmw_count++;
29452 				}
29453 				/*
29454 				 * If not already on the list then link
29455 				 */
29456 				if (!ONLIST(un, wmp)) {
29457 					wmp->wm_next = un->un_wm;
29458 					wmp->wm_prev = NULL;
29459 					if (wmp->wm_next)
29460 						wmp->wm_next->wm_prev = wmp;
29461 					un->un_wm = wmp;
29462 				}
29463 				state = SD_WM_DONE;
29464 			}
29465 			break;
29466 
29467 		case SD_WM_WAIT_MAP:
29468 			ASSERT(sl_wmp->wm_flags & SD_WM_BUSY);
29469 			/*
29470 			 * Wait is done on sl_wmp, which is set in the
29471 			 * check_list state.
29472 			 */
29473 			sl_wmp->wm_wanted_count++;
29474 			cv_wait(&sl_wmp->wm_avail, SD_MUTEX(un));
29475 			sl_wmp->wm_wanted_count--;
29476 			/*
29477 			 * We can reuse the memory from the completed sl_wmp
29478 			 * lock range for our new lock, but only if noone is
29479 			 * waiting for it.
29480 			 */
29481 			ASSERT(!(sl_wmp->wm_flags & SD_WM_BUSY));
29482 			if (sl_wmp->wm_wanted_count == 0) {
29483 				if (wmp != NULL)
29484 					CHK_N_FREEWMP(un, wmp);
29485 				wmp = sl_wmp;
29486 			}
29487 			sl_wmp = NULL;
29488 			/*
29489 			 * After waking up, need to recheck for availability of
29490 			 * range.
29491 			 */
29492 			state = SD_WM_CHK_LIST;
29493 			break;
29494 
29495 		default:
29496 			panic("sd_range_lock: "
29497 			    "Unknown state %d in sd_range_lock", state);
29498 			/*NOTREACHED*/
29499 		} /* switch(state) */
29500 
29501 	} /* while(state != SD_WM_DONE) */
29502 
29503 	mutex_exit(SD_MUTEX(un));
29504 
29505 	ASSERT(wmp != NULL);
29506 
29507 	return (wmp);
29508 }
29509 
29510 
29511 /*
29512  *    Function: sd_get_range()
29513  *
29514  * Description: Find if there any overlapping I/O to this one
29515  *		Returns the write-map of 1st such I/O, NULL otherwise.
29516  *
29517  *   Arguments: un	- sd_lun structure for the device.
29518  *		startb - The starting block number
29519  *		endb - The end block number
29520  *
29521  * Return Code: wm  - pointer to the wmap structure.
29522  */
29523 
29524 static struct sd_w_map *
29525 sd_get_range(struct sd_lun *un, daddr_t startb, daddr_t endb)
29526 {
29527 	struct sd_w_map *wmp;
29528 
29529 	ASSERT(un != NULL);
29530 
29531 	for (wmp = un->un_wm; wmp != NULL; wmp = wmp->wm_next) {
29532 		if (!(wmp->wm_flags & SD_WM_BUSY)) {
29533 			continue;
29534 		}
29535 		if ((startb >= wmp->wm_start) && (startb <= wmp->wm_end)) {
29536 			break;
29537 		}
29538 		if ((endb >= wmp->wm_start) && (endb <= wmp->wm_end)) {
29539 			break;
29540 		}
29541 	}
29542 
29543 	return (wmp);
29544 }
29545 
29546 
29547 /*
29548  *    Function: sd_free_inlist_wmap()
29549  *
29550  * Description: Unlink and free a write map struct.
29551  *
29552  *   Arguments: un      - sd_lun structure for the device.
29553  *		wmp	- sd_w_map which needs to be unlinked.
29554  */
29555 
29556 static void
29557 sd_free_inlist_wmap(struct sd_lun *un, struct sd_w_map *wmp)
29558 {
29559 	ASSERT(un != NULL);
29560 
29561 	if (un->un_wm == wmp) {
29562 		un->un_wm = wmp->wm_next;
29563 	} else {
29564 		wmp->wm_prev->wm_next = wmp->wm_next;
29565 	}
29566 
29567 	if (wmp->wm_next) {
29568 		wmp->wm_next->wm_prev = wmp->wm_prev;
29569 	}
29570 
29571 	wmp->wm_next = wmp->wm_prev = NULL;
29572 
29573 	kmem_cache_free(un->un_wm_cache, wmp);
29574 }
29575 
29576 
29577 /*
29578  *    Function: sd_range_unlock()
29579  *
29580  * Description: Unlock the range locked by wm.
29581  *		Free write map if nobody else is waiting on it.
29582  *
29583  *   Arguments: un      - sd_lun structure for the device.
29584  *              wmp     - sd_w_map which needs to be unlinked.
29585  */
29586 
29587 static void
29588 sd_range_unlock(struct sd_lun *un, struct sd_w_map *wm)
29589 {
29590 	ASSERT(un != NULL);
29591 	ASSERT(wm != NULL);
29592 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29593 
29594 	mutex_enter(SD_MUTEX(un));
29595 
29596 	if (wm->wm_flags & SD_WTYPE_RMW) {
29597 		un->un_rmw_count--;
29598 	}
29599 
29600 	if (wm->wm_wanted_count) {
29601 		wm->wm_flags = 0;
29602 		/*
29603 		 * Broadcast that the wmap is available now.
29604 		 */
29605 		cv_broadcast(&wm->wm_avail);
29606 	} else {
29607 		/*
29608 		 * If no one is waiting on the map, it should be free'ed.
29609 		 */
29610 		sd_free_inlist_wmap(un, wm);
29611 	}
29612 
29613 	mutex_exit(SD_MUTEX(un));
29614 }
29615 
29616 
29617 /*
29618  *    Function: sd_read_modify_write_task
29619  *
29620  * Description: Called from a taskq thread to initiate the write phase of
29621  *		a read-modify-write request.  This is used for targets where
29622  *		un->un_sys_blocksize != un->un_tgt_blocksize.
29623  *
29624  *   Arguments: arg - a pointer to the buf(9S) struct for the write command.
29625  *
29626  *     Context: Called under taskq thread context.
29627  */
29628 
29629 static void
29630 sd_read_modify_write_task(void *arg)
29631 {
29632 	struct sd_mapblocksize_info	*bsp;
29633 	struct buf	*bp;
29634 	struct sd_xbuf	*xp;
29635 	struct sd_lun	*un;
29636 
29637 	bp = arg;	/* The bp is given in arg */
29638 	ASSERT(bp != NULL);
29639 
29640 	/* Get the pointer to the layer-private data struct */
29641 	xp = SD_GET_XBUF(bp);
29642 	ASSERT(xp != NULL);
29643 	bsp = xp->xb_private;
29644 	ASSERT(bsp != NULL);
29645 
29646 	un = SD_GET_UN(bp);
29647 	ASSERT(un != NULL);
29648 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29649 
29650 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
29651 	    "sd_read_modify_write_task: entry: buf:0x%p\n", bp);
29652 
29653 	/*
29654 	 * This is the write phase of a read-modify-write request, called
29655 	 * under the context of a taskq thread in response to the completion
29656 	 * of the read portion of the rmw request completing under interrupt
29657 	 * context. The write request must be sent from here down the iostart
29658 	 * chain as if it were being sent from sd_mapblocksize_iostart(), so
29659 	 * we use the layer index saved in the layer-private data area.
29660 	 */
29661 	SD_NEXT_IOSTART(bsp->mbs_layer_index, un, bp);
29662 
29663 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
29664 	    "sd_read_modify_write_task: exit: buf:0x%p\n", bp);
29665 }
29666 
29667 
29668 /*
29669  *    Function: sddump_do_read_of_rmw()
29670  *
29671  * Description: This routine will be called from sddump, If sddump is called
29672  *		with an I/O which not aligned on device blocksize boundary
29673  *		then the write has to be converted to read-modify-write.
29674  *		Do the read part here in order to keep sddump simple.
29675  *		Note - That the sd_mutex is held across the call to this
29676  *		routine.
29677  *
29678  *   Arguments: un	- sd_lun
29679  *		blkno	- block number in terms of media block size.
29680  *		nblk	- number of blocks.
29681  *		bpp	- pointer to pointer to the buf structure. On return
29682  *			from this function, *bpp points to the valid buffer
29683  *			to which the write has to be done.
29684  *
29685  * Return Code: 0 for success or errno-type return code
29686  */
29687 
29688 static int
29689 sddump_do_read_of_rmw(struct sd_lun *un, uint64_t blkno, uint64_t nblk,
29690 	struct buf **bpp)
29691 {
29692 	int err;
29693 	int i;
29694 	int rval;
29695 	struct buf *bp;
29696 	struct scsi_pkt *pkt = NULL;
29697 	uint32_t target_blocksize;
29698 
29699 	ASSERT(un != NULL);
29700 	ASSERT(mutex_owned(SD_MUTEX(un)));
29701 
29702 	target_blocksize = un->un_tgt_blocksize;
29703 
29704 	mutex_exit(SD_MUTEX(un));
29705 
29706 	bp = scsi_alloc_consistent_buf(SD_ADDRESS(un), (struct buf *)NULL,
29707 	    (size_t)(nblk * target_blocksize), B_READ, NULL_FUNC, NULL);
29708 	if (bp == NULL) {
29709 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29710 		    "no resources for dumping; giving up");
29711 		err = ENOMEM;
29712 		goto done;
29713 	}
29714 
29715 	rval = sd_setup_rw_pkt(un, &pkt, bp, 0, NULL_FUNC, NULL,
29716 	    blkno, nblk);
29717 	if (rval != 0) {
29718 		scsi_free_consistent_buf(bp);
29719 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29720 		    "no resources for dumping; giving up");
29721 		err = ENOMEM;
29722 		goto done;
29723 	}
29724 
29725 	pkt->pkt_flags |= FLAG_NOINTR;
29726 
29727 	err = EIO;
29728 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
29729 
29730 		/*
29731 		 * Scsi_poll returns 0 (success) if the command completes and
29732 		 * the status block is STATUS_GOOD.  We should only check
29733 		 * errors if this condition is not true.  Even then we should
29734 		 * send our own request sense packet only if we have a check
29735 		 * condition and auto request sense has not been performed by
29736 		 * the hba.
29737 		 */
29738 		SD_TRACE(SD_LOG_DUMP, un, "sddump: sending read\n");
29739 
29740 		if ((sd_scsi_poll(un, pkt) == 0) && (pkt->pkt_resid == 0)) {
29741 			err = 0;
29742 			break;
29743 		}
29744 
29745 		/*
29746 		 * Check CMD_DEV_GONE 1st, give up if device is gone,
29747 		 * no need to read RQS data.
29748 		 */
29749 		if (pkt->pkt_reason == CMD_DEV_GONE) {
29750 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29751 			    "Device is gone\n");
29752 			break;
29753 		}
29754 
29755 		if (SD_GET_PKT_STATUS(pkt) == STATUS_CHECK) {
29756 			SD_INFO(SD_LOG_DUMP, un,
29757 			    "sddump: read failed with CHECK, try # %d\n", i);
29758 			if (((pkt->pkt_state & STATE_ARQ_DONE) == 0)) {
29759 				(void) sd_send_polled_RQS(un);
29760 			}
29761 
29762 			continue;
29763 		}
29764 
29765 		if (SD_GET_PKT_STATUS(pkt) == STATUS_BUSY) {
29766 			int reset_retval = 0;
29767 
29768 			SD_INFO(SD_LOG_DUMP, un,
29769 			    "sddump: read failed with BUSY, try # %d\n", i);
29770 
29771 			if (un->un_f_lun_reset_enabled == TRUE) {
29772 				reset_retval = scsi_reset(SD_ADDRESS(un),
29773 				    RESET_LUN);
29774 			}
29775 			if (reset_retval == 0) {
29776 				(void) scsi_reset(SD_ADDRESS(un), RESET_TARGET);
29777 			}
29778 			(void) sd_send_polled_RQS(un);
29779 
29780 		} else {
29781 			SD_INFO(SD_LOG_DUMP, un,
29782 			    "sddump: read failed with 0x%x, try # %d\n",
29783 			    SD_GET_PKT_STATUS(pkt), i);
29784 			mutex_enter(SD_MUTEX(un));
29785 			sd_reset_target(un, pkt);
29786 			mutex_exit(SD_MUTEX(un));
29787 		}
29788 
29789 		/*
29790 		 * If we are not getting anywhere with lun/target resets,
29791 		 * let's reset the bus.
29792 		 */
29793 		if (i > SD_NDUMP_RETRIES/2) {
29794 			(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
29795 			(void) sd_send_polled_RQS(un);
29796 		}
29797 
29798 	}
29799 	scsi_destroy_pkt(pkt);
29800 
29801 	if (err != 0) {
29802 		scsi_free_consistent_buf(bp);
29803 		*bpp = NULL;
29804 	} else {
29805 		*bpp = bp;
29806 	}
29807 
29808 done:
29809 	mutex_enter(SD_MUTEX(un));
29810 	return (err);
29811 }
29812 
29813 
29814 /*
29815  *    Function: sd_failfast_flushq
29816  *
29817  * Description: Take all bp's on the wait queue that have B_FAILFAST set
29818  *		in b_flags and move them onto the failfast queue, then kick
29819  *		off a thread to return all bp's on the failfast queue to
29820  *		their owners with an error set.
29821  *
29822  *   Arguments: un - pointer to the soft state struct for the instance.
29823  *
29824  *     Context: may execute in interrupt context.
29825  */
29826 
29827 static void
29828 sd_failfast_flushq(struct sd_lun *un)
29829 {
29830 	struct buf *bp;
29831 	struct buf *next_waitq_bp;
29832 	struct buf *prev_waitq_bp = NULL;
29833 
29834 	ASSERT(un != NULL);
29835 	ASSERT(mutex_owned(SD_MUTEX(un)));
29836 	ASSERT(un->un_failfast_state == SD_FAILFAST_ACTIVE);
29837 	ASSERT(un->un_failfast_bp == NULL);
29838 
29839 	SD_TRACE(SD_LOG_IO_FAILFAST, un,
29840 	    "sd_failfast_flushq: entry: un:0x%p\n", un);
29841 
29842 	/*
29843 	 * Check if we should flush all bufs when entering failfast state, or
29844 	 * just those with B_FAILFAST set.
29845 	 */
29846 	if (sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_BUFS) {
29847 		/*
29848 		 * Move *all* bp's on the wait queue to the failfast flush
29849 		 * queue, including those that do NOT have B_FAILFAST set.
29850 		 */
29851 		if (un->un_failfast_headp == NULL) {
29852 			ASSERT(un->un_failfast_tailp == NULL);
29853 			un->un_failfast_headp = un->un_waitq_headp;
29854 		} else {
29855 			ASSERT(un->un_failfast_tailp != NULL);
29856 			un->un_failfast_tailp->av_forw = un->un_waitq_headp;
29857 		}
29858 
29859 		un->un_failfast_tailp = un->un_waitq_tailp;
29860 
29861 		/* update kstat for each bp moved out of the waitq */
29862 		for (bp = un->un_waitq_headp; bp != NULL; bp = bp->av_forw) {
29863 			SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
29864 		}
29865 
29866 		/* empty the waitq */
29867 		un->un_waitq_headp = un->un_waitq_tailp = NULL;
29868 
29869 	} else {
29870 		/*
29871 		 * Go thru the wait queue, pick off all entries with
29872 		 * B_FAILFAST set, and move these onto the failfast queue.
29873 		 */
29874 		for (bp = un->un_waitq_headp; bp != NULL; bp = next_waitq_bp) {
29875 			/*
29876 			 * Save the pointer to the next bp on the wait queue,
29877 			 * so we get to it on the next iteration of this loop.
29878 			 */
29879 			next_waitq_bp = bp->av_forw;
29880 
29881 			/*
29882 			 * If this bp from the wait queue does NOT have
29883 			 * B_FAILFAST set, just move on to the next element
29884 			 * in the wait queue. Note, this is the only place
29885 			 * where it is correct to set prev_waitq_bp.
29886 			 */
29887 			if ((bp->b_flags & B_FAILFAST) == 0) {
29888 				prev_waitq_bp = bp;
29889 				continue;
29890 			}
29891 
29892 			/*
29893 			 * Remove the bp from the wait queue.
29894 			 */
29895 			if (bp == un->un_waitq_headp) {
29896 				/* The bp is the first element of the waitq. */
29897 				un->un_waitq_headp = next_waitq_bp;
29898 				if (un->un_waitq_headp == NULL) {
29899 					/* The wait queue is now empty */
29900 					un->un_waitq_tailp = NULL;
29901 				}
29902 			} else {
29903 				/*
29904 				 * The bp is either somewhere in the middle
29905 				 * or at the end of the wait queue.
29906 				 */
29907 				ASSERT(un->un_waitq_headp != NULL);
29908 				ASSERT(prev_waitq_bp != NULL);
29909 				ASSERT((prev_waitq_bp->b_flags & B_FAILFAST)
29910 				    == 0);
29911 				if (bp == un->un_waitq_tailp) {
29912 					/* bp is the last entry on the waitq. */
29913 					ASSERT(next_waitq_bp == NULL);
29914 					un->un_waitq_tailp = prev_waitq_bp;
29915 				}
29916 				prev_waitq_bp->av_forw = next_waitq_bp;
29917 			}
29918 			bp->av_forw = NULL;
29919 
29920 			/*
29921 			 * update kstat since the bp is moved out of
29922 			 * the waitq
29923 			 */
29924 			SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
29925 
29926 			/*
29927 			 * Now put the bp onto the failfast queue.
29928 			 */
29929 			if (un->un_failfast_headp == NULL) {
29930 				/* failfast queue is currently empty */
29931 				ASSERT(un->un_failfast_tailp == NULL);
29932 				un->un_failfast_headp =
29933 				    un->un_failfast_tailp = bp;
29934 			} else {
29935 				/* Add the bp to the end of the failfast q */
29936 				ASSERT(un->un_failfast_tailp != NULL);
29937 				ASSERT(un->un_failfast_tailp->b_flags &
29938 				    B_FAILFAST);
29939 				un->un_failfast_tailp->av_forw = bp;
29940 				un->un_failfast_tailp = bp;
29941 			}
29942 		}
29943 	}
29944 
29945 	/*
29946 	 * Now return all bp's on the failfast queue to their owners.
29947 	 */
29948 	while ((bp = un->un_failfast_headp) != NULL) {
29949 
29950 		un->un_failfast_headp = bp->av_forw;
29951 		if (un->un_failfast_headp == NULL) {
29952 			un->un_failfast_tailp = NULL;
29953 		}
29954 
29955 		/*
29956 		 * We want to return the bp with a failure error code, but
29957 		 * we do not want a call to sd_start_cmds() to occur here,
29958 		 * so use sd_return_failed_command_no_restart() instead of
29959 		 * sd_return_failed_command().
29960 		 */
29961 		sd_return_failed_command_no_restart(un, bp, EIO);
29962 	}
29963 
29964 	/* Flush the xbuf queues if required. */
29965 	if (sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_QUEUES) {
29966 		ddi_xbuf_flushq(un->un_xbuf_attr, sd_failfast_flushq_callback);
29967 	}
29968 
29969 	SD_TRACE(SD_LOG_IO_FAILFAST, un,
29970 	    "sd_failfast_flushq: exit: un:0x%p\n", un);
29971 }
29972 
29973 
29974 /*
29975  *    Function: sd_failfast_flushq_callback
29976  *
29977  * Description: Return TRUE if the given bp meets the criteria for failfast
29978  *		flushing. Used with ddi_xbuf_flushq(9F).
29979  *
29980  *   Arguments: bp - ptr to buf struct to be examined.
29981  *
29982  *     Context: Any
29983  */
29984 
29985 static int
29986 sd_failfast_flushq_callback(struct buf *bp)
29987 {
29988 	/*
29989 	 * Return TRUE if (1) we want to flush ALL bufs when the failfast
29990 	 * state is entered; OR (2) the given bp has B_FAILFAST set.
29991 	 */
29992 	return (((sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_BUFS) ||
29993 	    (bp->b_flags & B_FAILFAST)) ? TRUE : FALSE);
29994 }
29995 
29996 
29997 
29998 #if defined(__i386) || defined(__amd64)
29999 /*
30000  * Function: sd_setup_next_xfer
30001  *
30002  * Description: Prepare next I/O operation using DMA_PARTIAL
30003  *
30004  */
30005 
30006 static int
30007 sd_setup_next_xfer(struct sd_lun *un, struct buf *bp,
30008     struct scsi_pkt *pkt, struct sd_xbuf *xp)
30009 {
30010 	ssize_t	num_blks_not_xfered;
30011 	daddr_t	strt_blk_num;
30012 	ssize_t	bytes_not_xfered;
30013 	int	rval;
30014 
30015 	ASSERT(pkt->pkt_resid == 0);
30016 
30017 	/*
30018 	 * Calculate next block number and amount to be transferred.
30019 	 *
30020 	 * How much data NOT transfered to the HBA yet.
30021 	 */
30022 	bytes_not_xfered = xp->xb_dma_resid;
30023 
30024 	/*
30025 	 * figure how many blocks NOT transfered to the HBA yet.
30026 	 */
30027 	num_blks_not_xfered = SD_BYTES2TGTBLOCKS(un, bytes_not_xfered);
30028 
30029 	/*
30030 	 * set starting block number to the end of what WAS transfered.
30031 	 */
30032 	strt_blk_num = xp->xb_blkno +
30033 	    SD_BYTES2TGTBLOCKS(un, bp->b_bcount - bytes_not_xfered);
30034 
30035 	/*
30036 	 * Move pkt to the next portion of the xfer.  sd_setup_next_rw_pkt
30037 	 * will call scsi_initpkt with NULL_FUNC so we do not have to release
30038 	 * the disk mutex here.
30039 	 */
30040 	rval = sd_setup_next_rw_pkt(un, pkt, bp,
30041 	    strt_blk_num, num_blks_not_xfered);
30042 
30043 	if (rval == 0) {
30044 
30045 		/*
30046 		 * Success.
30047 		 *
30048 		 * Adjust things if there are still more blocks to be
30049 		 * transfered.
30050 		 */
30051 		xp->xb_dma_resid = pkt->pkt_resid;
30052 		pkt->pkt_resid = 0;
30053 
30054 		return (1);
30055 	}
30056 
30057 	/*
30058 	 * There's really only one possible return value from
30059 	 * sd_setup_next_rw_pkt which occurs when scsi_init_pkt
30060 	 * returns NULL.
30061 	 */
30062 	ASSERT(rval == SD_PKT_ALLOC_FAILURE);
30063 
30064 	bp->b_resid = bp->b_bcount;
30065 	bp->b_flags |= B_ERROR;
30066 
30067 	scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
30068 	    "Error setting up next portion of DMA transfer\n");
30069 
30070 	return (0);
30071 }
30072 #endif
30073 
30074 /*
30075  *    Function: sd_panic_for_res_conflict
30076  *
30077  * Description: Call panic with a string formated with "Reservation Conflict"
30078  *		and a human readable identifier indicating the SD instance
30079  *		that experienced the reservation conflict.
30080  *
30081  *   Arguments: un - pointer to the soft state struct for the instance.
30082  *
30083  *     Context: may execute in interrupt context.
30084  */
30085 
30086 #define	SD_RESV_CONFLICT_FMT_LEN 40
30087 void
30088 sd_panic_for_res_conflict(struct sd_lun *un)
30089 {
30090 	char panic_str[SD_RESV_CONFLICT_FMT_LEN+MAXPATHLEN];
30091 	char path_str[MAXPATHLEN];
30092 
30093 	(void) snprintf(panic_str, sizeof (panic_str),
30094 	    "Reservation Conflict\nDisk: %s",
30095 	    ddi_pathname(SD_DEVINFO(un), path_str));
30096 
30097 	panic(panic_str);
30098 }
30099 
30100 /*
30101  * Note: The following sd_faultinjection_ioctl( ) routines implement
30102  * driver support for handling fault injection for error analysis
30103  * causing faults in multiple layers of the driver.
30104  *
30105  */
30106 
30107 #ifdef SD_FAULT_INJECTION
30108 static uint_t   sd_fault_injection_on = 0;
30109 
30110 /*
30111  *    Function: sd_faultinjection_ioctl()
30112  *
30113  * Description: This routine is the driver entry point for handling
30114  *              faultinjection ioctls to inject errors into the
30115  *              layer model
30116  *
30117  *   Arguments: cmd	- the ioctl cmd recieved
30118  *		arg	- the arguments from user and returns
30119  */
30120 
30121 static void
30122 sd_faultinjection_ioctl(int cmd, intptr_t arg,  struct sd_lun *un) {
30123 
30124 	uint_t i;
30125 	uint_t rval;
30126 
30127 	SD_TRACE(SD_LOG_IOERR, un, "sd_faultinjection_ioctl: entry\n");
30128 
30129 	mutex_enter(SD_MUTEX(un));
30130 
30131 	switch (cmd) {
30132 	case SDIOCRUN:
30133 		/* Allow pushed faults to be injected */
30134 		SD_INFO(SD_LOG_SDTEST, un,
30135 		    "sd_faultinjection_ioctl: Injecting Fault Run\n");
30136 
30137 		sd_fault_injection_on = 1;
30138 
30139 		SD_INFO(SD_LOG_IOERR, un,
30140 		    "sd_faultinjection_ioctl: run finished\n");
30141 		break;
30142 
30143 	case SDIOCSTART:
30144 		/* Start Injection Session */
30145 		SD_INFO(SD_LOG_SDTEST, un,
30146 		    "sd_faultinjection_ioctl: Injecting Fault Start\n");
30147 
30148 		sd_fault_injection_on = 0;
30149 		un->sd_injection_mask = 0xFFFFFFFF;
30150 		for (i = 0; i < SD_FI_MAX_ERROR; i++) {
30151 			un->sd_fi_fifo_pkt[i] = NULL;
30152 			un->sd_fi_fifo_xb[i] = NULL;
30153 			un->sd_fi_fifo_un[i] = NULL;
30154 			un->sd_fi_fifo_arq[i] = NULL;
30155 		}
30156 		un->sd_fi_fifo_start = 0;
30157 		un->sd_fi_fifo_end = 0;
30158 
30159 		mutex_enter(&(un->un_fi_mutex));
30160 		un->sd_fi_log[0] = '\0';
30161 		un->sd_fi_buf_len = 0;
30162 		mutex_exit(&(un->un_fi_mutex));
30163 
30164 		SD_INFO(SD_LOG_IOERR, un,
30165 		    "sd_faultinjection_ioctl: start finished\n");
30166 		break;
30167 
30168 	case SDIOCSTOP:
30169 		/* Stop Injection Session */
30170 		SD_INFO(SD_LOG_SDTEST, un,
30171 		    "sd_faultinjection_ioctl: Injecting Fault Stop\n");
30172 		sd_fault_injection_on = 0;
30173 		un->sd_injection_mask = 0x0;
30174 
30175 		/* Empty stray or unuseds structs from fifo */
30176 		for (i = 0; i < SD_FI_MAX_ERROR; i++) {
30177 			if (un->sd_fi_fifo_pkt[i] != NULL) {
30178 				kmem_free(un->sd_fi_fifo_pkt[i],
30179 				    sizeof (struct sd_fi_pkt));
30180 			}
30181 			if (un->sd_fi_fifo_xb[i] != NULL) {
30182 				kmem_free(un->sd_fi_fifo_xb[i],
30183 				    sizeof (struct sd_fi_xb));
30184 			}
30185 			if (un->sd_fi_fifo_un[i] != NULL) {
30186 				kmem_free(un->sd_fi_fifo_un[i],
30187 				    sizeof (struct sd_fi_un));
30188 			}
30189 			if (un->sd_fi_fifo_arq[i] != NULL) {
30190 				kmem_free(un->sd_fi_fifo_arq[i],
30191 				    sizeof (struct sd_fi_arq));
30192 			}
30193 			un->sd_fi_fifo_pkt[i] = NULL;
30194 			un->sd_fi_fifo_un[i] = NULL;
30195 			un->sd_fi_fifo_xb[i] = NULL;
30196 			un->sd_fi_fifo_arq[i] = NULL;
30197 		}
30198 		un->sd_fi_fifo_start = 0;
30199 		un->sd_fi_fifo_end = 0;
30200 
30201 		SD_INFO(SD_LOG_IOERR, un,
30202 		    "sd_faultinjection_ioctl: stop finished\n");
30203 		break;
30204 
30205 	case SDIOCINSERTPKT:
30206 		/* Store a packet struct to be pushed onto fifo */
30207 		SD_INFO(SD_LOG_SDTEST, un,
30208 		    "sd_faultinjection_ioctl: Injecting Fault Insert Pkt\n");
30209 
30210 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30211 
30212 		sd_fault_injection_on = 0;
30213 
30214 		/* No more that SD_FI_MAX_ERROR allowed in Queue */
30215 		if (un->sd_fi_fifo_pkt[i] != NULL) {
30216 			kmem_free(un->sd_fi_fifo_pkt[i],
30217 			    sizeof (struct sd_fi_pkt));
30218 		}
30219 		if (arg != NULL) {
30220 			un->sd_fi_fifo_pkt[i] =
30221 			    kmem_alloc(sizeof (struct sd_fi_pkt), KM_NOSLEEP);
30222 			if (un->sd_fi_fifo_pkt[i] == NULL) {
30223 				/* Alloc failed don't store anything */
30224 				break;
30225 			}
30226 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_pkt[i],
30227 			    sizeof (struct sd_fi_pkt), 0);
30228 			if (rval == -1) {
30229 				kmem_free(un->sd_fi_fifo_pkt[i],
30230 				    sizeof (struct sd_fi_pkt));
30231 				un->sd_fi_fifo_pkt[i] = NULL;
30232 			}
30233 		} else {
30234 			SD_INFO(SD_LOG_IOERR, un,
30235 			    "sd_faultinjection_ioctl: pkt null\n");
30236 		}
30237 		break;
30238 
30239 	case SDIOCINSERTXB:
30240 		/* Store a xb struct to be pushed onto fifo */
30241 		SD_INFO(SD_LOG_SDTEST, un,
30242 		    "sd_faultinjection_ioctl: Injecting Fault Insert XB\n");
30243 
30244 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30245 
30246 		sd_fault_injection_on = 0;
30247 
30248 		if (un->sd_fi_fifo_xb[i] != NULL) {
30249 			kmem_free(un->sd_fi_fifo_xb[i],
30250 			    sizeof (struct sd_fi_xb));
30251 			un->sd_fi_fifo_xb[i] = NULL;
30252 		}
30253 		if (arg != NULL) {
30254 			un->sd_fi_fifo_xb[i] =
30255 			    kmem_alloc(sizeof (struct sd_fi_xb), KM_NOSLEEP);
30256 			if (un->sd_fi_fifo_xb[i] == NULL) {
30257 				/* Alloc failed don't store anything */
30258 				break;
30259 			}
30260 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_xb[i],
30261 			    sizeof (struct sd_fi_xb), 0);
30262 
30263 			if (rval == -1) {
30264 				kmem_free(un->sd_fi_fifo_xb[i],
30265 				    sizeof (struct sd_fi_xb));
30266 				un->sd_fi_fifo_xb[i] = NULL;
30267 			}
30268 		} else {
30269 			SD_INFO(SD_LOG_IOERR, un,
30270 			    "sd_faultinjection_ioctl: xb null\n");
30271 		}
30272 		break;
30273 
30274 	case SDIOCINSERTUN:
30275 		/* Store a un struct to be pushed onto fifo */
30276 		SD_INFO(SD_LOG_SDTEST, un,
30277 		    "sd_faultinjection_ioctl: Injecting Fault Insert UN\n");
30278 
30279 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30280 
30281 		sd_fault_injection_on = 0;
30282 
30283 		if (un->sd_fi_fifo_un[i] != NULL) {
30284 			kmem_free(un->sd_fi_fifo_un[i],
30285 			    sizeof (struct sd_fi_un));
30286 			un->sd_fi_fifo_un[i] = NULL;
30287 		}
30288 		if (arg != NULL) {
30289 			un->sd_fi_fifo_un[i] =
30290 			    kmem_alloc(sizeof (struct sd_fi_un), KM_NOSLEEP);
30291 			if (un->sd_fi_fifo_un[i] == NULL) {
30292 				/* Alloc failed don't store anything */
30293 				break;
30294 			}
30295 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_un[i],
30296 			    sizeof (struct sd_fi_un), 0);
30297 			if (rval == -1) {
30298 				kmem_free(un->sd_fi_fifo_un[i],
30299 				    sizeof (struct sd_fi_un));
30300 				un->sd_fi_fifo_un[i] = NULL;
30301 			}
30302 
30303 		} else {
30304 			SD_INFO(SD_LOG_IOERR, un,
30305 			    "sd_faultinjection_ioctl: un null\n");
30306 		}
30307 
30308 		break;
30309 
30310 	case SDIOCINSERTARQ:
30311 		/* Store a arq struct to be pushed onto fifo */
30312 		SD_INFO(SD_LOG_SDTEST, un,
30313 		    "sd_faultinjection_ioctl: Injecting Fault Insert ARQ\n");
30314 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30315 
30316 		sd_fault_injection_on = 0;
30317 
30318 		if (un->sd_fi_fifo_arq[i] != NULL) {
30319 			kmem_free(un->sd_fi_fifo_arq[i],
30320 			    sizeof (struct sd_fi_arq));
30321 			un->sd_fi_fifo_arq[i] = NULL;
30322 		}
30323 		if (arg != NULL) {
30324 			un->sd_fi_fifo_arq[i] =
30325 			    kmem_alloc(sizeof (struct sd_fi_arq), KM_NOSLEEP);
30326 			if (un->sd_fi_fifo_arq[i] == NULL) {
30327 				/* Alloc failed don't store anything */
30328 				break;
30329 			}
30330 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_arq[i],
30331 			    sizeof (struct sd_fi_arq), 0);
30332 			if (rval == -1) {
30333 				kmem_free(un->sd_fi_fifo_arq[i],
30334 				    sizeof (struct sd_fi_arq));
30335 				un->sd_fi_fifo_arq[i] = NULL;
30336 			}
30337 
30338 		} else {
30339 			SD_INFO(SD_LOG_IOERR, un,
30340 			    "sd_faultinjection_ioctl: arq null\n");
30341 		}
30342 
30343 		break;
30344 
30345 	case SDIOCPUSH:
30346 		/* Push stored xb, pkt, un, and arq onto fifo */
30347 		sd_fault_injection_on = 0;
30348 
30349 		if (arg != NULL) {
30350 			rval = ddi_copyin((void *)arg, &i, sizeof (uint_t), 0);
30351 			if (rval != -1 &&
30352 			    un->sd_fi_fifo_end + i < SD_FI_MAX_ERROR) {
30353 				un->sd_fi_fifo_end += i;
30354 			}
30355 		} else {
30356 			SD_INFO(SD_LOG_IOERR, un,
30357 			    "sd_faultinjection_ioctl: push arg null\n");
30358 			if (un->sd_fi_fifo_end + i < SD_FI_MAX_ERROR) {
30359 				un->sd_fi_fifo_end++;
30360 			}
30361 		}
30362 		SD_INFO(SD_LOG_IOERR, un,
30363 		    "sd_faultinjection_ioctl: push to end=%d\n",
30364 		    un->sd_fi_fifo_end);
30365 		break;
30366 
30367 	case SDIOCRETRIEVE:
30368 		/* Return buffer of log from Injection session */
30369 		SD_INFO(SD_LOG_SDTEST, un,
30370 		    "sd_faultinjection_ioctl: Injecting Fault Retreive");
30371 
30372 		sd_fault_injection_on = 0;
30373 
30374 		mutex_enter(&(un->un_fi_mutex));
30375 		rval = ddi_copyout(un->sd_fi_log, (void *)arg,
30376 		    un->sd_fi_buf_len+1, 0);
30377 		mutex_exit(&(un->un_fi_mutex));
30378 
30379 		if (rval == -1) {
30380 			/*
30381 			 * arg is possibly invalid setting
30382 			 * it to NULL for return
30383 			 */
30384 			arg = NULL;
30385 		}
30386 		break;
30387 	}
30388 
30389 	mutex_exit(SD_MUTEX(un));
30390 	SD_TRACE(SD_LOG_IOERR, un, "sd_faultinjection_ioctl:"
30391 			    " exit\n");
30392 }
30393 
30394 
30395 /*
30396  *    Function: sd_injection_log()
30397  *
30398  * Description: This routine adds buff to the already existing injection log
30399  *              for retrieval via faultinjection_ioctl for use in fault
30400  *              detection and recovery
30401  *
30402  *   Arguments: buf - the string to add to the log
30403  */
30404 
30405 static void
30406 sd_injection_log(char *buf, struct sd_lun *un)
30407 {
30408 	uint_t len;
30409 
30410 	ASSERT(un != NULL);
30411 	ASSERT(buf != NULL);
30412 
30413 	mutex_enter(&(un->un_fi_mutex));
30414 
30415 	len = min(strlen(buf), 255);
30416 	/* Add logged value to Injection log to be returned later */
30417 	if (len + un->sd_fi_buf_len < SD_FI_MAX_BUF) {
30418 		uint_t	offset = strlen((char *)un->sd_fi_log);
30419 		char *destp = (char *)un->sd_fi_log + offset;
30420 		int i;
30421 		for (i = 0; i < len; i++) {
30422 			*destp++ = *buf++;
30423 		}
30424 		un->sd_fi_buf_len += len;
30425 		un->sd_fi_log[un->sd_fi_buf_len] = '\0';
30426 	}
30427 
30428 	mutex_exit(&(un->un_fi_mutex));
30429 }
30430 
30431 
30432 /*
30433  *    Function: sd_faultinjection()
30434  *
30435  * Description: This routine takes the pkt and changes its
30436  *		content based on error injection scenerio.
30437  *
30438  *   Arguments: pktp	- packet to be changed
30439  */
30440 
30441 static void
30442 sd_faultinjection(struct scsi_pkt *pktp)
30443 {
30444 	uint_t i;
30445 	struct sd_fi_pkt *fi_pkt;
30446 	struct sd_fi_xb *fi_xb;
30447 	struct sd_fi_un *fi_un;
30448 	struct sd_fi_arq *fi_arq;
30449 	struct buf *bp;
30450 	struct sd_xbuf *xb;
30451 	struct sd_lun *un;
30452 
30453 	ASSERT(pktp != NULL);
30454 
30455 	/* pull bp xb and un from pktp */
30456 	bp = (struct buf *)pktp->pkt_private;
30457 	xb = SD_GET_XBUF(bp);
30458 	un = SD_GET_UN(bp);
30459 
30460 	ASSERT(un != NULL);
30461 
30462 	mutex_enter(SD_MUTEX(un));
30463 
30464 	SD_TRACE(SD_LOG_SDTEST, un,
30465 	    "sd_faultinjection: entry Injection from sdintr\n");
30466 
30467 	/* if injection is off return */
30468 	if (sd_fault_injection_on == 0 ||
30469 		un->sd_fi_fifo_start == un->sd_fi_fifo_end) {
30470 		mutex_exit(SD_MUTEX(un));
30471 		return;
30472 	}
30473 
30474 
30475 	/* take next set off fifo */
30476 	i = un->sd_fi_fifo_start % SD_FI_MAX_ERROR;
30477 
30478 	fi_pkt = un->sd_fi_fifo_pkt[i];
30479 	fi_xb = un->sd_fi_fifo_xb[i];
30480 	fi_un = un->sd_fi_fifo_un[i];
30481 	fi_arq = un->sd_fi_fifo_arq[i];
30482 
30483 
30484 	/* set variables accordingly */
30485 	/* set pkt if it was on fifo */
30486 	if (fi_pkt != NULL) {
30487 		SD_CONDSET(pktp, pkt, pkt_flags, "pkt_flags");
30488 		SD_CONDSET(*pktp, pkt, pkt_scbp, "pkt_scbp");
30489 		SD_CONDSET(*pktp, pkt, pkt_cdbp, "pkt_cdbp");
30490 		SD_CONDSET(pktp, pkt, pkt_state, "pkt_state");
30491 		SD_CONDSET(pktp, pkt, pkt_statistics, "pkt_statistics");
30492 		SD_CONDSET(pktp, pkt, pkt_reason, "pkt_reason");
30493 
30494 	}
30495 
30496 	/* set xb if it was on fifo */
30497 	if (fi_xb != NULL) {
30498 		SD_CONDSET(xb, xb, xb_blkno, "xb_blkno");
30499 		SD_CONDSET(xb, xb, xb_dma_resid, "xb_dma_resid");
30500 		SD_CONDSET(xb, xb, xb_retry_count, "xb_retry_count");
30501 		SD_CONDSET(xb, xb, xb_victim_retry_count,
30502 		    "xb_victim_retry_count");
30503 		SD_CONDSET(xb, xb, xb_sense_status, "xb_sense_status");
30504 		SD_CONDSET(xb, xb, xb_sense_state, "xb_sense_state");
30505 		SD_CONDSET(xb, xb, xb_sense_resid, "xb_sense_resid");
30506 
30507 		/* copy in block data from sense */
30508 		if (fi_xb->xb_sense_data[0] != -1) {
30509 			bcopy(fi_xb->xb_sense_data, xb->xb_sense_data,
30510 			    SENSE_LENGTH);
30511 		}
30512 
30513 		/* copy in extended sense codes */
30514 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_code,
30515 		    "es_code");
30516 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_key,
30517 		    "es_key");
30518 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_add_code,
30519 		    "es_add_code");
30520 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb,
30521 		    es_qual_code, "es_qual_code");
30522 	}
30523 
30524 	/* set un if it was on fifo */
30525 	if (fi_un != NULL) {
30526 		SD_CONDSET(un->un_sd->sd_inq, un, inq_rmb, "inq_rmb");
30527 		SD_CONDSET(un, un, un_ctype, "un_ctype");
30528 		SD_CONDSET(un, un, un_reset_retry_count,
30529 		    "un_reset_retry_count");
30530 		SD_CONDSET(un, un, un_reservation_type, "un_reservation_type");
30531 		SD_CONDSET(un, un, un_resvd_status, "un_resvd_status");
30532 		SD_CONDSET(un, un, un_f_arq_enabled, "un_f_arq_enabled");
30533 		SD_CONDSET(un, un, un_f_geometry_is_valid,
30534 		    "un_f_geometry_is_valid");
30535 		SD_CONDSET(un, un, un_f_allow_bus_device_reset,
30536 		    "un_f_allow_bus_device_reset");
30537 		SD_CONDSET(un, un, un_f_opt_queueing, "un_f_opt_queueing");
30538 
30539 	}
30540 
30541 	/* copy in auto request sense if it was on fifo */
30542 	if (fi_arq != NULL) {
30543 		bcopy(fi_arq, pktp->pkt_scbp, sizeof (struct sd_fi_arq));
30544 	}
30545 
30546 	/* free structs */
30547 	if (un->sd_fi_fifo_pkt[i] != NULL) {
30548 		kmem_free(un->sd_fi_fifo_pkt[i], sizeof (struct sd_fi_pkt));
30549 	}
30550 	if (un->sd_fi_fifo_xb[i] != NULL) {
30551 		kmem_free(un->sd_fi_fifo_xb[i], sizeof (struct sd_fi_xb));
30552 	}
30553 	if (un->sd_fi_fifo_un[i] != NULL) {
30554 		kmem_free(un->sd_fi_fifo_un[i], sizeof (struct sd_fi_un));
30555 	}
30556 	if (un->sd_fi_fifo_arq[i] != NULL) {
30557 		kmem_free(un->sd_fi_fifo_arq[i], sizeof (struct sd_fi_arq));
30558 	}
30559 
30560 	/*
30561 	 * kmem_free does not gurantee to set to NULL
30562 	 * since we uses these to determine if we set
30563 	 * values or not lets confirm they are always
30564 	 * NULL after free
30565 	 */
30566 	un->sd_fi_fifo_pkt[i] = NULL;
30567 	un->sd_fi_fifo_un[i] = NULL;
30568 	un->sd_fi_fifo_xb[i] = NULL;
30569 	un->sd_fi_fifo_arq[i] = NULL;
30570 
30571 	un->sd_fi_fifo_start++;
30572 
30573 	mutex_exit(SD_MUTEX(un));
30574 
30575 	SD_TRACE(SD_LOG_SDTEST, un, "sd_faultinjection: exit\n");
30576 }
30577 
30578 #endif /* SD_FAULT_INJECTION */
30579 
30580 /*
30581  * This routine is invoked in sd_unit_attach(). Before calling it, the
30582  * properties in conf file should be processed already, and "hotpluggable"
30583  * property was processed also.
30584  *
30585  * The sd driver distinguishes 3 different type of devices: removable media,
30586  * non-removable media, and hotpluggable. Below the differences are defined:
30587  *
30588  * 1. Device ID
30589  *
30590  *     The device ID of a device is used to identify this device. Refer to
30591  *     ddi_devid_register(9F).
30592  *
30593  *     For a non-removable media disk device which can provide 0x80 or 0x83
30594  *     VPD page (refer to INQUIRY command of SCSI SPC specification), a unique
30595  *     device ID is created to identify this device. For other non-removable
30596  *     media devices, a default device ID is created only if this device has
30597  *     at least 2 alter cylinders. Otherwise, this device has no devid.
30598  *
30599  *     -------------------------------------------------------
30600  *     removable media   hotpluggable  | Can Have Device ID
30601  *     -------------------------------------------------------
30602  *         false             false     |     Yes
30603  *         false             true      |     Yes
30604  *         true                x       |     No
30605  *     ------------------------------------------------------
30606  *
30607  *
30608  * 2. SCSI group 4 commands
30609  *
30610  *     In SCSI specs, only some commands in group 4 command set can use
30611  *     8-byte addresses that can be used to access >2TB storage spaces.
30612  *     Other commands have no such capability. Without supporting group4,
30613  *     it is impossible to make full use of storage spaces of a disk with
30614  *     capacity larger than 2TB.
30615  *
30616  *     -----------------------------------------------
30617  *     removable media   hotpluggable   LP64  |  Group
30618  *     -----------------------------------------------
30619  *           false          false       false |   1
30620  *           false          false       true  |   4
30621  *           false          true        false |   1
30622  *           false          true        true  |   4
30623  *           true             x           x   |   5
30624  *     -----------------------------------------------
30625  *
30626  *
30627  * 3. Check for VTOC Label
30628  *
30629  *     If a direct-access disk has no EFI label, sd will check if it has a
30630  *     valid VTOC label. Now, sd also does that check for removable media
30631  *     and hotpluggable devices.
30632  *
30633  *     --------------------------------------------------------------
30634  *     Direct-Access   removable media    hotpluggable |  Check Label
30635  *     -------------------------------------------------------------
30636  *         false          false           false        |   No
30637  *         false          false           true         |   No
30638  *         false          true            false        |   Yes
30639  *         false          true            true         |   Yes
30640  *         true            x                x          |   Yes
30641  *     --------------------------------------------------------------
30642  *
30643  *
30644  * 4. Building default VTOC label
30645  *
30646  *     As section 3 says, sd checks if some kinds of devices have VTOC label.
30647  *     If those devices have no valid VTOC label, sd(7d) will attempt to
30648  *     create default VTOC for them. Currently sd creates default VTOC label
30649  *     for all devices on x86 platform (VTOC_16), but only for removable
30650  *     media devices on SPARC (VTOC_8).
30651  *
30652  *     -----------------------------------------------------------
30653  *       removable media hotpluggable platform   |   Default Label
30654  *     -----------------------------------------------------------
30655  *             false          false    sparc     |     No
30656  *             false          true      x86      |     Yes
30657  *             false          true     sparc     |     Yes
30658  *             true             x        x       |     Yes
30659  *     ----------------------------------------------------------
30660  *
30661  *
30662  * 5. Supported blocksizes of target devices
30663  *
30664  *     Sd supports non-512-byte blocksize for removable media devices only.
30665  *     For other devices, only 512-byte blocksize is supported. This may be
30666  *     changed in near future because some RAID devices require non-512-byte
30667  *     blocksize
30668  *
30669  *     -----------------------------------------------------------
30670  *     removable media    hotpluggable    | non-512-byte blocksize
30671  *     -----------------------------------------------------------
30672  *           false          false         |   No
30673  *           false          true          |   No
30674  *           true             x           |   Yes
30675  *     -----------------------------------------------------------
30676  *
30677  *
30678  * 6. Automatic mount & unmount (i.e. vold)
30679  *
30680  *     Sd(7d) driver provides DKIOCREMOVABLE ioctl. This ioctl is used to query
30681  *     if a device is removable media device. It return 1 for removable media
30682  *     devices, and 0 for others.
30683  *
30684  *     Vold treats a device as removable one only if DKIOREMOVABLE returns 1.
30685  *     And it does automounting only for removable media devices. In order to
30686  *     preserve users' experience and let vold continue to do automounting for
30687  *     USB disk devices, DKIOCREMOVABLE ioctl still returns 1 for USB/1394 disk
30688  *     devices.
30689  *
30690  *      ------------------------------------------------------
30691  *       removable media    hotpluggable   |  automatic mount
30692  *      ------------------------------------------------------
30693  *             false          false        |   No
30694  *             false          true         |   Yes
30695  *             true             x          |   Yes
30696  *      ------------------------------------------------------
30697  *
30698  *
30699  * 7. fdisk partition management
30700  *
30701  *     Fdisk is traditional partition method on x86 platform. Sd(7d) driver
30702  *     just supports fdisk partitions on x86 platform. On sparc platform, sd
30703  *     doesn't support fdisk partitions at all. Note: pcfs(7fs) can recognize
30704  *     fdisk partitions on both x86 and SPARC platform.
30705  *
30706  *     -----------------------------------------------------------
30707  *       platform   removable media  USB/1394  |  fdisk supported
30708  *     -----------------------------------------------------------
30709  *        x86         X               X        |       true
30710  *     ------------------------------------------------------------
30711  *        sparc       X               X        |       false
30712  *     ------------------------------------------------------------
30713  *
30714  *
30715  * 8. MBOOT/MBR
30716  *
30717  *     Although sd(7d) doesn't support fdisk on SPARC platform, it does support
30718  *     read/write mboot for removable media devices on sparc platform.
30719  *
30720  *     -----------------------------------------------------------
30721  *       platform   removable media  USB/1394  |  mboot supported
30722  *     -----------------------------------------------------------
30723  *        x86         X               X        |       true
30724  *     ------------------------------------------------------------
30725  *        sparc      false           false     |       false
30726  *        sparc      false           true      |       true
30727  *        sparc      true            false     |       true
30728  *        sparc      true            true      |       true
30729  *     ------------------------------------------------------------
30730  *
30731  *
30732  * 9.  error handling during opening device
30733  *
30734  *     If failed to open a disk device, an errno is returned. For some kinds
30735  *     of errors, different errno is returned depending on if this device is
30736  *     a removable media device. This brings USB/1394 hard disks in line with
30737  *     expected hard disk behavior. It is not expected that this breaks any
30738  *     application.
30739  *
30740  *     ------------------------------------------------------
30741  *       removable media    hotpluggable   |  errno
30742  *     ------------------------------------------------------
30743  *             false          false        |   EIO
30744  *             false          true         |   EIO
30745  *             true             x          |   ENXIO
30746  *     ------------------------------------------------------
30747  *
30748  *
30749  * 10. off-by-1 workaround (bug 1175930, and 4996920) (x86 only)
30750  *
30751  *     [ this is a bit of very ugly history, soon to be removed ]
30752  *
30753  *     SCSI READ_CAPACITY command returns the last valid logical block number
30754  *     which starts from 0. So real capacity is larger than the returned
30755  *     value by 1. However, because scdk.c (which was EOL'ed) directly used
30756  *     the logical block number as capacity of disk devices, off-by-1 work-
30757  *     around was applied. This workaround causes fixed SCSI disk to loss a
30758  *     sector on x86 platform, and precludes exchanging fixed hard disks
30759  *     between sparc and x86.
30760  *
30761  *     ------------------------------------------------------
30762  *       removable media    hotplug        |   Off-by-1 works
30763  *     -------------------------------------------------------
30764  *             false          false        |     Yes
30765  *             false          true         |     No
30766  *             true           false        |     No
30767  *             true           true         |     No
30768  *     ------------------------------------------------------
30769  *
30770  *
30771  * 11. ioctls: DKIOCEJECT, CDROMEJECT
30772  *
30773  *     These IOCTLs are applicable only to removable media devices.
30774  *
30775  *     -----------------------------------------------------------
30776  *       removable media    hotpluggable   |DKIOCEJECT, CDROMEJECT
30777  *     -----------------------------------------------------------
30778  *             false          false        |     No
30779  *             false          true         |     No
30780  *             true            x           |     Yes
30781  *     -----------------------------------------------------------
30782  *
30783  *
30784  * 12. Kstats for partitions
30785  *
30786  *     sd creates partition kstat for non-removable media devices. USB and
30787  *     Firewire hard disks now have partition kstats
30788  *
30789  *      ------------------------------------------------------
30790  *       removable media    hotplugable    |   kstat
30791  *      ------------------------------------------------------
30792  *             false          false        |    Yes
30793  *             false          true         |    Yes
30794  *             true             x          |    No
30795  *       ------------------------------------------------------
30796  *
30797  *
30798  * 13. Removable media & hotpluggable properties
30799  *
30800  *     Sd driver creates a "removable-media" property for removable media
30801  *     devices. Parent nexus drivers create a "hotpluggable" property if
30802  *     it supports hotplugging.
30803  *
30804  *     ---------------------------------------------------------------------
30805  *     removable media   hotpluggable |  "removable-media"   " hotpluggable"
30806  *     ---------------------------------------------------------------------
30807  *       false            false       |    No                   No
30808  *       false            true        |    No                   Yes
30809  *       true             false       |    Yes                  No
30810  *       true             true        |    Yes                  Yes
30811  *     ---------------------------------------------------------------------
30812  *
30813  *
30814  * 14. Power Management
30815  *
30816  *     sd only power manages removable media devices or devices that support
30817  *     LOG_SENSE or have a "pm-capable" property  (PSARC/2002/250)
30818  *
30819  *     A parent nexus that supports hotplugging can also set "pm-capable"
30820  *     if the disk can be power managed.
30821  *
30822  *     ------------------------------------------------------------
30823  *       removable media hotpluggable pm-capable  |   power manage
30824  *     ------------------------------------------------------------
30825  *             false          false     false     |     No
30826  *             false          false     true      |     Yes
30827  *             false          true      false     |     No
30828  *             false          true      true      |     Yes
30829  *             true             x        x        |     Yes
30830  *     ------------------------------------------------------------
30831  *
30832  *      USB and firewire hard disks can now be power managed independently
30833  *      of the framebuffer
30834  *
30835  *
30836  * 15. Support for USB disks with capacity larger than 1TB
30837  *
30838  *     Currently, sd doesn't permit a fixed disk device with capacity
30839  *     larger than 1TB to be used in a 32-bit operating system environment.
30840  *     However, sd doesn't do that for removable media devices. Instead, it
30841  *     assumes that removable media devices cannot have a capacity larger
30842  *     than 1TB. Therefore, using those devices on 32-bit system is partially
30843  *     supported, which can cause some unexpected results.
30844  *
30845  *     ---------------------------------------------------------------------
30846  *       removable media    USB/1394 | Capacity > 1TB |   Used in 32-bit env
30847  *     ---------------------------------------------------------------------
30848  *             false          false  |   true         |     no
30849  *             false          true   |   true         |     no
30850  *             true           false  |   true         |     Yes
30851  *             true           true   |   true         |     Yes
30852  *     ---------------------------------------------------------------------
30853  *
30854  *
30855  * 16. Check write-protection at open time
30856  *
30857  *     When a removable media device is being opened for writing without NDELAY
30858  *     flag, sd will check if this device is writable. If attempting to open
30859  *     without NDELAY flag a write-protected device, this operation will abort.
30860  *
30861  *     ------------------------------------------------------------
30862  *       removable media    USB/1394   |   WP Check
30863  *     ------------------------------------------------------------
30864  *             false          false    |     No
30865  *             false          true     |     No
30866  *             true           false    |     Yes
30867  *             true           true     |     Yes
30868  *     ------------------------------------------------------------
30869  *
30870  *
30871  * 17. syslog when corrupted VTOC is encountered
30872  *
30873  *      Currently, if an invalid VTOC is encountered, sd only print syslog
30874  *      for fixed SCSI disks.
30875  *     ------------------------------------------------------------
30876  *       removable media    USB/1394   |   print syslog
30877  *     ------------------------------------------------------------
30878  *             false          false    |     Yes
30879  *             false          true     |     No
30880  *             true           false    |     No
30881  *             true           true     |     No
30882  *     ------------------------------------------------------------
30883  */
30884 static void
30885 sd_set_unit_attributes(struct sd_lun *un, dev_info_t *devi)
30886 {
30887 	int	pm_capable_prop;
30888 
30889 	ASSERT(un->un_sd);
30890 	ASSERT(un->un_sd->sd_inq);
30891 
30892 #if defined(_SUNOS_VTOC_16)
30893 	/*
30894 	 * For VTOC_16 devices, the default label will be created for all
30895 	 * devices. (see sd_build_default_label)
30896 	 */
30897 	un->un_f_default_vtoc_supported = TRUE;
30898 #endif
30899 
30900 	if (un->un_sd->sd_inq->inq_rmb) {
30901 		/*
30902 		 * The media of this device is removable. And for this kind
30903 		 * of devices, it is possible to change medium after openning
30904 		 * devices. Thus we should support this operation.
30905 		 */
30906 		un->un_f_has_removable_media = TRUE;
30907 
30908 #if defined(_SUNOS_VTOC_8)
30909 		/*
30910 		 * Note: currently, for VTOC_8 devices, default label is
30911 		 * created for removable and hotpluggable devices only.
30912 		 */
30913 		un->un_f_default_vtoc_supported = TRUE;
30914 #endif
30915 		/*
30916 		 * support non-512-byte blocksize of removable media devices
30917 		 */
30918 		un->un_f_non_devbsize_supported = TRUE;
30919 
30920 		/*
30921 		 * Assume that all removable media devices support DOOR_LOCK
30922 		 */
30923 		un->un_f_doorlock_supported = TRUE;
30924 
30925 		/*
30926 		 * For a removable media device, it is possible to be opened
30927 		 * with NDELAY flag when there is no media in drive, in this
30928 		 * case we don't care if device is writable. But if without
30929 		 * NDELAY flag, we need to check if media is write-protected.
30930 		 */
30931 		un->un_f_chk_wp_open = TRUE;
30932 
30933 		/*
30934 		 * need to start a SCSI watch thread to monitor media state,
30935 		 * when media is being inserted or ejected, notify syseventd.
30936 		 */
30937 		un->un_f_monitor_media_state = TRUE;
30938 
30939 		/*
30940 		 * Some devices don't support START_STOP_UNIT command.
30941 		 * Therefore, we'd better check if a device supports it
30942 		 * before sending it.
30943 		 */
30944 		un->un_f_check_start_stop = TRUE;
30945 
30946 		/*
30947 		 * support eject media ioctl:
30948 		 *		FDEJECT, DKIOCEJECT, CDROMEJECT
30949 		 */
30950 		un->un_f_eject_media_supported = TRUE;
30951 
30952 		/*
30953 		 * Because many removable-media devices don't support
30954 		 * LOG_SENSE, we couldn't use this command to check if
30955 		 * a removable media device support power-management.
30956 		 * We assume that they support power-management via
30957 		 * START_STOP_UNIT command and can be spun up and down
30958 		 * without limitations.
30959 		 */
30960 		un->un_f_pm_supported = TRUE;
30961 
30962 		/*
30963 		 * Need to create a zero length (Boolean) property
30964 		 * removable-media for the removable media devices.
30965 		 * Note that the return value of the property is not being
30966 		 * checked, since if unable to create the property
30967 		 * then do not want the attach to fail altogether. Consistent
30968 		 * with other property creation in attach.
30969 		 */
30970 		(void) ddi_prop_create(DDI_DEV_T_NONE, devi,
30971 		    DDI_PROP_CANSLEEP, "removable-media", NULL, 0);
30972 
30973 	} else {
30974 		/*
30975 		 * create device ID for device
30976 		 */
30977 		un->un_f_devid_supported = TRUE;
30978 
30979 		/*
30980 		 * Spin up non-removable-media devices once it is attached
30981 		 */
30982 		un->un_f_attach_spinup = TRUE;
30983 
30984 		/*
30985 		 * According to SCSI specification, Sense data has two kinds of
30986 		 * format: fixed format, and descriptor format. At present, we
30987 		 * don't support descriptor format sense data for removable
30988 		 * media.
30989 		 */
30990 		if (SD_INQUIRY(un)->inq_dtype == DTYPE_DIRECT) {
30991 			un->un_f_descr_format_supported = TRUE;
30992 		}
30993 
30994 		/*
30995 		 * kstats are created only for non-removable media devices.
30996 		 *
30997 		 * Set this in sd.conf to 0 in order to disable kstats.  The
30998 		 * default is 1, so they are enabled by default.
30999 		 */
31000 		un->un_f_pkstats_enabled = (ddi_prop_get_int(DDI_DEV_T_ANY,
31001 		    SD_DEVINFO(un), DDI_PROP_DONTPASS,
31002 			"enable-partition-kstats", 1));
31003 
31004 		/*
31005 		 * Check if HBA has set the "pm-capable" property.
31006 		 * If "pm-capable" exists and is non-zero then we can
31007 		 * power manage the device without checking the start/stop
31008 		 * cycle count log sense page.
31009 		 *
31010 		 * If "pm-capable" exists and is SD_PM_CAPABLE_FALSE (0)
31011 		 * then we should not power manage the device.
31012 		 *
31013 		 * If "pm-capable" doesn't exist then pm_capable_prop will
31014 		 * be set to SD_PM_CAPABLE_UNDEFINED (-1).  In this case,
31015 		 * sd will check the start/stop cycle count log sense page
31016 		 * and power manage the device if the cycle count limit has
31017 		 * not been exceeded.
31018 		 */
31019 		pm_capable_prop = ddi_prop_get_int(DDI_DEV_T_ANY, devi,
31020 		    DDI_PROP_DONTPASS, "pm-capable", SD_PM_CAPABLE_UNDEFINED);
31021 		if (pm_capable_prop == SD_PM_CAPABLE_UNDEFINED) {
31022 			un->un_f_log_sense_supported = TRUE;
31023 		} else {
31024 			/*
31025 			 * pm-capable property exists.
31026 			 *
31027 			 * Convert "TRUE" values for pm_capable_prop to
31028 			 * SD_PM_CAPABLE_TRUE (1) to make it easier to check
31029 			 * later. "TRUE" values are any values except
31030 			 * SD_PM_CAPABLE_FALSE (0) and
31031 			 * SD_PM_CAPABLE_UNDEFINED (-1)
31032 			 */
31033 			if (pm_capable_prop == SD_PM_CAPABLE_FALSE) {
31034 				un->un_f_log_sense_supported = FALSE;
31035 			} else {
31036 				un->un_f_pm_supported = TRUE;
31037 			}
31038 
31039 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
31040 			    "sd_unit_attach: un:0x%p pm-capable "
31041 			    "property set to %d.\n", un, un->un_f_pm_supported);
31042 		}
31043 	}
31044 
31045 	if (un->un_f_is_hotpluggable) {
31046 #if defined(_SUNOS_VTOC_8)
31047 		/*
31048 		 * Note: currently, for VTOC_8 devices, default label is
31049 		 * created for removable and hotpluggable devices only.
31050 		 */
31051 		un->un_f_default_vtoc_supported = TRUE;
31052 #endif
31053 
31054 		/*
31055 		 * Temporarily, let hotpluggable devices pretend to be
31056 		 * removable-media devices for vold.
31057 		 */
31058 		un->un_f_monitor_media_state = TRUE;
31059 
31060 		un->un_f_check_start_stop = TRUE;
31061 
31062 	}
31063 
31064 	/*
31065 	 * By default, only DIRECT ACCESS devices and CDs will have Sun
31066 	 * labels.
31067 	 */
31068 	if ((SD_INQUIRY(un)->inq_dtype == DTYPE_DIRECT) ||
31069 	    (un->un_sd->sd_inq->inq_rmb)) {
31070 		/*
31071 		 * Direct access devices have disk label
31072 		 */
31073 		un->un_f_vtoc_label_supported = TRUE;
31074 	}
31075 
31076 	/*
31077 	 * Fdisk partitions are supported for all direct access devices on
31078 	 * x86 platform, and just for removable media and hotpluggable
31079 	 * devices on SPARC platform. Later, we will set the following flag
31080 	 * to FALSE if current device is not removable media or hotpluggable
31081 	 * device and if sd works on SAPRC platform.
31082 	 */
31083 	if (SD_INQUIRY(un)->inq_dtype == DTYPE_DIRECT) {
31084 		un->un_f_mboot_supported = TRUE;
31085 	}
31086 
31087 	if (!un->un_f_is_hotpluggable &&
31088 	    !un->un_sd->sd_inq->inq_rmb) {
31089 
31090 #if defined(_SUNOS_VTOC_8)
31091 		/*
31092 		 * Don't support fdisk on fixed disk
31093 		 */
31094 		un->un_f_mboot_supported = FALSE;
31095 #endif
31096 
31097 		/*
31098 		 * Fixed disk support SYNC CACHE
31099 		 */
31100 		un->un_f_sync_cache_supported = TRUE;
31101 
31102 		/*
31103 		 * For fixed disk, if its VTOC is not valid, we will write
31104 		 * errlog into system log
31105 		 */
31106 		if (un->un_f_vtoc_label_supported)
31107 			un->un_f_vtoc_errlog_supported = TRUE;
31108 	}
31109 }
31110