xref: /illumos-gate/usr/src/uts/common/io/scsi/targets/sd.c (revision 4bc0a2ef) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * SCSI disk target driver.
31  */
32 
33 #include <sys/scsi/scsi.h>
34 #include <sys/dkbad.h>
35 #include <sys/dklabel.h>
36 #include <sys/dkio.h>
37 #include <sys/fdio.h>
38 #include <sys/cdio.h>
39 #include <sys/mhd.h>
40 #include <sys/vtoc.h>
41 #include <sys/dktp/fdisk.h>
42 #include <sys/file.h>
43 #include <sys/stat.h>
44 #include <sys/kstat.h>
45 #include <sys/vtrace.h>
46 #include <sys/note.h>
47 #include <sys/thread.h>
48 #include <sys/proc.h>
49 #include <sys/efi_partition.h>
50 #include <sys/var.h>
51 #include <sys/aio_req.h>
52 #if (defined(__fibre))
53 /* Note: is there a leadville version of the following? */
54 #include <sys/fc4/fcal_linkapp.h>
55 #endif
56 #include <sys/taskq.h>
57 #include <sys/uuid.h>
58 #include <sys/byteorder.h>
59 #include <sys/sdt.h>
60 
61 #include "sd_xbuf.h"
62 
63 #include <sys/scsi/targets/sddef.h>
64 
65 
66 /*
67  * Loadable module info.
68  */
69 #if (defined(__fibre))
70 #define	SD_MODULE_NAME	"SCSI SSA/FCAL Disk Driver 1.471"
71 char _depends_on[]	= "misc/scsi drv/fcp";
72 #else
73 #define	SD_MODULE_NAME	"SCSI Disk Driver 1.471"
74 char _depends_on[]	= "misc/scsi";
75 #endif
76 
77 /*
78  * Define the interconnect type, to allow the driver to distinguish
79  * between parallel SCSI (sd) and fibre channel (ssd) behaviors.
80  *
81  * This is really for backward compatability. In the future, the driver
82  * should actually check the "interconnect-type" property as reported by
83  * the HBA; however at present this property is not defined by all HBAs,
84  * so we will use this #define (1) to permit the driver to run in
85  * backward-compatability mode; and (2) to print a notification message
86  * if an FC HBA does not support the "interconnect-type" property.  The
87  * behavior of the driver will be to assume parallel SCSI behaviors unless
88  * the "interconnect-type" property is defined by the HBA **AND** has a
89  * value of either INTERCONNECT_FIBRE, INTERCONNECT_SSA, or
90  * INTERCONNECT_FABRIC, in which case the driver will assume Fibre
91  * Channel behaviors (as per the old ssd).  (Note that the
92  * INTERCONNECT_1394 and INTERCONNECT_USB types are not supported and
93  * will result in the driver assuming parallel SCSI behaviors.)
94  *
95  * (see common/sys/scsi/impl/services.h)
96  *
97  * Note: For ssd semantics, don't use INTERCONNECT_FABRIC as the default
98  * since some FC HBAs may already support that, and there is some code in
99  * the driver that already looks for it.  Using INTERCONNECT_FABRIC as the
100  * default would confuse that code, and besides things should work fine
101  * anyways if the FC HBA already reports INTERCONNECT_FABRIC for the
102  * "interconnect_type" property.
103  */
104 #if (defined(__fibre))
105 #define	SD_DEFAULT_INTERCONNECT_TYPE	SD_INTERCONNECT_FIBRE
106 #else
107 #define	SD_DEFAULT_INTERCONNECT_TYPE	SD_INTERCONNECT_PARALLEL
108 #endif
109 
110 /*
111  * The name of the driver, established from the module name in _init.
112  */
113 static	char *sd_label			= NULL;
114 
115 /*
116  * Driver name is unfortunately prefixed on some driver.conf properties.
117  */
118 #if (defined(__fibre))
119 #define	sd_max_xfer_size		ssd_max_xfer_size
120 #define	sd_config_list			ssd_config_list
121 static	char *sd_max_xfer_size		= "ssd_max_xfer_size";
122 static	char *sd_config_list		= "ssd-config-list";
123 #else
124 static	char *sd_max_xfer_size		= "sd_max_xfer_size";
125 static	char *sd_config_list		= "sd-config-list";
126 #endif
127 
128 /*
129  * Driver global variables
130  */
131 
132 #if (defined(__fibre))
133 /*
134  * These #defines are to avoid namespace collisions that occur because this
135  * code is currently used to compile two seperate driver modules: sd and ssd.
136  * All global variables need to be treated this way (even if declared static)
137  * in order to allow the debugger to resolve the names properly.
138  * It is anticipated that in the near future the ssd module will be obsoleted,
139  * at which time this namespace issue should go away.
140  */
141 #define	sd_state			ssd_state
142 #define	sd_io_time			ssd_io_time
143 #define	sd_failfast_enable		ssd_failfast_enable
144 #define	sd_ua_retry_count		ssd_ua_retry_count
145 #define	sd_report_pfa			ssd_report_pfa
146 #define	sd_max_throttle			ssd_max_throttle
147 #define	sd_min_throttle			ssd_min_throttle
148 #define	sd_rot_delay			ssd_rot_delay
149 
150 #define	sd_retry_on_reservation_conflict	\
151 					ssd_retry_on_reservation_conflict
152 #define	sd_reinstate_resv_delay		ssd_reinstate_resv_delay
153 #define	sd_resv_conflict_name		ssd_resv_conflict_name
154 
155 #define	sd_component_mask		ssd_component_mask
156 #define	sd_level_mask			ssd_level_mask
157 #define	sd_debug_un			ssd_debug_un
158 #define	sd_error_level			ssd_error_level
159 
160 #define	sd_xbuf_active_limit		ssd_xbuf_active_limit
161 #define	sd_xbuf_reserve_limit		ssd_xbuf_reserve_limit
162 
163 #define	sd_tr				ssd_tr
164 #define	sd_reset_throttle_timeout	ssd_reset_throttle_timeout
165 #define	sd_qfull_throttle_timeout	ssd_qfull_throttle_timeout
166 #define	sd_qfull_throttle_enable	ssd_qfull_throttle_enable
167 #define	sd_check_media_time		ssd_check_media_time
168 #define	sd_wait_cmds_complete		ssd_wait_cmds_complete
169 #define	sd_label_mutex			ssd_label_mutex
170 #define	sd_detach_mutex			ssd_detach_mutex
171 #define	sd_log_buf			ssd_log_buf
172 #define	sd_log_mutex			ssd_log_mutex
173 
174 #define	sd_disk_table			ssd_disk_table
175 #define	sd_disk_table_size		ssd_disk_table_size
176 #define	sd_sense_mutex			ssd_sense_mutex
177 #define	sd_cdbtab			ssd_cdbtab
178 
179 #define	sd_cb_ops			ssd_cb_ops
180 #define	sd_ops				ssd_ops
181 #define	sd_additional_codes		ssd_additional_codes
182 
183 #define	sd_minor_data			ssd_minor_data
184 #define	sd_minor_data_efi		ssd_minor_data_efi
185 
186 #define	sd_tq				ssd_tq
187 #define	sd_wmr_tq			ssd_wmr_tq
188 #define	sd_taskq_name			ssd_taskq_name
189 #define	sd_wmr_taskq_name		ssd_wmr_taskq_name
190 #define	sd_taskq_minalloc		ssd_taskq_minalloc
191 #define	sd_taskq_maxalloc		ssd_taskq_maxalloc
192 
193 #define	sd_dump_format_string		ssd_dump_format_string
194 
195 #define	sd_iostart_chain		ssd_iostart_chain
196 #define	sd_iodone_chain			ssd_iodone_chain
197 
198 #define	sd_pm_idletime			ssd_pm_idletime
199 
200 #define	sd_force_pm_supported		ssd_force_pm_supported
201 
202 #define	sd_dtype_optical_bind		ssd_dtype_optical_bind
203 
204 #endif
205 
206 
207 #ifdef	SDDEBUG
208 int	sd_force_pm_supported		= 0;
209 #endif	/* SDDEBUG */
210 
211 void *sd_state				= NULL;
212 int sd_io_time				= SD_IO_TIME;
213 int sd_failfast_enable			= 1;
214 int sd_ua_retry_count			= SD_UA_RETRY_COUNT;
215 int sd_report_pfa			= 1;
216 int sd_max_throttle			= SD_MAX_THROTTLE;
217 int sd_min_throttle			= SD_MIN_THROTTLE;
218 int sd_rot_delay			= 4; /* Default 4ms Rotation delay */
219 int sd_qfull_throttle_enable		= TRUE;
220 
221 int sd_retry_on_reservation_conflict	= 1;
222 int sd_reinstate_resv_delay		= SD_REINSTATE_RESV_DELAY;
223 _NOTE(SCHEME_PROTECTS_DATA("safe sharing", sd_reinstate_resv_delay))
224 
225 static int sd_dtype_optical_bind	= -1;
226 
227 /* Note: the following is not a bug, it really is "sd_" and not "ssd_" */
228 static	char *sd_resv_conflict_name	= "sd_retry_on_reservation_conflict";
229 
230 /*
231  * Global data for debug logging. To enable debug printing, sd_component_mask
232  * and sd_level_mask should be set to the desired bit patterns as outlined in
233  * sddef.h.
234  */
235 uint_t	sd_component_mask		= 0x0;
236 uint_t	sd_level_mask			= 0x0;
237 struct	sd_lun *sd_debug_un		= NULL;
238 uint_t	sd_error_level			= SCSI_ERR_RETRYABLE;
239 
240 /* Note: these may go away in the future... */
241 static uint32_t	sd_xbuf_active_limit	= 512;
242 static uint32_t sd_xbuf_reserve_limit	= 16;
243 
244 static struct sd_resv_reclaim_request	sd_tr = { NULL, NULL, NULL, 0, 0, 0 };
245 
246 /*
247  * Timer value used to reset the throttle after it has been reduced
248  * (typically in response to TRAN_BUSY or STATUS_QFULL)
249  */
250 static int sd_reset_throttle_timeout	= SD_RESET_THROTTLE_TIMEOUT;
251 static int sd_qfull_throttle_timeout	= SD_QFULL_THROTTLE_TIMEOUT;
252 
253 /*
254  * Interval value associated with the media change scsi watch.
255  */
256 static int sd_check_media_time		= 3000000;
257 
258 /*
259  * Wait value used for in progress operations during a DDI_SUSPEND
260  */
261 static int sd_wait_cmds_complete	= SD_WAIT_CMDS_COMPLETE;
262 
263 /*
264  * sd_label_mutex protects a static buffer used in the disk label
265  * component of the driver
266  */
267 static kmutex_t sd_label_mutex;
268 
269 /*
270  * sd_detach_mutex protects un_layer_count, un_detach_count, and
271  * un_opens_in_progress in the sd_lun structure.
272  */
273 static kmutex_t sd_detach_mutex;
274 
275 _NOTE(MUTEX_PROTECTS_DATA(sd_detach_mutex,
276 	sd_lun::{un_layer_count un_detach_count un_opens_in_progress}))
277 
278 /*
279  * Global buffer and mutex for debug logging
280  */
281 static char	sd_log_buf[1024];
282 static kmutex_t	sd_log_mutex;
283 
284 
285 /*
286  * "Smart" Probe Caching structs, globals, #defines, etc.
287  * For parallel scsi and non-self-identify device only.
288  */
289 
290 /*
291  * The following resources and routines are implemented to support
292  * "smart" probing, which caches the scsi_probe() results in an array,
293  * in order to help avoid long probe times.
294  */
295 struct sd_scsi_probe_cache {
296 	struct	sd_scsi_probe_cache	*next;
297 	dev_info_t	*pdip;
298 	int		cache[NTARGETS_WIDE];
299 };
300 
301 static kmutex_t	sd_scsi_probe_cache_mutex;
302 static struct	sd_scsi_probe_cache *sd_scsi_probe_cache_head = NULL;
303 
304 /*
305  * Really we only need protection on the head of the linked list, but
306  * better safe than sorry.
307  */
308 _NOTE(MUTEX_PROTECTS_DATA(sd_scsi_probe_cache_mutex,
309     sd_scsi_probe_cache::next sd_scsi_probe_cache::pdip))
310 
311 _NOTE(MUTEX_PROTECTS_DATA(sd_scsi_probe_cache_mutex,
312     sd_scsi_probe_cache_head))
313 
314 
315 /*
316  * Vendor specific data name property declarations
317  */
318 
319 #if defined(__fibre) || defined(__i386) ||defined(__amd64)
320 
321 static sd_tunables seagate_properties = {
322 	SEAGATE_THROTTLE_VALUE,
323 	0,
324 	0,
325 	0,
326 	0,
327 	0,
328 	0,
329 	0,
330 	0
331 };
332 
333 
334 static sd_tunables fujitsu_properties = {
335 	FUJITSU_THROTTLE_VALUE,
336 	0,
337 	0,
338 	0,
339 	0,
340 	0,
341 	0,
342 	0,
343 	0
344 };
345 
346 static sd_tunables ibm_properties = {
347 	IBM_THROTTLE_VALUE,
348 	0,
349 	0,
350 	0,
351 	0,
352 	0,
353 	0,
354 	0,
355 	0
356 };
357 
358 static sd_tunables purple_properties = {
359 	PURPLE_THROTTLE_VALUE,
360 	0,
361 	0,
362 	PURPLE_BUSY_RETRIES,
363 	PURPLE_RESET_RETRY_COUNT,
364 	PURPLE_RESERVE_RELEASE_TIME,
365 	0,
366 	0,
367 	0
368 };
369 
370 static sd_tunables sve_properties = {
371 	SVE_THROTTLE_VALUE,
372 	0,
373 	0,
374 	SVE_BUSY_RETRIES,
375 	SVE_RESET_RETRY_COUNT,
376 	SVE_RESERVE_RELEASE_TIME,
377 	SVE_MIN_THROTTLE_VALUE,
378 	SVE_DISKSORT_DISABLED_FLAG,
379 	0
380 };
381 
382 static sd_tunables maserati_properties = {
383 	0,
384 	0,
385 	0,
386 	0,
387 	0,
388 	0,
389 	0,
390 	MASERATI_DISKSORT_DISABLED_FLAG,
391 	MASERATI_LUN_RESET_ENABLED_FLAG
392 };
393 
394 static sd_tunables pirus_properties = {
395 	PIRUS_THROTTLE_VALUE,
396 	0,
397 	PIRUS_NRR_COUNT,
398 	PIRUS_BUSY_RETRIES,
399 	PIRUS_RESET_RETRY_COUNT,
400 	0,
401 	PIRUS_MIN_THROTTLE_VALUE,
402 	PIRUS_DISKSORT_DISABLED_FLAG,
403 	PIRUS_LUN_RESET_ENABLED_FLAG
404 };
405 
406 #endif
407 
408 #if (defined(__sparc) && !defined(__fibre)) || \
409 	(defined(__i386) || defined(__amd64))
410 
411 
412 static sd_tunables elite_properties = {
413 	ELITE_THROTTLE_VALUE,
414 	0,
415 	0,
416 	0,
417 	0,
418 	0,
419 	0,
420 	0,
421 	0
422 };
423 
424 static sd_tunables st31200n_properties = {
425 	ST31200N_THROTTLE_VALUE,
426 	0,
427 	0,
428 	0,
429 	0,
430 	0,
431 	0,
432 	0,
433 	0
434 };
435 
436 #endif /* Fibre or not */
437 
438 static sd_tunables lsi_properties_scsi = {
439 	LSI_THROTTLE_VALUE,
440 	0,
441 	LSI_NOTREADY_RETRIES,
442 	0,
443 	0,
444 	0,
445 	0,
446 	0,
447 	0
448 };
449 
450 static sd_tunables symbios_properties = {
451 	SYMBIOS_THROTTLE_VALUE,
452 	0,
453 	SYMBIOS_NOTREADY_RETRIES,
454 	0,
455 	0,
456 	0,
457 	0,
458 	0,
459 	0
460 };
461 
462 static sd_tunables lsi_properties = {
463 	0,
464 	0,
465 	LSI_NOTREADY_RETRIES,
466 	0,
467 	0,
468 	0,
469 	0,
470 	0,
471 	0
472 };
473 
474 static sd_tunables lsi_oem_properties = {
475 	0,
476 	0,
477 	LSI_OEM_NOTREADY_RETRIES,
478 	0,
479 	0,
480 	0,
481 	0,
482 	0,
483 	0
484 };
485 
486 
487 
488 #if (defined(SD_PROP_TST))
489 
490 #define	SD_TST_CTYPE_VAL	CTYPE_CDROM
491 #define	SD_TST_THROTTLE_VAL	16
492 #define	SD_TST_NOTREADY_VAL	12
493 #define	SD_TST_BUSY_VAL		60
494 #define	SD_TST_RST_RETRY_VAL	36
495 #define	SD_TST_RSV_REL_TIME	60
496 
497 static sd_tunables tst_properties = {
498 	SD_TST_THROTTLE_VAL,
499 	SD_TST_CTYPE_VAL,
500 	SD_TST_NOTREADY_VAL,
501 	SD_TST_BUSY_VAL,
502 	SD_TST_RST_RETRY_VAL,
503 	SD_TST_RSV_REL_TIME,
504 	0,
505 	0,
506 	0
507 };
508 #endif
509 
510 /* This is similiar to the ANSI toupper implementation */
511 #define	SD_TOUPPER(C)	(((C) >= 'a' && (C) <= 'z') ? (C) - 'a' + 'A' : (C))
512 
513 /*
514  * Static Driver Configuration Table
515  *
516  * This is the table of disks which need throttle adjustment (or, perhaps
517  * something else as defined by the flags at a future time.)  device_id
518  * is a string consisting of concatenated vid (vendor), pid (product/model)
519  * and revision strings as defined in the scsi_inquiry structure.  Offsets of
520  * the parts of the string are as defined by the sizes in the scsi_inquiry
521  * structure.  Device type is searched as far as the device_id string is
522  * defined.  Flags defines which values are to be set in the driver from the
523  * properties list.
524  *
525  * Entries below which begin and end with a "*" are a special case.
526  * These do not have a specific vendor, and the string which follows
527  * can appear anywhere in the 16 byte PID portion of the inquiry data.
528  *
529  * Entries below which begin and end with a " " (blank) are a special
530  * case. The comparison function will treat multiple consecutive blanks
531  * as equivalent to a single blank. For example, this causes a
532  * sd_disk_table entry of " NEC CDROM " to match a device's id string
533  * of  "NEC       CDROM".
534  *
535  * Note: The MD21 controller type has been obsoleted.
536  *	 ST318202F is a Legacy device
537  *	 MAM3182FC, MAM3364FC, MAM3738FC do not appear to have ever been
538  *	 made with an FC connection. The entries here are a legacy.
539  */
540 static sd_disk_config_t sd_disk_table[] = {
541 #if defined(__fibre) || defined(__i386) || defined(__amd64)
542 	{ "SEAGATE ST34371FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
543 	{ "SEAGATE ST19171FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
544 	{ "SEAGATE ST39102FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
545 	{ "SEAGATE ST39103FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
546 	{ "SEAGATE ST118273F", SD_CONF_BSET_THROTTLE, &seagate_properties },
547 	{ "SEAGATE ST318202F", SD_CONF_BSET_THROTTLE, &seagate_properties },
548 	{ "SEAGATE ST318203F", SD_CONF_BSET_THROTTLE, &seagate_properties },
549 	{ "SEAGATE ST136403F", SD_CONF_BSET_THROTTLE, &seagate_properties },
550 	{ "SEAGATE ST318304F", SD_CONF_BSET_THROTTLE, &seagate_properties },
551 	{ "SEAGATE ST336704F", SD_CONF_BSET_THROTTLE, &seagate_properties },
552 	{ "SEAGATE ST373405F", SD_CONF_BSET_THROTTLE, &seagate_properties },
553 	{ "SEAGATE ST336605F", SD_CONF_BSET_THROTTLE, &seagate_properties },
554 	{ "SEAGATE ST336752F", SD_CONF_BSET_THROTTLE, &seagate_properties },
555 	{ "SEAGATE ST318452F", SD_CONF_BSET_THROTTLE, &seagate_properties },
556 	{ "FUJITSU MAG3091F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
557 	{ "FUJITSU MAG3182F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
558 	{ "FUJITSU MAA3182F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
559 	{ "FUJITSU MAF3364F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
560 	{ "FUJITSU MAL3364F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
561 	{ "FUJITSU MAL3738F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
562 	{ "FUJITSU MAM3182FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
563 	{ "FUJITSU MAM3364FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
564 	{ "FUJITSU MAM3738FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
565 	{ "IBM     DDYFT1835",  SD_CONF_BSET_THROTTLE, &ibm_properties },
566 	{ "IBM     DDYFT3695",  SD_CONF_BSET_THROTTLE, &ibm_properties },
567 	{ "IBM     IC35LF2D2",  SD_CONF_BSET_THROTTLE, &ibm_properties },
568 	{ "IBM     IC35LF2PR",  SD_CONF_BSET_THROTTLE, &ibm_properties },
569 	{ "IBM     3526",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
570 	{ "IBM     3542",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
571 	{ "IBM     3552",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
572 	{ "IBM     1722",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
573 	{ "IBM     1742",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
574 	{ "IBM     1815",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
575 	{ "IBM     FAStT",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
576 	{ "LSI     INF",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
577 	{ "ENGENIO INF",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
578 	{ "SGI     TP",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
579 	{ "SGI     IS",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
580 	{ "*CSM100_*",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
581 	{ "*CSM200_*",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
582 	{ "LSI",		SD_CONF_BSET_NRR_COUNT, &lsi_properties },
583 	{ "SUN     T3", SD_CONF_BSET_THROTTLE |
584 			SD_CONF_BSET_BSY_RETRY_COUNT|
585 			SD_CONF_BSET_RST_RETRIES|
586 			SD_CONF_BSET_RSV_REL_TIME,
587 		&purple_properties },
588 	{ "SUN     SESS01", SD_CONF_BSET_THROTTLE |
589 		SD_CONF_BSET_BSY_RETRY_COUNT|
590 		SD_CONF_BSET_RST_RETRIES|
591 		SD_CONF_BSET_RSV_REL_TIME|
592 		SD_CONF_BSET_MIN_THROTTLE|
593 		SD_CONF_BSET_DISKSORT_DISABLED,
594 		&sve_properties },
595 	{ "SUN     T4", SD_CONF_BSET_THROTTLE |
596 			SD_CONF_BSET_BSY_RETRY_COUNT|
597 			SD_CONF_BSET_RST_RETRIES|
598 			SD_CONF_BSET_RSV_REL_TIME,
599 		&purple_properties },
600 	{ "SUN     SVE01", SD_CONF_BSET_DISKSORT_DISABLED |
601 		SD_CONF_BSET_LUN_RESET_ENABLED,
602 		&maserati_properties },
603 	{ "SUN     SE6920", SD_CONF_BSET_THROTTLE |
604 		SD_CONF_BSET_NRR_COUNT|
605 		SD_CONF_BSET_BSY_RETRY_COUNT|
606 		SD_CONF_BSET_RST_RETRIES|
607 		SD_CONF_BSET_MIN_THROTTLE|
608 		SD_CONF_BSET_DISKSORT_DISABLED|
609 		SD_CONF_BSET_LUN_RESET_ENABLED,
610 		&pirus_properties },
611 	{ "SUN     PSX1000", SD_CONF_BSET_THROTTLE |
612 		SD_CONF_BSET_NRR_COUNT|
613 		SD_CONF_BSET_BSY_RETRY_COUNT|
614 		SD_CONF_BSET_RST_RETRIES|
615 		SD_CONF_BSET_MIN_THROTTLE|
616 		SD_CONF_BSET_DISKSORT_DISABLED|
617 		SD_CONF_BSET_LUN_RESET_ENABLED,
618 		&pirus_properties },
619 	{ "SUN     SE6330", SD_CONF_BSET_THROTTLE |
620 		SD_CONF_BSET_NRR_COUNT|
621 		SD_CONF_BSET_BSY_RETRY_COUNT|
622 		SD_CONF_BSET_RST_RETRIES|
623 		SD_CONF_BSET_MIN_THROTTLE|
624 		SD_CONF_BSET_DISKSORT_DISABLED|
625 		SD_CONF_BSET_LUN_RESET_ENABLED,
626 		&pirus_properties },
627 	{ "STK     OPENstorage", SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
628 	{ "STK     OpenStorage", SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
629 	{ "STK     BladeCtlr",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
630 	{ "STK     FLEXLINE",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
631 	{ "SYMBIOS", SD_CONF_BSET_NRR_COUNT, &symbios_properties },
632 #endif /* fibre or NON-sparc platforms */
633 #if ((defined(__sparc) && !defined(__fibre)) ||\
634 	(defined(__i386) || defined(__amd64)))
635 	{ "SEAGATE ST42400N", SD_CONF_BSET_THROTTLE, &elite_properties },
636 	{ "SEAGATE ST31200N", SD_CONF_BSET_THROTTLE, &st31200n_properties },
637 	{ "SEAGATE ST41600N", SD_CONF_BSET_TUR_CHECK, NULL },
638 	{ "CONNER  CP30540",  SD_CONF_BSET_NOCACHE,  NULL },
639 	{ "*SUN0104*", SD_CONF_BSET_FAB_DEVID, NULL },
640 	{ "*SUN0207*", SD_CONF_BSET_FAB_DEVID, NULL },
641 	{ "*SUN0327*", SD_CONF_BSET_FAB_DEVID, NULL },
642 	{ "*SUN0340*", SD_CONF_BSET_FAB_DEVID, NULL },
643 	{ "*SUN0424*", SD_CONF_BSET_FAB_DEVID, NULL },
644 	{ "*SUN0669*", SD_CONF_BSET_FAB_DEVID, NULL },
645 	{ "*SUN1.0G*", SD_CONF_BSET_FAB_DEVID, NULL },
646 	{ "SYMBIOS INF-01-00       ", SD_CONF_BSET_FAB_DEVID, NULL },
647 	{ "SYMBIOS", SD_CONF_BSET_THROTTLE|SD_CONF_BSET_NRR_COUNT,
648 	    &symbios_properties },
649 	{ "LSI", SD_CONF_BSET_THROTTLE | SD_CONF_BSET_NRR_COUNT,
650 	    &lsi_properties_scsi },
651 #if defined(__i386) || defined(__amd64)
652 	{ " NEC CD-ROM DRIVE:260 ", (SD_CONF_BSET_PLAYMSF_BCD
653 				    | SD_CONF_BSET_READSUB_BCD
654 				    | SD_CONF_BSET_READ_TOC_ADDR_BCD
655 				    | SD_CONF_BSET_NO_READ_HEADER
656 				    | SD_CONF_BSET_READ_CD_XD4), NULL },
657 
658 	{ " NEC CD-ROM DRIVE:270 ", (SD_CONF_BSET_PLAYMSF_BCD
659 				    | SD_CONF_BSET_READSUB_BCD
660 				    | SD_CONF_BSET_READ_TOC_ADDR_BCD
661 				    | SD_CONF_BSET_NO_READ_HEADER
662 				    | SD_CONF_BSET_READ_CD_XD4), NULL },
663 #endif /* __i386 || __amd64 */
664 #endif /* sparc NON-fibre or NON-sparc platforms */
665 
666 #if (defined(SD_PROP_TST))
667 	{ "VENDOR  PRODUCT ", (SD_CONF_BSET_THROTTLE
668 				| SD_CONF_BSET_CTYPE
669 				| SD_CONF_BSET_NRR_COUNT
670 				| SD_CONF_BSET_FAB_DEVID
671 				| SD_CONF_BSET_NOCACHE
672 				| SD_CONF_BSET_BSY_RETRY_COUNT
673 				| SD_CONF_BSET_PLAYMSF_BCD
674 				| SD_CONF_BSET_READSUB_BCD
675 				| SD_CONF_BSET_READ_TOC_TRK_BCD
676 				| SD_CONF_BSET_READ_TOC_ADDR_BCD
677 				| SD_CONF_BSET_NO_READ_HEADER
678 				| SD_CONF_BSET_READ_CD_XD4
679 				| SD_CONF_BSET_RST_RETRIES
680 				| SD_CONF_BSET_RSV_REL_TIME
681 				| SD_CONF_BSET_TUR_CHECK), &tst_properties},
682 #endif
683 };
684 
685 static const int sd_disk_table_size =
686 	sizeof (sd_disk_table)/ sizeof (sd_disk_config_t);
687 
688 
689 /*
690  * Return codes of sd_uselabel().
691  */
692 #define	SD_LABEL_IS_VALID		0
693 #define	SD_LABEL_IS_INVALID		1
694 
695 #define	SD_INTERCONNECT_PARALLEL	0
696 #define	SD_INTERCONNECT_FABRIC		1
697 #define	SD_INTERCONNECT_FIBRE		2
698 #define	SD_INTERCONNECT_SSA		3
699 #define	SD_IS_PARALLEL_SCSI(un)		\
700 	((un)->un_interconnect_type == SD_INTERCONNECT_PARALLEL)
701 
702 /*
703  * Definitions used by device id registration routines
704  */
705 #define	VPD_HEAD_OFFSET		3	/* size of head for vpd page */
706 #define	VPD_PAGE_LENGTH		3	/* offset for pge length data */
707 #define	VPD_MODE_PAGE		1	/* offset into vpd pg for "page code" */
708 #define	WD_NODE			7	/* the whole disk minor */
709 
710 static kmutex_t sd_sense_mutex = {0};
711 
712 /*
713  * Macros for updates of the driver state
714  */
715 #define	New_state(un, s)        \
716 	(un)->un_last_state = (un)->un_state, (un)->un_state = (s)
717 #define	Restore_state(un)	\
718 	{ uchar_t tmp = (un)->un_last_state; New_state((un), tmp); }
719 
720 static struct sd_cdbinfo sd_cdbtab[] = {
721 	{ CDB_GROUP0, 0x00,	   0x1FFFFF,   0xFF,	    },
722 	{ CDB_GROUP1, SCMD_GROUP1, 0xFFFFFFFF, 0xFFFF,	    },
723 	{ CDB_GROUP5, SCMD_GROUP5, 0xFFFFFFFF, 0xFFFFFFFF,  },
724 	{ CDB_GROUP4, SCMD_GROUP4, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFF, },
725 };
726 
727 /*
728  * Specifies the number of seconds that must have elapsed since the last
729  * cmd. has completed for a device to be declared idle to the PM framework.
730  */
731 static int sd_pm_idletime = 1;
732 
733 /*
734  * Internal function prototypes
735  */
736 
737 #if (defined(__fibre))
738 /*
739  * These #defines are to avoid namespace collisions that occur because this
740  * code is currently used to compile two seperate driver modules: sd and ssd.
741  * All function names need to be treated this way (even if declared static)
742  * in order to allow the debugger to resolve the names properly.
743  * It is anticipated that in the near future the ssd module will be obsoleted,
744  * at which time this ugliness should go away.
745  */
746 #define	sd_log_trace			ssd_log_trace
747 #define	sd_log_info			ssd_log_info
748 #define	sd_log_err			ssd_log_err
749 #define	sdprobe				ssdprobe
750 #define	sdinfo				ssdinfo
751 #define	sd_prop_op			ssd_prop_op
752 #define	sd_scsi_probe_cache_init	ssd_scsi_probe_cache_init
753 #define	sd_scsi_probe_cache_fini	ssd_scsi_probe_cache_fini
754 #define	sd_scsi_clear_probe_cache	ssd_scsi_clear_probe_cache
755 #define	sd_scsi_probe_with_cache	ssd_scsi_probe_with_cache
756 #define	sd_spin_up_unit			ssd_spin_up_unit
757 #define	sd_enable_descr_sense		ssd_enable_descr_sense
758 #define	sd_set_mmc_caps			ssd_set_mmc_caps
759 #define	sd_read_unit_properties		ssd_read_unit_properties
760 #define	sd_process_sdconf_file		ssd_process_sdconf_file
761 #define	sd_process_sdconf_table		ssd_process_sdconf_table
762 #define	sd_sdconf_id_match		ssd_sdconf_id_match
763 #define	sd_blank_cmp			ssd_blank_cmp
764 #define	sd_chk_vers1_data		ssd_chk_vers1_data
765 #define	sd_set_vers1_properties		ssd_set_vers1_properties
766 #define	sd_validate_geometry		ssd_validate_geometry
767 
768 #if defined(_SUNOS_VTOC_16)
769 #define	sd_convert_geometry		ssd_convert_geometry
770 #endif
771 
772 #define	sd_resync_geom_caches		ssd_resync_geom_caches
773 #define	sd_read_fdisk			ssd_read_fdisk
774 #define	sd_get_physical_geometry	ssd_get_physical_geometry
775 #define	sd_get_virtual_geometry		ssd_get_virtual_geometry
776 #define	sd_update_block_info		ssd_update_block_info
777 #define	sd_swap_efi_gpt			ssd_swap_efi_gpt
778 #define	sd_swap_efi_gpe			ssd_swap_efi_gpe
779 #define	sd_validate_efi			ssd_validate_efi
780 #define	sd_use_efi			ssd_use_efi
781 #define	sd_uselabel			ssd_uselabel
782 #define	sd_build_default_label		ssd_build_default_label
783 #define	sd_has_max_chs_vals		ssd_has_max_chs_vals
784 #define	sd_inq_fill			ssd_inq_fill
785 #define	sd_register_devid		ssd_register_devid
786 #define	sd_get_devid_block		ssd_get_devid_block
787 #define	sd_get_devid			ssd_get_devid
788 #define	sd_create_devid			ssd_create_devid
789 #define	sd_write_deviceid		ssd_write_deviceid
790 #define	sd_check_vpd_page_support	ssd_check_vpd_page_support
791 #define	sd_setup_pm			ssd_setup_pm
792 #define	sd_create_pm_components		ssd_create_pm_components
793 #define	sd_ddi_suspend			ssd_ddi_suspend
794 #define	sd_ddi_pm_suspend		ssd_ddi_pm_suspend
795 #define	sd_ddi_resume			ssd_ddi_resume
796 #define	sd_ddi_pm_resume		ssd_ddi_pm_resume
797 #define	sdpower				ssdpower
798 #define	sdattach			ssdattach
799 #define	sddetach			ssddetach
800 #define	sd_unit_attach			ssd_unit_attach
801 #define	sd_unit_detach			ssd_unit_detach
802 #define	sd_create_minor_nodes		ssd_create_minor_nodes
803 #define	sd_create_errstats		ssd_create_errstats
804 #define	sd_set_errstats			ssd_set_errstats
805 #define	sd_set_pstats			ssd_set_pstats
806 #define	sddump				ssddump
807 #define	sd_scsi_poll			ssd_scsi_poll
808 #define	sd_send_polled_RQS		ssd_send_polled_RQS
809 #define	sd_ddi_scsi_poll		ssd_ddi_scsi_poll
810 #define	sd_init_event_callbacks		ssd_init_event_callbacks
811 #define	sd_event_callback		ssd_event_callback
812 #define	sd_disable_caching		ssd_disable_caching
813 #define	sd_get_write_cache_enabled	ssd_get_write_cache_enabled
814 #define	sd_make_device			ssd_make_device
815 #define	sdopen				ssdopen
816 #define	sdclose				ssdclose
817 #define	sd_ready_and_valid		ssd_ready_and_valid
818 #define	sdmin				ssdmin
819 #define	sdread				ssdread
820 #define	sdwrite				ssdwrite
821 #define	sdaread				ssdaread
822 #define	sdawrite			ssdawrite
823 #define	sdstrategy			ssdstrategy
824 #define	sdioctl				ssdioctl
825 #define	sd_mapblockaddr_iostart		ssd_mapblockaddr_iostart
826 #define	sd_mapblocksize_iostart		ssd_mapblocksize_iostart
827 #define	sd_checksum_iostart		ssd_checksum_iostart
828 #define	sd_checksum_uscsi_iostart	ssd_checksum_uscsi_iostart
829 #define	sd_pm_iostart			ssd_pm_iostart
830 #define	sd_core_iostart			ssd_core_iostart
831 #define	sd_mapblockaddr_iodone		ssd_mapblockaddr_iodone
832 #define	sd_mapblocksize_iodone		ssd_mapblocksize_iodone
833 #define	sd_checksum_iodone		ssd_checksum_iodone
834 #define	sd_checksum_uscsi_iodone	ssd_checksum_uscsi_iodone
835 #define	sd_pm_iodone			ssd_pm_iodone
836 #define	sd_initpkt_for_buf		ssd_initpkt_for_buf
837 #define	sd_destroypkt_for_buf		ssd_destroypkt_for_buf
838 #define	sd_setup_rw_pkt			ssd_setup_rw_pkt
839 #define	sd_setup_next_rw_pkt		ssd_setup_next_rw_pkt
840 #define	sd_buf_iodone			ssd_buf_iodone
841 #define	sd_uscsi_strategy		ssd_uscsi_strategy
842 #define	sd_initpkt_for_uscsi		ssd_initpkt_for_uscsi
843 #define	sd_destroypkt_for_uscsi		ssd_destroypkt_for_uscsi
844 #define	sd_uscsi_iodone			ssd_uscsi_iodone
845 #define	sd_xbuf_strategy		ssd_xbuf_strategy
846 #define	sd_xbuf_init			ssd_xbuf_init
847 #define	sd_pm_entry			ssd_pm_entry
848 #define	sd_pm_exit			ssd_pm_exit
849 
850 #define	sd_pm_idletimeout_handler	ssd_pm_idletimeout_handler
851 #define	sd_pm_timeout_handler		ssd_pm_timeout_handler
852 
853 #define	sd_add_buf_to_waitq		ssd_add_buf_to_waitq
854 #define	sdintr				ssdintr
855 #define	sd_start_cmds			ssd_start_cmds
856 #define	sd_send_scsi_cmd		ssd_send_scsi_cmd
857 #define	sd_bioclone_alloc		ssd_bioclone_alloc
858 #define	sd_bioclone_free		ssd_bioclone_free
859 #define	sd_shadow_buf_alloc		ssd_shadow_buf_alloc
860 #define	sd_shadow_buf_free		ssd_shadow_buf_free
861 #define	sd_print_transport_rejected_message	\
862 					ssd_print_transport_rejected_message
863 #define	sd_retry_command		ssd_retry_command
864 #define	sd_set_retry_bp			ssd_set_retry_bp
865 #define	sd_send_request_sense_command	ssd_send_request_sense_command
866 #define	sd_start_retry_command		ssd_start_retry_command
867 #define	sd_start_direct_priority_command	\
868 					ssd_start_direct_priority_command
869 #define	sd_return_failed_command	ssd_return_failed_command
870 #define	sd_return_failed_command_no_restart	\
871 					ssd_return_failed_command_no_restart
872 #define	sd_return_command		ssd_return_command
873 #define	sd_sync_with_callback		ssd_sync_with_callback
874 #define	sdrunout			ssdrunout
875 #define	sd_mark_rqs_busy		ssd_mark_rqs_busy
876 #define	sd_mark_rqs_idle		ssd_mark_rqs_idle
877 #define	sd_reduce_throttle		ssd_reduce_throttle
878 #define	sd_restore_throttle		ssd_restore_throttle
879 #define	sd_print_incomplete_msg		ssd_print_incomplete_msg
880 #define	sd_init_cdb_limits		ssd_init_cdb_limits
881 #define	sd_pkt_status_good		ssd_pkt_status_good
882 #define	sd_pkt_status_check_condition	ssd_pkt_status_check_condition
883 #define	sd_pkt_status_busy		ssd_pkt_status_busy
884 #define	sd_pkt_status_reservation_conflict	\
885 					ssd_pkt_status_reservation_conflict
886 #define	sd_pkt_status_qfull		ssd_pkt_status_qfull
887 #define	sd_handle_request_sense		ssd_handle_request_sense
888 #define	sd_handle_auto_request_sense	ssd_handle_auto_request_sense
889 #define	sd_print_sense_failed_msg	ssd_print_sense_failed_msg
890 #define	sd_validate_sense_data		ssd_validate_sense_data
891 #define	sd_decode_sense			ssd_decode_sense
892 #define	sd_print_sense_msg		ssd_print_sense_msg
893 #define	sd_extract_sense_info_descr	ssd_extract_sense_info_descr
894 #define	sd_sense_key_no_sense		ssd_sense_key_no_sense
895 #define	sd_sense_key_recoverable_error	ssd_sense_key_recoverable_error
896 #define	sd_sense_key_not_ready		ssd_sense_key_not_ready
897 #define	sd_sense_key_medium_or_hardware_error	\
898 					ssd_sense_key_medium_or_hardware_error
899 #define	sd_sense_key_illegal_request	ssd_sense_key_illegal_request
900 #define	sd_sense_key_unit_attention	ssd_sense_key_unit_attention
901 #define	sd_sense_key_fail_command	ssd_sense_key_fail_command
902 #define	sd_sense_key_blank_check	ssd_sense_key_blank_check
903 #define	sd_sense_key_aborted_command	ssd_sense_key_aborted_command
904 #define	sd_sense_key_default		ssd_sense_key_default
905 #define	sd_print_retry_msg		ssd_print_retry_msg
906 #define	sd_print_cmd_incomplete_msg	ssd_print_cmd_incomplete_msg
907 #define	sd_pkt_reason_cmd_incomplete	ssd_pkt_reason_cmd_incomplete
908 #define	sd_pkt_reason_cmd_tran_err	ssd_pkt_reason_cmd_tran_err
909 #define	sd_pkt_reason_cmd_reset		ssd_pkt_reason_cmd_reset
910 #define	sd_pkt_reason_cmd_aborted	ssd_pkt_reason_cmd_aborted
911 #define	sd_pkt_reason_cmd_timeout	ssd_pkt_reason_cmd_timeout
912 #define	sd_pkt_reason_cmd_unx_bus_free	ssd_pkt_reason_cmd_unx_bus_free
913 #define	sd_pkt_reason_cmd_tag_reject	ssd_pkt_reason_cmd_tag_reject
914 #define	sd_pkt_reason_default		ssd_pkt_reason_default
915 #define	sd_reset_target			ssd_reset_target
916 #define	sd_start_stop_unit_callback	ssd_start_stop_unit_callback
917 #define	sd_start_stop_unit_task		ssd_start_stop_unit_task
918 #define	sd_taskq_create			ssd_taskq_create
919 #define	sd_taskq_delete			ssd_taskq_delete
920 #define	sd_media_change_task		ssd_media_change_task
921 #define	sd_handle_mchange		ssd_handle_mchange
922 #define	sd_send_scsi_DOORLOCK		ssd_send_scsi_DOORLOCK
923 #define	sd_send_scsi_READ_CAPACITY	ssd_send_scsi_READ_CAPACITY
924 #define	sd_send_scsi_READ_CAPACITY_16	ssd_send_scsi_READ_CAPACITY_16
925 #define	sd_send_scsi_GET_CONFIGURATION	ssd_send_scsi_GET_CONFIGURATION
926 #define	sd_send_scsi_feature_GET_CONFIGURATION	\
927 					sd_send_scsi_feature_GET_CONFIGURATION
928 #define	sd_send_scsi_START_STOP_UNIT	ssd_send_scsi_START_STOP_UNIT
929 #define	sd_send_scsi_INQUIRY		ssd_send_scsi_INQUIRY
930 #define	sd_send_scsi_TEST_UNIT_READY	ssd_send_scsi_TEST_UNIT_READY
931 #define	sd_send_scsi_PERSISTENT_RESERVE_IN	\
932 					ssd_send_scsi_PERSISTENT_RESERVE_IN
933 #define	sd_send_scsi_PERSISTENT_RESERVE_OUT	\
934 					ssd_send_scsi_PERSISTENT_RESERVE_OUT
935 #define	sd_send_scsi_SYNCHRONIZE_CACHE	ssd_send_scsi_SYNCHRONIZE_CACHE
936 #define	sd_send_scsi_SYNCHRONIZE_CACHE_biodone	\
937 					ssd_send_scsi_SYNCHRONIZE_CACHE_biodone
938 #define	sd_send_scsi_MODE_SENSE		ssd_send_scsi_MODE_SENSE
939 #define	sd_send_scsi_MODE_SELECT	ssd_send_scsi_MODE_SELECT
940 #define	sd_send_scsi_RDWR		ssd_send_scsi_RDWR
941 #define	sd_send_scsi_LOG_SENSE		ssd_send_scsi_LOG_SENSE
942 #define	sd_alloc_rqs			ssd_alloc_rqs
943 #define	sd_free_rqs			ssd_free_rqs
944 #define	sd_dump_memory			ssd_dump_memory
945 #define	sd_uscsi_ioctl			ssd_uscsi_ioctl
946 #define	sd_get_media_info		ssd_get_media_info
947 #define	sd_dkio_ctrl_info		ssd_dkio_ctrl_info
948 #define	sd_dkio_get_geometry		ssd_dkio_get_geometry
949 #define	sd_dkio_set_geometry		ssd_dkio_set_geometry
950 #define	sd_dkio_get_partition		ssd_dkio_get_partition
951 #define	sd_dkio_set_partition		ssd_dkio_set_partition
952 #define	sd_dkio_partition		ssd_dkio_partition
953 #define	sd_dkio_get_vtoc		ssd_dkio_get_vtoc
954 #define	sd_dkio_get_efi			ssd_dkio_get_efi
955 #define	sd_build_user_vtoc		ssd_build_user_vtoc
956 #define	sd_dkio_set_vtoc		ssd_dkio_set_vtoc
957 #define	sd_dkio_set_efi			ssd_dkio_set_efi
958 #define	sd_build_label_vtoc		ssd_build_label_vtoc
959 #define	sd_write_label			ssd_write_label
960 #define	sd_clear_vtoc			ssd_clear_vtoc
961 #define	sd_clear_efi			ssd_clear_efi
962 #define	sd_get_tunables_from_conf	ssd_get_tunables_from_conf
963 #define	sd_setup_next_xfer		ssd_setup_next_xfer
964 #define	sd_dkio_get_temp		ssd_dkio_get_temp
965 #define	sd_dkio_get_mboot		ssd_dkio_get_mboot
966 #define	sd_dkio_set_mboot		ssd_dkio_set_mboot
967 #define	sd_setup_default_geometry	ssd_setup_default_geometry
968 #define	sd_update_fdisk_and_vtoc	ssd_update_fdisk_and_vtoc
969 #define	sd_check_mhd			ssd_check_mhd
970 #define	sd_mhd_watch_cb			ssd_mhd_watch_cb
971 #define	sd_mhd_watch_incomplete		ssd_mhd_watch_incomplete
972 #define	sd_sname			ssd_sname
973 #define	sd_mhd_resvd_recover		ssd_mhd_resvd_recover
974 #define	sd_resv_reclaim_thread		ssd_resv_reclaim_thread
975 #define	sd_take_ownership		ssd_take_ownership
976 #define	sd_reserve_release		ssd_reserve_release
977 #define	sd_rmv_resv_reclaim_req		ssd_rmv_resv_reclaim_req
978 #define	sd_mhd_reset_notify_cb		ssd_mhd_reset_notify_cb
979 #define	sd_persistent_reservation_in_read_keys	\
980 					ssd_persistent_reservation_in_read_keys
981 #define	sd_persistent_reservation_in_read_resv	\
982 					ssd_persistent_reservation_in_read_resv
983 #define	sd_mhdioc_takeown		ssd_mhdioc_takeown
984 #define	sd_mhdioc_failfast		ssd_mhdioc_failfast
985 #define	sd_mhdioc_release		ssd_mhdioc_release
986 #define	sd_mhdioc_register_devid	ssd_mhdioc_register_devid
987 #define	sd_mhdioc_inkeys		ssd_mhdioc_inkeys
988 #define	sd_mhdioc_inresv		ssd_mhdioc_inresv
989 #define	sr_change_blkmode		ssr_change_blkmode
990 #define	sr_change_speed			ssr_change_speed
991 #define	sr_atapi_change_speed		ssr_atapi_change_speed
992 #define	sr_pause_resume			ssr_pause_resume
993 #define	sr_play_msf			ssr_play_msf
994 #define	sr_play_trkind			ssr_play_trkind
995 #define	sr_read_all_subcodes		ssr_read_all_subcodes
996 #define	sr_read_subchannel		ssr_read_subchannel
997 #define	sr_read_tocentry		ssr_read_tocentry
998 #define	sr_read_tochdr			ssr_read_tochdr
999 #define	sr_read_cdda			ssr_read_cdda
1000 #define	sr_read_cdxa			ssr_read_cdxa
1001 #define	sr_read_mode1			ssr_read_mode1
1002 #define	sr_read_mode2			ssr_read_mode2
1003 #define	sr_read_cd_mode2		ssr_read_cd_mode2
1004 #define	sr_sector_mode			ssr_sector_mode
1005 #define	sr_eject			ssr_eject
1006 #define	sr_ejected			ssr_ejected
1007 #define	sr_check_wp			ssr_check_wp
1008 #define	sd_check_media			ssd_check_media
1009 #define	sd_media_watch_cb		ssd_media_watch_cb
1010 #define	sd_delayed_cv_broadcast		ssd_delayed_cv_broadcast
1011 #define	sr_volume_ctrl			ssr_volume_ctrl
1012 #define	sr_read_sony_session_offset	ssr_read_sony_session_offset
1013 #define	sd_log_page_supported		ssd_log_page_supported
1014 #define	sd_check_for_writable_cd	ssd_check_for_writable_cd
1015 #define	sd_wm_cache_constructor		ssd_wm_cache_constructor
1016 #define	sd_wm_cache_destructor		ssd_wm_cache_destructor
1017 #define	sd_range_lock			ssd_range_lock
1018 #define	sd_get_range			ssd_get_range
1019 #define	sd_free_inlist_wmap		ssd_free_inlist_wmap
1020 #define	sd_range_unlock			ssd_range_unlock
1021 #define	sd_read_modify_write_task	ssd_read_modify_write_task
1022 #define	sddump_do_read_of_rmw		ssddump_do_read_of_rmw
1023 
1024 #define	sd_iostart_chain		ssd_iostart_chain
1025 #define	sd_iodone_chain			ssd_iodone_chain
1026 #define	sd_initpkt_map			ssd_initpkt_map
1027 #define	sd_destroypkt_map		ssd_destroypkt_map
1028 #define	sd_chain_type_map		ssd_chain_type_map
1029 #define	sd_chain_index_map		ssd_chain_index_map
1030 
1031 #define	sd_failfast_flushctl		ssd_failfast_flushctl
1032 #define	sd_failfast_flushq		ssd_failfast_flushq
1033 #define	sd_failfast_flushq_callback	ssd_failfast_flushq_callback
1034 
1035 #define	sd_is_lsi			ssd_is_lsi
1036 
1037 #endif	/* #if (defined(__fibre)) */
1038 
1039 
1040 int _init(void);
1041 int _fini(void);
1042 int _info(struct modinfo *modinfop);
1043 
1044 /*PRINTFLIKE3*/
1045 static void sd_log_trace(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1046 /*PRINTFLIKE3*/
1047 static void sd_log_info(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1048 /*PRINTFLIKE3*/
1049 static void sd_log_err(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1050 
1051 static int sdprobe(dev_info_t *devi);
1052 static int sdinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg,
1053     void **result);
1054 static int sd_prop_op(dev_t dev, dev_info_t *dip, ddi_prop_op_t prop_op,
1055     int mod_flags, char *name, caddr_t valuep, int *lengthp);
1056 
1057 /*
1058  * Smart probe for parallel scsi
1059  */
1060 static void sd_scsi_probe_cache_init(void);
1061 static void sd_scsi_probe_cache_fini(void);
1062 static void sd_scsi_clear_probe_cache(void);
1063 static int  sd_scsi_probe_with_cache(struct scsi_device *devp, int (*fn)());
1064 
1065 static int	sd_spin_up_unit(struct sd_lun *un);
1066 #ifdef _LP64
1067 static void	sd_enable_descr_sense(struct sd_lun *un);
1068 #endif /* _LP64 */
1069 static void	sd_set_mmc_caps(struct sd_lun *un);
1070 
1071 static void sd_read_unit_properties(struct sd_lun *un);
1072 static int  sd_process_sdconf_file(struct sd_lun *un);
1073 static void sd_get_tunables_from_conf(struct sd_lun *un, int flags,
1074     int *data_list, sd_tunables *values);
1075 static void sd_process_sdconf_table(struct sd_lun *un);
1076 static int  sd_sdconf_id_match(struct sd_lun *un, char *id, int idlen);
1077 static int  sd_blank_cmp(struct sd_lun *un, char *id, int idlen);
1078 static int  sd_chk_vers1_data(struct sd_lun *un, int flags, int *prop_list,
1079 	int list_len, char *dataname_ptr);
1080 static void sd_set_vers1_properties(struct sd_lun *un, int flags,
1081     sd_tunables *prop_list);
1082 static int  sd_validate_geometry(struct sd_lun *un, int path_flag);
1083 
1084 #if defined(_SUNOS_VTOC_16)
1085 static void sd_convert_geometry(uint64_t capacity, struct dk_geom *un_g);
1086 #endif
1087 
1088 static void sd_resync_geom_caches(struct sd_lun *un, int capacity, int lbasize,
1089 	int path_flag);
1090 static int  sd_read_fdisk(struct sd_lun *un, uint_t capacity, int lbasize,
1091 	int path_flag);
1092 static void sd_get_physical_geometry(struct sd_lun *un,
1093 	struct geom_cache *pgeom_p, int capacity, int lbasize, int path_flag);
1094 static void sd_get_virtual_geometry(struct sd_lun *un, int capacity,
1095 	int lbasize);
1096 static int  sd_uselabel(struct sd_lun *un, struct dk_label *l, int path_flag);
1097 static void sd_swap_efi_gpt(efi_gpt_t *);
1098 static void sd_swap_efi_gpe(int nparts, efi_gpe_t *);
1099 static int sd_validate_efi(efi_gpt_t *);
1100 static int sd_use_efi(struct sd_lun *, int);
1101 static void sd_build_default_label(struct sd_lun *un);
1102 
1103 #if defined(_FIRMWARE_NEEDS_FDISK)
1104 static int  sd_has_max_chs_vals(struct ipart *fdp);
1105 #endif
1106 static void sd_inq_fill(char *p, int l, char *s);
1107 
1108 
1109 static void sd_register_devid(struct sd_lun *un, dev_info_t *devi,
1110     int reservation_flag);
1111 static daddr_t  sd_get_devid_block(struct sd_lun *un);
1112 static int  sd_get_devid(struct sd_lun *un);
1113 static int  sd_get_serialnum(struct sd_lun *un, uchar_t *wwn, int *len);
1114 static ddi_devid_t sd_create_devid(struct sd_lun *un);
1115 static int  sd_write_deviceid(struct sd_lun *un);
1116 static int  sd_get_devid_page(struct sd_lun *un, uchar_t *wwn, int *len);
1117 static int  sd_check_vpd_page_support(struct sd_lun *un);
1118 
1119 static void sd_setup_pm(struct sd_lun *un, dev_info_t *devi);
1120 static void sd_create_pm_components(dev_info_t *devi, struct sd_lun *un);
1121 
1122 static int  sd_ddi_suspend(dev_info_t *devi);
1123 static int  sd_ddi_pm_suspend(struct sd_lun *un);
1124 static int  sd_ddi_resume(dev_info_t *devi);
1125 static int  sd_ddi_pm_resume(struct sd_lun *un);
1126 static int  sdpower(dev_info_t *devi, int component, int level);
1127 
1128 static int  sdattach(dev_info_t *devi, ddi_attach_cmd_t cmd);
1129 static int  sddetach(dev_info_t *devi, ddi_detach_cmd_t cmd);
1130 static int  sd_unit_attach(dev_info_t *devi);
1131 static int  sd_unit_detach(dev_info_t *devi);
1132 
1133 static int  sd_create_minor_nodes(struct sd_lun *un, dev_info_t *devi);
1134 static void sd_create_errstats(struct sd_lun *un, int instance);
1135 static void sd_set_errstats(struct sd_lun *un);
1136 static void sd_set_pstats(struct sd_lun *un);
1137 
1138 static int  sddump(dev_t dev, caddr_t addr, daddr_t blkno, int nblk);
1139 static int  sd_scsi_poll(struct sd_lun *un, struct scsi_pkt *pkt);
1140 static int  sd_send_polled_RQS(struct sd_lun *un);
1141 static int  sd_ddi_scsi_poll(struct scsi_pkt *pkt);
1142 
1143 #if (defined(__fibre))
1144 /*
1145  * Event callbacks (photon)
1146  */
1147 static void sd_init_event_callbacks(struct sd_lun *un);
1148 static void  sd_event_callback(dev_info_t *, ddi_eventcookie_t, void *, void *);
1149 #endif
1150 
1151 
1152 static int   sd_disable_caching(struct sd_lun *un);
1153 static int   sd_get_write_cache_enabled(struct sd_lun *un, int *is_enabled);
1154 static dev_t sd_make_device(dev_info_t *devi);
1155 
1156 static void  sd_update_block_info(struct sd_lun *un, uint32_t lbasize,
1157 	uint64_t capacity);
1158 
1159 /*
1160  * Driver entry point functions.
1161  */
1162 static int  sdopen(dev_t *dev_p, int flag, int otyp, cred_t *cred_p);
1163 static int  sdclose(dev_t dev, int flag, int otyp, cred_t *cred_p);
1164 static int  sd_ready_and_valid(struct sd_lun *un);
1165 
1166 static void sdmin(struct buf *bp);
1167 static int sdread(dev_t dev, struct uio *uio, cred_t *cred_p);
1168 static int sdwrite(dev_t dev, struct uio *uio, cred_t *cred_p);
1169 static int sdaread(dev_t dev, struct aio_req *aio, cred_t *cred_p);
1170 static int sdawrite(dev_t dev, struct aio_req *aio, cred_t *cred_p);
1171 
1172 static int sdstrategy(struct buf *bp);
1173 static int sdioctl(dev_t, int, intptr_t, int, cred_t *, int *);
1174 
1175 /*
1176  * Function prototypes for layering functions in the iostart chain.
1177  */
1178 static void sd_mapblockaddr_iostart(int index, struct sd_lun *un,
1179 	struct buf *bp);
1180 static void sd_mapblocksize_iostart(int index, struct sd_lun *un,
1181 	struct buf *bp);
1182 static void sd_checksum_iostart(int index, struct sd_lun *un, struct buf *bp);
1183 static void sd_checksum_uscsi_iostart(int index, struct sd_lun *un,
1184 	struct buf *bp);
1185 static void sd_pm_iostart(int index, struct sd_lun *un, struct buf *bp);
1186 static void sd_core_iostart(int index, struct sd_lun *un, struct buf *bp);
1187 
1188 /*
1189  * Function prototypes for layering functions in the iodone chain.
1190  */
1191 static void sd_buf_iodone(int index, struct sd_lun *un, struct buf *bp);
1192 static void sd_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp);
1193 static void sd_mapblockaddr_iodone(int index, struct sd_lun *un,
1194 	struct buf *bp);
1195 static void sd_mapblocksize_iodone(int index, struct sd_lun *un,
1196 	struct buf *bp);
1197 static void sd_checksum_iodone(int index, struct sd_lun *un, struct buf *bp);
1198 static void sd_checksum_uscsi_iodone(int index, struct sd_lun *un,
1199 	struct buf *bp);
1200 static void sd_pm_iodone(int index, struct sd_lun *un, struct buf *bp);
1201 
1202 /*
1203  * Prototypes for functions to support buf(9S) based IO.
1204  */
1205 static void sd_xbuf_strategy(struct buf *bp, ddi_xbuf_t xp, void *arg);
1206 static int sd_initpkt_for_buf(struct buf *, struct scsi_pkt **);
1207 static void sd_destroypkt_for_buf(struct buf *);
1208 static int sd_setup_rw_pkt(struct sd_lun *un, struct scsi_pkt **pktpp,
1209 	struct buf *bp, int flags,
1210 	int (*callback)(caddr_t), caddr_t callback_arg,
1211 	diskaddr_t lba, uint32_t blockcount);
1212 #if defined(__i386) || defined(__amd64)
1213 static int sd_setup_next_rw_pkt(struct sd_lun *un, struct scsi_pkt *pktp,
1214 	struct buf *bp, diskaddr_t lba, uint32_t blockcount);
1215 #endif /* defined(__i386) || defined(__amd64) */
1216 
1217 /*
1218  * Prototypes for functions to support USCSI IO.
1219  */
1220 static int sd_uscsi_strategy(struct buf *bp);
1221 static int sd_initpkt_for_uscsi(struct buf *, struct scsi_pkt **);
1222 static void sd_destroypkt_for_uscsi(struct buf *);
1223 
1224 static void sd_xbuf_init(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
1225 	uchar_t chain_type, void *pktinfop);
1226 
1227 static int  sd_pm_entry(struct sd_lun *un);
1228 static void sd_pm_exit(struct sd_lun *un);
1229 
1230 static void sd_pm_idletimeout_handler(void *arg);
1231 
1232 /*
1233  * sd_core internal functions (used at the sd_core_io layer).
1234  */
1235 static void sd_add_buf_to_waitq(struct sd_lun *un, struct buf *bp);
1236 static void sdintr(struct scsi_pkt *pktp);
1237 static void sd_start_cmds(struct sd_lun *un, struct buf *immed_bp);
1238 
1239 static int sd_send_scsi_cmd(dev_t dev, struct uscsi_cmd *incmd,
1240 	enum uio_seg cdbspace, enum uio_seg dataspace, enum uio_seg rqbufspace,
1241 	int path_flag);
1242 
1243 static struct buf *sd_bioclone_alloc(struct buf *bp, size_t datalen,
1244 	daddr_t blkno, int (*func)(struct buf *));
1245 static struct buf *sd_shadow_buf_alloc(struct buf *bp, size_t datalen,
1246 	uint_t bflags, daddr_t blkno, int (*func)(struct buf *));
1247 static void sd_bioclone_free(struct buf *bp);
1248 static void sd_shadow_buf_free(struct buf *bp);
1249 
1250 static void sd_print_transport_rejected_message(struct sd_lun *un,
1251 	struct sd_xbuf *xp, int code);
1252 
1253 static void sd_retry_command(struct sd_lun *un, struct buf *bp,
1254 	int retry_check_flag,
1255 	void (*user_funcp)(struct sd_lun *un, struct buf *bp, void *argp,
1256 		int c),
1257 	void *user_arg, int failure_code,  clock_t retry_delay,
1258 	void (*statp)(kstat_io_t *));
1259 
1260 static void sd_set_retry_bp(struct sd_lun *un, struct buf *bp,
1261 	clock_t retry_delay, void (*statp)(kstat_io_t *));
1262 
1263 static void sd_send_request_sense_command(struct sd_lun *un, struct buf *bp,
1264 	struct scsi_pkt *pktp);
1265 static void sd_start_retry_command(void *arg);
1266 static void sd_start_direct_priority_command(void *arg);
1267 static void sd_return_failed_command(struct sd_lun *un, struct buf *bp,
1268 	int errcode);
1269 static void sd_return_failed_command_no_restart(struct sd_lun *un,
1270 	struct buf *bp, int errcode);
1271 static void sd_return_command(struct sd_lun *un, struct buf *bp);
1272 static void sd_sync_with_callback(struct sd_lun *un);
1273 static int sdrunout(caddr_t arg);
1274 
1275 static void sd_mark_rqs_busy(struct sd_lun *un, struct buf *bp);
1276 static struct buf *sd_mark_rqs_idle(struct sd_lun *un, struct sd_xbuf *xp);
1277 
1278 static void sd_reduce_throttle(struct sd_lun *un, int throttle_type);
1279 static void sd_restore_throttle(void *arg);
1280 
1281 static void sd_init_cdb_limits(struct sd_lun *un);
1282 
1283 static void sd_pkt_status_good(struct sd_lun *un, struct buf *bp,
1284 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1285 
1286 /*
1287  * Error handling functions
1288  */
1289 static void sd_pkt_status_check_condition(struct sd_lun *un, struct buf *bp,
1290 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1291 static void sd_pkt_status_busy(struct sd_lun *un, struct buf *bp,
1292 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1293 static void sd_pkt_status_reservation_conflict(struct sd_lun *un,
1294 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1295 static void sd_pkt_status_qfull(struct sd_lun *un, struct buf *bp,
1296 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1297 
1298 static void sd_handle_request_sense(struct sd_lun *un, struct buf *bp,
1299 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1300 static void sd_handle_auto_request_sense(struct sd_lun *un, struct buf *bp,
1301 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1302 static int sd_validate_sense_data(struct sd_lun *un, struct buf *bp,
1303 	struct sd_xbuf *xp);
1304 static void sd_decode_sense(struct sd_lun *un, struct buf *bp,
1305 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1306 
1307 static void sd_print_sense_msg(struct sd_lun *un, struct buf *bp,
1308 	void *arg, int code);
1309 static diskaddr_t sd_extract_sense_info_descr(
1310 	struct scsi_descr_sense_hdr *sdsp);
1311 
1312 static void sd_sense_key_no_sense(struct sd_lun *un, struct buf *bp,
1313 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1314 static void sd_sense_key_recoverable_error(struct sd_lun *un,
1315 	uint8_t asc,
1316 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1317 static void sd_sense_key_not_ready(struct sd_lun *un,
1318 	uint8_t asc, uint8_t ascq,
1319 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1320 static void sd_sense_key_medium_or_hardware_error(struct sd_lun *un,
1321 	int sense_key, uint8_t asc,
1322 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1323 static void sd_sense_key_illegal_request(struct sd_lun *un, struct buf *bp,
1324 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1325 static void sd_sense_key_unit_attention(struct sd_lun *un,
1326 	uint8_t asc,
1327 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1328 static void sd_sense_key_fail_command(struct sd_lun *un, struct buf *bp,
1329 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1330 static void sd_sense_key_blank_check(struct sd_lun *un, struct buf *bp,
1331 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1332 static void sd_sense_key_aborted_command(struct sd_lun *un, struct buf *bp,
1333 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1334 static void sd_sense_key_default(struct sd_lun *un,
1335 	int sense_key,
1336 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1337 
1338 static void sd_print_retry_msg(struct sd_lun *un, struct buf *bp,
1339 	void *arg, int flag);
1340 
1341 static void sd_pkt_reason_cmd_incomplete(struct sd_lun *un, struct buf *bp,
1342 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1343 static void sd_pkt_reason_cmd_tran_err(struct sd_lun *un, struct buf *bp,
1344 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1345 static void sd_pkt_reason_cmd_reset(struct sd_lun *un, struct buf *bp,
1346 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1347 static void sd_pkt_reason_cmd_aborted(struct sd_lun *un, struct buf *bp,
1348 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1349 static void sd_pkt_reason_cmd_timeout(struct sd_lun *un, struct buf *bp,
1350 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1351 static void sd_pkt_reason_cmd_unx_bus_free(struct sd_lun *un, struct buf *bp,
1352 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1353 static void sd_pkt_reason_cmd_tag_reject(struct sd_lun *un, struct buf *bp,
1354 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1355 static void sd_pkt_reason_default(struct sd_lun *un, struct buf *bp,
1356 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1357 
1358 static void sd_reset_target(struct sd_lun *un, struct scsi_pkt *pktp);
1359 
1360 static void sd_start_stop_unit_callback(void *arg);
1361 static void sd_start_stop_unit_task(void *arg);
1362 
1363 static void sd_taskq_create(void);
1364 static void sd_taskq_delete(void);
1365 static void sd_media_change_task(void *arg);
1366 
1367 static int sd_handle_mchange(struct sd_lun *un);
1368 static int sd_send_scsi_DOORLOCK(struct sd_lun *un, int flag, int path_flag);
1369 static int sd_send_scsi_READ_CAPACITY(struct sd_lun *un, uint64_t *capp,
1370 	uint32_t *lbap, int path_flag);
1371 static int sd_send_scsi_READ_CAPACITY_16(struct sd_lun *un, uint64_t *capp,
1372 	uint32_t *lbap, int path_flag);
1373 static int sd_send_scsi_START_STOP_UNIT(struct sd_lun *un, int flag,
1374 	int path_flag);
1375 static int sd_send_scsi_INQUIRY(struct sd_lun *un, uchar_t *bufaddr,
1376 	size_t buflen, uchar_t evpd, uchar_t page_code, size_t *residp);
1377 static int sd_send_scsi_TEST_UNIT_READY(struct sd_lun *un, int flag);
1378 static int sd_send_scsi_PERSISTENT_RESERVE_IN(struct sd_lun *un,
1379 	uchar_t usr_cmd, uint16_t data_len, uchar_t *data_bufp);
1380 static int sd_send_scsi_PERSISTENT_RESERVE_OUT(struct sd_lun *un,
1381 	uchar_t usr_cmd, uchar_t *usr_bufp);
1382 static int sd_send_scsi_SYNCHRONIZE_CACHE(struct sd_lun *un,
1383 	struct dk_callback *dkc);
1384 static int sd_send_scsi_SYNCHRONIZE_CACHE_biodone(struct buf *bp);
1385 static int sd_send_scsi_GET_CONFIGURATION(struct sd_lun *un,
1386 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
1387 	uchar_t *bufaddr, uint_t buflen);
1388 static int sd_send_scsi_feature_GET_CONFIGURATION(struct sd_lun *un,
1389 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
1390 	uchar_t *bufaddr, uint_t buflen, char feature);
1391 static int sd_send_scsi_MODE_SENSE(struct sd_lun *un, int cdbsize,
1392 	uchar_t *bufaddr, size_t buflen, uchar_t page_code, int path_flag);
1393 static int sd_send_scsi_MODE_SELECT(struct sd_lun *un, int cdbsize,
1394 	uchar_t *bufaddr, size_t buflen, uchar_t save_page, int path_flag);
1395 static int sd_send_scsi_RDWR(struct sd_lun *un, uchar_t cmd, void *bufaddr,
1396 	size_t buflen, daddr_t start_block, int path_flag);
1397 #define	sd_send_scsi_READ(un, bufaddr, buflen, start_block, path_flag)	\
1398 	sd_send_scsi_RDWR(un, SCMD_READ, bufaddr, buflen, start_block, \
1399 	path_flag)
1400 #define	sd_send_scsi_WRITE(un, bufaddr, buflen, start_block, path_flag)	\
1401 	sd_send_scsi_RDWR(un, SCMD_WRITE, bufaddr, buflen, start_block,\
1402 	path_flag)
1403 
1404 static int sd_send_scsi_LOG_SENSE(struct sd_lun *un, uchar_t *bufaddr,
1405 	uint16_t buflen, uchar_t page_code, uchar_t page_control,
1406 	uint16_t param_ptr, int path_flag);
1407 
1408 static int  sd_alloc_rqs(struct scsi_device *devp, struct sd_lun *un);
1409 static void sd_free_rqs(struct sd_lun *un);
1410 
1411 static void sd_dump_memory(struct sd_lun *un, uint_t comp, char *title,
1412 	uchar_t *data, int len, int fmt);
1413 
1414 /*
1415  * Disk Ioctl Function Prototypes
1416  */
1417 static int sd_uscsi_ioctl(dev_t dev, caddr_t arg, int flag);
1418 static int sd_get_media_info(dev_t dev, caddr_t arg, int flag);
1419 static int sd_dkio_ctrl_info(dev_t dev, caddr_t arg, int flag);
1420 static int sd_dkio_get_geometry(dev_t dev, caddr_t arg, int flag,
1421 	int geom_validated);
1422 static int sd_dkio_set_geometry(dev_t dev, caddr_t arg, int flag);
1423 static int sd_dkio_get_partition(dev_t dev, caddr_t arg, int flag,
1424 	int geom_validated);
1425 static int sd_dkio_set_partition(dev_t dev, caddr_t arg, int flag);
1426 static int sd_dkio_get_vtoc(dev_t dev, caddr_t arg, int flag,
1427 	int geom_validated);
1428 static int sd_dkio_get_efi(dev_t dev, caddr_t arg, int flag);
1429 static int sd_dkio_partition(dev_t dev, caddr_t arg, int flag);
1430 static void sd_build_user_vtoc(struct sd_lun *un, struct vtoc *user_vtoc);
1431 static int sd_dkio_set_vtoc(dev_t dev, caddr_t arg, int flag);
1432 static int sd_dkio_set_efi(dev_t dev, caddr_t arg, int flag);
1433 static int sd_build_label_vtoc(struct sd_lun *un, struct vtoc *user_vtoc);
1434 static int sd_write_label(dev_t dev);
1435 static int sd_set_vtoc(struct sd_lun *un, struct dk_label *dkl);
1436 static void sd_clear_vtoc(struct sd_lun *un);
1437 static void sd_clear_efi(struct sd_lun *un);
1438 static int sd_dkio_get_temp(dev_t dev, caddr_t arg, int flag);
1439 static int sd_dkio_get_mboot(dev_t dev, caddr_t arg, int flag);
1440 static int sd_dkio_set_mboot(dev_t dev, caddr_t arg, int flag);
1441 static void sd_setup_default_geometry(struct sd_lun *un);
1442 #if defined(__i386) || defined(__amd64)
1443 static int sd_update_fdisk_and_vtoc(struct sd_lun *un);
1444 #endif
1445 
1446 /*
1447  * Multi-host Ioctl Prototypes
1448  */
1449 static int sd_check_mhd(dev_t dev, int interval);
1450 static int sd_mhd_watch_cb(caddr_t arg, struct scsi_watch_result *resultp);
1451 static void sd_mhd_watch_incomplete(struct sd_lun *un, struct scsi_pkt *pkt);
1452 static char *sd_sname(uchar_t status);
1453 static void sd_mhd_resvd_recover(void *arg);
1454 static void sd_resv_reclaim_thread();
1455 static int sd_take_ownership(dev_t dev, struct mhioctkown *p);
1456 static int sd_reserve_release(dev_t dev, int cmd);
1457 static void sd_rmv_resv_reclaim_req(dev_t dev);
1458 static void sd_mhd_reset_notify_cb(caddr_t arg);
1459 static int sd_persistent_reservation_in_read_keys(struct sd_lun *un,
1460 	mhioc_inkeys_t *usrp, int flag);
1461 static int sd_persistent_reservation_in_read_resv(struct sd_lun *un,
1462 	mhioc_inresvs_t *usrp, int flag);
1463 static int sd_mhdioc_takeown(dev_t dev, caddr_t arg, int flag);
1464 static int sd_mhdioc_failfast(dev_t dev, caddr_t arg, int flag);
1465 static int sd_mhdioc_release(dev_t dev);
1466 static int sd_mhdioc_register_devid(dev_t dev);
1467 static int sd_mhdioc_inkeys(dev_t dev, caddr_t arg, int flag);
1468 static int sd_mhdioc_inresv(dev_t dev, caddr_t arg, int flag);
1469 
1470 /*
1471  * SCSI removable prototypes
1472  */
1473 static int sr_change_blkmode(dev_t dev, int cmd, intptr_t data, int flag);
1474 static int sr_change_speed(dev_t dev, int cmd, intptr_t data, int flag);
1475 static int sr_atapi_change_speed(dev_t dev, int cmd, intptr_t data, int flag);
1476 static int sr_pause_resume(dev_t dev, int mode);
1477 static int sr_play_msf(dev_t dev, caddr_t data, int flag);
1478 static int sr_play_trkind(dev_t dev, caddr_t data, int flag);
1479 static int sr_read_all_subcodes(dev_t dev, caddr_t data, int flag);
1480 static int sr_read_subchannel(dev_t dev, caddr_t data, int flag);
1481 static int sr_read_tocentry(dev_t dev, caddr_t data, int flag);
1482 static int sr_read_tochdr(dev_t dev, caddr_t data, int flag);
1483 static int sr_read_cdda(dev_t dev, caddr_t data, int flag);
1484 static int sr_read_cdxa(dev_t dev, caddr_t data, int flag);
1485 static int sr_read_mode1(dev_t dev, caddr_t data, int flag);
1486 static int sr_read_mode2(dev_t dev, caddr_t data, int flag);
1487 static int sr_read_cd_mode2(dev_t dev, caddr_t data, int flag);
1488 static int sr_sector_mode(dev_t dev, uint32_t blksize);
1489 static int sr_eject(dev_t dev);
1490 static void sr_ejected(register struct sd_lun *un);
1491 static int sr_check_wp(dev_t dev);
1492 static int sd_check_media(dev_t dev, enum dkio_state state);
1493 static int sd_media_watch_cb(caddr_t arg, struct scsi_watch_result *resultp);
1494 static void sd_delayed_cv_broadcast(void *arg);
1495 static int sr_volume_ctrl(dev_t dev, caddr_t data, int flag);
1496 static int sr_read_sony_session_offset(dev_t dev, caddr_t data, int flag);
1497 
1498 static int sd_log_page_supported(struct sd_lun *un, int log_page);
1499 
1500 /*
1501  * Function Prototype for the non-512 support (DVDRAM, MO etc.) functions.
1502  */
1503 static void sd_check_for_writable_cd(struct sd_lun *un);
1504 static int sd_wm_cache_constructor(void *wm, void *un, int flags);
1505 static void sd_wm_cache_destructor(void *wm, void *un);
1506 static struct sd_w_map *sd_range_lock(struct sd_lun *un, daddr_t startb,
1507 	daddr_t endb, ushort_t typ);
1508 static struct sd_w_map *sd_get_range(struct sd_lun *un, daddr_t startb,
1509 	daddr_t endb);
1510 static void sd_free_inlist_wmap(struct sd_lun *un, struct sd_w_map *wmp);
1511 static void sd_range_unlock(struct sd_lun *un, struct sd_w_map *wm);
1512 static void sd_read_modify_write_task(void * arg);
1513 static int
1514 sddump_do_read_of_rmw(struct sd_lun *un, uint64_t blkno, uint64_t nblk,
1515 	struct buf **bpp);
1516 
1517 
1518 /*
1519  * Function prototypes for failfast support.
1520  */
1521 static void sd_failfast_flushq(struct sd_lun *un);
1522 static int sd_failfast_flushq_callback(struct buf *bp);
1523 
1524 /*
1525  * Function prototypes to check for lsi devices
1526  */
1527 static void sd_is_lsi(struct sd_lun *un);
1528 
1529 /*
1530  * Function prototypes for x86 support
1531  */
1532 #if defined(__i386) || defined(__amd64)
1533 static int sd_setup_next_xfer(struct sd_lun *un, struct buf *bp,
1534 		struct scsi_pkt *pkt, struct sd_xbuf *xp);
1535 #endif
1536 
1537 /*
1538  * Constants for failfast support:
1539  *
1540  * SD_FAILFAST_INACTIVE: Instance is currently in a normal state, with NO
1541  * failfast processing being performed.
1542  *
1543  * SD_FAILFAST_ACTIVE: Instance is in the failfast state and is performing
1544  * failfast processing on all bufs with B_FAILFAST set.
1545  */
1546 
1547 #define	SD_FAILFAST_INACTIVE		0
1548 #define	SD_FAILFAST_ACTIVE		1
1549 
1550 /*
1551  * Bitmask to control behavior of buf(9S) flushes when a transition to
1552  * the failfast state occurs. Optional bits include:
1553  *
1554  * SD_FAILFAST_FLUSH_ALL_BUFS: When set, flush ALL bufs including those that
1555  * do NOT have B_FAILFAST set. When clear, only bufs with B_FAILFAST will
1556  * be flushed.
1557  *
1558  * SD_FAILFAST_FLUSH_ALL_QUEUES: When set, flush any/all other queues in the
1559  * driver, in addition to the regular wait queue. This includes the xbuf
1560  * queues. When clear, only the driver's wait queue will be flushed.
1561  */
1562 #define	SD_FAILFAST_FLUSH_ALL_BUFS	0x01
1563 #define	SD_FAILFAST_FLUSH_ALL_QUEUES	0x02
1564 
1565 /*
1566  * The default behavior is to only flush bufs that have B_FAILFAST set, but
1567  * to flush all queues within the driver.
1568  */
1569 static int sd_failfast_flushctl = SD_FAILFAST_FLUSH_ALL_QUEUES;
1570 
1571 
1572 /*
1573  * SD Testing Fault Injection
1574  */
1575 #ifdef SD_FAULT_INJECTION
1576 static void sd_faultinjection_ioctl(int cmd, intptr_t arg, struct sd_lun *un);
1577 static void sd_faultinjection(struct scsi_pkt *pktp);
1578 static void sd_injection_log(char *buf, struct sd_lun *un);
1579 #endif
1580 
1581 /*
1582  * Device driver ops vector
1583  */
1584 static struct cb_ops sd_cb_ops = {
1585 	sdopen,			/* open */
1586 	sdclose,		/* close */
1587 	sdstrategy,		/* strategy */
1588 	nodev,			/* print */
1589 	sddump,			/* dump */
1590 	sdread,			/* read */
1591 	sdwrite,		/* write */
1592 	sdioctl,		/* ioctl */
1593 	nodev,			/* devmap */
1594 	nodev,			/* mmap */
1595 	nodev,			/* segmap */
1596 	nochpoll,		/* poll */
1597 	sd_prop_op,		/* cb_prop_op */
1598 	0,			/* streamtab  */
1599 	D_64BIT | D_MP | D_NEW | D_HOTPLUG, /* Driver compatibility flags */
1600 	CB_REV,			/* cb_rev */
1601 	sdaread, 		/* async I/O read entry point */
1602 	sdawrite		/* async I/O write entry point */
1603 };
1604 
1605 static struct dev_ops sd_ops = {
1606 	DEVO_REV,		/* devo_rev, */
1607 	0,			/* refcnt  */
1608 	sdinfo,			/* info */
1609 	nulldev,		/* identify */
1610 	sdprobe,		/* probe */
1611 	sdattach,		/* attach */
1612 	sddetach,		/* detach */
1613 	nodev,			/* reset */
1614 	&sd_cb_ops,		/* driver operations */
1615 	NULL,			/* bus operations */
1616 	sdpower			/* power */
1617 };
1618 
1619 
1620 /*
1621  * This is the loadable module wrapper.
1622  */
1623 #include <sys/modctl.h>
1624 
1625 static struct modldrv modldrv = {
1626 	&mod_driverops,		/* Type of module. This one is a driver */
1627 	SD_MODULE_NAME,		/* Module name. */
1628 	&sd_ops			/* driver ops */
1629 };
1630 
1631 
1632 static struct modlinkage modlinkage = {
1633 	MODREV_1,
1634 	&modldrv,
1635 	NULL
1636 };
1637 
1638 
1639 static struct scsi_asq_key_strings sd_additional_codes[] = {
1640 	0x81, 0, "Logical Unit is Reserved",
1641 	0x85, 0, "Audio Address Not Valid",
1642 	0xb6, 0, "Media Load Mechanism Failed",
1643 	0xB9, 0, "Audio Play Operation Aborted",
1644 	0xbf, 0, "Buffer Overflow for Read All Subcodes Command",
1645 	0x53, 2, "Medium removal prevented",
1646 	0x6f, 0, "Authentication failed during key exchange",
1647 	0x6f, 1, "Key not present",
1648 	0x6f, 2, "Key not established",
1649 	0x6f, 3, "Read without proper authentication",
1650 	0x6f, 4, "Mismatched region to this logical unit",
1651 	0x6f, 5, "Region reset count error",
1652 	0xffff, 0x0, NULL
1653 };
1654 
1655 
1656 /*
1657  * Struct for passing printing information for sense data messages
1658  */
1659 struct sd_sense_info {
1660 	int	ssi_severity;
1661 	int	ssi_pfa_flag;
1662 };
1663 
1664 /*
1665  * Table of function pointers for iostart-side routines. Seperate "chains"
1666  * of layered function calls are formed by placing the function pointers
1667  * sequentially in the desired order. Functions are called according to an
1668  * incrementing table index ordering. The last function in each chain must
1669  * be sd_core_iostart(). The corresponding iodone-side routines are expected
1670  * in the sd_iodone_chain[] array.
1671  *
1672  * Note: It may seem more natural to organize both the iostart and iodone
1673  * functions together, into an array of structures (or some similar
1674  * organization) with a common index, rather than two seperate arrays which
1675  * must be maintained in synchronization. The purpose of this division is
1676  * to achiece improved performance: individual arrays allows for more
1677  * effective cache line utilization on certain platforms.
1678  */
1679 
1680 typedef void (*sd_chain_t)(int index, struct sd_lun *un, struct buf *bp);
1681 
1682 
1683 static sd_chain_t sd_iostart_chain[] = {
1684 
1685 	/* Chain for buf IO for disk drive targets (PM enabled) */
1686 	sd_mapblockaddr_iostart,	/* Index: 0 */
1687 	sd_pm_iostart,			/* Index: 1 */
1688 	sd_core_iostart,		/* Index: 2 */
1689 
1690 	/* Chain for buf IO for disk drive targets (PM disabled) */
1691 	sd_mapblockaddr_iostart,	/* Index: 3 */
1692 	sd_core_iostart,		/* Index: 4 */
1693 
1694 	/* Chain for buf IO for removable-media targets (PM enabled) */
1695 	sd_mapblockaddr_iostart,	/* Index: 5 */
1696 	sd_mapblocksize_iostart,	/* Index: 6 */
1697 	sd_pm_iostart,			/* Index: 7 */
1698 	sd_core_iostart,		/* Index: 8 */
1699 
1700 	/* Chain for buf IO for removable-media targets (PM disabled) */
1701 	sd_mapblockaddr_iostart,	/* Index: 9 */
1702 	sd_mapblocksize_iostart,	/* Index: 10 */
1703 	sd_core_iostart,		/* Index: 11 */
1704 
1705 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1706 	sd_mapblockaddr_iostart,	/* Index: 12 */
1707 	sd_checksum_iostart,		/* Index: 13 */
1708 	sd_pm_iostart,			/* Index: 14 */
1709 	sd_core_iostart,		/* Index: 15 */
1710 
1711 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1712 	sd_mapblockaddr_iostart,	/* Index: 16 */
1713 	sd_checksum_iostart,		/* Index: 17 */
1714 	sd_core_iostart,		/* Index: 18 */
1715 
1716 	/* Chain for USCSI commands (all targets) */
1717 	sd_pm_iostart,			/* Index: 19 */
1718 	sd_core_iostart,		/* Index: 20 */
1719 
1720 	/* Chain for checksumming USCSI commands (all targets) */
1721 	sd_checksum_uscsi_iostart,	/* Index: 21 */
1722 	sd_pm_iostart,			/* Index: 22 */
1723 	sd_core_iostart,		/* Index: 23 */
1724 
1725 	/* Chain for "direct" USCSI commands (all targets) */
1726 	sd_core_iostart,		/* Index: 24 */
1727 
1728 	/* Chain for "direct priority" USCSI commands (all targets) */
1729 	sd_core_iostart,		/* Index: 25 */
1730 };
1731 
1732 /*
1733  * Macros to locate the first function of each iostart chain in the
1734  * sd_iostart_chain[] array. These are located by the index in the array.
1735  */
1736 #define	SD_CHAIN_DISK_IOSTART			0
1737 #define	SD_CHAIN_DISK_IOSTART_NO_PM		3
1738 #define	SD_CHAIN_RMMEDIA_IOSTART		5
1739 #define	SD_CHAIN_RMMEDIA_IOSTART_NO_PM		9
1740 #define	SD_CHAIN_CHKSUM_IOSTART			12
1741 #define	SD_CHAIN_CHKSUM_IOSTART_NO_PM		16
1742 #define	SD_CHAIN_USCSI_CMD_IOSTART		19
1743 #define	SD_CHAIN_USCSI_CHKSUM_IOSTART		21
1744 #define	SD_CHAIN_DIRECT_CMD_IOSTART		24
1745 #define	SD_CHAIN_PRIORITY_CMD_IOSTART		25
1746 
1747 
1748 /*
1749  * Table of function pointers for the iodone-side routines for the driver-
1750  * internal layering mechanism.  The calling sequence for iodone routines
1751  * uses a decrementing table index, so the last routine called in a chain
1752  * must be at the lowest array index location for that chain.  The last
1753  * routine for each chain must be either sd_buf_iodone() (for buf(9S) IOs)
1754  * or sd_uscsi_iodone() (for uscsi IOs).  Other than this, the ordering
1755  * of the functions in an iodone side chain must correspond to the ordering
1756  * of the iostart routines for that chain.  Note that there is no iodone
1757  * side routine that corresponds to sd_core_iostart(), so there is no
1758  * entry in the table for this.
1759  */
1760 
1761 static sd_chain_t sd_iodone_chain[] = {
1762 
1763 	/* Chain for buf IO for disk drive targets (PM enabled) */
1764 	sd_buf_iodone,			/* Index: 0 */
1765 	sd_mapblockaddr_iodone,		/* Index: 1 */
1766 	sd_pm_iodone,			/* Index: 2 */
1767 
1768 	/* Chain for buf IO for disk drive targets (PM disabled) */
1769 	sd_buf_iodone,			/* Index: 3 */
1770 	sd_mapblockaddr_iodone,		/* Index: 4 */
1771 
1772 	/* Chain for buf IO for removable-media targets (PM enabled) */
1773 	sd_buf_iodone,			/* Index: 5 */
1774 	sd_mapblockaddr_iodone,		/* Index: 6 */
1775 	sd_mapblocksize_iodone,		/* Index: 7 */
1776 	sd_pm_iodone,			/* Index: 8 */
1777 
1778 	/* Chain for buf IO for removable-media targets (PM disabled) */
1779 	sd_buf_iodone,			/* Index: 9 */
1780 	sd_mapblockaddr_iodone,		/* Index: 10 */
1781 	sd_mapblocksize_iodone,		/* Index: 11 */
1782 
1783 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1784 	sd_buf_iodone,			/* Index: 12 */
1785 	sd_mapblockaddr_iodone,		/* Index: 13 */
1786 	sd_checksum_iodone,		/* Index: 14 */
1787 	sd_pm_iodone,			/* Index: 15 */
1788 
1789 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1790 	sd_buf_iodone,			/* Index: 16 */
1791 	sd_mapblockaddr_iodone,		/* Index: 17 */
1792 	sd_checksum_iodone,		/* Index: 18 */
1793 
1794 	/* Chain for USCSI commands (non-checksum targets) */
1795 	sd_uscsi_iodone,		/* Index: 19 */
1796 	sd_pm_iodone,			/* Index: 20 */
1797 
1798 	/* Chain for USCSI commands (checksum targets) */
1799 	sd_uscsi_iodone,		/* Index: 21 */
1800 	sd_checksum_uscsi_iodone,	/* Index: 22 */
1801 	sd_pm_iodone,			/* Index: 22 */
1802 
1803 	/* Chain for "direct" USCSI commands (all targets) */
1804 	sd_uscsi_iodone,		/* Index: 24 */
1805 
1806 	/* Chain for "direct priority" USCSI commands (all targets) */
1807 	sd_uscsi_iodone,		/* Index: 25 */
1808 };
1809 
1810 
1811 /*
1812  * Macros to locate the "first" function in the sd_iodone_chain[] array for
1813  * each iodone-side chain. These are located by the array index, but as the
1814  * iodone side functions are called in a decrementing-index order, the
1815  * highest index number in each chain must be specified (as these correspond
1816  * to the first function in the iodone chain that will be called by the core
1817  * at IO completion time).
1818  */
1819 
1820 #define	SD_CHAIN_DISK_IODONE			2
1821 #define	SD_CHAIN_DISK_IODONE_NO_PM		4
1822 #define	SD_CHAIN_RMMEDIA_IODONE			8
1823 #define	SD_CHAIN_RMMEDIA_IODONE_NO_PM		11
1824 #define	SD_CHAIN_CHKSUM_IODONE			15
1825 #define	SD_CHAIN_CHKSUM_IODONE_NO_PM		18
1826 #define	SD_CHAIN_USCSI_CMD_IODONE		20
1827 #define	SD_CHAIN_USCSI_CHKSUM_IODONE		22
1828 #define	SD_CHAIN_DIRECT_CMD_IODONE		24
1829 #define	SD_CHAIN_PRIORITY_CMD_IODONE		25
1830 
1831 
1832 
1833 
1834 /*
1835  * Array to map a layering chain index to the appropriate initpkt routine.
1836  * The redundant entries are present so that the index used for accessing
1837  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1838  * with this table as well.
1839  */
1840 typedef int (*sd_initpkt_t)(struct buf *, struct scsi_pkt **);
1841 
1842 static sd_initpkt_t	sd_initpkt_map[] = {
1843 
1844 	/* Chain for buf IO for disk drive targets (PM enabled) */
1845 	sd_initpkt_for_buf,		/* Index: 0 */
1846 	sd_initpkt_for_buf,		/* Index: 1 */
1847 	sd_initpkt_for_buf,		/* Index: 2 */
1848 
1849 	/* Chain for buf IO for disk drive targets (PM disabled) */
1850 	sd_initpkt_for_buf,		/* Index: 3 */
1851 	sd_initpkt_for_buf,		/* Index: 4 */
1852 
1853 	/* Chain for buf IO for removable-media targets (PM enabled) */
1854 	sd_initpkt_for_buf,		/* Index: 5 */
1855 	sd_initpkt_for_buf,		/* Index: 6 */
1856 	sd_initpkt_for_buf,		/* Index: 7 */
1857 	sd_initpkt_for_buf,		/* Index: 8 */
1858 
1859 	/* Chain for buf IO for removable-media targets (PM disabled) */
1860 	sd_initpkt_for_buf,		/* Index: 9 */
1861 	sd_initpkt_for_buf,		/* Index: 10 */
1862 	sd_initpkt_for_buf,		/* Index: 11 */
1863 
1864 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1865 	sd_initpkt_for_buf,		/* Index: 12 */
1866 	sd_initpkt_for_buf,		/* Index: 13 */
1867 	sd_initpkt_for_buf,		/* Index: 14 */
1868 	sd_initpkt_for_buf,		/* Index: 15 */
1869 
1870 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1871 	sd_initpkt_for_buf,		/* Index: 16 */
1872 	sd_initpkt_for_buf,		/* Index: 17 */
1873 	sd_initpkt_for_buf,		/* Index: 18 */
1874 
1875 	/* Chain for USCSI commands (non-checksum targets) */
1876 	sd_initpkt_for_uscsi,		/* Index: 19 */
1877 	sd_initpkt_for_uscsi,		/* Index: 20 */
1878 
1879 	/* Chain for USCSI commands (checksum targets) */
1880 	sd_initpkt_for_uscsi,		/* Index: 21 */
1881 	sd_initpkt_for_uscsi,		/* Index: 22 */
1882 	sd_initpkt_for_uscsi,		/* Index: 22 */
1883 
1884 	/* Chain for "direct" USCSI commands (all targets) */
1885 	sd_initpkt_for_uscsi,		/* Index: 24 */
1886 
1887 	/* Chain for "direct priority" USCSI commands (all targets) */
1888 	sd_initpkt_for_uscsi,		/* Index: 25 */
1889 
1890 };
1891 
1892 
1893 /*
1894  * Array to map a layering chain index to the appropriate destroypktpkt routine.
1895  * The redundant entries are present so that the index used for accessing
1896  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1897  * with this table as well.
1898  */
1899 typedef void (*sd_destroypkt_t)(struct buf *);
1900 
1901 static sd_destroypkt_t	sd_destroypkt_map[] = {
1902 
1903 	/* Chain for buf IO for disk drive targets (PM enabled) */
1904 	sd_destroypkt_for_buf,		/* Index: 0 */
1905 	sd_destroypkt_for_buf,		/* Index: 1 */
1906 	sd_destroypkt_for_buf,		/* Index: 2 */
1907 
1908 	/* Chain for buf IO for disk drive targets (PM disabled) */
1909 	sd_destroypkt_for_buf,		/* Index: 3 */
1910 	sd_destroypkt_for_buf,		/* Index: 4 */
1911 
1912 	/* Chain for buf IO for removable-media targets (PM enabled) */
1913 	sd_destroypkt_for_buf,		/* Index: 5 */
1914 	sd_destroypkt_for_buf,		/* Index: 6 */
1915 	sd_destroypkt_for_buf,		/* Index: 7 */
1916 	sd_destroypkt_for_buf,		/* Index: 8 */
1917 
1918 	/* Chain for buf IO for removable-media targets (PM disabled) */
1919 	sd_destroypkt_for_buf,		/* Index: 9 */
1920 	sd_destroypkt_for_buf,		/* Index: 10 */
1921 	sd_destroypkt_for_buf,		/* Index: 11 */
1922 
1923 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1924 	sd_destroypkt_for_buf,		/* Index: 12 */
1925 	sd_destroypkt_for_buf,		/* Index: 13 */
1926 	sd_destroypkt_for_buf,		/* Index: 14 */
1927 	sd_destroypkt_for_buf,		/* Index: 15 */
1928 
1929 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1930 	sd_destroypkt_for_buf,		/* Index: 16 */
1931 	sd_destroypkt_for_buf,		/* Index: 17 */
1932 	sd_destroypkt_for_buf,		/* Index: 18 */
1933 
1934 	/* Chain for USCSI commands (non-checksum targets) */
1935 	sd_destroypkt_for_uscsi,	/* Index: 19 */
1936 	sd_destroypkt_for_uscsi,	/* Index: 20 */
1937 
1938 	/* Chain for USCSI commands (checksum targets) */
1939 	sd_destroypkt_for_uscsi,	/* Index: 21 */
1940 	sd_destroypkt_for_uscsi,	/* Index: 22 */
1941 	sd_destroypkt_for_uscsi,	/* Index: 22 */
1942 
1943 	/* Chain for "direct" USCSI commands (all targets) */
1944 	sd_destroypkt_for_uscsi,	/* Index: 24 */
1945 
1946 	/* Chain for "direct priority" USCSI commands (all targets) */
1947 	sd_destroypkt_for_uscsi,	/* Index: 25 */
1948 
1949 };
1950 
1951 
1952 
1953 /*
1954  * Array to map a layering chain index to the appropriate chain "type".
1955  * The chain type indicates a specific property/usage of the chain.
1956  * The redundant entries are present so that the index used for accessing
1957  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1958  * with this table as well.
1959  */
1960 
1961 #define	SD_CHAIN_NULL			0	/* for the special RQS cmd */
1962 #define	SD_CHAIN_BUFIO			1	/* regular buf IO */
1963 #define	SD_CHAIN_USCSI			2	/* regular USCSI commands */
1964 #define	SD_CHAIN_DIRECT			3	/* uscsi, w/ bypass power mgt */
1965 #define	SD_CHAIN_DIRECT_PRIORITY	4	/* uscsi, w/ bypass power mgt */
1966 						/* (for error recovery) */
1967 
1968 static int sd_chain_type_map[] = {
1969 
1970 	/* Chain for buf IO for disk drive targets (PM enabled) */
1971 	SD_CHAIN_BUFIO,			/* Index: 0 */
1972 	SD_CHAIN_BUFIO,			/* Index: 1 */
1973 	SD_CHAIN_BUFIO,			/* Index: 2 */
1974 
1975 	/* Chain for buf IO for disk drive targets (PM disabled) */
1976 	SD_CHAIN_BUFIO,			/* Index: 3 */
1977 	SD_CHAIN_BUFIO,			/* Index: 4 */
1978 
1979 	/* Chain for buf IO for removable-media targets (PM enabled) */
1980 	SD_CHAIN_BUFIO,			/* Index: 5 */
1981 	SD_CHAIN_BUFIO,			/* Index: 6 */
1982 	SD_CHAIN_BUFIO,			/* Index: 7 */
1983 	SD_CHAIN_BUFIO,			/* Index: 8 */
1984 
1985 	/* Chain for buf IO for removable-media targets (PM disabled) */
1986 	SD_CHAIN_BUFIO,			/* Index: 9 */
1987 	SD_CHAIN_BUFIO,			/* Index: 10 */
1988 	SD_CHAIN_BUFIO,			/* Index: 11 */
1989 
1990 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1991 	SD_CHAIN_BUFIO,			/* Index: 12 */
1992 	SD_CHAIN_BUFIO,			/* Index: 13 */
1993 	SD_CHAIN_BUFIO,			/* Index: 14 */
1994 	SD_CHAIN_BUFIO,			/* Index: 15 */
1995 
1996 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1997 	SD_CHAIN_BUFIO,			/* Index: 16 */
1998 	SD_CHAIN_BUFIO,			/* Index: 17 */
1999 	SD_CHAIN_BUFIO,			/* Index: 18 */
2000 
2001 	/* Chain for USCSI commands (non-checksum targets) */
2002 	SD_CHAIN_USCSI,			/* Index: 19 */
2003 	SD_CHAIN_USCSI,			/* Index: 20 */
2004 
2005 	/* Chain for USCSI commands (checksum targets) */
2006 	SD_CHAIN_USCSI,			/* Index: 21 */
2007 	SD_CHAIN_USCSI,			/* Index: 22 */
2008 	SD_CHAIN_USCSI,			/* Index: 22 */
2009 
2010 	/* Chain for "direct" USCSI commands (all targets) */
2011 	SD_CHAIN_DIRECT,		/* Index: 24 */
2012 
2013 	/* Chain for "direct priority" USCSI commands (all targets) */
2014 	SD_CHAIN_DIRECT_PRIORITY,	/* Index: 25 */
2015 };
2016 
2017 
2018 /* Macro to return TRUE if the IO has come from the sd_buf_iostart() chain. */
2019 #define	SD_IS_BUFIO(xp)			\
2020 	(sd_chain_type_map[(xp)->xb_chain_iostart] == SD_CHAIN_BUFIO)
2021 
2022 /* Macro to return TRUE if the IO has come from the "direct priority" chain. */
2023 #define	SD_IS_DIRECT_PRIORITY(xp)	\
2024 	(sd_chain_type_map[(xp)->xb_chain_iostart] == SD_CHAIN_DIRECT_PRIORITY)
2025 
2026 
2027 
2028 /*
2029  * Struct, array, and macros to map a specific chain to the appropriate
2030  * layering indexes in the sd_iostart_chain[] and sd_iodone_chain[] arrays.
2031  *
2032  * The sd_chain_index_map[] array is used at attach time to set the various
2033  * un_xxx_chain type members of the sd_lun softstate to the specific layering
2034  * chain to be used with the instance. This allows different instances to use
2035  * different chain for buf IO, uscsi IO, etc.. Also, since the xb_chain_iostart
2036  * and xb_chain_iodone index values in the sd_xbuf are initialized to these
2037  * values at sd_xbuf init time, this allows (1) layering chains may be changed
2038  * dynamically & without the use of locking; and (2) a layer may update the
2039  * xb_chain_io[start|done] member in a given xbuf with its current index value,
2040  * to allow for deferred processing of an IO within the same chain from a
2041  * different execution context.
2042  */
2043 
2044 struct sd_chain_index {
2045 	int	sci_iostart_index;
2046 	int	sci_iodone_index;
2047 };
2048 
2049 static struct sd_chain_index	sd_chain_index_map[] = {
2050 	{ SD_CHAIN_DISK_IOSTART,		SD_CHAIN_DISK_IODONE },
2051 	{ SD_CHAIN_DISK_IOSTART_NO_PM,		SD_CHAIN_DISK_IODONE_NO_PM },
2052 	{ SD_CHAIN_RMMEDIA_IOSTART,		SD_CHAIN_RMMEDIA_IODONE },
2053 	{ SD_CHAIN_RMMEDIA_IOSTART_NO_PM,	SD_CHAIN_RMMEDIA_IODONE_NO_PM },
2054 	{ SD_CHAIN_CHKSUM_IOSTART,		SD_CHAIN_CHKSUM_IODONE },
2055 	{ SD_CHAIN_CHKSUM_IOSTART_NO_PM,	SD_CHAIN_CHKSUM_IODONE_NO_PM },
2056 	{ SD_CHAIN_USCSI_CMD_IOSTART,		SD_CHAIN_USCSI_CMD_IODONE },
2057 	{ SD_CHAIN_USCSI_CHKSUM_IOSTART,	SD_CHAIN_USCSI_CHKSUM_IODONE },
2058 	{ SD_CHAIN_DIRECT_CMD_IOSTART,		SD_CHAIN_DIRECT_CMD_IODONE },
2059 	{ SD_CHAIN_PRIORITY_CMD_IOSTART,	SD_CHAIN_PRIORITY_CMD_IODONE },
2060 };
2061 
2062 
2063 /*
2064  * The following are indexes into the sd_chain_index_map[] array.
2065  */
2066 
2067 /* un->un_buf_chain_type must be set to one of these */
2068 #define	SD_CHAIN_INFO_DISK		0
2069 #define	SD_CHAIN_INFO_DISK_NO_PM	1
2070 #define	SD_CHAIN_INFO_RMMEDIA		2
2071 #define	SD_CHAIN_INFO_RMMEDIA_NO_PM	3
2072 #define	SD_CHAIN_INFO_CHKSUM		4
2073 #define	SD_CHAIN_INFO_CHKSUM_NO_PM	5
2074 
2075 /* un->un_uscsi_chain_type must be set to one of these */
2076 #define	SD_CHAIN_INFO_USCSI_CMD		6
2077 /* USCSI with PM disabled is the same as DIRECT */
2078 #define	SD_CHAIN_INFO_USCSI_CMD_NO_PM	8
2079 #define	SD_CHAIN_INFO_USCSI_CHKSUM	7
2080 
2081 /* un->un_direct_chain_type must be set to one of these */
2082 #define	SD_CHAIN_INFO_DIRECT_CMD	8
2083 
2084 /* un->un_priority_chain_type must be set to one of these */
2085 #define	SD_CHAIN_INFO_PRIORITY_CMD	9
2086 
2087 /* size for devid inquiries */
2088 #define	MAX_INQUIRY_SIZE		0xF0
2089 
2090 /*
2091  * Macros used by functions to pass a given buf(9S) struct along to the
2092  * next function in the layering chain for further processing.
2093  *
2094  * In the following macros, passing more than three arguments to the called
2095  * routines causes the optimizer for the SPARC compiler to stop doing tail
2096  * call elimination which results in significant performance degradation.
2097  */
2098 #define	SD_BEGIN_IOSTART(index, un, bp)	\
2099 	((*(sd_iostart_chain[index]))(index, un, bp))
2100 
2101 #define	SD_BEGIN_IODONE(index, un, bp)	\
2102 	((*(sd_iodone_chain[index]))(index, un, bp))
2103 
2104 #define	SD_NEXT_IOSTART(index, un, bp)				\
2105 	((*(sd_iostart_chain[(index) + 1]))((index) + 1, un, bp))
2106 
2107 #define	SD_NEXT_IODONE(index, un, bp)				\
2108 	((*(sd_iodone_chain[(index) - 1]))((index) - 1, un, bp))
2109 
2110 
2111 /*
2112  *    Function: _init
2113  *
2114  * Description: This is the driver _init(9E) entry point.
2115  *
2116  * Return Code: Returns the value from mod_install(9F) or
2117  *		ddi_soft_state_init(9F) as appropriate.
2118  *
2119  *     Context: Called when driver module loaded.
2120  */
2121 
2122 int
2123 _init(void)
2124 {
2125 	int	err;
2126 
2127 	/* establish driver name from module name */
2128 	sd_label = mod_modname(&modlinkage);
2129 
2130 	err = ddi_soft_state_init(&sd_state, sizeof (struct sd_lun),
2131 		SD_MAXUNIT);
2132 
2133 	if (err != 0) {
2134 		return (err);
2135 	}
2136 
2137 	mutex_init(&sd_detach_mutex, NULL, MUTEX_DRIVER, NULL);
2138 	mutex_init(&sd_log_mutex,    NULL, MUTEX_DRIVER, NULL);
2139 	mutex_init(&sd_label_mutex,  NULL, MUTEX_DRIVER, NULL);
2140 
2141 	mutex_init(&sd_tr.srq_resv_reclaim_mutex, NULL, MUTEX_DRIVER, NULL);
2142 	cv_init(&sd_tr.srq_resv_reclaim_cv, NULL, CV_DRIVER, NULL);
2143 	cv_init(&sd_tr.srq_inprocess_cv, NULL, CV_DRIVER, NULL);
2144 
2145 	/*
2146 	 * it's ok to init here even for fibre device
2147 	 */
2148 	sd_scsi_probe_cache_init();
2149 
2150 	/*
2151 	 * Creating taskq before mod_install ensures that all callers (threads)
2152 	 * that enter the module after a successfull mod_install encounter
2153 	 * a valid taskq.
2154 	 */
2155 	sd_taskq_create();
2156 
2157 	err = mod_install(&modlinkage);
2158 	if (err != 0) {
2159 		/* delete taskq if install fails */
2160 		sd_taskq_delete();
2161 
2162 		mutex_destroy(&sd_detach_mutex);
2163 		mutex_destroy(&sd_log_mutex);
2164 		mutex_destroy(&sd_label_mutex);
2165 
2166 		mutex_destroy(&sd_tr.srq_resv_reclaim_mutex);
2167 		cv_destroy(&sd_tr.srq_resv_reclaim_cv);
2168 		cv_destroy(&sd_tr.srq_inprocess_cv);
2169 
2170 		sd_scsi_probe_cache_fini();
2171 
2172 		ddi_soft_state_fini(&sd_state);
2173 		return (err);
2174 	}
2175 
2176 	return (err);
2177 }
2178 
2179 
2180 /*
2181  *    Function: _fini
2182  *
2183  * Description: This is the driver _fini(9E) entry point.
2184  *
2185  * Return Code: Returns the value from mod_remove(9F)
2186  *
2187  *     Context: Called when driver module is unloaded.
2188  */
2189 
2190 int
2191 _fini(void)
2192 {
2193 	int err;
2194 
2195 	if ((err = mod_remove(&modlinkage)) != 0) {
2196 		return (err);
2197 	}
2198 
2199 	sd_taskq_delete();
2200 
2201 	mutex_destroy(&sd_detach_mutex);
2202 	mutex_destroy(&sd_log_mutex);
2203 	mutex_destroy(&sd_label_mutex);
2204 	mutex_destroy(&sd_tr.srq_resv_reclaim_mutex);
2205 
2206 	sd_scsi_probe_cache_fini();
2207 
2208 	cv_destroy(&sd_tr.srq_resv_reclaim_cv);
2209 	cv_destroy(&sd_tr.srq_inprocess_cv);
2210 
2211 	ddi_soft_state_fini(&sd_state);
2212 
2213 	return (err);
2214 }
2215 
2216 
2217 /*
2218  *    Function: _info
2219  *
2220  * Description: This is the driver _info(9E) entry point.
2221  *
2222  *   Arguments: modinfop - pointer to the driver modinfo structure
2223  *
2224  * Return Code: Returns the value from mod_info(9F).
2225  *
2226  *     Context: Kernel thread context
2227  */
2228 
2229 int
2230 _info(struct modinfo *modinfop)
2231 {
2232 	return (mod_info(&modlinkage, modinfop));
2233 }
2234 
2235 
2236 /*
2237  * The following routines implement the driver message logging facility.
2238  * They provide component- and level- based debug output filtering.
2239  * Output may also be restricted to messages for a single instance by
2240  * specifying a soft state pointer in sd_debug_un. If sd_debug_un is set
2241  * to NULL, then messages for all instances are printed.
2242  *
2243  * These routines have been cloned from each other due to the language
2244  * constraints of macros and variable argument list processing.
2245  */
2246 
2247 
2248 /*
2249  *    Function: sd_log_err
2250  *
2251  * Description: This routine is called by the SD_ERROR macro for debug
2252  *		logging of error conditions.
2253  *
2254  *   Arguments: comp - driver component being logged
2255  *		dev  - pointer to driver info structure
2256  *		fmt  - error string and format to be logged
2257  */
2258 
2259 static void
2260 sd_log_err(uint_t comp, struct sd_lun *un, const char *fmt, ...)
2261 {
2262 	va_list		ap;
2263 	dev_info_t	*dev;
2264 
2265 	ASSERT(un != NULL);
2266 	dev = SD_DEVINFO(un);
2267 	ASSERT(dev != NULL);
2268 
2269 	/*
2270 	 * Filter messages based on the global component and level masks.
2271 	 * Also print if un matches the value of sd_debug_un, or if
2272 	 * sd_debug_un is set to NULL.
2273 	 */
2274 	if ((sd_component_mask & comp) && (sd_level_mask & SD_LOGMASK_ERROR) &&
2275 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2276 		mutex_enter(&sd_log_mutex);
2277 		va_start(ap, fmt);
2278 		(void) vsprintf(sd_log_buf, fmt, ap);
2279 		va_end(ap);
2280 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2281 		mutex_exit(&sd_log_mutex);
2282 	}
2283 #ifdef SD_FAULT_INJECTION
2284 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2285 	if (un->sd_injection_mask & comp) {
2286 		mutex_enter(&sd_log_mutex);
2287 		va_start(ap, fmt);
2288 		(void) vsprintf(sd_log_buf, fmt, ap);
2289 		va_end(ap);
2290 		sd_injection_log(sd_log_buf, un);
2291 		mutex_exit(&sd_log_mutex);
2292 	}
2293 #endif
2294 }
2295 
2296 
2297 /*
2298  *    Function: sd_log_info
2299  *
2300  * Description: This routine is called by the SD_INFO macro for debug
2301  *		logging of general purpose informational conditions.
2302  *
2303  *   Arguments: comp - driver component being logged
2304  *		dev  - pointer to driver info structure
2305  *		fmt  - info string and format to be logged
2306  */
2307 
2308 static void
2309 sd_log_info(uint_t component, struct sd_lun *un, const char *fmt, ...)
2310 {
2311 	va_list		ap;
2312 	dev_info_t	*dev;
2313 
2314 	ASSERT(un != NULL);
2315 	dev = SD_DEVINFO(un);
2316 	ASSERT(dev != NULL);
2317 
2318 	/*
2319 	 * Filter messages based on the global component and level masks.
2320 	 * Also print if un matches the value of sd_debug_un, or if
2321 	 * sd_debug_un is set to NULL.
2322 	 */
2323 	if ((sd_component_mask & component) &&
2324 	    (sd_level_mask & SD_LOGMASK_INFO) &&
2325 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2326 		mutex_enter(&sd_log_mutex);
2327 		va_start(ap, fmt);
2328 		(void) vsprintf(sd_log_buf, fmt, ap);
2329 		va_end(ap);
2330 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2331 		mutex_exit(&sd_log_mutex);
2332 	}
2333 #ifdef SD_FAULT_INJECTION
2334 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2335 	if (un->sd_injection_mask & component) {
2336 		mutex_enter(&sd_log_mutex);
2337 		va_start(ap, fmt);
2338 		(void) vsprintf(sd_log_buf, fmt, ap);
2339 		va_end(ap);
2340 		sd_injection_log(sd_log_buf, un);
2341 		mutex_exit(&sd_log_mutex);
2342 	}
2343 #endif
2344 }
2345 
2346 
2347 /*
2348  *    Function: sd_log_trace
2349  *
2350  * Description: This routine is called by the SD_TRACE macro for debug
2351  *		logging of trace conditions (i.e. function entry/exit).
2352  *
2353  *   Arguments: comp - driver component being logged
2354  *		dev  - pointer to driver info structure
2355  *		fmt  - trace string and format to be logged
2356  */
2357 
2358 static void
2359 sd_log_trace(uint_t component, struct sd_lun *un, const char *fmt, ...)
2360 {
2361 	va_list		ap;
2362 	dev_info_t	*dev;
2363 
2364 	ASSERT(un != NULL);
2365 	dev = SD_DEVINFO(un);
2366 	ASSERT(dev != NULL);
2367 
2368 	/*
2369 	 * Filter messages based on the global component and level masks.
2370 	 * Also print if un matches the value of sd_debug_un, or if
2371 	 * sd_debug_un is set to NULL.
2372 	 */
2373 	if ((sd_component_mask & component) &&
2374 	    (sd_level_mask & SD_LOGMASK_TRACE) &&
2375 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2376 		mutex_enter(&sd_log_mutex);
2377 		va_start(ap, fmt);
2378 		(void) vsprintf(sd_log_buf, fmt, ap);
2379 		va_end(ap);
2380 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2381 		mutex_exit(&sd_log_mutex);
2382 	}
2383 #ifdef SD_FAULT_INJECTION
2384 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2385 	if (un->sd_injection_mask & component) {
2386 		mutex_enter(&sd_log_mutex);
2387 		va_start(ap, fmt);
2388 		(void) vsprintf(sd_log_buf, fmt, ap);
2389 		va_end(ap);
2390 		sd_injection_log(sd_log_buf, un);
2391 		mutex_exit(&sd_log_mutex);
2392 	}
2393 #endif
2394 }
2395 
2396 
2397 /*
2398  *    Function: sdprobe
2399  *
2400  * Description: This is the driver probe(9e) entry point function.
2401  *
2402  *   Arguments: devi - opaque device info handle
2403  *
2404  * Return Code: DDI_PROBE_SUCCESS: If the probe was successful.
2405  *              DDI_PROBE_FAILURE: If the probe failed.
2406  *              DDI_PROBE_PARTIAL: If the instance is not present now,
2407  *				   but may be present in the future.
2408  */
2409 
2410 static int
2411 sdprobe(dev_info_t *devi)
2412 {
2413 	struct scsi_device	*devp;
2414 	int			rval;
2415 	int			instance;
2416 
2417 	/*
2418 	 * if it wasn't for pln, sdprobe could actually be nulldev
2419 	 * in the "__fibre" case.
2420 	 */
2421 	if (ddi_dev_is_sid(devi) == DDI_SUCCESS) {
2422 		return (DDI_PROBE_DONTCARE);
2423 	}
2424 
2425 	devp = ddi_get_driver_private(devi);
2426 
2427 	if (devp == NULL) {
2428 		/* Ooops... nexus driver is mis-configured... */
2429 		return (DDI_PROBE_FAILURE);
2430 	}
2431 
2432 	instance = ddi_get_instance(devi);
2433 
2434 	if (ddi_get_soft_state(sd_state, instance) != NULL) {
2435 		return (DDI_PROBE_PARTIAL);
2436 	}
2437 
2438 	/*
2439 	 * Call the SCSA utility probe routine to see if we actually
2440 	 * have a target at this SCSI nexus.
2441 	 */
2442 	switch (sd_scsi_probe_with_cache(devp, NULL_FUNC)) {
2443 	case SCSIPROBE_EXISTS:
2444 		switch (devp->sd_inq->inq_dtype) {
2445 		case DTYPE_DIRECT:
2446 			rval = DDI_PROBE_SUCCESS;
2447 			break;
2448 		case DTYPE_RODIRECT:
2449 			/* CDs etc. Can be removable media */
2450 			rval = DDI_PROBE_SUCCESS;
2451 			break;
2452 		case DTYPE_OPTICAL:
2453 			/*
2454 			 * Rewritable optical driver HP115AA
2455 			 * Can also be removable media
2456 			 */
2457 
2458 			/*
2459 			 * Do not attempt to bind to  DTYPE_OPTICAL if
2460 			 * pre solaris 9 sparc sd behavior is required
2461 			 *
2462 			 * If first time through and sd_dtype_optical_bind
2463 			 * has not been set in /etc/system check properties
2464 			 */
2465 
2466 			if (sd_dtype_optical_bind  < 0) {
2467 			    sd_dtype_optical_bind = ddi_prop_get_int
2468 				(DDI_DEV_T_ANY,	devi,	0,
2469 				"optical-device-bind",	1);
2470 			}
2471 
2472 			if (sd_dtype_optical_bind == 0) {
2473 				rval = DDI_PROBE_FAILURE;
2474 			} else {
2475 				rval = DDI_PROBE_SUCCESS;
2476 			}
2477 			break;
2478 
2479 		case DTYPE_NOTPRESENT:
2480 		default:
2481 			rval = DDI_PROBE_FAILURE;
2482 			break;
2483 		}
2484 		break;
2485 	default:
2486 		rval = DDI_PROBE_PARTIAL;
2487 		break;
2488 	}
2489 
2490 	/*
2491 	 * This routine checks for resource allocation prior to freeing,
2492 	 * so it will take care of the "smart probing" case where a
2493 	 * scsi_probe() may or may not have been issued and will *not*
2494 	 * free previously-freed resources.
2495 	 */
2496 	scsi_unprobe(devp);
2497 	return (rval);
2498 }
2499 
2500 
2501 /*
2502  *    Function: sdinfo
2503  *
2504  * Description: This is the driver getinfo(9e) entry point function.
2505  * 		Given the device number, return the devinfo pointer from
2506  *		the scsi_device structure or the instance number
2507  *		associated with the dev_t.
2508  *
2509  *   Arguments: dip     - pointer to device info structure
2510  *		infocmd - command argument (DDI_INFO_DEVT2DEVINFO,
2511  *			  DDI_INFO_DEVT2INSTANCE)
2512  *		arg     - driver dev_t
2513  *		resultp - user buffer for request response
2514  *
2515  * Return Code: DDI_SUCCESS
2516  *              DDI_FAILURE
2517  */
2518 /* ARGSUSED */
2519 static int
2520 sdinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
2521 {
2522 	struct sd_lun	*un;
2523 	dev_t		dev;
2524 	int		instance;
2525 	int		error;
2526 
2527 	switch (infocmd) {
2528 	case DDI_INFO_DEVT2DEVINFO:
2529 		dev = (dev_t)arg;
2530 		instance = SDUNIT(dev);
2531 		if ((un = ddi_get_soft_state(sd_state, instance)) == NULL) {
2532 			return (DDI_FAILURE);
2533 		}
2534 		*result = (void *) SD_DEVINFO(un);
2535 		error = DDI_SUCCESS;
2536 		break;
2537 	case DDI_INFO_DEVT2INSTANCE:
2538 		dev = (dev_t)arg;
2539 		instance = SDUNIT(dev);
2540 		*result = (void *)(uintptr_t)instance;
2541 		error = DDI_SUCCESS;
2542 		break;
2543 	default:
2544 		error = DDI_FAILURE;
2545 	}
2546 	return (error);
2547 }
2548 
2549 /*
2550  *    Function: sd_prop_op
2551  *
2552  * Description: This is the driver prop_op(9e) entry point function.
2553  *		Return the number of blocks for the partition in question
2554  *		or forward the request to the property facilities.
2555  *
2556  *   Arguments: dev       - device number
2557  *		dip       - pointer to device info structure
2558  *		prop_op   - property operator
2559  *		mod_flags - DDI_PROP_DONTPASS, don't pass to parent
2560  *		name      - pointer to property name
2561  *		valuep    - pointer or address of the user buffer
2562  *		lengthp   - property length
2563  *
2564  * Return Code: DDI_PROP_SUCCESS
2565  *              DDI_PROP_NOT_FOUND
2566  *              DDI_PROP_UNDEFINED
2567  *              DDI_PROP_NO_MEMORY
2568  *              DDI_PROP_BUF_TOO_SMALL
2569  */
2570 
2571 static int
2572 sd_prop_op(dev_t dev, dev_info_t *dip, ddi_prop_op_t prop_op, int mod_flags,
2573 	char *name, caddr_t valuep, int *lengthp)
2574 {
2575 	int		instance = ddi_get_instance(dip);
2576 	struct sd_lun	*un;
2577 	uint64_t	nblocks64;
2578 
2579 	/*
2580 	 * Our dynamic properties are all device specific and size oriented.
2581 	 * Requests issued under conditions where size is valid are passed
2582 	 * to ddi_prop_op_nblocks with the size information, otherwise the
2583 	 * request is passed to ddi_prop_op. Size depends on valid geometry.
2584 	 */
2585 	un = ddi_get_soft_state(sd_state, instance);
2586 	if ((dev == DDI_DEV_T_ANY) || (un == NULL) ||
2587 	    (un->un_f_geometry_is_valid == FALSE)) {
2588 		return (ddi_prop_op(dev, dip, prop_op, mod_flags,
2589 		    name, valuep, lengthp));
2590 	} else {
2591 		/* get nblocks value */
2592 		ASSERT(!mutex_owned(SD_MUTEX(un)));
2593 		mutex_enter(SD_MUTEX(un));
2594 		nblocks64 = (ulong_t)un->un_map[SDPART(dev)].dkl_nblk;
2595 		mutex_exit(SD_MUTEX(un));
2596 
2597 		return (ddi_prop_op_nblocks(dev, dip, prop_op, mod_flags,
2598 		    name, valuep, lengthp, nblocks64));
2599 	}
2600 }
2601 
2602 /*
2603  * The following functions are for smart probing:
2604  * sd_scsi_probe_cache_init()
2605  * sd_scsi_probe_cache_fini()
2606  * sd_scsi_clear_probe_cache()
2607  * sd_scsi_probe_with_cache()
2608  */
2609 
2610 /*
2611  *    Function: sd_scsi_probe_cache_init
2612  *
2613  * Description: Initializes the probe response cache mutex and head pointer.
2614  *
2615  *     Context: Kernel thread context
2616  */
2617 
2618 static void
2619 sd_scsi_probe_cache_init(void)
2620 {
2621 	mutex_init(&sd_scsi_probe_cache_mutex, NULL, MUTEX_DRIVER, NULL);
2622 	sd_scsi_probe_cache_head = NULL;
2623 }
2624 
2625 
2626 /*
2627  *    Function: sd_scsi_probe_cache_fini
2628  *
2629  * Description: Frees all resources associated with the probe response cache.
2630  *
2631  *     Context: Kernel thread context
2632  */
2633 
2634 static void
2635 sd_scsi_probe_cache_fini(void)
2636 {
2637 	struct sd_scsi_probe_cache *cp;
2638 	struct sd_scsi_probe_cache *ncp;
2639 
2640 	/* Clean up our smart probing linked list */
2641 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = ncp) {
2642 		ncp = cp->next;
2643 		kmem_free(cp, sizeof (struct sd_scsi_probe_cache));
2644 	}
2645 	sd_scsi_probe_cache_head = NULL;
2646 	mutex_destroy(&sd_scsi_probe_cache_mutex);
2647 }
2648 
2649 
2650 /*
2651  *    Function: sd_scsi_clear_probe_cache
2652  *
2653  * Description: This routine clears the probe response cache. This is
2654  *		done when open() returns ENXIO so that when deferred
2655  *		attach is attempted (possibly after a device has been
2656  *		turned on) we will retry the probe. Since we don't know
2657  *		which target we failed to open, we just clear the
2658  *		entire cache.
2659  *
2660  *     Context: Kernel thread context
2661  */
2662 
2663 static void
2664 sd_scsi_clear_probe_cache(void)
2665 {
2666 	struct sd_scsi_probe_cache	*cp;
2667 	int				i;
2668 
2669 	mutex_enter(&sd_scsi_probe_cache_mutex);
2670 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = cp->next) {
2671 		/*
2672 		 * Reset all entries to SCSIPROBE_EXISTS.  This will
2673 		 * force probing to be performed the next time
2674 		 * sd_scsi_probe_with_cache is called.
2675 		 */
2676 		for (i = 0; i < NTARGETS_WIDE; i++) {
2677 			cp->cache[i] = SCSIPROBE_EXISTS;
2678 		}
2679 	}
2680 	mutex_exit(&sd_scsi_probe_cache_mutex);
2681 }
2682 
2683 
2684 /*
2685  *    Function: sd_scsi_probe_with_cache
2686  *
2687  * Description: This routine implements support for a scsi device probe
2688  *		with cache. The driver maintains a cache of the target
2689  *		responses to scsi probes. If we get no response from a
2690  *		target during a probe inquiry, we remember that, and we
2691  *		avoid additional calls to scsi_probe on non-zero LUNs
2692  *		on the same target until the cache is cleared. By doing
2693  *		so we avoid the 1/4 sec selection timeout for nonzero
2694  *		LUNs. lun0 of a target is always probed.
2695  *
2696  *   Arguments: devp     - Pointer to a scsi_device(9S) structure
2697  *              waitfunc - indicates what the allocator routines should
2698  *			   do when resources are not available. This value
2699  *			   is passed on to scsi_probe() when that routine
2700  *			   is called.
2701  *
2702  * Return Code: SCSIPROBE_NORESP if a NORESP in probe response cache;
2703  *		otherwise the value returned by scsi_probe(9F).
2704  *
2705  *     Context: Kernel thread context
2706  */
2707 
2708 static int
2709 sd_scsi_probe_with_cache(struct scsi_device *devp, int (*waitfn)())
2710 {
2711 	struct sd_scsi_probe_cache	*cp;
2712 	dev_info_t	*pdip = ddi_get_parent(devp->sd_dev);
2713 	int		lun, tgt;
2714 
2715 	lun = ddi_prop_get_int(DDI_DEV_T_ANY, devp->sd_dev, DDI_PROP_DONTPASS,
2716 	    SCSI_ADDR_PROP_LUN, 0);
2717 	tgt = ddi_prop_get_int(DDI_DEV_T_ANY, devp->sd_dev, DDI_PROP_DONTPASS,
2718 	    SCSI_ADDR_PROP_TARGET, -1);
2719 
2720 	/* Make sure caching enabled and target in range */
2721 	if ((tgt < 0) || (tgt >= NTARGETS_WIDE)) {
2722 		/* do it the old way (no cache) */
2723 		return (scsi_probe(devp, waitfn));
2724 	}
2725 
2726 	mutex_enter(&sd_scsi_probe_cache_mutex);
2727 
2728 	/* Find the cache for this scsi bus instance */
2729 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = cp->next) {
2730 		if (cp->pdip == pdip) {
2731 			break;
2732 		}
2733 	}
2734 
2735 	/* If we can't find a cache for this pdip, create one */
2736 	if (cp == NULL) {
2737 		int i;
2738 
2739 		cp = kmem_zalloc(sizeof (struct sd_scsi_probe_cache),
2740 		    KM_SLEEP);
2741 		cp->pdip = pdip;
2742 		cp->next = sd_scsi_probe_cache_head;
2743 		sd_scsi_probe_cache_head = cp;
2744 		for (i = 0; i < NTARGETS_WIDE; i++) {
2745 			cp->cache[i] = SCSIPROBE_EXISTS;
2746 		}
2747 	}
2748 
2749 	mutex_exit(&sd_scsi_probe_cache_mutex);
2750 
2751 	/* Recompute the cache for this target if LUN zero */
2752 	if (lun == 0) {
2753 		cp->cache[tgt] = SCSIPROBE_EXISTS;
2754 	}
2755 
2756 	/* Don't probe if cache remembers a NORESP from a previous LUN. */
2757 	if (cp->cache[tgt] != SCSIPROBE_EXISTS) {
2758 		return (SCSIPROBE_NORESP);
2759 	}
2760 
2761 	/* Do the actual probe; save & return the result */
2762 	return (cp->cache[tgt] = scsi_probe(devp, waitfn));
2763 }
2764 
2765 
2766 /*
2767  *    Function: sd_spin_up_unit
2768  *
2769  * Description: Issues the following commands to spin-up the device:
2770  *		START STOP UNIT, and INQUIRY.
2771  *
2772  *   Arguments: un - driver soft state (unit) structure
2773  *
2774  * Return Code: 0 - success
2775  *		EIO - failure
2776  *		EACCES - reservation conflict
2777  *
2778  *     Context: Kernel thread context
2779  */
2780 
2781 static int
2782 sd_spin_up_unit(struct sd_lun *un)
2783 {
2784 	size_t	resid		= 0;
2785 	int	has_conflict	= FALSE;
2786 	uchar_t *bufaddr;
2787 
2788 	ASSERT(un != NULL);
2789 
2790 	/*
2791 	 * Send a throwaway START UNIT command.
2792 	 *
2793 	 * If we fail on this, we don't care presently what precisely
2794 	 * is wrong.  EMC's arrays will also fail this with a check
2795 	 * condition (0x2/0x4/0x3) if the device is "inactive," but
2796 	 * we don't want to fail the attach because it may become
2797 	 * "active" later.
2798 	 */
2799 	if (sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START, SD_PATH_DIRECT)
2800 	    == EACCES)
2801 		has_conflict = TRUE;
2802 
2803 	/*
2804 	 * Send another INQUIRY command to the target. This is necessary for
2805 	 * non-removable media direct access devices because their INQUIRY data
2806 	 * may not be fully qualified until they are spun up (perhaps via the
2807 	 * START command above).  Note: This seems to be needed for some
2808 	 * legacy devices only.) The INQUIRY command should succeed even if a
2809 	 * Reservation Conflict is present.
2810 	 */
2811 	bufaddr = kmem_zalloc(SUN_INQSIZE, KM_SLEEP);
2812 	if (sd_send_scsi_INQUIRY(un, bufaddr, SUN_INQSIZE, 0, 0, &resid) != 0) {
2813 		kmem_free(bufaddr, SUN_INQSIZE);
2814 		return (EIO);
2815 	}
2816 
2817 	/*
2818 	 * If we got enough INQUIRY data, copy it over the old INQUIRY data.
2819 	 * Note that this routine does not return a failure here even if the
2820 	 * INQUIRY command did not return any data.  This is a legacy behavior.
2821 	 */
2822 	if ((SUN_INQSIZE - resid) >= SUN_MIN_INQLEN) {
2823 		bcopy(bufaddr, SD_INQUIRY(un), SUN_INQSIZE);
2824 	}
2825 
2826 	kmem_free(bufaddr, SUN_INQSIZE);
2827 
2828 	/* If we hit a reservation conflict above, tell the caller. */
2829 	if (has_conflict == TRUE) {
2830 		return (EACCES);
2831 	}
2832 
2833 	return (0);
2834 }
2835 
2836 #ifdef _LP64
2837 /*
2838  *    Function: sd_enable_descr_sense
2839  *
2840  * Description: This routine attempts to select descriptor sense format
2841  *		using the Control mode page.  Devices that support 64 bit
2842  *		LBAs (for >2TB luns) should also implement descriptor
2843  *		sense data so we will call this function whenever we see
2844  *		a lun larger than 2TB.  If for some reason the device
2845  *		supports 64 bit LBAs but doesn't support descriptor sense
2846  *		presumably the mode select will fail.  Everything will
2847  *		continue to work normally except that we will not get
2848  *		complete sense data for commands that fail with an LBA
2849  *		larger than 32 bits.
2850  *
2851  *   Arguments: un - driver soft state (unit) structure
2852  *
2853  *     Context: Kernel thread context only
2854  */
2855 
2856 static void
2857 sd_enable_descr_sense(struct sd_lun *un)
2858 {
2859 	uchar_t			*header;
2860 	struct mode_control_scsi3 *ctrl_bufp;
2861 	size_t			buflen;
2862 	size_t			bd_len;
2863 
2864 	/*
2865 	 * Read MODE SENSE page 0xA, Control Mode Page
2866 	 */
2867 	buflen = MODE_HEADER_LENGTH + MODE_BLK_DESC_LENGTH +
2868 	    sizeof (struct mode_control_scsi3);
2869 	header = kmem_zalloc(buflen, KM_SLEEP);
2870 	if (sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
2871 	    MODEPAGE_CTRL_MODE, SD_PATH_DIRECT) != 0) {
2872 		SD_ERROR(SD_LOG_COMMON, un,
2873 		    "sd_enable_descr_sense: mode sense ctrl page failed\n");
2874 		goto eds_exit;
2875 	}
2876 
2877 	/*
2878 	 * Determine size of Block Descriptors in order to locate
2879 	 * the mode page data. ATAPI devices return 0, SCSI devices
2880 	 * should return MODE_BLK_DESC_LENGTH.
2881 	 */
2882 	bd_len  = ((struct mode_header *)header)->bdesc_length;
2883 
2884 	ctrl_bufp = (struct mode_control_scsi3 *)
2885 	    (header + MODE_HEADER_LENGTH + bd_len);
2886 
2887 	/*
2888 	 * Clear PS bit for MODE SELECT
2889 	 */
2890 	ctrl_bufp->mode_page.ps = 0;
2891 
2892 	/*
2893 	 * Set D_SENSE to enable descriptor sense format.
2894 	 */
2895 	ctrl_bufp->d_sense = 1;
2896 
2897 	/*
2898 	 * Use MODE SELECT to commit the change to the D_SENSE bit
2899 	 */
2900 	if (sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, header,
2901 	    buflen, SD_DONTSAVE_PAGE, SD_PATH_DIRECT) != 0) {
2902 		SD_INFO(SD_LOG_COMMON, un,
2903 		    "sd_enable_descr_sense: mode select ctrl page failed\n");
2904 		goto eds_exit;
2905 	}
2906 
2907 eds_exit:
2908 	kmem_free(header, buflen);
2909 }
2910 #endif /* _LP64 */
2911 
2912 
2913 /*
2914  *    Function: sd_set_mmc_caps
2915  *
2916  * Description: This routine determines if the device is MMC compliant and if
2917  *		the device supports CDDA via a mode sense of the CDVD
2918  *		capabilities mode page. Also checks if the device is a
2919  *		dvdram writable device.
2920  *
2921  *   Arguments: un - driver soft state (unit) structure
2922  *
2923  *     Context: Kernel thread context only
2924  */
2925 
2926 static void
2927 sd_set_mmc_caps(struct sd_lun *un)
2928 {
2929 	struct mode_header_grp2		*sense_mhp;
2930 	uchar_t				*sense_page;
2931 	caddr_t				buf;
2932 	int				bd_len;
2933 	int				status;
2934 	struct uscsi_cmd		com;
2935 	int				rtn;
2936 	uchar_t				*out_data_rw, *out_data_hd;
2937 	uchar_t				*rqbuf_rw, *rqbuf_hd;
2938 
2939 	ASSERT(un != NULL);
2940 
2941 	/*
2942 	 * The flags which will be set in this function are - mmc compliant,
2943 	 * dvdram writable device, cdda support. Initialize them to FALSE
2944 	 * and if a capability is detected - it will be set to TRUE.
2945 	 */
2946 	un->un_f_mmc_cap = FALSE;
2947 	un->un_f_dvdram_writable_device = FALSE;
2948 	un->un_f_cfg_cdda = FALSE;
2949 
2950 	buf = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
2951 	status = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, (uchar_t *)buf,
2952 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP, SD_PATH_DIRECT);
2953 
2954 	if (status != 0) {
2955 		/* command failed; just return */
2956 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
2957 		return;
2958 	}
2959 	/*
2960 	 * If the mode sense request for the CDROM CAPABILITIES
2961 	 * page (0x2A) succeeds the device is assumed to be MMC.
2962 	 */
2963 	un->un_f_mmc_cap = TRUE;
2964 
2965 	/* Get to the page data */
2966 	sense_mhp = (struct mode_header_grp2 *)buf;
2967 	bd_len = (sense_mhp->bdesc_length_hi << 8) |
2968 	    sense_mhp->bdesc_length_lo;
2969 	if (bd_len > MODE_BLK_DESC_LENGTH) {
2970 		/*
2971 		 * We did not get back the expected block descriptor
2972 		 * length so we cannot determine if the device supports
2973 		 * CDDA. However, we still indicate the device is MMC
2974 		 * according to the successful response to the page
2975 		 * 0x2A mode sense request.
2976 		 */
2977 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
2978 		    "sd_set_mmc_caps: Mode Sense returned "
2979 		    "invalid block descriptor length\n");
2980 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
2981 		return;
2982 	}
2983 
2984 	/* See if read CDDA is supported */
2985 	sense_page = (uchar_t *)(buf + MODE_HEADER_LENGTH_GRP2 +
2986 	    bd_len);
2987 	un->un_f_cfg_cdda = (sense_page[5] & 0x01) ? TRUE : FALSE;
2988 
2989 	/* See if writing DVD RAM is supported. */
2990 	un->un_f_dvdram_writable_device = (sense_page[3] & 0x20) ? TRUE : FALSE;
2991 	if (un->un_f_dvdram_writable_device == TRUE) {
2992 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
2993 		return;
2994 	}
2995 
2996 	/*
2997 	 * If the device presents DVD or CD capabilities in the mode
2998 	 * page, we can return here since a RRD will not have
2999 	 * these capabilities.
3000 	 */
3001 	if ((sense_page[2] & 0x3f) || (sense_page[3] & 0x3f)) {
3002 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3003 		return;
3004 	}
3005 	kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3006 
3007 	/*
3008 	 * If un->un_f_dvdram_writable_device is still FALSE,
3009 	 * check for a Removable Rigid Disk (RRD).  A RRD
3010 	 * device is identified by the features RANDOM_WRITABLE and
3011 	 * HARDWARE_DEFECT_MANAGEMENT.
3012 	 */
3013 	out_data_rw = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3014 	rqbuf_rw = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3015 
3016 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_rw,
3017 	    SENSE_LENGTH, out_data_rw, SD_CURRENT_FEATURE_LEN,
3018 	    RANDOM_WRITABLE);
3019 	if (rtn != 0) {
3020 		kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3021 		kmem_free(rqbuf_rw, SENSE_LENGTH);
3022 		return;
3023 	}
3024 
3025 	out_data_hd = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3026 	rqbuf_hd = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3027 
3028 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_hd,
3029 	    SENSE_LENGTH, out_data_hd, SD_CURRENT_FEATURE_LEN,
3030 	    HARDWARE_DEFECT_MANAGEMENT);
3031 	if (rtn == 0) {
3032 		/*
3033 		 * We have good information, check for random writable
3034 		 * and hardware defect features.
3035 		 */
3036 		if ((out_data_rw[9] & RANDOM_WRITABLE) &&
3037 		    (out_data_hd[9] & HARDWARE_DEFECT_MANAGEMENT)) {
3038 			un->un_f_dvdram_writable_device = TRUE;
3039 		}
3040 	}
3041 
3042 	kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3043 	kmem_free(rqbuf_rw, SENSE_LENGTH);
3044 	kmem_free(out_data_hd, SD_CURRENT_FEATURE_LEN);
3045 	kmem_free(rqbuf_hd, SENSE_LENGTH);
3046 }
3047 
3048 /*
3049  *    Function: sd_check_for_writable_cd
3050  *
3051  * Description: This routine determines if the media in the device is
3052  *		writable or not. It uses the get configuration command (0x46)
3053  *		to determine if the media is writable
3054  *
3055  *   Arguments: un - driver soft state (unit) structure
3056  *
3057  *     Context: Never called at interrupt context.
3058  */
3059 
3060 static void
3061 sd_check_for_writable_cd(struct sd_lun *un)
3062 {
3063 	struct uscsi_cmd		com;
3064 	uchar_t				*out_data;
3065 	uchar_t				*rqbuf;
3066 	int				rtn;
3067 	uchar_t				*out_data_rw, *out_data_hd;
3068 	uchar_t				*rqbuf_rw, *rqbuf_hd;
3069 	struct mode_header_grp2		*sense_mhp;
3070 	uchar_t				*sense_page;
3071 	caddr_t				buf;
3072 	int				bd_len;
3073 	int				status;
3074 
3075 	ASSERT(un != NULL);
3076 	ASSERT(mutex_owned(SD_MUTEX(un)));
3077 
3078 	/*
3079 	 * Initialize the writable media to false, if configuration info.
3080 	 * tells us otherwise then only we will set it.
3081 	 */
3082 	un->un_f_mmc_writable_media = FALSE;
3083 	mutex_exit(SD_MUTEX(un));
3084 
3085 	out_data = kmem_zalloc(SD_PROFILE_HEADER_LEN, KM_SLEEP);
3086 	rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3087 
3088 	rtn = sd_send_scsi_GET_CONFIGURATION(un, &com, rqbuf, SENSE_LENGTH,
3089 	    out_data, SD_PROFILE_HEADER_LEN);
3090 
3091 	mutex_enter(SD_MUTEX(un));
3092 	if (rtn == 0) {
3093 		/*
3094 		 * We have good information, check for writable DVD.
3095 		 */
3096 		if ((out_data[6] == 0) && (out_data[7] == 0x12)) {
3097 			un->un_f_mmc_writable_media = TRUE;
3098 			kmem_free(out_data, SD_PROFILE_HEADER_LEN);
3099 			kmem_free(rqbuf, SENSE_LENGTH);
3100 			return;
3101 		}
3102 	}
3103 
3104 	kmem_free(out_data, SD_PROFILE_HEADER_LEN);
3105 	kmem_free(rqbuf, SENSE_LENGTH);
3106 
3107 	/*
3108 	 * Determine if this is a RRD type device.
3109 	 */
3110 	mutex_exit(SD_MUTEX(un));
3111 	buf = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
3112 	status = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, (uchar_t *)buf,
3113 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP, SD_PATH_DIRECT);
3114 	mutex_enter(SD_MUTEX(un));
3115 	if (status != 0) {
3116 		/* command failed; just return */
3117 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3118 		return;
3119 	}
3120 
3121 	/* Get to the page data */
3122 	sense_mhp = (struct mode_header_grp2 *)buf;
3123 	bd_len = (sense_mhp->bdesc_length_hi << 8) | sense_mhp->bdesc_length_lo;
3124 	if (bd_len > MODE_BLK_DESC_LENGTH) {
3125 		/*
3126 		 * We did not get back the expected block descriptor length so
3127 		 * we cannot check the mode page.
3128 		 */
3129 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3130 		    "sd_check_for_writable_cd: Mode Sense returned "
3131 		    "invalid block descriptor length\n");
3132 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3133 		return;
3134 	}
3135 
3136 	/*
3137 	 * If the device presents DVD or CD capabilities in the mode
3138 	 * page, we can return here since a RRD device will not have
3139 	 * these capabilities.
3140 	 */
3141 	sense_page = (uchar_t *)(buf + MODE_HEADER_LENGTH_GRP2 + bd_len);
3142 	if ((sense_page[2] & 0x3f) || (sense_page[3] & 0x3f)) {
3143 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3144 		return;
3145 	}
3146 	kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3147 
3148 	/*
3149 	 * If un->un_f_mmc_writable_media is still FALSE,
3150 	 * check for RRD type media.  A RRD device is identified
3151 	 * by the features RANDOM_WRITABLE and HARDWARE_DEFECT_MANAGEMENT.
3152 	 */
3153 	mutex_exit(SD_MUTEX(un));
3154 	out_data_rw = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3155 	rqbuf_rw = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3156 
3157 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_rw,
3158 	    SENSE_LENGTH, out_data_rw, SD_CURRENT_FEATURE_LEN,
3159 	    RANDOM_WRITABLE);
3160 	if (rtn != 0) {
3161 		kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3162 		kmem_free(rqbuf_rw, SENSE_LENGTH);
3163 		mutex_enter(SD_MUTEX(un));
3164 		return;
3165 	}
3166 
3167 	out_data_hd = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3168 	rqbuf_hd = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3169 
3170 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_hd,
3171 	    SENSE_LENGTH, out_data_hd, SD_CURRENT_FEATURE_LEN,
3172 	    HARDWARE_DEFECT_MANAGEMENT);
3173 	mutex_enter(SD_MUTEX(un));
3174 	if (rtn == 0) {
3175 		/*
3176 		 * We have good information, check for random writable
3177 		 * and hardware defect features as current.
3178 		 */
3179 		if ((out_data_rw[9] & RANDOM_WRITABLE) &&
3180 		    (out_data_rw[10] & 0x1) &&
3181 		    (out_data_hd[9] & HARDWARE_DEFECT_MANAGEMENT) &&
3182 		    (out_data_hd[10] & 0x1)) {
3183 			un->un_f_mmc_writable_media = TRUE;
3184 		}
3185 	}
3186 
3187 	kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3188 	kmem_free(rqbuf_rw, SENSE_LENGTH);
3189 	kmem_free(out_data_hd, SD_CURRENT_FEATURE_LEN);
3190 	kmem_free(rqbuf_hd, SENSE_LENGTH);
3191 }
3192 
3193 /*
3194  *    Function: sd_read_unit_properties
3195  *
3196  * Description: The following implements a property lookup mechanism.
3197  *		Properties for particular disks (keyed on vendor, model
3198  *		and rev numbers) are sought in the sd.conf file via
3199  *		sd_process_sdconf_file(), and if not found there, are
3200  *		looked for in a list hardcoded in this driver via
3201  *		sd_process_sdconf_table() Once located the properties
3202  *		are used to update the driver unit structure.
3203  *
3204  *   Arguments: un - driver soft state (unit) structure
3205  */
3206 
3207 static void
3208 sd_read_unit_properties(struct sd_lun *un)
3209 {
3210 	/*
3211 	 * sd_process_sdconf_file returns SD_FAILURE if it cannot find
3212 	 * the "sd-config-list" property (from the sd.conf file) or if
3213 	 * there was not a match for the inquiry vid/pid. If this event
3214 	 * occurs the static driver configuration table is searched for
3215 	 * a match.
3216 	 */
3217 	ASSERT(un != NULL);
3218 	if (sd_process_sdconf_file(un) == SD_FAILURE) {
3219 		sd_process_sdconf_table(un);
3220 	}
3221 
3222 	/* check for LSI device */
3223 	sd_is_lsi(un);
3224 
3225 	/*
3226 	 * Set this in sd.conf to 0 in order to disable kstats.  The default
3227 	 * is 1, so they are enabled by default.
3228 	 */
3229 	un->un_f_pkstats_enabled = (ddi_prop_get_int(DDI_DEV_T_ANY,
3230 	    SD_DEVINFO(un), DDI_PROP_DONTPASS, "enable-partition-kstats", 1));
3231 }
3232 
3233 
3234 /*
3235  *    Function: sd_process_sdconf_file
3236  *
3237  * Description: Use ddi_getlongprop to obtain the properties from the
3238  *		driver's config file (ie, sd.conf) and update the driver
3239  *		soft state structure accordingly.
3240  *
3241  *   Arguments: un - driver soft state (unit) structure
3242  *
3243  * Return Code: SD_SUCCESS - The properties were successfully set according
3244  *			     to the driver configuration file.
3245  *		SD_FAILURE - The driver config list was not obtained or
3246  *			     there was no vid/pid match. This indicates that
3247  *			     the static config table should be used.
3248  *
3249  * The config file has a property, "sd-config-list", which consists of
3250  * one or more duplets as follows:
3251  *
3252  *  sd-config-list=
3253  *	<duplet>,
3254  *	[<duplet>,]
3255  *	[<duplet>];
3256  *
3257  * The structure of each duplet is as follows:
3258  *
3259  *  <duplet>:= <vid+pid>,<data-property-name_list>
3260  *
3261  * The first entry of the duplet is the device ID string (the concatenated
3262  * vid & pid; not to be confused with a device_id).  This is defined in
3263  * the same way as in the sd_disk_table.
3264  *
3265  * The second part of the duplet is a string that identifies a
3266  * data-property-name-list. The data-property-name-list is defined as
3267  * follows:
3268  *
3269  *  <data-property-name-list>:=<data-property-name> [<data-property-name>]
3270  *
3271  * The syntax of <data-property-name> depends on the <version> field.
3272  *
3273  * If version = SD_CONF_VERSION_1 we have the following syntax:
3274  *
3275  * 	<data-property-name>:=<version>,<flags>,<prop0>,<prop1>,.....<propN>
3276  *
3277  * where the prop0 value will be used to set prop0 if bit0 set in the
3278  * flags, prop1 if bit1 set, etc. and N = SD_CONF_MAX_ITEMS -1
3279  *
3280  */
3281 
3282 static int
3283 sd_process_sdconf_file(struct sd_lun *un)
3284 {
3285 	char	*config_list = NULL;
3286 	int	config_list_len;
3287 	int	len;
3288 	int	dupletlen = 0;
3289 	char	*vidptr;
3290 	int	vidlen;
3291 	char	*dnlist_ptr;
3292 	char	*dataname_ptr;
3293 	int	dnlist_len;
3294 	int	dataname_len;
3295 	int	*data_list;
3296 	int	data_list_len;
3297 	int	rval = SD_FAILURE;
3298 	int	i;
3299 
3300 	ASSERT(un != NULL);
3301 
3302 	/* Obtain the configuration list associated with the .conf file */
3303 	if (ddi_getlongprop(DDI_DEV_T_ANY, SD_DEVINFO(un), DDI_PROP_DONTPASS,
3304 	    sd_config_list, (caddr_t)&config_list, &config_list_len)
3305 	    != DDI_PROP_SUCCESS) {
3306 		return (SD_FAILURE);
3307 	}
3308 
3309 	/*
3310 	 * Compare vids in each duplet to the inquiry vid - if a match is
3311 	 * made, get the data value and update the soft state structure
3312 	 * accordingly.
3313 	 *
3314 	 * Note: This algorithm is complex and difficult to maintain. It should
3315 	 * be replaced with a more robust implementation.
3316 	 */
3317 	for (len = config_list_len, vidptr = config_list; len > 0;
3318 	    vidptr += dupletlen, len -= dupletlen) {
3319 		/*
3320 		 * Note: The assumption here is that each vid entry is on
3321 		 * a unique line from its associated duplet.
3322 		 */
3323 		vidlen = dupletlen = (int)strlen(vidptr);
3324 		if ((vidlen == 0) ||
3325 		    (sd_sdconf_id_match(un, vidptr, vidlen) != SD_SUCCESS)) {
3326 			dupletlen++;
3327 			continue;
3328 		}
3329 
3330 		/*
3331 		 * dnlist contains 1 or more blank separated
3332 		 * data-property-name entries
3333 		 */
3334 		dnlist_ptr = vidptr + vidlen + 1;
3335 		dnlist_len = (int)strlen(dnlist_ptr);
3336 		dupletlen += dnlist_len + 2;
3337 
3338 		/*
3339 		 * Set a pointer for the first data-property-name
3340 		 * entry in the list
3341 		 */
3342 		dataname_ptr = dnlist_ptr;
3343 		dataname_len = 0;
3344 
3345 		/*
3346 		 * Loop through all data-property-name entries in the
3347 		 * data-property-name-list setting the properties for each.
3348 		 */
3349 		while (dataname_len < dnlist_len) {
3350 			int version;
3351 
3352 			/*
3353 			 * Determine the length of the current
3354 			 * data-property-name entry by indexing until a
3355 			 * blank or NULL is encountered. When the space is
3356 			 * encountered reset it to a NULL for compliance
3357 			 * with ddi_getlongprop().
3358 			 */
3359 			for (i = 0; ((dataname_ptr[i] != ' ') &&
3360 			    (dataname_ptr[i] != '\0')); i++) {
3361 				;
3362 			}
3363 
3364 			dataname_len += i;
3365 			/* If not null terminated, Make it so */
3366 			if (dataname_ptr[i] == ' ') {
3367 				dataname_ptr[i] = '\0';
3368 			}
3369 			dataname_len++;
3370 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3371 			    "sd_process_sdconf_file: disk:%s, data:%s\n",
3372 			    vidptr, dataname_ptr);
3373 
3374 			/* Get the data list */
3375 			if (ddi_getlongprop(DDI_DEV_T_ANY, SD_DEVINFO(un), 0,
3376 			    dataname_ptr, (caddr_t)&data_list, &data_list_len)
3377 			    != DDI_PROP_SUCCESS) {
3378 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
3379 				    "sd_process_sdconf_file: data property (%s)"
3380 				    " has no value\n", dataname_ptr);
3381 				dataname_ptr = dnlist_ptr + dataname_len;
3382 				continue;
3383 			}
3384 
3385 			version = data_list[0];
3386 
3387 			if (version == SD_CONF_VERSION_1) {
3388 				sd_tunables values;
3389 
3390 				/* Set the properties */
3391 				if (sd_chk_vers1_data(un, data_list[1],
3392 				    &data_list[2], data_list_len, dataname_ptr)
3393 				    == SD_SUCCESS) {
3394 					sd_get_tunables_from_conf(un,
3395 					    data_list[1], &data_list[2],
3396 					    &values);
3397 					sd_set_vers1_properties(un,
3398 					    data_list[1], &values);
3399 					rval = SD_SUCCESS;
3400 				} else {
3401 					rval = SD_FAILURE;
3402 				}
3403 			} else {
3404 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3405 				    "data property %s version 0x%x is invalid.",
3406 				    dataname_ptr, version);
3407 				rval = SD_FAILURE;
3408 			}
3409 			kmem_free(data_list, data_list_len);
3410 			dataname_ptr = dnlist_ptr + dataname_len;
3411 		}
3412 	}
3413 
3414 	/* free up the memory allocated by ddi_getlongprop */
3415 	if (config_list) {
3416 		kmem_free(config_list, config_list_len);
3417 	}
3418 
3419 	return (rval);
3420 }
3421 
3422 /*
3423  *    Function: sd_get_tunables_from_conf()
3424  *
3425  *
3426  *    This function reads the data list from the sd.conf file and pulls
3427  *    the values that can have numeric values as arguments and places
3428  *    the values in the apropriate sd_tunables member.
3429  *    Since the order of the data list members varies across platforms
3430  *    This function reads them from the data list in a platform specific
3431  *    order and places them into the correct sd_tunable member that is
3432  *    a consistant across all platforms.
3433  */
3434 static void
3435 sd_get_tunables_from_conf(struct sd_lun *un, int flags, int *data_list,
3436     sd_tunables *values)
3437 {
3438 	int i;
3439 	int mask;
3440 
3441 	bzero(values, sizeof (sd_tunables));
3442 
3443 	for (i = 0; i < SD_CONF_MAX_ITEMS; i++) {
3444 
3445 		mask = 1 << i;
3446 		if (mask > flags) {
3447 			break;
3448 		}
3449 
3450 		switch (mask & flags) {
3451 		case 0:	/* This mask bit not set in flags */
3452 			continue;
3453 		case SD_CONF_BSET_THROTTLE:
3454 			values->sdt_throttle = data_list[i];
3455 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3456 			    "sd_get_tunables_from_conf: throttle = %d\n",
3457 			    values->sdt_throttle);
3458 			break;
3459 		case SD_CONF_BSET_CTYPE:
3460 			values->sdt_ctype = data_list[i];
3461 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3462 			    "sd_get_tunables_from_conf: ctype = %d\n",
3463 			    values->sdt_ctype);
3464 			break;
3465 		case SD_CONF_BSET_NRR_COUNT:
3466 			values->sdt_not_rdy_retries = data_list[i];
3467 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3468 			    "sd_get_tunables_from_conf: not_rdy_retries = %d\n",
3469 			    values->sdt_not_rdy_retries);
3470 			break;
3471 		case SD_CONF_BSET_BSY_RETRY_COUNT:
3472 			values->sdt_busy_retries = data_list[i];
3473 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3474 			    "sd_get_tunables_from_conf: busy_retries = %d\n",
3475 			    values->sdt_busy_retries);
3476 			break;
3477 		case SD_CONF_BSET_RST_RETRIES:
3478 			values->sdt_reset_retries = data_list[i];
3479 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3480 			    "sd_get_tunables_from_conf: reset_retries = %d\n",
3481 			    values->sdt_reset_retries);
3482 			break;
3483 		case SD_CONF_BSET_RSV_REL_TIME:
3484 			values->sdt_reserv_rel_time = data_list[i];
3485 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3486 			    "sd_get_tunables_from_conf: reserv_rel_time = %d\n",
3487 			    values->sdt_reserv_rel_time);
3488 			break;
3489 		case SD_CONF_BSET_MIN_THROTTLE:
3490 			values->sdt_min_throttle = data_list[i];
3491 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3492 			    "sd_get_tunables_from_conf: min_throttle = %d\n",
3493 			    values->sdt_min_throttle);
3494 			break;
3495 		case SD_CONF_BSET_DISKSORT_DISABLED:
3496 			values->sdt_disk_sort_dis = data_list[i];
3497 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3498 			    "sd_get_tunables_from_conf: disk_sort_dis = %d\n",
3499 			    values->sdt_disk_sort_dis);
3500 			break;
3501 		case SD_CONF_BSET_LUN_RESET_ENABLED:
3502 			values->sdt_lun_reset_enable = data_list[i];
3503 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3504 			    "sd_get_tunables_from_conf: lun_reset_enable = %d"
3505 			    "\n", values->sdt_lun_reset_enable);
3506 			break;
3507 		}
3508 	}
3509 }
3510 
3511 /*
3512  *    Function: sd_process_sdconf_table
3513  *
3514  * Description: Search the static configuration table for a match on the
3515  *		inquiry vid/pid and update the driver soft state structure
3516  *		according to the table property values for the device.
3517  *
3518  *		The form of a configuration table entry is:
3519  *		  <vid+pid>,<flags>,<property-data>
3520  *		  "SEAGATE ST42400N",1,63,0,0			(Fibre)
3521  *		  "SEAGATE ST42400N",1,63,0,0,0,0		(Sparc)
3522  *		  "SEAGATE ST42400N",1,63,0,0,0,0,0,0,0,0,0,0	(Intel)
3523  *
3524  *   Arguments: un - driver soft state (unit) structure
3525  */
3526 
3527 static void
3528 sd_process_sdconf_table(struct sd_lun *un)
3529 {
3530 	char	*id = NULL;
3531 	int	table_index;
3532 	int	idlen;
3533 
3534 	ASSERT(un != NULL);
3535 	for (table_index = 0; table_index < sd_disk_table_size;
3536 	    table_index++) {
3537 		id = sd_disk_table[table_index].device_id;
3538 		idlen = strlen(id);
3539 		if (idlen == 0) {
3540 			continue;
3541 		}
3542 
3543 		/*
3544 		 * The static configuration table currently does not
3545 		 * implement version 10 properties. Additionally,
3546 		 * multiple data-property-name entries are not
3547 		 * implemented in the static configuration table.
3548 		 */
3549 		if (sd_sdconf_id_match(un, id, idlen) == SD_SUCCESS) {
3550 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3551 			    "sd_process_sdconf_table: disk %s\n", id);
3552 			sd_set_vers1_properties(un,
3553 			    sd_disk_table[table_index].flags,
3554 			    sd_disk_table[table_index].properties);
3555 			break;
3556 		}
3557 	}
3558 }
3559 
3560 
3561 /*
3562  *    Function: sd_sdconf_id_match
3563  *
3564  * Description: This local function implements a case sensitive vid/pid
3565  *		comparison as well as the boundary cases of wild card and
3566  *		multiple blanks.
3567  *
3568  *		Note: An implicit assumption made here is that the scsi
3569  *		inquiry structure will always keep the vid, pid and
3570  *		revision strings in consecutive sequence, so they can be
3571  *		read as a single string. If this assumption is not the
3572  *		case, a separate string, to be used for the check, needs
3573  *		to be built with these strings concatenated.
3574  *
3575  *   Arguments: un - driver soft state (unit) structure
3576  *		id - table or config file vid/pid
3577  *		idlen  - length of the vid/pid (bytes)
3578  *
3579  * Return Code: SD_SUCCESS - Indicates a match with the inquiry vid/pid
3580  *		SD_FAILURE - Indicates no match with the inquiry vid/pid
3581  */
3582 
3583 static int
3584 sd_sdconf_id_match(struct sd_lun *un, char *id, int idlen)
3585 {
3586 	struct scsi_inquiry	*sd_inq;
3587 	int 			rval = SD_SUCCESS;
3588 
3589 	ASSERT(un != NULL);
3590 	sd_inq = un->un_sd->sd_inq;
3591 	ASSERT(id != NULL);
3592 
3593 	/*
3594 	 * We use the inq_vid as a pointer to a buffer containing the
3595 	 * vid and pid and use the entire vid/pid length of the table
3596 	 * entry for the comparison. This works because the inq_pid
3597 	 * data member follows inq_vid in the scsi_inquiry structure.
3598 	 */
3599 	if (strncasecmp(sd_inq->inq_vid, id, idlen) != 0) {
3600 		/*
3601 		 * The user id string is compared to the inquiry vid/pid
3602 		 * using a case insensitive comparison and ignoring
3603 		 * multiple spaces.
3604 		 */
3605 		rval = sd_blank_cmp(un, id, idlen);
3606 		if (rval != SD_SUCCESS) {
3607 			/*
3608 			 * User id strings that start and end with a "*"
3609 			 * are a special case. These do not have a
3610 			 * specific vendor, and the product string can
3611 			 * appear anywhere in the 16 byte PID portion of
3612 			 * the inquiry data. This is a simple strstr()
3613 			 * type search for the user id in the inquiry data.
3614 			 */
3615 			if ((id[0] == '*') && (id[idlen - 1] == '*')) {
3616 				char	*pidptr = &id[1];
3617 				int	i;
3618 				int	j;
3619 				int	pidstrlen = idlen - 2;
3620 				j = sizeof (SD_INQUIRY(un)->inq_pid) -
3621 				    pidstrlen;
3622 
3623 				if (j < 0) {
3624 					return (SD_FAILURE);
3625 				}
3626 				for (i = 0; i < j; i++) {
3627 					if (bcmp(&SD_INQUIRY(un)->inq_pid[i],
3628 					    pidptr, pidstrlen) == 0) {
3629 						rval = SD_SUCCESS;
3630 						break;
3631 					}
3632 				}
3633 			}
3634 		}
3635 	}
3636 	return (rval);
3637 }
3638 
3639 
3640 /*
3641  *    Function: sd_blank_cmp
3642  *
3643  * Description: If the id string starts and ends with a space, treat
3644  *		multiple consecutive spaces as equivalent to a single
3645  *		space. For example, this causes a sd_disk_table entry
3646  *		of " NEC CDROM " to match a device's id string of
3647  *		"NEC       CDROM".
3648  *
3649  *		Note: The success exit condition for this routine is if
3650  *		the pointer to the table entry is '\0' and the cnt of
3651  *		the inquiry length is zero. This will happen if the inquiry
3652  *		string returned by the device is padded with spaces to be
3653  *		exactly 24 bytes in length (8 byte vid + 16 byte pid). The
3654  *		SCSI spec states that the inquiry string is to be padded with
3655  *		spaces.
3656  *
3657  *   Arguments: un - driver soft state (unit) structure
3658  *		id - table or config file vid/pid
3659  *		idlen  - length of the vid/pid (bytes)
3660  *
3661  * Return Code: SD_SUCCESS - Indicates a match with the inquiry vid/pid
3662  *		SD_FAILURE - Indicates no match with the inquiry vid/pid
3663  */
3664 
3665 static int
3666 sd_blank_cmp(struct sd_lun *un, char *id, int idlen)
3667 {
3668 	char		*p1;
3669 	char		*p2;
3670 	int		cnt;
3671 	cnt = sizeof (SD_INQUIRY(un)->inq_vid) +
3672 	    sizeof (SD_INQUIRY(un)->inq_pid);
3673 
3674 	ASSERT(un != NULL);
3675 	p2 = un->un_sd->sd_inq->inq_vid;
3676 	ASSERT(id != NULL);
3677 	p1 = id;
3678 
3679 	if ((id[0] == ' ') && (id[idlen - 1] == ' ')) {
3680 		/*
3681 		 * Note: string p1 is terminated by a NUL but string p2
3682 		 * isn't.  The end of p2 is determined by cnt.
3683 		 */
3684 		for (;;) {
3685 			/* skip over any extra blanks in both strings */
3686 			while ((*p1 != '\0') && (*p1 == ' ')) {
3687 				p1++;
3688 			}
3689 			while ((cnt != 0) && (*p2 == ' ')) {
3690 				p2++;
3691 				cnt--;
3692 			}
3693 
3694 			/* compare the two strings */
3695 			if ((cnt == 0) ||
3696 			    (SD_TOUPPER(*p1) != SD_TOUPPER(*p2))) {
3697 				break;
3698 			}
3699 			while ((cnt > 0) &&
3700 			    (SD_TOUPPER(*p1) == SD_TOUPPER(*p2))) {
3701 				p1++;
3702 				p2++;
3703 				cnt--;
3704 			}
3705 		}
3706 	}
3707 
3708 	/* return SD_SUCCESS if both strings match */
3709 	return (((*p1 == '\0') && (cnt == 0)) ? SD_SUCCESS : SD_FAILURE);
3710 }
3711 
3712 
3713 /*
3714  *    Function: sd_chk_vers1_data
3715  *
3716  * Description: Verify the version 1 device properties provided by the
3717  *		user via the configuration file
3718  *
3719  *   Arguments: un	     - driver soft state (unit) structure
3720  *		flags	     - integer mask indicating properties to be set
3721  *		prop_list    - integer list of property values
3722  *		list_len     - length of user provided data
3723  *
3724  * Return Code: SD_SUCCESS - Indicates the user provided data is valid
3725  *		SD_FAILURE - Indicates the user provided data is invalid
3726  */
3727 
3728 static int
3729 sd_chk_vers1_data(struct sd_lun *un, int flags, int *prop_list,
3730     int list_len, char *dataname_ptr)
3731 {
3732 	int i;
3733 	int mask = 1;
3734 	int index = 0;
3735 
3736 	ASSERT(un != NULL);
3737 
3738 	/* Check for a NULL property name and list */
3739 	if (dataname_ptr == NULL) {
3740 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3741 		    "sd_chk_vers1_data: NULL data property name.");
3742 		return (SD_FAILURE);
3743 	}
3744 	if (prop_list == NULL) {
3745 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3746 		    "sd_chk_vers1_data: %s NULL data property list.",
3747 		    dataname_ptr);
3748 		return (SD_FAILURE);
3749 	}
3750 
3751 	/* Display a warning if undefined bits are set in the flags */
3752 	if (flags & ~SD_CONF_BIT_MASK) {
3753 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3754 		    "sd_chk_vers1_data: invalid bits 0x%x in data list %s. "
3755 		    "Properties not set.",
3756 		    (flags & ~SD_CONF_BIT_MASK), dataname_ptr);
3757 		return (SD_FAILURE);
3758 	}
3759 
3760 	/*
3761 	 * Verify the length of the list by identifying the highest bit set
3762 	 * in the flags and validating that the property list has a length
3763 	 * up to the index of this bit.
3764 	 */
3765 	for (i = 0; i < SD_CONF_MAX_ITEMS; i++) {
3766 		if (flags & mask) {
3767 			index++;
3768 		}
3769 		mask = 1 << i;
3770 	}
3771 	if ((list_len / sizeof (int)) < (index + 2)) {
3772 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3773 		    "sd_chk_vers1_data: "
3774 		    "Data property list %s size is incorrect. "
3775 		    "Properties not set.", dataname_ptr);
3776 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT, "Size expected: "
3777 		    "version + 1 flagword + %d properties", SD_CONF_MAX_ITEMS);
3778 		return (SD_FAILURE);
3779 	}
3780 	return (SD_SUCCESS);
3781 }
3782 
3783 
3784 /*
3785  *    Function: sd_set_vers1_properties
3786  *
3787  * Description: Set version 1 device properties based on a property list
3788  *		retrieved from the driver configuration file or static
3789  *		configuration table. Version 1 properties have the format:
3790  *
3791  * 	<data-property-name>:=<version>,<flags>,<prop0>,<prop1>,.....<propN>
3792  *
3793  *		where the prop0 value will be used to set prop0 if bit0
3794  *		is set in the flags
3795  *
3796  *   Arguments: un	     - driver soft state (unit) structure
3797  *		flags	     - integer mask indicating properties to be set
3798  *		prop_list    - integer list of property values
3799  */
3800 
3801 static void
3802 sd_set_vers1_properties(struct sd_lun *un, int flags, sd_tunables *prop_list)
3803 {
3804 	ASSERT(un != NULL);
3805 
3806 	/*
3807 	 * Set the flag to indicate cache is to be disabled. An attempt
3808 	 * to disable the cache via sd_disable_caching() will be made
3809 	 * later during attach once the basic initialization is complete.
3810 	 */
3811 	if (flags & SD_CONF_BSET_NOCACHE) {
3812 		un->un_f_opt_disable_cache = TRUE;
3813 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3814 		    "sd_set_vers1_properties: caching disabled flag set\n");
3815 	}
3816 
3817 	/* CD-specific configuration parameters */
3818 	if (flags & SD_CONF_BSET_PLAYMSF_BCD) {
3819 		un->un_f_cfg_playmsf_bcd = TRUE;
3820 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3821 		    "sd_set_vers1_properties: playmsf_bcd set\n");
3822 	}
3823 	if (flags & SD_CONF_BSET_READSUB_BCD) {
3824 		un->un_f_cfg_readsub_bcd = TRUE;
3825 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3826 		    "sd_set_vers1_properties: readsub_bcd set\n");
3827 	}
3828 	if (flags & SD_CONF_BSET_READ_TOC_TRK_BCD) {
3829 		un->un_f_cfg_read_toc_trk_bcd = TRUE;
3830 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3831 		    "sd_set_vers1_properties: read_toc_trk_bcd set\n");
3832 	}
3833 	if (flags & SD_CONF_BSET_READ_TOC_ADDR_BCD) {
3834 		un->un_f_cfg_read_toc_addr_bcd = TRUE;
3835 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3836 		    "sd_set_vers1_properties: read_toc_addr_bcd set\n");
3837 	}
3838 	if (flags & SD_CONF_BSET_NO_READ_HEADER) {
3839 		un->un_f_cfg_no_read_header = TRUE;
3840 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3841 			    "sd_set_vers1_properties: no_read_header set\n");
3842 	}
3843 	if (flags & SD_CONF_BSET_READ_CD_XD4) {
3844 		un->un_f_cfg_read_cd_xd4 = TRUE;
3845 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3846 		    "sd_set_vers1_properties: read_cd_xd4 set\n");
3847 	}
3848 
3849 	/* Support for devices which do not have valid/unique serial numbers */
3850 	if (flags & SD_CONF_BSET_FAB_DEVID) {
3851 		un->un_f_opt_fab_devid = TRUE;
3852 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3853 		    "sd_set_vers1_properties: fab_devid bit set\n");
3854 	}
3855 
3856 	/* Support for user throttle configuration */
3857 	if (flags & SD_CONF_BSET_THROTTLE) {
3858 		ASSERT(prop_list != NULL);
3859 		un->un_saved_throttle = un->un_throttle =
3860 		    prop_list->sdt_throttle;
3861 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3862 		    "sd_set_vers1_properties: throttle set to %d\n",
3863 		    prop_list->sdt_throttle);
3864 	}
3865 
3866 	/* Set the per disk retry count according to the conf file or table. */
3867 	if (flags & SD_CONF_BSET_NRR_COUNT) {
3868 		ASSERT(prop_list != NULL);
3869 		if (prop_list->sdt_not_rdy_retries) {
3870 			un->un_notready_retry_count =
3871 				prop_list->sdt_not_rdy_retries;
3872 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3873 			    "sd_set_vers1_properties: not ready retry count"
3874 			    " set to %d\n", un->un_notready_retry_count);
3875 		}
3876 	}
3877 
3878 	/* The controller type is reported for generic disk driver ioctls */
3879 	if (flags & SD_CONF_BSET_CTYPE) {
3880 		ASSERT(prop_list != NULL);
3881 		switch (prop_list->sdt_ctype) {
3882 		case CTYPE_CDROM:
3883 			un->un_ctype = prop_list->sdt_ctype;
3884 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3885 			    "sd_set_vers1_properties: ctype set to "
3886 			    "CTYPE_CDROM\n");
3887 			break;
3888 		case CTYPE_CCS:
3889 			un->un_ctype = prop_list->sdt_ctype;
3890 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3891 				"sd_set_vers1_properties: ctype set to "
3892 				"CTYPE_CCS\n");
3893 			break;
3894 		case CTYPE_ROD:		/* RW optical */
3895 			un->un_ctype = prop_list->sdt_ctype;
3896 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3897 			    "sd_set_vers1_properties: ctype set to "
3898 			    "CTYPE_ROD\n");
3899 			break;
3900 		default:
3901 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3902 			    "sd_set_vers1_properties: Could not set "
3903 			    "invalid ctype value (%d)",
3904 			    prop_list->sdt_ctype);
3905 		}
3906 	}
3907 
3908 	/* Purple failover timeout */
3909 	if (flags & SD_CONF_BSET_BSY_RETRY_COUNT) {
3910 		ASSERT(prop_list != NULL);
3911 		un->un_busy_retry_count =
3912 			prop_list->sdt_busy_retries;
3913 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3914 		    "sd_set_vers1_properties: "
3915 		    "busy retry count set to %d\n",
3916 		    un->un_busy_retry_count);
3917 	}
3918 
3919 	/* Purple reset retry count */
3920 	if (flags & SD_CONF_BSET_RST_RETRIES) {
3921 		ASSERT(prop_list != NULL);
3922 		un->un_reset_retry_count =
3923 			prop_list->sdt_reset_retries;
3924 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3925 		    "sd_set_vers1_properties: "
3926 		    "reset retry count set to %d\n",
3927 		    un->un_reset_retry_count);
3928 	}
3929 
3930 	/* Purple reservation release timeout */
3931 	if (flags & SD_CONF_BSET_RSV_REL_TIME) {
3932 		ASSERT(prop_list != NULL);
3933 		un->un_reserve_release_time =
3934 			prop_list->sdt_reserv_rel_time;
3935 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3936 		    "sd_set_vers1_properties: "
3937 		    "reservation release timeout set to %d\n",
3938 		    un->un_reserve_release_time);
3939 	}
3940 
3941 	/*
3942 	 * Driver flag telling the driver to verify that no commands are pending
3943 	 * for a device before issuing a Test Unit Ready. This is a workaround
3944 	 * for a firmware bug in some Seagate eliteI drives.
3945 	 */
3946 	if (flags & SD_CONF_BSET_TUR_CHECK) {
3947 		un->un_f_cfg_tur_check = TRUE;
3948 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3949 		    "sd_set_vers1_properties: tur queue check set\n");
3950 	}
3951 
3952 	if (flags & SD_CONF_BSET_MIN_THROTTLE) {
3953 		un->un_min_throttle = prop_list->sdt_min_throttle;
3954 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3955 		    "sd_set_vers1_properties: min throttle set to %d\n",
3956 		    un->un_min_throttle);
3957 	}
3958 
3959 	if (flags & SD_CONF_BSET_DISKSORT_DISABLED) {
3960 		un->un_f_disksort_disabled =
3961 		    (prop_list->sdt_disk_sort_dis != 0) ?
3962 		    TRUE : FALSE;
3963 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3964 		    "sd_set_vers1_properties: disksort disabled "
3965 		    "flag set to %d\n",
3966 		    prop_list->sdt_disk_sort_dis);
3967 	}
3968 
3969 	if (flags & SD_CONF_BSET_LUN_RESET_ENABLED) {
3970 		un->un_f_lun_reset_enabled =
3971 		    (prop_list->sdt_lun_reset_enable != 0) ?
3972 		    TRUE : FALSE;
3973 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3974 		    "sd_set_vers1_properties: lun reset enabled "
3975 		    "flag set to %d\n",
3976 		    prop_list->sdt_lun_reset_enable);
3977 	}
3978 
3979 	/*
3980 	 * Validate the throttle values.
3981 	 * If any of the numbers are invalid, set everything to defaults.
3982 	 */
3983 	if ((un->un_throttle < SD_LOWEST_VALID_THROTTLE) ||
3984 	    (un->un_min_throttle < SD_LOWEST_VALID_THROTTLE) ||
3985 	    (un->un_min_throttle > un->un_throttle)) {
3986 		un->un_saved_throttle = un->un_throttle = sd_max_throttle;
3987 		un->un_min_throttle = sd_min_throttle;
3988 	}
3989 }
3990 
3991 /*
3992  *   Function: sd_is_lsi()
3993  *
3994  *   Description: Check for lsi devices, step throught the static device
3995  *	table to match vid/pid.
3996  *
3997  *   Args: un - ptr to sd_lun
3998  *
3999  *   Notes:  When creating new LSI property, need to add the new LSI property
4000  *		to this function.
4001  */
4002 static void
4003 sd_is_lsi(struct sd_lun *un)
4004 {
4005 	char	*id = NULL;
4006 	int	table_index;
4007 	int	idlen;
4008 	void	*prop;
4009 
4010 	ASSERT(un != NULL);
4011 	for (table_index = 0; table_index < sd_disk_table_size;
4012 	    table_index++) {
4013 		id = sd_disk_table[table_index].device_id;
4014 		idlen = strlen(id);
4015 		if (idlen == 0) {
4016 			continue;
4017 		}
4018 
4019 		if (sd_sdconf_id_match(un, id, idlen) == SD_SUCCESS) {
4020 			prop = sd_disk_table[table_index].properties;
4021 			if (prop == &lsi_properties ||
4022 			    prop == &lsi_oem_properties ||
4023 			    prop == &lsi_properties_scsi ||
4024 			    prop == &symbios_properties) {
4025 				un->un_f_cfg_is_lsi = TRUE;
4026 			}
4027 			break;
4028 		}
4029 	}
4030 }
4031 
4032 
4033 /*
4034  * The following routines support reading and interpretation of disk labels,
4035  * including Solaris BE (8-slice) vtoc's, Solaris LE (16-slice) vtoc's, and
4036  * fdisk tables.
4037  */
4038 
4039 /*
4040  *    Function: sd_validate_geometry
4041  *
4042  * Description: Read the label from the disk (if present). Update the unit's
4043  *		geometry and vtoc information from the data in the label.
4044  *		Verify that the label is valid.
4045  *
4046  *   Arguments: un - driver soft state (unit) structure
4047  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4048  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4049  *			to use the USCSI "direct" chain and bypass the normal
4050  *			command waitq.
4051  *
4052  * Return Code: 0 - Successful completion
4053  *		EINVAL  - Invalid value in un->un_tgt_blocksize or
4054  *			  un->un_blockcount; or label on disk is corrupted
4055  *			  or unreadable.
4056  *		EACCES  - Reservation conflict at the device.
4057  *		ENOMEM  - Resource allocation error
4058  *		ENOTSUP - geometry not applicable
4059  *
4060  *     Context: Kernel thread only (can sleep).
4061  */
4062 
4063 static int
4064 sd_validate_geometry(struct sd_lun *un, int path_flag)
4065 {
4066 	static	char		labelstring[128];
4067 	static	char		buf[256];
4068 	char	*label		= NULL;
4069 	int	label_error	= 0;
4070 	int	gvalid		= un->un_f_geometry_is_valid;
4071 	int	lbasize;
4072 	uint_t	capacity;
4073 	int	count;
4074 
4075 	ASSERT(un != NULL);
4076 	ASSERT(mutex_owned(SD_MUTEX(un)));
4077 
4078 	/*
4079 	 * If the required values are not valid, then try getting them
4080 	 * once via read capacity. If that fails, then fail this call.
4081 	 * This is necessary with the new mpxio failover behavior in
4082 	 * the T300 where we can get an attach for the inactive path
4083 	 * before the active path. The inactive path fails commands with
4084 	 * sense data of 02,04,88 which happens to the read capacity
4085 	 * before mpxio has had sufficient knowledge to know if it should
4086 	 * force a fail over or not. (Which it won't do at attach anyhow).
4087 	 * If the read capacity at attach time fails, un_tgt_blocksize and
4088 	 * un_blockcount won't be valid.
4089 	 */
4090 	if ((un->un_f_tgt_blocksize_is_valid != TRUE) ||
4091 	    (un->un_f_blockcount_is_valid != TRUE)) {
4092 		uint64_t	cap;
4093 		uint32_t	lbasz;
4094 		int		rval;
4095 
4096 		mutex_exit(SD_MUTEX(un));
4097 		rval = sd_send_scsi_READ_CAPACITY(un, &cap,
4098 		    &lbasz, SD_PATH_DIRECT);
4099 		mutex_enter(SD_MUTEX(un));
4100 		if (rval == 0) {
4101 			/*
4102 			 * The following relies on
4103 			 * sd_send_scsi_READ_CAPACITY never
4104 			 * returning 0 for capacity and/or lbasize.
4105 			 */
4106 			sd_update_block_info(un, lbasz, cap);
4107 		}
4108 
4109 		if ((un->un_f_tgt_blocksize_is_valid != TRUE) ||
4110 		    (un->un_f_blockcount_is_valid != TRUE)) {
4111 			return (EINVAL);
4112 		}
4113 	}
4114 
4115 	/*
4116 	 * Copy the lbasize and capacity so that if they're reset while we're
4117 	 * not holding the SD_MUTEX, we will continue to use valid values
4118 	 * after the SD_MUTEX is reacquired. (4119659)
4119 	 */
4120 	lbasize  = un->un_tgt_blocksize;
4121 	capacity = un->un_blockcount;
4122 
4123 #if defined(_SUNOS_VTOC_16)
4124 	/*
4125 	 * Set up the "whole disk" fdisk partition; this should always
4126 	 * exist, regardless of whether the disk contains an fdisk table
4127 	 * or vtoc.
4128 	 */
4129 	un->un_map[P0_RAW_DISK].dkl_cylno = 0;
4130 	un->un_map[P0_RAW_DISK].dkl_nblk  = capacity;
4131 #endif
4132 
4133 	/*
4134 	 * Refresh the logical and physical geometry caches.
4135 	 * (data from MODE SENSE format/rigid disk geometry pages,
4136 	 * and scsi_ifgetcap("geometry").
4137 	 */
4138 	sd_resync_geom_caches(un, capacity, lbasize, path_flag);
4139 
4140 	label_error = sd_use_efi(un, path_flag);
4141 	if (label_error == 0) {
4142 		/* found a valid EFI label */
4143 		SD_TRACE(SD_LOG_IO_PARTITION, un,
4144 			"sd_validate_geometry: found EFI label\n");
4145 		un->un_solaris_offset = 0;
4146 		un->un_solaris_size = capacity;
4147 		return (ENOTSUP);
4148 	}
4149 	if (un->un_blockcount > DK_MAX_BLOCKS) {
4150 		if (label_error == ESRCH) {
4151 			/*
4152 			 * they've configured a LUN over 1TB, but used
4153 			 * format.dat to restrict format's view of the
4154 			 * capacity to be under 1TB
4155 			 */
4156 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
4157 "is >1TB and has a VTOC label: use format(1M) to either decrease the");
4158 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
4159 "size to be < 1TB or relabel the disk with an EFI label");
4160 		} else {
4161 			/* unlabeled disk over 1TB */
4162 			return (ENOTSUP);
4163 		}
4164 	}
4165 	label_error = 0;
4166 
4167 	/*
4168 	 * at this point it is either labeled with a VTOC or it is
4169 	 * under 1TB
4170 	 */
4171 
4172 	/*
4173 	 * Only DIRECT ACCESS devices will have Sun labels.
4174 	 * CD's supposedly have a Sun label, too
4175 	 */
4176 	if (SD_INQUIRY(un)->inq_dtype == DTYPE_DIRECT || ISREMOVABLE(un)) {
4177 		struct	dk_label *dkl;
4178 		offset_t dkl1;
4179 		offset_t label_addr, real_addr;
4180 		int	rval;
4181 		size_t	buffer_size;
4182 
4183 		/*
4184 		 * Note: This will set up un->un_solaris_size and
4185 		 * un->un_solaris_offset.
4186 		 */
4187 		switch (sd_read_fdisk(un, capacity, lbasize, path_flag)) {
4188 		case SD_CMD_RESERVATION_CONFLICT:
4189 			ASSERT(mutex_owned(SD_MUTEX(un)));
4190 			return (EACCES);
4191 		case SD_CMD_FAILURE:
4192 			ASSERT(mutex_owned(SD_MUTEX(un)));
4193 			return (ENOMEM);
4194 		}
4195 
4196 		if (un->un_solaris_size <= DK_LABEL_LOC) {
4197 			/*
4198 			 * Found fdisk table but no Solaris partition entry,
4199 			 * so don't call sd_uselabel() and don't create
4200 			 * a default label.
4201 			 */
4202 			label_error = 0;
4203 			un->un_f_geometry_is_valid = TRUE;
4204 			goto no_solaris_partition;
4205 		}
4206 		label_addr = (daddr_t)(un->un_solaris_offset + DK_LABEL_LOC);
4207 
4208 		/*
4209 		 * sys_blocksize != tgt_blocksize, need to re-adjust
4210 		 * blkno and save the index to beginning of dk_label
4211 		 */
4212 		real_addr = SD_SYS2TGTBLOCK(un, label_addr);
4213 		buffer_size = SD_REQBYTES2TGTBYTES(un,
4214 		    sizeof (struct dk_label));
4215 
4216 		SD_TRACE(SD_LOG_IO_PARTITION, un, "sd_validate_geometry: "
4217 		    "label_addr: 0x%x allocation size: 0x%x\n",
4218 		    label_addr, buffer_size);
4219 		dkl = kmem_zalloc(buffer_size, KM_NOSLEEP);
4220 		if (dkl == NULL) {
4221 			return (ENOMEM);
4222 		}
4223 
4224 		mutex_exit(SD_MUTEX(un));
4225 		rval = sd_send_scsi_READ(un, dkl, buffer_size, real_addr,
4226 		    path_flag);
4227 		mutex_enter(SD_MUTEX(un));
4228 
4229 		switch (rval) {
4230 		case 0:
4231 			/*
4232 			 * sd_uselabel will establish that the geometry
4233 			 * is valid.
4234 			 * For sys_blocksize != tgt_blocksize, need
4235 			 * to index into the beginning of dk_label
4236 			 */
4237 			dkl1 = (daddr_t)dkl
4238 				+ SD_TGTBYTEOFFSET(un, label_addr, real_addr);
4239 			if (sd_uselabel(un, (struct dk_label *)(uintptr_t)dkl1,
4240 			    path_flag) != SD_LABEL_IS_VALID) {
4241 				label_error = EINVAL;
4242 			}
4243 			break;
4244 		case EACCES:
4245 			label_error = EACCES;
4246 			break;
4247 		default:
4248 			label_error = EINVAL;
4249 			break;
4250 		}
4251 
4252 		kmem_free(dkl, buffer_size);
4253 
4254 #if defined(_SUNOS_VTOC_8)
4255 		label = (char *)un->un_asciilabel;
4256 #elif defined(_SUNOS_VTOC_16)
4257 		label = (char *)un->un_vtoc.v_asciilabel;
4258 #else
4259 #error "No VTOC format defined."
4260 #endif
4261 	}
4262 
4263 	/*
4264 	 * If a valid label was not found, AND if no reservation conflict
4265 	 * was detected, then go ahead and create a default label (4069506).
4266 	 *
4267 	 * Note: currently, for VTOC_8 devices, the default label is created
4268 	 * for removables only.  For VTOC_16 devices, the default label will
4269 	 * be created for both removables and non-removables alike.
4270 	 * (see sd_build_default_label)
4271 	 */
4272 #if defined(_SUNOS_VTOC_8)
4273 	if (ISREMOVABLE(un) && (label_error != EACCES)) {
4274 #elif defined(_SUNOS_VTOC_16)
4275 	if (label_error != EACCES) {
4276 #endif
4277 		if (un->un_f_geometry_is_valid == FALSE) {
4278 			sd_build_default_label(un);
4279 		}
4280 		label_error = 0;
4281 	}
4282 
4283 no_solaris_partition:
4284 	if ((!ISREMOVABLE(un) ||
4285 	    (ISREMOVABLE(un) && un->un_mediastate == DKIO_EJECTED)) &&
4286 	    (un->un_state == SD_STATE_NORMAL && gvalid == FALSE)) {
4287 		/*
4288 		 * Print out a message indicating who and what we are.
4289 		 * We do this only when we happen to really validate the
4290 		 * geometry. We may call sd_validate_geometry() at other
4291 		 * times, e.g., ioctl()'s like Get VTOC in which case we
4292 		 * don't want to print the label.
4293 		 * If the geometry is valid, print the label string,
4294 		 * else print vendor and product info, if available
4295 		 */
4296 		if ((un->un_f_geometry_is_valid == TRUE) && (label != NULL)) {
4297 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "?<%s>\n", label);
4298 		} else {
4299 			mutex_enter(&sd_label_mutex);
4300 			sd_inq_fill(SD_INQUIRY(un)->inq_vid, VIDMAX,
4301 			    labelstring);
4302 			sd_inq_fill(SD_INQUIRY(un)->inq_pid, PIDMAX,
4303 			    &labelstring[64]);
4304 			(void) sprintf(buf, "?Vendor '%s', product '%s'",
4305 			    labelstring, &labelstring[64]);
4306 			if (un->un_f_blockcount_is_valid == TRUE) {
4307 				(void) sprintf(&buf[strlen(buf)],
4308 				    ", %llu %u byte blocks\n",
4309 				    (longlong_t)un->un_blockcount,
4310 				    un->un_tgt_blocksize);
4311 			} else {
4312 				(void) sprintf(&buf[strlen(buf)],
4313 				    ", (unknown capacity)\n");
4314 			}
4315 			SD_INFO(SD_LOG_ATTACH_DETACH, un, buf);
4316 			mutex_exit(&sd_label_mutex);
4317 		}
4318 	}
4319 
4320 #if defined(_SUNOS_VTOC_16)
4321 	/*
4322 	 * If we have valid geometry, set up the remaining fdisk partitions.
4323 	 * Note that dkl_cylno is not used for the fdisk map entries, so
4324 	 * we set it to an entirely bogus value.
4325 	 */
4326 	for (count = 0; count < FD_NUMPART; count++) {
4327 		un->un_map[FDISK_P1 + count].dkl_cylno = -1;
4328 		un->un_map[FDISK_P1 + count].dkl_nblk =
4329 		    un->un_fmap[count].fmap_nblk;
4330 
4331 		un->un_offset[FDISK_P1 + count] =
4332 		    un->un_fmap[count].fmap_start;
4333 	}
4334 #endif
4335 
4336 	for (count = 0; count < NDKMAP; count++) {
4337 #if defined(_SUNOS_VTOC_8)
4338 		struct dk_map *lp  = &un->un_map[count];
4339 		un->un_offset[count] =
4340 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
4341 #elif defined(_SUNOS_VTOC_16)
4342 		struct dkl_partition *vp = &un->un_vtoc.v_part[count];
4343 
4344 		un->un_offset[count] = vp->p_start + un->un_solaris_offset;
4345 #else
4346 #error "No VTOC format defined."
4347 #endif
4348 	}
4349 
4350 	return (label_error);
4351 }
4352 
4353 
4354 #if defined(_SUNOS_VTOC_16)
4355 /*
4356  * Macro: MAX_BLKS
4357  *
4358  *	This macro is used for table entries where we need to have the largest
4359  *	possible sector value for that head & SPT (sectors per track)
4360  *	combination.  Other entries for some smaller disk sizes are set by
4361  *	convention to match those used by X86 BIOS usage.
4362  */
4363 #define	MAX_BLKS(heads, spt)	UINT16_MAX * heads * spt, heads, spt
4364 
4365 /*
4366  *    Function: sd_convert_geometry
4367  *
4368  * Description: Convert physical geometry into a dk_geom structure. In
4369  *		other words, make sure we don't wrap 16-bit values.
4370  *		e.g. converting from geom_cache to dk_geom
4371  *
4372  *     Context: Kernel thread only
4373  */
4374 static void
4375 sd_convert_geometry(uint64_t capacity, struct dk_geom *un_g)
4376 {
4377 	int i;
4378 	static const struct chs_values {
4379 		uint_t max_cap;		/* Max Capacity for this HS. */
4380 		uint_t nhead;		/* Heads to use. */
4381 		uint_t nsect;		/* SPT to use. */
4382 	} CHS_values[] = {
4383 		{0x00200000,  64, 32},		/* 1GB or smaller disk. */
4384 		{0x01000000, 128, 32},		/* 8GB or smaller disk. */
4385 		{MAX_BLKS(255,  63)},		/* 502.02GB or smaller disk. */
4386 		{MAX_BLKS(255, 126)},		/* .98TB or smaller disk. */
4387 		{DK_MAX_BLOCKS, 255, 189}	/* Max size is just under 1TB */
4388 	};
4389 
4390 	/* Unlabeled SCSI floppy device */
4391 	if (capacity <= 0x1000) {
4392 		un_g->dkg_nhead = 2;
4393 		un_g->dkg_ncyl = 80;
4394 		un_g->dkg_nsect = capacity / (un_g->dkg_nhead * un_g->dkg_ncyl);
4395 		return;
4396 	}
4397 
4398 	/*
4399 	 * For all devices we calculate cylinders using the
4400 	 * heads and sectors we assign based on capacity of the
4401 	 * device.  The table is designed to be compatible with the
4402 	 * way other operating systems lay out fdisk tables for X86
4403 	 * and to insure that the cylinders never exceed 65535 to
4404 	 * prevent problems with X86 ioctls that report geometry.
4405 	 * We use SPT that are multiples of 63, since other OSes that
4406 	 * are not limited to 16-bits for cylinders stop at 63 SPT
4407 	 * we make do by using multiples of 63 SPT.
4408 	 *
4409 	 * Note than capacities greater than or equal to 1TB will simply
4410 	 * get the largest geometry from the table. This should be okay
4411 	 * since disks this large shouldn't be using CHS values anyway.
4412 	 */
4413 	for (i = 0; CHS_values[i].max_cap < capacity &&
4414 	    CHS_values[i].max_cap != DK_MAX_BLOCKS; i++)
4415 		;
4416 
4417 	un_g->dkg_nhead = CHS_values[i].nhead;
4418 	un_g->dkg_nsect = CHS_values[i].nsect;
4419 }
4420 #endif
4421 
4422 
4423 /*
4424  *    Function: sd_resync_geom_caches
4425  *
4426  * Description: (Re)initialize both geometry caches: the virtual geometry
4427  *		information is extracted from the HBA (the "geometry"
4428  *		capability), and the physical geometry cache data is
4429  *		generated by issuing MODE SENSE commands.
4430  *
4431  *   Arguments: un - driver soft state (unit) structure
4432  *		capacity - disk capacity in #blocks
4433  *		lbasize - disk block size in bytes
4434  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4435  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4436  *			to use the USCSI "direct" chain and bypass the normal
4437  *			command waitq.
4438  *
4439  *     Context: Kernel thread only (can sleep).
4440  */
4441 
4442 static void
4443 sd_resync_geom_caches(struct sd_lun *un, int capacity, int lbasize,
4444 	int path_flag)
4445 {
4446 	struct 	geom_cache 	pgeom;
4447 	struct 	geom_cache	*pgeom_p = &pgeom;
4448 	int 	spc;
4449 	unsigned short nhead;
4450 	unsigned short nsect;
4451 
4452 	ASSERT(un != NULL);
4453 	ASSERT(mutex_owned(SD_MUTEX(un)));
4454 
4455 	/*
4456 	 * Ask the controller for its logical geometry.
4457 	 * Note: if the HBA does not support scsi_ifgetcap("geometry"),
4458 	 * then the lgeom cache will be invalid.
4459 	 */
4460 	sd_get_virtual_geometry(un, capacity, lbasize);
4461 
4462 	/*
4463 	 * Initialize the pgeom cache from lgeom, so that if MODE SENSE
4464 	 * doesn't work, DKIOCG_PHYSGEOM can return reasonable values.
4465 	 */
4466 	if (un->un_lgeom.g_nsect == 0 || un->un_lgeom.g_nhead == 0) {
4467 		/*
4468 		 * Note: Perhaps this needs to be more adaptive? The rationale
4469 		 * is that, if there's no HBA geometry from the HBA driver, any
4470 		 * guess is good, since this is the physical geometry. If MODE
4471 		 * SENSE fails this gives a max cylinder size for non-LBA access
4472 		 */
4473 		nhead = 255;
4474 		nsect = 63;
4475 	} else {
4476 		nhead = un->un_lgeom.g_nhead;
4477 		nsect = un->un_lgeom.g_nsect;
4478 	}
4479 
4480 	if (ISCD(un)) {
4481 		pgeom_p->g_nhead = 1;
4482 		pgeom_p->g_nsect = nsect * nhead;
4483 	} else {
4484 		pgeom_p->g_nhead = nhead;
4485 		pgeom_p->g_nsect = nsect;
4486 	}
4487 
4488 	spc = pgeom_p->g_nhead * pgeom_p->g_nsect;
4489 	pgeom_p->g_capacity = capacity;
4490 	pgeom_p->g_ncyl = pgeom_p->g_capacity / spc;
4491 	pgeom_p->g_acyl = 0;
4492 
4493 	/*
4494 	 * Retrieve fresh geometry data from the hardware, stash it
4495 	 * here temporarily before we rebuild the incore label.
4496 	 *
4497 	 * We want to use the MODE SENSE commands to derive the
4498 	 * physical geometry of the device, but if either command
4499 	 * fails, the logical geometry is used as the fallback for
4500 	 * disk label geometry.
4501 	 */
4502 	mutex_exit(SD_MUTEX(un));
4503 	sd_get_physical_geometry(un, pgeom_p, capacity, lbasize, path_flag);
4504 	mutex_enter(SD_MUTEX(un));
4505 
4506 	/*
4507 	 * Now update the real copy while holding the mutex. This
4508 	 * way the global copy is never in an inconsistent state.
4509 	 */
4510 	bcopy(pgeom_p, &un->un_pgeom,  sizeof (un->un_pgeom));
4511 
4512 	SD_INFO(SD_LOG_COMMON, un, "sd_resync_geom_caches: "
4513 	    "(cached from lgeom)\n");
4514 	SD_INFO(SD_LOG_COMMON, un,
4515 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
4516 	    un->un_pgeom.g_ncyl, un->un_pgeom.g_acyl,
4517 	    un->un_pgeom.g_nhead, un->un_pgeom.g_nsect);
4518 	SD_INFO(SD_LOG_COMMON, un, "   lbasize: %d; capacity: %ld; "
4519 	    "intrlv: %d; rpm: %d\n", un->un_pgeom.g_secsize,
4520 	    un->un_pgeom.g_capacity, un->un_pgeom.g_intrlv,
4521 	    un->un_pgeom.g_rpm);
4522 }
4523 
4524 
4525 /*
4526  *    Function: sd_read_fdisk
4527  *
4528  * Description: utility routine to read the fdisk table.
4529  *
4530  *   Arguments: un - driver soft state (unit) structure
4531  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4532  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4533  *			to use the USCSI "direct" chain and bypass the normal
4534  *			command waitq.
4535  *
4536  * Return Code: SD_CMD_SUCCESS
4537  *		SD_CMD_FAILURE
4538  *
4539  *     Context: Kernel thread only (can sleep).
4540  */
4541 /* ARGSUSED */
4542 static int
4543 sd_read_fdisk(struct sd_lun *un, uint_t capacity, int lbasize, int path_flag)
4544 {
4545 #if defined(_NO_FDISK_PRESENT)
4546 
4547 	un->un_solaris_offset = 0;
4548 	un->un_solaris_size = capacity;
4549 	bzero(un->un_fmap, sizeof (struct fmap) * FD_NUMPART);
4550 	return (SD_CMD_SUCCESS);
4551 
4552 #elif defined(_FIRMWARE_NEEDS_FDISK)
4553 
4554 	struct ipart	*fdp;
4555 	struct mboot	*mbp;
4556 	struct ipart	fdisk[FD_NUMPART];
4557 	int		i;
4558 	char		sigbuf[2];
4559 	caddr_t		bufp;
4560 	int		uidx;
4561 	int		rval;
4562 	int		lba = 0;
4563 	uint_t		solaris_offset;	/* offset to solaris part. */
4564 	daddr_t		solaris_size;	/* size of solaris partition */
4565 	uint32_t	blocksize;
4566 
4567 	ASSERT(un != NULL);
4568 	ASSERT(mutex_owned(SD_MUTEX(un)));
4569 	ASSERT(un->un_f_tgt_blocksize_is_valid == TRUE);
4570 
4571 	blocksize = un->un_tgt_blocksize;
4572 
4573 	/*
4574 	 * Start off assuming no fdisk table
4575 	 */
4576 	solaris_offset = 0;
4577 	solaris_size   = capacity;
4578 
4579 	mutex_exit(SD_MUTEX(un));
4580 	bufp = kmem_zalloc(blocksize, KM_SLEEP);
4581 	rval = sd_send_scsi_READ(un, bufp, blocksize, 0, path_flag);
4582 	mutex_enter(SD_MUTEX(un));
4583 
4584 	if (rval != 0) {
4585 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4586 		    "sd_read_fdisk: fdisk read err\n");
4587 		kmem_free(bufp, blocksize);
4588 		return (SD_CMD_FAILURE);
4589 	}
4590 
4591 	mbp = (struct mboot *)bufp;
4592 
4593 	/*
4594 	 * The fdisk table does not begin on a 4-byte boundary within the
4595 	 * master boot record, so we copy it to an aligned structure to avoid
4596 	 * alignment exceptions on some processors.
4597 	 */
4598 	bcopy(&mbp->parts[0], fdisk, sizeof (fdisk));
4599 
4600 	/*
4601 	 * Check for lba support before verifying sig; sig might not be
4602 	 * there, say on a blank disk, but the max_chs mark may still
4603 	 * be present.
4604 	 *
4605 	 * Note: LBA support and BEFs are an x86-only concept but this
4606 	 * code should work OK on SPARC as well.
4607 	 */
4608 
4609 	/*
4610 	 * First, check for lba-access-ok on root node (or prom root node)
4611 	 * if present there, don't need to search fdisk table.
4612 	 */
4613 	if (ddi_getprop(DDI_DEV_T_ANY, ddi_root_node(), 0,
4614 	    "lba-access-ok", 0) != 0) {
4615 		/* All drives do LBA; don't search fdisk table */
4616 		lba = 1;
4617 	} else {
4618 		/* Okay, look for mark in fdisk table */
4619 		for (fdp = fdisk, i = 0; i < FD_NUMPART; i++, fdp++) {
4620 			/* accumulate "lba" value from all partitions */
4621 			lba = (lba || sd_has_max_chs_vals(fdp));
4622 		}
4623 	}
4624 
4625 	/*
4626 	 * Next, look for 'no-bef-lba-access' prop on parent.
4627 	 * Its presence means the realmode driver doesn't support
4628 	 * LBA, so the target driver shouldn't advertise it as ok.
4629 	 * This should be a temporary condition; one day all
4630 	 * BEFs should support the LBA access functions.
4631 	 */
4632 	if ((lba != 0) && (ddi_getprop(DDI_DEV_T_ANY,
4633 	    ddi_get_parent(SD_DEVINFO(un)), DDI_PROP_DONTPASS,
4634 	    "no-bef-lba-access", 0) != 0)) {
4635 		/* BEF doesn't support LBA; don't advertise it as ok */
4636 		lba = 0;
4637 	}
4638 
4639 	if (lba != 0) {
4640 		dev_t dev = sd_make_device(SD_DEVINFO(un));
4641 
4642 		if (ddi_getprop(dev, SD_DEVINFO(un), DDI_PROP_DONTPASS,
4643 		    "lba-access-ok", 0) == 0) {
4644 			/* not found; create it */
4645 			if (ddi_prop_create(dev, SD_DEVINFO(un), 0,
4646 			    "lba-access-ok", (caddr_t)NULL, 0) !=
4647 			    DDI_PROP_SUCCESS) {
4648 				SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4649 				    "sd_read_fdisk: Can't create lba property "
4650 				    "for instance %d\n",
4651 				    ddi_get_instance(SD_DEVINFO(un)));
4652 			}
4653 		}
4654 	}
4655 
4656 	bcopy(&mbp->signature, sigbuf, sizeof (sigbuf));
4657 
4658 	/*
4659 	 * Endian-independent signature check
4660 	 */
4661 	if (((sigbuf[1] & 0xFF) != ((MBB_MAGIC >> 8) & 0xFF)) ||
4662 	    (sigbuf[0] != (MBB_MAGIC & 0xFF))) {
4663 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4664 		    "sd_read_fdisk: no fdisk\n");
4665 		bzero(un->un_fmap, sizeof (struct fmap) * FD_NUMPART);
4666 		rval = SD_CMD_SUCCESS;
4667 		goto done;
4668 	}
4669 
4670 #ifdef SDDEBUG
4671 	if (sd_level_mask & SD_LOGMASK_INFO) {
4672 		fdp = fdisk;
4673 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_read_fdisk:\n");
4674 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "         relsect    "
4675 		    "numsect         sysid       bootid\n");
4676 		for (i = 0; i < FD_NUMPART; i++, fdp++) {
4677 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
4678 			    "    %d:  %8d   %8d     0x%08x     0x%08x\n",
4679 			    i, fdp->relsect, fdp->numsect,
4680 			    fdp->systid, fdp->bootid);
4681 		}
4682 	}
4683 #endif
4684 
4685 	/*
4686 	 * Try to find the unix partition
4687 	 */
4688 	uidx = -1;
4689 	solaris_offset = 0;
4690 	solaris_size   = 0;
4691 
4692 	for (fdp = fdisk, i = 0; i < FD_NUMPART; i++, fdp++) {
4693 		int	relsect;
4694 		int	numsect;
4695 
4696 		if (fdp->numsect == 0) {
4697 			un->un_fmap[i].fmap_start = 0;
4698 			un->un_fmap[i].fmap_nblk  = 0;
4699 			continue;
4700 		}
4701 
4702 		/*
4703 		 * Data in the fdisk table is little-endian.
4704 		 */
4705 		relsect = LE_32(fdp->relsect);
4706 		numsect = LE_32(fdp->numsect);
4707 
4708 		un->un_fmap[i].fmap_start = relsect;
4709 		un->un_fmap[i].fmap_nblk  = numsect;
4710 
4711 		if (fdp->systid != SUNIXOS &&
4712 		    fdp->systid != SUNIXOS2 &&
4713 		    fdp->systid != EFI_PMBR) {
4714 			continue;
4715 		}
4716 
4717 		/*
4718 		 * use the last active solaris partition id found
4719 		 * (there should only be 1 active partition id)
4720 		 *
4721 		 * if there are no active solaris partition id
4722 		 * then use the first inactive solaris partition id
4723 		 */
4724 		if ((uidx == -1) || (fdp->bootid == ACTIVE)) {
4725 			uidx = i;
4726 			solaris_offset = relsect;
4727 			solaris_size   = numsect;
4728 		}
4729 	}
4730 
4731 	SD_INFO(SD_LOG_ATTACH_DETACH, un, "fdisk 0x%x 0x%lx",
4732 	    un->un_solaris_offset, un->un_solaris_size);
4733 
4734 	rval = SD_CMD_SUCCESS;
4735 
4736 done:
4737 
4738 	/*
4739 	 * Clear the VTOC info, only if the Solaris partition entry
4740 	 * has moved, changed size, been deleted, or if the size of
4741 	 * the partition is too small to even fit the label sector.
4742 	 */
4743 	if ((un->un_solaris_offset != solaris_offset) ||
4744 	    (un->un_solaris_size != solaris_size) ||
4745 	    solaris_size <= DK_LABEL_LOC) {
4746 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "fdisk moved 0x%x 0x%lx",
4747 			solaris_offset, solaris_size);
4748 		bzero(&un->un_g, sizeof (struct dk_geom));
4749 		bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
4750 		bzero(&un->un_map, NDKMAP * (sizeof (struct dk_map)));
4751 		un->un_f_geometry_is_valid = FALSE;
4752 	}
4753 	un->un_solaris_offset = solaris_offset;
4754 	un->un_solaris_size = solaris_size;
4755 	kmem_free(bufp, blocksize);
4756 	return (rval);
4757 
4758 #else	/* #elif defined(_FIRMWARE_NEEDS_FDISK) */
4759 #error "fdisk table presence undetermined for this platform."
4760 #endif	/* #if defined(_NO_FDISK_PRESENT) */
4761 }
4762 
4763 
4764 /*
4765  *    Function: sd_get_physical_geometry
4766  *
4767  * Description: Retrieve the MODE SENSE page 3 (Format Device Page) and
4768  *		MODE SENSE page 4 (Rigid Disk Drive Geometry Page) from the
4769  *		target, and use this information to initialize the physical
4770  *		geometry cache specified by pgeom_p.
4771  *
4772  *		MODE SENSE is an optional command, so failure in this case
4773  *		does not necessarily denote an error. We want to use the
4774  *		MODE SENSE commands to derive the physical geometry of the
4775  *		device, but if either command fails, the logical geometry is
4776  *		used as the fallback for disk label geometry.
4777  *
4778  *		This requires that un->un_blockcount and un->un_tgt_blocksize
4779  *		have already been initialized for the current target and
4780  *		that the current values be passed as args so that we don't
4781  *		end up ever trying to use -1 as a valid value. This could
4782  *		happen if either value is reset while we're not holding
4783  *		the mutex.
4784  *
4785  *   Arguments: un - driver soft state (unit) structure
4786  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4787  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4788  *			to use the USCSI "direct" chain and bypass the normal
4789  *			command waitq.
4790  *
4791  *     Context: Kernel thread only (can sleep).
4792  */
4793 
4794 static void
4795 sd_get_physical_geometry(struct sd_lun *un, struct geom_cache *pgeom_p,
4796 	int capacity, int lbasize, int path_flag)
4797 {
4798 	struct	mode_format	*page3p;
4799 	struct	mode_geometry	*page4p;
4800 	struct	mode_header	*headerp;
4801 	int	sector_size;
4802 	int	nsect;
4803 	int	nhead;
4804 	int	ncyl;
4805 	int	intrlv;
4806 	int	spc;
4807 	int	modesense_capacity;
4808 	int	rpm;
4809 	int	bd_len;
4810 	int	mode_header_length;
4811 	uchar_t	*p3bufp;
4812 	uchar_t	*p4bufp;
4813 	int	cdbsize;
4814 
4815 	ASSERT(un != NULL);
4816 	ASSERT(!(mutex_owned(SD_MUTEX(un))));
4817 
4818 	if (un->un_f_blockcount_is_valid != TRUE) {
4819 		return;
4820 	}
4821 
4822 	if (un->un_f_tgt_blocksize_is_valid != TRUE) {
4823 		return;
4824 	}
4825 
4826 	if (lbasize == 0) {
4827 		if (ISCD(un)) {
4828 			lbasize = 2048;
4829 		} else {
4830 			lbasize = un->un_sys_blocksize;
4831 		}
4832 	}
4833 	pgeom_p->g_secsize = (unsigned short)lbasize;
4834 
4835 	cdbsize = (un->un_f_cfg_is_atapi == TRUE) ? CDB_GROUP2 : CDB_GROUP0;
4836 
4837 	/*
4838 	 * Retrieve MODE SENSE page 3 - Format Device Page
4839 	 */
4840 	p3bufp = kmem_zalloc(SD_MODE_SENSE_PAGE3_LENGTH, KM_SLEEP);
4841 	if (sd_send_scsi_MODE_SENSE(un, cdbsize, p3bufp,
4842 	    SD_MODE_SENSE_PAGE3_LENGTH, SD_MODE_SENSE_PAGE3_CODE, path_flag)
4843 	    != 0) {
4844 		SD_ERROR(SD_LOG_COMMON, un,
4845 		    "sd_get_physical_geometry: mode sense page 3 failed\n");
4846 		goto page3_exit;
4847 	}
4848 
4849 	/*
4850 	 * Determine size of Block Descriptors in order to locate the mode
4851 	 * page data.  ATAPI devices return 0, SCSI devices should return
4852 	 * MODE_BLK_DESC_LENGTH.
4853 	 */
4854 	headerp = (struct mode_header *)p3bufp;
4855 	if (un->un_f_cfg_is_atapi == TRUE) {
4856 		struct mode_header_grp2 *mhp =
4857 		    (struct mode_header_grp2 *)headerp;
4858 		mode_header_length = MODE_HEADER_LENGTH_GRP2;
4859 		bd_len = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
4860 	} else {
4861 		mode_header_length = MODE_HEADER_LENGTH;
4862 		bd_len = ((struct mode_header *)headerp)->bdesc_length;
4863 	}
4864 
4865 	if (bd_len > MODE_BLK_DESC_LENGTH) {
4866 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4867 		    "received unexpected bd_len of %d, page3\n", bd_len);
4868 		goto page3_exit;
4869 	}
4870 
4871 	page3p = (struct mode_format *)
4872 	    ((caddr_t)headerp + mode_header_length + bd_len);
4873 
4874 	if (page3p->mode_page.code != SD_MODE_SENSE_PAGE3_CODE) {
4875 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4876 		    "mode sense pg3 code mismatch %d\n",
4877 		    page3p->mode_page.code);
4878 		goto page3_exit;
4879 	}
4880 
4881 	/*
4882 	 * Use this physical geometry data only if BOTH MODE SENSE commands
4883 	 * complete successfully; otherwise, revert to the logical geometry.
4884 	 * So, we need to save everything in temporary variables.
4885 	 */
4886 	sector_size = BE_16(page3p->data_bytes_sect);
4887 
4888 	/*
4889 	 * 1243403: The NEC D38x7 drives do not support MODE SENSE sector size
4890 	 */
4891 	if (sector_size == 0) {
4892 		sector_size = (ISCD(un)) ? 2048 : un->un_sys_blocksize;
4893 	} else {
4894 		sector_size &= ~(un->un_sys_blocksize - 1);
4895 	}
4896 
4897 	nsect  = BE_16(page3p->sect_track);
4898 	intrlv = BE_16(page3p->interleave);
4899 
4900 	SD_INFO(SD_LOG_COMMON, un,
4901 	    "sd_get_physical_geometry: Format Parameters (page 3)\n");
4902 	SD_INFO(SD_LOG_COMMON, un,
4903 	    "   mode page: %d; nsect: %d; sector size: %d;\n",
4904 	    page3p->mode_page.code, nsect, sector_size);
4905 	SD_INFO(SD_LOG_COMMON, un,
4906 	    "   interleave: %d; track skew: %d; cylinder skew: %d;\n", intrlv,
4907 	    BE_16(page3p->track_skew),
4908 	    BE_16(page3p->cylinder_skew));
4909 
4910 
4911 	/*
4912 	 * Retrieve MODE SENSE page 4 - Rigid Disk Drive Geometry Page
4913 	 */
4914 	p4bufp = kmem_zalloc(SD_MODE_SENSE_PAGE4_LENGTH, KM_SLEEP);
4915 	if (sd_send_scsi_MODE_SENSE(un, cdbsize, p4bufp,
4916 	    SD_MODE_SENSE_PAGE4_LENGTH, SD_MODE_SENSE_PAGE4_CODE, path_flag)
4917 	    != 0) {
4918 		SD_ERROR(SD_LOG_COMMON, un,
4919 		    "sd_get_physical_geometry: mode sense page 4 failed\n");
4920 		goto page4_exit;
4921 	}
4922 
4923 	/*
4924 	 * Determine size of Block Descriptors in order to locate the mode
4925 	 * page data.  ATAPI devices return 0, SCSI devices should return
4926 	 * MODE_BLK_DESC_LENGTH.
4927 	 */
4928 	headerp = (struct mode_header *)p4bufp;
4929 	if (un->un_f_cfg_is_atapi == TRUE) {
4930 		struct mode_header_grp2 *mhp =
4931 		    (struct mode_header_grp2 *)headerp;
4932 		bd_len = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
4933 	} else {
4934 		bd_len = ((struct mode_header *)headerp)->bdesc_length;
4935 	}
4936 
4937 	if (bd_len > MODE_BLK_DESC_LENGTH) {
4938 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4939 		    "received unexpected bd_len of %d, page4\n", bd_len);
4940 		goto page4_exit;
4941 	}
4942 
4943 	page4p = (struct mode_geometry *)
4944 	    ((caddr_t)headerp + mode_header_length + bd_len);
4945 
4946 	if (page4p->mode_page.code != SD_MODE_SENSE_PAGE4_CODE) {
4947 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4948 		    "mode sense pg4 code mismatch %d\n",
4949 		    page4p->mode_page.code);
4950 		goto page4_exit;
4951 	}
4952 
4953 	/*
4954 	 * Stash the data now, after we know that both commands completed.
4955 	 */
4956 
4957 	mutex_enter(SD_MUTEX(un));
4958 
4959 	nhead = (int)page4p->heads;	/* uchar, so no conversion needed */
4960 	spc   = nhead * nsect;
4961 	ncyl  = (page4p->cyl_ub << 16) + (page4p->cyl_mb << 8) + page4p->cyl_lb;
4962 	rpm   = BE_16(page4p->rpm);
4963 
4964 	modesense_capacity = spc * ncyl;
4965 
4966 	SD_INFO(SD_LOG_COMMON, un,
4967 	    "sd_get_physical_geometry: Geometry Parameters (page 4)\n");
4968 	SD_INFO(SD_LOG_COMMON, un,
4969 	    "   cylinders: %d; heads: %d; rpm: %d;\n", ncyl, nhead, rpm);
4970 	SD_INFO(SD_LOG_COMMON, un,
4971 	    "   computed capacity(h*s*c): %d;\n", modesense_capacity);
4972 	SD_INFO(SD_LOG_COMMON, un, "   pgeom_p: %p; read cap: %d\n",
4973 	    (void *)pgeom_p, capacity);
4974 
4975 	/*
4976 	 * Compensate if the drive's geometry is not rectangular, i.e.,
4977 	 * the product of C * H * S returned by MODE SENSE >= that returned
4978 	 * by read capacity. This is an idiosyncrasy of the original x86
4979 	 * disk subsystem.
4980 	 */
4981 	if (modesense_capacity >= capacity) {
4982 		SD_INFO(SD_LOG_COMMON, un,
4983 		    "sd_get_physical_geometry: adjusting acyl; "
4984 		    "old: %d; new: %d\n", pgeom_p->g_acyl,
4985 		    (modesense_capacity - capacity + spc - 1) / spc);
4986 		if (sector_size != 0) {
4987 			/* 1243403: NEC D38x7 drives don't support sec size */
4988 			pgeom_p->g_secsize = (unsigned short)sector_size;
4989 		}
4990 		pgeom_p->g_nsect    = (unsigned short)nsect;
4991 		pgeom_p->g_nhead    = (unsigned short)nhead;
4992 		pgeom_p->g_capacity = capacity;
4993 		pgeom_p->g_acyl	    =
4994 		    (modesense_capacity - pgeom_p->g_capacity + spc - 1) / spc;
4995 		pgeom_p->g_ncyl	    = ncyl - pgeom_p->g_acyl;
4996 	}
4997 
4998 	pgeom_p->g_rpm    = (unsigned short)rpm;
4999 	pgeom_p->g_intrlv = (unsigned short)intrlv;
5000 
5001 	SD_INFO(SD_LOG_COMMON, un,
5002 	    "sd_get_physical_geometry: mode sense geometry:\n");
5003 	SD_INFO(SD_LOG_COMMON, un,
5004 	    "   nsect: %d; sector size: %d; interlv: %d\n",
5005 	    nsect, sector_size, intrlv);
5006 	SD_INFO(SD_LOG_COMMON, un,
5007 	    "   nhead: %d; ncyl: %d; rpm: %d; capacity(ms): %d\n",
5008 	    nhead, ncyl, rpm, modesense_capacity);
5009 	SD_INFO(SD_LOG_COMMON, un,
5010 	    "sd_get_physical_geometry: (cached)\n");
5011 	SD_INFO(SD_LOG_COMMON, un,
5012 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
5013 	    un->un_pgeom.g_ncyl,  un->un_pgeom.g_acyl,
5014 	    un->un_pgeom.g_nhead, un->un_pgeom.g_nsect);
5015 	SD_INFO(SD_LOG_COMMON, un,
5016 	    "   lbasize: %d; capacity: %ld; intrlv: %d; rpm: %d\n",
5017 	    un->un_pgeom.g_secsize, un->un_pgeom.g_capacity,
5018 	    un->un_pgeom.g_intrlv, un->un_pgeom.g_rpm);
5019 
5020 	mutex_exit(SD_MUTEX(un));
5021 
5022 page4_exit:
5023 	kmem_free(p4bufp, SD_MODE_SENSE_PAGE4_LENGTH);
5024 page3_exit:
5025 	kmem_free(p3bufp, SD_MODE_SENSE_PAGE3_LENGTH);
5026 }
5027 
5028 
5029 /*
5030  *    Function: sd_get_virtual_geometry
5031  *
5032  * Description: Ask the controller to tell us about the target device.
5033  *
5034  *   Arguments: un - pointer to softstate
5035  *		capacity - disk capacity in #blocks
5036  *		lbasize - disk block size in bytes
5037  *
5038  *     Context: Kernel thread only
5039  */
5040 
5041 static void
5042 sd_get_virtual_geometry(struct sd_lun *un, int capacity, int lbasize)
5043 {
5044 	struct	geom_cache 	*lgeom_p = &un->un_lgeom;
5045 	uint_t	geombuf;
5046 	int	spc;
5047 
5048 	ASSERT(un != NULL);
5049 	ASSERT(mutex_owned(SD_MUTEX(un)));
5050 
5051 	mutex_exit(SD_MUTEX(un));
5052 
5053 	/* Set sector size, and total number of sectors */
5054 	(void) scsi_ifsetcap(SD_ADDRESS(un), "sector-size",   lbasize,  1);
5055 	(void) scsi_ifsetcap(SD_ADDRESS(un), "total-sectors", capacity, 1);
5056 
5057 	/* Let the HBA tell us its geometry */
5058 	geombuf = (uint_t)scsi_ifgetcap(SD_ADDRESS(un), "geometry", 1);
5059 
5060 	mutex_enter(SD_MUTEX(un));
5061 
5062 	/* A value of -1 indicates an undefined "geometry" property */
5063 	if (geombuf == (-1)) {
5064 		return;
5065 	}
5066 
5067 	/* Initialize the logical geometry cache. */
5068 	lgeom_p->g_nhead   = (geombuf >> 16) & 0xffff;
5069 	lgeom_p->g_nsect   = geombuf & 0xffff;
5070 	lgeom_p->g_secsize = un->un_sys_blocksize;
5071 
5072 	spc = lgeom_p->g_nhead * lgeom_p->g_nsect;
5073 
5074 	/*
5075 	 * Note: The driver originally converted the capacity value from
5076 	 * target blocks to system blocks. However, the capacity value passed
5077 	 * to this routine is already in terms of system blocks (this scaling
5078 	 * is done when the READ CAPACITY command is issued and processed).
5079 	 * This 'error' may have gone undetected because the usage of g_ncyl
5080 	 * (which is based upon g_capacity) is very limited within the driver
5081 	 */
5082 	lgeom_p->g_capacity = capacity;
5083 
5084 	/*
5085 	 * Set ncyl to zero if the hba returned a zero nhead or nsect value. The
5086 	 * hba may return zero values if the device has been removed.
5087 	 */
5088 	if (spc == 0) {
5089 		lgeom_p->g_ncyl = 0;
5090 	} else {
5091 		lgeom_p->g_ncyl = lgeom_p->g_capacity / spc;
5092 	}
5093 	lgeom_p->g_acyl = 0;
5094 
5095 	SD_INFO(SD_LOG_COMMON, un, "sd_get_virtual_geometry: (cached)\n");
5096 	SD_INFO(SD_LOG_COMMON, un,
5097 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
5098 	    un->un_lgeom.g_ncyl,  un->un_lgeom.g_acyl,
5099 	    un->un_lgeom.g_nhead, un->un_lgeom.g_nsect);
5100 	SD_INFO(SD_LOG_COMMON, un, "   lbasize: %d; capacity: %ld; "
5101 	    "intrlv: %d; rpm: %d\n", un->un_lgeom.g_secsize,
5102 	    un->un_lgeom.g_capacity, un->un_lgeom.g_intrlv, un->un_lgeom.g_rpm);
5103 }
5104 
5105 
5106 /*
5107  *    Function: sd_update_block_info
5108  *
5109  * Description: Calculate a byte count to sector count bitshift value
5110  *		from sector size.
5111  *
5112  *   Arguments: un: unit struct.
5113  *		lbasize: new target sector size
5114  *		capacity: new target capacity, ie. block count
5115  *
5116  *     Context: Kernel thread context
5117  */
5118 
5119 static void
5120 sd_update_block_info(struct sd_lun *un, uint32_t lbasize, uint64_t capacity)
5121 {
5122 	if (lbasize != 0) {
5123 		un->un_tgt_blocksize = lbasize;
5124 		un->un_f_tgt_blocksize_is_valid	= TRUE;
5125 	}
5126 
5127 	if (capacity != 0) {
5128 		un->un_blockcount		= capacity;
5129 		un->un_f_blockcount_is_valid	= TRUE;
5130 	}
5131 }
5132 
5133 
5134 static void
5135 sd_swap_efi_gpt(efi_gpt_t *e)
5136 {
5137 	_NOTE(ASSUMING_PROTECTED(*e))
5138 	e->efi_gpt_Signature = LE_64(e->efi_gpt_Signature);
5139 	e->efi_gpt_Revision = LE_32(e->efi_gpt_Revision);
5140 	e->efi_gpt_HeaderSize = LE_32(e->efi_gpt_HeaderSize);
5141 	e->efi_gpt_HeaderCRC32 = LE_32(e->efi_gpt_HeaderCRC32);
5142 	e->efi_gpt_MyLBA = LE_64(e->efi_gpt_MyLBA);
5143 	e->efi_gpt_AlternateLBA = LE_64(e->efi_gpt_AlternateLBA);
5144 	e->efi_gpt_FirstUsableLBA = LE_64(e->efi_gpt_FirstUsableLBA);
5145 	e->efi_gpt_LastUsableLBA = LE_64(e->efi_gpt_LastUsableLBA);
5146 	UUID_LE_CONVERT(e->efi_gpt_DiskGUID, e->efi_gpt_DiskGUID);
5147 	e->efi_gpt_PartitionEntryLBA = LE_64(e->efi_gpt_PartitionEntryLBA);
5148 	e->efi_gpt_NumberOfPartitionEntries =
5149 	    LE_32(e->efi_gpt_NumberOfPartitionEntries);
5150 	e->efi_gpt_SizeOfPartitionEntry =
5151 	    LE_32(e->efi_gpt_SizeOfPartitionEntry);
5152 	e->efi_gpt_PartitionEntryArrayCRC32 =
5153 	    LE_32(e->efi_gpt_PartitionEntryArrayCRC32);
5154 }
5155 
5156 static void
5157 sd_swap_efi_gpe(int nparts, efi_gpe_t *p)
5158 {
5159 	int i;
5160 
5161 	_NOTE(ASSUMING_PROTECTED(*p))
5162 	for (i = 0; i < nparts; i++) {
5163 		UUID_LE_CONVERT(p[i].efi_gpe_PartitionTypeGUID,
5164 		    p[i].efi_gpe_PartitionTypeGUID);
5165 		p[i].efi_gpe_StartingLBA = LE_64(p[i].efi_gpe_StartingLBA);
5166 		p[i].efi_gpe_EndingLBA = LE_64(p[i].efi_gpe_EndingLBA);
5167 		/* PartitionAttrs */
5168 	}
5169 }
5170 
5171 static int
5172 sd_validate_efi(efi_gpt_t *labp)
5173 {
5174 	if (labp->efi_gpt_Signature != EFI_SIGNATURE)
5175 		return (EINVAL);
5176 	/* at least 96 bytes in this version of the spec. */
5177 	if (sizeof (efi_gpt_t) - sizeof (labp->efi_gpt_Reserved2) >
5178 	    labp->efi_gpt_HeaderSize)
5179 		return (EINVAL);
5180 	/* this should be 128 bytes */
5181 	if (labp->efi_gpt_SizeOfPartitionEntry != sizeof (efi_gpe_t))
5182 		return (EINVAL);
5183 	return (0);
5184 }
5185 
5186 static int
5187 sd_use_efi(struct sd_lun *un, int path_flag)
5188 {
5189 	int		i;
5190 	int		rval = 0;
5191 	efi_gpe_t	*partitions;
5192 	uchar_t		*buf;
5193 	uint_t		lbasize;
5194 	uint64_t	cap;
5195 	uint_t		nparts;
5196 	diskaddr_t	gpe_lba;
5197 
5198 	ASSERT(mutex_owned(SD_MUTEX(un)));
5199 	lbasize = un->un_tgt_blocksize;
5200 
5201 	mutex_exit(SD_MUTEX(un));
5202 
5203 	buf = kmem_zalloc(EFI_MIN_ARRAY_SIZE, KM_SLEEP);
5204 
5205 	if (un->un_tgt_blocksize != un->un_sys_blocksize) {
5206 		rval = EINVAL;
5207 		goto done_err;
5208 	}
5209 
5210 	rval = sd_send_scsi_READ(un, buf, lbasize, 0, path_flag);
5211 	if (rval) {
5212 		goto done_err;
5213 	}
5214 	if (((struct dk_label *)buf)->dkl_magic == DKL_MAGIC) {
5215 		/* not ours */
5216 		rval = ESRCH;
5217 		goto done_err;
5218 	}
5219 
5220 	rval = sd_send_scsi_READ(un, buf, lbasize, 1, path_flag);
5221 	if (rval) {
5222 		goto done_err;
5223 	}
5224 	sd_swap_efi_gpt((efi_gpt_t *)buf);
5225 
5226 	if ((rval = sd_validate_efi((efi_gpt_t *)buf)) != 0) {
5227 		/*
5228 		 * Couldn't read the primary, try the backup.  Our
5229 		 * capacity at this point could be based on CHS, so
5230 		 * check what the device reports.
5231 		 */
5232 		rval = sd_send_scsi_READ_CAPACITY(un, &cap, &lbasize,
5233 		    path_flag);
5234 		if (rval) {
5235 			goto done_err;
5236 		}
5237 		if ((rval = sd_send_scsi_READ(un, buf, lbasize,
5238 		    cap - 1, path_flag)) != 0) {
5239 			goto done_err;
5240 		}
5241 		sd_swap_efi_gpt((efi_gpt_t *)buf);
5242 		if ((rval = sd_validate_efi((efi_gpt_t *)buf)) != 0)
5243 			goto done_err;
5244 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5245 		    "primary label corrupt; using backup\n");
5246 	}
5247 
5248 	nparts = ((efi_gpt_t *)buf)->efi_gpt_NumberOfPartitionEntries;
5249 	gpe_lba = ((efi_gpt_t *)buf)->efi_gpt_PartitionEntryLBA;
5250 
5251 	rval = sd_send_scsi_READ(un, buf, EFI_MIN_ARRAY_SIZE, gpe_lba,
5252 	    path_flag);
5253 	if (rval) {
5254 		goto done_err;
5255 	}
5256 	partitions = (efi_gpe_t *)buf;
5257 
5258 	if (nparts > MAXPART) {
5259 		nparts = MAXPART;
5260 	}
5261 	sd_swap_efi_gpe(nparts, partitions);
5262 
5263 	mutex_enter(SD_MUTEX(un));
5264 
5265 	/* Fill in partition table. */
5266 	for (i = 0; i < nparts; i++) {
5267 		if (partitions->efi_gpe_StartingLBA != 0 ||
5268 		    partitions->efi_gpe_EndingLBA != 0) {
5269 			un->un_map[i].dkl_cylno =
5270 			    partitions->efi_gpe_StartingLBA;
5271 			un->un_map[i].dkl_nblk =
5272 			    partitions->efi_gpe_EndingLBA -
5273 			    partitions->efi_gpe_StartingLBA + 1;
5274 			un->un_offset[i] =
5275 			    partitions->efi_gpe_StartingLBA;
5276 		}
5277 		if (i == WD_NODE) {
5278 			/*
5279 			 * minor number 7 corresponds to the whole disk
5280 			 */
5281 			un->un_map[i].dkl_cylno = 0;
5282 			un->un_map[i].dkl_nblk = un->un_blockcount;
5283 			un->un_offset[i] = 0;
5284 		}
5285 		partitions++;
5286 	}
5287 	un->un_solaris_offset = 0;
5288 	un->un_solaris_size = cap;
5289 	un->un_f_geometry_is_valid = TRUE;
5290 	kmem_free(buf, EFI_MIN_ARRAY_SIZE);
5291 	return (0);
5292 
5293 done_err:
5294 	kmem_free(buf, EFI_MIN_ARRAY_SIZE);
5295 	mutex_enter(SD_MUTEX(un));
5296 	/*
5297 	 * if we didn't find something that could look like a VTOC
5298 	 * and the disk is over 1TB, we know there isn't a valid label.
5299 	 * Otherwise let sd_uselabel decide what to do.  We only
5300 	 * want to invalidate this if we're certain the label isn't
5301 	 * valid because sd_prop_op will now fail, which in turn
5302 	 * causes things like opens and stats on the partition to fail.
5303 	 */
5304 	if ((un->un_blockcount > DK_MAX_BLOCKS) && (rval != ESRCH)) {
5305 		un->un_f_geometry_is_valid = FALSE;
5306 	}
5307 	return (rval);
5308 }
5309 
5310 
5311 /*
5312  *    Function: sd_uselabel
5313  *
5314  * Description: Validate the disk label and update the relevant data (geometry,
5315  *		partition, vtoc, and capacity data) in the sd_lun struct.
5316  *		Marks the geometry of the unit as being valid.
5317  *
5318  *   Arguments: un: unit struct.
5319  *		dk_label: disk label
5320  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
5321  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
5322  *			to use the USCSI "direct" chain and bypass the normal
5323  *			command waitq.
5324  *
5325  * Return Code: SD_LABEL_IS_VALID: Label read from disk is OK; geometry,
5326  *		partition, vtoc, and capacity data are good.
5327  *
5328  *		SD_LABEL_IS_INVALID: Magic number or checksum error in the
5329  *		label; or computed capacity does not jibe with capacity
5330  *		reported from the READ CAPACITY command.
5331  *
5332  *     Context: Kernel thread only (can sleep).
5333  */
5334 
5335 static int
5336 sd_uselabel(struct sd_lun *un, struct dk_label *labp, int path_flag)
5337 {
5338 	short	*sp;
5339 	short	sum;
5340 	short	count;
5341 	int	label_error = SD_LABEL_IS_VALID;
5342 	int	i;
5343 	int	capacity;
5344 	int	part_end;
5345 	int	track_capacity;
5346 	int	err;
5347 #if defined(_SUNOS_VTOC_16)
5348 	struct	dkl_partition	*vpartp;
5349 #endif
5350 	ASSERT(un != NULL);
5351 	ASSERT(mutex_owned(SD_MUTEX(un)));
5352 
5353 	/* Validate the magic number of the label. */
5354 	if (labp->dkl_magic != DKL_MAGIC) {
5355 #if defined(__sparc)
5356 		if ((un->un_state == SD_STATE_NORMAL) &&
5357 		    !ISREMOVABLE(un)) {
5358 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5359 			    "Corrupt label; wrong magic number\n");
5360 		}
5361 #endif
5362 		return (SD_LABEL_IS_INVALID);
5363 	}
5364 
5365 	/* Validate the checksum of the label. */
5366 	sp  = (short *)labp;
5367 	sum = 0;
5368 	count = sizeof (struct dk_label) / sizeof (short);
5369 	while (count--)	 {
5370 		sum ^= *sp++;
5371 	}
5372 
5373 	if (sum != 0) {
5374 #if defined(_SUNOS_VTOC_16)
5375 		if (un->un_state == SD_STATE_NORMAL && !ISCD(un)) {
5376 #elif defined(_SUNOS_VTOC_8)
5377 		if (un->un_state == SD_STATE_NORMAL && !ISREMOVABLE(un)) {
5378 #endif
5379 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5380 			    "Corrupt label - label checksum failed\n");
5381 		}
5382 		return (SD_LABEL_IS_INVALID);
5383 	}
5384 
5385 
5386 	/*
5387 	 * Fill in geometry structure with data from label.
5388 	 */
5389 	bzero(&un->un_g, sizeof (struct dk_geom));
5390 	un->un_g.dkg_ncyl   = labp->dkl_ncyl;
5391 	un->un_g.dkg_acyl   = labp->dkl_acyl;
5392 	un->un_g.dkg_bcyl   = 0;
5393 	un->un_g.dkg_nhead  = labp->dkl_nhead;
5394 	un->un_g.dkg_nsect  = labp->dkl_nsect;
5395 	un->un_g.dkg_intrlv = labp->dkl_intrlv;
5396 
5397 #if defined(_SUNOS_VTOC_8)
5398 	un->un_g.dkg_gap1   = labp->dkl_gap1;
5399 	un->un_g.dkg_gap2   = labp->dkl_gap2;
5400 	un->un_g.dkg_bhead  = labp->dkl_bhead;
5401 #endif
5402 #if defined(_SUNOS_VTOC_16)
5403 	un->un_dkg_skew = labp->dkl_skew;
5404 #endif
5405 
5406 #if defined(__i386) || defined(__amd64)
5407 	un->un_g.dkg_apc = labp->dkl_apc;
5408 #endif
5409 
5410 	/*
5411 	 * Currently we rely on the values in the label being accurate. If
5412 	 * dlk_rpm or dlk_pcly are zero in the label, use a default value.
5413 	 *
5414 	 * Note: In the future a MODE SENSE may be used to retrieve this data,
5415 	 * although this command is optional in SCSI-2.
5416 	 */
5417 	un->un_g.dkg_rpm  = (labp->dkl_rpm  != 0) ? labp->dkl_rpm  : 3600;
5418 	un->un_g.dkg_pcyl = (labp->dkl_pcyl != 0) ? labp->dkl_pcyl :
5419 	    (un->un_g.dkg_ncyl + un->un_g.dkg_acyl);
5420 
5421 	/*
5422 	 * The Read and Write reinstruct values may not be valid
5423 	 * for older disks.
5424 	 */
5425 	un->un_g.dkg_read_reinstruct  = labp->dkl_read_reinstruct;
5426 	un->un_g.dkg_write_reinstruct = labp->dkl_write_reinstruct;
5427 
5428 	/* Fill in partition table. */
5429 #if defined(_SUNOS_VTOC_8)
5430 	for (i = 0; i < NDKMAP; i++) {
5431 		un->un_map[i].dkl_cylno = labp->dkl_map[i].dkl_cylno;
5432 		un->un_map[i].dkl_nblk  = labp->dkl_map[i].dkl_nblk;
5433 	}
5434 #endif
5435 #if  defined(_SUNOS_VTOC_16)
5436 	vpartp		= labp->dkl_vtoc.v_part;
5437 	track_capacity	= labp->dkl_nhead * labp->dkl_nsect;
5438 
5439 	for (i = 0; i < NDKMAP; i++, vpartp++) {
5440 		un->un_map[i].dkl_cylno = vpartp->p_start / track_capacity;
5441 		un->un_map[i].dkl_nblk  = vpartp->p_size;
5442 	}
5443 #endif
5444 
5445 	/* Fill in VTOC Structure. */
5446 	bcopy(&labp->dkl_vtoc, &un->un_vtoc, sizeof (struct dk_vtoc));
5447 #if defined(_SUNOS_VTOC_8)
5448 	/*
5449 	 * The 8-slice vtoc does not include the ascii label; save it into
5450 	 * the device's soft state structure here.
5451 	 */
5452 	bcopy(labp->dkl_asciilabel, un->un_asciilabel, LEN_DKL_ASCII);
5453 #endif
5454 
5455 	/* Mark the geometry as valid. */
5456 	un->un_f_geometry_is_valid = TRUE;
5457 
5458 	/* Now look for a valid capacity. */
5459 	track_capacity	= (un->un_g.dkg_nhead * un->un_g.dkg_nsect);
5460 	capacity	= (un->un_g.dkg_ncyl  * track_capacity);
5461 
5462 	if (un->un_g.dkg_acyl) {
5463 #if defined(__i386) || defined(__amd64)
5464 		/* we may have > 1 alts cylinder */
5465 		capacity += (track_capacity * un->un_g.dkg_acyl);
5466 #else
5467 		capacity += track_capacity;
5468 #endif
5469 	}
5470 
5471 	/*
5472 	 * At this point, un->un_blockcount should contain valid data from
5473 	 * the READ CAPACITY command.
5474 	 */
5475 	if (un->un_f_blockcount_is_valid != TRUE) {
5476 		/*
5477 		 * We have a situation where the target didn't give us a good
5478 		 * READ CAPACITY value, yet there appears to be a valid label.
5479 		 * In this case, we'll fake the capacity.
5480 		 */
5481 		un->un_blockcount = capacity;
5482 		un->un_f_blockcount_is_valid = TRUE;
5483 		goto done;
5484 	}
5485 
5486 
5487 	if ((capacity <= un->un_blockcount) ||
5488 	    (un->un_state != SD_STATE_NORMAL)) {
5489 #if defined(_SUNOS_VTOC_8)
5490 		/*
5491 		 * We can't let this happen on drives that are subdivided
5492 		 * into logical disks (i.e., that have an fdisk table).
5493 		 * The un_blockcount field should always hold the full media
5494 		 * size in sectors, period.  This code would overwrite
5495 		 * un_blockcount with the size of the Solaris fdisk partition.
5496 		 */
5497 		SD_ERROR(SD_LOG_COMMON, un,
5498 		    "sd_uselabel: Label %d blocks; Drive %d blocks\n",
5499 		    capacity, un->un_blockcount);
5500 		un->un_blockcount = capacity;
5501 		un->un_f_blockcount_is_valid = TRUE;
5502 #endif	/* defined(_SUNOS_VTOC_8) */
5503 		goto done;
5504 	}
5505 
5506 	if (ISCD(un)) {
5507 		/* For CDROMs, we trust that the data in the label is OK. */
5508 #if defined(_SUNOS_VTOC_8)
5509 		for (i = 0; i < NDKMAP; i++) {
5510 			part_end = labp->dkl_nhead * labp->dkl_nsect *
5511 			    labp->dkl_map[i].dkl_cylno +
5512 			    labp->dkl_map[i].dkl_nblk  - 1;
5513 
5514 			if ((labp->dkl_map[i].dkl_nblk) &&
5515 			    (part_end > un->un_blockcount)) {
5516 				un->un_f_geometry_is_valid = FALSE;
5517 				break;
5518 			}
5519 		}
5520 #endif
5521 #if defined(_SUNOS_VTOC_16)
5522 		vpartp = &(labp->dkl_vtoc.v_part[0]);
5523 		for (i = 0; i < NDKMAP; i++, vpartp++) {
5524 			part_end = vpartp->p_start + vpartp->p_size;
5525 			if ((vpartp->p_size > 0) &&
5526 			    (part_end > un->un_blockcount)) {
5527 				un->un_f_geometry_is_valid = FALSE;
5528 				break;
5529 			}
5530 		}
5531 #endif
5532 	} else {
5533 		uint64_t t_capacity;
5534 		uint32_t t_lbasize;
5535 
5536 		mutex_exit(SD_MUTEX(un));
5537 		err = sd_send_scsi_READ_CAPACITY(un, &t_capacity, &t_lbasize,
5538 		    path_flag);
5539 		ASSERT(t_capacity <= DK_MAX_BLOCKS);
5540 		mutex_enter(SD_MUTEX(un));
5541 
5542 		if (err == 0) {
5543 			sd_update_block_info(un, t_lbasize, t_capacity);
5544 		}
5545 
5546 		if (capacity > un->un_blockcount) {
5547 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5548 			    "Corrupt label - bad geometry\n");
5549 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
5550 			    "Label says %u blocks; Drive says %llu blocks\n",
5551 			    capacity, (unsigned long long)un->un_blockcount);
5552 			un->un_f_geometry_is_valid = FALSE;
5553 			label_error = SD_LABEL_IS_INVALID;
5554 		}
5555 	}
5556 
5557 done:
5558 
5559 	SD_INFO(SD_LOG_COMMON, un, "sd_uselabel: (label geometry)\n");
5560 	SD_INFO(SD_LOG_COMMON, un,
5561 	    "   ncyl: %d; acyl: %d; nhead: %d; nsect: %d\n",
5562 	    un->un_g.dkg_ncyl,  un->un_g.dkg_acyl,
5563 	    un->un_g.dkg_nhead, un->un_g.dkg_nsect);
5564 	SD_INFO(SD_LOG_COMMON, un,
5565 	    "   lbasize: %d; capacity: %d; intrlv: %d; rpm: %d\n",
5566 	    un->un_tgt_blocksize, un->un_blockcount,
5567 	    un->un_g.dkg_intrlv, un->un_g.dkg_rpm);
5568 	SD_INFO(SD_LOG_COMMON, un, "   wrt_reinstr: %d; rd_reinstr: %d\n",
5569 	    un->un_g.dkg_write_reinstruct, un->un_g.dkg_read_reinstruct);
5570 
5571 	ASSERT(mutex_owned(SD_MUTEX(un)));
5572 
5573 	return (label_error);
5574 }
5575 
5576 
5577 /*
5578  *    Function: sd_build_default_label
5579  *
5580  * Description: Generate a default label for those devices that do not have
5581  *		one, e.g., new media, removable cartridges, etc..
5582  *
5583  *     Context: Kernel thread only
5584  */
5585 
5586 static void
5587 sd_build_default_label(struct sd_lun *un)
5588 {
5589 #if defined(_SUNOS_VTOC_16)
5590 	uint_t	phys_spc;
5591 	uint_t	disksize;
5592 	struct	dk_geom un_g;
5593 #endif
5594 
5595 	ASSERT(un != NULL);
5596 	ASSERT(mutex_owned(SD_MUTEX(un)));
5597 
5598 #if defined(_SUNOS_VTOC_8)
5599 	/*
5600 	 * Note: This is a legacy check for non-removable devices on VTOC_8
5601 	 * only. This may be a valid check for VTOC_16 as well.
5602 	 */
5603 	if (!ISREMOVABLE(un)) {
5604 		return;
5605 	}
5606 #endif
5607 
5608 	bzero(&un->un_g, sizeof (struct dk_geom));
5609 	bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
5610 	bzero(&un->un_map, NDKMAP * (sizeof (struct dk_map)));
5611 
5612 #if defined(_SUNOS_VTOC_8)
5613 
5614 	/*
5615 	 * It's a REMOVABLE media, therefore no label (on sparc, anyway).
5616 	 * But it is still necessary to set up various geometry information,
5617 	 * and we are doing this here.
5618 	 */
5619 
5620 	/*
5621 	 * For the rpm, we use the minimum for the disk.  For the head, cyl,
5622 	 * and number of sector per track, if the capacity <= 1GB, head = 64,
5623 	 * sect = 32.  else head = 255, sect 63 Note: the capacity should be
5624 	 * equal to C*H*S values.  This will cause some truncation of size due
5625 	 * to round off errors. For CD-ROMs, this truncation can have adverse
5626 	 * side effects, so returning ncyl and nhead as 1. The nsect will
5627 	 * overflow for most of CD-ROMs as nsect is of type ushort. (4190569)
5628 	 */
5629 	if (ISCD(un)) {
5630 		/*
5631 		 * Preserve the old behavior for non-writable
5632 		 * medias. Since dkg_nsect is a ushort, it
5633 		 * will lose bits as cdroms have more than
5634 		 * 65536 sectors. So if we recalculate
5635 		 * capacity, it will become much shorter.
5636 		 * But the dkg_* information is not
5637 		 * used for CDROMs so it is OK. But for
5638 		 * Writable CDs we need this information
5639 		 * to be valid (for newfs say). So we
5640 		 * make nsect and nhead > 1 that way
5641 		 * nsect can still stay within ushort limit
5642 		 * without losing any bits.
5643 		 */
5644 		if (un->un_f_mmc_writable_media == TRUE) {
5645 			un->un_g.dkg_nhead = 64;
5646 			un->un_g.dkg_nsect = 32;
5647 			un->un_g.dkg_ncyl = un->un_blockcount / (64 * 32);
5648 			un->un_blockcount = un->un_g.dkg_ncyl *
5649 			    un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5650 		} else {
5651 			un->un_g.dkg_ncyl  = 1;
5652 			un->un_g.dkg_nhead = 1;
5653 			un->un_g.dkg_nsect = un->un_blockcount;
5654 		}
5655 	} else {
5656 		if (un->un_blockcount <= 0x1000) {
5657 			/* unlabeled SCSI floppy device */
5658 			un->un_g.dkg_nhead = 2;
5659 			un->un_g.dkg_ncyl = 80;
5660 			un->un_g.dkg_nsect = un->un_blockcount / (2 * 80);
5661 		} else if (un->un_blockcount <= 0x200000) {
5662 			un->un_g.dkg_nhead = 64;
5663 			un->un_g.dkg_nsect = 32;
5664 			un->un_g.dkg_ncyl  = un->un_blockcount / (64 * 32);
5665 		} else {
5666 			un->un_g.dkg_nhead = 255;
5667 			un->un_g.dkg_nsect = 63;
5668 			un->un_g.dkg_ncyl  = un->un_blockcount / (255 * 63);
5669 		}
5670 		un->un_blockcount =
5671 		    un->un_g.dkg_ncyl * un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5672 	}
5673 
5674 	un->un_g.dkg_acyl	= 0;
5675 	un->un_g.dkg_bcyl	= 0;
5676 	un->un_g.dkg_rpm	= 200;
5677 	un->un_asciilabel[0]	= '\0';
5678 	un->un_g.dkg_pcyl	= un->un_g.dkg_ncyl;
5679 
5680 	un->un_map[0].dkl_cylno = 0;
5681 	un->un_map[0].dkl_nblk  = un->un_blockcount;
5682 	un->un_map[2].dkl_cylno = 0;
5683 	un->un_map[2].dkl_nblk  = un->un_blockcount;
5684 
5685 #elif defined(_SUNOS_VTOC_16)
5686 
5687 	if (un->un_solaris_size == 0) {
5688 		/*
5689 		 * Got fdisk table but no solaris entry therefore
5690 		 * don't create a default label
5691 		 */
5692 		un->un_f_geometry_is_valid = TRUE;
5693 		return;
5694 	}
5695 
5696 	/*
5697 	 * For CDs we continue to use the physical geometry to calculate
5698 	 * number of cylinders. All other devices must convert the
5699 	 * physical geometry (geom_cache) to values that will fit
5700 	 * in a dk_geom structure.
5701 	 */
5702 	if (ISCD(un)) {
5703 		phys_spc = un->un_pgeom.g_nhead * un->un_pgeom.g_nsect;
5704 	} else {
5705 		/* Convert physical geometry to disk geometry */
5706 		bzero(&un_g, sizeof (struct dk_geom));
5707 		sd_convert_geometry(un->un_blockcount, &un_g);
5708 		bcopy(&un_g, &un->un_g, sizeof (un->un_g));
5709 		phys_spc = un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5710 	}
5711 
5712 	un->un_g.dkg_pcyl = un->un_solaris_size / phys_spc;
5713 	un->un_g.dkg_acyl = DK_ACYL;
5714 	un->un_g.dkg_ncyl = un->un_g.dkg_pcyl - DK_ACYL;
5715 	disksize = un->un_g.dkg_ncyl * phys_spc;
5716 
5717 	if (ISCD(un)) {
5718 		/*
5719 		 * CD's don't use the "heads * sectors * cyls"-type of
5720 		 * geometry, but instead use the entire capacity of the media.
5721 		 */
5722 		disksize = un->un_solaris_size;
5723 		un->un_g.dkg_nhead = 1;
5724 		un->un_g.dkg_nsect = 1;
5725 		un->un_g.dkg_rpm =
5726 		    (un->un_pgeom.g_rpm == 0) ? 200 : un->un_pgeom.g_rpm;
5727 
5728 		un->un_vtoc.v_part[0].p_start = 0;
5729 		un->un_vtoc.v_part[0].p_size  = disksize;
5730 		un->un_vtoc.v_part[0].p_tag   = V_BACKUP;
5731 		un->un_vtoc.v_part[0].p_flag  = V_UNMNT;
5732 
5733 		un->un_map[0].dkl_cylno = 0;
5734 		un->un_map[0].dkl_nblk  = disksize;
5735 		un->un_offset[0] = 0;
5736 
5737 	} else {
5738 		/*
5739 		 * Hard disks and removable media cartridges
5740 		 */
5741 		un->un_g.dkg_rpm =
5742 		    (un->un_pgeom.g_rpm == 0) ? 3600: un->un_pgeom.g_rpm;
5743 		un->un_vtoc.v_sectorsz = un->un_sys_blocksize;
5744 
5745 		/* Add boot slice */
5746 		un->un_vtoc.v_part[8].p_start = 0;
5747 		un->un_vtoc.v_part[8].p_size  = phys_spc;
5748 		un->un_vtoc.v_part[8].p_tag   = V_BOOT;
5749 		un->un_vtoc.v_part[8].p_flag  = V_UNMNT;
5750 
5751 		un->un_map[8].dkl_cylno = 0;
5752 		un->un_map[8].dkl_nblk  = phys_spc;
5753 		un->un_offset[8] = 0;
5754 	}
5755 
5756 	un->un_g.dkg_apc = 0;
5757 	un->un_vtoc.v_nparts = V_NUMPAR;
5758 	un->un_vtoc.v_version = V_VERSION;
5759 
5760 	/* Add backup slice */
5761 	un->un_vtoc.v_part[2].p_start = 0;
5762 	un->un_vtoc.v_part[2].p_size  = disksize;
5763 	un->un_vtoc.v_part[2].p_tag   = V_BACKUP;
5764 	un->un_vtoc.v_part[2].p_flag  = V_UNMNT;
5765 
5766 	un->un_map[2].dkl_cylno = 0;
5767 	un->un_map[2].dkl_nblk  = disksize;
5768 	un->un_offset[2] = 0;
5769 
5770 	(void) sprintf(un->un_vtoc.v_asciilabel, "DEFAULT cyl %d alt %d"
5771 	    " hd %d sec %d", un->un_g.dkg_ncyl, un->un_g.dkg_acyl,
5772 	    un->un_g.dkg_nhead, un->un_g.dkg_nsect);
5773 
5774 #else
5775 #error "No VTOC format defined."
5776 #endif
5777 
5778 	un->un_g.dkg_read_reinstruct  = 0;
5779 	un->un_g.dkg_write_reinstruct = 0;
5780 
5781 	un->un_g.dkg_intrlv = 1;
5782 
5783 	un->un_vtoc.v_sanity  = VTOC_SANE;
5784 
5785 	un->un_f_geometry_is_valid = TRUE;
5786 
5787 	SD_INFO(SD_LOG_COMMON, un,
5788 	    "sd_build_default_label: Default label created: "
5789 	    "cyl: %d\tacyl: %d\tnhead: %d\tnsect: %d\tcap: %d\n",
5790 	    un->un_g.dkg_ncyl, un->un_g.dkg_acyl, un->un_g.dkg_nhead,
5791 	    un->un_g.dkg_nsect, un->un_blockcount);
5792 }
5793 
5794 
5795 #if defined(_FIRMWARE_NEEDS_FDISK)
5796 /*
5797  * Max CHS values, as they are encoded into bytes, for 1022/254/63
5798  */
5799 #define	LBA_MAX_SECT	(63 | ((1022 & 0x300) >> 2))
5800 #define	LBA_MAX_CYL	(1022 & 0xFF)
5801 #define	LBA_MAX_HEAD	(254)
5802 
5803 
5804 /*
5805  *    Function: sd_has_max_chs_vals
5806  *
5807  * Description: Return TRUE if Cylinder-Head-Sector values are all at maximum.
5808  *
5809  *   Arguments: fdp - ptr to CHS info
5810  *
5811  * Return Code: True or false
5812  *
5813  *     Context: Any.
5814  */
5815 
5816 static int
5817 sd_has_max_chs_vals(struct ipart *fdp)
5818 {
5819 	return ((fdp->begcyl  == LBA_MAX_CYL)	&&
5820 	    (fdp->beghead == LBA_MAX_HEAD)	&&
5821 	    (fdp->begsect == LBA_MAX_SECT)	&&
5822 	    (fdp->endcyl  == LBA_MAX_CYL)	&&
5823 	    (fdp->endhead == LBA_MAX_HEAD)	&&
5824 	    (fdp->endsect == LBA_MAX_SECT));
5825 }
5826 #endif
5827 
5828 
5829 /*
5830  *    Function: sd_inq_fill
5831  *
5832  * Description: Print a piece of inquiry data, cleaned up for non-printable
5833  *		characters and stopping at the first space character after
5834  *		the beginning of the passed string;
5835  *
5836  *   Arguments: p - source string
5837  *		l - maximum length to copy
5838  *		s - destination string
5839  *
5840  *     Context: Any.
5841  */
5842 
5843 static void
5844 sd_inq_fill(char *p, int l, char *s)
5845 {
5846 	unsigned i = 0;
5847 	char c;
5848 
5849 	while (i++ < l) {
5850 		if ((c = *p++) < ' ' || c >= 0x7F) {
5851 			c = '*';
5852 		} else if (i != 1 && c == ' ') {
5853 			break;
5854 		}
5855 		*s++ = c;
5856 	}
5857 	*s++ = 0;
5858 }
5859 
5860 
5861 /*
5862  *    Function: sd_register_devid
5863  *
5864  * Description: This routine will obtain the device id information from the
5865  *		target, obtain the serial number, and register the device
5866  *		id with the ddi framework.
5867  *
5868  *   Arguments: devi - the system's dev_info_t for the device.
5869  *		un - driver soft state (unit) structure
5870  *		reservation_flag - indicates if a reservation conflict
5871  *		occurred during attach
5872  *
5873  *     Context: Kernel Thread
5874  */
5875 static void
5876 sd_register_devid(struct sd_lun *un, dev_info_t *devi, int reservation_flag)
5877 {
5878 	int		rval		= 0;
5879 	uchar_t		*inq80		= NULL;
5880 	size_t		inq80_len	= MAX_INQUIRY_SIZE;
5881 	size_t		inq80_resid	= 0;
5882 	uchar_t		*inq83		= NULL;
5883 	size_t		inq83_len	= MAX_INQUIRY_SIZE;
5884 	size_t		inq83_resid	= 0;
5885 
5886 	ASSERT(un != NULL);
5887 	ASSERT(mutex_owned(SD_MUTEX(un)));
5888 	ASSERT((SD_DEVINFO(un)) == devi);
5889 
5890 	/*
5891 	 * This is the case of antiquated Sun disk drives that have the
5892 	 * FAB_DEVID property set in the disk_table.  These drives
5893 	 * manage the devid's by storing them in last 2 available sectors
5894 	 * on the drive and have them fabricated by the ddi layer by calling
5895 	 * ddi_devid_init and passing the DEVID_FAB flag.
5896 	 */
5897 	if (un->un_f_opt_fab_devid == TRUE) {
5898 		/*
5899 		 * Depending on EINVAL isn't reliable, since a reserved disk
5900 		 * may result in invalid geometry, so check to make sure a
5901 		 * reservation conflict did not occur during attach.
5902 		 */
5903 		if ((sd_get_devid(un) == EINVAL) &&
5904 		    (reservation_flag != SD_TARGET_IS_RESERVED)) {
5905 			/*
5906 			 * The devid is invalid AND there is no reservation
5907 			 * conflict.  Fabricate a new devid.
5908 			 */
5909 			(void) sd_create_devid(un);
5910 		}
5911 
5912 		/* Register the devid if it exists */
5913 		if (un->un_devid != NULL) {
5914 			(void) ddi_devid_register(SD_DEVINFO(un),
5915 			    un->un_devid);
5916 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
5917 			    "sd_register_devid: Devid Fabricated\n");
5918 		}
5919 		return;
5920 	}
5921 
5922 	/*
5923 	 * We check the availibility of the World Wide Name (0x83) and Unit
5924 	 * Serial Number (0x80) pages in sd_check_vpd_page_support(), and using
5925 	 * un_vpd_page_mask from them, we decide which way to get the WWN.  If
5926 	 * 0x83 is availible, that is the best choice.  Our next choice is
5927 	 * 0x80.  If neither are availible, we munge the devid from the device
5928 	 * vid/pid/serial # for Sun qualified disks, or use the ddi framework
5929 	 * to fabricate a devid for non-Sun qualified disks.
5930 	 */
5931 	if (sd_check_vpd_page_support(un) == 0) {
5932 		/* collect page 80 data if available */
5933 		if (un->un_vpd_page_mask & SD_VPD_UNIT_SERIAL_PG) {
5934 
5935 			mutex_exit(SD_MUTEX(un));
5936 			inq80 = kmem_zalloc(inq80_len, KM_SLEEP);
5937 			rval = sd_send_scsi_INQUIRY(un, inq80, inq80_len,
5938 			    0x01, 0x80, &inq80_resid);
5939 
5940 			if (rval != 0) {
5941 				kmem_free(inq80, inq80_len);
5942 				inq80 = NULL;
5943 				inq80_len = 0;
5944 			}
5945 			mutex_enter(SD_MUTEX(un));
5946 		}
5947 
5948 		/* collect page 83 data if available */
5949 		if (un->un_vpd_page_mask & SD_VPD_DEVID_WWN_PG) {
5950 
5951 			mutex_exit(SD_MUTEX(un));
5952 			inq83 = kmem_zalloc(inq83_len, KM_SLEEP);
5953 			rval = sd_send_scsi_INQUIRY(un, inq83, inq83_len,
5954 			    0x01, 0x83, &inq83_resid);
5955 
5956 			if (rval != 0) {
5957 				kmem_free(inq83, inq83_len);
5958 				inq83 = NULL;
5959 				inq83_len = 0;
5960 			}
5961 			mutex_enter(SD_MUTEX(un));
5962 		}
5963 	}
5964 
5965 	/* encode best devid possible based on data available */
5966 	if (ddi_devid_scsi_encode(DEVID_SCSI_ENCODE_VERSION_LATEST,
5967 	    (char *)ddi_driver_name(SD_DEVINFO(un)),
5968 	    (uchar_t *)SD_INQUIRY(un), sizeof (*SD_INQUIRY(un)),
5969 	    inq80, inq80_len - inq80_resid, inq83, inq83_len -
5970 	    inq83_resid, &un->un_devid) == DDI_SUCCESS) {
5971 
5972 		/* devid successfully encoded, register devid */
5973 		(void) ddi_devid_register(SD_DEVINFO(un), un->un_devid);
5974 
5975 	} else {
5976 		/*
5977 		 * Unable to encode a devid based on data available.
5978 		 * This is not a Sun qualified disk.  Older Sun disk
5979 		 * drives that have the SD_FAB_DEVID property
5980 		 * set in the disk_table and non Sun qualified
5981 		 * disks are treated in the same manner.  These
5982 		 * drives manage the devid's by storing them in
5983 		 * last 2 available sectors on the drive and
5984 		 * have them fabricated by the ddi layer by
5985 		 * calling ddi_devid_init and passing the
5986 		 * DEVID_FAB flag.
5987 		 * Create a fabricate devid only if there's no
5988 		 * fabricate devid existed.
5989 		 */
5990 		if (sd_get_devid(un) == EINVAL) {
5991 			(void) sd_create_devid(un);
5992 			un->un_f_opt_fab_devid = TRUE;
5993 		}
5994 
5995 		/* Register the devid if it exists */
5996 		if (un->un_devid != NULL) {
5997 			(void) ddi_devid_register(SD_DEVINFO(un),
5998 			    un->un_devid);
5999 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
6000 			    "sd_register_devid: devid fabricated using "
6001 			    "ddi framework\n");
6002 		}
6003 	}
6004 
6005 	/* clean up resources */
6006 	if (inq80 != NULL) {
6007 		kmem_free(inq80, inq80_len);
6008 	}
6009 	if (inq83 != NULL) {
6010 		kmem_free(inq83, inq83_len);
6011 	}
6012 }
6013 
6014 static daddr_t
6015 sd_get_devid_block(struct sd_lun *un)
6016 {
6017 	daddr_t			spc, blk, head, cyl;
6018 
6019 	if (un->un_blockcount <= DK_MAX_BLOCKS) {
6020 		/* this geometry doesn't allow us to write a devid */
6021 		if (un->un_g.dkg_acyl < 2) {
6022 			return (-1);
6023 		}
6024 
6025 		/*
6026 		 * Subtract 2 guarantees that the next to last cylinder
6027 		 * is used
6028 		 */
6029 		cyl  = un->un_g.dkg_ncyl  + un->un_g.dkg_acyl - 2;
6030 		spc  = un->un_g.dkg_nhead * un->un_g.dkg_nsect;
6031 		head = un->un_g.dkg_nhead - 1;
6032 		blk  = (cyl * (spc - un->un_g.dkg_apc)) +
6033 		    (head * un->un_g.dkg_nsect) + 1;
6034 	} else {
6035 		if (un->un_reserved != -1) {
6036 			blk = un->un_map[un->un_reserved].dkl_cylno + 1;
6037 		} else {
6038 			return (-1);
6039 		}
6040 	}
6041 	return (blk);
6042 }
6043 
6044 /*
6045  *    Function: sd_get_devid
6046  *
6047  * Description: This routine will return 0 if a valid device id has been
6048  *		obtained from the target and stored in the soft state. If a
6049  *		valid device id has not been previously read and stored, a
6050  *		read attempt will be made.
6051  *
6052  *   Arguments: un - driver soft state (unit) structure
6053  *
6054  * Return Code: 0 if we successfully get the device id
6055  *
6056  *     Context: Kernel Thread
6057  */
6058 
6059 static int
6060 sd_get_devid(struct sd_lun *un)
6061 {
6062 	struct dk_devid		*dkdevid;
6063 	ddi_devid_t		tmpid;
6064 	uint_t			*ip;
6065 	size_t			sz;
6066 	daddr_t			blk;
6067 	int			status;
6068 	int			chksum;
6069 	int			i;
6070 	size_t			buffer_size;
6071 
6072 	ASSERT(un != NULL);
6073 	ASSERT(mutex_owned(SD_MUTEX(un)));
6074 
6075 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_get_devid: entry: un: 0x%p\n",
6076 	    un);
6077 
6078 	if (un->un_devid != NULL) {
6079 		return (0);
6080 	}
6081 
6082 	blk = sd_get_devid_block(un);
6083 	if (blk < 0)
6084 		return (EINVAL);
6085 
6086 	/*
6087 	 * Read and verify device id, stored in the reserved cylinders at the
6088 	 * end of the disk. Backup label is on the odd sectors of the last
6089 	 * track of the last cylinder. Device id will be on track of the next
6090 	 * to last cylinder.
6091 	 */
6092 	buffer_size = SD_REQBYTES2TGTBYTES(un, sizeof (struct dk_devid));
6093 	mutex_exit(SD_MUTEX(un));
6094 	dkdevid = kmem_alloc(buffer_size, KM_SLEEP);
6095 	status = sd_send_scsi_READ(un, dkdevid, buffer_size, blk,
6096 	    SD_PATH_DIRECT);
6097 	if (status != 0) {
6098 		goto error;
6099 	}
6100 
6101 	/* Validate the revision */
6102 	if ((dkdevid->dkd_rev_hi != DK_DEVID_REV_MSB) ||
6103 	    (dkdevid->dkd_rev_lo != DK_DEVID_REV_LSB)) {
6104 		status = EINVAL;
6105 		goto error;
6106 	}
6107 
6108 	/* Calculate the checksum */
6109 	chksum = 0;
6110 	ip = (uint_t *)dkdevid;
6111 	for (i = 0; i < ((un->un_sys_blocksize - sizeof (int))/sizeof (int));
6112 	    i++) {
6113 		chksum ^= ip[i];
6114 	}
6115 
6116 	/* Compare the checksums */
6117 	if (DKD_GETCHKSUM(dkdevid) != chksum) {
6118 		status = EINVAL;
6119 		goto error;
6120 	}
6121 
6122 	/* Validate the device id */
6123 	if (ddi_devid_valid((ddi_devid_t)&dkdevid->dkd_devid) != DDI_SUCCESS) {
6124 		status = EINVAL;
6125 		goto error;
6126 	}
6127 
6128 	/*
6129 	 * Store the device id in the driver soft state
6130 	 */
6131 	sz = ddi_devid_sizeof((ddi_devid_t)&dkdevid->dkd_devid);
6132 	tmpid = kmem_alloc(sz, KM_SLEEP);
6133 
6134 	mutex_enter(SD_MUTEX(un));
6135 
6136 	un->un_devid = tmpid;
6137 	bcopy(&dkdevid->dkd_devid, un->un_devid, sz);
6138 
6139 	kmem_free(dkdevid, buffer_size);
6140 
6141 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_get_devid: exit: un:0x%p\n", un);
6142 
6143 	return (status);
6144 error:
6145 	mutex_enter(SD_MUTEX(un));
6146 	kmem_free(dkdevid, buffer_size);
6147 	return (status);
6148 }
6149 
6150 
6151 /*
6152  *    Function: sd_create_devid
6153  *
6154  * Description: This routine will fabricate the device id and write it
6155  *		to the disk.
6156  *
6157  *   Arguments: un - driver soft state (unit) structure
6158  *
6159  * Return Code: value of the fabricated device id
6160  *
6161  *     Context: Kernel Thread
6162  */
6163 
6164 static ddi_devid_t
6165 sd_create_devid(struct sd_lun *un)
6166 {
6167 	ASSERT(un != NULL);
6168 
6169 	/* Fabricate the devid */
6170 	if (ddi_devid_init(SD_DEVINFO(un), DEVID_FAB, 0, NULL, &un->un_devid)
6171 	    == DDI_FAILURE) {
6172 		return (NULL);
6173 	}
6174 
6175 	/* Write the devid to disk */
6176 	if (sd_write_deviceid(un) != 0) {
6177 		ddi_devid_free(un->un_devid);
6178 		un->un_devid = NULL;
6179 	}
6180 
6181 	return (un->un_devid);
6182 }
6183 
6184 
6185 /*
6186  *    Function: sd_write_deviceid
6187  *
6188  * Description: This routine will write the device id to the disk
6189  *		reserved sector.
6190  *
6191  *   Arguments: un - driver soft state (unit) structure
6192  *
6193  * Return Code: EINVAL
6194  *		value returned by sd_send_scsi_cmd
6195  *
6196  *     Context: Kernel Thread
6197  */
6198 
6199 static int
6200 sd_write_deviceid(struct sd_lun *un)
6201 {
6202 	struct dk_devid		*dkdevid;
6203 	daddr_t			blk;
6204 	uint_t			*ip, chksum;
6205 	int			status;
6206 	int			i;
6207 
6208 	ASSERT(mutex_owned(SD_MUTEX(un)));
6209 
6210 	blk = sd_get_devid_block(un);
6211 	if (blk < 0)
6212 		return (-1);
6213 	mutex_exit(SD_MUTEX(un));
6214 
6215 	/* Allocate the buffer */
6216 	dkdevid = kmem_zalloc(un->un_sys_blocksize, KM_SLEEP);
6217 
6218 	/* Fill in the revision */
6219 	dkdevid->dkd_rev_hi = DK_DEVID_REV_MSB;
6220 	dkdevid->dkd_rev_lo = DK_DEVID_REV_LSB;
6221 
6222 	/* Copy in the device id */
6223 	mutex_enter(SD_MUTEX(un));
6224 	bcopy(un->un_devid, &dkdevid->dkd_devid,
6225 	    ddi_devid_sizeof(un->un_devid));
6226 	mutex_exit(SD_MUTEX(un));
6227 
6228 	/* Calculate the checksum */
6229 	chksum = 0;
6230 	ip = (uint_t *)dkdevid;
6231 	for (i = 0; i < ((un->un_sys_blocksize - sizeof (int))/sizeof (int));
6232 	    i++) {
6233 		chksum ^= ip[i];
6234 	}
6235 
6236 	/* Fill-in checksum */
6237 	DKD_FORMCHKSUM(chksum, dkdevid);
6238 
6239 	/* Write the reserved sector */
6240 	status = sd_send_scsi_WRITE(un, dkdevid, un->un_sys_blocksize, blk,
6241 	    SD_PATH_DIRECT);
6242 
6243 	kmem_free(dkdevid, un->un_sys_blocksize);
6244 
6245 	mutex_enter(SD_MUTEX(un));
6246 	return (status);
6247 }
6248 
6249 
6250 /*
6251  *    Function: sd_check_vpd_page_support
6252  *
6253  * Description: This routine sends an inquiry command with the EVPD bit set and
6254  *		a page code of 0x00 to the device. It is used to determine which
6255  *		vital product pages are availible to find the devid. We are
6256  *		looking for pages 0x83 or 0x80.  If we return a negative 1, the
6257  *		device does not support that command.
6258  *
6259  *   Arguments: un  - driver soft state (unit) structure
6260  *
6261  * Return Code: 0 - success
6262  *		1 - check condition
6263  *
6264  *     Context: This routine can sleep.
6265  */
6266 
6267 static int
6268 sd_check_vpd_page_support(struct sd_lun *un)
6269 {
6270 	uchar_t	*page_list	= NULL;
6271 	uchar_t	page_length	= 0xff;	/* Use max possible length */
6272 	uchar_t	evpd		= 0x01;	/* Set the EVPD bit */
6273 	uchar_t	page_code	= 0x00;	/* Supported VPD Pages */
6274 	int    	rval		= 0;
6275 	int	counter;
6276 
6277 	ASSERT(un != NULL);
6278 	ASSERT(mutex_owned(SD_MUTEX(un)));
6279 
6280 	mutex_exit(SD_MUTEX(un));
6281 
6282 	/*
6283 	 * We'll set the page length to the maximum to save figuring it out
6284 	 * with an additional call.
6285 	 */
6286 	page_list =  kmem_zalloc(page_length, KM_SLEEP);
6287 
6288 	rval = sd_send_scsi_INQUIRY(un, page_list, page_length, evpd,
6289 	    page_code, NULL);
6290 
6291 	mutex_enter(SD_MUTEX(un));
6292 
6293 	/*
6294 	 * Now we must validate that the device accepted the command, as some
6295 	 * drives do not support it.  If the drive does support it, we will
6296 	 * return 0, and the supported pages will be in un_vpd_page_mask.  If
6297 	 * not, we return -1.
6298 	 */
6299 	if ((rval == 0) && (page_list[VPD_MODE_PAGE] == 0x00)) {
6300 		/* Loop to find one of the 2 pages we need */
6301 		counter = 4;  /* Supported pages start at byte 4, with 0x00 */
6302 
6303 		/*
6304 		 * Pages are returned in ascending order, and 0x83 is what we
6305 		 * are hoping for.
6306 		 */
6307 		while ((page_list[counter] <= 0x83) &&
6308 		    (counter <= (page_list[VPD_PAGE_LENGTH] +
6309 		    VPD_HEAD_OFFSET))) {
6310 			/*
6311 			 * Add 3 because page_list[3] is the number of
6312 			 * pages minus 3
6313 			 */
6314 
6315 			switch (page_list[counter]) {
6316 			case 0x00:
6317 				un->un_vpd_page_mask |= SD_VPD_SUPPORTED_PG;
6318 				break;
6319 			case 0x80:
6320 				un->un_vpd_page_mask |= SD_VPD_UNIT_SERIAL_PG;
6321 				break;
6322 			case 0x81:
6323 				un->un_vpd_page_mask |= SD_VPD_OPERATING_PG;
6324 				break;
6325 			case 0x82:
6326 				un->un_vpd_page_mask |= SD_VPD_ASCII_OP_PG;
6327 				break;
6328 			case 0x83:
6329 				un->un_vpd_page_mask |= SD_VPD_DEVID_WWN_PG;
6330 				break;
6331 			}
6332 			counter++;
6333 		}
6334 
6335 	} else {
6336 		rval = -1;
6337 
6338 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
6339 		    "sd_check_vpd_page_support: This drive does not implement "
6340 		    "VPD pages.\n");
6341 	}
6342 
6343 	kmem_free(page_list, page_length);
6344 
6345 	return (rval);
6346 }
6347 
6348 
6349 /*
6350  *    Function: sd_setup_pm
6351  *
6352  * Description: Initialize Power Management on the device
6353  *
6354  *     Context: Kernel Thread
6355  */
6356 
6357 static void
6358 sd_setup_pm(struct sd_lun *un, dev_info_t *devi)
6359 {
6360 	uint_t	log_page_size;
6361 	uchar_t	*log_page_data;
6362 	int	rval;
6363 
6364 	/*
6365 	 * Since we are called from attach, holding a mutex for
6366 	 * un is unnecessary. Because some of the routines called
6367 	 * from here require SD_MUTEX to not be held, assert this
6368 	 * right up front.
6369 	 */
6370 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6371 	/*
6372 	 * Since the sd device does not have the 'reg' property,
6373 	 * cpr will not call its DDI_SUSPEND/DDI_RESUME entries.
6374 	 * The following code is to tell cpr that this device
6375 	 * DOES need to be suspended and resumed.
6376 	 */
6377 	(void) ddi_prop_update_string(DDI_DEV_T_NONE, devi,
6378 	    "pm-hardware-state", "needs-suspend-resume");
6379 
6380 	/*
6381 	 * Check if HBA has set the "pm-capable" property.
6382 	 * If "pm-capable" exists and is non-zero then we can
6383 	 * power manage the device without checking the start/stop
6384 	 * cycle count log sense page.
6385 	 *
6386 	 * If "pm-capable" exists and is SD_PM_CAPABLE_FALSE (0)
6387 	 * then we should not power manage the device.
6388 	 *
6389 	 * If "pm-capable" doesn't exist then un->un_pm_capable_prop will
6390 	 * be set to SD_PM_CAPABLE_UNDEFINED (-1).  In this case, sd will
6391 	 * check the start/stop cycle count log sense page and power manage
6392 	 * the device if the cycle count limit has not been exceeded.
6393 	 */
6394 	un->un_pm_capable_prop =
6395 	    ddi_prop_get_int(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS,
6396 		"pm-capable", SD_PM_CAPABLE_UNDEFINED);
6397 	if (un->un_pm_capable_prop != SD_PM_CAPABLE_UNDEFINED) {
6398 		/*
6399 		 * pm-capable property exists.
6400 		 *
6401 		 * Convert "TRUE" values for un_pm_capable_prop to
6402 		 * SD_PM_CAPABLE_TRUE (1) to make it easier to check later.
6403 		 * "TRUE" values are any values except SD_PM_CAPABLE_FALSE (0)
6404 		 *  and SD_PM_CAPABLE_UNDEFINED (-1)
6405 		 */
6406 		if (un->un_pm_capable_prop != SD_PM_CAPABLE_FALSE) {
6407 			un->un_pm_capable_prop = SD_PM_CAPABLE_TRUE;
6408 		}
6409 
6410 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
6411 		    "sd_unit_attach: un:0x%p pm-capable "
6412 		    "property set to %d.\n", un, un->un_pm_capable_prop);
6413 	}
6414 
6415 	/*
6416 	 * This complies with the new power management framework
6417 	 * for certain desktop machines. Create the pm_components
6418 	 * property as a string array property.
6419 	 *
6420 	 * If this is a removable device or if the pm-capable property
6421 	 * is SD_PM_CAPABLE_TRUE (1) then we should create the
6422 	 * pm_components property without checking for the existance of
6423 	 * the start-stop cycle counter log page
6424 	 */
6425 	if (ISREMOVABLE(un) ||
6426 	    un->un_pm_capable_prop == SD_PM_CAPABLE_TRUE) {
6427 		/*
6428 		 * not all devices have a motor, try it first.
6429 		 * some devices may return ILLEGAL REQUEST, some
6430 		 * will hang
6431 		 */
6432 		un->un_f_start_stop_supported = TRUE;
6433 		if (sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
6434 		    SD_PATH_DIRECT) != 0) {
6435 			un->un_f_start_stop_supported = FALSE;
6436 		}
6437 
6438 		/*
6439 		 * create pm properties anyways otherwise the parent can't
6440 		 * go to sleep
6441 		 */
6442 		(void) sd_create_pm_components(devi, un);
6443 		un->un_f_pm_is_enabled = TRUE;
6444 
6445 		/*
6446 		 * Need to create a zero length (Boolean) property
6447 		 * removable-media for the removable media devices.
6448 		 * Note that the return value of the property is not being
6449 		 * checked, since if unable to create the property
6450 		 * then do not want the attach to fail altogether. Consistent
6451 		 * with other property creation in attach.
6452 		 */
6453 		if (ISREMOVABLE(un)) {
6454 			(void) ddi_prop_create(DDI_DEV_T_NONE, devi,
6455 			    DDI_PROP_CANSLEEP, "removable-media", NULL, 0);
6456 		}
6457 		return;
6458 	}
6459 
6460 	rval = sd_log_page_supported(un, START_STOP_CYCLE_PAGE);
6461 
6462 #ifdef	SDDEBUG
6463 	if (sd_force_pm_supported) {
6464 		/* Force a successful result */
6465 		rval = 1;
6466 	}
6467 #endif
6468 
6469 	/*
6470 	 * If the start-stop cycle counter log page is not supported
6471 	 * or if the pm-capable property is SD_PM_CAPABLE_FALSE (0)
6472 	 * then we should not create the pm_components property.
6473 	 */
6474 	if (rval == -1 || un->un_pm_capable_prop == SD_PM_CAPABLE_FALSE) {
6475 		/*
6476 		 * Error.
6477 		 * Reading log sense failed, most likely this is
6478 		 * an older drive that does not support log sense.
6479 		 * If this fails auto-pm is not supported.
6480 		 */
6481 		un->un_power_level = SD_SPINDLE_ON;
6482 		un->un_f_pm_is_enabled = FALSE;
6483 
6484 	} else if (rval == 0) {
6485 		/*
6486 		 * Page not found.
6487 		 * The start stop cycle counter is implemented as page
6488 		 * START_STOP_CYCLE_PAGE_VU_PAGE (0x31) in older disks. For
6489 		 * newer disks it is implemented as START_STOP_CYCLE_PAGE (0xE).
6490 		 */
6491 		if (sd_log_page_supported(un, START_STOP_CYCLE_VU_PAGE) == 1) {
6492 			/*
6493 			 * Page found, use this one.
6494 			 */
6495 			un->un_start_stop_cycle_page = START_STOP_CYCLE_VU_PAGE;
6496 			un->un_f_pm_is_enabled = TRUE;
6497 		} else {
6498 			/*
6499 			 * Error or page not found.
6500 			 * auto-pm is not supported for this device.
6501 			 */
6502 			un->un_power_level = SD_SPINDLE_ON;
6503 			un->un_f_pm_is_enabled = FALSE;
6504 		}
6505 	} else {
6506 		/*
6507 		 * Page found, use it.
6508 		 */
6509 		un->un_start_stop_cycle_page = START_STOP_CYCLE_PAGE;
6510 		un->un_f_pm_is_enabled = TRUE;
6511 	}
6512 
6513 
6514 	if (un->un_f_pm_is_enabled == TRUE) {
6515 		log_page_size = START_STOP_CYCLE_COUNTER_PAGE_SIZE;
6516 		log_page_data = kmem_zalloc(log_page_size, KM_SLEEP);
6517 
6518 		rval = sd_send_scsi_LOG_SENSE(un, log_page_data,
6519 		    log_page_size, un->un_start_stop_cycle_page,
6520 		    0x01, 0, SD_PATH_DIRECT);
6521 #ifdef	SDDEBUG
6522 		if (sd_force_pm_supported) {
6523 			/* Force a successful result */
6524 			rval = 0;
6525 		}
6526 #endif
6527 
6528 		/*
6529 		 * If the Log sense for Page( Start/stop cycle counter page)
6530 		 * succeeds, then power managment is supported and we can
6531 		 * enable auto-pm.
6532 		 */
6533 		if (rval == 0)  {
6534 			(void) sd_create_pm_components(devi, un);
6535 		} else {
6536 			un->un_power_level = SD_SPINDLE_ON;
6537 			un->un_f_pm_is_enabled = FALSE;
6538 		}
6539 
6540 		kmem_free(log_page_data, log_page_size);
6541 	}
6542 }
6543 
6544 
6545 /*
6546  *    Function: sd_create_pm_components
6547  *
6548  * Description: Initialize PM property.
6549  *
6550  *     Context: Kernel thread context
6551  */
6552 
6553 static void
6554 sd_create_pm_components(dev_info_t *devi, struct sd_lun *un)
6555 {
6556 	char *pm_comp[] = { "NAME=spindle-motor", "0=off", "1=on", NULL };
6557 
6558 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6559 
6560 	if (ddi_prop_update_string_array(DDI_DEV_T_NONE, devi,
6561 	    "pm-components", pm_comp, 3) == DDI_PROP_SUCCESS) {
6562 		/*
6563 		 * When components are initially created they are idle,
6564 		 * power up any non-removables.
6565 		 * Note: the return value of pm_raise_power can't be used
6566 		 * for determining if PM should be enabled for this device.
6567 		 * Even if you check the return values and remove this
6568 		 * property created above, the PM framework will not honor the
6569 		 * change after the first call to pm_raise_power. Hence,
6570 		 * removal of that property does not help if pm_raise_power
6571 		 * fails. In the case of removable media, the start/stop
6572 		 * will fail if the media is not present.
6573 		 */
6574 		if ((!ISREMOVABLE(un)) && (pm_raise_power(SD_DEVINFO(un), 0,
6575 		    SD_SPINDLE_ON) == DDI_SUCCESS)) {
6576 			mutex_enter(SD_MUTEX(un));
6577 			un->un_power_level = SD_SPINDLE_ON;
6578 			mutex_enter(&un->un_pm_mutex);
6579 			/* Set to on and not busy. */
6580 			un->un_pm_count = 0;
6581 		} else {
6582 			mutex_enter(SD_MUTEX(un));
6583 			un->un_power_level = SD_SPINDLE_OFF;
6584 			mutex_enter(&un->un_pm_mutex);
6585 			/* Set to off. */
6586 			un->un_pm_count = -1;
6587 		}
6588 		mutex_exit(&un->un_pm_mutex);
6589 		mutex_exit(SD_MUTEX(un));
6590 	} else {
6591 		un->un_power_level = SD_SPINDLE_ON;
6592 		un->un_f_pm_is_enabled = FALSE;
6593 	}
6594 }
6595 
6596 
6597 /*
6598  *    Function: sd_ddi_suspend
6599  *
6600  * Description: Performs system power-down operations. This includes
6601  *		setting the drive state to indicate its suspended so
6602  *		that no new commands will be accepted. Also, wait for
6603  *		all commands that are in transport or queued to a timer
6604  *		for retry to complete. All timeout threads are cancelled.
6605  *
6606  * Return Code: DDI_FAILURE or DDI_SUCCESS
6607  *
6608  *     Context: Kernel thread context
6609  */
6610 
6611 static int
6612 sd_ddi_suspend(dev_info_t *devi)
6613 {
6614 	struct	sd_lun	*un;
6615 	clock_t		wait_cmds_complete;
6616 
6617 	un = ddi_get_soft_state(sd_state, ddi_get_instance(devi));
6618 	if (un == NULL) {
6619 		return (DDI_FAILURE);
6620 	}
6621 
6622 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: entry\n");
6623 
6624 	mutex_enter(SD_MUTEX(un));
6625 
6626 	/* Return success if the device is already suspended. */
6627 	if (un->un_state == SD_STATE_SUSPENDED) {
6628 		mutex_exit(SD_MUTEX(un));
6629 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6630 		    "device already suspended, exiting\n");
6631 		return (DDI_SUCCESS);
6632 	}
6633 
6634 	/* Return failure if the device is being used by HA */
6635 	if (un->un_resvd_status &
6636 	    (SD_RESERVE | SD_WANT_RESERVE | SD_LOST_RESERVE)) {
6637 		mutex_exit(SD_MUTEX(un));
6638 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6639 		    "device in use by HA, exiting\n");
6640 		return (DDI_FAILURE);
6641 	}
6642 
6643 	/*
6644 	 * Return failure if the device is in a resource wait
6645 	 * or power changing state.
6646 	 */
6647 	if ((un->un_state == SD_STATE_RWAIT) ||
6648 	    (un->un_state == SD_STATE_PM_CHANGING)) {
6649 		mutex_exit(SD_MUTEX(un));
6650 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6651 		    "device in resource wait state, exiting\n");
6652 		return (DDI_FAILURE);
6653 	}
6654 
6655 
6656 	un->un_save_state = un->un_last_state;
6657 	New_state(un, SD_STATE_SUSPENDED);
6658 
6659 	/*
6660 	 * Wait for all commands that are in transport or queued to a timer
6661 	 * for retry to complete.
6662 	 *
6663 	 * While waiting, no new commands will be accepted or sent because of
6664 	 * the new state we set above.
6665 	 *
6666 	 * Wait till current operation has completed. If we are in the resource
6667 	 * wait state (with an intr outstanding) then we need to wait till the
6668 	 * intr completes and starts the next cmd. We want to wait for
6669 	 * SD_WAIT_CMDS_COMPLETE seconds before failing the DDI_SUSPEND.
6670 	 */
6671 	wait_cmds_complete = ddi_get_lbolt() +
6672 	    (sd_wait_cmds_complete * drv_usectohz(1000000));
6673 
6674 	while (un->un_ncmds_in_transport != 0) {
6675 		/*
6676 		 * Fail if commands do not finish in the specified time.
6677 		 */
6678 		if (cv_timedwait(&un->un_disk_busy_cv, SD_MUTEX(un),
6679 		    wait_cmds_complete) == -1) {
6680 			/*
6681 			 * Undo the state changes made above. Everything
6682 			 * must go back to it's original value.
6683 			 */
6684 			Restore_state(un);
6685 			un->un_last_state = un->un_save_state;
6686 			/* Wake up any threads that might be waiting. */
6687 			cv_broadcast(&un->un_suspend_cv);
6688 			mutex_exit(SD_MUTEX(un));
6689 			SD_ERROR(SD_LOG_IO_PM, un,
6690 			    "sd_ddi_suspend: failed due to outstanding cmds\n");
6691 			SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: exiting\n");
6692 			return (DDI_FAILURE);
6693 		}
6694 	}
6695 
6696 	/*
6697 	 * Cancel SCSI watch thread and timeouts, if any are active
6698 	 */
6699 
6700 	if (SD_OK_TO_SUSPEND_SCSI_WATCHER(un)) {
6701 		opaque_t temp_token = un->un_swr_token;
6702 		mutex_exit(SD_MUTEX(un));
6703 		scsi_watch_suspend(temp_token);
6704 		mutex_enter(SD_MUTEX(un));
6705 	}
6706 
6707 	if (un->un_reset_throttle_timeid != NULL) {
6708 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
6709 		un->un_reset_throttle_timeid = NULL;
6710 		mutex_exit(SD_MUTEX(un));
6711 		(void) untimeout(temp_id);
6712 		mutex_enter(SD_MUTEX(un));
6713 	}
6714 
6715 	if (un->un_dcvb_timeid != NULL) {
6716 		timeout_id_t temp_id = un->un_dcvb_timeid;
6717 		un->un_dcvb_timeid = NULL;
6718 		mutex_exit(SD_MUTEX(un));
6719 		(void) untimeout(temp_id);
6720 		mutex_enter(SD_MUTEX(un));
6721 	}
6722 
6723 	mutex_enter(&un->un_pm_mutex);
6724 	if (un->un_pm_timeid != NULL) {
6725 		timeout_id_t temp_id = un->un_pm_timeid;
6726 		un->un_pm_timeid = NULL;
6727 		mutex_exit(&un->un_pm_mutex);
6728 		mutex_exit(SD_MUTEX(un));
6729 		(void) untimeout(temp_id);
6730 		mutex_enter(SD_MUTEX(un));
6731 	} else {
6732 		mutex_exit(&un->un_pm_mutex);
6733 	}
6734 
6735 	if (un->un_retry_timeid != NULL) {
6736 		timeout_id_t temp_id = un->un_retry_timeid;
6737 		un->un_retry_timeid = NULL;
6738 		mutex_exit(SD_MUTEX(un));
6739 		(void) untimeout(temp_id);
6740 		mutex_enter(SD_MUTEX(un));
6741 	}
6742 
6743 	if (un->un_direct_priority_timeid != NULL) {
6744 		timeout_id_t temp_id = un->un_direct_priority_timeid;
6745 		un->un_direct_priority_timeid = NULL;
6746 		mutex_exit(SD_MUTEX(un));
6747 		(void) untimeout(temp_id);
6748 		mutex_enter(SD_MUTEX(un));
6749 	}
6750 
6751 	if (un->un_f_is_fibre == TRUE) {
6752 		/*
6753 		 * Remove callbacks for insert and remove events
6754 		 */
6755 		if (un->un_insert_event != NULL) {
6756 			mutex_exit(SD_MUTEX(un));
6757 			(void) ddi_remove_event_handler(un->un_insert_cb_id);
6758 			mutex_enter(SD_MUTEX(un));
6759 			un->un_insert_event = NULL;
6760 		}
6761 
6762 		if (un->un_remove_event != NULL) {
6763 			mutex_exit(SD_MUTEX(un));
6764 			(void) ddi_remove_event_handler(un->un_remove_cb_id);
6765 			mutex_enter(SD_MUTEX(un));
6766 			un->un_remove_event = NULL;
6767 		}
6768 	}
6769 
6770 	mutex_exit(SD_MUTEX(un));
6771 
6772 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: exit\n");
6773 
6774 	return (DDI_SUCCESS);
6775 }
6776 
6777 
6778 /*
6779  *    Function: sd_ddi_pm_suspend
6780  *
6781  * Description: Set the drive state to low power.
6782  *		Someone else is required to actually change the drive
6783  *		power level.
6784  *
6785  *   Arguments: un - driver soft state (unit) structure
6786  *
6787  * Return Code: DDI_FAILURE or DDI_SUCCESS
6788  *
6789  *     Context: Kernel thread context
6790  */
6791 
6792 static int
6793 sd_ddi_pm_suspend(struct sd_lun *un)
6794 {
6795 	ASSERT(un != NULL);
6796 	SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: entry\n");
6797 
6798 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6799 	mutex_enter(SD_MUTEX(un));
6800 
6801 	/*
6802 	 * Exit if power management is not enabled for this device, or if
6803 	 * the device is being used by HA.
6804 	 */
6805 	if ((un->un_f_pm_is_enabled == FALSE) || (un->un_resvd_status &
6806 	    (SD_RESERVE | SD_WANT_RESERVE | SD_LOST_RESERVE))) {
6807 		mutex_exit(SD_MUTEX(un));
6808 		SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: exiting\n");
6809 		return (DDI_SUCCESS);
6810 	}
6811 
6812 	SD_INFO(SD_LOG_POWER, un, "sd_ddi_pm_suspend: un_ncmds_in_driver=%ld\n",
6813 	    un->un_ncmds_in_driver);
6814 
6815 	/*
6816 	 * See if the device is not busy, ie.:
6817 	 *    - we have no commands in the driver for this device
6818 	 *    - not waiting for resources
6819 	 */
6820 	if ((un->un_ncmds_in_driver == 0) &&
6821 	    (un->un_state != SD_STATE_RWAIT)) {
6822 		/*
6823 		 * The device is not busy, so it is OK to go to low power state.
6824 		 * Indicate low power, but rely on someone else to actually
6825 		 * change it.
6826 		 */
6827 		mutex_enter(&un->un_pm_mutex);
6828 		un->un_pm_count = -1;
6829 		mutex_exit(&un->un_pm_mutex);
6830 		un->un_power_level = SD_SPINDLE_OFF;
6831 	}
6832 
6833 	mutex_exit(SD_MUTEX(un));
6834 
6835 	SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: exit\n");
6836 
6837 	return (DDI_SUCCESS);
6838 }
6839 
6840 
6841 /*
6842  *    Function: sd_ddi_resume
6843  *
6844  * Description: Performs system power-up operations..
6845  *
6846  * Return Code: DDI_SUCCESS
6847  *		DDI_FAILURE
6848  *
6849  *     Context: Kernel thread context
6850  */
6851 
6852 static int
6853 sd_ddi_resume(dev_info_t *devi)
6854 {
6855 	struct	sd_lun	*un;
6856 
6857 	un = ddi_get_soft_state(sd_state, ddi_get_instance(devi));
6858 	if (un == NULL) {
6859 		return (DDI_FAILURE);
6860 	}
6861 
6862 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_resume: entry\n");
6863 
6864 	mutex_enter(SD_MUTEX(un));
6865 	Restore_state(un);
6866 
6867 	/*
6868 	 * Restore the state which was saved to give the
6869 	 * the right state in un_last_state
6870 	 */
6871 	un->un_last_state = un->un_save_state;
6872 	/*
6873 	 * Note: throttle comes back at full.
6874 	 * Also note: this MUST be done before calling pm_raise_power
6875 	 * otherwise the system can get hung in biowait. The scenario where
6876 	 * this'll happen is under cpr suspend. Writing of the system
6877 	 * state goes through sddump, which writes 0 to un_throttle. If
6878 	 * writing the system state then fails, example if the partition is
6879 	 * too small, then cpr attempts a resume. If throttle isn't restored
6880 	 * from the saved value until after calling pm_raise_power then
6881 	 * cmds sent in sdpower are not transported and sd_send_scsi_cmd hangs
6882 	 * in biowait.
6883 	 */
6884 	un->un_throttle = un->un_saved_throttle;
6885 
6886 	/*
6887 	 * The chance of failure is very rare as the only command done in power
6888 	 * entry point is START command when you transition from 0->1 or
6889 	 * unknown->1. Put it to SPINDLE ON state irrespective of the state at
6890 	 * which suspend was done. Ignore the return value as the resume should
6891 	 * not be failed. In the case of removable media the media need not be
6892 	 * inserted and hence there is a chance that raise power will fail with
6893 	 * media not present.
6894 	 */
6895 	if (!ISREMOVABLE(un)) {
6896 		mutex_exit(SD_MUTEX(un));
6897 		(void) pm_raise_power(SD_DEVINFO(un), 0, SD_SPINDLE_ON);
6898 		mutex_enter(SD_MUTEX(un));
6899 	}
6900 
6901 	/*
6902 	 * Don't broadcast to the suspend cv and therefore possibly
6903 	 * start I/O until after power has been restored.
6904 	 */
6905 	cv_broadcast(&un->un_suspend_cv);
6906 	cv_broadcast(&un->un_state_cv);
6907 
6908 	/* restart thread */
6909 	if (SD_OK_TO_RESUME_SCSI_WATCHER(un)) {
6910 		scsi_watch_resume(un->un_swr_token);
6911 	}
6912 
6913 #if (defined(__fibre))
6914 	if (un->un_f_is_fibre == TRUE) {
6915 		/*
6916 		 * Add callbacks for insert and remove events
6917 		 */
6918 		if (strcmp(un->un_node_type, DDI_NT_BLOCK_CHAN)) {
6919 			sd_init_event_callbacks(un);
6920 		}
6921 	}
6922 #endif
6923 
6924 	/*
6925 	 * Transport any pending commands to the target.
6926 	 *
6927 	 * If this is a low-activity device commands in queue will have to wait
6928 	 * until new commands come in, which may take awhile. Also, we
6929 	 * specifically don't check un_ncmds_in_transport because we know that
6930 	 * there really are no commands in progress after the unit was
6931 	 * suspended and we could have reached the throttle level, been
6932 	 * suspended, and have no new commands coming in for awhile. Highly
6933 	 * unlikely, but so is the low-activity disk scenario.
6934 	 */
6935 	ddi_xbuf_dispatch(un->un_xbuf_attr);
6936 
6937 	sd_start_cmds(un, NULL);
6938 	mutex_exit(SD_MUTEX(un));
6939 
6940 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_resume: exit\n");
6941 
6942 	return (DDI_SUCCESS);
6943 }
6944 
6945 
6946 /*
6947  *    Function: sd_ddi_pm_resume
6948  *
6949  * Description: Set the drive state to powered on.
6950  *		Someone else is required to actually change the drive
6951  *		power level.
6952  *
6953  *   Arguments: un - driver soft state (unit) structure
6954  *
6955  * Return Code: DDI_SUCCESS
6956  *
6957  *     Context: Kernel thread context
6958  */
6959 
6960 static int
6961 sd_ddi_pm_resume(struct sd_lun *un)
6962 {
6963 	ASSERT(un != NULL);
6964 
6965 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6966 	mutex_enter(SD_MUTEX(un));
6967 	un->un_power_level = SD_SPINDLE_ON;
6968 
6969 	ASSERT(!mutex_owned(&un->un_pm_mutex));
6970 	mutex_enter(&un->un_pm_mutex);
6971 	if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
6972 		un->un_pm_count++;
6973 		ASSERT(un->un_pm_count == 0);
6974 		/*
6975 		 * Note: no longer do the cv_broadcast on un_suspend_cv. The
6976 		 * un_suspend_cv is for a system resume, not a power management
6977 		 * device resume. (4297749)
6978 		 *	 cv_broadcast(&un->un_suspend_cv);
6979 		 */
6980 	}
6981 	mutex_exit(&un->un_pm_mutex);
6982 	mutex_exit(SD_MUTEX(un));
6983 
6984 	return (DDI_SUCCESS);
6985 }
6986 
6987 
6988 /*
6989  *    Function: sd_pm_idletimeout_handler
6990  *
6991  * Description: A timer routine that's active only while a device is busy.
6992  *		The purpose is to extend slightly the pm framework's busy
6993  *		view of the device to prevent busy/idle thrashing for
6994  *		back-to-back commands. Do this by comparing the current time
6995  *		to the time at which the last command completed and when the
6996  *		difference is greater than sd_pm_idletime, call
6997  *		pm_idle_component. In addition to indicating idle to the pm
6998  *		framework, update the chain type to again use the internal pm
6999  *		layers of the driver.
7000  *
7001  *   Arguments: arg - driver soft state (unit) structure
7002  *
7003  *     Context: Executes in a timeout(9F) thread context
7004  */
7005 
7006 static void
7007 sd_pm_idletimeout_handler(void *arg)
7008 {
7009 	struct sd_lun *un = arg;
7010 
7011 	time_t	now;
7012 
7013 	mutex_enter(&sd_detach_mutex);
7014 	if (un->un_detach_count != 0) {
7015 		/* Abort if the instance is detaching */
7016 		mutex_exit(&sd_detach_mutex);
7017 		return;
7018 	}
7019 	mutex_exit(&sd_detach_mutex);
7020 
7021 	now = ddi_get_time();
7022 	/*
7023 	 * Grab both mutexes, in the proper order, since we're accessing
7024 	 * both PM and softstate variables.
7025 	 */
7026 	mutex_enter(SD_MUTEX(un));
7027 	mutex_enter(&un->un_pm_mutex);
7028 	if (((now - un->un_pm_idle_time) > sd_pm_idletime) &&
7029 	    (un->un_ncmds_in_driver == 0) && (un->un_pm_count == 0)) {
7030 		/*
7031 		 * Update the chain types.
7032 		 * This takes affect on the next new command received.
7033 		 */
7034 		if (ISREMOVABLE(un)) {
7035 			un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA;
7036 		} else {
7037 			un->un_buf_chain_type = SD_CHAIN_INFO_DISK;
7038 		}
7039 		un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD;
7040 
7041 		SD_TRACE(SD_LOG_IO_PM, un,
7042 		    "sd_pm_idletimeout_handler: idling device\n");
7043 		(void) pm_idle_component(SD_DEVINFO(un), 0);
7044 		un->un_pm_idle_timeid = NULL;
7045 	} else {
7046 		un->un_pm_idle_timeid =
7047 			timeout(sd_pm_idletimeout_handler, un,
7048 			(drv_usectohz((clock_t)300000))); /* 300 ms. */
7049 	}
7050 	mutex_exit(&un->un_pm_mutex);
7051 	mutex_exit(SD_MUTEX(un));
7052 }
7053 
7054 
7055 /*
7056  *    Function: sd_pm_timeout_handler
7057  *
7058  * Description: Callback to tell framework we are idle.
7059  *
7060  *     Context: timeout(9f) thread context.
7061  */
7062 
7063 static void
7064 sd_pm_timeout_handler(void *arg)
7065 {
7066 	struct sd_lun *un = arg;
7067 
7068 	(void) pm_idle_component(SD_DEVINFO(un), 0);
7069 	mutex_enter(&un->un_pm_mutex);
7070 	un->un_pm_timeid = NULL;
7071 	mutex_exit(&un->un_pm_mutex);
7072 }
7073 
7074 
7075 /*
7076  *    Function: sdpower
7077  *
7078  * Description: PM entry point.
7079  *
7080  * Return Code: DDI_SUCCESS
7081  *		DDI_FAILURE
7082  *
7083  *     Context: Kernel thread context
7084  */
7085 
7086 static int
7087 sdpower(dev_info_t *devi, int component, int level)
7088 {
7089 	struct sd_lun	*un;
7090 	int		instance;
7091 	int		rval = DDI_SUCCESS;
7092 	uint_t		i, log_page_size, maxcycles, ncycles;
7093 	uchar_t		*log_page_data;
7094 	int		log_sense_page;
7095 	int		medium_present;
7096 	time_t		intvlp;
7097 	dev_t		dev;
7098 	struct pm_trans_data	sd_pm_tran_data;
7099 	uchar_t		save_state;
7100 	int		sval;
7101 	uchar_t		state_before_pm;
7102 	int		got_semaphore_here;
7103 
7104 	instance = ddi_get_instance(devi);
7105 
7106 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
7107 	    (SD_SPINDLE_OFF > level) || (level > SD_SPINDLE_ON) ||
7108 	    component != 0) {
7109 		return (DDI_FAILURE);
7110 	}
7111 
7112 	dev = sd_make_device(SD_DEVINFO(un));
7113 
7114 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: entry, level = %d\n", level);
7115 
7116 	/*
7117 	 * Must synchronize power down with close.
7118 	 * Attempt to decrement/acquire the open/close semaphore,
7119 	 * but do NOT wait on it. If it's not greater than zero,
7120 	 * ie. it can't be decremented without waiting, then
7121 	 * someone else, either open or close, already has it
7122 	 * and the try returns 0. Use that knowledge here to determine
7123 	 * if it's OK to change the device power level.
7124 	 * Also, only increment it on exit if it was decremented, ie. gotten,
7125 	 * here.
7126 	 */
7127 	got_semaphore_here = sema_tryp(&un->un_semoclose);
7128 
7129 	mutex_enter(SD_MUTEX(un));
7130 
7131 	SD_INFO(SD_LOG_POWER, un, "sdpower: un_ncmds_in_driver = %ld\n",
7132 	    un->un_ncmds_in_driver);
7133 
7134 	/*
7135 	 * If un_ncmds_in_driver is non-zero it indicates commands are
7136 	 * already being processed in the driver, or if the semaphore was
7137 	 * not gotten here it indicates an open or close is being processed.
7138 	 * At the same time somebody is requesting to go low power which
7139 	 * can't happen, therefore we need to return failure.
7140 	 */
7141 	if ((level == SD_SPINDLE_OFF) &&
7142 	    ((un->un_ncmds_in_driver != 0) || (got_semaphore_here == 0))) {
7143 		mutex_exit(SD_MUTEX(un));
7144 
7145 		if (got_semaphore_here != 0) {
7146 			sema_v(&un->un_semoclose);
7147 		}
7148 		SD_TRACE(SD_LOG_IO_PM, un,
7149 		    "sdpower: exit, device has queued cmds.\n");
7150 		return (DDI_FAILURE);
7151 	}
7152 
7153 	/*
7154 	 * if it is OFFLINE that means the disk is completely dead
7155 	 * in our case we have to put the disk in on or off by sending commands
7156 	 * Of course that will fail anyway so return back here.
7157 	 *
7158 	 * Power changes to a device that's OFFLINE or SUSPENDED
7159 	 * are not allowed.
7160 	 */
7161 	if ((un->un_state == SD_STATE_OFFLINE) ||
7162 	    (un->un_state == SD_STATE_SUSPENDED)) {
7163 		mutex_exit(SD_MUTEX(un));
7164 
7165 		if (got_semaphore_here != 0) {
7166 			sema_v(&un->un_semoclose);
7167 		}
7168 		SD_TRACE(SD_LOG_IO_PM, un,
7169 		    "sdpower: exit, device is off-line.\n");
7170 		return (DDI_FAILURE);
7171 	}
7172 
7173 	/*
7174 	 * Change the device's state to indicate it's power level
7175 	 * is being changed. Do this to prevent a power off in the
7176 	 * middle of commands, which is especially bad on devices
7177 	 * that are really powered off instead of just spun down.
7178 	 */
7179 	state_before_pm = un->un_state;
7180 	un->un_state = SD_STATE_PM_CHANGING;
7181 
7182 	mutex_exit(SD_MUTEX(un));
7183 
7184 	/*
7185 	 * Bypass checking the log sense information for removables
7186 	 * and devices for which the HBA set the pm-capable property.
7187 	 * If un->un_pm_capable_prop is SD_PM_CAPABLE_UNDEFINED (-1)
7188 	 * then the HBA did not create the property.
7189 	 */
7190 	if ((level == SD_SPINDLE_OFF) && (!ISREMOVABLE(un)) &&
7191 	    un->un_pm_capable_prop == SD_PM_CAPABLE_UNDEFINED) {
7192 		/*
7193 		 * Get the log sense information to understand whether the
7194 		 * the powercycle counts have gone beyond the threshhold.
7195 		 */
7196 		log_page_size = START_STOP_CYCLE_COUNTER_PAGE_SIZE;
7197 		log_page_data = kmem_zalloc(log_page_size, KM_SLEEP);
7198 
7199 		mutex_enter(SD_MUTEX(un));
7200 		log_sense_page = un->un_start_stop_cycle_page;
7201 		mutex_exit(SD_MUTEX(un));
7202 
7203 		rval = sd_send_scsi_LOG_SENSE(un, log_page_data,
7204 		    log_page_size, log_sense_page, 0x01, 0, SD_PATH_DIRECT);
7205 #ifdef	SDDEBUG
7206 		if (sd_force_pm_supported) {
7207 			/* Force a successful result */
7208 			rval = 0;
7209 		}
7210 #endif
7211 		if (rval != 0) {
7212 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
7213 			    "Log Sense Failed\n");
7214 			kmem_free(log_page_data, log_page_size);
7215 			/* Cannot support power management on those drives */
7216 
7217 			if (got_semaphore_here != 0) {
7218 				sema_v(&un->un_semoclose);
7219 			}
7220 			/*
7221 			 * On exit put the state back to it's original value
7222 			 * and broadcast to anyone waiting for the power
7223 			 * change completion.
7224 			 */
7225 			mutex_enter(SD_MUTEX(un));
7226 			un->un_state = state_before_pm;
7227 			cv_broadcast(&un->un_suspend_cv);
7228 			mutex_exit(SD_MUTEX(un));
7229 			SD_TRACE(SD_LOG_IO_PM, un,
7230 			    "sdpower: exit, Log Sense Failed.\n");
7231 			return (DDI_FAILURE);
7232 		}
7233 
7234 		/*
7235 		 * From the page data - Convert the essential information to
7236 		 * pm_trans_data
7237 		 */
7238 		maxcycles =
7239 		    (log_page_data[0x1c] << 24) | (log_page_data[0x1d] << 16) |
7240 		    (log_page_data[0x1E] << 8)  | log_page_data[0x1F];
7241 
7242 		sd_pm_tran_data.un.scsi_cycles.lifemax = maxcycles;
7243 
7244 		ncycles =
7245 		    (log_page_data[0x24] << 24) | (log_page_data[0x25] << 16) |
7246 		    (log_page_data[0x26] << 8)  | log_page_data[0x27];
7247 
7248 		sd_pm_tran_data.un.scsi_cycles.ncycles = ncycles;
7249 
7250 		for (i = 0; i < DC_SCSI_MFR_LEN; i++) {
7251 			sd_pm_tran_data.un.scsi_cycles.svc_date[i] =
7252 			    log_page_data[8+i];
7253 		}
7254 
7255 		kmem_free(log_page_data, log_page_size);
7256 
7257 		/*
7258 		 * Call pm_trans_check routine to get the Ok from
7259 		 * the global policy
7260 		 */
7261 
7262 		sd_pm_tran_data.format = DC_SCSI_FORMAT;
7263 		sd_pm_tran_data.un.scsi_cycles.flag = 0;
7264 
7265 		rval = pm_trans_check(&sd_pm_tran_data, &intvlp);
7266 #ifdef	SDDEBUG
7267 		if (sd_force_pm_supported) {
7268 			/* Force a successful result */
7269 			rval = 1;
7270 		}
7271 #endif
7272 		switch (rval) {
7273 		case 0:
7274 			/*
7275 			 * Not Ok to Power cycle or error in parameters passed
7276 			 * Would have given the advised time to consider power
7277 			 * cycle. Based on the new intvlp parameter we are
7278 			 * supposed to pretend we are busy so that pm framework
7279 			 * will never call our power entry point. Because of
7280 			 * that install a timeout handler and wait for the
7281 			 * recommended time to elapse so that power management
7282 			 * can be effective again.
7283 			 *
7284 			 * To effect this behavior, call pm_busy_component to
7285 			 * indicate to the framework this device is busy.
7286 			 * By not adjusting un_pm_count the rest of PM in
7287 			 * the driver will function normally, and independant
7288 			 * of this but because the framework is told the device
7289 			 * is busy it won't attempt powering down until it gets
7290 			 * a matching idle. The timeout handler sends this.
7291 			 * Note: sd_pm_entry can't be called here to do this
7292 			 * because sdpower may have been called as a result
7293 			 * of a call to pm_raise_power from within sd_pm_entry.
7294 			 *
7295 			 * If a timeout handler is already active then
7296 			 * don't install another.
7297 			 */
7298 			mutex_enter(&un->un_pm_mutex);
7299 			if (un->un_pm_timeid == NULL) {
7300 				un->un_pm_timeid =
7301 				    timeout(sd_pm_timeout_handler,
7302 				    un, intvlp * drv_usectohz(1000000));
7303 				mutex_exit(&un->un_pm_mutex);
7304 				(void) pm_busy_component(SD_DEVINFO(un), 0);
7305 			} else {
7306 				mutex_exit(&un->un_pm_mutex);
7307 			}
7308 			if (got_semaphore_here != 0) {
7309 				sema_v(&un->un_semoclose);
7310 			}
7311 			/*
7312 			 * On exit put the state back to it's original value
7313 			 * and broadcast to anyone waiting for the power
7314 			 * change completion.
7315 			 */
7316 			mutex_enter(SD_MUTEX(un));
7317 			un->un_state = state_before_pm;
7318 			cv_broadcast(&un->un_suspend_cv);
7319 			mutex_exit(SD_MUTEX(un));
7320 
7321 			SD_TRACE(SD_LOG_IO_PM, un, "sdpower: exit, "
7322 			    "trans check Failed, not ok to power cycle.\n");
7323 			return (DDI_FAILURE);
7324 
7325 		case -1:
7326 			if (got_semaphore_here != 0) {
7327 				sema_v(&un->un_semoclose);
7328 			}
7329 			/*
7330 			 * On exit put the state back to it's original value
7331 			 * and broadcast to anyone waiting for the power
7332 			 * change completion.
7333 			 */
7334 			mutex_enter(SD_MUTEX(un));
7335 			un->un_state = state_before_pm;
7336 			cv_broadcast(&un->un_suspend_cv);
7337 			mutex_exit(SD_MUTEX(un));
7338 			SD_TRACE(SD_LOG_IO_PM, un,
7339 			    "sdpower: exit, trans check command Failed.\n");
7340 			return (DDI_FAILURE);
7341 		}
7342 	}
7343 
7344 	if (level == SD_SPINDLE_OFF) {
7345 		/*
7346 		 * Save the last state... if the STOP FAILS we need it
7347 		 * for restoring
7348 		 */
7349 		mutex_enter(SD_MUTEX(un));
7350 		save_state = un->un_last_state;
7351 		/*
7352 		 * There must not be any cmds. getting processed
7353 		 * in the driver when we get here. Power to the
7354 		 * device is potentially going off.
7355 		 */
7356 		ASSERT(un->un_ncmds_in_driver == 0);
7357 		mutex_exit(SD_MUTEX(un));
7358 
7359 		/*
7360 		 * For now suspend the device completely before spindle is
7361 		 * turned off
7362 		 */
7363 		if ((rval = sd_ddi_pm_suspend(un)) == DDI_FAILURE) {
7364 			if (got_semaphore_here != 0) {
7365 				sema_v(&un->un_semoclose);
7366 			}
7367 			/*
7368 			 * On exit put the state back to it's original value
7369 			 * and broadcast to anyone waiting for the power
7370 			 * change completion.
7371 			 */
7372 			mutex_enter(SD_MUTEX(un));
7373 			un->un_state = state_before_pm;
7374 			cv_broadcast(&un->un_suspend_cv);
7375 			mutex_exit(SD_MUTEX(un));
7376 			SD_TRACE(SD_LOG_IO_PM, un,
7377 			    "sdpower: exit, PM suspend Failed.\n");
7378 			return (DDI_FAILURE);
7379 		}
7380 	}
7381 
7382 	/*
7383 	 * The transition from SPINDLE_OFF to SPINDLE_ON can happen in open,
7384 	 * close, or strategy. Dump no long uses this routine, it uses it's
7385 	 * own code so it can be done in polled mode.
7386 	 */
7387 
7388 	medium_present = TRUE;
7389 
7390 	/*
7391 	 * When powering up, issue a TUR in case the device is at unit
7392 	 * attention.  Don't do retries. Bypass the PM layer, otherwise
7393 	 * a deadlock on un_pm_busy_cv will occur.
7394 	 */
7395 	if (level == SD_SPINDLE_ON) {
7396 		(void) sd_send_scsi_TEST_UNIT_READY(un,
7397 		    SD_DONT_RETRY_TUR | SD_BYPASS_PM);
7398 	}
7399 
7400 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: sending \'%s\' unit\n",
7401 	    ((level == SD_SPINDLE_ON) ? "START" : "STOP"));
7402 
7403 	sval = sd_send_scsi_START_STOP_UNIT(un,
7404 	    ((level == SD_SPINDLE_ON) ? SD_TARGET_START : SD_TARGET_STOP),
7405 	    SD_PATH_DIRECT);
7406 	/* Command failed, check for media present. */
7407 	if ((sval == ENXIO) && ISREMOVABLE(un)) {
7408 		medium_present = FALSE;
7409 	}
7410 
7411 	/*
7412 	 * The conditions of interest here are:
7413 	 *   if a spindle off with media present fails,
7414 	 *	then restore the state and return an error.
7415 	 *   else if a spindle on fails,
7416 	 *	then return an error (there's no state to restore).
7417 	 * In all other cases we setup for the new state
7418 	 * and return success.
7419 	 */
7420 	switch (level) {
7421 	case SD_SPINDLE_OFF:
7422 		if ((medium_present == TRUE) && (sval != 0)) {
7423 			/* The stop command from above failed */
7424 			rval = DDI_FAILURE;
7425 			/*
7426 			 * The stop command failed, and we have media
7427 			 * present. Put the level back by calling the
7428 			 * sd_pm_resume() and set the state back to
7429 			 * it's previous value.
7430 			 */
7431 			(void) sd_ddi_pm_resume(un);
7432 			mutex_enter(SD_MUTEX(un));
7433 			un->un_last_state = save_state;
7434 			mutex_exit(SD_MUTEX(un));
7435 			break;
7436 		}
7437 		/*
7438 		 * The stop command from above succeeded.
7439 		 */
7440 		if (ISREMOVABLE(un)) {
7441 			/*
7442 			 * Terminate watch thread in case of removable media
7443 			 * devices going into low power state. This is as per
7444 			 * the requirements of pm framework, otherwise commands
7445 			 * will be generated for the device (through watch
7446 			 * thread), even when the device is in low power state.
7447 			 */
7448 			mutex_enter(SD_MUTEX(un));
7449 			un->un_f_watcht_stopped = FALSE;
7450 			if (un->un_swr_token != NULL) {
7451 				opaque_t temp_token = un->un_swr_token;
7452 				un->un_f_watcht_stopped = TRUE;
7453 				un->un_swr_token = NULL;
7454 				mutex_exit(SD_MUTEX(un));
7455 				(void) scsi_watch_request_terminate(temp_token,
7456 				    SCSI_WATCH_TERMINATE_WAIT);
7457 			} else {
7458 				mutex_exit(SD_MUTEX(un));
7459 			}
7460 		}
7461 		break;
7462 
7463 	default:	/* The level requested is spindle on... */
7464 		/*
7465 		 * Legacy behavior: return success on a failed spinup
7466 		 * if there is no media in the drive.
7467 		 * Do this by looking at medium_present here.
7468 		 */
7469 		if ((sval != 0) && medium_present) {
7470 			/* The start command from above failed */
7471 			rval = DDI_FAILURE;
7472 			break;
7473 		}
7474 		/*
7475 		 * The start command from above succeeded
7476 		 * Resume the devices now that we have
7477 		 * started the disks
7478 		 */
7479 		(void) sd_ddi_pm_resume(un);
7480 
7481 		/*
7482 		 * Resume the watch thread since it was suspended
7483 		 * when the device went into low power mode.
7484 		 */
7485 		if (ISREMOVABLE(un)) {
7486 			mutex_enter(SD_MUTEX(un));
7487 			if (un->un_f_watcht_stopped == TRUE) {
7488 				opaque_t temp_token;
7489 
7490 				un->un_f_watcht_stopped = FALSE;
7491 				mutex_exit(SD_MUTEX(un));
7492 				temp_token = scsi_watch_request_submit(
7493 				    SD_SCSI_DEVP(un),
7494 				    sd_check_media_time,
7495 				    SENSE_LENGTH, sd_media_watch_cb,
7496 				    (caddr_t)dev);
7497 				mutex_enter(SD_MUTEX(un));
7498 				un->un_swr_token = temp_token;
7499 			}
7500 			mutex_exit(SD_MUTEX(un));
7501 		}
7502 	}
7503 	if (got_semaphore_here != 0) {
7504 		sema_v(&un->un_semoclose);
7505 	}
7506 	/*
7507 	 * On exit put the state back to it's original value
7508 	 * and broadcast to anyone waiting for the power
7509 	 * change completion.
7510 	 */
7511 	mutex_enter(SD_MUTEX(un));
7512 	un->un_state = state_before_pm;
7513 	cv_broadcast(&un->un_suspend_cv);
7514 	mutex_exit(SD_MUTEX(un));
7515 
7516 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: exit, status = 0x%x\n", rval);
7517 
7518 	return (rval);
7519 }
7520 
7521 
7522 
7523 /*
7524  *    Function: sdattach
7525  *
7526  * Description: Driver's attach(9e) entry point function.
7527  *
7528  *   Arguments: devi - opaque device info handle
7529  *		cmd  - attach  type
7530  *
7531  * Return Code: DDI_SUCCESS
7532  *		DDI_FAILURE
7533  *
7534  *     Context: Kernel thread context
7535  */
7536 
7537 static int
7538 sdattach(dev_info_t *devi, ddi_attach_cmd_t cmd)
7539 {
7540 	switch (cmd) {
7541 	case DDI_ATTACH:
7542 		return (sd_unit_attach(devi));
7543 	case DDI_RESUME:
7544 		return (sd_ddi_resume(devi));
7545 	default:
7546 		break;
7547 	}
7548 	return (DDI_FAILURE);
7549 }
7550 
7551 
7552 /*
7553  *    Function: sddetach
7554  *
7555  * Description: Driver's detach(9E) entry point function.
7556  *
7557  *   Arguments: devi - opaque device info handle
7558  *		cmd  - detach  type
7559  *
7560  * Return Code: DDI_SUCCESS
7561  *		DDI_FAILURE
7562  *
7563  *     Context: Kernel thread context
7564  */
7565 
7566 static int
7567 sddetach(dev_info_t *devi, ddi_detach_cmd_t cmd)
7568 {
7569 	switch (cmd) {
7570 	case DDI_DETACH:
7571 		return (sd_unit_detach(devi));
7572 	case DDI_SUSPEND:
7573 		return (sd_ddi_suspend(devi));
7574 	default:
7575 		break;
7576 	}
7577 	return (DDI_FAILURE);
7578 }
7579 
7580 
7581 /*
7582  *     Function: sd_sync_with_callback
7583  *
7584  *  Description: Prevents sd_unit_attach or sd_unit_detach from freeing the soft
7585  *		 state while the callback routine is active.
7586  *
7587  *    Arguments: un: softstate structure for the instance
7588  *
7589  *	Context: Kernel thread context
7590  */
7591 
7592 static void
7593 sd_sync_with_callback(struct sd_lun *un)
7594 {
7595 	ASSERT(un != NULL);
7596 
7597 	mutex_enter(SD_MUTEX(un));
7598 
7599 	ASSERT(un->un_in_callback >= 0);
7600 
7601 	while (un->un_in_callback > 0) {
7602 		mutex_exit(SD_MUTEX(un));
7603 		delay(2);
7604 		mutex_enter(SD_MUTEX(un));
7605 	}
7606 
7607 	mutex_exit(SD_MUTEX(un));
7608 }
7609 
7610 /*
7611  *    Function: sd_unit_attach
7612  *
7613  * Description: Performs DDI_ATTACH processing for sdattach(). Allocates
7614  *		the soft state structure for the device and performs
7615  *		all necessary structure and device initializations.
7616  *
7617  *   Arguments: devi: the system's dev_info_t for the device.
7618  *
7619  * Return Code: DDI_SUCCESS if attach is successful.
7620  *		DDI_FAILURE if any part of the attach fails.
7621  *
7622  *     Context: Called at attach(9e) time for the DDI_ATTACH flag.
7623  *		Kernel thread context only.  Can sleep.
7624  */
7625 
7626 static int
7627 sd_unit_attach(dev_info_t *devi)
7628 {
7629 	struct	scsi_device	*devp;
7630 	struct	sd_lun		*un;
7631 	char			*variantp;
7632 	int	reservation_flag = SD_TARGET_IS_UNRESERVED;
7633 	int	instance;
7634 	int	rval;
7635 	int	wc_enabled;
7636 	uint64_t	capacity;
7637 	uint_t		lbasize;
7638 
7639 	/*
7640 	 * Retrieve the target driver's private data area. This was set
7641 	 * up by the HBA.
7642 	 */
7643 	devp = ddi_get_driver_private(devi);
7644 
7645 	/*
7646 	 * Since we have no idea what state things were left in by the last
7647 	 * user of the device, set up some 'default' settings, ie. turn 'em
7648 	 * off. The scsi_ifsetcap calls force re-negotiations with the drive.
7649 	 * Do this before the scsi_probe, which sends an inquiry.
7650 	 * This is a fix for bug (4430280).
7651 	 * Of special importance is wide-xfer. The drive could have been left
7652 	 * in wide transfer mode by the last driver to communicate with it,
7653 	 * this includes us. If that's the case, and if the following is not
7654 	 * setup properly or we don't re-negotiate with the drive prior to
7655 	 * transferring data to/from the drive, it causes bus parity errors,
7656 	 * data overruns, and unexpected interrupts. This first occurred when
7657 	 * the fix for bug (4378686) was made.
7658 	 */
7659 	(void) scsi_ifsetcap(&devp->sd_address, "lun-reset", 0, 1);
7660 	(void) scsi_ifsetcap(&devp->sd_address, "wide-xfer", 0, 1);
7661 	(void) scsi_ifsetcap(&devp->sd_address, "tagged-qing", 0, 1);
7662 	(void) scsi_ifsetcap(&devp->sd_address, "auto-rqsense", 0, 1);
7663 
7664 	/*
7665 	 * Use scsi_probe() to issue an INQUIRY command to the device.
7666 	 * This call will allocate and fill in the scsi_inquiry structure
7667 	 * and point the sd_inq member of the scsi_device structure to it.
7668 	 * If the attach succeeds, then this memory will not be de-allocated
7669 	 * (via scsi_unprobe()) until the instance is detached.
7670 	 */
7671 	if (scsi_probe(devp, SLEEP_FUNC) != SCSIPROBE_EXISTS) {
7672 		goto probe_failed;
7673 	}
7674 
7675 	/*
7676 	 * Check the device type as specified in the inquiry data and
7677 	 * claim it if it is of a type that we support.
7678 	 */
7679 	switch (devp->sd_inq->inq_dtype) {
7680 	case DTYPE_DIRECT:
7681 		break;
7682 	case DTYPE_RODIRECT:
7683 		break;
7684 	case DTYPE_OPTICAL:
7685 		break;
7686 	case DTYPE_NOTPRESENT:
7687 	default:
7688 		/* Unsupported device type; fail the attach. */
7689 		goto probe_failed;
7690 	}
7691 
7692 	/*
7693 	 * Allocate the soft state structure for this unit.
7694 	 *
7695 	 * We rely upon this memory being set to all zeroes by
7696 	 * ddi_soft_state_zalloc().  We assume that any member of the
7697 	 * soft state structure that is not explicitly initialized by
7698 	 * this routine will have a value of zero.
7699 	 */
7700 	instance = ddi_get_instance(devp->sd_dev);
7701 	if (ddi_soft_state_zalloc(sd_state, instance) != DDI_SUCCESS) {
7702 		goto probe_failed;
7703 	}
7704 
7705 	/*
7706 	 * Retrieve a pointer to the newly-allocated soft state.
7707 	 *
7708 	 * This should NEVER fail if the ddi_soft_state_zalloc() call above
7709 	 * was successful, unless something has gone horribly wrong and the
7710 	 * ddi's soft state internals are corrupt (in which case it is
7711 	 * probably better to halt here than just fail the attach....)
7712 	 */
7713 	if ((un = ddi_get_soft_state(sd_state, instance)) == NULL) {
7714 		panic("sd_unit_attach: NULL soft state on instance:0x%x",
7715 		    instance);
7716 		/*NOTREACHED*/
7717 	}
7718 
7719 	/*
7720 	 * Link the back ptr of the driver soft state to the scsi_device
7721 	 * struct for this lun.
7722 	 * Save a pointer to the softstate in the driver-private area of
7723 	 * the scsi_device struct.
7724 	 * Note: We cannot call SD_INFO, SD_TRACE, SD_ERROR, or SD_DIAG until
7725 	 * we first set un->un_sd below.
7726 	 */
7727 	un->un_sd = devp;
7728 	devp->sd_private = (opaque_t)un;
7729 
7730 	/*
7731 	 * The following must be after devp is stored in the soft state struct.
7732 	 */
7733 #ifdef SDDEBUG
7734 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
7735 	    "%s_unit_attach: un:0x%p instance:%d\n",
7736 	    ddi_driver_name(devi), un, instance);
7737 #endif
7738 
7739 	/*
7740 	 * Set up the device type and node type (for the minor nodes).
7741 	 * By default we assume that the device can at least support the
7742 	 * Common Command Set. Call it a CD-ROM if it reports itself
7743 	 * as a RODIRECT device.
7744 	 */
7745 	switch (devp->sd_inq->inq_dtype) {
7746 	case DTYPE_RODIRECT:
7747 		un->un_node_type = DDI_NT_CD_CHAN;
7748 		un->un_ctype	 = CTYPE_CDROM;
7749 		break;
7750 	case DTYPE_OPTICAL:
7751 		un->un_node_type = DDI_NT_BLOCK_CHAN;
7752 		un->un_ctype	 = CTYPE_ROD;
7753 		break;
7754 	default:
7755 		un->un_node_type = DDI_NT_BLOCK_CHAN;
7756 		un->un_ctype	 = CTYPE_CCS;
7757 		break;
7758 	}
7759 
7760 	/*
7761 	 * Try to read the interconnect type from the HBA.
7762 	 *
7763 	 * Note: This driver is currently compiled as two binaries, a parallel
7764 	 * scsi version (sd) and a fibre channel version (ssd). All functional
7765 	 * differences are determined at compile time. In the future a single
7766 	 * binary will be provided and the inteconnect type will be used to
7767 	 * differentiate between fibre and parallel scsi behaviors. At that time
7768 	 * it will be necessary for all fibre channel HBAs to support this
7769 	 * property.
7770 	 *
7771 	 * set un_f_is_fiber to TRUE ( default fiber )
7772 	 */
7773 	un->un_f_is_fibre = TRUE;
7774 	switch (scsi_ifgetcap(SD_ADDRESS(un), "interconnect-type", -1)) {
7775 	case INTERCONNECT_SSA:
7776 		un->un_interconnect_type = SD_INTERCONNECT_SSA;
7777 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7778 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_SSA\n", un);
7779 		break;
7780 	case INTERCONNECT_PARALLEL:
7781 		un->un_f_is_fibre = FALSE;
7782 		un->un_interconnect_type = SD_INTERCONNECT_PARALLEL;
7783 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7784 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_PARALLEL\n", un);
7785 		break;
7786 	case INTERCONNECT_FIBRE:
7787 		un->un_interconnect_type = SD_INTERCONNECT_FIBRE;
7788 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7789 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_FIBRE\n", un);
7790 		break;
7791 	case INTERCONNECT_FABRIC:
7792 		un->un_interconnect_type = SD_INTERCONNECT_FABRIC;
7793 		un->un_node_type = DDI_NT_BLOCK_FABRIC;
7794 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7795 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_FABRIC\n", un);
7796 		break;
7797 	default:
7798 #ifdef SD_DEFAULT_INTERCONNECT_TYPE
7799 		/*
7800 		 * The HBA does not support the "interconnect-type" property
7801 		 * (or did not provide a recognized type).
7802 		 *
7803 		 * Note: This will be obsoleted when a single fibre channel
7804 		 * and parallel scsi driver is delivered. In the meantime the
7805 		 * interconnect type will be set to the platform default.If that
7806 		 * type is not parallel SCSI, it means that we should be
7807 		 * assuming "ssd" semantics. However, here this also means that
7808 		 * the FC HBA is not supporting the "interconnect-type" property
7809 		 * like we expect it to, so log this occurrence.
7810 		 */
7811 		un->un_interconnect_type = SD_DEFAULT_INTERCONNECT_TYPE;
7812 		if (!SD_IS_PARALLEL_SCSI(un)) {
7813 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7814 			    "sd_unit_attach: un:0x%p Assuming "
7815 			    "INTERCONNECT_FIBRE\n", un);
7816 		} else {
7817 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7818 			    "sd_unit_attach: un:0x%p Assuming "
7819 			    "INTERCONNECT_PARALLEL\n", un);
7820 			un->un_f_is_fibre = FALSE;
7821 		}
7822 #else
7823 		/*
7824 		 * Note: This source will be implemented when a single fibre
7825 		 * channel and parallel scsi driver is delivered. The default
7826 		 * will be to assume that if a device does not support the
7827 		 * "interconnect-type" property it is a parallel SCSI HBA and
7828 		 * we will set the interconnect type for parallel scsi.
7829 		 */
7830 		un->un_interconnect_type = SD_INTERCONNECT_PARALLEL;
7831 		un->un_f_is_fibre = FALSE;
7832 #endif
7833 		break;
7834 	}
7835 
7836 	if (un->un_f_is_fibre == TRUE) {
7837 		if (scsi_ifgetcap(SD_ADDRESS(un), "scsi-version", 1) ==
7838 			SCSI_VERSION_3) {
7839 			switch (un->un_interconnect_type) {
7840 			case SD_INTERCONNECT_FIBRE:
7841 			case SD_INTERCONNECT_SSA:
7842 				un->un_node_type = DDI_NT_BLOCK_WWN;
7843 				break;
7844 			default:
7845 				break;
7846 			}
7847 		}
7848 	}
7849 
7850 	/*
7851 	 * Initialize the Request Sense command for the target
7852 	 */
7853 	if (sd_alloc_rqs(devp, un) != DDI_SUCCESS) {
7854 		goto alloc_rqs_failed;
7855 	}
7856 
7857 	/*
7858 	 * Set un_retry_count with SD_RETRY_COUNT, this is ok for Sparc
7859 	 * with seperate binary for sd and ssd.
7860 	 *
7861 	 * x86 has 1 binary, un_retry_count is set base on connection type.
7862 	 * The hardcoded values will go away when Sparc uses 1 binary
7863 	 * for sd and ssd.  This hardcoded values need to match
7864 	 * SD_RETRY_COUNT in sddef.h
7865 	 * The value used is base on interconnect type.
7866 	 * fibre = 3, parallel = 5
7867 	 */
7868 #if defined(__i386) || defined(__amd64)
7869 	un->un_retry_count = un->un_f_is_fibre ? 3 : 5;
7870 #else
7871 	un->un_retry_count = SD_RETRY_COUNT;
7872 #endif
7873 
7874 	/*
7875 	 * Set the per disk retry count to the default number of retries
7876 	 * for disks and CDROMs. This value can be overridden by the
7877 	 * disk property list or an entry in sd.conf.
7878 	 */
7879 	un->un_notready_retry_count =
7880 	    ISCD(un) ? CD_NOT_READY_RETRY_COUNT(un)
7881 			: DISK_NOT_READY_RETRY_COUNT(un);
7882 
7883 	/*
7884 	 * Set the busy retry count to the default value of un_retry_count.
7885 	 * This can be overridden by entries in sd.conf or the device
7886 	 * config table.
7887 	 */
7888 	un->un_busy_retry_count = un->un_retry_count;
7889 
7890 	/*
7891 	 * Init the reset threshold for retries.  This number determines
7892 	 * how many retries must be performed before a reset can be issued
7893 	 * (for certain error conditions). This can be overridden by entries
7894 	 * in sd.conf or the device config table.
7895 	 */
7896 	un->un_reset_retry_count = (un->un_retry_count / 2);
7897 
7898 	/*
7899 	 * Set the victim_retry_count to the default un_retry_count
7900 	 */
7901 	un->un_victim_retry_count = (2 * un->un_retry_count);
7902 
7903 	/*
7904 	 * Set the reservation release timeout to the default value of
7905 	 * 5 seconds. This can be overridden by entries in ssd.conf or the
7906 	 * device config table.
7907 	 */
7908 	un->un_reserve_release_time = 5;
7909 
7910 	/*
7911 	 * Set up the default maximum transfer size. Note that this may
7912 	 * get updated later in the attach, when setting up default wide
7913 	 * operations for disks.
7914 	 */
7915 #if defined(__i386) || defined(__amd64)
7916 	un->un_max_xfer_size = (uint_t)SD_DEFAULT_MAX_XFER_SIZE;
7917 #else
7918 	un->un_max_xfer_size = (uint_t)maxphys;
7919 #endif
7920 
7921 	/*
7922 	 * Get "allow bus device reset" property (defaults to "enabled" if
7923 	 * the property was not defined). This is to disable bus resets for
7924 	 * certain kinds of error recovery. Note: In the future when a run-time
7925 	 * fibre check is available the soft state flag should default to
7926 	 * enabled.
7927 	 */
7928 	if (un->un_f_is_fibre == TRUE) {
7929 		un->un_f_allow_bus_device_reset = TRUE;
7930 	} else {
7931 		if (ddi_getprop(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS,
7932 			"allow-bus-device-reset", 1) != 0) {
7933 			un->un_f_allow_bus_device_reset = TRUE;
7934 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7935 			"sd_unit_attach: un:0x%p Bus device reset enabled\n",
7936 				un);
7937 		} else {
7938 			un->un_f_allow_bus_device_reset = FALSE;
7939 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7940 			"sd_unit_attach: un:0x%p Bus device reset disabled\n",
7941 				un);
7942 		}
7943 	}
7944 
7945 	/*
7946 	 * Check if this is an ATAPI device. ATAPI devices use Group 1
7947 	 * Read/Write commands and Group 2 Mode Sense/Select commands.
7948 	 *
7949 	 * Note: The "obsolete" way of doing this is to check for the "atapi"
7950 	 * property. The new "variant" property with a value of "atapi" has been
7951 	 * introduced so that future 'variants' of standard SCSI behavior (like
7952 	 * atapi) could be specified by the underlying HBA drivers by supplying
7953 	 * a new value for the "variant" property, instead of having to define a
7954 	 * new property.
7955 	 */
7956 	if (ddi_prop_get_int(DDI_DEV_T_ANY, devi, 0, "atapi", -1) != -1) {
7957 		un->un_f_cfg_is_atapi = TRUE;
7958 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7959 		    "sd_unit_attach: un:0x%p Atapi device\n", un);
7960 	}
7961 	if (ddi_prop_lookup_string(DDI_DEV_T_ANY, devi, 0, "variant",
7962 	    &variantp) == DDI_PROP_SUCCESS) {
7963 		if (strcmp(variantp, "atapi") == 0) {
7964 			un->un_f_cfg_is_atapi = TRUE;
7965 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7966 			    "sd_unit_attach: un:0x%p Atapi device\n", un);
7967 		}
7968 		ddi_prop_free(variantp);
7969 	}
7970 
7971 	/*
7972 	 * Assume doorlock commands are supported. If not, the first
7973 	 * call to sd_send_scsi_DOORLOCK() will set to FALSE
7974 	 */
7975 	un->un_f_doorlock_supported = TRUE;
7976 
7977 	un->un_cmd_timeout	= SD_IO_TIME;
7978 
7979 	/* Info on current states, statuses, etc. (Updated frequently) */
7980 	un->un_state		= SD_STATE_NORMAL;
7981 	un->un_last_state	= SD_STATE_NORMAL;
7982 
7983 	/* Control & status info for command throttling */
7984 	un->un_throttle		= sd_max_throttle;
7985 	un->un_saved_throttle	= sd_max_throttle;
7986 	un->un_min_throttle	= sd_min_throttle;
7987 
7988 	if (un->un_f_is_fibre == TRUE) {
7989 		un->un_f_use_adaptive_throttle = TRUE;
7990 	} else {
7991 		un->un_f_use_adaptive_throttle = FALSE;
7992 	}
7993 
7994 	/* Removable media support. */
7995 	cv_init(&un->un_state_cv, NULL, CV_DRIVER, NULL);
7996 	un->un_mediastate		= DKIO_NONE;
7997 	un->un_specified_mediastate	= DKIO_NONE;
7998 
7999 	/* CVs for suspend/resume (PM or DR) */
8000 	cv_init(&un->un_suspend_cv,   NULL, CV_DRIVER, NULL);
8001 	cv_init(&un->un_disk_busy_cv, NULL, CV_DRIVER, NULL);
8002 
8003 	/* Power management support. */
8004 	un->un_power_level = SD_SPINDLE_UNINIT;
8005 
8006 	/*
8007 	 * The open/close semaphore is used to serialize threads executing
8008 	 * in the driver's open & close entry point routines for a given
8009 	 * instance.
8010 	 */
8011 	(void) sema_init(&un->un_semoclose, 1, NULL, SEMA_DRIVER, NULL);
8012 
8013 	/*
8014 	 * The conf file entry and softstate variable is a forceful override,
8015 	 * meaning a non-zero value must be entered to change the default.
8016 	 */
8017 	un->un_f_disksort_disabled = FALSE;
8018 
8019 	/*
8020 	 * Retrieve the properties from the static driver table or the driver
8021 	 * configuration file (.conf) for this unit and update the soft state
8022 	 * for the device as needed for the indicated properties.
8023 	 * Note: the property configuration needs to occur here as some of the
8024 	 * following routines may have dependancies on soft state flags set
8025 	 * as part of the driver property configuration.
8026 	 */
8027 	sd_read_unit_properties(un);
8028 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8029 	    "sd_unit_attach: un:0x%p property configuration complete.\n", un);
8030 
8031 	/*
8032 	 * By default, we mark the capacity, lbazize, and geometry
8033 	 * as invalid. Only if we successfully read a valid capacity
8034 	 * will we update the un_blockcount and un_tgt_blocksize with the
8035 	 * valid values (the geometry will be validated later).
8036 	 */
8037 	un->un_f_blockcount_is_valid	= FALSE;
8038 	un->un_f_tgt_blocksize_is_valid	= FALSE;
8039 	un->un_f_geometry_is_valid	= FALSE;
8040 
8041 	/*
8042 	 * Use DEV_BSIZE and DEV_BSHIFT as defaults, until we can determine
8043 	 * otherwise.
8044 	 */
8045 	un->un_tgt_blocksize  = un->un_sys_blocksize  = DEV_BSIZE;
8046 	un->un_blockcount = 0;
8047 
8048 	/*
8049 	 * Set up the per-instance info needed to determine the correct
8050 	 * CDBs and other info for issuing commands to the target.
8051 	 */
8052 	sd_init_cdb_limits(un);
8053 
8054 	/*
8055 	 * Set up the IO chains to use, based upon the target type.
8056 	 */
8057 	if (ISREMOVABLE(un)) {
8058 		un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA;
8059 	} else {
8060 		un->un_buf_chain_type = SD_CHAIN_INFO_DISK;
8061 	}
8062 	un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD;
8063 	un->un_direct_chain_type = SD_CHAIN_INFO_DIRECT_CMD;
8064 	un->un_priority_chain_type = SD_CHAIN_INFO_PRIORITY_CMD;
8065 
8066 	un->un_xbuf_attr = ddi_xbuf_attr_create(sizeof (struct sd_xbuf),
8067 	    sd_xbuf_strategy, un, sd_xbuf_active_limit,  sd_xbuf_reserve_limit,
8068 	    ddi_driver_major(devi), DDI_XBUF_QTHREAD_DRIVER);
8069 	ddi_xbuf_attr_register_devinfo(un->un_xbuf_attr, devi);
8070 
8071 
8072 	if (ISCD(un)) {
8073 		un->un_additional_codes = sd_additional_codes;
8074 	} else {
8075 		un->un_additional_codes = NULL;
8076 	}
8077 
8078 	/*
8079 	 * Create the kstats here so they can be available for attach-time
8080 	 * routines that send commands to the unit (either polled or via
8081 	 * sd_send_scsi_cmd).
8082 	 *
8083 	 * Note: This is a critical sequence that needs to be maintained:
8084 	 *	1) Instantiate the kstats here, before any routines using the
8085 	 *	   iopath (i.e. sd_send_scsi_cmd).
8086 	 *	2) Initialize the error stats (sd_set_errstats) and partition
8087 	 *	   stats (sd_set_pstats), following sd_validate_geometry(),
8088 	 *	   sd_register_devid(), and sd_disable_caching().
8089 	 */
8090 
8091 	un->un_stats = kstat_create(sd_label, instance,
8092 	    NULL, "disk", KSTAT_TYPE_IO, 1, KSTAT_FLAG_PERSISTENT);
8093 	if (un->un_stats != NULL) {
8094 		un->un_stats->ks_lock = SD_MUTEX(un);
8095 		kstat_install(un->un_stats);
8096 	}
8097 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8098 	    "sd_unit_attach: un:0x%p un_stats created\n", un);
8099 
8100 	sd_create_errstats(un, instance);
8101 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8102 	    "sd_unit_attach: un:0x%p errstats created\n", un);
8103 
8104 	/*
8105 	 * The following if/else code was relocated here from below as part
8106 	 * of the fix for bug (4430280). However with the default setup added
8107 	 * on entry to this routine, it's no longer absolutely necessary for
8108 	 * this to be before the call to sd_spin_up_unit.
8109 	 */
8110 	if (SD_IS_PARALLEL_SCSI(un)) {
8111 		/*
8112 		 * If SCSI-2 tagged queueing is supported by the target
8113 		 * and by the host adapter then we will enable it.
8114 		 */
8115 		un->un_tagflags = 0;
8116 		if ((devp->sd_inq->inq_rdf == RDF_SCSI2) &&
8117 		    (devp->sd_inq->inq_cmdque) &&
8118 		    (un->un_f_arq_enabled == TRUE)) {
8119 			if (scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing",
8120 			    1, 1) == 1) {
8121 				un->un_tagflags = FLAG_STAG;
8122 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8123 				    "sd_unit_attach: un:0x%p tag queueing "
8124 				    "enabled\n", un);
8125 			} else if (scsi_ifgetcap(SD_ADDRESS(un),
8126 			    "untagged-qing", 0) == 1) {
8127 				un->un_f_opt_queueing = TRUE;
8128 				un->un_saved_throttle = un->un_throttle =
8129 				    min(un->un_throttle, 3);
8130 			} else {
8131 				un->un_f_opt_queueing = FALSE;
8132 				un->un_saved_throttle = un->un_throttle = 1;
8133 			}
8134 		} else if ((scsi_ifgetcap(SD_ADDRESS(un), "untagged-qing", 0)
8135 		    == 1) && (un->un_f_arq_enabled == TRUE)) {
8136 			/* The Host Adapter supports internal queueing. */
8137 			un->un_f_opt_queueing = TRUE;
8138 			un->un_saved_throttle = un->un_throttle =
8139 			    min(un->un_throttle, 3);
8140 		} else {
8141 			un->un_f_opt_queueing = FALSE;
8142 			un->un_saved_throttle = un->un_throttle = 1;
8143 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8144 			    "sd_unit_attach: un:0x%p no tag queueing\n", un);
8145 		}
8146 
8147 
8148 		/* Setup or tear down default wide operations for disks */
8149 
8150 		/*
8151 		 * Note: Legacy: it may be possible for both "sd_max_xfer_size"
8152 		 * and "ssd_max_xfer_size" to exist simultaneously on the same
8153 		 * system and be set to different values. In the future this
8154 		 * code may need to be updated when the ssd module is
8155 		 * obsoleted and removed from the system. (4299588)
8156 		 */
8157 		if ((devp->sd_inq->inq_rdf == RDF_SCSI2) &&
8158 		    (devp->sd_inq->inq_wbus16 || devp->sd_inq->inq_wbus32)) {
8159 			if (scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer",
8160 			    1, 1) == 1) {
8161 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8162 				    "sd_unit_attach: un:0x%p Wide Transfer "
8163 				    "enabled\n", un);
8164 			}
8165 
8166 			/*
8167 			 * If tagged queuing has also been enabled, then
8168 			 * enable large xfers
8169 			 */
8170 			if (un->un_saved_throttle == sd_max_throttle) {
8171 				un->un_max_xfer_size =
8172 				    ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8173 				    sd_max_xfer_size, SD_MAX_XFER_SIZE);
8174 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8175 				    "sd_unit_attach: un:0x%p max transfer "
8176 				    "size=0x%x\n", un, un->un_max_xfer_size);
8177 			}
8178 		} else {
8179 			if (scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer",
8180 			    0, 1) == 1) {
8181 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8182 				    "sd_unit_attach: un:0x%p "
8183 				    "Wide Transfer disabled\n", un);
8184 			}
8185 		}
8186 	} else {
8187 		un->un_tagflags = FLAG_STAG;
8188 		un->un_max_xfer_size = ddi_getprop(DDI_DEV_T_ANY,
8189 		    devi, 0, sd_max_xfer_size, SD_MAX_XFER_SIZE);
8190 	}
8191 
8192 	/*
8193 	 * If this target supports LUN reset, try to enable it.
8194 	 */
8195 	if (un->un_f_lun_reset_enabled) {
8196 		if (scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 1, 1) == 1) {
8197 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_unit_attach: "
8198 			    "un:0x%p lun_reset capability set\n", un);
8199 		} else {
8200 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_unit_attach: "
8201 			    "un:0x%p lun-reset capability not set\n", un);
8202 		}
8203 	}
8204 
8205 	/*
8206 	 * At this point in the attach, we have enough info in the
8207 	 * soft state to be able to issue commands to the target.
8208 	 *
8209 	 * All command paths used below MUST issue their commands as
8210 	 * SD_PATH_DIRECT. This is important as intermediate layers
8211 	 * are not all initialized yet (such as PM).
8212 	 */
8213 
8214 	/*
8215 	 * Send a TEST UNIT READY command to the device. This should clear
8216 	 * any outstanding UNIT ATTENTION that may be present.
8217 	 *
8218 	 * Note: Don't check for success, just track if there is a reservation,
8219 	 * this is a throw away command to clear any unit attentions.
8220 	 *
8221 	 * Note: This MUST be the first command issued to the target during
8222 	 * attach to ensure power on UNIT ATTENTIONS are cleared.
8223 	 * Pass in flag SD_DONT_RETRY_TUR to prevent the long delays associated
8224 	 * with attempts at spinning up a device with no media.
8225 	 */
8226 	if (sd_send_scsi_TEST_UNIT_READY(un, SD_DONT_RETRY_TUR) == EACCES) {
8227 		reservation_flag = SD_TARGET_IS_RESERVED;
8228 	}
8229 
8230 	/*
8231 	 * If the device is NOT a removable media device, attempt to spin
8232 	 * it up (using the START_STOP_UNIT command) and read its capacity
8233 	 * (using the READ CAPACITY command).  Note, however, that either
8234 	 * of these could fail and in some cases we would continue with
8235 	 * the attach despite the failure (see below).
8236 	 */
8237 	if (devp->sd_inq->inq_dtype == DTYPE_DIRECT && !ISREMOVABLE(un)) {
8238 		switch (sd_spin_up_unit(un)) {
8239 		case 0:
8240 			/*
8241 			 * Spin-up was successful; now try to read the
8242 			 * capacity.  If successful then save the results
8243 			 * and mark the capacity & lbasize as valid.
8244 			 */
8245 			SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8246 			    "sd_unit_attach: un:0x%p spin-up successful\n", un);
8247 
8248 			switch (sd_send_scsi_READ_CAPACITY(un, &capacity,
8249 			    &lbasize, SD_PATH_DIRECT)) {
8250 			case 0: {
8251 				if (capacity > DK_MAX_BLOCKS) {
8252 #ifdef _LP64
8253 					/*
8254 					 * Enable descriptor format sense data
8255 					 * so that we can get 64 bit sense
8256 					 * data fields.
8257 					 */
8258 					sd_enable_descr_sense(un);
8259 #else
8260 					/* 32-bit kernels can't handle this */
8261 					scsi_log(SD_DEVINFO(un),
8262 					    sd_label, CE_WARN,
8263 					    "disk has %llu blocks, which "
8264 					    "is too large for a 32-bit "
8265 					    "kernel", capacity);
8266 					goto spinup_failed;
8267 #endif
8268 				}
8269 				/*
8270 				 * The following relies on
8271 				 * sd_send_scsi_READ_CAPACITY never
8272 				 * returning 0 for capacity and/or lbasize.
8273 				 */
8274 				sd_update_block_info(un, lbasize, capacity);
8275 
8276 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8277 				    "sd_unit_attach: un:0x%p capacity = %ld "
8278 				    "blocks; lbasize= %ld.\n", un,
8279 				    un->un_blockcount, un->un_tgt_blocksize);
8280 
8281 				break;
8282 			}
8283 			case EACCES:
8284 				/*
8285 				 * Should never get here if the spin-up
8286 				 * succeeded, but code it in anyway.
8287 				 * From here, just continue with the attach...
8288 				 */
8289 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8290 				    "sd_unit_attach: un:0x%p "
8291 				    "sd_send_scsi_READ_CAPACITY "
8292 				    "returned reservation conflict\n", un);
8293 				reservation_flag = SD_TARGET_IS_RESERVED;
8294 				break;
8295 			default:
8296 				/*
8297 				 * Likewise, should never get here if the
8298 				 * spin-up succeeded. Just continue with
8299 				 * the attach...
8300 				 */
8301 				break;
8302 			}
8303 			break;
8304 		case EACCES:
8305 			/*
8306 			 * Device is reserved by another host.  In this case
8307 			 * we could not spin it up or read the capacity, but
8308 			 * we continue with the attach anyway.
8309 			 */
8310 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8311 			    "sd_unit_attach: un:0x%p spin-up reservation "
8312 			    "conflict.\n", un);
8313 			reservation_flag = SD_TARGET_IS_RESERVED;
8314 			break;
8315 		default:
8316 			/* Fail the attach if the spin-up failed. */
8317 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8318 			    "sd_unit_attach: un:0x%p spin-up failed.", un);
8319 			goto spinup_failed;
8320 		}
8321 	}
8322 
8323 	/*
8324 	 * Check to see if this is a MMC drive
8325 	 */
8326 	if (ISCD(un)) {
8327 		sd_set_mmc_caps(un);
8328 	}
8329 
8330 	/*
8331 	 * Create the minor nodes for the device.
8332 	 * Note: If we want to support fdisk on both sparc and intel, this will
8333 	 * have to separate out the notion that VTOC8 is always sparc, and
8334 	 * VTOC16 is always intel (tho these can be the defaults).  The vtoc
8335 	 * type will have to be determined at run-time, and the fdisk
8336 	 * partitioning will have to have been read & set up before we
8337 	 * create the minor nodes. (any other inits (such as kstats) that
8338 	 * also ought to be done before creating the minor nodes?) (Doesn't
8339 	 * setting up the minor nodes kind of imply that we're ready to
8340 	 * handle an open from userland?)
8341 	 */
8342 	if (sd_create_minor_nodes(un, devi) != DDI_SUCCESS) {
8343 		goto create_minor_nodes_failed;
8344 	}
8345 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8346 	    "sd_unit_attach: un:0x%p minor nodes created\n", un);
8347 
8348 	/*
8349 	 * Add a zero-length attribute to tell the world we support
8350 	 * kernel ioctls (for layered drivers)
8351 	 */
8352 	(void) ddi_prop_create(DDI_DEV_T_NONE, devi, DDI_PROP_CANSLEEP,
8353 	    DDI_KERNEL_IOCTL, NULL, 0);
8354 
8355 	/*
8356 	 * Add a boolean property to tell the world we support
8357 	 * the B_FAILFAST flag (for layered drivers)
8358 	 */
8359 	(void) ddi_prop_create(DDI_DEV_T_NONE, devi, DDI_PROP_CANSLEEP,
8360 	    "ddi-failfast-supported", NULL, 0);
8361 
8362 	/*
8363 	 * Initialize power management
8364 	 */
8365 	mutex_init(&un->un_pm_mutex, NULL, MUTEX_DRIVER, NULL);
8366 	cv_init(&un->un_pm_busy_cv, NULL, CV_DRIVER, NULL);
8367 	sd_setup_pm(un, devi);
8368 	if (un->un_f_pm_is_enabled == FALSE) {
8369 		/*
8370 		 * For performance, point to a jump table that does
8371 		 * not include pm.
8372 		 * The direct and priority chains don't change with PM.
8373 		 *
8374 		 * Note: this is currently done based on individual device
8375 		 * capabilities. When an interface for determining system
8376 		 * power enabled state becomes available, or when additional
8377 		 * layers are added to the command chain, these values will
8378 		 * have to be re-evaluated for correctness.
8379 		 */
8380 		if (ISREMOVABLE(un)) {
8381 			un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA_NO_PM;
8382 		} else {
8383 			un->un_buf_chain_type = SD_CHAIN_INFO_DISK_NO_PM;
8384 		}
8385 		un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD_NO_PM;
8386 	}
8387 
8388 	/*
8389 	 * This property is set to 0 by HA software to avoid retries
8390 	 * on a reserved disk. (The preferred property name is
8391 	 * "retry-on-reservation-conflict") (1189689)
8392 	 *
8393 	 * Note: The use of a global here can have unintended consequences. A
8394 	 * per instance variable is preferrable to match the capabilities of
8395 	 * different underlying hba's (4402600)
8396 	 */
8397 	sd_retry_on_reservation_conflict = ddi_getprop(DDI_DEV_T_ANY, devi,
8398 	    DDI_PROP_DONTPASS, "retry-on-reservation-conflict",
8399 	    sd_retry_on_reservation_conflict);
8400 	if (sd_retry_on_reservation_conflict != 0) {
8401 		sd_retry_on_reservation_conflict = ddi_getprop(DDI_DEV_T_ANY,
8402 		    devi, DDI_PROP_DONTPASS, sd_resv_conflict_name,
8403 		    sd_retry_on_reservation_conflict);
8404 	}
8405 
8406 	/* Set up options for QFULL handling. */
8407 	if ((rval = ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8408 	    "qfull-retries", -1)) != -1) {
8409 		(void) scsi_ifsetcap(SD_ADDRESS(un), "qfull-retries",
8410 		    rval, 1);
8411 	}
8412 	if ((rval = ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8413 	    "qfull-retry-interval", -1)) != -1) {
8414 		(void) scsi_ifsetcap(SD_ADDRESS(un), "qfull-retry-interval",
8415 		    rval, 1);
8416 	}
8417 
8418 	/*
8419 	 * This just prints a message that announces the existence of the
8420 	 * device. The message is always printed in the system logfile, but
8421 	 * only appears on the console if the system is booted with the
8422 	 * -v (verbose) argument.
8423 	 */
8424 	ddi_report_dev(devi);
8425 
8426 	/*
8427 	 * The framework calls driver attach routines single-threaded
8428 	 * for a given instance.  However we still acquire SD_MUTEX here
8429 	 * because this required for calling the sd_validate_geometry()
8430 	 * and sd_register_devid() functions.
8431 	 */
8432 	mutex_enter(SD_MUTEX(un));
8433 	un->un_f_geometry_is_valid = FALSE;
8434 	un->un_mediastate = DKIO_NONE;
8435 	un->un_reserved = -1;
8436 	if (!ISREMOVABLE(un)) {
8437 		/*
8438 		 * Read and validate the device's geometry (ie, disk label)
8439 		 * A new unformatted drive will not have a valid geometry, but
8440 		 * the driver needs to successfully attach to this device so
8441 		 * the drive can be formatted via ioctls.
8442 		 */
8443 		if (((sd_validate_geometry(un, SD_PATH_DIRECT) ==
8444 		    ENOTSUP)) &&
8445 		    (un->un_blockcount < DK_MAX_BLOCKS)) {
8446 			/*
8447 			 * We found a small disk with an EFI label on it;
8448 			 * we need to fix up the minor nodes accordingly.
8449 			 */
8450 			ddi_remove_minor_node(devi, "h");
8451 			ddi_remove_minor_node(devi, "h,raw");
8452 			(void) ddi_create_minor_node(devi, "wd",
8453 			    S_IFBLK,
8454 			    (instance << SDUNIT_SHIFT) | WD_NODE,
8455 			    un->un_node_type, NULL);
8456 			(void) ddi_create_minor_node(devi, "wd,raw",
8457 			    S_IFCHR,
8458 			    (instance << SDUNIT_SHIFT) | WD_NODE,
8459 			    un->un_node_type, NULL);
8460 		}
8461 	}
8462 
8463 	/*
8464 	 * Read and initialize the devid for the unit.
8465 	 */
8466 	ASSERT(un->un_errstats != NULL);
8467 	if (!ISREMOVABLE(un)) {
8468 		sd_register_devid(un, devi, reservation_flag);
8469 	}
8470 	mutex_exit(SD_MUTEX(un));
8471 
8472 #if (defined(__fibre))
8473 	/*
8474 	 * Register callbacks for fibre only.  You can't do this soley
8475 	 * on the basis of the devid_type because this is hba specific.
8476 	 * We need to query our hba capabilities to find out whether to
8477 	 * register or not.
8478 	 */
8479 	if (un->un_f_is_fibre) {
8480 	    if (strcmp(un->un_node_type, DDI_NT_BLOCK_CHAN)) {
8481 		sd_init_event_callbacks(un);
8482 		SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8483 		    "sd_unit_attach: un:0x%p event callbacks inserted", un);
8484 	    }
8485 	}
8486 #endif
8487 
8488 	if (un->un_f_opt_disable_cache == TRUE) {
8489 		if (sd_disable_caching(un) != 0) {
8490 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8491 			    "sd_unit_attach: un:0x%p Could not disable "
8492 			    "caching", un);
8493 			goto devid_failed;
8494 		}
8495 	}
8496 
8497 	/*
8498 	 * NOTE: Since there is currently no mechanism to
8499 	 * change the state of the Write Cache Enable mode select,
8500 	 * this code just checks the value of the WCE bit
8501 	 * at device attach time.  If a mechanism
8502 	 * is added to the driver to change WCE, un_f_write_cache_enabled
8503 	 * must be updated appropriately.
8504 	 */
8505 	(void) sd_get_write_cache_enabled(un, &wc_enabled);
8506 	mutex_enter(SD_MUTEX(un));
8507 	un->un_f_write_cache_enabled = (wc_enabled != 0);
8508 	mutex_exit(SD_MUTEX(un));
8509 
8510 	/*
8511 	 * Set the pstat and error stat values here, so data obtained during the
8512 	 * previous attach-time routines is available.
8513 	 *
8514 	 * Note: This is a critical sequence that needs to be maintained:
8515 	 *	1) Instantiate the kstats before any routines using the iopath
8516 	 *	   (i.e. sd_send_scsi_cmd).
8517 	 *	2) Initialize the error stats (sd_set_errstats) and partition
8518 	 *	   stats (sd_set_pstats)here, following sd_validate_geometry(),
8519 	 *	   sd_register_devid(), and sd_disable_caching().
8520 	 */
8521 	if (!ISREMOVABLE(un) && (un->un_f_pkstats_enabled == TRUE)) {
8522 		sd_set_pstats(un);
8523 		SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8524 		    "sd_unit_attach: un:0x%p pstats created and set\n", un);
8525 	}
8526 
8527 	sd_set_errstats(un);
8528 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8529 	    "sd_unit_attach: un:0x%p errstats set\n", un);
8530 
8531 	/*
8532 	 * Find out what type of reservation this disk supports.
8533 	 */
8534 	switch (sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_KEYS, 0, NULL)) {
8535 	case 0:
8536 		/*
8537 		 * SCSI-3 reservations are supported.
8538 		 */
8539 		un->un_reservation_type = SD_SCSI3_RESERVATION;
8540 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8541 		    "sd_unit_attach: un:0x%p SCSI-3 reservations\n", un);
8542 		break;
8543 	case ENOTSUP:
8544 		/*
8545 		 * The PERSISTENT RESERVE IN command would not be recognized by
8546 		 * a SCSI-2 device, so assume the reservation type is SCSI-2.
8547 		 */
8548 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8549 		    "sd_unit_attach: un:0x%p SCSI-2 reservations\n", un);
8550 		un->un_reservation_type = SD_SCSI2_RESERVATION;
8551 		break;
8552 	default:
8553 		/*
8554 		 * default to SCSI-3 reservations
8555 		 */
8556 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8557 		    "sd_unit_attach: un:0x%p default SCSI3 reservations\n", un);
8558 		un->un_reservation_type = SD_SCSI3_RESERVATION;
8559 		break;
8560 	}
8561 
8562 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8563 	    "sd_unit_attach: un:0x%p exit success\n", un);
8564 
8565 	return (DDI_SUCCESS);
8566 
8567 	/*
8568 	 * An error occurred during the attach; clean up & return failure.
8569 	 */
8570 
8571 devid_failed:
8572 
8573 setup_pm_failed:
8574 	ddi_remove_minor_node(devi, NULL);
8575 
8576 create_minor_nodes_failed:
8577 	/*
8578 	 * Cleanup from the scsi_ifsetcap() calls (437868)
8579 	 */
8580 	(void) scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 0, 1);
8581 	(void) scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer", 0, 1);
8582 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
8583 
8584 	if (un->un_f_is_fibre == FALSE) {
8585 	    (void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 0, 1);
8586 	}
8587 
8588 spinup_failed:
8589 
8590 	mutex_enter(SD_MUTEX(un));
8591 
8592 	/* Cancel callback for SD_PATH_DIRECT_PRIORITY cmd. restart */
8593 	if (un->un_direct_priority_timeid != NULL) {
8594 		timeout_id_t temp_id = un->un_direct_priority_timeid;
8595 		un->un_direct_priority_timeid = NULL;
8596 		mutex_exit(SD_MUTEX(un));
8597 		(void) untimeout(temp_id);
8598 		mutex_enter(SD_MUTEX(un));
8599 	}
8600 
8601 	/* Cancel any pending start/stop timeouts */
8602 	if (un->un_startstop_timeid != NULL) {
8603 		timeout_id_t temp_id = un->un_startstop_timeid;
8604 		un->un_startstop_timeid = NULL;
8605 		mutex_exit(SD_MUTEX(un));
8606 		(void) untimeout(temp_id);
8607 		mutex_enter(SD_MUTEX(un));
8608 	}
8609 
8610 	/* Cancel any pending reset-throttle timeouts */
8611 	if (un->un_reset_throttle_timeid != NULL) {
8612 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
8613 		un->un_reset_throttle_timeid = NULL;
8614 		mutex_exit(SD_MUTEX(un));
8615 		(void) untimeout(temp_id);
8616 		mutex_enter(SD_MUTEX(un));
8617 	}
8618 
8619 	/* Cancel any pending retry timeouts */
8620 	if (un->un_retry_timeid != NULL) {
8621 		timeout_id_t temp_id = un->un_retry_timeid;
8622 		un->un_retry_timeid = NULL;
8623 		mutex_exit(SD_MUTEX(un));
8624 		(void) untimeout(temp_id);
8625 		mutex_enter(SD_MUTEX(un));
8626 	}
8627 
8628 	/* Cancel any pending delayed cv broadcast timeouts */
8629 	if (un->un_dcvb_timeid != NULL) {
8630 		timeout_id_t temp_id = un->un_dcvb_timeid;
8631 		un->un_dcvb_timeid = NULL;
8632 		mutex_exit(SD_MUTEX(un));
8633 		(void) untimeout(temp_id);
8634 		mutex_enter(SD_MUTEX(un));
8635 	}
8636 
8637 	mutex_exit(SD_MUTEX(un));
8638 
8639 	/* There should not be any in-progress I/O so ASSERT this check */
8640 	ASSERT(un->un_ncmds_in_transport == 0);
8641 	ASSERT(un->un_ncmds_in_driver == 0);
8642 
8643 	/* Do not free the softstate if the callback routine is active */
8644 	sd_sync_with_callback(un);
8645 
8646 	/*
8647 	 * Partition stats apparently are not used with removables. These would
8648 	 * not have been created during attach, so no need to clean them up...
8649 	 */
8650 	if (un->un_stats != NULL) {
8651 		kstat_delete(un->un_stats);
8652 		un->un_stats = NULL;
8653 	}
8654 	if (un->un_errstats != NULL) {
8655 		kstat_delete(un->un_errstats);
8656 		un->un_errstats = NULL;
8657 	}
8658 
8659 	ddi_xbuf_attr_unregister_devinfo(un->un_xbuf_attr, devi);
8660 	ddi_xbuf_attr_destroy(un->un_xbuf_attr);
8661 
8662 	ddi_prop_remove_all(devi);
8663 	sema_destroy(&un->un_semoclose);
8664 	cv_destroy(&un->un_state_cv);
8665 
8666 getrbuf_failed:
8667 
8668 	sd_free_rqs(un);
8669 
8670 alloc_rqs_failed:
8671 
8672 	devp->sd_private = NULL;
8673 	bzero(un, sizeof (struct sd_lun));	/* Clear any stale data! */
8674 
8675 get_softstate_failed:
8676 	/*
8677 	 * Note: the man pages are unclear as to whether or not doing a
8678 	 * ddi_soft_state_free(sd_state, instance) is the right way to
8679 	 * clean up after the ddi_soft_state_zalloc() if the subsequent
8680 	 * ddi_get_soft_state() fails.  The implication seems to be
8681 	 * that the get_soft_state cannot fail if the zalloc succeeds.
8682 	 */
8683 	ddi_soft_state_free(sd_state, instance);
8684 
8685 probe_failed:
8686 	scsi_unprobe(devp);
8687 #ifdef SDDEBUG
8688 	if ((sd_component_mask & SD_LOG_ATTACH_DETACH) &&
8689 	    (sd_level_mask & SD_LOGMASK_TRACE)) {
8690 		cmn_err(CE_CONT, "sd_unit_attach: un:0x%p exit failure\n",
8691 		    (void *)un);
8692 	}
8693 #endif
8694 	return (DDI_FAILURE);
8695 }
8696 
8697 
8698 /*
8699  *    Function: sd_unit_detach
8700  *
8701  * Description: Performs DDI_DETACH processing for sddetach().
8702  *
8703  * Return Code: DDI_SUCCESS
8704  *		DDI_FAILURE
8705  *
8706  *     Context: Kernel thread context
8707  */
8708 
8709 static int
8710 sd_unit_detach(dev_info_t *devi)
8711 {
8712 	struct scsi_device	*devp;
8713 	struct sd_lun		*un;
8714 	int			i;
8715 	dev_t			dev;
8716 #if !(defined(__i386) || defined(__amd64)) && !defined(__fibre)
8717 	int			reset_retval;
8718 #endif
8719 	int			instance = ddi_get_instance(devi);
8720 
8721 	mutex_enter(&sd_detach_mutex);
8722 
8723 	/*
8724 	 * Fail the detach for any of the following:
8725 	 *  - Unable to get the sd_lun struct for the instance
8726 	 *  - A layered driver has an outstanding open on the instance
8727 	 *  - Another thread is already detaching this instance
8728 	 *  - Another thread is currently performing an open
8729 	 */
8730 	devp = ddi_get_driver_private(devi);
8731 	if ((devp == NULL) ||
8732 	    ((un = (struct sd_lun *)devp->sd_private) == NULL) ||
8733 	    (un->un_ncmds_in_driver != 0) || (un->un_layer_count != 0) ||
8734 	    (un->un_detach_count != 0) || (un->un_opens_in_progress != 0)) {
8735 		mutex_exit(&sd_detach_mutex);
8736 		return (DDI_FAILURE);
8737 	}
8738 
8739 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_unit_detach: entry 0x%p\n", un);
8740 
8741 	/*
8742 	 * Mark this instance as currently in a detach, to inhibit any
8743 	 * opens from a layered driver.
8744 	 */
8745 	un->un_detach_count++;
8746 	mutex_exit(&sd_detach_mutex);
8747 
8748 	dev = sd_make_device(SD_DEVINFO(un));
8749 
8750 	_NOTE(COMPETING_THREADS_NOW);
8751 
8752 	mutex_enter(SD_MUTEX(un));
8753 
8754 	/*
8755 	 * Fail the detach if there are any outstanding layered
8756 	 * opens on this device.
8757 	 */
8758 	for (i = 0; i < NDKMAP; i++) {
8759 		if (un->un_ocmap.lyropen[i] != 0) {
8760 			goto err_notclosed;
8761 		}
8762 	}
8763 
8764 	/*
8765 	 * Verify there are NO outstanding commands issued to this device.
8766 	 * ie, un_ncmds_in_transport == 0.
8767 	 * It's possible to have outstanding commands through the physio
8768 	 * code path, even though everything's closed.
8769 	 */
8770 	if ((un->un_ncmds_in_transport != 0) || (un->un_retry_timeid != NULL) ||
8771 	    (un->un_direct_priority_timeid != NULL) ||
8772 	    (un->un_state == SD_STATE_RWAIT)) {
8773 		mutex_exit(SD_MUTEX(un));
8774 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8775 		    "sd_dr_detach: Detach failure due to outstanding cmds\n");
8776 		goto err_stillbusy;
8777 	}
8778 
8779 	/*
8780 	 * If we have the device reserved, release the reservation.
8781 	 */
8782 	if ((un->un_resvd_status & SD_RESERVE) &&
8783 	    !(un->un_resvd_status & SD_LOST_RESERVE)) {
8784 		mutex_exit(SD_MUTEX(un));
8785 		/*
8786 		 * Note: sd_reserve_release sends a command to the device
8787 		 * via the sd_ioctlcmd() path, and can sleep.
8788 		 */
8789 		if (sd_reserve_release(dev, SD_RELEASE) != 0) {
8790 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8791 			    "sd_dr_detach: Cannot release reservation \n");
8792 		}
8793 	} else {
8794 		mutex_exit(SD_MUTEX(un));
8795 	}
8796 
8797 	/*
8798 	 * Untimeout any reserve recover, throttle reset, restart unit
8799 	 * and delayed broadcast timeout threads. Protect the timeout pointer
8800 	 * from getting nulled by their callback functions.
8801 	 */
8802 	mutex_enter(SD_MUTEX(un));
8803 	if (un->un_resvd_timeid != NULL) {
8804 		timeout_id_t temp_id = un->un_resvd_timeid;
8805 		un->un_resvd_timeid = NULL;
8806 		mutex_exit(SD_MUTEX(un));
8807 		(void) untimeout(temp_id);
8808 		mutex_enter(SD_MUTEX(un));
8809 	}
8810 
8811 	if (un->un_reset_throttle_timeid != NULL) {
8812 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
8813 		un->un_reset_throttle_timeid = NULL;
8814 		mutex_exit(SD_MUTEX(un));
8815 		(void) untimeout(temp_id);
8816 		mutex_enter(SD_MUTEX(un));
8817 	}
8818 
8819 	if (un->un_startstop_timeid != NULL) {
8820 		timeout_id_t temp_id = un->un_startstop_timeid;
8821 		un->un_startstop_timeid = NULL;
8822 		mutex_exit(SD_MUTEX(un));
8823 		(void) untimeout(temp_id);
8824 		mutex_enter(SD_MUTEX(un));
8825 	}
8826 
8827 	if (un->un_dcvb_timeid != NULL) {
8828 		timeout_id_t temp_id = un->un_dcvb_timeid;
8829 		un->un_dcvb_timeid = NULL;
8830 		mutex_exit(SD_MUTEX(un));
8831 		(void) untimeout(temp_id);
8832 	} else {
8833 		mutex_exit(SD_MUTEX(un));
8834 	}
8835 
8836 	/* Remove any pending reservation reclaim requests for this device */
8837 	sd_rmv_resv_reclaim_req(dev);
8838 
8839 	mutex_enter(SD_MUTEX(un));
8840 
8841 	/* Cancel any pending callbacks for SD_PATH_DIRECT_PRIORITY cmd. */
8842 	if (un->un_direct_priority_timeid != NULL) {
8843 		timeout_id_t temp_id = un->un_direct_priority_timeid;
8844 		un->un_direct_priority_timeid = NULL;
8845 		mutex_exit(SD_MUTEX(un));
8846 		(void) untimeout(temp_id);
8847 		mutex_enter(SD_MUTEX(un));
8848 	}
8849 
8850 	/* Cancel any active multi-host disk watch thread requests */
8851 	if (un->un_mhd_token != NULL) {
8852 		mutex_exit(SD_MUTEX(un));
8853 		 _NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_mhd_token));
8854 		if (scsi_watch_request_terminate(un->un_mhd_token,
8855 		    SCSI_WATCH_TERMINATE_NOWAIT)) {
8856 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8857 			    "sd_dr_detach: Cannot cancel mhd watch request\n");
8858 			/*
8859 			 * Note: We are returning here after having removed
8860 			 * some driver timeouts above. This is consistent with
8861 			 * the legacy implementation but perhaps the watch
8862 			 * terminate call should be made with the wait flag set.
8863 			 */
8864 			goto err_stillbusy;
8865 		}
8866 		mutex_enter(SD_MUTEX(un));
8867 		un->un_mhd_token = NULL;
8868 	}
8869 
8870 	if (un->un_swr_token != NULL) {
8871 		mutex_exit(SD_MUTEX(un));
8872 		_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_swr_token));
8873 		if (scsi_watch_request_terminate(un->un_swr_token,
8874 		    SCSI_WATCH_TERMINATE_NOWAIT)) {
8875 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8876 			    "sd_dr_detach: Cannot cancel swr watch request\n");
8877 			/*
8878 			 * Note: We are returning here after having removed
8879 			 * some driver timeouts above. This is consistent with
8880 			 * the legacy implementation but perhaps the watch
8881 			 * terminate call should be made with the wait flag set.
8882 			 */
8883 			goto err_stillbusy;
8884 		}
8885 		mutex_enter(SD_MUTEX(un));
8886 		un->un_swr_token = NULL;
8887 	}
8888 
8889 	mutex_exit(SD_MUTEX(un));
8890 
8891 	/*
8892 	 * Clear any scsi_reset_notifies. We clear the reset notifies
8893 	 * if we have not registered one.
8894 	 * Note: The sd_mhd_reset_notify_cb() fn tries to acquire SD_MUTEX!
8895 	 */
8896 	(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_CANCEL,
8897 	    sd_mhd_reset_notify_cb, (caddr_t)un);
8898 
8899 
8900 
8901 #if defined(__i386) || defined(__amd64)
8902 	/*
8903 	 * Gratuitous bus resets sometimes cause an otherwise
8904 	 * okay ATA/ATAPI bus to hang. This is due the lack of
8905 	 * a clear spec of how resets should be implemented by ATA
8906 	 * disk drives.
8907 	 */
8908 #elif !defined(__fibre)		/* "#else if" does NOT work! */
8909 	/*
8910 	 * Reset target/bus.
8911 	 *
8912 	 * Note: This is a legacy workaround for Elite III dual-port drives that
8913 	 * will not come online after an aborted detach and subsequent re-attach
8914 	 * It should be removed when the Elite III FW is fixed, or the drives
8915 	 * are no longer supported.
8916 	 */
8917 	if (un->un_f_cfg_is_atapi == FALSE) {
8918 		reset_retval = 0;
8919 
8920 		/* If the device is in low power mode don't reset it */
8921 
8922 		mutex_enter(&un->un_pm_mutex);
8923 		if (!SD_DEVICE_IS_IN_LOW_POWER(un)) {
8924 			/*
8925 			 * First try a LUN reset if we can, then move on to a
8926 			 * target reset if needed; swat the bus as a last
8927 			 * resort.
8928 			 */
8929 			mutex_exit(&un->un_pm_mutex);
8930 			if (un->un_f_allow_bus_device_reset == TRUE) {
8931 				if (un->un_f_lun_reset_enabled == TRUE) {
8932 					reset_retval =
8933 					    scsi_reset(SD_ADDRESS(un),
8934 					    RESET_LUN);
8935 				}
8936 				if (reset_retval == 0) {
8937 					reset_retval =
8938 					    scsi_reset(SD_ADDRESS(un),
8939 					    RESET_TARGET);
8940 				}
8941 			}
8942 			if (reset_retval == 0) {
8943 				(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
8944 			}
8945 		} else {
8946 			mutex_exit(&un->un_pm_mutex);
8947 		}
8948 	}
8949 #endif
8950 
8951 	/*
8952 	 * protect the timeout pointers from getting nulled by
8953 	 * their callback functions during the cancellation process.
8954 	 * In such a scenario untimeout can be invoked with a null value.
8955 	 */
8956 	_NOTE(NO_COMPETING_THREADS_NOW);
8957 
8958 	mutex_enter(&un->un_pm_mutex);
8959 	if (un->un_pm_idle_timeid != NULL) {
8960 		timeout_id_t temp_id = un->un_pm_idle_timeid;
8961 		un->un_pm_idle_timeid = NULL;
8962 		mutex_exit(&un->un_pm_mutex);
8963 
8964 		/*
8965 		 * Timeout is active; cancel it.
8966 		 * Note that it'll never be active on a device
8967 		 * that does not support PM therefore we don't
8968 		 * have to check before calling pm_idle_component.
8969 		 */
8970 		(void) untimeout(temp_id);
8971 		(void) pm_idle_component(SD_DEVINFO(un), 0);
8972 		mutex_enter(&un->un_pm_mutex);
8973 	}
8974 
8975 	/*
8976 	 * Check whether there is already a timeout scheduled for power
8977 	 * management. If yes then don't lower the power here, that's.
8978 	 * the timeout handler's job.
8979 	 */
8980 	if (un->un_pm_timeid != NULL) {
8981 		timeout_id_t temp_id = un->un_pm_timeid;
8982 		un->un_pm_timeid = NULL;
8983 		mutex_exit(&un->un_pm_mutex);
8984 		/*
8985 		 * Timeout is active; cancel it.
8986 		 * Note that it'll never be active on a device
8987 		 * that does not support PM therefore we don't
8988 		 * have to check before calling pm_idle_component.
8989 		 */
8990 		(void) untimeout(temp_id);
8991 		(void) pm_idle_component(SD_DEVINFO(un), 0);
8992 
8993 	} else {
8994 		mutex_exit(&un->un_pm_mutex);
8995 		if ((un->un_f_pm_is_enabled == TRUE) &&
8996 		    (pm_lower_power(SD_DEVINFO(un), 0, SD_SPINDLE_OFF) !=
8997 		    DDI_SUCCESS)) {
8998 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8999 		    "sd_dr_detach: Lower power request failed, ignoring.\n");
9000 			/*
9001 			 * Fix for bug: 4297749, item # 13
9002 			 * The above test now includes a check to see if PM is
9003 			 * supported by this device before call
9004 			 * pm_lower_power().
9005 			 * Note, the following is not dead code. The call to
9006 			 * pm_lower_power above will generate a call back into
9007 			 * our sdpower routine which might result in a timeout
9008 			 * handler getting activated. Therefore the following
9009 			 * code is valid and necessary.
9010 			 */
9011 			mutex_enter(&un->un_pm_mutex);
9012 			if (un->un_pm_timeid != NULL) {
9013 				timeout_id_t temp_id = un->un_pm_timeid;
9014 				un->un_pm_timeid = NULL;
9015 				mutex_exit(&un->un_pm_mutex);
9016 				(void) untimeout(temp_id);
9017 				(void) pm_idle_component(SD_DEVINFO(un), 0);
9018 			} else {
9019 				mutex_exit(&un->un_pm_mutex);
9020 			}
9021 		}
9022 	}
9023 
9024 	/*
9025 	 * Cleanup from the scsi_ifsetcap() calls (437868)
9026 	 * Relocated here from above to be after the call to
9027 	 * pm_lower_power, which was getting errors.
9028 	 */
9029 	(void) scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 0, 1);
9030 	(void) scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer", 0, 1);
9031 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
9032 
9033 	if (un->un_f_is_fibre == FALSE) {
9034 		(void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 0, 1);
9035 	}
9036 
9037 	/*
9038 	 * Remove any event callbacks, fibre only
9039 	 */
9040 	if (un->un_f_is_fibre == TRUE) {
9041 		if ((un->un_insert_event != NULL) &&
9042 			(ddi_remove_event_handler(un->un_insert_cb_id) !=
9043 				DDI_SUCCESS)) {
9044 			/*
9045 			 * Note: We are returning here after having done
9046 			 * substantial cleanup above. This is consistent
9047 			 * with the legacy implementation but this may not
9048 			 * be the right thing to do.
9049 			 */
9050 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9051 				"sd_dr_detach: Cannot cancel insert event\n");
9052 			goto err_remove_event;
9053 		}
9054 		un->un_insert_event = NULL;
9055 
9056 		if ((un->un_remove_event != NULL) &&
9057 			(ddi_remove_event_handler(un->un_remove_cb_id) !=
9058 				DDI_SUCCESS)) {
9059 			/*
9060 			 * Note: We are returning here after having done
9061 			 * substantial cleanup above. This is consistent
9062 			 * with the legacy implementation but this may not
9063 			 * be the right thing to do.
9064 			 */
9065 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9066 				"sd_dr_detach: Cannot cancel remove event\n");
9067 			goto err_remove_event;
9068 		}
9069 		un->un_remove_event = NULL;
9070 	}
9071 
9072 	/* Do not free the softstate if the callback routine is active */
9073 	sd_sync_with_callback(un);
9074 
9075 	/*
9076 	 * Hold the detach mutex here, to make sure that no other threads ever
9077 	 * can access a (partially) freed soft state structure.
9078 	 */
9079 	mutex_enter(&sd_detach_mutex);
9080 
9081 	/*
9082 	 * Clean up the soft state struct.
9083 	 * Cleanup is done in reverse order of allocs/inits.
9084 	 * At this point there should be no competing threads anymore.
9085 	 */
9086 
9087 	/* Unregister and free device id. */
9088 	ddi_devid_unregister(devi);
9089 	if (un->un_devid) {
9090 		ddi_devid_free(un->un_devid);
9091 		un->un_devid = NULL;
9092 	}
9093 
9094 	/*
9095 	 * Destroy wmap cache if it exists.
9096 	 */
9097 	if (un->un_wm_cache != NULL) {
9098 		kmem_cache_destroy(un->un_wm_cache);
9099 		un->un_wm_cache = NULL;
9100 	}
9101 
9102 	/* Remove minor nodes */
9103 	ddi_remove_minor_node(devi, NULL);
9104 
9105 	/*
9106 	 * kstat cleanup is done in detach for all device types (4363169).
9107 	 * We do not want to fail detach if the device kstats are not deleted
9108 	 * since there is a confusion about the devo_refcnt for the device.
9109 	 * We just delete the kstats and let detach complete successfully.
9110 	 */
9111 	if (un->un_stats != NULL) {
9112 		kstat_delete(un->un_stats);
9113 		un->un_stats = NULL;
9114 	}
9115 	if (un->un_errstats != NULL) {
9116 		kstat_delete(un->un_errstats);
9117 		un->un_errstats = NULL;
9118 	}
9119 
9120 	/* Remove partition stats (not created for removables) */
9121 	if (!ISREMOVABLE(un)) {
9122 		for (i = 0; i < NSDMAP; i++) {
9123 			if (un->un_pstats[i] != NULL) {
9124 				kstat_delete(un->un_pstats[i]);
9125 				un->un_pstats[i] = NULL;
9126 			}
9127 		}
9128 	}
9129 
9130 	/* Remove xbuf registration */
9131 	ddi_xbuf_attr_unregister_devinfo(un->un_xbuf_attr, devi);
9132 	ddi_xbuf_attr_destroy(un->un_xbuf_attr);
9133 
9134 	/* Remove driver properties */
9135 	ddi_prop_remove_all(devi);
9136 
9137 	mutex_destroy(&un->un_pm_mutex);
9138 	cv_destroy(&un->un_pm_busy_cv);
9139 
9140 	/* Open/close semaphore */
9141 	sema_destroy(&un->un_semoclose);
9142 
9143 	/* Removable media condvar. */
9144 	cv_destroy(&un->un_state_cv);
9145 
9146 	/* Suspend/resume condvar. */
9147 	cv_destroy(&un->un_suspend_cv);
9148 	cv_destroy(&un->un_disk_busy_cv);
9149 
9150 	sd_free_rqs(un);
9151 
9152 	/* Free up soft state */
9153 	devp->sd_private = NULL;
9154 	bzero(un, sizeof (struct sd_lun));
9155 	ddi_soft_state_free(sd_state, instance);
9156 
9157 	mutex_exit(&sd_detach_mutex);
9158 
9159 	/* This frees up the INQUIRY data associated with the device. */
9160 	scsi_unprobe(devp);
9161 
9162 	return (DDI_SUCCESS);
9163 
9164 err_notclosed:
9165 	mutex_exit(SD_MUTEX(un));
9166 
9167 err_stillbusy:
9168 	_NOTE(NO_COMPETING_THREADS_NOW);
9169 
9170 err_remove_event:
9171 	mutex_enter(&sd_detach_mutex);
9172 	un->un_detach_count--;
9173 	mutex_exit(&sd_detach_mutex);
9174 
9175 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_unit_detach: exit failure\n");
9176 	return (DDI_FAILURE);
9177 }
9178 
9179 
9180 /*
9181  * Driver minor node structure and data table
9182  */
9183 struct driver_minor_data {
9184 	char	*name;
9185 	minor_t	minor;
9186 	int	type;
9187 };
9188 
9189 static struct driver_minor_data sd_minor_data[] = {
9190 	{"a", 0, S_IFBLK},
9191 	{"b", 1, S_IFBLK},
9192 	{"c", 2, S_IFBLK},
9193 	{"d", 3, S_IFBLK},
9194 	{"e", 4, S_IFBLK},
9195 	{"f", 5, S_IFBLK},
9196 	{"g", 6, S_IFBLK},
9197 	{"h", 7, S_IFBLK},
9198 #if defined(_SUNOS_VTOC_16)
9199 	{"i", 8, S_IFBLK},
9200 	{"j", 9, S_IFBLK},
9201 	{"k", 10, S_IFBLK},
9202 	{"l", 11, S_IFBLK},
9203 	{"m", 12, S_IFBLK},
9204 	{"n", 13, S_IFBLK},
9205 	{"o", 14, S_IFBLK},
9206 	{"p", 15, S_IFBLK},
9207 #endif			/* defined(_SUNOS_VTOC_16) */
9208 #if defined(_FIRMWARE_NEEDS_FDISK)
9209 	{"q", 16, S_IFBLK},
9210 	{"r", 17, S_IFBLK},
9211 	{"s", 18, S_IFBLK},
9212 	{"t", 19, S_IFBLK},
9213 	{"u", 20, S_IFBLK},
9214 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9215 	{"a,raw", 0, S_IFCHR},
9216 	{"b,raw", 1, S_IFCHR},
9217 	{"c,raw", 2, S_IFCHR},
9218 	{"d,raw", 3, S_IFCHR},
9219 	{"e,raw", 4, S_IFCHR},
9220 	{"f,raw", 5, S_IFCHR},
9221 	{"g,raw", 6, S_IFCHR},
9222 	{"h,raw", 7, S_IFCHR},
9223 #if defined(_SUNOS_VTOC_16)
9224 	{"i,raw", 8, S_IFCHR},
9225 	{"j,raw", 9, S_IFCHR},
9226 	{"k,raw", 10, S_IFCHR},
9227 	{"l,raw", 11, S_IFCHR},
9228 	{"m,raw", 12, S_IFCHR},
9229 	{"n,raw", 13, S_IFCHR},
9230 	{"o,raw", 14, S_IFCHR},
9231 	{"p,raw", 15, S_IFCHR},
9232 #endif			/* defined(_SUNOS_VTOC_16) */
9233 #if defined(_FIRMWARE_NEEDS_FDISK)
9234 	{"q,raw", 16, S_IFCHR},
9235 	{"r,raw", 17, S_IFCHR},
9236 	{"s,raw", 18, S_IFCHR},
9237 	{"t,raw", 19, S_IFCHR},
9238 	{"u,raw", 20, S_IFCHR},
9239 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9240 	{0}
9241 };
9242 
9243 static struct driver_minor_data sd_minor_data_efi[] = {
9244 	{"a", 0, S_IFBLK},
9245 	{"b", 1, S_IFBLK},
9246 	{"c", 2, S_IFBLK},
9247 	{"d", 3, S_IFBLK},
9248 	{"e", 4, S_IFBLK},
9249 	{"f", 5, S_IFBLK},
9250 	{"g", 6, S_IFBLK},
9251 	{"wd", 7, S_IFBLK},
9252 #if defined(_FIRMWARE_NEEDS_FDISK)
9253 	{"q", 16, S_IFBLK},
9254 	{"r", 17, S_IFBLK},
9255 	{"s", 18, S_IFBLK},
9256 	{"t", 19, S_IFBLK},
9257 	{"u", 20, S_IFBLK},
9258 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9259 	{"a,raw", 0, S_IFCHR},
9260 	{"b,raw", 1, S_IFCHR},
9261 	{"c,raw", 2, S_IFCHR},
9262 	{"d,raw", 3, S_IFCHR},
9263 	{"e,raw", 4, S_IFCHR},
9264 	{"f,raw", 5, S_IFCHR},
9265 	{"g,raw", 6, S_IFCHR},
9266 	{"wd,raw", 7, S_IFCHR},
9267 #if defined(_FIRMWARE_NEEDS_FDISK)
9268 	{"q,raw", 16, S_IFCHR},
9269 	{"r,raw", 17, S_IFCHR},
9270 	{"s,raw", 18, S_IFCHR},
9271 	{"t,raw", 19, S_IFCHR},
9272 	{"u,raw", 20, S_IFCHR},
9273 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9274 	{0}
9275 };
9276 
9277 
9278 /*
9279  *    Function: sd_create_minor_nodes
9280  *
9281  * Description: Create the minor device nodes for the instance.
9282  *
9283  *   Arguments: un - driver soft state (unit) structure
9284  *		devi - pointer to device info structure
9285  *
9286  * Return Code: DDI_SUCCESS
9287  *		DDI_FAILURE
9288  *
9289  *     Context: Kernel thread context
9290  */
9291 
9292 static int
9293 sd_create_minor_nodes(struct sd_lun *un, dev_info_t *devi)
9294 {
9295 	struct driver_minor_data	*dmdp;
9296 	struct scsi_device		*devp;
9297 	int				instance;
9298 	char				name[48];
9299 
9300 	ASSERT(un != NULL);
9301 	devp = ddi_get_driver_private(devi);
9302 	instance = ddi_get_instance(devp->sd_dev);
9303 
9304 	/*
9305 	 * Create all the minor nodes for this target.
9306 	 */
9307 	if (un->un_blockcount > DK_MAX_BLOCKS)
9308 		dmdp = sd_minor_data_efi;
9309 	else
9310 		dmdp = sd_minor_data;
9311 	while (dmdp->name != NULL) {
9312 
9313 		(void) sprintf(name, "%s", dmdp->name);
9314 
9315 		if (ddi_create_minor_node(devi, name, dmdp->type,
9316 		    (instance << SDUNIT_SHIFT) | dmdp->minor,
9317 		    un->un_node_type, NULL) == DDI_FAILURE) {
9318 			/*
9319 			 * Clean up any nodes that may have been created, in
9320 			 * case this fails in the middle of the loop.
9321 			 */
9322 			ddi_remove_minor_node(devi, NULL);
9323 			return (DDI_FAILURE);
9324 		}
9325 		dmdp++;
9326 	}
9327 
9328 	return (DDI_SUCCESS);
9329 }
9330 
9331 
9332 /*
9333  *    Function: sd_create_errstats
9334  *
9335  * Description: This routine instantiates the device error stats.
9336  *
9337  *		Note: During attach the stats are instantiated first so they are
9338  *		available for attach-time routines that utilize the driver
9339  *		iopath to send commands to the device. The stats are initialized
9340  *		separately so data obtained during some attach-time routines is
9341  *		available. (4362483)
9342  *
9343  *   Arguments: un - driver soft state (unit) structure
9344  *		instance - driver instance
9345  *
9346  *     Context: Kernel thread context
9347  */
9348 
9349 static void
9350 sd_create_errstats(struct sd_lun *un, int instance)
9351 {
9352 	struct	sd_errstats	*stp;
9353 	char	kstatmodule_err[KSTAT_STRLEN];
9354 	char	kstatname[KSTAT_STRLEN];
9355 	int	ndata = (sizeof (struct sd_errstats) / sizeof (kstat_named_t));
9356 
9357 	ASSERT(un != NULL);
9358 
9359 	if (un->un_errstats != NULL) {
9360 		return;
9361 	}
9362 
9363 	(void) snprintf(kstatmodule_err, sizeof (kstatmodule_err),
9364 	    "%serr", sd_label);
9365 	(void) snprintf(kstatname, sizeof (kstatname),
9366 	    "%s%d,err", sd_label, instance);
9367 
9368 	un->un_errstats = kstat_create(kstatmodule_err, instance, kstatname,
9369 	    "device_error", KSTAT_TYPE_NAMED, ndata, KSTAT_FLAG_PERSISTENT);
9370 
9371 	if (un->un_errstats == NULL) {
9372 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9373 		    "sd_create_errstats: Failed kstat_create\n");
9374 		return;
9375 	}
9376 
9377 	stp = (struct sd_errstats *)un->un_errstats->ks_data;
9378 	kstat_named_init(&stp->sd_softerrs,	"Soft Errors",
9379 	    KSTAT_DATA_UINT32);
9380 	kstat_named_init(&stp->sd_harderrs,	"Hard Errors",
9381 	    KSTAT_DATA_UINT32);
9382 	kstat_named_init(&stp->sd_transerrs,	"Transport Errors",
9383 	    KSTAT_DATA_UINT32);
9384 	kstat_named_init(&stp->sd_vid,		"Vendor",
9385 	    KSTAT_DATA_CHAR);
9386 	kstat_named_init(&stp->sd_pid,		"Product",
9387 	    KSTAT_DATA_CHAR);
9388 	kstat_named_init(&stp->sd_revision,	"Revision",
9389 	    KSTAT_DATA_CHAR);
9390 	kstat_named_init(&stp->sd_serial,	"Serial No",
9391 	    KSTAT_DATA_CHAR);
9392 	kstat_named_init(&stp->sd_capacity,	"Size",
9393 	    KSTAT_DATA_ULONGLONG);
9394 	kstat_named_init(&stp->sd_rq_media_err,	"Media Error",
9395 	    KSTAT_DATA_UINT32);
9396 	kstat_named_init(&stp->sd_rq_ntrdy_err,	"Device Not Ready",
9397 	    KSTAT_DATA_UINT32);
9398 	kstat_named_init(&stp->sd_rq_nodev_err,	"No Device",
9399 	    KSTAT_DATA_UINT32);
9400 	kstat_named_init(&stp->sd_rq_recov_err,	"Recoverable",
9401 	    KSTAT_DATA_UINT32);
9402 	kstat_named_init(&stp->sd_rq_illrq_err,	"Illegal Request",
9403 	    KSTAT_DATA_UINT32);
9404 	kstat_named_init(&stp->sd_rq_pfa_err,	"Predictive Failure Analysis",
9405 	    KSTAT_DATA_UINT32);
9406 
9407 	un->un_errstats->ks_private = un;
9408 	un->un_errstats->ks_update  = nulldev;
9409 
9410 	kstat_install(un->un_errstats);
9411 }
9412 
9413 
9414 /*
9415  *    Function: sd_set_errstats
9416  *
9417  * Description: This routine sets the value of the vendor id, product id,
9418  *		revision, serial number, and capacity device error stats.
9419  *
9420  *		Note: During attach the stats are instantiated first so they are
9421  *		available for attach-time routines that utilize the driver
9422  *		iopath to send commands to the device. The stats are initialized
9423  *		separately so data obtained during some attach-time routines is
9424  *		available. (4362483)
9425  *
9426  *   Arguments: un - driver soft state (unit) structure
9427  *
9428  *     Context: Kernel thread context
9429  */
9430 
9431 static void
9432 sd_set_errstats(struct sd_lun *un)
9433 {
9434 	struct	sd_errstats	*stp;
9435 
9436 	ASSERT(un != NULL);
9437 	ASSERT(un->un_errstats != NULL);
9438 	stp = (struct sd_errstats *)un->un_errstats->ks_data;
9439 	ASSERT(stp != NULL);
9440 	(void) strncpy(stp->sd_vid.value.c, un->un_sd->sd_inq->inq_vid, 8);
9441 	(void) strncpy(stp->sd_pid.value.c, un->un_sd->sd_inq->inq_pid, 16);
9442 	(void) strncpy(stp->sd_revision.value.c,
9443 	    un->un_sd->sd_inq->inq_revision, 4);
9444 
9445 	/*
9446 	 * Set the "Serial No" kstat for Sun qualified drives (indicated by
9447 	 * "SUN" in bytes 25-27 of the inquiry data (bytes 9-11 of the pid)
9448 	 * (4376302))
9449 	 */
9450 	if (bcmp(&SD_INQUIRY(un)->inq_pid[9], "SUN", 3) == 0) {
9451 		bcopy(&SD_INQUIRY(un)->inq_serial, stp->sd_serial.value.c,
9452 		    sizeof (SD_INQUIRY(un)->inq_serial));
9453 	}
9454 
9455 	if (un->un_f_blockcount_is_valid != TRUE) {
9456 		/*
9457 		 * Set capacity error stat to 0 for no media. This ensures
9458 		 * a valid capacity is displayed in response to 'iostat -E'
9459 		 * when no media is present in the device.
9460 		 */
9461 		stp->sd_capacity.value.ui64 = 0;
9462 	} else {
9463 		/*
9464 		 * Multiply un_blockcount by un->un_sys_blocksize to get
9465 		 * capacity.
9466 		 *
9467 		 * Note: for non-512 blocksize devices "un_blockcount" has been
9468 		 * "scaled" in sd_send_scsi_READ_CAPACITY by multiplying by
9469 		 * (un_tgt_blocksize / un->un_sys_blocksize).
9470 		 */
9471 		stp->sd_capacity.value.ui64 = (uint64_t)
9472 		    ((uint64_t)un->un_blockcount * un->un_sys_blocksize);
9473 	}
9474 }
9475 
9476 
9477 /*
9478  *    Function: sd_set_pstats
9479  *
9480  * Description: This routine instantiates and initializes the partition
9481  *              stats for each partition with more than zero blocks.
9482  *		(4363169)
9483  *
9484  *   Arguments: un - driver soft state (unit) structure
9485  *
9486  *     Context: Kernel thread context
9487  */
9488 
9489 static void
9490 sd_set_pstats(struct sd_lun *un)
9491 {
9492 	char	kstatname[KSTAT_STRLEN];
9493 	int	instance;
9494 	int	i;
9495 
9496 	ASSERT(un != NULL);
9497 
9498 	instance = ddi_get_instance(SD_DEVINFO(un));
9499 
9500 	/* Note:x86: is this a VTOC8/VTOC16 difference? */
9501 	for (i = 0; i < NSDMAP; i++) {
9502 		if ((un->un_pstats[i] == NULL) &&
9503 		    (un->un_map[i].dkl_nblk != 0)) {
9504 			(void) snprintf(kstatname, sizeof (kstatname),
9505 			    "%s%d,%s", sd_label, instance,
9506 			    sd_minor_data[i].name);
9507 			un->un_pstats[i] = kstat_create(sd_label,
9508 			    instance, kstatname, "partition", KSTAT_TYPE_IO,
9509 			    1, KSTAT_FLAG_PERSISTENT);
9510 			if (un->un_pstats[i] != NULL) {
9511 				un->un_pstats[i]->ks_lock = SD_MUTEX(un);
9512 				kstat_install(un->un_pstats[i]);
9513 			}
9514 		}
9515 	}
9516 }
9517 
9518 
9519 #if (defined(__fibre))
9520 /*
9521  *    Function: sd_init_event_callbacks
9522  *
9523  * Description: This routine initializes the insertion and removal event
9524  *		callbacks. (fibre only)
9525  *
9526  *   Arguments: un - driver soft state (unit) structure
9527  *
9528  *     Context: Kernel thread context
9529  */
9530 
9531 static void
9532 sd_init_event_callbacks(struct sd_lun *un)
9533 {
9534 	ASSERT(un != NULL);
9535 
9536 	if ((un->un_insert_event == NULL) &&
9537 	    (ddi_get_eventcookie(SD_DEVINFO(un), FCAL_INSERT_EVENT,
9538 	    &un->un_insert_event) == DDI_SUCCESS)) {
9539 		/*
9540 		 * Add the callback for an insertion event
9541 		 */
9542 		(void) ddi_add_event_handler(SD_DEVINFO(un),
9543 		    un->un_insert_event, sd_event_callback, (void *)un,
9544 		    &(un->un_insert_cb_id));
9545 	}
9546 
9547 	if ((un->un_remove_event == NULL) &&
9548 	    (ddi_get_eventcookie(SD_DEVINFO(un), FCAL_REMOVE_EVENT,
9549 	    &un->un_remove_event) == DDI_SUCCESS)) {
9550 		/*
9551 		 * Add the callback for a removal event
9552 		 */
9553 		(void) ddi_add_event_handler(SD_DEVINFO(un),
9554 		    un->un_remove_event, sd_event_callback, (void *)un,
9555 		    &(un->un_remove_cb_id));
9556 	}
9557 }
9558 
9559 
9560 /*
9561  *    Function: sd_event_callback
9562  *
9563  * Description: This routine handles insert/remove events (photon). The
9564  *		state is changed to OFFLINE which can be used to supress
9565  *		error msgs. (fibre only)
9566  *
9567  *   Arguments: un - driver soft state (unit) structure
9568  *
9569  *     Context: Callout thread context
9570  */
9571 /* ARGSUSED */
9572 static void
9573 sd_event_callback(dev_info_t *dip, ddi_eventcookie_t event, void *arg,
9574     void *bus_impldata)
9575 {
9576 	struct sd_lun *un = (struct sd_lun *)arg;
9577 
9578 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_insert_event));
9579 	if (event == un->un_insert_event) {
9580 		SD_TRACE(SD_LOG_COMMON, un, "sd_event_callback: insert event");
9581 		mutex_enter(SD_MUTEX(un));
9582 		if (un->un_state == SD_STATE_OFFLINE) {
9583 			if (un->un_last_state != SD_STATE_SUSPENDED) {
9584 				un->un_state = un->un_last_state;
9585 			} else {
9586 				/*
9587 				 * We have gone through SUSPEND/RESUME while
9588 				 * we were offline. Restore the last state
9589 				 */
9590 				un->un_state = un->un_save_state;
9591 			}
9592 		}
9593 		mutex_exit(SD_MUTEX(un));
9594 
9595 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_remove_event));
9596 	} else if (event == un->un_remove_event) {
9597 		SD_TRACE(SD_LOG_COMMON, un, "sd_event_callback: remove event");
9598 		mutex_enter(SD_MUTEX(un));
9599 		/*
9600 		 * We need to handle an event callback that occurs during
9601 		 * the suspend operation, since we don't prevent it.
9602 		 */
9603 		if (un->un_state != SD_STATE_OFFLINE) {
9604 			if (un->un_state != SD_STATE_SUSPENDED) {
9605 				New_state(un, SD_STATE_OFFLINE);
9606 			} else {
9607 				un->un_last_state = SD_STATE_OFFLINE;
9608 			}
9609 		}
9610 		mutex_exit(SD_MUTEX(un));
9611 	} else {
9612 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
9613 		    "!Unknown event\n");
9614 	}
9615 
9616 }
9617 #endif
9618 
9619 
9620 /*
9621  *    Function: sd_disable_caching()
9622  *
9623  * Description: This routine is the driver entry point for disabling
9624  *		read and write caching by modifying the WCE (write cache
9625  *		enable) and RCD (read cache disable) bits of mode
9626  *		page 8 (MODEPAGE_CACHING).
9627  *
9628  *   Arguments: un - driver soft state (unit) structure
9629  *
9630  * Return Code: EIO
9631  *		code returned by sd_send_scsi_MODE_SENSE and
9632  *		sd_send_scsi_MODE_SELECT
9633  *
9634  *     Context: Kernel Thread
9635  */
9636 
9637 static int
9638 sd_disable_caching(struct sd_lun *un)
9639 {
9640 	struct mode_caching	*mode_caching_page;
9641 	uchar_t			*header;
9642 	size_t			buflen;
9643 	int			hdrlen;
9644 	int			bd_len;
9645 	int			rval = 0;
9646 
9647 	ASSERT(un != NULL);
9648 
9649 	/*
9650 	 * Do a test unit ready, otherwise a mode sense may not work if this
9651 	 * is the first command sent to the device after boot.
9652 	 */
9653 	(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
9654 
9655 	if (un->un_f_cfg_is_atapi == TRUE) {
9656 		hdrlen = MODE_HEADER_LENGTH_GRP2;
9657 	} else {
9658 		hdrlen = MODE_HEADER_LENGTH;
9659 	}
9660 
9661 	/*
9662 	 * Allocate memory for the retrieved mode page and its headers.  Set
9663 	 * a pointer to the page itself.
9664 	 */
9665 	buflen = hdrlen + MODE_BLK_DESC_LENGTH + sizeof (struct mode_caching);
9666 	header = kmem_zalloc(buflen, KM_SLEEP);
9667 
9668 	/* Get the information from the device. */
9669 	if (un->un_f_cfg_is_atapi == TRUE) {
9670 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, header, buflen,
9671 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9672 	} else {
9673 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
9674 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9675 	}
9676 	if (rval != 0) {
9677 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
9678 		    "sd_disable_caching: Mode Sense Failed\n");
9679 		kmem_free(header, buflen);
9680 		return (rval);
9681 	}
9682 
9683 	/*
9684 	 * Determine size of Block Descriptors in order to locate
9685 	 * the mode page data. ATAPI devices return 0, SCSI devices
9686 	 * should return MODE_BLK_DESC_LENGTH.
9687 	 */
9688 	if (un->un_f_cfg_is_atapi == TRUE) {
9689 		struct mode_header_grp2	*mhp;
9690 		mhp	= (struct mode_header_grp2 *)header;
9691 		bd_len  = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
9692 	} else {
9693 		bd_len  = ((struct mode_header *)header)->bdesc_length;
9694 	}
9695 
9696 	if (bd_len > MODE_BLK_DESC_LENGTH) {
9697 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
9698 		    "sd_disable_caching: Mode Sense returned invalid "
9699 		    "block descriptor length\n");
9700 		kmem_free(header, buflen);
9701 		return (EIO);
9702 	}
9703 
9704 	mode_caching_page = (struct mode_caching *)(header + hdrlen + bd_len);
9705 
9706 	/* Check the relevant bits on successful mode sense. */
9707 	if ((mode_caching_page->wce) || !(mode_caching_page->rcd)) {
9708 		/*
9709 		 * Read or write caching is enabled.  Disable both of them.
9710 		 */
9711 		mode_caching_page->wce = 0;
9712 		mode_caching_page->rcd = 1;
9713 
9714 		/* Clear reserved bits before mode select. */
9715 		mode_caching_page->mode_page.ps = 0;
9716 
9717 		/*
9718 		 * Clear out mode header for mode select.
9719 		 * The rest of the retrieved page will be reused.
9720 		 */
9721 		bzero(header, hdrlen);
9722 
9723 		/* Change the cache page to disable all caching. */
9724 		if (un->un_f_cfg_is_atapi == TRUE) {
9725 			rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP1, header,
9726 			    buflen, SD_SAVE_PAGE, SD_PATH_DIRECT);
9727 		} else {
9728 			rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, header,
9729 			    buflen, SD_SAVE_PAGE, SD_PATH_DIRECT);
9730 		}
9731 	}
9732 
9733 	kmem_free(header, buflen);
9734 	return (rval);
9735 }
9736 
9737 
9738 /*
9739  *    Function: sd_get_write_cache_enabled()
9740  *
9741  * Description: This routine is the driver entry point for determining if
9742  *		write caching is enabled.  It examines the WCE (write cache
9743  *		enable) bits of mode page 8 (MODEPAGE_CACHING).
9744  *
9745  *   Arguments: un - driver soft state (unit) structure
9746  *   		is_enabled - pointer to int where write cache enabled state
9747  *   			is returned (non-zero -> write cache enabled)
9748  *
9749  *
9750  * Return Code: EIO
9751  *		code returned by sd_send_scsi_MODE_SENSE
9752  *
9753  *     Context: Kernel Thread
9754  *
9755  * NOTE: If ioctl is added to disable write cache, this sequence should
9756  * be followed so that no locking is required for accesses to
9757  * un->un_f_write_cache_enabled:
9758  * 	do mode select to clear wce
9759  * 	do synchronize cache to flush cache
9760  * 	set un->un_f_write_cache_enabled = FALSE
9761  *
9762  * Conversely, an ioctl to enable the write cache should be done
9763  * in this order:
9764  * 	set un->un_f_write_cache_enabled = TRUE
9765  * 	do mode select to set wce
9766  */
9767 
9768 static int
9769 sd_get_write_cache_enabled(struct sd_lun *un, int *is_enabled)
9770 {
9771 	struct mode_caching	*mode_caching_page;
9772 	uchar_t			*header;
9773 	size_t			buflen;
9774 	int			hdrlen;
9775 	int			bd_len;
9776 	int			rval = 0;
9777 
9778 	ASSERT(un != NULL);
9779 	ASSERT(is_enabled != NULL);
9780 
9781 	/* in case of error, flag as enabled */
9782 	*is_enabled = TRUE;
9783 
9784 	/*
9785 	 * Do a test unit ready, otherwise a mode sense may not work if this
9786 	 * is the first command sent to the device after boot.
9787 	 */
9788 	(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
9789 
9790 	if (un->un_f_cfg_is_atapi == TRUE) {
9791 		hdrlen = MODE_HEADER_LENGTH_GRP2;
9792 	} else {
9793 		hdrlen = MODE_HEADER_LENGTH;
9794 	}
9795 
9796 	/*
9797 	 * Allocate memory for the retrieved mode page and its headers.  Set
9798 	 * a pointer to the page itself.
9799 	 */
9800 	buflen = hdrlen + MODE_BLK_DESC_LENGTH + sizeof (struct mode_caching);
9801 	header = kmem_zalloc(buflen, KM_SLEEP);
9802 
9803 	/* Get the information from the device. */
9804 	if (un->un_f_cfg_is_atapi == TRUE) {
9805 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, header, buflen,
9806 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9807 	} else {
9808 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
9809 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9810 	}
9811 	if (rval != 0) {
9812 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
9813 		    "sd_get_write_cache_enabled: Mode Sense Failed\n");
9814 		kmem_free(header, buflen);
9815 		return (rval);
9816 	}
9817 
9818 	/*
9819 	 * Determine size of Block Descriptors in order to locate
9820 	 * the mode page data. ATAPI devices return 0, SCSI devices
9821 	 * should return MODE_BLK_DESC_LENGTH.
9822 	 */
9823 	if (un->un_f_cfg_is_atapi == TRUE) {
9824 		struct mode_header_grp2	*mhp;
9825 		mhp	= (struct mode_header_grp2 *)header;
9826 		bd_len  = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
9827 	} else {
9828 		bd_len  = ((struct mode_header *)header)->bdesc_length;
9829 	}
9830 
9831 	if (bd_len > MODE_BLK_DESC_LENGTH) {
9832 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
9833 		    "sd_get_write_cache_enabled: Mode Sense returned invalid "
9834 		    "block descriptor length\n");
9835 		kmem_free(header, buflen);
9836 		return (EIO);
9837 	}
9838 
9839 	mode_caching_page = (struct mode_caching *)(header + hdrlen + bd_len);
9840 	*is_enabled = mode_caching_page->wce;
9841 
9842 	kmem_free(header, buflen);
9843 	return (0);
9844 }
9845 
9846 
9847 /*
9848  *    Function: sd_make_device
9849  *
9850  * Description: Utility routine to return the Solaris device number from
9851  *		the data in the device's dev_info structure.
9852  *
9853  * Return Code: The Solaris device number
9854  *
9855  *     Context: Any
9856  */
9857 
9858 static dev_t
9859 sd_make_device(dev_info_t *devi)
9860 {
9861 	return (makedevice(ddi_name_to_major(ddi_get_name(devi)),
9862 	    ddi_get_instance(devi) << SDUNIT_SHIFT));
9863 }
9864 
9865 
9866 /*
9867  *    Function: sd_pm_entry
9868  *
9869  * Description: Called at the start of a new command to manage power
9870  *		and busy status of a device. This includes determining whether
9871  *		the current power state of the device is sufficient for
9872  *		performing the command or whether it must be changed.
9873  *		The PM framework is notified appropriately.
9874  *		Only with a return status of DDI_SUCCESS will the
9875  *		component be busy to the framework.
9876  *
9877  *		All callers of sd_pm_entry must check the return status
9878  *		and only call sd_pm_exit it it was DDI_SUCCESS. A status
9879  *		of DDI_FAILURE indicates the device failed to power up.
9880  *		In this case un_pm_count has been adjusted so the result
9881  *		on exit is still powered down, ie. count is less than 0.
9882  *		Calling sd_pm_exit with this count value hits an ASSERT.
9883  *
9884  * Return Code: DDI_SUCCESS or DDI_FAILURE
9885  *
9886  *     Context: Kernel thread context.
9887  */
9888 
9889 static int
9890 sd_pm_entry(struct sd_lun *un)
9891 {
9892 	int return_status = DDI_SUCCESS;
9893 
9894 	ASSERT(!mutex_owned(SD_MUTEX(un)));
9895 	ASSERT(!mutex_owned(&un->un_pm_mutex));
9896 
9897 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_entry: entry\n");
9898 
9899 	if (un->un_f_pm_is_enabled == FALSE) {
9900 		SD_TRACE(SD_LOG_IO_PM, un,
9901 		    "sd_pm_entry: exiting, PM not enabled\n");
9902 		return (return_status);
9903 	}
9904 
9905 	/*
9906 	 * Just increment a counter if PM is enabled. On the transition from
9907 	 * 0 ==> 1, mark the device as busy.  The iodone side will decrement
9908 	 * the count with each IO and mark the device as idle when the count
9909 	 * hits 0.
9910 	 *
9911 	 * If the count is less than 0 the device is powered down. If a powered
9912 	 * down device is successfully powered up then the count must be
9913 	 * incremented to reflect the power up. Note that it'll get incremented
9914 	 * a second time to become busy.
9915 	 *
9916 	 * Because the following has the potential to change the device state
9917 	 * and must release the un_pm_mutex to do so, only one thread can be
9918 	 * allowed through at a time.
9919 	 */
9920 
9921 	mutex_enter(&un->un_pm_mutex);
9922 	while (un->un_pm_busy == TRUE) {
9923 		cv_wait(&un->un_pm_busy_cv, &un->un_pm_mutex);
9924 	}
9925 	un->un_pm_busy = TRUE;
9926 
9927 	if (un->un_pm_count < 1) {
9928 
9929 		SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_entry: busy component\n");
9930 
9931 		/*
9932 		 * Indicate we are now busy so the framework won't attempt to
9933 		 * power down the device. This call will only fail if either
9934 		 * we passed a bad component number or the device has no
9935 		 * components. Neither of these should ever happen.
9936 		 */
9937 		mutex_exit(&un->un_pm_mutex);
9938 		return_status = pm_busy_component(SD_DEVINFO(un), 0);
9939 		ASSERT(return_status == DDI_SUCCESS);
9940 
9941 		mutex_enter(&un->un_pm_mutex);
9942 
9943 		if (un->un_pm_count < 0) {
9944 			mutex_exit(&un->un_pm_mutex);
9945 
9946 			SD_TRACE(SD_LOG_IO_PM, un,
9947 			    "sd_pm_entry: power up component\n");
9948 
9949 			/*
9950 			 * pm_raise_power will cause sdpower to be called
9951 			 * which brings the device power level to the
9952 			 * desired state, ON in this case. If successful,
9953 			 * un_pm_count and un_power_level will be updated
9954 			 * appropriately.
9955 			 */
9956 			return_status = pm_raise_power(SD_DEVINFO(un), 0,
9957 			    SD_SPINDLE_ON);
9958 
9959 			mutex_enter(&un->un_pm_mutex);
9960 
9961 			if (return_status != DDI_SUCCESS) {
9962 				/*
9963 				 * Power up failed.
9964 				 * Idle the device and adjust the count
9965 				 * so the result on exit is that we're
9966 				 * still powered down, ie. count is less than 0.
9967 				 */
9968 				SD_TRACE(SD_LOG_IO_PM, un,
9969 				    "sd_pm_entry: power up failed,"
9970 				    " idle the component\n");
9971 
9972 				(void) pm_idle_component(SD_DEVINFO(un), 0);
9973 				un->un_pm_count--;
9974 			} else {
9975 				/*
9976 				 * Device is powered up, verify the
9977 				 * count is non-negative.
9978 				 * This is debug only.
9979 				 */
9980 				ASSERT(un->un_pm_count == 0);
9981 			}
9982 		}
9983 
9984 		if (return_status == DDI_SUCCESS) {
9985 			/*
9986 			 * For performance, now that the device has been tagged
9987 			 * as busy, and it's known to be powered up, update the
9988 			 * chain types to use jump tables that do not include
9989 			 * pm. This significantly lowers the overhead and
9990 			 * therefore improves performance.
9991 			 */
9992 
9993 			mutex_exit(&un->un_pm_mutex);
9994 			mutex_enter(SD_MUTEX(un));
9995 			SD_TRACE(SD_LOG_IO_PM, un,
9996 			    "sd_pm_entry: changing uscsi_chain_type from %d\n",
9997 			    un->un_uscsi_chain_type);
9998 
9999 			if (ISREMOVABLE(un)) {
10000 				un->un_buf_chain_type =
10001 				    SD_CHAIN_INFO_RMMEDIA_NO_PM;
10002 			} else {
10003 				un->un_buf_chain_type =
10004 				    SD_CHAIN_INFO_DISK_NO_PM;
10005 			}
10006 			un->un_uscsi_chain_type = SD_CHAIN_INFO_USCSI_CMD_NO_PM;
10007 
10008 			SD_TRACE(SD_LOG_IO_PM, un,
10009 			    "             changed  uscsi_chain_type to   %d\n",
10010 			    un->un_uscsi_chain_type);
10011 			mutex_exit(SD_MUTEX(un));
10012 			mutex_enter(&un->un_pm_mutex);
10013 
10014 			if (un->un_pm_idle_timeid == NULL) {
10015 				/* 300 ms. */
10016 				un->un_pm_idle_timeid =
10017 				    timeout(sd_pm_idletimeout_handler, un,
10018 				    (drv_usectohz((clock_t)300000)));
10019 				/*
10020 				 * Include an extra call to busy which keeps the
10021 				 * device busy with-respect-to the PM layer
10022 				 * until the timer fires, at which time it'll
10023 				 * get the extra idle call.
10024 				 */
10025 				(void) pm_busy_component(SD_DEVINFO(un), 0);
10026 			}
10027 		}
10028 	}
10029 	un->un_pm_busy = FALSE;
10030 	/* Next... */
10031 	cv_signal(&un->un_pm_busy_cv);
10032 
10033 	un->un_pm_count++;
10034 
10035 	SD_TRACE(SD_LOG_IO_PM, un,
10036 	    "sd_pm_entry: exiting, un_pm_count = %d\n", un->un_pm_count);
10037 
10038 	mutex_exit(&un->un_pm_mutex);
10039 
10040 	return (return_status);
10041 }
10042 
10043 
10044 /*
10045  *    Function: sd_pm_exit
10046  *
10047  * Description: Called at the completion of a command to manage busy
10048  *		status for the device. If the device becomes idle the
10049  *		PM framework is notified.
10050  *
10051  *     Context: Kernel thread context
10052  */
10053 
10054 static void
10055 sd_pm_exit(struct sd_lun *un)
10056 {
10057 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10058 	ASSERT(!mutex_owned(&un->un_pm_mutex));
10059 
10060 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_exit: entry\n");
10061 
10062 	/*
10063 	 * After attach the following flag is only read, so don't
10064 	 * take the penalty of acquiring a mutex for it.
10065 	 */
10066 	if (un->un_f_pm_is_enabled == TRUE) {
10067 
10068 		mutex_enter(&un->un_pm_mutex);
10069 		un->un_pm_count--;
10070 
10071 		SD_TRACE(SD_LOG_IO_PM, un,
10072 		    "sd_pm_exit: un_pm_count = %d\n", un->un_pm_count);
10073 
10074 		ASSERT(un->un_pm_count >= 0);
10075 		if (un->un_pm_count == 0) {
10076 			mutex_exit(&un->un_pm_mutex);
10077 
10078 			SD_TRACE(SD_LOG_IO_PM, un,
10079 			    "sd_pm_exit: idle component\n");
10080 
10081 			(void) pm_idle_component(SD_DEVINFO(un), 0);
10082 
10083 		} else {
10084 			mutex_exit(&un->un_pm_mutex);
10085 		}
10086 	}
10087 
10088 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_exit: exiting\n");
10089 }
10090 
10091 
10092 /*
10093  *    Function: sdopen
10094  *
10095  * Description: Driver's open(9e) entry point function.
10096  *
10097  *   Arguments: dev_i   - pointer to device number
10098  *		flag    - how to open file (FEXCL, FNDELAY, FREAD, FWRITE)
10099  *		otyp    - open type (OTYP_BLK, OTYP_CHR, OTYP_LYR)
10100  *		cred_p  - user credential pointer
10101  *
10102  * Return Code: EINVAL
10103  *		ENXIO
10104  *		EIO
10105  *		EROFS
10106  *		EBUSY
10107  *
10108  *     Context: Kernel thread context
10109  */
10110 /* ARGSUSED */
10111 static int
10112 sdopen(dev_t *dev_p, int flag, int otyp, cred_t *cred_p)
10113 {
10114 	struct sd_lun	*un;
10115 	int		nodelay;
10116 	int		part;
10117 	uint64_t	partmask;
10118 	int		instance;
10119 	dev_t		dev;
10120 	int		rval = EIO;
10121 
10122 	/* Validate the open type */
10123 	if (otyp >= OTYPCNT) {
10124 		return (EINVAL);
10125 	}
10126 
10127 	dev = *dev_p;
10128 	instance = SDUNIT(dev);
10129 	mutex_enter(&sd_detach_mutex);
10130 
10131 	/*
10132 	 * Fail the open if there is no softstate for the instance, or
10133 	 * if another thread somewhere is trying to detach the instance.
10134 	 */
10135 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
10136 	    (un->un_detach_count != 0)) {
10137 		mutex_exit(&sd_detach_mutex);
10138 		/*
10139 		 * The probe cache only needs to be cleared when open (9e) fails
10140 		 * with ENXIO (4238046).
10141 		 */
10142 		/*
10143 		 * un-conditionally clearing probe cache is ok with
10144 		 * separate sd/ssd binaries
10145 		 * x86 platform can be an issue with both parallel
10146 		 * and fibre in 1 binary
10147 		 */
10148 		sd_scsi_clear_probe_cache();
10149 		return (ENXIO);
10150 	}
10151 
10152 	/*
10153 	 * The un_layer_count is to prevent another thread in specfs from
10154 	 * trying to detach the instance, which can happen when we are
10155 	 * called from a higher-layer driver instead of thru specfs.
10156 	 * This will not be needed when DDI provides a layered driver
10157 	 * interface that allows specfs to know that an instance is in
10158 	 * use by a layered driver & should not be detached.
10159 	 *
10160 	 * Note: the semantics for layered driver opens are exactly one
10161 	 * close for every open.
10162 	 */
10163 	if (otyp == OTYP_LYR) {
10164 		un->un_layer_count++;
10165 	}
10166 
10167 	/*
10168 	 * Keep a count of the current # of opens in progress. This is because
10169 	 * some layered drivers try to call us as a regular open. This can
10170 	 * cause problems that we cannot prevent, however by keeping this count
10171 	 * we can at least keep our open and detach routines from racing against
10172 	 * each other under such conditions.
10173 	 */
10174 	un->un_opens_in_progress++;
10175 	mutex_exit(&sd_detach_mutex);
10176 
10177 	nodelay  = (flag & (FNDELAY | FNONBLOCK));
10178 	part	 = SDPART(dev);
10179 	partmask = 1 << part;
10180 
10181 	/*
10182 	 * We use a semaphore here in order to serialize
10183 	 * open and close requests on the device.
10184 	 */
10185 	sema_p(&un->un_semoclose);
10186 
10187 	mutex_enter(SD_MUTEX(un));
10188 
10189 	/*
10190 	 * All device accesses go thru sdstrategy() where we check
10191 	 * on suspend status but there could be a scsi_poll command,
10192 	 * which bypasses sdstrategy(), so we need to check pm
10193 	 * status.
10194 	 */
10195 
10196 	if (!nodelay) {
10197 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10198 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10199 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10200 		}
10201 
10202 		mutex_exit(SD_MUTEX(un));
10203 		if (sd_pm_entry(un) != DDI_SUCCESS) {
10204 			rval = EIO;
10205 			SD_ERROR(SD_LOG_OPEN_CLOSE, un,
10206 			    "sdopen: sd_pm_entry failed\n");
10207 			goto open_failed_with_pm;
10208 		}
10209 		mutex_enter(SD_MUTEX(un));
10210 	}
10211 
10212 	/* check for previous exclusive open */
10213 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: un=%p\n", (void *)un);
10214 	SD_TRACE(SD_LOG_OPEN_CLOSE, un,
10215 	    "sdopen: exclopen=%x, flag=%x, regopen=%x\n",
10216 	    un->un_exclopen, flag, un->un_ocmap.regopen[otyp]);
10217 
10218 	if (un->un_exclopen & (partmask)) {
10219 		goto excl_open_fail;
10220 	}
10221 
10222 	if (flag & FEXCL) {
10223 		int i;
10224 		if (un->un_ocmap.lyropen[part]) {
10225 			goto excl_open_fail;
10226 		}
10227 		for (i = 0; i < (OTYPCNT - 1); i++) {
10228 			if (un->un_ocmap.regopen[i] & (partmask)) {
10229 				goto excl_open_fail;
10230 			}
10231 		}
10232 	}
10233 
10234 	/*
10235 	 * Check the write permission if this is a removable media device,
10236 	 * NDELAY has not been set, and writable permission is requested.
10237 	 *
10238 	 * Note: If NDELAY was set and this is write-protected media the WRITE
10239 	 * attempt will fail with EIO as part of the I/O processing. This is a
10240 	 * more permissive implementation that allows the open to succeed and
10241 	 * WRITE attempts to fail when appropriate.
10242 	 */
10243 	if (ISREMOVABLE(un)) {
10244 		if ((flag & FWRITE) && (!nodelay)) {
10245 			mutex_exit(SD_MUTEX(un));
10246 			/*
10247 			 * Defer the check for write permission on writable
10248 			 * DVD drive till sdstrategy and will not fail open even
10249 			 * if FWRITE is set as the device can be writable
10250 			 * depending upon the media and the media can change
10251 			 * after the call to open().
10252 			 */
10253 			if (un->un_f_dvdram_writable_device == FALSE) {
10254 				if (ISCD(un) || sr_check_wp(dev)) {
10255 				rval = EROFS;
10256 				mutex_enter(SD_MUTEX(un));
10257 				SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10258 				    "write to cd or write protected media\n");
10259 				goto open_fail;
10260 				}
10261 			}
10262 			mutex_enter(SD_MUTEX(un));
10263 		}
10264 	}
10265 
10266 	/*
10267 	 * If opening in NDELAY/NONBLOCK mode, just return.
10268 	 * Check if disk is ready and has a valid geometry later.
10269 	 */
10270 	if (!nodelay) {
10271 		mutex_exit(SD_MUTEX(un));
10272 		rval = sd_ready_and_valid(un);
10273 		mutex_enter(SD_MUTEX(un));
10274 		/*
10275 		 * Fail if device is not ready or if the number of disk
10276 		 * blocks is zero or negative for non CD devices.
10277 		 */
10278 		if ((rval != SD_READY_VALID) ||
10279 		    (!ISCD(un) && un->un_map[part].dkl_nblk <= 0)) {
10280 			if (ISREMOVABLE(un)) {
10281 				rval = ENXIO;
10282 			} else {
10283 				rval = EIO;
10284 			}
10285 			SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10286 			    "device not ready or invalid disk block value\n");
10287 			goto open_fail;
10288 		}
10289 #if defined(__i386) || defined(__amd64)
10290 	} else {
10291 		uchar_t *cp;
10292 		/*
10293 		 * x86 requires special nodelay handling, so that p0 is
10294 		 * always defined and accessible.
10295 		 * Invalidate geometry only if device is not already open.
10296 		 */
10297 		cp = &un->un_ocmap.chkd[0];
10298 		while (cp < &un->un_ocmap.chkd[OCSIZE]) {
10299 			if (*cp != (uchar_t)0) {
10300 			    break;
10301 			}
10302 			cp++;
10303 		}
10304 		if (cp == &un->un_ocmap.chkd[OCSIZE]) {
10305 			un->un_f_geometry_is_valid = FALSE;
10306 		}
10307 
10308 #endif
10309 	}
10310 
10311 	if (otyp == OTYP_LYR) {
10312 		un->un_ocmap.lyropen[part]++;
10313 	} else {
10314 		un->un_ocmap.regopen[otyp] |= partmask;
10315 	}
10316 
10317 	/* Set up open and exclusive open flags */
10318 	if (flag & FEXCL) {
10319 		un->un_exclopen |= (partmask);
10320 	}
10321 
10322 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10323 	    "open of part %d type %d\n", part, otyp);
10324 
10325 	mutex_exit(SD_MUTEX(un));
10326 	if (!nodelay) {
10327 		sd_pm_exit(un);
10328 	}
10329 
10330 	sema_v(&un->un_semoclose);
10331 
10332 	mutex_enter(&sd_detach_mutex);
10333 	un->un_opens_in_progress--;
10334 	mutex_exit(&sd_detach_mutex);
10335 
10336 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: exit success\n");
10337 	return (DDI_SUCCESS);
10338 
10339 excl_open_fail:
10340 	SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: fail exclusive open\n");
10341 	rval = EBUSY;
10342 
10343 open_fail:
10344 	mutex_exit(SD_MUTEX(un));
10345 
10346 	/*
10347 	 * On a failed open we must exit the pm management.
10348 	 */
10349 	if (!nodelay) {
10350 		sd_pm_exit(un);
10351 	}
10352 open_failed_with_pm:
10353 	sema_v(&un->un_semoclose);
10354 
10355 	mutex_enter(&sd_detach_mutex);
10356 	un->un_opens_in_progress--;
10357 	if (otyp == OTYP_LYR) {
10358 		un->un_layer_count--;
10359 	}
10360 	mutex_exit(&sd_detach_mutex);
10361 
10362 	return (rval);
10363 }
10364 
10365 
10366 /*
10367  *    Function: sdclose
10368  *
10369  * Description: Driver's close(9e) entry point function.
10370  *
10371  *   Arguments: dev    - device number
10372  *		flag   - file status flag, informational only
10373  *		otyp   - close type (OTYP_BLK, OTYP_CHR, OTYP_LYR)
10374  *		cred_p - user credential pointer
10375  *
10376  * Return Code: ENXIO
10377  *
10378  *     Context: Kernel thread context
10379  */
10380 /* ARGSUSED */
10381 static int
10382 sdclose(dev_t dev, int flag, int otyp, cred_t *cred_p)
10383 {
10384 	struct sd_lun	*un;
10385 	uchar_t		*cp;
10386 	int		part;
10387 	int		nodelay;
10388 	int		rval = 0;
10389 
10390 	/* Validate the open type */
10391 	if (otyp >= OTYPCNT) {
10392 		return (ENXIO);
10393 	}
10394 
10395 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10396 		return (ENXIO);
10397 	}
10398 
10399 	part = SDPART(dev);
10400 	nodelay = flag & (FNDELAY | FNONBLOCK);
10401 
10402 	SD_TRACE(SD_LOG_OPEN_CLOSE, un,
10403 	    "sdclose: close of part %d type %d\n", part, otyp);
10404 
10405 	/*
10406 	 * We use a semaphore here in order to serialize
10407 	 * open and close requests on the device.
10408 	 */
10409 	sema_p(&un->un_semoclose);
10410 
10411 	mutex_enter(SD_MUTEX(un));
10412 
10413 	/* Don't proceed if power is being changed. */
10414 	while (un->un_state == SD_STATE_PM_CHANGING) {
10415 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10416 	}
10417 
10418 	if (un->un_exclopen & (1 << part)) {
10419 		un->un_exclopen &= ~(1 << part);
10420 	}
10421 
10422 	/* Update the open partition map */
10423 	if (otyp == OTYP_LYR) {
10424 		un->un_ocmap.lyropen[part] -= 1;
10425 	} else {
10426 		un->un_ocmap.regopen[otyp] &= ~(1 << part);
10427 	}
10428 
10429 	cp = &un->un_ocmap.chkd[0];
10430 	while (cp < &un->un_ocmap.chkd[OCSIZE]) {
10431 		if (*cp != NULL) {
10432 			break;
10433 		}
10434 		cp++;
10435 	}
10436 
10437 	if (cp == &un->un_ocmap.chkd[OCSIZE]) {
10438 		SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdclose: last close\n");
10439 
10440 		/*
10441 		 * We avoid persistance upon the last close, and set
10442 		 * the throttle back to the maximum.
10443 		 */
10444 		un->un_throttle = un->un_saved_throttle;
10445 
10446 		if (un->un_state == SD_STATE_OFFLINE) {
10447 			if (un->un_f_is_fibre == FALSE) {
10448 				scsi_log(SD_DEVINFO(un), sd_label,
10449 					CE_WARN, "offline\n");
10450 			}
10451 			un->un_f_geometry_is_valid = FALSE;
10452 
10453 		} else {
10454 			/*
10455 			 * Flush any outstanding writes in NVRAM cache.
10456 			 * Note: SYNCHRONIZE CACHE is an optional SCSI-2
10457 			 * cmd, it may not work for non-Pluto devices.
10458 			 * SYNCHRONIZE CACHE is not required for removables,
10459 			 * except DVD-RAM drives.
10460 			 *
10461 			 * Also note: because SYNCHRONIZE CACHE is currently
10462 			 * the only command issued here that requires the
10463 			 * drive be powered up, only do the power up before
10464 			 * sending the Sync Cache command. If additional
10465 			 * commands are added which require a powered up
10466 			 * drive, the following sequence may have to change.
10467 			 *
10468 			 * And finally, note that parallel SCSI on SPARC
10469 			 * only issues a Sync Cache to DVD-RAM, a newly
10470 			 * supported device.
10471 			 */
10472 #if defined(__i386) || defined(__amd64)
10473 			if (!ISREMOVABLE(un) ||
10474 			    un->un_f_dvdram_writable_device == TRUE) {
10475 #else
10476 			if (un->un_f_dvdram_writable_device == TRUE) {
10477 #endif
10478 				mutex_exit(SD_MUTEX(un));
10479 				if (sd_pm_entry(un) == DDI_SUCCESS) {
10480 					rval =
10481 					    sd_send_scsi_SYNCHRONIZE_CACHE(un,
10482 					    NULL);
10483 					/* ignore error if not supported */
10484 					if (rval == ENOTSUP) {
10485 						rval = 0;
10486 					} else if (rval != 0) {
10487 						rval = EIO;
10488 					}
10489 					sd_pm_exit(un);
10490 				} else {
10491 					rval = EIO;
10492 				}
10493 				mutex_enter(SD_MUTEX(un));
10494 			}
10495 
10496 			/*
10497 			 * For removable media devices, send an ALLOW MEDIA
10498 			 * REMOVAL command, but don't get upset if it fails.
10499 			 * Also invalidate the geometry. We need to raise
10500 			 * the power of the drive before we can call
10501 			 * sd_send_scsi_DOORLOCK()
10502 			 */
10503 			if (ISREMOVABLE(un)) {
10504 				mutex_exit(SD_MUTEX(un));
10505 				if (sd_pm_entry(un) == DDI_SUCCESS) {
10506 					rval = sd_send_scsi_DOORLOCK(un,
10507 					    SD_REMOVAL_ALLOW, SD_PATH_DIRECT);
10508 
10509 					sd_pm_exit(un);
10510 					if (ISCD(un) && (rval != 0) &&
10511 					    (nodelay != 0)) {
10512 						rval = ENXIO;
10513 					}
10514 				} else {
10515 					rval = EIO;
10516 				}
10517 				mutex_enter(SD_MUTEX(un));
10518 
10519 				sr_ejected(un);
10520 				/*
10521 				 * Destroy the cache (if it exists) which was
10522 				 * allocated for the write maps since this is
10523 				 * the last close for this media.
10524 				 */
10525 				if (un->un_wm_cache) {
10526 					/*
10527 					 * Check if there are pending commands.
10528 					 * and if there are give a warning and
10529 					 * do not destroy the cache.
10530 					 */
10531 					if (un->un_ncmds_in_driver > 0) {
10532 						scsi_log(SD_DEVINFO(un),
10533 						    sd_label, CE_WARN,
10534 						    "Unable to clean up memory "
10535 						    "because of pending I/O\n");
10536 					} else {
10537 						kmem_cache_destroy(
10538 						    un->un_wm_cache);
10539 						un->un_wm_cache = NULL;
10540 					}
10541 				}
10542 			}
10543 		}
10544 	}
10545 
10546 	mutex_exit(SD_MUTEX(un));
10547 	sema_v(&un->un_semoclose);
10548 
10549 	if (otyp == OTYP_LYR) {
10550 		mutex_enter(&sd_detach_mutex);
10551 		/*
10552 		 * The detach routine may run when the layer count
10553 		 * drops to zero.
10554 		 */
10555 		un->un_layer_count--;
10556 		mutex_exit(&sd_detach_mutex);
10557 	}
10558 
10559 	return (rval);
10560 }
10561 
10562 
10563 /*
10564  *    Function: sd_ready_and_valid
10565  *
10566  * Description: Test if device is ready and has a valid geometry.
10567  *
10568  *   Arguments: dev - device number
10569  *		un  - driver soft state (unit) structure
10570  *
10571  * Return Code: SD_READY_VALID		ready and valid label
10572  *		SD_READY_NOT_VALID	ready, geom ops never applicable
10573  *		SD_NOT_READY_VALID	not ready, no label
10574  *
10575  *     Context: Never called at interrupt context.
10576  */
10577 
10578 static int
10579 sd_ready_and_valid(struct sd_lun *un)
10580 {
10581 	struct sd_errstats	*stp;
10582 	uint64_t		capacity;
10583 	uint_t			lbasize;
10584 	int			rval = SD_READY_VALID;
10585 	char			name_str[48];
10586 
10587 	ASSERT(un != NULL);
10588 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10589 
10590 	mutex_enter(SD_MUTEX(un));
10591 	if (ISREMOVABLE(un)) {
10592 		mutex_exit(SD_MUTEX(un));
10593 		if (sd_send_scsi_TEST_UNIT_READY(un, 0) != 0) {
10594 			rval = SD_NOT_READY_VALID;
10595 			mutex_enter(SD_MUTEX(un));
10596 			goto done;
10597 		}
10598 
10599 		mutex_enter(SD_MUTEX(un));
10600 		if ((un->un_f_geometry_is_valid == FALSE) ||
10601 		    (un->un_f_blockcount_is_valid == FALSE) ||
10602 		    (un->un_f_tgt_blocksize_is_valid == FALSE)) {
10603 
10604 			/* capacity has to be read every open. */
10605 			mutex_exit(SD_MUTEX(un));
10606 			if (sd_send_scsi_READ_CAPACITY(un, &capacity,
10607 			    &lbasize, SD_PATH_DIRECT) != 0) {
10608 				mutex_enter(SD_MUTEX(un));
10609 				un->un_f_geometry_is_valid = FALSE;
10610 				rval = SD_NOT_READY_VALID;
10611 				goto done;
10612 			} else {
10613 				mutex_enter(SD_MUTEX(un));
10614 				sd_update_block_info(un, lbasize, capacity);
10615 			}
10616 		}
10617 
10618 		/*
10619 		 * If this is a non 512 block device, allocate space for
10620 		 * the wmap cache. This is being done here since every time
10621 		 * a media is changed this routine will be called and the
10622 		 * block size is a function of media rather than device.
10623 		 */
10624 		if (NOT_DEVBSIZE(un)) {
10625 			if (!(un->un_wm_cache)) {
10626 				(void) snprintf(name_str, sizeof (name_str),
10627 				    "%s%d_cache",
10628 				    ddi_driver_name(SD_DEVINFO(un)),
10629 				    ddi_get_instance(SD_DEVINFO(un)));
10630 				un->un_wm_cache = kmem_cache_create(
10631 				    name_str, sizeof (struct sd_w_map),
10632 				    8, sd_wm_cache_constructor,
10633 				    sd_wm_cache_destructor, NULL,
10634 				    (void *)un, NULL, 0);
10635 				if (!(un->un_wm_cache)) {
10636 					rval = ENOMEM;
10637 					goto done;
10638 				}
10639 			}
10640 		}
10641 
10642 		/*
10643 		 * Check if the media in the device is writable or not.
10644 		 */
10645 		if ((un->un_f_geometry_is_valid == FALSE) && ISCD(un)) {
10646 			sd_check_for_writable_cd(un);
10647 		}
10648 
10649 	} else {
10650 		/*
10651 		 * Do a test unit ready to clear any unit attention from non-cd
10652 		 * devices.
10653 		 */
10654 		mutex_exit(SD_MUTEX(un));
10655 		(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
10656 		mutex_enter(SD_MUTEX(un));
10657 	}
10658 
10659 
10660 	if (un->un_state == SD_STATE_NORMAL) {
10661 		/*
10662 		 * If the target is not yet ready here (defined by a TUR
10663 		 * failure), invalidate the geometry and print an 'offline'
10664 		 * message. This is a legacy message, as the state of the
10665 		 * target is not actually changed to SD_STATE_OFFLINE.
10666 		 *
10667 		 * If the TUR fails for EACCES (Reservation Conflict), it
10668 		 * means there actually is nothing wrong with the target that
10669 		 * would require invalidating the geometry, so continue in
10670 		 * that case as if the TUR was successful.
10671 		 */
10672 		int err;
10673 
10674 		mutex_exit(SD_MUTEX(un));
10675 		err = sd_send_scsi_TEST_UNIT_READY(un, 0);
10676 		mutex_enter(SD_MUTEX(un));
10677 
10678 		if ((err != 0) && (err != EACCES)) {
10679 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
10680 			    "offline\n");
10681 			un->un_f_geometry_is_valid = FALSE;
10682 			rval = SD_NOT_READY_VALID;
10683 			goto done;
10684 		}
10685 	}
10686 
10687 	if (un->un_f_format_in_progress == FALSE) {
10688 		/*
10689 		 * Note: sd_validate_geometry may return TRUE, but that does
10690 		 * not necessarily mean un_f_geometry_is_valid == TRUE!
10691 		 */
10692 		rval = sd_validate_geometry(un, SD_PATH_DIRECT);
10693 		if (rval == ENOTSUP) {
10694 			if (un->un_f_geometry_is_valid == TRUE)
10695 				rval = 0;
10696 			else {
10697 				rval = SD_READY_NOT_VALID;
10698 				goto done;
10699 			}
10700 		}
10701 		if (rval != 0) {
10702 			/*
10703 			 * We don't check the validity of geometry for
10704 			 * CDROMs. Also we assume we have a good label
10705 			 * even if sd_validate_geometry returned ENOMEM.
10706 			 */
10707 			if (!ISCD(un) && rval != ENOMEM) {
10708 				rval = SD_NOT_READY_VALID;
10709 				goto done;
10710 			}
10711 		}
10712 	}
10713 
10714 #ifdef DOESNTWORK /* on eliteII, see 1118607 */
10715 	/*
10716 	 * check to see if this disk is write protected, if it is and we have
10717 	 * not set read-only, then fail
10718 	 */
10719 	if ((flag & FWRITE) && (sr_check_wp(dev))) {
10720 		New_state(un, SD_STATE_CLOSED);
10721 		goto done;
10722 	}
10723 #endif
10724 
10725 	/*
10726 	 * If this is a removable media device, try and send
10727 	 * a PREVENT MEDIA REMOVAL command, but don't get upset
10728 	 * if it fails. For a CD, however, it is an error
10729 	 */
10730 	if (ISREMOVABLE(un)) {
10731 		mutex_exit(SD_MUTEX(un));
10732 		if ((sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
10733 		    SD_PATH_DIRECT) != 0) && ISCD(un)) {
10734 			rval = SD_NOT_READY_VALID;
10735 			mutex_enter(SD_MUTEX(un));
10736 			goto done;
10737 		}
10738 		mutex_enter(SD_MUTEX(un));
10739 	}
10740 
10741 	/* The state has changed, inform the media watch routines */
10742 	un->un_mediastate = DKIO_INSERTED;
10743 	cv_broadcast(&un->un_state_cv);
10744 	rval = SD_READY_VALID;
10745 
10746 done:
10747 
10748 	/*
10749 	 * Initialize the capacity kstat value, if no media previously
10750 	 * (capacity kstat is 0) and a media has been inserted
10751 	 * (un_blockcount > 0).
10752 	 * This is a more generic way then checking for ISREMOVABLE.
10753 	 */
10754 	if (un->un_errstats != NULL) {
10755 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
10756 		if ((stp->sd_capacity.value.ui64 == 0) &&
10757 		    (un->un_f_blockcount_is_valid == TRUE)) {
10758 			stp->sd_capacity.value.ui64 =
10759 			    (uint64_t)((uint64_t)un->un_blockcount *
10760 			    un->un_sys_blocksize);
10761 		}
10762 	}
10763 
10764 	mutex_exit(SD_MUTEX(un));
10765 	return (rval);
10766 }
10767 
10768 
10769 /*
10770  *    Function: sdmin
10771  *
10772  * Description: Routine to limit the size of a data transfer. Used in
10773  *		conjunction with physio(9F).
10774  *
10775  *   Arguments: bp - pointer to the indicated buf(9S) struct.
10776  *
10777  *     Context: Kernel thread context.
10778  */
10779 
10780 static void
10781 sdmin(struct buf *bp)
10782 {
10783 	struct sd_lun	*un;
10784 	int		instance;
10785 
10786 	instance = SDUNIT(bp->b_edev);
10787 
10788 	un = ddi_get_soft_state(sd_state, instance);
10789 	ASSERT(un != NULL);
10790 
10791 	if (bp->b_bcount > un->un_max_xfer_size) {
10792 		bp->b_bcount = un->un_max_xfer_size;
10793 	}
10794 }
10795 
10796 
10797 /*
10798  *    Function: sdread
10799  *
10800  * Description: Driver's read(9e) entry point function.
10801  *
10802  *   Arguments: dev   - device number
10803  *		uio   - structure pointer describing where data is to be stored
10804  *			in user's space
10805  *		cred_p  - user credential pointer
10806  *
10807  * Return Code: ENXIO
10808  *		EIO
10809  *		EINVAL
10810  *		value returned by physio
10811  *
10812  *     Context: Kernel thread context.
10813  */
10814 /* ARGSUSED */
10815 static int
10816 sdread(dev_t dev, struct uio *uio, cred_t *cred_p)
10817 {
10818 	struct sd_lun	*un = NULL;
10819 	int		secmask;
10820 	int		err;
10821 
10822 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10823 		return (ENXIO);
10824 	}
10825 
10826 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10827 
10828 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
10829 		mutex_enter(SD_MUTEX(un));
10830 		/*
10831 		 * Because the call to sd_ready_and_valid will issue I/O we
10832 		 * must wait here if either the device is suspended or
10833 		 * if it's power level is changing.
10834 		 */
10835 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10836 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10837 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10838 		}
10839 		un->un_ncmds_in_driver++;
10840 		mutex_exit(SD_MUTEX(un));
10841 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
10842 			mutex_enter(SD_MUTEX(un));
10843 			un->un_ncmds_in_driver--;
10844 			ASSERT(un->un_ncmds_in_driver >= 0);
10845 			mutex_exit(SD_MUTEX(un));
10846 			return (EIO);
10847 		}
10848 		mutex_enter(SD_MUTEX(un));
10849 		un->un_ncmds_in_driver--;
10850 		ASSERT(un->un_ncmds_in_driver >= 0);
10851 		mutex_exit(SD_MUTEX(un));
10852 	}
10853 
10854 	/*
10855 	 * Read requests are restricted to multiples of the system block size.
10856 	 */
10857 	secmask = un->un_sys_blocksize - 1;
10858 
10859 	if (uio->uio_loffset & ((offset_t)(secmask))) {
10860 		SD_ERROR(SD_LOG_READ_WRITE, un,
10861 		    "sdread: file offset not modulo %d\n",
10862 		    un->un_sys_blocksize);
10863 		err = EINVAL;
10864 	} else if (uio->uio_iov->iov_len & (secmask)) {
10865 		SD_ERROR(SD_LOG_READ_WRITE, un,
10866 		    "sdread: transfer length not modulo %d\n",
10867 		    un->un_sys_blocksize);
10868 		err = EINVAL;
10869 	} else {
10870 		err = physio(sdstrategy, NULL, dev, B_READ, sdmin, uio);
10871 	}
10872 	return (err);
10873 }
10874 
10875 
10876 /*
10877  *    Function: sdwrite
10878  *
10879  * Description: Driver's write(9e) entry point function.
10880  *
10881  *   Arguments: dev   - device number
10882  *		uio   - structure pointer describing where data is stored in
10883  *			user's space
10884  *		cred_p  - user credential pointer
10885  *
10886  * Return Code: ENXIO
10887  *		EIO
10888  *		EINVAL
10889  *		value returned by physio
10890  *
10891  *     Context: Kernel thread context.
10892  */
10893 /* ARGSUSED */
10894 static int
10895 sdwrite(dev_t dev, struct uio *uio, cred_t *cred_p)
10896 {
10897 	struct sd_lun	*un = NULL;
10898 	int		secmask;
10899 	int		err;
10900 
10901 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10902 		return (ENXIO);
10903 	}
10904 
10905 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10906 
10907 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
10908 		mutex_enter(SD_MUTEX(un));
10909 		/*
10910 		 * Because the call to sd_ready_and_valid will issue I/O we
10911 		 * must wait here if either the device is suspended or
10912 		 * if it's power level is changing.
10913 		 */
10914 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10915 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10916 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10917 		}
10918 		un->un_ncmds_in_driver++;
10919 		mutex_exit(SD_MUTEX(un));
10920 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
10921 			mutex_enter(SD_MUTEX(un));
10922 			un->un_ncmds_in_driver--;
10923 			ASSERT(un->un_ncmds_in_driver >= 0);
10924 			mutex_exit(SD_MUTEX(un));
10925 			return (EIO);
10926 		}
10927 		mutex_enter(SD_MUTEX(un));
10928 		un->un_ncmds_in_driver--;
10929 		ASSERT(un->un_ncmds_in_driver >= 0);
10930 		mutex_exit(SD_MUTEX(un));
10931 	}
10932 
10933 	/*
10934 	 * Write requests are restricted to multiples of the system block size.
10935 	 */
10936 	secmask = un->un_sys_blocksize - 1;
10937 
10938 	if (uio->uio_loffset & ((offset_t)(secmask))) {
10939 		SD_ERROR(SD_LOG_READ_WRITE, un,
10940 		    "sdwrite: file offset not modulo %d\n",
10941 		    un->un_sys_blocksize);
10942 		err = EINVAL;
10943 	} else if (uio->uio_iov->iov_len & (secmask)) {
10944 		SD_ERROR(SD_LOG_READ_WRITE, un,
10945 		    "sdwrite: transfer length not modulo %d\n",
10946 		    un->un_sys_blocksize);
10947 		err = EINVAL;
10948 	} else {
10949 		err = physio(sdstrategy, NULL, dev, B_WRITE, sdmin, uio);
10950 	}
10951 	return (err);
10952 }
10953 
10954 
10955 /*
10956  *    Function: sdaread
10957  *
10958  * Description: Driver's aread(9e) entry point function.
10959  *
10960  *   Arguments: dev   - device number
10961  *		aio   - structure pointer describing where data is to be stored
10962  *		cred_p  - user credential pointer
10963  *
10964  * Return Code: ENXIO
10965  *		EIO
10966  *		EINVAL
10967  *		value returned by aphysio
10968  *
10969  *     Context: Kernel thread context.
10970  */
10971 /* ARGSUSED */
10972 static int
10973 sdaread(dev_t dev, struct aio_req *aio, cred_t *cred_p)
10974 {
10975 	struct sd_lun	*un = NULL;
10976 	struct uio	*uio = aio->aio_uio;
10977 	int		secmask;
10978 	int		err;
10979 
10980 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10981 		return (ENXIO);
10982 	}
10983 
10984 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10985 
10986 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
10987 		mutex_enter(SD_MUTEX(un));
10988 		/*
10989 		 * Because the call to sd_ready_and_valid will issue I/O we
10990 		 * must wait here if either the device is suspended or
10991 		 * if it's power level is changing.
10992 		 */
10993 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10994 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10995 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10996 		}
10997 		un->un_ncmds_in_driver++;
10998 		mutex_exit(SD_MUTEX(un));
10999 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
11000 			mutex_enter(SD_MUTEX(un));
11001 			un->un_ncmds_in_driver--;
11002 			ASSERT(un->un_ncmds_in_driver >= 0);
11003 			mutex_exit(SD_MUTEX(un));
11004 			return (EIO);
11005 		}
11006 		mutex_enter(SD_MUTEX(un));
11007 		un->un_ncmds_in_driver--;
11008 		ASSERT(un->un_ncmds_in_driver >= 0);
11009 		mutex_exit(SD_MUTEX(un));
11010 	}
11011 
11012 	/*
11013 	 * Read requests are restricted to multiples of the system block size.
11014 	 */
11015 	secmask = un->un_sys_blocksize - 1;
11016 
11017 	if (uio->uio_loffset & ((offset_t)(secmask))) {
11018 		SD_ERROR(SD_LOG_READ_WRITE, un,
11019 		    "sdaread: file offset not modulo %d\n",
11020 		    un->un_sys_blocksize);
11021 		err = EINVAL;
11022 	} else if (uio->uio_iov->iov_len & (secmask)) {
11023 		SD_ERROR(SD_LOG_READ_WRITE, un,
11024 		    "sdaread: transfer length not modulo %d\n",
11025 		    un->un_sys_blocksize);
11026 		err = EINVAL;
11027 	} else {
11028 		err = aphysio(sdstrategy, anocancel, dev, B_READ, sdmin, aio);
11029 	}
11030 	return (err);
11031 }
11032 
11033 
11034 /*
11035  *    Function: sdawrite
11036  *
11037  * Description: Driver's awrite(9e) entry point function.
11038  *
11039  *   Arguments: dev   - device number
11040  *		aio   - structure pointer describing where data is stored
11041  *		cred_p  - user credential pointer
11042  *
11043  * Return Code: ENXIO
11044  *		EIO
11045  *		EINVAL
11046  *		value returned by aphysio
11047  *
11048  *     Context: Kernel thread context.
11049  */
11050 /* ARGSUSED */
11051 static int
11052 sdawrite(dev_t dev, struct aio_req *aio, cred_t *cred_p)
11053 {
11054 	struct sd_lun	*un = NULL;
11055 	struct uio	*uio = aio->aio_uio;
11056 	int		secmask;
11057 	int		err;
11058 
11059 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
11060 		return (ENXIO);
11061 	}
11062 
11063 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11064 
11065 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
11066 		mutex_enter(SD_MUTEX(un));
11067 		/*
11068 		 * Because the call to sd_ready_and_valid will issue I/O we
11069 		 * must wait here if either the device is suspended or
11070 		 * if it's power level is changing.
11071 		 */
11072 		while ((un->un_state == SD_STATE_SUSPENDED) ||
11073 		    (un->un_state == SD_STATE_PM_CHANGING)) {
11074 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
11075 		}
11076 		un->un_ncmds_in_driver++;
11077 		mutex_exit(SD_MUTEX(un));
11078 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
11079 			mutex_enter(SD_MUTEX(un));
11080 			un->un_ncmds_in_driver--;
11081 			ASSERT(un->un_ncmds_in_driver >= 0);
11082 			mutex_exit(SD_MUTEX(un));
11083 			return (EIO);
11084 		}
11085 		mutex_enter(SD_MUTEX(un));
11086 		un->un_ncmds_in_driver--;
11087 		ASSERT(un->un_ncmds_in_driver >= 0);
11088 		mutex_exit(SD_MUTEX(un));
11089 	}
11090 
11091 	/*
11092 	 * Write requests are restricted to multiples of the system block size.
11093 	 */
11094 	secmask = un->un_sys_blocksize - 1;
11095 
11096 	if (uio->uio_loffset & ((offset_t)(secmask))) {
11097 		SD_ERROR(SD_LOG_READ_WRITE, un,
11098 		    "sdawrite: file offset not modulo %d\n",
11099 		    un->un_sys_blocksize);
11100 		err = EINVAL;
11101 	} else if (uio->uio_iov->iov_len & (secmask)) {
11102 		SD_ERROR(SD_LOG_READ_WRITE, un,
11103 		    "sdawrite: transfer length not modulo %d\n",
11104 		    un->un_sys_blocksize);
11105 		err = EINVAL;
11106 	} else {
11107 		err = aphysio(sdstrategy, anocancel, dev, B_WRITE, sdmin, aio);
11108 	}
11109 	return (err);
11110 }
11111 
11112 
11113 
11114 
11115 
11116 /*
11117  * Driver IO processing follows the following sequence:
11118  *
11119  *     sdioctl(9E)     sdstrategy(9E)         biodone(9F)
11120  *         |                |                     ^
11121  *         v                v                     |
11122  * sd_send_scsi_cmd()  ddi_xbuf_qstrategy()       +-------------------+
11123  *         |                |                     |                   |
11124  *         v                |                     |                   |
11125  * sd_uscsi_strategy() sd_xbuf_strategy()   sd_buf_iodone()   sd_uscsi_iodone()
11126  *         |                |                     ^                   ^
11127  *         v                v                     |                   |
11128  * SD_BEGIN_IOSTART()  SD_BEGIN_IOSTART()         |                   |
11129  *         |                |                     |                   |
11130  *     +---+                |                     +------------+      +-------+
11131  *     |                    |                                  |              |
11132  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11133  *     |                    v                                  |              |
11134  *     |         sd_mapblockaddr_iostart()           sd_mapblockaddr_iodone() |
11135  *     |                    |                                  ^              |
11136  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11137  *     |                    v                                  |              |
11138  *     |         sd_mapblocksize_iostart()           sd_mapblocksize_iodone() |
11139  *     |                    |                                  ^              |
11140  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11141  *     |                    v                                  |              |
11142  *     |           sd_checksum_iostart()               sd_checksum_iodone()   |
11143  *     |                    |                                  ^              |
11144  *     +-> SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()+------------->+
11145  *     |                    v                                  |              |
11146  *     |              sd_pm_iostart()                     sd_pm_iodone()      |
11147  *     |                    |                                  ^              |
11148  *     |                    |                                  |              |
11149  *     +-> SD_NEXT_IOSTART()|               SD_BEGIN_IODONE()--+--------------+
11150  *                          |                           ^
11151  *                          v                           |
11152  *                   sd_core_iostart()                  |
11153  *                          |                           |
11154  *                          |                           +------>(*destroypkt)()
11155  *                          +-> sd_start_cmds() <-+     |           |
11156  *                          |                     |     |           v
11157  *                          |                     |     |  scsi_destroy_pkt(9F)
11158  *                          |                     |     |
11159  *                          +->(*initpkt)()       +- sdintr()
11160  *                          |  |                        |  |
11161  *                          |  +-> scsi_init_pkt(9F)    |  +-> sd_handle_xxx()
11162  *                          |  +-> scsi_setup_cdb(9F)   |
11163  *                          |                           |
11164  *                          +--> scsi_transport(9F)     |
11165  *                                     |                |
11166  *                                     +----> SCSA ---->+
11167  *
11168  *
11169  * This code is based upon the following presumtions:
11170  *
11171  *   - iostart and iodone functions operate on buf(9S) structures. These
11172  *     functions perform the necessary operations on the buf(9S) and pass
11173  *     them along to the next function in the chain by using the macros
11174  *     SD_NEXT_IOSTART() (for iostart side functions) and SD_NEXT_IODONE()
11175  *     (for iodone side functions).
11176  *
11177  *   - The iostart side functions may sleep. The iodone side functions
11178  *     are called under interrupt context and may NOT sleep. Therefore
11179  *     iodone side functions also may not call iostart side functions.
11180  *     (NOTE: iostart side functions should NOT sleep for memory, as
11181  *     this could result in deadlock.)
11182  *
11183  *   - An iostart side function may call its corresponding iodone side
11184  *     function directly (if necessary).
11185  *
11186  *   - In the event of an error, an iostart side function can return a buf(9S)
11187  *     to its caller by calling SD_BEGIN_IODONE() (after setting B_ERROR and
11188  *     b_error in the usual way of course).
11189  *
11190  *   - The taskq mechanism may be used by the iodone side functions to dispatch
11191  *     requests to the iostart side functions.  The iostart side functions in
11192  *     this case would be called under the context of a taskq thread, so it's
11193  *     OK for them to block/sleep/spin in this case.
11194  *
11195  *   - iostart side functions may allocate "shadow" buf(9S) structs and
11196  *     pass them along to the next function in the chain.  The corresponding
11197  *     iodone side functions must coalesce the "shadow" bufs and return
11198  *     the "original" buf to the next higher layer.
11199  *
11200  *   - The b_private field of the buf(9S) struct holds a pointer to
11201  *     an sd_xbuf struct, which contains information needed to
11202  *     construct the scsi_pkt for the command.
11203  *
11204  *   - The SD_MUTEX(un) is NOT held across calls to the next layer. Each
11205  *     layer must acquire & release the SD_MUTEX(un) as needed.
11206  */
11207 
11208 
11209 /*
11210  * Create taskq for all targets in the system. This is created at
11211  * _init(9E) and destroyed at _fini(9E).
11212  *
11213  * Note: here we set the minalloc to a reasonably high number to ensure that
11214  * we will have an adequate supply of task entries available at interrupt time.
11215  * This is used in conjunction with the TASKQ_PREPOPULATE flag in
11216  * sd_create_taskq().  Since we do not want to sleep for allocations at
11217  * interrupt time, set maxalloc equal to minalloc. That way we will just fail
11218  * the command if we ever try to dispatch more than SD_TASKQ_MAXALLOC taskq
11219  * requests any one instant in time.
11220  */
11221 #define	SD_TASKQ_NUMTHREADS	8
11222 #define	SD_TASKQ_MINALLOC	256
11223 #define	SD_TASKQ_MAXALLOC	256
11224 
11225 static taskq_t	*sd_tq = NULL;
11226 static int	sd_taskq_minalloc = SD_TASKQ_MINALLOC;
11227 static int	sd_taskq_maxalloc = SD_TASKQ_MAXALLOC;
11228 
11229 /*
11230  * The following task queue is being created for the write part of
11231  * read-modify-write of non-512 block size devices.
11232  * Limit the number of threads to 1 for now. This number has been choosen
11233  * considering the fact that it applies only to dvd ram drives/MO drives
11234  * currently. Performance for which is not main criteria at this stage.
11235  * Note: It needs to be explored if we can use a single taskq in future
11236  */
11237 #define	SD_WMR_TASKQ_NUMTHREADS	1
11238 static taskq_t	*sd_wmr_tq = NULL;
11239 
11240 /*
11241  *    Function: sd_taskq_create
11242  *
11243  * Description: Create taskq thread(s) and preallocate task entries
11244  *
11245  * Return Code: Returns a pointer to the allocated taskq_t.
11246  *
11247  *     Context: Can sleep. Requires blockable context.
11248  *
11249  *       Notes: - The taskq() facility currently is NOT part of the DDI.
11250  *		  (definitely NOT recommeded for 3rd-party drivers!) :-)
11251  *		- taskq_create() will block for memory, also it will panic
11252  *		  if it cannot create the requested number of threads.
11253  *		- Currently taskq_create() creates threads that cannot be
11254  *		  swapped.
11255  *		- We use TASKQ_PREPOPULATE to ensure we have an adequate
11256  *		  supply of taskq entries at interrupt time (ie, so that we
11257  *		  do not have to sleep for memory)
11258  */
11259 
11260 static void
11261 sd_taskq_create(void)
11262 {
11263 	char	taskq_name[TASKQ_NAMELEN];
11264 
11265 	ASSERT(sd_tq == NULL);
11266 	ASSERT(sd_wmr_tq == NULL);
11267 
11268 	(void) snprintf(taskq_name, sizeof (taskq_name),
11269 	    "%s_drv_taskq", sd_label);
11270 	sd_tq = (taskq_create(taskq_name, SD_TASKQ_NUMTHREADS,
11271 	    (v.v_maxsyspri - 2), sd_taskq_minalloc, sd_taskq_maxalloc,
11272 	    TASKQ_PREPOPULATE));
11273 
11274 	(void) snprintf(taskq_name, sizeof (taskq_name),
11275 	    "%s_rmw_taskq", sd_label);
11276 	sd_wmr_tq = (taskq_create(taskq_name, SD_WMR_TASKQ_NUMTHREADS,
11277 	    (v.v_maxsyspri - 2), sd_taskq_minalloc, sd_taskq_maxalloc,
11278 	    TASKQ_PREPOPULATE));
11279 }
11280 
11281 
11282 /*
11283  *    Function: sd_taskq_delete
11284  *
11285  * Description: Complementary cleanup routine for sd_taskq_create().
11286  *
11287  *     Context: Kernel thread context.
11288  */
11289 
11290 static void
11291 sd_taskq_delete(void)
11292 {
11293 	ASSERT(sd_tq != NULL);
11294 	ASSERT(sd_wmr_tq != NULL);
11295 	taskq_destroy(sd_tq);
11296 	taskq_destroy(sd_wmr_tq);
11297 	sd_tq = NULL;
11298 	sd_wmr_tq = NULL;
11299 }
11300 
11301 
11302 /*
11303  *    Function: sdstrategy
11304  *
11305  * Description: Driver's strategy (9E) entry point function.
11306  *
11307  *   Arguments: bp - pointer to buf(9S)
11308  *
11309  * Return Code: Always returns zero
11310  *
11311  *     Context: Kernel thread context.
11312  */
11313 
11314 static int
11315 sdstrategy(struct buf *bp)
11316 {
11317 	struct sd_lun *un;
11318 
11319 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
11320 	if (un == NULL) {
11321 		bioerror(bp, EIO);
11322 		bp->b_resid = bp->b_bcount;
11323 		biodone(bp);
11324 		return (0);
11325 	}
11326 	/* As was done in the past, fail new cmds. if state is dumping. */
11327 	if (un->un_state == SD_STATE_DUMPING) {
11328 		bioerror(bp, ENXIO);
11329 		bp->b_resid = bp->b_bcount;
11330 		biodone(bp);
11331 		return (0);
11332 	}
11333 
11334 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11335 
11336 	/*
11337 	 * Commands may sneak in while we released the mutex in
11338 	 * DDI_SUSPEND, we should block new commands. However, old
11339 	 * commands that are still in the driver at this point should
11340 	 * still be allowed to drain.
11341 	 */
11342 	mutex_enter(SD_MUTEX(un));
11343 	/*
11344 	 * Must wait here if either the device is suspended or
11345 	 * if it's power level is changing.
11346 	 */
11347 	while ((un->un_state == SD_STATE_SUSPENDED) ||
11348 	    (un->un_state == SD_STATE_PM_CHANGING)) {
11349 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
11350 	}
11351 
11352 	un->un_ncmds_in_driver++;
11353 
11354 	/*
11355 	 * atapi: Since we are running the CD for now in PIO mode we need to
11356 	 * call bp_mapin here to avoid bp_mapin called interrupt context under
11357 	 * the HBA's init_pkt routine.
11358 	 */
11359 	if (un->un_f_cfg_is_atapi == TRUE) {
11360 		mutex_exit(SD_MUTEX(un));
11361 		bp_mapin(bp);
11362 		mutex_enter(SD_MUTEX(un));
11363 	}
11364 	SD_INFO(SD_LOG_IO, un, "sdstrategy: un_ncmds_in_driver = %ld\n",
11365 	    un->un_ncmds_in_driver);
11366 
11367 	mutex_exit(SD_MUTEX(un));
11368 
11369 	/*
11370 	 * This will (eventually) allocate the sd_xbuf area and
11371 	 * call sd_xbuf_strategy().  We just want to return the
11372 	 * result of ddi_xbuf_qstrategy so that we have an opt-
11373 	 * imized tail call which saves us a stack frame.
11374 	 */
11375 	return (ddi_xbuf_qstrategy(bp, un->un_xbuf_attr));
11376 }
11377 
11378 
11379 /*
11380  *    Function: sd_xbuf_strategy
11381  *
11382  * Description: Function for initiating IO operations via the
11383  *		ddi_xbuf_qstrategy() mechanism.
11384  *
11385  *     Context: Kernel thread context.
11386  */
11387 
11388 static void
11389 sd_xbuf_strategy(struct buf *bp, ddi_xbuf_t xp, void *arg)
11390 {
11391 	struct sd_lun *un = arg;
11392 
11393 	ASSERT(bp != NULL);
11394 	ASSERT(xp != NULL);
11395 	ASSERT(un != NULL);
11396 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11397 
11398 	/*
11399 	 * Initialize the fields in the xbuf and save a pointer to the
11400 	 * xbuf in bp->b_private.
11401 	 */
11402 	sd_xbuf_init(un, bp, xp, SD_CHAIN_BUFIO, NULL);
11403 
11404 	/* Send the buf down the iostart chain */
11405 	SD_BEGIN_IOSTART(((struct sd_xbuf *)xp)->xb_chain_iostart, un, bp);
11406 }
11407 
11408 
11409 /*
11410  *    Function: sd_xbuf_init
11411  *
11412  * Description: Prepare the given sd_xbuf struct for use.
11413  *
11414  *   Arguments: un - ptr to softstate
11415  *		bp - ptr to associated buf(9S)
11416  *		xp - ptr to associated sd_xbuf
11417  *		chain_type - IO chain type to use:
11418  *			SD_CHAIN_NULL
11419  *			SD_CHAIN_BUFIO
11420  *			SD_CHAIN_USCSI
11421  *			SD_CHAIN_DIRECT
11422  *			SD_CHAIN_DIRECT_PRIORITY
11423  *		pktinfop - ptr to private data struct for scsi_pkt(9S)
11424  *			initialization; may be NULL if none.
11425  *
11426  *     Context: Kernel thread context
11427  */
11428 
11429 static void
11430 sd_xbuf_init(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
11431 	uchar_t chain_type, void *pktinfop)
11432 {
11433 	int index;
11434 
11435 	ASSERT(un != NULL);
11436 	ASSERT(bp != NULL);
11437 	ASSERT(xp != NULL);
11438 
11439 	SD_INFO(SD_LOG_IO, un, "sd_xbuf_init: buf:0x%p chain type:0x%x\n",
11440 	    bp, chain_type);
11441 
11442 	xp->xb_un	= un;
11443 	xp->xb_pktp	= NULL;
11444 	xp->xb_pktinfo	= pktinfop;
11445 	xp->xb_private	= bp->b_private;
11446 	xp->xb_blkno	= (daddr_t)bp->b_blkno;
11447 
11448 	/*
11449 	 * Set up the iostart and iodone chain indexes in the xbuf, based
11450 	 * upon the specified chain type to use.
11451 	 */
11452 	switch (chain_type) {
11453 	case SD_CHAIN_NULL:
11454 		/*
11455 		 * Fall thru to just use the values for the buf type, even
11456 		 * tho for the NULL chain these values will never be used.
11457 		 */
11458 		/* FALLTHRU */
11459 	case SD_CHAIN_BUFIO:
11460 		index = un->un_buf_chain_type;
11461 		break;
11462 	case SD_CHAIN_USCSI:
11463 		index = un->un_uscsi_chain_type;
11464 		break;
11465 	case SD_CHAIN_DIRECT:
11466 		index = un->un_direct_chain_type;
11467 		break;
11468 	case SD_CHAIN_DIRECT_PRIORITY:
11469 		index = un->un_priority_chain_type;
11470 		break;
11471 	default:
11472 		/* We're really broken if we ever get here... */
11473 		panic("sd_xbuf_init: illegal chain type!");
11474 		/*NOTREACHED*/
11475 	}
11476 
11477 	xp->xb_chain_iostart = sd_chain_index_map[index].sci_iostart_index;
11478 	xp->xb_chain_iodone = sd_chain_index_map[index].sci_iodone_index;
11479 
11480 	/*
11481 	 * It might be a bit easier to simply bzero the entire xbuf above,
11482 	 * but it turns out that since we init a fair number of members anyway,
11483 	 * we save a fair number cycles by doing explicit assignment of zero.
11484 	 */
11485 	xp->xb_pkt_flags	= 0;
11486 	xp->xb_dma_resid	= 0;
11487 	xp->xb_retry_count	= 0;
11488 	xp->xb_victim_retry_count = 0;
11489 	xp->xb_ua_retry_count	= 0;
11490 	xp->xb_sense_bp		= NULL;
11491 	xp->xb_sense_status	= 0;
11492 	xp->xb_sense_state	= 0;
11493 	xp->xb_sense_resid	= 0;
11494 
11495 	bp->b_private	= xp;
11496 	bp->b_flags	&= ~(B_DONE | B_ERROR);
11497 	bp->b_resid	= 0;
11498 	bp->av_forw	= NULL;
11499 	bp->av_back	= NULL;
11500 	bioerror(bp, 0);
11501 
11502 	SD_INFO(SD_LOG_IO, un, "sd_xbuf_init: done.\n");
11503 }
11504 
11505 
11506 /*
11507  *    Function: sd_uscsi_strategy
11508  *
11509  * Description: Wrapper for calling into the USCSI chain via physio(9F)
11510  *
11511  *   Arguments: bp - buf struct ptr
11512  *
11513  * Return Code: Always returns 0
11514  *
11515  *     Context: Kernel thread context
11516  */
11517 
11518 static int
11519 sd_uscsi_strategy(struct buf *bp)
11520 {
11521 	struct sd_lun		*un;
11522 	struct sd_uscsi_info	*uip;
11523 	struct sd_xbuf		*xp;
11524 	uchar_t			chain_type;
11525 
11526 	ASSERT(bp != NULL);
11527 
11528 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
11529 	if (un == NULL) {
11530 		bioerror(bp, EIO);
11531 		bp->b_resid = bp->b_bcount;
11532 		biodone(bp);
11533 		return (0);
11534 	}
11535 
11536 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11537 
11538 	SD_TRACE(SD_LOG_IO, un, "sd_uscsi_strategy: entry: buf:0x%p\n", bp);
11539 
11540 	mutex_enter(SD_MUTEX(un));
11541 	/*
11542 	 * atapi: Since we are running the CD for now in PIO mode we need to
11543 	 * call bp_mapin here to avoid bp_mapin called interrupt context under
11544 	 * the HBA's init_pkt routine.
11545 	 */
11546 	if (un->un_f_cfg_is_atapi == TRUE) {
11547 		mutex_exit(SD_MUTEX(un));
11548 		bp_mapin(bp);
11549 		mutex_enter(SD_MUTEX(un));
11550 	}
11551 	un->un_ncmds_in_driver++;
11552 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_strategy: un_ncmds_in_driver = %ld\n",
11553 	    un->un_ncmds_in_driver);
11554 	mutex_exit(SD_MUTEX(un));
11555 
11556 	/*
11557 	 * A pointer to a struct sd_uscsi_info is expected in bp->b_private
11558 	 */
11559 	ASSERT(bp->b_private != NULL);
11560 	uip = (struct sd_uscsi_info *)bp->b_private;
11561 
11562 	switch (uip->ui_flags) {
11563 	case SD_PATH_DIRECT:
11564 		chain_type = SD_CHAIN_DIRECT;
11565 		break;
11566 	case SD_PATH_DIRECT_PRIORITY:
11567 		chain_type = SD_CHAIN_DIRECT_PRIORITY;
11568 		break;
11569 	default:
11570 		chain_type = SD_CHAIN_USCSI;
11571 		break;
11572 	}
11573 
11574 	xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
11575 	sd_xbuf_init(un, bp, xp, chain_type, uip->ui_cmdp);
11576 
11577 	/* Use the index obtained within xbuf_init */
11578 	SD_BEGIN_IOSTART(xp->xb_chain_iostart, un, bp);
11579 
11580 	SD_TRACE(SD_LOG_IO, un, "sd_uscsi_strategy: exit: buf:0x%p\n", bp);
11581 
11582 	return (0);
11583 }
11584 
11585 
11586 /*
11587  * These routines perform raw i/o operations.
11588  */
11589 /*ARGSUSED*/
11590 static void
11591 sduscsimin(struct buf *bp)
11592 {
11593 	/*
11594 	 * do not break up because the CDB count would then
11595 	 * be incorrect and data underruns would result (incomplete
11596 	 * read/writes which would be retried and then failed, see
11597 	 * sdintr().
11598 	 */
11599 }
11600 
11601 
11602 
11603 /*
11604  *    Function: sd_send_scsi_cmd
11605  *
11606  * Description: Runs a USCSI command for user (when called thru sdioctl),
11607  *		or for the driver
11608  *
11609  *   Arguments: dev - the dev_t for the device
11610  *		incmd - ptr to a valid uscsi_cmd struct
11611  *		cdbspace - UIO_USERSPACE or UIO_SYSSPACE
11612  *		dataspace - UIO_USERSPACE or UIO_SYSSPACE
11613  *		rqbufspace - UIO_USERSPACE or UIO_SYSSPACE
11614  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
11615  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
11616  *			to use the USCSI "direct" chain and bypass the normal
11617  *			command waitq.
11618  *
11619  * Return Code: 0 -  successful completion of the given command
11620  *		EIO - scsi_reset() failed, or see biowait()/physio() codes.
11621  *		ENXIO  - soft state not found for specified dev
11622  *		EINVAL
11623  *		EFAULT - copyin/copyout error
11624  *		return code of biowait(9F) or physio(9F):
11625  *			EIO - IO error, caller may check incmd->uscsi_status
11626  *			ENXIO
11627  *			EACCES - reservation conflict
11628  *
11629  *     Context: Waits for command to complete. Can sleep.
11630  */
11631 
11632 static int
11633 sd_send_scsi_cmd(dev_t dev, struct uscsi_cmd *incmd,
11634 	enum uio_seg cdbspace, enum uio_seg dataspace, enum uio_seg rqbufspace,
11635 	int path_flag)
11636 {
11637 	struct sd_uscsi_info	*uip;
11638 	struct uscsi_cmd	*uscmd;
11639 	struct sd_lun	*un;
11640 	struct buf	*bp;
11641 	int	rval;
11642 	int	flags;
11643 
11644 	un = ddi_get_soft_state(sd_state, SDUNIT(dev));
11645 	if (un == NULL) {
11646 		return (ENXIO);
11647 	}
11648 
11649 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11650 
11651 #ifdef SDDEBUG
11652 	switch (dataspace) {
11653 	case UIO_USERSPACE:
11654 		SD_TRACE(SD_LOG_IO, un,
11655 		    "sd_send_scsi_cmd: entry: un:0x%p UIO_USERSPACE\n", un);
11656 		break;
11657 	case UIO_SYSSPACE:
11658 		SD_TRACE(SD_LOG_IO, un,
11659 		    "sd_send_scsi_cmd: entry: un:0x%p UIO_SYSSPACE\n", un);
11660 		break;
11661 	default:
11662 		SD_TRACE(SD_LOG_IO, un,
11663 		    "sd_send_scsi_cmd: entry: un:0x%p UNEXPECTED SPACE\n", un);
11664 		break;
11665 	}
11666 #endif
11667 
11668 	/*
11669 	 * Perform resets directly; no need to generate a command to do it.
11670 	 */
11671 	if (incmd->uscsi_flags & (USCSI_RESET | USCSI_RESET_ALL)) {
11672 		flags = ((incmd->uscsi_flags & USCSI_RESET_ALL) != 0) ?
11673 		    RESET_ALL : RESET_TARGET;
11674 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: Issuing reset\n");
11675 		if (scsi_reset(SD_ADDRESS(un), flags) == 0) {
11676 			/* Reset attempt was unsuccessful */
11677 			SD_TRACE(SD_LOG_IO, un,
11678 			    "sd_send_scsi_cmd: reset: failure\n");
11679 			return (EIO);
11680 		}
11681 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: reset: success\n");
11682 		return (0);
11683 	}
11684 
11685 	/* Perfunctory sanity check... */
11686 	if (incmd->uscsi_cdblen <= 0) {
11687 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11688 		    "invalid uscsi_cdblen, returning EINVAL\n");
11689 		return (EINVAL);
11690 	}
11691 
11692 	/*
11693 	 * In order to not worry about where the uscsi structure came from
11694 	 * (or where the cdb it points to came from) we're going to make
11695 	 * kmem_alloc'd copies of them here. This will also allow reference
11696 	 * to the data they contain long after this process has gone to
11697 	 * sleep and its kernel stack has been unmapped, etc.
11698 	 *
11699 	 * First get some memory for the uscsi_cmd struct and copy the
11700 	 * contents of the given uscsi_cmd struct into it.
11701 	 */
11702 	uscmd = kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
11703 	bcopy(incmd, uscmd, sizeof (struct uscsi_cmd));
11704 
11705 	SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_cmd: uscsi_cmd",
11706 	    (uchar_t *)uscmd, sizeof (struct uscsi_cmd), SD_LOG_HEX);
11707 
11708 	/*
11709 	 * Now get some space for the CDB, and copy the given CDB into
11710 	 * it. Use ddi_copyin() in case the data is in user space.
11711 	 */
11712 	uscmd->uscsi_cdb = kmem_zalloc((size_t)incmd->uscsi_cdblen, KM_SLEEP);
11713 	flags = (cdbspace == UIO_SYSSPACE) ? FKIOCTL : 0;
11714 	if (ddi_copyin(incmd->uscsi_cdb, uscmd->uscsi_cdb,
11715 	    (uint_t)incmd->uscsi_cdblen, flags) != 0) {
11716 		kmem_free(uscmd->uscsi_cdb, (size_t)incmd->uscsi_cdblen);
11717 		kmem_free(uscmd, sizeof (struct uscsi_cmd));
11718 		return (EFAULT);
11719 	}
11720 
11721 	SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_cmd: CDB",
11722 	    (uchar_t *)uscmd->uscsi_cdb, incmd->uscsi_cdblen, SD_LOG_HEX);
11723 
11724 	bp = getrbuf(KM_SLEEP);
11725 
11726 	/*
11727 	 * Allocate an sd_uscsi_info struct and fill it with the info
11728 	 * needed by sd_initpkt_for_uscsi().  Then put the pointer into
11729 	 * b_private in the buf for sd_initpkt_for_uscsi().  Note that
11730 	 * since we allocate the buf here in this function, we do not
11731 	 * need to preserve the prior contents of b_private.
11732 	 * The sd_uscsi_info struct is also used by sd_uscsi_strategy()
11733 	 */
11734 	uip = kmem_zalloc(sizeof (struct sd_uscsi_info), KM_SLEEP);
11735 	uip->ui_flags = path_flag;
11736 	uip->ui_cmdp  = uscmd;
11737 	bp->b_private = uip;
11738 
11739 	/*
11740 	 * Initialize Request Sense buffering, if requested.
11741 	 */
11742 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
11743 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
11744 		/*
11745 		 * Here uscmd->uscsi_rqbuf currently points to the caller's
11746 		 * buffer, but we replace this with a kernel buffer that
11747 		 * we allocate to use with the sense data. The sense data
11748 		 * (if present) gets copied into this new buffer before the
11749 		 * command is completed.  Then we copy the sense data from
11750 		 * our allocated buf into the caller's buffer below. Note
11751 		 * that incmd->uscsi_rqbuf and incmd->uscsi_rqlen are used
11752 		 * below to perform the copy back to the caller's buf.
11753 		 */
11754 		uscmd->uscsi_rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
11755 		if (rqbufspace == UIO_USERSPACE) {
11756 			uscmd->uscsi_rqlen   = SENSE_LENGTH;
11757 			uscmd->uscsi_rqresid = SENSE_LENGTH;
11758 		} else {
11759 			uchar_t rlen = min(SENSE_LENGTH, uscmd->uscsi_rqlen);
11760 			uscmd->uscsi_rqlen   = rlen;
11761 			uscmd->uscsi_rqresid = rlen;
11762 		}
11763 	} else {
11764 		uscmd->uscsi_rqbuf = NULL;
11765 		uscmd->uscsi_rqlen   = 0;
11766 		uscmd->uscsi_rqresid = 0;
11767 	}
11768 
11769 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: rqbuf:0x%p  rqlen:%d\n",
11770 	    uscmd->uscsi_rqbuf, uscmd->uscsi_rqlen);
11771 
11772 	if (un->un_f_is_fibre == FALSE) {
11773 		/*
11774 		 * Force asynchronous mode, if necessary.  Doing this here
11775 		 * has the unfortunate effect of running other queued
11776 		 * commands async also, but since the main purpose of this
11777 		 * capability is downloading new drive firmware, we can
11778 		 * probably live with it.
11779 		 */
11780 		if ((uscmd->uscsi_flags & USCSI_ASYNC) != 0) {
11781 			if (scsi_ifgetcap(SD_ADDRESS(un), "synchronous", 1)
11782 				== 1) {
11783 				if (scsi_ifsetcap(SD_ADDRESS(un),
11784 					    "synchronous", 0, 1) == 1) {
11785 					SD_TRACE(SD_LOG_IO, un,
11786 					"sd_send_scsi_cmd: forced async ok\n");
11787 				} else {
11788 					SD_TRACE(SD_LOG_IO, un,
11789 					"sd_send_scsi_cmd:\
11790 					forced async failed\n");
11791 					rval = EINVAL;
11792 					goto done;
11793 				}
11794 			}
11795 		}
11796 
11797 		/*
11798 		 * Re-enable synchronous mode, if requested
11799 		 */
11800 		if (uscmd->uscsi_flags & USCSI_SYNC) {
11801 			if (scsi_ifgetcap(SD_ADDRESS(un), "synchronous", 1)
11802 				== 0) {
11803 				int i = scsi_ifsetcap(SD_ADDRESS(un),
11804 						"synchronous", 1, 1);
11805 				SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11806 					"re-enabled sync %s\n",
11807 					(i == 1) ? "ok" : "failed");
11808 			}
11809 		}
11810 	}
11811 
11812 	/*
11813 	 * Commands sent with priority are intended for error recovery
11814 	 * situations, and do not have retries performed.
11815 	 */
11816 	if (path_flag == SD_PATH_DIRECT_PRIORITY) {
11817 		uscmd->uscsi_flags |= USCSI_DIAGNOSE;
11818 	}
11819 
11820 	/*
11821 	 * If we're going to do actual I/O, let physio do all the right things
11822 	 */
11823 	if (uscmd->uscsi_buflen != 0) {
11824 		struct iovec	aiov;
11825 		struct uio	auio;
11826 		struct uio	*uio = &auio;
11827 
11828 		bzero(&auio, sizeof (struct uio));
11829 		bzero(&aiov, sizeof (struct iovec));
11830 		aiov.iov_base = uscmd->uscsi_bufaddr;
11831 		aiov.iov_len  = uscmd->uscsi_buflen;
11832 		uio->uio_iov  = &aiov;
11833 
11834 		uio->uio_iovcnt  = 1;
11835 		uio->uio_resid   = uscmd->uscsi_buflen;
11836 		uio->uio_segflg  = dataspace;
11837 
11838 		/*
11839 		 * physio() will block here until the command completes....
11840 		 */
11841 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: calling physio.\n");
11842 
11843 		rval = physio(sd_uscsi_strategy, bp, dev,
11844 		    ((uscmd->uscsi_flags & USCSI_READ) ? B_READ : B_WRITE),
11845 		    sduscsimin, uio);
11846 
11847 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11848 		    "returned from physio with 0x%x\n", rval);
11849 
11850 	} else {
11851 		/*
11852 		 * We have to mimic what physio would do here! Argh!
11853 		 */
11854 		bp->b_flags  = B_BUSY |
11855 		    ((uscmd->uscsi_flags & USCSI_READ) ? B_READ : B_WRITE);
11856 		bp->b_edev   = dev;
11857 		bp->b_dev    = cmpdev(dev);	/* maybe unnecessary? */
11858 		bp->b_bcount = 0;
11859 		bp->b_blkno  = 0;
11860 
11861 		SD_TRACE(SD_LOG_IO, un,
11862 		    "sd_send_scsi_cmd: calling sd_uscsi_strategy...\n");
11863 
11864 		(void) sd_uscsi_strategy(bp);
11865 
11866 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: calling biowait\n");
11867 
11868 		rval = biowait(bp);
11869 
11870 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11871 		    "returned from  biowait with 0x%x\n", rval);
11872 	}
11873 
11874 done:
11875 
11876 #ifdef SDDEBUG
11877 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11878 	    "uscsi_status: 0x%02x  uscsi_resid:0x%x\n",
11879 	    uscmd->uscsi_status, uscmd->uscsi_resid);
11880 	if (uscmd->uscsi_bufaddr != NULL) {
11881 		SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11882 		    "uscmd->uscsi_bufaddr: 0x%p  uscmd->uscsi_buflen:%d\n",
11883 		    uscmd->uscsi_bufaddr, uscmd->uscsi_buflen);
11884 		if (dataspace == UIO_SYSSPACE) {
11885 			SD_DUMP_MEMORY(un, SD_LOG_IO,
11886 			    "data", (uchar_t *)uscmd->uscsi_bufaddr,
11887 			    uscmd->uscsi_buflen, SD_LOG_HEX);
11888 		}
11889 	}
11890 #endif
11891 
11892 	/*
11893 	 * Get the status and residual to return to the caller.
11894 	 */
11895 	incmd->uscsi_status = uscmd->uscsi_status;
11896 	incmd->uscsi_resid  = uscmd->uscsi_resid;
11897 
11898 	/*
11899 	 * If the caller wants sense data, copy back whatever sense data
11900 	 * we may have gotten, and update the relevant rqsense info.
11901 	 */
11902 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
11903 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
11904 
11905 		int rqlen = uscmd->uscsi_rqlen - uscmd->uscsi_rqresid;
11906 		rqlen = min(((int)incmd->uscsi_rqlen), rqlen);
11907 
11908 		/* Update the Request Sense status and resid */
11909 		incmd->uscsi_rqresid  = incmd->uscsi_rqlen - rqlen;
11910 		incmd->uscsi_rqstatus = uscmd->uscsi_rqstatus;
11911 
11912 		SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11913 		    "uscsi_rqstatus: 0x%02x  uscsi_rqresid:0x%x\n",
11914 		    incmd->uscsi_rqstatus, incmd->uscsi_rqresid);
11915 
11916 		/* Copy out the sense data for user processes */
11917 		if ((incmd->uscsi_rqbuf != NULL) && (rqlen != 0)) {
11918 			int flags =
11919 			    (rqbufspace == UIO_USERSPACE) ? 0 : FKIOCTL;
11920 			if (ddi_copyout(uscmd->uscsi_rqbuf, incmd->uscsi_rqbuf,
11921 			    rqlen, flags) != 0) {
11922 				rval = EFAULT;
11923 			}
11924 			/*
11925 			 * Note: Can't touch incmd->uscsi_rqbuf so use
11926 			 * uscmd->uscsi_rqbuf instead. They're the same.
11927 			 */
11928 			SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11929 			    "incmd->uscsi_rqbuf: 0x%p  rqlen:%d\n",
11930 			    incmd->uscsi_rqbuf, rqlen);
11931 			SD_DUMP_MEMORY(un, SD_LOG_IO, "rq",
11932 			    (uchar_t *)uscmd->uscsi_rqbuf, rqlen, SD_LOG_HEX);
11933 		}
11934 	}
11935 
11936 	/*
11937 	 * Free allocated resources and return; mapout the buf in case it was
11938 	 * mapped in by a lower layer.
11939 	 */
11940 	bp_mapout(bp);
11941 	freerbuf(bp);
11942 	kmem_free(uip, sizeof (struct sd_uscsi_info));
11943 	if (uscmd->uscsi_rqbuf != NULL) {
11944 		kmem_free(uscmd->uscsi_rqbuf, SENSE_LENGTH);
11945 	}
11946 	kmem_free(uscmd->uscsi_cdb, (size_t)uscmd->uscsi_cdblen);
11947 	kmem_free(uscmd, sizeof (struct uscsi_cmd));
11948 
11949 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: exit\n");
11950 
11951 	return (rval);
11952 }
11953 
11954 
11955 /*
11956  *    Function: sd_buf_iodone
11957  *
11958  * Description: Frees the sd_xbuf & returns the buf to its originator.
11959  *
11960  *     Context: May be called from interrupt context.
11961  */
11962 /* ARGSUSED */
11963 static void
11964 sd_buf_iodone(int index, struct sd_lun *un, struct buf *bp)
11965 {
11966 	struct sd_xbuf *xp;
11967 
11968 	ASSERT(un != NULL);
11969 	ASSERT(bp != NULL);
11970 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11971 
11972 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_buf_iodone: entry.\n");
11973 
11974 	xp = SD_GET_XBUF(bp);
11975 	ASSERT(xp != NULL);
11976 
11977 	mutex_enter(SD_MUTEX(un));
11978 
11979 	/*
11980 	 * Grab time when the cmd completed.
11981 	 * This is used for determining if the system has been
11982 	 * idle long enough to make it idle to the PM framework.
11983 	 * This is for lowering the overhead, and therefore improving
11984 	 * performance per I/O operation.
11985 	 */
11986 	un->un_pm_idle_time = ddi_get_time();
11987 
11988 	un->un_ncmds_in_driver--;
11989 	ASSERT(un->un_ncmds_in_driver >= 0);
11990 	SD_INFO(SD_LOG_IO, un, "sd_buf_iodone: un_ncmds_in_driver = %ld\n",
11991 	    un->un_ncmds_in_driver);
11992 
11993 	mutex_exit(SD_MUTEX(un));
11994 
11995 	ddi_xbuf_done(bp, un->un_xbuf_attr);	/* xbuf is gone after this */
11996 	biodone(bp);				/* bp is gone after this */
11997 
11998 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_buf_iodone: exit.\n");
11999 }
12000 
12001 
12002 /*
12003  *    Function: sd_uscsi_iodone
12004  *
12005  * Description: Frees the sd_xbuf & returns the buf to its originator.
12006  *
12007  *     Context: May be called from interrupt context.
12008  */
12009 /* ARGSUSED */
12010 static void
12011 sd_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp)
12012 {
12013 	struct sd_xbuf *xp;
12014 
12015 	ASSERT(un != NULL);
12016 	ASSERT(bp != NULL);
12017 
12018 	xp = SD_GET_XBUF(bp);
12019 	ASSERT(xp != NULL);
12020 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12021 
12022 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: entry.\n");
12023 
12024 	bp->b_private = xp->xb_private;
12025 
12026 	mutex_enter(SD_MUTEX(un));
12027 
12028 	/*
12029 	 * Grab time when the cmd completed.
12030 	 * This is used for determining if the system has been
12031 	 * idle long enough to make it idle to the PM framework.
12032 	 * This is for lowering the overhead, and therefore improving
12033 	 * performance per I/O operation.
12034 	 */
12035 	un->un_pm_idle_time = ddi_get_time();
12036 
12037 	un->un_ncmds_in_driver--;
12038 	ASSERT(un->un_ncmds_in_driver >= 0);
12039 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: un_ncmds_in_driver = %ld\n",
12040 	    un->un_ncmds_in_driver);
12041 
12042 	mutex_exit(SD_MUTEX(un));
12043 
12044 	kmem_free(xp, sizeof (struct sd_xbuf));
12045 	biodone(bp);
12046 
12047 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: exit.\n");
12048 }
12049 
12050 
12051 /*
12052  *    Function: sd_mapblockaddr_iostart
12053  *
12054  * Description: Verify request lies withing the partition limits for
12055  *		the indicated minor device.  Issue "overrun" buf if
12056  *		request would exceed partition range.  Converts
12057  *		partition-relative block address to absolute.
12058  *
12059  *     Context: Can sleep
12060  *
12061  *      Issues: This follows what the old code did, in terms of accessing
12062  *		some of the partition info in the unit struct without holding
12063  *		the mutext.  This is a general issue, if the partition info
12064  *		can be altered while IO is in progress... as soon as we send
12065  *		a buf, its partitioning can be invalid before it gets to the
12066  *		device.  Probably the right fix is to move partitioning out
12067  *		of the driver entirely.
12068  */
12069 
12070 static void
12071 sd_mapblockaddr_iostart(int index, struct sd_lun *un, struct buf *bp)
12072 {
12073 	daddr_t	nblocks;	/* #blocks in the given partition */
12074 	daddr_t	blocknum;	/* Block number specified by the buf */
12075 	size_t	requested_nblocks;
12076 	size_t	available_nblocks;
12077 	int	partition;
12078 	diskaddr_t	partition_offset;
12079 	struct sd_xbuf *xp;
12080 
12081 
12082 	ASSERT(un != NULL);
12083 	ASSERT(bp != NULL);
12084 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12085 
12086 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12087 	    "sd_mapblockaddr_iostart: entry: buf:0x%p\n", bp);
12088 
12089 	xp = SD_GET_XBUF(bp);
12090 	ASSERT(xp != NULL);
12091 
12092 	/*
12093 	 * If the geometry is not indicated as valid, attempt to access
12094 	 * the unit & verify the geometry/label. This can be the case for
12095 	 * removable-media devices, of if the device was opened in
12096 	 * NDELAY/NONBLOCK mode.
12097 	 */
12098 	if ((un->un_f_geometry_is_valid != TRUE) &&
12099 	    (sd_ready_and_valid(un) != SD_READY_VALID)) {
12100 		/*
12101 		 * For removable devices it is possible to start an I/O
12102 		 * without a media by opening the device in nodelay mode.
12103 		 * Also for writable CDs there can be many scenarios where
12104 		 * there is no geometry yet but volume manager is trying to
12105 		 * issue a read() just because it can see TOC on the CD. So
12106 		 * do not print a message for removables.
12107 		 */
12108 		if (!ISREMOVABLE(un)) {
12109 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
12110 			    "i/o to invalid geometry\n");
12111 		}
12112 		bioerror(bp, EIO);
12113 		bp->b_resid = bp->b_bcount;
12114 		SD_BEGIN_IODONE(index, un, bp);
12115 		return;
12116 	}
12117 
12118 	partition = SDPART(bp->b_edev);
12119 
12120 	/* #blocks in partition */
12121 	nblocks = un->un_map[partition].dkl_nblk;    /* #blocks in partition */
12122 
12123 	/* Use of a local variable potentially improves performance slightly */
12124 	partition_offset = un->un_offset[partition];
12125 
12126 	/*
12127 	 * blocknum is the starting block number of the request. At this
12128 	 * point it is still relative to the start of the minor device.
12129 	 */
12130 	blocknum = xp->xb_blkno;
12131 
12132 	/*
12133 	 * Legacy: If the starting block number is one past the last block
12134 	 * in the partition, do not set B_ERROR in the buf.
12135 	 */
12136 	if (blocknum == nblocks)  {
12137 		goto error_exit;
12138 	}
12139 
12140 	/*
12141 	 * Confirm that the first block of the request lies within the
12142 	 * partition limits. Also the requested number of bytes must be
12143 	 * a multiple of the system block size.
12144 	 */
12145 	if ((blocknum < 0) || (blocknum >= nblocks) ||
12146 	    ((bp->b_bcount & (un->un_sys_blocksize - 1)) != 0)) {
12147 		bp->b_flags |= B_ERROR;
12148 		goto error_exit;
12149 	}
12150 
12151 	/*
12152 	 * If the requsted # blocks exceeds the available # blocks, that
12153 	 * is an overrun of the partition.
12154 	 */
12155 	requested_nblocks = SD_BYTES2SYSBLOCKS(un, bp->b_bcount);
12156 	available_nblocks = (size_t)(nblocks - blocknum);
12157 	ASSERT(nblocks >= blocknum);
12158 
12159 	if (requested_nblocks > available_nblocks) {
12160 		/*
12161 		 * Allocate an "overrun" buf to allow the request to proceed
12162 		 * for the amount of space available in the partition. The
12163 		 * amount not transferred will be added into the b_resid
12164 		 * when the operation is complete. The overrun buf
12165 		 * replaces the original buf here, and the original buf
12166 		 * is saved inside the overrun buf, for later use.
12167 		 */
12168 		size_t resid = SD_SYSBLOCKS2BYTES(un,
12169 		    (offset_t)(requested_nblocks - available_nblocks));
12170 		size_t count = bp->b_bcount - resid;
12171 		/*
12172 		 * Note: count is an unsigned entity thus it'll NEVER
12173 		 * be less than 0 so ASSERT the original values are
12174 		 * correct.
12175 		 */
12176 		ASSERT(bp->b_bcount >= resid);
12177 
12178 		bp = sd_bioclone_alloc(bp, count, blocknum,
12179 			(int (*)(struct buf *)) sd_mapblockaddr_iodone);
12180 		xp = SD_GET_XBUF(bp); /* Update for 'new' bp! */
12181 		ASSERT(xp != NULL);
12182 	}
12183 
12184 	/* At this point there should be no residual for this buf. */
12185 	ASSERT(bp->b_resid == 0);
12186 
12187 	/* Convert the block number to an absolute address. */
12188 	xp->xb_blkno += partition_offset;
12189 
12190 	SD_NEXT_IOSTART(index, un, bp);
12191 
12192 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12193 	    "sd_mapblockaddr_iostart: exit 0: buf:0x%p\n", bp);
12194 
12195 	return;
12196 
12197 error_exit:
12198 	bp->b_resid = bp->b_bcount;
12199 	SD_BEGIN_IODONE(index, un, bp);
12200 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12201 	    "sd_mapblockaddr_iostart: exit 1: buf:0x%p\n", bp);
12202 }
12203 
12204 
12205 /*
12206  *    Function: sd_mapblockaddr_iodone
12207  *
12208  * Description: Completion-side processing for partition management.
12209  *
12210  *     Context: May be called under interrupt context
12211  */
12212 
12213 static void
12214 sd_mapblockaddr_iodone(int index, struct sd_lun *un, struct buf *bp)
12215 {
12216 	/* int	partition; */	/* Not used, see below. */
12217 	ASSERT(un != NULL);
12218 	ASSERT(bp != NULL);
12219 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12220 
12221 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12222 	    "sd_mapblockaddr_iodone: entry: buf:0x%p\n", bp);
12223 
12224 	if (bp->b_iodone == (int (*)(struct buf *)) sd_mapblockaddr_iodone) {
12225 		/*
12226 		 * We have an "overrun" buf to deal with...
12227 		 */
12228 		struct sd_xbuf	*xp;
12229 		struct buf	*obp;	/* ptr to the original buf */
12230 
12231 		xp = SD_GET_XBUF(bp);
12232 		ASSERT(xp != NULL);
12233 
12234 		/* Retrieve the pointer to the original buf */
12235 		obp = (struct buf *)xp->xb_private;
12236 		ASSERT(obp != NULL);
12237 
12238 		obp->b_resid = obp->b_bcount - (bp->b_bcount - bp->b_resid);
12239 		bioerror(obp, bp->b_error);
12240 
12241 		sd_bioclone_free(bp);
12242 
12243 		/*
12244 		 * Get back the original buf.
12245 		 * Note that since the restoration of xb_blkno below
12246 		 * was removed, the sd_xbuf is not needed.
12247 		 */
12248 		bp = obp;
12249 		/*
12250 		 * xp = SD_GET_XBUF(bp);
12251 		 * ASSERT(xp != NULL);
12252 		 */
12253 	}
12254 
12255 	/*
12256 	 * Convert sd->xb_blkno back to a minor-device relative value.
12257 	 * Note: this has been commented out, as it is not needed in the
12258 	 * current implementation of the driver (ie, since this function
12259 	 * is at the top of the layering chains, so the info will be
12260 	 * discarded) and it is in the "hot" IO path.
12261 	 *
12262 	 * partition = getminor(bp->b_edev) & SDPART_MASK;
12263 	 * xp->xb_blkno -= un->un_offset[partition];
12264 	 */
12265 
12266 	SD_NEXT_IODONE(index, un, bp);
12267 
12268 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12269 	    "sd_mapblockaddr_iodone: exit: buf:0x%p\n", bp);
12270 }
12271 
12272 
12273 /*
12274  *    Function: sd_mapblocksize_iostart
12275  *
12276  * Description: Convert between system block size (un->un_sys_blocksize)
12277  *		and target block size (un->un_tgt_blocksize).
12278  *
12279  *     Context: Can sleep to allocate resources.
12280  *
12281  * Assumptions: A higher layer has already performed any partition validation,
12282  *		and converted the xp->xb_blkno to an absolute value relative
12283  *		to the start of the device.
12284  *
12285  *		It is also assumed that the higher layer has implemented
12286  *		an "overrun" mechanism for the case where the request would
12287  *		read/write beyond the end of a partition.  In this case we
12288  *		assume (and ASSERT) that bp->b_resid == 0.
12289  *
12290  *		Note: The implementation for this routine assumes the target
12291  *		block size remains constant between allocation and transport.
12292  */
12293 
12294 static void
12295 sd_mapblocksize_iostart(int index, struct sd_lun *un, struct buf *bp)
12296 {
12297 	struct sd_mapblocksize_info	*bsp;
12298 	struct sd_xbuf			*xp;
12299 	offset_t first_byte;
12300 	daddr_t	start_block, end_block;
12301 	daddr_t	request_bytes;
12302 	ushort_t is_aligned = FALSE;
12303 
12304 	ASSERT(un != NULL);
12305 	ASSERT(bp != NULL);
12306 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12307 	ASSERT(bp->b_resid == 0);
12308 
12309 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12310 	    "sd_mapblocksize_iostart: entry: buf:0x%p\n", bp);
12311 
12312 	/*
12313 	 * For a non-writable CD, a write request is an error
12314 	 */
12315 	if (ISCD(un) && ((bp->b_flags & B_READ) == 0) &&
12316 	    (un->un_f_mmc_writable_media == FALSE)) {
12317 		bioerror(bp, EIO);
12318 		bp->b_resid = bp->b_bcount;
12319 		SD_BEGIN_IODONE(index, un, bp);
12320 		return;
12321 	}
12322 
12323 	/*
12324 	 * We do not need a shadow buf if the device is using
12325 	 * un->un_sys_blocksize as its block size or if bcount == 0.
12326 	 * In this case there is no layer-private data block allocated.
12327 	 */
12328 	if ((un->un_tgt_blocksize == un->un_sys_blocksize) ||
12329 	    (bp->b_bcount == 0)) {
12330 		goto done;
12331 	}
12332 
12333 #if defined(__i386) || defined(__amd64)
12334 	/* We do not support non-block-aligned transfers for ROD devices */
12335 	ASSERT(!ISROD(un));
12336 #endif
12337 
12338 	xp = SD_GET_XBUF(bp);
12339 	ASSERT(xp != NULL);
12340 
12341 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12342 	    "tgt_blocksize:0x%x sys_blocksize: 0x%x\n",
12343 	    un->un_tgt_blocksize, un->un_sys_blocksize);
12344 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12345 	    "request start block:0x%x\n", xp->xb_blkno);
12346 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12347 	    "request len:0x%x\n", bp->b_bcount);
12348 
12349 	/*
12350 	 * Allocate the layer-private data area for the mapblocksize layer.
12351 	 * Layers are allowed to use the xp_private member of the sd_xbuf
12352 	 * struct to store the pointer to their layer-private data block, but
12353 	 * each layer also has the responsibility of restoring the prior
12354 	 * contents of xb_private before returning the buf/xbuf to the
12355 	 * higher layer that sent it.
12356 	 *
12357 	 * Here we save the prior contents of xp->xb_private into the
12358 	 * bsp->mbs_oprivate field of our layer-private data area. This value
12359 	 * is restored by sd_mapblocksize_iodone() just prior to freeing up
12360 	 * the layer-private area and returning the buf/xbuf to the layer
12361 	 * that sent it.
12362 	 *
12363 	 * Note that here we use kmem_zalloc for the allocation as there are
12364 	 * parts of the mapblocksize code that expect certain fields to be
12365 	 * zero unless explicitly set to a required value.
12366 	 */
12367 	bsp = kmem_zalloc(sizeof (struct sd_mapblocksize_info), KM_SLEEP);
12368 	bsp->mbs_oprivate = xp->xb_private;
12369 	xp->xb_private = bsp;
12370 
12371 	/*
12372 	 * This treats the data on the disk (target) as an array of bytes.
12373 	 * first_byte is the byte offset, from the beginning of the device,
12374 	 * to the location of the request. This is converted from a
12375 	 * un->un_sys_blocksize block address to a byte offset, and then back
12376 	 * to a block address based upon a un->un_tgt_blocksize block size.
12377 	 *
12378 	 * xp->xb_blkno should be absolute upon entry into this function,
12379 	 * but, but it is based upon partitions that use the "system"
12380 	 * block size. It must be adjusted to reflect the block size of
12381 	 * the target.
12382 	 *
12383 	 * Note that end_block is actually the block that follows the last
12384 	 * block of the request, but that's what is needed for the computation.
12385 	 */
12386 	first_byte  = SD_SYSBLOCKS2BYTES(un, (offset_t)xp->xb_blkno);
12387 	start_block = xp->xb_blkno = first_byte / un->un_tgt_blocksize;
12388 	end_block   = (first_byte + bp->b_bcount + un->un_tgt_blocksize - 1) /
12389 	    un->un_tgt_blocksize;
12390 
12391 	/* request_bytes is rounded up to a multiple of the target block size */
12392 	request_bytes = (end_block - start_block) * un->un_tgt_blocksize;
12393 
12394 	/*
12395 	 * See if the starting address of the request and the request
12396 	 * length are aligned on a un->un_tgt_blocksize boundary. If aligned
12397 	 * then we do not need to allocate a shadow buf to handle the request.
12398 	 */
12399 	if (((first_byte   % un->un_tgt_blocksize) == 0) &&
12400 	    ((bp->b_bcount % un->un_tgt_blocksize) == 0)) {
12401 		is_aligned = TRUE;
12402 	}
12403 
12404 	if ((bp->b_flags & B_READ) == 0) {
12405 		/*
12406 		 * Lock the range for a write operation. An aligned request is
12407 		 * considered a simple write; otherwise the request must be a
12408 		 * read-modify-write.
12409 		 */
12410 		bsp->mbs_wmp = sd_range_lock(un, start_block, end_block - 1,
12411 		    (is_aligned == TRUE) ? SD_WTYPE_SIMPLE : SD_WTYPE_RMW);
12412 	}
12413 
12414 	/*
12415 	 * Alloc a shadow buf if the request is not aligned. Also, this is
12416 	 * where the READ command is generated for a read-modify-write. (The
12417 	 * write phase is deferred until after the read completes.)
12418 	 */
12419 	if (is_aligned == FALSE) {
12420 
12421 		struct sd_mapblocksize_info	*shadow_bsp;
12422 		struct sd_xbuf	*shadow_xp;
12423 		struct buf	*shadow_bp;
12424 
12425 		/*
12426 		 * Allocate the shadow buf and it associated xbuf. Note that
12427 		 * after this call the xb_blkno value in both the original
12428 		 * buf's sd_xbuf _and_ the shadow buf's sd_xbuf will be the
12429 		 * same: absolute relative to the start of the device, and
12430 		 * adjusted for the target block size. The b_blkno in the
12431 		 * shadow buf will also be set to this value. We should never
12432 		 * change b_blkno in the original bp however.
12433 		 *
12434 		 * Note also that the shadow buf will always need to be a
12435 		 * READ command, regardless of whether the incoming command
12436 		 * is a READ or a WRITE.
12437 		 */
12438 		shadow_bp = sd_shadow_buf_alloc(bp, request_bytes, B_READ,
12439 		    xp->xb_blkno,
12440 		    (int (*)(struct buf *)) sd_mapblocksize_iodone);
12441 
12442 		shadow_xp = SD_GET_XBUF(shadow_bp);
12443 
12444 		/*
12445 		 * Allocate the layer-private data for the shadow buf.
12446 		 * (No need to preserve xb_private in the shadow xbuf.)
12447 		 */
12448 		shadow_xp->xb_private = shadow_bsp =
12449 		    kmem_zalloc(sizeof (struct sd_mapblocksize_info), KM_SLEEP);
12450 
12451 		/*
12452 		 * bsp->mbs_copy_offset is used later by sd_mapblocksize_iodone
12453 		 * to figure out where the start of the user data is (based upon
12454 		 * the system block size) in the data returned by the READ
12455 		 * command (which will be based upon the target blocksize). Note
12456 		 * that this is only really used if the request is unaligned.
12457 		 */
12458 		bsp->mbs_copy_offset = (ssize_t)(first_byte -
12459 		    ((offset_t)xp->xb_blkno * un->un_tgt_blocksize));
12460 		ASSERT((bsp->mbs_copy_offset >= 0) &&
12461 		    (bsp->mbs_copy_offset < un->un_tgt_blocksize));
12462 
12463 		shadow_bsp->mbs_copy_offset = bsp->mbs_copy_offset;
12464 
12465 		shadow_bsp->mbs_layer_index = bsp->mbs_layer_index = index;
12466 
12467 		/* Transfer the wmap (if any) to the shadow buf */
12468 		shadow_bsp->mbs_wmp = bsp->mbs_wmp;
12469 		bsp->mbs_wmp = NULL;
12470 
12471 		/*
12472 		 * The shadow buf goes on from here in place of the
12473 		 * original buf.
12474 		 */
12475 		shadow_bsp->mbs_orig_bp = bp;
12476 		bp = shadow_bp;
12477 	}
12478 
12479 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12480 	    "sd_mapblocksize_iostart: tgt start block:0x%x\n", xp->xb_blkno);
12481 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12482 	    "sd_mapblocksize_iostart: tgt request len:0x%x\n",
12483 	    request_bytes);
12484 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12485 	    "sd_mapblocksize_iostart: shadow buf:0x%x\n", bp);
12486 
12487 done:
12488 	SD_NEXT_IOSTART(index, un, bp);
12489 
12490 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12491 	    "sd_mapblocksize_iostart: exit: buf:0x%p\n", bp);
12492 }
12493 
12494 
12495 /*
12496  *    Function: sd_mapblocksize_iodone
12497  *
12498  * Description: Completion side processing for block-size mapping.
12499  *
12500  *     Context: May be called under interrupt context
12501  */
12502 
12503 static void
12504 sd_mapblocksize_iodone(int index, struct sd_lun *un, struct buf *bp)
12505 {
12506 	struct sd_mapblocksize_info	*bsp;
12507 	struct sd_xbuf	*xp;
12508 	struct sd_xbuf	*orig_xp;	/* sd_xbuf for the original buf */
12509 	struct buf	*orig_bp;	/* ptr to the original buf */
12510 	offset_t	shadow_end;
12511 	offset_t	request_end;
12512 	offset_t	shadow_start;
12513 	ssize_t		copy_offset;
12514 	size_t		copy_length;
12515 	size_t		shortfall;
12516 	uint_t		is_write;	/* TRUE if this bp is a WRITE */
12517 	uint_t		has_wmap;	/* TRUE is this bp has a wmap */
12518 
12519 	ASSERT(un != NULL);
12520 	ASSERT(bp != NULL);
12521 
12522 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12523 	    "sd_mapblocksize_iodone: entry: buf:0x%p\n", bp);
12524 
12525 	/*
12526 	 * There is no shadow buf or layer-private data if the target is
12527 	 * using un->un_sys_blocksize as its block size or if bcount == 0.
12528 	 */
12529 	if ((un->un_tgt_blocksize == un->un_sys_blocksize) ||
12530 	    (bp->b_bcount == 0)) {
12531 		goto exit;
12532 	}
12533 
12534 	xp = SD_GET_XBUF(bp);
12535 	ASSERT(xp != NULL);
12536 
12537 	/* Retrieve the pointer to the layer-private data area from the xbuf. */
12538 	bsp = xp->xb_private;
12539 
12540 	is_write = ((bp->b_flags & B_READ) == 0) ? TRUE : FALSE;
12541 	has_wmap = (bsp->mbs_wmp != NULL) ? TRUE : FALSE;
12542 
12543 	if (is_write) {
12544 		/*
12545 		 * For a WRITE request we must free up the block range that
12546 		 * we have locked up.  This holds regardless of whether this is
12547 		 * an aligned write request or a read-modify-write request.
12548 		 */
12549 		sd_range_unlock(un, bsp->mbs_wmp);
12550 		bsp->mbs_wmp = NULL;
12551 	}
12552 
12553 	if ((bp->b_iodone != (int(*)(struct buf *))sd_mapblocksize_iodone)) {
12554 		/*
12555 		 * An aligned read or write command will have no shadow buf;
12556 		 * there is not much else to do with it.
12557 		 */
12558 		goto done;
12559 	}
12560 
12561 	orig_bp = bsp->mbs_orig_bp;
12562 	ASSERT(orig_bp != NULL);
12563 	orig_xp = SD_GET_XBUF(orig_bp);
12564 	ASSERT(orig_xp != NULL);
12565 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12566 
12567 	if (!is_write && has_wmap) {
12568 		/*
12569 		 * A READ with a wmap means this is the READ phase of a
12570 		 * read-modify-write. If an error occurred on the READ then
12571 		 * we do not proceed with the WRITE phase or copy any data.
12572 		 * Just release the write maps and return with an error.
12573 		 */
12574 		if ((bp->b_resid != 0) || (bp->b_error != 0)) {
12575 			orig_bp->b_resid = orig_bp->b_bcount;
12576 			bioerror(orig_bp, bp->b_error);
12577 			sd_range_unlock(un, bsp->mbs_wmp);
12578 			goto freebuf_done;
12579 		}
12580 	}
12581 
12582 	/*
12583 	 * Here is where we set up to copy the data from the shadow buf
12584 	 * into the space associated with the original buf.
12585 	 *
12586 	 * To deal with the conversion between block sizes, these
12587 	 * computations treat the data as an array of bytes, with the
12588 	 * first byte (byte 0) corresponding to the first byte in the
12589 	 * first block on the disk.
12590 	 */
12591 
12592 	/*
12593 	 * shadow_start and shadow_len indicate the location and size of
12594 	 * the data returned with the shadow IO request.
12595 	 */
12596 	shadow_start  = SD_TGTBLOCKS2BYTES(un, (offset_t)xp->xb_blkno);
12597 	shadow_end    = shadow_start + bp->b_bcount - bp->b_resid;
12598 
12599 	/*
12600 	 * copy_offset gives the offset (in bytes) from the start of the first
12601 	 * block of the READ request to the beginning of the data.  We retrieve
12602 	 * this value from xb_pktp in the ORIGINAL xbuf, as it has been saved
12603 	 * there by sd_mapblockize_iostart(). copy_length gives the amount of
12604 	 * data to be copied (in bytes).
12605 	 */
12606 	copy_offset  = bsp->mbs_copy_offset;
12607 	ASSERT((copy_offset >= 0) && (copy_offset < un->un_tgt_blocksize));
12608 	copy_length  = orig_bp->b_bcount;
12609 	request_end  = shadow_start + copy_offset + orig_bp->b_bcount;
12610 
12611 	/*
12612 	 * Set up the resid and error fields of orig_bp as appropriate.
12613 	 */
12614 	if (shadow_end >= request_end) {
12615 		/* We got all the requested data; set resid to zero */
12616 		orig_bp->b_resid = 0;
12617 	} else {
12618 		/*
12619 		 * We failed to get enough data to fully satisfy the original
12620 		 * request. Just copy back whatever data we got and set
12621 		 * up the residual and error code as required.
12622 		 *
12623 		 * 'shortfall' is the amount by which the data received with the
12624 		 * shadow buf has "fallen short" of the requested amount.
12625 		 */
12626 		shortfall = (size_t)(request_end - shadow_end);
12627 
12628 		if (shortfall > orig_bp->b_bcount) {
12629 			/*
12630 			 * We did not get enough data to even partially
12631 			 * fulfill the original request.  The residual is
12632 			 * equal to the amount requested.
12633 			 */
12634 			orig_bp->b_resid = orig_bp->b_bcount;
12635 		} else {
12636 			/*
12637 			 * We did not get all the data that we requested
12638 			 * from the device, but we will try to return what
12639 			 * portion we did get.
12640 			 */
12641 			orig_bp->b_resid = shortfall;
12642 		}
12643 		ASSERT(copy_length >= orig_bp->b_resid);
12644 		copy_length  -= orig_bp->b_resid;
12645 	}
12646 
12647 	/* Propagate the error code from the shadow buf to the original buf */
12648 	bioerror(orig_bp, bp->b_error);
12649 
12650 	if (is_write) {
12651 		goto freebuf_done;	/* No data copying for a WRITE */
12652 	}
12653 
12654 	if (has_wmap) {
12655 		/*
12656 		 * This is a READ command from the READ phase of a
12657 		 * read-modify-write request. We have to copy the data given
12658 		 * by the user OVER the data returned by the READ command,
12659 		 * then convert the command from a READ to a WRITE and send
12660 		 * it back to the target.
12661 		 */
12662 		bcopy(orig_bp->b_un.b_addr, bp->b_un.b_addr + copy_offset,
12663 		    copy_length);
12664 
12665 		bp->b_flags &= ~((int)B_READ);	/* Convert to a WRITE */
12666 
12667 		/*
12668 		 * Dispatch the WRITE command to the taskq thread, which
12669 		 * will in turn send the command to the target. When the
12670 		 * WRITE command completes, we (sd_mapblocksize_iodone())
12671 		 * will get called again as part of the iodone chain
12672 		 * processing for it. Note that we will still be dealing
12673 		 * with the shadow buf at that point.
12674 		 */
12675 		if (taskq_dispatch(sd_wmr_tq, sd_read_modify_write_task, bp,
12676 		    KM_NOSLEEP) != 0) {
12677 			/*
12678 			 * Dispatch was successful so we are done. Return
12679 			 * without going any higher up the iodone chain. Do
12680 			 * not free up any layer-private data until after the
12681 			 * WRITE completes.
12682 			 */
12683 			return;
12684 		}
12685 
12686 		/*
12687 		 * Dispatch of the WRITE command failed; set up the error
12688 		 * condition and send this IO back up the iodone chain.
12689 		 */
12690 		bioerror(orig_bp, EIO);
12691 		orig_bp->b_resid = orig_bp->b_bcount;
12692 
12693 	} else {
12694 		/*
12695 		 * This is a regular READ request (ie, not a RMW). Copy the
12696 		 * data from the shadow buf into the original buf. The
12697 		 * copy_offset compensates for any "misalignment" between the
12698 		 * shadow buf (with its un->un_tgt_blocksize blocks) and the
12699 		 * original buf (with its un->un_sys_blocksize blocks).
12700 		 */
12701 		bcopy(bp->b_un.b_addr + copy_offset, orig_bp->b_un.b_addr,
12702 		    copy_length);
12703 	}
12704 
12705 freebuf_done:
12706 
12707 	/*
12708 	 * At this point we still have both the shadow buf AND the original
12709 	 * buf to deal with, as well as the layer-private data area in each.
12710 	 * Local variables are as follows:
12711 	 *
12712 	 * bp -- points to shadow buf
12713 	 * xp -- points to xbuf of shadow buf
12714 	 * bsp -- points to layer-private data area of shadow buf
12715 	 * orig_bp -- points to original buf
12716 	 *
12717 	 * First free the shadow buf and its associated xbuf, then free the
12718 	 * layer-private data area from the shadow buf. There is no need to
12719 	 * restore xb_private in the shadow xbuf.
12720 	 */
12721 	sd_shadow_buf_free(bp);
12722 	kmem_free(bsp, sizeof (struct sd_mapblocksize_info));
12723 
12724 	/*
12725 	 * Now update the local variables to point to the original buf, xbuf,
12726 	 * and layer-private area.
12727 	 */
12728 	bp = orig_bp;
12729 	xp = SD_GET_XBUF(bp);
12730 	ASSERT(xp != NULL);
12731 	ASSERT(xp == orig_xp);
12732 	bsp = xp->xb_private;
12733 	ASSERT(bsp != NULL);
12734 
12735 done:
12736 	/*
12737 	 * Restore xb_private to whatever it was set to by the next higher
12738 	 * layer in the chain, then free the layer-private data area.
12739 	 */
12740 	xp->xb_private = bsp->mbs_oprivate;
12741 	kmem_free(bsp, sizeof (struct sd_mapblocksize_info));
12742 
12743 exit:
12744 	SD_TRACE(SD_LOG_IO_RMMEDIA, SD_GET_UN(bp),
12745 	    "sd_mapblocksize_iodone: calling SD_NEXT_IODONE: buf:0x%p\n", bp);
12746 
12747 	SD_NEXT_IODONE(index, un, bp);
12748 }
12749 
12750 
12751 /*
12752  *    Function: sd_checksum_iostart
12753  *
12754  * Description: A stub function for a layer that's currently not used.
12755  *		For now just a placeholder.
12756  *
12757  *     Context: Kernel thread context
12758  */
12759 
12760 static void
12761 sd_checksum_iostart(int index, struct sd_lun *un, struct buf *bp)
12762 {
12763 	ASSERT(un != NULL);
12764 	ASSERT(bp != NULL);
12765 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12766 	SD_NEXT_IOSTART(index, un, bp);
12767 }
12768 
12769 
12770 /*
12771  *    Function: sd_checksum_iodone
12772  *
12773  * Description: A stub function for a layer that's currently not used.
12774  *		For now just a placeholder.
12775  *
12776  *     Context: May be called under interrupt context
12777  */
12778 
12779 static void
12780 sd_checksum_iodone(int index, struct sd_lun *un, struct buf *bp)
12781 {
12782 	ASSERT(un != NULL);
12783 	ASSERT(bp != NULL);
12784 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12785 	SD_NEXT_IODONE(index, un, bp);
12786 }
12787 
12788 
12789 /*
12790  *    Function: sd_checksum_uscsi_iostart
12791  *
12792  * Description: A stub function for a layer that's currently not used.
12793  *		For now just a placeholder.
12794  *
12795  *     Context: Kernel thread context
12796  */
12797 
12798 static void
12799 sd_checksum_uscsi_iostart(int index, struct sd_lun *un, struct buf *bp)
12800 {
12801 	ASSERT(un != NULL);
12802 	ASSERT(bp != NULL);
12803 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12804 	SD_NEXT_IOSTART(index, un, bp);
12805 }
12806 
12807 
12808 /*
12809  *    Function: sd_checksum_uscsi_iodone
12810  *
12811  * Description: A stub function for a layer that's currently not used.
12812  *		For now just a placeholder.
12813  *
12814  *     Context: May be called under interrupt context
12815  */
12816 
12817 static void
12818 sd_checksum_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp)
12819 {
12820 	ASSERT(un != NULL);
12821 	ASSERT(bp != NULL);
12822 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12823 	SD_NEXT_IODONE(index, un, bp);
12824 }
12825 
12826 
12827 /*
12828  *    Function: sd_pm_iostart
12829  *
12830  * Description: iostart-side routine for Power mangement.
12831  *
12832  *     Context: Kernel thread context
12833  */
12834 
12835 static void
12836 sd_pm_iostart(int index, struct sd_lun *un, struct buf *bp)
12837 {
12838 	ASSERT(un != NULL);
12839 	ASSERT(bp != NULL);
12840 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12841 	ASSERT(!mutex_owned(&un->un_pm_mutex));
12842 
12843 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: entry\n");
12844 
12845 	if (sd_pm_entry(un) != DDI_SUCCESS) {
12846 		/*
12847 		 * Set up to return the failed buf back up the 'iodone'
12848 		 * side of the calling chain.
12849 		 */
12850 		bioerror(bp, EIO);
12851 		bp->b_resid = bp->b_bcount;
12852 
12853 		SD_BEGIN_IODONE(index, un, bp);
12854 
12855 		SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: exit\n");
12856 		return;
12857 	}
12858 
12859 	SD_NEXT_IOSTART(index, un, bp);
12860 
12861 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: exit\n");
12862 }
12863 
12864 
12865 /*
12866  *    Function: sd_pm_iodone
12867  *
12868  * Description: iodone-side routine for power mangement.
12869  *
12870  *     Context: may be called from interrupt context
12871  */
12872 
12873 static void
12874 sd_pm_iodone(int index, struct sd_lun *un, struct buf *bp)
12875 {
12876 	ASSERT(un != NULL);
12877 	ASSERT(bp != NULL);
12878 	ASSERT(!mutex_owned(&un->un_pm_mutex));
12879 
12880 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iodone: entry\n");
12881 
12882 	/*
12883 	 * After attach the following flag is only read, so don't
12884 	 * take the penalty of acquiring a mutex for it.
12885 	 */
12886 	if (un->un_f_pm_is_enabled == TRUE) {
12887 		sd_pm_exit(un);
12888 	}
12889 
12890 	SD_NEXT_IODONE(index, un, bp);
12891 
12892 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iodone: exit\n");
12893 }
12894 
12895 
12896 /*
12897  *    Function: sd_core_iostart
12898  *
12899  * Description: Primary driver function for enqueuing buf(9S) structs from
12900  *		the system and initiating IO to the target device
12901  *
12902  *     Context: Kernel thread context. Can sleep.
12903  *
12904  * Assumptions:  - The given xp->xb_blkno is absolute
12905  *		   (ie, relative to the start of the device).
12906  *		 - The IO is to be done using the native blocksize of
12907  *		   the device, as specified in un->un_tgt_blocksize.
12908  */
12909 /* ARGSUSED */
12910 static void
12911 sd_core_iostart(int index, struct sd_lun *un, struct buf *bp)
12912 {
12913 	struct sd_xbuf *xp;
12914 
12915 	ASSERT(un != NULL);
12916 	ASSERT(bp != NULL);
12917 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12918 	ASSERT(bp->b_resid == 0);
12919 
12920 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_core_iostart: entry: bp:0x%p\n", bp);
12921 
12922 	xp = SD_GET_XBUF(bp);
12923 	ASSERT(xp != NULL);
12924 
12925 	mutex_enter(SD_MUTEX(un));
12926 
12927 	/*
12928 	 * If we are currently in the failfast state, fail any new IO
12929 	 * that has B_FAILFAST set, then return.
12930 	 */
12931 	if ((bp->b_flags & B_FAILFAST) &&
12932 	    (un->un_failfast_state == SD_FAILFAST_ACTIVE)) {
12933 		mutex_exit(SD_MUTEX(un));
12934 		bioerror(bp, EIO);
12935 		bp->b_resid = bp->b_bcount;
12936 		SD_BEGIN_IODONE(index, un, bp);
12937 		return;
12938 	}
12939 
12940 	if (SD_IS_DIRECT_PRIORITY(xp)) {
12941 		/*
12942 		 * Priority command -- transport it immediately.
12943 		 *
12944 		 * Note: We may want to assert that USCSI_DIAGNOSE is set,
12945 		 * because all direct priority commands should be associated
12946 		 * with error recovery actions which we don't want to retry.
12947 		 */
12948 		sd_start_cmds(un, bp);
12949 	} else {
12950 		/*
12951 		 * Normal command -- add it to the wait queue, then start
12952 		 * transporting commands from the wait queue.
12953 		 */
12954 		sd_add_buf_to_waitq(un, bp);
12955 		SD_UPDATE_KSTATS(un, kstat_waitq_enter, bp);
12956 		sd_start_cmds(un, NULL);
12957 	}
12958 
12959 	mutex_exit(SD_MUTEX(un));
12960 
12961 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_core_iostart: exit: bp:0x%p\n", bp);
12962 }
12963 
12964 
12965 /*
12966  *    Function: sd_init_cdb_limits
12967  *
12968  * Description: This is to handle scsi_pkt initialization differences
12969  *		between the driver platforms.
12970  *
12971  *		Legacy behaviors:
12972  *
12973  *		If the block number or the sector count exceeds the
12974  *		capabilities of a Group 0 command, shift over to a
12975  *		Group 1 command. We don't blindly use Group 1
12976  *		commands because a) some drives (CDC Wren IVs) get a
12977  *		bit confused, and b) there is probably a fair amount
12978  *		of speed difference for a target to receive and decode
12979  *		a 10 byte command instead of a 6 byte command.
12980  *
12981  *		The xfer time difference of 6 vs 10 byte CDBs is
12982  *		still significant so this code is still worthwhile.
12983  *		10 byte CDBs are very inefficient with the fas HBA driver
12984  *		and older disks. Each CDB byte took 1 usec with some
12985  *		popular disks.
12986  *
12987  *     Context: Must be called at attach time
12988  */
12989 
12990 static void
12991 sd_init_cdb_limits(struct sd_lun *un)
12992 {
12993 	/*
12994 	 * Use CDB_GROUP1 commands for most devices except for
12995 	 * parallel SCSI fixed drives in which case we get better
12996 	 * performance using CDB_GROUP0 commands (where applicable).
12997 	 */
12998 	un->un_mincdb = SD_CDB_GROUP1;
12999 #if !defined(__fibre)
13000 	if (!un->un_f_is_fibre && !un->un_f_cfg_is_atapi && !ISROD(un) &&
13001 	    !ISREMOVABLE(un)) {
13002 		un->un_mincdb = SD_CDB_GROUP0;
13003 	}
13004 #endif
13005 
13006 	/*
13007 	 * Use CDB_GROUP5 commands for removable devices.  Use CDB_GROUP4
13008 	 * commands for fixed disks unless we are building for a 32 bit
13009 	 * kernel.
13010 	 */
13011 #ifdef _LP64
13012 	un->un_maxcdb = (ISREMOVABLE(un)) ? SD_CDB_GROUP5 : SD_CDB_GROUP4;
13013 #else
13014 	un->un_maxcdb = (ISREMOVABLE(un)) ? SD_CDB_GROUP5 : SD_CDB_GROUP1;
13015 #endif
13016 
13017 	/*
13018 	 * x86 systems require the PKT_DMA_PARTIAL flag
13019 	 */
13020 #if defined(__x86)
13021 	un->un_pkt_flags = PKT_DMA_PARTIAL;
13022 #else
13023 	un->un_pkt_flags = 0;
13024 #endif
13025 
13026 	un->un_status_len = (int)((un->un_f_arq_enabled == TRUE)
13027 	    ? sizeof (struct scsi_arq_status) : 1);
13028 	un->un_cmd_timeout = (ushort_t)sd_io_time;
13029 	un->un_uscsi_timeout = ((ISCD(un)) ? 2 : 1) * un->un_cmd_timeout;
13030 }
13031 
13032 
13033 /*
13034  *    Function: sd_initpkt_for_buf
13035  *
13036  * Description: Allocate and initialize for transport a scsi_pkt struct,
13037  *		based upon the info specified in the given buf struct.
13038  *
13039  *		Assumes the xb_blkno in the request is absolute (ie,
13040  *		relative to the start of the device (NOT partition!).
13041  *		Also assumes that the request is using the native block
13042  *		size of the device (as returned by the READ CAPACITY
13043  *		command).
13044  *
13045  * Return Code: SD_PKT_ALLOC_SUCCESS
13046  *		SD_PKT_ALLOC_FAILURE
13047  *		SD_PKT_ALLOC_FAILURE_NO_DMA
13048  *		SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13049  *
13050  *     Context: Kernel thread and may be called from software interrupt context
13051  *		as part of a sdrunout callback. This function may not block or
13052  *		call routines that block
13053  */
13054 
13055 static int
13056 sd_initpkt_for_buf(struct buf *bp, struct scsi_pkt **pktpp)
13057 {
13058 	struct sd_xbuf	*xp;
13059 	struct scsi_pkt *pktp = NULL;
13060 	struct sd_lun	*un;
13061 	size_t		blockcount;
13062 	daddr_t		startblock;
13063 	int		rval;
13064 	int		cmd_flags;
13065 
13066 	ASSERT(bp != NULL);
13067 	ASSERT(pktpp != NULL);
13068 	xp = SD_GET_XBUF(bp);
13069 	ASSERT(xp != NULL);
13070 	un = SD_GET_UN(bp);
13071 	ASSERT(un != NULL);
13072 	ASSERT(mutex_owned(SD_MUTEX(un)));
13073 	ASSERT(bp->b_resid == 0);
13074 
13075 	SD_TRACE(SD_LOG_IO_CORE, un,
13076 	    "sd_initpkt_for_buf: entry: buf:0x%p\n", bp);
13077 
13078 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13079 	if (xp->xb_pkt_flags & SD_XB_DMA_FREED) {
13080 		/*
13081 		 * Already have a scsi_pkt -- just need DMA resources.
13082 		 * We must recompute the CDB in case the mapping returns
13083 		 * a nonzero pkt_resid.
13084 		 * Note: if this is a portion of a PKT_DMA_PARTIAL transfer
13085 		 * that is being retried, the unmap/remap of the DMA resouces
13086 		 * will result in the entire transfer starting over again
13087 		 * from the very first block.
13088 		 */
13089 		ASSERT(xp->xb_pktp != NULL);
13090 		pktp = xp->xb_pktp;
13091 	} else {
13092 		pktp = NULL;
13093 	}
13094 #endif /* __i386 || __amd64 */
13095 
13096 	startblock = xp->xb_blkno;	/* Absolute block num. */
13097 	blockcount = SD_BYTES2TGTBLOCKS(un, bp->b_bcount);
13098 
13099 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13100 
13101 	cmd_flags = un->un_pkt_flags | (xp->xb_pkt_flags & SD_XB_INITPKT_MASK);
13102 
13103 #else
13104 
13105 	cmd_flags = un->un_pkt_flags | xp->xb_pkt_flags;
13106 
13107 #endif
13108 
13109 	/*
13110 	 * sd_setup_rw_pkt will determine the appropriate CDB group to use,
13111 	 * call scsi_init_pkt, and build the CDB.
13112 	 */
13113 	rval = sd_setup_rw_pkt(un, &pktp, bp,
13114 	    cmd_flags, sdrunout, (caddr_t)un,
13115 	    startblock, blockcount);
13116 
13117 	if (rval == 0) {
13118 		/*
13119 		 * Success.
13120 		 *
13121 		 * If partial DMA is being used and required for this transfer.
13122 		 * set it up here.
13123 		 */
13124 		if ((un->un_pkt_flags & PKT_DMA_PARTIAL) != 0 &&
13125 		    (pktp->pkt_resid != 0)) {
13126 
13127 			/*
13128 			 * Save the CDB length and pkt_resid for the
13129 			 * next xfer
13130 			 */
13131 			xp->xb_dma_resid = pktp->pkt_resid;
13132 
13133 			/* rezero resid */
13134 			pktp->pkt_resid = 0;
13135 
13136 		} else {
13137 			xp->xb_dma_resid = 0;
13138 		}
13139 
13140 		pktp->pkt_flags = un->un_tagflags;
13141 		pktp->pkt_time  = un->un_cmd_timeout;
13142 		pktp->pkt_comp  = sdintr;
13143 
13144 		pktp->pkt_private = bp;
13145 		*pktpp = pktp;
13146 
13147 		SD_TRACE(SD_LOG_IO_CORE, un,
13148 		    "sd_initpkt_for_buf: exit: buf:0x%p\n", bp);
13149 
13150 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13151 		xp->xb_pkt_flags &= ~SD_XB_DMA_FREED;
13152 #endif
13153 
13154 		return (SD_PKT_ALLOC_SUCCESS);
13155 
13156 	}
13157 
13158 	/*
13159 	 * SD_PKT_ALLOC_FAILURE is the only expected failure code
13160 	 * from sd_setup_rw_pkt.
13161 	 */
13162 	ASSERT(rval == SD_PKT_ALLOC_FAILURE);
13163 
13164 	if (rval == SD_PKT_ALLOC_FAILURE) {
13165 		*pktpp = NULL;
13166 		/*
13167 		 * Set the driver state to RWAIT to indicate the driver
13168 		 * is waiting on resource allocations. The driver will not
13169 		 * suspend, pm_suspend, or detatch while the state is RWAIT.
13170 		 */
13171 		New_state(un, SD_STATE_RWAIT);
13172 
13173 		SD_ERROR(SD_LOG_IO_CORE, un,
13174 		    "sd_initpkt_for_buf: No pktp. exit bp:0x%p\n", bp);
13175 
13176 		if ((bp->b_flags & B_ERROR) != 0) {
13177 			return (SD_PKT_ALLOC_FAILURE_NO_DMA);
13178 		}
13179 		return (SD_PKT_ALLOC_FAILURE);
13180 	} else {
13181 		/*
13182 		 * PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13183 		 *
13184 		 * This should never happen.  Maybe someone messed with the
13185 		 * kernel's minphys?
13186 		 */
13187 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13188 		    "Request rejected: too large for CDB: "
13189 		    "lba:0x%08lx  len:0x%08lx\n", startblock, blockcount);
13190 		SD_ERROR(SD_LOG_IO_CORE, un,
13191 		    "sd_initpkt_for_buf: No cp. exit bp:0x%p\n", bp);
13192 		return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13193 
13194 	}
13195 }
13196 
13197 
13198 /*
13199  *    Function: sd_destroypkt_for_buf
13200  *
13201  * Description: Free the scsi_pkt(9S) for the given bp (buf IO processing).
13202  *
13203  *     Context: Kernel thread or interrupt context
13204  */
13205 
13206 static void
13207 sd_destroypkt_for_buf(struct buf *bp)
13208 {
13209 	ASSERT(bp != NULL);
13210 	ASSERT(SD_GET_UN(bp) != NULL);
13211 
13212 	SD_TRACE(SD_LOG_IO_CORE, SD_GET_UN(bp),
13213 	    "sd_destroypkt_for_buf: entry: buf:0x%p\n", bp);
13214 
13215 	ASSERT(SD_GET_PKTP(bp) != NULL);
13216 	scsi_destroy_pkt(SD_GET_PKTP(bp));
13217 
13218 	SD_TRACE(SD_LOG_IO_CORE, SD_GET_UN(bp),
13219 	    "sd_destroypkt_for_buf: exit: buf:0x%p\n", bp);
13220 }
13221 
13222 /*
13223  *    Function: sd_setup_rw_pkt
13224  *
13225  * Description: Determines appropriate CDB group for the requested LBA
13226  *		and transfer length, calls scsi_init_pkt, and builds
13227  *		the CDB.  Do not use for partial DMA transfers except
13228  *		for the initial transfer since the CDB size must
13229  *		remain constant.
13230  *
13231  *     Context: Kernel thread and may be called from software interrupt
13232  *		context as part of a sdrunout callback. This function may not
13233  *		block or call routines that block
13234  */
13235 
13236 
13237 int
13238 sd_setup_rw_pkt(struct sd_lun *un,
13239     struct scsi_pkt **pktpp, struct buf *bp, int flags,
13240     int (*callback)(caddr_t), caddr_t callback_arg,
13241     diskaddr_t lba, uint32_t blockcount)
13242 {
13243 	struct scsi_pkt *return_pktp;
13244 	union scsi_cdb *cdbp;
13245 	struct sd_cdbinfo *cp = NULL;
13246 	int i;
13247 
13248 	/*
13249 	 * See which size CDB to use, based upon the request.
13250 	 */
13251 	for (i = un->un_mincdb; i <= un->un_maxcdb; i++) {
13252 
13253 		/*
13254 		 * Check lba and block count against sd_cdbtab limits.
13255 		 * In the partial DMA case, we have to use the same size
13256 		 * CDB for all the transfers.  Check lba + blockcount
13257 		 * against the max LBA so we know that segment of the
13258 		 * transfer can use the CDB we select.
13259 		 */
13260 		if ((lba + blockcount - 1 <= sd_cdbtab[i].sc_maxlba) &&
13261 		    (blockcount <= sd_cdbtab[i].sc_maxlen)) {
13262 
13263 			/*
13264 			 * The command will fit into the CDB type
13265 			 * specified by sd_cdbtab[i].
13266 			 */
13267 			cp = sd_cdbtab + i;
13268 
13269 			/*
13270 			 * Call scsi_init_pkt so we can fill in the
13271 			 * CDB.
13272 			 */
13273 			return_pktp = scsi_init_pkt(SD_ADDRESS(un), *pktpp,
13274 			    bp, cp->sc_grpcode, un->un_status_len, 0,
13275 			    flags, callback, callback_arg);
13276 
13277 			if (return_pktp != NULL) {
13278 
13279 				/*
13280 				 * Return new value of pkt
13281 				 */
13282 				*pktpp = return_pktp;
13283 
13284 				/*
13285 				 * To be safe, zero the CDB insuring there is
13286 				 * no leftover data from a previous command.
13287 				 */
13288 				bzero(return_pktp->pkt_cdbp, cp->sc_grpcode);
13289 
13290 				/*
13291 				 * Handle partial DMA mapping
13292 				 */
13293 				if (return_pktp->pkt_resid != 0) {
13294 
13295 					/*
13296 					 * Not going to xfer as many blocks as
13297 					 * originally expected
13298 					 */
13299 					blockcount -=
13300 					    SD_BYTES2TGTBLOCKS(un,
13301 						return_pktp->pkt_resid);
13302 				}
13303 
13304 				cdbp = (union scsi_cdb *)return_pktp->pkt_cdbp;
13305 
13306 				/*
13307 				 * Set command byte based on the CDB
13308 				 * type we matched.
13309 				 */
13310 				cdbp->scc_cmd = cp->sc_grpmask |
13311 				    ((bp->b_flags & B_READ) ?
13312 					SCMD_READ : SCMD_WRITE);
13313 
13314 				SD_FILL_SCSI1_LUN(un, return_pktp);
13315 
13316 				/*
13317 				 * Fill in LBA and length
13318 				 */
13319 				ASSERT((cp->sc_grpcode == CDB_GROUP1) ||
13320 				    (cp->sc_grpcode == CDB_GROUP4) ||
13321 				    (cp->sc_grpcode == CDB_GROUP0) ||
13322 				    (cp->sc_grpcode == CDB_GROUP5));
13323 
13324 				if (cp->sc_grpcode == CDB_GROUP1) {
13325 					FORMG1ADDR(cdbp, lba);
13326 					FORMG1COUNT(cdbp, blockcount);
13327 					return (0);
13328 				} else if (cp->sc_grpcode == CDB_GROUP4) {
13329 					FORMG4LONGADDR(cdbp, lba);
13330 					FORMG4COUNT(cdbp, blockcount);
13331 					return (0);
13332 				} else if (cp->sc_grpcode == CDB_GROUP0) {
13333 					FORMG0ADDR(cdbp, lba);
13334 					FORMG0COUNT(cdbp, blockcount);
13335 					return (0);
13336 				} else if (cp->sc_grpcode == CDB_GROUP5) {
13337 					FORMG5ADDR(cdbp, lba);
13338 					FORMG5COUNT(cdbp, blockcount);
13339 					return (0);
13340 				}
13341 
13342 				/*
13343 				 * It should be impossible to not match one
13344 				 * of the CDB types above, so we should never
13345 				 * reach this point.  Set the CDB command byte
13346 				 * to test-unit-ready to avoid writing
13347 				 * to somewhere we don't intend.
13348 				 */
13349 				cdbp->scc_cmd = SCMD_TEST_UNIT_READY;
13350 				return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13351 			} else {
13352 				/*
13353 				 * Couldn't get scsi_pkt
13354 				 */
13355 				return (SD_PKT_ALLOC_FAILURE);
13356 			}
13357 		}
13358 	}
13359 
13360 	/*
13361 	 * None of the available CDB types were suitable.  This really
13362 	 * should never happen:  on a 64 bit system we support
13363 	 * READ16/WRITE16 which will hold an entire 64 bit disk address
13364 	 * and on a 32 bit system we will refuse to bind to a device
13365 	 * larger than 2TB so addresses will never be larger than 32 bits.
13366 	 */
13367 	return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13368 }
13369 
13370 #if defined(__i386) || defined(__amd64)
13371 /*
13372  *    Function: sd_setup_next_rw_pkt
13373  *
13374  * Description: Setup packet for partial DMA transfers, except for the
13375  * 		initial transfer.  sd_setup_rw_pkt should be used for
13376  *		the initial transfer.
13377  *
13378  *     Context: Kernel thread and may be called from interrupt context.
13379  */
13380 
13381 int
13382 sd_setup_next_rw_pkt(struct sd_lun *un,
13383     struct scsi_pkt *pktp, struct buf *bp,
13384     diskaddr_t lba, uint32_t blockcount)
13385 {
13386 	uchar_t com;
13387 	union scsi_cdb *cdbp;
13388 	uchar_t cdb_group_id;
13389 
13390 	ASSERT(pktp != NULL);
13391 	ASSERT(pktp->pkt_cdbp != NULL);
13392 
13393 	cdbp = (union scsi_cdb *)pktp->pkt_cdbp;
13394 	com = cdbp->scc_cmd;
13395 	cdb_group_id = CDB_GROUPID(com);
13396 
13397 	ASSERT((cdb_group_id == CDB_GROUPID_0) ||
13398 	    (cdb_group_id == CDB_GROUPID_1) ||
13399 	    (cdb_group_id == CDB_GROUPID_4) ||
13400 	    (cdb_group_id == CDB_GROUPID_5));
13401 
13402 	/*
13403 	 * Move pkt to the next portion of the xfer.
13404 	 * func is NULL_FUNC so we do not have to release
13405 	 * the disk mutex here.
13406 	 */
13407 	if (scsi_init_pkt(SD_ADDRESS(un), pktp, bp, 0, 0, 0, 0,
13408 	    NULL_FUNC, NULL) == pktp) {
13409 		/* Success.  Handle partial DMA */
13410 		if (pktp->pkt_resid != 0) {
13411 			blockcount -=
13412 			    SD_BYTES2TGTBLOCKS(un, pktp->pkt_resid);
13413 		}
13414 
13415 		cdbp->scc_cmd = com;
13416 		SD_FILL_SCSI1_LUN(un, pktp);
13417 		if (cdb_group_id == CDB_GROUPID_1) {
13418 			FORMG1ADDR(cdbp, lba);
13419 			FORMG1COUNT(cdbp, blockcount);
13420 			return (0);
13421 		} else if (cdb_group_id == CDB_GROUPID_4) {
13422 			FORMG4LONGADDR(cdbp, lba);
13423 			FORMG4COUNT(cdbp, blockcount);
13424 			return (0);
13425 		} else if (cdb_group_id == CDB_GROUPID_0) {
13426 			FORMG0ADDR(cdbp, lba);
13427 			FORMG0COUNT(cdbp, blockcount);
13428 			return (0);
13429 		} else if (cdb_group_id == CDB_GROUPID_5) {
13430 			FORMG5ADDR(cdbp, lba);
13431 			FORMG5COUNT(cdbp, blockcount);
13432 			return (0);
13433 		}
13434 
13435 		/* Unreachable */
13436 		return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13437 	}
13438 
13439 	/*
13440 	 * Error setting up next portion of cmd transfer.
13441 	 * Something is definitely very wrong and this
13442 	 * should not happen.
13443 	 */
13444 	return (SD_PKT_ALLOC_FAILURE);
13445 }
13446 #endif /* defined(__i386) || defined(__amd64) */
13447 
13448 /*
13449  *    Function: sd_initpkt_for_uscsi
13450  *
13451  * Description: Allocate and initialize for transport a scsi_pkt struct,
13452  *		based upon the info specified in the given uscsi_cmd struct.
13453  *
13454  * Return Code: SD_PKT_ALLOC_SUCCESS
13455  *		SD_PKT_ALLOC_FAILURE
13456  *		SD_PKT_ALLOC_FAILURE_NO_DMA
13457  *		SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13458  *
13459  *     Context: Kernel thread and may be called from software interrupt context
13460  *		as part of a sdrunout callback. This function may not block or
13461  *		call routines that block
13462  */
13463 
13464 static int
13465 sd_initpkt_for_uscsi(struct buf *bp, struct scsi_pkt **pktpp)
13466 {
13467 	struct uscsi_cmd *uscmd;
13468 	struct sd_xbuf	*xp;
13469 	struct scsi_pkt	*pktp;
13470 	struct sd_lun	*un;
13471 	uint32_t	flags = 0;
13472 
13473 	ASSERT(bp != NULL);
13474 	ASSERT(pktpp != NULL);
13475 	xp = SD_GET_XBUF(bp);
13476 	ASSERT(xp != NULL);
13477 	un = SD_GET_UN(bp);
13478 	ASSERT(un != NULL);
13479 	ASSERT(mutex_owned(SD_MUTEX(un)));
13480 
13481 	/* The pointer to the uscsi_cmd struct is expected in xb_pktinfo */
13482 	uscmd = (struct uscsi_cmd *)xp->xb_pktinfo;
13483 	ASSERT(uscmd != NULL);
13484 
13485 	SD_TRACE(SD_LOG_IO_CORE, un,
13486 	    "sd_initpkt_for_uscsi: entry: buf:0x%p\n", bp);
13487 
13488 	/*
13489 	 * Allocate the scsi_pkt for the command.
13490 	 * Note: If PKT_DMA_PARTIAL flag is set, scsi_vhci binds a path
13491 	 *	 during scsi_init_pkt time and will continue to use the
13492 	 *	 same path as long as the same scsi_pkt is used without
13493 	 *	 intervening scsi_dma_free(). Since uscsi command does
13494 	 *	 not call scsi_dmafree() before retry failed command, it
13495 	 *	 is necessary to make sure PKT_DMA_PARTIAL flag is NOT
13496 	 *	 set such that scsi_vhci can use other available path for
13497 	 *	 retry. Besides, ucsci command does not allow DMA breakup,
13498 	 *	 so there is no need to set PKT_DMA_PARTIAL flag.
13499 	 */
13500 	pktp = scsi_init_pkt(SD_ADDRESS(un), NULL,
13501 	    ((bp->b_bcount != 0) ? bp : NULL), uscmd->uscsi_cdblen,
13502 	    sizeof (struct scsi_arq_status), 0,
13503 	    (un->un_pkt_flags & ~PKT_DMA_PARTIAL),
13504 	    sdrunout, (caddr_t)un);
13505 
13506 	if (pktp == NULL) {
13507 		*pktpp = NULL;
13508 		/*
13509 		 * Set the driver state to RWAIT to indicate the driver
13510 		 * is waiting on resource allocations. The driver will not
13511 		 * suspend, pm_suspend, or detatch while the state is RWAIT.
13512 		 */
13513 		New_state(un, SD_STATE_RWAIT);
13514 
13515 		SD_ERROR(SD_LOG_IO_CORE, un,
13516 		    "sd_initpkt_for_uscsi: No pktp. exit bp:0x%p\n", bp);
13517 
13518 		if ((bp->b_flags & B_ERROR) != 0) {
13519 			return (SD_PKT_ALLOC_FAILURE_NO_DMA);
13520 		}
13521 		return (SD_PKT_ALLOC_FAILURE);
13522 	}
13523 
13524 	/*
13525 	 * We do not do DMA breakup for USCSI commands, so return failure
13526 	 * here if all the needed DMA resources were not allocated.
13527 	 */
13528 	if ((un->un_pkt_flags & PKT_DMA_PARTIAL) &&
13529 	    (bp->b_bcount != 0) && (pktp->pkt_resid != 0)) {
13530 		scsi_destroy_pkt(pktp);
13531 		SD_ERROR(SD_LOG_IO_CORE, un, "sd_initpkt_for_uscsi: "
13532 		    "No partial DMA for USCSI. exit: buf:0x%p\n", bp);
13533 		return (SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL);
13534 	}
13535 
13536 	/* Init the cdb from the given uscsi struct */
13537 	(void) scsi_setup_cdb((union scsi_cdb *)pktp->pkt_cdbp,
13538 	    uscmd->uscsi_cdb[0], 0, 0, 0);
13539 
13540 	SD_FILL_SCSI1_LUN(un, pktp);
13541 
13542 	/*
13543 	 * Set up the optional USCSI flags. See the uscsi (7I) man page
13544 	 * for listing of the supported flags.
13545 	 */
13546 
13547 	if (uscmd->uscsi_flags & USCSI_SILENT) {
13548 		flags |= FLAG_SILENT;
13549 	}
13550 
13551 	if (uscmd->uscsi_flags & USCSI_DIAGNOSE) {
13552 		flags |= FLAG_DIAGNOSE;
13553 	}
13554 
13555 	if (uscmd->uscsi_flags & USCSI_ISOLATE) {
13556 		flags |= FLAG_ISOLATE;
13557 	}
13558 
13559 	if (un->un_f_is_fibre == FALSE) {
13560 		if (uscmd->uscsi_flags & USCSI_RENEGOT) {
13561 			flags |= FLAG_RENEGOTIATE_WIDE_SYNC;
13562 		}
13563 	}
13564 
13565 	/*
13566 	 * Set the pkt flags here so we save time later.
13567 	 * Note: These flags are NOT in the uscsi man page!!!
13568 	 */
13569 	if (uscmd->uscsi_flags & USCSI_HEAD) {
13570 		flags |= FLAG_HEAD;
13571 	}
13572 
13573 	if (uscmd->uscsi_flags & USCSI_NOINTR) {
13574 		flags |= FLAG_NOINTR;
13575 	}
13576 
13577 	/*
13578 	 * For tagged queueing, things get a bit complicated.
13579 	 * Check first for head of queue and last for ordered queue.
13580 	 * If neither head nor order, use the default driver tag flags.
13581 	 */
13582 	if ((uscmd->uscsi_flags & USCSI_NOTAG) == 0) {
13583 		if (uscmd->uscsi_flags & USCSI_HTAG) {
13584 			flags |= FLAG_HTAG;
13585 		} else if (uscmd->uscsi_flags & USCSI_OTAG) {
13586 			flags |= FLAG_OTAG;
13587 		} else {
13588 			flags |= un->un_tagflags & FLAG_TAGMASK;
13589 		}
13590 	}
13591 
13592 	if (uscmd->uscsi_flags & USCSI_NODISCON) {
13593 		flags = (flags & ~FLAG_TAGMASK) | FLAG_NODISCON;
13594 	}
13595 
13596 	pktp->pkt_flags = flags;
13597 
13598 	/* Copy the caller's CDB into the pkt... */
13599 	bcopy(uscmd->uscsi_cdb, pktp->pkt_cdbp, uscmd->uscsi_cdblen);
13600 
13601 	if (uscmd->uscsi_timeout == 0) {
13602 		pktp->pkt_time = un->un_uscsi_timeout;
13603 	} else {
13604 		pktp->pkt_time = uscmd->uscsi_timeout;
13605 	}
13606 
13607 	/* need it later to identify USCSI request in sdintr */
13608 	xp->xb_pkt_flags |= SD_XB_USCSICMD;
13609 
13610 	xp->xb_sense_resid = uscmd->uscsi_rqresid;
13611 
13612 	pktp->pkt_private = bp;
13613 	pktp->pkt_comp = sdintr;
13614 	*pktpp = pktp;
13615 
13616 	SD_TRACE(SD_LOG_IO_CORE, un,
13617 	    "sd_initpkt_for_uscsi: exit: buf:0x%p\n", bp);
13618 
13619 	return (SD_PKT_ALLOC_SUCCESS);
13620 }
13621 
13622 
13623 /*
13624  *    Function: sd_destroypkt_for_uscsi
13625  *
13626  * Description: Free the scsi_pkt(9S) struct for the given bp, for uscsi
13627  *		IOs.. Also saves relevant info into the associated uscsi_cmd
13628  *		struct.
13629  *
13630  *     Context: May be called under interrupt context
13631  */
13632 
13633 static void
13634 sd_destroypkt_for_uscsi(struct buf *bp)
13635 {
13636 	struct uscsi_cmd *uscmd;
13637 	struct sd_xbuf	*xp;
13638 	struct scsi_pkt	*pktp;
13639 	struct sd_lun	*un;
13640 
13641 	ASSERT(bp != NULL);
13642 	xp = SD_GET_XBUF(bp);
13643 	ASSERT(xp != NULL);
13644 	un = SD_GET_UN(bp);
13645 	ASSERT(un != NULL);
13646 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13647 	pktp = SD_GET_PKTP(bp);
13648 	ASSERT(pktp != NULL);
13649 
13650 	SD_TRACE(SD_LOG_IO_CORE, un,
13651 	    "sd_destroypkt_for_uscsi: entry: buf:0x%p\n", bp);
13652 
13653 	/* The pointer to the uscsi_cmd struct is expected in xb_pktinfo */
13654 	uscmd = (struct uscsi_cmd *)xp->xb_pktinfo;
13655 	ASSERT(uscmd != NULL);
13656 
13657 	/* Save the status and the residual into the uscsi_cmd struct */
13658 	uscmd->uscsi_status = ((*(pktp)->pkt_scbp) & STATUS_MASK);
13659 	uscmd->uscsi_resid  = bp->b_resid;
13660 
13661 	/*
13662 	 * If enabled, copy any saved sense data into the area specified
13663 	 * by the uscsi command.
13664 	 */
13665 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
13666 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
13667 		/*
13668 		 * Note: uscmd->uscsi_rqbuf should always point to a buffer
13669 		 * at least SENSE_LENGTH bytes in size (see sd_send_scsi_cmd())
13670 		 */
13671 		uscmd->uscsi_rqstatus = xp->xb_sense_status;
13672 		uscmd->uscsi_rqresid  = xp->xb_sense_resid;
13673 		bcopy(xp->xb_sense_data, uscmd->uscsi_rqbuf, SENSE_LENGTH);
13674 	}
13675 
13676 	/* We are done with the scsi_pkt; free it now */
13677 	ASSERT(SD_GET_PKTP(bp) != NULL);
13678 	scsi_destroy_pkt(SD_GET_PKTP(bp));
13679 
13680 	SD_TRACE(SD_LOG_IO_CORE, un,
13681 	    "sd_destroypkt_for_uscsi: exit: buf:0x%p\n", bp);
13682 }
13683 
13684 
13685 /*
13686  *    Function: sd_bioclone_alloc
13687  *
13688  * Description: Allocate a buf(9S) and init it as per the given buf
13689  *		and the various arguments.  The associated sd_xbuf
13690  *		struct is (nearly) duplicated.  The struct buf *bp
13691  *		argument is saved in new_xp->xb_private.
13692  *
13693  *   Arguments: bp - ptr the the buf(9S) to be "shadowed"
13694  *		datalen - size of data area for the shadow bp
13695  *		blkno - starting LBA
13696  *		func - function pointer for b_iodone in the shadow buf. (May
13697  *			be NULL if none.)
13698  *
13699  * Return Code: Pointer to allocates buf(9S) struct
13700  *
13701  *     Context: Can sleep.
13702  */
13703 
13704 static struct buf *
13705 sd_bioclone_alloc(struct buf *bp, size_t datalen,
13706 	daddr_t blkno, int (*func)(struct buf *))
13707 {
13708 	struct	sd_lun	*un;
13709 	struct	sd_xbuf	*xp;
13710 	struct	sd_xbuf	*new_xp;
13711 	struct	buf	*new_bp;
13712 
13713 	ASSERT(bp != NULL);
13714 	xp = SD_GET_XBUF(bp);
13715 	ASSERT(xp != NULL);
13716 	un = SD_GET_UN(bp);
13717 	ASSERT(un != NULL);
13718 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13719 
13720 	new_bp = bioclone(bp, 0, datalen, SD_GET_DEV(un), blkno, func,
13721 	    NULL, KM_SLEEP);
13722 
13723 	new_bp->b_lblkno	= blkno;
13724 
13725 	/*
13726 	 * Allocate an xbuf for the shadow bp and copy the contents of the
13727 	 * original xbuf into it.
13728 	 */
13729 	new_xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
13730 	bcopy(xp, new_xp, sizeof (struct sd_xbuf));
13731 
13732 	/*
13733 	 * The given bp is automatically saved in the xb_private member
13734 	 * of the new xbuf.  Callers are allowed to depend on this.
13735 	 */
13736 	new_xp->xb_private = bp;
13737 
13738 	new_bp->b_private  = new_xp;
13739 
13740 	return (new_bp);
13741 }
13742 
13743 /*
13744  *    Function: sd_shadow_buf_alloc
13745  *
13746  * Description: Allocate a buf(9S) and init it as per the given buf
13747  *		and the various arguments.  The associated sd_xbuf
13748  *		struct is (nearly) duplicated.  The struct buf *bp
13749  *		argument is saved in new_xp->xb_private.
13750  *
13751  *   Arguments: bp - ptr the the buf(9S) to be "shadowed"
13752  *		datalen - size of data area for the shadow bp
13753  *		bflags - B_READ or B_WRITE (pseudo flag)
13754  *		blkno - starting LBA
13755  *		func - function pointer for b_iodone in the shadow buf. (May
13756  *			be NULL if none.)
13757  *
13758  * Return Code: Pointer to allocates buf(9S) struct
13759  *
13760  *     Context: Can sleep.
13761  */
13762 
13763 static struct buf *
13764 sd_shadow_buf_alloc(struct buf *bp, size_t datalen, uint_t bflags,
13765 	daddr_t blkno, int (*func)(struct buf *))
13766 {
13767 	struct	sd_lun	*un;
13768 	struct	sd_xbuf	*xp;
13769 	struct	sd_xbuf	*new_xp;
13770 	struct	buf	*new_bp;
13771 
13772 	ASSERT(bp != NULL);
13773 	xp = SD_GET_XBUF(bp);
13774 	ASSERT(xp != NULL);
13775 	un = SD_GET_UN(bp);
13776 	ASSERT(un != NULL);
13777 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13778 
13779 	if (bp->b_flags & (B_PAGEIO | B_PHYS)) {
13780 		bp_mapin(bp);
13781 	}
13782 
13783 	bflags &= (B_READ | B_WRITE);
13784 #if defined(__i386) || defined(__amd64)
13785 	new_bp = getrbuf(KM_SLEEP);
13786 	new_bp->b_un.b_addr = kmem_zalloc(datalen, KM_SLEEP);
13787 	new_bp->b_bcount = datalen;
13788 	new_bp->b_flags	= bp->b_flags | bflags;
13789 #else
13790 	new_bp = scsi_alloc_consistent_buf(SD_ADDRESS(un), NULL,
13791 	    datalen, bflags, SLEEP_FUNC, NULL);
13792 #endif
13793 	new_bp->av_forw	= NULL;
13794 	new_bp->av_back	= NULL;
13795 	new_bp->b_dev	= bp->b_dev;
13796 	new_bp->b_blkno	= blkno;
13797 	new_bp->b_iodone = func;
13798 	new_bp->b_edev	= bp->b_edev;
13799 	new_bp->b_resid	= 0;
13800 
13801 	/* We need to preserve the B_FAILFAST flag */
13802 	if (bp->b_flags & B_FAILFAST) {
13803 		new_bp->b_flags |= B_FAILFAST;
13804 	}
13805 
13806 	/*
13807 	 * Allocate an xbuf for the shadow bp and copy the contents of the
13808 	 * original xbuf into it.
13809 	 */
13810 	new_xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
13811 	bcopy(xp, new_xp, sizeof (struct sd_xbuf));
13812 
13813 	/* Need later to copy data between the shadow buf & original buf! */
13814 	new_xp->xb_pkt_flags |= PKT_CONSISTENT;
13815 
13816 	/*
13817 	 * The given bp is automatically saved in the xb_private member
13818 	 * of the new xbuf.  Callers are allowed to depend on this.
13819 	 */
13820 	new_xp->xb_private = bp;
13821 
13822 	new_bp->b_private  = new_xp;
13823 
13824 	return (new_bp);
13825 }
13826 
13827 /*
13828  *    Function: sd_bioclone_free
13829  *
13830  * Description: Deallocate a buf(9S) that was used for 'shadow' IO operations
13831  *		in the larger than partition operation.
13832  *
13833  *     Context: May be called under interrupt context
13834  */
13835 
13836 static void
13837 sd_bioclone_free(struct buf *bp)
13838 {
13839 	struct sd_xbuf	*xp;
13840 
13841 	ASSERT(bp != NULL);
13842 	xp = SD_GET_XBUF(bp);
13843 	ASSERT(xp != NULL);
13844 
13845 	/*
13846 	 * Call bp_mapout() before freeing the buf,  in case a lower
13847 	 * layer or HBA  had done a bp_mapin().  we must do this here
13848 	 * as we are the "originator" of the shadow buf.
13849 	 */
13850 	bp_mapout(bp);
13851 
13852 	/*
13853 	 * Null out b_iodone before freeing the bp, to ensure that the driver
13854 	 * never gets confused by a stale value in this field. (Just a little
13855 	 * extra defensiveness here.)
13856 	 */
13857 	bp->b_iodone = NULL;
13858 
13859 	freerbuf(bp);
13860 
13861 	kmem_free(xp, sizeof (struct sd_xbuf));
13862 }
13863 
13864 /*
13865  *    Function: sd_shadow_buf_free
13866  *
13867  * Description: Deallocate a buf(9S) that was used for 'shadow' IO operations.
13868  *
13869  *     Context: May be called under interrupt context
13870  */
13871 
13872 static void
13873 sd_shadow_buf_free(struct buf *bp)
13874 {
13875 	struct sd_xbuf	*xp;
13876 
13877 	ASSERT(bp != NULL);
13878 	xp = SD_GET_XBUF(bp);
13879 	ASSERT(xp != NULL);
13880 
13881 #if defined(__sparc)
13882 	/*
13883 	 * Call bp_mapout() before freeing the buf,  in case a lower
13884 	 * layer or HBA  had done a bp_mapin().  we must do this here
13885 	 * as we are the "originator" of the shadow buf.
13886 	 */
13887 	bp_mapout(bp);
13888 #endif
13889 
13890 	/*
13891 	 * Null out b_iodone before freeing the bp, to ensure that the driver
13892 	 * never gets confused by a stale value in this field. (Just a little
13893 	 * extra defensiveness here.)
13894 	 */
13895 	bp->b_iodone = NULL;
13896 
13897 #if defined(__i386) || defined(__amd64)
13898 	kmem_free(bp->b_un.b_addr, bp->b_bcount);
13899 	freerbuf(bp);
13900 #else
13901 	scsi_free_consistent_buf(bp);
13902 #endif
13903 
13904 	kmem_free(xp, sizeof (struct sd_xbuf));
13905 }
13906 
13907 
13908 /*
13909  *    Function: sd_print_transport_rejected_message
13910  *
13911  * Description: This implements the ludicrously complex rules for printing
13912  *		a "transport rejected" message.  This is to address the
13913  *		specific problem of having a flood of this error message
13914  *		produced when a failover occurs.
13915  *
13916  *     Context: Any.
13917  */
13918 
13919 static void
13920 sd_print_transport_rejected_message(struct sd_lun *un, struct sd_xbuf *xp,
13921 	int code)
13922 {
13923 	ASSERT(un != NULL);
13924 	ASSERT(mutex_owned(SD_MUTEX(un)));
13925 	ASSERT(xp != NULL);
13926 
13927 	/*
13928 	 * Print the "transport rejected" message under the following
13929 	 * conditions:
13930 	 *
13931 	 * - Whenever the SD_LOGMASK_DIAG bit of sd_level_mask is set
13932 	 * - The error code from scsi_transport() is NOT a TRAN_FATAL_ERROR.
13933 	 * - If the error code IS a TRAN_FATAL_ERROR, then the message is
13934 	 *   printed the FIRST time a TRAN_FATAL_ERROR is returned from
13935 	 *   scsi_transport(9F) (which indicates that the target might have
13936 	 *   gone off-line).  This uses the un->un_tran_fatal_count
13937 	 *   count, which is incremented whenever a TRAN_FATAL_ERROR is
13938 	 *   received, and reset to zero whenver a TRAN_ACCEPT is returned
13939 	 *   from scsi_transport().
13940 	 *
13941 	 * The FLAG_SILENT in the scsi_pkt must be CLEARED in ALL of
13942 	 * the preceeding cases in order for the message to be printed.
13943 	 */
13944 	if ((xp->xb_pktp->pkt_flags & FLAG_SILENT) == 0) {
13945 		if ((sd_level_mask & SD_LOGMASK_DIAG) ||
13946 		    (code != TRAN_FATAL_ERROR) ||
13947 		    (un->un_tran_fatal_count == 1)) {
13948 			switch (code) {
13949 			case TRAN_BADPKT:
13950 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13951 				    "transport rejected bad packet\n");
13952 				break;
13953 			case TRAN_FATAL_ERROR:
13954 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13955 				    "transport rejected fatal error\n");
13956 				break;
13957 			default:
13958 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13959 				    "transport rejected (%d)\n", code);
13960 				break;
13961 			}
13962 		}
13963 	}
13964 }
13965 
13966 
13967 /*
13968  *    Function: sd_add_buf_to_waitq
13969  *
13970  * Description: Add the given buf(9S) struct to the wait queue for the
13971  *		instance.  If sorting is enabled, then the buf is added
13972  *		to the queue via an elevator sort algorithm (a la
13973  *		disksort(9F)).  The SD_GET_BLKNO(bp) is used as the sort key.
13974  *		If sorting is not enabled, then the buf is just added
13975  *		to the end of the wait queue.
13976  *
13977  * Return Code: void
13978  *
13979  *     Context: Does not sleep/block, therefore technically can be called
13980  *		from any context.  However if sorting is enabled then the
13981  *		execution time is indeterminate, and may take long if
13982  *		the wait queue grows large.
13983  */
13984 
13985 static void
13986 sd_add_buf_to_waitq(struct sd_lun *un, struct buf *bp)
13987 {
13988 	struct buf *ap;
13989 
13990 	ASSERT(bp != NULL);
13991 	ASSERT(un != NULL);
13992 	ASSERT(mutex_owned(SD_MUTEX(un)));
13993 
13994 	/* If the queue is empty, add the buf as the only entry & return. */
13995 	if (un->un_waitq_headp == NULL) {
13996 		ASSERT(un->un_waitq_tailp == NULL);
13997 		un->un_waitq_headp = un->un_waitq_tailp = bp;
13998 		bp->av_forw = NULL;
13999 		return;
14000 	}
14001 
14002 	ASSERT(un->un_waitq_tailp != NULL);
14003 
14004 	/*
14005 	 * If sorting is disabled, just add the buf to the tail end of
14006 	 * the wait queue and return.
14007 	 */
14008 	if (un->un_f_disksort_disabled) {
14009 		un->un_waitq_tailp->av_forw = bp;
14010 		un->un_waitq_tailp = bp;
14011 		bp->av_forw = NULL;
14012 		return;
14013 	}
14014 
14015 	/*
14016 	 * Sort thru the list of requests currently on the wait queue
14017 	 * and add the new buf request at the appropriate position.
14018 	 *
14019 	 * The un->un_waitq_headp is an activity chain pointer on which
14020 	 * we keep two queues, sorted in ascending SD_GET_BLKNO() order. The
14021 	 * first queue holds those requests which are positioned after
14022 	 * the current SD_GET_BLKNO() (in the first request); the second holds
14023 	 * requests which came in after their SD_GET_BLKNO() number was passed.
14024 	 * Thus we implement a one way scan, retracting after reaching
14025 	 * the end of the drive to the first request on the second
14026 	 * queue, at which time it becomes the first queue.
14027 	 * A one-way scan is natural because of the way UNIX read-ahead
14028 	 * blocks are allocated.
14029 	 *
14030 	 * If we lie after the first request, then we must locate the
14031 	 * second request list and add ourselves to it.
14032 	 */
14033 	ap = un->un_waitq_headp;
14034 	if (SD_GET_BLKNO(bp) < SD_GET_BLKNO(ap)) {
14035 		while (ap->av_forw != NULL) {
14036 			/*
14037 			 * Look for an "inversion" in the (normally
14038 			 * ascending) block numbers. This indicates
14039 			 * the start of the second request list.
14040 			 */
14041 			if (SD_GET_BLKNO(ap->av_forw) < SD_GET_BLKNO(ap)) {
14042 				/*
14043 				 * Search the second request list for the
14044 				 * first request at a larger block number.
14045 				 * We go before that; however if there is
14046 				 * no such request, we go at the end.
14047 				 */
14048 				do {
14049 					if (SD_GET_BLKNO(bp) <
14050 					    SD_GET_BLKNO(ap->av_forw)) {
14051 						goto insert;
14052 					}
14053 					ap = ap->av_forw;
14054 				} while (ap->av_forw != NULL);
14055 				goto insert;		/* after last */
14056 			}
14057 			ap = ap->av_forw;
14058 		}
14059 
14060 		/*
14061 		 * No inversions... we will go after the last, and
14062 		 * be the first request in the second request list.
14063 		 */
14064 		goto insert;
14065 	}
14066 
14067 	/*
14068 	 * Request is at/after the current request...
14069 	 * sort in the first request list.
14070 	 */
14071 	while (ap->av_forw != NULL) {
14072 		/*
14073 		 * We want to go after the current request (1) if
14074 		 * there is an inversion after it (i.e. it is the end
14075 		 * of the first request list), or (2) if the next
14076 		 * request is a larger block no. than our request.
14077 		 */
14078 		if ((SD_GET_BLKNO(ap->av_forw) < SD_GET_BLKNO(ap)) ||
14079 		    (SD_GET_BLKNO(bp) < SD_GET_BLKNO(ap->av_forw))) {
14080 			goto insert;
14081 		}
14082 		ap = ap->av_forw;
14083 	}
14084 
14085 	/*
14086 	 * Neither a second list nor a larger request, therefore
14087 	 * we go at the end of the first list (which is the same
14088 	 * as the end of the whole schebang).
14089 	 */
14090 insert:
14091 	bp->av_forw = ap->av_forw;
14092 	ap->av_forw = bp;
14093 
14094 	/*
14095 	 * If we inserted onto the tail end of the waitq, make sure the
14096 	 * tail pointer is updated.
14097 	 */
14098 	if (ap == un->un_waitq_tailp) {
14099 		un->un_waitq_tailp = bp;
14100 	}
14101 }
14102 
14103 
14104 /*
14105  *    Function: sd_start_cmds
14106  *
14107  * Description: Remove and transport cmds from the driver queues.
14108  *
14109  *   Arguments: un - pointer to the unit (soft state) struct for the target.
14110  *
14111  *		immed_bp - ptr to a buf to be transported immediately. Only
14112  *		the immed_bp is transported; bufs on the waitq are not
14113  *		processed and the un_retry_bp is not checked.  If immed_bp is
14114  *		NULL, then normal queue processing is performed.
14115  *
14116  *     Context: May be called from kernel thread context, interrupt context,
14117  *		or runout callback context. This function may not block or
14118  *		call routines that block.
14119  */
14120 
14121 static void
14122 sd_start_cmds(struct sd_lun *un, struct buf *immed_bp)
14123 {
14124 	struct	sd_xbuf	*xp;
14125 	struct	buf	*bp;
14126 	void	(*statp)(kstat_io_t *);
14127 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14128 	void	(*saved_statp)(kstat_io_t *);
14129 #endif
14130 	int	rval;
14131 
14132 	ASSERT(un != NULL);
14133 	ASSERT(mutex_owned(SD_MUTEX(un)));
14134 	ASSERT(un->un_ncmds_in_transport >= 0);
14135 	ASSERT(un->un_throttle >= 0);
14136 
14137 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_start_cmds: entry\n");
14138 
14139 	do {
14140 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14141 		saved_statp = NULL;
14142 #endif
14143 
14144 		/*
14145 		 * If we are syncing or dumping, fail the command to
14146 		 * avoid recursively calling back into scsi_transport().
14147 		 * The dump I/O itself uses a separate code path so this
14148 		 * only prevents non-dump I/O from being sent while dumping.
14149 		 * File system sync takes place before dumping begins.
14150 		 * During panic, filesystem I/O is allowed provided
14151 		 * un_in_callback is <= 1.  This is to prevent recursion
14152 		 * such as sd_start_cmds -> scsi_transport -> sdintr ->
14153 		 * sd_start_cmds and so on.  See panic.c for more information
14154 		 * about the states the system can be in during panic.
14155 		 */
14156 		if ((un->un_state == SD_STATE_DUMPING) ||
14157 		    (ddi_in_panic() && (un->un_in_callback > 1))) {
14158 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14159 			    "sd_start_cmds: panicking\n");
14160 			goto exit;
14161 		}
14162 
14163 		if ((bp = immed_bp) != NULL) {
14164 			/*
14165 			 * We have a bp that must be transported immediately.
14166 			 * It's OK to transport the immed_bp here without doing
14167 			 * the throttle limit check because the immed_bp is
14168 			 * always used in a retry/recovery case. This means
14169 			 * that we know we are not at the throttle limit by
14170 			 * virtue of the fact that to get here we must have
14171 			 * already gotten a command back via sdintr(). This also
14172 			 * relies on (1) the command on un_retry_bp preventing
14173 			 * further commands from the waitq from being issued;
14174 			 * and (2) the code in sd_retry_command checking the
14175 			 * throttle limit before issuing a delayed or immediate
14176 			 * retry. This holds even if the throttle limit is
14177 			 * currently ratcheted down from its maximum value.
14178 			 */
14179 			statp = kstat_runq_enter;
14180 			if (bp == un->un_retry_bp) {
14181 				ASSERT((un->un_retry_statp == NULL) ||
14182 				    (un->un_retry_statp == kstat_waitq_enter) ||
14183 				    (un->un_retry_statp ==
14184 				    kstat_runq_back_to_waitq));
14185 				/*
14186 				 * If the waitq kstat was incremented when
14187 				 * sd_set_retry_bp() queued this bp for a retry,
14188 				 * then we must set up statp so that the waitq
14189 				 * count will get decremented correctly below.
14190 				 * Also we must clear un->un_retry_statp to
14191 				 * ensure that we do not act on a stale value
14192 				 * in this field.
14193 				 */
14194 				if ((un->un_retry_statp == kstat_waitq_enter) ||
14195 				    (un->un_retry_statp ==
14196 				    kstat_runq_back_to_waitq)) {
14197 					statp = kstat_waitq_to_runq;
14198 				}
14199 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14200 				saved_statp = un->un_retry_statp;
14201 #endif
14202 				un->un_retry_statp = NULL;
14203 
14204 				SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
14205 				    "sd_start_cmds: un:0x%p: GOT retry_bp:0x%p "
14206 				    "un_throttle:%d un_ncmds_in_transport:%d\n",
14207 				    un, un->un_retry_bp, un->un_throttle,
14208 				    un->un_ncmds_in_transport);
14209 			} else {
14210 				SD_TRACE(SD_LOG_IO_CORE, un, "sd_start_cmds: "
14211 				    "processing priority bp:0x%p\n", bp);
14212 			}
14213 
14214 		} else if ((bp = un->un_waitq_headp) != NULL) {
14215 			/*
14216 			 * A command on the waitq is ready to go, but do not
14217 			 * send it if:
14218 			 *
14219 			 * (1) the throttle limit has been reached, or
14220 			 * (2) a retry is pending, or
14221 			 * (3) a START_STOP_UNIT callback pending, or
14222 			 * (4) a callback for a SD_PATH_DIRECT_PRIORITY
14223 			 *	command is pending.
14224 			 *
14225 			 * For all of these conditions, IO processing will
14226 			 * restart after the condition is cleared.
14227 			 */
14228 			if (un->un_ncmds_in_transport >= un->un_throttle) {
14229 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14230 				    "sd_start_cmds: exiting, "
14231 				    "throttle limit reached!\n");
14232 				goto exit;
14233 			}
14234 			if (un->un_retry_bp != NULL) {
14235 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14236 				    "sd_start_cmds: exiting, retry pending!\n");
14237 				goto exit;
14238 			}
14239 			if (un->un_startstop_timeid != NULL) {
14240 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14241 				    "sd_start_cmds: exiting, "
14242 				    "START_STOP pending!\n");
14243 				goto exit;
14244 			}
14245 			if (un->un_direct_priority_timeid != NULL) {
14246 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14247 				    "sd_start_cmds: exiting, "
14248 				    "SD_PATH_DIRECT_PRIORITY cmd. pending!\n");
14249 				goto exit;
14250 			}
14251 
14252 			/* Dequeue the command */
14253 			un->un_waitq_headp = bp->av_forw;
14254 			if (un->un_waitq_headp == NULL) {
14255 				un->un_waitq_tailp = NULL;
14256 			}
14257 			bp->av_forw = NULL;
14258 			statp = kstat_waitq_to_runq;
14259 			SD_TRACE(SD_LOG_IO_CORE, un,
14260 			    "sd_start_cmds: processing waitq bp:0x%p\n", bp);
14261 
14262 		} else {
14263 			/* No work to do so bail out now */
14264 			SD_TRACE(SD_LOG_IO_CORE, un,
14265 			    "sd_start_cmds: no more work, exiting!\n");
14266 			goto exit;
14267 		}
14268 
14269 		/*
14270 		 * Reset the state to normal. This is the mechanism by which
14271 		 * the state transitions from either SD_STATE_RWAIT or
14272 		 * SD_STATE_OFFLINE to SD_STATE_NORMAL.
14273 		 * If state is SD_STATE_PM_CHANGING then this command is
14274 		 * part of the device power control and the state must
14275 		 * not be put back to normal. Doing so would would
14276 		 * allow new commands to proceed when they shouldn't,
14277 		 * the device may be going off.
14278 		 */
14279 		if ((un->un_state != SD_STATE_SUSPENDED) &&
14280 		    (un->un_state != SD_STATE_PM_CHANGING)) {
14281 			New_state(un, SD_STATE_NORMAL);
14282 		    }
14283 
14284 		xp = SD_GET_XBUF(bp);
14285 		ASSERT(xp != NULL);
14286 
14287 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14288 		/*
14289 		 * Allocate the scsi_pkt if we need one, or attach DMA
14290 		 * resources if we have a scsi_pkt that needs them. The
14291 		 * latter should only occur for commands that are being
14292 		 * retried.
14293 		 */
14294 		if ((xp->xb_pktp == NULL) ||
14295 		    ((xp->xb_pkt_flags & SD_XB_DMA_FREED) != 0)) {
14296 #else
14297 		if (xp->xb_pktp == NULL) {
14298 #endif
14299 			/*
14300 			 * There is no scsi_pkt allocated for this buf. Call
14301 			 * the initpkt function to allocate & init one.
14302 			 *
14303 			 * The scsi_init_pkt runout callback functionality is
14304 			 * implemented as follows:
14305 			 *
14306 			 * 1) The initpkt function always calls
14307 			 *    scsi_init_pkt(9F) with sdrunout specified as the
14308 			 *    callback routine.
14309 			 * 2) A successful packet allocation is initialized and
14310 			 *    the I/O is transported.
14311 			 * 3) The I/O associated with an allocation resource
14312 			 *    failure is left on its queue to be retried via
14313 			 *    runout or the next I/O.
14314 			 * 4) The I/O associated with a DMA error is removed
14315 			 *    from the queue and failed with EIO. Processing of
14316 			 *    the transport queues is also halted to be
14317 			 *    restarted via runout or the next I/O.
14318 			 * 5) The I/O associated with a CDB size or packet
14319 			 *    size error is removed from the queue and failed
14320 			 *    with EIO. Processing of the transport queues is
14321 			 *    continued.
14322 			 *
14323 			 * Note: there is no interface for canceling a runout
14324 			 * callback. To prevent the driver from detaching or
14325 			 * suspending while a runout is pending the driver
14326 			 * state is set to SD_STATE_RWAIT
14327 			 *
14328 			 * Note: using the scsi_init_pkt callback facility can
14329 			 * result in an I/O request persisting at the head of
14330 			 * the list which cannot be satisfied even after
14331 			 * multiple retries. In the future the driver may
14332 			 * implement some kind of maximum runout count before
14333 			 * failing an I/O.
14334 			 *
14335 			 * Note: the use of funcp below may seem superfluous,
14336 			 * but it helps warlock figure out the correct
14337 			 * initpkt function calls (see [s]sd.wlcmd).
14338 			 */
14339 			struct scsi_pkt	*pktp;
14340 			int (*funcp)(struct buf *bp, struct scsi_pkt **pktp);
14341 
14342 			ASSERT(bp != un->un_rqs_bp);
14343 
14344 			funcp = sd_initpkt_map[xp->xb_chain_iostart];
14345 			switch ((*funcp)(bp, &pktp)) {
14346 			case  SD_PKT_ALLOC_SUCCESS:
14347 				xp->xb_pktp = pktp;
14348 				SD_TRACE(SD_LOG_IO_CORE, un,
14349 				    "sd_start_cmd: SD_PKT_ALLOC_SUCCESS 0x%p\n",
14350 				    pktp);
14351 				goto got_pkt;
14352 
14353 			case SD_PKT_ALLOC_FAILURE:
14354 				/*
14355 				 * Temporary (hopefully) resource depletion.
14356 				 * Since retries and RQS commands always have a
14357 				 * scsi_pkt allocated, these cases should never
14358 				 * get here. So the only cases this needs to
14359 				 * handle is a bp from the waitq (which we put
14360 				 * back onto the waitq for sdrunout), or a bp
14361 				 * sent as an immed_bp (which we just fail).
14362 				 */
14363 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14364 				    "sd_start_cmds: SD_PKT_ALLOC_FAILURE\n");
14365 
14366 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14367 
14368 				if (bp == immed_bp) {
14369 					/*
14370 					 * If SD_XB_DMA_FREED is clear, then
14371 					 * this is a failure to allocate a
14372 					 * scsi_pkt, and we must fail the
14373 					 * command.
14374 					 */
14375 					if ((xp->xb_pkt_flags &
14376 					    SD_XB_DMA_FREED) == 0) {
14377 						break;
14378 					}
14379 
14380 					/*
14381 					 * If this immediate command is NOT our
14382 					 * un_retry_bp, then we must fail it.
14383 					 */
14384 					if (bp != un->un_retry_bp) {
14385 						break;
14386 					}
14387 
14388 					/*
14389 					 * We get here if this cmd is our
14390 					 * un_retry_bp that was DMAFREED, but
14391 					 * scsi_init_pkt() failed to reallocate
14392 					 * DMA resources when we attempted to
14393 					 * retry it. This can happen when an
14394 					 * mpxio failover is in progress, but
14395 					 * we don't want to just fail the
14396 					 * command in this case.
14397 					 *
14398 					 * Use timeout(9F) to restart it after
14399 					 * a 100ms delay.  We don't want to
14400 					 * let sdrunout() restart it, because
14401 					 * sdrunout() is just supposed to start
14402 					 * commands that are sitting on the
14403 					 * wait queue.  The un_retry_bp stays
14404 					 * set until the command completes, but
14405 					 * sdrunout can be called many times
14406 					 * before that happens.  Since sdrunout
14407 					 * cannot tell if the un_retry_bp is
14408 					 * already in the transport, it could
14409 					 * end up calling scsi_transport() for
14410 					 * the un_retry_bp multiple times.
14411 					 *
14412 					 * Also: don't schedule the callback
14413 					 * if some other callback is already
14414 					 * pending.
14415 					 */
14416 					if (un->un_retry_statp == NULL) {
14417 						/*
14418 						 * restore the kstat pointer to
14419 						 * keep kstat counts coherent
14420 						 * when we do retry the command.
14421 						 */
14422 						un->un_retry_statp =
14423 						    saved_statp;
14424 					}
14425 
14426 					if ((un->un_startstop_timeid == NULL) &&
14427 					    (un->un_retry_timeid == NULL) &&
14428 					    (un->un_direct_priority_timeid ==
14429 					    NULL)) {
14430 
14431 						un->un_retry_timeid =
14432 						    timeout(
14433 						    sd_start_retry_command,
14434 						    un, SD_RESTART_TIMEOUT);
14435 					}
14436 					goto exit;
14437 				}
14438 
14439 #else
14440 				if (bp == immed_bp) {
14441 					break;	/* Just fail the command */
14442 				}
14443 #endif
14444 
14445 				/* Add the buf back to the head of the waitq */
14446 				bp->av_forw = un->un_waitq_headp;
14447 				un->un_waitq_headp = bp;
14448 				if (un->un_waitq_tailp == NULL) {
14449 					un->un_waitq_tailp = bp;
14450 				}
14451 				goto exit;
14452 
14453 			case SD_PKT_ALLOC_FAILURE_NO_DMA:
14454 				/*
14455 				 * HBA DMA resource failure. Fail the command
14456 				 * and continue processing of the queues.
14457 				 */
14458 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14459 				    "sd_start_cmds: "
14460 				    "SD_PKT_ALLOC_FAILURE_NO_DMA\n");
14461 				break;
14462 
14463 			case SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL:
14464 				/*
14465 				 * Note:x86: Partial DMA mapping not supported
14466 				 * for USCSI commands, and all the needed DMA
14467 				 * resources were not allocated.
14468 				 */
14469 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14470 				    "sd_start_cmds: "
14471 				    "SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL\n");
14472 				break;
14473 
14474 			case SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL:
14475 				/*
14476 				 * Note:x86: Request cannot fit into CDB based
14477 				 * on lba and len.
14478 				 */
14479 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14480 				    "sd_start_cmds: "
14481 				    "SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL\n");
14482 				break;
14483 
14484 			default:
14485 				/* Should NEVER get here! */
14486 				panic("scsi_initpkt error");
14487 				/*NOTREACHED*/
14488 			}
14489 
14490 			/*
14491 			 * Fatal error in allocating a scsi_pkt for this buf.
14492 			 * Update kstats & return the buf with an error code.
14493 			 * We must use sd_return_failed_command_no_restart() to
14494 			 * avoid a recursive call back into sd_start_cmds().
14495 			 * However this also means that we must keep processing
14496 			 * the waitq here in order to avoid stalling.
14497 			 */
14498 			if (statp == kstat_waitq_to_runq) {
14499 				SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
14500 			}
14501 			sd_return_failed_command_no_restart(un, bp, EIO);
14502 			if (bp == immed_bp) {
14503 				/* immed_bp is gone by now, so clear this */
14504 				immed_bp = NULL;
14505 			}
14506 			continue;
14507 		}
14508 got_pkt:
14509 		if (bp == immed_bp) {
14510 			/* goto the head of the class.... */
14511 			xp->xb_pktp->pkt_flags |= FLAG_HEAD;
14512 		}
14513 
14514 		un->un_ncmds_in_transport++;
14515 		SD_UPDATE_KSTATS(un, statp, bp);
14516 
14517 		/*
14518 		 * Call scsi_transport() to send the command to the target.
14519 		 * According to SCSA architecture, we must drop the mutex here
14520 		 * before calling scsi_transport() in order to avoid deadlock.
14521 		 * Note that the scsi_pkt's completion routine can be executed
14522 		 * (from interrupt context) even before the call to
14523 		 * scsi_transport() returns.
14524 		 */
14525 		SD_TRACE(SD_LOG_IO_CORE, un,
14526 		    "sd_start_cmds: calling scsi_transport()\n");
14527 		DTRACE_PROBE1(scsi__transport__dispatch, struct buf *, bp);
14528 
14529 		mutex_exit(SD_MUTEX(un));
14530 		rval = scsi_transport(xp->xb_pktp);
14531 		mutex_enter(SD_MUTEX(un));
14532 
14533 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14534 		    "sd_start_cmds: scsi_transport() returned %d\n", rval);
14535 
14536 		switch (rval) {
14537 		case TRAN_ACCEPT:
14538 			/* Clear this with every pkt accepted by the HBA */
14539 			un->un_tran_fatal_count = 0;
14540 			break;	/* Success; try the next cmd (if any) */
14541 
14542 		case TRAN_BUSY:
14543 			un->un_ncmds_in_transport--;
14544 			ASSERT(un->un_ncmds_in_transport >= 0);
14545 
14546 			/*
14547 			 * Don't retry request sense, the sense data
14548 			 * is lost when another request is sent.
14549 			 * Free up the rqs buf and retry
14550 			 * the original failed cmd.  Update kstat.
14551 			 */
14552 			if (bp == un->un_rqs_bp) {
14553 				SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14554 				bp = sd_mark_rqs_idle(un, xp);
14555 				sd_retry_command(un, bp, SD_RETRIES_STANDARD,
14556 					NULL, NULL, EIO, SD_BSY_TIMEOUT / 500,
14557 					kstat_waitq_enter);
14558 				goto exit;
14559 			}
14560 
14561 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14562 			/*
14563 			 * Free the DMA resources for the  scsi_pkt. This will
14564 			 * allow mpxio to select another path the next time
14565 			 * we call scsi_transport() with this scsi_pkt.
14566 			 * See sdintr() for the rationalization behind this.
14567 			 */
14568 			if ((un->un_f_is_fibre == TRUE) &&
14569 			    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
14570 			    ((xp->xb_pktp->pkt_flags & FLAG_SENSING) == 0)) {
14571 				scsi_dmafree(xp->xb_pktp);
14572 				xp->xb_pkt_flags |= SD_XB_DMA_FREED;
14573 			}
14574 #endif
14575 
14576 			if (SD_IS_DIRECT_PRIORITY(SD_GET_XBUF(bp))) {
14577 				/*
14578 				 * Commands that are SD_PATH_DIRECT_PRIORITY
14579 				 * are for error recovery situations. These do
14580 				 * not use the normal command waitq, so if they
14581 				 * get a TRAN_BUSY we cannot put them back onto
14582 				 * the waitq for later retry. One possible
14583 				 * problem is that there could already be some
14584 				 * other command on un_retry_bp that is waiting
14585 				 * for this one to complete, so we would be
14586 				 * deadlocked if we put this command back onto
14587 				 * the waitq for later retry (since un_retry_bp
14588 				 * must complete before the driver gets back to
14589 				 * commands on the waitq).
14590 				 *
14591 				 * To avoid deadlock we must schedule a callback
14592 				 * that will restart this command after a set
14593 				 * interval.  This should keep retrying for as
14594 				 * long as the underlying transport keeps
14595 				 * returning TRAN_BUSY (just like for other
14596 				 * commands).  Use the same timeout interval as
14597 				 * for the ordinary TRAN_BUSY retry.
14598 				 */
14599 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14600 				    "sd_start_cmds: scsi_transport() returned "
14601 				    "TRAN_BUSY for DIRECT_PRIORITY cmd!\n");
14602 
14603 				SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14604 				un->un_direct_priority_timeid =
14605 				    timeout(sd_start_direct_priority_command,
14606 				    bp, SD_BSY_TIMEOUT / 500);
14607 
14608 				goto exit;
14609 			}
14610 
14611 			/*
14612 			 * For TRAN_BUSY, we want to reduce the throttle value,
14613 			 * unless we are retrying a command.
14614 			 */
14615 			if (bp != un->un_retry_bp) {
14616 				sd_reduce_throttle(un, SD_THROTTLE_TRAN_BUSY);
14617 			}
14618 
14619 			/*
14620 			 * Set up the bp to be tried again 10 ms later.
14621 			 * Note:x86: Is there a timeout value in the sd_lun
14622 			 * for this condition?
14623 			 */
14624 			sd_set_retry_bp(un, bp, SD_BSY_TIMEOUT / 500,
14625 				kstat_runq_back_to_waitq);
14626 			goto exit;
14627 
14628 		case TRAN_FATAL_ERROR:
14629 			un->un_tran_fatal_count++;
14630 			/* FALLTHRU */
14631 
14632 		case TRAN_BADPKT:
14633 		default:
14634 			un->un_ncmds_in_transport--;
14635 			ASSERT(un->un_ncmds_in_transport >= 0);
14636 
14637 			/*
14638 			 * If this is our REQUEST SENSE command with a
14639 			 * transport error, we must get back the pointers
14640 			 * to the original buf, and mark the REQUEST
14641 			 * SENSE command as "available".
14642 			 */
14643 			if (bp == un->un_rqs_bp) {
14644 				bp = sd_mark_rqs_idle(un, xp);
14645 				xp = SD_GET_XBUF(bp);
14646 			} else {
14647 				/*
14648 				 * Legacy behavior: do not update transport
14649 				 * error count for request sense commands.
14650 				 */
14651 				SD_UPDATE_ERRSTATS(un, sd_transerrs);
14652 			}
14653 
14654 			SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14655 			sd_print_transport_rejected_message(un, xp, rval);
14656 
14657 			/*
14658 			 * We must use sd_return_failed_command_no_restart() to
14659 			 * avoid a recursive call back into sd_start_cmds().
14660 			 * However this also means that we must keep processing
14661 			 * the waitq here in order to avoid stalling.
14662 			 */
14663 			sd_return_failed_command_no_restart(un, bp, EIO);
14664 
14665 			/*
14666 			 * Notify any threads waiting in sd_ddi_suspend() that
14667 			 * a command completion has occurred.
14668 			 */
14669 			if (un->un_state == SD_STATE_SUSPENDED) {
14670 				cv_broadcast(&un->un_disk_busy_cv);
14671 			}
14672 
14673 			if (bp == immed_bp) {
14674 				/* immed_bp is gone by now, so clear this */
14675 				immed_bp = NULL;
14676 			}
14677 			break;
14678 		}
14679 
14680 	} while (immed_bp == NULL);
14681 
14682 exit:
14683 	ASSERT(mutex_owned(SD_MUTEX(un)));
14684 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_start_cmds: exit\n");
14685 }
14686 
14687 
14688 /*
14689  *    Function: sd_return_command
14690  *
14691  * Description: Returns a command to its originator (with or without an
14692  *		error).  Also starts commands waiting to be transported
14693  *		to the target.
14694  *
14695  *     Context: May be called from interrupt, kernel, or timeout context
14696  */
14697 
14698 static void
14699 sd_return_command(struct sd_lun *un, struct buf *bp)
14700 {
14701 	struct sd_xbuf *xp;
14702 #if defined(__i386) || defined(__amd64)
14703 	struct scsi_pkt *pktp;
14704 #endif
14705 
14706 	ASSERT(bp != NULL);
14707 	ASSERT(un != NULL);
14708 	ASSERT(mutex_owned(SD_MUTEX(un)));
14709 	ASSERT(bp != un->un_rqs_bp);
14710 	xp = SD_GET_XBUF(bp);
14711 	ASSERT(xp != NULL);
14712 
14713 #if defined(__i386) || defined(__amd64)
14714 	pktp = SD_GET_PKTP(bp);
14715 #endif
14716 
14717 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_return_command: entry\n");
14718 
14719 #if defined(__i386) || defined(__amd64)
14720 	/*
14721 	 * Note:x86: check for the "sdrestart failed" case.
14722 	 */
14723 	if (((xp->xb_pkt_flags & SD_XB_USCSICMD) != SD_XB_USCSICMD) &&
14724 		(geterror(bp) == 0) && (xp->xb_dma_resid != 0) &&
14725 		(xp->xb_pktp->pkt_resid == 0)) {
14726 
14727 		if (sd_setup_next_xfer(un, bp, pktp, xp) != 0) {
14728 			/*
14729 			 * Successfully set up next portion of cmd
14730 			 * transfer, try sending it
14731 			 */
14732 			sd_retry_command(un, bp, SD_RETRIES_NOCHECK,
14733 			    NULL, NULL, 0, (clock_t)0, NULL);
14734 			sd_start_cmds(un, NULL);
14735 			return;	/* Note:x86: need a return here? */
14736 		}
14737 	}
14738 #endif
14739 
14740 	/*
14741 	 * If this is the failfast bp, clear it from un_failfast_bp. This
14742 	 * can happen if upon being re-tried the failfast bp either
14743 	 * succeeded or encountered another error (possibly even a different
14744 	 * error than the one that precipitated the failfast state, but in
14745 	 * that case it would have had to exhaust retries as well). Regardless,
14746 	 * this should not occur whenever the instance is in the active
14747 	 * failfast state.
14748 	 */
14749 	if (bp == un->un_failfast_bp) {
14750 		ASSERT(un->un_failfast_state == SD_FAILFAST_INACTIVE);
14751 		un->un_failfast_bp = NULL;
14752 	}
14753 
14754 	/*
14755 	 * Clear the failfast state upon successful completion of ANY cmd.
14756 	 */
14757 	if (bp->b_error == 0) {
14758 		un->un_failfast_state = SD_FAILFAST_INACTIVE;
14759 	}
14760 
14761 	/*
14762 	 * This is used if the command was retried one or more times. Show that
14763 	 * we are done with it, and allow processing of the waitq to resume.
14764 	 */
14765 	if (bp == un->un_retry_bp) {
14766 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14767 		    "sd_return_command: un:0x%p: "
14768 		    "RETURNING retry_bp:0x%p\n", un, un->un_retry_bp);
14769 		un->un_retry_bp = NULL;
14770 		un->un_retry_statp = NULL;
14771 	}
14772 
14773 	SD_UPDATE_RDWR_STATS(un, bp);
14774 	SD_UPDATE_PARTITION_STATS(un, bp);
14775 
14776 	switch (un->un_state) {
14777 	case SD_STATE_SUSPENDED:
14778 		/*
14779 		 * Notify any threads waiting in sd_ddi_suspend() that
14780 		 * a command completion has occurred.
14781 		 */
14782 		cv_broadcast(&un->un_disk_busy_cv);
14783 		break;
14784 	default:
14785 		sd_start_cmds(un, NULL);
14786 		break;
14787 	}
14788 
14789 	/* Return this command up the iodone chain to its originator. */
14790 	mutex_exit(SD_MUTEX(un));
14791 
14792 	(*(sd_destroypkt_map[xp->xb_chain_iodone]))(bp);
14793 	xp->xb_pktp = NULL;
14794 
14795 	SD_BEGIN_IODONE(xp->xb_chain_iodone, un, bp);
14796 
14797 	ASSERT(!mutex_owned(SD_MUTEX(un)));
14798 	mutex_enter(SD_MUTEX(un));
14799 
14800 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_return_command: exit\n");
14801 }
14802 
14803 
14804 /*
14805  *    Function: sd_return_failed_command
14806  *
14807  * Description: Command completion when an error occurred.
14808  *
14809  *     Context: May be called from interrupt context
14810  */
14811 
14812 static void
14813 sd_return_failed_command(struct sd_lun *un, struct buf *bp, int errcode)
14814 {
14815 	ASSERT(bp != NULL);
14816 	ASSERT(un != NULL);
14817 	ASSERT(mutex_owned(SD_MUTEX(un)));
14818 
14819 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14820 	    "sd_return_failed_command: entry\n");
14821 
14822 	/*
14823 	 * b_resid could already be nonzero due to a partial data
14824 	 * transfer, so do not change it here.
14825 	 */
14826 	SD_BIOERROR(bp, errcode);
14827 
14828 	sd_return_command(un, bp);
14829 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14830 	    "sd_return_failed_command: exit\n");
14831 }
14832 
14833 
14834 /*
14835  *    Function: sd_return_failed_command_no_restart
14836  *
14837  * Description: Same as sd_return_failed_command, but ensures that no
14838  *		call back into sd_start_cmds will be issued.
14839  *
14840  *     Context: May be called from interrupt context
14841  */
14842 
14843 static void
14844 sd_return_failed_command_no_restart(struct sd_lun *un, struct buf *bp,
14845 	int errcode)
14846 {
14847 	struct sd_xbuf *xp;
14848 
14849 	ASSERT(bp != NULL);
14850 	ASSERT(un != NULL);
14851 	ASSERT(mutex_owned(SD_MUTEX(un)));
14852 	xp = SD_GET_XBUF(bp);
14853 	ASSERT(xp != NULL);
14854 	ASSERT(errcode != 0);
14855 
14856 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14857 	    "sd_return_failed_command_no_restart: entry\n");
14858 
14859 	/*
14860 	 * b_resid could already be nonzero due to a partial data
14861 	 * transfer, so do not change it here.
14862 	 */
14863 	SD_BIOERROR(bp, errcode);
14864 
14865 	/*
14866 	 * If this is the failfast bp, clear it. This can happen if the
14867 	 * failfast bp encounterd a fatal error when we attempted to
14868 	 * re-try it (such as a scsi_transport(9F) failure).  However
14869 	 * we should NOT be in an active failfast state if the failfast
14870 	 * bp is not NULL.
14871 	 */
14872 	if (bp == un->un_failfast_bp) {
14873 		ASSERT(un->un_failfast_state == SD_FAILFAST_INACTIVE);
14874 		un->un_failfast_bp = NULL;
14875 	}
14876 
14877 	if (bp == un->un_retry_bp) {
14878 		/*
14879 		 * This command was retried one or more times. Show that we are
14880 		 * done with it, and allow processing of the waitq to resume.
14881 		 */
14882 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14883 		    "sd_return_failed_command_no_restart: "
14884 		    " un:0x%p: RETURNING retry_bp:0x%p\n", un, un->un_retry_bp);
14885 		un->un_retry_bp = NULL;
14886 		un->un_retry_statp = NULL;
14887 	}
14888 
14889 	SD_UPDATE_RDWR_STATS(un, bp);
14890 	SD_UPDATE_PARTITION_STATS(un, bp);
14891 
14892 	mutex_exit(SD_MUTEX(un));
14893 
14894 	if (xp->xb_pktp != NULL) {
14895 		(*(sd_destroypkt_map[xp->xb_chain_iodone]))(bp);
14896 		xp->xb_pktp = NULL;
14897 	}
14898 
14899 	SD_BEGIN_IODONE(xp->xb_chain_iodone, un, bp);
14900 
14901 	mutex_enter(SD_MUTEX(un));
14902 
14903 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14904 	    "sd_return_failed_command_no_restart: exit\n");
14905 }
14906 
14907 
14908 /*
14909  *    Function: sd_retry_command
14910  *
14911  * Description: queue up a command for retry, or (optionally) fail it
14912  *		if retry counts are exhausted.
14913  *
14914  *   Arguments: un - Pointer to the sd_lun struct for the target.
14915  *
14916  *		bp - Pointer to the buf for the command to be retried.
14917  *
14918  *		retry_check_flag - Flag to see which (if any) of the retry
14919  *		   counts should be decremented/checked. If the indicated
14920  *		   retry count is exhausted, then the command will not be
14921  *		   retried; it will be failed instead. This should use a
14922  *		   value equal to one of the following:
14923  *
14924  *			SD_RETRIES_NOCHECK
14925  *			SD_RESD_RETRIES_STANDARD
14926  *			SD_RETRIES_VICTIM
14927  *
14928  *		   Optionally may be bitwise-OR'ed with SD_RETRIES_ISOLATE
14929  *		   if the check should be made to see of FLAG_ISOLATE is set
14930  *		   in the pkt. If FLAG_ISOLATE is set, then the command is
14931  *		   not retried, it is simply failed.
14932  *
14933  *		user_funcp - Ptr to function to call before dispatching the
14934  *		   command. May be NULL if no action needs to be performed.
14935  *		   (Primarily intended for printing messages.)
14936  *
14937  *		user_arg - Optional argument to be passed along to
14938  *		   the user_funcp call.
14939  *
14940  *		failure_code - errno return code to set in the bp if the
14941  *		   command is going to be failed.
14942  *
14943  *		retry_delay - Retry delay interval in (clock_t) units. May
14944  *		   be zero which indicates that the retry should be retried
14945  *		   immediately (ie, without an intervening delay).
14946  *
14947  *		statp - Ptr to kstat function to be updated if the command
14948  *		   is queued for a delayed retry. May be NULL if no kstat
14949  *		   update is desired.
14950  *
14951  *     Context: May be called from interupt context.
14952  */
14953 
14954 static void
14955 sd_retry_command(struct sd_lun *un, struct buf *bp, int retry_check_flag,
14956 	void (*user_funcp)(struct sd_lun *un, struct buf *bp, void *argp, int
14957 	code), void *user_arg, int failure_code,  clock_t retry_delay,
14958 	void (*statp)(kstat_io_t *))
14959 {
14960 	struct sd_xbuf	*xp;
14961 	struct scsi_pkt	*pktp;
14962 
14963 	ASSERT(un != NULL);
14964 	ASSERT(mutex_owned(SD_MUTEX(un)));
14965 	ASSERT(bp != NULL);
14966 	xp = SD_GET_XBUF(bp);
14967 	ASSERT(xp != NULL);
14968 	pktp = SD_GET_PKTP(bp);
14969 	ASSERT(pktp != NULL);
14970 
14971 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
14972 	    "sd_retry_command: entry: bp:0x%p xp:0x%p\n", bp, xp);
14973 
14974 	/*
14975 	 * If we are syncing or dumping, fail the command to avoid
14976 	 * recursively calling back into scsi_transport().
14977 	 */
14978 	if (ddi_in_panic()) {
14979 		goto fail_command_no_log;
14980 	}
14981 
14982 	/*
14983 	 * We should never be be retrying a command with FLAG_DIAGNOSE set, so
14984 	 * log an error and fail the command.
14985 	 */
14986 	if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
14987 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
14988 		    "ERROR, retrying FLAG_DIAGNOSE command.\n");
14989 		sd_dump_memory(un, SD_LOG_IO, "CDB",
14990 		    (uchar_t *)pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
14991 		sd_dump_memory(un, SD_LOG_IO, "Sense Data",
14992 		    (uchar_t *)xp->xb_sense_data, SENSE_LENGTH, SD_LOG_HEX);
14993 		goto fail_command;
14994 	}
14995 
14996 	/*
14997 	 * If we are suspended, then put the command onto head of the
14998 	 * wait queue since we don't want to start more commands.
14999 	 */
15000 	switch (un->un_state) {
15001 	case SD_STATE_SUSPENDED:
15002 	case SD_STATE_DUMPING:
15003 		bp->av_forw = un->un_waitq_headp;
15004 		un->un_waitq_headp = bp;
15005 		if (un->un_waitq_tailp == NULL) {
15006 			un->un_waitq_tailp = bp;
15007 		}
15008 		SD_UPDATE_KSTATS(un, kstat_waitq_enter, bp);
15009 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: "
15010 		    "exiting; cmd bp:0x%p requeued for SUSPEND/DUMP\n", bp);
15011 		return;
15012 	default:
15013 		break;
15014 	}
15015 
15016 	/*
15017 	 * If the caller wants us to check FLAG_ISOLATE, then see if that
15018 	 * is set; if it is then we do not want to retry the command.
15019 	 * Normally, FLAG_ISOLATE is only used with USCSI cmds.
15020 	 */
15021 	if ((retry_check_flag & SD_RETRIES_ISOLATE) != 0) {
15022 		if ((pktp->pkt_flags & FLAG_ISOLATE) != 0) {
15023 			goto fail_command;
15024 		}
15025 	}
15026 
15027 
15028 	/*
15029 	 * If SD_RETRIES_FAILFAST is set, it indicates that either a
15030 	 * command timeout or a selection timeout has occurred. This means
15031 	 * that we were unable to establish an kind of communication with
15032 	 * the target, and subsequent retries and/or commands are likely
15033 	 * to encounter similar results and take a long time to complete.
15034 	 *
15035 	 * If this is a failfast error condition, we need to update the
15036 	 * failfast state, even if this bp does not have B_FAILFAST set.
15037 	 */
15038 	if (retry_check_flag & SD_RETRIES_FAILFAST) {
15039 		if (un->un_failfast_state == SD_FAILFAST_ACTIVE) {
15040 			ASSERT(un->un_failfast_bp == NULL);
15041 			/*
15042 			 * If we are already in the active failfast state, and
15043 			 * another failfast error condition has been detected,
15044 			 * then fail this command if it has B_FAILFAST set.
15045 			 * If B_FAILFAST is clear, then maintain the legacy
15046 			 * behavior of retrying heroically, even tho this will
15047 			 * take a lot more time to fail the command.
15048 			 */
15049 			if (bp->b_flags & B_FAILFAST) {
15050 				goto fail_command;
15051 			}
15052 		} else {
15053 			/*
15054 			 * We're not in the active failfast state, but we
15055 			 * have a failfast error condition, so we must begin
15056 			 * transition to the next state. We do this regardless
15057 			 * of whether or not this bp has B_FAILFAST set.
15058 			 */
15059 			if (un->un_failfast_bp == NULL) {
15060 				/*
15061 				 * This is the first bp to meet a failfast
15062 				 * condition so save it on un_failfast_bp &
15063 				 * do normal retry processing. Do not enter
15064 				 * active failfast state yet. This marks
15065 				 * entry into the "failfast pending" state.
15066 				 */
15067 				un->un_failfast_bp = bp;
15068 
15069 			} else if (un->un_failfast_bp == bp) {
15070 				/*
15071 				 * This is the second time *this* bp has
15072 				 * encountered a failfast error condition,
15073 				 * so enter active failfast state & flush
15074 				 * queues as appropriate.
15075 				 */
15076 				un->un_failfast_state = SD_FAILFAST_ACTIVE;
15077 				un->un_failfast_bp = NULL;
15078 				sd_failfast_flushq(un);
15079 
15080 				/*
15081 				 * Fail this bp now if B_FAILFAST set;
15082 				 * otherwise continue with retries. (It would
15083 				 * be pretty ironic if this bp succeeded on a
15084 				 * subsequent retry after we just flushed all
15085 				 * the queues).
15086 				 */
15087 				if (bp->b_flags & B_FAILFAST) {
15088 					goto fail_command;
15089 				}
15090 
15091 #if !defined(lint) && !defined(__lint)
15092 			} else {
15093 				/*
15094 				 * If neither of the preceeding conditionals
15095 				 * was true, it means that there is some
15096 				 * *other* bp that has met an inital failfast
15097 				 * condition and is currently either being
15098 				 * retried or is waiting to be retried. In
15099 				 * that case we should perform normal retry
15100 				 * processing on *this* bp, since there is a
15101 				 * chance that the current failfast condition
15102 				 * is transient and recoverable. If that does
15103 				 * not turn out to be the case, then retries
15104 				 * will be cleared when the wait queue is
15105 				 * flushed anyway.
15106 				 */
15107 #endif
15108 			}
15109 		}
15110 	} else {
15111 		/*
15112 		 * SD_RETRIES_FAILFAST is clear, which indicates that we
15113 		 * likely were able to at least establish some level of
15114 		 * communication with the target and subsequent commands
15115 		 * and/or retries are likely to get through to the target,
15116 		 * In this case we want to be aggressive about clearing
15117 		 * the failfast state. Note that this does not affect
15118 		 * the "failfast pending" condition.
15119 		 */
15120 		un->un_failfast_state = SD_FAILFAST_INACTIVE;
15121 	}
15122 
15123 
15124 	/*
15125 	 * Check the specified retry count to see if we can still do
15126 	 * any retries with this pkt before we should fail it.
15127 	 */
15128 	switch (retry_check_flag & SD_RETRIES_MASK) {
15129 	case SD_RETRIES_VICTIM:
15130 		/*
15131 		 * Check the victim retry count. If exhausted, then fall
15132 		 * thru & check against the standard retry count.
15133 		 */
15134 		if (xp->xb_victim_retry_count < un->un_victim_retry_count) {
15135 			/* Increment count & proceed with the retry */
15136 			xp->xb_victim_retry_count++;
15137 			break;
15138 		}
15139 		/* Victim retries exhausted, fall back to std. retries... */
15140 		/* FALLTHRU */
15141 
15142 	case SD_RETRIES_STANDARD:
15143 		if (xp->xb_retry_count >= un->un_retry_count) {
15144 			/* Retries exhausted, fail the command */
15145 			SD_TRACE(SD_LOG_IO_CORE, un,
15146 			    "sd_retry_command: retries exhausted!\n");
15147 			/*
15148 			 * update b_resid for failed SCMD_READ & SCMD_WRITE
15149 			 * commands with nonzero pkt_resid.
15150 			 */
15151 			if ((pktp->pkt_reason == CMD_CMPLT) &&
15152 			    (SD_GET_PKT_STATUS(pktp) == STATUS_GOOD) &&
15153 			    (pktp->pkt_resid != 0)) {
15154 				uchar_t op = SD_GET_PKT_OPCODE(pktp) & 0x1F;
15155 				if ((op == SCMD_READ) || (op == SCMD_WRITE)) {
15156 					SD_UPDATE_B_RESID(bp, pktp);
15157 				}
15158 			}
15159 			goto fail_command;
15160 		}
15161 		xp->xb_retry_count++;
15162 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15163 		    "sd_retry_command: retry count:%d\n", xp->xb_retry_count);
15164 		break;
15165 
15166 	case SD_RETRIES_UA:
15167 		if (xp->xb_ua_retry_count >= sd_ua_retry_count) {
15168 			/* Retries exhausted, fail the command */
15169 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
15170 			    "Unit Attention retries exhausted. "
15171 			    "Check the target.\n");
15172 			goto fail_command;
15173 		}
15174 		xp->xb_ua_retry_count++;
15175 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15176 		    "sd_retry_command: retry count:%d\n",
15177 			xp->xb_ua_retry_count);
15178 		break;
15179 
15180 	case SD_RETRIES_BUSY:
15181 		if (xp->xb_retry_count >= un->un_busy_retry_count) {
15182 			/* Retries exhausted, fail the command */
15183 			SD_TRACE(SD_LOG_IO_CORE, un,
15184 			    "sd_retry_command: retries exhausted!\n");
15185 			goto fail_command;
15186 		}
15187 		xp->xb_retry_count++;
15188 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15189 		    "sd_retry_command: retry count:%d\n", xp->xb_retry_count);
15190 		break;
15191 
15192 	case SD_RETRIES_NOCHECK:
15193 	default:
15194 		/* No retry count to check. Just proceed with the retry */
15195 		break;
15196 	}
15197 
15198 	xp->xb_pktp->pkt_flags |= FLAG_HEAD;
15199 
15200 	/*
15201 	 * If we were given a zero timeout, we must attempt to retry the
15202 	 * command immediately (ie, without a delay).
15203 	 */
15204 	if (retry_delay == 0) {
15205 		/*
15206 		 * Check some limiting conditions to see if we can actually
15207 		 * do the immediate retry.  If we cannot, then we must
15208 		 * fall back to queueing up a delayed retry.
15209 		 */
15210 		if (un->un_ncmds_in_transport >= un->un_throttle) {
15211 			/*
15212 			 * We are at the throttle limit for the target,
15213 			 * fall back to delayed retry.
15214 			 */
15215 			retry_delay = SD_BSY_TIMEOUT;
15216 			statp = kstat_waitq_enter;
15217 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15218 			    "sd_retry_command: immed. retry hit "
15219 			    "throttle!\n");
15220 		} else {
15221 			/*
15222 			 * We're clear to proceed with the immediate retry.
15223 			 * First call the user-provided function (if any)
15224 			 */
15225 			if (user_funcp != NULL) {
15226 				(*user_funcp)(un, bp, user_arg,
15227 				    SD_IMMEDIATE_RETRY_ISSUED);
15228 			}
15229 
15230 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15231 			    "sd_retry_command: issuing immediate retry\n");
15232 
15233 			/*
15234 			 * Call sd_start_cmds() to transport the command to
15235 			 * the target.
15236 			 */
15237 			sd_start_cmds(un, bp);
15238 
15239 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15240 			    "sd_retry_command exit\n");
15241 			return;
15242 		}
15243 	}
15244 
15245 	/*
15246 	 * Set up to retry the command after a delay.
15247 	 * First call the user-provided function (if any)
15248 	 */
15249 	if (user_funcp != NULL) {
15250 		(*user_funcp)(un, bp, user_arg, SD_DELAYED_RETRY_ISSUED);
15251 	}
15252 
15253 	sd_set_retry_bp(un, bp, retry_delay, statp);
15254 
15255 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: exit\n");
15256 	return;
15257 
15258 fail_command:
15259 
15260 	if (user_funcp != NULL) {
15261 		(*user_funcp)(un, bp, user_arg, SD_NO_RETRY_ISSUED);
15262 	}
15263 
15264 fail_command_no_log:
15265 
15266 	SD_INFO(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15267 	    "sd_retry_command: returning failed command\n");
15268 
15269 	sd_return_failed_command(un, bp, failure_code);
15270 
15271 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: exit\n");
15272 }
15273 
15274 
15275 /*
15276  *    Function: sd_set_retry_bp
15277  *
15278  * Description: Set up the given bp for retry.
15279  *
15280  *   Arguments: un - ptr to associated softstate
15281  *		bp - ptr to buf(9S) for the command
15282  *		retry_delay - time interval before issuing retry (may be 0)
15283  *		statp - optional pointer to kstat function
15284  *
15285  *     Context: May be called under interrupt context
15286  */
15287 
15288 static void
15289 sd_set_retry_bp(struct sd_lun *un, struct buf *bp, clock_t retry_delay,
15290 	void (*statp)(kstat_io_t *))
15291 {
15292 	ASSERT(un != NULL);
15293 	ASSERT(mutex_owned(SD_MUTEX(un)));
15294 	ASSERT(bp != NULL);
15295 
15296 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
15297 	    "sd_set_retry_bp: entry: un:0x%p bp:0x%p\n", un, bp);
15298 
15299 	/*
15300 	 * Indicate that the command is being retried. This will not allow any
15301 	 * other commands on the wait queue to be transported to the target
15302 	 * until this command has been completed (success or failure). The
15303 	 * "retry command" is not transported to the target until the given
15304 	 * time delay expires, unless the user specified a 0 retry_delay.
15305 	 *
15306 	 * Note: the timeout(9F) callback routine is what actually calls
15307 	 * sd_start_cmds() to transport the command, with the exception of a
15308 	 * zero retry_delay. The only current implementor of a zero retry delay
15309 	 * is the case where a START_STOP_UNIT is sent to spin-up a device.
15310 	 */
15311 	if (un->un_retry_bp == NULL) {
15312 		ASSERT(un->un_retry_statp == NULL);
15313 		un->un_retry_bp = bp;
15314 
15315 		/*
15316 		 * If the user has not specified a delay the command should
15317 		 * be queued and no timeout should be scheduled.
15318 		 */
15319 		if (retry_delay == 0) {
15320 			/*
15321 			 * Save the kstat pointer that will be used in the
15322 			 * call to SD_UPDATE_KSTATS() below, so that
15323 			 * sd_start_cmds() can correctly decrement the waitq
15324 			 * count when it is time to transport this command.
15325 			 */
15326 			un->un_retry_statp = statp;
15327 			goto done;
15328 		}
15329 	}
15330 
15331 	if (un->un_retry_bp == bp) {
15332 		/*
15333 		 * Save the kstat pointer that will be used in the call to
15334 		 * SD_UPDATE_KSTATS() below, so that sd_start_cmds() can
15335 		 * correctly decrement the waitq count when it is time to
15336 		 * transport this command.
15337 		 */
15338 		un->un_retry_statp = statp;
15339 
15340 		/*
15341 		 * Schedule a timeout if:
15342 		 *   1) The user has specified a delay.
15343 		 *   2) There is not a START_STOP_UNIT callback pending.
15344 		 *
15345 		 * If no delay has been specified, then it is up to the caller
15346 		 * to ensure that IO processing continues without stalling.
15347 		 * Effectively, this means that the caller will issue the
15348 		 * required call to sd_start_cmds(). The START_STOP_UNIT
15349 		 * callback does this after the START STOP UNIT command has
15350 		 * completed. In either of these cases we should not schedule
15351 		 * a timeout callback here.  Also don't schedule the timeout if
15352 		 * an SD_PATH_DIRECT_PRIORITY command is waiting to restart.
15353 		 */
15354 		if ((retry_delay != 0) && (un->un_startstop_timeid == NULL) &&
15355 		    (un->un_direct_priority_timeid == NULL)) {
15356 			un->un_retry_timeid =
15357 			    timeout(sd_start_retry_command, un, retry_delay);
15358 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15359 			    "sd_set_retry_bp: setting timeout: un: 0x%p"
15360 			    " bp:0x%p un_retry_timeid:0x%p\n",
15361 			    un, bp, un->un_retry_timeid);
15362 		}
15363 	} else {
15364 		/*
15365 		 * We only get in here if there is already another command
15366 		 * waiting to be retried.  In this case, we just put the
15367 		 * given command onto the wait queue, so it can be transported
15368 		 * after the current retry command has completed.
15369 		 *
15370 		 * Also we have to make sure that if the command at the head
15371 		 * of the wait queue is the un_failfast_bp, that we do not
15372 		 * put ahead of it any other commands that are to be retried.
15373 		 */
15374 		if ((un->un_failfast_bp != NULL) &&
15375 		    (un->un_failfast_bp == un->un_waitq_headp)) {
15376 			/*
15377 			 * Enqueue this command AFTER the first command on
15378 			 * the wait queue (which is also un_failfast_bp).
15379 			 */
15380 			bp->av_forw = un->un_waitq_headp->av_forw;
15381 			un->un_waitq_headp->av_forw = bp;
15382 			if (un->un_waitq_headp == un->un_waitq_tailp) {
15383 				un->un_waitq_tailp = bp;
15384 			}
15385 		} else {
15386 			/* Enqueue this command at the head of the waitq. */
15387 			bp->av_forw = un->un_waitq_headp;
15388 			un->un_waitq_headp = bp;
15389 			if (un->un_waitq_tailp == NULL) {
15390 				un->un_waitq_tailp = bp;
15391 			}
15392 		}
15393 
15394 		if (statp == NULL) {
15395 			statp = kstat_waitq_enter;
15396 		}
15397 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15398 		    "sd_set_retry_bp: un:0x%p already delayed retry\n", un);
15399 	}
15400 
15401 done:
15402 	if (statp != NULL) {
15403 		SD_UPDATE_KSTATS(un, statp, bp);
15404 	}
15405 
15406 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15407 	    "sd_set_retry_bp: exit un:0x%p\n", un);
15408 }
15409 
15410 
15411 /*
15412  *    Function: sd_start_retry_command
15413  *
15414  * Description: Start the command that has been waiting on the target's
15415  *		retry queue.  Called from timeout(9F) context after the
15416  *		retry delay interval has expired.
15417  *
15418  *   Arguments: arg - pointer to associated softstate for the device.
15419  *
15420  *     Context: timeout(9F) thread context.  May not sleep.
15421  */
15422 
15423 static void
15424 sd_start_retry_command(void *arg)
15425 {
15426 	struct sd_lun *un = arg;
15427 
15428 	ASSERT(un != NULL);
15429 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15430 
15431 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15432 	    "sd_start_retry_command: entry\n");
15433 
15434 	mutex_enter(SD_MUTEX(un));
15435 
15436 	un->un_retry_timeid = NULL;
15437 
15438 	if (un->un_retry_bp != NULL) {
15439 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15440 		    "sd_start_retry_command: un:0x%p STARTING bp:0x%p\n",
15441 		    un, un->un_retry_bp);
15442 		sd_start_cmds(un, un->un_retry_bp);
15443 	}
15444 
15445 	mutex_exit(SD_MUTEX(un));
15446 
15447 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15448 	    "sd_start_retry_command: exit\n");
15449 }
15450 
15451 
15452 /*
15453  *    Function: sd_start_direct_priority_command
15454  *
15455  * Description: Used to re-start an SD_PATH_DIRECT_PRIORITY command that had
15456  *		received TRAN_BUSY when we called scsi_transport() to send it
15457  *		to the underlying HBA. This function is called from timeout(9F)
15458  *		context after the delay interval has expired.
15459  *
15460  *   Arguments: arg - pointer to associated buf(9S) to be restarted.
15461  *
15462  *     Context: timeout(9F) thread context.  May not sleep.
15463  */
15464 
15465 static void
15466 sd_start_direct_priority_command(void *arg)
15467 {
15468 	struct buf	*priority_bp = arg;
15469 	struct sd_lun	*un;
15470 
15471 	ASSERT(priority_bp != NULL);
15472 	un = SD_GET_UN(priority_bp);
15473 	ASSERT(un != NULL);
15474 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15475 
15476 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15477 	    "sd_start_direct_priority_command: entry\n");
15478 
15479 	mutex_enter(SD_MUTEX(un));
15480 	un->un_direct_priority_timeid = NULL;
15481 	sd_start_cmds(un, priority_bp);
15482 	mutex_exit(SD_MUTEX(un));
15483 
15484 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15485 	    "sd_start_direct_priority_command: exit\n");
15486 }
15487 
15488 
15489 /*
15490  *    Function: sd_send_request_sense_command
15491  *
15492  * Description: Sends a REQUEST SENSE command to the target
15493  *
15494  *     Context: May be called from interrupt context.
15495  */
15496 
15497 static void
15498 sd_send_request_sense_command(struct sd_lun *un, struct buf *bp,
15499 	struct scsi_pkt *pktp)
15500 {
15501 	ASSERT(bp != NULL);
15502 	ASSERT(un != NULL);
15503 	ASSERT(mutex_owned(SD_MUTEX(un)));
15504 
15505 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_send_request_sense_command: "
15506 	    "entry: buf:0x%p\n", bp);
15507 
15508 	/*
15509 	 * If we are syncing or dumping, then fail the command to avoid a
15510 	 * recursive callback into scsi_transport(). Also fail the command
15511 	 * if we are suspended (legacy behavior).
15512 	 */
15513 	if (ddi_in_panic() || (un->un_state == SD_STATE_SUSPENDED) ||
15514 	    (un->un_state == SD_STATE_DUMPING)) {
15515 		sd_return_failed_command(un, bp, EIO);
15516 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15517 		    "sd_send_request_sense_command: syncing/dumping, exit\n");
15518 		return;
15519 	}
15520 
15521 	/*
15522 	 * Retry the failed command and don't issue the request sense if:
15523 	 *    1) the sense buf is busy
15524 	 *    2) we have 1 or more outstanding commands on the target
15525 	 *    (the sense data will be cleared or invalidated any way)
15526 	 *
15527 	 * Note: There could be an issue with not checking a retry limit here,
15528 	 * the problem is determining which retry limit to check.
15529 	 */
15530 	if ((un->un_sense_isbusy != 0) || (un->un_ncmds_in_transport > 0)) {
15531 		/* Don't retry if the command is flagged as non-retryable */
15532 		if ((pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
15533 			sd_retry_command(un, bp, SD_RETRIES_NOCHECK,
15534 			    NULL, NULL, 0, SD_BSY_TIMEOUT, kstat_waitq_enter);
15535 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15536 			    "sd_send_request_sense_command: "
15537 			    "at full throttle, retrying exit\n");
15538 		} else {
15539 			sd_return_failed_command(un, bp, EIO);
15540 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15541 			    "sd_send_request_sense_command: "
15542 			    "at full throttle, non-retryable exit\n");
15543 		}
15544 		return;
15545 	}
15546 
15547 	sd_mark_rqs_busy(un, bp);
15548 	sd_start_cmds(un, un->un_rqs_bp);
15549 
15550 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15551 	    "sd_send_request_sense_command: exit\n");
15552 }
15553 
15554 
15555 /*
15556  *    Function: sd_mark_rqs_busy
15557  *
15558  * Description: Indicate that the request sense bp for this instance is
15559  *		in use.
15560  *
15561  *     Context: May be called under interrupt context
15562  */
15563 
15564 static void
15565 sd_mark_rqs_busy(struct sd_lun *un, struct buf *bp)
15566 {
15567 	struct sd_xbuf	*sense_xp;
15568 
15569 	ASSERT(un != NULL);
15570 	ASSERT(bp != NULL);
15571 	ASSERT(mutex_owned(SD_MUTEX(un)));
15572 	ASSERT(un->un_sense_isbusy == 0);
15573 
15574 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_mark_rqs_busy: entry: "
15575 	    "buf:0x%p xp:0x%p un:0x%p\n", bp, SD_GET_XBUF(bp), un);
15576 
15577 	sense_xp = SD_GET_XBUF(un->un_rqs_bp);
15578 	ASSERT(sense_xp != NULL);
15579 
15580 	SD_INFO(SD_LOG_IO, un,
15581 	    "sd_mark_rqs_busy: entry: sense_xp:0x%p\n", sense_xp);
15582 
15583 	ASSERT(sense_xp->xb_pktp != NULL);
15584 	ASSERT((sense_xp->xb_pktp->pkt_flags & (FLAG_SENSING | FLAG_HEAD))
15585 	    == (FLAG_SENSING | FLAG_HEAD));
15586 
15587 	un->un_sense_isbusy = 1;
15588 	un->un_rqs_bp->b_resid = 0;
15589 	sense_xp->xb_pktp->pkt_resid  = 0;
15590 	sense_xp->xb_pktp->pkt_reason = 0;
15591 
15592 	/* So we can get back the bp at interrupt time! */
15593 	sense_xp->xb_sense_bp = bp;
15594 
15595 	bzero(un->un_rqs_bp->b_un.b_addr, SENSE_LENGTH);
15596 
15597 	/*
15598 	 * Mark this buf as awaiting sense data. (This is already set in
15599 	 * the pkt_flags for the RQS packet.)
15600 	 */
15601 	((SD_GET_XBUF(bp))->xb_pktp)->pkt_flags |= FLAG_SENSING;
15602 
15603 	sense_xp->xb_retry_count	= 0;
15604 	sense_xp->xb_victim_retry_count = 0;
15605 	sense_xp->xb_ua_retry_count	= 0;
15606 	sense_xp->xb_dma_resid  = 0;
15607 
15608 	/* Clean up the fields for auto-request sense */
15609 	sense_xp->xb_sense_status = 0;
15610 	sense_xp->xb_sense_state  = 0;
15611 	sense_xp->xb_sense_resid  = 0;
15612 	bzero(sense_xp->xb_sense_data, sizeof (sense_xp->xb_sense_data));
15613 
15614 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_mark_rqs_busy: exit\n");
15615 }
15616 
15617 
15618 /*
15619  *    Function: sd_mark_rqs_idle
15620  *
15621  * Description: SD_MUTEX must be held continuously through this routine
15622  *		to prevent reuse of the rqs struct before the caller can
15623  *		complete it's processing.
15624  *
15625  * Return Code: Pointer to the RQS buf
15626  *
15627  *     Context: May be called under interrupt context
15628  */
15629 
15630 static struct buf *
15631 sd_mark_rqs_idle(struct sd_lun *un, struct sd_xbuf *sense_xp)
15632 {
15633 	struct buf *bp;
15634 	ASSERT(un != NULL);
15635 	ASSERT(sense_xp != NULL);
15636 	ASSERT(mutex_owned(SD_MUTEX(un)));
15637 	ASSERT(un->un_sense_isbusy != 0);
15638 
15639 	un->un_sense_isbusy = 0;
15640 	bp = sense_xp->xb_sense_bp;
15641 	sense_xp->xb_sense_bp = NULL;
15642 
15643 	/* This pkt is no longer interested in getting sense data */
15644 	((SD_GET_XBUF(bp))->xb_pktp)->pkt_flags &= ~FLAG_SENSING;
15645 
15646 	return (bp);
15647 }
15648 
15649 
15650 
15651 /*
15652  *    Function: sd_alloc_rqs
15653  *
15654  * Description: Set up the unit to receive auto request sense data
15655  *
15656  * Return Code: DDI_SUCCESS or DDI_FAILURE
15657  *
15658  *     Context: Called under attach(9E) context
15659  */
15660 
15661 static int
15662 sd_alloc_rqs(struct scsi_device *devp, struct sd_lun *un)
15663 {
15664 	struct sd_xbuf *xp;
15665 
15666 	ASSERT(un != NULL);
15667 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15668 	ASSERT(un->un_rqs_bp == NULL);
15669 	ASSERT(un->un_rqs_pktp == NULL);
15670 
15671 	/*
15672 	 * First allocate the required buf and scsi_pkt structs, then set up
15673 	 * the CDB in the scsi_pkt for a REQUEST SENSE command.
15674 	 */
15675 	un->un_rqs_bp = scsi_alloc_consistent_buf(&devp->sd_address, NULL,
15676 	    SENSE_LENGTH, B_READ, SLEEP_FUNC, NULL);
15677 	if (un->un_rqs_bp == NULL) {
15678 		return (DDI_FAILURE);
15679 	}
15680 
15681 	un->un_rqs_pktp = scsi_init_pkt(&devp->sd_address, NULL, un->un_rqs_bp,
15682 	    CDB_GROUP0, 1, 0, PKT_CONSISTENT, SLEEP_FUNC, NULL);
15683 
15684 	if (un->un_rqs_pktp == NULL) {
15685 		sd_free_rqs(un);
15686 		return (DDI_FAILURE);
15687 	}
15688 
15689 	/* Set up the CDB in the scsi_pkt for a REQUEST SENSE command. */
15690 	(void) scsi_setup_cdb((union scsi_cdb *)un->un_rqs_pktp->pkt_cdbp,
15691 	    SCMD_REQUEST_SENSE, 0, SENSE_LENGTH, 0);
15692 
15693 	SD_FILL_SCSI1_LUN(un, un->un_rqs_pktp);
15694 
15695 	/* Set up the other needed members in the ARQ scsi_pkt. */
15696 	un->un_rqs_pktp->pkt_comp   = sdintr;
15697 	un->un_rqs_pktp->pkt_time   = sd_io_time;
15698 	un->un_rqs_pktp->pkt_flags |=
15699 	    (FLAG_SENSING | FLAG_HEAD);	/* (1222170) */
15700 
15701 	/*
15702 	 * Allocate  & init the sd_xbuf struct for the RQS command. Do not
15703 	 * provide any intpkt, destroypkt routines as we take care of
15704 	 * scsi_pkt allocation/freeing here and in sd_free_rqs().
15705 	 */
15706 	xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
15707 	sd_xbuf_init(un, un->un_rqs_bp, xp, SD_CHAIN_NULL, NULL);
15708 	xp->xb_pktp = un->un_rqs_pktp;
15709 	SD_INFO(SD_LOG_ATTACH_DETACH, un,
15710 	    "sd_alloc_rqs: un 0x%p, rqs  xp 0x%p,  pkt 0x%p,  buf 0x%p\n",
15711 	    un, xp, un->un_rqs_pktp, un->un_rqs_bp);
15712 
15713 	/*
15714 	 * Save the pointer to the request sense private bp so it can
15715 	 * be retrieved in sdintr.
15716 	 */
15717 	un->un_rqs_pktp->pkt_private = un->un_rqs_bp;
15718 	ASSERT(un->un_rqs_bp->b_private == xp);
15719 
15720 	/*
15721 	 * See if the HBA supports auto-request sense for the specified
15722 	 * target/lun. If it does, then try to enable it (if not already
15723 	 * enabled).
15724 	 *
15725 	 * Note: For some HBAs (ifp & sf), scsi_ifsetcap will always return
15726 	 * failure, while for other HBAs (pln) scsi_ifsetcap will always
15727 	 * return success.  However, in both of these cases ARQ is always
15728 	 * enabled and scsi_ifgetcap will always return true. The best approach
15729 	 * is to issue the scsi_ifgetcap() first, then try the scsi_ifsetcap().
15730 	 *
15731 	 * The 3rd case is the HBA (adp) always return enabled on
15732 	 * scsi_ifgetgetcap even when it's not enable, the best approach
15733 	 * is issue a scsi_ifsetcap then a scsi_ifgetcap
15734 	 * Note: this case is to circumvent the Adaptec bug. (x86 only)
15735 	 */
15736 
15737 	if (un->un_f_is_fibre == TRUE) {
15738 		un->un_f_arq_enabled = TRUE;
15739 	} else {
15740 #if defined(__i386) || defined(__amd64)
15741 		/*
15742 		 * Circumvent the Adaptec bug, remove this code when
15743 		 * the bug is fixed
15744 		 */
15745 		(void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 1, 1);
15746 #endif
15747 		switch (scsi_ifgetcap(SD_ADDRESS(un), "auto-rqsense", 1)) {
15748 		case 0:
15749 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15750 				"sd_alloc_rqs: HBA supports ARQ\n");
15751 			/*
15752 			 * ARQ is supported by this HBA but currently is not
15753 			 * enabled. Attempt to enable it and if successful then
15754 			 * mark this instance as ARQ enabled.
15755 			 */
15756 			if (scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 1, 1)
15757 				== 1) {
15758 				/* Successfully enabled ARQ in the HBA */
15759 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
15760 					"sd_alloc_rqs: ARQ enabled\n");
15761 				un->un_f_arq_enabled = TRUE;
15762 			} else {
15763 				/* Could not enable ARQ in the HBA */
15764 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
15765 				"sd_alloc_rqs: failed ARQ enable\n");
15766 				un->un_f_arq_enabled = FALSE;
15767 			}
15768 			break;
15769 		case 1:
15770 			/*
15771 			 * ARQ is supported by this HBA and is already enabled.
15772 			 * Just mark ARQ as enabled for this instance.
15773 			 */
15774 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15775 				"sd_alloc_rqs: ARQ already enabled\n");
15776 			un->un_f_arq_enabled = TRUE;
15777 			break;
15778 		default:
15779 			/*
15780 			 * ARQ is not supported by this HBA; disable it for this
15781 			 * instance.
15782 			 */
15783 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15784 				"sd_alloc_rqs: HBA does not support ARQ\n");
15785 			un->un_f_arq_enabled = FALSE;
15786 			break;
15787 		}
15788 	}
15789 
15790 	return (DDI_SUCCESS);
15791 }
15792 
15793 
15794 /*
15795  *    Function: sd_free_rqs
15796  *
15797  * Description: Cleanup for the pre-instance RQS command.
15798  *
15799  *     Context: Kernel thread context
15800  */
15801 
15802 static void
15803 sd_free_rqs(struct sd_lun *un)
15804 {
15805 	ASSERT(un != NULL);
15806 
15807 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_free_rqs: entry\n");
15808 
15809 	/*
15810 	 * If consistent memory is bound to a scsi_pkt, the pkt
15811 	 * has to be destroyed *before* freeing the consistent memory.
15812 	 * Don't change the sequence of this operations.
15813 	 * scsi_destroy_pkt() might access memory, which isn't allowed,
15814 	 * after it was freed in scsi_free_consistent_buf().
15815 	 */
15816 	if (un->un_rqs_pktp != NULL) {
15817 		scsi_destroy_pkt(un->un_rqs_pktp);
15818 		un->un_rqs_pktp = NULL;
15819 	}
15820 
15821 	if (un->un_rqs_bp != NULL) {
15822 		kmem_free(SD_GET_XBUF(un->un_rqs_bp), sizeof (struct sd_xbuf));
15823 		scsi_free_consistent_buf(un->un_rqs_bp);
15824 		un->un_rqs_bp = NULL;
15825 	}
15826 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_free_rqs: exit\n");
15827 }
15828 
15829 
15830 
15831 /*
15832  *    Function: sd_reduce_throttle
15833  *
15834  * Description: Reduces the maximun # of outstanding commands on a
15835  *		target to the current number of outstanding commands.
15836  *		Queues a tiemout(9F) callback to restore the limit
15837  *		after a specified interval has elapsed.
15838  *		Typically used when we get a TRAN_BUSY return code
15839  *		back from scsi_transport().
15840  *
15841  *   Arguments: un - ptr to the sd_lun softstate struct
15842  *		throttle_type: SD_THROTTLE_TRAN_BUSY or SD_THROTTLE_QFULL
15843  *
15844  *     Context: May be called from interrupt context
15845  */
15846 
15847 static void
15848 sd_reduce_throttle(struct sd_lun *un, int throttle_type)
15849 {
15850 	ASSERT(un != NULL);
15851 	ASSERT(mutex_owned(SD_MUTEX(un)));
15852 	ASSERT(un->un_ncmds_in_transport >= 0);
15853 
15854 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reduce_throttle: "
15855 	    "entry: un:0x%p un_throttle:%d un_ncmds_in_transport:%d\n",
15856 	    un, un->un_throttle, un->un_ncmds_in_transport);
15857 
15858 	if (un->un_throttle > 1) {
15859 		if (un->un_f_use_adaptive_throttle == TRUE) {
15860 			switch (throttle_type) {
15861 			case SD_THROTTLE_TRAN_BUSY:
15862 				if (un->un_busy_throttle == 0) {
15863 					un->un_busy_throttle = un->un_throttle;
15864 				}
15865 				break;
15866 			case SD_THROTTLE_QFULL:
15867 				un->un_busy_throttle = 0;
15868 				break;
15869 			default:
15870 				ASSERT(FALSE);
15871 			}
15872 
15873 			if (un->un_ncmds_in_transport > 0) {
15874 			    un->un_throttle = un->un_ncmds_in_transport;
15875 			}
15876 
15877 		} else {
15878 			if (un->un_ncmds_in_transport == 0) {
15879 				un->un_throttle = 1;
15880 			} else {
15881 				un->un_throttle = un->un_ncmds_in_transport;
15882 			}
15883 		}
15884 	}
15885 
15886 	/* Reschedule the timeout if none is currently active */
15887 	if (un->un_reset_throttle_timeid == NULL) {
15888 		un->un_reset_throttle_timeid = timeout(sd_restore_throttle,
15889 		    un, SD_THROTTLE_RESET_INTERVAL);
15890 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15891 		    "sd_reduce_throttle: timeout scheduled!\n");
15892 	}
15893 
15894 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reduce_throttle: "
15895 	    "exit: un:0x%p un_throttle:%d\n", un, un->un_throttle);
15896 }
15897 
15898 
15899 
15900 /*
15901  *    Function: sd_restore_throttle
15902  *
15903  * Description: Callback function for timeout(9F).  Resets the current
15904  *		value of un->un_throttle to its default.
15905  *
15906  *   Arguments: arg - pointer to associated softstate for the device.
15907  *
15908  *     Context: May be called from interrupt context
15909  */
15910 
15911 static void
15912 sd_restore_throttle(void *arg)
15913 {
15914 	struct sd_lun	*un = arg;
15915 
15916 	ASSERT(un != NULL);
15917 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15918 
15919 	mutex_enter(SD_MUTEX(un));
15920 
15921 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: "
15922 	    "entry: un:0x%p un_throttle:%d\n", un, un->un_throttle);
15923 
15924 	un->un_reset_throttle_timeid = NULL;
15925 
15926 	if (un->un_f_use_adaptive_throttle == TRUE) {
15927 		/*
15928 		 * If un_busy_throttle is nonzero, then it contains the
15929 		 * value that un_throttle was when we got a TRAN_BUSY back
15930 		 * from scsi_transport(). We want to revert back to this
15931 		 * value.
15932 		 *
15933 		 * In the QFULL case, the throttle limit will incrementally
15934 		 * increase until it reaches max throttle.
15935 		 */
15936 		if (un->un_busy_throttle > 0) {
15937 			un->un_throttle = un->un_busy_throttle;
15938 			un->un_busy_throttle = 0;
15939 		} else {
15940 			/*
15941 			 * increase throttle by 10% open gate slowly, schedule
15942 			 * another restore if saved throttle has not been
15943 			 * reached
15944 			 */
15945 			short throttle;
15946 			if (sd_qfull_throttle_enable) {
15947 				throttle = un->un_throttle +
15948 				    max((un->un_throttle / 10), 1);
15949 				un->un_throttle =
15950 				    (throttle < un->un_saved_throttle) ?
15951 				    throttle : un->un_saved_throttle;
15952 				if (un->un_throttle < un->un_saved_throttle) {
15953 				    un->un_reset_throttle_timeid =
15954 					timeout(sd_restore_throttle,
15955 					un, SD_QFULL_THROTTLE_RESET_INTERVAL);
15956 				}
15957 			}
15958 		}
15959 
15960 		/*
15961 		 * If un_throttle has fallen below the low-water mark, we
15962 		 * restore the maximum value here (and allow it to ratchet
15963 		 * down again if necessary).
15964 		 */
15965 		if (un->un_throttle < un->un_min_throttle) {
15966 			un->un_throttle = un->un_saved_throttle;
15967 		}
15968 	} else {
15969 		SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: "
15970 		    "restoring limit from 0x%x to 0x%x\n",
15971 		    un->un_throttle, un->un_saved_throttle);
15972 		un->un_throttle = un->un_saved_throttle;
15973 	}
15974 
15975 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
15976 	    "sd_restore_throttle: calling sd_start_cmds!\n");
15977 
15978 	sd_start_cmds(un, NULL);
15979 
15980 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
15981 	    "sd_restore_throttle: exit: un:0x%p un_throttle:%d\n",
15982 	    un, un->un_throttle);
15983 
15984 	mutex_exit(SD_MUTEX(un));
15985 
15986 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: exit\n");
15987 }
15988 
15989 /*
15990  *    Function: sdrunout
15991  *
15992  * Description: Callback routine for scsi_init_pkt when a resource allocation
15993  *		fails.
15994  *
15995  *   Arguments: arg - a pointer to the sd_lun unit struct for the particular
15996  *		soft state instance.
15997  *
15998  * Return Code: The scsi_init_pkt routine allows for the callback function to
15999  *		return a 0 indicating the callback should be rescheduled or a 1
16000  *		indicating not to reschedule. This routine always returns 1
16001  *		because the driver always provides a callback function to
16002  *		scsi_init_pkt. This results in a callback always being scheduled
16003  *		(via the scsi_init_pkt callback implementation) if a resource
16004  *		failure occurs.
16005  *
16006  *     Context: This callback function may not block or call routines that block
16007  *
16008  *        Note: Using the scsi_init_pkt callback facility can result in an I/O
16009  *		request persisting at the head of the list which cannot be
16010  *		satisfied even after multiple retries. In the future the driver
16011  *		may implement some time of maximum runout count before failing
16012  *		an I/O.
16013  */
16014 
16015 static int
16016 sdrunout(caddr_t arg)
16017 {
16018 	struct sd_lun	*un = (struct sd_lun *)arg;
16019 
16020 	ASSERT(un != NULL);
16021 	ASSERT(!mutex_owned(SD_MUTEX(un)));
16022 
16023 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdrunout: entry\n");
16024 
16025 	mutex_enter(SD_MUTEX(un));
16026 	sd_start_cmds(un, NULL);
16027 	mutex_exit(SD_MUTEX(un));
16028 	/*
16029 	 * This callback routine always returns 1 (i.e. do not reschedule)
16030 	 * because we always specify sdrunout as the callback handler for
16031 	 * scsi_init_pkt inside the call to sd_start_cmds.
16032 	 */
16033 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdrunout: exit\n");
16034 	return (1);
16035 }
16036 
16037 
16038 /*
16039  *    Function: sdintr
16040  *
16041  * Description: Completion callback routine for scsi_pkt(9S) structs
16042  *		sent to the HBA driver via scsi_transport(9F).
16043  *
16044  *     Context: Interrupt context
16045  */
16046 
16047 static void
16048 sdintr(struct scsi_pkt *pktp)
16049 {
16050 	struct buf	*bp;
16051 	struct sd_xbuf	*xp;
16052 	struct sd_lun	*un;
16053 
16054 	ASSERT(pktp != NULL);
16055 	bp = (struct buf *)pktp->pkt_private;
16056 	ASSERT(bp != NULL);
16057 	xp = SD_GET_XBUF(bp);
16058 	ASSERT(xp != NULL);
16059 	ASSERT(xp->xb_pktp != NULL);
16060 	un = SD_GET_UN(bp);
16061 	ASSERT(un != NULL);
16062 	ASSERT(!mutex_owned(SD_MUTEX(un)));
16063 
16064 #ifdef SD_FAULT_INJECTION
16065 
16066 	SD_INFO(SD_LOG_IOERR, un, "sdintr: sdintr calling Fault injection\n");
16067 	/* SD FaultInjection */
16068 	sd_faultinjection(pktp);
16069 
16070 #endif /* SD_FAULT_INJECTION */
16071 
16072 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdintr: entry: buf:0x%p,"
16073 	    " xp:0x%p, un:0x%p\n", bp, xp, un);
16074 
16075 	mutex_enter(SD_MUTEX(un));
16076 
16077 	/* Reduce the count of the #commands currently in transport */
16078 	un->un_ncmds_in_transport--;
16079 	ASSERT(un->un_ncmds_in_transport >= 0);
16080 
16081 	/* Increment counter to indicate that the callback routine is active */
16082 	un->un_in_callback++;
16083 
16084 	SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
16085 
16086 #ifdef	SDDEBUG
16087 	if (bp == un->un_retry_bp) {
16088 		SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sdintr: "
16089 		    "un:0x%p: GOT retry_bp:0x%p un_ncmds_in_transport:%d\n",
16090 		    un, un->un_retry_bp, un->un_ncmds_in_transport);
16091 	}
16092 #endif
16093 
16094 	/*
16095 	 * If pkt_reason is CMD_DEV_GONE, just fail the command
16096 	 */
16097 	if (pktp->pkt_reason == CMD_DEV_GONE) {
16098 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16099 			    "Device is gone\n");
16100 		sd_return_failed_command(un, bp, EIO);
16101 		goto exit;
16102 	}
16103 
16104 	/*
16105 	 * First see if the pkt has auto-request sense data with it....
16106 	 * Look at the packet state first so we don't take a performance
16107 	 * hit looking at the arq enabled flag unless absolutely necessary.
16108 	 */
16109 	if ((pktp->pkt_state & STATE_ARQ_DONE) &&
16110 	    (un->un_f_arq_enabled == TRUE)) {
16111 		/*
16112 		 * The HBA did an auto request sense for this command so check
16113 		 * for FLAG_DIAGNOSE. If set this indicates a uscsi or internal
16114 		 * driver command that should not be retried.
16115 		 */
16116 		if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
16117 			/*
16118 			 * Save the relevant sense info into the xp for the
16119 			 * original cmd.
16120 			 */
16121 			struct scsi_arq_status *asp;
16122 			asp = (struct scsi_arq_status *)(pktp->pkt_scbp);
16123 			xp->xb_sense_status =
16124 			    *((uchar_t *)(&(asp->sts_rqpkt_status)));
16125 			xp->xb_sense_state  = asp->sts_rqpkt_state;
16126 			xp->xb_sense_resid  = asp->sts_rqpkt_resid;
16127 			bcopy(&asp->sts_sensedata, xp->xb_sense_data,
16128 			    min(sizeof (struct scsi_extended_sense),
16129 			    SENSE_LENGTH));
16130 
16131 			/* fail the command */
16132 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16133 			    "sdintr: arq done and FLAG_DIAGNOSE set\n");
16134 			sd_return_failed_command(un, bp, EIO);
16135 			goto exit;
16136 		}
16137 
16138 #if (defined(__i386) || defined(__amd64))	/* DMAFREE for x86 only */
16139 		/*
16140 		 * We want to either retry or fail this command, so free
16141 		 * the DMA resources here.  If we retry the command then
16142 		 * the DMA resources will be reallocated in sd_start_cmds().
16143 		 * Note that when PKT_DMA_PARTIAL is used, this reallocation
16144 		 * causes the *entire* transfer to start over again from the
16145 		 * beginning of the request, even for PARTIAL chunks that
16146 		 * have already transferred successfully.
16147 		 */
16148 		if ((un->un_f_is_fibre == TRUE) &&
16149 		    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
16150 		    ((pktp->pkt_flags & FLAG_SENSING) == 0))  {
16151 			scsi_dmafree(pktp);
16152 			xp->xb_pkt_flags |= SD_XB_DMA_FREED;
16153 		}
16154 #endif
16155 
16156 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16157 		    "sdintr: arq done, sd_handle_auto_request_sense\n");
16158 
16159 		sd_handle_auto_request_sense(un, bp, xp, pktp);
16160 		goto exit;
16161 	}
16162 
16163 	/* Next see if this is the REQUEST SENSE pkt for the instance */
16164 	if (pktp->pkt_flags & FLAG_SENSING)  {
16165 		/* This pktp is from the unit's REQUEST_SENSE command */
16166 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16167 		    "sdintr: sd_handle_request_sense\n");
16168 		sd_handle_request_sense(un, bp, xp, pktp);
16169 		goto exit;
16170 	}
16171 
16172 	/*
16173 	 * Check to see if the command successfully completed as requested;
16174 	 * this is the most common case (and also the hot performance path).
16175 	 *
16176 	 * Requirements for successful completion are:
16177 	 * pkt_reason is CMD_CMPLT and packet status is status good.
16178 	 * In addition:
16179 	 * - A residual of zero indicates successful completion no matter what
16180 	 *   the command is.
16181 	 * - If the residual is not zero and the command is not a read or
16182 	 *   write, then it's still defined as successful completion. In other
16183 	 *   words, if the command is a read or write the residual must be
16184 	 *   zero for successful completion.
16185 	 * - If the residual is not zero and the command is a read or
16186 	 *   write, and it's a USCSICMD, then it's still defined as
16187 	 *   successful completion.
16188 	 */
16189 	if ((pktp->pkt_reason == CMD_CMPLT) &&
16190 	    (SD_GET_PKT_STATUS(pktp) == STATUS_GOOD)) {
16191 
16192 		/*
16193 		 * Since this command is returned with a good status, we
16194 		 * can reset the count for Sonoma failover.
16195 		 */
16196 		un->un_sonoma_failure_count = 0;
16197 
16198 		/*
16199 		 * Return all USCSI commands on good status
16200 		 */
16201 		if (pktp->pkt_resid == 0) {
16202 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16203 			    "sdintr: returning command for resid == 0\n");
16204 		} else if (((SD_GET_PKT_OPCODE(pktp) & 0x1F) != SCMD_READ) &&
16205 		    ((SD_GET_PKT_OPCODE(pktp) & 0x1F) != SCMD_WRITE)) {
16206 			SD_UPDATE_B_RESID(bp, pktp);
16207 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16208 			    "sdintr: returning command for resid != 0\n");
16209 		} else if (xp->xb_pkt_flags & SD_XB_USCSICMD) {
16210 			SD_UPDATE_B_RESID(bp, pktp);
16211 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16212 				"sdintr: returning uscsi command\n");
16213 		} else {
16214 			goto not_successful;
16215 		}
16216 		sd_return_command(un, bp);
16217 
16218 		/*
16219 		 * Decrement counter to indicate that the callback routine
16220 		 * is done.
16221 		 */
16222 		un->un_in_callback--;
16223 		ASSERT(un->un_in_callback >= 0);
16224 		mutex_exit(SD_MUTEX(un));
16225 
16226 		return;
16227 	}
16228 
16229 not_successful:
16230 
16231 #if (defined(__i386) || defined(__amd64))	/* DMAFREE for x86 only */
16232 	/*
16233 	 * The following is based upon knowledge of the underlying transport
16234 	 * and its use of DMA resources.  This code should be removed when
16235 	 * PKT_DMA_PARTIAL support is taken out of the disk driver in favor
16236 	 * of the new PKT_CMD_BREAKUP protocol. See also sd_initpkt_for_buf()
16237 	 * and sd_start_cmds().
16238 	 *
16239 	 * Free any DMA resources associated with this command if there
16240 	 * is a chance it could be retried or enqueued for later retry.
16241 	 * If we keep the DMA binding then mpxio cannot reissue the
16242 	 * command on another path whenever a path failure occurs.
16243 	 *
16244 	 * Note that when PKT_DMA_PARTIAL is used, free/reallocation
16245 	 * causes the *entire* transfer to start over again from the
16246 	 * beginning of the request, even for PARTIAL chunks that
16247 	 * have already transferred successfully.
16248 	 *
16249 	 * This is only done for non-uscsi commands (and also skipped for the
16250 	 * driver's internal RQS command). Also just do this for Fibre Channel
16251 	 * devices as these are the only ones that support mpxio.
16252 	 */
16253 	if ((un->un_f_is_fibre == TRUE) &&
16254 	    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
16255 	    ((pktp->pkt_flags & FLAG_SENSING) == 0))  {
16256 		scsi_dmafree(pktp);
16257 		xp->xb_pkt_flags |= SD_XB_DMA_FREED;
16258 	}
16259 #endif
16260 
16261 	/*
16262 	 * The command did not successfully complete as requested so check
16263 	 * for FLAG_DIAGNOSE. If set this indicates a uscsi or internal
16264 	 * driver command that should not be retried so just return. If
16265 	 * FLAG_DIAGNOSE is not set the error will be processed below.
16266 	 */
16267 	if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
16268 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16269 		    "sdintr: FLAG_DIAGNOSE: sd_return_failed_command\n");
16270 		/*
16271 		 * Issue a request sense if a check condition caused the error
16272 		 * (we handle the auto request sense case above), otherwise
16273 		 * just fail the command.
16274 		 */
16275 		if ((pktp->pkt_reason == CMD_CMPLT) &&
16276 		    (SD_GET_PKT_STATUS(pktp) == STATUS_CHECK)) {
16277 			sd_send_request_sense_command(un, bp, pktp);
16278 		} else {
16279 			sd_return_failed_command(un, bp, EIO);
16280 		}
16281 		goto exit;
16282 	}
16283 
16284 	/*
16285 	 * The command did not successfully complete as requested so process
16286 	 * the error, retry, and/or attempt recovery.
16287 	 */
16288 	switch (pktp->pkt_reason) {
16289 	case CMD_CMPLT:
16290 		switch (SD_GET_PKT_STATUS(pktp)) {
16291 		case STATUS_GOOD:
16292 			/*
16293 			 * The command completed successfully with a non-zero
16294 			 * residual
16295 			 */
16296 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16297 			    "sdintr: STATUS_GOOD \n");
16298 			sd_pkt_status_good(un, bp, xp, pktp);
16299 			break;
16300 
16301 		case STATUS_CHECK:
16302 		case STATUS_TERMINATED:
16303 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16304 			    "sdintr: STATUS_TERMINATED | STATUS_CHECK\n");
16305 			sd_pkt_status_check_condition(un, bp, xp, pktp);
16306 			break;
16307 
16308 		case STATUS_BUSY:
16309 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16310 			    "sdintr: STATUS_BUSY\n");
16311 			sd_pkt_status_busy(un, bp, xp, pktp);
16312 			break;
16313 
16314 		case STATUS_RESERVATION_CONFLICT:
16315 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16316 			    "sdintr: STATUS_RESERVATION_CONFLICT\n");
16317 			sd_pkt_status_reservation_conflict(un, bp, xp, pktp);
16318 			break;
16319 
16320 		case STATUS_QFULL:
16321 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16322 			    "sdintr: STATUS_QFULL\n");
16323 			sd_pkt_status_qfull(un, bp, xp, pktp);
16324 			break;
16325 
16326 		case STATUS_MET:
16327 		case STATUS_INTERMEDIATE:
16328 		case STATUS_SCSI2:
16329 		case STATUS_INTERMEDIATE_MET:
16330 		case STATUS_ACA_ACTIVE:
16331 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16332 			    "Unexpected SCSI status received: 0x%x\n",
16333 			    SD_GET_PKT_STATUS(pktp));
16334 			sd_return_failed_command(un, bp, EIO);
16335 			break;
16336 
16337 		default:
16338 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16339 			    "Invalid SCSI status received: 0x%x\n",
16340 			    SD_GET_PKT_STATUS(pktp));
16341 			sd_return_failed_command(un, bp, EIO);
16342 			break;
16343 
16344 		}
16345 		break;
16346 
16347 	case CMD_INCOMPLETE:
16348 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16349 		    "sdintr:  CMD_INCOMPLETE\n");
16350 		sd_pkt_reason_cmd_incomplete(un, bp, xp, pktp);
16351 		break;
16352 	case CMD_TRAN_ERR:
16353 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16354 		    "sdintr: CMD_TRAN_ERR\n");
16355 		sd_pkt_reason_cmd_tran_err(un, bp, xp, pktp);
16356 		break;
16357 	case CMD_RESET:
16358 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16359 		    "sdintr: CMD_RESET \n");
16360 		sd_pkt_reason_cmd_reset(un, bp, xp, pktp);
16361 		break;
16362 	case CMD_ABORTED:
16363 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16364 		    "sdintr: CMD_ABORTED \n");
16365 		sd_pkt_reason_cmd_aborted(un, bp, xp, pktp);
16366 		break;
16367 	case CMD_TIMEOUT:
16368 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16369 		    "sdintr: CMD_TIMEOUT\n");
16370 		sd_pkt_reason_cmd_timeout(un, bp, xp, pktp);
16371 		break;
16372 	case CMD_UNX_BUS_FREE:
16373 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16374 		    "sdintr: CMD_UNX_BUS_FREE \n");
16375 		sd_pkt_reason_cmd_unx_bus_free(un, bp, xp, pktp);
16376 		break;
16377 	case CMD_TAG_REJECT:
16378 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16379 		    "sdintr: CMD_TAG_REJECT\n");
16380 		sd_pkt_reason_cmd_tag_reject(un, bp, xp, pktp);
16381 		break;
16382 	default:
16383 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16384 		    "sdintr: default\n");
16385 		sd_pkt_reason_default(un, bp, xp, pktp);
16386 		break;
16387 	}
16388 
16389 exit:
16390 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdintr: exit\n");
16391 
16392 	/* Decrement counter to indicate that the callback routine is done. */
16393 	un->un_in_callback--;
16394 	ASSERT(un->un_in_callback >= 0);
16395 
16396 	/*
16397 	 * At this point, the pkt has been dispatched, ie, it is either
16398 	 * being re-tried or has been returned to its caller and should
16399 	 * not be referenced.
16400 	 */
16401 
16402 	mutex_exit(SD_MUTEX(un));
16403 }
16404 
16405 
16406 /*
16407  *    Function: sd_print_incomplete_msg
16408  *
16409  * Description: Prints the error message for a CMD_INCOMPLETE error.
16410  *
16411  *   Arguments: un - ptr to associated softstate for the device.
16412  *		bp - ptr to the buf(9S) for the command.
16413  *		arg - message string ptr
16414  *		code - SD_DELAYED_RETRY_ISSUED, SD_IMMEDIATE_RETRY_ISSUED,
16415  *			or SD_NO_RETRY_ISSUED.
16416  *
16417  *     Context: May be called under interrupt context
16418  */
16419 
16420 static void
16421 sd_print_incomplete_msg(struct sd_lun *un, struct buf *bp, void *arg, int code)
16422 {
16423 	struct scsi_pkt	*pktp;
16424 	char	*msgp;
16425 	char	*cmdp = arg;
16426 
16427 	ASSERT(un != NULL);
16428 	ASSERT(mutex_owned(SD_MUTEX(un)));
16429 	ASSERT(bp != NULL);
16430 	ASSERT(arg != NULL);
16431 	pktp = SD_GET_PKTP(bp);
16432 	ASSERT(pktp != NULL);
16433 
16434 	switch (code) {
16435 	case SD_DELAYED_RETRY_ISSUED:
16436 	case SD_IMMEDIATE_RETRY_ISSUED:
16437 		msgp = "retrying";
16438 		break;
16439 	case SD_NO_RETRY_ISSUED:
16440 	default:
16441 		msgp = "giving up";
16442 		break;
16443 	}
16444 
16445 	if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
16446 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16447 		    "incomplete %s- %s\n", cmdp, msgp);
16448 	}
16449 }
16450 
16451 
16452 
16453 /*
16454  *    Function: sd_pkt_status_good
16455  *
16456  * Description: Processing for a STATUS_GOOD code in pkt_status.
16457  *
16458  *     Context: May be called under interrupt context
16459  */
16460 
16461 static void
16462 sd_pkt_status_good(struct sd_lun *un, struct buf *bp,
16463 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
16464 {
16465 	char	*cmdp;
16466 
16467 	ASSERT(un != NULL);
16468 	ASSERT(mutex_owned(SD_MUTEX(un)));
16469 	ASSERT(bp != NULL);
16470 	ASSERT(xp != NULL);
16471 	ASSERT(pktp != NULL);
16472 	ASSERT(pktp->pkt_reason == CMD_CMPLT);
16473 	ASSERT(SD_GET_PKT_STATUS(pktp) == STATUS_GOOD);
16474 	ASSERT(pktp->pkt_resid != 0);
16475 
16476 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: entry\n");
16477 
16478 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
16479 	switch (SD_GET_PKT_OPCODE(pktp) & 0x1F) {
16480 	case SCMD_READ:
16481 		cmdp = "read";
16482 		break;
16483 	case SCMD_WRITE:
16484 		cmdp = "write";
16485 		break;
16486 	default:
16487 		SD_UPDATE_B_RESID(bp, pktp);
16488 		sd_return_command(un, bp);
16489 		SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: exit\n");
16490 		return;
16491 	}
16492 
16493 	/*
16494 	 * See if we can retry the read/write, preferrably immediately.
16495 	 * If retries are exhaused, then sd_retry_command() will update
16496 	 * the b_resid count.
16497 	 */
16498 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_incomplete_msg,
16499 	    cmdp, EIO, (clock_t)0, NULL);
16500 
16501 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: exit\n");
16502 }
16503 
16504 
16505 
16506 
16507 
16508 /*
16509  *    Function: sd_handle_request_sense
16510  *
16511  * Description: Processing for non-auto Request Sense command.
16512  *
16513  *   Arguments: un - ptr to associated softstate
16514  *		sense_bp - ptr to buf(9S) for the RQS command
16515  *		sense_xp - ptr to the sd_xbuf for the RQS command
16516  *		sense_pktp - ptr to the scsi_pkt(9S) for the RQS command
16517  *
16518  *     Context: May be called under interrupt context
16519  */
16520 
16521 static void
16522 sd_handle_request_sense(struct sd_lun *un, struct buf *sense_bp,
16523 	struct sd_xbuf *sense_xp, struct scsi_pkt *sense_pktp)
16524 {
16525 	struct buf	*cmd_bp;	/* buf for the original command */
16526 	struct sd_xbuf	*cmd_xp;	/* sd_xbuf for the original command */
16527 	struct scsi_pkt *cmd_pktp;	/* pkt for the original command */
16528 
16529 	ASSERT(un != NULL);
16530 	ASSERT(mutex_owned(SD_MUTEX(un)));
16531 	ASSERT(sense_bp != NULL);
16532 	ASSERT(sense_xp != NULL);
16533 	ASSERT(sense_pktp != NULL);
16534 
16535 	/*
16536 	 * Note the sense_bp, sense_xp, and sense_pktp here are for the
16537 	 * RQS command and not the original command.
16538 	 */
16539 	ASSERT(sense_pktp == un->un_rqs_pktp);
16540 	ASSERT(sense_bp   == un->un_rqs_bp);
16541 	ASSERT((sense_pktp->pkt_flags & (FLAG_SENSING | FLAG_HEAD)) ==
16542 	    (FLAG_SENSING | FLAG_HEAD));
16543 	ASSERT((((SD_GET_XBUF(sense_xp->xb_sense_bp))->xb_pktp->pkt_flags) &
16544 	    FLAG_SENSING) == FLAG_SENSING);
16545 
16546 	/* These are the bp, xp, and pktp for the original command */
16547 	cmd_bp = sense_xp->xb_sense_bp;
16548 	cmd_xp = SD_GET_XBUF(cmd_bp);
16549 	cmd_pktp = SD_GET_PKTP(cmd_bp);
16550 
16551 	if (sense_pktp->pkt_reason != CMD_CMPLT) {
16552 		/*
16553 		 * The REQUEST SENSE command failed.  Release the REQUEST
16554 		 * SENSE command for re-use, get back the bp for the original
16555 		 * command, and attempt to re-try the original command if
16556 		 * FLAG_DIAGNOSE is not set in the original packet.
16557 		 */
16558 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
16559 		if ((cmd_pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
16560 			cmd_bp = sd_mark_rqs_idle(un, sense_xp);
16561 			sd_retry_command(un, cmd_bp, SD_RETRIES_STANDARD,
16562 			    NULL, NULL, EIO, (clock_t)0, NULL);
16563 			return;
16564 		}
16565 	}
16566 
16567 	/*
16568 	 * Save the relevant sense info into the xp for the original cmd.
16569 	 *
16570 	 * Note: if the request sense failed the state info will be zero
16571 	 * as set in sd_mark_rqs_busy()
16572 	 */
16573 	cmd_xp->xb_sense_status = *(sense_pktp->pkt_scbp);
16574 	cmd_xp->xb_sense_state  = sense_pktp->pkt_state;
16575 	cmd_xp->xb_sense_resid  = sense_pktp->pkt_resid;
16576 	bcopy(sense_bp->b_un.b_addr, cmd_xp->xb_sense_data, SENSE_LENGTH);
16577 
16578 	/*
16579 	 *  Free up the RQS command....
16580 	 *  NOTE:
16581 	 *	Must do this BEFORE calling sd_validate_sense_data!
16582 	 *	sd_validate_sense_data may return the original command in
16583 	 *	which case the pkt will be freed and the flags can no
16584 	 *	longer be touched.
16585 	 *	SD_MUTEX is held through this process until the command
16586 	 *	is dispatched based upon the sense data, so there are
16587 	 *	no race conditions.
16588 	 */
16589 	(void) sd_mark_rqs_idle(un, sense_xp);
16590 
16591 	/*
16592 	 * For a retryable command see if we have valid sense data, if so then
16593 	 * turn it over to sd_decode_sense() to figure out the right course of
16594 	 * action. Just fail a non-retryable command.
16595 	 */
16596 	if ((cmd_pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
16597 		if (sd_validate_sense_data(un, cmd_bp, cmd_xp) ==
16598 		    SD_SENSE_DATA_IS_VALID) {
16599 			sd_decode_sense(un, cmd_bp, cmd_xp, cmd_pktp);
16600 		}
16601 	} else {
16602 		SD_DUMP_MEMORY(un, SD_LOG_IO_CORE, "Failed CDB",
16603 		    (uchar_t *)cmd_pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
16604 		SD_DUMP_MEMORY(un, SD_LOG_IO_CORE, "Sense Data",
16605 		    (uchar_t *)cmd_xp->xb_sense_data, SENSE_LENGTH, SD_LOG_HEX);
16606 		sd_return_failed_command(un, cmd_bp, EIO);
16607 	}
16608 }
16609 
16610 
16611 
16612 
16613 /*
16614  *    Function: sd_handle_auto_request_sense
16615  *
16616  * Description: Processing for auto-request sense information.
16617  *
16618  *   Arguments: un - ptr to associated softstate
16619  *		bp - ptr to buf(9S) for the command
16620  *		xp - ptr to the sd_xbuf for the command
16621  *		pktp - ptr to the scsi_pkt(9S) for the command
16622  *
16623  *     Context: May be called under interrupt context
16624  */
16625 
16626 static void
16627 sd_handle_auto_request_sense(struct sd_lun *un, struct buf *bp,
16628 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
16629 {
16630 	struct scsi_arq_status *asp;
16631 
16632 	ASSERT(un != NULL);
16633 	ASSERT(mutex_owned(SD_MUTEX(un)));
16634 	ASSERT(bp != NULL);
16635 	ASSERT(xp != NULL);
16636 	ASSERT(pktp != NULL);
16637 	ASSERT(pktp != un->un_rqs_pktp);
16638 	ASSERT(bp   != un->un_rqs_bp);
16639 
16640 	/*
16641 	 * For auto-request sense, we get a scsi_arq_status back from
16642 	 * the HBA, with the sense data in the sts_sensedata member.
16643 	 * The pkt_scbp of the packet points to this scsi_arq_status.
16644 	 */
16645 	asp = (struct scsi_arq_status *)(pktp->pkt_scbp);
16646 
16647 	if (asp->sts_rqpkt_reason != CMD_CMPLT) {
16648 		/*
16649 		 * The auto REQUEST SENSE failed; see if we can re-try
16650 		 * the original command.
16651 		 */
16652 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16653 		    "auto request sense failed (reason=%s)\n",
16654 		    scsi_rname(asp->sts_rqpkt_reason));
16655 
16656 		sd_reset_target(un, pktp);
16657 
16658 		sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16659 		    NULL, NULL, EIO, (clock_t)0, NULL);
16660 		return;
16661 	}
16662 
16663 	/* Save the relevant sense info into the xp for the original cmd. */
16664 	xp->xb_sense_status = *((uchar_t *)(&(asp->sts_rqpkt_status)));
16665 	xp->xb_sense_state  = asp->sts_rqpkt_state;
16666 	xp->xb_sense_resid  = asp->sts_rqpkt_resid;
16667 	bcopy(&asp->sts_sensedata, xp->xb_sense_data,
16668 	    min(sizeof (struct scsi_extended_sense), SENSE_LENGTH));
16669 
16670 	/*
16671 	 * See if we have valid sense data, if so then turn it over to
16672 	 * sd_decode_sense() to figure out the right course of action.
16673 	 */
16674 	if (sd_validate_sense_data(un, bp, xp) == SD_SENSE_DATA_IS_VALID) {
16675 		sd_decode_sense(un, bp, xp, pktp);
16676 	}
16677 }
16678 
16679 
16680 /*
16681  *    Function: sd_print_sense_failed_msg
16682  *
16683  * Description: Print log message when RQS has failed.
16684  *
16685  *   Arguments: un - ptr to associated softstate
16686  *		bp - ptr to buf(9S) for the command
16687  *		arg - generic message string ptr
16688  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
16689  *			or SD_NO_RETRY_ISSUED
16690  *
16691  *     Context: May be called from interrupt context
16692  */
16693 
16694 static void
16695 sd_print_sense_failed_msg(struct sd_lun *un, struct buf *bp, void *arg,
16696 	int code)
16697 {
16698 	char	*msgp = arg;
16699 
16700 	ASSERT(un != NULL);
16701 	ASSERT(mutex_owned(SD_MUTEX(un)));
16702 	ASSERT(bp != NULL);
16703 
16704 	if ((code == SD_NO_RETRY_ISSUED) && (msgp != NULL)) {
16705 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, msgp);
16706 	}
16707 }
16708 
16709 
16710 /*
16711  *    Function: sd_validate_sense_data
16712  *
16713  * Description: Check the given sense data for validity.
16714  *		If the sense data is not valid, the command will
16715  *		be either failed or retried!
16716  *
16717  * Return Code: SD_SENSE_DATA_IS_INVALID
16718  *		SD_SENSE_DATA_IS_VALID
16719  *
16720  *     Context: May be called from interrupt context
16721  */
16722 
16723 static int
16724 sd_validate_sense_data(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp)
16725 {
16726 	struct scsi_extended_sense *esp;
16727 	struct	scsi_pkt *pktp;
16728 	size_t	actual_len;
16729 	char	*msgp = NULL;
16730 
16731 	ASSERT(un != NULL);
16732 	ASSERT(mutex_owned(SD_MUTEX(un)));
16733 	ASSERT(bp != NULL);
16734 	ASSERT(bp != un->un_rqs_bp);
16735 	ASSERT(xp != NULL);
16736 
16737 	pktp = SD_GET_PKTP(bp);
16738 	ASSERT(pktp != NULL);
16739 
16740 	/*
16741 	 * Check the status of the RQS command (auto or manual).
16742 	 */
16743 	switch (xp->xb_sense_status & STATUS_MASK) {
16744 	case STATUS_GOOD:
16745 		break;
16746 
16747 	case STATUS_RESERVATION_CONFLICT:
16748 		sd_pkt_status_reservation_conflict(un, bp, xp, pktp);
16749 		return (SD_SENSE_DATA_IS_INVALID);
16750 
16751 	case STATUS_BUSY:
16752 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16753 		    "Busy Status on REQUEST SENSE\n");
16754 		sd_retry_command(un, bp, SD_RETRIES_BUSY, NULL,
16755 		    NULL, EIO, SD_BSY_TIMEOUT / 500, kstat_waitq_enter);
16756 		return (SD_SENSE_DATA_IS_INVALID);
16757 
16758 	case STATUS_QFULL:
16759 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16760 		    "QFULL Status on REQUEST SENSE\n");
16761 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL,
16762 		    NULL, EIO, SD_BSY_TIMEOUT / 500, kstat_waitq_enter);
16763 		return (SD_SENSE_DATA_IS_INVALID);
16764 
16765 	case STATUS_CHECK:
16766 	case STATUS_TERMINATED:
16767 		msgp = "Check Condition on REQUEST SENSE\n";
16768 		goto sense_failed;
16769 
16770 	default:
16771 		msgp = "Not STATUS_GOOD on REQUEST_SENSE\n";
16772 		goto sense_failed;
16773 	}
16774 
16775 	/*
16776 	 * See if we got the minimum required amount of sense data.
16777 	 * Note: We are assuming the returned sense data is SENSE_LENGTH bytes
16778 	 * or less.
16779 	 */
16780 	actual_len = (int)(SENSE_LENGTH - xp->xb_sense_resid);
16781 	if (((xp->xb_sense_state & STATE_XFERRED_DATA) == 0) ||
16782 	    (actual_len == 0)) {
16783 		msgp = "Request Sense couldn't get sense data\n";
16784 		goto sense_failed;
16785 	}
16786 
16787 	if (actual_len < SUN_MIN_SENSE_LENGTH) {
16788 		msgp = "Not enough sense information\n";
16789 		goto sense_failed;
16790 	}
16791 
16792 	/*
16793 	 * We require the extended sense data
16794 	 */
16795 	esp = (struct scsi_extended_sense *)xp->xb_sense_data;
16796 	if (esp->es_class != CLASS_EXTENDED_SENSE) {
16797 		if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
16798 			static char tmp[8];
16799 			static char buf[148];
16800 			char *p = (char *)(xp->xb_sense_data);
16801 			int i;
16802 
16803 			mutex_enter(&sd_sense_mutex);
16804 			(void) strcpy(buf, "undecodable sense information:");
16805 			for (i = 0; i < actual_len; i++) {
16806 				(void) sprintf(tmp, " 0x%x", *(p++)&0xff);
16807 				(void) strcpy(&buf[strlen(buf)], tmp);
16808 			}
16809 			i = strlen(buf);
16810 			(void) strcpy(&buf[i], "-(assumed fatal)\n");
16811 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, buf);
16812 			mutex_exit(&sd_sense_mutex);
16813 		}
16814 		/* Note: Legacy behavior, fail the command with no retry */
16815 		sd_return_failed_command(un, bp, EIO);
16816 		return (SD_SENSE_DATA_IS_INVALID);
16817 	}
16818 
16819 	/*
16820 	 * Check that es_code is valid (es_class concatenated with es_code
16821 	 * make up the "response code" field.  es_class will always be 7, so
16822 	 * make sure es_code is 0, 1, 2, 3 or 0xf.  es_code will indicate the
16823 	 * format.
16824 	 */
16825 	if ((esp->es_code != CODE_FMT_FIXED_CURRENT) &&
16826 	    (esp->es_code != CODE_FMT_FIXED_DEFERRED) &&
16827 	    (esp->es_code != CODE_FMT_DESCR_CURRENT) &&
16828 	    (esp->es_code != CODE_FMT_DESCR_DEFERRED) &&
16829 	    (esp->es_code != CODE_FMT_VENDOR_SPECIFIC)) {
16830 		goto sense_failed;
16831 	}
16832 
16833 	return (SD_SENSE_DATA_IS_VALID);
16834 
16835 sense_failed:
16836 	/*
16837 	 * If the request sense failed (for whatever reason), attempt
16838 	 * to retry the original command.
16839 	 */
16840 #if defined(__i386) || defined(__amd64)
16841 	/*
16842 	 * SD_RETRY_DELAY is conditionally compile (#if fibre) in
16843 	 * sddef.h for Sparc platform, and x86 uses 1 binary
16844 	 * for both SCSI/FC.
16845 	 * The SD_RETRY_DELAY value need to be adjusted here
16846 	 * when SD_RETRY_DELAY change in sddef.h
16847 	 */
16848 	sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16849 	    sd_print_sense_failed_msg, msgp, EIO,
16850 		un->un_f_is_fibre?drv_usectohz(100000):(clock_t)0, NULL);
16851 #else
16852 	sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16853 	    sd_print_sense_failed_msg, msgp, EIO, SD_RETRY_DELAY, NULL);
16854 #endif
16855 
16856 	return (SD_SENSE_DATA_IS_INVALID);
16857 }
16858 
16859 
16860 
16861 /*
16862  *    Function: sd_decode_sense
16863  *
16864  * Description: Take recovery action(s) when SCSI Sense Data is received.
16865  *
16866  *     Context: Interrupt context.
16867  */
16868 
16869 static void
16870 sd_decode_sense(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
16871 	struct scsi_pkt *pktp)
16872 {
16873 	struct scsi_extended_sense *esp;
16874 	struct scsi_descr_sense_hdr *sdsp;
16875 	uint8_t asc, ascq, sense_key;
16876 
16877 	ASSERT(un != NULL);
16878 	ASSERT(mutex_owned(SD_MUTEX(un)));
16879 	ASSERT(bp != NULL);
16880 	ASSERT(bp != un->un_rqs_bp);
16881 	ASSERT(xp != NULL);
16882 	ASSERT(pktp != NULL);
16883 
16884 	esp = (struct scsi_extended_sense *)xp->xb_sense_data;
16885 
16886 	switch (esp->es_code) {
16887 	case CODE_FMT_DESCR_CURRENT:
16888 	case CODE_FMT_DESCR_DEFERRED:
16889 		sdsp = (struct scsi_descr_sense_hdr *)xp->xb_sense_data;
16890 		sense_key = sdsp->ds_key;
16891 		asc = sdsp->ds_add_code;
16892 		ascq = sdsp->ds_qual_code;
16893 		break;
16894 	case CODE_FMT_VENDOR_SPECIFIC:
16895 	case CODE_FMT_FIXED_CURRENT:
16896 	case CODE_FMT_FIXED_DEFERRED:
16897 	default:
16898 		sense_key = esp->es_key;
16899 		asc = esp->es_add_code;
16900 		ascq = esp->es_qual_code;
16901 		break;
16902 	}
16903 
16904 	switch (sense_key) {
16905 	case KEY_NO_SENSE:
16906 		sd_sense_key_no_sense(un, bp, xp, pktp);
16907 		break;
16908 	case KEY_RECOVERABLE_ERROR:
16909 		sd_sense_key_recoverable_error(un, asc, bp, xp, pktp);
16910 		break;
16911 	case KEY_NOT_READY:
16912 		sd_sense_key_not_ready(un, asc, ascq, bp, xp, pktp);
16913 		break;
16914 	case KEY_MEDIUM_ERROR:
16915 	case KEY_HARDWARE_ERROR:
16916 		sd_sense_key_medium_or_hardware_error(un,
16917 		    sense_key, asc, bp, xp, pktp);
16918 		break;
16919 	case KEY_ILLEGAL_REQUEST:
16920 		sd_sense_key_illegal_request(un, bp, xp, pktp);
16921 		break;
16922 	case KEY_UNIT_ATTENTION:
16923 		sd_sense_key_unit_attention(un, asc, bp, xp, pktp);
16924 		break;
16925 	case KEY_WRITE_PROTECT:
16926 	case KEY_VOLUME_OVERFLOW:
16927 	case KEY_MISCOMPARE:
16928 		sd_sense_key_fail_command(un, bp, xp, pktp);
16929 		break;
16930 	case KEY_BLANK_CHECK:
16931 		sd_sense_key_blank_check(un, bp, xp, pktp);
16932 		break;
16933 	case KEY_ABORTED_COMMAND:
16934 		sd_sense_key_aborted_command(un, bp, xp, pktp);
16935 		break;
16936 	case KEY_VENDOR_UNIQUE:
16937 	case KEY_COPY_ABORTED:
16938 	case KEY_EQUAL:
16939 	case KEY_RESERVED:
16940 	default:
16941 		sd_sense_key_default(un, sense_key, bp, xp, pktp);
16942 		break;
16943 	}
16944 }
16945 
16946 
16947 /*
16948  *    Function: sd_dump_memory
16949  *
16950  * Description: Debug logging routine to print the contents of a user provided
16951  *		buffer. The output of the buffer is broken up into 256 byte
16952  *		segments due to a size constraint of the scsi_log.
16953  *		implementation.
16954  *
16955  *   Arguments: un - ptr to softstate
16956  *		comp - component mask
16957  *		title - "title" string to preceed data when printed
16958  *		data - ptr to data block to be printed
16959  *		len - size of data block to be printed
16960  *		fmt - SD_LOG_HEX (use 0x%02x format) or SD_LOG_CHAR (use %c)
16961  *
16962  *     Context: May be called from interrupt context
16963  */
16964 
16965 #define	SD_DUMP_MEMORY_BUF_SIZE	256
16966 
16967 static char *sd_dump_format_string[] = {
16968 		" 0x%02x",
16969 		" %c"
16970 };
16971 
16972 static void
16973 sd_dump_memory(struct sd_lun *un, uint_t comp, char *title, uchar_t *data,
16974     int len, int fmt)
16975 {
16976 	int	i, j;
16977 	int	avail_count;
16978 	int	start_offset;
16979 	int	end_offset;
16980 	size_t	entry_len;
16981 	char	*bufp;
16982 	char	*local_buf;
16983 	char	*format_string;
16984 
16985 	ASSERT((fmt == SD_LOG_HEX) || (fmt == SD_LOG_CHAR));
16986 
16987 	/*
16988 	 * In the debug version of the driver, this function is called from a
16989 	 * number of places which are NOPs in the release driver.
16990 	 * The debug driver therefore has additional methods of filtering
16991 	 * debug output.
16992 	 */
16993 #ifdef SDDEBUG
16994 	/*
16995 	 * In the debug version of the driver we can reduce the amount of debug
16996 	 * messages by setting sd_error_level to something other than
16997 	 * SCSI_ERR_ALL and clearing bits in sd_level_mask and
16998 	 * sd_component_mask.
16999 	 */
17000 	if (((sd_level_mask & (SD_LOGMASK_DUMP_MEM | SD_LOGMASK_DIAG)) == 0) ||
17001 	    (sd_error_level != SCSI_ERR_ALL)) {
17002 		return;
17003 	}
17004 	if (((sd_component_mask & comp) == 0) ||
17005 	    (sd_error_level != SCSI_ERR_ALL)) {
17006 		return;
17007 	}
17008 #else
17009 	if (sd_error_level != SCSI_ERR_ALL) {
17010 		return;
17011 	}
17012 #endif
17013 
17014 	local_buf = kmem_zalloc(SD_DUMP_MEMORY_BUF_SIZE, KM_SLEEP);
17015 	bufp = local_buf;
17016 	/*
17017 	 * Available length is the length of local_buf[], minus the
17018 	 * length of the title string, minus one for the ":", minus
17019 	 * one for the newline, minus one for the NULL terminator.
17020 	 * This gives the #bytes available for holding the printed
17021 	 * values from the given data buffer.
17022 	 */
17023 	if (fmt == SD_LOG_HEX) {
17024 		format_string = sd_dump_format_string[0];
17025 	} else /* SD_LOG_CHAR */ {
17026 		format_string = sd_dump_format_string[1];
17027 	}
17028 	/*
17029 	 * Available count is the number of elements from the given
17030 	 * data buffer that we can fit into the available length.
17031 	 * This is based upon the size of the format string used.
17032 	 * Make one entry and find it's size.
17033 	 */
17034 	(void) sprintf(bufp, format_string, data[0]);
17035 	entry_len = strlen(bufp);
17036 	avail_count = (SD_DUMP_MEMORY_BUF_SIZE - strlen(title) - 3) / entry_len;
17037 
17038 	j = 0;
17039 	while (j < len) {
17040 		bufp = local_buf;
17041 		bzero(bufp, SD_DUMP_MEMORY_BUF_SIZE);
17042 		start_offset = j;
17043 
17044 		end_offset = start_offset + avail_count;
17045 
17046 		(void) sprintf(bufp, "%s:", title);
17047 		bufp += strlen(bufp);
17048 		for (i = start_offset; ((i < end_offset) && (j < len));
17049 		    i++, j++) {
17050 			(void) sprintf(bufp, format_string, data[i]);
17051 			bufp += entry_len;
17052 		}
17053 		(void) sprintf(bufp, "\n");
17054 
17055 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE, "%s", local_buf);
17056 	}
17057 	kmem_free(local_buf, SD_DUMP_MEMORY_BUF_SIZE);
17058 }
17059 
17060 /*
17061  *    Function: sd_print_sense_msg
17062  *
17063  * Description: Log a message based upon the given sense data.
17064  *
17065  *   Arguments: un - ptr to associated softstate
17066  *		bp - ptr to buf(9S) for the command
17067  *		arg - ptr to associate sd_sense_info struct
17068  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
17069  *			or SD_NO_RETRY_ISSUED
17070  *
17071  *     Context: May be called from interrupt context
17072  */
17073 
17074 static void
17075 sd_print_sense_msg(struct sd_lun *un, struct buf *bp, void *arg, int code)
17076 {
17077 	struct sd_xbuf	*xp;
17078 	struct scsi_pkt	*pktp;
17079 	struct scsi_extended_sense *sensep;
17080 	daddr_t request_blkno;
17081 	diskaddr_t err_blkno;
17082 	int severity;
17083 	int pfa_flag;
17084 	int fixed_format = TRUE;
17085 	extern struct scsi_key_strings scsi_cmds[];
17086 
17087 	ASSERT(un != NULL);
17088 	ASSERT(mutex_owned(SD_MUTEX(un)));
17089 	ASSERT(bp != NULL);
17090 	xp = SD_GET_XBUF(bp);
17091 	ASSERT(xp != NULL);
17092 	pktp = SD_GET_PKTP(bp);
17093 	ASSERT(pktp != NULL);
17094 	ASSERT(arg != NULL);
17095 
17096 	severity = ((struct sd_sense_info *)(arg))->ssi_severity;
17097 	pfa_flag = ((struct sd_sense_info *)(arg))->ssi_pfa_flag;
17098 
17099 	if ((code == SD_DELAYED_RETRY_ISSUED) ||
17100 	    (code == SD_IMMEDIATE_RETRY_ISSUED)) {
17101 		severity = SCSI_ERR_RETRYABLE;
17102 	}
17103 
17104 	/* Use absolute block number for the request block number */
17105 	request_blkno = xp->xb_blkno;
17106 
17107 	/*
17108 	 * Now try to get the error block number from the sense data
17109 	 */
17110 	sensep = (struct scsi_extended_sense *)xp->xb_sense_data;
17111 	switch (sensep->es_code) {
17112 	case CODE_FMT_DESCR_CURRENT:
17113 	case CODE_FMT_DESCR_DEFERRED:
17114 		err_blkno =
17115 		    sd_extract_sense_info_descr(
17116 			(struct scsi_descr_sense_hdr *)sensep);
17117 		fixed_format = FALSE;
17118 		break;
17119 	case CODE_FMT_FIXED_CURRENT:
17120 	case CODE_FMT_FIXED_DEFERRED:
17121 	case CODE_FMT_VENDOR_SPECIFIC:
17122 	default:
17123 		/*
17124 		 * With the es_valid bit set, we assume that the error
17125 		 * blkno is in the sense data.  Also, if xp->xb_blkno is
17126 		 * greater than 0xffffffff then the target *should* have used
17127 		 * a descriptor sense format (or it shouldn't have set
17128 		 * the es_valid bit), and we may as well ignore the
17129 		 * 32-bit value.
17130 		 */
17131 		if ((sensep->es_valid != 0) && (xp->xb_blkno <= 0xffffffff)) {
17132 			err_blkno = (diskaddr_t)
17133 			    ((sensep->es_info_1 << 24) |
17134 			    (sensep->es_info_2 << 16) |
17135 			    (sensep->es_info_3 << 8)  |
17136 			    (sensep->es_info_4));
17137 		} else {
17138 			err_blkno = (diskaddr_t)-1;
17139 		}
17140 		break;
17141 	}
17142 
17143 	if (err_blkno == (diskaddr_t)-1) {
17144 		/*
17145 		 * Without the es_valid bit set (for fixed format) or an
17146 		 * information descriptor (for descriptor format) we cannot
17147 		 * be certain of the error blkno, so just use the
17148 		 * request_blkno.
17149 		 */
17150 		err_blkno = (diskaddr_t)request_blkno;
17151 	} else {
17152 		/*
17153 		 * We retrieved the error block number from the information
17154 		 * portion of the sense data.
17155 		 *
17156 		 * For USCSI commands we are better off using the error
17157 		 * block no. as the requested block no. (This is the best
17158 		 * we can estimate.)
17159 		 */
17160 		if ((SD_IS_BUFIO(xp) == FALSE) &&
17161 		    ((pktp->pkt_flags & FLAG_SILENT) == 0)) {
17162 			request_blkno = err_blkno;
17163 		}
17164 	}
17165 
17166 	/*
17167 	 * The following will log the buffer contents for the release driver
17168 	 * if the SD_LOGMASK_DIAG bit of sd_level_mask is set, or the error
17169 	 * level is set to verbose.
17170 	 */
17171 	sd_dump_memory(un, SD_LOG_IO, "Failed CDB",
17172 	    (uchar_t *)pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
17173 	sd_dump_memory(un, SD_LOG_IO, "Sense Data",
17174 	    (uchar_t *)sensep, SENSE_LENGTH, SD_LOG_HEX);
17175 
17176 	if (pfa_flag == FALSE) {
17177 		/* This is normally only set for USCSI */
17178 		if ((pktp->pkt_flags & FLAG_SILENT) != 0) {
17179 			return;
17180 		}
17181 
17182 		if ((SD_IS_BUFIO(xp) == TRUE) &&
17183 		    (((sd_level_mask & SD_LOGMASK_DIAG) == 0) &&
17184 		    (severity < sd_error_level))) {
17185 			return;
17186 		}
17187 	}
17188 
17189 	/*
17190 	 * If the data is fixed format then check for Sonoma Failover,
17191 	 * and keep a count of how many failed I/O's.  We should not have
17192 	 * to worry about Sonoma returning descriptor format sense data,
17193 	 * and asc/ascq are in a different location in descriptor format.
17194 	 */
17195 	if (fixed_format &&
17196 	    (SD_IS_LSI(un)) && (sensep->es_key == KEY_ILLEGAL_REQUEST) &&
17197 	    (sensep->es_add_code == 0x94) && (sensep->es_qual_code == 0x01)) {
17198 		un->un_sonoma_failure_count++;
17199 		if (un->un_sonoma_failure_count > 1) {
17200 			return;
17201 		}
17202 	}
17203 
17204 	scsi_vu_errmsg(SD_SCSI_DEVP(un), pktp, sd_label, severity,
17205 	    request_blkno, err_blkno, scsi_cmds, sensep,
17206 	    un->un_additional_codes, NULL);
17207 }
17208 
17209 /*
17210  *    Function: sd_extract_sense_info_descr
17211  *
17212  * Description: Retrieve "information" field from descriptor format
17213  *              sense data.  Iterates through each sense descriptor
17214  *              looking for the information descriptor and returns
17215  *              the information field from that descriptor.
17216  *
17217  *     Context: May be called from interrupt context
17218  */
17219 
17220 static diskaddr_t
17221 sd_extract_sense_info_descr(struct scsi_descr_sense_hdr *sdsp)
17222 {
17223 	diskaddr_t result;
17224 	uint8_t *descr_offset;
17225 	int valid_sense_length;
17226 	struct scsi_information_sense_descr *isd;
17227 
17228 	/*
17229 	 * Initialize result to -1 indicating there is no information
17230 	 * descriptor
17231 	 */
17232 	result = (diskaddr_t)-1;
17233 
17234 	/*
17235 	 * The first descriptor will immediately follow the header
17236 	 */
17237 	descr_offset = (uint8_t *)(sdsp+1); /* Pointer arithmetic */
17238 
17239 	/*
17240 	 * Calculate the amount of valid sense data
17241 	 */
17242 	valid_sense_length =
17243 	    min((sizeof (struct scsi_descr_sense_hdr) +
17244 	    sdsp->ds_addl_sense_length),
17245 	    SENSE_LENGTH);
17246 
17247 	/*
17248 	 * Iterate through the list of descriptors, stopping when we
17249 	 * run out of sense data
17250 	 */
17251 	while ((descr_offset + sizeof (struct scsi_information_sense_descr)) <=
17252 	    (uint8_t *)sdsp + valid_sense_length) {
17253 		/*
17254 		 * Check if this is an information descriptor.  We can
17255 		 * use the scsi_information_sense_descr structure as a
17256 		 * template sense the first two fields are always the
17257 		 * same
17258 		 */
17259 		isd = (struct scsi_information_sense_descr *)descr_offset;
17260 		if (isd->isd_descr_type == DESCR_INFORMATION) {
17261 			/*
17262 			 * Found an information descriptor.  Copy the
17263 			 * information field.  There will only be one
17264 			 * information descriptor so we can stop looking.
17265 			 */
17266 			result =
17267 			    (((diskaddr_t)isd->isd_information[0] << 56) |
17268 				((diskaddr_t)isd->isd_information[1] << 48) |
17269 				((diskaddr_t)isd->isd_information[2] << 40) |
17270 				((diskaddr_t)isd->isd_information[3] << 32) |
17271 				((diskaddr_t)isd->isd_information[4] << 24) |
17272 				((diskaddr_t)isd->isd_information[5] << 16) |
17273 				((diskaddr_t)isd->isd_information[6] << 8)  |
17274 				((diskaddr_t)isd->isd_information[7]));
17275 			break;
17276 		}
17277 
17278 		/*
17279 		 * Get pointer to the next descriptor.  The "additional
17280 		 * length" field holds the length of the descriptor except
17281 		 * for the "type" and "additional length" fields, so
17282 		 * we need to add 2 to get the total length.
17283 		 */
17284 		descr_offset += (isd->isd_addl_length + 2);
17285 	}
17286 
17287 	return (result);
17288 }
17289 
17290 /*
17291  *    Function: sd_sense_key_no_sense
17292  *
17293  * Description: Recovery action when sense data was not received.
17294  *
17295  *     Context: May be called from interrupt context
17296  */
17297 
17298 static void
17299 sd_sense_key_no_sense(struct sd_lun *un, struct buf *bp,
17300 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17301 {
17302 	struct sd_sense_info	si;
17303 
17304 	ASSERT(un != NULL);
17305 	ASSERT(mutex_owned(SD_MUTEX(un)));
17306 	ASSERT(bp != NULL);
17307 	ASSERT(xp != NULL);
17308 	ASSERT(pktp != NULL);
17309 
17310 	si.ssi_severity = SCSI_ERR_FATAL;
17311 	si.ssi_pfa_flag = FALSE;
17312 
17313 	SD_UPDATE_ERRSTATS(un, sd_softerrs);
17314 
17315 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17316 		&si, EIO, (clock_t)0, NULL);
17317 }
17318 
17319 
17320 /*
17321  *    Function: sd_sense_key_recoverable_error
17322  *
17323  * Description: Recovery actions for a SCSI "Recovered Error" sense key.
17324  *
17325  *     Context: May be called from interrupt context
17326  */
17327 
17328 static void
17329 sd_sense_key_recoverable_error(struct sd_lun *un,
17330 	uint8_t asc,
17331 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17332 {
17333 	struct sd_sense_info	si;
17334 
17335 	ASSERT(un != NULL);
17336 	ASSERT(mutex_owned(SD_MUTEX(un)));
17337 	ASSERT(bp != NULL);
17338 	ASSERT(xp != NULL);
17339 	ASSERT(pktp != NULL);
17340 
17341 	/*
17342 	 * 0x5D: FAILURE PREDICTION THRESHOLD EXCEEDED
17343 	 */
17344 	if ((asc == 0x5D) && (sd_report_pfa != 0)) {
17345 		SD_UPDATE_ERRSTATS(un, sd_rq_pfa_err);
17346 		si.ssi_severity = SCSI_ERR_INFO;
17347 		si.ssi_pfa_flag = TRUE;
17348 	} else {
17349 		SD_UPDATE_ERRSTATS(un, sd_softerrs);
17350 		SD_UPDATE_ERRSTATS(un, sd_rq_recov_err);
17351 		si.ssi_severity = SCSI_ERR_RECOVERED;
17352 		si.ssi_pfa_flag = FALSE;
17353 	}
17354 
17355 	if (pktp->pkt_resid == 0) {
17356 		sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17357 		sd_return_command(un, bp);
17358 		return;
17359 	}
17360 
17361 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17362 	    &si, EIO, (clock_t)0, NULL);
17363 }
17364 
17365 
17366 
17367 
17368 /*
17369  *    Function: sd_sense_key_not_ready
17370  *
17371  * Description: Recovery actions for a SCSI "Not Ready" sense key.
17372  *
17373  *     Context: May be called from interrupt context
17374  */
17375 
17376 static void
17377 sd_sense_key_not_ready(struct sd_lun *un,
17378 	uint8_t asc, uint8_t ascq,
17379 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17380 {
17381 	struct sd_sense_info	si;
17382 
17383 	ASSERT(un != NULL);
17384 	ASSERT(mutex_owned(SD_MUTEX(un)));
17385 	ASSERT(bp != NULL);
17386 	ASSERT(xp != NULL);
17387 	ASSERT(pktp != NULL);
17388 
17389 	si.ssi_severity = SCSI_ERR_FATAL;
17390 	si.ssi_pfa_flag = FALSE;
17391 
17392 	/*
17393 	 * Update error stats after first NOT READY error. Disks may have
17394 	 * been powered down and may need to be restarted.  For CDROMs,
17395 	 * report NOT READY errors only if media is present.
17396 	 */
17397 	if ((ISCD(un) && (un->un_f_geometry_is_valid == TRUE)) ||
17398 	    (xp->xb_retry_count > 0)) {
17399 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
17400 		SD_UPDATE_ERRSTATS(un, sd_rq_ntrdy_err);
17401 	}
17402 
17403 	/*
17404 	 * Just fail if the "not ready" retry limit has been reached.
17405 	 */
17406 	if (xp->xb_retry_count >= un->un_notready_retry_count) {
17407 		/* Special check for error message printing for removables. */
17408 		if ((ISREMOVABLE(un)) && (asc == 0x04) &&
17409 		    (ascq >= 0x04)) {
17410 			si.ssi_severity = SCSI_ERR_ALL;
17411 		}
17412 		goto fail_command;
17413 	}
17414 
17415 	/*
17416 	 * Check the ASC and ASCQ in the sense data as needed, to determine
17417 	 * what to do.
17418 	 */
17419 	switch (asc) {
17420 	case 0x04:	/* LOGICAL UNIT NOT READY */
17421 		/*
17422 		 * disk drives that don't spin up result in a very long delay
17423 		 * in format without warning messages. We will log a message
17424 		 * if the error level is set to verbose.
17425 		 */
17426 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17427 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17428 			    "logical unit not ready, resetting disk\n");
17429 		}
17430 
17431 		/*
17432 		 * There are different requirements for CDROMs and disks for
17433 		 * the number of retries.  If a CD-ROM is giving this, it is
17434 		 * probably reading TOC and is in the process of getting
17435 		 * ready, so we should keep on trying for a long time to make
17436 		 * sure that all types of media are taken in account (for
17437 		 * some media the drive takes a long time to read TOC).  For
17438 		 * disks we do not want to retry this too many times as this
17439 		 * can cause a long hang in format when the drive refuses to
17440 		 * spin up (a very common failure).
17441 		 */
17442 		switch (ascq) {
17443 		case 0x00:  /* LUN NOT READY, CAUSE NOT REPORTABLE */
17444 			/*
17445 			 * Disk drives frequently refuse to spin up which
17446 			 * results in a very long hang in format without
17447 			 * warning messages.
17448 			 *
17449 			 * Note: This code preserves the legacy behavior of
17450 			 * comparing xb_retry_count against zero for fibre
17451 			 * channel targets instead of comparing against the
17452 			 * un_reset_retry_count value.  The reason for this
17453 			 * discrepancy has been so utterly lost beneath the
17454 			 * Sands of Time that even Indiana Jones could not
17455 			 * find it.
17456 			 */
17457 			if (un->un_f_is_fibre == TRUE) {
17458 				if (((sd_level_mask & SD_LOGMASK_DIAG) ||
17459 					(xp->xb_retry_count > 0)) &&
17460 					(un->un_startstop_timeid == NULL)) {
17461 					scsi_log(SD_DEVINFO(un), sd_label,
17462 					CE_WARN, "logical unit not ready, "
17463 					"resetting disk\n");
17464 					sd_reset_target(un, pktp);
17465 				}
17466 			} else {
17467 				if (((sd_level_mask & SD_LOGMASK_DIAG) ||
17468 					(xp->xb_retry_count >
17469 					un->un_reset_retry_count)) &&
17470 					(un->un_startstop_timeid == NULL)) {
17471 					scsi_log(SD_DEVINFO(un), sd_label,
17472 					CE_WARN, "logical unit not ready, "
17473 					"resetting disk\n");
17474 					sd_reset_target(un, pktp);
17475 				}
17476 			}
17477 			break;
17478 
17479 		case 0x01:  /* LUN IS IN PROCESS OF BECOMING READY */
17480 			/*
17481 			 * If the target is in the process of becoming
17482 			 * ready, just proceed with the retry. This can
17483 			 * happen with CD-ROMs that take a long time to
17484 			 * read TOC after a power cycle or reset.
17485 			 */
17486 			goto do_retry;
17487 
17488 		case 0x02:  /* LUN NOT READY, INITITIALIZING CMD REQUIRED */
17489 			break;
17490 
17491 		case 0x03:  /* LUN NOT READY, MANUAL INTERVENTION REQUIRED */
17492 			/*
17493 			 * Retries cannot help here so just fail right away.
17494 			 */
17495 			goto fail_command;
17496 
17497 		case 0x88:
17498 			/*
17499 			 * Vendor-unique code for T3/T4: it indicates a
17500 			 * path problem in a mutipathed config, but as far as
17501 			 * the target driver is concerned it equates to a fatal
17502 			 * error, so we should just fail the command right away
17503 			 * (without printing anything to the console). If this
17504 			 * is not a T3/T4, fall thru to the default recovery
17505 			 * action.
17506 			 * T3/T4 is FC only, don't need to check is_fibre
17507 			 */
17508 			if (SD_IS_T3(un) || SD_IS_T4(un)) {
17509 				sd_return_failed_command(un, bp, EIO);
17510 				return;
17511 			}
17512 			/* FALLTHRU */
17513 
17514 		case 0x04:  /* LUN NOT READY, FORMAT IN PROGRESS */
17515 		case 0x05:  /* LUN NOT READY, REBUILD IN PROGRESS */
17516 		case 0x06:  /* LUN NOT READY, RECALCULATION IN PROGRESS */
17517 		case 0x07:  /* LUN NOT READY, OPERATION IN PROGRESS */
17518 		case 0x08:  /* LUN NOT READY, LONG WRITE IN PROGRESS */
17519 		default:    /* Possible future codes in SCSI spec? */
17520 			/*
17521 			 * For removable-media devices, do not retry if
17522 			 * ASCQ > 2 as these result mostly from USCSI commands
17523 			 * on MMC devices issued to check status of an
17524 			 * operation initiated in immediate mode.  Also for
17525 			 * ASCQ >= 4 do not print console messages as these
17526 			 * mainly represent a user-initiated operation
17527 			 * instead of a system failure.
17528 			 */
17529 			if (ISREMOVABLE(un)) {
17530 				si.ssi_severity = SCSI_ERR_ALL;
17531 				goto fail_command;
17532 			}
17533 			break;
17534 		}
17535 
17536 		/*
17537 		 * As part of our recovery attempt for the NOT READY
17538 		 * condition, we issue a START STOP UNIT command. However
17539 		 * we want to wait for a short delay before attempting this
17540 		 * as there may still be more commands coming back from the
17541 		 * target with the check condition. To do this we use
17542 		 * timeout(9F) to call sd_start_stop_unit_callback() after
17543 		 * the delay interval expires. (sd_start_stop_unit_callback()
17544 		 * dispatches sd_start_stop_unit_task(), which will issue
17545 		 * the actual START STOP UNIT command. The delay interval
17546 		 * is one-half of the delay that we will use to retry the
17547 		 * command that generated the NOT READY condition.
17548 		 *
17549 		 * Note that we could just dispatch sd_start_stop_unit_task()
17550 		 * from here and allow it to sleep for the delay interval,
17551 		 * but then we would be tying up the taskq thread
17552 		 * uncesessarily for the duration of the delay.
17553 		 *
17554 		 * Do not issue the START STOP UNIT if the current command
17555 		 * is already a START STOP UNIT.
17556 		 */
17557 		if (pktp->pkt_cdbp[0] == SCMD_START_STOP) {
17558 			break;
17559 		}
17560 
17561 		/*
17562 		 * Do not schedule the timeout if one is already pending.
17563 		 */
17564 		if (un->un_startstop_timeid != NULL) {
17565 			SD_INFO(SD_LOG_ERROR, un,
17566 			    "sd_sense_key_not_ready: restart already issued to"
17567 			    " %s%d\n", ddi_driver_name(SD_DEVINFO(un)),
17568 			    ddi_get_instance(SD_DEVINFO(un)));
17569 			break;
17570 		}
17571 
17572 		/*
17573 		 * Schedule the START STOP UNIT command, then queue the command
17574 		 * for a retry.
17575 		 *
17576 		 * Note: A timeout is not scheduled for this retry because we
17577 		 * want the retry to be serial with the START_STOP_UNIT. The
17578 		 * retry will be started when the START_STOP_UNIT is completed
17579 		 * in sd_start_stop_unit_task.
17580 		 */
17581 		un->un_startstop_timeid = timeout(sd_start_stop_unit_callback,
17582 		    un, SD_BSY_TIMEOUT / 2);
17583 		xp->xb_retry_count++;
17584 		sd_set_retry_bp(un, bp, 0, kstat_waitq_enter);
17585 		return;
17586 
17587 	case 0x05:	/* LOGICAL UNIT DOES NOT RESPOND TO SELECTION */
17588 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17589 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17590 			    "unit does not respond to selection\n");
17591 		}
17592 		break;
17593 
17594 	case 0x3A:	/* MEDIUM NOT PRESENT */
17595 		if (sd_error_level >= SCSI_ERR_FATAL) {
17596 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17597 			    "Caddy not inserted in drive\n");
17598 		}
17599 
17600 		sr_ejected(un);
17601 		un->un_mediastate = DKIO_EJECTED;
17602 		/* The state has changed, inform the media watch routines */
17603 		cv_broadcast(&un->un_state_cv);
17604 		/* Just fail if no media is present in the drive. */
17605 		goto fail_command;
17606 
17607 	default:
17608 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17609 			scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
17610 			    "Unit not Ready. Additional sense code 0x%x\n",
17611 			    asc);
17612 		}
17613 		break;
17614 	}
17615 
17616 do_retry:
17617 
17618 	/*
17619 	 * Retry the command, as some targets may report NOT READY for
17620 	 * several seconds after being reset.
17621 	 */
17622 	xp->xb_retry_count++;
17623 	si.ssi_severity = SCSI_ERR_RETRYABLE;
17624 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, sd_print_sense_msg,
17625 	    &si, EIO, SD_BSY_TIMEOUT, NULL);
17626 
17627 	return;
17628 
17629 fail_command:
17630 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17631 	sd_return_failed_command(un, bp, EIO);
17632 }
17633 
17634 
17635 
17636 /*
17637  *    Function: sd_sense_key_medium_or_hardware_error
17638  *
17639  * Description: Recovery actions for a SCSI "Medium Error" or "Hardware Error"
17640  *		sense key.
17641  *
17642  *     Context: May be called from interrupt context
17643  */
17644 
17645 static void
17646 sd_sense_key_medium_or_hardware_error(struct sd_lun *un,
17647 	int sense_key, uint8_t asc,
17648 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17649 {
17650 	struct sd_sense_info	si;
17651 
17652 	ASSERT(un != NULL);
17653 	ASSERT(mutex_owned(SD_MUTEX(un)));
17654 	ASSERT(bp != NULL);
17655 	ASSERT(xp != NULL);
17656 	ASSERT(pktp != NULL);
17657 
17658 	si.ssi_severity = SCSI_ERR_FATAL;
17659 	si.ssi_pfa_flag = FALSE;
17660 
17661 	if (sense_key == KEY_MEDIUM_ERROR) {
17662 		SD_UPDATE_ERRSTATS(un, sd_rq_media_err);
17663 	}
17664 
17665 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17666 
17667 	if ((un->un_reset_retry_count != 0) &&
17668 	    (xp->xb_retry_count == un->un_reset_retry_count)) {
17669 		mutex_exit(SD_MUTEX(un));
17670 		/* Do NOT do a RESET_ALL here: too intrusive. (4112858) */
17671 		if (un->un_f_allow_bus_device_reset == TRUE) {
17672 
17673 			boolean_t try_resetting_target = B_TRUE;
17674 
17675 			/*
17676 			 * We need to be able to handle specific ASC when we are
17677 			 * handling a KEY_HARDWARE_ERROR. In particular
17678 			 * taking the default action of resetting the target may
17679 			 * not be the appropriate way to attempt recovery.
17680 			 * Resetting a target because of a single LUN failure
17681 			 * victimizes all LUNs on that target.
17682 			 *
17683 			 * This is true for the LSI arrays, if an LSI
17684 			 * array controller returns an ASC of 0x84 (LUN Dead) we
17685 			 * should trust it.
17686 			 */
17687 
17688 			if (sense_key == KEY_HARDWARE_ERROR) {
17689 				switch (asc) {
17690 				case 0x84:
17691 					if (SD_IS_LSI(un)) {
17692 						try_resetting_target = B_FALSE;
17693 					}
17694 					break;
17695 				default:
17696 					break;
17697 				}
17698 			}
17699 
17700 			if (try_resetting_target == B_TRUE) {
17701 				int reset_retval = 0;
17702 				if (un->un_f_lun_reset_enabled == TRUE) {
17703 					SD_TRACE(SD_LOG_IO_CORE, un,
17704 					    "sd_sense_key_medium_or_hardware_"
17705 					    "error: issuing RESET_LUN\n");
17706 					reset_retval =
17707 					    scsi_reset(SD_ADDRESS(un),
17708 					    RESET_LUN);
17709 				}
17710 				if (reset_retval == 0) {
17711 					SD_TRACE(SD_LOG_IO_CORE, un,
17712 					    "sd_sense_key_medium_or_hardware_"
17713 					    "error: issuing RESET_TARGET\n");
17714 					(void) scsi_reset(SD_ADDRESS(un),
17715 					    RESET_TARGET);
17716 				}
17717 			}
17718 		}
17719 		mutex_enter(SD_MUTEX(un));
17720 	}
17721 
17722 	/*
17723 	 * This really ought to be a fatal error, but we will retry anyway
17724 	 * as some drives report this as a spurious error.
17725 	 */
17726 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17727 	    &si, EIO, (clock_t)0, NULL);
17728 }
17729 
17730 
17731 
17732 /*
17733  *    Function: sd_sense_key_illegal_request
17734  *
17735  * Description: Recovery actions for a SCSI "Illegal Request" sense key.
17736  *
17737  *     Context: May be called from interrupt context
17738  */
17739 
17740 static void
17741 sd_sense_key_illegal_request(struct sd_lun *un, struct buf *bp,
17742 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17743 {
17744 	struct sd_sense_info	si;
17745 
17746 	ASSERT(un != NULL);
17747 	ASSERT(mutex_owned(SD_MUTEX(un)));
17748 	ASSERT(bp != NULL);
17749 	ASSERT(xp != NULL);
17750 	ASSERT(pktp != NULL);
17751 
17752 	SD_UPDATE_ERRSTATS(un, sd_softerrs);
17753 	SD_UPDATE_ERRSTATS(un, sd_rq_illrq_err);
17754 
17755 	si.ssi_severity = SCSI_ERR_INFO;
17756 	si.ssi_pfa_flag = FALSE;
17757 
17758 	/* Pointless to retry if the target thinks it's an illegal request */
17759 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17760 	sd_return_failed_command(un, bp, EIO);
17761 }
17762 
17763 
17764 
17765 
17766 /*
17767  *    Function: sd_sense_key_unit_attention
17768  *
17769  * Description: Recovery actions for a SCSI "Unit Attention" sense key.
17770  *
17771  *     Context: May be called from interrupt context
17772  */
17773 
17774 static void
17775 sd_sense_key_unit_attention(struct sd_lun *un,
17776 	uint8_t asc,
17777 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17778 {
17779 	/*
17780 	 * For UNIT ATTENTION we allow retries for one minute. Devices
17781 	 * like Sonoma can return UNIT ATTENTION close to a minute
17782 	 * under certain conditions.
17783 	 */
17784 	int	retry_check_flag = SD_RETRIES_UA;
17785 	struct	sd_sense_info		si;
17786 
17787 	ASSERT(un != NULL);
17788 	ASSERT(mutex_owned(SD_MUTEX(un)));
17789 	ASSERT(bp != NULL);
17790 	ASSERT(xp != NULL);
17791 	ASSERT(pktp != NULL);
17792 
17793 	si.ssi_severity = SCSI_ERR_INFO;
17794 	si.ssi_pfa_flag = FALSE;
17795 
17796 
17797 	switch (asc) {
17798 	case 0x5D:  /* FAILURE PREDICTION THRESHOLD EXCEEDED */
17799 		if (sd_report_pfa != 0) {
17800 			SD_UPDATE_ERRSTATS(un, sd_rq_pfa_err);
17801 			si.ssi_pfa_flag = TRUE;
17802 			retry_check_flag = SD_RETRIES_STANDARD;
17803 			goto do_retry;
17804 		}
17805 		break;
17806 
17807 	case 0x29:  /* POWER ON, RESET, OR BUS DEVICE RESET OCCURRED */
17808 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
17809 			un->un_resvd_status |=
17810 			    (SD_LOST_RESERVE | SD_WANT_RESERVE);
17811 		}
17812 		/* FALLTHRU */
17813 
17814 	case 0x28: /* NOT READY TO READY CHANGE, MEDIUM MAY HAVE CHANGED */
17815 		if (!ISREMOVABLE(un)) {
17816 			break;
17817 		}
17818 
17819 		/*
17820 		 * When we get a unit attention from a removable-media device,
17821 		 * it may be in a state that will take a long time to recover
17822 		 * (e.g., from a reset).  Since we are executing in interrupt
17823 		 * context here, we cannot wait around for the device to come
17824 		 * back. So hand this command off to sd_media_change_task()
17825 		 * for deferred processing under taskq thread context. (Note
17826 		 * that the command still may be failed if a problem is
17827 		 * encountered at a later time.)
17828 		 */
17829 		if (taskq_dispatch(sd_tq, sd_media_change_task, pktp,
17830 		    KM_NOSLEEP) == 0) {
17831 			/*
17832 			 * Cannot dispatch the request so fail the command.
17833 			 */
17834 			SD_UPDATE_ERRSTATS(un, sd_harderrs);
17835 			SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
17836 			si.ssi_severity = SCSI_ERR_FATAL;
17837 			sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17838 			sd_return_failed_command(un, bp, EIO);
17839 		}
17840 		/*
17841 		 * Either the command has been successfully dispatched to a
17842 		 * task Q for retrying, or the dispatch failed. In either case
17843 		 * do NOT retry again by calling sd_retry_command. This sets up
17844 		 * two retries of the same command and when one completes and
17845 		 * frees the resources the other will access freed memory,
17846 		 * a bad thing.
17847 		 */
17848 		return;
17849 
17850 	default:
17851 		break;
17852 	}
17853 
17854 	if (!ISREMOVABLE(un)) {
17855 		/*
17856 		 * Do not update these here for removables. For removables
17857 		 * these stats are updated (1) above if we failed to dispatch
17858 		 * sd_media_change_task(), or (2) sd_media_change_task() may
17859 		 * update these later if it encounters an error.
17860 		 */
17861 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
17862 		SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
17863 	}
17864 
17865 do_retry:
17866 	sd_retry_command(un, bp, retry_check_flag, sd_print_sense_msg, &si,
17867 	    EIO, SD_UA_RETRY_DELAY, NULL);
17868 }
17869 
17870 
17871 
17872 /*
17873  *    Function: sd_sense_key_fail_command
17874  *
17875  * Description: Use to fail a command when we don't like the sense key that
17876  *		was returned.
17877  *
17878  *     Context: May be called from interrupt context
17879  */
17880 
17881 static void
17882 sd_sense_key_fail_command(struct sd_lun *un, struct buf *bp,
17883 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17884 {
17885 	struct sd_sense_info	si;
17886 
17887 	ASSERT(un != NULL);
17888 	ASSERT(mutex_owned(SD_MUTEX(un)));
17889 	ASSERT(bp != NULL);
17890 	ASSERT(xp != NULL);
17891 	ASSERT(pktp != NULL);
17892 
17893 	si.ssi_severity = SCSI_ERR_FATAL;
17894 	si.ssi_pfa_flag = FALSE;
17895 
17896 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17897 	sd_return_failed_command(un, bp, EIO);
17898 }
17899 
17900 
17901 
17902 /*
17903  *    Function: sd_sense_key_blank_check
17904  *
17905  * Description: Recovery actions for a SCSI "Blank Check" sense key.
17906  *		Has no monetary connotation.
17907  *
17908  *     Context: May be called from interrupt context
17909  */
17910 
17911 static void
17912 sd_sense_key_blank_check(struct sd_lun *un, struct buf *bp,
17913 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17914 {
17915 	struct sd_sense_info	si;
17916 
17917 	ASSERT(un != NULL);
17918 	ASSERT(mutex_owned(SD_MUTEX(un)));
17919 	ASSERT(bp != NULL);
17920 	ASSERT(xp != NULL);
17921 	ASSERT(pktp != NULL);
17922 
17923 	/*
17924 	 * Blank check is not fatal for removable devices, therefore
17925 	 * it does not require a console message.
17926 	 */
17927 	si.ssi_severity = (ISREMOVABLE(un)) ? SCSI_ERR_ALL : SCSI_ERR_FATAL;
17928 	si.ssi_pfa_flag = FALSE;
17929 
17930 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17931 	sd_return_failed_command(un, bp, EIO);
17932 }
17933 
17934 
17935 
17936 
17937 /*
17938  *    Function: sd_sense_key_aborted_command
17939  *
17940  * Description: Recovery actions for a SCSI "Aborted Command" sense key.
17941  *
17942  *     Context: May be called from interrupt context
17943  */
17944 
17945 static void
17946 sd_sense_key_aborted_command(struct sd_lun *un, struct buf *bp,
17947 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17948 {
17949 	struct sd_sense_info	si;
17950 
17951 	ASSERT(un != NULL);
17952 	ASSERT(mutex_owned(SD_MUTEX(un)));
17953 	ASSERT(bp != NULL);
17954 	ASSERT(xp != NULL);
17955 	ASSERT(pktp != NULL);
17956 
17957 	si.ssi_severity = SCSI_ERR_FATAL;
17958 	si.ssi_pfa_flag = FALSE;
17959 
17960 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17961 
17962 	/*
17963 	 * This really ought to be a fatal error, but we will retry anyway
17964 	 * as some drives report this as a spurious error.
17965 	 */
17966 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17967 	    &si, EIO, (clock_t)0, NULL);
17968 }
17969 
17970 
17971 
17972 /*
17973  *    Function: sd_sense_key_default
17974  *
17975  * Description: Default recovery action for several SCSI sense keys (basically
17976  *		attempts a retry).
17977  *
17978  *     Context: May be called from interrupt context
17979  */
17980 
17981 static void
17982 sd_sense_key_default(struct sd_lun *un,
17983 	int sense_key,
17984 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17985 {
17986 	struct sd_sense_info	si;
17987 
17988 	ASSERT(un != NULL);
17989 	ASSERT(mutex_owned(SD_MUTEX(un)));
17990 	ASSERT(bp != NULL);
17991 	ASSERT(xp != NULL);
17992 	ASSERT(pktp != NULL);
17993 
17994 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17995 
17996 	/*
17997 	 * Undecoded sense key.	Attempt retries and hope that will fix
17998 	 * the problem.  Otherwise, we're dead.
17999 	 */
18000 	if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
18001 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18002 		    "Unhandled Sense Key '%s'\n", sense_keys[sense_key]);
18003 	}
18004 
18005 	si.ssi_severity = SCSI_ERR_FATAL;
18006 	si.ssi_pfa_flag = FALSE;
18007 
18008 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
18009 	    &si, EIO, (clock_t)0, NULL);
18010 }
18011 
18012 
18013 
18014 /*
18015  *    Function: sd_print_retry_msg
18016  *
18017  * Description: Print a message indicating the retry action being taken.
18018  *
18019  *   Arguments: un - ptr to associated softstate
18020  *		bp - ptr to buf(9S) for the command
18021  *		arg - not used.
18022  *		flag - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
18023  *			or SD_NO_RETRY_ISSUED
18024  *
18025  *     Context: May be called from interrupt context
18026  */
18027 /* ARGSUSED */
18028 static void
18029 sd_print_retry_msg(struct sd_lun *un, struct buf *bp, void *arg, int flag)
18030 {
18031 	struct sd_xbuf	*xp;
18032 	struct scsi_pkt *pktp;
18033 	char *reasonp;
18034 	char *msgp;
18035 
18036 	ASSERT(un != NULL);
18037 	ASSERT(mutex_owned(SD_MUTEX(un)));
18038 	ASSERT(bp != NULL);
18039 	pktp = SD_GET_PKTP(bp);
18040 	ASSERT(pktp != NULL);
18041 	xp = SD_GET_XBUF(bp);
18042 	ASSERT(xp != NULL);
18043 
18044 	ASSERT(!mutex_owned(&un->un_pm_mutex));
18045 	mutex_enter(&un->un_pm_mutex);
18046 	if ((un->un_state == SD_STATE_SUSPENDED) ||
18047 	    (SD_DEVICE_IS_IN_LOW_POWER(un)) ||
18048 	    (pktp->pkt_flags & FLAG_SILENT)) {
18049 		mutex_exit(&un->un_pm_mutex);
18050 		goto update_pkt_reason;
18051 	}
18052 	mutex_exit(&un->un_pm_mutex);
18053 
18054 	/*
18055 	 * Suppress messages if they are all the same pkt_reason; with
18056 	 * TQ, many (up to 256) are returned with the same pkt_reason.
18057 	 * If we are in panic, then suppress the retry messages.
18058 	 */
18059 	switch (flag) {
18060 	case SD_NO_RETRY_ISSUED:
18061 		msgp = "giving up";
18062 		break;
18063 	case SD_IMMEDIATE_RETRY_ISSUED:
18064 	case SD_DELAYED_RETRY_ISSUED:
18065 		if (ddi_in_panic() || (un->un_state == SD_STATE_OFFLINE) ||
18066 		    ((pktp->pkt_reason == un->un_last_pkt_reason) &&
18067 		    (sd_error_level != SCSI_ERR_ALL))) {
18068 			return;
18069 		}
18070 		msgp = "retrying command";
18071 		break;
18072 	default:
18073 		goto update_pkt_reason;
18074 	}
18075 
18076 	reasonp = (((pktp->pkt_statistics & STAT_PERR) != 0) ? "parity error" :
18077 	    scsi_rname(pktp->pkt_reason));
18078 
18079 	scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18080 	    "SCSI transport failed: reason '%s': %s\n", reasonp, msgp);
18081 
18082 update_pkt_reason:
18083 	/*
18084 	 * Update un->un_last_pkt_reason with the value in pktp->pkt_reason.
18085 	 * This is to prevent multiple console messages for the same failure
18086 	 * condition.  Note that un->un_last_pkt_reason is NOT restored if &
18087 	 * when the command is retried successfully because there still may be
18088 	 * more commands coming back with the same value of pktp->pkt_reason.
18089 	 */
18090 	if ((pktp->pkt_reason != CMD_CMPLT) || (xp->xb_retry_count == 0)) {
18091 		un->un_last_pkt_reason = pktp->pkt_reason;
18092 	}
18093 }
18094 
18095 
18096 /*
18097  *    Function: sd_print_cmd_incomplete_msg
18098  *
18099  * Description: Message logging fn. for a SCSA "CMD_INCOMPLETE" pkt_reason.
18100  *
18101  *   Arguments: un - ptr to associated softstate
18102  *		bp - ptr to buf(9S) for the command
18103  *		arg - passed to sd_print_retry_msg()
18104  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
18105  *			or SD_NO_RETRY_ISSUED
18106  *
18107  *     Context: May be called from interrupt context
18108  */
18109 
18110 static void
18111 sd_print_cmd_incomplete_msg(struct sd_lun *un, struct buf *bp, void *arg,
18112 	int code)
18113 {
18114 	dev_info_t	*dip;
18115 
18116 	ASSERT(un != NULL);
18117 	ASSERT(mutex_owned(SD_MUTEX(un)));
18118 	ASSERT(bp != NULL);
18119 
18120 	switch (code) {
18121 	case SD_NO_RETRY_ISSUED:
18122 		/* Command was failed. Someone turned off this target? */
18123 		if (un->un_state != SD_STATE_OFFLINE) {
18124 			/*
18125 			 * Suppress message if we are detaching and
18126 			 * device has been disconnected
18127 			 * Note that DEVI_IS_DEVICE_REMOVED is a consolidation
18128 			 * private interface and not part of the DDI
18129 			 */
18130 			dip = un->un_sd->sd_dev;
18131 			if (!(DEVI_IS_DETACHING(dip) &&
18132 			    DEVI_IS_DEVICE_REMOVED(dip))) {
18133 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18134 				"disk not responding to selection\n");
18135 			}
18136 			New_state(un, SD_STATE_OFFLINE);
18137 		}
18138 		break;
18139 
18140 	case SD_DELAYED_RETRY_ISSUED:
18141 	case SD_IMMEDIATE_RETRY_ISSUED:
18142 	default:
18143 		/* Command was successfully queued for retry */
18144 		sd_print_retry_msg(un, bp, arg, code);
18145 		break;
18146 	}
18147 }
18148 
18149 
18150 /*
18151  *    Function: sd_pkt_reason_cmd_incomplete
18152  *
18153  * Description: Recovery actions for a SCSA "CMD_INCOMPLETE" pkt_reason.
18154  *
18155  *     Context: May be called from interrupt context
18156  */
18157 
18158 static void
18159 sd_pkt_reason_cmd_incomplete(struct sd_lun *un, struct buf *bp,
18160 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18161 {
18162 	int flag = SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE;
18163 
18164 	ASSERT(un != NULL);
18165 	ASSERT(mutex_owned(SD_MUTEX(un)));
18166 	ASSERT(bp != NULL);
18167 	ASSERT(xp != NULL);
18168 	ASSERT(pktp != NULL);
18169 
18170 	/* Do not do a reset if selection did not complete */
18171 	/* Note: Should this not just check the bit? */
18172 	if (pktp->pkt_state != STATE_GOT_BUS) {
18173 		SD_UPDATE_ERRSTATS(un, sd_transerrs);
18174 		sd_reset_target(un, pktp);
18175 	}
18176 
18177 	/*
18178 	 * If the target was not successfully selected, then set
18179 	 * SD_RETRIES_FAILFAST to indicate that we lost communication
18180 	 * with the target, and further retries and/or commands are
18181 	 * likely to take a long time.
18182 	 */
18183 	if ((pktp->pkt_state & STATE_GOT_TARGET) == 0) {
18184 		flag |= SD_RETRIES_FAILFAST;
18185 	}
18186 
18187 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18188 
18189 	sd_retry_command(un, bp, flag,
18190 	    sd_print_cmd_incomplete_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18191 }
18192 
18193 
18194 
18195 /*
18196  *    Function: sd_pkt_reason_cmd_tran_err
18197  *
18198  * Description: Recovery actions for a SCSA "CMD_TRAN_ERR" pkt_reason.
18199  *
18200  *     Context: May be called from interrupt context
18201  */
18202 
18203 static void
18204 sd_pkt_reason_cmd_tran_err(struct sd_lun *un, struct buf *bp,
18205 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18206 {
18207 	ASSERT(un != NULL);
18208 	ASSERT(mutex_owned(SD_MUTEX(un)));
18209 	ASSERT(bp != NULL);
18210 	ASSERT(xp != NULL);
18211 	ASSERT(pktp != NULL);
18212 
18213 	/*
18214 	 * Do not reset if we got a parity error, or if
18215 	 * selection did not complete.
18216 	 */
18217 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18218 	/* Note: Should this not just check the bit for pkt_state? */
18219 	if (((pktp->pkt_statistics & STAT_PERR) == 0) &&
18220 	    (pktp->pkt_state != STATE_GOT_BUS)) {
18221 		SD_UPDATE_ERRSTATS(un, sd_transerrs);
18222 		sd_reset_target(un, pktp);
18223 	}
18224 
18225 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18226 
18227 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18228 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18229 }
18230 
18231 
18232 
18233 /*
18234  *    Function: sd_pkt_reason_cmd_reset
18235  *
18236  * Description: Recovery actions for a SCSA "CMD_RESET" pkt_reason.
18237  *
18238  *     Context: May be called from interrupt context
18239  */
18240 
18241 static void
18242 sd_pkt_reason_cmd_reset(struct sd_lun *un, struct buf *bp,
18243 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18244 {
18245 	ASSERT(un != NULL);
18246 	ASSERT(mutex_owned(SD_MUTEX(un)));
18247 	ASSERT(bp != NULL);
18248 	ASSERT(xp != NULL);
18249 	ASSERT(pktp != NULL);
18250 
18251 	/* The target may still be running the command, so try to reset. */
18252 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18253 	sd_reset_target(un, pktp);
18254 
18255 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18256 
18257 	/*
18258 	 * If pkt_reason is CMD_RESET chances are that this pkt got
18259 	 * reset because another target on this bus caused it. The target
18260 	 * that caused it should get CMD_TIMEOUT with pkt_statistics
18261 	 * of STAT_TIMEOUT/STAT_DEV_RESET.
18262 	 */
18263 
18264 	sd_retry_command(un, bp, (SD_RETRIES_VICTIM | SD_RETRIES_ISOLATE),
18265 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18266 }
18267 
18268 
18269 
18270 
18271 /*
18272  *    Function: sd_pkt_reason_cmd_aborted
18273  *
18274  * Description: Recovery actions for a SCSA "CMD_ABORTED" pkt_reason.
18275  *
18276  *     Context: May be called from interrupt context
18277  */
18278 
18279 static void
18280 sd_pkt_reason_cmd_aborted(struct sd_lun *un, struct buf *bp,
18281 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18282 {
18283 	ASSERT(un != NULL);
18284 	ASSERT(mutex_owned(SD_MUTEX(un)));
18285 	ASSERT(bp != NULL);
18286 	ASSERT(xp != NULL);
18287 	ASSERT(pktp != NULL);
18288 
18289 	/* The target may still be running the command, so try to reset. */
18290 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18291 	sd_reset_target(un, pktp);
18292 
18293 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18294 
18295 	/*
18296 	 * If pkt_reason is CMD_ABORTED chances are that this pkt got
18297 	 * aborted because another target on this bus caused it. The target
18298 	 * that caused it should get CMD_TIMEOUT with pkt_statistics
18299 	 * of STAT_TIMEOUT/STAT_DEV_RESET.
18300 	 */
18301 
18302 	sd_retry_command(un, bp, (SD_RETRIES_VICTIM | SD_RETRIES_ISOLATE),
18303 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18304 }
18305 
18306 
18307 
18308 /*
18309  *    Function: sd_pkt_reason_cmd_timeout
18310  *
18311  * Description: Recovery actions for a SCSA "CMD_TIMEOUT" pkt_reason.
18312  *
18313  *     Context: May be called from interrupt context
18314  */
18315 
18316 static void
18317 sd_pkt_reason_cmd_timeout(struct sd_lun *un, struct buf *bp,
18318 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18319 {
18320 	ASSERT(un != NULL);
18321 	ASSERT(mutex_owned(SD_MUTEX(un)));
18322 	ASSERT(bp != NULL);
18323 	ASSERT(xp != NULL);
18324 	ASSERT(pktp != NULL);
18325 
18326 
18327 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18328 	sd_reset_target(un, pktp);
18329 
18330 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18331 
18332 	/*
18333 	 * A command timeout indicates that we could not establish
18334 	 * communication with the target, so set SD_RETRIES_FAILFAST
18335 	 * as further retries/commands are likely to take a long time.
18336 	 */
18337 	sd_retry_command(un, bp,
18338 	    (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE | SD_RETRIES_FAILFAST),
18339 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18340 }
18341 
18342 
18343 
18344 /*
18345  *    Function: sd_pkt_reason_cmd_unx_bus_free
18346  *
18347  * Description: Recovery actions for a SCSA "CMD_UNX_BUS_FREE" pkt_reason.
18348  *
18349  *     Context: May be called from interrupt context
18350  */
18351 
18352 static void
18353 sd_pkt_reason_cmd_unx_bus_free(struct sd_lun *un, struct buf *bp,
18354 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18355 {
18356 	void (*funcp)(struct sd_lun *un, struct buf *bp, void *arg, int code);
18357 
18358 	ASSERT(un != NULL);
18359 	ASSERT(mutex_owned(SD_MUTEX(un)));
18360 	ASSERT(bp != NULL);
18361 	ASSERT(xp != NULL);
18362 	ASSERT(pktp != NULL);
18363 
18364 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18365 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18366 
18367 	funcp = ((pktp->pkt_statistics & STAT_PERR) == 0) ?
18368 	    sd_print_retry_msg : NULL;
18369 
18370 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18371 	    funcp, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18372 }
18373 
18374 
18375 /*
18376  *    Function: sd_pkt_reason_cmd_tag_reject
18377  *
18378  * Description: Recovery actions for a SCSA "CMD_TAG_REJECT" pkt_reason.
18379  *
18380  *     Context: May be called from interrupt context
18381  */
18382 
18383 static void
18384 sd_pkt_reason_cmd_tag_reject(struct sd_lun *un, struct buf *bp,
18385 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18386 {
18387 	ASSERT(un != NULL);
18388 	ASSERT(mutex_owned(SD_MUTEX(un)));
18389 	ASSERT(bp != NULL);
18390 	ASSERT(xp != NULL);
18391 	ASSERT(pktp != NULL);
18392 
18393 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18394 	pktp->pkt_flags = 0;
18395 	un->un_tagflags = 0;
18396 	if (un->un_f_opt_queueing == TRUE) {
18397 		un->un_throttle = min(un->un_throttle, 3);
18398 	} else {
18399 		un->un_throttle = 1;
18400 	}
18401 	mutex_exit(SD_MUTEX(un));
18402 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
18403 	mutex_enter(SD_MUTEX(un));
18404 
18405 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18406 
18407 	/* Legacy behavior not to check retry counts here. */
18408 	sd_retry_command(un, bp, (SD_RETRIES_NOCHECK | SD_RETRIES_ISOLATE),
18409 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18410 }
18411 
18412 
18413 /*
18414  *    Function: sd_pkt_reason_default
18415  *
18416  * Description: Default recovery actions for SCSA pkt_reason values that
18417  *		do not have more explicit recovery actions.
18418  *
18419  *     Context: May be called from interrupt context
18420  */
18421 
18422 static void
18423 sd_pkt_reason_default(struct sd_lun *un, struct buf *bp,
18424 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18425 {
18426 	ASSERT(un != NULL);
18427 	ASSERT(mutex_owned(SD_MUTEX(un)));
18428 	ASSERT(bp != NULL);
18429 	ASSERT(xp != NULL);
18430 	ASSERT(pktp != NULL);
18431 
18432 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18433 	sd_reset_target(un, pktp);
18434 
18435 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18436 
18437 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18438 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18439 }
18440 
18441 
18442 
18443 /*
18444  *    Function: sd_pkt_status_check_condition
18445  *
18446  * Description: Recovery actions for a "STATUS_CHECK" SCSI command status.
18447  *
18448  *     Context: May be called from interrupt context
18449  */
18450 
18451 static void
18452 sd_pkt_status_check_condition(struct sd_lun *un, struct buf *bp,
18453 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18454 {
18455 	ASSERT(un != NULL);
18456 	ASSERT(mutex_owned(SD_MUTEX(un)));
18457 	ASSERT(bp != NULL);
18458 	ASSERT(xp != NULL);
18459 	ASSERT(pktp != NULL);
18460 
18461 	SD_TRACE(SD_LOG_IO, un, "sd_pkt_status_check_condition: "
18462 	    "entry: buf:0x%p xp:0x%p\n", bp, xp);
18463 
18464 	/*
18465 	 * If ARQ is NOT enabled, then issue a REQUEST SENSE command (the
18466 	 * command will be retried after the request sense). Otherwise, retry
18467 	 * the command. Note: we are issuing the request sense even though the
18468 	 * retry limit may have been reached for the failed command.
18469 	 */
18470 	if (un->un_f_arq_enabled == FALSE) {
18471 		SD_INFO(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: "
18472 		    "no ARQ, sending request sense command\n");
18473 		sd_send_request_sense_command(un, bp, pktp);
18474 	} else {
18475 		SD_INFO(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: "
18476 		    "ARQ,retrying request sense command\n");
18477 #if defined(__i386) || defined(__amd64)
18478 		/*
18479 		 * The SD_RETRY_DELAY value need to be adjusted here
18480 		 * when SD_RETRY_DELAY change in sddef.h
18481 		 */
18482 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL, 0,
18483 			un->un_f_is_fibre?drv_usectohz(100000):(clock_t)0,
18484 			NULL);
18485 #else
18486 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL,
18487 		    0, SD_RETRY_DELAY, NULL);
18488 #endif
18489 	}
18490 
18491 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: exit\n");
18492 }
18493 
18494 
18495 /*
18496  *    Function: sd_pkt_status_busy
18497  *
18498  * Description: Recovery actions for a "STATUS_BUSY" SCSI command status.
18499  *
18500  *     Context: May be called from interrupt context
18501  */
18502 
18503 static void
18504 sd_pkt_status_busy(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
18505 	struct scsi_pkt *pktp)
18506 {
18507 	ASSERT(un != NULL);
18508 	ASSERT(mutex_owned(SD_MUTEX(un)));
18509 	ASSERT(bp != NULL);
18510 	ASSERT(xp != NULL);
18511 	ASSERT(pktp != NULL);
18512 
18513 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18514 	    "sd_pkt_status_busy: entry\n");
18515 
18516 	/* If retries are exhausted, just fail the command. */
18517 	if (xp->xb_retry_count >= un->un_busy_retry_count) {
18518 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18519 		    "device busy too long\n");
18520 		sd_return_failed_command(un, bp, EIO);
18521 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18522 		    "sd_pkt_status_busy: exit\n");
18523 		return;
18524 	}
18525 	xp->xb_retry_count++;
18526 
18527 	/*
18528 	 * Try to reset the target. However, we do not want to perform
18529 	 * more than one reset if the device continues to fail. The reset
18530 	 * will be performed when the retry count reaches the reset
18531 	 * threshold.  This threshold should be set such that at least
18532 	 * one retry is issued before the reset is performed.
18533 	 */
18534 	if (xp->xb_retry_count ==
18535 	    ((un->un_reset_retry_count < 2) ? 2 : un->un_reset_retry_count)) {
18536 		int rval = 0;
18537 		mutex_exit(SD_MUTEX(un));
18538 		if (un->un_f_allow_bus_device_reset == TRUE) {
18539 			/*
18540 			 * First try to reset the LUN; if we cannot then
18541 			 * try to reset the target.
18542 			 */
18543 			if (un->un_f_lun_reset_enabled == TRUE) {
18544 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18545 				    "sd_pkt_status_busy: RESET_LUN\n");
18546 				rval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
18547 			}
18548 			if (rval == 0) {
18549 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18550 				    "sd_pkt_status_busy: RESET_TARGET\n");
18551 				rval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
18552 			}
18553 		}
18554 		if (rval == 0) {
18555 			/*
18556 			 * If the RESET_LUN and/or RESET_TARGET failed,
18557 			 * try RESET_ALL
18558 			 */
18559 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18560 			    "sd_pkt_status_busy: RESET_ALL\n");
18561 			rval = scsi_reset(SD_ADDRESS(un), RESET_ALL);
18562 		}
18563 		mutex_enter(SD_MUTEX(un));
18564 		if (rval == 0) {
18565 			/*
18566 			 * The RESET_LUN, RESET_TARGET, and/or RESET_ALL failed.
18567 			 * At this point we give up & fail the command.
18568 			 */
18569 			sd_return_failed_command(un, bp, EIO);
18570 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18571 			    "sd_pkt_status_busy: exit (failed cmd)\n");
18572 			return;
18573 		}
18574 	}
18575 
18576 	/*
18577 	 * Retry the command. Be sure to specify SD_RETRIES_NOCHECK as
18578 	 * we have already checked the retry counts above.
18579 	 */
18580 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, NULL, NULL,
18581 	    EIO, SD_BSY_TIMEOUT, NULL);
18582 
18583 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18584 	    "sd_pkt_status_busy: exit\n");
18585 }
18586 
18587 
18588 /*
18589  *    Function: sd_pkt_status_reservation_conflict
18590  *
18591  * Description: Recovery actions for a "STATUS_RESERVATION_CONFLICT" SCSI
18592  *		command status.
18593  *
18594  *     Context: May be called from interrupt context
18595  */
18596 
18597 static void
18598 sd_pkt_status_reservation_conflict(struct sd_lun *un, struct buf *bp,
18599 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18600 {
18601 	ASSERT(un != NULL);
18602 	ASSERT(mutex_owned(SD_MUTEX(un)));
18603 	ASSERT(bp != NULL);
18604 	ASSERT(xp != NULL);
18605 	ASSERT(pktp != NULL);
18606 
18607 	/*
18608 	 * If the command was PERSISTENT_RESERVATION_[IN|OUT] then reservation
18609 	 * conflict could be due to various reasons like incorrect keys, not
18610 	 * registered or not reserved etc. So, we return EACCES to the caller.
18611 	 */
18612 	if (un->un_reservation_type == SD_SCSI3_RESERVATION) {
18613 		int cmd = SD_GET_PKT_OPCODE(pktp);
18614 		if ((cmd == SCMD_PERSISTENT_RESERVE_IN) ||
18615 		    (cmd == SCMD_PERSISTENT_RESERVE_OUT)) {
18616 			sd_return_failed_command(un, bp, EACCES);
18617 			return;
18618 		}
18619 	}
18620 
18621 	un->un_resvd_status |= SD_RESERVATION_CONFLICT;
18622 
18623 	if ((un->un_resvd_status & SD_FAILFAST) != 0) {
18624 		if (sd_failfast_enable != 0) {
18625 			/* By definition, we must panic here.... */
18626 			panic("Reservation Conflict");
18627 			/*NOTREACHED*/
18628 		}
18629 		SD_ERROR(SD_LOG_IO, un,
18630 		    "sd_handle_resv_conflict: Disk Reserved\n");
18631 		sd_return_failed_command(un, bp, EACCES);
18632 		return;
18633 	}
18634 
18635 	/*
18636 	 * 1147670: retry only if sd_retry_on_reservation_conflict
18637 	 * property is set (default is 1). Retries will not succeed
18638 	 * on a disk reserved by another initiator. HA systems
18639 	 * may reset this via sd.conf to avoid these retries.
18640 	 *
18641 	 * Note: The legacy return code for this failure is EIO, however EACCES
18642 	 * seems more appropriate for a reservation conflict.
18643 	 */
18644 	if (sd_retry_on_reservation_conflict == 0) {
18645 		SD_ERROR(SD_LOG_IO, un,
18646 		    "sd_handle_resv_conflict: Device Reserved\n");
18647 		sd_return_failed_command(un, bp, EIO);
18648 		return;
18649 	}
18650 
18651 	/*
18652 	 * Retry the command if we can.
18653 	 *
18654 	 * Note: The legacy return code for this failure is EIO, however EACCES
18655 	 * seems more appropriate for a reservation conflict.
18656 	 */
18657 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL, EIO,
18658 	    (clock_t)2, NULL);
18659 }
18660 
18661 
18662 
18663 /*
18664  *    Function: sd_pkt_status_qfull
18665  *
18666  * Description: Handle a QUEUE FULL condition from the target.  This can
18667  *		occur if the HBA does not handle the queue full condition.
18668  *		(Basically this means third-party HBAs as Sun HBAs will
18669  *		handle the queue full condition.)  Note that if there are
18670  *		some commands already in the transport, then the queue full
18671  *		has occurred because the queue for this nexus is actually
18672  *		full. If there are no commands in the transport, then the
18673  *		queue full is resulting from some other initiator or lun
18674  *		consuming all the resources at the target.
18675  *
18676  *     Context: May be called from interrupt context
18677  */
18678 
18679 static void
18680 sd_pkt_status_qfull(struct sd_lun *un, struct buf *bp,
18681 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18682 {
18683 	ASSERT(un != NULL);
18684 	ASSERT(mutex_owned(SD_MUTEX(un)));
18685 	ASSERT(bp != NULL);
18686 	ASSERT(xp != NULL);
18687 	ASSERT(pktp != NULL);
18688 
18689 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18690 	    "sd_pkt_status_qfull: entry\n");
18691 
18692 	/*
18693 	 * Just lower the QFULL throttle and retry the command.  Note that
18694 	 * we do not limit the number of retries here.
18695 	 */
18696 	sd_reduce_throttle(un, SD_THROTTLE_QFULL);
18697 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, NULL, NULL, 0,
18698 	    SD_RESTART_TIMEOUT, NULL);
18699 
18700 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18701 	    "sd_pkt_status_qfull: exit\n");
18702 }
18703 
18704 
18705 /*
18706  *    Function: sd_reset_target
18707  *
18708  * Description: Issue a scsi_reset(9F), with either RESET_LUN,
18709  *		RESET_TARGET, or RESET_ALL.
18710  *
18711  *     Context: May be called under interrupt context.
18712  */
18713 
18714 static void
18715 sd_reset_target(struct sd_lun *un, struct scsi_pkt *pktp)
18716 {
18717 	int rval = 0;
18718 
18719 	ASSERT(un != NULL);
18720 	ASSERT(mutex_owned(SD_MUTEX(un)));
18721 	ASSERT(pktp != NULL);
18722 
18723 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reset_target: entry\n");
18724 
18725 	/*
18726 	 * No need to reset if the transport layer has already done so.
18727 	 */
18728 	if ((pktp->pkt_statistics &
18729 	    (STAT_BUS_RESET | STAT_DEV_RESET | STAT_ABORTED)) != 0) {
18730 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18731 		    "sd_reset_target: no reset\n");
18732 		return;
18733 	}
18734 
18735 	mutex_exit(SD_MUTEX(un));
18736 
18737 	if (un->un_f_allow_bus_device_reset == TRUE) {
18738 		if (un->un_f_lun_reset_enabled == TRUE) {
18739 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18740 			    "sd_reset_target: RESET_LUN\n");
18741 			rval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
18742 		}
18743 		if (rval == 0) {
18744 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18745 			    "sd_reset_target: RESET_TARGET\n");
18746 			rval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
18747 		}
18748 	}
18749 
18750 	if (rval == 0) {
18751 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18752 		    "sd_reset_target: RESET_ALL\n");
18753 		(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
18754 	}
18755 
18756 	mutex_enter(SD_MUTEX(un));
18757 
18758 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reset_target: exit\n");
18759 }
18760 
18761 
18762 /*
18763  *    Function: sd_media_change_task
18764  *
18765  * Description: Recovery action for CDROM to become available.
18766  *
18767  *     Context: Executes in a taskq() thread context
18768  */
18769 
18770 static void
18771 sd_media_change_task(void *arg)
18772 {
18773 	struct	scsi_pkt	*pktp = arg;
18774 	struct	sd_lun		*un;
18775 	struct	buf		*bp;
18776 	struct	sd_xbuf		*xp;
18777 	int	err		= 0;
18778 	int	retry_count	= 0;
18779 	int	retry_limit	= SD_UNIT_ATTENTION_RETRY/10;
18780 	struct	sd_sense_info	si;
18781 
18782 	ASSERT(pktp != NULL);
18783 	bp = (struct buf *)pktp->pkt_private;
18784 	ASSERT(bp != NULL);
18785 	xp = SD_GET_XBUF(bp);
18786 	ASSERT(xp != NULL);
18787 	un = SD_GET_UN(bp);
18788 	ASSERT(un != NULL);
18789 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18790 	ASSERT(ISREMOVABLE(un));
18791 
18792 	si.ssi_severity = SCSI_ERR_INFO;
18793 	si.ssi_pfa_flag = FALSE;
18794 
18795 	/*
18796 	 * When a reset is issued on a CDROM, it takes a long time to
18797 	 * recover. First few attempts to read capacity and other things
18798 	 * related to handling unit attention fail (with a ASC 0x4 and
18799 	 * ASCQ 0x1). In that case we want to do enough retries and we want
18800 	 * to limit the retries in other cases of genuine failures like
18801 	 * no media in drive.
18802 	 */
18803 	while (retry_count++ < retry_limit) {
18804 		if ((err = sd_handle_mchange(un)) == 0) {
18805 			break;
18806 		}
18807 		if (err == EAGAIN) {
18808 			retry_limit = SD_UNIT_ATTENTION_RETRY;
18809 		}
18810 		/* Sleep for 0.5 sec. & try again */
18811 		delay(drv_usectohz(500000));
18812 	}
18813 
18814 	/*
18815 	 * Dispatch (retry or fail) the original command here,
18816 	 * along with appropriate console messages....
18817 	 *
18818 	 * Must grab the mutex before calling sd_retry_command,
18819 	 * sd_print_sense_msg and sd_return_failed_command.
18820 	 */
18821 	mutex_enter(SD_MUTEX(un));
18822 	if (err != SD_CMD_SUCCESS) {
18823 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
18824 		SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
18825 		si.ssi_severity = SCSI_ERR_FATAL;
18826 		sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
18827 		sd_return_failed_command(un, bp, EIO);
18828 	} else {
18829 		sd_retry_command(un, bp, SD_RETRIES_NOCHECK, sd_print_sense_msg,
18830 		    &si, EIO, (clock_t)0, NULL);
18831 	}
18832 	mutex_exit(SD_MUTEX(un));
18833 }
18834 
18835 
18836 
18837 /*
18838  *    Function: sd_handle_mchange
18839  *
18840  * Description: Perform geometry validation & other recovery when CDROM
18841  *		has been removed from drive.
18842  *
18843  * Return Code: 0 for success
18844  *		errno-type return code of either sd_send_scsi_DOORLOCK() or
18845  *		sd_send_scsi_READ_CAPACITY()
18846  *
18847  *     Context: Executes in a taskq() thread context
18848  */
18849 
18850 static int
18851 sd_handle_mchange(struct sd_lun *un)
18852 {
18853 	uint64_t	capacity;
18854 	uint32_t	lbasize;
18855 	int		rval;
18856 
18857 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18858 	ASSERT(ISREMOVABLE(un));
18859 
18860 	if ((rval = sd_send_scsi_READ_CAPACITY(un, &capacity, &lbasize,
18861 	    SD_PATH_DIRECT_PRIORITY)) != 0) {
18862 		return (rval);
18863 	}
18864 
18865 	mutex_enter(SD_MUTEX(un));
18866 	sd_update_block_info(un, lbasize, capacity);
18867 
18868 	if (un->un_errstats != NULL) {
18869 		struct	sd_errstats *stp =
18870 		    (struct sd_errstats *)un->un_errstats->ks_data;
18871 		stp->sd_capacity.value.ui64 = (uint64_t)
18872 		    ((uint64_t)un->un_blockcount *
18873 		    (uint64_t)un->un_tgt_blocksize);
18874 	}
18875 
18876 	/*
18877 	 * Note: Maybe let the strategy/partitioning chain worry about getting
18878 	 * valid geometry.
18879 	 */
18880 	un->un_f_geometry_is_valid = FALSE;
18881 	(void) sd_validate_geometry(un, SD_PATH_DIRECT_PRIORITY);
18882 	if (un->un_f_geometry_is_valid == FALSE) {
18883 		mutex_exit(SD_MUTEX(un));
18884 		return (EIO);
18885 	}
18886 
18887 	mutex_exit(SD_MUTEX(un));
18888 
18889 	/*
18890 	 * Try to lock the door
18891 	 */
18892 	return (sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
18893 	    SD_PATH_DIRECT_PRIORITY));
18894 }
18895 
18896 
18897 /*
18898  *    Function: sd_send_scsi_DOORLOCK
18899  *
18900  * Description: Issue the scsi DOOR LOCK command
18901  *
18902  *   Arguments: un    - pointer to driver soft state (unit) structure for
18903  *			this target.
18904  *		flag  - SD_REMOVAL_ALLOW
18905  *			SD_REMOVAL_PREVENT
18906  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
18907  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
18908  *			to use the USCSI "direct" chain and bypass the normal
18909  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
18910  *			command is issued as part of an error recovery action.
18911  *
18912  * Return Code: 0   - Success
18913  *		errno return code from sd_send_scsi_cmd()
18914  *
18915  *     Context: Can sleep.
18916  */
18917 
18918 static int
18919 sd_send_scsi_DOORLOCK(struct sd_lun *un, int flag, int path_flag)
18920 {
18921 	union scsi_cdb		cdb;
18922 	struct uscsi_cmd	ucmd_buf;
18923 	struct scsi_extended_sense	sense_buf;
18924 	int			status;
18925 
18926 	ASSERT(un != NULL);
18927 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18928 
18929 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_DOORLOCK: entry: un:0x%p\n", un);
18930 
18931 	/* already determined doorlock is not supported, fake success */
18932 	if (un->un_f_doorlock_supported == FALSE) {
18933 		return (0);
18934 	}
18935 
18936 	bzero(&cdb, sizeof (cdb));
18937 	bzero(&ucmd_buf, sizeof (ucmd_buf));
18938 
18939 	cdb.scc_cmd = SCMD_DOORLOCK;
18940 	cdb.cdb_opaque[4] = (uchar_t)flag;
18941 
18942 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
18943 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
18944 	ucmd_buf.uscsi_bufaddr	= NULL;
18945 	ucmd_buf.uscsi_buflen	= 0;
18946 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
18947 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
18948 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
18949 	ucmd_buf.uscsi_timeout	= 15;
18950 
18951 	SD_TRACE(SD_LOG_IO, un,
18952 	    "sd_send_scsi_DOORLOCK: returning sd_send_scsi_cmd()\n");
18953 
18954 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
18955 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
18956 
18957 	if ((status == EIO) && (ucmd_buf.uscsi_status == STATUS_CHECK) &&
18958 	    (ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
18959 	    (sense_buf.es_key == KEY_ILLEGAL_REQUEST)) {
18960 		/* fake success and skip subsequent doorlock commands */
18961 		un->un_f_doorlock_supported = FALSE;
18962 		return (0);
18963 	}
18964 
18965 	return (status);
18966 }
18967 
18968 
18969 /*
18970  *    Function: sd_send_scsi_READ_CAPACITY
18971  *
18972  * Description: This routine uses the scsi READ CAPACITY command to determine
18973  *		the device capacity in number of blocks and the device native
18974  *		block size. If this function returns a failure, then the
18975  *		values in *capp and *lbap are undefined.  If the capacity
18976  *		returned is 0xffffffff then the lun is too large for a
18977  *		normal READ CAPACITY command and the results of a
18978  *		READ CAPACITY 16 will be used instead.
18979  *
18980  *   Arguments: un   - ptr to soft state struct for the target
18981  *		capp - ptr to unsigned 64-bit variable to receive the
18982  *			capacity value from the command.
18983  *		lbap - ptr to unsigned 32-bit varaible to receive the
18984  *			block size value from the command
18985  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
18986  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
18987  *			to use the USCSI "direct" chain and bypass the normal
18988  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
18989  *			command is issued as part of an error recovery action.
18990  *
18991  * Return Code: 0   - Success
18992  *		EIO - IO error
18993  *		EACCES - Reservation conflict detected
18994  *		EAGAIN - Device is becoming ready
18995  *		errno return code from sd_send_scsi_cmd()
18996  *
18997  *     Context: Can sleep.  Blocks until command completes.
18998  */
18999 
19000 #define	SD_CAPACITY_SIZE	sizeof (struct scsi_capacity)
19001 
19002 static int
19003 sd_send_scsi_READ_CAPACITY(struct sd_lun *un, uint64_t *capp, uint32_t *lbap,
19004 	int path_flag)
19005 {
19006 	struct	scsi_extended_sense	sense_buf;
19007 	struct	uscsi_cmd	ucmd_buf;
19008 	union	scsi_cdb	cdb;
19009 	uint32_t		*capacity_buf;
19010 	uint64_t		capacity;
19011 	uint32_t		lbasize;
19012 	int			status;
19013 
19014 	ASSERT(un != NULL);
19015 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19016 	ASSERT(capp != NULL);
19017 	ASSERT(lbap != NULL);
19018 
19019 	SD_TRACE(SD_LOG_IO, un,
19020 	    "sd_send_scsi_READ_CAPACITY: entry: un:0x%p\n", un);
19021 
19022 	/*
19023 	 * First send a READ_CAPACITY command to the target.
19024 	 * (This command is mandatory under SCSI-2.)
19025 	 *
19026 	 * Set up the CDB for the READ_CAPACITY command.  The Partial
19027 	 * Medium Indicator bit is cleared.  The address field must be
19028 	 * zero if the PMI bit is zero.
19029 	 */
19030 	bzero(&cdb, sizeof (cdb));
19031 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19032 
19033 	capacity_buf = kmem_zalloc(SD_CAPACITY_SIZE, KM_SLEEP);
19034 
19035 	cdb.scc_cmd = SCMD_READ_CAPACITY;
19036 
19037 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19038 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19039 	ucmd_buf.uscsi_bufaddr	= (caddr_t)capacity_buf;
19040 	ucmd_buf.uscsi_buflen	= SD_CAPACITY_SIZE;
19041 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19042 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
19043 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19044 	ucmd_buf.uscsi_timeout	= 60;
19045 
19046 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19047 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19048 
19049 	switch (status) {
19050 	case 0:
19051 		/* Return failure if we did not get valid capacity data. */
19052 		if (ucmd_buf.uscsi_resid != 0) {
19053 			kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19054 			return (EIO);
19055 		}
19056 
19057 		/*
19058 		 * Read capacity and block size from the READ CAPACITY 10 data.
19059 		 * This data may be adjusted later due to device specific
19060 		 * issues.
19061 		 *
19062 		 * According to the SCSI spec, the READ CAPACITY 10
19063 		 * command returns the following:
19064 		 *
19065 		 *  bytes 0-3: Maximum logical block address available.
19066 		 *		(MSB in byte:0 & LSB in byte:3)
19067 		 *
19068 		 *  bytes 4-7: Block length in bytes
19069 		 *		(MSB in byte:4 & LSB in byte:7)
19070 		 *
19071 		 */
19072 		capacity = BE_32(capacity_buf[0]);
19073 		lbasize = BE_32(capacity_buf[1]);
19074 
19075 		/*
19076 		 * Done with capacity_buf
19077 		 */
19078 		kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19079 
19080 		/*
19081 		 * if the reported capacity is set to all 0xf's, then
19082 		 * this disk is too large and requires SBC-2 commands.
19083 		 * Reissue the request using READ CAPACITY 16.
19084 		 */
19085 		if (capacity == 0xffffffff) {
19086 			status = sd_send_scsi_READ_CAPACITY_16(un, &capacity,
19087 			    &lbasize, path_flag);
19088 			if (status != 0) {
19089 				return (status);
19090 			}
19091 		}
19092 		break;	/* Success! */
19093 	case EIO:
19094 		switch (ucmd_buf.uscsi_status) {
19095 		case STATUS_RESERVATION_CONFLICT:
19096 			status = EACCES;
19097 			break;
19098 		case STATUS_CHECK:
19099 			/*
19100 			 * Check condition; look for ASC/ASCQ of 0x04/0x01
19101 			 * (LOGICAL UNIT IS IN PROCESS OF BECOMING READY)
19102 			 */
19103 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19104 			    (sense_buf.es_add_code  == 0x04) &&
19105 			    (sense_buf.es_qual_code == 0x01)) {
19106 				kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19107 				return (EAGAIN);
19108 			}
19109 			break;
19110 		default:
19111 			break;
19112 		}
19113 		/* FALLTHRU */
19114 	default:
19115 		kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19116 		return (status);
19117 	}
19118 
19119 	/*
19120 	 * Some ATAPI CD-ROM drives report inaccurate LBA size values
19121 	 * (2352 and 0 are common) so for these devices always force the value
19122 	 * to 2048 as required by the ATAPI specs.
19123 	 */
19124 	if ((un->un_f_cfg_is_atapi == TRUE) && (ISCD(un))) {
19125 		lbasize = 2048;
19126 	}
19127 
19128 	/*
19129 	 * Get the maximum LBA value from the READ CAPACITY data.
19130 	 * Here we assume that the Partial Medium Indicator (PMI) bit
19131 	 * was cleared when issuing the command. This means that the LBA
19132 	 * returned from the device is the LBA of the last logical block
19133 	 * on the logical unit.  The actual logical block count will be
19134 	 * this value plus one.
19135 	 *
19136 	 * Currently the capacity is saved in terms of un->un_sys_blocksize,
19137 	 * so scale the capacity value to reflect this.
19138 	 */
19139 	capacity = (capacity + 1) * (lbasize / un->un_sys_blocksize);
19140 
19141 #if defined(__i386) || defined(__amd64)
19142 	/*
19143 	 * On x86, compensate for off-by-1 error (number of sectors on
19144 	 * media)  (1175930)
19145 	 */
19146 	if (!ISREMOVABLE(un) && (lbasize == un->un_sys_blocksize)) {
19147 		capacity -= 1;
19148 	}
19149 #endif
19150 
19151 	/*
19152 	 * Copy the values from the READ CAPACITY command into the space
19153 	 * provided by the caller.
19154 	 */
19155 	*capp = capacity;
19156 	*lbap = lbasize;
19157 
19158 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_READ_CAPACITY: "
19159 	    "capacity:0x%llx  lbasize:0x%x\n", capacity, lbasize);
19160 
19161 	/*
19162 	 * Both the lbasize and capacity from the device must be nonzero,
19163 	 * otherwise we assume that the values are not valid and return
19164 	 * failure to the caller. (4203735)
19165 	 */
19166 	if ((capacity == 0) || (lbasize == 0)) {
19167 		return (EIO);
19168 	}
19169 
19170 	return (0);
19171 }
19172 
19173 /*
19174  *    Function: sd_send_scsi_READ_CAPACITY_16
19175  *
19176  * Description: This routine uses the scsi READ CAPACITY 16 command to
19177  *		determine the device capacity in number of blocks and the
19178  *		device native block size.  If this function returns a failure,
19179  *		then the values in *capp and *lbap are undefined.
19180  *		This routine should always be called by
19181  *		sd_send_scsi_READ_CAPACITY which will appy any device
19182  *		specific adjustments to capacity and lbasize.
19183  *
19184  *   Arguments: un   - ptr to soft state struct for the target
19185  *		capp - ptr to unsigned 64-bit variable to receive the
19186  *			capacity value from the command.
19187  *		lbap - ptr to unsigned 32-bit varaible to receive the
19188  *			block size value from the command
19189  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
19190  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
19191  *			to use the USCSI "direct" chain and bypass the normal
19192  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when
19193  *			this command is issued as part of an error recovery
19194  *			action.
19195  *
19196  * Return Code: 0   - Success
19197  *		EIO - IO error
19198  *		EACCES - Reservation conflict detected
19199  *		EAGAIN - Device is becoming ready
19200  *		errno return code from sd_send_scsi_cmd()
19201  *
19202  *     Context: Can sleep.  Blocks until command completes.
19203  */
19204 
19205 #define	SD_CAPACITY_16_SIZE	sizeof (struct scsi_capacity_16)
19206 
19207 static int
19208 sd_send_scsi_READ_CAPACITY_16(struct sd_lun *un, uint64_t *capp,
19209 	uint32_t *lbap, int path_flag)
19210 {
19211 	struct	scsi_extended_sense	sense_buf;
19212 	struct	uscsi_cmd	ucmd_buf;
19213 	union	scsi_cdb	cdb;
19214 	uint64_t		*capacity16_buf;
19215 	uint64_t		capacity;
19216 	uint32_t		lbasize;
19217 	int			status;
19218 
19219 	ASSERT(un != NULL);
19220 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19221 	ASSERT(capp != NULL);
19222 	ASSERT(lbap != NULL);
19223 
19224 	SD_TRACE(SD_LOG_IO, un,
19225 	    "sd_send_scsi_READ_CAPACITY: entry: un:0x%p\n", un);
19226 
19227 	/*
19228 	 * First send a READ_CAPACITY_16 command to the target.
19229 	 *
19230 	 * Set up the CDB for the READ_CAPACITY_16 command.  The Partial
19231 	 * Medium Indicator bit is cleared.  The address field must be
19232 	 * zero if the PMI bit is zero.
19233 	 */
19234 	bzero(&cdb, sizeof (cdb));
19235 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19236 
19237 	capacity16_buf = kmem_zalloc(SD_CAPACITY_16_SIZE, KM_SLEEP);
19238 
19239 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19240 	ucmd_buf.uscsi_cdblen	= CDB_GROUP4;
19241 	ucmd_buf.uscsi_bufaddr	= (caddr_t)capacity16_buf;
19242 	ucmd_buf.uscsi_buflen	= SD_CAPACITY_16_SIZE;
19243 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19244 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
19245 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19246 	ucmd_buf.uscsi_timeout	= 60;
19247 
19248 	/*
19249 	 * Read Capacity (16) is a Service Action In command.  One
19250 	 * command byte (0x9E) is overloaded for multiple operations,
19251 	 * with the second CDB byte specifying the desired operation
19252 	 */
19253 	cdb.scc_cmd = SCMD_SVC_ACTION_IN_G4;
19254 	cdb.cdb_opaque[1] = SSVC_ACTION_READ_CAPACITY_G4;
19255 
19256 	/*
19257 	 * Fill in allocation length field
19258 	 */
19259 	FORMG4COUNT(&cdb, ucmd_buf.uscsi_buflen);
19260 
19261 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19262 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19263 
19264 	switch (status) {
19265 	case 0:
19266 		/* Return failure if we did not get valid capacity data. */
19267 		if (ucmd_buf.uscsi_resid > 20) {
19268 			kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19269 			return (EIO);
19270 		}
19271 
19272 		/*
19273 		 * Read capacity and block size from the READ CAPACITY 10 data.
19274 		 * This data may be adjusted later due to device specific
19275 		 * issues.
19276 		 *
19277 		 * According to the SCSI spec, the READ CAPACITY 10
19278 		 * command returns the following:
19279 		 *
19280 		 *  bytes 0-7: Maximum logical block address available.
19281 		 *		(MSB in byte:0 & LSB in byte:7)
19282 		 *
19283 		 *  bytes 8-11: Block length in bytes
19284 		 *		(MSB in byte:8 & LSB in byte:11)
19285 		 *
19286 		 */
19287 		capacity = BE_64(capacity16_buf[0]);
19288 		lbasize = BE_32(*(uint32_t *)&capacity16_buf[1]);
19289 
19290 		/*
19291 		 * Done with capacity16_buf
19292 		 */
19293 		kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19294 
19295 		/*
19296 		 * if the reported capacity is set to all 0xf's, then
19297 		 * this disk is too large.  This could only happen with
19298 		 * a device that supports LBAs larger than 64 bits which
19299 		 * are not defined by any current T10 standards.
19300 		 */
19301 		if (capacity == 0xffffffffffffffff) {
19302 			return (EIO);
19303 		}
19304 		break;	/* Success! */
19305 	case EIO:
19306 		switch (ucmd_buf.uscsi_status) {
19307 		case STATUS_RESERVATION_CONFLICT:
19308 			status = EACCES;
19309 			break;
19310 		case STATUS_CHECK:
19311 			/*
19312 			 * Check condition; look for ASC/ASCQ of 0x04/0x01
19313 			 * (LOGICAL UNIT IS IN PROCESS OF BECOMING READY)
19314 			 */
19315 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19316 			    (sense_buf.es_add_code  == 0x04) &&
19317 			    (sense_buf.es_qual_code == 0x01)) {
19318 				kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19319 				return (EAGAIN);
19320 			}
19321 			break;
19322 		default:
19323 			break;
19324 		}
19325 		/* FALLTHRU */
19326 	default:
19327 		kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19328 		return (status);
19329 	}
19330 
19331 	*capp = capacity;
19332 	*lbap = lbasize;
19333 
19334 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_READ_CAPACITY_16: "
19335 	    "capacity:0x%llx  lbasize:0x%x\n", capacity, lbasize);
19336 
19337 	return (0);
19338 }
19339 
19340 
19341 /*
19342  *    Function: sd_send_scsi_START_STOP_UNIT
19343  *
19344  * Description: Issue a scsi START STOP UNIT command to the target.
19345  *
19346  *   Arguments: un    - pointer to driver soft state (unit) structure for
19347  *			this target.
19348  *		flag  - SD_TARGET_START
19349  *			SD_TARGET_STOP
19350  *			SD_TARGET_EJECT
19351  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
19352  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
19353  *			to use the USCSI "direct" chain and bypass the normal
19354  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
19355  *			command is issued as part of an error recovery action.
19356  *
19357  * Return Code: 0   - Success
19358  *		EIO - IO error
19359  *		EACCES - Reservation conflict detected
19360  *		ENXIO  - Not Ready, medium not present
19361  *		errno return code from sd_send_scsi_cmd()
19362  *
19363  *     Context: Can sleep.
19364  */
19365 
19366 static int
19367 sd_send_scsi_START_STOP_UNIT(struct sd_lun *un, int flag, int path_flag)
19368 {
19369 	struct	scsi_extended_sense	sense_buf;
19370 	union scsi_cdb		cdb;
19371 	struct uscsi_cmd	ucmd_buf;
19372 	int			status;
19373 
19374 	ASSERT(un != NULL);
19375 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19376 
19377 	SD_TRACE(SD_LOG_IO, un,
19378 	    "sd_send_scsi_START_STOP_UNIT: entry: un:0x%p\n", un);
19379 
19380 	if (ISREMOVABLE(un) &&
19381 	    ((flag == SD_TARGET_START) || (flag == SD_TARGET_STOP)) &&
19382 	    (un->un_f_start_stop_supported != TRUE)) {
19383 		return (0);
19384 	}
19385 
19386 	bzero(&cdb, sizeof (cdb));
19387 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19388 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19389 
19390 	cdb.scc_cmd = SCMD_START_STOP;
19391 	cdb.cdb_opaque[4] = (uchar_t)flag;
19392 
19393 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19394 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19395 	ucmd_buf.uscsi_bufaddr	= NULL;
19396 	ucmd_buf.uscsi_buflen	= 0;
19397 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19398 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19399 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
19400 	ucmd_buf.uscsi_timeout	= 200;
19401 
19402 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19403 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19404 
19405 	switch (status) {
19406 	case 0:
19407 		break;	/* Success! */
19408 	case EIO:
19409 		switch (ucmd_buf.uscsi_status) {
19410 		case STATUS_RESERVATION_CONFLICT:
19411 			status = EACCES;
19412 			break;
19413 		case STATUS_CHECK:
19414 			if (ucmd_buf.uscsi_rqstatus == STATUS_GOOD) {
19415 				switch (sense_buf.es_key) {
19416 				case KEY_ILLEGAL_REQUEST:
19417 					status = ENOTSUP;
19418 					break;
19419 				case KEY_NOT_READY:
19420 					if (sense_buf.es_add_code == 0x3A) {
19421 						status = ENXIO;
19422 					}
19423 					break;
19424 				default:
19425 					break;
19426 				}
19427 			}
19428 			break;
19429 		default:
19430 			break;
19431 		}
19432 		break;
19433 	default:
19434 		break;
19435 	}
19436 
19437 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_START_STOP_UNIT: exit\n");
19438 
19439 	return (status);
19440 }
19441 
19442 
19443 /*
19444  *    Function: sd_start_stop_unit_callback
19445  *
19446  * Description: timeout(9F) callback to begin recovery process for a
19447  *		device that has spun down.
19448  *
19449  *   Arguments: arg - pointer to associated softstate struct.
19450  *
19451  *     Context: Executes in a timeout(9F) thread context
19452  */
19453 
19454 static void
19455 sd_start_stop_unit_callback(void *arg)
19456 {
19457 	struct sd_lun	*un = arg;
19458 	ASSERT(un != NULL);
19459 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19460 
19461 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_callback: entry\n");
19462 
19463 	(void) taskq_dispatch(sd_tq, sd_start_stop_unit_task, un, KM_NOSLEEP);
19464 }
19465 
19466 
19467 /*
19468  *    Function: sd_start_stop_unit_task
19469  *
19470  * Description: Recovery procedure when a drive is spun down.
19471  *
19472  *   Arguments: arg - pointer to associated softstate struct.
19473  *
19474  *     Context: Executes in a taskq() thread context
19475  */
19476 
19477 static void
19478 sd_start_stop_unit_task(void *arg)
19479 {
19480 	struct sd_lun	*un = arg;
19481 
19482 	ASSERT(un != NULL);
19483 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19484 
19485 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_task: entry\n");
19486 
19487 	/*
19488 	 * Some unformatted drives report not ready error, no need to
19489 	 * restart if format has been initiated.
19490 	 */
19491 	mutex_enter(SD_MUTEX(un));
19492 	if (un->un_f_format_in_progress == TRUE) {
19493 		mutex_exit(SD_MUTEX(un));
19494 		return;
19495 	}
19496 	mutex_exit(SD_MUTEX(un));
19497 
19498 	/*
19499 	 * When a START STOP command is issued from here, it is part of a
19500 	 * failure recovery operation and must be issued before any other
19501 	 * commands, including any pending retries. Thus it must be sent
19502 	 * using SD_PATH_DIRECT_PRIORITY. It doesn't matter if the spin up
19503 	 * succeeds or not, we will start I/O after the attempt.
19504 	 */
19505 	(void) sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
19506 	    SD_PATH_DIRECT_PRIORITY);
19507 
19508 	/*
19509 	 * The above call blocks until the START_STOP_UNIT command completes.
19510 	 * Now that it has completed, we must re-try the original IO that
19511 	 * received the NOT READY condition in the first place. There are
19512 	 * three possible conditions here:
19513 	 *
19514 	 *  (1) The original IO is on un_retry_bp.
19515 	 *  (2) The original IO is on the regular wait queue, and un_retry_bp
19516 	 *	is NULL.
19517 	 *  (3) The original IO is on the regular wait queue, and un_retry_bp
19518 	 *	points to some other, unrelated bp.
19519 	 *
19520 	 * For each case, we must call sd_start_cmds() with un_retry_bp
19521 	 * as the argument. If un_retry_bp is NULL, this will initiate
19522 	 * processing of the regular wait queue.  If un_retry_bp is not NULL,
19523 	 * then this will process the bp on un_retry_bp. That may or may not
19524 	 * be the original IO, but that does not matter: the important thing
19525 	 * is to keep the IO processing going at this point.
19526 	 *
19527 	 * Note: This is a very specific error recovery sequence associated
19528 	 * with a drive that is not spun up. We attempt a START_STOP_UNIT and
19529 	 * serialize the I/O with completion of the spin-up.
19530 	 */
19531 	mutex_enter(SD_MUTEX(un));
19532 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
19533 	    "sd_start_stop_unit_task: un:0x%p starting bp:0x%p\n",
19534 	    un, un->un_retry_bp);
19535 	un->un_startstop_timeid = NULL;	/* Timeout is no longer pending */
19536 	sd_start_cmds(un, un->un_retry_bp);
19537 	mutex_exit(SD_MUTEX(un));
19538 
19539 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_task: exit\n");
19540 }
19541 
19542 
19543 /*
19544  *    Function: sd_send_scsi_INQUIRY
19545  *
19546  * Description: Issue the scsi INQUIRY command.
19547  *
19548  *   Arguments: un
19549  *		bufaddr
19550  *		buflen
19551  *		evpd
19552  *		page_code
19553  *		page_length
19554  *
19555  * Return Code: 0   - Success
19556  *		errno return code from sd_send_scsi_cmd()
19557  *
19558  *     Context: Can sleep. Does not return until command is completed.
19559  */
19560 
19561 static int
19562 sd_send_scsi_INQUIRY(struct sd_lun *un, uchar_t *bufaddr, size_t buflen,
19563 	uchar_t evpd, uchar_t page_code, size_t *residp)
19564 {
19565 	union scsi_cdb		cdb;
19566 	struct uscsi_cmd	ucmd_buf;
19567 	int			status;
19568 
19569 	ASSERT(un != NULL);
19570 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19571 	ASSERT(bufaddr != NULL);
19572 
19573 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_INQUIRY: entry: un:0x%p\n", un);
19574 
19575 	bzero(&cdb, sizeof (cdb));
19576 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19577 	bzero(bufaddr, buflen);
19578 
19579 	cdb.scc_cmd = SCMD_INQUIRY;
19580 	cdb.cdb_opaque[1] = evpd;
19581 	cdb.cdb_opaque[2] = page_code;
19582 	FORMG0COUNT(&cdb, buflen);
19583 
19584 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19585 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19586 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
19587 	ucmd_buf.uscsi_buflen	= buflen;
19588 	ucmd_buf.uscsi_rqbuf	= NULL;
19589 	ucmd_buf.uscsi_rqlen	= 0;
19590 	ucmd_buf.uscsi_flags	= USCSI_READ | USCSI_SILENT;
19591 	ucmd_buf.uscsi_timeout	= 200;	/* Excessive legacy value */
19592 
19593 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19594 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_DIRECT);
19595 
19596 	if ((status == 0) && (residp != NULL)) {
19597 		*residp = ucmd_buf.uscsi_resid;
19598 	}
19599 
19600 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_INQUIRY: exit\n");
19601 
19602 	return (status);
19603 }
19604 
19605 
19606 /*
19607  *    Function: sd_send_scsi_TEST_UNIT_READY
19608  *
19609  * Description: Issue the scsi TEST UNIT READY command.
19610  *		This routine can be told to set the flag USCSI_DIAGNOSE to
19611  *		prevent retrying failed commands. Use this when the intent
19612  *		is either to check for device readiness, to clear a Unit
19613  *		Attention, or to clear any outstanding sense data.
19614  *		However under specific conditions the expected behavior
19615  *		is for retries to bring a device ready, so use the flag
19616  *		with caution.
19617  *
19618  *   Arguments: un
19619  *		flag:   SD_CHECK_FOR_MEDIA: return ENXIO if no media present
19620  *			SD_DONT_RETRY_TUR: include uscsi flag USCSI_DIAGNOSE.
19621  *			0: dont check for media present, do retries on cmd.
19622  *
19623  * Return Code: 0   - Success
19624  *		EIO - IO error
19625  *		EACCES - Reservation conflict detected
19626  *		ENXIO  - Not Ready, medium not present
19627  *		errno return code from sd_send_scsi_cmd()
19628  *
19629  *     Context: Can sleep. Does not return until command is completed.
19630  */
19631 
19632 static int
19633 sd_send_scsi_TEST_UNIT_READY(struct sd_lun *un, int flag)
19634 {
19635 	struct	scsi_extended_sense	sense_buf;
19636 	union scsi_cdb		cdb;
19637 	struct uscsi_cmd	ucmd_buf;
19638 	int			status;
19639 
19640 	ASSERT(un != NULL);
19641 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19642 
19643 	SD_TRACE(SD_LOG_IO, un,
19644 	    "sd_send_scsi_TEST_UNIT_READY: entry: un:0x%p\n", un);
19645 
19646 	/*
19647 	 * Some Seagate elite1 TQ devices get hung with disconnect/reconnect
19648 	 * timeouts when they receive a TUR and the queue is not empty. Check
19649 	 * the configuration flag set during attach (indicating the drive has
19650 	 * this firmware bug) and un_ncmds_in_transport before issuing the
19651 	 * TUR. If there are
19652 	 * pending commands return success, this is a bit arbitrary but is ok
19653 	 * for non-removables (i.e. the eliteI disks) and non-clustering
19654 	 * configurations.
19655 	 */
19656 	if (un->un_f_cfg_tur_check == TRUE) {
19657 		mutex_enter(SD_MUTEX(un));
19658 		if (un->un_ncmds_in_transport != 0) {
19659 			mutex_exit(SD_MUTEX(un));
19660 			return (0);
19661 		}
19662 		mutex_exit(SD_MUTEX(un));
19663 	}
19664 
19665 	bzero(&cdb, sizeof (cdb));
19666 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19667 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19668 
19669 	cdb.scc_cmd = SCMD_TEST_UNIT_READY;
19670 
19671 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19672 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19673 	ucmd_buf.uscsi_bufaddr	= NULL;
19674 	ucmd_buf.uscsi_buflen	= 0;
19675 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19676 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19677 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
19678 
19679 	/* Use flag USCSI_DIAGNOSE to prevent retries if it fails. */
19680 	if ((flag & SD_DONT_RETRY_TUR) != 0) {
19681 		ucmd_buf.uscsi_flags |= USCSI_DIAGNOSE;
19682 	}
19683 	ucmd_buf.uscsi_timeout	= 60;
19684 
19685 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19686 	    UIO_SYSSPACE, UIO_SYSSPACE,
19687 	    ((flag & SD_BYPASS_PM) ? SD_PATH_DIRECT : SD_PATH_STANDARD));
19688 
19689 	switch (status) {
19690 	case 0:
19691 		break;	/* Success! */
19692 	case EIO:
19693 		switch (ucmd_buf.uscsi_status) {
19694 		case STATUS_RESERVATION_CONFLICT:
19695 			status = EACCES;
19696 			break;
19697 		case STATUS_CHECK:
19698 			if ((flag & SD_CHECK_FOR_MEDIA) == 0) {
19699 				break;
19700 			}
19701 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19702 			    (sense_buf.es_key == KEY_NOT_READY) &&
19703 			    (sense_buf.es_add_code == 0x3A)) {
19704 				status = ENXIO;
19705 			}
19706 			break;
19707 		default:
19708 			break;
19709 		}
19710 		break;
19711 	default:
19712 		break;
19713 	}
19714 
19715 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_TEST_UNIT_READY: exit\n");
19716 
19717 	return (status);
19718 }
19719 
19720 
19721 /*
19722  *    Function: sd_send_scsi_PERSISTENT_RESERVE_IN
19723  *
19724  * Description: Issue the scsi PERSISTENT RESERVE IN command.
19725  *
19726  *   Arguments: un
19727  *
19728  * Return Code: 0   - Success
19729  *		EACCES
19730  *		ENOTSUP
19731  *		errno return code from sd_send_scsi_cmd()
19732  *
19733  *     Context: Can sleep. Does not return until command is completed.
19734  */
19735 
19736 static int
19737 sd_send_scsi_PERSISTENT_RESERVE_IN(struct sd_lun *un, uchar_t  usr_cmd,
19738 	uint16_t data_len, uchar_t *data_bufp)
19739 {
19740 	struct scsi_extended_sense	sense_buf;
19741 	union scsi_cdb		cdb;
19742 	struct uscsi_cmd	ucmd_buf;
19743 	int			status;
19744 	int			no_caller_buf = FALSE;
19745 
19746 	ASSERT(un != NULL);
19747 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19748 	ASSERT((usr_cmd == SD_READ_KEYS) || (usr_cmd == SD_READ_RESV));
19749 
19750 	SD_TRACE(SD_LOG_IO, un,
19751 	    "sd_send_scsi_PERSISTENT_RESERVE_IN: entry: un:0x%p\n", un);
19752 
19753 	bzero(&cdb, sizeof (cdb));
19754 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19755 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19756 	if (data_bufp == NULL) {
19757 		/* Allocate a default buf if the caller did not give one */
19758 		ASSERT(data_len == 0);
19759 		data_len  = MHIOC_RESV_KEY_SIZE;
19760 		data_bufp = kmem_zalloc(MHIOC_RESV_KEY_SIZE, KM_SLEEP);
19761 		no_caller_buf = TRUE;
19762 	}
19763 
19764 	cdb.scc_cmd = SCMD_PERSISTENT_RESERVE_IN;
19765 	cdb.cdb_opaque[1] = usr_cmd;
19766 	FORMG1COUNT(&cdb, data_len);
19767 
19768 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19769 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19770 	ucmd_buf.uscsi_bufaddr	= (caddr_t)data_bufp;
19771 	ucmd_buf.uscsi_buflen	= data_len;
19772 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19773 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19774 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19775 	ucmd_buf.uscsi_timeout	= 60;
19776 
19777 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19778 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
19779 
19780 	switch (status) {
19781 	case 0:
19782 		break;	/* Success! */
19783 	case EIO:
19784 		switch (ucmd_buf.uscsi_status) {
19785 		case STATUS_RESERVATION_CONFLICT:
19786 			status = EACCES;
19787 			break;
19788 		case STATUS_CHECK:
19789 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19790 			    (sense_buf.es_key == KEY_ILLEGAL_REQUEST)) {
19791 				status = ENOTSUP;
19792 			}
19793 			break;
19794 		default:
19795 			break;
19796 		}
19797 		break;
19798 	default:
19799 		break;
19800 	}
19801 
19802 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_PERSISTENT_RESERVE_IN: exit\n");
19803 
19804 	if (no_caller_buf == TRUE) {
19805 		kmem_free(data_bufp, data_len);
19806 	}
19807 
19808 	return (status);
19809 }
19810 
19811 
19812 /*
19813  *    Function: sd_send_scsi_PERSISTENT_RESERVE_OUT
19814  *
19815  * Description: This routine is the driver entry point for handling CD-ROM
19816  *		multi-host persistent reservation requests (MHIOCGRP_INKEYS,
19817  *		MHIOCGRP_INRESV) by sending the SCSI-3 PROUT commands to the
19818  *		device.
19819  *
19820  *   Arguments: un  -   Pointer to soft state struct for the target.
19821  *		usr_cmd SCSI-3 reservation facility command (one of
19822  *			SD_SCSI3_REGISTER, SD_SCSI3_RESERVE, SD_SCSI3_RELEASE,
19823  *			SD_SCSI3_PREEMPTANDABORT)
19824  *		usr_bufp - user provided pointer register, reserve descriptor or
19825  *			preempt and abort structure (mhioc_register_t,
19826  *                      mhioc_resv_desc_t, mhioc_preemptandabort_t)
19827  *
19828  * Return Code: 0   - Success
19829  *		EACCES
19830  *		ENOTSUP
19831  *		errno return code from sd_send_scsi_cmd()
19832  *
19833  *     Context: Can sleep. Does not return until command is completed.
19834  */
19835 
19836 static int
19837 sd_send_scsi_PERSISTENT_RESERVE_OUT(struct sd_lun *un, uchar_t usr_cmd,
19838 	uchar_t	*usr_bufp)
19839 {
19840 	struct scsi_extended_sense	sense_buf;
19841 	union scsi_cdb		cdb;
19842 	struct uscsi_cmd	ucmd_buf;
19843 	int			status;
19844 	uchar_t			data_len = sizeof (sd_prout_t);
19845 	sd_prout_t		*prp;
19846 
19847 	ASSERT(un != NULL);
19848 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19849 	ASSERT(data_len == 24);	/* required by scsi spec */
19850 
19851 	SD_TRACE(SD_LOG_IO, un,
19852 	    "sd_send_scsi_PERSISTENT_RESERVE_OUT: entry: un:0x%p\n", un);
19853 
19854 	if (usr_bufp == NULL) {
19855 		return (EINVAL);
19856 	}
19857 
19858 	bzero(&cdb, sizeof (cdb));
19859 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19860 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19861 	prp = kmem_zalloc(data_len, KM_SLEEP);
19862 
19863 	cdb.scc_cmd = SCMD_PERSISTENT_RESERVE_OUT;
19864 	cdb.cdb_opaque[1] = usr_cmd;
19865 	FORMG1COUNT(&cdb, data_len);
19866 
19867 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19868 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19869 	ucmd_buf.uscsi_bufaddr	= (caddr_t)prp;
19870 	ucmd_buf.uscsi_buflen	= data_len;
19871 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19872 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19873 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_WRITE | USCSI_SILENT;
19874 	ucmd_buf.uscsi_timeout	= 60;
19875 
19876 	switch (usr_cmd) {
19877 	case SD_SCSI3_REGISTER: {
19878 		mhioc_register_t *ptr = (mhioc_register_t *)usr_bufp;
19879 
19880 		bcopy(ptr->oldkey.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19881 		bcopy(ptr->newkey.key, prp->service_key,
19882 		    MHIOC_RESV_KEY_SIZE);
19883 		prp->aptpl = ptr->aptpl;
19884 		break;
19885 	}
19886 	case SD_SCSI3_RESERVE:
19887 	case SD_SCSI3_RELEASE: {
19888 		mhioc_resv_desc_t *ptr = (mhioc_resv_desc_t *)usr_bufp;
19889 
19890 		bcopy(ptr->key.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19891 		prp->scope_address = BE_32(ptr->scope_specific_addr);
19892 		cdb.cdb_opaque[2] = ptr->type;
19893 		break;
19894 	}
19895 	case SD_SCSI3_PREEMPTANDABORT: {
19896 		mhioc_preemptandabort_t *ptr =
19897 		    (mhioc_preemptandabort_t *)usr_bufp;
19898 
19899 		bcopy(ptr->resvdesc.key.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19900 		bcopy(ptr->victim_key.key, prp->service_key,
19901 		    MHIOC_RESV_KEY_SIZE);
19902 		prp->scope_address = BE_32(ptr->resvdesc.scope_specific_addr);
19903 		cdb.cdb_opaque[2] = ptr->resvdesc.type;
19904 		ucmd_buf.uscsi_flags |= USCSI_HEAD;
19905 		break;
19906 	}
19907 	case SD_SCSI3_REGISTERANDIGNOREKEY:
19908 	{
19909 		mhioc_registerandignorekey_t *ptr;
19910 		ptr = (mhioc_registerandignorekey_t *)usr_bufp;
19911 		bcopy(ptr->newkey.key,
19912 		    prp->service_key, MHIOC_RESV_KEY_SIZE);
19913 		prp->aptpl = ptr->aptpl;
19914 		break;
19915 	}
19916 	default:
19917 		ASSERT(FALSE);
19918 		break;
19919 	}
19920 
19921 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19922 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
19923 
19924 	switch (status) {
19925 	case 0:
19926 		break;	/* Success! */
19927 	case EIO:
19928 		switch (ucmd_buf.uscsi_status) {
19929 		case STATUS_RESERVATION_CONFLICT:
19930 			status = EACCES;
19931 			break;
19932 		case STATUS_CHECK:
19933 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19934 			    (sense_buf.es_key == KEY_ILLEGAL_REQUEST)) {
19935 				status = ENOTSUP;
19936 			}
19937 			break;
19938 		default:
19939 			break;
19940 		}
19941 		break;
19942 	default:
19943 		break;
19944 	}
19945 
19946 	kmem_free(prp, data_len);
19947 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_PERSISTENT_RESERVE_OUT: exit\n");
19948 	return (status);
19949 }
19950 
19951 
19952 /*
19953  *    Function: sd_send_scsi_SYNCHRONIZE_CACHE
19954  *
19955  * Description: Issues a scsi SYNCHRONIZE CACHE command to the target
19956  *
19957  *   Arguments: un - pointer to the target's soft state struct
19958  *
19959  * Return Code: 0 - success
19960  *		errno-type error code
19961  *
19962  *     Context: kernel thread context only.
19963  */
19964 
19965 static int
19966 sd_send_scsi_SYNCHRONIZE_CACHE(struct sd_lun *un, struct dk_callback *dkc)
19967 {
19968 	struct sd_uscsi_info	*uip;
19969 	struct uscsi_cmd	*uscmd;
19970 	union scsi_cdb		*cdb;
19971 	struct buf		*bp;
19972 	int			rval = 0;
19973 
19974 	SD_TRACE(SD_LOG_IO, un,
19975 	    "sd_send_scsi_SYNCHRONIZE_CACHE: entry: un:0x%p\n", un);
19976 
19977 	ASSERT(un != NULL);
19978 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19979 
19980 	cdb = kmem_zalloc(CDB_GROUP1, KM_SLEEP);
19981 	cdb->scc_cmd = SCMD_SYNCHRONIZE_CACHE;
19982 
19983 	/*
19984 	 * First get some memory for the uscsi_cmd struct and cdb
19985 	 * and initialize for SYNCHRONIZE_CACHE cmd.
19986 	 */
19987 	uscmd = kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
19988 	uscmd->uscsi_cdblen = CDB_GROUP1;
19989 	uscmd->uscsi_cdb = (caddr_t)cdb;
19990 	uscmd->uscsi_bufaddr = NULL;
19991 	uscmd->uscsi_buflen = 0;
19992 	uscmd->uscsi_rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
19993 	uscmd->uscsi_rqlen = SENSE_LENGTH;
19994 	uscmd->uscsi_rqresid = SENSE_LENGTH;
19995 	uscmd->uscsi_flags = USCSI_RQENABLE | USCSI_SILENT;
19996 	uscmd->uscsi_timeout = sd_io_time;
19997 
19998 	/*
19999 	 * Allocate an sd_uscsi_info struct and fill it with the info
20000 	 * needed by sd_initpkt_for_uscsi().  Then put the pointer into
20001 	 * b_private in the buf for sd_initpkt_for_uscsi().  Note that
20002 	 * since we allocate the buf here in this function, we do not
20003 	 * need to preserve the prior contents of b_private.
20004 	 * The sd_uscsi_info struct is also used by sd_uscsi_strategy()
20005 	 */
20006 	uip = kmem_zalloc(sizeof (struct sd_uscsi_info), KM_SLEEP);
20007 	uip->ui_flags = SD_PATH_DIRECT;
20008 	uip->ui_cmdp  = uscmd;
20009 
20010 	bp = getrbuf(KM_SLEEP);
20011 	bp->b_private = uip;
20012 
20013 	/*
20014 	 * Setup buffer to carry uscsi request.
20015 	 */
20016 	bp->b_flags  = B_BUSY;
20017 	bp->b_bcount = 0;
20018 	bp->b_blkno  = 0;
20019 
20020 	if (dkc != NULL) {
20021 		bp->b_iodone = sd_send_scsi_SYNCHRONIZE_CACHE_biodone;
20022 		uip->ui_dkc = *dkc;
20023 	}
20024 
20025 	bp->b_edev = SD_GET_DEV(un);
20026 	bp->b_dev = cmpdev(bp->b_edev);	/* maybe unnecessary? */
20027 
20028 	(void) sd_uscsi_strategy(bp);
20029 
20030 	/*
20031 	 * If synchronous request, wait for completion
20032 	 * If async just return and let b_iodone callback
20033 	 * cleanup.
20034 	 * NOTE: On return, u_ncmds_in_driver will be decremented,
20035 	 * but it was also incremented in sd_uscsi_strategy(), so
20036 	 * we should be ok.
20037 	 */
20038 	if (dkc == NULL) {
20039 		(void) biowait(bp);
20040 		rval = sd_send_scsi_SYNCHRONIZE_CACHE_biodone(bp);
20041 	}
20042 
20043 	return (rval);
20044 }
20045 
20046 
20047 static int
20048 sd_send_scsi_SYNCHRONIZE_CACHE_biodone(struct buf *bp)
20049 {
20050 	struct sd_uscsi_info *uip;
20051 	struct uscsi_cmd *uscmd;
20052 	struct scsi_extended_sense *sense_buf;
20053 	struct sd_lun *un;
20054 	int status;
20055 
20056 	uip = (struct sd_uscsi_info *)(bp->b_private);
20057 	ASSERT(uip != NULL);
20058 
20059 	uscmd = uip->ui_cmdp;
20060 	ASSERT(uscmd != NULL);
20061 
20062 	sense_buf = (struct scsi_extended_sense *)uscmd->uscsi_rqbuf;
20063 	ASSERT(sense_buf != NULL);
20064 
20065 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
20066 	ASSERT(un != NULL);
20067 
20068 	status = geterror(bp);
20069 	switch (status) {
20070 	case 0:
20071 		break;	/* Success! */
20072 	case EIO:
20073 		switch (uscmd->uscsi_status) {
20074 		case STATUS_RESERVATION_CONFLICT:
20075 			/* Ignore reservation conflict */
20076 			status = 0;
20077 			goto done;
20078 
20079 		case STATUS_CHECK:
20080 			if ((uscmd->uscsi_rqstatus == STATUS_GOOD) &&
20081 			    (sense_buf->es_key == KEY_ILLEGAL_REQUEST)) {
20082 				/* Ignore Illegal Request error */
20083 				mutex_enter(SD_MUTEX(un));
20084 				un->un_f_sync_cache_unsupported = TRUE;
20085 				mutex_exit(SD_MUTEX(un));
20086 				status = ENOTSUP;
20087 				goto done;
20088 			}
20089 			break;
20090 		default:
20091 			break;
20092 		}
20093 		/* FALLTHRU */
20094 	default:
20095 		/* Ignore error if the media is not present */
20096 		if (sd_send_scsi_TEST_UNIT_READY(un, 0) != 0) {
20097 			status = 0;
20098 			goto done;
20099 		}
20100 		/* If we reach this, we had an error */
20101 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
20102 		    "SYNCHRONIZE CACHE command failed (%d)\n", status);
20103 		break;
20104 	}
20105 
20106 done:
20107 	if (uip->ui_dkc.dkc_callback != NULL) {
20108 		(*uip->ui_dkc.dkc_callback)(uip->ui_dkc.dkc_cookie, status);
20109 	}
20110 
20111 	ASSERT((bp->b_flags & B_REMAPPED) == 0);
20112 	freerbuf(bp);
20113 	kmem_free(uip, sizeof (struct sd_uscsi_info));
20114 	kmem_free(uscmd->uscsi_rqbuf, SENSE_LENGTH);
20115 	kmem_free(uscmd->uscsi_cdb, (size_t)uscmd->uscsi_cdblen);
20116 	kmem_free(uscmd, sizeof (struct uscsi_cmd));
20117 
20118 	return (status);
20119 }
20120 
20121 
20122 /*
20123  *    Function: sd_send_scsi_GET_CONFIGURATION
20124  *
20125  * Description: Issues the get configuration command to the device.
20126  *		Called from sd_check_for_writable_cd & sd_get_media_info
20127  *		caller needs to ensure that buflen = SD_PROFILE_HEADER_LEN
20128  *   Arguments: un
20129  *		ucmdbuf
20130  *		rqbuf
20131  *		rqbuflen
20132  *		bufaddr
20133  *		buflen
20134  *
20135  * Return Code: 0   - Success
20136  *		errno return code from sd_send_scsi_cmd()
20137  *
20138  *     Context: Can sleep. Does not return until command is completed.
20139  *
20140  */
20141 
20142 static int
20143 sd_send_scsi_GET_CONFIGURATION(struct sd_lun *un, struct uscsi_cmd *ucmdbuf,
20144 	uchar_t *rqbuf, uint_t rqbuflen, uchar_t *bufaddr, uint_t buflen)
20145 {
20146 	char	cdb[CDB_GROUP1];
20147 	int	status;
20148 
20149 	ASSERT(un != NULL);
20150 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20151 	ASSERT(bufaddr != NULL);
20152 	ASSERT(ucmdbuf != NULL);
20153 	ASSERT(rqbuf != NULL);
20154 
20155 	SD_TRACE(SD_LOG_IO, un,
20156 	    "sd_send_scsi_GET_CONFIGURATION: entry: un:0x%p\n", un);
20157 
20158 	bzero(cdb, sizeof (cdb));
20159 	bzero(ucmdbuf, sizeof (struct uscsi_cmd));
20160 	bzero(rqbuf, rqbuflen);
20161 	bzero(bufaddr, buflen);
20162 
20163 	/*
20164 	 * Set up cdb field for the get configuration command.
20165 	 */
20166 	cdb[0] = SCMD_GET_CONFIGURATION;
20167 	cdb[1] = 0x02;  /* Requested Type */
20168 	cdb[8] = SD_PROFILE_HEADER_LEN;
20169 	ucmdbuf->uscsi_cdb = cdb;
20170 	ucmdbuf->uscsi_cdblen = CDB_GROUP1;
20171 	ucmdbuf->uscsi_bufaddr = (caddr_t)bufaddr;
20172 	ucmdbuf->uscsi_buflen = buflen;
20173 	ucmdbuf->uscsi_timeout = sd_io_time;
20174 	ucmdbuf->uscsi_rqbuf = (caddr_t)rqbuf;
20175 	ucmdbuf->uscsi_rqlen = rqbuflen;
20176 	ucmdbuf->uscsi_flags = USCSI_RQENABLE|USCSI_SILENT|USCSI_READ;
20177 
20178 	status = sd_send_scsi_cmd(SD_GET_DEV(un), ucmdbuf, UIO_SYSSPACE,
20179 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
20180 
20181 	switch (status) {
20182 	case 0:
20183 		break;  /* Success! */
20184 	case EIO:
20185 		switch (ucmdbuf->uscsi_status) {
20186 		case STATUS_RESERVATION_CONFLICT:
20187 			status = EACCES;
20188 			break;
20189 		default:
20190 			break;
20191 		}
20192 		break;
20193 	default:
20194 		break;
20195 	}
20196 
20197 	if (status == 0) {
20198 		SD_DUMP_MEMORY(un, SD_LOG_IO,
20199 		    "sd_send_scsi_GET_CONFIGURATION: data",
20200 		    (uchar_t *)bufaddr, SD_PROFILE_HEADER_LEN, SD_LOG_HEX);
20201 	}
20202 
20203 	SD_TRACE(SD_LOG_IO, un,
20204 	    "sd_send_scsi_GET_CONFIGURATION: exit\n");
20205 
20206 	return (status);
20207 }
20208 
20209 /*
20210  *    Function: sd_send_scsi_feature_GET_CONFIGURATION
20211  *
20212  * Description: Issues the get configuration command to the device to
20213  *              retrieve a specfic feature. Called from
20214  *		sd_check_for_writable_cd & sd_set_mmc_caps.
20215  *   Arguments: un
20216  *              ucmdbuf
20217  *              rqbuf
20218  *              rqbuflen
20219  *              bufaddr
20220  *              buflen
20221  *		feature
20222  *
20223  * Return Code: 0   - Success
20224  *              errno return code from sd_send_scsi_cmd()
20225  *
20226  *     Context: Can sleep. Does not return until command is completed.
20227  *
20228  */
20229 static int
20230 sd_send_scsi_feature_GET_CONFIGURATION(struct sd_lun *un,
20231 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
20232 	uchar_t *bufaddr, uint_t buflen, char feature)
20233 {
20234 	char    cdb[CDB_GROUP1];
20235 	int	status;
20236 
20237 	ASSERT(un != NULL);
20238 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20239 	ASSERT(bufaddr != NULL);
20240 	ASSERT(ucmdbuf != NULL);
20241 	ASSERT(rqbuf != NULL);
20242 
20243 	SD_TRACE(SD_LOG_IO, un,
20244 	    "sd_send_scsi_feature_GET_CONFIGURATION: entry: un:0x%p\n", un);
20245 
20246 	bzero(cdb, sizeof (cdb));
20247 	bzero(ucmdbuf, sizeof (struct uscsi_cmd));
20248 	bzero(rqbuf, rqbuflen);
20249 	bzero(bufaddr, buflen);
20250 
20251 	/*
20252 	 * Set up cdb field for the get configuration command.
20253 	 */
20254 	cdb[0] = SCMD_GET_CONFIGURATION;
20255 	cdb[1] = 0x02;  /* Requested Type */
20256 	cdb[3] = feature;
20257 	cdb[8] = buflen;
20258 	ucmdbuf->uscsi_cdb = cdb;
20259 	ucmdbuf->uscsi_cdblen = CDB_GROUP1;
20260 	ucmdbuf->uscsi_bufaddr = (caddr_t)bufaddr;
20261 	ucmdbuf->uscsi_buflen = buflen;
20262 	ucmdbuf->uscsi_timeout = sd_io_time;
20263 	ucmdbuf->uscsi_rqbuf = (caddr_t)rqbuf;
20264 	ucmdbuf->uscsi_rqlen = rqbuflen;
20265 	ucmdbuf->uscsi_flags = USCSI_RQENABLE|USCSI_SILENT|USCSI_READ;
20266 
20267 	status = sd_send_scsi_cmd(SD_GET_DEV(un), ucmdbuf, UIO_SYSSPACE,
20268 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
20269 
20270 	switch (status) {
20271 	case 0:
20272 		break;  /* Success! */
20273 	case EIO:
20274 		switch (ucmdbuf->uscsi_status) {
20275 		case STATUS_RESERVATION_CONFLICT:
20276 			status = EACCES;
20277 			break;
20278 		default:
20279 			break;
20280 		}
20281 		break;
20282 	default:
20283 		break;
20284 	}
20285 
20286 	if (status == 0) {
20287 		SD_DUMP_MEMORY(un, SD_LOG_IO,
20288 		    "sd_send_scsi_feature_GET_CONFIGURATION: data",
20289 		    (uchar_t *)bufaddr, SD_PROFILE_HEADER_LEN, SD_LOG_HEX);
20290 	}
20291 
20292 	SD_TRACE(SD_LOG_IO, un,
20293 	    "sd_send_scsi_feature_GET_CONFIGURATION: exit\n");
20294 
20295 	return (status);
20296 }
20297 
20298 
20299 /*
20300  *    Function: sd_send_scsi_MODE_SENSE
20301  *
20302  * Description: Utility function for issuing a scsi MODE SENSE command.
20303  *		Note: This routine uses a consistent implementation for Group0,
20304  *		Group1, and Group2 commands across all platforms. ATAPI devices
20305  *		use Group 1 Read/Write commands and Group 2 Mode Sense/Select
20306  *
20307  *   Arguments: un - pointer to the softstate struct for the target.
20308  *		cdbsize - size CDB to be used (CDB_GROUP0 (6 byte), or
20309  *			  CDB_GROUP[1|2] (10 byte).
20310  *		bufaddr - buffer for page data retrieved from the target.
20311  *		buflen - size of page to be retrieved.
20312  *		page_code - page code of data to be retrieved from the target.
20313  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20314  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20315  *			to use the USCSI "direct" chain and bypass the normal
20316  *			command waitq.
20317  *
20318  * Return Code: 0   - Success
20319  *		errno return code from sd_send_scsi_cmd()
20320  *
20321  *     Context: Can sleep. Does not return until command is completed.
20322  */
20323 
20324 static int
20325 sd_send_scsi_MODE_SENSE(struct sd_lun *un, int cdbsize, uchar_t *bufaddr,
20326 	size_t buflen,  uchar_t page_code, int path_flag)
20327 {
20328 	struct	scsi_extended_sense	sense_buf;
20329 	union scsi_cdb		cdb;
20330 	struct uscsi_cmd	ucmd_buf;
20331 	int			status;
20332 
20333 	ASSERT(un != NULL);
20334 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20335 	ASSERT(bufaddr != NULL);
20336 	ASSERT((cdbsize == CDB_GROUP0) || (cdbsize == CDB_GROUP1) ||
20337 	    (cdbsize == CDB_GROUP2));
20338 
20339 	SD_TRACE(SD_LOG_IO, un,
20340 	    "sd_send_scsi_MODE_SENSE: entry: un:0x%p\n", un);
20341 
20342 	bzero(&cdb, sizeof (cdb));
20343 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20344 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20345 	bzero(bufaddr, buflen);
20346 
20347 	if (cdbsize == CDB_GROUP0) {
20348 		cdb.scc_cmd = SCMD_MODE_SENSE;
20349 		cdb.cdb_opaque[2] = page_code;
20350 		FORMG0COUNT(&cdb, buflen);
20351 	} else {
20352 		cdb.scc_cmd = SCMD_MODE_SENSE_G1;
20353 		cdb.cdb_opaque[2] = page_code;
20354 		FORMG1COUNT(&cdb, buflen);
20355 	}
20356 
20357 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20358 
20359 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20360 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20361 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20362 	ucmd_buf.uscsi_buflen	= buflen;
20363 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20364 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20365 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
20366 	ucmd_buf.uscsi_timeout	= 60;
20367 
20368 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20369 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20370 
20371 	switch (status) {
20372 	case 0:
20373 		break;	/* Success! */
20374 	case EIO:
20375 		switch (ucmd_buf.uscsi_status) {
20376 		case STATUS_RESERVATION_CONFLICT:
20377 			status = EACCES;
20378 			break;
20379 		default:
20380 			break;
20381 		}
20382 		break;
20383 	default:
20384 		break;
20385 	}
20386 
20387 	if (status == 0) {
20388 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_MODE_SENSE: data",
20389 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20390 	}
20391 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_MODE_SENSE: exit\n");
20392 
20393 	return (status);
20394 }
20395 
20396 
20397 /*
20398  *    Function: sd_send_scsi_MODE_SELECT
20399  *
20400  * Description: Utility function for issuing a scsi MODE SELECT command.
20401  *		Note: This routine uses a consistent implementation for Group0,
20402  *		Group1, and Group2 commands across all platforms. ATAPI devices
20403  *		use Group 1 Read/Write commands and Group 2 Mode Sense/Select
20404  *
20405  *   Arguments: un - pointer to the softstate struct for the target.
20406  *		cdbsize - size CDB to be used (CDB_GROUP0 (6 byte), or
20407  *			  CDB_GROUP[1|2] (10 byte).
20408  *		bufaddr - buffer for page data retrieved from the target.
20409  *		buflen - size of page to be retrieved.
20410  *		save_page - boolean to determin if SP bit should be set.
20411  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20412  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20413  *			to use the USCSI "direct" chain and bypass the normal
20414  *			command waitq.
20415  *
20416  * Return Code: 0   - Success
20417  *		errno return code from sd_send_scsi_cmd()
20418  *
20419  *     Context: Can sleep. Does not return until command is completed.
20420  */
20421 
20422 static int
20423 sd_send_scsi_MODE_SELECT(struct sd_lun *un, int cdbsize, uchar_t *bufaddr,
20424 	size_t buflen,  uchar_t save_page, int path_flag)
20425 {
20426 	struct	scsi_extended_sense	sense_buf;
20427 	union scsi_cdb		cdb;
20428 	struct uscsi_cmd	ucmd_buf;
20429 	int			status;
20430 
20431 	ASSERT(un != NULL);
20432 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20433 	ASSERT(bufaddr != NULL);
20434 	ASSERT((cdbsize == CDB_GROUP0) || (cdbsize == CDB_GROUP1) ||
20435 	    (cdbsize == CDB_GROUP2));
20436 
20437 	SD_TRACE(SD_LOG_IO, un,
20438 	    "sd_send_scsi_MODE_SELECT: entry: un:0x%p\n", un);
20439 
20440 	bzero(&cdb, sizeof (cdb));
20441 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20442 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20443 
20444 	/* Set the PF bit for many third party drives */
20445 	cdb.cdb_opaque[1] = 0x10;
20446 
20447 	/* Set the savepage(SP) bit if given */
20448 	if (save_page == SD_SAVE_PAGE) {
20449 		cdb.cdb_opaque[1] |= 0x01;
20450 	}
20451 
20452 	if (cdbsize == CDB_GROUP0) {
20453 		cdb.scc_cmd = SCMD_MODE_SELECT;
20454 		FORMG0COUNT(&cdb, buflen);
20455 	} else {
20456 		cdb.scc_cmd = SCMD_MODE_SELECT_G1;
20457 		FORMG1COUNT(&cdb, buflen);
20458 	}
20459 
20460 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20461 
20462 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20463 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20464 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20465 	ucmd_buf.uscsi_buflen	= buflen;
20466 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20467 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20468 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_WRITE | USCSI_SILENT;
20469 	ucmd_buf.uscsi_timeout	= 60;
20470 
20471 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20472 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20473 
20474 	switch (status) {
20475 	case 0:
20476 		break;	/* Success! */
20477 	case EIO:
20478 		switch (ucmd_buf.uscsi_status) {
20479 		case STATUS_RESERVATION_CONFLICT:
20480 			status = EACCES;
20481 			break;
20482 		default:
20483 			break;
20484 		}
20485 		break;
20486 	default:
20487 		break;
20488 	}
20489 
20490 	if (status == 0) {
20491 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_MODE_SELECT: data",
20492 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20493 	}
20494 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_MODE_SELECT: exit\n");
20495 
20496 	return (status);
20497 }
20498 
20499 
20500 /*
20501  *    Function: sd_send_scsi_RDWR
20502  *
20503  * Description: Issue a scsi READ or WRITE command with the given parameters.
20504  *
20505  *   Arguments: un:      Pointer to the sd_lun struct for the target.
20506  *		cmd:	 SCMD_READ or SCMD_WRITE
20507  *		bufaddr: Address of caller's buffer to receive the RDWR data
20508  *		buflen:  Length of caller's buffer receive the RDWR data.
20509  *		start_block: Block number for the start of the RDWR operation.
20510  *			 (Assumes target-native block size.)
20511  *		residp:  Pointer to variable to receive the redisual of the
20512  *			 RDWR operation (may be NULL of no residual requested).
20513  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20514  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20515  *			to use the USCSI "direct" chain and bypass the normal
20516  *			command waitq.
20517  *
20518  * Return Code: 0   - Success
20519  *		errno return code from sd_send_scsi_cmd()
20520  *
20521  *     Context: Can sleep. Does not return until command is completed.
20522  */
20523 
20524 static int
20525 sd_send_scsi_RDWR(struct sd_lun *un, uchar_t cmd, void *bufaddr,
20526 	size_t buflen, daddr_t start_block, int path_flag)
20527 {
20528 	struct	scsi_extended_sense	sense_buf;
20529 	union scsi_cdb		cdb;
20530 	struct uscsi_cmd	ucmd_buf;
20531 	uint32_t		block_count;
20532 	int			status;
20533 	int			cdbsize;
20534 	uchar_t			flag;
20535 
20536 	ASSERT(un != NULL);
20537 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20538 	ASSERT(bufaddr != NULL);
20539 	ASSERT((cmd == SCMD_READ) || (cmd == SCMD_WRITE));
20540 
20541 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_RDWR: entry: un:0x%p\n", un);
20542 
20543 	if (un->un_f_tgt_blocksize_is_valid != TRUE) {
20544 		return (EINVAL);
20545 	}
20546 
20547 	mutex_enter(SD_MUTEX(un));
20548 	block_count = SD_BYTES2TGTBLOCKS(un, buflen);
20549 	mutex_exit(SD_MUTEX(un));
20550 
20551 	flag = (cmd == SCMD_READ) ? USCSI_READ : USCSI_WRITE;
20552 
20553 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_RDWR: "
20554 	    "bufaddr:0x%p buflen:0x%x start_block:0x%p block_count:0x%x\n",
20555 	    bufaddr, buflen, start_block, block_count);
20556 
20557 	bzero(&cdb, sizeof (cdb));
20558 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20559 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20560 
20561 	/* Compute CDB size to use */
20562 	if (start_block > 0xffffffff)
20563 		cdbsize = CDB_GROUP4;
20564 	else if ((start_block & 0xFFE00000) ||
20565 	    (un->un_f_cfg_is_atapi == TRUE))
20566 		cdbsize = CDB_GROUP1;
20567 	else
20568 		cdbsize = CDB_GROUP0;
20569 
20570 	switch (cdbsize) {
20571 	case CDB_GROUP0:	/* 6-byte CDBs */
20572 		cdb.scc_cmd = cmd;
20573 		FORMG0ADDR(&cdb, start_block);
20574 		FORMG0COUNT(&cdb, block_count);
20575 		break;
20576 	case CDB_GROUP1:	/* 10-byte CDBs */
20577 		cdb.scc_cmd = cmd | SCMD_GROUP1;
20578 		FORMG1ADDR(&cdb, start_block);
20579 		FORMG1COUNT(&cdb, block_count);
20580 		break;
20581 	case CDB_GROUP4:	/* 16-byte CDBs */
20582 		cdb.scc_cmd = cmd | SCMD_GROUP4;
20583 		FORMG4LONGADDR(&cdb, (uint64_t)start_block);
20584 		FORMG4COUNT(&cdb, block_count);
20585 		break;
20586 	case CDB_GROUP5:	/* 12-byte CDBs (currently unsupported) */
20587 	default:
20588 		/* All others reserved */
20589 		return (EINVAL);
20590 	}
20591 
20592 	/* Set LUN bit(s) in CDB if this is a SCSI-1 device */
20593 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20594 
20595 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20596 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20597 	ucmd_buf.uscsi_bufaddr	= bufaddr;
20598 	ucmd_buf.uscsi_buflen	= buflen;
20599 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20600 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20601 	ucmd_buf.uscsi_flags	= flag | USCSI_RQENABLE | USCSI_SILENT;
20602 	ucmd_buf.uscsi_timeout	= 60;
20603 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20604 				UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20605 	switch (status) {
20606 	case 0:
20607 		break;	/* Success! */
20608 	case EIO:
20609 		switch (ucmd_buf.uscsi_status) {
20610 		case STATUS_RESERVATION_CONFLICT:
20611 			status = EACCES;
20612 			break;
20613 		default:
20614 			break;
20615 		}
20616 		break;
20617 	default:
20618 		break;
20619 	}
20620 
20621 	if (status == 0) {
20622 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_RDWR: data",
20623 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20624 	}
20625 
20626 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_RDWR: exit\n");
20627 
20628 	return (status);
20629 }
20630 
20631 
20632 /*
20633  *    Function: sd_send_scsi_LOG_SENSE
20634  *
20635  * Description: Issue a scsi LOG_SENSE command with the given parameters.
20636  *
20637  *   Arguments: un:      Pointer to the sd_lun struct for the target.
20638  *
20639  * Return Code: 0   - Success
20640  *		errno return code from sd_send_scsi_cmd()
20641  *
20642  *     Context: Can sleep. Does not return until command is completed.
20643  */
20644 
20645 static int
20646 sd_send_scsi_LOG_SENSE(struct sd_lun *un, uchar_t *bufaddr, uint16_t buflen,
20647 	uchar_t page_code, uchar_t page_control, uint16_t param_ptr,
20648 	int path_flag)
20649 
20650 {
20651 	struct	scsi_extended_sense	sense_buf;
20652 	union scsi_cdb		cdb;
20653 	struct uscsi_cmd	ucmd_buf;
20654 	int			status;
20655 
20656 	ASSERT(un != NULL);
20657 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20658 
20659 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_LOG_SENSE: entry: un:0x%p\n", un);
20660 
20661 	bzero(&cdb, sizeof (cdb));
20662 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20663 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20664 
20665 	cdb.scc_cmd = SCMD_LOG_SENSE_G1;
20666 	cdb.cdb_opaque[2] = (page_control << 6) | page_code;
20667 	cdb.cdb_opaque[5] = (uchar_t)((param_ptr & 0xFF00) >> 8);
20668 	cdb.cdb_opaque[6] = (uchar_t)(param_ptr  & 0x00FF);
20669 	FORMG1COUNT(&cdb, buflen);
20670 
20671 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20672 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
20673 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20674 	ucmd_buf.uscsi_buflen	= buflen;
20675 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20676 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20677 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
20678 	ucmd_buf.uscsi_timeout	= 60;
20679 
20680 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20681 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20682 
20683 	switch (status) {
20684 	case 0:
20685 		break;
20686 	case EIO:
20687 		switch (ucmd_buf.uscsi_status) {
20688 		case STATUS_RESERVATION_CONFLICT:
20689 			status = EACCES;
20690 			break;
20691 		case STATUS_CHECK:
20692 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
20693 			    (sense_buf.es_key == KEY_ILLEGAL_REQUEST) &&
20694 			    (sense_buf.es_add_code == 0x24)) {
20695 				/*
20696 				 * ASC 0x24: INVALID FIELD IN CDB
20697 				 */
20698 				switch (page_code) {
20699 				case START_STOP_CYCLE_PAGE:
20700 					/*
20701 					 * The start stop cycle counter is
20702 					 * implemented as page 0x31 in earlier
20703 					 * generation disks. In new generation
20704 					 * disks the start stop cycle counter is
20705 					 * implemented as page 0xE. To properly
20706 					 * handle this case if an attempt for
20707 					 * log page 0xE is made and fails we
20708 					 * will try again using page 0x31.
20709 					 *
20710 					 * Network storage BU committed to
20711 					 * maintain the page 0x31 for this
20712 					 * purpose and will not have any other
20713 					 * page implemented with page code 0x31
20714 					 * until all disks transition to the
20715 					 * standard page.
20716 					 */
20717 					mutex_enter(SD_MUTEX(un));
20718 					un->un_start_stop_cycle_page =
20719 					    START_STOP_CYCLE_VU_PAGE;
20720 					cdb.cdb_opaque[2] =
20721 					    (char)(page_control << 6) |
20722 					    un->un_start_stop_cycle_page;
20723 					mutex_exit(SD_MUTEX(un));
20724 					status = sd_send_scsi_cmd(
20725 					    SD_GET_DEV(un), &ucmd_buf,
20726 					    UIO_SYSSPACE, UIO_SYSSPACE,
20727 					    UIO_SYSSPACE, path_flag);
20728 
20729 					break;
20730 				case TEMPERATURE_PAGE:
20731 					status = ENOTTY;
20732 					break;
20733 				default:
20734 					break;
20735 				}
20736 			}
20737 			break;
20738 		default:
20739 			break;
20740 		}
20741 		break;
20742 	default:
20743 		break;
20744 	}
20745 
20746 	if (status == 0) {
20747 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_LOG_SENSE: data",
20748 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20749 	}
20750 
20751 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_LOG_SENSE: exit\n");
20752 
20753 	return (status);
20754 }
20755 
20756 
20757 /*
20758  *    Function: sdioctl
20759  *
20760  * Description: Driver's ioctl(9e) entry point function.
20761  *
20762  *   Arguments: dev     - device number
20763  *		cmd     - ioctl operation to be performed
20764  *		arg     - user argument, contains data to be set or reference
20765  *			  parameter for get
20766  *		flag    - bit flag, indicating open settings, 32/64 bit type
20767  *		cred_p  - user credential pointer
20768  *		rval_p  - calling process return value (OPT)
20769  *
20770  * Return Code: EINVAL
20771  *		ENOTTY
20772  *		ENXIO
20773  *		EIO
20774  *		EFAULT
20775  *		ENOTSUP
20776  *		EPERM
20777  *
20778  *     Context: Called from the device switch at normal priority.
20779  */
20780 
20781 static int
20782 sdioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cred_p, int *rval_p)
20783 {
20784 	struct sd_lun	*un = NULL;
20785 	int		geom_validated = FALSE;
20786 	int		err = 0;
20787 	int		i = 0;
20788 	cred_t		*cr;
20789 
20790 	/*
20791 	 * All device accesses go thru sdstrategy where we check on suspend
20792 	 * status
20793 	 */
20794 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
20795 		return (ENXIO);
20796 	}
20797 
20798 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20799 
20800 	/*
20801 	 * Moved this wait from sd_uscsi_strategy to here for
20802 	 * reasons of deadlock prevention. Internal driver commands,
20803 	 * specifically those to change a devices power level, result
20804 	 * in a call to sd_uscsi_strategy.
20805 	 */
20806 	mutex_enter(SD_MUTEX(un));
20807 	while ((un->un_state == SD_STATE_SUSPENDED) ||
20808 	    (un->un_state == SD_STATE_PM_CHANGING)) {
20809 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
20810 	}
20811 	/*
20812 	 * Twiddling the counter here protects commands from now
20813 	 * through to the top of sd_uscsi_strategy. Without the
20814 	 * counter inc. a power down, for example, could get in
20815 	 * after the above check for state is made and before
20816 	 * execution gets to the top of sd_uscsi_strategy.
20817 	 * That would cause problems.
20818 	 */
20819 	un->un_ncmds_in_driver++;
20820 
20821 	if ((un->un_f_geometry_is_valid == FALSE) &&
20822 	    (flag & (FNDELAY | FNONBLOCK))) {
20823 		switch (cmd) {
20824 		case CDROMPAUSE:
20825 		case CDROMRESUME:
20826 		case CDROMPLAYMSF:
20827 		case CDROMPLAYTRKIND:
20828 		case CDROMREADTOCHDR:
20829 		case CDROMREADTOCENTRY:
20830 		case CDROMSTOP:
20831 		case CDROMSTART:
20832 		case CDROMVOLCTRL:
20833 		case CDROMSUBCHNL:
20834 		case CDROMREADMODE2:
20835 		case CDROMREADMODE1:
20836 		case CDROMREADOFFSET:
20837 		case CDROMSBLKMODE:
20838 		case CDROMGBLKMODE:
20839 		case CDROMGDRVSPEED:
20840 		case CDROMSDRVSPEED:
20841 		case CDROMCDDA:
20842 		case CDROMCDXA:
20843 		case CDROMSUBCODE:
20844 			if (!ISCD(un)) {
20845 				un->un_ncmds_in_driver--;
20846 				ASSERT(un->un_ncmds_in_driver >= 0);
20847 				mutex_exit(SD_MUTEX(un));
20848 				return (ENOTTY);
20849 			}
20850 			break;
20851 		case FDEJECT:
20852 		case DKIOCEJECT:
20853 		case CDROMEJECT:
20854 			if (!ISREMOVABLE(un)) {
20855 				un->un_ncmds_in_driver--;
20856 				ASSERT(un->un_ncmds_in_driver >= 0);
20857 				mutex_exit(SD_MUTEX(un));
20858 				return (ENOTTY);
20859 			}
20860 			break;
20861 		case DKIOCSVTOC:
20862 		case DKIOCSETEFI:
20863 		case DKIOCSMBOOT:
20864 		case DKIOCFLUSHWRITECACHE:
20865 			mutex_exit(SD_MUTEX(un));
20866 			err = sd_send_scsi_TEST_UNIT_READY(un, 0);
20867 			if (err != 0) {
20868 				mutex_enter(SD_MUTEX(un));
20869 				un->un_ncmds_in_driver--;
20870 				ASSERT(un->un_ncmds_in_driver >= 0);
20871 				mutex_exit(SD_MUTEX(un));
20872 				return (EIO);
20873 			}
20874 			mutex_enter(SD_MUTEX(un));
20875 			/* FALLTHROUGH */
20876 		case DKIOCREMOVABLE:
20877 		case DKIOCINFO:
20878 		case DKIOCGMEDIAINFO:
20879 		case MHIOCENFAILFAST:
20880 		case MHIOCSTATUS:
20881 		case MHIOCTKOWN:
20882 		case MHIOCRELEASE:
20883 		case MHIOCGRP_INKEYS:
20884 		case MHIOCGRP_INRESV:
20885 		case MHIOCGRP_REGISTER:
20886 		case MHIOCGRP_RESERVE:
20887 		case MHIOCGRP_PREEMPTANDABORT:
20888 		case MHIOCGRP_REGISTERANDIGNOREKEY:
20889 		case CDROMCLOSETRAY:
20890 		case USCSICMD:
20891 			goto skip_ready_valid;
20892 		default:
20893 			break;
20894 		}
20895 
20896 		mutex_exit(SD_MUTEX(un));
20897 		err = sd_ready_and_valid(un);
20898 		mutex_enter(SD_MUTEX(un));
20899 		if (err == SD_READY_NOT_VALID) {
20900 			switch (cmd) {
20901 			case DKIOCGAPART:
20902 			case DKIOCGGEOM:
20903 			case DKIOCSGEOM:
20904 			case DKIOCGVTOC:
20905 			case DKIOCSVTOC:
20906 			case DKIOCSAPART:
20907 			case DKIOCG_PHYGEOM:
20908 			case DKIOCG_VIRTGEOM:
20909 				err = ENOTSUP;
20910 				un->un_ncmds_in_driver--;
20911 				ASSERT(un->un_ncmds_in_driver >= 0);
20912 				mutex_exit(SD_MUTEX(un));
20913 				return (err);
20914 			}
20915 		}
20916 		if (err != SD_READY_VALID) {
20917 			switch (cmd) {
20918 			case DKIOCSTATE:
20919 			case CDROMGDRVSPEED:
20920 			case CDROMSDRVSPEED:
20921 			case FDEJECT:	/* for eject command */
20922 			case DKIOCEJECT:
20923 			case CDROMEJECT:
20924 			case DKIOCGETEFI:
20925 			case DKIOCSGEOM:
20926 			case DKIOCREMOVABLE:
20927 			case DKIOCSAPART:
20928 			case DKIOCSETEFI:
20929 				break;
20930 			default:
20931 				if (ISREMOVABLE(un)) {
20932 					err = ENXIO;
20933 				} else {
20934 					/* Do not map EACCES to EIO */
20935 					if (err != EACCES)
20936 						err = EIO;
20937 				}
20938 				un->un_ncmds_in_driver--;
20939 				ASSERT(un->un_ncmds_in_driver >= 0);
20940 				mutex_exit(SD_MUTEX(un));
20941 				return (err);
20942 			}
20943 		}
20944 		geom_validated = TRUE;
20945 	}
20946 	if ((un->un_f_geometry_is_valid == TRUE) &&
20947 	    (un->un_solaris_size > 0)) {
20948 		/*
20949 		 * the "geometry_is_valid" flag could be true if we
20950 		 * have an fdisk table but no Solaris partition
20951 		 */
20952 		if (un->un_vtoc.v_sanity != VTOC_SANE) {
20953 			/* it is EFI, so return ENOTSUP for these */
20954 			switch (cmd) {
20955 			case DKIOCGAPART:
20956 			case DKIOCGGEOM:
20957 			case DKIOCGVTOC:
20958 			case DKIOCSVTOC:
20959 			case DKIOCSAPART:
20960 				err = ENOTSUP;
20961 				un->un_ncmds_in_driver--;
20962 				ASSERT(un->un_ncmds_in_driver >= 0);
20963 				mutex_exit(SD_MUTEX(un));
20964 				return (err);
20965 			}
20966 		}
20967 	}
20968 
20969 skip_ready_valid:
20970 	mutex_exit(SD_MUTEX(un));
20971 
20972 	switch (cmd) {
20973 	case DKIOCINFO:
20974 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCINFO\n");
20975 		err = sd_dkio_ctrl_info(dev, (caddr_t)arg, flag);
20976 		break;
20977 
20978 	case DKIOCGMEDIAINFO:
20979 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGMEDIAINFO\n");
20980 		err = sd_get_media_info(dev, (caddr_t)arg, flag);
20981 		break;
20982 
20983 	case DKIOCGGEOM:
20984 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGGEOM\n");
20985 		err = sd_dkio_get_geometry(dev, (caddr_t)arg, flag,
20986 		    geom_validated);
20987 		break;
20988 
20989 	case DKIOCSGEOM:
20990 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSGEOM\n");
20991 		err = sd_dkio_set_geometry(dev, (caddr_t)arg, flag);
20992 		break;
20993 
20994 	case DKIOCGAPART:
20995 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGAPART\n");
20996 		err = sd_dkio_get_partition(dev, (caddr_t)arg, flag,
20997 		    geom_validated);
20998 		break;
20999 
21000 	case DKIOCSAPART:
21001 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSAPART\n");
21002 		err = sd_dkio_set_partition(dev, (caddr_t)arg, flag);
21003 		break;
21004 
21005 	case DKIOCGVTOC:
21006 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGVTOC\n");
21007 		err = sd_dkio_get_vtoc(dev, (caddr_t)arg, flag,
21008 		    geom_validated);
21009 		break;
21010 
21011 	case DKIOCGETEFI:
21012 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGETEFI\n");
21013 		err = sd_dkio_get_efi(dev, (caddr_t)arg, flag);
21014 		break;
21015 
21016 	case DKIOCPARTITION:
21017 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTITION\n");
21018 		err = sd_dkio_partition(dev, (caddr_t)arg, flag);
21019 		break;
21020 
21021 	case DKIOCSVTOC:
21022 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSVTOC\n");
21023 		err = sd_dkio_set_vtoc(dev, (caddr_t)arg, flag);
21024 		break;
21025 
21026 	case DKIOCSETEFI:
21027 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSETEFI\n");
21028 		err = sd_dkio_set_efi(dev, (caddr_t)arg, flag);
21029 		break;
21030 
21031 	case DKIOCGMBOOT:
21032 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGMBOOT\n");
21033 		err = sd_dkio_get_mboot(dev, (caddr_t)arg, flag);
21034 		break;
21035 
21036 	case DKIOCSMBOOT:
21037 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSMBOOT\n");
21038 		err = sd_dkio_set_mboot(dev, (caddr_t)arg, flag);
21039 		break;
21040 
21041 	case DKIOCLOCK:
21042 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCLOCK\n");
21043 		err = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
21044 		    SD_PATH_STANDARD);
21045 		break;
21046 
21047 	case DKIOCUNLOCK:
21048 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCUNLOCK\n");
21049 		err = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_ALLOW,
21050 		    SD_PATH_STANDARD);
21051 		break;
21052 
21053 	case DKIOCSTATE: {
21054 		enum dkio_state		state;
21055 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSTATE\n");
21056 
21057 		if (ddi_copyin((void *)arg, &state, sizeof (int), flag) != 0) {
21058 			err = EFAULT;
21059 		} else {
21060 			err = sd_check_media(dev, state);
21061 			if (err == 0) {
21062 				if (ddi_copyout(&un->un_mediastate, (void *)arg,
21063 				    sizeof (int), flag) != 0)
21064 					err = EFAULT;
21065 			}
21066 		}
21067 		break;
21068 	}
21069 
21070 	case DKIOCREMOVABLE:
21071 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCREMOVABLE\n");
21072 		if (ISREMOVABLE(un)) {
21073 			i = 1;
21074 		} else {
21075 			i = 0;
21076 		}
21077 		if (ddi_copyout(&i, (void *)arg, sizeof (int), flag) != 0) {
21078 			err = EFAULT;
21079 		} else {
21080 			err = 0;
21081 		}
21082 		break;
21083 
21084 	case DKIOCGTEMPERATURE:
21085 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGTEMPERATURE\n");
21086 		err = sd_dkio_get_temp(dev, (caddr_t)arg, flag);
21087 		break;
21088 
21089 	case MHIOCENFAILFAST:
21090 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCENFAILFAST\n");
21091 		if ((err = drv_priv(cred_p)) == 0) {
21092 			err = sd_mhdioc_failfast(dev, (caddr_t)arg, flag);
21093 		}
21094 		break;
21095 
21096 	case MHIOCTKOWN:
21097 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCTKOWN\n");
21098 		if ((err = drv_priv(cred_p)) == 0) {
21099 			err = sd_mhdioc_takeown(dev, (caddr_t)arg, flag);
21100 		}
21101 		break;
21102 
21103 	case MHIOCRELEASE:
21104 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCRELEASE\n");
21105 		if ((err = drv_priv(cred_p)) == 0) {
21106 			err = sd_mhdioc_release(dev);
21107 		}
21108 		break;
21109 
21110 	case MHIOCSTATUS:
21111 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCSTATUS\n");
21112 		if ((err = drv_priv(cred_p)) == 0) {
21113 			switch (sd_send_scsi_TEST_UNIT_READY(un, 0)) {
21114 			case 0:
21115 				err = 0;
21116 				break;
21117 			case EACCES:
21118 				*rval_p = 1;
21119 				err = 0;
21120 				break;
21121 			default:
21122 				err = EIO;
21123 				break;
21124 			}
21125 		}
21126 		break;
21127 
21128 	case MHIOCQRESERVE:
21129 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCQRESERVE\n");
21130 		if ((err = drv_priv(cred_p)) == 0) {
21131 			err = sd_reserve_release(dev, SD_RESERVE);
21132 		}
21133 		break;
21134 
21135 	case MHIOCREREGISTERDEVID:
21136 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCREREGISTERDEVID\n");
21137 		if (drv_priv(cred_p) == EPERM) {
21138 			err = EPERM;
21139 		} else if (ISREMOVABLE(un) || ISCD(un)) {
21140 			err = ENOTTY;
21141 		} else {
21142 			err = sd_mhdioc_register_devid(dev);
21143 		}
21144 		break;
21145 
21146 	case MHIOCGRP_INKEYS:
21147 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_INKEYS\n");
21148 		if (((err = drv_priv(cred_p)) != EPERM) && arg != NULL) {
21149 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21150 				err = ENOTSUP;
21151 			} else {
21152 				err = sd_mhdioc_inkeys(dev, (caddr_t)arg,
21153 				    flag);
21154 			}
21155 		}
21156 		break;
21157 
21158 	case MHIOCGRP_INRESV:
21159 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_INRESV\n");
21160 		if (((err = drv_priv(cred_p)) != EPERM) && arg != NULL) {
21161 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21162 				err = ENOTSUP;
21163 			} else {
21164 				err = sd_mhdioc_inresv(dev, (caddr_t)arg, flag);
21165 			}
21166 		}
21167 		break;
21168 
21169 	case MHIOCGRP_REGISTER:
21170 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_REGISTER\n");
21171 		if ((err = drv_priv(cred_p)) != EPERM) {
21172 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21173 				err = ENOTSUP;
21174 			} else if (arg != NULL) {
21175 				mhioc_register_t reg;
21176 				if (ddi_copyin((void *)arg, &reg,
21177 				    sizeof (mhioc_register_t), flag) != 0) {
21178 					err = EFAULT;
21179 				} else {
21180 					err =
21181 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21182 					    un, SD_SCSI3_REGISTER,
21183 					    (uchar_t *)&reg);
21184 				}
21185 			}
21186 		}
21187 		break;
21188 
21189 	case MHIOCGRP_RESERVE:
21190 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_RESERVE\n");
21191 		if ((err = drv_priv(cred_p)) != EPERM) {
21192 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21193 				err = ENOTSUP;
21194 			} else if (arg != NULL) {
21195 				mhioc_resv_desc_t resv_desc;
21196 				if (ddi_copyin((void *)arg, &resv_desc,
21197 				    sizeof (mhioc_resv_desc_t), flag) != 0) {
21198 					err = EFAULT;
21199 				} else {
21200 					err =
21201 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21202 					    un, SD_SCSI3_RESERVE,
21203 					    (uchar_t *)&resv_desc);
21204 				}
21205 			}
21206 		}
21207 		break;
21208 
21209 	case MHIOCGRP_PREEMPTANDABORT:
21210 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_PREEMPTANDABORT\n");
21211 		if ((err = drv_priv(cred_p)) != EPERM) {
21212 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21213 				err = ENOTSUP;
21214 			} else if (arg != NULL) {
21215 				mhioc_preemptandabort_t preempt_abort;
21216 				if (ddi_copyin((void *)arg, &preempt_abort,
21217 				    sizeof (mhioc_preemptandabort_t),
21218 				    flag) != 0) {
21219 					err = EFAULT;
21220 				} else {
21221 					err =
21222 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21223 					    un, SD_SCSI3_PREEMPTANDABORT,
21224 					    (uchar_t *)&preempt_abort);
21225 				}
21226 			}
21227 		}
21228 		break;
21229 
21230 	case MHIOCGRP_REGISTERANDIGNOREKEY:
21231 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_PREEMPTANDABORT\n");
21232 		if ((err = drv_priv(cred_p)) != EPERM) {
21233 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21234 				err = ENOTSUP;
21235 			} else if (arg != NULL) {
21236 				mhioc_registerandignorekey_t r_and_i;
21237 				if (ddi_copyin((void *)arg, (void *)&r_and_i,
21238 				    sizeof (mhioc_registerandignorekey_t),
21239 				    flag) != 0) {
21240 					err = EFAULT;
21241 				} else {
21242 					err =
21243 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21244 					    un, SD_SCSI3_REGISTERANDIGNOREKEY,
21245 					    (uchar_t *)&r_and_i);
21246 				}
21247 			}
21248 		}
21249 		break;
21250 
21251 	case USCSICMD:
21252 		SD_TRACE(SD_LOG_IOCTL, un, "USCSICMD\n");
21253 		cr = ddi_get_cred();
21254 		if ((drv_priv(cred_p) != 0) && (drv_priv(cr) != 0)) {
21255 			err = EPERM;
21256 		} else {
21257 			err = sd_uscsi_ioctl(dev, (caddr_t)arg, flag);
21258 		}
21259 		break;
21260 
21261 	case CDROMPAUSE:
21262 	case CDROMRESUME:
21263 		SD_TRACE(SD_LOG_IOCTL, un, "PAUSE-RESUME\n");
21264 		if (!ISCD(un)) {
21265 			err = ENOTTY;
21266 		} else {
21267 			err = sr_pause_resume(dev, cmd);
21268 		}
21269 		break;
21270 
21271 	case CDROMPLAYMSF:
21272 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMPLAYMSF\n");
21273 		if (!ISCD(un)) {
21274 			err = ENOTTY;
21275 		} else {
21276 			err = sr_play_msf(dev, (caddr_t)arg, flag);
21277 		}
21278 		break;
21279 
21280 	case CDROMPLAYTRKIND:
21281 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMPLAYTRKIND\n");
21282 #if defined(__i386) || defined(__amd64)
21283 		/*
21284 		 * not supported on ATAPI CD drives, use CDROMPLAYMSF instead
21285 		 */
21286 		if (!ISCD(un) || (un->un_f_cfg_is_atapi == TRUE)) {
21287 #else
21288 		if (!ISCD(un)) {
21289 #endif
21290 			err = ENOTTY;
21291 		} else {
21292 			err = sr_play_trkind(dev, (caddr_t)arg, flag);
21293 		}
21294 		break;
21295 
21296 	case CDROMREADTOCHDR:
21297 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADTOCHDR\n");
21298 		if (!ISCD(un)) {
21299 			err = ENOTTY;
21300 		} else {
21301 			err = sr_read_tochdr(dev, (caddr_t)arg, flag);
21302 		}
21303 		break;
21304 
21305 	case CDROMREADTOCENTRY:
21306 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADTOCENTRY\n");
21307 		if (!ISCD(un)) {
21308 			err = ENOTTY;
21309 		} else {
21310 			err = sr_read_tocentry(dev, (caddr_t)arg, flag);
21311 		}
21312 		break;
21313 
21314 	case CDROMSTOP:
21315 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSTOP\n");
21316 		if (!ISCD(un)) {
21317 			err = ENOTTY;
21318 		} else {
21319 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_STOP,
21320 			    SD_PATH_STANDARD);
21321 		}
21322 		break;
21323 
21324 	case CDROMSTART:
21325 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSTART\n");
21326 		if (!ISCD(un)) {
21327 			err = ENOTTY;
21328 		} else {
21329 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
21330 			    SD_PATH_STANDARD);
21331 		}
21332 		break;
21333 
21334 	case CDROMCLOSETRAY:
21335 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCLOSETRAY\n");
21336 		if (!ISCD(un)) {
21337 			err = ENOTTY;
21338 		} else {
21339 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_CLOSE,
21340 			    SD_PATH_STANDARD);
21341 		}
21342 		break;
21343 
21344 	case FDEJECT:	/* for eject command */
21345 	case DKIOCEJECT:
21346 	case CDROMEJECT:
21347 		SD_TRACE(SD_LOG_IOCTL, un, "EJECT\n");
21348 		if (!ISREMOVABLE(un)) {
21349 			err = ENOTTY;
21350 		} else {
21351 			err = sr_eject(dev);
21352 		}
21353 		break;
21354 
21355 	case CDROMVOLCTRL:
21356 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMVOLCTRL\n");
21357 		if (!ISCD(un)) {
21358 			err = ENOTTY;
21359 		} else {
21360 			err = sr_volume_ctrl(dev, (caddr_t)arg, flag);
21361 		}
21362 		break;
21363 
21364 	case CDROMSUBCHNL:
21365 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSUBCHNL\n");
21366 		if (!ISCD(un)) {
21367 			err = ENOTTY;
21368 		} else {
21369 			err = sr_read_subchannel(dev, (caddr_t)arg, flag);
21370 		}
21371 		break;
21372 
21373 	case CDROMREADMODE2:
21374 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADMODE2\n");
21375 		if (!ISCD(un)) {
21376 			err = ENOTTY;
21377 		} else if (un->un_f_cfg_is_atapi == TRUE) {
21378 			/*
21379 			 * If the drive supports READ CD, use that instead of
21380 			 * switching the LBA size via a MODE SELECT
21381 			 * Block Descriptor
21382 			 */
21383 			err = sr_read_cd_mode2(dev, (caddr_t)arg, flag);
21384 		} else {
21385 			err = sr_read_mode2(dev, (caddr_t)arg, flag);
21386 		}
21387 		break;
21388 
21389 	case CDROMREADMODE1:
21390 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADMODE1\n");
21391 		if (!ISCD(un)) {
21392 			err = ENOTTY;
21393 		} else {
21394 			err = sr_read_mode1(dev, (caddr_t)arg, flag);
21395 		}
21396 		break;
21397 
21398 	case CDROMREADOFFSET:
21399 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADOFFSET\n");
21400 		if (!ISCD(un)) {
21401 			err = ENOTTY;
21402 		} else {
21403 			err = sr_read_sony_session_offset(dev, (caddr_t)arg,
21404 			    flag);
21405 		}
21406 		break;
21407 
21408 	case CDROMSBLKMODE:
21409 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSBLKMODE\n");
21410 		/*
21411 		 * There is no means of changing block size in case of atapi
21412 		 * drives, thus return ENOTTY if drive type is atapi
21413 		 */
21414 		if (!ISCD(un) || (un->un_f_cfg_is_atapi == TRUE)) {
21415 			err = ENOTTY;
21416 		} else if (un->un_f_mmc_cap == TRUE) {
21417 
21418 			/*
21419 			 * MMC Devices do not support changing the
21420 			 * logical block size
21421 			 *
21422 			 * Note: EINVAL is being returned instead of ENOTTY to
21423 			 * maintain consistancy with the original mmc
21424 			 * driver update.
21425 			 */
21426 			err = EINVAL;
21427 		} else {
21428 			mutex_enter(SD_MUTEX(un));
21429 			if ((!(un->un_exclopen & (1<<SDPART(dev)))) ||
21430 			    (un->un_ncmds_in_transport > 0)) {
21431 				mutex_exit(SD_MUTEX(un));
21432 				err = EINVAL;
21433 			} else {
21434 				mutex_exit(SD_MUTEX(un));
21435 				err = sr_change_blkmode(dev, cmd, arg, flag);
21436 			}
21437 		}
21438 		break;
21439 
21440 	case CDROMGBLKMODE:
21441 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMGBLKMODE\n");
21442 		if (!ISCD(un)) {
21443 			err = ENOTTY;
21444 		} else if ((un->un_f_cfg_is_atapi != FALSE) &&
21445 		    (un->un_f_blockcount_is_valid != FALSE)) {
21446 			/*
21447 			 * Drive is an ATAPI drive so return target block
21448 			 * size for ATAPI drives since we cannot change the
21449 			 * blocksize on ATAPI drives. Used primarily to detect
21450 			 * if an ATAPI cdrom is present.
21451 			 */
21452 			if (ddi_copyout(&un->un_tgt_blocksize, (void *)arg,
21453 			    sizeof (int), flag) != 0) {
21454 				err = EFAULT;
21455 			} else {
21456 				err = 0;
21457 			}
21458 
21459 		} else {
21460 			/*
21461 			 * Drive supports changing block sizes via a Mode
21462 			 * Select.
21463 			 */
21464 			err = sr_change_blkmode(dev, cmd, arg, flag);
21465 		}
21466 		break;
21467 
21468 	case CDROMGDRVSPEED:
21469 	case CDROMSDRVSPEED:
21470 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMXDRVSPEED\n");
21471 		if (!ISCD(un)) {
21472 			err = ENOTTY;
21473 		} else if (un->un_f_mmc_cap == TRUE) {
21474 			/*
21475 			 * Note: In the future the driver implementation
21476 			 * for getting and
21477 			 * setting cd speed should entail:
21478 			 * 1) If non-mmc try the Toshiba mode page
21479 			 *    (sr_change_speed)
21480 			 * 2) If mmc but no support for Real Time Streaming try
21481 			 *    the SET CD SPEED (0xBB) command
21482 			 *   (sr_atapi_change_speed)
21483 			 * 3) If mmc and support for Real Time Streaming
21484 			 *    try the GET PERFORMANCE and SET STREAMING
21485 			 *    commands (not yet implemented, 4380808)
21486 			 */
21487 			/*
21488 			 * As per recent MMC spec, CD-ROM speed is variable
21489 			 * and changes with LBA. Since there is no such
21490 			 * things as drive speed now, fail this ioctl.
21491 			 *
21492 			 * Note: EINVAL is returned for consistancy of original
21493 			 * implementation which included support for getting
21494 			 * the drive speed of mmc devices but not setting
21495 			 * the drive speed. Thus EINVAL would be returned
21496 			 * if a set request was made for an mmc device.
21497 			 * We no longer support get or set speed for
21498 			 * mmc but need to remain consistant with regard
21499 			 * to the error code returned.
21500 			 */
21501 			err = EINVAL;
21502 		} else if (un->un_f_cfg_is_atapi == TRUE) {
21503 			err = sr_atapi_change_speed(dev, cmd, arg, flag);
21504 		} else {
21505 			err = sr_change_speed(dev, cmd, arg, flag);
21506 		}
21507 		break;
21508 
21509 	case CDROMCDDA:
21510 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCDDA\n");
21511 		if (!ISCD(un)) {
21512 			err = ENOTTY;
21513 		} else {
21514 			err = sr_read_cdda(dev, (void *)arg, flag);
21515 		}
21516 		break;
21517 
21518 	case CDROMCDXA:
21519 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCDXA\n");
21520 		if (!ISCD(un)) {
21521 			err = ENOTTY;
21522 		} else {
21523 			err = sr_read_cdxa(dev, (caddr_t)arg, flag);
21524 		}
21525 		break;
21526 
21527 	case CDROMSUBCODE:
21528 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSUBCODE\n");
21529 		if (!ISCD(un)) {
21530 			err = ENOTTY;
21531 		} else {
21532 			err = sr_read_all_subcodes(dev, (caddr_t)arg, flag);
21533 		}
21534 		break;
21535 
21536 	case DKIOCPARTINFO: {
21537 		/*
21538 		 * Return parameters describing the selected disk slice.
21539 		 * Note: this ioctl is for the intel platform only
21540 		 */
21541 #if defined(__i386) || defined(__amd64)
21542 		int part;
21543 
21544 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTINFO\n");
21545 		part = SDPART(dev);
21546 
21547 		/* don't check un_solaris_size for pN */
21548 		if (part < P0_RAW_DISK && un->un_solaris_size == 0) {
21549 			err = EIO;
21550 		} else {
21551 			struct part_info p;
21552 
21553 			p.p_start = (daddr_t)un->un_offset[part];
21554 			p.p_length = (int)un->un_map[part].dkl_nblk;
21555 #ifdef _MULTI_DATAMODEL
21556 			switch (ddi_model_convert_from(flag & FMODELS)) {
21557 			case DDI_MODEL_ILP32:
21558 			{
21559 				struct part_info32 p32;
21560 
21561 				p32.p_start = (daddr32_t)p.p_start;
21562 				p32.p_length = p.p_length;
21563 				if (ddi_copyout(&p32, (void *)arg,
21564 				    sizeof (p32), flag))
21565 					err = EFAULT;
21566 				break;
21567 			}
21568 
21569 			case DDI_MODEL_NONE:
21570 			{
21571 				if (ddi_copyout(&p, (void *)arg, sizeof (p),
21572 				    flag))
21573 					err = EFAULT;
21574 				break;
21575 			}
21576 			}
21577 #else /* ! _MULTI_DATAMODEL */
21578 			if (ddi_copyout(&p, (void *)arg, sizeof (p), flag))
21579 				err = EFAULT;
21580 #endif /* _MULTI_DATAMODEL */
21581 		}
21582 #else
21583 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTINFO\n");
21584 		err = ENOTTY;
21585 #endif
21586 		break;
21587 	}
21588 
21589 	case DKIOCG_PHYGEOM: {
21590 		/* Return the driver's notion of the media physical geometry */
21591 #if defined(__i386) || defined(__amd64)
21592 		struct dk_geom	disk_geom;
21593 		struct dk_geom	*dkgp = &disk_geom;
21594 
21595 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_PHYGEOM\n");
21596 		mutex_enter(SD_MUTEX(un));
21597 
21598 		if (un->un_g.dkg_nhead != 0 &&
21599 		    un->un_g.dkg_nsect != 0) {
21600 			/*
21601 			 * We succeeded in getting a geometry, but
21602 			 * right now it is being reported as just the
21603 			 * Solaris fdisk partition, just like for
21604 			 * DKIOCGGEOM. We need to change that to be
21605 			 * correct for the entire disk now.
21606 			 */
21607 			bcopy(&un->un_g, dkgp, sizeof (*dkgp));
21608 			dkgp->dkg_acyl = 0;
21609 			dkgp->dkg_ncyl = un->un_blockcount /
21610 			    (dkgp->dkg_nhead * dkgp->dkg_nsect);
21611 		} else {
21612 			bzero(dkgp, sizeof (struct dk_geom));
21613 			/*
21614 			 * This disk does not have a Solaris VTOC
21615 			 * so we must present a physical geometry
21616 			 * that will remain consistent regardless
21617 			 * of how the disk is used. This will ensure
21618 			 * that the geometry does not change regardless
21619 			 * of the fdisk partition type (ie. EFI, FAT32,
21620 			 * Solaris, etc).
21621 			 */
21622 			if (ISCD(un)) {
21623 				dkgp->dkg_nhead = un->un_pgeom.g_nhead;
21624 				dkgp->dkg_nsect = un->un_pgeom.g_nsect;
21625 				dkgp->dkg_ncyl = un->un_pgeom.g_ncyl;
21626 				dkgp->dkg_acyl = un->un_pgeom.g_acyl;
21627 			} else {
21628 				sd_convert_geometry(un->un_blockcount, dkgp);
21629 				dkgp->dkg_acyl = 0;
21630 				dkgp->dkg_ncyl = un->un_blockcount /
21631 				    (dkgp->dkg_nhead * dkgp->dkg_nsect);
21632 			}
21633 		}
21634 		dkgp->dkg_pcyl = dkgp->dkg_ncyl + dkgp->dkg_acyl;
21635 
21636 		if (ddi_copyout(dkgp, (void *)arg,
21637 		    sizeof (struct dk_geom), flag)) {
21638 			mutex_exit(SD_MUTEX(un));
21639 			err = EFAULT;
21640 		} else {
21641 			mutex_exit(SD_MUTEX(un));
21642 			err = 0;
21643 		}
21644 #else
21645 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_PHYGEOM\n");
21646 		err = ENOTTY;
21647 #endif
21648 		break;
21649 	}
21650 
21651 	case DKIOCG_VIRTGEOM: {
21652 		/* Return the driver's notion of the media's logical geometry */
21653 #if defined(__i386) || defined(__amd64)
21654 		struct dk_geom	disk_geom;
21655 		struct dk_geom	*dkgp = &disk_geom;
21656 
21657 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_VIRTGEOM\n");
21658 		mutex_enter(SD_MUTEX(un));
21659 		/*
21660 		 * If there is no HBA geometry available, or
21661 		 * if the HBA returned us something that doesn't
21662 		 * really fit into an Int 13/function 8 geometry
21663 		 * result, just fail the ioctl.  See PSARC 1998/313.
21664 		 */
21665 		if (un->un_lgeom.g_nhead == 0 ||
21666 		    un->un_lgeom.g_nsect == 0 ||
21667 		    un->un_lgeom.g_ncyl > 1024) {
21668 			mutex_exit(SD_MUTEX(un));
21669 			err = EINVAL;
21670 		} else {
21671 			dkgp->dkg_ncyl	= un->un_lgeom.g_ncyl;
21672 			dkgp->dkg_acyl	= un->un_lgeom.g_acyl;
21673 			dkgp->dkg_pcyl	= dkgp->dkg_ncyl + dkgp->dkg_acyl;
21674 			dkgp->dkg_nhead	= un->un_lgeom.g_nhead;
21675 			dkgp->dkg_nsect	= un->un_lgeom.g_nsect;
21676 
21677 			if (ddi_copyout(dkgp, (void *)arg,
21678 			    sizeof (struct dk_geom), flag)) {
21679 				mutex_exit(SD_MUTEX(un));
21680 				err = EFAULT;
21681 			} else {
21682 				mutex_exit(SD_MUTEX(un));
21683 				err = 0;
21684 			}
21685 		}
21686 #else
21687 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_VIRTGEOM\n");
21688 		err = ENOTTY;
21689 #endif
21690 		break;
21691 	}
21692 #ifdef SDDEBUG
21693 /* RESET/ABORTS testing ioctls */
21694 	case DKIOCRESET: {
21695 		int	reset_level;
21696 
21697 		if (ddi_copyin((void *)arg, &reset_level, sizeof (int), flag)) {
21698 			err = EFAULT;
21699 		} else {
21700 			SD_INFO(SD_LOG_IOCTL, un, "sdioctl: DKIOCRESET: "
21701 			    "reset_level = 0x%lx\n", reset_level);
21702 			if (scsi_reset(SD_ADDRESS(un), reset_level)) {
21703 				err = 0;
21704 			} else {
21705 				err = EIO;
21706 			}
21707 		}
21708 		break;
21709 	}
21710 
21711 	case DKIOCABORT:
21712 		SD_INFO(SD_LOG_IOCTL, un, "sdioctl: DKIOCABORT:\n");
21713 		if (scsi_abort(SD_ADDRESS(un), NULL)) {
21714 			err = 0;
21715 		} else {
21716 			err = EIO;
21717 		}
21718 		break;
21719 #endif
21720 
21721 #ifdef SD_FAULT_INJECTION
21722 /* SDIOC FaultInjection testing ioctls */
21723 	case SDIOCSTART:
21724 	case SDIOCSTOP:
21725 	case SDIOCINSERTPKT:
21726 	case SDIOCINSERTXB:
21727 	case SDIOCINSERTUN:
21728 	case SDIOCINSERTARQ:
21729 	case SDIOCPUSH:
21730 	case SDIOCRETRIEVE:
21731 	case SDIOCRUN:
21732 		SD_INFO(SD_LOG_SDTEST, un, "sdioctl:"
21733 		    "SDIOC detected cmd:0x%X:\n", cmd);
21734 		/* call error generator */
21735 		sd_faultinjection_ioctl(cmd, arg, un);
21736 		err = 0;
21737 		break;
21738 
21739 #endif /* SD_FAULT_INJECTION */
21740 
21741 	case DKIOCFLUSHWRITECACHE:
21742 		{
21743 			struct dk_callback *dkc = (struct dk_callback *)arg;
21744 
21745 			mutex_enter(SD_MUTEX(un));
21746 			if (un->un_f_sync_cache_unsupported ||
21747 			    ! un->un_f_write_cache_enabled) {
21748 				err = un->un_f_sync_cache_unsupported ?
21749 					ENOTSUP : 0;
21750 				mutex_exit(SD_MUTEX(un));
21751 				if ((flag & FKIOCTL) && dkc != NULL &&
21752 				    dkc->dkc_callback != NULL) {
21753 					(*dkc->dkc_callback)(dkc->dkc_cookie,
21754 					    err);
21755 					/*
21756 					 * Did callback and reported error.
21757 					 * Since we did a callback, ioctl
21758 					 * should return 0.
21759 					 */
21760 					err = 0;
21761 				}
21762 				break;
21763 			}
21764 			mutex_exit(SD_MUTEX(un));
21765 
21766 			if ((flag & FKIOCTL) && dkc != NULL &&
21767 			    dkc->dkc_callback != NULL) {
21768 				/* async SYNC CACHE request */
21769 				err = sd_send_scsi_SYNCHRONIZE_CACHE(un, dkc);
21770 			} else {
21771 				/* synchronous SYNC CACHE request */
21772 				err = sd_send_scsi_SYNCHRONIZE_CACHE(un, NULL);
21773 			}
21774 		}
21775 		break;
21776 
21777 	default:
21778 		err = ENOTTY;
21779 		break;
21780 	}
21781 	mutex_enter(SD_MUTEX(un));
21782 	un->un_ncmds_in_driver--;
21783 	ASSERT(un->un_ncmds_in_driver >= 0);
21784 	mutex_exit(SD_MUTEX(un));
21785 
21786 	SD_TRACE(SD_LOG_IOCTL, un, "sdioctl: exit: %d\n", err);
21787 	return (err);
21788 }
21789 
21790 
21791 /*
21792  *    Function: sd_uscsi_ioctl
21793  *
21794  * Description: This routine is the driver entry point for handling USCSI ioctl
21795  *		requests (USCSICMD).
21796  *
21797  *   Arguments: dev	- the device number
21798  *		arg	- user provided scsi command
21799  *		flag	- this argument is a pass through to ddi_copyxxx()
21800  *			  directly from the mode argument of ioctl().
21801  *
21802  * Return Code: code returned by sd_send_scsi_cmd
21803  *		ENXIO
21804  *		EFAULT
21805  *		EAGAIN
21806  */
21807 
21808 static int
21809 sd_uscsi_ioctl(dev_t dev, caddr_t arg, int flag)
21810 {
21811 #ifdef _MULTI_DATAMODEL
21812 	/*
21813 	 * For use when a 32 bit app makes a call into a
21814 	 * 64 bit ioctl
21815 	 */
21816 	struct uscsi_cmd32	uscsi_cmd_32_for_64;
21817 	struct uscsi_cmd32	*ucmd32 = &uscsi_cmd_32_for_64;
21818 	model_t			model;
21819 #endif /* _MULTI_DATAMODEL */
21820 	struct uscsi_cmd	*scmd = NULL;
21821 	struct sd_lun		*un = NULL;
21822 	enum uio_seg		uioseg;
21823 	char			cdb[CDB_GROUP0];
21824 	int			rval = 0;
21825 
21826 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
21827 		return (ENXIO);
21828 	}
21829 
21830 	SD_TRACE(SD_LOG_IOCTL, un, "sd_uscsi_ioctl: entry: un:0x%p\n", un);
21831 
21832 	scmd = (struct uscsi_cmd *)
21833 	    kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
21834 
21835 #ifdef _MULTI_DATAMODEL
21836 	switch (model = ddi_model_convert_from(flag & FMODELS)) {
21837 	case DDI_MODEL_ILP32:
21838 	{
21839 		if (ddi_copyin((void *)arg, ucmd32, sizeof (*ucmd32), flag)) {
21840 			rval = EFAULT;
21841 			goto done;
21842 		}
21843 		/*
21844 		 * Convert the ILP32 uscsi data from the
21845 		 * application to LP64 for internal use.
21846 		 */
21847 		uscsi_cmd32touscsi_cmd(ucmd32, scmd);
21848 		break;
21849 	}
21850 	case DDI_MODEL_NONE:
21851 		if (ddi_copyin((void *)arg, scmd, sizeof (*scmd), flag)) {
21852 			rval = EFAULT;
21853 			goto done;
21854 		}
21855 		break;
21856 	}
21857 #else /* ! _MULTI_DATAMODEL */
21858 	if (ddi_copyin((void *)arg, scmd, sizeof (*scmd), flag)) {
21859 		rval = EFAULT;
21860 		goto done;
21861 	}
21862 #endif /* _MULTI_DATAMODEL */
21863 
21864 	scmd->uscsi_flags &= ~USCSI_NOINTR;
21865 	uioseg = (flag & FKIOCTL) ? UIO_SYSSPACE : UIO_USERSPACE;
21866 	if (un->un_f_format_in_progress == TRUE) {
21867 		rval = EAGAIN;
21868 		goto done;
21869 	}
21870 
21871 	/*
21872 	 * Gotta do the ddi_copyin() here on the uscsi_cdb so that
21873 	 * we will have a valid cdb[0] to test.
21874 	 */
21875 	if ((ddi_copyin(scmd->uscsi_cdb, cdb, CDB_GROUP0, flag) == 0) &&
21876 	    (cdb[0] == SCMD_FORMAT)) {
21877 		SD_TRACE(SD_LOG_IOCTL, un,
21878 		    "sd_uscsi_ioctl: scmd->uscsi_cdb 0x%x\n", cdb[0]);
21879 		mutex_enter(SD_MUTEX(un));
21880 		un->un_f_format_in_progress = TRUE;
21881 		mutex_exit(SD_MUTEX(un));
21882 		rval = sd_send_scsi_cmd(dev, scmd, uioseg, uioseg, uioseg,
21883 		    SD_PATH_STANDARD);
21884 		mutex_enter(SD_MUTEX(un));
21885 		un->un_f_format_in_progress = FALSE;
21886 		mutex_exit(SD_MUTEX(un));
21887 	} else {
21888 		SD_TRACE(SD_LOG_IOCTL, un,
21889 		    "sd_uscsi_ioctl: scmd->uscsi_cdb 0x%x\n", cdb[0]);
21890 		/*
21891 		 * It's OK to fall into here even if the ddi_copyin()
21892 		 * on the uscsi_cdb above fails, because sd_send_scsi_cmd()
21893 		 * does this same copyin and will return the EFAULT
21894 		 * if it fails.
21895 		 */
21896 		rval = sd_send_scsi_cmd(dev, scmd, uioseg, uioseg, uioseg,
21897 		    SD_PATH_STANDARD);
21898 	}
21899 #ifdef _MULTI_DATAMODEL
21900 	switch (model) {
21901 	case DDI_MODEL_ILP32:
21902 		/*
21903 		 * Convert back to ILP32 before copyout to the
21904 		 * application
21905 		 */
21906 		uscsi_cmdtouscsi_cmd32(scmd, ucmd32);
21907 		if (ddi_copyout(ucmd32, (void *)arg, sizeof (*ucmd32), flag)) {
21908 			if (rval != 0) {
21909 				rval = EFAULT;
21910 			}
21911 		}
21912 		break;
21913 	case DDI_MODEL_NONE:
21914 		if (ddi_copyout(scmd, (void *)arg, sizeof (*scmd), flag)) {
21915 			if (rval != 0) {
21916 				rval = EFAULT;
21917 			}
21918 		}
21919 		break;
21920 	}
21921 #else /* ! _MULTI_DATAMODE */
21922 	if (ddi_copyout(scmd, (void *)arg, sizeof (*scmd), flag)) {
21923 		if (rval != 0) {
21924 			rval = EFAULT;
21925 		}
21926 	}
21927 #endif /* _MULTI_DATAMODE */
21928 done:
21929 	kmem_free(scmd, sizeof (struct uscsi_cmd));
21930 
21931 	SD_TRACE(SD_LOG_IOCTL, un, "sd_uscsi_ioctl: exit: un:0x%p\n", un);
21932 
21933 	return (rval);
21934 }
21935 
21936 
21937 /*
21938  *    Function: sd_dkio_ctrl_info
21939  *
21940  * Description: This routine is the driver entry point for handling controller
21941  *		information ioctl requests (DKIOCINFO).
21942  *
21943  *   Arguments: dev  - the device number
21944  *		arg  - pointer to user provided dk_cinfo structure
21945  *		       specifying the controller type and attributes.
21946  *		flag - this argument is a pass through to ddi_copyxxx()
21947  *		       directly from the mode argument of ioctl().
21948  *
21949  * Return Code: 0
21950  *		EFAULT
21951  *		ENXIO
21952  */
21953 
21954 static int
21955 sd_dkio_ctrl_info(dev_t dev, caddr_t arg, int flag)
21956 {
21957 	struct sd_lun	*un = NULL;
21958 	struct dk_cinfo	*info;
21959 	dev_info_t	*pdip;
21960 	int		lun, tgt;
21961 
21962 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
21963 		return (ENXIO);
21964 	}
21965 
21966 	info = (struct dk_cinfo *)
21967 		kmem_zalloc(sizeof (struct dk_cinfo), KM_SLEEP);
21968 
21969 	switch (un->un_ctype) {
21970 	case CTYPE_CDROM:
21971 		info->dki_ctype = DKC_CDROM;
21972 		break;
21973 	default:
21974 		info->dki_ctype = DKC_SCSI_CCS;
21975 		break;
21976 	}
21977 	pdip = ddi_get_parent(SD_DEVINFO(un));
21978 	info->dki_cnum = ddi_get_instance(pdip);
21979 	if (strlen(ddi_get_name(pdip)) < DK_DEVLEN) {
21980 		(void) strcpy(info->dki_cname, ddi_get_name(pdip));
21981 	} else {
21982 		(void) strncpy(info->dki_cname, ddi_node_name(pdip),
21983 		    DK_DEVLEN - 1);
21984 	}
21985 
21986 	lun = ddi_prop_get_int(DDI_DEV_T_ANY, SD_DEVINFO(un),
21987 	    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_LUN, 0);
21988 	tgt = ddi_prop_get_int(DDI_DEV_T_ANY, SD_DEVINFO(un),
21989 	    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_TARGET, 0);
21990 
21991 	/* Unit Information */
21992 	info->dki_unit = ddi_get_instance(SD_DEVINFO(un));
21993 	info->dki_slave = ((tgt << 3) | lun);
21994 	(void) strncpy(info->dki_dname, ddi_driver_name(SD_DEVINFO(un)),
21995 	    DK_DEVLEN - 1);
21996 	info->dki_flags = DKI_FMTVOL;
21997 	info->dki_partition = SDPART(dev);
21998 
21999 	/* Max Transfer size of this device in blocks */
22000 	info->dki_maxtransfer = un->un_max_xfer_size / un->un_sys_blocksize;
22001 	info->dki_addr = 0;
22002 	info->dki_space = 0;
22003 	info->dki_prio = 0;
22004 	info->dki_vec = 0;
22005 
22006 	if (ddi_copyout(info, arg, sizeof (struct dk_cinfo), flag) != 0) {
22007 		kmem_free(info, sizeof (struct dk_cinfo));
22008 		return (EFAULT);
22009 	} else {
22010 		kmem_free(info, sizeof (struct dk_cinfo));
22011 		return (0);
22012 	}
22013 }
22014 
22015 
22016 /*
22017  *    Function: sd_get_media_info
22018  *
22019  * Description: This routine is the driver entry point for handling ioctl
22020  *		requests for the media type or command set profile used by the
22021  *		drive to operate on the media (DKIOCGMEDIAINFO).
22022  *
22023  *   Arguments: dev	- the device number
22024  *		arg	- pointer to user provided dk_minfo structure
22025  *			  specifying the media type, logical block size and
22026  *			  drive capacity.
22027  *		flag	- this argument is a pass through to ddi_copyxxx()
22028  *			  directly from the mode argument of ioctl().
22029  *
22030  * Return Code: 0
22031  *		EACCESS
22032  *		EFAULT
22033  *		ENXIO
22034  *		EIO
22035  */
22036 
22037 static int
22038 sd_get_media_info(dev_t dev, caddr_t arg, int flag)
22039 {
22040 	struct sd_lun		*un = NULL;
22041 	struct uscsi_cmd	com;
22042 	struct scsi_inquiry	*sinq;
22043 	struct dk_minfo		media_info;
22044 	u_longlong_t		media_capacity;
22045 	uint64_t		capacity;
22046 	uint_t			lbasize;
22047 	uchar_t			*out_data;
22048 	uchar_t			*rqbuf;
22049 	int			rval = 0;
22050 	int			rtn;
22051 
22052 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
22053 	    (un->un_state == SD_STATE_OFFLINE)) {
22054 		return (ENXIO);
22055 	}
22056 
22057 	SD_TRACE(SD_LOG_IOCTL_DKIO, un, "sd_get_media_info: entry\n");
22058 
22059 	out_data = kmem_zalloc(SD_PROFILE_HEADER_LEN, KM_SLEEP);
22060 	rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
22061 
22062 	/* Issue a TUR to determine if the drive is ready with media present */
22063 	rval = sd_send_scsi_TEST_UNIT_READY(un, SD_CHECK_FOR_MEDIA);
22064 	if (rval == ENXIO) {
22065 		goto done;
22066 	}
22067 
22068 	/* Now get configuration data */
22069 	if (ISCD(un)) {
22070 		media_info.dki_media_type = DK_CDROM;
22071 
22072 		/* Allow SCMD_GET_CONFIGURATION to MMC devices only */
22073 		if (un->un_f_mmc_cap == TRUE) {
22074 			rtn = sd_send_scsi_GET_CONFIGURATION(un, &com, rqbuf,
22075 				SENSE_LENGTH, out_data, SD_PROFILE_HEADER_LEN);
22076 
22077 			if (rtn) {
22078 				/*
22079 				 * Failed for other than an illegal request
22080 				 * or command not supported
22081 				 */
22082 				if ((com.uscsi_status == STATUS_CHECK) &&
22083 				    (com.uscsi_rqstatus == STATUS_GOOD)) {
22084 					if ((rqbuf[2] != KEY_ILLEGAL_REQUEST) ||
22085 					    (rqbuf[12] != 0x20)) {
22086 						rval = EIO;
22087 						goto done;
22088 					}
22089 				}
22090 			} else {
22091 				/*
22092 				 * The GET CONFIGURATION command succeeded
22093 				 * so set the media type according to the
22094 				 * returned data
22095 				 */
22096 				media_info.dki_media_type = out_data[6];
22097 				media_info.dki_media_type <<= 8;
22098 				media_info.dki_media_type |= out_data[7];
22099 			}
22100 		}
22101 	} else {
22102 		/*
22103 		 * The profile list is not available, so we attempt to identify
22104 		 * the media type based on the inquiry data
22105 		 */
22106 		sinq = un->un_sd->sd_inq;
22107 		if (sinq->inq_qual == 0) {
22108 			/* This is a direct access device */
22109 			media_info.dki_media_type = DK_FIXED_DISK;
22110 
22111 			if ((bcmp(sinq->inq_vid, "IOMEGA", 6) == 0) ||
22112 			    (bcmp(sinq->inq_vid, "iomega", 6) == 0)) {
22113 				if ((bcmp(sinq->inq_pid, "ZIP", 3) == 0)) {
22114 					media_info.dki_media_type = DK_ZIP;
22115 				} else if (
22116 				    (bcmp(sinq->inq_pid, "jaz", 3) == 0)) {
22117 					media_info.dki_media_type = DK_JAZ;
22118 				}
22119 			}
22120 		} else {
22121 			/* Not a CD or direct access so return unknown media */
22122 			media_info.dki_media_type = DK_UNKNOWN;
22123 		}
22124 	}
22125 
22126 	/* Now read the capacity so we can provide the lbasize and capacity */
22127 	switch (sd_send_scsi_READ_CAPACITY(un, &capacity, &lbasize,
22128 	    SD_PATH_DIRECT)) {
22129 	case 0:
22130 		break;
22131 	case EACCES:
22132 		rval = EACCES;
22133 		goto done;
22134 	default:
22135 		rval = EIO;
22136 		goto done;
22137 	}
22138 
22139 	media_info.dki_lbsize = lbasize;
22140 	media_capacity = capacity;
22141 
22142 	/*
22143 	 * sd_send_scsi_READ_CAPACITY() reports capacity in
22144 	 * un->un_sys_blocksize chunks. So we need to convert it into
22145 	 * cap.lbasize chunks.
22146 	 */
22147 	media_capacity *= un->un_sys_blocksize;
22148 	media_capacity /= lbasize;
22149 	media_info.dki_capacity = media_capacity;
22150 
22151 	if (ddi_copyout(&media_info, arg, sizeof (struct dk_minfo), flag)) {
22152 		rval = EFAULT;
22153 		/* Put goto. Anybody might add some code below in future */
22154 		goto done;
22155 	}
22156 done:
22157 	kmem_free(out_data, SD_PROFILE_HEADER_LEN);
22158 	kmem_free(rqbuf, SENSE_LENGTH);
22159 	return (rval);
22160 }
22161 
22162 
22163 /*
22164  *    Function: sd_dkio_get_geometry
22165  *
22166  * Description: This routine is the driver entry point for handling user
22167  *		requests to get the device geometry (DKIOCGGEOM).
22168  *
22169  *   Arguments: dev  - the device number
22170  *		arg  - pointer to user provided dk_geom structure specifying
22171  *			the controller's notion of the current geometry.
22172  *		flag - this argument is a pass through to ddi_copyxxx()
22173  *		       directly from the mode argument of ioctl().
22174  *		geom_validated - flag indicating if the device geometry has been
22175  *				 previously validated in the sdioctl routine.
22176  *
22177  * Return Code: 0
22178  *		EFAULT
22179  *		ENXIO
22180  *		EIO
22181  */
22182 
22183 static int
22184 sd_dkio_get_geometry(dev_t dev, caddr_t arg, int flag, int geom_validated)
22185 {
22186 	struct sd_lun	*un = NULL;
22187 	struct dk_geom	*tmp_geom = NULL;
22188 	int		rval = 0;
22189 
22190 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22191 		return (ENXIO);
22192 	}
22193 
22194 #if defined(__i386) || defined(__amd64)
22195 	if (un->un_solaris_size == 0) {
22196 		return (EIO);
22197 	}
22198 #endif
22199 	if (geom_validated == FALSE) {
22200 		/*
22201 		 * sd_validate_geometry does not spin a disk up
22202 		 * if it was spun down. We need to make sure it
22203 		 * is ready.
22204 		 */
22205 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22206 			return (rval);
22207 		}
22208 		mutex_enter(SD_MUTEX(un));
22209 		rval = sd_validate_geometry(un, SD_PATH_DIRECT);
22210 		mutex_exit(SD_MUTEX(un));
22211 	}
22212 	if (rval)
22213 		return (rval);
22214 
22215 	/*
22216 	 * Make a local copy of the soft state geometry to avoid some potential
22217 	 * race conditions associated with holding the mutex and updating the
22218 	 * write_reinstruct value
22219 	 */
22220 	tmp_geom = kmem_zalloc(sizeof (struct dk_geom), KM_SLEEP);
22221 	mutex_enter(SD_MUTEX(un));
22222 	bcopy(&un->un_g, tmp_geom, sizeof (struct dk_geom));
22223 	mutex_exit(SD_MUTEX(un));
22224 
22225 	if (tmp_geom->dkg_write_reinstruct == 0) {
22226 		tmp_geom->dkg_write_reinstruct =
22227 		    (int)((int)(tmp_geom->dkg_nsect * tmp_geom->dkg_rpm *
22228 		    sd_rot_delay) / (int)60000);
22229 	}
22230 
22231 	rval = ddi_copyout(tmp_geom, (void *)arg, sizeof (struct dk_geom),
22232 	    flag);
22233 	if (rval != 0) {
22234 		rval = EFAULT;
22235 	}
22236 
22237 	kmem_free(tmp_geom, sizeof (struct dk_geom));
22238 	return (rval);
22239 
22240 }
22241 
22242 
22243 /*
22244  *    Function: sd_dkio_set_geometry
22245  *
22246  * Description: This routine is the driver entry point for handling user
22247  *		requests to set the device geometry (DKIOCSGEOM). The actual
22248  *		device geometry is not updated, just the driver "notion" of it.
22249  *
22250  *   Arguments: dev  - the device number
22251  *		arg  - pointer to user provided dk_geom structure used to set
22252  *			the controller's notion of the current geometry.
22253  *		flag - this argument is a pass through to ddi_copyxxx()
22254  *		       directly from the mode argument of ioctl().
22255  *
22256  * Return Code: 0
22257  *		EFAULT
22258  *		ENXIO
22259  *		EIO
22260  */
22261 
22262 static int
22263 sd_dkio_set_geometry(dev_t dev, caddr_t arg, int flag)
22264 {
22265 	struct sd_lun	*un = NULL;
22266 	struct dk_geom	*tmp_geom;
22267 	struct dk_map	*lp;
22268 	int		rval = 0;
22269 	int		i;
22270 
22271 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22272 		return (ENXIO);
22273 	}
22274 
22275 #if defined(__i386) || defined(__amd64)
22276 	if (un->un_solaris_size == 0) {
22277 		return (EIO);
22278 	}
22279 #endif
22280 	/*
22281 	 * We need to copy the user specified geometry into local
22282 	 * storage and then update the softstate. We don't want to hold
22283 	 * the mutex and copyin directly from the user to the soft state
22284 	 */
22285 	tmp_geom = (struct dk_geom *)
22286 	    kmem_zalloc(sizeof (struct dk_geom), KM_SLEEP);
22287 	rval = ddi_copyin(arg, tmp_geom, sizeof (struct dk_geom), flag);
22288 	if (rval != 0) {
22289 		kmem_free(tmp_geom, sizeof (struct dk_geom));
22290 		return (EFAULT);
22291 	}
22292 
22293 	mutex_enter(SD_MUTEX(un));
22294 	bcopy(tmp_geom, &un->un_g, sizeof (struct dk_geom));
22295 	for (i = 0; i < NDKMAP; i++) {
22296 		lp  = &un->un_map[i];
22297 		un->un_offset[i] =
22298 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
22299 #if defined(__i386) || defined(__amd64)
22300 		un->un_offset[i] += un->un_solaris_offset;
22301 #endif
22302 	}
22303 	un->un_f_geometry_is_valid = FALSE;
22304 	mutex_exit(SD_MUTEX(un));
22305 	kmem_free(tmp_geom, sizeof (struct dk_geom));
22306 
22307 	return (rval);
22308 }
22309 
22310 
22311 /*
22312  *    Function: sd_dkio_get_partition
22313  *
22314  * Description: This routine is the driver entry point for handling user
22315  *		requests to get the partition table (DKIOCGAPART).
22316  *
22317  *   Arguments: dev  - the device number
22318  *		arg  - pointer to user provided dk_allmap structure specifying
22319  *			the controller's notion of the current partition table.
22320  *		flag - this argument is a pass through to ddi_copyxxx()
22321  *		       directly from the mode argument of ioctl().
22322  *		geom_validated - flag indicating if the device geometry has been
22323  *				 previously validated in the sdioctl routine.
22324  *
22325  * Return Code: 0
22326  *		EFAULT
22327  *		ENXIO
22328  *		EIO
22329  */
22330 
22331 static int
22332 sd_dkio_get_partition(dev_t dev, caddr_t arg, int flag, int geom_validated)
22333 {
22334 	struct sd_lun	*un = NULL;
22335 	int		rval = 0;
22336 	int		size;
22337 
22338 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22339 		return (ENXIO);
22340 	}
22341 
22342 #if defined(__i386) || defined(__amd64)
22343 	if (un->un_solaris_size == 0) {
22344 		return (EIO);
22345 	}
22346 #endif
22347 	/*
22348 	 * Make sure the geometry is valid before getting the partition
22349 	 * information.
22350 	 */
22351 	mutex_enter(SD_MUTEX(un));
22352 	if (geom_validated == FALSE) {
22353 		/*
22354 		 * sd_validate_geometry does not spin a disk up
22355 		 * if it was spun down. We need to make sure it
22356 		 * is ready before validating the geometry.
22357 		 */
22358 		mutex_exit(SD_MUTEX(un));
22359 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22360 			return (rval);
22361 		}
22362 		mutex_enter(SD_MUTEX(un));
22363 
22364 		if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT)) != 0) {
22365 			mutex_exit(SD_MUTEX(un));
22366 			return (rval);
22367 		}
22368 	}
22369 	mutex_exit(SD_MUTEX(un));
22370 
22371 #ifdef _MULTI_DATAMODEL
22372 	switch (ddi_model_convert_from(flag & FMODELS)) {
22373 	case DDI_MODEL_ILP32: {
22374 		struct dk_map32 dk_map32[NDKMAP];
22375 		int		i;
22376 
22377 		for (i = 0; i < NDKMAP; i++) {
22378 			dk_map32[i].dkl_cylno = un->un_map[i].dkl_cylno;
22379 			dk_map32[i].dkl_nblk  = un->un_map[i].dkl_nblk;
22380 		}
22381 		size = NDKMAP * sizeof (struct dk_map32);
22382 		rval = ddi_copyout(dk_map32, (void *)arg, size, flag);
22383 		if (rval != 0) {
22384 			rval = EFAULT;
22385 		}
22386 		break;
22387 	}
22388 	case DDI_MODEL_NONE:
22389 		size = NDKMAP * sizeof (struct dk_map);
22390 		rval = ddi_copyout(un->un_map, (void *)arg, size, flag);
22391 		if (rval != 0) {
22392 			rval = EFAULT;
22393 		}
22394 		break;
22395 	}
22396 #else /* ! _MULTI_DATAMODEL */
22397 	size = NDKMAP * sizeof (struct dk_map);
22398 	rval = ddi_copyout(un->un_map, (void *)arg, size, flag);
22399 	if (rval != 0) {
22400 		rval = EFAULT;
22401 	}
22402 #endif /* _MULTI_DATAMODEL */
22403 	return (rval);
22404 }
22405 
22406 
22407 /*
22408  *    Function: sd_dkio_set_partition
22409  *
22410  * Description: This routine is the driver entry point for handling user
22411  *		requests to set the partition table (DKIOCSAPART). The actual
22412  *		device partition is not updated.
22413  *
22414  *   Arguments: dev  - the device number
22415  *		arg  - pointer to user provided dk_allmap structure used to set
22416  *			the controller's notion of the partition table.
22417  *		flag - this argument is a pass through to ddi_copyxxx()
22418  *		       directly from the mode argument of ioctl().
22419  *
22420  * Return Code: 0
22421  *		EINVAL
22422  *		EFAULT
22423  *		ENXIO
22424  *		EIO
22425  */
22426 
22427 static int
22428 sd_dkio_set_partition(dev_t dev, caddr_t arg, int flag)
22429 {
22430 	struct sd_lun	*un = NULL;
22431 	struct dk_map	dk_map[NDKMAP];
22432 	struct dk_map	*lp;
22433 	int		rval = 0;
22434 	int		size;
22435 	int		i;
22436 #if defined(_SUNOS_VTOC_16)
22437 	struct dkl_partition	*vp;
22438 #endif
22439 
22440 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22441 		return (ENXIO);
22442 	}
22443 
22444 	/*
22445 	 * Set the map for all logical partitions.  We lock
22446 	 * the priority just to make sure an interrupt doesn't
22447 	 * come in while the map is half updated.
22448 	 */
22449 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_solaris_size))
22450 	mutex_enter(SD_MUTEX(un));
22451 	if (un->un_blockcount > DK_MAX_BLOCKS) {
22452 		mutex_exit(SD_MUTEX(un));
22453 		return (ENOTSUP);
22454 	}
22455 	mutex_exit(SD_MUTEX(un));
22456 	if (un->un_solaris_size == 0) {
22457 		return (EIO);
22458 	}
22459 
22460 #ifdef _MULTI_DATAMODEL
22461 	switch (ddi_model_convert_from(flag & FMODELS)) {
22462 	case DDI_MODEL_ILP32: {
22463 		struct dk_map32 dk_map32[NDKMAP];
22464 
22465 		size = NDKMAP * sizeof (struct dk_map32);
22466 		rval = ddi_copyin((void *)arg, dk_map32, size, flag);
22467 		if (rval != 0) {
22468 			return (EFAULT);
22469 		}
22470 		for (i = 0; i < NDKMAP; i++) {
22471 			dk_map[i].dkl_cylno = dk_map32[i].dkl_cylno;
22472 			dk_map[i].dkl_nblk  = dk_map32[i].dkl_nblk;
22473 		}
22474 		break;
22475 	}
22476 	case DDI_MODEL_NONE:
22477 		size = NDKMAP * sizeof (struct dk_map);
22478 		rval = ddi_copyin((void *)arg, dk_map, size, flag);
22479 		if (rval != 0) {
22480 			return (EFAULT);
22481 		}
22482 		break;
22483 	}
22484 #else /* ! _MULTI_DATAMODEL */
22485 	size = NDKMAP * sizeof (struct dk_map);
22486 	rval = ddi_copyin((void *)arg, dk_map, size, flag);
22487 	if (rval != 0) {
22488 		return (EFAULT);
22489 	}
22490 #endif /* _MULTI_DATAMODEL */
22491 
22492 	mutex_enter(SD_MUTEX(un));
22493 	/* Note: The size used in this bcopy is set based upon the data model */
22494 	bcopy(dk_map, un->un_map, size);
22495 #if defined(_SUNOS_VTOC_16)
22496 	vp = (struct dkl_partition *)&(un->un_vtoc);
22497 #endif	/* defined(_SUNOS_VTOC_16) */
22498 	for (i = 0; i < NDKMAP; i++) {
22499 		lp  = &un->un_map[i];
22500 		un->un_offset[i] =
22501 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
22502 #if defined(_SUNOS_VTOC_16)
22503 		vp->p_start = un->un_offset[i];
22504 		vp->p_size = lp->dkl_nblk;
22505 		vp++;
22506 #endif	/* defined(_SUNOS_VTOC_16) */
22507 #if defined(__i386) || defined(__amd64)
22508 		un->un_offset[i] += un->un_solaris_offset;
22509 #endif
22510 	}
22511 	mutex_exit(SD_MUTEX(un));
22512 	return (rval);
22513 }
22514 
22515 
22516 /*
22517  *    Function: sd_dkio_get_vtoc
22518  *
22519  * Description: This routine is the driver entry point for handling user
22520  *		requests to get the current volume table of contents
22521  *		(DKIOCGVTOC).
22522  *
22523  *   Arguments: dev  - the device number
22524  *		arg  - pointer to user provided vtoc structure specifying
22525  *			the current vtoc.
22526  *		flag - this argument is a pass through to ddi_copyxxx()
22527  *		       directly from the mode argument of ioctl().
22528  *		geom_validated - flag indicating if the device geometry has been
22529  *				 previously validated in the sdioctl routine.
22530  *
22531  * Return Code: 0
22532  *		EFAULT
22533  *		ENXIO
22534  *		EIO
22535  */
22536 
22537 static int
22538 sd_dkio_get_vtoc(dev_t dev, caddr_t arg, int flag, int geom_validated)
22539 {
22540 	struct sd_lun	*un = NULL;
22541 #if defined(_SUNOS_VTOC_8)
22542 	struct vtoc	user_vtoc;
22543 #endif	/* defined(_SUNOS_VTOC_8) */
22544 	int		rval = 0;
22545 
22546 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22547 		return (ENXIO);
22548 	}
22549 
22550 	mutex_enter(SD_MUTEX(un));
22551 	if (geom_validated == FALSE) {
22552 		/*
22553 		 * sd_validate_geometry does not spin a disk up
22554 		 * if it was spun down. We need to make sure it
22555 		 * is ready.
22556 		 */
22557 		mutex_exit(SD_MUTEX(un));
22558 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22559 			return (rval);
22560 		}
22561 		mutex_enter(SD_MUTEX(un));
22562 		if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT)) != 0) {
22563 			mutex_exit(SD_MUTEX(un));
22564 			return (rval);
22565 		}
22566 	}
22567 
22568 #if defined(_SUNOS_VTOC_8)
22569 	sd_build_user_vtoc(un, &user_vtoc);
22570 	mutex_exit(SD_MUTEX(un));
22571 
22572 #ifdef _MULTI_DATAMODEL
22573 	switch (ddi_model_convert_from(flag & FMODELS)) {
22574 	case DDI_MODEL_ILP32: {
22575 		struct vtoc32 user_vtoc32;
22576 
22577 		vtoctovtoc32(user_vtoc, user_vtoc32);
22578 		if (ddi_copyout(&user_vtoc32, (void *)arg,
22579 		    sizeof (struct vtoc32), flag)) {
22580 			return (EFAULT);
22581 		}
22582 		break;
22583 	}
22584 
22585 	case DDI_MODEL_NONE:
22586 		if (ddi_copyout(&user_vtoc, (void *)arg,
22587 		    sizeof (struct vtoc), flag)) {
22588 			return (EFAULT);
22589 		}
22590 		break;
22591 	}
22592 #else /* ! _MULTI_DATAMODEL */
22593 	if (ddi_copyout(&user_vtoc, (void *)arg, sizeof (struct vtoc), flag)) {
22594 		return (EFAULT);
22595 	}
22596 #endif /* _MULTI_DATAMODEL */
22597 
22598 #elif defined(_SUNOS_VTOC_16)
22599 	mutex_exit(SD_MUTEX(un));
22600 
22601 #ifdef _MULTI_DATAMODEL
22602 	/*
22603 	 * The un_vtoc structure is a "struct dk_vtoc"  which is always
22604 	 * 32-bit to maintain compatibility with existing on-disk
22605 	 * structures.  Thus, we need to convert the structure when copying
22606 	 * it out to a datamodel-dependent "struct vtoc" in a 64-bit
22607 	 * program.  If the target is a 32-bit program, then no conversion
22608 	 * is necessary.
22609 	 */
22610 	/* LINTED: logical expression always true: op "||" */
22611 	ASSERT(sizeof (un->un_vtoc) == sizeof (struct vtoc32));
22612 	switch (ddi_model_convert_from(flag & FMODELS)) {
22613 	case DDI_MODEL_ILP32:
22614 		if (ddi_copyout(&(un->un_vtoc), (void *)arg,
22615 		    sizeof (un->un_vtoc), flag)) {
22616 			return (EFAULT);
22617 		}
22618 		break;
22619 
22620 	case DDI_MODEL_NONE: {
22621 		struct vtoc user_vtoc;
22622 
22623 		vtoc32tovtoc(un->un_vtoc, user_vtoc);
22624 		if (ddi_copyout(&user_vtoc, (void *)arg,
22625 		    sizeof (struct vtoc), flag)) {
22626 			return (EFAULT);
22627 		}
22628 		break;
22629 	}
22630 	}
22631 #else /* ! _MULTI_DATAMODEL */
22632 	if (ddi_copyout(&(un->un_vtoc), (void *)arg, sizeof (un->un_vtoc),
22633 	    flag)) {
22634 		return (EFAULT);
22635 	}
22636 #endif /* _MULTI_DATAMODEL */
22637 #else
22638 #error "No VTOC format defined."
22639 #endif
22640 
22641 	return (rval);
22642 }
22643 
22644 static int
22645 sd_dkio_get_efi(dev_t dev, caddr_t arg, int flag)
22646 {
22647 	struct sd_lun	*un = NULL;
22648 	dk_efi_t	user_efi;
22649 	int		rval = 0;
22650 	void		*buffer;
22651 
22652 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL)
22653 		return (ENXIO);
22654 
22655 	if (ddi_copyin(arg, &user_efi, sizeof (dk_efi_t), flag))
22656 		return (EFAULT);
22657 
22658 	user_efi.dki_data = (void *)(uintptr_t)user_efi.dki_data_64;
22659 
22660 	if ((user_efi.dki_length % un->un_tgt_blocksize) ||
22661 	    (user_efi.dki_length > un->un_max_xfer_size))
22662 		return (EINVAL);
22663 
22664 	buffer = kmem_alloc(user_efi.dki_length, KM_SLEEP);
22665 	rval = sd_send_scsi_READ(un, buffer, user_efi.dki_length,
22666 	    user_efi.dki_lba, SD_PATH_DIRECT);
22667 	if (rval == 0 && ddi_copyout(buffer, user_efi.dki_data,
22668 	    user_efi.dki_length, flag) != 0)
22669 		rval = EFAULT;
22670 
22671 	kmem_free(buffer, user_efi.dki_length);
22672 	return (rval);
22673 }
22674 
22675 /*
22676  *    Function: sd_build_user_vtoc
22677  *
22678  * Description: This routine populates a pass by reference variable with the
22679  *		current volume table of contents.
22680  *
22681  *   Arguments: un - driver soft state (unit) structure
22682  *		user_vtoc - pointer to vtoc structure to be populated
22683  */
22684 
22685 static void
22686 sd_build_user_vtoc(struct sd_lun *un, struct vtoc *user_vtoc)
22687 {
22688 	struct dk_map2		*lpart;
22689 	struct dk_map		*lmap;
22690 	struct partition	*vpart;
22691 	int			nblks;
22692 	int			i;
22693 
22694 	ASSERT(mutex_owned(SD_MUTEX(un)));
22695 
22696 	/*
22697 	 * Return vtoc structure fields in the provided VTOC area, addressed
22698 	 * by *vtoc.
22699 	 */
22700 	bzero(user_vtoc, sizeof (struct vtoc));
22701 	user_vtoc->v_bootinfo[0] = un->un_vtoc.v_bootinfo[0];
22702 	user_vtoc->v_bootinfo[1] = un->un_vtoc.v_bootinfo[1];
22703 	user_vtoc->v_bootinfo[2] = un->un_vtoc.v_bootinfo[2];
22704 	user_vtoc->v_sanity	= VTOC_SANE;
22705 	user_vtoc->v_version	= un->un_vtoc.v_version;
22706 	bcopy(un->un_vtoc.v_volume, user_vtoc->v_volume, LEN_DKL_VVOL);
22707 	user_vtoc->v_sectorsz = un->un_sys_blocksize;
22708 	user_vtoc->v_nparts = un->un_vtoc.v_nparts;
22709 	bcopy(un->un_vtoc.v_reserved, user_vtoc->v_reserved,
22710 	    sizeof (un->un_vtoc.v_reserved));
22711 	/*
22712 	 * Convert partitioning information.
22713 	 *
22714 	 * Note the conversion from starting cylinder number
22715 	 * to starting sector number.
22716 	 */
22717 	lmap = un->un_map;
22718 	lpart = (struct dk_map2 *)un->un_vtoc.v_part;
22719 	vpart = user_vtoc->v_part;
22720 
22721 	nblks = un->un_g.dkg_nsect * un->un_g.dkg_nhead;
22722 
22723 	for (i = 0; i < V_NUMPAR; i++) {
22724 		vpart->p_tag	= lpart->p_tag;
22725 		vpart->p_flag	= lpart->p_flag;
22726 		vpart->p_start	= lmap->dkl_cylno * nblks;
22727 		vpart->p_size	= lmap->dkl_nblk;
22728 		lmap++;
22729 		lpart++;
22730 		vpart++;
22731 
22732 		/* (4364927) */
22733 		user_vtoc->timestamp[i] = (time_t)un->un_vtoc.v_timestamp[i];
22734 	}
22735 
22736 	bcopy(un->un_asciilabel, user_vtoc->v_asciilabel, LEN_DKL_ASCII);
22737 }
22738 
22739 static int
22740 sd_dkio_partition(dev_t dev, caddr_t arg, int flag)
22741 {
22742 	struct sd_lun		*un = NULL;
22743 	struct partition64	p64;
22744 	int			rval = 0;
22745 	uint_t			nparts;
22746 	efi_gpe_t		*partitions;
22747 	efi_gpt_t		*buffer;
22748 	diskaddr_t		gpe_lba;
22749 
22750 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22751 		return (ENXIO);
22752 	}
22753 
22754 	if (ddi_copyin((const void *)arg, &p64,
22755 	    sizeof (struct partition64), flag)) {
22756 		return (EFAULT);
22757 	}
22758 
22759 	buffer = kmem_alloc(EFI_MIN_ARRAY_SIZE, KM_SLEEP);
22760 	rval = sd_send_scsi_READ(un, buffer, DEV_BSIZE,
22761 		1, SD_PATH_DIRECT);
22762 	if (rval != 0)
22763 		goto done_error;
22764 
22765 	sd_swap_efi_gpt(buffer);
22766 
22767 	if ((rval = sd_validate_efi(buffer)) != 0)
22768 		goto done_error;
22769 
22770 	nparts = buffer->efi_gpt_NumberOfPartitionEntries;
22771 	gpe_lba = buffer->efi_gpt_PartitionEntryLBA;
22772 	if (p64.p_partno > nparts) {
22773 		/* couldn't find it */
22774 		rval = ESRCH;
22775 		goto done_error;
22776 	}
22777 	/*
22778 	 * if we're dealing with a partition that's out of the normal
22779 	 * 16K block, adjust accordingly
22780 	 */
22781 	gpe_lba += p64.p_partno / sizeof (efi_gpe_t);
22782 	rval = sd_send_scsi_READ(un, buffer, EFI_MIN_ARRAY_SIZE,
22783 			gpe_lba, SD_PATH_DIRECT);
22784 	if (rval) {
22785 		goto done_error;
22786 	}
22787 	partitions = (efi_gpe_t *)buffer;
22788 
22789 	sd_swap_efi_gpe(nparts, partitions);
22790 
22791 	partitions += p64.p_partno;
22792 	bcopy(&partitions->efi_gpe_PartitionTypeGUID, &p64.p_type,
22793 	    sizeof (struct uuid));
22794 	p64.p_start = partitions->efi_gpe_StartingLBA;
22795 	p64.p_size = partitions->efi_gpe_EndingLBA -
22796 			p64.p_start + 1;
22797 
22798 	if (ddi_copyout(&p64, (void *)arg, sizeof (struct partition64), flag))
22799 		rval = EFAULT;
22800 
22801 done_error:
22802 	kmem_free(buffer, EFI_MIN_ARRAY_SIZE);
22803 	return (rval);
22804 }
22805 
22806 
22807 /*
22808  *    Function: sd_dkio_set_vtoc
22809  *
22810  * Description: This routine is the driver entry point for handling user
22811  *		requests to set the current volume table of contents
22812  *		(DKIOCSVTOC).
22813  *
22814  *   Arguments: dev  - the device number
22815  *		arg  - pointer to user provided vtoc structure used to set the
22816  *			current vtoc.
22817  *		flag - this argument is a pass through to ddi_copyxxx()
22818  *		       directly from the mode argument of ioctl().
22819  *
22820  * Return Code: 0
22821  *		EFAULT
22822  *		ENXIO
22823  *		EINVAL
22824  *		ENOTSUP
22825  */
22826 
22827 static int
22828 sd_dkio_set_vtoc(dev_t dev, caddr_t arg, int flag)
22829 {
22830 	struct sd_lun	*un = NULL;
22831 	struct vtoc	user_vtoc;
22832 	int		rval = 0;
22833 
22834 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22835 		return (ENXIO);
22836 	}
22837 
22838 #if defined(__i386) || defined(__amd64)
22839 	if (un->un_tgt_blocksize != un->un_sys_blocksize) {
22840 		return (EINVAL);
22841 	}
22842 #endif
22843 
22844 #ifdef _MULTI_DATAMODEL
22845 	switch (ddi_model_convert_from(flag & FMODELS)) {
22846 	case DDI_MODEL_ILP32: {
22847 		struct vtoc32 user_vtoc32;
22848 
22849 		if (ddi_copyin((const void *)arg, &user_vtoc32,
22850 		    sizeof (struct vtoc32), flag)) {
22851 			return (EFAULT);
22852 		}
22853 		vtoc32tovtoc(user_vtoc32, user_vtoc);
22854 		break;
22855 	}
22856 
22857 	case DDI_MODEL_NONE:
22858 		if (ddi_copyin((const void *)arg, &user_vtoc,
22859 		    sizeof (struct vtoc), flag)) {
22860 			return (EFAULT);
22861 		}
22862 		break;
22863 	}
22864 #else /* ! _MULTI_DATAMODEL */
22865 	if (ddi_copyin((const void *)arg, &user_vtoc,
22866 	    sizeof (struct vtoc), flag)) {
22867 		return (EFAULT);
22868 	}
22869 #endif /* _MULTI_DATAMODEL */
22870 
22871 	mutex_enter(SD_MUTEX(un));
22872 	if (un->un_blockcount > DK_MAX_BLOCKS) {
22873 		mutex_exit(SD_MUTEX(un));
22874 		return (ENOTSUP);
22875 	}
22876 	if (un->un_g.dkg_ncyl == 0) {
22877 		mutex_exit(SD_MUTEX(un));
22878 		return (EINVAL);
22879 	}
22880 
22881 	mutex_exit(SD_MUTEX(un));
22882 	sd_clear_efi(un);
22883 	ddi_remove_minor_node(SD_DEVINFO(un), "wd");
22884 	ddi_remove_minor_node(SD_DEVINFO(un), "wd,raw");
22885 	(void) ddi_create_minor_node(SD_DEVINFO(un), "h",
22886 	    S_IFBLK, (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
22887 	    un->un_node_type, NULL);
22888 	(void) ddi_create_minor_node(SD_DEVINFO(un), "h,raw",
22889 	    S_IFCHR, (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
22890 	    un->un_node_type, NULL);
22891 	mutex_enter(SD_MUTEX(un));
22892 
22893 	if ((rval = sd_build_label_vtoc(un, &user_vtoc)) == 0) {
22894 		if ((rval = sd_write_label(dev)) == 0) {
22895 			if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT))
22896 			    != 0) {
22897 				SD_ERROR(SD_LOG_IOCTL_DKIO, un,
22898 				    "sd_dkio_set_vtoc: "
22899 				    "Failed validate geometry\n");
22900 			}
22901 		}
22902 	}
22903 
22904 	/*
22905 	 * If sd_build_label_vtoc, or sd_write_label failed above write the
22906 	 * devid anyway, what can it hurt? Also preserve the device id by
22907 	 * writing to the disk acyl for the case where a devid has been
22908 	 * fabricated.
22909 	 */
22910 	if (!ISREMOVABLE(un) && !ISCD(un) &&
22911 	    (un->un_f_opt_fab_devid == TRUE)) {
22912 		if (un->un_devid == NULL) {
22913 			sd_register_devid(un, SD_DEVINFO(un),
22914 			    SD_TARGET_IS_UNRESERVED);
22915 		} else {
22916 			/*
22917 			 * The device id for this disk has been
22918 			 * fabricated. Fabricated device id's are
22919 			 * managed by storing them in the last 2
22920 			 * available sectors on the drive. The device
22921 			 * id must be preserved by writing it back out
22922 			 * to this location.
22923 			 */
22924 			if (sd_write_deviceid(un) != 0) {
22925 				ddi_devid_free(un->un_devid);
22926 				un->un_devid = NULL;
22927 			}
22928 		}
22929 	}
22930 	mutex_exit(SD_MUTEX(un));
22931 	return (rval);
22932 }
22933 
22934 
22935 /*
22936  *    Function: sd_build_label_vtoc
22937  *
22938  * Description: This routine updates the driver soft state current volume table
22939  *		of contents based on a user specified vtoc.
22940  *
22941  *   Arguments: un - driver soft state (unit) structure
22942  *		user_vtoc - pointer to vtoc structure specifying vtoc to be used
22943  *			    to update the driver soft state.
22944  *
22945  * Return Code: 0
22946  *		EINVAL
22947  */
22948 
22949 static int
22950 sd_build_label_vtoc(struct sd_lun *un, struct vtoc *user_vtoc)
22951 {
22952 	struct dk_map		*lmap;
22953 	struct partition	*vpart;
22954 	int			nblks;
22955 #if defined(_SUNOS_VTOC_8)
22956 	int			ncyl;
22957 	struct dk_map2		*lpart;
22958 #endif	/* defined(_SUNOS_VTOC_8) */
22959 	int			i;
22960 
22961 	ASSERT(mutex_owned(SD_MUTEX(un)));
22962 
22963 	/* Sanity-check the vtoc */
22964 	if (user_vtoc->v_sanity != VTOC_SANE ||
22965 	    user_vtoc->v_sectorsz != un->un_sys_blocksize ||
22966 	    user_vtoc->v_nparts != V_NUMPAR) {
22967 		return (EINVAL);
22968 	}
22969 
22970 	nblks = un->un_g.dkg_nsect * un->un_g.dkg_nhead;
22971 	if (nblks == 0) {
22972 		return (EINVAL);
22973 	}
22974 
22975 #if defined(_SUNOS_VTOC_8)
22976 	vpart = user_vtoc->v_part;
22977 	for (i = 0; i < V_NUMPAR; i++) {
22978 		if ((vpart->p_start % nblks) != 0) {
22979 			return (EINVAL);
22980 		}
22981 		ncyl = vpart->p_start / nblks;
22982 		ncyl += vpart->p_size / nblks;
22983 		if ((vpart->p_size % nblks) != 0) {
22984 			ncyl++;
22985 		}
22986 		if (ncyl > (int)un->un_g.dkg_ncyl) {
22987 			return (EINVAL);
22988 		}
22989 		vpart++;
22990 	}
22991 #endif	/* defined(_SUNOS_VTOC_8) */
22992 
22993 	/* Put appropriate vtoc structure fields into the disk label */
22994 #if defined(_SUNOS_VTOC_16)
22995 	/*
22996 	 * The vtoc is always a 32bit data structure to maintain the
22997 	 * on-disk format. Convert "in place" instead of bcopying it.
22998 	 */
22999 	vtoctovtoc32((*user_vtoc), (*((struct vtoc32 *)&(un->un_vtoc))));
23000 
23001 	/*
23002 	 * in the 16-slice vtoc, starting sectors are expressed in
23003 	 * numbers *relative* to the start of the Solaris fdisk partition.
23004 	 */
23005 	lmap = un->un_map;
23006 	vpart = user_vtoc->v_part;
23007 
23008 	for (i = 0; i < (int)user_vtoc->v_nparts; i++, lmap++, vpart++) {
23009 		lmap->dkl_cylno = vpart->p_start / nblks;
23010 		lmap->dkl_nblk = vpart->p_size;
23011 	}
23012 
23013 #elif defined(_SUNOS_VTOC_8)
23014 
23015 	un->un_vtoc.v_bootinfo[0] = (uint32_t)user_vtoc->v_bootinfo[0];
23016 	un->un_vtoc.v_bootinfo[1] = (uint32_t)user_vtoc->v_bootinfo[1];
23017 	un->un_vtoc.v_bootinfo[2] = (uint32_t)user_vtoc->v_bootinfo[2];
23018 
23019 	un->un_vtoc.v_sanity = (uint32_t)user_vtoc->v_sanity;
23020 	un->un_vtoc.v_version = (uint32_t)user_vtoc->v_version;
23021 
23022 	bcopy(user_vtoc->v_volume, un->un_vtoc.v_volume, LEN_DKL_VVOL);
23023 
23024 	un->un_vtoc.v_nparts = user_vtoc->v_nparts;
23025 
23026 	bcopy(user_vtoc->v_reserved, un->un_vtoc.v_reserved,
23027 	    sizeof (un->un_vtoc.v_reserved));
23028 
23029 	/*
23030 	 * Note the conversion from starting sector number
23031 	 * to starting cylinder number.
23032 	 * Return error if division results in a remainder.
23033 	 */
23034 	lmap = un->un_map;
23035 	lpart = un->un_vtoc.v_part;
23036 	vpart = user_vtoc->v_part;
23037 
23038 	for (i = 0; i < (int)user_vtoc->v_nparts; i++) {
23039 		lpart->p_tag  = vpart->p_tag;
23040 		lpart->p_flag = vpart->p_flag;
23041 		lmap->dkl_cylno = vpart->p_start / nblks;
23042 		lmap->dkl_nblk = vpart->p_size;
23043 
23044 		lmap++;
23045 		lpart++;
23046 		vpart++;
23047 
23048 		/* (4387723) */
23049 #ifdef _LP64
23050 		if (user_vtoc->timestamp[i] > TIME32_MAX) {
23051 			un->un_vtoc.v_timestamp[i] = TIME32_MAX;
23052 		} else {
23053 			un->un_vtoc.v_timestamp[i] = user_vtoc->timestamp[i];
23054 		}
23055 #else
23056 		un->un_vtoc.v_timestamp[i] = user_vtoc->timestamp[i];
23057 #endif
23058 	}
23059 
23060 	bcopy(user_vtoc->v_asciilabel, un->un_asciilabel, LEN_DKL_ASCII);
23061 #else
23062 #error "No VTOC format defined."
23063 #endif
23064 	return (0);
23065 }
23066 
23067 /*
23068  *    Function: sd_clear_efi
23069  *
23070  * Description: This routine clears all EFI labels.
23071  *
23072  *   Arguments: un - driver soft state (unit) structure
23073  *
23074  * Return Code: void
23075  */
23076 
23077 static void
23078 sd_clear_efi(struct sd_lun *un)
23079 {
23080 	efi_gpt_t	*gpt;
23081 	uint_t		lbasize;
23082 	uint64_t	cap;
23083 	int rval;
23084 
23085 	ASSERT(!mutex_owned(SD_MUTEX(un)));
23086 
23087 	gpt = kmem_alloc(sizeof (efi_gpt_t), KM_SLEEP);
23088 
23089 	if (sd_send_scsi_READ(un, gpt, DEV_BSIZE, 1, SD_PATH_DIRECT) != 0) {
23090 		goto done;
23091 	}
23092 
23093 	sd_swap_efi_gpt(gpt);
23094 	rval = sd_validate_efi(gpt);
23095 	if (rval == 0) {
23096 		/* clear primary */
23097 		bzero(gpt, sizeof (efi_gpt_t));
23098 		if ((rval = sd_send_scsi_WRITE(un, gpt, EFI_LABEL_SIZE, 1,
23099 			SD_PATH_DIRECT))) {
23100 			SD_INFO(SD_LOG_IO_PARTITION, un,
23101 				"sd_clear_efi: clear primary label failed\n");
23102 		}
23103 	}
23104 	/* the backup */
23105 	rval = sd_send_scsi_READ_CAPACITY(un, &cap, &lbasize,
23106 	    SD_PATH_DIRECT);
23107 	if (rval) {
23108 		goto done;
23109 	}
23110 	if ((rval = sd_send_scsi_READ(un, gpt, lbasize,
23111 	    cap - 1, SD_PATH_DIRECT)) != 0) {
23112 		goto done;
23113 	}
23114 	sd_swap_efi_gpt(gpt);
23115 	rval = sd_validate_efi(gpt);
23116 	if (rval == 0) {
23117 		/* clear backup */
23118 		SD_TRACE(SD_LOG_IOCTL, un, "sd_clear_efi clear backup@%lu\n",
23119 			cap-1);
23120 		bzero(gpt, sizeof (efi_gpt_t));
23121 		if ((rval = sd_send_scsi_WRITE(un, gpt, EFI_LABEL_SIZE,
23122 		    cap-1, SD_PATH_DIRECT))) {
23123 			SD_INFO(SD_LOG_IO_PARTITION, un,
23124 				"sd_clear_efi: clear backup label failed\n");
23125 		}
23126 	}
23127 
23128 done:
23129 	kmem_free(gpt, sizeof (efi_gpt_t));
23130 }
23131 
23132 /*
23133  *    Function: sd_set_vtoc
23134  *
23135  * Description: This routine writes data to the appropriate positions
23136  *
23137  *   Arguments: un - driver soft state (unit) structure
23138  *              dkl  - the data to be written
23139  *
23140  * Return: void
23141  */
23142 
23143 static int
23144 sd_set_vtoc(struct sd_lun *un, struct dk_label *dkl)
23145 {
23146 	void			*shadow_buf;
23147 	uint_t			label_addr;
23148 	int			sec;
23149 	int			blk;
23150 	int			head;
23151 	int			cyl;
23152 	int			rval;
23153 
23154 #if defined(__i386) || defined(__amd64)
23155 	label_addr = un->un_solaris_offset + DK_LABEL_LOC;
23156 #else
23157 	/* Write the primary label at block 0 of the solaris partition. */
23158 	label_addr = 0;
23159 #endif
23160 
23161 	if (NOT_DEVBSIZE(un)) {
23162 		shadow_buf = kmem_zalloc(un->un_tgt_blocksize, KM_SLEEP);
23163 		/*
23164 		 * Read the target's first block.
23165 		 */
23166 		if ((rval = sd_send_scsi_READ(un, shadow_buf,
23167 		    un->un_tgt_blocksize, label_addr,
23168 		    SD_PATH_STANDARD)) != 0) {
23169 			goto exit;
23170 		}
23171 		/*
23172 		 * Copy the contents of the label into the shadow buffer
23173 		 * which is of the size of target block size.
23174 		 */
23175 		bcopy(dkl, shadow_buf, sizeof (struct dk_label));
23176 	}
23177 
23178 	/* Write the primary label */
23179 	if (NOT_DEVBSIZE(un)) {
23180 		rval = sd_send_scsi_WRITE(un, shadow_buf, un->un_tgt_blocksize,
23181 		    label_addr, SD_PATH_STANDARD);
23182 	} else {
23183 		rval = sd_send_scsi_WRITE(un, dkl, un->un_sys_blocksize,
23184 		    label_addr, SD_PATH_STANDARD);
23185 	}
23186 	if (rval != 0) {
23187 		return (rval);
23188 	}
23189 
23190 	/*
23191 	 * Calculate where the backup labels go.  They are always on
23192 	 * the last alternate cylinder, but some older drives put them
23193 	 * on head 2 instead of the last head.	They are always on the
23194 	 * first 5 odd sectors of the appropriate track.
23195 	 *
23196 	 * We have no choice at this point, but to believe that the
23197 	 * disk label is valid.	 Use the geometry of the disk
23198 	 * as described in the label.
23199 	 */
23200 	cyl  = dkl->dkl_ncyl  + dkl->dkl_acyl - 1;
23201 	head = dkl->dkl_nhead - 1;
23202 
23203 	/*
23204 	 * Write and verify the backup labels. Make sure we don't try to
23205 	 * write past the last cylinder.
23206 	 */
23207 	for (sec = 1; ((sec < 5 * 2 + 1) && (sec < dkl->dkl_nsect)); sec += 2) {
23208 		blk = (daddr_t)(
23209 		    (cyl * ((dkl->dkl_nhead * dkl->dkl_nsect) - dkl->dkl_apc)) +
23210 		    (head * dkl->dkl_nsect) + sec);
23211 #if defined(__i386) || defined(__amd64)
23212 		blk += un->un_solaris_offset;
23213 #endif
23214 		if (NOT_DEVBSIZE(un)) {
23215 			uint64_t	tblk;
23216 			/*
23217 			 * Need to read the block first for read modify write.
23218 			 */
23219 			tblk = (uint64_t)blk;
23220 			blk = (int)((tblk * un->un_sys_blocksize) /
23221 			    un->un_tgt_blocksize);
23222 			if ((rval = sd_send_scsi_READ(un, shadow_buf,
23223 			    un->un_tgt_blocksize, blk,
23224 			    SD_PATH_STANDARD)) != 0) {
23225 				goto exit;
23226 			}
23227 			/*
23228 			 * Modify the shadow buffer with the label.
23229 			 */
23230 			bcopy(dkl, shadow_buf, sizeof (struct dk_label));
23231 			rval = sd_send_scsi_WRITE(un, shadow_buf,
23232 			    un->un_tgt_blocksize, blk, SD_PATH_STANDARD);
23233 		} else {
23234 			rval = sd_send_scsi_WRITE(un, dkl, un->un_sys_blocksize,
23235 			    blk, SD_PATH_STANDARD);
23236 			SD_INFO(SD_LOG_IO_PARTITION, un,
23237 			"sd_set_vtoc: wrote backup label %d\n", blk);
23238 		}
23239 		if (rval != 0) {
23240 			goto exit;
23241 		}
23242 	}
23243 exit:
23244 	if (NOT_DEVBSIZE(un)) {
23245 		kmem_free(shadow_buf, un->un_tgt_blocksize);
23246 	}
23247 	return (rval);
23248 }
23249 
23250 /*
23251  *    Function: sd_clear_vtoc
23252  *
23253  * Description: This routine clears out the VTOC labels.
23254  *
23255  *   Arguments: un - driver soft state (unit) structure
23256  *
23257  * Return: void
23258  */
23259 
23260 static void
23261 sd_clear_vtoc(struct sd_lun *un)
23262 {
23263 	struct dk_label		*dkl;
23264 
23265 	mutex_exit(SD_MUTEX(un));
23266 	dkl = kmem_zalloc(sizeof (struct dk_label), KM_SLEEP);
23267 	mutex_enter(SD_MUTEX(un));
23268 	/*
23269 	 * sd_set_vtoc uses these fields in order to figure out
23270 	 * where to overwrite the backup labels
23271 	 */
23272 	dkl->dkl_apc    = un->un_g.dkg_apc;
23273 	dkl->dkl_ncyl   = un->un_g.dkg_ncyl;
23274 	dkl->dkl_acyl   = un->un_g.dkg_acyl;
23275 	dkl->dkl_nhead  = un->un_g.dkg_nhead;
23276 	dkl->dkl_nsect  = un->un_g.dkg_nsect;
23277 	mutex_exit(SD_MUTEX(un));
23278 	(void) sd_set_vtoc(un, dkl);
23279 	kmem_free(dkl, sizeof (struct dk_label));
23280 
23281 	mutex_enter(SD_MUTEX(un));
23282 }
23283 
23284 /*
23285  *    Function: sd_write_label
23286  *
23287  * Description: This routine will validate and write the driver soft state vtoc
23288  *		contents to the device.
23289  *
23290  *   Arguments: dev - the device number
23291  *
23292  * Return Code: the code returned by sd_send_scsi_cmd()
23293  *		0
23294  *		EINVAL
23295  *		ENXIO
23296  *		ENOMEM
23297  */
23298 
23299 static int
23300 sd_write_label(dev_t dev)
23301 {
23302 	struct sd_lun		*un;
23303 	struct dk_label		*dkl;
23304 	short			sum;
23305 	short			*sp;
23306 	int			i;
23307 	int			rval;
23308 
23309 	if (((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) ||
23310 	    (un->un_state == SD_STATE_OFFLINE)) {
23311 		return (ENXIO);
23312 	}
23313 	ASSERT(mutex_owned(SD_MUTEX(un)));
23314 	mutex_exit(SD_MUTEX(un));
23315 	dkl = kmem_zalloc(sizeof (struct dk_label), KM_SLEEP);
23316 	mutex_enter(SD_MUTEX(un));
23317 
23318 	bcopy(&un->un_vtoc, &dkl->dkl_vtoc, sizeof (struct dk_vtoc));
23319 	dkl->dkl_rpm	= un->un_g.dkg_rpm;
23320 	dkl->dkl_pcyl	= un->un_g.dkg_pcyl;
23321 	dkl->dkl_apc	= un->un_g.dkg_apc;
23322 	dkl->dkl_intrlv = un->un_g.dkg_intrlv;
23323 	dkl->dkl_ncyl	= un->un_g.dkg_ncyl;
23324 	dkl->dkl_acyl	= un->un_g.dkg_acyl;
23325 	dkl->dkl_nhead	= un->un_g.dkg_nhead;
23326 	dkl->dkl_nsect	= un->un_g.dkg_nsect;
23327 
23328 #if defined(_SUNOS_VTOC_8)
23329 	dkl->dkl_obs1	= un->un_g.dkg_obs1;
23330 	dkl->dkl_obs2	= un->un_g.dkg_obs2;
23331 	dkl->dkl_obs3	= un->un_g.dkg_obs3;
23332 	for (i = 0; i < NDKMAP; i++) {
23333 		dkl->dkl_map[i].dkl_cylno = un->un_map[i].dkl_cylno;
23334 		dkl->dkl_map[i].dkl_nblk  = un->un_map[i].dkl_nblk;
23335 	}
23336 	bcopy(un->un_asciilabel, dkl->dkl_asciilabel, LEN_DKL_ASCII);
23337 #elif defined(_SUNOS_VTOC_16)
23338 	dkl->dkl_skew	= un->un_dkg_skew;
23339 #else
23340 #error "No VTOC format defined."
23341 #endif
23342 
23343 	dkl->dkl_magic			= DKL_MAGIC;
23344 	dkl->dkl_write_reinstruct	= un->un_g.dkg_write_reinstruct;
23345 	dkl->dkl_read_reinstruct	= un->un_g.dkg_read_reinstruct;
23346 
23347 	/* Construct checksum for the new disk label */
23348 	sum = 0;
23349 	sp = (short *)dkl;
23350 	i = sizeof (struct dk_label) / sizeof (short);
23351 	while (i--) {
23352 		sum ^= *sp++;
23353 	}
23354 	dkl->dkl_cksum = sum;
23355 
23356 	mutex_exit(SD_MUTEX(un));
23357 
23358 	rval = sd_set_vtoc(un, dkl);
23359 exit:
23360 	kmem_free(dkl, sizeof (struct dk_label));
23361 	mutex_enter(SD_MUTEX(un));
23362 	return (rval);
23363 }
23364 
23365 static int
23366 sd_dkio_set_efi(dev_t dev, caddr_t arg, int flag)
23367 {
23368 	struct sd_lun	*un = NULL;
23369 	dk_efi_t	user_efi;
23370 	int		rval = 0;
23371 	void		*buffer;
23372 
23373 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL)
23374 		return (ENXIO);
23375 
23376 	if (ddi_copyin(arg, &user_efi, sizeof (dk_efi_t), flag))
23377 		return (EFAULT);
23378 
23379 	user_efi.dki_data = (void *)(uintptr_t)user_efi.dki_data_64;
23380 
23381 	if ((user_efi.dki_length % un->un_tgt_blocksize) ||
23382 	    (user_efi.dki_length > un->un_max_xfer_size))
23383 		return (EINVAL);
23384 
23385 	buffer = kmem_alloc(user_efi.dki_length, KM_SLEEP);
23386 	if (ddi_copyin(user_efi.dki_data, buffer, user_efi.dki_length, flag)) {
23387 		rval = EFAULT;
23388 	} else {
23389 		/*
23390 		 * let's clear the vtoc labels and clear the softstate
23391 		 * vtoc.
23392 		 */
23393 		mutex_enter(SD_MUTEX(un));
23394 		if (un->un_vtoc.v_sanity == VTOC_SANE) {
23395 			SD_TRACE(SD_LOG_IO_PARTITION, un,
23396 				"sd_dkio_set_efi: CLEAR VTOC\n");
23397 			sd_clear_vtoc(un);
23398 			bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
23399 			mutex_exit(SD_MUTEX(un));
23400 			ddi_remove_minor_node(SD_DEVINFO(un), "h");
23401 			ddi_remove_minor_node(SD_DEVINFO(un), "h,raw");
23402 			(void) ddi_create_minor_node(SD_DEVINFO(un), "wd",
23403 			    S_IFBLK,
23404 			    (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
23405 			    un->un_node_type, NULL);
23406 			(void) ddi_create_minor_node(SD_DEVINFO(un), "wd,raw",
23407 			    S_IFCHR,
23408 			    (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
23409 			    un->un_node_type, NULL);
23410 		} else
23411 			mutex_exit(SD_MUTEX(un));
23412 		rval = sd_send_scsi_WRITE(un, buffer, user_efi.dki_length,
23413 		    user_efi.dki_lba, SD_PATH_DIRECT);
23414 		if (rval == 0) {
23415 			mutex_enter(SD_MUTEX(un));
23416 			un->un_f_geometry_is_valid = FALSE;
23417 			mutex_exit(SD_MUTEX(un));
23418 		}
23419 	}
23420 	kmem_free(buffer, user_efi.dki_length);
23421 	return (rval);
23422 }
23423 
23424 /*
23425  *    Function: sd_dkio_get_mboot
23426  *
23427  * Description: This routine is the driver entry point for handling user
23428  *		requests to get the current device mboot (DKIOCGMBOOT)
23429  *
23430  *   Arguments: dev  - the device number
23431  *		arg  - pointer to user provided mboot structure specifying
23432  *			the current mboot.
23433  *		flag - this argument is a pass through to ddi_copyxxx()
23434  *		       directly from the mode argument of ioctl().
23435  *
23436  * Return Code: 0
23437  *		EINVAL
23438  *		EFAULT
23439  *		ENXIO
23440  */
23441 
23442 static int
23443 sd_dkio_get_mboot(dev_t dev, caddr_t arg, int flag)
23444 {
23445 	struct sd_lun	*un;
23446 	struct mboot	*mboot;
23447 	int		rval;
23448 	size_t		buffer_size;
23449 
23450 	if (((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) ||
23451 	    (un->un_state == SD_STATE_OFFLINE)) {
23452 		return (ENXIO);
23453 	}
23454 
23455 #if defined(_SUNOS_VTOC_8)
23456 	if ((!ISREMOVABLE(un)) || (arg == NULL)) {
23457 #elif defined(_SUNOS_VTOC_16)
23458 	if (arg == NULL) {
23459 #endif
23460 		return (EINVAL);
23461 	}
23462 
23463 	/*
23464 	 * Read the mboot block, located at absolute block 0 on the target.
23465 	 */
23466 	buffer_size = SD_REQBYTES2TGTBYTES(un, sizeof (struct mboot));
23467 
23468 	SD_TRACE(SD_LOG_IO_PARTITION, un,
23469 	    "sd_dkio_get_mboot: allocation size: 0x%x\n", buffer_size);
23470 
23471 	mboot = kmem_zalloc(buffer_size, KM_SLEEP);
23472 	if ((rval = sd_send_scsi_READ(un, mboot, buffer_size, 0,
23473 	    SD_PATH_STANDARD)) == 0) {
23474 		if (ddi_copyout(mboot, (void *)arg,
23475 		    sizeof (struct mboot), flag) != 0) {
23476 			rval = EFAULT;
23477 		}
23478 	}
23479 	kmem_free(mboot, buffer_size);
23480 	return (rval);
23481 }
23482 
23483 
23484 /*
23485  *    Function: sd_dkio_set_mboot
23486  *
23487  * Description: This routine is the driver entry point for handling user
23488  *		requests to validate and set the device master boot
23489  *		(DKIOCSMBOOT).
23490  *
23491  *   Arguments: dev  - the device number
23492  *		arg  - pointer to user provided mboot structure used to set the
23493  *			master boot.
23494  *		flag - this argument is a pass through to ddi_copyxxx()
23495  *		       directly from the mode argument of ioctl().
23496  *
23497  * Return Code: 0
23498  *		EINVAL
23499  *		EFAULT
23500  *		ENXIO
23501  */
23502 
23503 static int
23504 sd_dkio_set_mboot(dev_t dev, caddr_t arg, int flag)
23505 {
23506 	struct sd_lun	*un = NULL;
23507 	struct mboot	*mboot = NULL;
23508 	int		rval;
23509 	ushort_t	magic;
23510 
23511 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
23512 		return (ENXIO);
23513 	}
23514 
23515 	ASSERT(!mutex_owned(SD_MUTEX(un)));
23516 
23517 #if defined(_SUNOS_VTOC_8)
23518 	if (!ISREMOVABLE(un)) {
23519 		return (EINVAL);
23520 	}
23521 #endif
23522 
23523 	if (arg == NULL) {
23524 		return (EINVAL);
23525 	}
23526 
23527 	mboot = kmem_zalloc(sizeof (struct mboot), KM_SLEEP);
23528 
23529 	if (ddi_copyin((const void *)arg, mboot,
23530 	    sizeof (struct mboot), flag) != 0) {
23531 		kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23532 		return (EFAULT);
23533 	}
23534 
23535 	/* Is this really a master boot record? */
23536 	magic = LE_16(mboot->signature);
23537 	if (magic != MBB_MAGIC) {
23538 		kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23539 		return (EINVAL);
23540 	}
23541 
23542 	rval = sd_send_scsi_WRITE(un, mboot, un->un_sys_blocksize, 0,
23543 	    SD_PATH_STANDARD);
23544 
23545 	mutex_enter(SD_MUTEX(un));
23546 #if defined(__i386) || defined(__amd64)
23547 	if (rval == 0) {
23548 		/*
23549 		 * mboot has been written successfully.
23550 		 * update the fdisk and vtoc tables in memory
23551 		 */
23552 		rval = sd_update_fdisk_and_vtoc(un);
23553 		if ((un->un_f_geometry_is_valid == FALSE) || (rval != 0)) {
23554 			mutex_exit(SD_MUTEX(un));
23555 			kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23556 			return (rval);
23557 		}
23558 	}
23559 
23560 	/*
23561 	 * If the mboot write fails, write the devid anyway, what can it hurt?
23562 	 * Also preserve the device id by writing to the disk acyl for the case
23563 	 * where a devid has been fabricated.
23564 	 */
23565 	if (!ISREMOVABLE(un) && !ISCD(un) &&
23566 	    (un->un_f_opt_fab_devid == TRUE)) {
23567 		if (un->un_devid == NULL) {
23568 			sd_register_devid(un, SD_DEVINFO(un),
23569 			    SD_TARGET_IS_UNRESERVED);
23570 		} else {
23571 			/*
23572 			 * The device id for this disk has been
23573 			 * fabricated. Fabricated device id's are
23574 			 * managed by storing them in the last 2
23575 			 * available sectors on the drive. The device
23576 			 * id must be preserved by writing it back out
23577 			 * to this location.
23578 			 */
23579 			if (sd_write_deviceid(un) != 0) {
23580 				ddi_devid_free(un->un_devid);
23581 				un->un_devid = NULL;
23582 			}
23583 		}
23584 	}
23585 #else
23586 	if (rval == 0) {
23587 		/*
23588 		 * mboot has been written successfully.
23589 		 * set up the default geometry and VTOC
23590 		 */
23591 		if (un->un_blockcount <= DK_MAX_BLOCKS)
23592 			sd_setup_default_geometry(un);
23593 	}
23594 #endif
23595 	mutex_exit(SD_MUTEX(un));
23596 	kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23597 	return (rval);
23598 }
23599 
23600 
23601 /*
23602  *    Function: sd_setup_default_geometry
23603  *
23604  * Description: This local utility routine sets the default geometry as part of
23605  *		setting the device mboot.
23606  *
23607  *   Arguments: un - driver soft state (unit) structure
23608  *
23609  * Note: This may be redundant with sd_build_default_label.
23610  */
23611 
23612 static void
23613 sd_setup_default_geometry(struct sd_lun *un)
23614 {
23615 	/* zero out the soft state geometry and partition table. */
23616 	bzero(&un->un_g, sizeof (struct dk_geom));
23617 	bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
23618 	bzero(un->un_map, NDKMAP * (sizeof (struct dk_map)));
23619 	un->un_asciilabel[0] = '\0';
23620 
23621 	/*
23622 	 * For the rpm, we use the minimum for the disk.
23623 	 * For the head, cyl and number of sector per track,
23624 	 * if the capacity <= 1GB, head = 64, sect = 32.
23625 	 * else head = 255, sect 63
23626 	 * Note: the capacity should be equal to C*H*S values.
23627 	 * This will cause some truncation of size due to
23628 	 * round off errors. For CD-ROMs, this truncation can
23629 	 * have adverse side effects, so returning ncyl and
23630 	 * nhead as 1. The nsect will overflow for most of
23631 	 * CD-ROMs as nsect is of type ushort.
23632 	 */
23633 	if (ISCD(un)) {
23634 		un->un_g.dkg_ncyl = 1;
23635 		un->un_g.dkg_nhead = 1;
23636 		un->un_g.dkg_nsect = un->un_blockcount;
23637 	} else {
23638 		if (un->un_blockcount <= 0x1000) {
23639 			/* Needed for unlabeled SCSI floppies. */
23640 			un->un_g.dkg_nhead = 2;
23641 			un->un_g.dkg_ncyl = 80;
23642 			un->un_g.dkg_pcyl = 80;
23643 			un->un_g.dkg_nsect = un->un_blockcount / (2 * 80);
23644 		} else if (un->un_blockcount <= 0x200000) {
23645 			un->un_g.dkg_nhead = 64;
23646 			un->un_g.dkg_nsect = 32;
23647 			un->un_g.dkg_ncyl = un->un_blockcount / (64 * 32);
23648 		} else {
23649 			un->un_g.dkg_nhead = 255;
23650 			un->un_g.dkg_nsect = 63;
23651 			un->un_g.dkg_ncyl = un->un_blockcount / (255 * 63);
23652 		}
23653 		un->un_blockcount = un->un_g.dkg_ncyl *
23654 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect;
23655 	}
23656 	un->un_g.dkg_acyl = 0;
23657 	un->un_g.dkg_bcyl = 0;
23658 	un->un_g.dkg_intrlv = 1;
23659 	un->un_g.dkg_rpm = 200;
23660 	un->un_g.dkg_read_reinstruct = 0;
23661 	un->un_g.dkg_write_reinstruct = 0;
23662 	if (un->un_g.dkg_pcyl == 0) {
23663 		un->un_g.dkg_pcyl = un->un_g.dkg_ncyl + un->un_g.dkg_acyl;
23664 	}
23665 
23666 	un->un_map['a'-'a'].dkl_cylno = 0;
23667 	un->un_map['a'-'a'].dkl_nblk = un->un_blockcount;
23668 	un->un_map['c'-'a'].dkl_cylno = 0;
23669 	un->un_map['c'-'a'].dkl_nblk = un->un_blockcount;
23670 	un->un_f_geometry_is_valid = FALSE;
23671 }
23672 
23673 
23674 #if defined(__i386) || defined(__amd64)
23675 /*
23676  *    Function: sd_update_fdisk_and_vtoc
23677  *
23678  * Description: This local utility routine updates the device fdisk and vtoc
23679  *		as part of setting the device mboot.
23680  *
23681  *   Arguments: un - driver soft state (unit) structure
23682  *
23683  * Return Code: 0 for success or errno-type return code.
23684  *
23685  *    Note:x86: This looks like a duplicate of sd_validate_geometry(), but
23686  *		these did exist seperately in x86 sd.c!!!
23687  */
23688 
23689 static int
23690 sd_update_fdisk_and_vtoc(struct sd_lun *un)
23691 {
23692 	static char	labelstring[128];
23693 	static char	buf[256];
23694 	char		*label = 0;
23695 	int		count;
23696 	int		label_rc = 0;
23697 	int		gvalid = un->un_f_geometry_is_valid;
23698 	int		fdisk_rval;
23699 	int		lbasize;
23700 	int		capacity;
23701 
23702 	ASSERT(mutex_owned(SD_MUTEX(un)));
23703 
23704 	if (un->un_f_tgt_blocksize_is_valid == FALSE) {
23705 		return (EINVAL);
23706 	}
23707 
23708 	if (un->un_f_blockcount_is_valid == FALSE) {
23709 		return (EINVAL);
23710 	}
23711 
23712 #if defined(_SUNOS_VTOC_16)
23713 	/*
23714 	 * Set up the "whole disk" fdisk partition; this should always
23715 	 * exist, regardless of whether the disk contains an fdisk table
23716 	 * or vtoc.
23717 	 */
23718 	un->un_map[P0_RAW_DISK].dkl_cylno = 0;
23719 	un->un_map[P0_RAW_DISK].dkl_nblk = un->un_blockcount;
23720 #endif	/* defined(_SUNOS_VTOC_16) */
23721 
23722 	/*
23723 	 * copy the lbasize and capacity so that if they're
23724 	 * reset while we're not holding the SD_MUTEX(un), we will
23725 	 * continue to use valid values after the SD_MUTEX(un) is
23726 	 * reacquired.
23727 	 */
23728 	lbasize  = un->un_tgt_blocksize;
23729 	capacity = un->un_blockcount;
23730 
23731 	/*
23732 	 * refresh the logical and physical geometry caches.
23733 	 * (data from mode sense format/rigid disk geometry pages,
23734 	 * and scsi_ifgetcap("geometry").
23735 	 */
23736 	sd_resync_geom_caches(un, capacity, lbasize, SD_PATH_DIRECT);
23737 
23738 	/*
23739 	 * Only DIRECT ACCESS devices will have Sun labels.
23740 	 * CD's supposedly have a Sun label, too
23741 	 */
23742 	if (SD_INQUIRY(un)->inq_dtype == DTYPE_DIRECT || ISREMOVABLE(un)) {
23743 		fdisk_rval = sd_read_fdisk(un, capacity, lbasize,
23744 		    SD_PATH_DIRECT);
23745 		if (fdisk_rval == SD_CMD_FAILURE) {
23746 			ASSERT(mutex_owned(SD_MUTEX(un)));
23747 			return (EIO);
23748 		}
23749 
23750 		if (fdisk_rval == SD_CMD_RESERVATION_CONFLICT) {
23751 			ASSERT(mutex_owned(SD_MUTEX(un)));
23752 			return (EACCES);
23753 		}
23754 
23755 		if (un->un_solaris_size <= DK_LABEL_LOC) {
23756 			/*
23757 			 * Found fdisk table but no Solaris partition entry,
23758 			 * so don't call sd_uselabel() and don't create
23759 			 * a default label.
23760 			 */
23761 			label_rc = 0;
23762 			un->un_f_geometry_is_valid = TRUE;
23763 			goto no_solaris_partition;
23764 		}
23765 
23766 #if defined(_SUNOS_VTOC_8)
23767 		label = (char *)un->un_asciilabel;
23768 #elif defined(_SUNOS_VTOC_16)
23769 		label = (char *)un->un_vtoc.v_asciilabel;
23770 #else
23771 #error "No VTOC format defined."
23772 #endif
23773 	} else if (capacity < 0) {
23774 		ASSERT(mutex_owned(SD_MUTEX(un)));
23775 		return (EINVAL);
23776 	}
23777 
23778 	/*
23779 	 * For Removable media We reach here if we have found a
23780 	 * SOLARIS PARTITION.
23781 	 * If un_f_geometry_is_valid is FALSE it indicates that the SOLARIS
23782 	 * PARTITION has changed from the previous one, hence we will setup a
23783 	 * default VTOC in this case.
23784 	 */
23785 	if (un->un_f_geometry_is_valid == FALSE) {
23786 		sd_build_default_label(un);
23787 		label_rc = 0;
23788 	}
23789 
23790 no_solaris_partition:
23791 	if ((!ISREMOVABLE(un) ||
23792 	    (ISREMOVABLE(un) && un->un_mediastate == DKIO_EJECTED)) &&
23793 	    (un->un_state == SD_STATE_NORMAL && gvalid == FALSE)) {
23794 		/*
23795 		 * Print out a message indicating who and what we are.
23796 		 * We do this only when we happen to really validate the
23797 		 * geometry. We may call sd_validate_geometry() at other
23798 		 * times, ioctl()'s like Get VTOC in which case we
23799 		 * don't want to print the label.
23800 		 * If the geometry is valid, print the label string,
23801 		 * else print vendor and product info, if available
23802 		 */
23803 		if ((un->un_f_geometry_is_valid == TRUE) && (label != NULL)) {
23804 			SD_INFO(SD_LOG_IOCTL_DKIO, un, "?<%s>\n", label);
23805 		} else {
23806 			mutex_enter(&sd_label_mutex);
23807 			sd_inq_fill(SD_INQUIRY(un)->inq_vid, VIDMAX,
23808 			    labelstring);
23809 			sd_inq_fill(SD_INQUIRY(un)->inq_pid, PIDMAX,
23810 			    &labelstring[64]);
23811 			(void) sprintf(buf, "?Vendor '%s', product '%s'",
23812 			    labelstring, &labelstring[64]);
23813 			if (un->un_f_blockcount_is_valid == TRUE) {
23814 				(void) sprintf(&buf[strlen(buf)],
23815 				    ", %" PRIu64 " %u byte blocks\n",
23816 				    un->un_blockcount,
23817 				    un->un_tgt_blocksize);
23818 			} else {
23819 				(void) sprintf(&buf[strlen(buf)],
23820 				    ", (unknown capacity)\n");
23821 			}
23822 			SD_INFO(SD_LOG_IOCTL_DKIO, un, buf);
23823 			mutex_exit(&sd_label_mutex);
23824 		}
23825 	}
23826 
23827 #if defined(_SUNOS_VTOC_16)
23828 	/*
23829 	 * If we have valid geometry, set up the remaining fdisk partitions.
23830 	 * Note that dkl_cylno is not used for the fdisk map entries, so
23831 	 * we set it to an entirely bogus value.
23832 	 */
23833 	for (count = 0; count < FD_NUMPART; count++) {
23834 		un->un_map[FDISK_P1 + count].dkl_cylno = -1;
23835 		un->un_map[FDISK_P1 + count].dkl_nblk =
23836 		    un->un_fmap[count].fmap_nblk;
23837 		un->un_offset[FDISK_P1 + count] =
23838 		    un->un_fmap[count].fmap_start;
23839 	}
23840 #endif
23841 
23842 	for (count = 0; count < NDKMAP; count++) {
23843 #if defined(_SUNOS_VTOC_8)
23844 		struct dk_map *lp  = &un->un_map[count];
23845 		un->un_offset[count] =
23846 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
23847 #elif defined(_SUNOS_VTOC_16)
23848 		struct dkl_partition *vp = &un->un_vtoc.v_part[count];
23849 		un->un_offset[count] = vp->p_start + un->un_solaris_offset;
23850 #else
23851 #error "No VTOC format defined."
23852 #endif
23853 	}
23854 
23855 	ASSERT(mutex_owned(SD_MUTEX(un)));
23856 	return (label_rc);
23857 }
23858 #endif
23859 
23860 
23861 /*
23862  *    Function: sd_check_media
23863  *
23864  * Description: This utility routine implements the functionality for the
23865  *		DKIOCSTATE ioctl. This ioctl blocks the user thread until the
23866  *		driver state changes from that specified by the user
23867  *		(inserted or ejected). For example, if the user specifies
23868  *		DKIO_EJECTED and the current media state is inserted this
23869  *		routine will immediately return DKIO_INSERTED. However, if the
23870  *		current media state is not inserted the user thread will be
23871  *		blocked until the drive state changes. If DKIO_NONE is specified
23872  *		the user thread will block until a drive state change occurs.
23873  *
23874  *   Arguments: dev  - the device number
23875  *		state  - user pointer to a dkio_state, updated with the current
23876  *			drive state at return.
23877  *
23878  * Return Code: ENXIO
23879  *		EIO
23880  *		EAGAIN
23881  *		EINTR
23882  */
23883 
23884 static int
23885 sd_check_media(dev_t dev, enum dkio_state state)
23886 {
23887 	struct sd_lun		*un = NULL;
23888 	enum dkio_state		prev_state;
23889 	opaque_t		token = NULL;
23890 	int			rval = 0;
23891 
23892 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
23893 		return (ENXIO);
23894 	}
23895 
23896 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: entry\n");
23897 
23898 	mutex_enter(SD_MUTEX(un));
23899 
23900 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: "
23901 	    "state=%x, mediastate=%x\n", state, un->un_mediastate);
23902 
23903 	prev_state = un->un_mediastate;
23904 
23905 	/* is there anything to do? */
23906 	if (state == un->un_mediastate || un->un_mediastate == DKIO_NONE) {
23907 		/*
23908 		 * submit the request to the scsi_watch service;
23909 		 * scsi_media_watch_cb() does the real work
23910 		 */
23911 		mutex_exit(SD_MUTEX(un));
23912 
23913 		/*
23914 		 * This change handles the case where a scsi watch request is
23915 		 * added to a device that is powered down. To accomplish this
23916 		 * we power up the device before adding the scsi watch request,
23917 		 * since the scsi watch sends a TUR directly to the device
23918 		 * which the device cannot handle if it is powered down.
23919 		 */
23920 		if (sd_pm_entry(un) != DDI_SUCCESS) {
23921 			mutex_enter(SD_MUTEX(un));
23922 			goto done;
23923 		}
23924 
23925 		token = scsi_watch_request_submit(SD_SCSI_DEVP(un),
23926 		    sd_check_media_time, SENSE_LENGTH, sd_media_watch_cb,
23927 		    (caddr_t)dev);
23928 
23929 		sd_pm_exit(un);
23930 
23931 		mutex_enter(SD_MUTEX(un));
23932 		if (token == NULL) {
23933 			rval = EAGAIN;
23934 			goto done;
23935 		}
23936 
23937 		/*
23938 		 * This is a special case IOCTL that doesn't return
23939 		 * until the media state changes. Routine sdpower
23940 		 * knows about and handles this so don't count it
23941 		 * as an active cmd in the driver, which would
23942 		 * keep the device busy to the pm framework.
23943 		 * If the count isn't decremented the device can't
23944 		 * be powered down.
23945 		 */
23946 		un->un_ncmds_in_driver--;
23947 		ASSERT(un->un_ncmds_in_driver >= 0);
23948 
23949 		/*
23950 		 * if a prior request had been made, this will be the same
23951 		 * token, as scsi_watch was designed that way.
23952 		 */
23953 		un->un_swr_token = token;
23954 		un->un_specified_mediastate = state;
23955 
23956 		/*
23957 		 * now wait for media change
23958 		 * we will not be signalled unless mediastate == state but it is
23959 		 * still better to test for this condition, since there is a
23960 		 * 2 sec cv_broadcast delay when mediastate == DKIO_INSERTED
23961 		 */
23962 		SD_TRACE(SD_LOG_COMMON, un,
23963 		    "sd_check_media: waiting for media state change\n");
23964 		while (un->un_mediastate == state) {
23965 			if (cv_wait_sig(&un->un_state_cv, SD_MUTEX(un)) == 0) {
23966 				SD_TRACE(SD_LOG_COMMON, un,
23967 				    "sd_check_media: waiting for media state "
23968 				    "was interrupted\n");
23969 				un->un_ncmds_in_driver++;
23970 				rval = EINTR;
23971 				goto done;
23972 			}
23973 			SD_TRACE(SD_LOG_COMMON, un,
23974 			    "sd_check_media: received signal, state=%x\n",
23975 			    un->un_mediastate);
23976 		}
23977 		/*
23978 		 * Inc the counter to indicate the device once again
23979 		 * has an active outstanding cmd.
23980 		 */
23981 		un->un_ncmds_in_driver++;
23982 	}
23983 
23984 	/* invalidate geometry */
23985 	if (prev_state == DKIO_INSERTED && un->un_mediastate == DKIO_EJECTED) {
23986 		sr_ejected(un);
23987 	}
23988 
23989 	if (un->un_mediastate == DKIO_INSERTED && prev_state != DKIO_INSERTED) {
23990 		uint64_t	capacity;
23991 		uint_t		lbasize;
23992 
23993 		SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: media inserted\n");
23994 		mutex_exit(SD_MUTEX(un));
23995 		/*
23996 		 * Since the following routines use SD_PATH_DIRECT, we must
23997 		 * call PM directly before the upcoming disk accesses. This
23998 		 * may cause the disk to be power/spin up.
23999 		 */
24000 
24001 		if (sd_pm_entry(un) == DDI_SUCCESS) {
24002 			rval = sd_send_scsi_READ_CAPACITY(un,
24003 			    &capacity,
24004 			    &lbasize, SD_PATH_DIRECT);
24005 			if (rval != 0) {
24006 				sd_pm_exit(un);
24007 				mutex_enter(SD_MUTEX(un));
24008 				goto done;
24009 			}
24010 		} else {
24011 			rval = EIO;
24012 			mutex_enter(SD_MUTEX(un));
24013 			goto done;
24014 		}
24015 		mutex_enter(SD_MUTEX(un));
24016 
24017 		sd_update_block_info(un, lbasize, capacity);
24018 
24019 		un->un_f_geometry_is_valid	= FALSE;
24020 		(void) sd_validate_geometry(un, SD_PATH_DIRECT);
24021 
24022 		mutex_exit(SD_MUTEX(un));
24023 		rval = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
24024 		    SD_PATH_DIRECT);
24025 		sd_pm_exit(un);
24026 
24027 		mutex_enter(SD_MUTEX(un));
24028 	}
24029 done:
24030 	un->un_f_watcht_stopped = FALSE;
24031 	if (un->un_swr_token) {
24032 		/*
24033 		 * Use of this local token and the mutex ensures that we avoid
24034 		 * some race conditions associated with terminating the
24035 		 * scsi watch.
24036 		 */
24037 		token = un->un_swr_token;
24038 		un->un_swr_token = (opaque_t)NULL;
24039 		mutex_exit(SD_MUTEX(un));
24040 		(void) scsi_watch_request_terminate(token,
24041 		    SCSI_WATCH_TERMINATE_WAIT);
24042 		mutex_enter(SD_MUTEX(un));
24043 	}
24044 
24045 	/*
24046 	 * Update the capacity kstat value, if no media previously
24047 	 * (capacity kstat is 0) and a media has been inserted
24048 	 * (un_f_blockcount_is_valid == TRUE)
24049 	 * This is a more generic way then checking for ISREMOVABLE.
24050 	 */
24051 	if (un->un_errstats) {
24052 		struct sd_errstats	*stp = NULL;
24053 
24054 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
24055 		if ((stp->sd_capacity.value.ui64 == 0) &&
24056 		    (un->un_f_blockcount_is_valid == TRUE)) {
24057 			stp->sd_capacity.value.ui64 =
24058 			    (uint64_t)((uint64_t)un->un_blockcount *
24059 			    un->un_sys_blocksize);
24060 		}
24061 	}
24062 	mutex_exit(SD_MUTEX(un));
24063 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: done\n");
24064 	return (rval);
24065 }
24066 
24067 
24068 /*
24069  *    Function: sd_delayed_cv_broadcast
24070  *
24071  * Description: Delayed cv_broadcast to allow for target to recover from media
24072  *		insertion.
24073  *
24074  *   Arguments: arg - driver soft state (unit) structure
24075  */
24076 
24077 static void
24078 sd_delayed_cv_broadcast(void *arg)
24079 {
24080 	struct sd_lun *un = arg;
24081 
24082 	SD_TRACE(SD_LOG_COMMON, un, "sd_delayed_cv_broadcast\n");
24083 
24084 	mutex_enter(SD_MUTEX(un));
24085 	un->un_dcvb_timeid = NULL;
24086 	cv_broadcast(&un->un_state_cv);
24087 	mutex_exit(SD_MUTEX(un));
24088 }
24089 
24090 
24091 /*
24092  *    Function: sd_media_watch_cb
24093  *
24094  * Description: Callback routine used for support of the DKIOCSTATE ioctl. This
24095  *		routine processes the TUR sense data and updates the driver
24096  *		state if a transition has occurred. The user thread
24097  *		(sd_check_media) is then signalled.
24098  *
24099  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
24100  *			among multiple watches that share this callback function
24101  *		resultp - scsi watch facility result packet containing scsi
24102  *			  packet, status byte and sense data
24103  *
24104  * Return Code: 0 for success, -1 for failure
24105  */
24106 
24107 static int
24108 sd_media_watch_cb(caddr_t arg, struct scsi_watch_result *resultp)
24109 {
24110 	struct sd_lun			*un;
24111 	struct scsi_status		*statusp = resultp->statusp;
24112 	struct scsi_extended_sense	*sensep = resultp->sensep;
24113 	enum dkio_state			state = DKIO_NONE;
24114 	dev_t				dev = (dev_t)arg;
24115 	uchar_t				actual_sense_length;
24116 
24117 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24118 		return (-1);
24119 	}
24120 	actual_sense_length = resultp->actual_sense_length;
24121 
24122 	mutex_enter(SD_MUTEX(un));
24123 	SD_TRACE(SD_LOG_COMMON, un,
24124 	    "sd_media_watch_cb: status=%x, sensep=%p, len=%x\n",
24125 	    *((char *)statusp), (void *)sensep, actual_sense_length);
24126 
24127 	if (resultp->pkt->pkt_reason == CMD_DEV_GONE) {
24128 		un->un_mediastate = DKIO_DEV_GONE;
24129 		printf("sd_media_watch_cb: dev gone\n");
24130 		cv_broadcast(&un->un_state_cv);
24131 		mutex_exit(SD_MUTEX(un));
24132 
24133 		return (0);
24134 	}
24135 
24136 	/*
24137 	 * If there was a check condition then sensep points to valid sense data
24138 	 * If status was not a check condition but a reservation or busy status
24139 	 * then the new state is DKIO_NONE
24140 	 */
24141 	if (sensep != NULL) {
24142 		SD_INFO(SD_LOG_COMMON, un,
24143 		    "sd_media_watch_cb: sense KEY=%x, ASC=%x, ASCQ=%x\n",
24144 		    sensep->es_key, sensep->es_add_code, sensep->es_qual_code);
24145 		/* This routine only uses up to 13 bytes of sense data. */
24146 		if (actual_sense_length >= 13) {
24147 			if (sensep->es_key == KEY_UNIT_ATTENTION) {
24148 				if (sensep->es_add_code == 0x28) {
24149 					state = DKIO_INSERTED;
24150 				}
24151 			} else {
24152 				/*
24153 				 * if 02/04/02  means that the host
24154 				 * should send start command. Explicitly
24155 				 * leave the media state as is
24156 				 * (inserted) as the media is inserted
24157 				 * and host has stopped device for PM
24158 				 * reasons. Upon next true read/write
24159 				 * to this media will bring the
24160 				 * device to the right state good for
24161 				 * media access.
24162 				 */
24163 				if ((sensep->es_key == KEY_NOT_READY) &&
24164 				    (sensep->es_add_code == 0x3a)) {
24165 					state = DKIO_EJECTED;
24166 				}
24167 
24168 				/*
24169 				 * If the drivge is busy with an operation
24170 				 * or long write, keep the media in an
24171 				 * inserted state.
24172 				 */
24173 
24174 				if ((sensep->es_key == KEY_NOT_READY) &&
24175 				    (sensep->es_add_code == 0x04) &&
24176 				    ((sensep->es_qual_code == 0x02) ||
24177 				    (sensep->es_qual_code == 0x07) ||
24178 				    (sensep->es_qual_code == 0x08))) {
24179 					state = DKIO_INSERTED;
24180 				}
24181 			}
24182 		}
24183 	} else if ((*((char *)statusp) == STATUS_GOOD) &&
24184 	    (resultp->pkt->pkt_reason == CMD_CMPLT)) {
24185 		state = DKIO_INSERTED;
24186 	}
24187 
24188 	SD_TRACE(SD_LOG_COMMON, un,
24189 	    "sd_media_watch_cb: state=%x, specified=%x\n",
24190 	    state, un->un_specified_mediastate);
24191 
24192 	/*
24193 	 * now signal the waiting thread if this is *not* the specified state;
24194 	 * delay the signal if the state is DKIO_INSERTED to allow the target
24195 	 * to recover
24196 	 */
24197 	if (state != un->un_specified_mediastate) {
24198 		un->un_mediastate = state;
24199 		if (state == DKIO_INSERTED) {
24200 			/*
24201 			 * delay the signal to give the drive a chance
24202 			 * to do what it apparently needs to do
24203 			 */
24204 			SD_TRACE(SD_LOG_COMMON, un,
24205 			    "sd_media_watch_cb: delayed cv_broadcast\n");
24206 			if (un->un_dcvb_timeid == NULL) {
24207 				un->un_dcvb_timeid =
24208 				    timeout(sd_delayed_cv_broadcast, un,
24209 				    drv_usectohz((clock_t)MEDIA_ACCESS_DELAY));
24210 			}
24211 		} else {
24212 			SD_TRACE(SD_LOG_COMMON, un,
24213 			    "sd_media_watch_cb: immediate cv_broadcast\n");
24214 			cv_broadcast(&un->un_state_cv);
24215 		}
24216 	}
24217 	mutex_exit(SD_MUTEX(un));
24218 	return (0);
24219 }
24220 
24221 
24222 /*
24223  *    Function: sd_dkio_get_temp
24224  *
24225  * Description: This routine is the driver entry point for handling ioctl
24226  *		requests to get the disk temperature.
24227  *
24228  *   Arguments: dev  - the device number
24229  *		arg  - pointer to user provided dk_temperature structure.
24230  *		flag - this argument is a pass through to ddi_copyxxx()
24231  *		       directly from the mode argument of ioctl().
24232  *
24233  * Return Code: 0
24234  *		EFAULT
24235  *		ENXIO
24236  *		EAGAIN
24237  */
24238 
24239 static int
24240 sd_dkio_get_temp(dev_t dev, caddr_t arg, int flag)
24241 {
24242 	struct sd_lun		*un = NULL;
24243 	struct dk_temperature	*dktemp = NULL;
24244 	uchar_t			*temperature_page;
24245 	int			rval = 0;
24246 	int			path_flag = SD_PATH_STANDARD;
24247 
24248 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24249 		return (ENXIO);
24250 	}
24251 
24252 	dktemp = kmem_zalloc(sizeof (struct dk_temperature), KM_SLEEP);
24253 
24254 	/* copyin the disk temp argument to get the user flags */
24255 	if (ddi_copyin((void *)arg, dktemp,
24256 	    sizeof (struct dk_temperature), flag) != 0) {
24257 		rval = EFAULT;
24258 		goto done;
24259 	}
24260 
24261 	/* Initialize the temperature to invalid. */
24262 	dktemp->dkt_cur_temp = (short)DKT_INVALID_TEMP;
24263 	dktemp->dkt_ref_temp = (short)DKT_INVALID_TEMP;
24264 
24265 	/*
24266 	 * Note: Investigate removing the "bypass pm" semantic.
24267 	 * Can we just bypass PM always?
24268 	 */
24269 	if (dktemp->dkt_flags & DKT_BYPASS_PM) {
24270 		path_flag = SD_PATH_DIRECT;
24271 		ASSERT(!mutex_owned(&un->un_pm_mutex));
24272 		mutex_enter(&un->un_pm_mutex);
24273 		if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
24274 			/*
24275 			 * If DKT_BYPASS_PM is set, and the drive happens to be
24276 			 * in low power mode, we can not wake it up, Need to
24277 			 * return EAGAIN.
24278 			 */
24279 			mutex_exit(&un->un_pm_mutex);
24280 			rval = EAGAIN;
24281 			goto done;
24282 		} else {
24283 			/*
24284 			 * Indicate to PM the device is busy. This is required
24285 			 * to avoid a race - i.e. the ioctl is issuing a
24286 			 * command and the pm framework brings down the device
24287 			 * to low power mode (possible power cut-off on some
24288 			 * platforms).
24289 			 */
24290 			mutex_exit(&un->un_pm_mutex);
24291 			if (sd_pm_entry(un) != DDI_SUCCESS) {
24292 				rval = EAGAIN;
24293 				goto done;
24294 			}
24295 		}
24296 	}
24297 
24298 	temperature_page = kmem_zalloc(TEMPERATURE_PAGE_SIZE, KM_SLEEP);
24299 
24300 	if ((rval = sd_send_scsi_LOG_SENSE(un, temperature_page,
24301 	    TEMPERATURE_PAGE_SIZE, TEMPERATURE_PAGE, 1, 0, path_flag)) != 0) {
24302 		goto done2;
24303 	}
24304 
24305 	/*
24306 	 * For the current temperature verify that the parameter length is 0x02
24307 	 * and the parameter code is 0x00
24308 	 */
24309 	if ((temperature_page[7] == 0x02) && (temperature_page[4] == 0x00) &&
24310 	    (temperature_page[5] == 0x00)) {
24311 		if (temperature_page[9] == 0xFF) {
24312 			dktemp->dkt_cur_temp = (short)DKT_INVALID_TEMP;
24313 		} else {
24314 			dktemp->dkt_cur_temp = (short)(temperature_page[9]);
24315 		}
24316 	}
24317 
24318 	/*
24319 	 * For the reference temperature verify that the parameter
24320 	 * length is 0x02 and the parameter code is 0x01
24321 	 */
24322 	if ((temperature_page[13] == 0x02) && (temperature_page[10] == 0x00) &&
24323 	    (temperature_page[11] == 0x01)) {
24324 		if (temperature_page[15] == 0xFF) {
24325 			dktemp->dkt_ref_temp = (short)DKT_INVALID_TEMP;
24326 		} else {
24327 			dktemp->dkt_ref_temp = (short)(temperature_page[15]);
24328 		}
24329 	}
24330 
24331 	/* Do the copyout regardless of the temperature commands status. */
24332 	if (ddi_copyout(dktemp, (void *)arg, sizeof (struct dk_temperature),
24333 	    flag) != 0) {
24334 		rval = EFAULT;
24335 	}
24336 
24337 done2:
24338 	if (path_flag == SD_PATH_DIRECT) {
24339 		sd_pm_exit(un);
24340 	}
24341 
24342 	kmem_free(temperature_page, TEMPERATURE_PAGE_SIZE);
24343 done:
24344 	if (dktemp != NULL) {
24345 		kmem_free(dktemp, sizeof (struct dk_temperature));
24346 	}
24347 
24348 	return (rval);
24349 }
24350 
24351 
24352 /*
24353  *    Function: sd_log_page_supported
24354  *
24355  * Description: This routine uses sd_send_scsi_LOG_SENSE to find the list of
24356  *		supported log pages.
24357  *
24358  *   Arguments: un -
24359  *		log_page -
24360  *
24361  * Return Code: -1 - on error (log sense is optional and may not be supported).
24362  *		0  - log page not found.
24363  *  		1  - log page found.
24364  */
24365 
24366 static int
24367 sd_log_page_supported(struct sd_lun *un, int log_page)
24368 {
24369 	uchar_t *log_page_data;
24370 	int	i;
24371 	int	match = 0;
24372 	int	log_size;
24373 
24374 	log_page_data = kmem_zalloc(0xFF, KM_SLEEP);
24375 
24376 	if (sd_send_scsi_LOG_SENSE(un, log_page_data, 0xFF, 0, 0x01, 0,
24377 	    SD_PATH_DIRECT) != 0) {
24378 		SD_ERROR(SD_LOG_COMMON, un,
24379 		    "sd_log_page_supported: failed log page retrieval\n");
24380 		kmem_free(log_page_data, 0xFF);
24381 		return (-1);
24382 	}
24383 	log_size = log_page_data[3];
24384 
24385 	/*
24386 	 * The list of supported log pages start from the fourth byte. Check
24387 	 * until we run out of log pages or a match is found.
24388 	 */
24389 	for (i = 4; (i < (log_size + 4)) && !match; i++) {
24390 		if (log_page_data[i] == log_page) {
24391 			match++;
24392 		}
24393 	}
24394 	kmem_free(log_page_data, 0xFF);
24395 	return (match);
24396 }
24397 
24398 
24399 /*
24400  *    Function: sd_mhdioc_failfast
24401  *
24402  * Description: This routine is the driver entry point for handling ioctl
24403  *		requests to enable/disable the multihost failfast option.
24404  *		(MHIOCENFAILFAST)
24405  *
24406  *   Arguments: dev	- the device number
24407  *		arg	- user specified probing interval.
24408  *		flag	- this argument is a pass through to ddi_copyxxx()
24409  *			  directly from the mode argument of ioctl().
24410  *
24411  * Return Code: 0
24412  *		EFAULT
24413  *		ENXIO
24414  */
24415 
24416 static int
24417 sd_mhdioc_failfast(dev_t dev, caddr_t arg, int flag)
24418 {
24419 	struct sd_lun	*un = NULL;
24420 	int		mh_time;
24421 	int		rval = 0;
24422 
24423 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24424 		return (ENXIO);
24425 	}
24426 
24427 	if (ddi_copyin((void *)arg, &mh_time, sizeof (int), flag))
24428 		return (EFAULT);
24429 
24430 	if (mh_time) {
24431 		mutex_enter(SD_MUTEX(un));
24432 		un->un_resvd_status |= SD_FAILFAST;
24433 		mutex_exit(SD_MUTEX(un));
24434 		/*
24435 		 * If mh_time is INT_MAX, then this ioctl is being used for
24436 		 * SCSI-3 PGR purposes, and we don't need to spawn watch thread.
24437 		 */
24438 		if (mh_time != INT_MAX) {
24439 			rval = sd_check_mhd(dev, mh_time);
24440 		}
24441 	} else {
24442 		(void) sd_check_mhd(dev, 0);
24443 		mutex_enter(SD_MUTEX(un));
24444 		un->un_resvd_status &= ~SD_FAILFAST;
24445 		mutex_exit(SD_MUTEX(un));
24446 	}
24447 	return (rval);
24448 }
24449 
24450 
24451 /*
24452  *    Function: sd_mhdioc_takeown
24453  *
24454  * Description: This routine is the driver entry point for handling ioctl
24455  *		requests to forcefully acquire exclusive access rights to the
24456  *		multihost disk (MHIOCTKOWN).
24457  *
24458  *   Arguments: dev	- the device number
24459  *		arg	- user provided structure specifying the delay
24460  *			  parameters in milliseconds
24461  *		flag	- this argument is a pass through to ddi_copyxxx()
24462  *			  directly from the mode argument of ioctl().
24463  *
24464  * Return Code: 0
24465  *		EFAULT
24466  *		ENXIO
24467  */
24468 
24469 static int
24470 sd_mhdioc_takeown(dev_t dev, caddr_t arg, int flag)
24471 {
24472 	struct sd_lun		*un = NULL;
24473 	struct mhioctkown	*tkown = NULL;
24474 	int			rval = 0;
24475 
24476 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24477 		return (ENXIO);
24478 	}
24479 
24480 	if (arg != NULL) {
24481 		tkown = (struct mhioctkown *)
24482 		    kmem_zalloc(sizeof (struct mhioctkown), KM_SLEEP);
24483 		rval = ddi_copyin(arg, tkown, sizeof (struct mhioctkown), flag);
24484 		if (rval != 0) {
24485 			rval = EFAULT;
24486 			goto error;
24487 		}
24488 	}
24489 
24490 	rval = sd_take_ownership(dev, tkown);
24491 	mutex_enter(SD_MUTEX(un));
24492 	if (rval == 0) {
24493 		un->un_resvd_status |= SD_RESERVE;
24494 		if (tkown != NULL && tkown->reinstate_resv_delay != 0) {
24495 			sd_reinstate_resv_delay =
24496 			    tkown->reinstate_resv_delay * 1000;
24497 		} else {
24498 			sd_reinstate_resv_delay = SD_REINSTATE_RESV_DELAY;
24499 		}
24500 		/*
24501 		 * Give the scsi_watch routine interval set by
24502 		 * the MHIOCENFAILFAST ioctl precedence here.
24503 		 */
24504 		if ((un->un_resvd_status & SD_FAILFAST) == 0) {
24505 			mutex_exit(SD_MUTEX(un));
24506 			(void) sd_check_mhd(dev, sd_reinstate_resv_delay/1000);
24507 			SD_TRACE(SD_LOG_IOCTL_MHD, un,
24508 			    "sd_mhdioc_takeown : %d\n",
24509 			    sd_reinstate_resv_delay);
24510 		} else {
24511 			mutex_exit(SD_MUTEX(un));
24512 		}
24513 		(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_NOTIFY,
24514 		    sd_mhd_reset_notify_cb, (caddr_t)un);
24515 	} else {
24516 		un->un_resvd_status &= ~SD_RESERVE;
24517 		mutex_exit(SD_MUTEX(un));
24518 	}
24519 
24520 error:
24521 	if (tkown != NULL) {
24522 		kmem_free(tkown, sizeof (struct mhioctkown));
24523 	}
24524 	return (rval);
24525 }
24526 
24527 
24528 /*
24529  *    Function: sd_mhdioc_release
24530  *
24531  * Description: This routine is the driver entry point for handling ioctl
24532  *		requests to release exclusive access rights to the multihost
24533  *		disk (MHIOCRELEASE).
24534  *
24535  *   Arguments: dev	- the device number
24536  *
24537  * Return Code: 0
24538  *		ENXIO
24539  */
24540 
24541 static int
24542 sd_mhdioc_release(dev_t dev)
24543 {
24544 	struct sd_lun		*un = NULL;
24545 	timeout_id_t		resvd_timeid_save;
24546 	int			resvd_status_save;
24547 	int			rval = 0;
24548 
24549 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24550 		return (ENXIO);
24551 	}
24552 
24553 	mutex_enter(SD_MUTEX(un));
24554 	resvd_status_save = un->un_resvd_status;
24555 	un->un_resvd_status &=
24556 	    ~(SD_RESERVE | SD_LOST_RESERVE | SD_WANT_RESERVE);
24557 	if (un->un_resvd_timeid) {
24558 		resvd_timeid_save = un->un_resvd_timeid;
24559 		un->un_resvd_timeid = NULL;
24560 		mutex_exit(SD_MUTEX(un));
24561 		(void) untimeout(resvd_timeid_save);
24562 	} else {
24563 		mutex_exit(SD_MUTEX(un));
24564 	}
24565 
24566 	/*
24567 	 * destroy any pending timeout thread that may be attempting to
24568 	 * reinstate reservation on this device.
24569 	 */
24570 	sd_rmv_resv_reclaim_req(dev);
24571 
24572 	if ((rval = sd_reserve_release(dev, SD_RELEASE)) == 0) {
24573 		mutex_enter(SD_MUTEX(un));
24574 		if ((un->un_mhd_token) &&
24575 		    ((un->un_resvd_status & SD_FAILFAST) == 0)) {
24576 			mutex_exit(SD_MUTEX(un));
24577 			(void) sd_check_mhd(dev, 0);
24578 		} else {
24579 			mutex_exit(SD_MUTEX(un));
24580 		}
24581 		(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_CANCEL,
24582 		    sd_mhd_reset_notify_cb, (caddr_t)un);
24583 	} else {
24584 		/*
24585 		 * sd_mhd_watch_cb will restart the resvd recover timeout thread
24586 		 */
24587 		mutex_enter(SD_MUTEX(un));
24588 		un->un_resvd_status = resvd_status_save;
24589 		mutex_exit(SD_MUTEX(un));
24590 	}
24591 	return (rval);
24592 }
24593 
24594 
24595 /*
24596  *    Function: sd_mhdioc_register_devid
24597  *
24598  * Description: This routine is the driver entry point for handling ioctl
24599  *		requests to register the device id (MHIOCREREGISTERDEVID).
24600  *
24601  *		Note: The implementation for this ioctl has been updated to
24602  *		be consistent with the original PSARC case (1999/357)
24603  *		(4375899, 4241671, 4220005)
24604  *
24605  *   Arguments: dev	- the device number
24606  *
24607  * Return Code: 0
24608  *		ENXIO
24609  */
24610 
24611 static int
24612 sd_mhdioc_register_devid(dev_t dev)
24613 {
24614 	struct sd_lun	*un = NULL;
24615 	int		rval = 0;
24616 
24617 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24618 		return (ENXIO);
24619 	}
24620 
24621 	ASSERT(!mutex_owned(SD_MUTEX(un)));
24622 
24623 	mutex_enter(SD_MUTEX(un));
24624 
24625 	/* If a devid already exists, de-register it */
24626 	if (un->un_devid != NULL) {
24627 		ddi_devid_unregister(SD_DEVINFO(un));
24628 		/*
24629 		 * After unregister devid, needs to free devid memory
24630 		 */
24631 		ddi_devid_free(un->un_devid);
24632 		un->un_devid = NULL;
24633 	}
24634 
24635 	/* Check for reservation conflict */
24636 	mutex_exit(SD_MUTEX(un));
24637 	rval = sd_send_scsi_TEST_UNIT_READY(un, 0);
24638 	mutex_enter(SD_MUTEX(un));
24639 
24640 	switch (rval) {
24641 	case 0:
24642 		sd_register_devid(un, SD_DEVINFO(un), SD_TARGET_IS_UNRESERVED);
24643 		break;
24644 	case EACCES:
24645 		break;
24646 	default:
24647 		rval = EIO;
24648 	}
24649 
24650 	mutex_exit(SD_MUTEX(un));
24651 	return (rval);
24652 }
24653 
24654 
24655 /*
24656  *    Function: sd_mhdioc_inkeys
24657  *
24658  * Description: This routine is the driver entry point for handling ioctl
24659  *		requests to issue the SCSI-3 Persistent In Read Keys command
24660  *		to the device (MHIOCGRP_INKEYS).
24661  *
24662  *   Arguments: dev	- the device number
24663  *		arg	- user provided in_keys structure
24664  *		flag	- this argument is a pass through to ddi_copyxxx()
24665  *			  directly from the mode argument of ioctl().
24666  *
24667  * Return Code: code returned by sd_persistent_reservation_in_read_keys()
24668  *		ENXIO
24669  *		EFAULT
24670  */
24671 
24672 static int
24673 sd_mhdioc_inkeys(dev_t dev, caddr_t arg, int flag)
24674 {
24675 	struct sd_lun		*un;
24676 	mhioc_inkeys_t		inkeys;
24677 	int			rval = 0;
24678 
24679 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24680 		return (ENXIO);
24681 	}
24682 
24683 #ifdef _MULTI_DATAMODEL
24684 	switch (ddi_model_convert_from(flag & FMODELS)) {
24685 	case DDI_MODEL_ILP32: {
24686 		struct mhioc_inkeys32	inkeys32;
24687 
24688 		if (ddi_copyin(arg, &inkeys32,
24689 		    sizeof (struct mhioc_inkeys32), flag) != 0) {
24690 			return (EFAULT);
24691 		}
24692 		inkeys.li = (mhioc_key_list_t *)(uintptr_t)inkeys32.li;
24693 		if ((rval = sd_persistent_reservation_in_read_keys(un,
24694 		    &inkeys, flag)) != 0) {
24695 			return (rval);
24696 		}
24697 		inkeys32.generation = inkeys.generation;
24698 		if (ddi_copyout(&inkeys32, arg, sizeof (struct mhioc_inkeys32),
24699 		    flag) != 0) {
24700 			return (EFAULT);
24701 		}
24702 		break;
24703 	}
24704 	case DDI_MODEL_NONE:
24705 		if (ddi_copyin(arg, &inkeys, sizeof (mhioc_inkeys_t),
24706 		    flag) != 0) {
24707 			return (EFAULT);
24708 		}
24709 		if ((rval = sd_persistent_reservation_in_read_keys(un,
24710 		    &inkeys, flag)) != 0) {
24711 			return (rval);
24712 		}
24713 		if (ddi_copyout(&inkeys, arg, sizeof (mhioc_inkeys_t),
24714 		    flag) != 0) {
24715 			return (EFAULT);
24716 		}
24717 		break;
24718 	}
24719 
24720 #else /* ! _MULTI_DATAMODEL */
24721 
24722 	if (ddi_copyin(arg, &inkeys, sizeof (mhioc_inkeys_t), flag) != 0) {
24723 		return (EFAULT);
24724 	}
24725 	rval = sd_persistent_reservation_in_read_keys(un, &inkeys, flag);
24726 	if (rval != 0) {
24727 		return (rval);
24728 	}
24729 	if (ddi_copyout(&inkeys, arg, sizeof (mhioc_inkeys_t), flag) != 0) {
24730 		return (EFAULT);
24731 	}
24732 
24733 #endif /* _MULTI_DATAMODEL */
24734 
24735 	return (rval);
24736 }
24737 
24738 
24739 /*
24740  *    Function: sd_mhdioc_inresv
24741  *
24742  * Description: This routine is the driver entry point for handling ioctl
24743  *		requests to issue the SCSI-3 Persistent In Read Reservations
24744  *		command to the device (MHIOCGRP_INKEYS).
24745  *
24746  *   Arguments: dev	- the device number
24747  *		arg	- user provided in_resv structure
24748  *		flag	- this argument is a pass through to ddi_copyxxx()
24749  *			  directly from the mode argument of ioctl().
24750  *
24751  * Return Code: code returned by sd_persistent_reservation_in_read_resv()
24752  *		ENXIO
24753  *		EFAULT
24754  */
24755 
24756 static int
24757 sd_mhdioc_inresv(dev_t dev, caddr_t arg, int flag)
24758 {
24759 	struct sd_lun		*un;
24760 	mhioc_inresvs_t		inresvs;
24761 	int			rval = 0;
24762 
24763 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24764 		return (ENXIO);
24765 	}
24766 
24767 #ifdef _MULTI_DATAMODEL
24768 
24769 	switch (ddi_model_convert_from(flag & FMODELS)) {
24770 	case DDI_MODEL_ILP32: {
24771 		struct mhioc_inresvs32	inresvs32;
24772 
24773 		if (ddi_copyin(arg, &inresvs32,
24774 		    sizeof (struct mhioc_inresvs32), flag) != 0) {
24775 			return (EFAULT);
24776 		}
24777 		inresvs.li = (mhioc_resv_desc_list_t *)(uintptr_t)inresvs32.li;
24778 		if ((rval = sd_persistent_reservation_in_read_resv(un,
24779 		    &inresvs, flag)) != 0) {
24780 			return (rval);
24781 		}
24782 		inresvs32.generation = inresvs.generation;
24783 		if (ddi_copyout(&inresvs32, arg,
24784 		    sizeof (struct mhioc_inresvs32), flag) != 0) {
24785 			return (EFAULT);
24786 		}
24787 		break;
24788 	}
24789 	case DDI_MODEL_NONE:
24790 		if (ddi_copyin(arg, &inresvs,
24791 		    sizeof (mhioc_inresvs_t), flag) != 0) {
24792 			return (EFAULT);
24793 		}
24794 		if ((rval = sd_persistent_reservation_in_read_resv(un,
24795 		    &inresvs, flag)) != 0) {
24796 			return (rval);
24797 		}
24798 		if (ddi_copyout(&inresvs, arg,
24799 		    sizeof (mhioc_inresvs_t), flag) != 0) {
24800 			return (EFAULT);
24801 		}
24802 		break;
24803 	}
24804 
24805 #else /* ! _MULTI_DATAMODEL */
24806 
24807 	if (ddi_copyin(arg, &inresvs, sizeof (mhioc_inresvs_t), flag) != 0) {
24808 		return (EFAULT);
24809 	}
24810 	rval = sd_persistent_reservation_in_read_resv(un, &inresvs, flag);
24811 	if (rval != 0) {
24812 		return (rval);
24813 	}
24814 	if (ddi_copyout(&inresvs, arg, sizeof (mhioc_inresvs_t), flag)) {
24815 		return (EFAULT);
24816 	}
24817 
24818 #endif /* ! _MULTI_DATAMODEL */
24819 
24820 	return (rval);
24821 }
24822 
24823 
24824 /*
24825  * The following routines support the clustering functionality described below
24826  * and implement lost reservation reclaim functionality.
24827  *
24828  * Clustering
24829  * ----------
24830  * The clustering code uses two different, independent forms of SCSI
24831  * reservation. Traditional SCSI-2 Reserve/Release and the newer SCSI-3
24832  * Persistent Group Reservations. For any particular disk, it will use either
24833  * SCSI-2 or SCSI-3 PGR but never both at the same time for the same disk.
24834  *
24835  * SCSI-2
24836  * The cluster software takes ownership of a multi-hosted disk by issuing the
24837  * MHIOCTKOWN ioctl to the disk driver. It releases ownership by issuing the
24838  * MHIOCRELEASE ioctl.Closely related is the MHIOCENFAILFAST ioctl -- a cluster,
24839  * just after taking ownership of the disk with the MHIOCTKOWN ioctl then issues
24840  * the MHIOCENFAILFAST ioctl.  This ioctl "enables failfast" in the driver. The
24841  * meaning of failfast is that if the driver (on this host) ever encounters the
24842  * scsi error return code RESERVATION_CONFLICT from the device, it should
24843  * immediately panic the host. The motivation for this ioctl is that if this
24844  * host does encounter reservation conflict, the underlying cause is that some
24845  * other host of the cluster has decided that this host is no longer in the
24846  * cluster and has seized control of the disks for itself. Since this host is no
24847  * longer in the cluster, it ought to panic itself. The MHIOCENFAILFAST ioctl
24848  * does two things:
24849  *	(a) it sets a flag that will cause any returned RESERVATION_CONFLICT
24850  *      error to panic the host
24851  *      (b) it sets up a periodic timer to test whether this host still has
24852  *      "access" (in that no other host has reserved the device):  if the
24853  *      periodic timer gets RESERVATION_CONFLICT, the host is panicked. The
24854  *      purpose of that periodic timer is to handle scenarios where the host is
24855  *      otherwise temporarily quiescent, temporarily doing no real i/o.
24856  * The MHIOCTKOWN ioctl will "break" a reservation that is held by another host,
24857  * by issuing a SCSI Bus Device Reset.  It will then issue a SCSI Reserve for
24858  * the device itself.
24859  *
24860  * SCSI-3 PGR
24861  * A direct semantic implementation of the SCSI-3 Persistent Reservation
24862  * facility is supported through the shared multihost disk ioctls
24863  * (MHIOCGRP_INKEYS, MHIOCGRP_INRESV, MHIOCGRP_REGISTER, MHIOCGRP_RESERVE,
24864  * MHIOCGRP_PREEMPTANDABORT)
24865  *
24866  * Reservation Reclaim:
24867  * --------------------
24868  * To support the lost reservation reclaim operations this driver creates a
24869  * single thread to handle reinstating reservations on all devices that have
24870  * lost reservations sd_resv_reclaim_requests are logged for all devices that
24871  * have LOST RESERVATIONS when the scsi watch facility callsback sd_mhd_watch_cb
24872  * and the reservation reclaim thread loops through the requests to regain the
24873  * lost reservations.
24874  */
24875 
24876 /*
24877  *    Function: sd_check_mhd()
24878  *
24879  * Description: This function sets up and submits a scsi watch request or
24880  *		terminates an existing watch request. This routine is used in
24881  *		support of reservation reclaim.
24882  *
24883  *   Arguments: dev    - the device 'dev_t' is used for context to discriminate
24884  *			 among multiple watches that share the callback function
24885  *		interval - the number of microseconds specifying the watch
24886  *			   interval for issuing TEST UNIT READY commands. If
24887  *			   set to 0 the watch should be terminated. If the
24888  *			   interval is set to 0 and if the device is required
24889  *			   to hold reservation while disabling failfast, the
24890  *			   watch is restarted with an interval of
24891  *			   reinstate_resv_delay.
24892  *
24893  * Return Code: 0	   - Successful submit/terminate of scsi watch request
24894  *		ENXIO      - Indicates an invalid device was specified
24895  *		EAGAIN     - Unable to submit the scsi watch request
24896  */
24897 
24898 static int
24899 sd_check_mhd(dev_t dev, int interval)
24900 {
24901 	struct sd_lun	*un;
24902 	opaque_t	token;
24903 
24904 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24905 		return (ENXIO);
24906 	}
24907 
24908 	/* is this a watch termination request? */
24909 	if (interval == 0) {
24910 		mutex_enter(SD_MUTEX(un));
24911 		/* if there is an existing watch task then terminate it */
24912 		if (un->un_mhd_token) {
24913 			token = un->un_mhd_token;
24914 			un->un_mhd_token = NULL;
24915 			mutex_exit(SD_MUTEX(un));
24916 			(void) scsi_watch_request_terminate(token,
24917 			    SCSI_WATCH_TERMINATE_WAIT);
24918 			mutex_enter(SD_MUTEX(un));
24919 		} else {
24920 			mutex_exit(SD_MUTEX(un));
24921 			/*
24922 			 * Note: If we return here we don't check for the
24923 			 * failfast case. This is the original legacy
24924 			 * implementation but perhaps we should be checking
24925 			 * the failfast case.
24926 			 */
24927 			return (0);
24928 		}
24929 		/*
24930 		 * If the device is required to hold reservation while
24931 		 * disabling failfast, we need to restart the scsi_watch
24932 		 * routine with an interval of reinstate_resv_delay.
24933 		 */
24934 		if (un->un_resvd_status & SD_RESERVE) {
24935 			interval = sd_reinstate_resv_delay/1000;
24936 		} else {
24937 			/* no failfast so bail */
24938 			mutex_exit(SD_MUTEX(un));
24939 			return (0);
24940 		}
24941 		mutex_exit(SD_MUTEX(un));
24942 	}
24943 
24944 	/*
24945 	 * adjust minimum time interval to 1 second,
24946 	 * and convert from msecs to usecs
24947 	 */
24948 	if (interval > 0 && interval < 1000) {
24949 		interval = 1000;
24950 	}
24951 	interval *= 1000;
24952 
24953 	/*
24954 	 * submit the request to the scsi_watch service
24955 	 */
24956 	token = scsi_watch_request_submit(SD_SCSI_DEVP(un), interval,
24957 	    SENSE_LENGTH, sd_mhd_watch_cb, (caddr_t)dev);
24958 	if (token == NULL) {
24959 		return (EAGAIN);
24960 	}
24961 
24962 	/*
24963 	 * save token for termination later on
24964 	 */
24965 	mutex_enter(SD_MUTEX(un));
24966 	un->un_mhd_token = token;
24967 	mutex_exit(SD_MUTEX(un));
24968 	return (0);
24969 }
24970 
24971 
24972 /*
24973  *    Function: sd_mhd_watch_cb()
24974  *
24975  * Description: This function is the call back function used by the scsi watch
24976  *		facility. The scsi watch facility sends the "Test Unit Ready"
24977  *		and processes the status. If applicable (i.e. a "Unit Attention"
24978  *		status and automatic "Request Sense" not used) the scsi watch
24979  *		facility will send a "Request Sense" and retrieve the sense data
24980  *		to be passed to this callback function. In either case the
24981  *		automatic "Request Sense" or the facility submitting one, this
24982  *		callback is passed the status and sense data.
24983  *
24984  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
24985  *			among multiple watches that share this callback function
24986  *		resultp - scsi watch facility result packet containing scsi
24987  *			  packet, status byte and sense data
24988  *
24989  * Return Code: 0 - continue the watch task
24990  *		non-zero - terminate the watch task
24991  */
24992 
24993 static int
24994 sd_mhd_watch_cb(caddr_t arg, struct scsi_watch_result *resultp)
24995 {
24996 	struct sd_lun			*un;
24997 	struct scsi_status		*statusp;
24998 	struct scsi_extended_sense	*sensep;
24999 	struct scsi_pkt			*pkt;
25000 	uchar_t				actual_sense_length;
25001 	dev_t  				dev = (dev_t)arg;
25002 
25003 	ASSERT(resultp != NULL);
25004 	statusp			= resultp->statusp;
25005 	sensep			= resultp->sensep;
25006 	pkt			= resultp->pkt;
25007 	actual_sense_length	= resultp->actual_sense_length;
25008 
25009 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25010 		return (ENXIO);
25011 	}
25012 
25013 	SD_TRACE(SD_LOG_IOCTL_MHD, un,
25014 	    "sd_mhd_watch_cb: reason '%s', status '%s'\n",
25015 	    scsi_rname(pkt->pkt_reason), sd_sname(*((unsigned char *)statusp)));
25016 
25017 	/* Begin processing of the status and/or sense data */
25018 	if (pkt->pkt_reason != CMD_CMPLT) {
25019 		/* Handle the incomplete packet */
25020 		sd_mhd_watch_incomplete(un, pkt);
25021 		return (0);
25022 	} else if (*((unsigned char *)statusp) != STATUS_GOOD) {
25023 		if (*((unsigned char *)statusp)
25024 		    == STATUS_RESERVATION_CONFLICT) {
25025 			/*
25026 			 * Handle a reservation conflict by panicking if
25027 			 * configured for failfast or by logging the conflict
25028 			 * and updating the reservation status
25029 			 */
25030 			mutex_enter(SD_MUTEX(un));
25031 			if ((un->un_resvd_status & SD_FAILFAST) &&
25032 			    (sd_failfast_enable)) {
25033 				panic("Reservation Conflict");
25034 				/*NOTREACHED*/
25035 			}
25036 			SD_INFO(SD_LOG_IOCTL_MHD, un,
25037 			    "sd_mhd_watch_cb: Reservation Conflict\n");
25038 			un->un_resvd_status |= SD_RESERVATION_CONFLICT;
25039 			mutex_exit(SD_MUTEX(un));
25040 		}
25041 	}
25042 
25043 	if (sensep != NULL) {
25044 		if (actual_sense_length >= (SENSE_LENGTH - 2)) {
25045 			mutex_enter(SD_MUTEX(un));
25046 			if ((sensep->es_add_code == SD_SCSI_RESET_SENSE_CODE) &&
25047 			    (un->un_resvd_status & SD_RESERVE)) {
25048 				/*
25049 				 * The additional sense code indicates a power
25050 				 * on or bus device reset has occurred; update
25051 				 * the reservation status.
25052 				 */
25053 				un->un_resvd_status |=
25054 				    (SD_LOST_RESERVE | SD_WANT_RESERVE);
25055 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25056 				    "sd_mhd_watch_cb: Lost Reservation\n");
25057 			}
25058 		} else {
25059 			return (0);
25060 		}
25061 	} else {
25062 		mutex_enter(SD_MUTEX(un));
25063 	}
25064 
25065 	if ((un->un_resvd_status & SD_RESERVE) &&
25066 	    (un->un_resvd_status & SD_LOST_RESERVE)) {
25067 		if (un->un_resvd_status & SD_WANT_RESERVE) {
25068 			/*
25069 			 * A reset occurred in between the last probe and this
25070 			 * one so if a timeout is pending cancel it.
25071 			 */
25072 			if (un->un_resvd_timeid) {
25073 				timeout_id_t temp_id = un->un_resvd_timeid;
25074 				un->un_resvd_timeid = NULL;
25075 				mutex_exit(SD_MUTEX(un));
25076 				(void) untimeout(temp_id);
25077 				mutex_enter(SD_MUTEX(un));
25078 			}
25079 			un->un_resvd_status &= ~SD_WANT_RESERVE;
25080 		}
25081 		if (un->un_resvd_timeid == 0) {
25082 			/* Schedule a timeout to handle the lost reservation */
25083 			un->un_resvd_timeid = timeout(sd_mhd_resvd_recover,
25084 			    (void *)dev,
25085 			    drv_usectohz(sd_reinstate_resv_delay));
25086 		}
25087 	}
25088 	mutex_exit(SD_MUTEX(un));
25089 	return (0);
25090 }
25091 
25092 
25093 /*
25094  *    Function: sd_mhd_watch_incomplete()
25095  *
25096  * Description: This function is used to find out why a scsi pkt sent by the
25097  *		scsi watch facility was not completed. Under some scenarios this
25098  *		routine will return. Otherwise it will send a bus reset to see
25099  *		if the drive is still online.
25100  *
25101  *   Arguments: un  - driver soft state (unit) structure
25102  *		pkt - incomplete scsi pkt
25103  */
25104 
25105 static void
25106 sd_mhd_watch_incomplete(struct sd_lun *un, struct scsi_pkt *pkt)
25107 {
25108 	int	be_chatty;
25109 	int	perr;
25110 
25111 	ASSERT(pkt != NULL);
25112 	ASSERT(un != NULL);
25113 	be_chatty	= (!(pkt->pkt_flags & FLAG_SILENT));
25114 	perr		= (pkt->pkt_statistics & STAT_PERR);
25115 
25116 	mutex_enter(SD_MUTEX(un));
25117 	if (un->un_state == SD_STATE_DUMPING) {
25118 		mutex_exit(SD_MUTEX(un));
25119 		return;
25120 	}
25121 
25122 	switch (pkt->pkt_reason) {
25123 	case CMD_UNX_BUS_FREE:
25124 		/*
25125 		 * If we had a parity error that caused the target to drop BSY*,
25126 		 * don't be chatty about it.
25127 		 */
25128 		if (perr && be_chatty) {
25129 			be_chatty = 0;
25130 		}
25131 		break;
25132 	case CMD_TAG_REJECT:
25133 		/*
25134 		 * The SCSI-2 spec states that a tag reject will be sent by the
25135 		 * target if tagged queuing is not supported. A tag reject may
25136 		 * also be sent during certain initialization periods or to
25137 		 * control internal resources. For the latter case the target
25138 		 * may also return Queue Full.
25139 		 *
25140 		 * If this driver receives a tag reject from a target that is
25141 		 * going through an init period or controlling internal
25142 		 * resources tagged queuing will be disabled. This is a less
25143 		 * than optimal behavior but the driver is unable to determine
25144 		 * the target state and assumes tagged queueing is not supported
25145 		 */
25146 		pkt->pkt_flags = 0;
25147 		un->un_tagflags = 0;
25148 
25149 		if (un->un_f_opt_queueing == TRUE) {
25150 			un->un_throttle = min(un->un_throttle, 3);
25151 		} else {
25152 			un->un_throttle = 1;
25153 		}
25154 		mutex_exit(SD_MUTEX(un));
25155 		(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
25156 		mutex_enter(SD_MUTEX(un));
25157 		break;
25158 	case CMD_INCOMPLETE:
25159 		/*
25160 		 * The transport stopped with an abnormal state, fallthrough and
25161 		 * reset the target and/or bus unless selection did not complete
25162 		 * (indicated by STATE_GOT_BUS) in which case we don't want to
25163 		 * go through a target/bus reset
25164 		 */
25165 		if (pkt->pkt_state == STATE_GOT_BUS) {
25166 			break;
25167 		}
25168 		/*FALLTHROUGH*/
25169 
25170 	case CMD_TIMEOUT:
25171 	default:
25172 		/*
25173 		 * The lun may still be running the command, so a lun reset
25174 		 * should be attempted. If the lun reset fails or cannot be
25175 		 * issued, than try a target reset. Lastly try a bus reset.
25176 		 */
25177 		if ((pkt->pkt_statistics &
25178 		    (STAT_BUS_RESET|STAT_DEV_RESET|STAT_ABORTED)) == 0) {
25179 			int reset_retval = 0;
25180 			mutex_exit(SD_MUTEX(un));
25181 			if (un->un_f_allow_bus_device_reset == TRUE) {
25182 				if (un->un_f_lun_reset_enabled == TRUE) {
25183 					reset_retval =
25184 					    scsi_reset(SD_ADDRESS(un),
25185 					    RESET_LUN);
25186 				}
25187 				if (reset_retval == 0) {
25188 					reset_retval =
25189 					    scsi_reset(SD_ADDRESS(un),
25190 					    RESET_TARGET);
25191 				}
25192 			}
25193 			if (reset_retval == 0) {
25194 				(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
25195 			}
25196 			mutex_enter(SD_MUTEX(un));
25197 		}
25198 		break;
25199 	}
25200 
25201 	/* A device/bus reset has occurred; update the reservation status. */
25202 	if ((pkt->pkt_reason == CMD_RESET) || (pkt->pkt_statistics &
25203 	    (STAT_BUS_RESET | STAT_DEV_RESET))) {
25204 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25205 			un->un_resvd_status |=
25206 			    (SD_LOST_RESERVE | SD_WANT_RESERVE);
25207 			SD_INFO(SD_LOG_IOCTL_MHD, un,
25208 			    "sd_mhd_watch_incomplete: Lost Reservation\n");
25209 		}
25210 	}
25211 
25212 	/*
25213 	 * The disk has been turned off; Update the device state.
25214 	 *
25215 	 * Note: Should we be offlining the disk here?
25216 	 */
25217 	if (pkt->pkt_state == STATE_GOT_BUS) {
25218 		SD_INFO(SD_LOG_IOCTL_MHD, un, "sd_mhd_watch_incomplete: "
25219 		    "Disk not responding to selection\n");
25220 		if (un->un_state != SD_STATE_OFFLINE) {
25221 			New_state(un, SD_STATE_OFFLINE);
25222 		}
25223 	} else if (be_chatty) {
25224 		/*
25225 		 * suppress messages if they are all the same pkt reason;
25226 		 * with TQ, many (up to 256) are returned with the same
25227 		 * pkt_reason
25228 		 */
25229 		if (pkt->pkt_reason != un->un_last_pkt_reason) {
25230 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
25231 			    "sd_mhd_watch_incomplete: "
25232 			    "SCSI transport failed: reason '%s'\n",
25233 			    scsi_rname(pkt->pkt_reason));
25234 		}
25235 	}
25236 	un->un_last_pkt_reason = pkt->pkt_reason;
25237 	mutex_exit(SD_MUTEX(un));
25238 }
25239 
25240 
25241 /*
25242  *    Function: sd_sname()
25243  *
25244  * Description: This is a simple little routine to return a string containing
25245  *		a printable description of command status byte for use in
25246  *		logging.
25247  *
25248  *   Arguments: status - pointer to a status byte
25249  *
25250  * Return Code: char * - string containing status description.
25251  */
25252 
25253 static char *
25254 sd_sname(uchar_t status)
25255 {
25256 	switch (status & STATUS_MASK) {
25257 	case STATUS_GOOD:
25258 		return ("good status");
25259 	case STATUS_CHECK:
25260 		return ("check condition");
25261 	case STATUS_MET:
25262 		return ("condition met");
25263 	case STATUS_BUSY:
25264 		return ("busy");
25265 	case STATUS_INTERMEDIATE:
25266 		return ("intermediate");
25267 	case STATUS_INTERMEDIATE_MET:
25268 		return ("intermediate - condition met");
25269 	case STATUS_RESERVATION_CONFLICT:
25270 		return ("reservation_conflict");
25271 	case STATUS_TERMINATED:
25272 		return ("command terminated");
25273 	case STATUS_QFULL:
25274 		return ("queue full");
25275 	default:
25276 		return ("<unknown status>");
25277 	}
25278 }
25279 
25280 
25281 /*
25282  *    Function: sd_mhd_resvd_recover()
25283  *
25284  * Description: This function adds a reservation entry to the
25285  *		sd_resv_reclaim_request list and signals the reservation
25286  *		reclaim thread that there is work pending. If the reservation
25287  *		reclaim thread has not been previously created this function
25288  *		will kick it off.
25289  *
25290  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
25291  *			among multiple watches that share this callback function
25292  *
25293  *     Context: This routine is called by timeout() and is run in interrupt
25294  *		context. It must not sleep or call other functions which may
25295  *		sleep.
25296  */
25297 
25298 static void
25299 sd_mhd_resvd_recover(void *arg)
25300 {
25301 	dev_t			dev = (dev_t)arg;
25302 	struct sd_lun		*un;
25303 	struct sd_thr_request	*sd_treq = NULL;
25304 	struct sd_thr_request	*sd_cur = NULL;
25305 	struct sd_thr_request	*sd_prev = NULL;
25306 	int			already_there = 0;
25307 
25308 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25309 		return;
25310 	}
25311 
25312 	mutex_enter(SD_MUTEX(un));
25313 	un->un_resvd_timeid = NULL;
25314 	if (un->un_resvd_status & SD_WANT_RESERVE) {
25315 		/*
25316 		 * There was a reset so don't issue the reserve, allow the
25317 		 * sd_mhd_watch_cb callback function to notice this and
25318 		 * reschedule the timeout for reservation.
25319 		 */
25320 		mutex_exit(SD_MUTEX(un));
25321 		return;
25322 	}
25323 	mutex_exit(SD_MUTEX(un));
25324 
25325 	/*
25326 	 * Add this device to the sd_resv_reclaim_request list and the
25327 	 * sd_resv_reclaim_thread should take care of the rest.
25328 	 *
25329 	 * Note: We can't sleep in this context so if the memory allocation
25330 	 * fails allow the sd_mhd_watch_cb callback function to notice this and
25331 	 * reschedule the timeout for reservation.  (4378460)
25332 	 */
25333 	sd_treq = (struct sd_thr_request *)
25334 	    kmem_zalloc(sizeof (struct sd_thr_request), KM_NOSLEEP);
25335 	if (sd_treq == NULL) {
25336 		return;
25337 	}
25338 
25339 	sd_treq->sd_thr_req_next = NULL;
25340 	sd_treq->dev = dev;
25341 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25342 	if (sd_tr.srq_thr_req_head == NULL) {
25343 		sd_tr.srq_thr_req_head = sd_treq;
25344 	} else {
25345 		sd_cur = sd_prev = sd_tr.srq_thr_req_head;
25346 		for (; sd_cur != NULL; sd_cur = sd_cur->sd_thr_req_next) {
25347 			if (sd_cur->dev == dev) {
25348 				/*
25349 				 * already in Queue so don't log
25350 				 * another request for the device
25351 				 */
25352 				already_there = 1;
25353 				break;
25354 			}
25355 			sd_prev = sd_cur;
25356 		}
25357 		if (!already_there) {
25358 			SD_INFO(SD_LOG_IOCTL_MHD, un, "sd_mhd_resvd_recover: "
25359 			    "logging request for %lx\n", dev);
25360 			sd_prev->sd_thr_req_next = sd_treq;
25361 		} else {
25362 			kmem_free(sd_treq, sizeof (struct sd_thr_request));
25363 		}
25364 	}
25365 
25366 	/*
25367 	 * Create a kernel thread to do the reservation reclaim and free up this
25368 	 * thread. We cannot block this thread while we go away to do the
25369 	 * reservation reclaim
25370 	 */
25371 	if (sd_tr.srq_resv_reclaim_thread == NULL)
25372 		sd_tr.srq_resv_reclaim_thread = thread_create(NULL, 0,
25373 		    sd_resv_reclaim_thread, NULL,
25374 		    0, &p0, TS_RUN, v.v_maxsyspri - 2);
25375 
25376 	/* Tell the reservation reclaim thread that it has work to do */
25377 	cv_signal(&sd_tr.srq_resv_reclaim_cv);
25378 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25379 }
25380 
25381 /*
25382  *    Function: sd_resv_reclaim_thread()
25383  *
25384  * Description: This function implements the reservation reclaim operations
25385  *
25386  *   Arguments: arg - the device 'dev_t' is used for context to discriminate
25387  *		      among multiple watches that share this callback function
25388  */
25389 
25390 static void
25391 sd_resv_reclaim_thread()
25392 {
25393 	struct sd_lun		*un;
25394 	struct sd_thr_request	*sd_mhreq;
25395 
25396 	/* Wait for work */
25397 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25398 	if (sd_tr.srq_thr_req_head == NULL) {
25399 		cv_wait(&sd_tr.srq_resv_reclaim_cv,
25400 		    &sd_tr.srq_resv_reclaim_mutex);
25401 	}
25402 
25403 	/* Loop while we have work */
25404 	while ((sd_tr.srq_thr_cur_req = sd_tr.srq_thr_req_head) != NULL) {
25405 		un = ddi_get_soft_state(sd_state,
25406 		    SDUNIT(sd_tr.srq_thr_cur_req->dev));
25407 		if (un == NULL) {
25408 			/*
25409 			 * softstate structure is NULL so just
25410 			 * dequeue the request and continue
25411 			 */
25412 			sd_tr.srq_thr_req_head =
25413 			    sd_tr.srq_thr_cur_req->sd_thr_req_next;
25414 			kmem_free(sd_tr.srq_thr_cur_req,
25415 			    sizeof (struct sd_thr_request));
25416 			continue;
25417 		}
25418 
25419 		/* dequeue the request */
25420 		sd_mhreq = sd_tr.srq_thr_cur_req;
25421 		sd_tr.srq_thr_req_head =
25422 		    sd_tr.srq_thr_cur_req->sd_thr_req_next;
25423 		mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25424 
25425 		/*
25426 		 * Reclaim reservation only if SD_RESERVE is still set. There
25427 		 * may have been a call to MHIOCRELEASE before we got here.
25428 		 */
25429 		mutex_enter(SD_MUTEX(un));
25430 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25431 			/*
25432 			 * Note: The SD_LOST_RESERVE flag is cleared before
25433 			 * reclaiming the reservation. If this is done after the
25434 			 * call to sd_reserve_release a reservation loss in the
25435 			 * window between pkt completion of reserve cmd and
25436 			 * mutex_enter below may not be recognized
25437 			 */
25438 			un->un_resvd_status &= ~SD_LOST_RESERVE;
25439 			mutex_exit(SD_MUTEX(un));
25440 
25441 			if (sd_reserve_release(sd_mhreq->dev,
25442 			    SD_RESERVE) == 0) {
25443 				mutex_enter(SD_MUTEX(un));
25444 				un->un_resvd_status |= SD_RESERVE;
25445 				mutex_exit(SD_MUTEX(un));
25446 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25447 				    "sd_resv_reclaim_thread: "
25448 				    "Reservation Recovered\n");
25449 			} else {
25450 				mutex_enter(SD_MUTEX(un));
25451 				un->un_resvd_status |= SD_LOST_RESERVE;
25452 				mutex_exit(SD_MUTEX(un));
25453 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25454 				    "sd_resv_reclaim_thread: Failed "
25455 				    "Reservation Recovery\n");
25456 			}
25457 		} else {
25458 			mutex_exit(SD_MUTEX(un));
25459 		}
25460 		mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25461 		ASSERT(sd_mhreq == sd_tr.srq_thr_cur_req);
25462 		kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25463 		sd_mhreq = sd_tr.srq_thr_cur_req = NULL;
25464 		/*
25465 		 * wakeup the destroy thread if anyone is waiting on
25466 		 * us to complete.
25467 		 */
25468 		cv_signal(&sd_tr.srq_inprocess_cv);
25469 		SD_TRACE(SD_LOG_IOCTL_MHD, un,
25470 		    "sd_resv_reclaim_thread: cv_signalling current request \n");
25471 	}
25472 
25473 	/*
25474 	 * cleanup the sd_tr structure now that this thread will not exist
25475 	 */
25476 	ASSERT(sd_tr.srq_thr_req_head == NULL);
25477 	ASSERT(sd_tr.srq_thr_cur_req == NULL);
25478 	sd_tr.srq_resv_reclaim_thread = NULL;
25479 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25480 	thread_exit();
25481 }
25482 
25483 
25484 /*
25485  *    Function: sd_rmv_resv_reclaim_req()
25486  *
25487  * Description: This function removes any pending reservation reclaim requests
25488  *		for the specified device.
25489  *
25490  *   Arguments: dev - the device 'dev_t'
25491  */
25492 
25493 static void
25494 sd_rmv_resv_reclaim_req(dev_t dev)
25495 {
25496 	struct sd_thr_request *sd_mhreq;
25497 	struct sd_thr_request *sd_prev;
25498 
25499 	/* Remove a reservation reclaim request from the list */
25500 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25501 	if (sd_tr.srq_thr_cur_req && sd_tr.srq_thr_cur_req->dev == dev) {
25502 		/*
25503 		 * We are attempting to reinstate reservation for
25504 		 * this device. We wait for sd_reserve_release()
25505 		 * to return before we return.
25506 		 */
25507 		cv_wait(&sd_tr.srq_inprocess_cv,
25508 		    &sd_tr.srq_resv_reclaim_mutex);
25509 	} else {
25510 		sd_prev = sd_mhreq = sd_tr.srq_thr_req_head;
25511 		if (sd_mhreq && sd_mhreq->dev == dev) {
25512 			sd_tr.srq_thr_req_head = sd_mhreq->sd_thr_req_next;
25513 			kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25514 			mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25515 			return;
25516 		}
25517 		for (; sd_mhreq != NULL; sd_mhreq = sd_mhreq->sd_thr_req_next) {
25518 			if (sd_mhreq && sd_mhreq->dev == dev) {
25519 				break;
25520 			}
25521 			sd_prev = sd_mhreq;
25522 		}
25523 		if (sd_mhreq != NULL) {
25524 			sd_prev->sd_thr_req_next = sd_mhreq->sd_thr_req_next;
25525 			kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25526 		}
25527 	}
25528 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25529 }
25530 
25531 
25532 /*
25533  *    Function: sd_mhd_reset_notify_cb()
25534  *
25535  * Description: This is a call back function for scsi_reset_notify. This
25536  *		function updates the softstate reserved status and logs the
25537  *		reset. The driver scsi watch facility callback function
25538  *		(sd_mhd_watch_cb) and reservation reclaim thread functionality
25539  *		will reclaim the reservation.
25540  *
25541  *   Arguments: arg  - driver soft state (unit) structure
25542  */
25543 
25544 static void
25545 sd_mhd_reset_notify_cb(caddr_t arg)
25546 {
25547 	struct sd_lun *un = (struct sd_lun *)arg;
25548 
25549 	mutex_enter(SD_MUTEX(un));
25550 	if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25551 		un->un_resvd_status |= (SD_LOST_RESERVE | SD_WANT_RESERVE);
25552 		SD_INFO(SD_LOG_IOCTL_MHD, un,
25553 		    "sd_mhd_reset_notify_cb: Lost Reservation\n");
25554 	}
25555 	mutex_exit(SD_MUTEX(un));
25556 }
25557 
25558 
25559 /*
25560  *    Function: sd_take_ownership()
25561  *
25562  * Description: This routine implements an algorithm to achieve a stable
25563  *		reservation on disks which don't implement priority reserve,
25564  *		and makes sure that other host lose re-reservation attempts.
25565  *		This algorithm contains of a loop that keeps issuing the RESERVE
25566  *		for some period of time (min_ownership_delay, default 6 seconds)
25567  *		During that loop, it looks to see if there has been a bus device
25568  *		reset or bus reset (both of which cause an existing reservation
25569  *		to be lost). If the reservation is lost issue RESERVE until a
25570  *		period of min_ownership_delay with no resets has gone by, or
25571  *		until max_ownership_delay has expired. This loop ensures that
25572  *		the host really did manage to reserve the device, in spite of
25573  *		resets. The looping for min_ownership_delay (default six
25574  *		seconds) is important to early generation clustering products,
25575  *		Solstice HA 1.x and Sun Cluster 2.x. Those products use an
25576  *		MHIOCENFAILFAST periodic timer of two seconds. By having
25577  *		MHIOCTKOWN issue Reserves in a loop for six seconds, and having
25578  *		MHIOCENFAILFAST poll every two seconds, the idea is that by the
25579  *		time the MHIOCTKOWN ioctl returns, the other host (if any) will
25580  *		have already noticed, via the MHIOCENFAILFAST polling, that it
25581  *		no longer "owns" the disk and will have panicked itself.  Thus,
25582  *		the host issuing the MHIOCTKOWN is assured (with timing
25583  *		dependencies) that by the time it actually starts to use the
25584  *		disk for real work, the old owner is no longer accessing it.
25585  *
25586  *		min_ownership_delay is the minimum amount of time for which the
25587  *		disk must be reserved continuously devoid of resets before the
25588  *		MHIOCTKOWN ioctl will return success.
25589  *
25590  *		max_ownership_delay indicates the amount of time by which the
25591  *		take ownership should succeed or timeout with an error.
25592  *
25593  *   Arguments: dev - the device 'dev_t'
25594  *		*p  - struct containing timing info.
25595  *
25596  * Return Code: 0 for success or error code
25597  */
25598 
25599 static int
25600 sd_take_ownership(dev_t dev, struct mhioctkown *p)
25601 {
25602 	struct sd_lun	*un;
25603 	int		rval;
25604 	int		err;
25605 	int		reservation_count   = 0;
25606 	int		min_ownership_delay =  6000000; /* in usec */
25607 	int		max_ownership_delay = 30000000; /* in usec */
25608 	clock_t		start_time;	/* starting time of this algorithm */
25609 	clock_t		end_time;	/* time limit for giving up */
25610 	clock_t		ownership_time;	/* time limit for stable ownership */
25611 	clock_t		current_time;
25612 	clock_t		previous_current_time;
25613 
25614 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25615 		return (ENXIO);
25616 	}
25617 
25618 	/*
25619 	 * Attempt a device reservation. A priority reservation is requested.
25620 	 */
25621 	if ((rval = sd_reserve_release(dev, SD_PRIORITY_RESERVE))
25622 	    != SD_SUCCESS) {
25623 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
25624 		    "sd_take_ownership: return(1)=%d\n", rval);
25625 		return (rval);
25626 	}
25627 
25628 	/* Update the softstate reserved status to indicate the reservation */
25629 	mutex_enter(SD_MUTEX(un));
25630 	un->un_resvd_status |= SD_RESERVE;
25631 	un->un_resvd_status &=
25632 	    ~(SD_LOST_RESERVE | SD_WANT_RESERVE | SD_RESERVATION_CONFLICT);
25633 	mutex_exit(SD_MUTEX(un));
25634 
25635 	if (p != NULL) {
25636 		if (p->min_ownership_delay != 0) {
25637 			min_ownership_delay = p->min_ownership_delay * 1000;
25638 		}
25639 		if (p->max_ownership_delay != 0) {
25640 			max_ownership_delay = p->max_ownership_delay * 1000;
25641 		}
25642 	}
25643 	SD_INFO(SD_LOG_IOCTL_MHD, un,
25644 	    "sd_take_ownership: min, max delays: %d, %d\n",
25645 	    min_ownership_delay, max_ownership_delay);
25646 
25647 	start_time = ddi_get_lbolt();
25648 	current_time	= start_time;
25649 	ownership_time	= current_time + drv_usectohz(min_ownership_delay);
25650 	end_time	= start_time + drv_usectohz(max_ownership_delay);
25651 
25652 	while (current_time - end_time < 0) {
25653 		delay(drv_usectohz(500000));
25654 
25655 		if ((err = sd_reserve_release(dev, SD_RESERVE)) != 0) {
25656 			if ((sd_reserve_release(dev, SD_RESERVE)) != 0) {
25657 				mutex_enter(SD_MUTEX(un));
25658 				rval = (un->un_resvd_status &
25659 				    SD_RESERVATION_CONFLICT) ? EACCES : EIO;
25660 				mutex_exit(SD_MUTEX(un));
25661 				break;
25662 			}
25663 		}
25664 		previous_current_time = current_time;
25665 		current_time = ddi_get_lbolt();
25666 		mutex_enter(SD_MUTEX(un));
25667 		if (err || (un->un_resvd_status & SD_LOST_RESERVE)) {
25668 			ownership_time = ddi_get_lbolt() +
25669 			    drv_usectohz(min_ownership_delay);
25670 			reservation_count = 0;
25671 		} else {
25672 			reservation_count++;
25673 		}
25674 		un->un_resvd_status |= SD_RESERVE;
25675 		un->un_resvd_status &= ~(SD_LOST_RESERVE | SD_WANT_RESERVE);
25676 		mutex_exit(SD_MUTEX(un));
25677 
25678 		SD_INFO(SD_LOG_IOCTL_MHD, un,
25679 		    "sd_take_ownership: ticks for loop iteration=%ld, "
25680 		    "reservation=%s\n", (current_time - previous_current_time),
25681 		    reservation_count ? "ok" : "reclaimed");
25682 
25683 		if (current_time - ownership_time >= 0 &&
25684 		    reservation_count >= 4) {
25685 			rval = 0; /* Achieved a stable ownership */
25686 			break;
25687 		}
25688 		if (current_time - end_time >= 0) {
25689 			rval = EACCES; /* No ownership in max possible time */
25690 			break;
25691 		}
25692 	}
25693 	SD_TRACE(SD_LOG_IOCTL_MHD, un,
25694 	    "sd_take_ownership: return(2)=%d\n", rval);
25695 	return (rval);
25696 }
25697 
25698 
25699 /*
25700  *    Function: sd_reserve_release()
25701  *
25702  * Description: This function builds and sends scsi RESERVE, RELEASE, and
25703  *		PRIORITY RESERVE commands based on a user specified command type
25704  *
25705  *   Arguments: dev - the device 'dev_t'
25706  *		cmd - user specified command type; one of SD_PRIORITY_RESERVE,
25707  *		      SD_RESERVE, SD_RELEASE
25708  *
25709  * Return Code: 0 or Error Code
25710  */
25711 
25712 static int
25713 sd_reserve_release(dev_t dev, int cmd)
25714 {
25715 	struct uscsi_cmd	*com = NULL;
25716 	struct sd_lun		*un = NULL;
25717 	char			cdb[CDB_GROUP0];
25718 	int			rval;
25719 
25720 	ASSERT((cmd == SD_RELEASE) || (cmd == SD_RESERVE) ||
25721 	    (cmd == SD_PRIORITY_RESERVE));
25722 
25723 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25724 		return (ENXIO);
25725 	}
25726 
25727 	/* instantiate and initialize the command and cdb */
25728 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
25729 	bzero(cdb, CDB_GROUP0);
25730 	com->uscsi_flags   = USCSI_SILENT;
25731 	com->uscsi_timeout = un->un_reserve_release_time;
25732 	com->uscsi_cdblen  = CDB_GROUP0;
25733 	com->uscsi_cdb	   = cdb;
25734 	if (cmd == SD_RELEASE) {
25735 		cdb[0] = SCMD_RELEASE;
25736 	} else {
25737 		cdb[0] = SCMD_RESERVE;
25738 	}
25739 
25740 	/* Send the command. */
25741 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
25742 	    UIO_SYSSPACE, SD_PATH_STANDARD);
25743 
25744 	/*
25745 	 * "break" a reservation that is held by another host, by issuing a
25746 	 * reset if priority reserve is desired, and we could not get the
25747 	 * device.
25748 	 */
25749 	if ((cmd == SD_PRIORITY_RESERVE) &&
25750 	    (rval != 0) && (com->uscsi_status == STATUS_RESERVATION_CONFLICT)) {
25751 		/*
25752 		 * First try to reset the LUN. If we cannot, then try a target
25753 		 * reset, followed by a bus reset if the target reset fails.
25754 		 */
25755 		int reset_retval = 0;
25756 		if (un->un_f_lun_reset_enabled == TRUE) {
25757 			reset_retval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
25758 		}
25759 		if (reset_retval == 0) {
25760 			/* The LUN reset either failed or was not issued */
25761 			reset_retval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
25762 		}
25763 		if ((reset_retval == 0) &&
25764 		    (scsi_reset(SD_ADDRESS(un), RESET_ALL) == 0)) {
25765 			rval = EIO;
25766 			kmem_free(com, sizeof (*com));
25767 			return (rval);
25768 		}
25769 
25770 		bzero(com, sizeof (struct uscsi_cmd));
25771 		com->uscsi_flags   = USCSI_SILENT;
25772 		com->uscsi_cdb	   = cdb;
25773 		com->uscsi_cdblen  = CDB_GROUP0;
25774 		com->uscsi_timeout = 5;
25775 
25776 		/*
25777 		 * Reissue the last reserve command, this time without request
25778 		 * sense.  Assume that it is just a regular reserve command.
25779 		 */
25780 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
25781 		    UIO_SYSSPACE, SD_PATH_STANDARD);
25782 	}
25783 
25784 	/* Return an error if still getting a reservation conflict. */
25785 	if ((rval != 0) && (com->uscsi_status == STATUS_RESERVATION_CONFLICT)) {
25786 		rval = EACCES;
25787 	}
25788 
25789 	kmem_free(com, sizeof (*com));
25790 	return (rval);
25791 }
25792 
25793 
25794 #define	SD_NDUMP_RETRIES	12
25795 /*
25796  *	System Crash Dump routine
25797  */
25798 
25799 static int
25800 sddump(dev_t dev, caddr_t addr, daddr_t blkno, int nblk)
25801 {
25802 	int		instance;
25803 	int		partition;
25804 	int		i;
25805 	int		err;
25806 	struct sd_lun	*un;
25807 	struct dk_map	*lp;
25808 	struct scsi_pkt *wr_pktp;
25809 	struct buf	*wr_bp;
25810 	struct buf	wr_buf;
25811 	daddr_t		tgt_byte_offset; /* rmw - byte offset for target */
25812 	daddr_t		tgt_blkno;	/* rmw - blkno for target */
25813 	size_t		tgt_byte_count; /* rmw -  # of bytes to xfer */
25814 	size_t		tgt_nblk; /* rmw -  # of tgt blks to xfer */
25815 	size_t		io_start_offset;
25816 	int		doing_rmw = FALSE;
25817 	int		rval;
25818 #if defined(__i386) || defined(__amd64)
25819 	ssize_t dma_resid;
25820 	daddr_t oblkno;
25821 #endif
25822 
25823 	instance = SDUNIT(dev);
25824 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
25825 	    (!un->un_f_geometry_is_valid) || ISCD(un)) {
25826 		return (ENXIO);
25827 	}
25828 
25829 	_NOTE(NOW_INVISIBLE_TO_OTHER_THREADS(*un))
25830 
25831 	SD_TRACE(SD_LOG_DUMP, un, "sddump: entry\n");
25832 
25833 	partition = SDPART(dev);
25834 	SD_INFO(SD_LOG_DUMP, un, "sddump: partition = %d\n", partition);
25835 
25836 	/* Validate blocks to dump at against partition size. */
25837 	lp = &un->un_map[partition];
25838 	if ((blkno + nblk) > lp->dkl_nblk) {
25839 		SD_TRACE(SD_LOG_DUMP, un,
25840 		    "sddump: dump range larger than partition: "
25841 		    "blkno = 0x%x, nblk = 0x%x, dkl_nblk = 0x%x\n",
25842 		    blkno, nblk, lp->dkl_nblk);
25843 		return (EINVAL);
25844 	}
25845 
25846 	mutex_enter(&un->un_pm_mutex);
25847 	if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
25848 		struct scsi_pkt *start_pktp;
25849 
25850 		mutex_exit(&un->un_pm_mutex);
25851 
25852 		/*
25853 		 * use pm framework to power on HBA 1st
25854 		 */
25855 		(void) pm_raise_power(SD_DEVINFO(un), 0, SD_SPINDLE_ON);
25856 
25857 		/*
25858 		 * Dump no long uses sdpower to power on a device, it's
25859 		 * in-line here so it can be done in polled mode.
25860 		 */
25861 
25862 		SD_INFO(SD_LOG_DUMP, un, "sddump: starting device\n");
25863 
25864 		start_pktp = scsi_init_pkt(SD_ADDRESS(un), NULL, NULL,
25865 		    CDB_GROUP0, un->un_status_len, 0, 0, NULL_FUNC, NULL);
25866 
25867 		if (start_pktp == NULL) {
25868 			/* We were not given a SCSI packet, fail. */
25869 			return (EIO);
25870 		}
25871 		bzero(start_pktp->pkt_cdbp, CDB_GROUP0);
25872 		start_pktp->pkt_cdbp[0] = SCMD_START_STOP;
25873 		start_pktp->pkt_cdbp[4] = SD_TARGET_START;
25874 		start_pktp->pkt_flags = FLAG_NOINTR;
25875 
25876 		mutex_enter(SD_MUTEX(un));
25877 		SD_FILL_SCSI1_LUN(un, start_pktp);
25878 		mutex_exit(SD_MUTEX(un));
25879 		/*
25880 		 * Scsi_poll returns 0 (success) if the command completes and
25881 		 * the status block is STATUS_GOOD.
25882 		 */
25883 		if (sd_scsi_poll(un, start_pktp) != 0) {
25884 			scsi_destroy_pkt(start_pktp);
25885 			return (EIO);
25886 		}
25887 		scsi_destroy_pkt(start_pktp);
25888 		(void) sd_ddi_pm_resume(un);
25889 	} else {
25890 		mutex_exit(&un->un_pm_mutex);
25891 	}
25892 
25893 	mutex_enter(SD_MUTEX(un));
25894 	un->un_throttle = 0;
25895 
25896 	/*
25897 	 * The first time through, reset the specific target device.
25898 	 * However, when cpr calls sddump we know that sd is in a
25899 	 * a good state so no bus reset is required.
25900 	 * Clear sense data via Request Sense cmd.
25901 	 * In sddump we don't care about allow_bus_device_reset anymore
25902 	 */
25903 
25904 	if ((un->un_state != SD_STATE_SUSPENDED) &&
25905 	    (un->un_state != SD_STATE_DUMPING)) {
25906 
25907 		New_state(un, SD_STATE_DUMPING);
25908 
25909 		if (un->un_f_is_fibre == FALSE) {
25910 			mutex_exit(SD_MUTEX(un));
25911 			/*
25912 			 * Attempt a bus reset for parallel scsi.
25913 			 *
25914 			 * Note: A bus reset is required because on some host
25915 			 * systems (i.e. E420R) a bus device reset is
25916 			 * insufficient to reset the state of the target.
25917 			 *
25918 			 * Note: Don't issue the reset for fibre-channel,
25919 			 * because this tends to hang the bus (loop) for
25920 			 * too long while everyone is logging out and in
25921 			 * and the deadman timer for dumping will fire
25922 			 * before the dump is complete.
25923 			 */
25924 			if (scsi_reset(SD_ADDRESS(un), RESET_ALL) == 0) {
25925 				mutex_enter(SD_MUTEX(un));
25926 				Restore_state(un);
25927 				mutex_exit(SD_MUTEX(un));
25928 				return (EIO);
25929 			}
25930 
25931 			/* Delay to give the device some recovery time. */
25932 			drv_usecwait(10000);
25933 
25934 			if (sd_send_polled_RQS(un) == SD_FAILURE) {
25935 				SD_INFO(SD_LOG_DUMP, un,
25936 					"sddump: sd_send_polled_RQS failed\n");
25937 			}
25938 			mutex_enter(SD_MUTEX(un));
25939 		}
25940 	}
25941 
25942 	/*
25943 	 * Convert the partition-relative block number to a
25944 	 * disk physical block number.
25945 	 */
25946 	blkno += un->un_offset[partition];
25947 	SD_INFO(SD_LOG_DUMP, un, "sddump: disk blkno = 0x%x\n", blkno);
25948 
25949 
25950 	/*
25951 	 * Check if the device has a non-512 block size.
25952 	 */
25953 	wr_bp = NULL;
25954 	if (NOT_DEVBSIZE(un)) {
25955 		tgt_byte_offset = blkno * un->un_sys_blocksize;
25956 		tgt_byte_count = nblk * un->un_sys_blocksize;
25957 		if ((tgt_byte_offset % un->un_tgt_blocksize) ||
25958 		    (tgt_byte_count % un->un_tgt_blocksize)) {
25959 			doing_rmw = TRUE;
25960 			/*
25961 			 * Calculate the block number and number of block
25962 			 * in terms of the media block size.
25963 			 */
25964 			tgt_blkno = tgt_byte_offset / un->un_tgt_blocksize;
25965 			tgt_nblk =
25966 			    ((tgt_byte_offset + tgt_byte_count +
25967 				(un->un_tgt_blocksize - 1)) /
25968 				un->un_tgt_blocksize) - tgt_blkno;
25969 
25970 			/*
25971 			 * Invoke the routine which is going to do read part
25972 			 * of read-modify-write.
25973 			 * Note that this routine returns a pointer to
25974 			 * a valid bp in wr_bp.
25975 			 */
25976 			err = sddump_do_read_of_rmw(un, tgt_blkno, tgt_nblk,
25977 			    &wr_bp);
25978 			if (err) {
25979 				mutex_exit(SD_MUTEX(un));
25980 				return (err);
25981 			}
25982 			/*
25983 			 * Offset is being calculated as -
25984 			 * (original block # * system block size) -
25985 			 * (new block # * target block size)
25986 			 */
25987 			io_start_offset =
25988 			    ((uint64_t)(blkno * un->un_sys_blocksize)) -
25989 			    ((uint64_t)(tgt_blkno * un->un_tgt_blocksize));
25990 
25991 			ASSERT((io_start_offset >= 0) &&
25992 			    (io_start_offset < un->un_tgt_blocksize));
25993 			/*
25994 			 * Do the modify portion of read modify write.
25995 			 */
25996 			bcopy(addr, &wr_bp->b_un.b_addr[io_start_offset],
25997 			    (size_t)nblk * un->un_sys_blocksize);
25998 		} else {
25999 			doing_rmw = FALSE;
26000 			tgt_blkno = tgt_byte_offset / un->un_tgt_blocksize;
26001 			tgt_nblk = tgt_byte_count / un->un_tgt_blocksize;
26002 		}
26003 
26004 		/* Convert blkno and nblk to target blocks */
26005 		blkno = tgt_blkno;
26006 		nblk = tgt_nblk;
26007 	} else {
26008 		wr_bp = &wr_buf;
26009 		bzero(wr_bp, sizeof (struct buf));
26010 		wr_bp->b_flags		= B_BUSY;
26011 		wr_bp->b_un.b_addr	= addr;
26012 		wr_bp->b_bcount		= nblk << DEV_BSHIFT;
26013 		wr_bp->b_resid		= 0;
26014 	}
26015 
26016 	mutex_exit(SD_MUTEX(un));
26017 
26018 	/*
26019 	 * Obtain a SCSI packet for the write command.
26020 	 * It should be safe to call the allocator here without
26021 	 * worrying about being locked for DVMA mapping because
26022 	 * the address we're passed is already a DVMA mapping
26023 	 *
26024 	 * We are also not going to worry about semaphore ownership
26025 	 * in the dump buffer. Dumping is single threaded at present.
26026 	 */
26027 
26028 	wr_pktp = NULL;
26029 
26030 #if defined(__i386) || defined(__amd64)
26031 	dma_resid = wr_bp->b_bcount;
26032 	oblkno = blkno;
26033 	while (dma_resid != 0) {
26034 #endif
26035 
26036 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
26037 		wr_bp->b_flags &= ~B_ERROR;
26038 
26039 #if defined(__i386) || defined(__amd64)
26040 		blkno = oblkno +
26041 			((wr_bp->b_bcount - dma_resid) /
26042 			    un->un_tgt_blocksize);
26043 		nblk = dma_resid / un->un_tgt_blocksize;
26044 
26045 		if (wr_pktp) {
26046 			/* Partial DMA transfers after initial transfer */
26047 			rval = sd_setup_next_rw_pkt(un, wr_pktp, wr_bp,
26048 			    blkno, nblk);
26049 		} else {
26050 			/* Initial transfer */
26051 			rval = sd_setup_rw_pkt(un, &wr_pktp, wr_bp,
26052 			    un->un_pkt_flags, NULL_FUNC, NULL,
26053 			    blkno, nblk);
26054 		}
26055 #else
26056 		rval = sd_setup_rw_pkt(un, &wr_pktp, wr_bp,
26057 		    0, NULL_FUNC, NULL, blkno, nblk);
26058 #endif
26059 
26060 		if (rval == 0) {
26061 			/* We were given a SCSI packet, continue. */
26062 			break;
26063 		}
26064 
26065 		if (i == 0) {
26066 			if (wr_bp->b_flags & B_ERROR) {
26067 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26068 				    "no resources for dumping; "
26069 				    "error code: 0x%x, retrying",
26070 				    geterror(wr_bp));
26071 			} else {
26072 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26073 				    "no resources for dumping; retrying");
26074 			}
26075 		} else if (i != (SD_NDUMP_RETRIES - 1)) {
26076 			if (wr_bp->b_flags & B_ERROR) {
26077 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26078 				    "no resources for dumping; error code: "
26079 				    "0x%x, retrying\n", geterror(wr_bp));
26080 			}
26081 		} else {
26082 			if (wr_bp->b_flags & B_ERROR) {
26083 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26084 				    "no resources for dumping; "
26085 				    "error code: 0x%x, retries failed, "
26086 				    "giving up.\n", geterror(wr_bp));
26087 			} else {
26088 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26089 				    "no resources for dumping; "
26090 				    "retries failed, giving up.\n");
26091 			}
26092 			mutex_enter(SD_MUTEX(un));
26093 			Restore_state(un);
26094 			if (NOT_DEVBSIZE(un) && (doing_rmw == TRUE)) {
26095 				mutex_exit(SD_MUTEX(un));
26096 				scsi_free_consistent_buf(wr_bp);
26097 			} else {
26098 				mutex_exit(SD_MUTEX(un));
26099 			}
26100 			return (EIO);
26101 		}
26102 		drv_usecwait(10000);
26103 	}
26104 
26105 #if defined(__i386) || defined(__amd64)
26106 	/*
26107 	 * save the resid from PARTIAL_DMA
26108 	 */
26109 	dma_resid = wr_pktp->pkt_resid;
26110 	if (dma_resid != 0)
26111 		nblk -= SD_BYTES2TGTBLOCKS(un, dma_resid);
26112 	wr_pktp->pkt_resid = 0;
26113 #endif
26114 
26115 	/* SunBug 1222170 */
26116 	wr_pktp->pkt_flags = FLAG_NOINTR;
26117 
26118 	err = EIO;
26119 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
26120 
26121 		/*
26122 		 * Scsi_poll returns 0 (success) if the command completes and
26123 		 * the status block is STATUS_GOOD.  We should only check
26124 		 * errors if this condition is not true.  Even then we should
26125 		 * send our own request sense packet only if we have a check
26126 		 * condition and auto request sense has not been performed by
26127 		 * the hba.
26128 		 */
26129 		SD_TRACE(SD_LOG_DUMP, un, "sddump: sending write\n");
26130 
26131 		if ((sd_scsi_poll(un, wr_pktp) == 0) &&
26132 		    (wr_pktp->pkt_resid == 0)) {
26133 			err = SD_SUCCESS;
26134 			break;
26135 		}
26136 
26137 		/*
26138 		 * Check CMD_DEV_GONE 1st, give up if device is gone.
26139 		 */
26140 		if (wr_pktp->pkt_reason == CMD_DEV_GONE) {
26141 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26142 			    "Device is gone\n");
26143 			break;
26144 		}
26145 
26146 		if (SD_GET_PKT_STATUS(wr_pktp) == STATUS_CHECK) {
26147 			SD_INFO(SD_LOG_DUMP, un,
26148 			    "sddump: write failed with CHECK, try # %d\n", i);
26149 			if (((wr_pktp->pkt_state & STATE_ARQ_DONE) == 0)) {
26150 				(void) sd_send_polled_RQS(un);
26151 			}
26152 
26153 			continue;
26154 		}
26155 
26156 		if (SD_GET_PKT_STATUS(wr_pktp) == STATUS_BUSY) {
26157 			int reset_retval = 0;
26158 
26159 			SD_INFO(SD_LOG_DUMP, un,
26160 			    "sddump: write failed with BUSY, try # %d\n", i);
26161 
26162 			if (un->un_f_lun_reset_enabled == TRUE) {
26163 				reset_retval = scsi_reset(SD_ADDRESS(un),
26164 				    RESET_LUN);
26165 			}
26166 			if (reset_retval == 0) {
26167 				(void) scsi_reset(SD_ADDRESS(un), RESET_TARGET);
26168 			}
26169 			(void) sd_send_polled_RQS(un);
26170 
26171 		} else {
26172 			SD_INFO(SD_LOG_DUMP, un,
26173 			    "sddump: write failed with 0x%x, try # %d\n",
26174 			    SD_GET_PKT_STATUS(wr_pktp), i);
26175 			mutex_enter(SD_MUTEX(un));
26176 			sd_reset_target(un, wr_pktp);
26177 			mutex_exit(SD_MUTEX(un));
26178 		}
26179 
26180 		/*
26181 		 * If we are not getting anywhere with lun/target resets,
26182 		 * let's reset the bus.
26183 		 */
26184 		if (i == SD_NDUMP_RETRIES/2) {
26185 			(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
26186 			(void) sd_send_polled_RQS(un);
26187 		}
26188 
26189 	}
26190 #if defined(__i386) || defined(__amd64)
26191 	}	/* dma_resid */
26192 #endif
26193 
26194 	scsi_destroy_pkt(wr_pktp);
26195 	mutex_enter(SD_MUTEX(un));
26196 	if ((NOT_DEVBSIZE(un)) && (doing_rmw == TRUE)) {
26197 		mutex_exit(SD_MUTEX(un));
26198 		scsi_free_consistent_buf(wr_bp);
26199 	} else {
26200 		mutex_exit(SD_MUTEX(un));
26201 	}
26202 	SD_TRACE(SD_LOG_DUMP, un, "sddump: exit: err = %d\n", err);
26203 	return (err);
26204 }
26205 
26206 /*
26207  *    Function: sd_scsi_poll()
26208  *
26209  * Description: This is a wrapper for the scsi_poll call.
26210  *
26211  *   Arguments: sd_lun - The unit structure
26212  *              scsi_pkt - The scsi packet being sent to the device.
26213  *
26214  * Return Code: 0 - Command completed successfully with good status
26215  *             -1 - Command failed.  This could indicate a check condition
26216  *                  or other status value requiring recovery action.
26217  *
26218  */
26219 
26220 static int
26221 sd_scsi_poll(struct sd_lun *un, struct scsi_pkt *pktp)
26222 {
26223 	int status;
26224 
26225 	ASSERT(un != NULL);
26226 	ASSERT(!mutex_owned(SD_MUTEX(un)));
26227 	ASSERT(pktp != NULL);
26228 
26229 	status = SD_SUCCESS;
26230 
26231 	if (scsi_ifgetcap(&pktp->pkt_address, "tagged-qing", 1) == 1) {
26232 		pktp->pkt_flags |= un->un_tagflags;
26233 		pktp->pkt_flags &= ~FLAG_NODISCON;
26234 	}
26235 
26236 	status = sd_ddi_scsi_poll(pktp);
26237 	/*
26238 	 * Scsi_poll returns 0 (success) if the command completes and the
26239 	 * status block is STATUS_GOOD.  We should only check errors if this
26240 	 * condition is not true.  Even then we should send our own request
26241 	 * sense packet only if we have a check condition and auto
26242 	 * request sense has not been performed by the hba.
26243 	 * Don't get RQS data if pkt_reason is CMD_DEV_GONE.
26244 	 */
26245 	if ((status != SD_SUCCESS) &&
26246 	    (SD_GET_PKT_STATUS(pktp) == STATUS_CHECK) &&
26247 	    (pktp->pkt_state & STATE_ARQ_DONE) == 0 &&
26248 	    (pktp->pkt_reason != CMD_DEV_GONE))
26249 		(void) sd_send_polled_RQS(un);
26250 
26251 	return (status);
26252 }
26253 
26254 /*
26255  *    Function: sd_send_polled_RQS()
26256  *
26257  * Description: This sends the request sense command to a device.
26258  *
26259  *   Arguments: sd_lun - The unit structure
26260  *
26261  * Return Code: 0 - Command completed successfully with good status
26262  *             -1 - Command failed.
26263  *
26264  */
26265 
26266 static int
26267 sd_send_polled_RQS(struct sd_lun *un)
26268 {
26269 	int	ret_val;
26270 	struct	scsi_pkt	*rqs_pktp;
26271 	struct	buf		*rqs_bp;
26272 
26273 	ASSERT(un != NULL);
26274 	ASSERT(!mutex_owned(SD_MUTEX(un)));
26275 
26276 	ret_val = SD_SUCCESS;
26277 
26278 	rqs_pktp = un->un_rqs_pktp;
26279 	rqs_bp	 = un->un_rqs_bp;
26280 
26281 	mutex_enter(SD_MUTEX(un));
26282 
26283 	if (un->un_sense_isbusy) {
26284 		ret_val = SD_FAILURE;
26285 		mutex_exit(SD_MUTEX(un));
26286 		return (ret_val);
26287 	}
26288 
26289 	/*
26290 	 * If the request sense buffer (and packet) is not in use,
26291 	 * let's set the un_sense_isbusy and send our packet
26292 	 */
26293 	un->un_sense_isbusy 	= 1;
26294 	rqs_pktp->pkt_resid  	= 0;
26295 	rqs_pktp->pkt_reason 	= 0;
26296 	rqs_pktp->pkt_flags |= FLAG_NOINTR;
26297 	bzero(rqs_bp->b_un.b_addr, SENSE_LENGTH);
26298 
26299 	mutex_exit(SD_MUTEX(un));
26300 
26301 	SD_INFO(SD_LOG_COMMON, un, "sd_send_polled_RQS: req sense buf at"
26302 	    " 0x%p\n", rqs_bp->b_un.b_addr);
26303 
26304 	/*
26305 	 * Can't send this to sd_scsi_poll, we wrap ourselves around the
26306 	 * axle - it has a call into us!
26307 	 */
26308 	if ((ret_val = sd_ddi_scsi_poll(rqs_pktp)) != 0) {
26309 		SD_INFO(SD_LOG_COMMON, un,
26310 		    "sd_send_polled_RQS: RQS failed\n");
26311 	}
26312 
26313 	SD_DUMP_MEMORY(un, SD_LOG_COMMON, "sd_send_polled_RQS:",
26314 	    (uchar_t *)rqs_bp->b_un.b_addr, SENSE_LENGTH, SD_LOG_HEX);
26315 
26316 	mutex_enter(SD_MUTEX(un));
26317 	un->un_sense_isbusy = 0;
26318 	mutex_exit(SD_MUTEX(un));
26319 
26320 	return (ret_val);
26321 }
26322 
26323 /*
26324  * Defines needed for localized version of the scsi_poll routine.
26325  */
26326 #define	SD_CSEC		10000			/* usecs */
26327 #define	SD_SEC_TO_CSEC	(1000000/SD_CSEC)
26328 
26329 
26330 /*
26331  *    Function: sd_ddi_scsi_poll()
26332  *
26333  * Description: Localized version of the scsi_poll routine.  The purpose is to
26334  *		send a scsi_pkt to a device as a polled command.  This version
26335  *		is to ensure more robust handling of transport errors.
26336  *		Specifically this routine cures not ready, coming ready
26337  *		transition for power up and reset of sonoma's.  This can take
26338  *		up to 45 seconds for power-on and 20 seconds for reset of a
26339  * 		sonoma lun.
26340  *
26341  *   Arguments: scsi_pkt - The scsi_pkt being sent to a device
26342  *
26343  * Return Code: 0 - Command completed successfully with good status
26344  *             -1 - Command failed.
26345  *
26346  */
26347 
26348 static int
26349 sd_ddi_scsi_poll(struct scsi_pkt *pkt)
26350 {
26351 	int busy_count;
26352 	int timeout;
26353 	int rval = SD_FAILURE;
26354 	int savef;
26355 	struct scsi_extended_sense *sensep;
26356 	long savet;
26357 	void (*savec)();
26358 	/*
26359 	 * The following is defined in machdep.c and is used in determining if
26360 	 * the scsi transport system will do polled I/O instead of interrupt
26361 	 * I/O when called from xx_dump().
26362 	 */
26363 	extern int do_polled_io;
26364 
26365 	/*
26366 	 * save old flags in pkt, to restore at end
26367 	 */
26368 	savef = pkt->pkt_flags;
26369 	savec = pkt->pkt_comp;
26370 	savet = pkt->pkt_time;
26371 
26372 	pkt->pkt_flags |= FLAG_NOINTR;
26373 
26374 	/*
26375 	 * XXX there is nothing in the SCSA spec that states that we should not
26376 	 * do a callback for polled cmds; however, removing this will break sd
26377 	 * and probably other target drivers
26378 	 */
26379 	pkt->pkt_comp = NULL;
26380 
26381 	/*
26382 	 * we don't like a polled command without timeout.
26383 	 * 60 seconds seems long enough.
26384 	 */
26385 	if (pkt->pkt_time == 0) {
26386 		pkt->pkt_time = SCSI_POLL_TIMEOUT;
26387 	}
26388 
26389 	/*
26390 	 * Send polled cmd.
26391 	 *
26392 	 * We do some error recovery for various errors.  Tran_busy,
26393 	 * queue full, and non-dispatched commands are retried every 10 msec.
26394 	 * as they are typically transient failures.  Busy status and Not
26395 	 * Ready are retried every second as this status takes a while to
26396 	 * change.  Unit attention is retried for pkt_time (60) times
26397 	 * with no delay.
26398 	 */
26399 	timeout = pkt->pkt_time * SD_SEC_TO_CSEC;
26400 
26401 	for (busy_count = 0; busy_count < timeout; busy_count++) {
26402 		int rc;
26403 		int poll_delay;
26404 
26405 		/*
26406 		 * Initialize pkt status variables.
26407 		 */
26408 		*pkt->pkt_scbp = pkt->pkt_reason = pkt->pkt_state = 0;
26409 
26410 		if ((rc = scsi_transport(pkt)) != TRAN_ACCEPT) {
26411 			if (rc != TRAN_BUSY) {
26412 				/* Transport failed - give up. */
26413 				break;
26414 			} else {
26415 				/* Transport busy - try again. */
26416 				poll_delay = 1 * SD_CSEC; /* 10 msec */
26417 			}
26418 		} else {
26419 			/*
26420 			 * Transport accepted - check pkt status.
26421 			 */
26422 			rc = (*pkt->pkt_scbp) & STATUS_MASK;
26423 			if (pkt->pkt_reason == CMD_CMPLT &&
26424 			    rc == STATUS_CHECK &&
26425 			    pkt->pkt_state & STATE_ARQ_DONE) {
26426 				struct scsi_arq_status *arqstat =
26427 				    (struct scsi_arq_status *)(pkt->pkt_scbp);
26428 
26429 				sensep = &arqstat->sts_sensedata;
26430 			} else {
26431 				sensep = NULL;
26432 			}
26433 
26434 			if ((pkt->pkt_reason == CMD_CMPLT) &&
26435 			    (rc == STATUS_GOOD)) {
26436 				/* No error - we're done */
26437 				rval = SD_SUCCESS;
26438 				break;
26439 
26440 			} else if (pkt->pkt_reason == CMD_DEV_GONE) {
26441 				/* Lost connection - give up */
26442 				break;
26443 
26444 			} else if ((pkt->pkt_reason == CMD_INCOMPLETE) &&
26445 			    (pkt->pkt_state == 0)) {
26446 				/* Pkt not dispatched - try again. */
26447 				poll_delay = 1 * SD_CSEC; /* 10 msec. */
26448 
26449 			} else if ((pkt->pkt_reason == CMD_CMPLT) &&
26450 			    (rc == STATUS_QFULL)) {
26451 				/* Queue full - try again. */
26452 				poll_delay = 1 * SD_CSEC; /* 10 msec. */
26453 
26454 			} else if ((pkt->pkt_reason == CMD_CMPLT) &&
26455 			    (rc == STATUS_BUSY)) {
26456 				/* Busy - try again. */
26457 				poll_delay = 100 * SD_CSEC; /* 1 sec. */
26458 				busy_count += (SD_SEC_TO_CSEC - 1);
26459 
26460 			} else if ((sensep != NULL) &&
26461 			    (sensep->es_key == KEY_UNIT_ATTENTION)) {
26462 				/* Unit Attention - try again */
26463 				busy_count += (SD_SEC_TO_CSEC - 1); /* 1 */
26464 				continue;
26465 
26466 			} else if ((sensep != NULL) &&
26467 			    (sensep->es_key == KEY_NOT_READY) &&
26468 			    (sensep->es_add_code == 0x04) &&
26469 			    (sensep->es_qual_code == 0x01)) {
26470 				/* Not ready -> ready - try again. */
26471 				poll_delay = 100 * SD_CSEC; /* 1 sec. */
26472 				busy_count += (SD_SEC_TO_CSEC - 1);
26473 
26474 			} else {
26475 				/* BAD status - give up. */
26476 				break;
26477 			}
26478 		}
26479 
26480 		if ((curthread->t_flag & T_INTR_THREAD) == 0 &&
26481 		    !do_polled_io) {
26482 			delay(drv_usectohz(poll_delay));
26483 		} else {
26484 			/* we busy wait during cpr_dump or interrupt threads */
26485 			drv_usecwait(poll_delay);
26486 		}
26487 	}
26488 
26489 	pkt->pkt_flags = savef;
26490 	pkt->pkt_comp = savec;
26491 	pkt->pkt_time = savet;
26492 	return (rval);
26493 }
26494 
26495 
26496 /*
26497  *    Function: sd_persistent_reservation_in_read_keys
26498  *
26499  * Description: This routine is the driver entry point for handling CD-ROM
26500  *		multi-host persistent reservation requests (MHIOCGRP_INKEYS)
26501  *		by sending the SCSI-3 PRIN commands to the device.
26502  *		Processes the read keys command response by copying the
26503  *		reservation key information into the user provided buffer.
26504  *		Support for the 32/64 bit _MULTI_DATAMODEL is implemented.
26505  *
26506  *   Arguments: un   -  Pointer to soft state struct for the target.
26507  *		usrp -	user provided pointer to multihost Persistent In Read
26508  *			Keys structure (mhioc_inkeys_t)
26509  *		flag -	this argument is a pass through to ddi_copyxxx()
26510  *			directly from the mode argument of ioctl().
26511  *
26512  * Return Code: 0   - Success
26513  *		EACCES
26514  *		ENOTSUP
26515  *		errno return code from sd_send_scsi_cmd()
26516  *
26517  *     Context: Can sleep. Does not return until command is completed.
26518  */
26519 
26520 static int
26521 sd_persistent_reservation_in_read_keys(struct sd_lun *un,
26522     mhioc_inkeys_t *usrp, int flag)
26523 {
26524 #ifdef _MULTI_DATAMODEL
26525 	struct mhioc_key_list32	li32;
26526 #endif
26527 	sd_prin_readkeys_t	*in;
26528 	mhioc_inkeys_t		*ptr;
26529 	mhioc_key_list_t	li;
26530 	uchar_t			*data_bufp;
26531 	int 			data_len;
26532 	int			rval;
26533 	size_t			copysz;
26534 
26535 	if ((ptr = (mhioc_inkeys_t *)usrp) == NULL) {
26536 		return (EINVAL);
26537 	}
26538 	bzero(&li, sizeof (mhioc_key_list_t));
26539 
26540 	/*
26541 	 * Get the listsize from user
26542 	 */
26543 #ifdef _MULTI_DATAMODEL
26544 
26545 	switch (ddi_model_convert_from(flag & FMODELS)) {
26546 	case DDI_MODEL_ILP32:
26547 		copysz = sizeof (struct mhioc_key_list32);
26548 		if (ddi_copyin(ptr->li, &li32, copysz, flag)) {
26549 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26550 			    "sd_persistent_reservation_in_read_keys: "
26551 			    "failed ddi_copyin: mhioc_key_list32_t\n");
26552 			rval = EFAULT;
26553 			goto done;
26554 		}
26555 		li.listsize = li32.listsize;
26556 		li.list = (mhioc_resv_key_t *)(uintptr_t)li32.list;
26557 		break;
26558 
26559 	case DDI_MODEL_NONE:
26560 		copysz = sizeof (mhioc_key_list_t);
26561 		if (ddi_copyin(ptr->li, &li, copysz, flag)) {
26562 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26563 			    "sd_persistent_reservation_in_read_keys: "
26564 			    "failed ddi_copyin: mhioc_key_list_t\n");
26565 			rval = EFAULT;
26566 			goto done;
26567 		}
26568 		break;
26569 	}
26570 
26571 #else /* ! _MULTI_DATAMODEL */
26572 	copysz = sizeof (mhioc_key_list_t);
26573 	if (ddi_copyin(ptr->li, &li, copysz, flag)) {
26574 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26575 		    "sd_persistent_reservation_in_read_keys: "
26576 		    "failed ddi_copyin: mhioc_key_list_t\n");
26577 		rval = EFAULT;
26578 		goto done;
26579 	}
26580 #endif
26581 
26582 	data_len  = li.listsize * MHIOC_RESV_KEY_SIZE;
26583 	data_len += (sizeof (sd_prin_readkeys_t) - sizeof (caddr_t));
26584 	data_bufp = kmem_zalloc(data_len, KM_SLEEP);
26585 
26586 	if ((rval = sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_KEYS,
26587 	    data_len, data_bufp)) != 0) {
26588 		goto done;
26589 	}
26590 	in = (sd_prin_readkeys_t *)data_bufp;
26591 	ptr->generation = BE_32(in->generation);
26592 	li.listlen = BE_32(in->len) / MHIOC_RESV_KEY_SIZE;
26593 
26594 	/*
26595 	 * Return the min(listsize, listlen) keys
26596 	 */
26597 #ifdef _MULTI_DATAMODEL
26598 
26599 	switch (ddi_model_convert_from(flag & FMODELS)) {
26600 	case DDI_MODEL_ILP32:
26601 		li32.listlen = li.listlen;
26602 		if (ddi_copyout(&li32, ptr->li, copysz, flag)) {
26603 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26604 			    "sd_persistent_reservation_in_read_keys: "
26605 			    "failed ddi_copyout: mhioc_key_list32_t\n");
26606 			rval = EFAULT;
26607 			goto done;
26608 		}
26609 		break;
26610 
26611 	case DDI_MODEL_NONE:
26612 		if (ddi_copyout(&li, ptr->li, copysz, flag)) {
26613 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26614 			    "sd_persistent_reservation_in_read_keys: "
26615 			    "failed ddi_copyout: mhioc_key_list_t\n");
26616 			rval = EFAULT;
26617 			goto done;
26618 		}
26619 		break;
26620 	}
26621 
26622 #else /* ! _MULTI_DATAMODEL */
26623 
26624 	if (ddi_copyout(&li, ptr->li, copysz, flag)) {
26625 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26626 		    "sd_persistent_reservation_in_read_keys: "
26627 		    "failed ddi_copyout: mhioc_key_list_t\n");
26628 		rval = EFAULT;
26629 		goto done;
26630 	}
26631 
26632 #endif /* _MULTI_DATAMODEL */
26633 
26634 	copysz = min(li.listlen * MHIOC_RESV_KEY_SIZE,
26635 	    li.listsize * MHIOC_RESV_KEY_SIZE);
26636 	if (ddi_copyout(&in->keylist, li.list, copysz, flag)) {
26637 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26638 		    "sd_persistent_reservation_in_read_keys: "
26639 		    "failed ddi_copyout: keylist\n");
26640 		rval = EFAULT;
26641 	}
26642 done:
26643 	kmem_free(data_bufp, data_len);
26644 	return (rval);
26645 }
26646 
26647 
26648 /*
26649  *    Function: sd_persistent_reservation_in_read_resv
26650  *
26651  * Description: This routine is the driver entry point for handling CD-ROM
26652  *		multi-host persistent reservation requests (MHIOCGRP_INRESV)
26653  *		by sending the SCSI-3 PRIN commands to the device.
26654  *		Process the read persistent reservations command response by
26655  *		copying the reservation information into the user provided
26656  *		buffer. Support for the 32/64 _MULTI_DATAMODEL is implemented.
26657  *
26658  *   Arguments: un   -  Pointer to soft state struct for the target.
26659  *		usrp -	user provided pointer to multihost Persistent In Read
26660  *			Keys structure (mhioc_inkeys_t)
26661  *		flag -	this argument is a pass through to ddi_copyxxx()
26662  *			directly from the mode argument of ioctl().
26663  *
26664  * Return Code: 0   - Success
26665  *		EACCES
26666  *		ENOTSUP
26667  *		errno return code from sd_send_scsi_cmd()
26668  *
26669  *     Context: Can sleep. Does not return until command is completed.
26670  */
26671 
26672 static int
26673 sd_persistent_reservation_in_read_resv(struct sd_lun *un,
26674     mhioc_inresvs_t *usrp, int flag)
26675 {
26676 #ifdef _MULTI_DATAMODEL
26677 	struct mhioc_resv_desc_list32 resvlist32;
26678 #endif
26679 	sd_prin_readresv_t	*in;
26680 	mhioc_inresvs_t		*ptr;
26681 	sd_readresv_desc_t	*readresv_ptr;
26682 	mhioc_resv_desc_list_t	resvlist;
26683 	mhioc_resv_desc_t 	resvdesc;
26684 	uchar_t			*data_bufp;
26685 	int 			data_len;
26686 	int			rval;
26687 	int			i;
26688 	size_t			copysz;
26689 	mhioc_resv_desc_t	*bufp;
26690 
26691 	if ((ptr = usrp) == NULL) {
26692 		return (EINVAL);
26693 	}
26694 
26695 	/*
26696 	 * Get the listsize from user
26697 	 */
26698 #ifdef _MULTI_DATAMODEL
26699 	switch (ddi_model_convert_from(flag & FMODELS)) {
26700 	case DDI_MODEL_ILP32:
26701 		copysz = sizeof (struct mhioc_resv_desc_list32);
26702 		if (ddi_copyin(ptr->li, &resvlist32, copysz, flag)) {
26703 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26704 			    "sd_persistent_reservation_in_read_resv: "
26705 			    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26706 			rval = EFAULT;
26707 			goto done;
26708 		}
26709 		resvlist.listsize = resvlist32.listsize;
26710 		resvlist.list = (mhioc_resv_desc_t *)(uintptr_t)resvlist32.list;
26711 		break;
26712 
26713 	case DDI_MODEL_NONE:
26714 		copysz = sizeof (mhioc_resv_desc_list_t);
26715 		if (ddi_copyin(ptr->li, &resvlist, copysz, flag)) {
26716 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26717 			    "sd_persistent_reservation_in_read_resv: "
26718 			    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26719 			rval = EFAULT;
26720 			goto done;
26721 		}
26722 		break;
26723 	}
26724 #else /* ! _MULTI_DATAMODEL */
26725 	copysz = sizeof (mhioc_resv_desc_list_t);
26726 	if (ddi_copyin(ptr->li, &resvlist, copysz, flag)) {
26727 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26728 		    "sd_persistent_reservation_in_read_resv: "
26729 		    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26730 		rval = EFAULT;
26731 		goto done;
26732 	}
26733 #endif /* ! _MULTI_DATAMODEL */
26734 
26735 	data_len  = resvlist.listsize * SCSI3_RESV_DESC_LEN;
26736 	data_len += (sizeof (sd_prin_readresv_t) - sizeof (caddr_t));
26737 	data_bufp = kmem_zalloc(data_len, KM_SLEEP);
26738 
26739 	if ((rval = sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_RESV,
26740 	    data_len, data_bufp)) != 0) {
26741 		goto done;
26742 	}
26743 	in = (sd_prin_readresv_t *)data_bufp;
26744 	ptr->generation = BE_32(in->generation);
26745 	resvlist.listlen = BE_32(in->len) / SCSI3_RESV_DESC_LEN;
26746 
26747 	/*
26748 	 * Return the min(listsize, listlen( keys
26749 	 */
26750 #ifdef _MULTI_DATAMODEL
26751 
26752 	switch (ddi_model_convert_from(flag & FMODELS)) {
26753 	case DDI_MODEL_ILP32:
26754 		resvlist32.listlen = resvlist.listlen;
26755 		if (ddi_copyout(&resvlist32, ptr->li, copysz, flag)) {
26756 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26757 			    "sd_persistent_reservation_in_read_resv: "
26758 			    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26759 			rval = EFAULT;
26760 			goto done;
26761 		}
26762 		break;
26763 
26764 	case DDI_MODEL_NONE:
26765 		if (ddi_copyout(&resvlist, ptr->li, copysz, flag)) {
26766 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26767 			    "sd_persistent_reservation_in_read_resv: "
26768 			    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26769 			rval = EFAULT;
26770 			goto done;
26771 		}
26772 		break;
26773 	}
26774 
26775 #else /* ! _MULTI_DATAMODEL */
26776 
26777 	if (ddi_copyout(&resvlist, ptr->li, copysz, flag)) {
26778 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26779 		    "sd_persistent_reservation_in_read_resv: "
26780 		    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26781 		rval = EFAULT;
26782 		goto done;
26783 	}
26784 
26785 #endif /* ! _MULTI_DATAMODEL */
26786 
26787 	readresv_ptr = (sd_readresv_desc_t *)&in->readresv_desc;
26788 	bufp = resvlist.list;
26789 	copysz = sizeof (mhioc_resv_desc_t);
26790 	for (i = 0; i < min(resvlist.listlen, resvlist.listsize);
26791 	    i++, readresv_ptr++, bufp++) {
26792 
26793 		bcopy(&readresv_ptr->resvkey, &resvdesc.key,
26794 		    MHIOC_RESV_KEY_SIZE);
26795 		resvdesc.type  = readresv_ptr->type;
26796 		resvdesc.scope = readresv_ptr->scope;
26797 		resvdesc.scope_specific_addr =
26798 		    BE_32(readresv_ptr->scope_specific_addr);
26799 
26800 		if (ddi_copyout(&resvdesc, bufp, copysz, flag)) {
26801 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26802 			    "sd_persistent_reservation_in_read_resv: "
26803 			    "failed ddi_copyout: resvlist\n");
26804 			rval = EFAULT;
26805 			goto done;
26806 		}
26807 	}
26808 done:
26809 	kmem_free(data_bufp, data_len);
26810 	return (rval);
26811 }
26812 
26813 
26814 /*
26815  *    Function: sr_change_blkmode()
26816  *
26817  * Description: This routine is the driver entry point for handling CD-ROM
26818  *		block mode ioctl requests. Support for returning and changing
26819  *		the current block size in use by the device is implemented. The
26820  *		LBA size is changed via a MODE SELECT Block Descriptor.
26821  *
26822  *		This routine issues a mode sense with an allocation length of
26823  *		12 bytes for the mode page header and a single block descriptor.
26824  *
26825  *   Arguments: dev - the device 'dev_t'
26826  *		cmd - the request type; one of CDROMGBLKMODE (get) or
26827  *		      CDROMSBLKMODE (set)
26828  *		data - current block size or requested block size
26829  *		flag - this argument is a pass through to ddi_copyxxx() directly
26830  *		       from the mode argument of ioctl().
26831  *
26832  * Return Code: the code returned by sd_send_scsi_cmd()
26833  *		EINVAL if invalid arguments are provided
26834  *		EFAULT if ddi_copyxxx() fails
26835  *		ENXIO if fail ddi_get_soft_state
26836  *		EIO if invalid mode sense block descriptor length
26837  *
26838  */
26839 
26840 static int
26841 sr_change_blkmode(dev_t dev, int cmd, intptr_t data, int flag)
26842 {
26843 	struct sd_lun			*un = NULL;
26844 	struct mode_header		*sense_mhp, *select_mhp;
26845 	struct block_descriptor		*sense_desc, *select_desc;
26846 	int				current_bsize;
26847 	int				rval = EINVAL;
26848 	uchar_t				*sense = NULL;
26849 	uchar_t				*select = NULL;
26850 
26851 	ASSERT((cmd == CDROMGBLKMODE) || (cmd == CDROMSBLKMODE));
26852 
26853 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
26854 		return (ENXIO);
26855 	}
26856 
26857 	/*
26858 	 * The block length is changed via the Mode Select block descriptor, the
26859 	 * "Read/Write Error Recovery" mode page (0x1) contents are not actually
26860 	 * required as part of this routine. Therefore the mode sense allocation
26861 	 * length is specified to be the length of a mode page header and a
26862 	 * block descriptor.
26863 	 */
26864 	sense = kmem_zalloc(BUFLEN_CHG_BLK_MODE, KM_SLEEP);
26865 
26866 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
26867 	    BUFLEN_CHG_BLK_MODE, MODEPAGE_ERR_RECOV, SD_PATH_STANDARD)) != 0) {
26868 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26869 		    "sr_change_blkmode: Mode Sense Failed\n");
26870 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26871 		return (rval);
26872 	}
26873 
26874 	/* Check the block descriptor len to handle only 1 block descriptor */
26875 	sense_mhp = (struct mode_header *)sense;
26876 	if ((sense_mhp->bdesc_length == 0) ||
26877 	    (sense_mhp->bdesc_length > MODE_BLK_DESC_LENGTH)) {
26878 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26879 		    "sr_change_blkmode: Mode Sense returned invalid block"
26880 		    " descriptor length\n");
26881 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26882 		return (EIO);
26883 	}
26884 	sense_desc = (struct block_descriptor *)(sense + MODE_HEADER_LENGTH);
26885 	current_bsize = ((sense_desc->blksize_hi << 16) |
26886 	    (sense_desc->blksize_mid << 8) | sense_desc->blksize_lo);
26887 
26888 	/* Process command */
26889 	switch (cmd) {
26890 	case CDROMGBLKMODE:
26891 		/* Return the block size obtained during the mode sense */
26892 		if (ddi_copyout(&current_bsize, (void *)data,
26893 		    sizeof (int), flag) != 0)
26894 			rval = EFAULT;
26895 		break;
26896 	case CDROMSBLKMODE:
26897 		/* Validate the requested block size */
26898 		switch (data) {
26899 		case CDROM_BLK_512:
26900 		case CDROM_BLK_1024:
26901 		case CDROM_BLK_2048:
26902 		case CDROM_BLK_2056:
26903 		case CDROM_BLK_2336:
26904 		case CDROM_BLK_2340:
26905 		case CDROM_BLK_2352:
26906 		case CDROM_BLK_2368:
26907 		case CDROM_BLK_2448:
26908 		case CDROM_BLK_2646:
26909 		case CDROM_BLK_2647:
26910 			break;
26911 		default:
26912 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26913 			    "sr_change_blkmode: "
26914 			    "Block Size '%ld' Not Supported\n", data);
26915 			kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26916 			return (EINVAL);
26917 		}
26918 
26919 		/*
26920 		 * The current block size matches the requested block size so
26921 		 * there is no need to send the mode select to change the size
26922 		 */
26923 		if (current_bsize == data) {
26924 			break;
26925 		}
26926 
26927 		/* Build the select data for the requested block size */
26928 		select = kmem_zalloc(BUFLEN_CHG_BLK_MODE, KM_SLEEP);
26929 		select_mhp = (struct mode_header *)select;
26930 		select_desc =
26931 		    (struct block_descriptor *)(select + MODE_HEADER_LENGTH);
26932 		/*
26933 		 * The LBA size is changed via the block descriptor, so the
26934 		 * descriptor is built according to the user data
26935 		 */
26936 		select_mhp->bdesc_length = MODE_BLK_DESC_LENGTH;
26937 		select_desc->blksize_hi  = (char)(((data) & 0x00ff0000) >> 16);
26938 		select_desc->blksize_mid = (char)(((data) & 0x0000ff00) >> 8);
26939 		select_desc->blksize_lo  = (char)((data) & 0x000000ff);
26940 
26941 		/* Send the mode select for the requested block size */
26942 		if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0,
26943 		    select, BUFLEN_CHG_BLK_MODE, SD_DONTSAVE_PAGE,
26944 		    SD_PATH_STANDARD)) != 0) {
26945 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26946 			    "sr_change_blkmode: Mode Select Failed\n");
26947 			/*
26948 			 * The mode select failed for the requested block size,
26949 			 * so reset the data for the original block size and
26950 			 * send it to the target. The error is indicated by the
26951 			 * return value for the failed mode select.
26952 			 */
26953 			select_desc->blksize_hi  = sense_desc->blksize_hi;
26954 			select_desc->blksize_mid = sense_desc->blksize_mid;
26955 			select_desc->blksize_lo  = sense_desc->blksize_lo;
26956 			(void) sd_send_scsi_MODE_SELECT(un, CDB_GROUP0,
26957 			    select, BUFLEN_CHG_BLK_MODE, SD_DONTSAVE_PAGE,
26958 			    SD_PATH_STANDARD);
26959 		} else {
26960 			ASSERT(!mutex_owned(SD_MUTEX(un)));
26961 			mutex_enter(SD_MUTEX(un));
26962 			sd_update_block_info(un, (uint32_t)data, 0);
26963 
26964 			mutex_exit(SD_MUTEX(un));
26965 		}
26966 		break;
26967 	default:
26968 		/* should not reach here, but check anyway */
26969 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26970 		    "sr_change_blkmode: Command '%x' Not Supported\n", cmd);
26971 		rval = EINVAL;
26972 		break;
26973 	}
26974 
26975 	if (select) {
26976 		kmem_free(select, BUFLEN_CHG_BLK_MODE);
26977 	}
26978 	if (sense) {
26979 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26980 	}
26981 	return (rval);
26982 }
26983 
26984 
26985 /*
26986  * Note: The following sr_change_speed() and sr_atapi_change_speed() routines
26987  * implement driver support for getting and setting the CD speed. The command
26988  * set used will be based on the device type. If the device has not been
26989  * identified as MMC the Toshiba vendor specific mode page will be used. If
26990  * the device is MMC but does not support the Real Time Streaming feature
26991  * the SET CD SPEED command will be used to set speed and mode page 0x2A will
26992  * be used to read the speed.
26993  */
26994 
26995 /*
26996  *    Function: sr_change_speed()
26997  *
26998  * Description: This routine is the driver entry point for handling CD-ROM
26999  *		drive speed ioctl requests for devices supporting the Toshiba
27000  *		vendor specific drive speed mode page. Support for returning
27001  *		and changing the current drive speed in use by the device is
27002  *		implemented.
27003  *
27004  *   Arguments: dev - the device 'dev_t'
27005  *		cmd - the request type; one of CDROMGDRVSPEED (get) or
27006  *		      CDROMSDRVSPEED (set)
27007  *		data - current drive speed or requested drive speed
27008  *		flag - this argument is a pass through to ddi_copyxxx() directly
27009  *		       from the mode argument of ioctl().
27010  *
27011  * Return Code: the code returned by sd_send_scsi_cmd()
27012  *		EINVAL if invalid arguments are provided
27013  *		EFAULT if ddi_copyxxx() fails
27014  *		ENXIO if fail ddi_get_soft_state
27015  *		EIO if invalid mode sense block descriptor length
27016  */
27017 
27018 static int
27019 sr_change_speed(dev_t dev, int cmd, intptr_t data, int flag)
27020 {
27021 	struct sd_lun			*un = NULL;
27022 	struct mode_header		*sense_mhp, *select_mhp;
27023 	struct mode_speed		*sense_page, *select_page;
27024 	int				current_speed;
27025 	int				rval = EINVAL;
27026 	int				bd_len;
27027 	uchar_t				*sense = NULL;
27028 	uchar_t				*select = NULL;
27029 
27030 	ASSERT((cmd == CDROMGDRVSPEED) || (cmd == CDROMSDRVSPEED));
27031 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27032 		return (ENXIO);
27033 	}
27034 
27035 	/*
27036 	 * Note: The drive speed is being modified here according to a Toshiba
27037 	 * vendor specific mode page (0x31).
27038 	 */
27039 	sense = kmem_zalloc(BUFLEN_MODE_CDROM_SPEED, KM_SLEEP);
27040 
27041 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
27042 	    BUFLEN_MODE_CDROM_SPEED, CDROM_MODE_SPEED,
27043 	    SD_PATH_STANDARD)) != 0) {
27044 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27045 		    "sr_change_speed: Mode Sense Failed\n");
27046 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27047 		return (rval);
27048 	}
27049 	sense_mhp  = (struct mode_header *)sense;
27050 
27051 	/* Check the block descriptor len to handle only 1 block descriptor */
27052 	bd_len = sense_mhp->bdesc_length;
27053 	if (bd_len > MODE_BLK_DESC_LENGTH) {
27054 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27055 		    "sr_change_speed: Mode Sense returned invalid block "
27056 		    "descriptor length\n");
27057 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27058 		return (EIO);
27059 	}
27060 
27061 	sense_page = (struct mode_speed *)
27062 	    (sense + MODE_HEADER_LENGTH + sense_mhp->bdesc_length);
27063 	current_speed = sense_page->speed;
27064 
27065 	/* Process command */
27066 	switch (cmd) {
27067 	case CDROMGDRVSPEED:
27068 		/* Return the drive speed obtained during the mode sense */
27069 		if (current_speed == 0x2) {
27070 			current_speed = CDROM_TWELVE_SPEED;
27071 		}
27072 		if (ddi_copyout(&current_speed, (void *)data,
27073 		    sizeof (int), flag) != 0) {
27074 			rval = EFAULT;
27075 		}
27076 		break;
27077 	case CDROMSDRVSPEED:
27078 		/* Validate the requested drive speed */
27079 		switch ((uchar_t)data) {
27080 		case CDROM_TWELVE_SPEED:
27081 			data = 0x2;
27082 			/*FALLTHROUGH*/
27083 		case CDROM_NORMAL_SPEED:
27084 		case CDROM_DOUBLE_SPEED:
27085 		case CDROM_QUAD_SPEED:
27086 		case CDROM_MAXIMUM_SPEED:
27087 			break;
27088 		default:
27089 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27090 			    "sr_change_speed: "
27091 			    "Drive Speed '%d' Not Supported\n", (uchar_t)data);
27092 			kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27093 			return (EINVAL);
27094 		}
27095 
27096 		/*
27097 		 * The current drive speed matches the requested drive speed so
27098 		 * there is no need to send the mode select to change the speed
27099 		 */
27100 		if (current_speed == data) {
27101 			break;
27102 		}
27103 
27104 		/* Build the select data for the requested drive speed */
27105 		select = kmem_zalloc(BUFLEN_MODE_CDROM_SPEED, KM_SLEEP);
27106 		select_mhp = (struct mode_header *)select;
27107 		select_mhp->bdesc_length = 0;
27108 		select_page =
27109 		    (struct mode_speed *)(select + MODE_HEADER_LENGTH);
27110 		select_page =
27111 		    (struct mode_speed *)(select + MODE_HEADER_LENGTH);
27112 		select_page->mode_page.code = CDROM_MODE_SPEED;
27113 		select_page->mode_page.length = 2;
27114 		select_page->speed = (uchar_t)data;
27115 
27116 		/* Send the mode select for the requested block size */
27117 		if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
27118 		    MODEPAGE_CDROM_SPEED_LEN + MODE_HEADER_LENGTH,
27119 		    SD_DONTSAVE_PAGE, SD_PATH_STANDARD)) != 0) {
27120 			/*
27121 			 * The mode select failed for the requested drive speed,
27122 			 * so reset the data for the original drive speed and
27123 			 * send it to the target. The error is indicated by the
27124 			 * return value for the failed mode select.
27125 			 */
27126 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27127 			    "sr_drive_speed: Mode Select Failed\n");
27128 			select_page->speed = sense_page->speed;
27129 			(void) sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
27130 			    MODEPAGE_CDROM_SPEED_LEN + MODE_HEADER_LENGTH,
27131 			    SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
27132 		}
27133 		break;
27134 	default:
27135 		/* should not reach here, but check anyway */
27136 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27137 		    "sr_change_speed: Command '%x' Not Supported\n", cmd);
27138 		rval = EINVAL;
27139 		break;
27140 	}
27141 
27142 	if (select) {
27143 		kmem_free(select, BUFLEN_MODE_CDROM_SPEED);
27144 	}
27145 	if (sense) {
27146 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27147 	}
27148 
27149 	return (rval);
27150 }
27151 
27152 
27153 /*
27154  *    Function: sr_atapi_change_speed()
27155  *
27156  * Description: This routine is the driver entry point for handling CD-ROM
27157  *		drive speed ioctl requests for MMC devices that do not support
27158  *		the Real Time Streaming feature (0x107).
27159  *
27160  *		Note: This routine will use the SET SPEED command which may not
27161  *		be supported by all devices.
27162  *
27163  *   Arguments: dev- the device 'dev_t'
27164  *		cmd- the request type; one of CDROMGDRVSPEED (get) or
27165  *		     CDROMSDRVSPEED (set)
27166  *		data- current drive speed or requested drive speed
27167  *		flag- this argument is a pass through to ddi_copyxxx() directly
27168  *		      from the mode argument of ioctl().
27169  *
27170  * Return Code: the code returned by sd_send_scsi_cmd()
27171  *		EINVAL if invalid arguments are provided
27172  *		EFAULT if ddi_copyxxx() fails
27173  *		ENXIO if fail ddi_get_soft_state
27174  *		EIO if invalid mode sense block descriptor length
27175  */
27176 
27177 static int
27178 sr_atapi_change_speed(dev_t dev, int cmd, intptr_t data, int flag)
27179 {
27180 	struct sd_lun			*un;
27181 	struct uscsi_cmd		*com = NULL;
27182 	struct mode_header_grp2		*sense_mhp;
27183 	uchar_t				*sense_page;
27184 	uchar_t				*sense = NULL;
27185 	char				cdb[CDB_GROUP5];
27186 	int				bd_len;
27187 	int				current_speed = 0;
27188 	int				max_speed = 0;
27189 	int				rval;
27190 
27191 	ASSERT((cmd == CDROMGDRVSPEED) || (cmd == CDROMSDRVSPEED));
27192 
27193 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27194 		return (ENXIO);
27195 	}
27196 
27197 	sense = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
27198 
27199 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense,
27200 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP,
27201 	    SD_PATH_STANDARD)) != 0) {
27202 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27203 		    "sr_atapi_change_speed: Mode Sense Failed\n");
27204 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27205 		return (rval);
27206 	}
27207 
27208 	/* Check the block descriptor len to handle only 1 block descriptor */
27209 	sense_mhp = (struct mode_header_grp2 *)sense;
27210 	bd_len = (sense_mhp->bdesc_length_hi << 8) | sense_mhp->bdesc_length_lo;
27211 	if (bd_len > MODE_BLK_DESC_LENGTH) {
27212 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27213 		    "sr_atapi_change_speed: Mode Sense returned invalid "
27214 		    "block descriptor length\n");
27215 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27216 		return (EIO);
27217 	}
27218 
27219 	/* Calculate the current and maximum drive speeds */
27220 	sense_page = (uchar_t *)(sense + MODE_HEADER_LENGTH_GRP2 + bd_len);
27221 	current_speed = (sense_page[14] << 8) | sense_page[15];
27222 	max_speed = (sense_page[8] << 8) | sense_page[9];
27223 
27224 	/* Process the command */
27225 	switch (cmd) {
27226 	case CDROMGDRVSPEED:
27227 		current_speed /= SD_SPEED_1X;
27228 		if (ddi_copyout(&current_speed, (void *)data,
27229 		    sizeof (int), flag) != 0)
27230 			rval = EFAULT;
27231 		break;
27232 	case CDROMSDRVSPEED:
27233 		/* Convert the speed code to KB/sec */
27234 		switch ((uchar_t)data) {
27235 		case CDROM_NORMAL_SPEED:
27236 			current_speed = SD_SPEED_1X;
27237 			break;
27238 		case CDROM_DOUBLE_SPEED:
27239 			current_speed = 2 * SD_SPEED_1X;
27240 			break;
27241 		case CDROM_QUAD_SPEED:
27242 			current_speed = 4 * SD_SPEED_1X;
27243 			break;
27244 		case CDROM_TWELVE_SPEED:
27245 			current_speed = 12 * SD_SPEED_1X;
27246 			break;
27247 		case CDROM_MAXIMUM_SPEED:
27248 			current_speed = 0xffff;
27249 			break;
27250 		default:
27251 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27252 			    "sr_atapi_change_speed: invalid drive speed %d\n",
27253 			    (uchar_t)data);
27254 			kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27255 			return (EINVAL);
27256 		}
27257 
27258 		/* Check the request against the drive's max speed. */
27259 		if (current_speed != 0xffff) {
27260 			if (current_speed > max_speed) {
27261 				kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27262 				return (EINVAL);
27263 			}
27264 		}
27265 
27266 		/*
27267 		 * Build and send the SET SPEED command
27268 		 *
27269 		 * Note: The SET SPEED (0xBB) command used in this routine is
27270 		 * obsolete per the SCSI MMC spec but still supported in the
27271 		 * MT FUJI vendor spec. Most equipment is adhereing to MT FUJI
27272 		 * therefore the command is still implemented in this routine.
27273 		 */
27274 		bzero(cdb, sizeof (cdb));
27275 		cdb[0] = (char)SCMD_SET_CDROM_SPEED;
27276 		cdb[2] = (uchar_t)(current_speed >> 8);
27277 		cdb[3] = (uchar_t)current_speed;
27278 		com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27279 		com->uscsi_cdb	   = (caddr_t)cdb;
27280 		com->uscsi_cdblen  = CDB_GROUP5;
27281 		com->uscsi_bufaddr = NULL;
27282 		com->uscsi_buflen  = 0;
27283 		com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT;
27284 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, 0,
27285 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27286 		break;
27287 	default:
27288 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27289 		    "sr_atapi_change_speed: Command '%x' Not Supported\n", cmd);
27290 		rval = EINVAL;
27291 	}
27292 
27293 	if (sense) {
27294 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27295 	}
27296 	if (com) {
27297 		kmem_free(com, sizeof (*com));
27298 	}
27299 	return (rval);
27300 }
27301 
27302 
27303 /*
27304  *    Function: sr_pause_resume()
27305  *
27306  * Description: This routine is the driver entry point for handling CD-ROM
27307  *		pause/resume ioctl requests. This only affects the audio play
27308  *		operation.
27309  *
27310  *   Arguments: dev - the device 'dev_t'
27311  *		cmd - the request type; one of CDROMPAUSE or CDROMRESUME, used
27312  *		      for setting the resume bit of the cdb.
27313  *
27314  * Return Code: the code returned by sd_send_scsi_cmd()
27315  *		EINVAL if invalid mode specified
27316  *
27317  */
27318 
27319 static int
27320 sr_pause_resume(dev_t dev, int cmd)
27321 {
27322 	struct sd_lun		*un;
27323 	struct uscsi_cmd	*com;
27324 	char			cdb[CDB_GROUP1];
27325 	int			rval;
27326 
27327 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27328 		return (ENXIO);
27329 	}
27330 
27331 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27332 	bzero(cdb, CDB_GROUP1);
27333 	cdb[0] = SCMD_PAUSE_RESUME;
27334 	switch (cmd) {
27335 	case CDROMRESUME:
27336 		cdb[8] = 1;
27337 		break;
27338 	case CDROMPAUSE:
27339 		cdb[8] = 0;
27340 		break;
27341 	default:
27342 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_pause_resume:"
27343 		    " Command '%x' Not Supported\n", cmd);
27344 		rval = EINVAL;
27345 		goto done;
27346 	}
27347 
27348 	com->uscsi_cdb    = cdb;
27349 	com->uscsi_cdblen = CDB_GROUP1;
27350 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27351 
27352 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27353 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27354 
27355 done:
27356 	kmem_free(com, sizeof (*com));
27357 	return (rval);
27358 }
27359 
27360 
27361 /*
27362  *    Function: sr_play_msf()
27363  *
27364  * Description: This routine is the driver entry point for handling CD-ROM
27365  *		ioctl requests to output the audio signals at the specified
27366  *		starting address and continue the audio play until the specified
27367  *		ending address (CDROMPLAYMSF) The address is in Minute Second
27368  *		Frame (MSF) format.
27369  *
27370  *   Arguments: dev	- the device 'dev_t'
27371  *		data	- pointer to user provided audio msf structure,
27372  *		          specifying start/end addresses.
27373  *		flag	- this argument is a pass through to ddi_copyxxx()
27374  *		          directly from the mode argument of ioctl().
27375  *
27376  * Return Code: the code returned by sd_send_scsi_cmd()
27377  *		EFAULT if ddi_copyxxx() fails
27378  *		ENXIO if fail ddi_get_soft_state
27379  *		EINVAL if data pointer is NULL
27380  */
27381 
27382 static int
27383 sr_play_msf(dev_t dev, caddr_t data, int flag)
27384 {
27385 	struct sd_lun		*un;
27386 	struct uscsi_cmd	*com;
27387 	struct cdrom_msf	msf_struct;
27388 	struct cdrom_msf	*msf = &msf_struct;
27389 	char			cdb[CDB_GROUP1];
27390 	int			rval;
27391 
27392 	if (data == NULL) {
27393 		return (EINVAL);
27394 	}
27395 
27396 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27397 		return (ENXIO);
27398 	}
27399 
27400 	if (ddi_copyin(data, msf, sizeof (struct cdrom_msf), flag)) {
27401 		return (EFAULT);
27402 	}
27403 
27404 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27405 	bzero(cdb, CDB_GROUP1);
27406 	cdb[0] = SCMD_PLAYAUDIO_MSF;
27407 	if (un->un_f_cfg_playmsf_bcd == TRUE) {
27408 		cdb[3] = BYTE_TO_BCD(msf->cdmsf_min0);
27409 		cdb[4] = BYTE_TO_BCD(msf->cdmsf_sec0);
27410 		cdb[5] = BYTE_TO_BCD(msf->cdmsf_frame0);
27411 		cdb[6] = BYTE_TO_BCD(msf->cdmsf_min1);
27412 		cdb[7] = BYTE_TO_BCD(msf->cdmsf_sec1);
27413 		cdb[8] = BYTE_TO_BCD(msf->cdmsf_frame1);
27414 	} else {
27415 		cdb[3] = msf->cdmsf_min0;
27416 		cdb[4] = msf->cdmsf_sec0;
27417 		cdb[5] = msf->cdmsf_frame0;
27418 		cdb[6] = msf->cdmsf_min1;
27419 		cdb[7] = msf->cdmsf_sec1;
27420 		cdb[8] = msf->cdmsf_frame1;
27421 	}
27422 	com->uscsi_cdb    = cdb;
27423 	com->uscsi_cdblen = CDB_GROUP1;
27424 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27425 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27426 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27427 	kmem_free(com, sizeof (*com));
27428 	return (rval);
27429 }
27430 
27431 
27432 /*
27433  *    Function: sr_play_trkind()
27434  *
27435  * Description: This routine is the driver entry point for handling CD-ROM
27436  *		ioctl requests to output the audio signals at the specified
27437  *		starting address and continue the audio play until the specified
27438  *		ending address (CDROMPLAYTRKIND). The address is in Track Index
27439  *		format.
27440  *
27441  *   Arguments: dev	- the device 'dev_t'
27442  *		data	- pointer to user provided audio track/index structure,
27443  *		          specifying start/end addresses.
27444  *		flag	- this argument is a pass through to ddi_copyxxx()
27445  *		          directly from the mode argument of ioctl().
27446  *
27447  * Return Code: the code returned by sd_send_scsi_cmd()
27448  *		EFAULT if ddi_copyxxx() fails
27449  *		ENXIO if fail ddi_get_soft_state
27450  *		EINVAL if data pointer is NULL
27451  */
27452 
27453 static int
27454 sr_play_trkind(dev_t dev, caddr_t data, int flag)
27455 {
27456 	struct cdrom_ti		ti_struct;
27457 	struct cdrom_ti		*ti = &ti_struct;
27458 	struct uscsi_cmd	*com = NULL;
27459 	char			cdb[CDB_GROUP1];
27460 	int			rval;
27461 
27462 	if (data == NULL) {
27463 		return (EINVAL);
27464 	}
27465 
27466 	if (ddi_copyin(data, ti, sizeof (struct cdrom_ti), flag)) {
27467 		return (EFAULT);
27468 	}
27469 
27470 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27471 	bzero(cdb, CDB_GROUP1);
27472 	cdb[0] = SCMD_PLAYAUDIO_TI;
27473 	cdb[4] = ti->cdti_trk0;
27474 	cdb[5] = ti->cdti_ind0;
27475 	cdb[7] = ti->cdti_trk1;
27476 	cdb[8] = ti->cdti_ind1;
27477 	com->uscsi_cdb    = cdb;
27478 	com->uscsi_cdblen = CDB_GROUP1;
27479 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27480 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27481 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27482 	kmem_free(com, sizeof (*com));
27483 	return (rval);
27484 }
27485 
27486 
27487 /*
27488  *    Function: sr_read_all_subcodes()
27489  *
27490  * Description: This routine is the driver entry point for handling CD-ROM
27491  *		ioctl requests to return raw subcode data while the target is
27492  *		playing audio (CDROMSUBCODE).
27493  *
27494  *   Arguments: dev	- the device 'dev_t'
27495  *		data	- pointer to user provided cdrom subcode structure,
27496  *		          specifying the transfer length and address.
27497  *		flag	- this argument is a pass through to ddi_copyxxx()
27498  *		          directly from the mode argument of ioctl().
27499  *
27500  * Return Code: the code returned by sd_send_scsi_cmd()
27501  *		EFAULT if ddi_copyxxx() fails
27502  *		ENXIO if fail ddi_get_soft_state
27503  *		EINVAL if data pointer is NULL
27504  */
27505 
27506 static int
27507 sr_read_all_subcodes(dev_t dev, caddr_t data, int flag)
27508 {
27509 	struct sd_lun		*un = NULL;
27510 	struct uscsi_cmd	*com = NULL;
27511 	struct cdrom_subcode	*subcode = NULL;
27512 	int			rval;
27513 	size_t			buflen;
27514 	char			cdb[CDB_GROUP5];
27515 
27516 #ifdef _MULTI_DATAMODEL
27517 	/* To support ILP32 applications in an LP64 world */
27518 	struct cdrom_subcode32		cdrom_subcode32;
27519 	struct cdrom_subcode32		*cdsc32 = &cdrom_subcode32;
27520 #endif
27521 	if (data == NULL) {
27522 		return (EINVAL);
27523 	}
27524 
27525 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27526 		return (ENXIO);
27527 	}
27528 
27529 	subcode = kmem_zalloc(sizeof (struct cdrom_subcode), KM_SLEEP);
27530 
27531 #ifdef _MULTI_DATAMODEL
27532 	switch (ddi_model_convert_from(flag & FMODELS)) {
27533 	case DDI_MODEL_ILP32:
27534 		if (ddi_copyin(data, cdsc32, sizeof (*cdsc32), flag)) {
27535 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27536 			    "sr_read_all_subcodes: ddi_copyin Failed\n");
27537 			kmem_free(subcode, sizeof (struct cdrom_subcode));
27538 			return (EFAULT);
27539 		}
27540 		/* Convert the ILP32 uscsi data from the application to LP64 */
27541 		cdrom_subcode32tocdrom_subcode(cdsc32, subcode);
27542 		break;
27543 	case DDI_MODEL_NONE:
27544 		if (ddi_copyin(data, subcode,
27545 		    sizeof (struct cdrom_subcode), flag)) {
27546 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27547 			    "sr_read_all_subcodes: ddi_copyin Failed\n");
27548 			kmem_free(subcode, sizeof (struct cdrom_subcode));
27549 			return (EFAULT);
27550 		}
27551 		break;
27552 	}
27553 #else /* ! _MULTI_DATAMODEL */
27554 	if (ddi_copyin(data, subcode, sizeof (struct cdrom_subcode), flag)) {
27555 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27556 		    "sr_read_all_subcodes: ddi_copyin Failed\n");
27557 		kmem_free(subcode, sizeof (struct cdrom_subcode));
27558 		return (EFAULT);
27559 	}
27560 #endif /* _MULTI_DATAMODEL */
27561 
27562 	/*
27563 	 * Since MMC-2 expects max 3 bytes for length, check if the
27564 	 * length input is greater than 3 bytes
27565 	 */
27566 	if ((subcode->cdsc_length & 0xFF000000) != 0) {
27567 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27568 		    "sr_read_all_subcodes: "
27569 		    "cdrom transfer length too large: %d (limit %d)\n",
27570 		    subcode->cdsc_length, 0xFFFFFF);
27571 		kmem_free(subcode, sizeof (struct cdrom_subcode));
27572 		return (EINVAL);
27573 	}
27574 
27575 	buflen = CDROM_BLK_SUBCODE * subcode->cdsc_length;
27576 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27577 	bzero(cdb, CDB_GROUP5);
27578 
27579 	if (un->un_f_mmc_cap == TRUE) {
27580 		cdb[0] = (char)SCMD_READ_CD;
27581 		cdb[2] = (char)0xff;
27582 		cdb[3] = (char)0xff;
27583 		cdb[4] = (char)0xff;
27584 		cdb[5] = (char)0xff;
27585 		cdb[6] = (((subcode->cdsc_length) & 0x00ff0000) >> 16);
27586 		cdb[7] = (((subcode->cdsc_length) & 0x0000ff00) >> 8);
27587 		cdb[8] = ((subcode->cdsc_length) & 0x000000ff);
27588 		cdb[10] = 1;
27589 	} else {
27590 		/*
27591 		 * Note: A vendor specific command (0xDF) is being used her to
27592 		 * request a read of all subcodes.
27593 		 */
27594 		cdb[0] = (char)SCMD_READ_ALL_SUBCODES;
27595 		cdb[6] = (((subcode->cdsc_length) & 0xff000000) >> 24);
27596 		cdb[7] = (((subcode->cdsc_length) & 0x00ff0000) >> 16);
27597 		cdb[8] = (((subcode->cdsc_length) & 0x0000ff00) >> 8);
27598 		cdb[9] = ((subcode->cdsc_length) & 0x000000ff);
27599 	}
27600 	com->uscsi_cdb	   = cdb;
27601 	com->uscsi_cdblen  = CDB_GROUP5;
27602 	com->uscsi_bufaddr = (caddr_t)subcode->cdsc_addr;
27603 	com->uscsi_buflen  = buflen;
27604 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
27605 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
27606 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27607 	kmem_free(subcode, sizeof (struct cdrom_subcode));
27608 	kmem_free(com, sizeof (*com));
27609 	return (rval);
27610 }
27611 
27612 
27613 /*
27614  *    Function: sr_read_subchannel()
27615  *
27616  * Description: This routine is the driver entry point for handling CD-ROM
27617  *		ioctl requests to return the Q sub-channel data of the CD
27618  *		current position block. (CDROMSUBCHNL) The data includes the
27619  *		track number, index number, absolute CD-ROM address (LBA or MSF
27620  *		format per the user) , track relative CD-ROM address (LBA or MSF
27621  *		format per the user), control data and audio status.
27622  *
27623  *   Arguments: dev	- the device 'dev_t'
27624  *		data	- pointer to user provided cdrom sub-channel structure
27625  *		flag	- this argument is a pass through to ddi_copyxxx()
27626  *		          directly from the mode argument of ioctl().
27627  *
27628  * Return Code: the code returned by sd_send_scsi_cmd()
27629  *		EFAULT if ddi_copyxxx() fails
27630  *		ENXIO if fail ddi_get_soft_state
27631  *		EINVAL if data pointer is NULL
27632  */
27633 
27634 static int
27635 sr_read_subchannel(dev_t dev, caddr_t data, int flag)
27636 {
27637 	struct sd_lun		*un;
27638 	struct uscsi_cmd	*com;
27639 	struct cdrom_subchnl	subchanel;
27640 	struct cdrom_subchnl	*subchnl = &subchanel;
27641 	char			cdb[CDB_GROUP1];
27642 	caddr_t			buffer;
27643 	int			rval;
27644 
27645 	if (data == NULL) {
27646 		return (EINVAL);
27647 	}
27648 
27649 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27650 	    (un->un_state == SD_STATE_OFFLINE)) {
27651 		return (ENXIO);
27652 	}
27653 
27654 	if (ddi_copyin(data, subchnl, sizeof (struct cdrom_subchnl), flag)) {
27655 		return (EFAULT);
27656 	}
27657 
27658 	buffer = kmem_zalloc((size_t)16, KM_SLEEP);
27659 	bzero(cdb, CDB_GROUP1);
27660 	cdb[0] = SCMD_READ_SUBCHANNEL;
27661 	/* Set the MSF bit based on the user requested address format */
27662 	cdb[1] = (subchnl->cdsc_format & CDROM_LBA) ? 0 : 0x02;
27663 	/*
27664 	 * Set the Q bit in byte 2 to indicate that Q sub-channel data be
27665 	 * returned
27666 	 */
27667 	cdb[2] = 0x40;
27668 	/*
27669 	 * Set byte 3 to specify the return data format. A value of 0x01
27670 	 * indicates that the CD-ROM current position should be returned.
27671 	 */
27672 	cdb[3] = 0x01;
27673 	cdb[8] = 0x10;
27674 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27675 	com->uscsi_cdb	   = cdb;
27676 	com->uscsi_cdblen  = CDB_GROUP1;
27677 	com->uscsi_bufaddr = buffer;
27678 	com->uscsi_buflen  = 16;
27679 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
27680 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27681 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27682 	if (rval != 0) {
27683 		kmem_free(buffer, 16);
27684 		kmem_free(com, sizeof (*com));
27685 		return (rval);
27686 	}
27687 
27688 	/* Process the returned Q sub-channel data */
27689 	subchnl->cdsc_audiostatus = buffer[1];
27690 	subchnl->cdsc_adr	= (buffer[5] & 0xF0);
27691 	subchnl->cdsc_ctrl	= (buffer[5] & 0x0F);
27692 	subchnl->cdsc_trk	= buffer[6];
27693 	subchnl->cdsc_ind	= buffer[7];
27694 	if (subchnl->cdsc_format & CDROM_LBA) {
27695 		subchnl->cdsc_absaddr.lba =
27696 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
27697 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
27698 		subchnl->cdsc_reladdr.lba =
27699 		    ((uchar_t)buffer[12] << 24) + ((uchar_t)buffer[13] << 16) +
27700 		    ((uchar_t)buffer[14] << 8) + ((uchar_t)buffer[15]);
27701 	} else if (un->un_f_cfg_readsub_bcd == TRUE) {
27702 		subchnl->cdsc_absaddr.msf.minute = BCD_TO_BYTE(buffer[9]);
27703 		subchnl->cdsc_absaddr.msf.second = BCD_TO_BYTE(buffer[10]);
27704 		subchnl->cdsc_absaddr.msf.frame  = BCD_TO_BYTE(buffer[11]);
27705 		subchnl->cdsc_reladdr.msf.minute = BCD_TO_BYTE(buffer[13]);
27706 		subchnl->cdsc_reladdr.msf.second = BCD_TO_BYTE(buffer[14]);
27707 		subchnl->cdsc_reladdr.msf.frame  = BCD_TO_BYTE(buffer[15]);
27708 	} else {
27709 		subchnl->cdsc_absaddr.msf.minute = buffer[9];
27710 		subchnl->cdsc_absaddr.msf.second = buffer[10];
27711 		subchnl->cdsc_absaddr.msf.frame  = buffer[11];
27712 		subchnl->cdsc_reladdr.msf.minute = buffer[13];
27713 		subchnl->cdsc_reladdr.msf.second = buffer[14];
27714 		subchnl->cdsc_reladdr.msf.frame  = buffer[15];
27715 	}
27716 	kmem_free(buffer, 16);
27717 	kmem_free(com, sizeof (*com));
27718 	if (ddi_copyout(subchnl, data, sizeof (struct cdrom_subchnl), flag)
27719 	    != 0) {
27720 		return (EFAULT);
27721 	}
27722 	return (rval);
27723 }
27724 
27725 
27726 /*
27727  *    Function: sr_read_tocentry()
27728  *
27729  * Description: This routine is the driver entry point for handling CD-ROM
27730  *		ioctl requests to read from the Table of Contents (TOC)
27731  *		(CDROMREADTOCENTRY). This routine provides the ADR and CTRL
27732  *		fields, the starting address (LBA or MSF format per the user)
27733  *		and the data mode if the user specified track is a data track.
27734  *
27735  *		Note: The READ HEADER (0x44) command used in this routine is
27736  *		obsolete per the SCSI MMC spec but still supported in the
27737  *		MT FUJI vendor spec. Most equipment is adhereing to MT FUJI
27738  *		therefore the command is still implemented in this routine.
27739  *
27740  *   Arguments: dev	- the device 'dev_t'
27741  *		data	- pointer to user provided toc entry structure,
27742  *			  specifying the track # and the address format
27743  *			  (LBA or MSF).
27744  *		flag	- this argument is a pass through to ddi_copyxxx()
27745  *		          directly from the mode argument of ioctl().
27746  *
27747  * Return Code: the code returned by sd_send_scsi_cmd()
27748  *		EFAULT if ddi_copyxxx() fails
27749  *		ENXIO if fail ddi_get_soft_state
27750  *		EINVAL if data pointer is NULL
27751  */
27752 
27753 static int
27754 sr_read_tocentry(dev_t dev, caddr_t data, int flag)
27755 {
27756 	struct sd_lun		*un = NULL;
27757 	struct uscsi_cmd	*com;
27758 	struct cdrom_tocentry	toc_entry;
27759 	struct cdrom_tocentry	*entry = &toc_entry;
27760 	caddr_t			buffer;
27761 	int			rval;
27762 	char			cdb[CDB_GROUP1];
27763 
27764 	if (data == NULL) {
27765 		return (EINVAL);
27766 	}
27767 
27768 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27769 	    (un->un_state == SD_STATE_OFFLINE)) {
27770 		return (ENXIO);
27771 	}
27772 
27773 	if (ddi_copyin(data, entry, sizeof (struct cdrom_tocentry), flag)) {
27774 		return (EFAULT);
27775 	}
27776 
27777 	/* Validate the requested track and address format */
27778 	if (!(entry->cdte_format & (CDROM_LBA | CDROM_MSF))) {
27779 		return (EINVAL);
27780 	}
27781 
27782 	if (entry->cdte_track == 0) {
27783 		return (EINVAL);
27784 	}
27785 
27786 	buffer = kmem_zalloc((size_t)12, KM_SLEEP);
27787 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27788 	bzero(cdb, CDB_GROUP1);
27789 
27790 	cdb[0] = SCMD_READ_TOC;
27791 	/* Set the MSF bit based on the user requested address format  */
27792 	cdb[1] = ((entry->cdte_format & CDROM_LBA) ? 0 : 2);
27793 	if (un->un_f_cfg_read_toc_trk_bcd == TRUE) {
27794 		cdb[6] = BYTE_TO_BCD(entry->cdte_track);
27795 	} else {
27796 		cdb[6] = entry->cdte_track;
27797 	}
27798 
27799 	/*
27800 	 * Bytes 7 & 8 are the 12 byte allocation length for a single entry.
27801 	 * (4 byte TOC response header + 8 byte track descriptor)
27802 	 */
27803 	cdb[8] = 12;
27804 	com->uscsi_cdb	   = cdb;
27805 	com->uscsi_cdblen  = CDB_GROUP1;
27806 	com->uscsi_bufaddr = buffer;
27807 	com->uscsi_buflen  = 0x0C;
27808 	com->uscsi_flags   = (USCSI_DIAGNOSE | USCSI_SILENT | USCSI_READ);
27809 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27810 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27811 	if (rval != 0) {
27812 		kmem_free(buffer, 12);
27813 		kmem_free(com, sizeof (*com));
27814 		return (rval);
27815 	}
27816 
27817 	/* Process the toc entry */
27818 	entry->cdte_adr		= (buffer[5] & 0xF0) >> 4;
27819 	entry->cdte_ctrl	= (buffer[5] & 0x0F);
27820 	if (entry->cdte_format & CDROM_LBA) {
27821 		entry->cdte_addr.lba =
27822 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
27823 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
27824 	} else if (un->un_f_cfg_read_toc_addr_bcd == TRUE) {
27825 		entry->cdte_addr.msf.minute	= BCD_TO_BYTE(buffer[9]);
27826 		entry->cdte_addr.msf.second	= BCD_TO_BYTE(buffer[10]);
27827 		entry->cdte_addr.msf.frame	= BCD_TO_BYTE(buffer[11]);
27828 		/*
27829 		 * Send a READ TOC command using the LBA address format to get
27830 		 * the LBA for the track requested so it can be used in the
27831 		 * READ HEADER request
27832 		 *
27833 		 * Note: The MSF bit of the READ HEADER command specifies the
27834 		 * output format. The block address specified in that command
27835 		 * must be in LBA format.
27836 		 */
27837 		cdb[1] = 0;
27838 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27839 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27840 		if (rval != 0) {
27841 			kmem_free(buffer, 12);
27842 			kmem_free(com, sizeof (*com));
27843 			return (rval);
27844 		}
27845 	} else {
27846 		entry->cdte_addr.msf.minute	= buffer[9];
27847 		entry->cdte_addr.msf.second	= buffer[10];
27848 		entry->cdte_addr.msf.frame	= buffer[11];
27849 		/*
27850 		 * Send a READ TOC command using the LBA address format to get
27851 		 * the LBA for the track requested so it can be used in the
27852 		 * READ HEADER request
27853 		 *
27854 		 * Note: The MSF bit of the READ HEADER command specifies the
27855 		 * output format. The block address specified in that command
27856 		 * must be in LBA format.
27857 		 */
27858 		cdb[1] = 0;
27859 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27860 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27861 		if (rval != 0) {
27862 			kmem_free(buffer, 12);
27863 			kmem_free(com, sizeof (*com));
27864 			return (rval);
27865 		}
27866 	}
27867 
27868 	/*
27869 	 * Build and send the READ HEADER command to determine the data mode of
27870 	 * the user specified track.
27871 	 */
27872 	if ((entry->cdte_ctrl & CDROM_DATA_TRACK) &&
27873 	    (entry->cdte_track != CDROM_LEADOUT)) {
27874 		bzero(cdb, CDB_GROUP1);
27875 		cdb[0] = SCMD_READ_HEADER;
27876 		cdb[2] = buffer[8];
27877 		cdb[3] = buffer[9];
27878 		cdb[4] = buffer[10];
27879 		cdb[5] = buffer[11];
27880 		cdb[8] = 0x08;
27881 		com->uscsi_buflen = 0x08;
27882 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27883 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27884 		if (rval == 0) {
27885 			entry->cdte_datamode = buffer[0];
27886 		} else {
27887 			/*
27888 			 * READ HEADER command failed, since this is
27889 			 * obsoleted in one spec, its better to return
27890 			 * -1 for an invlid track so that we can still
27891 			 * recieve the rest of the TOC data.
27892 			 */
27893 			entry->cdte_datamode = (uchar_t)-1;
27894 		}
27895 	} else {
27896 		entry->cdte_datamode = (uchar_t)-1;
27897 	}
27898 
27899 	kmem_free(buffer, 12);
27900 	kmem_free(com, sizeof (*com));
27901 	if (ddi_copyout(entry, data, sizeof (struct cdrom_tocentry), flag) != 0)
27902 		return (EFAULT);
27903 
27904 	return (rval);
27905 }
27906 
27907 
27908 /*
27909  *    Function: sr_read_tochdr()
27910  *
27911  * Description: This routine is the driver entry point for handling CD-ROM
27912  * 		ioctl requests to read the Table of Contents (TOC) header
27913  *		(CDROMREADTOHDR). The TOC header consists of the disk starting
27914  *		and ending track numbers
27915  *
27916  *   Arguments: dev	- the device 'dev_t'
27917  *		data	- pointer to user provided toc header structure,
27918  *			  specifying the starting and ending track numbers.
27919  *		flag	- this argument is a pass through to ddi_copyxxx()
27920  *			  directly from the mode argument of ioctl().
27921  *
27922  * Return Code: the code returned by sd_send_scsi_cmd()
27923  *		EFAULT if ddi_copyxxx() fails
27924  *		ENXIO if fail ddi_get_soft_state
27925  *		EINVAL if data pointer is NULL
27926  */
27927 
27928 static int
27929 sr_read_tochdr(dev_t dev, caddr_t data, int flag)
27930 {
27931 	struct sd_lun		*un;
27932 	struct uscsi_cmd	*com;
27933 	struct cdrom_tochdr	toc_header;
27934 	struct cdrom_tochdr	*hdr = &toc_header;
27935 	char			cdb[CDB_GROUP1];
27936 	int			rval;
27937 	caddr_t			buffer;
27938 
27939 	if (data == NULL) {
27940 		return (EINVAL);
27941 	}
27942 
27943 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27944 	    (un->un_state == SD_STATE_OFFLINE)) {
27945 		return (ENXIO);
27946 	}
27947 
27948 	buffer = kmem_zalloc(4, KM_SLEEP);
27949 	bzero(cdb, CDB_GROUP1);
27950 	cdb[0] = SCMD_READ_TOC;
27951 	/*
27952 	 * Specifying a track number of 0x00 in the READ TOC command indicates
27953 	 * that the TOC header should be returned
27954 	 */
27955 	cdb[6] = 0x00;
27956 	/*
27957 	 * Bytes 7 & 8 are the 4 byte allocation length for TOC header.
27958 	 * (2 byte data len + 1 byte starting track # + 1 byte ending track #)
27959 	 */
27960 	cdb[8] = 0x04;
27961 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27962 	com->uscsi_cdb	   = cdb;
27963 	com->uscsi_cdblen  = CDB_GROUP1;
27964 	com->uscsi_bufaddr = buffer;
27965 	com->uscsi_buflen  = 0x04;
27966 	com->uscsi_timeout = 300;
27967 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
27968 
27969 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27970 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27971 	if (un->un_f_cfg_read_toc_trk_bcd == TRUE) {
27972 		hdr->cdth_trk0 = BCD_TO_BYTE(buffer[2]);
27973 		hdr->cdth_trk1 = BCD_TO_BYTE(buffer[3]);
27974 	} else {
27975 		hdr->cdth_trk0 = buffer[2];
27976 		hdr->cdth_trk1 = buffer[3];
27977 	}
27978 	kmem_free(buffer, 4);
27979 	kmem_free(com, sizeof (*com));
27980 	if (ddi_copyout(hdr, data, sizeof (struct cdrom_tochdr), flag) != 0) {
27981 		return (EFAULT);
27982 	}
27983 	return (rval);
27984 }
27985 
27986 
27987 /*
27988  * Note: The following sr_read_mode1(), sr_read_cd_mode2(), sr_read_mode2(),
27989  * sr_read_cdda(), sr_read_cdxa(), routines implement driver support for
27990  * handling CDROMREAD ioctl requests for mode 1 user data, mode 2 user data,
27991  * digital audio and extended architecture digital audio. These modes are
27992  * defined in the IEC908 (Red Book), ISO10149 (Yellow Book), and the SCSI3
27993  * MMC specs.
27994  *
27995  * In addition to support for the various data formats these routines also
27996  * include support for devices that implement only the direct access READ
27997  * commands (0x08, 0x28), devices that implement the READ_CD commands
27998  * (0xBE, 0xD4), and devices that implement the vendor unique READ CDDA and
27999  * READ CDXA commands (0xD8, 0xDB)
28000  */
28001 
28002 /*
28003  *    Function: sr_read_mode1()
28004  *
28005  * Description: This routine is the driver entry point for handling CD-ROM
28006  *		ioctl read mode1 requests (CDROMREADMODE1).
28007  *
28008  *   Arguments: dev	- the device 'dev_t'
28009  *		data	- pointer to user provided cd read structure specifying
28010  *			  the lba buffer address and length.
28011  *		flag	- this argument is a pass through to ddi_copyxxx()
28012  *			  directly from the mode argument of ioctl().
28013  *
28014  * Return Code: the code returned by sd_send_scsi_cmd()
28015  *		EFAULT if ddi_copyxxx() fails
28016  *		ENXIO if fail ddi_get_soft_state
28017  *		EINVAL if data pointer is NULL
28018  */
28019 
28020 static int
28021 sr_read_mode1(dev_t dev, caddr_t data, int flag)
28022 {
28023 	struct sd_lun		*un;
28024 	struct cdrom_read	mode1_struct;
28025 	struct cdrom_read	*mode1 = &mode1_struct;
28026 	int			rval;
28027 #ifdef _MULTI_DATAMODEL
28028 	/* To support ILP32 applications in an LP64 world */
28029 	struct cdrom_read32	cdrom_read32;
28030 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28031 #endif /* _MULTI_DATAMODEL */
28032 
28033 	if (data == NULL) {
28034 		return (EINVAL);
28035 	}
28036 
28037 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28038 	    (un->un_state == SD_STATE_OFFLINE)) {
28039 		return (ENXIO);
28040 	}
28041 
28042 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28043 	    "sd_read_mode1: entry: un:0x%p\n", un);
28044 
28045 #ifdef _MULTI_DATAMODEL
28046 	switch (ddi_model_convert_from(flag & FMODELS)) {
28047 	case DDI_MODEL_ILP32:
28048 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28049 			return (EFAULT);
28050 		}
28051 		/* Convert the ILP32 uscsi data from the application to LP64 */
28052 		cdrom_read32tocdrom_read(cdrd32, mode1);
28053 		break;
28054 	case DDI_MODEL_NONE:
28055 		if (ddi_copyin(data, mode1, sizeof (struct cdrom_read), flag)) {
28056 			return (EFAULT);
28057 		}
28058 	}
28059 #else /* ! _MULTI_DATAMODEL */
28060 	if (ddi_copyin(data, mode1, sizeof (struct cdrom_read), flag)) {
28061 		return (EFAULT);
28062 	}
28063 #endif /* _MULTI_DATAMODEL */
28064 
28065 	rval = sd_send_scsi_READ(un, mode1->cdread_bufaddr,
28066 	    mode1->cdread_buflen, mode1->cdread_lba, SD_PATH_STANDARD);
28067 
28068 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28069 	    "sd_read_mode1: exit: un:0x%p\n", un);
28070 
28071 	return (rval);
28072 }
28073 
28074 
28075 /*
28076  *    Function: sr_read_cd_mode2()
28077  *
28078  * Description: This routine is the driver entry point for handling CD-ROM
28079  *		ioctl read mode2 requests (CDROMREADMODE2) for devices that
28080  *		support the READ CD (0xBE) command or the 1st generation
28081  *		READ CD (0xD4) command.
28082  *
28083  *   Arguments: dev	- the device 'dev_t'
28084  *		data	- pointer to user provided cd read structure specifying
28085  *			  the lba buffer address and length.
28086  *		flag	- this argument is a pass through to ddi_copyxxx()
28087  *			  directly from the mode argument of ioctl().
28088  *
28089  * Return Code: the code returned by sd_send_scsi_cmd()
28090  *		EFAULT if ddi_copyxxx() fails
28091  *		ENXIO if fail ddi_get_soft_state
28092  *		EINVAL if data pointer is NULL
28093  */
28094 
28095 static int
28096 sr_read_cd_mode2(dev_t dev, caddr_t data, int flag)
28097 {
28098 	struct sd_lun		*un;
28099 	struct uscsi_cmd	*com;
28100 	struct cdrom_read	mode2_struct;
28101 	struct cdrom_read	*mode2 = &mode2_struct;
28102 	uchar_t			cdb[CDB_GROUP5];
28103 	int			nblocks;
28104 	int			rval;
28105 #ifdef _MULTI_DATAMODEL
28106 	/*  To support ILP32 applications in an LP64 world */
28107 	struct cdrom_read32	cdrom_read32;
28108 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28109 #endif /* _MULTI_DATAMODEL */
28110 
28111 	if (data == NULL) {
28112 		return (EINVAL);
28113 	}
28114 
28115 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28116 	    (un->un_state == SD_STATE_OFFLINE)) {
28117 		return (ENXIO);
28118 	}
28119 
28120 #ifdef _MULTI_DATAMODEL
28121 	switch (ddi_model_convert_from(flag & FMODELS)) {
28122 	case DDI_MODEL_ILP32:
28123 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28124 			return (EFAULT);
28125 		}
28126 		/* Convert the ILP32 uscsi data from the application to LP64 */
28127 		cdrom_read32tocdrom_read(cdrd32, mode2);
28128 		break;
28129 	case DDI_MODEL_NONE:
28130 		if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28131 			return (EFAULT);
28132 		}
28133 		break;
28134 	}
28135 
28136 #else /* ! _MULTI_DATAMODEL */
28137 	if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28138 		return (EFAULT);
28139 	}
28140 #endif /* _MULTI_DATAMODEL */
28141 
28142 	bzero(cdb, sizeof (cdb));
28143 	if (un->un_f_cfg_read_cd_xd4 == TRUE) {
28144 		/* Read command supported by 1st generation atapi drives */
28145 		cdb[0] = SCMD_READ_CDD4;
28146 	} else {
28147 		/* Universal CD Access Command */
28148 		cdb[0] = SCMD_READ_CD;
28149 	}
28150 
28151 	/*
28152 	 * Set expected sector type to: 2336s byte, Mode 2 Yellow Book
28153 	 */
28154 	cdb[1] = CDROM_SECTOR_TYPE_MODE2;
28155 
28156 	/* set the start address */
28157 	cdb[2] = (uchar_t)((mode2->cdread_lba >> 24) & 0XFF);
28158 	cdb[3] = (uchar_t)((mode2->cdread_lba >> 16) & 0XFF);
28159 	cdb[4] = (uchar_t)((mode2->cdread_lba >> 8) & 0xFF);
28160 	cdb[5] = (uchar_t)(mode2->cdread_lba & 0xFF);
28161 
28162 	/* set the transfer length */
28163 	nblocks = mode2->cdread_buflen / 2336;
28164 	cdb[6] = (uchar_t)(nblocks >> 16);
28165 	cdb[7] = (uchar_t)(nblocks >> 8);
28166 	cdb[8] = (uchar_t)nblocks;
28167 
28168 	/* set the filter bits */
28169 	cdb[9] = CDROM_READ_CD_USERDATA;
28170 
28171 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28172 	com->uscsi_cdb = (caddr_t)cdb;
28173 	com->uscsi_cdblen = sizeof (cdb);
28174 	com->uscsi_bufaddr = mode2->cdread_bufaddr;
28175 	com->uscsi_buflen = mode2->cdread_buflen;
28176 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28177 
28178 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28179 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28180 	kmem_free(com, sizeof (*com));
28181 	return (rval);
28182 }
28183 
28184 
28185 /*
28186  *    Function: sr_read_mode2()
28187  *
28188  * Description: This routine is the driver entry point for handling CD-ROM
28189  *		ioctl read mode2 requests (CDROMREADMODE2) for devices that
28190  *		do not support the READ CD (0xBE) command.
28191  *
28192  *   Arguments: dev	- the device 'dev_t'
28193  *		data	- pointer to user provided cd read structure specifying
28194  *			  the lba buffer address and length.
28195  *		flag	- this argument is a pass through to ddi_copyxxx()
28196  *			  directly from the mode argument of ioctl().
28197  *
28198  * Return Code: the code returned by sd_send_scsi_cmd()
28199  *		EFAULT if ddi_copyxxx() fails
28200  *		ENXIO if fail ddi_get_soft_state
28201  *		EINVAL if data pointer is NULL
28202  *		EIO if fail to reset block size
28203  *		EAGAIN if commands are in progress in the driver
28204  */
28205 
28206 static int
28207 sr_read_mode2(dev_t dev, caddr_t data, int flag)
28208 {
28209 	struct sd_lun		*un;
28210 	struct cdrom_read	mode2_struct;
28211 	struct cdrom_read	*mode2 = &mode2_struct;
28212 	int			rval;
28213 	uint32_t		restore_blksize;
28214 	struct uscsi_cmd	*com;
28215 	uchar_t			cdb[CDB_GROUP0];
28216 	int			nblocks;
28217 
28218 #ifdef _MULTI_DATAMODEL
28219 	/* To support ILP32 applications in an LP64 world */
28220 	struct cdrom_read32	cdrom_read32;
28221 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28222 #endif /* _MULTI_DATAMODEL */
28223 
28224 	if (data == NULL) {
28225 		return (EINVAL);
28226 	}
28227 
28228 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28229 	    (un->un_state == SD_STATE_OFFLINE)) {
28230 		return (ENXIO);
28231 	}
28232 
28233 	/*
28234 	 * Because this routine will update the device and driver block size
28235 	 * being used we want to make sure there are no commands in progress.
28236 	 * If commands are in progress the user will have to try again.
28237 	 *
28238 	 * We check for 1 instead of 0 because we increment un_ncmds_in_driver
28239 	 * in sdioctl to protect commands from sdioctl through to the top of
28240 	 * sd_uscsi_strategy. See sdioctl for details.
28241 	 */
28242 	mutex_enter(SD_MUTEX(un));
28243 	if (un->un_ncmds_in_driver != 1) {
28244 		mutex_exit(SD_MUTEX(un));
28245 		return (EAGAIN);
28246 	}
28247 	mutex_exit(SD_MUTEX(un));
28248 
28249 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28250 	    "sd_read_mode2: entry: un:0x%p\n", un);
28251 
28252 #ifdef _MULTI_DATAMODEL
28253 	switch (ddi_model_convert_from(flag & FMODELS)) {
28254 	case DDI_MODEL_ILP32:
28255 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28256 			return (EFAULT);
28257 		}
28258 		/* Convert the ILP32 uscsi data from the application to LP64 */
28259 		cdrom_read32tocdrom_read(cdrd32, mode2);
28260 		break;
28261 	case DDI_MODEL_NONE:
28262 		if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28263 			return (EFAULT);
28264 		}
28265 		break;
28266 	}
28267 #else /* ! _MULTI_DATAMODEL */
28268 	if (ddi_copyin(data, mode2, sizeof (*mode2), flag)) {
28269 		return (EFAULT);
28270 	}
28271 #endif /* _MULTI_DATAMODEL */
28272 
28273 	/* Store the current target block size for restoration later */
28274 	restore_blksize = un->un_tgt_blocksize;
28275 
28276 	/* Change the device and soft state target block size to 2336 */
28277 	if (sr_sector_mode(dev, SD_MODE2_BLKSIZE) != 0) {
28278 		rval = EIO;
28279 		goto done;
28280 	}
28281 
28282 
28283 	bzero(cdb, sizeof (cdb));
28284 
28285 	/* set READ operation */
28286 	cdb[0] = SCMD_READ;
28287 
28288 	/* adjust lba for 2kbyte blocks from 512 byte blocks */
28289 	mode2->cdread_lba >>= 2;
28290 
28291 	/* set the start address */
28292 	cdb[1] = (uchar_t)((mode2->cdread_lba >> 16) & 0X1F);
28293 	cdb[2] = (uchar_t)((mode2->cdread_lba >> 8) & 0xFF);
28294 	cdb[3] = (uchar_t)(mode2->cdread_lba & 0xFF);
28295 
28296 	/* set the transfer length */
28297 	nblocks = mode2->cdread_buflen / 2336;
28298 	cdb[4] = (uchar_t)nblocks & 0xFF;
28299 
28300 	/* build command */
28301 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28302 	com->uscsi_cdb = (caddr_t)cdb;
28303 	com->uscsi_cdblen = sizeof (cdb);
28304 	com->uscsi_bufaddr = mode2->cdread_bufaddr;
28305 	com->uscsi_buflen = mode2->cdread_buflen;
28306 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28307 
28308 	/*
28309 	 * Issue SCSI command with user space address for read buffer.
28310 	 *
28311 	 * This sends the command through main channel in the driver.
28312 	 *
28313 	 * Since this is accessed via an IOCTL call, we go through the
28314 	 * standard path, so that if the device was powered down, then
28315 	 * it would be 'awakened' to handle the command.
28316 	 */
28317 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28318 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28319 
28320 	kmem_free(com, sizeof (*com));
28321 
28322 	/* Restore the device and soft state target block size */
28323 	if (sr_sector_mode(dev, restore_blksize) != 0) {
28324 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28325 		    "can't do switch back to mode 1\n");
28326 		/*
28327 		 * If sd_send_scsi_READ succeeded we still need to report
28328 		 * an error because we failed to reset the block size
28329 		 */
28330 		if (rval == 0) {
28331 			rval = EIO;
28332 		}
28333 	}
28334 
28335 done:
28336 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28337 	    "sd_read_mode2: exit: un:0x%p\n", un);
28338 
28339 	return (rval);
28340 }
28341 
28342 
28343 /*
28344  *    Function: sr_sector_mode()
28345  *
28346  * Description: This utility function is used by sr_read_mode2 to set the target
28347  *		block size based on the user specified size. This is a legacy
28348  *		implementation based upon a vendor specific mode page
28349  *
28350  *   Arguments: dev	- the device 'dev_t'
28351  *		data	- flag indicating if block size is being set to 2336 or
28352  *			  512.
28353  *
28354  * Return Code: the code returned by sd_send_scsi_cmd()
28355  *		EFAULT if ddi_copyxxx() fails
28356  *		ENXIO if fail ddi_get_soft_state
28357  *		EINVAL if data pointer is NULL
28358  */
28359 
28360 static int
28361 sr_sector_mode(dev_t dev, uint32_t blksize)
28362 {
28363 	struct sd_lun	*un;
28364 	uchar_t		*sense;
28365 	uchar_t		*select;
28366 	int		rval;
28367 
28368 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28369 	    (un->un_state == SD_STATE_OFFLINE)) {
28370 		return (ENXIO);
28371 	}
28372 
28373 	sense = kmem_zalloc(20, KM_SLEEP);
28374 
28375 	/* Note: This is a vendor specific mode page (0x81) */
28376 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense, 20, 0x81,
28377 	    SD_PATH_STANDARD)) != 0) {
28378 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28379 		    "sr_sector_mode: Mode Sense failed\n");
28380 		kmem_free(sense, 20);
28381 		return (rval);
28382 	}
28383 	select = kmem_zalloc(20, KM_SLEEP);
28384 	select[3] = 0x08;
28385 	select[10] = ((blksize >> 8) & 0xff);
28386 	select[11] = (blksize & 0xff);
28387 	select[12] = 0x01;
28388 	select[13] = 0x06;
28389 	select[14] = sense[14];
28390 	select[15] = sense[15];
28391 	if (blksize == SD_MODE2_BLKSIZE) {
28392 		select[14] |= 0x01;
28393 	}
28394 
28395 	if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select, 20,
28396 	    SD_DONTSAVE_PAGE, SD_PATH_STANDARD)) != 0) {
28397 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28398 		    "sr_sector_mode: Mode Select failed\n");
28399 	} else {
28400 		/*
28401 		 * Only update the softstate block size if we successfully
28402 		 * changed the device block mode.
28403 		 */
28404 		mutex_enter(SD_MUTEX(un));
28405 		sd_update_block_info(un, blksize, 0);
28406 		mutex_exit(SD_MUTEX(un));
28407 	}
28408 	kmem_free(sense, 20);
28409 	kmem_free(select, 20);
28410 	return (rval);
28411 }
28412 
28413 
28414 /*
28415  *    Function: sr_read_cdda()
28416  *
28417  * Description: This routine is the driver entry point for handling CD-ROM
28418  *		ioctl requests to return CD-DA or subcode data. (CDROMCDDA) If
28419  *		the target supports CDDA these requests are handled via a vendor
28420  *		specific command (0xD8) If the target does not support CDDA
28421  *		these requests are handled via the READ CD command (0xBE).
28422  *
28423  *   Arguments: dev	- the device 'dev_t'
28424  *		data	- pointer to user provided CD-DA structure specifying
28425  *			  the track starting address, transfer length, and
28426  *			  subcode options.
28427  *		flag	- this argument is a pass through to ddi_copyxxx()
28428  *			  directly from the mode argument of ioctl().
28429  *
28430  * Return Code: the code returned by sd_send_scsi_cmd()
28431  *		EFAULT if ddi_copyxxx() fails
28432  *		ENXIO if fail ddi_get_soft_state
28433  *		EINVAL if invalid arguments are provided
28434  *		ENOTTY
28435  */
28436 
28437 static int
28438 sr_read_cdda(dev_t dev, caddr_t data, int flag)
28439 {
28440 	struct sd_lun			*un;
28441 	struct uscsi_cmd		*com;
28442 	struct cdrom_cdda		*cdda;
28443 	int				rval;
28444 	size_t				buflen;
28445 	char				cdb[CDB_GROUP5];
28446 
28447 #ifdef _MULTI_DATAMODEL
28448 	/* To support ILP32 applications in an LP64 world */
28449 	struct cdrom_cdda32	cdrom_cdda32;
28450 	struct cdrom_cdda32	*cdda32 = &cdrom_cdda32;
28451 #endif /* _MULTI_DATAMODEL */
28452 
28453 	if (data == NULL) {
28454 		return (EINVAL);
28455 	}
28456 
28457 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28458 		return (ENXIO);
28459 	}
28460 
28461 	cdda = kmem_zalloc(sizeof (struct cdrom_cdda), KM_SLEEP);
28462 
28463 #ifdef _MULTI_DATAMODEL
28464 	switch (ddi_model_convert_from(flag & FMODELS)) {
28465 	case DDI_MODEL_ILP32:
28466 		if (ddi_copyin(data, cdda32, sizeof (*cdda32), flag)) {
28467 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28468 			    "sr_read_cdda: ddi_copyin Failed\n");
28469 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28470 			return (EFAULT);
28471 		}
28472 		/* Convert the ILP32 uscsi data from the application to LP64 */
28473 		cdrom_cdda32tocdrom_cdda(cdda32, cdda);
28474 		break;
28475 	case DDI_MODEL_NONE:
28476 		if (ddi_copyin(data, cdda, sizeof (struct cdrom_cdda), flag)) {
28477 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28478 			    "sr_read_cdda: ddi_copyin Failed\n");
28479 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28480 			return (EFAULT);
28481 		}
28482 		break;
28483 	}
28484 #else /* ! _MULTI_DATAMODEL */
28485 	if (ddi_copyin(data, cdda, sizeof (struct cdrom_cdda), flag)) {
28486 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28487 		    "sr_read_cdda: ddi_copyin Failed\n");
28488 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28489 		return (EFAULT);
28490 	}
28491 #endif /* _MULTI_DATAMODEL */
28492 
28493 	/*
28494 	 * Since MMC-2 expects max 3 bytes for length, check if the
28495 	 * length input is greater than 3 bytes
28496 	 */
28497 	if ((cdda->cdda_length & 0xFF000000) != 0) {
28498 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_read_cdda: "
28499 		    "cdrom transfer length too large: %d (limit %d)\n",
28500 		    cdda->cdda_length, 0xFFFFFF);
28501 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28502 		return (EINVAL);
28503 	}
28504 
28505 	switch (cdda->cdda_subcode) {
28506 	case CDROM_DA_NO_SUBCODE:
28507 		buflen = CDROM_BLK_2352 * cdda->cdda_length;
28508 		break;
28509 	case CDROM_DA_SUBQ:
28510 		buflen = CDROM_BLK_2368 * cdda->cdda_length;
28511 		break;
28512 	case CDROM_DA_ALL_SUBCODE:
28513 		buflen = CDROM_BLK_2448 * cdda->cdda_length;
28514 		break;
28515 	case CDROM_DA_SUBCODE_ONLY:
28516 		buflen = CDROM_BLK_SUBCODE * cdda->cdda_length;
28517 		break;
28518 	default:
28519 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28520 		    "sr_read_cdda: Subcode '0x%x' Not Supported\n",
28521 		    cdda->cdda_subcode);
28522 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28523 		return (EINVAL);
28524 	}
28525 
28526 	/* Build and send the command */
28527 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28528 	bzero(cdb, CDB_GROUP5);
28529 
28530 	if (un->un_f_cfg_cdda == TRUE) {
28531 		cdb[0] = (char)SCMD_READ_CD;
28532 		cdb[1] = 0x04;
28533 		cdb[2] = (((cdda->cdda_addr) & 0xff000000) >> 24);
28534 		cdb[3] = (((cdda->cdda_addr) & 0x00ff0000) >> 16);
28535 		cdb[4] = (((cdda->cdda_addr) & 0x0000ff00) >> 8);
28536 		cdb[5] = ((cdda->cdda_addr) & 0x000000ff);
28537 		cdb[6] = (((cdda->cdda_length) & 0x00ff0000) >> 16);
28538 		cdb[7] = (((cdda->cdda_length) & 0x0000ff00) >> 8);
28539 		cdb[8] = ((cdda->cdda_length) & 0x000000ff);
28540 		cdb[9] = 0x10;
28541 		switch (cdda->cdda_subcode) {
28542 		case CDROM_DA_NO_SUBCODE :
28543 			cdb[10] = 0x0;
28544 			break;
28545 		case CDROM_DA_SUBQ :
28546 			cdb[10] = 0x2;
28547 			break;
28548 		case CDROM_DA_ALL_SUBCODE :
28549 			cdb[10] = 0x1;
28550 			break;
28551 		case CDROM_DA_SUBCODE_ONLY :
28552 			/* FALLTHROUGH */
28553 		default :
28554 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28555 			kmem_free(com, sizeof (*com));
28556 			return (ENOTTY);
28557 		}
28558 	} else {
28559 		cdb[0] = (char)SCMD_READ_CDDA;
28560 		cdb[2] = (((cdda->cdda_addr) & 0xff000000) >> 24);
28561 		cdb[3] = (((cdda->cdda_addr) & 0x00ff0000) >> 16);
28562 		cdb[4] = (((cdda->cdda_addr) & 0x0000ff00) >> 8);
28563 		cdb[5] = ((cdda->cdda_addr) & 0x000000ff);
28564 		cdb[6] = (((cdda->cdda_length) & 0xff000000) >> 24);
28565 		cdb[7] = (((cdda->cdda_length) & 0x00ff0000) >> 16);
28566 		cdb[8] = (((cdda->cdda_length) & 0x0000ff00) >> 8);
28567 		cdb[9] = ((cdda->cdda_length) & 0x000000ff);
28568 		cdb[10] = cdda->cdda_subcode;
28569 	}
28570 
28571 	com->uscsi_cdb = cdb;
28572 	com->uscsi_cdblen = CDB_GROUP5;
28573 	com->uscsi_bufaddr = (caddr_t)cdda->cdda_data;
28574 	com->uscsi_buflen = buflen;
28575 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28576 
28577 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28578 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28579 
28580 	kmem_free(cdda, sizeof (struct cdrom_cdda));
28581 	kmem_free(com, sizeof (*com));
28582 	return (rval);
28583 }
28584 
28585 
28586 /*
28587  *    Function: sr_read_cdxa()
28588  *
28589  * Description: This routine is the driver entry point for handling CD-ROM
28590  *		ioctl requests to return CD-XA (Extended Architecture) data.
28591  *		(CDROMCDXA).
28592  *
28593  *   Arguments: dev	- the device 'dev_t'
28594  *		data	- pointer to user provided CD-XA structure specifying
28595  *			  the data starting address, transfer length, and format
28596  *		flag	- this argument is a pass through to ddi_copyxxx()
28597  *			  directly from the mode argument of ioctl().
28598  *
28599  * Return Code: the code returned by sd_send_scsi_cmd()
28600  *		EFAULT if ddi_copyxxx() fails
28601  *		ENXIO if fail ddi_get_soft_state
28602  *		EINVAL if data pointer is NULL
28603  */
28604 
28605 static int
28606 sr_read_cdxa(dev_t dev, caddr_t data, int flag)
28607 {
28608 	struct sd_lun		*un;
28609 	struct uscsi_cmd	*com;
28610 	struct cdrom_cdxa	*cdxa;
28611 	int			rval;
28612 	size_t			buflen;
28613 	char			cdb[CDB_GROUP5];
28614 	uchar_t			read_flags;
28615 
28616 #ifdef _MULTI_DATAMODEL
28617 	/* To support ILP32 applications in an LP64 world */
28618 	struct cdrom_cdxa32		cdrom_cdxa32;
28619 	struct cdrom_cdxa32		*cdxa32 = &cdrom_cdxa32;
28620 #endif /* _MULTI_DATAMODEL */
28621 
28622 	if (data == NULL) {
28623 		return (EINVAL);
28624 	}
28625 
28626 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28627 		return (ENXIO);
28628 	}
28629 
28630 	cdxa = kmem_zalloc(sizeof (struct cdrom_cdxa), KM_SLEEP);
28631 
28632 #ifdef _MULTI_DATAMODEL
28633 	switch (ddi_model_convert_from(flag & FMODELS)) {
28634 	case DDI_MODEL_ILP32:
28635 		if (ddi_copyin(data, cdxa32, sizeof (*cdxa32), flag)) {
28636 			kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28637 			return (EFAULT);
28638 		}
28639 		/*
28640 		 * Convert the ILP32 uscsi data from the
28641 		 * application to LP64 for internal use.
28642 		 */
28643 		cdrom_cdxa32tocdrom_cdxa(cdxa32, cdxa);
28644 		break;
28645 	case DDI_MODEL_NONE:
28646 		if (ddi_copyin(data, cdxa, sizeof (struct cdrom_cdxa), flag)) {
28647 			kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28648 			return (EFAULT);
28649 		}
28650 		break;
28651 	}
28652 #else /* ! _MULTI_DATAMODEL */
28653 	if (ddi_copyin(data, cdxa, sizeof (struct cdrom_cdxa), flag)) {
28654 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28655 		return (EFAULT);
28656 	}
28657 #endif /* _MULTI_DATAMODEL */
28658 
28659 	/*
28660 	 * Since MMC-2 expects max 3 bytes for length, check if the
28661 	 * length input is greater than 3 bytes
28662 	 */
28663 	if ((cdxa->cdxa_length & 0xFF000000) != 0) {
28664 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_read_cdxa: "
28665 		    "cdrom transfer length too large: %d (limit %d)\n",
28666 		    cdxa->cdxa_length, 0xFFFFFF);
28667 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28668 		return (EINVAL);
28669 	}
28670 
28671 	switch (cdxa->cdxa_format) {
28672 	case CDROM_XA_DATA:
28673 		buflen = CDROM_BLK_2048 * cdxa->cdxa_length;
28674 		read_flags = 0x10;
28675 		break;
28676 	case CDROM_XA_SECTOR_DATA:
28677 		buflen = CDROM_BLK_2352 * cdxa->cdxa_length;
28678 		read_flags = 0xf8;
28679 		break;
28680 	case CDROM_XA_DATA_W_ERROR:
28681 		buflen = CDROM_BLK_2646 * cdxa->cdxa_length;
28682 		read_flags = 0xfc;
28683 		break;
28684 	default:
28685 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28686 		    "sr_read_cdxa: Format '0x%x' Not Supported\n",
28687 		    cdxa->cdxa_format);
28688 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28689 		return (EINVAL);
28690 	}
28691 
28692 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28693 	bzero(cdb, CDB_GROUP5);
28694 	if (un->un_f_mmc_cap == TRUE) {
28695 		cdb[0] = (char)SCMD_READ_CD;
28696 		cdb[2] = (((cdxa->cdxa_addr) & 0xff000000) >> 24);
28697 		cdb[3] = (((cdxa->cdxa_addr) & 0x00ff0000) >> 16);
28698 		cdb[4] = (((cdxa->cdxa_addr) & 0x0000ff00) >> 8);
28699 		cdb[5] = ((cdxa->cdxa_addr) & 0x000000ff);
28700 		cdb[6] = (((cdxa->cdxa_length) & 0x00ff0000) >> 16);
28701 		cdb[7] = (((cdxa->cdxa_length) & 0x0000ff00) >> 8);
28702 		cdb[8] = ((cdxa->cdxa_length) & 0x000000ff);
28703 		cdb[9] = (char)read_flags;
28704 	} else {
28705 		/*
28706 		 * Note: A vendor specific command (0xDB) is being used her to
28707 		 * request a read of all subcodes.
28708 		 */
28709 		cdb[0] = (char)SCMD_READ_CDXA;
28710 		cdb[2] = (((cdxa->cdxa_addr) & 0xff000000) >> 24);
28711 		cdb[3] = (((cdxa->cdxa_addr) & 0x00ff0000) >> 16);
28712 		cdb[4] = (((cdxa->cdxa_addr) & 0x0000ff00) >> 8);
28713 		cdb[5] = ((cdxa->cdxa_addr) & 0x000000ff);
28714 		cdb[6] = (((cdxa->cdxa_length) & 0xff000000) >> 24);
28715 		cdb[7] = (((cdxa->cdxa_length) & 0x00ff0000) >> 16);
28716 		cdb[8] = (((cdxa->cdxa_length) & 0x0000ff00) >> 8);
28717 		cdb[9] = ((cdxa->cdxa_length) & 0x000000ff);
28718 		cdb[10] = cdxa->cdxa_format;
28719 	}
28720 	com->uscsi_cdb	   = cdb;
28721 	com->uscsi_cdblen  = CDB_GROUP5;
28722 	com->uscsi_bufaddr = (caddr_t)cdxa->cdxa_data;
28723 	com->uscsi_buflen  = buflen;
28724 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28725 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28726 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28727 	kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28728 	kmem_free(com, sizeof (*com));
28729 	return (rval);
28730 }
28731 
28732 
28733 /*
28734  *    Function: sr_eject()
28735  *
28736  * Description: This routine is the driver entry point for handling CD-ROM
28737  *		eject ioctl requests (FDEJECT, DKIOCEJECT, CDROMEJECT)
28738  *
28739  *   Arguments: dev	- the device 'dev_t'
28740  *
28741  * Return Code: the code returned by sd_send_scsi_cmd()
28742  */
28743 
28744 static int
28745 sr_eject(dev_t dev)
28746 {
28747 	struct sd_lun	*un;
28748 	int		rval;
28749 
28750 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28751 	    (un->un_state == SD_STATE_OFFLINE)) {
28752 		return (ENXIO);
28753 	}
28754 	if ((rval = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_ALLOW,
28755 	    SD_PATH_STANDARD)) != 0) {
28756 		return (rval);
28757 	}
28758 
28759 	rval = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_EJECT,
28760 	    SD_PATH_STANDARD);
28761 
28762 	if (rval == 0) {
28763 		mutex_enter(SD_MUTEX(un));
28764 		sr_ejected(un);
28765 		un->un_mediastate = DKIO_EJECTED;
28766 		cv_broadcast(&un->un_state_cv);
28767 		mutex_exit(SD_MUTEX(un));
28768 	}
28769 	return (rval);
28770 }
28771 
28772 
28773 /*
28774  *    Function: sr_ejected()
28775  *
28776  * Description: This routine updates the soft state structure to invalidate the
28777  *		geometry information after the media has been ejected or a
28778  *		media eject has been detected.
28779  *
28780  *   Arguments: un - driver soft state (unit) structure
28781  */
28782 
28783 static void
28784 sr_ejected(struct sd_lun *un)
28785 {
28786 	struct sd_errstats *stp;
28787 
28788 	ASSERT(un != NULL);
28789 	ASSERT(mutex_owned(SD_MUTEX(un)));
28790 
28791 	un->un_f_blockcount_is_valid	= FALSE;
28792 	un->un_f_tgt_blocksize_is_valid	= FALSE;
28793 	un->un_f_geometry_is_valid	= FALSE;
28794 
28795 	if (un->un_errstats != NULL) {
28796 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
28797 		stp->sd_capacity.value.ui64 = 0;
28798 	}
28799 }
28800 
28801 
28802 /*
28803  *    Function: sr_check_wp()
28804  *
28805  * Description: This routine checks the write protection of a removable media
28806  *		disk via the write protect bit of the Mode Page Header device
28807  *		specific field.  This routine has been implemented to use the
28808  *		error recovery mode page for all device types.
28809  *		Note: In the future use a sd_send_scsi_MODE_SENSE() routine
28810  *
28811  *   Arguments: dev		- the device 'dev_t'
28812  *
28813  * Return Code: int indicating if the device is write protected (1) or not (0)
28814  *
28815  *     Context: Kernel thread.
28816  *
28817  */
28818 
28819 static int
28820 sr_check_wp(dev_t dev)
28821 {
28822 	struct sd_lun	*un;
28823 	uchar_t		device_specific;
28824 	uchar_t		*sense;
28825 	int		hdrlen;
28826 	int		rval;
28827 	int		retry_flag = FALSE;
28828 
28829 	/*
28830 	 * Note: The return codes for this routine should be reworked to
28831 	 * properly handle the case of a NULL softstate.
28832 	 */
28833 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28834 		return (FALSE);
28835 	}
28836 
28837 	if (un->un_f_cfg_is_atapi == TRUE) {
28838 		retry_flag = TRUE;
28839 	}
28840 
28841 retry:
28842 	if (un->un_f_cfg_is_atapi == TRUE) {
28843 		/*
28844 		 * The mode page contents are not required; set the allocation
28845 		 * length for the mode page header only
28846 		 */
28847 		hdrlen = MODE_HEADER_LENGTH_GRP2;
28848 		sense = kmem_zalloc(hdrlen, KM_SLEEP);
28849 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense, hdrlen,
28850 		    MODEPAGE_ERR_RECOV, SD_PATH_STANDARD);
28851 		device_specific =
28852 		    ((struct mode_header_grp2 *)sense)->device_specific;
28853 	} else {
28854 		hdrlen = MODE_HEADER_LENGTH;
28855 		sense = kmem_zalloc(hdrlen, KM_SLEEP);
28856 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense, hdrlen,
28857 		    MODEPAGE_ERR_RECOV, SD_PATH_STANDARD);
28858 		device_specific =
28859 		    ((struct mode_header *)sense)->device_specific;
28860 	}
28861 
28862 	if (rval != 0) {
28863 		if ((un->un_f_cfg_is_atapi == TRUE) && (retry_flag)) {
28864 			/*
28865 			 * For an Atapi Zip drive, observed the drive
28866 			 * reporting check condition for the first attempt.
28867 			 * Sense data indicating power on or bus device/reset.
28868 			 * Hence in case of failure need to try at least once
28869 			 * for Atapi devices.
28870 			 */
28871 			retry_flag = FALSE;
28872 			kmem_free(sense, hdrlen);
28873 			goto retry;
28874 		} else {
28875 			/*
28876 			 * Write protect mode sense failed; not all disks
28877 			 * understand this query. Return FALSE assuming that
28878 			 * these devices are not writable.
28879 			 */
28880 			rval = FALSE;
28881 		}
28882 	} else {
28883 		if (device_specific & WRITE_PROTECT) {
28884 			rval = TRUE;
28885 		} else {
28886 			rval = FALSE;
28887 		}
28888 	}
28889 	kmem_free(sense, hdrlen);
28890 	return (rval);
28891 }
28892 
28893 
28894 /*
28895  *    Function: sr_volume_ctrl()
28896  *
28897  * Description: This routine is the driver entry point for handling CD-ROM
28898  *		audio output volume ioctl requests. (CDROMVOLCTRL)
28899  *
28900  *   Arguments: dev	- the device 'dev_t'
28901  *		data	- pointer to user audio volume control structure
28902  *		flag	- this argument is a pass through to ddi_copyxxx()
28903  *			  directly from the mode argument of ioctl().
28904  *
28905  * Return Code: the code returned by sd_send_scsi_cmd()
28906  *		EFAULT if ddi_copyxxx() fails
28907  *		ENXIO if fail ddi_get_soft_state
28908  *		EINVAL if data pointer is NULL
28909  *
28910  */
28911 
28912 static int
28913 sr_volume_ctrl(dev_t dev, caddr_t data, int flag)
28914 {
28915 	struct sd_lun		*un;
28916 	struct cdrom_volctrl    volume;
28917 	struct cdrom_volctrl    *vol = &volume;
28918 	uchar_t			*sense_page;
28919 	uchar_t			*select_page;
28920 	uchar_t			*sense;
28921 	uchar_t			*select;
28922 	int			sense_buflen;
28923 	int			select_buflen;
28924 	int			rval;
28925 
28926 	if (data == NULL) {
28927 		return (EINVAL);
28928 	}
28929 
28930 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28931 	    (un->un_state == SD_STATE_OFFLINE)) {
28932 		return (ENXIO);
28933 	}
28934 
28935 	if (ddi_copyin(data, vol, sizeof (struct cdrom_volctrl), flag)) {
28936 		return (EFAULT);
28937 	}
28938 
28939 	if ((un->un_f_cfg_is_atapi == TRUE) || (un->un_f_mmc_cap == TRUE)) {
28940 		struct mode_header_grp2		*sense_mhp;
28941 		struct mode_header_grp2		*select_mhp;
28942 		int				bd_len;
28943 
28944 		sense_buflen = MODE_PARAM_LENGTH_GRP2 + MODEPAGE_AUDIO_CTRL_LEN;
28945 		select_buflen = MODE_HEADER_LENGTH_GRP2 +
28946 		    MODEPAGE_AUDIO_CTRL_LEN;
28947 		sense  = kmem_zalloc(sense_buflen, KM_SLEEP);
28948 		select = kmem_zalloc(select_buflen, KM_SLEEP);
28949 		if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense,
28950 		    sense_buflen, MODEPAGE_AUDIO_CTRL,
28951 		    SD_PATH_STANDARD)) != 0) {
28952 			SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28953 			    "sr_volume_ctrl: Mode Sense Failed\n");
28954 			kmem_free(sense, sense_buflen);
28955 			kmem_free(select, select_buflen);
28956 			return (rval);
28957 		}
28958 		sense_mhp = (struct mode_header_grp2 *)sense;
28959 		select_mhp = (struct mode_header_grp2 *)select;
28960 		bd_len = (sense_mhp->bdesc_length_hi << 8) |
28961 		    sense_mhp->bdesc_length_lo;
28962 		if (bd_len > MODE_BLK_DESC_LENGTH) {
28963 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28964 			    "sr_volume_ctrl: Mode Sense returned invalid "
28965 			    "block descriptor length\n");
28966 			kmem_free(sense, sense_buflen);
28967 			kmem_free(select, select_buflen);
28968 			return (EIO);
28969 		}
28970 		sense_page = (uchar_t *)
28971 		    (sense + MODE_HEADER_LENGTH_GRP2 + bd_len);
28972 		select_page = (uchar_t *)(select + MODE_HEADER_LENGTH_GRP2);
28973 		select_mhp->length_msb = 0;
28974 		select_mhp->length_lsb = 0;
28975 		select_mhp->bdesc_length_hi = 0;
28976 		select_mhp->bdesc_length_lo = 0;
28977 	} else {
28978 		struct mode_header		*sense_mhp, *select_mhp;
28979 
28980 		sense_buflen = MODE_PARAM_LENGTH + MODEPAGE_AUDIO_CTRL_LEN;
28981 		select_buflen = MODE_HEADER_LENGTH + MODEPAGE_AUDIO_CTRL_LEN;
28982 		sense  = kmem_zalloc(sense_buflen, KM_SLEEP);
28983 		select = kmem_zalloc(select_buflen, KM_SLEEP);
28984 		if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
28985 		    sense_buflen, MODEPAGE_AUDIO_CTRL,
28986 		    SD_PATH_STANDARD)) != 0) {
28987 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28988 			    "sr_volume_ctrl: Mode Sense Failed\n");
28989 			kmem_free(sense, sense_buflen);
28990 			kmem_free(select, select_buflen);
28991 			return (rval);
28992 		}
28993 		sense_mhp  = (struct mode_header *)sense;
28994 		select_mhp = (struct mode_header *)select;
28995 		if (sense_mhp->bdesc_length > MODE_BLK_DESC_LENGTH) {
28996 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28997 			    "sr_volume_ctrl: Mode Sense returned invalid "
28998 			    "block descriptor length\n");
28999 			kmem_free(sense, sense_buflen);
29000 			kmem_free(select, select_buflen);
29001 			return (EIO);
29002 		}
29003 		sense_page = (uchar_t *)
29004 		    (sense + MODE_HEADER_LENGTH + sense_mhp->bdesc_length);
29005 		select_page = (uchar_t *)(select + MODE_HEADER_LENGTH);
29006 		select_mhp->length = 0;
29007 		select_mhp->bdesc_length = 0;
29008 	}
29009 	/*
29010 	 * Note: An audio control data structure could be created and overlayed
29011 	 * on the following in place of the array indexing method implemented.
29012 	 */
29013 
29014 	/* Build the select data for the user volume data */
29015 	select_page[0] = MODEPAGE_AUDIO_CTRL;
29016 	select_page[1] = 0xE;
29017 	/* Set the immediate bit */
29018 	select_page[2] = 0x04;
29019 	/* Zero out reserved fields */
29020 	select_page[3] = 0x00;
29021 	select_page[4] = 0x00;
29022 	/* Return sense data for fields not to be modified */
29023 	select_page[5] = sense_page[5];
29024 	select_page[6] = sense_page[6];
29025 	select_page[7] = sense_page[7];
29026 	/* Set the user specified volume levels for channel 0 and 1 */
29027 	select_page[8] = 0x01;
29028 	select_page[9] = vol->channel0;
29029 	select_page[10] = 0x02;
29030 	select_page[11] = vol->channel1;
29031 	/* Channel 2 and 3 are currently unsupported so return the sense data */
29032 	select_page[12] = sense_page[12];
29033 	select_page[13] = sense_page[13];
29034 	select_page[14] = sense_page[14];
29035 	select_page[15] = sense_page[15];
29036 
29037 	if ((un->un_f_cfg_is_atapi == TRUE) || (un->un_f_mmc_cap == TRUE)) {
29038 		rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP1, select,
29039 		    select_buflen, SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
29040 	} else {
29041 		rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
29042 		    select_buflen, SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
29043 	}
29044 
29045 	kmem_free(sense, sense_buflen);
29046 	kmem_free(select, select_buflen);
29047 	return (rval);
29048 }
29049 
29050 
29051 /*
29052  *    Function: sr_read_sony_session_offset()
29053  *
29054  * Description: This routine is the driver entry point for handling CD-ROM
29055  *		ioctl requests for session offset information. (CDROMREADOFFSET)
29056  *		The address of the first track in the last session of a
29057  *		multi-session CD-ROM is returned
29058  *
29059  *		Note: This routine uses a vendor specific key value in the
29060  *		command control field without implementing any vendor check here
29061  *		or in the ioctl routine.
29062  *
29063  *   Arguments: dev	- the device 'dev_t'
29064  *		data	- pointer to an int to hold the requested address
29065  *		flag	- this argument is a pass through to ddi_copyxxx()
29066  *			  directly from the mode argument of ioctl().
29067  *
29068  * Return Code: the code returned by sd_send_scsi_cmd()
29069  *		EFAULT if ddi_copyxxx() fails
29070  *		ENXIO if fail ddi_get_soft_state
29071  *		EINVAL if data pointer is NULL
29072  */
29073 
29074 static int
29075 sr_read_sony_session_offset(dev_t dev, caddr_t data, int flag)
29076 {
29077 	struct sd_lun		*un;
29078 	struct uscsi_cmd	*com;
29079 	caddr_t			buffer;
29080 	char			cdb[CDB_GROUP1];
29081 	int			session_offset = 0;
29082 	int			rval;
29083 
29084 	if (data == NULL) {
29085 		return (EINVAL);
29086 	}
29087 
29088 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
29089 	    (un->un_state == SD_STATE_OFFLINE)) {
29090 		return (ENXIO);
29091 	}
29092 
29093 	buffer = kmem_zalloc((size_t)SONY_SESSION_OFFSET_LEN, KM_SLEEP);
29094 	bzero(cdb, CDB_GROUP1);
29095 	cdb[0] = SCMD_READ_TOC;
29096 	/*
29097 	 * Bytes 7 & 8 are the 12 byte allocation length for a single entry.
29098 	 * (4 byte TOC response header + 8 byte response data)
29099 	 */
29100 	cdb[8] = SONY_SESSION_OFFSET_LEN;
29101 	/* Byte 9 is the control byte. A vendor specific value is used */
29102 	cdb[9] = SONY_SESSION_OFFSET_KEY;
29103 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
29104 	com->uscsi_cdb = cdb;
29105 	com->uscsi_cdblen = CDB_GROUP1;
29106 	com->uscsi_bufaddr = buffer;
29107 	com->uscsi_buflen = SONY_SESSION_OFFSET_LEN;
29108 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
29109 
29110 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
29111 	    UIO_SYSSPACE, SD_PATH_STANDARD);
29112 	if (rval != 0) {
29113 		kmem_free(buffer, SONY_SESSION_OFFSET_LEN);
29114 		kmem_free(com, sizeof (*com));
29115 		return (rval);
29116 	}
29117 	if (buffer[1] == SONY_SESSION_OFFSET_VALID) {
29118 		session_offset =
29119 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
29120 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
29121 		/*
29122 		 * Offset returned offset in current lbasize block's. Convert to
29123 		 * 2k block's to return to the user
29124 		 */
29125 		if (un->un_tgt_blocksize == CDROM_BLK_512) {
29126 			session_offset >>= 2;
29127 		} else if (un->un_tgt_blocksize == CDROM_BLK_1024) {
29128 			session_offset >>= 1;
29129 		}
29130 	}
29131 
29132 	if (ddi_copyout(&session_offset, data, sizeof (int), flag) != 0) {
29133 		rval = EFAULT;
29134 	}
29135 
29136 	kmem_free(buffer, SONY_SESSION_OFFSET_LEN);
29137 	kmem_free(com, sizeof (*com));
29138 	return (rval);
29139 }
29140 
29141 
29142 /*
29143  *    Function: sd_wm_cache_constructor()
29144  *
29145  * Description: Cache Constructor for the wmap cache for the read/modify/write
29146  * 		devices.
29147  *
29148  *   Arguments: wm      - A pointer to the sd_w_map to be initialized.
29149  *		un	- sd_lun structure for the device.
29150  *		flag	- the km flags passed to constructor
29151  *
29152  * Return Code: 0 on success.
29153  *		-1 on failure.
29154  */
29155 
29156 /*ARGSUSED*/
29157 static int
29158 sd_wm_cache_constructor(void *wm, void *un, int flags)
29159 {
29160 	bzero(wm, sizeof (struct sd_w_map));
29161 	cv_init(&((struct sd_w_map *)wm)->wm_avail, NULL, CV_DRIVER, NULL);
29162 	return (0);
29163 }
29164 
29165 
29166 /*
29167  *    Function: sd_wm_cache_destructor()
29168  *
29169  * Description: Cache destructor for the wmap cache for the read/modify/write
29170  * 		devices.
29171  *
29172  *   Arguments: wm      - A pointer to the sd_w_map to be initialized.
29173  *		un	- sd_lun structure for the device.
29174  */
29175 /*ARGSUSED*/
29176 static void
29177 sd_wm_cache_destructor(void *wm, void *un)
29178 {
29179 	cv_destroy(&((struct sd_w_map *)wm)->wm_avail);
29180 }
29181 
29182 
29183 /*
29184  *    Function: sd_range_lock()
29185  *
29186  * Description: Lock the range of blocks specified as parameter to ensure
29187  *		that read, modify write is atomic and no other i/o writes
29188  *		to the same location. The range is specified in terms
29189  *		of start and end blocks. Block numbers are the actual
29190  *		media block numbers and not system.
29191  *
29192  *   Arguments: un	- sd_lun structure for the device.
29193  *		startb - The starting block number
29194  *		endb - The end block number
29195  *		typ - type of i/o - simple/read_modify_write
29196  *
29197  * Return Code: wm  - pointer to the wmap structure.
29198  *
29199  *     Context: This routine can sleep.
29200  */
29201 
29202 static struct sd_w_map *
29203 sd_range_lock(struct sd_lun *un, daddr_t startb, daddr_t endb, ushort_t typ)
29204 {
29205 	struct sd_w_map *wmp = NULL;
29206 	struct sd_w_map *sl_wmp = NULL;
29207 	struct sd_w_map *tmp_wmp;
29208 	wm_state state = SD_WM_CHK_LIST;
29209 
29210 
29211 	ASSERT(un != NULL);
29212 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29213 
29214 	mutex_enter(SD_MUTEX(un));
29215 
29216 	while (state != SD_WM_DONE) {
29217 
29218 		switch (state) {
29219 		case SD_WM_CHK_LIST:
29220 			/*
29221 			 * This is the starting state. Check the wmap list
29222 			 * to see if the range is currently available.
29223 			 */
29224 			if (!(typ & SD_WTYPE_RMW) && !(un->un_rmw_count)) {
29225 				/*
29226 				 * If this is a simple write and no rmw
29227 				 * i/o is pending then try to lock the
29228 				 * range as the range should be available.
29229 				 */
29230 				state = SD_WM_LOCK_RANGE;
29231 			} else {
29232 				tmp_wmp = sd_get_range(un, startb, endb);
29233 				if (tmp_wmp != NULL) {
29234 					if ((wmp != NULL) && ONLIST(un, wmp)) {
29235 						/*
29236 						 * Should not keep onlist wmps
29237 						 * while waiting this macro
29238 						 * will also do wmp = NULL;
29239 						 */
29240 						FREE_ONLIST_WMAP(un, wmp);
29241 					}
29242 					/*
29243 					 * sl_wmp is the wmap on which wait
29244 					 * is done, since the tmp_wmp points
29245 					 * to the inuse wmap, set sl_wmp to
29246 					 * tmp_wmp and change the state to sleep
29247 					 */
29248 					sl_wmp = tmp_wmp;
29249 					state = SD_WM_WAIT_MAP;
29250 				} else {
29251 					state = SD_WM_LOCK_RANGE;
29252 				}
29253 
29254 			}
29255 			break;
29256 
29257 		case SD_WM_LOCK_RANGE:
29258 			ASSERT(un->un_wm_cache);
29259 			/*
29260 			 * The range need to be locked, try to get a wmap.
29261 			 * First attempt it with NO_SLEEP, want to avoid a sleep
29262 			 * if possible as we will have to release the sd mutex
29263 			 * if we have to sleep.
29264 			 */
29265 			if (wmp == NULL)
29266 				wmp = kmem_cache_alloc(un->un_wm_cache,
29267 				    KM_NOSLEEP);
29268 			if (wmp == NULL) {
29269 				mutex_exit(SD_MUTEX(un));
29270 				_NOTE(DATA_READABLE_WITHOUT_LOCK
29271 				    (sd_lun::un_wm_cache))
29272 				wmp = kmem_cache_alloc(un->un_wm_cache,
29273 				    KM_SLEEP);
29274 				mutex_enter(SD_MUTEX(un));
29275 				/*
29276 				 * we released the mutex so recheck and go to
29277 				 * check list state.
29278 				 */
29279 				state = SD_WM_CHK_LIST;
29280 			} else {
29281 				/*
29282 				 * We exit out of state machine since we
29283 				 * have the wmap. Do the housekeeping first.
29284 				 * place the wmap on the wmap list if it is not
29285 				 * on it already and then set the state to done.
29286 				 */
29287 				wmp->wm_start = startb;
29288 				wmp->wm_end = endb;
29289 				wmp->wm_flags = typ | SD_WM_BUSY;
29290 				if (typ & SD_WTYPE_RMW) {
29291 					un->un_rmw_count++;
29292 				}
29293 				/*
29294 				 * If not already on the list then link
29295 				 */
29296 				if (!ONLIST(un, wmp)) {
29297 					wmp->wm_next = un->un_wm;
29298 					wmp->wm_prev = NULL;
29299 					if (wmp->wm_next)
29300 						wmp->wm_next->wm_prev = wmp;
29301 					un->un_wm = wmp;
29302 				}
29303 				state = SD_WM_DONE;
29304 			}
29305 			break;
29306 
29307 		case SD_WM_WAIT_MAP:
29308 			ASSERT(sl_wmp->wm_flags & SD_WM_BUSY);
29309 			/*
29310 			 * Wait is done on sl_wmp, which is set in the
29311 			 * check_list state.
29312 			 */
29313 			sl_wmp->wm_wanted_count++;
29314 			cv_wait(&sl_wmp->wm_avail, SD_MUTEX(un));
29315 			sl_wmp->wm_wanted_count--;
29316 			if (!(sl_wmp->wm_flags & SD_WM_BUSY)) {
29317 				if (wmp != NULL)
29318 					CHK_N_FREEWMP(un, wmp);
29319 				wmp = sl_wmp;
29320 			}
29321 			sl_wmp = NULL;
29322 			/*
29323 			 * After waking up, need to recheck for availability of
29324 			 * range.
29325 			 */
29326 			state = SD_WM_CHK_LIST;
29327 			break;
29328 
29329 		default:
29330 			panic("sd_range_lock: "
29331 			    "Unknown state %d in sd_range_lock", state);
29332 			/*NOTREACHED*/
29333 		} /* switch(state) */
29334 
29335 	} /* while(state != SD_WM_DONE) */
29336 
29337 	mutex_exit(SD_MUTEX(un));
29338 
29339 	ASSERT(wmp != NULL);
29340 
29341 	return (wmp);
29342 }
29343 
29344 
29345 /*
29346  *    Function: sd_get_range()
29347  *
29348  * Description: Find if there any overlapping I/O to this one
29349  *		Returns the write-map of 1st such I/O, NULL otherwise.
29350  *
29351  *   Arguments: un	- sd_lun structure for the device.
29352  *		startb - The starting block number
29353  *		endb - The end block number
29354  *
29355  * Return Code: wm  - pointer to the wmap structure.
29356  */
29357 
29358 static struct sd_w_map *
29359 sd_get_range(struct sd_lun *un, daddr_t startb, daddr_t endb)
29360 {
29361 	struct sd_w_map *wmp;
29362 
29363 	ASSERT(un != NULL);
29364 
29365 	for (wmp = un->un_wm; wmp != NULL; wmp = wmp->wm_next) {
29366 		if (!(wmp->wm_flags & SD_WM_BUSY)) {
29367 			continue;
29368 		}
29369 		if ((startb >= wmp->wm_start) && (startb <= wmp->wm_end)) {
29370 			break;
29371 		}
29372 		if ((endb >= wmp->wm_start) && (endb <= wmp->wm_end)) {
29373 			break;
29374 		}
29375 	}
29376 
29377 	return (wmp);
29378 }
29379 
29380 
29381 /*
29382  *    Function: sd_free_inlist_wmap()
29383  *
29384  * Description: Unlink and free a write map struct.
29385  *
29386  *   Arguments: un      - sd_lun structure for the device.
29387  *		wmp	- sd_w_map which needs to be unlinked.
29388  */
29389 
29390 static void
29391 sd_free_inlist_wmap(struct sd_lun *un, struct sd_w_map *wmp)
29392 {
29393 	ASSERT(un != NULL);
29394 
29395 	if (un->un_wm == wmp) {
29396 		un->un_wm = wmp->wm_next;
29397 	} else {
29398 		wmp->wm_prev->wm_next = wmp->wm_next;
29399 	}
29400 
29401 	if (wmp->wm_next) {
29402 		wmp->wm_next->wm_prev = wmp->wm_prev;
29403 	}
29404 
29405 	wmp->wm_next = wmp->wm_prev = NULL;
29406 
29407 	kmem_cache_free(un->un_wm_cache, wmp);
29408 }
29409 
29410 
29411 /*
29412  *    Function: sd_range_unlock()
29413  *
29414  * Description: Unlock the range locked by wm.
29415  *		Free write map if nobody else is waiting on it.
29416  *
29417  *   Arguments: un      - sd_lun structure for the device.
29418  *              wmp     - sd_w_map which needs to be unlinked.
29419  */
29420 
29421 static void
29422 sd_range_unlock(struct sd_lun *un, struct sd_w_map *wm)
29423 {
29424 	ASSERT(un != NULL);
29425 	ASSERT(wm != NULL);
29426 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29427 
29428 	mutex_enter(SD_MUTEX(un));
29429 
29430 	if (wm->wm_flags & SD_WTYPE_RMW) {
29431 		un->un_rmw_count--;
29432 	}
29433 
29434 	if (wm->wm_wanted_count) {
29435 		wm->wm_flags = 0;
29436 		/*
29437 		 * Broadcast that the wmap is available now.
29438 		 */
29439 		cv_broadcast(&wm->wm_avail);
29440 	} else {
29441 		/*
29442 		 * If no one is waiting on the map, it should be free'ed.
29443 		 */
29444 		sd_free_inlist_wmap(un, wm);
29445 	}
29446 
29447 	mutex_exit(SD_MUTEX(un));
29448 }
29449 
29450 
29451 /*
29452  *    Function: sd_read_modify_write_task
29453  *
29454  * Description: Called from a taskq thread to initiate the write phase of
29455  *		a read-modify-write request.  This is used for targets where
29456  *		un->un_sys_blocksize != un->un_tgt_blocksize.
29457  *
29458  *   Arguments: arg - a pointer to the buf(9S) struct for the write command.
29459  *
29460  *     Context: Called under taskq thread context.
29461  */
29462 
29463 static void
29464 sd_read_modify_write_task(void *arg)
29465 {
29466 	struct sd_mapblocksize_info	*bsp;
29467 	struct buf	*bp;
29468 	struct sd_xbuf	*xp;
29469 	struct sd_lun	*un;
29470 
29471 	bp = arg;	/* The bp is given in arg */
29472 	ASSERT(bp != NULL);
29473 
29474 	/* Get the pointer to the layer-private data struct */
29475 	xp = SD_GET_XBUF(bp);
29476 	ASSERT(xp != NULL);
29477 	bsp = xp->xb_private;
29478 	ASSERT(bsp != NULL);
29479 
29480 	un = SD_GET_UN(bp);
29481 	ASSERT(un != NULL);
29482 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29483 
29484 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
29485 	    "sd_read_modify_write_task: entry: buf:0x%p\n", bp);
29486 
29487 	/*
29488 	 * This is the write phase of a read-modify-write request, called
29489 	 * under the context of a taskq thread in response to the completion
29490 	 * of the read portion of the rmw request completing under interrupt
29491 	 * context. The write request must be sent from here down the iostart
29492 	 * chain as if it were being sent from sd_mapblocksize_iostart(), so
29493 	 * we use the layer index saved in the layer-private data area.
29494 	 */
29495 	SD_NEXT_IOSTART(bsp->mbs_layer_index, un, bp);
29496 
29497 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
29498 	    "sd_read_modify_write_task: exit: buf:0x%p\n", bp);
29499 }
29500 
29501 
29502 /*
29503  *    Function: sddump_do_read_of_rmw()
29504  *
29505  * Description: This routine will be called from sddump, If sddump is called
29506  *		with an I/O which not aligned on device blocksize boundary
29507  *		then the write has to be converted to read-modify-write.
29508  *		Do the read part here in order to keep sddump simple.
29509  *		Note - That the sd_mutex is held across the call to this
29510  *		routine.
29511  *
29512  *   Arguments: un	- sd_lun
29513  *		blkno	- block number in terms of media block size.
29514  *		nblk	- number of blocks.
29515  *		bpp	- pointer to pointer to the buf structure. On return
29516  *			from this function, *bpp points to the valid buffer
29517  *			to which the write has to be done.
29518  *
29519  * Return Code: 0 for success or errno-type return code
29520  */
29521 
29522 static int
29523 sddump_do_read_of_rmw(struct sd_lun *un, uint64_t blkno, uint64_t nblk,
29524 	struct buf **bpp)
29525 {
29526 	int err;
29527 	int i;
29528 	int rval;
29529 	struct buf *bp;
29530 	struct scsi_pkt *pkt = NULL;
29531 	uint32_t target_blocksize;
29532 
29533 	ASSERT(un != NULL);
29534 	ASSERT(mutex_owned(SD_MUTEX(un)));
29535 
29536 	target_blocksize = un->un_tgt_blocksize;
29537 
29538 	mutex_exit(SD_MUTEX(un));
29539 
29540 	bp = scsi_alloc_consistent_buf(SD_ADDRESS(un), (struct buf *)NULL,
29541 	    (size_t)(nblk * target_blocksize), B_READ, NULL_FUNC, NULL);
29542 	if (bp == NULL) {
29543 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29544 		    "no resources for dumping; giving up");
29545 		err = ENOMEM;
29546 		goto done;
29547 	}
29548 
29549 	rval = sd_setup_rw_pkt(un, &pkt, bp, 0, NULL_FUNC, NULL,
29550 	    blkno, nblk);
29551 	if (rval != 0) {
29552 		scsi_free_consistent_buf(bp);
29553 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29554 		    "no resources for dumping; giving up");
29555 		err = ENOMEM;
29556 		goto done;
29557 	}
29558 
29559 	pkt->pkt_flags |= FLAG_NOINTR;
29560 
29561 	err = EIO;
29562 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
29563 
29564 		/*
29565 		 * Scsi_poll returns 0 (success) if the command completes and
29566 		 * the status block is STATUS_GOOD.  We should only check
29567 		 * errors if this condition is not true.  Even then we should
29568 		 * send our own request sense packet only if we have a check
29569 		 * condition and auto request sense has not been performed by
29570 		 * the hba.
29571 		 */
29572 		SD_TRACE(SD_LOG_DUMP, un, "sddump: sending read\n");
29573 
29574 		if ((sd_scsi_poll(un, pkt) == 0) && (pkt->pkt_resid == 0)) {
29575 			err = 0;
29576 			break;
29577 		}
29578 
29579 		/*
29580 		 * Check CMD_DEV_GONE 1st, give up if device is gone,
29581 		 * no need to read RQS data.
29582 		 */
29583 		if (pkt->pkt_reason == CMD_DEV_GONE) {
29584 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29585 			    "Device is gone\n");
29586 			break;
29587 		}
29588 
29589 		if (SD_GET_PKT_STATUS(pkt) == STATUS_CHECK) {
29590 			SD_INFO(SD_LOG_DUMP, un,
29591 			    "sddump: read failed with CHECK, try # %d\n", i);
29592 			if (((pkt->pkt_state & STATE_ARQ_DONE) == 0)) {
29593 				(void) sd_send_polled_RQS(un);
29594 			}
29595 
29596 			continue;
29597 		}
29598 
29599 		if (SD_GET_PKT_STATUS(pkt) == STATUS_BUSY) {
29600 			int reset_retval = 0;
29601 
29602 			SD_INFO(SD_LOG_DUMP, un,
29603 			    "sddump: read failed with BUSY, try # %d\n", i);
29604 
29605 			if (un->un_f_lun_reset_enabled == TRUE) {
29606 				reset_retval = scsi_reset(SD_ADDRESS(un),
29607 				    RESET_LUN);
29608 			}
29609 			if (reset_retval == 0) {
29610 				(void) scsi_reset(SD_ADDRESS(un), RESET_TARGET);
29611 			}
29612 			(void) sd_send_polled_RQS(un);
29613 
29614 		} else {
29615 			SD_INFO(SD_LOG_DUMP, un,
29616 			    "sddump: read failed with 0x%x, try # %d\n",
29617 			    SD_GET_PKT_STATUS(pkt), i);
29618 			mutex_enter(SD_MUTEX(un));
29619 			sd_reset_target(un, pkt);
29620 			mutex_exit(SD_MUTEX(un));
29621 		}
29622 
29623 		/*
29624 		 * If we are not getting anywhere with lun/target resets,
29625 		 * let's reset the bus.
29626 		 */
29627 		if (i > SD_NDUMP_RETRIES/2) {
29628 			(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
29629 			(void) sd_send_polled_RQS(un);
29630 		}
29631 
29632 	}
29633 	scsi_destroy_pkt(pkt);
29634 
29635 	if (err != 0) {
29636 		scsi_free_consistent_buf(bp);
29637 		*bpp = NULL;
29638 	} else {
29639 		*bpp = bp;
29640 	}
29641 
29642 done:
29643 	mutex_enter(SD_MUTEX(un));
29644 	return (err);
29645 }
29646 
29647 
29648 /*
29649  *    Function: sd_failfast_flushq
29650  *
29651  * Description: Take all bp's on the wait queue that have B_FAILFAST set
29652  *		in b_flags and move them onto the failfast queue, then kick
29653  *		off a thread to return all bp's on the failfast queue to
29654  *		their owners with an error set.
29655  *
29656  *   Arguments: un - pointer to the soft state struct for the instance.
29657  *
29658  *     Context: may execute in interrupt context.
29659  */
29660 
29661 static void
29662 sd_failfast_flushq(struct sd_lun *un)
29663 {
29664 	struct buf *bp;
29665 	struct buf *next_waitq_bp;
29666 	struct buf *prev_waitq_bp = NULL;
29667 
29668 	ASSERT(un != NULL);
29669 	ASSERT(mutex_owned(SD_MUTEX(un)));
29670 	ASSERT(un->un_failfast_state == SD_FAILFAST_ACTIVE);
29671 	ASSERT(un->un_failfast_bp == NULL);
29672 
29673 	SD_TRACE(SD_LOG_IO_FAILFAST, un,
29674 	    "sd_failfast_flushq: entry: un:0x%p\n", un);
29675 
29676 	/*
29677 	 * Check if we should flush all bufs when entering failfast state, or
29678 	 * just those with B_FAILFAST set.
29679 	 */
29680 	if (sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_BUFS) {
29681 		/*
29682 		 * Move *all* bp's on the wait queue to the failfast flush
29683 		 * queue, including those that do NOT have B_FAILFAST set.
29684 		 */
29685 		if (un->un_failfast_headp == NULL) {
29686 			ASSERT(un->un_failfast_tailp == NULL);
29687 			un->un_failfast_headp = un->un_waitq_headp;
29688 		} else {
29689 			ASSERT(un->un_failfast_tailp != NULL);
29690 			un->un_failfast_tailp->av_forw = un->un_waitq_headp;
29691 		}
29692 
29693 		un->un_failfast_tailp = un->un_waitq_tailp;
29694 
29695 		/* update kstat for each bp moved out of the waitq */
29696 		for (bp = un->un_waitq_headp; bp != NULL; bp = bp->av_forw) {
29697 			SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
29698 		}
29699 
29700 		/* empty the waitq */
29701 		un->un_waitq_headp = un->un_waitq_tailp = NULL;
29702 
29703 	} else {
29704 		/*
29705 		 * Go thru the wait queue, pick off all entries with
29706 		 * B_FAILFAST set, and move these onto the failfast queue.
29707 		 */
29708 		for (bp = un->un_waitq_headp; bp != NULL; bp = next_waitq_bp) {
29709 			/*
29710 			 * Save the pointer to the next bp on the wait queue,
29711 			 * so we get to it on the next iteration of this loop.
29712 			 */
29713 			next_waitq_bp = bp->av_forw;
29714 
29715 			/*
29716 			 * If this bp from the wait queue does NOT have
29717 			 * B_FAILFAST set, just move on to the next element
29718 			 * in the wait queue. Note, this is the only place
29719 			 * where it is correct to set prev_waitq_bp.
29720 			 */
29721 			if ((bp->b_flags & B_FAILFAST) == 0) {
29722 				prev_waitq_bp = bp;
29723 				continue;
29724 			}
29725 
29726 			/*
29727 			 * Remove the bp from the wait queue.
29728 			 */
29729 			if (bp == un->un_waitq_headp) {
29730 				/* The bp is the first element of the waitq. */
29731 				un->un_waitq_headp = next_waitq_bp;
29732 				if (un->un_waitq_headp == NULL) {
29733 					/* The wait queue is now empty */
29734 					un->un_waitq_tailp = NULL;
29735 				}
29736 			} else {
29737 				/*
29738 				 * The bp is either somewhere in the middle
29739 				 * or at the end of the wait queue.
29740 				 */
29741 				ASSERT(un->un_waitq_headp != NULL);
29742 				ASSERT(prev_waitq_bp != NULL);
29743 				ASSERT((prev_waitq_bp->b_flags & B_FAILFAST)
29744 				    == 0);
29745 				if (bp == un->un_waitq_tailp) {
29746 					/* bp is the last entry on the waitq. */
29747 					ASSERT(next_waitq_bp == NULL);
29748 					un->un_waitq_tailp = prev_waitq_bp;
29749 				}
29750 				prev_waitq_bp->av_forw = next_waitq_bp;
29751 			}
29752 			bp->av_forw = NULL;
29753 
29754 			/*
29755 			 * update kstat since the bp is moved out of
29756 			 * the waitq
29757 			 */
29758 			SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
29759 
29760 			/*
29761 			 * Now put the bp onto the failfast queue.
29762 			 */
29763 			if (un->un_failfast_headp == NULL) {
29764 				/* failfast queue is currently empty */
29765 				ASSERT(un->un_failfast_tailp == NULL);
29766 				un->un_failfast_headp =
29767 				    un->un_failfast_tailp = bp;
29768 			} else {
29769 				/* Add the bp to the end of the failfast q */
29770 				ASSERT(un->un_failfast_tailp != NULL);
29771 				ASSERT(un->un_failfast_tailp->b_flags &
29772 				    B_FAILFAST);
29773 				un->un_failfast_tailp->av_forw = bp;
29774 				un->un_failfast_tailp = bp;
29775 			}
29776 		}
29777 	}
29778 
29779 	/*
29780 	 * Now return all bp's on the failfast queue to their owners.
29781 	 */
29782 	while ((bp = un->un_failfast_headp) != NULL) {
29783 
29784 		un->un_failfast_headp = bp->av_forw;
29785 		if (un->un_failfast_headp == NULL) {
29786 			un->un_failfast_tailp = NULL;
29787 		}
29788 
29789 		/*
29790 		 * We want to return the bp with a failure error code, but
29791 		 * we do not want a call to sd_start_cmds() to occur here,
29792 		 * so use sd_return_failed_command_no_restart() instead of
29793 		 * sd_return_failed_command().
29794 		 */
29795 		sd_return_failed_command_no_restart(un, bp, EIO);
29796 	}
29797 
29798 	/* Flush the xbuf queues if required. */
29799 	if (sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_QUEUES) {
29800 		ddi_xbuf_flushq(un->un_xbuf_attr, sd_failfast_flushq_callback);
29801 	}
29802 
29803 	SD_TRACE(SD_LOG_IO_FAILFAST, un,
29804 	    "sd_failfast_flushq: exit: un:0x%p\n", un);
29805 }
29806 
29807 
29808 /*
29809  *    Function: sd_failfast_flushq_callback
29810  *
29811  * Description: Return TRUE if the given bp meets the criteria for failfast
29812  *		flushing. Used with ddi_xbuf_flushq(9F).
29813  *
29814  *   Arguments: bp - ptr to buf struct to be examined.
29815  *
29816  *     Context: Any
29817  */
29818 
29819 static int
29820 sd_failfast_flushq_callback(struct buf *bp)
29821 {
29822 	/*
29823 	 * Return TRUE if (1) we want to flush ALL bufs when the failfast
29824 	 * state is entered; OR (2) the given bp has B_FAILFAST set.
29825 	 */
29826 	return (((sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_BUFS) ||
29827 	    (bp->b_flags & B_FAILFAST)) ? TRUE : FALSE);
29828 }
29829 
29830 
29831 
29832 #if defined(__i386) || defined(__amd64)
29833 /*
29834  * Function: sd_setup_next_xfer
29835  *
29836  * Description: Prepare next I/O operation using DMA_PARTIAL
29837  *
29838  */
29839 
29840 static int
29841 sd_setup_next_xfer(struct sd_lun *un, struct buf *bp,
29842     struct scsi_pkt *pkt, struct sd_xbuf *xp)
29843 {
29844 	ssize_t	num_blks_not_xfered;
29845 	daddr_t	strt_blk_num;
29846 	ssize_t	bytes_not_xfered;
29847 	int	rval;
29848 
29849 	ASSERT(pkt->pkt_resid == 0);
29850 
29851 	/*
29852 	 * Calculate next block number and amount to be transferred.
29853 	 *
29854 	 * How much data NOT transfered to the HBA yet.
29855 	 */
29856 	bytes_not_xfered = xp->xb_dma_resid;
29857 
29858 	/*
29859 	 * figure how many blocks NOT transfered to the HBA yet.
29860 	 */
29861 	num_blks_not_xfered = SD_BYTES2TGTBLOCKS(un, bytes_not_xfered);
29862 
29863 	/*
29864 	 * set starting block number to the end of what WAS transfered.
29865 	 */
29866 	strt_blk_num = xp->xb_blkno +
29867 	    SD_BYTES2TGTBLOCKS(un, bp->b_bcount - bytes_not_xfered);
29868 
29869 	/*
29870 	 * Move pkt to the next portion of the xfer.  sd_setup_next_rw_pkt
29871 	 * will call scsi_initpkt with NULL_FUNC so we do not have to release
29872 	 * the disk mutex here.
29873 	 */
29874 	rval = sd_setup_next_rw_pkt(un, pkt, bp,
29875 	    strt_blk_num, num_blks_not_xfered);
29876 
29877 	if (rval == 0) {
29878 
29879 		/*
29880 		 * Success.
29881 		 *
29882 		 * Adjust things if there are still more blocks to be
29883 		 * transfered.
29884 		 */
29885 		xp->xb_dma_resid = pkt->pkt_resid;
29886 		pkt->pkt_resid = 0;
29887 
29888 		return (1);
29889 	}
29890 
29891 	/*
29892 	 * There's really only one possible return value from
29893 	 * sd_setup_next_rw_pkt which occurs when scsi_init_pkt
29894 	 * returns NULL.
29895 	 */
29896 	ASSERT(rval == SD_PKT_ALLOC_FAILURE);
29897 
29898 	bp->b_resid = bp->b_bcount;
29899 	bp->b_flags |= B_ERROR;
29900 
29901 	scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
29902 	    "Error setting up next portion of DMA transfer\n");
29903 
29904 	return (0);
29905 }
29906 #endif
29907 
29908 /*
29909  * Note: The following sd_faultinjection_ioctl( ) routines implement
29910  * driver support for handling fault injection for error analysis
29911  * causing faults in multiple layers of the driver.
29912  *
29913  */
29914 
29915 #ifdef SD_FAULT_INJECTION
29916 static uint_t   sd_fault_injection_on = 0;
29917 
29918 /*
29919  *    Function: sd_faultinjection_ioctl()
29920  *
29921  * Description: This routine is the driver entry point for handling
29922  *              faultinjection ioctls to inject errors into the
29923  *              layer model
29924  *
29925  *   Arguments: cmd	- the ioctl cmd recieved
29926  *		arg	- the arguments from user and returns
29927  */
29928 
29929 static void
29930 sd_faultinjection_ioctl(int cmd, intptr_t arg,  struct sd_lun *un) {
29931 
29932 	uint_t i;
29933 	uint_t rval;
29934 
29935 	SD_TRACE(SD_LOG_IOERR, un, "sd_faultinjection_ioctl: entry\n");
29936 
29937 	mutex_enter(SD_MUTEX(un));
29938 
29939 	switch (cmd) {
29940 	case SDIOCRUN:
29941 		/* Allow pushed faults to be injected */
29942 		SD_INFO(SD_LOG_SDTEST, un,
29943 		    "sd_faultinjection_ioctl: Injecting Fault Run\n");
29944 
29945 		sd_fault_injection_on = 1;
29946 
29947 		SD_INFO(SD_LOG_IOERR, un,
29948 		    "sd_faultinjection_ioctl: run finished\n");
29949 		break;
29950 
29951 	case SDIOCSTART:
29952 		/* Start Injection Session */
29953 		SD_INFO(SD_LOG_SDTEST, un,
29954 		    "sd_faultinjection_ioctl: Injecting Fault Start\n");
29955 
29956 		sd_fault_injection_on = 0;
29957 		un->sd_injection_mask = 0xFFFFFFFF;
29958 		for (i = 0; i < SD_FI_MAX_ERROR; i++) {
29959 			un->sd_fi_fifo_pkt[i] = NULL;
29960 			un->sd_fi_fifo_xb[i] = NULL;
29961 			un->sd_fi_fifo_un[i] = NULL;
29962 			un->sd_fi_fifo_arq[i] = NULL;
29963 		}
29964 		un->sd_fi_fifo_start = 0;
29965 		un->sd_fi_fifo_end = 0;
29966 
29967 		mutex_enter(&(un->un_fi_mutex));
29968 		un->sd_fi_log[0] = '\0';
29969 		un->sd_fi_buf_len = 0;
29970 		mutex_exit(&(un->un_fi_mutex));
29971 
29972 		SD_INFO(SD_LOG_IOERR, un,
29973 		    "sd_faultinjection_ioctl: start finished\n");
29974 		break;
29975 
29976 	case SDIOCSTOP:
29977 		/* Stop Injection Session */
29978 		SD_INFO(SD_LOG_SDTEST, un,
29979 		    "sd_faultinjection_ioctl: Injecting Fault Stop\n");
29980 		sd_fault_injection_on = 0;
29981 		un->sd_injection_mask = 0x0;
29982 
29983 		/* Empty stray or unuseds structs from fifo */
29984 		for (i = 0; i < SD_FI_MAX_ERROR; i++) {
29985 			if (un->sd_fi_fifo_pkt[i] != NULL) {
29986 				kmem_free(un->sd_fi_fifo_pkt[i],
29987 				    sizeof (struct sd_fi_pkt));
29988 			}
29989 			if (un->sd_fi_fifo_xb[i] != NULL) {
29990 				kmem_free(un->sd_fi_fifo_xb[i],
29991 				    sizeof (struct sd_fi_xb));
29992 			}
29993 			if (un->sd_fi_fifo_un[i] != NULL) {
29994 				kmem_free(un->sd_fi_fifo_un[i],
29995 				    sizeof (struct sd_fi_un));
29996 			}
29997 			if (un->sd_fi_fifo_arq[i] != NULL) {
29998 				kmem_free(un->sd_fi_fifo_arq[i],
29999 				    sizeof (struct sd_fi_arq));
30000 			}
30001 			un->sd_fi_fifo_pkt[i] = NULL;
30002 			un->sd_fi_fifo_un[i] = NULL;
30003 			un->sd_fi_fifo_xb[i] = NULL;
30004 			un->sd_fi_fifo_arq[i] = NULL;
30005 		}
30006 		un->sd_fi_fifo_start = 0;
30007 		un->sd_fi_fifo_end = 0;
30008 
30009 		SD_INFO(SD_LOG_IOERR, un,
30010 		    "sd_faultinjection_ioctl: stop finished\n");
30011 		break;
30012 
30013 	case SDIOCINSERTPKT:
30014 		/* Store a packet struct to be pushed onto fifo */
30015 		SD_INFO(SD_LOG_SDTEST, un,
30016 		    "sd_faultinjection_ioctl: Injecting Fault Insert Pkt\n");
30017 
30018 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30019 
30020 		sd_fault_injection_on = 0;
30021 
30022 		/* No more that SD_FI_MAX_ERROR allowed in Queue */
30023 		if (un->sd_fi_fifo_pkt[i] != NULL) {
30024 			kmem_free(un->sd_fi_fifo_pkt[i],
30025 			    sizeof (struct sd_fi_pkt));
30026 		}
30027 		if (arg != NULL) {
30028 			un->sd_fi_fifo_pkt[i] =
30029 			    kmem_alloc(sizeof (struct sd_fi_pkt), KM_NOSLEEP);
30030 			if (un->sd_fi_fifo_pkt[i] == NULL) {
30031 				/* Alloc failed don't store anything */
30032 				break;
30033 			}
30034 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_pkt[i],
30035 			    sizeof (struct sd_fi_pkt), 0);
30036 			if (rval == -1) {
30037 				kmem_free(un->sd_fi_fifo_pkt[i],
30038 				    sizeof (struct sd_fi_pkt));
30039 				un->sd_fi_fifo_pkt[i] = NULL;
30040 			}
30041 		} else {
30042 			SD_INFO(SD_LOG_IOERR, un,
30043 			    "sd_faultinjection_ioctl: pkt null\n");
30044 		}
30045 		break;
30046 
30047 	case SDIOCINSERTXB:
30048 		/* Store a xb struct to be pushed onto fifo */
30049 		SD_INFO(SD_LOG_SDTEST, un,
30050 		    "sd_faultinjection_ioctl: Injecting Fault Insert XB\n");
30051 
30052 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30053 
30054 		sd_fault_injection_on = 0;
30055 
30056 		if (un->sd_fi_fifo_xb[i] != NULL) {
30057 			kmem_free(un->sd_fi_fifo_xb[i],
30058 			    sizeof (struct sd_fi_xb));
30059 			un->sd_fi_fifo_xb[i] = NULL;
30060 		}
30061 		if (arg != NULL) {
30062 			un->sd_fi_fifo_xb[i] =
30063 			    kmem_alloc(sizeof (struct sd_fi_xb), KM_NOSLEEP);
30064 			if (un->sd_fi_fifo_xb[i] == NULL) {
30065 				/* Alloc failed don't store anything */
30066 				break;
30067 			}
30068 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_xb[i],
30069 			    sizeof (struct sd_fi_xb), 0);
30070 
30071 			if (rval == -1) {
30072 				kmem_free(un->sd_fi_fifo_xb[i],
30073 				    sizeof (struct sd_fi_xb));
30074 				un->sd_fi_fifo_xb[i] = NULL;
30075 			}
30076 		} else {
30077 			SD_INFO(SD_LOG_IOERR, un,
30078 			    "sd_faultinjection_ioctl: xb null\n");
30079 		}
30080 		break;
30081 
30082 	case SDIOCINSERTUN:
30083 		/* Store a un struct to be pushed onto fifo */
30084 		SD_INFO(SD_LOG_SDTEST, un,
30085 		    "sd_faultinjection_ioctl: Injecting Fault Insert UN\n");
30086 
30087 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30088 
30089 		sd_fault_injection_on = 0;
30090 
30091 		if (un->sd_fi_fifo_un[i] != NULL) {
30092 			kmem_free(un->sd_fi_fifo_un[i],
30093 			    sizeof (struct sd_fi_un));
30094 			un->sd_fi_fifo_un[i] = NULL;
30095 		}
30096 		if (arg != NULL) {
30097 			un->sd_fi_fifo_un[i] =
30098 			    kmem_alloc(sizeof (struct sd_fi_un), KM_NOSLEEP);
30099 			if (un->sd_fi_fifo_un[i] == NULL) {
30100 				/* Alloc failed don't store anything */
30101 				break;
30102 			}
30103 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_un[i],
30104 			    sizeof (struct sd_fi_un), 0);
30105 			if (rval == -1) {
30106 				kmem_free(un->sd_fi_fifo_un[i],
30107 				    sizeof (struct sd_fi_un));
30108 				un->sd_fi_fifo_un[i] = NULL;
30109 			}
30110 
30111 		} else {
30112 			SD_INFO(SD_LOG_IOERR, un,
30113 			    "sd_faultinjection_ioctl: un null\n");
30114 		}
30115 
30116 		break;
30117 
30118 	case SDIOCINSERTARQ:
30119 		/* Store a arq struct to be pushed onto fifo */
30120 		SD_INFO(SD_LOG_SDTEST, un,
30121 		    "sd_faultinjection_ioctl: Injecting Fault Insert ARQ\n");
30122 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30123 
30124 		sd_fault_injection_on = 0;
30125 
30126 		if (un->sd_fi_fifo_arq[i] != NULL) {
30127 			kmem_free(un->sd_fi_fifo_arq[i],
30128 			    sizeof (struct sd_fi_arq));
30129 			un->sd_fi_fifo_arq[i] = NULL;
30130 		}
30131 		if (arg != NULL) {
30132 			un->sd_fi_fifo_arq[i] =
30133 			    kmem_alloc(sizeof (struct sd_fi_arq), KM_NOSLEEP);
30134 			if (un->sd_fi_fifo_arq[i] == NULL) {
30135 				/* Alloc failed don't store anything */
30136 				break;
30137 			}
30138 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_arq[i],
30139 			    sizeof (struct sd_fi_arq), 0);
30140 			if (rval == -1) {
30141 				kmem_free(un->sd_fi_fifo_arq[i],
30142 				    sizeof (struct sd_fi_arq));
30143 				un->sd_fi_fifo_arq[i] = NULL;
30144 			}
30145 
30146 		} else {
30147 			SD_INFO(SD_LOG_IOERR, un,
30148 			    "sd_faultinjection_ioctl: arq null\n");
30149 		}
30150 
30151 		break;
30152 
30153 	case SDIOCPUSH:
30154 		/* Push stored xb, pkt, un, and arq onto fifo */
30155 		sd_fault_injection_on = 0;
30156 
30157 		if (arg != NULL) {
30158 			rval = ddi_copyin((void *)arg, &i, sizeof (uint_t), 0);
30159 			if (rval != -1 &&
30160 			    un->sd_fi_fifo_end + i < SD_FI_MAX_ERROR) {
30161 				un->sd_fi_fifo_end += i;
30162 			}
30163 		} else {
30164 			SD_INFO(SD_LOG_IOERR, un,
30165 			    "sd_faultinjection_ioctl: push arg null\n");
30166 			if (un->sd_fi_fifo_end + i < SD_FI_MAX_ERROR) {
30167 				un->sd_fi_fifo_end++;
30168 			}
30169 		}
30170 		SD_INFO(SD_LOG_IOERR, un,
30171 		    "sd_faultinjection_ioctl: push to end=%d\n",
30172 		    un->sd_fi_fifo_end);
30173 		break;
30174 
30175 	case SDIOCRETRIEVE:
30176 		/* Return buffer of log from Injection session */
30177 		SD_INFO(SD_LOG_SDTEST, un,
30178 		    "sd_faultinjection_ioctl: Injecting Fault Retreive");
30179 
30180 		sd_fault_injection_on = 0;
30181 
30182 		mutex_enter(&(un->un_fi_mutex));
30183 		rval = ddi_copyout(un->sd_fi_log, (void *)arg,
30184 		    un->sd_fi_buf_len+1, 0);
30185 		mutex_exit(&(un->un_fi_mutex));
30186 
30187 		if (rval == -1) {
30188 			/*
30189 			 * arg is possibly invalid setting
30190 			 * it to NULL for return
30191 			 */
30192 			arg = NULL;
30193 		}
30194 		break;
30195 	}
30196 
30197 	mutex_exit(SD_MUTEX(un));
30198 	SD_TRACE(SD_LOG_IOERR, un, "sd_faultinjection_ioctl:"
30199 			    " exit\n");
30200 }
30201 
30202 
30203 /*
30204  *    Function: sd_injection_log()
30205  *
30206  * Description: This routine adds buff to the already existing injection log
30207  *              for retrieval via faultinjection_ioctl for use in fault
30208  *              detection and recovery
30209  *
30210  *   Arguments: buf - the string to add to the log
30211  */
30212 
30213 static void
30214 sd_injection_log(char *buf, struct sd_lun *un)
30215 {
30216 	uint_t len;
30217 
30218 	ASSERT(un != NULL);
30219 	ASSERT(buf != NULL);
30220 
30221 	mutex_enter(&(un->un_fi_mutex));
30222 
30223 	len = min(strlen(buf), 255);
30224 	/* Add logged value to Injection log to be returned later */
30225 	if (len + un->sd_fi_buf_len < SD_FI_MAX_BUF) {
30226 		uint_t	offset = strlen((char *)un->sd_fi_log);
30227 		char *destp = (char *)un->sd_fi_log + offset;
30228 		int i;
30229 		for (i = 0; i < len; i++) {
30230 			*destp++ = *buf++;
30231 		}
30232 		un->sd_fi_buf_len += len;
30233 		un->sd_fi_log[un->sd_fi_buf_len] = '\0';
30234 	}
30235 
30236 	mutex_exit(&(un->un_fi_mutex));
30237 }
30238 
30239 
30240 /*
30241  *    Function: sd_faultinjection()
30242  *
30243  * Description: This routine takes the pkt and changes its
30244  *		content based on error injection scenerio.
30245  *
30246  *   Arguments: pktp	- packet to be changed
30247  */
30248 
30249 static void
30250 sd_faultinjection(struct scsi_pkt *pktp)
30251 {
30252 	uint_t i;
30253 	struct sd_fi_pkt *fi_pkt;
30254 	struct sd_fi_xb *fi_xb;
30255 	struct sd_fi_un *fi_un;
30256 	struct sd_fi_arq *fi_arq;
30257 	struct buf *bp;
30258 	struct sd_xbuf *xb;
30259 	struct sd_lun *un;
30260 
30261 	ASSERT(pktp != NULL);
30262 
30263 	/* pull bp xb and un from pktp */
30264 	bp = (struct buf *)pktp->pkt_private;
30265 	xb = SD_GET_XBUF(bp);
30266 	un = SD_GET_UN(bp);
30267 
30268 	ASSERT(un != NULL);
30269 
30270 	mutex_enter(SD_MUTEX(un));
30271 
30272 	SD_TRACE(SD_LOG_SDTEST, un,
30273 	    "sd_faultinjection: entry Injection from sdintr\n");
30274 
30275 	/* if injection is off return */
30276 	if (sd_fault_injection_on == 0 ||
30277 		un->sd_fi_fifo_start == un->sd_fi_fifo_end) {
30278 		mutex_exit(SD_MUTEX(un));
30279 		return;
30280 	}
30281 
30282 
30283 	/* take next set off fifo */
30284 	i = un->sd_fi_fifo_start % SD_FI_MAX_ERROR;
30285 
30286 	fi_pkt = un->sd_fi_fifo_pkt[i];
30287 	fi_xb = un->sd_fi_fifo_xb[i];
30288 	fi_un = un->sd_fi_fifo_un[i];
30289 	fi_arq = un->sd_fi_fifo_arq[i];
30290 
30291 
30292 	/* set variables accordingly */
30293 	/* set pkt if it was on fifo */
30294 	if (fi_pkt != NULL) {
30295 		SD_CONDSET(pktp, pkt, pkt_flags, "pkt_flags");
30296 		SD_CONDSET(*pktp, pkt, pkt_scbp, "pkt_scbp");
30297 		SD_CONDSET(*pktp, pkt, pkt_cdbp, "pkt_cdbp");
30298 		SD_CONDSET(pktp, pkt, pkt_state, "pkt_state");
30299 		SD_CONDSET(pktp, pkt, pkt_statistics, "pkt_statistics");
30300 		SD_CONDSET(pktp, pkt, pkt_reason, "pkt_reason");
30301 
30302 	}
30303 
30304 	/* set xb if it was on fifo */
30305 	if (fi_xb != NULL) {
30306 		SD_CONDSET(xb, xb, xb_blkno, "xb_blkno");
30307 		SD_CONDSET(xb, xb, xb_dma_resid, "xb_dma_resid");
30308 		SD_CONDSET(xb, xb, xb_retry_count, "xb_retry_count");
30309 		SD_CONDSET(xb, xb, xb_victim_retry_count,
30310 		    "xb_victim_retry_count");
30311 		SD_CONDSET(xb, xb, xb_sense_status, "xb_sense_status");
30312 		SD_CONDSET(xb, xb, xb_sense_state, "xb_sense_state");
30313 		SD_CONDSET(xb, xb, xb_sense_resid, "xb_sense_resid");
30314 
30315 		/* copy in block data from sense */
30316 		if (fi_xb->xb_sense_data[0] != -1) {
30317 			bcopy(fi_xb->xb_sense_data, xb->xb_sense_data,
30318 			    SENSE_LENGTH);
30319 		}
30320 
30321 		/* copy in extended sense codes */
30322 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_code,
30323 		    "es_code");
30324 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_key,
30325 		    "es_key");
30326 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_add_code,
30327 		    "es_add_code");
30328 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb,
30329 		    es_qual_code, "es_qual_code");
30330 	}
30331 
30332 	/* set un if it was on fifo */
30333 	if (fi_un != NULL) {
30334 		SD_CONDSET(un->un_sd->sd_inq, un, inq_rmb, "inq_rmb");
30335 		SD_CONDSET(un, un, un_ctype, "un_ctype");
30336 		SD_CONDSET(un, un, un_reset_retry_count,
30337 		    "un_reset_retry_count");
30338 		SD_CONDSET(un, un, un_reservation_type, "un_reservation_type");
30339 		SD_CONDSET(un, un, un_resvd_status, "un_resvd_status");
30340 		SD_CONDSET(un, un, un_f_arq_enabled, "un_f_arq_enabled");
30341 		SD_CONDSET(un, un, un_f_geometry_is_valid,
30342 		    "un_f_geometry_is_valid");
30343 		SD_CONDSET(un, un, un_f_allow_bus_device_reset,
30344 		    "un_f_allow_bus_device_reset");
30345 		SD_CONDSET(un, un, un_f_opt_queueing, "un_f_opt_queueing");
30346 
30347 	}
30348 
30349 	/* copy in auto request sense if it was on fifo */
30350 	if (fi_arq != NULL) {
30351 		bcopy(fi_arq, pktp->pkt_scbp, sizeof (struct sd_fi_arq));
30352 	}
30353 
30354 	/* free structs */
30355 	if (un->sd_fi_fifo_pkt[i] != NULL) {
30356 		kmem_free(un->sd_fi_fifo_pkt[i], sizeof (struct sd_fi_pkt));
30357 	}
30358 	if (un->sd_fi_fifo_xb[i] != NULL) {
30359 		kmem_free(un->sd_fi_fifo_xb[i], sizeof (struct sd_fi_xb));
30360 	}
30361 	if (un->sd_fi_fifo_un[i] != NULL) {
30362 		kmem_free(un->sd_fi_fifo_un[i], sizeof (struct sd_fi_un));
30363 	}
30364 	if (un->sd_fi_fifo_arq[i] != NULL) {
30365 		kmem_free(un->sd_fi_fifo_arq[i], sizeof (struct sd_fi_arq));
30366 	}
30367 
30368 	/*
30369 	 * kmem_free does not gurantee to set to NULL
30370 	 * since we uses these to determine if we set
30371 	 * values or not lets confirm they are always
30372 	 * NULL after free
30373 	 */
30374 	un->sd_fi_fifo_pkt[i] = NULL;
30375 	un->sd_fi_fifo_un[i] = NULL;
30376 	un->sd_fi_fifo_xb[i] = NULL;
30377 	un->sd_fi_fifo_arq[i] = NULL;
30378 
30379 	un->sd_fi_fifo_start++;
30380 
30381 	mutex_exit(SD_MUTEX(un));
30382 
30383 	SD_TRACE(SD_LOG_SDTEST, un, "sd_faultinjection: exit\n");
30384 }
30385 
30386 #endif /* SD_FAULT_INJECTION */
30387