xref: /illumos-gate/usr/src/uts/common/io/scsi/targets/sd.c (revision e8031f0a) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * SCSI disk target driver.
31  */
32 
33 #include <sys/scsi/scsi.h>
34 #include <sys/dkbad.h>
35 #include <sys/dklabel.h>
36 #include <sys/dkio.h>
37 #include <sys/fdio.h>
38 #include <sys/cdio.h>
39 #include <sys/mhd.h>
40 #include <sys/vtoc.h>
41 #include <sys/dktp/fdisk.h>
42 #include <sys/file.h>
43 #include <sys/stat.h>
44 #include <sys/kstat.h>
45 #include <sys/vtrace.h>
46 #include <sys/note.h>
47 #include <sys/thread.h>
48 #include <sys/proc.h>
49 #include <sys/efi_partition.h>
50 #include <sys/var.h>
51 #include <sys/aio_req.h>
52 #if (defined(__fibre))
53 /* Note: is there a leadville version of the following? */
54 #include <sys/fc4/fcal_linkapp.h>
55 #endif
56 #include <sys/taskq.h>
57 #include <sys/uuid.h>
58 #include <sys/byteorder.h>
59 #include <sys/sdt.h>
60 
61 #include "sd_xbuf.h"
62 
63 #include <sys/scsi/targets/sddef.h>
64 
65 
66 /*
67  * Loadable module info.
68  */
69 #if (defined(__fibre))
70 #define	SD_MODULE_NAME	"SCSI SSA/FCAL Disk Driver %I%"
71 char _depends_on[]	= "misc/scsi drv/fcp";
72 #else
73 #define	SD_MODULE_NAME	"SCSI Disk Driver %I%"
74 char _depends_on[]	= "misc/scsi";
75 #endif
76 
77 /*
78  * Define the interconnect type, to allow the driver to distinguish
79  * between parallel SCSI (sd) and fibre channel (ssd) behaviors.
80  *
81  * This is really for backward compatability. In the future, the driver
82  * should actually check the "interconnect-type" property as reported by
83  * the HBA; however at present this property is not defined by all HBAs,
84  * so we will use this #define (1) to permit the driver to run in
85  * backward-compatability mode; and (2) to print a notification message
86  * if an FC HBA does not support the "interconnect-type" property.  The
87  * behavior of the driver will be to assume parallel SCSI behaviors unless
88  * the "interconnect-type" property is defined by the HBA **AND** has a
89  * value of either INTERCONNECT_FIBRE, INTERCONNECT_SSA, or
90  * INTERCONNECT_FABRIC, in which case the driver will assume Fibre
91  * Channel behaviors (as per the old ssd).  (Note that the
92  * INTERCONNECT_1394 and INTERCONNECT_USB types are not supported and
93  * will result in the driver assuming parallel SCSI behaviors.)
94  *
95  * (see common/sys/scsi/impl/services.h)
96  *
97  * Note: For ssd semantics, don't use INTERCONNECT_FABRIC as the default
98  * since some FC HBAs may already support that, and there is some code in
99  * the driver that already looks for it.  Using INTERCONNECT_FABRIC as the
100  * default would confuse that code, and besides things should work fine
101  * anyways if the FC HBA already reports INTERCONNECT_FABRIC for the
102  * "interconnect_type" property.
103  */
104 #if (defined(__fibre))
105 #define	SD_DEFAULT_INTERCONNECT_TYPE	SD_INTERCONNECT_FIBRE
106 #else
107 #define	SD_DEFAULT_INTERCONNECT_TYPE	SD_INTERCONNECT_PARALLEL
108 #endif
109 
110 /*
111  * The name of the driver, established from the module name in _init.
112  */
113 static	char *sd_label			= NULL;
114 
115 /*
116  * Driver name is unfortunately prefixed on some driver.conf properties.
117  */
118 #if (defined(__fibre))
119 #define	sd_max_xfer_size		ssd_max_xfer_size
120 #define	sd_config_list			ssd_config_list
121 static	char *sd_max_xfer_size		= "ssd_max_xfer_size";
122 static	char *sd_config_list		= "ssd-config-list";
123 #else
124 static	char *sd_max_xfer_size		= "sd_max_xfer_size";
125 static	char *sd_config_list		= "sd-config-list";
126 #endif
127 
128 /*
129  * Driver global variables
130  */
131 
132 #if (defined(__fibre))
133 /*
134  * These #defines are to avoid namespace collisions that occur because this
135  * code is currently used to compile two seperate driver modules: sd and ssd.
136  * All global variables need to be treated this way (even if declared static)
137  * in order to allow the debugger to resolve the names properly.
138  * It is anticipated that in the near future the ssd module will be obsoleted,
139  * at which time this namespace issue should go away.
140  */
141 #define	sd_state			ssd_state
142 #define	sd_io_time			ssd_io_time
143 #define	sd_failfast_enable		ssd_failfast_enable
144 #define	sd_ua_retry_count		ssd_ua_retry_count
145 #define	sd_report_pfa			ssd_report_pfa
146 #define	sd_max_throttle			ssd_max_throttle
147 #define	sd_min_throttle			ssd_min_throttle
148 #define	sd_rot_delay			ssd_rot_delay
149 
150 #define	sd_retry_on_reservation_conflict	\
151 					ssd_retry_on_reservation_conflict
152 #define	sd_reinstate_resv_delay		ssd_reinstate_resv_delay
153 #define	sd_resv_conflict_name		ssd_resv_conflict_name
154 
155 #define	sd_component_mask		ssd_component_mask
156 #define	sd_level_mask			ssd_level_mask
157 #define	sd_debug_un			ssd_debug_un
158 #define	sd_error_level			ssd_error_level
159 
160 #define	sd_xbuf_active_limit		ssd_xbuf_active_limit
161 #define	sd_xbuf_reserve_limit		ssd_xbuf_reserve_limit
162 
163 #define	sd_tr				ssd_tr
164 #define	sd_reset_throttle_timeout	ssd_reset_throttle_timeout
165 #define	sd_qfull_throttle_timeout	ssd_qfull_throttle_timeout
166 #define	sd_qfull_throttle_enable	ssd_qfull_throttle_enable
167 #define	sd_check_media_time		ssd_check_media_time
168 #define	sd_wait_cmds_complete		ssd_wait_cmds_complete
169 #define	sd_label_mutex			ssd_label_mutex
170 #define	sd_detach_mutex			ssd_detach_mutex
171 #define	sd_log_buf			ssd_log_buf
172 #define	sd_log_mutex			ssd_log_mutex
173 
174 #define	sd_disk_table			ssd_disk_table
175 #define	sd_disk_table_size		ssd_disk_table_size
176 #define	sd_sense_mutex			ssd_sense_mutex
177 #define	sd_cdbtab			ssd_cdbtab
178 
179 #define	sd_cb_ops			ssd_cb_ops
180 #define	sd_ops				ssd_ops
181 #define	sd_additional_codes		ssd_additional_codes
182 
183 #define	sd_minor_data			ssd_minor_data
184 #define	sd_minor_data_efi		ssd_minor_data_efi
185 
186 #define	sd_tq				ssd_tq
187 #define	sd_wmr_tq			ssd_wmr_tq
188 #define	sd_taskq_name			ssd_taskq_name
189 #define	sd_wmr_taskq_name		ssd_wmr_taskq_name
190 #define	sd_taskq_minalloc		ssd_taskq_minalloc
191 #define	sd_taskq_maxalloc		ssd_taskq_maxalloc
192 
193 #define	sd_dump_format_string		ssd_dump_format_string
194 
195 #define	sd_iostart_chain		ssd_iostart_chain
196 #define	sd_iodone_chain			ssd_iodone_chain
197 
198 #define	sd_pm_idletime			ssd_pm_idletime
199 
200 #define	sd_force_pm_supported		ssd_force_pm_supported
201 
202 #define	sd_dtype_optical_bind		ssd_dtype_optical_bind
203 
204 #endif
205 
206 
207 #ifdef	SDDEBUG
208 int	sd_force_pm_supported		= 0;
209 #endif	/* SDDEBUG */
210 
211 void *sd_state				= NULL;
212 int sd_io_time				= SD_IO_TIME;
213 int sd_failfast_enable			= 1;
214 int sd_ua_retry_count			= SD_UA_RETRY_COUNT;
215 int sd_report_pfa			= 1;
216 int sd_max_throttle			= SD_MAX_THROTTLE;
217 int sd_min_throttle			= SD_MIN_THROTTLE;
218 int sd_rot_delay			= 4; /* Default 4ms Rotation delay */
219 int sd_qfull_throttle_enable		= TRUE;
220 
221 int sd_retry_on_reservation_conflict	= 1;
222 int sd_reinstate_resv_delay		= SD_REINSTATE_RESV_DELAY;
223 _NOTE(SCHEME_PROTECTS_DATA("safe sharing", sd_reinstate_resv_delay))
224 
225 static int sd_dtype_optical_bind	= -1;
226 
227 /* Note: the following is not a bug, it really is "sd_" and not "ssd_" */
228 static	char *sd_resv_conflict_name	= "sd_retry_on_reservation_conflict";
229 
230 /*
231  * Global data for debug logging. To enable debug printing, sd_component_mask
232  * and sd_level_mask should be set to the desired bit patterns as outlined in
233  * sddef.h.
234  */
235 uint_t	sd_component_mask		= 0x0;
236 uint_t	sd_level_mask			= 0x0;
237 struct	sd_lun *sd_debug_un		= NULL;
238 uint_t	sd_error_level			= SCSI_ERR_RETRYABLE;
239 
240 /* Note: these may go away in the future... */
241 static uint32_t	sd_xbuf_active_limit	= 512;
242 static uint32_t sd_xbuf_reserve_limit	= 16;
243 
244 static struct sd_resv_reclaim_request	sd_tr = { NULL, NULL, NULL, 0, 0, 0 };
245 
246 /*
247  * Timer value used to reset the throttle after it has been reduced
248  * (typically in response to TRAN_BUSY or STATUS_QFULL)
249  */
250 static int sd_reset_throttle_timeout	= SD_RESET_THROTTLE_TIMEOUT;
251 static int sd_qfull_throttle_timeout	= SD_QFULL_THROTTLE_TIMEOUT;
252 
253 /*
254  * Interval value associated with the media change scsi watch.
255  */
256 static int sd_check_media_time		= 3000000;
257 
258 /*
259  * Wait value used for in progress operations during a DDI_SUSPEND
260  */
261 static int sd_wait_cmds_complete	= SD_WAIT_CMDS_COMPLETE;
262 
263 /*
264  * sd_label_mutex protects a static buffer used in the disk label
265  * component of the driver
266  */
267 static kmutex_t sd_label_mutex;
268 
269 /*
270  * sd_detach_mutex protects un_layer_count, un_detach_count, and
271  * un_opens_in_progress in the sd_lun structure.
272  */
273 static kmutex_t sd_detach_mutex;
274 
275 _NOTE(MUTEX_PROTECTS_DATA(sd_detach_mutex,
276 	sd_lun::{un_layer_count un_detach_count un_opens_in_progress}))
277 
278 /*
279  * Global buffer and mutex for debug logging
280  */
281 static char	sd_log_buf[1024];
282 static kmutex_t	sd_log_mutex;
283 
284 
285 /*
286  * "Smart" Probe Caching structs, globals, #defines, etc.
287  * For parallel scsi and non-self-identify device only.
288  */
289 
290 /*
291  * The following resources and routines are implemented to support
292  * "smart" probing, which caches the scsi_probe() results in an array,
293  * in order to help avoid long probe times.
294  */
295 struct sd_scsi_probe_cache {
296 	struct	sd_scsi_probe_cache	*next;
297 	dev_info_t	*pdip;
298 	int		cache[NTARGETS_WIDE];
299 };
300 
301 static kmutex_t	sd_scsi_probe_cache_mutex;
302 static struct	sd_scsi_probe_cache *sd_scsi_probe_cache_head = NULL;
303 
304 /*
305  * Really we only need protection on the head of the linked list, but
306  * better safe than sorry.
307  */
308 _NOTE(MUTEX_PROTECTS_DATA(sd_scsi_probe_cache_mutex,
309     sd_scsi_probe_cache::next sd_scsi_probe_cache::pdip))
310 
311 _NOTE(MUTEX_PROTECTS_DATA(sd_scsi_probe_cache_mutex,
312     sd_scsi_probe_cache_head))
313 
314 
315 /*
316  * Vendor specific data name property declarations
317  */
318 
319 #if defined(__fibre) || defined(__i386) ||defined(__amd64)
320 
321 static sd_tunables seagate_properties = {
322 	SEAGATE_THROTTLE_VALUE,
323 	0,
324 	0,
325 	0,
326 	0,
327 	0,
328 	0,
329 	0,
330 	0
331 };
332 
333 
334 static sd_tunables fujitsu_properties = {
335 	FUJITSU_THROTTLE_VALUE,
336 	0,
337 	0,
338 	0,
339 	0,
340 	0,
341 	0,
342 	0,
343 	0
344 };
345 
346 static sd_tunables ibm_properties = {
347 	IBM_THROTTLE_VALUE,
348 	0,
349 	0,
350 	0,
351 	0,
352 	0,
353 	0,
354 	0,
355 	0
356 };
357 
358 static sd_tunables purple_properties = {
359 	PURPLE_THROTTLE_VALUE,
360 	0,
361 	0,
362 	PURPLE_BUSY_RETRIES,
363 	PURPLE_RESET_RETRY_COUNT,
364 	PURPLE_RESERVE_RELEASE_TIME,
365 	0,
366 	0,
367 	0
368 };
369 
370 static sd_tunables sve_properties = {
371 	SVE_THROTTLE_VALUE,
372 	0,
373 	0,
374 	SVE_BUSY_RETRIES,
375 	SVE_RESET_RETRY_COUNT,
376 	SVE_RESERVE_RELEASE_TIME,
377 	SVE_MIN_THROTTLE_VALUE,
378 	SVE_DISKSORT_DISABLED_FLAG,
379 	0
380 };
381 
382 static sd_tunables maserati_properties = {
383 	0,
384 	0,
385 	0,
386 	0,
387 	0,
388 	0,
389 	0,
390 	MASERATI_DISKSORT_DISABLED_FLAG,
391 	MASERATI_LUN_RESET_ENABLED_FLAG
392 };
393 
394 static sd_tunables pirus_properties = {
395 	PIRUS_THROTTLE_VALUE,
396 	0,
397 	PIRUS_NRR_COUNT,
398 	PIRUS_BUSY_RETRIES,
399 	PIRUS_RESET_RETRY_COUNT,
400 	0,
401 	PIRUS_MIN_THROTTLE_VALUE,
402 	PIRUS_DISKSORT_DISABLED_FLAG,
403 	PIRUS_LUN_RESET_ENABLED_FLAG
404 };
405 
406 #endif
407 
408 #if (defined(__sparc) && !defined(__fibre)) || \
409 	(defined(__i386) || defined(__amd64))
410 
411 
412 static sd_tunables elite_properties = {
413 	ELITE_THROTTLE_VALUE,
414 	0,
415 	0,
416 	0,
417 	0,
418 	0,
419 	0,
420 	0,
421 	0
422 };
423 
424 static sd_tunables st31200n_properties = {
425 	ST31200N_THROTTLE_VALUE,
426 	0,
427 	0,
428 	0,
429 	0,
430 	0,
431 	0,
432 	0,
433 	0
434 };
435 
436 #endif /* Fibre or not */
437 
438 static sd_tunables lsi_properties_scsi = {
439 	LSI_THROTTLE_VALUE,
440 	0,
441 	LSI_NOTREADY_RETRIES,
442 	0,
443 	0,
444 	0,
445 	0,
446 	0,
447 	0
448 };
449 
450 static sd_tunables symbios_properties = {
451 	SYMBIOS_THROTTLE_VALUE,
452 	0,
453 	SYMBIOS_NOTREADY_RETRIES,
454 	0,
455 	0,
456 	0,
457 	0,
458 	0,
459 	0
460 };
461 
462 static sd_tunables lsi_properties = {
463 	0,
464 	0,
465 	LSI_NOTREADY_RETRIES,
466 	0,
467 	0,
468 	0,
469 	0,
470 	0,
471 	0
472 };
473 
474 static sd_tunables lsi_oem_properties = {
475 	0,
476 	0,
477 	LSI_OEM_NOTREADY_RETRIES,
478 	0,
479 	0,
480 	0,
481 	0,
482 	0,
483 	0
484 };
485 
486 
487 
488 #if (defined(SD_PROP_TST))
489 
490 #define	SD_TST_CTYPE_VAL	CTYPE_CDROM
491 #define	SD_TST_THROTTLE_VAL	16
492 #define	SD_TST_NOTREADY_VAL	12
493 #define	SD_TST_BUSY_VAL		60
494 #define	SD_TST_RST_RETRY_VAL	36
495 #define	SD_TST_RSV_REL_TIME	60
496 
497 static sd_tunables tst_properties = {
498 	SD_TST_THROTTLE_VAL,
499 	SD_TST_CTYPE_VAL,
500 	SD_TST_NOTREADY_VAL,
501 	SD_TST_BUSY_VAL,
502 	SD_TST_RST_RETRY_VAL,
503 	SD_TST_RSV_REL_TIME,
504 	0,
505 	0,
506 	0
507 };
508 #endif
509 
510 /* This is similiar to the ANSI toupper implementation */
511 #define	SD_TOUPPER(C)	(((C) >= 'a' && (C) <= 'z') ? (C) - 'a' + 'A' : (C))
512 
513 /*
514  * Static Driver Configuration Table
515  *
516  * This is the table of disks which need throttle adjustment (or, perhaps
517  * something else as defined by the flags at a future time.)  device_id
518  * is a string consisting of concatenated vid (vendor), pid (product/model)
519  * and revision strings as defined in the scsi_inquiry structure.  Offsets of
520  * the parts of the string are as defined by the sizes in the scsi_inquiry
521  * structure.  Device type is searched as far as the device_id string is
522  * defined.  Flags defines which values are to be set in the driver from the
523  * properties list.
524  *
525  * Entries below which begin and end with a "*" are a special case.
526  * These do not have a specific vendor, and the string which follows
527  * can appear anywhere in the 16 byte PID portion of the inquiry data.
528  *
529  * Entries below which begin and end with a " " (blank) are a special
530  * case. The comparison function will treat multiple consecutive blanks
531  * as equivalent to a single blank. For example, this causes a
532  * sd_disk_table entry of " NEC CDROM " to match a device's id string
533  * of  "NEC       CDROM".
534  *
535  * Note: The MD21 controller type has been obsoleted.
536  *	 ST318202F is a Legacy device
537  *	 MAM3182FC, MAM3364FC, MAM3738FC do not appear to have ever been
538  *	 made with an FC connection. The entries here are a legacy.
539  */
540 static sd_disk_config_t sd_disk_table[] = {
541 #if defined(__fibre) || defined(__i386) || defined(__amd64)
542 	{ "SEAGATE ST34371FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
543 	{ "SEAGATE ST19171FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
544 	{ "SEAGATE ST39102FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
545 	{ "SEAGATE ST39103FC", SD_CONF_BSET_THROTTLE, &seagate_properties },
546 	{ "SEAGATE ST118273F", SD_CONF_BSET_THROTTLE, &seagate_properties },
547 	{ "SEAGATE ST318202F", SD_CONF_BSET_THROTTLE, &seagate_properties },
548 	{ "SEAGATE ST318203F", SD_CONF_BSET_THROTTLE, &seagate_properties },
549 	{ "SEAGATE ST136403F", SD_CONF_BSET_THROTTLE, &seagate_properties },
550 	{ "SEAGATE ST318304F", SD_CONF_BSET_THROTTLE, &seagate_properties },
551 	{ "SEAGATE ST336704F", SD_CONF_BSET_THROTTLE, &seagate_properties },
552 	{ "SEAGATE ST373405F", SD_CONF_BSET_THROTTLE, &seagate_properties },
553 	{ "SEAGATE ST336605F", SD_CONF_BSET_THROTTLE, &seagate_properties },
554 	{ "SEAGATE ST336752F", SD_CONF_BSET_THROTTLE, &seagate_properties },
555 	{ "SEAGATE ST318452F", SD_CONF_BSET_THROTTLE, &seagate_properties },
556 	{ "FUJITSU MAG3091F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
557 	{ "FUJITSU MAG3182F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
558 	{ "FUJITSU MAA3182F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
559 	{ "FUJITSU MAF3364F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
560 	{ "FUJITSU MAL3364F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
561 	{ "FUJITSU MAL3738F",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
562 	{ "FUJITSU MAM3182FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
563 	{ "FUJITSU MAM3364FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
564 	{ "FUJITSU MAM3738FC",  SD_CONF_BSET_THROTTLE, &fujitsu_properties },
565 	{ "IBM     DDYFT1835",  SD_CONF_BSET_THROTTLE, &ibm_properties },
566 	{ "IBM     DDYFT3695",  SD_CONF_BSET_THROTTLE, &ibm_properties },
567 	{ "IBM     IC35LF2D2",  SD_CONF_BSET_THROTTLE, &ibm_properties },
568 	{ "IBM     IC35LF2PR",  SD_CONF_BSET_THROTTLE, &ibm_properties },
569 	{ "IBM     3526",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
570 	{ "IBM     3542",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
571 	{ "IBM     3552",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
572 	{ "IBM     1722",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
573 	{ "IBM     1742",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
574 	{ "IBM     1815",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
575 	{ "IBM     FAStT",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
576 	{ "LSI     INF",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
577 	{ "ENGENIO INF",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
578 	{ "SGI     TP",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
579 	{ "SGI     IS",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
580 	{ "*CSM100_*",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
581 	{ "*CSM200_*",		SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
582 	{ "LSI",		SD_CONF_BSET_NRR_COUNT, &lsi_properties },
583 	{ "SUN     T3", SD_CONF_BSET_THROTTLE |
584 			SD_CONF_BSET_BSY_RETRY_COUNT|
585 			SD_CONF_BSET_RST_RETRIES|
586 			SD_CONF_BSET_RSV_REL_TIME,
587 		&purple_properties },
588 	{ "SUN     SESS01", SD_CONF_BSET_THROTTLE |
589 		SD_CONF_BSET_BSY_RETRY_COUNT|
590 		SD_CONF_BSET_RST_RETRIES|
591 		SD_CONF_BSET_RSV_REL_TIME|
592 		SD_CONF_BSET_MIN_THROTTLE|
593 		SD_CONF_BSET_DISKSORT_DISABLED,
594 		&sve_properties },
595 	{ "SUN     T4", SD_CONF_BSET_THROTTLE |
596 			SD_CONF_BSET_BSY_RETRY_COUNT|
597 			SD_CONF_BSET_RST_RETRIES|
598 			SD_CONF_BSET_RSV_REL_TIME,
599 		&purple_properties },
600 	{ "SUN     SVE01", SD_CONF_BSET_DISKSORT_DISABLED |
601 		SD_CONF_BSET_LUN_RESET_ENABLED,
602 		&maserati_properties },
603 	{ "SUN     SE6920", SD_CONF_BSET_THROTTLE |
604 		SD_CONF_BSET_NRR_COUNT|
605 		SD_CONF_BSET_BSY_RETRY_COUNT|
606 		SD_CONF_BSET_RST_RETRIES|
607 		SD_CONF_BSET_MIN_THROTTLE|
608 		SD_CONF_BSET_DISKSORT_DISABLED|
609 		SD_CONF_BSET_LUN_RESET_ENABLED,
610 		&pirus_properties },
611 	{ "SUN     SE6940", SD_CONF_BSET_THROTTLE |
612 		SD_CONF_BSET_NRR_COUNT|
613 		SD_CONF_BSET_BSY_RETRY_COUNT|
614 		SD_CONF_BSET_RST_RETRIES|
615 		SD_CONF_BSET_MIN_THROTTLE|
616 		SD_CONF_BSET_DISKSORT_DISABLED|
617 		SD_CONF_BSET_LUN_RESET_ENABLED,
618 		&pirus_properties },
619 	{ "SUN     StorageTek 6920", SD_CONF_BSET_THROTTLE |
620 		SD_CONF_BSET_NRR_COUNT|
621 		SD_CONF_BSET_BSY_RETRY_COUNT|
622 		SD_CONF_BSET_RST_RETRIES|
623 		SD_CONF_BSET_MIN_THROTTLE|
624 		SD_CONF_BSET_DISKSORT_DISABLED|
625 		SD_CONF_BSET_LUN_RESET_ENABLED,
626 		&pirus_properties },
627 	{ "SUN     StorageTek 6940", SD_CONF_BSET_THROTTLE |
628 		SD_CONF_BSET_NRR_COUNT|
629 		SD_CONF_BSET_BSY_RETRY_COUNT|
630 		SD_CONF_BSET_RST_RETRIES|
631 		SD_CONF_BSET_MIN_THROTTLE|
632 		SD_CONF_BSET_DISKSORT_DISABLED|
633 		SD_CONF_BSET_LUN_RESET_ENABLED,
634 		&pirus_properties },
635 	{ "SUN     PSX1000", SD_CONF_BSET_THROTTLE |
636 		SD_CONF_BSET_NRR_COUNT|
637 		SD_CONF_BSET_BSY_RETRY_COUNT|
638 		SD_CONF_BSET_RST_RETRIES|
639 		SD_CONF_BSET_MIN_THROTTLE|
640 		SD_CONF_BSET_DISKSORT_DISABLED|
641 		SD_CONF_BSET_LUN_RESET_ENABLED,
642 		&pirus_properties },
643 	{ "SUN     SE6330", SD_CONF_BSET_THROTTLE |
644 		SD_CONF_BSET_NRR_COUNT|
645 		SD_CONF_BSET_BSY_RETRY_COUNT|
646 		SD_CONF_BSET_RST_RETRIES|
647 		SD_CONF_BSET_MIN_THROTTLE|
648 		SD_CONF_BSET_DISKSORT_DISABLED|
649 		SD_CONF_BSET_LUN_RESET_ENABLED,
650 		&pirus_properties },
651 	{ "STK     OPENstorage", SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
652 	{ "STK     OpenStorage", SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
653 	{ "STK     BladeCtlr",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
654 	{ "STK     FLEXLINE",	SD_CONF_BSET_NRR_COUNT, &lsi_oem_properties },
655 	{ "SYMBIOS", SD_CONF_BSET_NRR_COUNT, &symbios_properties },
656 #endif /* fibre or NON-sparc platforms */
657 #if ((defined(__sparc) && !defined(__fibre)) ||\
658 	(defined(__i386) || defined(__amd64)))
659 	{ "SEAGATE ST42400N", SD_CONF_BSET_THROTTLE, &elite_properties },
660 	{ "SEAGATE ST31200N", SD_CONF_BSET_THROTTLE, &st31200n_properties },
661 	{ "SEAGATE ST41600N", SD_CONF_BSET_TUR_CHECK, NULL },
662 	{ "CONNER  CP30540",  SD_CONF_BSET_NOCACHE,  NULL },
663 	{ "*SUN0104*", SD_CONF_BSET_FAB_DEVID, NULL },
664 	{ "*SUN0207*", SD_CONF_BSET_FAB_DEVID, NULL },
665 	{ "*SUN0327*", SD_CONF_BSET_FAB_DEVID, NULL },
666 	{ "*SUN0340*", SD_CONF_BSET_FAB_DEVID, NULL },
667 	{ "*SUN0424*", SD_CONF_BSET_FAB_DEVID, NULL },
668 	{ "*SUN0669*", SD_CONF_BSET_FAB_DEVID, NULL },
669 	{ "*SUN1.0G*", SD_CONF_BSET_FAB_DEVID, NULL },
670 	{ "SYMBIOS INF-01-00       ", SD_CONF_BSET_FAB_DEVID, NULL },
671 	{ "SYMBIOS", SD_CONF_BSET_THROTTLE|SD_CONF_BSET_NRR_COUNT,
672 	    &symbios_properties },
673 	{ "LSI", SD_CONF_BSET_THROTTLE | SD_CONF_BSET_NRR_COUNT,
674 	    &lsi_properties_scsi },
675 #if defined(__i386) || defined(__amd64)
676 	{ " NEC CD-ROM DRIVE:260 ", (SD_CONF_BSET_PLAYMSF_BCD
677 				    | SD_CONF_BSET_READSUB_BCD
678 				    | SD_CONF_BSET_READ_TOC_ADDR_BCD
679 				    | SD_CONF_BSET_NO_READ_HEADER
680 				    | SD_CONF_BSET_READ_CD_XD4), NULL },
681 
682 	{ " NEC CD-ROM DRIVE:270 ", (SD_CONF_BSET_PLAYMSF_BCD
683 				    | SD_CONF_BSET_READSUB_BCD
684 				    | SD_CONF_BSET_READ_TOC_ADDR_BCD
685 				    | SD_CONF_BSET_NO_READ_HEADER
686 				    | SD_CONF_BSET_READ_CD_XD4), NULL },
687 #endif /* __i386 || __amd64 */
688 #endif /* sparc NON-fibre or NON-sparc platforms */
689 
690 #if (defined(SD_PROP_TST))
691 	{ "VENDOR  PRODUCT ", (SD_CONF_BSET_THROTTLE
692 				| SD_CONF_BSET_CTYPE
693 				| SD_CONF_BSET_NRR_COUNT
694 				| SD_CONF_BSET_FAB_DEVID
695 				| SD_CONF_BSET_NOCACHE
696 				| SD_CONF_BSET_BSY_RETRY_COUNT
697 				| SD_CONF_BSET_PLAYMSF_BCD
698 				| SD_CONF_BSET_READSUB_BCD
699 				| SD_CONF_BSET_READ_TOC_TRK_BCD
700 				| SD_CONF_BSET_READ_TOC_ADDR_BCD
701 				| SD_CONF_BSET_NO_READ_HEADER
702 				| SD_CONF_BSET_READ_CD_XD4
703 				| SD_CONF_BSET_RST_RETRIES
704 				| SD_CONF_BSET_RSV_REL_TIME
705 				| SD_CONF_BSET_TUR_CHECK), &tst_properties},
706 #endif
707 };
708 
709 static const int sd_disk_table_size =
710 	sizeof (sd_disk_table)/ sizeof (sd_disk_config_t);
711 
712 
713 /*
714  * Return codes of sd_uselabel().
715  */
716 #define	SD_LABEL_IS_VALID		0
717 #define	SD_LABEL_IS_INVALID		1
718 
719 #define	SD_INTERCONNECT_PARALLEL	0
720 #define	SD_INTERCONNECT_FABRIC		1
721 #define	SD_INTERCONNECT_FIBRE		2
722 #define	SD_INTERCONNECT_SSA		3
723 #define	SD_IS_PARALLEL_SCSI(un)		\
724 	((un)->un_interconnect_type == SD_INTERCONNECT_PARALLEL)
725 
726 /*
727  * Definitions used by device id registration routines
728  */
729 #define	VPD_HEAD_OFFSET		3	/* size of head for vpd page */
730 #define	VPD_PAGE_LENGTH		3	/* offset for pge length data */
731 #define	VPD_MODE_PAGE		1	/* offset into vpd pg for "page code" */
732 #define	WD_NODE			7	/* the whole disk minor */
733 
734 static kmutex_t sd_sense_mutex = {0};
735 
736 /*
737  * Macros for updates of the driver state
738  */
739 #define	New_state(un, s)        \
740 	(un)->un_last_state = (un)->un_state, (un)->un_state = (s)
741 #define	Restore_state(un)	\
742 	{ uchar_t tmp = (un)->un_last_state; New_state((un), tmp); }
743 
744 static struct sd_cdbinfo sd_cdbtab[] = {
745 	{ CDB_GROUP0, 0x00,	   0x1FFFFF,   0xFF,	    },
746 	{ CDB_GROUP1, SCMD_GROUP1, 0xFFFFFFFF, 0xFFFF,	    },
747 	{ CDB_GROUP5, SCMD_GROUP5, 0xFFFFFFFF, 0xFFFFFFFF,  },
748 	{ CDB_GROUP4, SCMD_GROUP4, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFF, },
749 };
750 
751 /*
752  * Specifies the number of seconds that must have elapsed since the last
753  * cmd. has completed for a device to be declared idle to the PM framework.
754  */
755 static int sd_pm_idletime = 1;
756 
757 /*
758  * Internal function prototypes
759  */
760 
761 #if (defined(__fibre))
762 /*
763  * These #defines are to avoid namespace collisions that occur because this
764  * code is currently used to compile two seperate driver modules: sd and ssd.
765  * All function names need to be treated this way (even if declared static)
766  * in order to allow the debugger to resolve the names properly.
767  * It is anticipated that in the near future the ssd module will be obsoleted,
768  * at which time this ugliness should go away.
769  */
770 #define	sd_log_trace			ssd_log_trace
771 #define	sd_log_info			ssd_log_info
772 #define	sd_log_err			ssd_log_err
773 #define	sdprobe				ssdprobe
774 #define	sdinfo				ssdinfo
775 #define	sd_prop_op			ssd_prop_op
776 #define	sd_scsi_probe_cache_init	ssd_scsi_probe_cache_init
777 #define	sd_scsi_probe_cache_fini	ssd_scsi_probe_cache_fini
778 #define	sd_scsi_clear_probe_cache	ssd_scsi_clear_probe_cache
779 #define	sd_scsi_probe_with_cache	ssd_scsi_probe_with_cache
780 #define	sd_spin_up_unit			ssd_spin_up_unit
781 #define	sd_enable_descr_sense		ssd_enable_descr_sense
782 #define	sd_set_mmc_caps			ssd_set_mmc_caps
783 #define	sd_read_unit_properties		ssd_read_unit_properties
784 #define	sd_process_sdconf_file		ssd_process_sdconf_file
785 #define	sd_process_sdconf_table		ssd_process_sdconf_table
786 #define	sd_sdconf_id_match		ssd_sdconf_id_match
787 #define	sd_blank_cmp			ssd_blank_cmp
788 #define	sd_chk_vers1_data		ssd_chk_vers1_data
789 #define	sd_set_vers1_properties		ssd_set_vers1_properties
790 #define	sd_validate_geometry		ssd_validate_geometry
791 
792 #if defined(_SUNOS_VTOC_16)
793 #define	sd_convert_geometry		ssd_convert_geometry
794 #endif
795 
796 #define	sd_resync_geom_caches		ssd_resync_geom_caches
797 #define	sd_read_fdisk			ssd_read_fdisk
798 #define	sd_get_physical_geometry	ssd_get_physical_geometry
799 #define	sd_get_virtual_geometry		ssd_get_virtual_geometry
800 #define	sd_update_block_info		ssd_update_block_info
801 #define	sd_swap_efi_gpt			ssd_swap_efi_gpt
802 #define	sd_swap_efi_gpe			ssd_swap_efi_gpe
803 #define	sd_validate_efi			ssd_validate_efi
804 #define	sd_use_efi			ssd_use_efi
805 #define	sd_uselabel			ssd_uselabel
806 #define	sd_build_default_label		ssd_build_default_label
807 #define	sd_has_max_chs_vals		ssd_has_max_chs_vals
808 #define	sd_inq_fill			ssd_inq_fill
809 #define	sd_register_devid		ssd_register_devid
810 #define	sd_get_devid_block		ssd_get_devid_block
811 #define	sd_get_devid			ssd_get_devid
812 #define	sd_create_devid			ssd_create_devid
813 #define	sd_write_deviceid		ssd_write_deviceid
814 #define	sd_check_vpd_page_support	ssd_check_vpd_page_support
815 #define	sd_setup_pm			ssd_setup_pm
816 #define	sd_create_pm_components		ssd_create_pm_components
817 #define	sd_ddi_suspend			ssd_ddi_suspend
818 #define	sd_ddi_pm_suspend		ssd_ddi_pm_suspend
819 #define	sd_ddi_resume			ssd_ddi_resume
820 #define	sd_ddi_pm_resume		ssd_ddi_pm_resume
821 #define	sdpower				ssdpower
822 #define	sdattach			ssdattach
823 #define	sddetach			ssddetach
824 #define	sd_unit_attach			ssd_unit_attach
825 #define	sd_unit_detach			ssd_unit_detach
826 #define	sd_create_minor_nodes		ssd_create_minor_nodes
827 #define	sd_create_errstats		ssd_create_errstats
828 #define	sd_set_errstats			ssd_set_errstats
829 #define	sd_set_pstats			ssd_set_pstats
830 #define	sddump				ssddump
831 #define	sd_scsi_poll			ssd_scsi_poll
832 #define	sd_send_polled_RQS		ssd_send_polled_RQS
833 #define	sd_ddi_scsi_poll		ssd_ddi_scsi_poll
834 #define	sd_init_event_callbacks		ssd_init_event_callbacks
835 #define	sd_event_callback		ssd_event_callback
836 #define	sd_disable_caching		ssd_disable_caching
837 #define	sd_get_write_cache_enabled	ssd_get_write_cache_enabled
838 #define	sd_make_device			ssd_make_device
839 #define	sdopen				ssdopen
840 #define	sdclose				ssdclose
841 #define	sd_ready_and_valid		ssd_ready_and_valid
842 #define	sdmin				ssdmin
843 #define	sdread				ssdread
844 #define	sdwrite				ssdwrite
845 #define	sdaread				ssdaread
846 #define	sdawrite			ssdawrite
847 #define	sdstrategy			ssdstrategy
848 #define	sdioctl				ssdioctl
849 #define	sd_mapblockaddr_iostart		ssd_mapblockaddr_iostart
850 #define	sd_mapblocksize_iostart		ssd_mapblocksize_iostart
851 #define	sd_checksum_iostart		ssd_checksum_iostart
852 #define	sd_checksum_uscsi_iostart	ssd_checksum_uscsi_iostart
853 #define	sd_pm_iostart			ssd_pm_iostart
854 #define	sd_core_iostart			ssd_core_iostart
855 #define	sd_mapblockaddr_iodone		ssd_mapblockaddr_iodone
856 #define	sd_mapblocksize_iodone		ssd_mapblocksize_iodone
857 #define	sd_checksum_iodone		ssd_checksum_iodone
858 #define	sd_checksum_uscsi_iodone	ssd_checksum_uscsi_iodone
859 #define	sd_pm_iodone			ssd_pm_iodone
860 #define	sd_initpkt_for_buf		ssd_initpkt_for_buf
861 #define	sd_destroypkt_for_buf		ssd_destroypkt_for_buf
862 #define	sd_setup_rw_pkt			ssd_setup_rw_pkt
863 #define	sd_setup_next_rw_pkt		ssd_setup_next_rw_pkt
864 #define	sd_buf_iodone			ssd_buf_iodone
865 #define	sd_uscsi_strategy		ssd_uscsi_strategy
866 #define	sd_initpkt_for_uscsi		ssd_initpkt_for_uscsi
867 #define	sd_destroypkt_for_uscsi		ssd_destroypkt_for_uscsi
868 #define	sd_uscsi_iodone			ssd_uscsi_iodone
869 #define	sd_xbuf_strategy		ssd_xbuf_strategy
870 #define	sd_xbuf_init			ssd_xbuf_init
871 #define	sd_pm_entry			ssd_pm_entry
872 #define	sd_pm_exit			ssd_pm_exit
873 
874 #define	sd_pm_idletimeout_handler	ssd_pm_idletimeout_handler
875 #define	sd_pm_timeout_handler		ssd_pm_timeout_handler
876 
877 #define	sd_add_buf_to_waitq		ssd_add_buf_to_waitq
878 #define	sdintr				ssdintr
879 #define	sd_start_cmds			ssd_start_cmds
880 #define	sd_send_scsi_cmd		ssd_send_scsi_cmd
881 #define	sd_bioclone_alloc		ssd_bioclone_alloc
882 #define	sd_bioclone_free		ssd_bioclone_free
883 #define	sd_shadow_buf_alloc		ssd_shadow_buf_alloc
884 #define	sd_shadow_buf_free		ssd_shadow_buf_free
885 #define	sd_print_transport_rejected_message	\
886 					ssd_print_transport_rejected_message
887 #define	sd_retry_command		ssd_retry_command
888 #define	sd_set_retry_bp			ssd_set_retry_bp
889 #define	sd_send_request_sense_command	ssd_send_request_sense_command
890 #define	sd_start_retry_command		ssd_start_retry_command
891 #define	sd_start_direct_priority_command	\
892 					ssd_start_direct_priority_command
893 #define	sd_return_failed_command	ssd_return_failed_command
894 #define	sd_return_failed_command_no_restart	\
895 					ssd_return_failed_command_no_restart
896 #define	sd_return_command		ssd_return_command
897 #define	sd_sync_with_callback		ssd_sync_with_callback
898 #define	sdrunout			ssdrunout
899 #define	sd_mark_rqs_busy		ssd_mark_rqs_busy
900 #define	sd_mark_rqs_idle		ssd_mark_rqs_idle
901 #define	sd_reduce_throttle		ssd_reduce_throttle
902 #define	sd_restore_throttle		ssd_restore_throttle
903 #define	sd_print_incomplete_msg		ssd_print_incomplete_msg
904 #define	sd_init_cdb_limits		ssd_init_cdb_limits
905 #define	sd_pkt_status_good		ssd_pkt_status_good
906 #define	sd_pkt_status_check_condition	ssd_pkt_status_check_condition
907 #define	sd_pkt_status_busy		ssd_pkt_status_busy
908 #define	sd_pkt_status_reservation_conflict	\
909 					ssd_pkt_status_reservation_conflict
910 #define	sd_pkt_status_qfull		ssd_pkt_status_qfull
911 #define	sd_handle_request_sense		ssd_handle_request_sense
912 #define	sd_handle_auto_request_sense	ssd_handle_auto_request_sense
913 #define	sd_print_sense_failed_msg	ssd_print_sense_failed_msg
914 #define	sd_validate_sense_data		ssd_validate_sense_data
915 #define	sd_decode_sense			ssd_decode_sense
916 #define	sd_print_sense_msg		ssd_print_sense_msg
917 #define	sd_extract_sense_info_descr	ssd_extract_sense_info_descr
918 #define	sd_sense_key_no_sense		ssd_sense_key_no_sense
919 #define	sd_sense_key_recoverable_error	ssd_sense_key_recoverable_error
920 #define	sd_sense_key_not_ready		ssd_sense_key_not_ready
921 #define	sd_sense_key_medium_or_hardware_error	\
922 					ssd_sense_key_medium_or_hardware_error
923 #define	sd_sense_key_illegal_request	ssd_sense_key_illegal_request
924 #define	sd_sense_key_unit_attention	ssd_sense_key_unit_attention
925 #define	sd_sense_key_fail_command	ssd_sense_key_fail_command
926 #define	sd_sense_key_blank_check	ssd_sense_key_blank_check
927 #define	sd_sense_key_aborted_command	ssd_sense_key_aborted_command
928 #define	sd_sense_key_default		ssd_sense_key_default
929 #define	sd_print_retry_msg		ssd_print_retry_msg
930 #define	sd_print_cmd_incomplete_msg	ssd_print_cmd_incomplete_msg
931 #define	sd_pkt_reason_cmd_incomplete	ssd_pkt_reason_cmd_incomplete
932 #define	sd_pkt_reason_cmd_tran_err	ssd_pkt_reason_cmd_tran_err
933 #define	sd_pkt_reason_cmd_reset		ssd_pkt_reason_cmd_reset
934 #define	sd_pkt_reason_cmd_aborted	ssd_pkt_reason_cmd_aborted
935 #define	sd_pkt_reason_cmd_timeout	ssd_pkt_reason_cmd_timeout
936 #define	sd_pkt_reason_cmd_unx_bus_free	ssd_pkt_reason_cmd_unx_bus_free
937 #define	sd_pkt_reason_cmd_tag_reject	ssd_pkt_reason_cmd_tag_reject
938 #define	sd_pkt_reason_default		ssd_pkt_reason_default
939 #define	sd_reset_target			ssd_reset_target
940 #define	sd_start_stop_unit_callback	ssd_start_stop_unit_callback
941 #define	sd_start_stop_unit_task		ssd_start_stop_unit_task
942 #define	sd_taskq_create			ssd_taskq_create
943 #define	sd_taskq_delete			ssd_taskq_delete
944 #define	sd_media_change_task		ssd_media_change_task
945 #define	sd_handle_mchange		ssd_handle_mchange
946 #define	sd_send_scsi_DOORLOCK		ssd_send_scsi_DOORLOCK
947 #define	sd_send_scsi_READ_CAPACITY	ssd_send_scsi_READ_CAPACITY
948 #define	sd_send_scsi_READ_CAPACITY_16	ssd_send_scsi_READ_CAPACITY_16
949 #define	sd_send_scsi_GET_CONFIGURATION	ssd_send_scsi_GET_CONFIGURATION
950 #define	sd_send_scsi_feature_GET_CONFIGURATION	\
951 					sd_send_scsi_feature_GET_CONFIGURATION
952 #define	sd_send_scsi_START_STOP_UNIT	ssd_send_scsi_START_STOP_UNIT
953 #define	sd_send_scsi_INQUIRY		ssd_send_scsi_INQUIRY
954 #define	sd_send_scsi_TEST_UNIT_READY	ssd_send_scsi_TEST_UNIT_READY
955 #define	sd_send_scsi_PERSISTENT_RESERVE_IN	\
956 					ssd_send_scsi_PERSISTENT_RESERVE_IN
957 #define	sd_send_scsi_PERSISTENT_RESERVE_OUT	\
958 					ssd_send_scsi_PERSISTENT_RESERVE_OUT
959 #define	sd_send_scsi_SYNCHRONIZE_CACHE	ssd_send_scsi_SYNCHRONIZE_CACHE
960 #define	sd_send_scsi_SYNCHRONIZE_CACHE_biodone	\
961 					ssd_send_scsi_SYNCHRONIZE_CACHE_biodone
962 #define	sd_send_scsi_MODE_SENSE		ssd_send_scsi_MODE_SENSE
963 #define	sd_send_scsi_MODE_SELECT	ssd_send_scsi_MODE_SELECT
964 #define	sd_send_scsi_RDWR		ssd_send_scsi_RDWR
965 #define	sd_send_scsi_LOG_SENSE		ssd_send_scsi_LOG_SENSE
966 #define	sd_alloc_rqs			ssd_alloc_rqs
967 #define	sd_free_rqs			ssd_free_rqs
968 #define	sd_dump_memory			ssd_dump_memory
969 #define	sd_uscsi_ioctl			ssd_uscsi_ioctl
970 #define	sd_get_media_info		ssd_get_media_info
971 #define	sd_dkio_ctrl_info		ssd_dkio_ctrl_info
972 #define	sd_dkio_get_geometry		ssd_dkio_get_geometry
973 #define	sd_dkio_set_geometry		ssd_dkio_set_geometry
974 #define	sd_dkio_get_partition		ssd_dkio_get_partition
975 #define	sd_dkio_set_partition		ssd_dkio_set_partition
976 #define	sd_dkio_partition		ssd_dkio_partition
977 #define	sd_dkio_get_vtoc		ssd_dkio_get_vtoc
978 #define	sd_dkio_get_efi			ssd_dkio_get_efi
979 #define	sd_build_user_vtoc		ssd_build_user_vtoc
980 #define	sd_dkio_set_vtoc		ssd_dkio_set_vtoc
981 #define	sd_dkio_set_efi			ssd_dkio_set_efi
982 #define	sd_build_label_vtoc		ssd_build_label_vtoc
983 #define	sd_write_label			ssd_write_label
984 #define	sd_clear_vtoc			ssd_clear_vtoc
985 #define	sd_clear_efi			ssd_clear_efi
986 #define	sd_get_tunables_from_conf	ssd_get_tunables_from_conf
987 #define	sd_setup_next_xfer		ssd_setup_next_xfer
988 #define	sd_dkio_get_temp		ssd_dkio_get_temp
989 #define	sd_dkio_get_mboot		ssd_dkio_get_mboot
990 #define	sd_dkio_set_mboot		ssd_dkio_set_mboot
991 #define	sd_setup_default_geometry	ssd_setup_default_geometry
992 #define	sd_update_fdisk_and_vtoc	ssd_update_fdisk_and_vtoc
993 #define	sd_check_mhd			ssd_check_mhd
994 #define	sd_mhd_watch_cb			ssd_mhd_watch_cb
995 #define	sd_mhd_watch_incomplete		ssd_mhd_watch_incomplete
996 #define	sd_sname			ssd_sname
997 #define	sd_mhd_resvd_recover		ssd_mhd_resvd_recover
998 #define	sd_resv_reclaim_thread		ssd_resv_reclaim_thread
999 #define	sd_take_ownership		ssd_take_ownership
1000 #define	sd_reserve_release		ssd_reserve_release
1001 #define	sd_rmv_resv_reclaim_req		ssd_rmv_resv_reclaim_req
1002 #define	sd_mhd_reset_notify_cb		ssd_mhd_reset_notify_cb
1003 #define	sd_persistent_reservation_in_read_keys	\
1004 					ssd_persistent_reservation_in_read_keys
1005 #define	sd_persistent_reservation_in_read_resv	\
1006 					ssd_persistent_reservation_in_read_resv
1007 #define	sd_mhdioc_takeown		ssd_mhdioc_takeown
1008 #define	sd_mhdioc_failfast		ssd_mhdioc_failfast
1009 #define	sd_mhdioc_release		ssd_mhdioc_release
1010 #define	sd_mhdioc_register_devid	ssd_mhdioc_register_devid
1011 #define	sd_mhdioc_inkeys		ssd_mhdioc_inkeys
1012 #define	sd_mhdioc_inresv		ssd_mhdioc_inresv
1013 #define	sr_change_blkmode		ssr_change_blkmode
1014 #define	sr_change_speed			ssr_change_speed
1015 #define	sr_atapi_change_speed		ssr_atapi_change_speed
1016 #define	sr_pause_resume			ssr_pause_resume
1017 #define	sr_play_msf			ssr_play_msf
1018 #define	sr_play_trkind			ssr_play_trkind
1019 #define	sr_read_all_subcodes		ssr_read_all_subcodes
1020 #define	sr_read_subchannel		ssr_read_subchannel
1021 #define	sr_read_tocentry		ssr_read_tocentry
1022 #define	sr_read_tochdr			ssr_read_tochdr
1023 #define	sr_read_cdda			ssr_read_cdda
1024 #define	sr_read_cdxa			ssr_read_cdxa
1025 #define	sr_read_mode1			ssr_read_mode1
1026 #define	sr_read_mode2			ssr_read_mode2
1027 #define	sr_read_cd_mode2		ssr_read_cd_mode2
1028 #define	sr_sector_mode			ssr_sector_mode
1029 #define	sr_eject			ssr_eject
1030 #define	sr_ejected			ssr_ejected
1031 #define	sr_check_wp			ssr_check_wp
1032 #define	sd_check_media			ssd_check_media
1033 #define	sd_media_watch_cb		ssd_media_watch_cb
1034 #define	sd_delayed_cv_broadcast		ssd_delayed_cv_broadcast
1035 #define	sr_volume_ctrl			ssr_volume_ctrl
1036 #define	sr_read_sony_session_offset	ssr_read_sony_session_offset
1037 #define	sd_log_page_supported		ssd_log_page_supported
1038 #define	sd_check_for_writable_cd	ssd_check_for_writable_cd
1039 #define	sd_wm_cache_constructor		ssd_wm_cache_constructor
1040 #define	sd_wm_cache_destructor		ssd_wm_cache_destructor
1041 #define	sd_range_lock			ssd_range_lock
1042 #define	sd_get_range			ssd_get_range
1043 #define	sd_free_inlist_wmap		ssd_free_inlist_wmap
1044 #define	sd_range_unlock			ssd_range_unlock
1045 #define	sd_read_modify_write_task	ssd_read_modify_write_task
1046 #define	sddump_do_read_of_rmw		ssddump_do_read_of_rmw
1047 
1048 #define	sd_iostart_chain		ssd_iostart_chain
1049 #define	sd_iodone_chain			ssd_iodone_chain
1050 #define	sd_initpkt_map			ssd_initpkt_map
1051 #define	sd_destroypkt_map		ssd_destroypkt_map
1052 #define	sd_chain_type_map		ssd_chain_type_map
1053 #define	sd_chain_index_map		ssd_chain_index_map
1054 
1055 #define	sd_failfast_flushctl		ssd_failfast_flushctl
1056 #define	sd_failfast_flushq		ssd_failfast_flushq
1057 #define	sd_failfast_flushq_callback	ssd_failfast_flushq_callback
1058 
1059 #define	sd_is_lsi			ssd_is_lsi
1060 
1061 #endif	/* #if (defined(__fibre)) */
1062 
1063 
1064 int _init(void);
1065 int _fini(void);
1066 int _info(struct modinfo *modinfop);
1067 
1068 /*PRINTFLIKE3*/
1069 static void sd_log_trace(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1070 /*PRINTFLIKE3*/
1071 static void sd_log_info(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1072 /*PRINTFLIKE3*/
1073 static void sd_log_err(uint_t comp, struct sd_lun *un, const char *fmt, ...);
1074 
1075 static int sdprobe(dev_info_t *devi);
1076 static int sdinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg,
1077     void **result);
1078 static int sd_prop_op(dev_t dev, dev_info_t *dip, ddi_prop_op_t prop_op,
1079     int mod_flags, char *name, caddr_t valuep, int *lengthp);
1080 
1081 /*
1082  * Smart probe for parallel scsi
1083  */
1084 static void sd_scsi_probe_cache_init(void);
1085 static void sd_scsi_probe_cache_fini(void);
1086 static void sd_scsi_clear_probe_cache(void);
1087 static int  sd_scsi_probe_with_cache(struct scsi_device *devp, int (*fn)());
1088 
1089 static int	sd_spin_up_unit(struct sd_lun *un);
1090 #ifdef _LP64
1091 static void	sd_enable_descr_sense(struct sd_lun *un);
1092 #endif /* _LP64 */
1093 static void	sd_set_mmc_caps(struct sd_lun *un);
1094 
1095 static void sd_read_unit_properties(struct sd_lun *un);
1096 static int  sd_process_sdconf_file(struct sd_lun *un);
1097 static void sd_get_tunables_from_conf(struct sd_lun *un, int flags,
1098     int *data_list, sd_tunables *values);
1099 static void sd_process_sdconf_table(struct sd_lun *un);
1100 static int  sd_sdconf_id_match(struct sd_lun *un, char *id, int idlen);
1101 static int  sd_blank_cmp(struct sd_lun *un, char *id, int idlen);
1102 static int  sd_chk_vers1_data(struct sd_lun *un, int flags, int *prop_list,
1103 	int list_len, char *dataname_ptr);
1104 static void sd_set_vers1_properties(struct sd_lun *un, int flags,
1105     sd_tunables *prop_list);
1106 static int  sd_validate_geometry(struct sd_lun *un, int path_flag);
1107 
1108 #if defined(_SUNOS_VTOC_16)
1109 static void sd_convert_geometry(uint64_t capacity, struct dk_geom *un_g);
1110 #endif
1111 
1112 static void sd_resync_geom_caches(struct sd_lun *un, int capacity, int lbasize,
1113 	int path_flag);
1114 static int  sd_read_fdisk(struct sd_lun *un, uint_t capacity, int lbasize,
1115 	int path_flag);
1116 static void sd_get_physical_geometry(struct sd_lun *un,
1117 	struct geom_cache *pgeom_p, int capacity, int lbasize, int path_flag);
1118 static void sd_get_virtual_geometry(struct sd_lun *un, int capacity,
1119 	int lbasize);
1120 static int  sd_uselabel(struct sd_lun *un, struct dk_label *l, int path_flag);
1121 static void sd_swap_efi_gpt(efi_gpt_t *);
1122 static void sd_swap_efi_gpe(int nparts, efi_gpe_t *);
1123 static int sd_validate_efi(efi_gpt_t *);
1124 static int sd_use_efi(struct sd_lun *, int);
1125 static void sd_build_default_label(struct sd_lun *un);
1126 
1127 #if defined(_FIRMWARE_NEEDS_FDISK)
1128 static int  sd_has_max_chs_vals(struct ipart *fdp);
1129 #endif
1130 static void sd_inq_fill(char *p, int l, char *s);
1131 
1132 
1133 static void sd_register_devid(struct sd_lun *un, dev_info_t *devi,
1134     int reservation_flag);
1135 static daddr_t  sd_get_devid_block(struct sd_lun *un);
1136 static int  sd_get_devid(struct sd_lun *un);
1137 static int  sd_get_serialnum(struct sd_lun *un, uchar_t *wwn, int *len);
1138 static ddi_devid_t sd_create_devid(struct sd_lun *un);
1139 static int  sd_write_deviceid(struct sd_lun *un);
1140 static int  sd_get_devid_page(struct sd_lun *un, uchar_t *wwn, int *len);
1141 static int  sd_check_vpd_page_support(struct sd_lun *un);
1142 
1143 static void sd_setup_pm(struct sd_lun *un, dev_info_t *devi);
1144 static void sd_create_pm_components(dev_info_t *devi, struct sd_lun *un);
1145 
1146 static int  sd_ddi_suspend(dev_info_t *devi);
1147 static int  sd_ddi_pm_suspend(struct sd_lun *un);
1148 static int  sd_ddi_resume(dev_info_t *devi);
1149 static int  sd_ddi_pm_resume(struct sd_lun *un);
1150 static int  sdpower(dev_info_t *devi, int component, int level);
1151 
1152 static int  sdattach(dev_info_t *devi, ddi_attach_cmd_t cmd);
1153 static int  sddetach(dev_info_t *devi, ddi_detach_cmd_t cmd);
1154 static int  sd_unit_attach(dev_info_t *devi);
1155 static int  sd_unit_detach(dev_info_t *devi);
1156 
1157 static int  sd_create_minor_nodes(struct sd_lun *un, dev_info_t *devi);
1158 static void sd_create_errstats(struct sd_lun *un, int instance);
1159 static void sd_set_errstats(struct sd_lun *un);
1160 static void sd_set_pstats(struct sd_lun *un);
1161 
1162 static int  sddump(dev_t dev, caddr_t addr, daddr_t blkno, int nblk);
1163 static int  sd_scsi_poll(struct sd_lun *un, struct scsi_pkt *pkt);
1164 static int  sd_send_polled_RQS(struct sd_lun *un);
1165 static int  sd_ddi_scsi_poll(struct scsi_pkt *pkt);
1166 
1167 #if (defined(__fibre))
1168 /*
1169  * Event callbacks (photon)
1170  */
1171 static void sd_init_event_callbacks(struct sd_lun *un);
1172 static void  sd_event_callback(dev_info_t *, ddi_eventcookie_t, void *, void *);
1173 #endif
1174 
1175 
1176 static int   sd_disable_caching(struct sd_lun *un);
1177 static int   sd_get_write_cache_enabled(struct sd_lun *un, int *is_enabled);
1178 static dev_t sd_make_device(dev_info_t *devi);
1179 
1180 static void  sd_update_block_info(struct sd_lun *un, uint32_t lbasize,
1181 	uint64_t capacity);
1182 
1183 /*
1184  * Driver entry point functions.
1185  */
1186 static int  sdopen(dev_t *dev_p, int flag, int otyp, cred_t *cred_p);
1187 static int  sdclose(dev_t dev, int flag, int otyp, cred_t *cred_p);
1188 static int  sd_ready_and_valid(struct sd_lun *un);
1189 
1190 static void sdmin(struct buf *bp);
1191 static int sdread(dev_t dev, struct uio *uio, cred_t *cred_p);
1192 static int sdwrite(dev_t dev, struct uio *uio, cred_t *cred_p);
1193 static int sdaread(dev_t dev, struct aio_req *aio, cred_t *cred_p);
1194 static int sdawrite(dev_t dev, struct aio_req *aio, cred_t *cred_p);
1195 
1196 static int sdstrategy(struct buf *bp);
1197 static int sdioctl(dev_t, int, intptr_t, int, cred_t *, int *);
1198 
1199 /*
1200  * Function prototypes for layering functions in the iostart chain.
1201  */
1202 static void sd_mapblockaddr_iostart(int index, struct sd_lun *un,
1203 	struct buf *bp);
1204 static void sd_mapblocksize_iostart(int index, struct sd_lun *un,
1205 	struct buf *bp);
1206 static void sd_checksum_iostart(int index, struct sd_lun *un, struct buf *bp);
1207 static void sd_checksum_uscsi_iostart(int index, struct sd_lun *un,
1208 	struct buf *bp);
1209 static void sd_pm_iostart(int index, struct sd_lun *un, struct buf *bp);
1210 static void sd_core_iostart(int index, struct sd_lun *un, struct buf *bp);
1211 
1212 /*
1213  * Function prototypes for layering functions in the iodone chain.
1214  */
1215 static void sd_buf_iodone(int index, struct sd_lun *un, struct buf *bp);
1216 static void sd_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp);
1217 static void sd_mapblockaddr_iodone(int index, struct sd_lun *un,
1218 	struct buf *bp);
1219 static void sd_mapblocksize_iodone(int index, struct sd_lun *un,
1220 	struct buf *bp);
1221 static void sd_checksum_iodone(int index, struct sd_lun *un, struct buf *bp);
1222 static void sd_checksum_uscsi_iodone(int index, struct sd_lun *un,
1223 	struct buf *bp);
1224 static void sd_pm_iodone(int index, struct sd_lun *un, struct buf *bp);
1225 
1226 /*
1227  * Prototypes for functions to support buf(9S) based IO.
1228  */
1229 static void sd_xbuf_strategy(struct buf *bp, ddi_xbuf_t xp, void *arg);
1230 static int sd_initpkt_for_buf(struct buf *, struct scsi_pkt **);
1231 static void sd_destroypkt_for_buf(struct buf *);
1232 static int sd_setup_rw_pkt(struct sd_lun *un, struct scsi_pkt **pktpp,
1233 	struct buf *bp, int flags,
1234 	int (*callback)(caddr_t), caddr_t callback_arg,
1235 	diskaddr_t lba, uint32_t blockcount);
1236 #if defined(__i386) || defined(__amd64)
1237 static int sd_setup_next_rw_pkt(struct sd_lun *un, struct scsi_pkt *pktp,
1238 	struct buf *bp, diskaddr_t lba, uint32_t blockcount);
1239 #endif /* defined(__i386) || defined(__amd64) */
1240 
1241 /*
1242  * Prototypes for functions to support USCSI IO.
1243  */
1244 static int sd_uscsi_strategy(struct buf *bp);
1245 static int sd_initpkt_for_uscsi(struct buf *, struct scsi_pkt **);
1246 static void sd_destroypkt_for_uscsi(struct buf *);
1247 
1248 static void sd_xbuf_init(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
1249 	uchar_t chain_type, void *pktinfop);
1250 
1251 static int  sd_pm_entry(struct sd_lun *un);
1252 static void sd_pm_exit(struct sd_lun *un);
1253 
1254 static void sd_pm_idletimeout_handler(void *arg);
1255 
1256 /*
1257  * sd_core internal functions (used at the sd_core_io layer).
1258  */
1259 static void sd_add_buf_to_waitq(struct sd_lun *un, struct buf *bp);
1260 static void sdintr(struct scsi_pkt *pktp);
1261 static void sd_start_cmds(struct sd_lun *un, struct buf *immed_bp);
1262 
1263 static int sd_send_scsi_cmd(dev_t dev, struct uscsi_cmd *incmd,
1264 	enum uio_seg cdbspace, enum uio_seg dataspace, enum uio_seg rqbufspace,
1265 	int path_flag);
1266 
1267 static struct buf *sd_bioclone_alloc(struct buf *bp, size_t datalen,
1268 	daddr_t blkno, int (*func)(struct buf *));
1269 static struct buf *sd_shadow_buf_alloc(struct buf *bp, size_t datalen,
1270 	uint_t bflags, daddr_t blkno, int (*func)(struct buf *));
1271 static void sd_bioclone_free(struct buf *bp);
1272 static void sd_shadow_buf_free(struct buf *bp);
1273 
1274 static void sd_print_transport_rejected_message(struct sd_lun *un,
1275 	struct sd_xbuf *xp, int code);
1276 
1277 static void sd_retry_command(struct sd_lun *un, struct buf *bp,
1278 	int retry_check_flag,
1279 	void (*user_funcp)(struct sd_lun *un, struct buf *bp, void *argp,
1280 		int c),
1281 	void *user_arg, int failure_code,  clock_t retry_delay,
1282 	void (*statp)(kstat_io_t *));
1283 
1284 static void sd_set_retry_bp(struct sd_lun *un, struct buf *bp,
1285 	clock_t retry_delay, void (*statp)(kstat_io_t *));
1286 
1287 static void sd_send_request_sense_command(struct sd_lun *un, struct buf *bp,
1288 	struct scsi_pkt *pktp);
1289 static void sd_start_retry_command(void *arg);
1290 static void sd_start_direct_priority_command(void *arg);
1291 static void sd_return_failed_command(struct sd_lun *un, struct buf *bp,
1292 	int errcode);
1293 static void sd_return_failed_command_no_restart(struct sd_lun *un,
1294 	struct buf *bp, int errcode);
1295 static void sd_return_command(struct sd_lun *un, struct buf *bp);
1296 static void sd_sync_with_callback(struct sd_lun *un);
1297 static int sdrunout(caddr_t arg);
1298 
1299 static void sd_mark_rqs_busy(struct sd_lun *un, struct buf *bp);
1300 static struct buf *sd_mark_rqs_idle(struct sd_lun *un, struct sd_xbuf *xp);
1301 
1302 static void sd_reduce_throttle(struct sd_lun *un, int throttle_type);
1303 static void sd_restore_throttle(void *arg);
1304 
1305 static void sd_init_cdb_limits(struct sd_lun *un);
1306 
1307 static void sd_pkt_status_good(struct sd_lun *un, struct buf *bp,
1308 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1309 
1310 /*
1311  * Error handling functions
1312  */
1313 static void sd_pkt_status_check_condition(struct sd_lun *un, struct buf *bp,
1314 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1315 static void sd_pkt_status_busy(struct sd_lun *un, struct buf *bp,
1316 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1317 static void sd_pkt_status_reservation_conflict(struct sd_lun *un,
1318 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1319 static void sd_pkt_status_qfull(struct sd_lun *un, struct buf *bp,
1320 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1321 
1322 static void sd_handle_request_sense(struct sd_lun *un, struct buf *bp,
1323 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1324 static void sd_handle_auto_request_sense(struct sd_lun *un, struct buf *bp,
1325 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1326 static int sd_validate_sense_data(struct sd_lun *un, struct buf *bp,
1327 	struct sd_xbuf *xp);
1328 static void sd_decode_sense(struct sd_lun *un, struct buf *bp,
1329 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1330 
1331 static void sd_print_sense_msg(struct sd_lun *un, struct buf *bp,
1332 	void *arg, int code);
1333 static diskaddr_t sd_extract_sense_info_descr(
1334 	struct scsi_descr_sense_hdr *sdsp);
1335 
1336 static void sd_sense_key_no_sense(struct sd_lun *un, struct buf *bp,
1337 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1338 static void sd_sense_key_recoverable_error(struct sd_lun *un,
1339 	uint8_t asc,
1340 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1341 static void sd_sense_key_not_ready(struct sd_lun *un,
1342 	uint8_t asc, uint8_t ascq,
1343 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1344 static void sd_sense_key_medium_or_hardware_error(struct sd_lun *un,
1345 	int sense_key, uint8_t asc,
1346 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1347 static void sd_sense_key_illegal_request(struct sd_lun *un, struct buf *bp,
1348 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1349 static void sd_sense_key_unit_attention(struct sd_lun *un,
1350 	uint8_t asc,
1351 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1352 static void sd_sense_key_fail_command(struct sd_lun *un, struct buf *bp,
1353 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1354 static void sd_sense_key_blank_check(struct sd_lun *un, struct buf *bp,
1355 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1356 static void sd_sense_key_aborted_command(struct sd_lun *un, struct buf *bp,
1357 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1358 static void sd_sense_key_default(struct sd_lun *un,
1359 	int sense_key,
1360 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp);
1361 
1362 static void sd_print_retry_msg(struct sd_lun *un, struct buf *bp,
1363 	void *arg, int flag);
1364 
1365 static void sd_pkt_reason_cmd_incomplete(struct sd_lun *un, struct buf *bp,
1366 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1367 static void sd_pkt_reason_cmd_tran_err(struct sd_lun *un, struct buf *bp,
1368 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1369 static void sd_pkt_reason_cmd_reset(struct sd_lun *un, struct buf *bp,
1370 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1371 static void sd_pkt_reason_cmd_aborted(struct sd_lun *un, struct buf *bp,
1372 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1373 static void sd_pkt_reason_cmd_timeout(struct sd_lun *un, struct buf *bp,
1374 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1375 static void sd_pkt_reason_cmd_unx_bus_free(struct sd_lun *un, struct buf *bp,
1376 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1377 static void sd_pkt_reason_cmd_tag_reject(struct sd_lun *un, struct buf *bp,
1378 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1379 static void sd_pkt_reason_default(struct sd_lun *un, struct buf *bp,
1380 	struct sd_xbuf *xp, struct scsi_pkt *pktp);
1381 
1382 static void sd_reset_target(struct sd_lun *un, struct scsi_pkt *pktp);
1383 
1384 static void sd_start_stop_unit_callback(void *arg);
1385 static void sd_start_stop_unit_task(void *arg);
1386 
1387 static void sd_taskq_create(void);
1388 static void sd_taskq_delete(void);
1389 static void sd_media_change_task(void *arg);
1390 
1391 static int sd_handle_mchange(struct sd_lun *un);
1392 static int sd_send_scsi_DOORLOCK(struct sd_lun *un, int flag, int path_flag);
1393 static int sd_send_scsi_READ_CAPACITY(struct sd_lun *un, uint64_t *capp,
1394 	uint32_t *lbap, int path_flag);
1395 static int sd_send_scsi_READ_CAPACITY_16(struct sd_lun *un, uint64_t *capp,
1396 	uint32_t *lbap, int path_flag);
1397 static int sd_send_scsi_START_STOP_UNIT(struct sd_lun *un, int flag,
1398 	int path_flag);
1399 static int sd_send_scsi_INQUIRY(struct sd_lun *un, uchar_t *bufaddr,
1400 	size_t buflen, uchar_t evpd, uchar_t page_code, size_t *residp);
1401 static int sd_send_scsi_TEST_UNIT_READY(struct sd_lun *un, int flag);
1402 static int sd_send_scsi_PERSISTENT_RESERVE_IN(struct sd_lun *un,
1403 	uchar_t usr_cmd, uint16_t data_len, uchar_t *data_bufp);
1404 static int sd_send_scsi_PERSISTENT_RESERVE_OUT(struct sd_lun *un,
1405 	uchar_t usr_cmd, uchar_t *usr_bufp);
1406 static int sd_send_scsi_SYNCHRONIZE_CACHE(struct sd_lun *un,
1407 	struct dk_callback *dkc);
1408 static int sd_send_scsi_SYNCHRONIZE_CACHE_biodone(struct buf *bp);
1409 static int sd_send_scsi_GET_CONFIGURATION(struct sd_lun *un,
1410 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
1411 	uchar_t *bufaddr, uint_t buflen);
1412 static int sd_send_scsi_feature_GET_CONFIGURATION(struct sd_lun *un,
1413 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
1414 	uchar_t *bufaddr, uint_t buflen, char feature);
1415 static int sd_send_scsi_MODE_SENSE(struct sd_lun *un, int cdbsize,
1416 	uchar_t *bufaddr, size_t buflen, uchar_t page_code, int path_flag);
1417 static int sd_send_scsi_MODE_SELECT(struct sd_lun *un, int cdbsize,
1418 	uchar_t *bufaddr, size_t buflen, uchar_t save_page, int path_flag);
1419 static int sd_send_scsi_RDWR(struct sd_lun *un, uchar_t cmd, void *bufaddr,
1420 	size_t buflen, daddr_t start_block, int path_flag);
1421 #define	sd_send_scsi_READ(un, bufaddr, buflen, start_block, path_flag)	\
1422 	sd_send_scsi_RDWR(un, SCMD_READ, bufaddr, buflen, start_block, \
1423 	path_flag)
1424 #define	sd_send_scsi_WRITE(un, bufaddr, buflen, start_block, path_flag)	\
1425 	sd_send_scsi_RDWR(un, SCMD_WRITE, bufaddr, buflen, start_block,\
1426 	path_flag)
1427 
1428 static int sd_send_scsi_LOG_SENSE(struct sd_lun *un, uchar_t *bufaddr,
1429 	uint16_t buflen, uchar_t page_code, uchar_t page_control,
1430 	uint16_t param_ptr, int path_flag);
1431 
1432 static int  sd_alloc_rqs(struct scsi_device *devp, struct sd_lun *un);
1433 static void sd_free_rqs(struct sd_lun *un);
1434 
1435 static void sd_dump_memory(struct sd_lun *un, uint_t comp, char *title,
1436 	uchar_t *data, int len, int fmt);
1437 static void sd_panic_for_res_conflict(struct sd_lun *un);
1438 
1439 /*
1440  * Disk Ioctl Function Prototypes
1441  */
1442 static int sd_uscsi_ioctl(dev_t dev, caddr_t arg, int flag);
1443 static int sd_get_media_info(dev_t dev, caddr_t arg, int flag);
1444 static int sd_dkio_ctrl_info(dev_t dev, caddr_t arg, int flag);
1445 static int sd_dkio_get_geometry(dev_t dev, caddr_t arg, int flag,
1446 	int geom_validated);
1447 static int sd_dkio_set_geometry(dev_t dev, caddr_t arg, int flag);
1448 static int sd_dkio_get_partition(dev_t dev, caddr_t arg, int flag,
1449 	int geom_validated);
1450 static int sd_dkio_set_partition(dev_t dev, caddr_t arg, int flag);
1451 static int sd_dkio_get_vtoc(dev_t dev, caddr_t arg, int flag,
1452 	int geom_validated);
1453 static int sd_dkio_get_efi(dev_t dev, caddr_t arg, int flag);
1454 static int sd_dkio_partition(dev_t dev, caddr_t arg, int flag);
1455 static void sd_build_user_vtoc(struct sd_lun *un, struct vtoc *user_vtoc);
1456 static int sd_dkio_set_vtoc(dev_t dev, caddr_t arg, int flag);
1457 static int sd_dkio_set_efi(dev_t dev, caddr_t arg, int flag);
1458 static int sd_build_label_vtoc(struct sd_lun *un, struct vtoc *user_vtoc);
1459 static int sd_write_label(dev_t dev);
1460 static int sd_set_vtoc(struct sd_lun *un, struct dk_label *dkl);
1461 static void sd_clear_vtoc(struct sd_lun *un);
1462 static void sd_clear_efi(struct sd_lun *un);
1463 static int sd_dkio_get_temp(dev_t dev, caddr_t arg, int flag);
1464 static int sd_dkio_get_mboot(dev_t dev, caddr_t arg, int flag);
1465 static int sd_dkio_set_mboot(dev_t dev, caddr_t arg, int flag);
1466 static void sd_setup_default_geometry(struct sd_lun *un);
1467 #if defined(__i386) || defined(__amd64)
1468 static int sd_update_fdisk_and_vtoc(struct sd_lun *un);
1469 #endif
1470 
1471 /*
1472  * Multi-host Ioctl Prototypes
1473  */
1474 static int sd_check_mhd(dev_t dev, int interval);
1475 static int sd_mhd_watch_cb(caddr_t arg, struct scsi_watch_result *resultp);
1476 static void sd_mhd_watch_incomplete(struct sd_lun *un, struct scsi_pkt *pkt);
1477 static char *sd_sname(uchar_t status);
1478 static void sd_mhd_resvd_recover(void *arg);
1479 static void sd_resv_reclaim_thread();
1480 static int sd_take_ownership(dev_t dev, struct mhioctkown *p);
1481 static int sd_reserve_release(dev_t dev, int cmd);
1482 static void sd_rmv_resv_reclaim_req(dev_t dev);
1483 static void sd_mhd_reset_notify_cb(caddr_t arg);
1484 static int sd_persistent_reservation_in_read_keys(struct sd_lun *un,
1485 	mhioc_inkeys_t *usrp, int flag);
1486 static int sd_persistent_reservation_in_read_resv(struct sd_lun *un,
1487 	mhioc_inresvs_t *usrp, int flag);
1488 static int sd_mhdioc_takeown(dev_t dev, caddr_t arg, int flag);
1489 static int sd_mhdioc_failfast(dev_t dev, caddr_t arg, int flag);
1490 static int sd_mhdioc_release(dev_t dev);
1491 static int sd_mhdioc_register_devid(dev_t dev);
1492 static int sd_mhdioc_inkeys(dev_t dev, caddr_t arg, int flag);
1493 static int sd_mhdioc_inresv(dev_t dev, caddr_t arg, int flag);
1494 
1495 /*
1496  * SCSI removable prototypes
1497  */
1498 static int sr_change_blkmode(dev_t dev, int cmd, intptr_t data, int flag);
1499 static int sr_change_speed(dev_t dev, int cmd, intptr_t data, int flag);
1500 static int sr_atapi_change_speed(dev_t dev, int cmd, intptr_t data, int flag);
1501 static int sr_pause_resume(dev_t dev, int mode);
1502 static int sr_play_msf(dev_t dev, caddr_t data, int flag);
1503 static int sr_play_trkind(dev_t dev, caddr_t data, int flag);
1504 static int sr_read_all_subcodes(dev_t dev, caddr_t data, int flag);
1505 static int sr_read_subchannel(dev_t dev, caddr_t data, int flag);
1506 static int sr_read_tocentry(dev_t dev, caddr_t data, int flag);
1507 static int sr_read_tochdr(dev_t dev, caddr_t data, int flag);
1508 static int sr_read_cdda(dev_t dev, caddr_t data, int flag);
1509 static int sr_read_cdxa(dev_t dev, caddr_t data, int flag);
1510 static int sr_read_mode1(dev_t dev, caddr_t data, int flag);
1511 static int sr_read_mode2(dev_t dev, caddr_t data, int flag);
1512 static int sr_read_cd_mode2(dev_t dev, caddr_t data, int flag);
1513 static int sr_sector_mode(dev_t dev, uint32_t blksize);
1514 static int sr_eject(dev_t dev);
1515 static void sr_ejected(register struct sd_lun *un);
1516 static int sr_check_wp(dev_t dev);
1517 static int sd_check_media(dev_t dev, enum dkio_state state);
1518 static int sd_media_watch_cb(caddr_t arg, struct scsi_watch_result *resultp);
1519 static void sd_delayed_cv_broadcast(void *arg);
1520 static int sr_volume_ctrl(dev_t dev, caddr_t data, int flag);
1521 static int sr_read_sony_session_offset(dev_t dev, caddr_t data, int flag);
1522 
1523 static int sd_log_page_supported(struct sd_lun *un, int log_page);
1524 
1525 /*
1526  * Function Prototype for the non-512 support (DVDRAM, MO etc.) functions.
1527  */
1528 static void sd_check_for_writable_cd(struct sd_lun *un);
1529 static int sd_wm_cache_constructor(void *wm, void *un, int flags);
1530 static void sd_wm_cache_destructor(void *wm, void *un);
1531 static struct sd_w_map *sd_range_lock(struct sd_lun *un, daddr_t startb,
1532 	daddr_t endb, ushort_t typ);
1533 static struct sd_w_map *sd_get_range(struct sd_lun *un, daddr_t startb,
1534 	daddr_t endb);
1535 static void sd_free_inlist_wmap(struct sd_lun *un, struct sd_w_map *wmp);
1536 static void sd_range_unlock(struct sd_lun *un, struct sd_w_map *wm);
1537 static void sd_read_modify_write_task(void * arg);
1538 static int
1539 sddump_do_read_of_rmw(struct sd_lun *un, uint64_t blkno, uint64_t nblk,
1540 	struct buf **bpp);
1541 
1542 
1543 /*
1544  * Function prototypes for failfast support.
1545  */
1546 static void sd_failfast_flushq(struct sd_lun *un);
1547 static int sd_failfast_flushq_callback(struct buf *bp);
1548 
1549 /*
1550  * Function prototypes to check for lsi devices
1551  */
1552 static void sd_is_lsi(struct sd_lun *un);
1553 
1554 /*
1555  * Function prototypes for x86 support
1556  */
1557 #if defined(__i386) || defined(__amd64)
1558 static int sd_setup_next_xfer(struct sd_lun *un, struct buf *bp,
1559 		struct scsi_pkt *pkt, struct sd_xbuf *xp);
1560 #endif
1561 
1562 /*
1563  * Constants for failfast support:
1564  *
1565  * SD_FAILFAST_INACTIVE: Instance is currently in a normal state, with NO
1566  * failfast processing being performed.
1567  *
1568  * SD_FAILFAST_ACTIVE: Instance is in the failfast state and is performing
1569  * failfast processing on all bufs with B_FAILFAST set.
1570  */
1571 
1572 #define	SD_FAILFAST_INACTIVE		0
1573 #define	SD_FAILFAST_ACTIVE		1
1574 
1575 /*
1576  * Bitmask to control behavior of buf(9S) flushes when a transition to
1577  * the failfast state occurs. Optional bits include:
1578  *
1579  * SD_FAILFAST_FLUSH_ALL_BUFS: When set, flush ALL bufs including those that
1580  * do NOT have B_FAILFAST set. When clear, only bufs with B_FAILFAST will
1581  * be flushed.
1582  *
1583  * SD_FAILFAST_FLUSH_ALL_QUEUES: When set, flush any/all other queues in the
1584  * driver, in addition to the regular wait queue. This includes the xbuf
1585  * queues. When clear, only the driver's wait queue will be flushed.
1586  */
1587 #define	SD_FAILFAST_FLUSH_ALL_BUFS	0x01
1588 #define	SD_FAILFAST_FLUSH_ALL_QUEUES	0x02
1589 
1590 /*
1591  * The default behavior is to only flush bufs that have B_FAILFAST set, but
1592  * to flush all queues within the driver.
1593  */
1594 static int sd_failfast_flushctl = SD_FAILFAST_FLUSH_ALL_QUEUES;
1595 
1596 
1597 /*
1598  * SD Testing Fault Injection
1599  */
1600 #ifdef SD_FAULT_INJECTION
1601 static void sd_faultinjection_ioctl(int cmd, intptr_t arg, struct sd_lun *un);
1602 static void sd_faultinjection(struct scsi_pkt *pktp);
1603 static void sd_injection_log(char *buf, struct sd_lun *un);
1604 #endif
1605 
1606 /*
1607  * Device driver ops vector
1608  */
1609 static struct cb_ops sd_cb_ops = {
1610 	sdopen,			/* open */
1611 	sdclose,		/* close */
1612 	sdstrategy,		/* strategy */
1613 	nodev,			/* print */
1614 	sddump,			/* dump */
1615 	sdread,			/* read */
1616 	sdwrite,		/* write */
1617 	sdioctl,		/* ioctl */
1618 	nodev,			/* devmap */
1619 	nodev,			/* mmap */
1620 	nodev,			/* segmap */
1621 	nochpoll,		/* poll */
1622 	sd_prop_op,		/* cb_prop_op */
1623 	0,			/* streamtab  */
1624 	D_64BIT | D_MP | D_NEW | D_HOTPLUG, /* Driver compatibility flags */
1625 	CB_REV,			/* cb_rev */
1626 	sdaread, 		/* async I/O read entry point */
1627 	sdawrite		/* async I/O write entry point */
1628 };
1629 
1630 static struct dev_ops sd_ops = {
1631 	DEVO_REV,		/* devo_rev, */
1632 	0,			/* refcnt  */
1633 	sdinfo,			/* info */
1634 	nulldev,		/* identify */
1635 	sdprobe,		/* probe */
1636 	sdattach,		/* attach */
1637 	sddetach,		/* detach */
1638 	nodev,			/* reset */
1639 	&sd_cb_ops,		/* driver operations */
1640 	NULL,			/* bus operations */
1641 	sdpower			/* power */
1642 };
1643 
1644 
1645 /*
1646  * This is the loadable module wrapper.
1647  */
1648 #include <sys/modctl.h>
1649 
1650 static struct modldrv modldrv = {
1651 	&mod_driverops,		/* Type of module. This one is a driver */
1652 	SD_MODULE_NAME,		/* Module name. */
1653 	&sd_ops			/* driver ops */
1654 };
1655 
1656 
1657 static struct modlinkage modlinkage = {
1658 	MODREV_1,
1659 	&modldrv,
1660 	NULL
1661 };
1662 
1663 
1664 static struct scsi_asq_key_strings sd_additional_codes[] = {
1665 	0x81, 0, "Logical Unit is Reserved",
1666 	0x85, 0, "Audio Address Not Valid",
1667 	0xb6, 0, "Media Load Mechanism Failed",
1668 	0xB9, 0, "Audio Play Operation Aborted",
1669 	0xbf, 0, "Buffer Overflow for Read All Subcodes Command",
1670 	0x53, 2, "Medium removal prevented",
1671 	0x6f, 0, "Authentication failed during key exchange",
1672 	0x6f, 1, "Key not present",
1673 	0x6f, 2, "Key not established",
1674 	0x6f, 3, "Read without proper authentication",
1675 	0x6f, 4, "Mismatched region to this logical unit",
1676 	0x6f, 5, "Region reset count error",
1677 	0xffff, 0x0, NULL
1678 };
1679 
1680 
1681 /*
1682  * Struct for passing printing information for sense data messages
1683  */
1684 struct sd_sense_info {
1685 	int	ssi_severity;
1686 	int	ssi_pfa_flag;
1687 };
1688 
1689 /*
1690  * Table of function pointers for iostart-side routines. Seperate "chains"
1691  * of layered function calls are formed by placing the function pointers
1692  * sequentially in the desired order. Functions are called according to an
1693  * incrementing table index ordering. The last function in each chain must
1694  * be sd_core_iostart(). The corresponding iodone-side routines are expected
1695  * in the sd_iodone_chain[] array.
1696  *
1697  * Note: It may seem more natural to organize both the iostart and iodone
1698  * functions together, into an array of structures (or some similar
1699  * organization) with a common index, rather than two seperate arrays which
1700  * must be maintained in synchronization. The purpose of this division is
1701  * to achiece improved performance: individual arrays allows for more
1702  * effective cache line utilization on certain platforms.
1703  */
1704 
1705 typedef void (*sd_chain_t)(int index, struct sd_lun *un, struct buf *bp);
1706 
1707 
1708 static sd_chain_t sd_iostart_chain[] = {
1709 
1710 	/* Chain for buf IO for disk drive targets (PM enabled) */
1711 	sd_mapblockaddr_iostart,	/* Index: 0 */
1712 	sd_pm_iostart,			/* Index: 1 */
1713 	sd_core_iostart,		/* Index: 2 */
1714 
1715 	/* Chain for buf IO for disk drive targets (PM disabled) */
1716 	sd_mapblockaddr_iostart,	/* Index: 3 */
1717 	sd_core_iostart,		/* Index: 4 */
1718 
1719 	/* Chain for buf IO for removable-media targets (PM enabled) */
1720 	sd_mapblockaddr_iostart,	/* Index: 5 */
1721 	sd_mapblocksize_iostart,	/* Index: 6 */
1722 	sd_pm_iostart,			/* Index: 7 */
1723 	sd_core_iostart,		/* Index: 8 */
1724 
1725 	/* Chain for buf IO for removable-media targets (PM disabled) */
1726 	sd_mapblockaddr_iostart,	/* Index: 9 */
1727 	sd_mapblocksize_iostart,	/* Index: 10 */
1728 	sd_core_iostart,		/* Index: 11 */
1729 
1730 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1731 	sd_mapblockaddr_iostart,	/* Index: 12 */
1732 	sd_checksum_iostart,		/* Index: 13 */
1733 	sd_pm_iostart,			/* Index: 14 */
1734 	sd_core_iostart,		/* Index: 15 */
1735 
1736 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1737 	sd_mapblockaddr_iostart,	/* Index: 16 */
1738 	sd_checksum_iostart,		/* Index: 17 */
1739 	sd_core_iostart,		/* Index: 18 */
1740 
1741 	/* Chain for USCSI commands (all targets) */
1742 	sd_pm_iostart,			/* Index: 19 */
1743 	sd_core_iostart,		/* Index: 20 */
1744 
1745 	/* Chain for checksumming USCSI commands (all targets) */
1746 	sd_checksum_uscsi_iostart,	/* Index: 21 */
1747 	sd_pm_iostart,			/* Index: 22 */
1748 	sd_core_iostart,		/* Index: 23 */
1749 
1750 	/* Chain for "direct" USCSI commands (all targets) */
1751 	sd_core_iostart,		/* Index: 24 */
1752 
1753 	/* Chain for "direct priority" USCSI commands (all targets) */
1754 	sd_core_iostart,		/* Index: 25 */
1755 };
1756 
1757 /*
1758  * Macros to locate the first function of each iostart chain in the
1759  * sd_iostart_chain[] array. These are located by the index in the array.
1760  */
1761 #define	SD_CHAIN_DISK_IOSTART			0
1762 #define	SD_CHAIN_DISK_IOSTART_NO_PM		3
1763 #define	SD_CHAIN_RMMEDIA_IOSTART		5
1764 #define	SD_CHAIN_RMMEDIA_IOSTART_NO_PM		9
1765 #define	SD_CHAIN_CHKSUM_IOSTART			12
1766 #define	SD_CHAIN_CHKSUM_IOSTART_NO_PM		16
1767 #define	SD_CHAIN_USCSI_CMD_IOSTART		19
1768 #define	SD_CHAIN_USCSI_CHKSUM_IOSTART		21
1769 #define	SD_CHAIN_DIRECT_CMD_IOSTART		24
1770 #define	SD_CHAIN_PRIORITY_CMD_IOSTART		25
1771 
1772 
1773 /*
1774  * Table of function pointers for the iodone-side routines for the driver-
1775  * internal layering mechanism.  The calling sequence for iodone routines
1776  * uses a decrementing table index, so the last routine called in a chain
1777  * must be at the lowest array index location for that chain.  The last
1778  * routine for each chain must be either sd_buf_iodone() (for buf(9S) IOs)
1779  * or sd_uscsi_iodone() (for uscsi IOs).  Other than this, the ordering
1780  * of the functions in an iodone side chain must correspond to the ordering
1781  * of the iostart routines for that chain.  Note that there is no iodone
1782  * side routine that corresponds to sd_core_iostart(), so there is no
1783  * entry in the table for this.
1784  */
1785 
1786 static sd_chain_t sd_iodone_chain[] = {
1787 
1788 	/* Chain for buf IO for disk drive targets (PM enabled) */
1789 	sd_buf_iodone,			/* Index: 0 */
1790 	sd_mapblockaddr_iodone,		/* Index: 1 */
1791 	sd_pm_iodone,			/* Index: 2 */
1792 
1793 	/* Chain for buf IO for disk drive targets (PM disabled) */
1794 	sd_buf_iodone,			/* Index: 3 */
1795 	sd_mapblockaddr_iodone,		/* Index: 4 */
1796 
1797 	/* Chain for buf IO for removable-media targets (PM enabled) */
1798 	sd_buf_iodone,			/* Index: 5 */
1799 	sd_mapblockaddr_iodone,		/* Index: 6 */
1800 	sd_mapblocksize_iodone,		/* Index: 7 */
1801 	sd_pm_iodone,			/* Index: 8 */
1802 
1803 	/* Chain for buf IO for removable-media targets (PM disabled) */
1804 	sd_buf_iodone,			/* Index: 9 */
1805 	sd_mapblockaddr_iodone,		/* Index: 10 */
1806 	sd_mapblocksize_iodone,		/* Index: 11 */
1807 
1808 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1809 	sd_buf_iodone,			/* Index: 12 */
1810 	sd_mapblockaddr_iodone,		/* Index: 13 */
1811 	sd_checksum_iodone,		/* Index: 14 */
1812 	sd_pm_iodone,			/* Index: 15 */
1813 
1814 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1815 	sd_buf_iodone,			/* Index: 16 */
1816 	sd_mapblockaddr_iodone,		/* Index: 17 */
1817 	sd_checksum_iodone,		/* Index: 18 */
1818 
1819 	/* Chain for USCSI commands (non-checksum targets) */
1820 	sd_uscsi_iodone,		/* Index: 19 */
1821 	sd_pm_iodone,			/* Index: 20 */
1822 
1823 	/* Chain for USCSI commands (checksum targets) */
1824 	sd_uscsi_iodone,		/* Index: 21 */
1825 	sd_checksum_uscsi_iodone,	/* Index: 22 */
1826 	sd_pm_iodone,			/* Index: 22 */
1827 
1828 	/* Chain for "direct" USCSI commands (all targets) */
1829 	sd_uscsi_iodone,		/* Index: 24 */
1830 
1831 	/* Chain for "direct priority" USCSI commands (all targets) */
1832 	sd_uscsi_iodone,		/* Index: 25 */
1833 };
1834 
1835 
1836 /*
1837  * Macros to locate the "first" function in the sd_iodone_chain[] array for
1838  * each iodone-side chain. These are located by the array index, but as the
1839  * iodone side functions are called in a decrementing-index order, the
1840  * highest index number in each chain must be specified (as these correspond
1841  * to the first function in the iodone chain that will be called by the core
1842  * at IO completion time).
1843  */
1844 
1845 #define	SD_CHAIN_DISK_IODONE			2
1846 #define	SD_CHAIN_DISK_IODONE_NO_PM		4
1847 #define	SD_CHAIN_RMMEDIA_IODONE			8
1848 #define	SD_CHAIN_RMMEDIA_IODONE_NO_PM		11
1849 #define	SD_CHAIN_CHKSUM_IODONE			15
1850 #define	SD_CHAIN_CHKSUM_IODONE_NO_PM		18
1851 #define	SD_CHAIN_USCSI_CMD_IODONE		20
1852 #define	SD_CHAIN_USCSI_CHKSUM_IODONE		22
1853 #define	SD_CHAIN_DIRECT_CMD_IODONE		24
1854 #define	SD_CHAIN_PRIORITY_CMD_IODONE		25
1855 
1856 
1857 
1858 
1859 /*
1860  * Array to map a layering chain index to the appropriate initpkt routine.
1861  * The redundant entries are present so that the index used for accessing
1862  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1863  * with this table as well.
1864  */
1865 typedef int (*sd_initpkt_t)(struct buf *, struct scsi_pkt **);
1866 
1867 static sd_initpkt_t	sd_initpkt_map[] = {
1868 
1869 	/* Chain for buf IO for disk drive targets (PM enabled) */
1870 	sd_initpkt_for_buf,		/* Index: 0 */
1871 	sd_initpkt_for_buf,		/* Index: 1 */
1872 	sd_initpkt_for_buf,		/* Index: 2 */
1873 
1874 	/* Chain for buf IO for disk drive targets (PM disabled) */
1875 	sd_initpkt_for_buf,		/* Index: 3 */
1876 	sd_initpkt_for_buf,		/* Index: 4 */
1877 
1878 	/* Chain for buf IO for removable-media targets (PM enabled) */
1879 	sd_initpkt_for_buf,		/* Index: 5 */
1880 	sd_initpkt_for_buf,		/* Index: 6 */
1881 	sd_initpkt_for_buf,		/* Index: 7 */
1882 	sd_initpkt_for_buf,		/* Index: 8 */
1883 
1884 	/* Chain for buf IO for removable-media targets (PM disabled) */
1885 	sd_initpkt_for_buf,		/* Index: 9 */
1886 	sd_initpkt_for_buf,		/* Index: 10 */
1887 	sd_initpkt_for_buf,		/* Index: 11 */
1888 
1889 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1890 	sd_initpkt_for_buf,		/* Index: 12 */
1891 	sd_initpkt_for_buf,		/* Index: 13 */
1892 	sd_initpkt_for_buf,		/* Index: 14 */
1893 	sd_initpkt_for_buf,		/* Index: 15 */
1894 
1895 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1896 	sd_initpkt_for_buf,		/* Index: 16 */
1897 	sd_initpkt_for_buf,		/* Index: 17 */
1898 	sd_initpkt_for_buf,		/* Index: 18 */
1899 
1900 	/* Chain for USCSI commands (non-checksum targets) */
1901 	sd_initpkt_for_uscsi,		/* Index: 19 */
1902 	sd_initpkt_for_uscsi,		/* Index: 20 */
1903 
1904 	/* Chain for USCSI commands (checksum targets) */
1905 	sd_initpkt_for_uscsi,		/* Index: 21 */
1906 	sd_initpkt_for_uscsi,		/* Index: 22 */
1907 	sd_initpkt_for_uscsi,		/* Index: 22 */
1908 
1909 	/* Chain for "direct" USCSI commands (all targets) */
1910 	sd_initpkt_for_uscsi,		/* Index: 24 */
1911 
1912 	/* Chain for "direct priority" USCSI commands (all targets) */
1913 	sd_initpkt_for_uscsi,		/* Index: 25 */
1914 
1915 };
1916 
1917 
1918 /*
1919  * Array to map a layering chain index to the appropriate destroypktpkt routine.
1920  * The redundant entries are present so that the index used for accessing
1921  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1922  * with this table as well.
1923  */
1924 typedef void (*sd_destroypkt_t)(struct buf *);
1925 
1926 static sd_destroypkt_t	sd_destroypkt_map[] = {
1927 
1928 	/* Chain for buf IO for disk drive targets (PM enabled) */
1929 	sd_destroypkt_for_buf,		/* Index: 0 */
1930 	sd_destroypkt_for_buf,		/* Index: 1 */
1931 	sd_destroypkt_for_buf,		/* Index: 2 */
1932 
1933 	/* Chain for buf IO for disk drive targets (PM disabled) */
1934 	sd_destroypkt_for_buf,		/* Index: 3 */
1935 	sd_destroypkt_for_buf,		/* Index: 4 */
1936 
1937 	/* Chain for buf IO for removable-media targets (PM enabled) */
1938 	sd_destroypkt_for_buf,		/* Index: 5 */
1939 	sd_destroypkt_for_buf,		/* Index: 6 */
1940 	sd_destroypkt_for_buf,		/* Index: 7 */
1941 	sd_destroypkt_for_buf,		/* Index: 8 */
1942 
1943 	/* Chain for buf IO for removable-media targets (PM disabled) */
1944 	sd_destroypkt_for_buf,		/* Index: 9 */
1945 	sd_destroypkt_for_buf,		/* Index: 10 */
1946 	sd_destroypkt_for_buf,		/* Index: 11 */
1947 
1948 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
1949 	sd_destroypkt_for_buf,		/* Index: 12 */
1950 	sd_destroypkt_for_buf,		/* Index: 13 */
1951 	sd_destroypkt_for_buf,		/* Index: 14 */
1952 	sd_destroypkt_for_buf,		/* Index: 15 */
1953 
1954 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
1955 	sd_destroypkt_for_buf,		/* Index: 16 */
1956 	sd_destroypkt_for_buf,		/* Index: 17 */
1957 	sd_destroypkt_for_buf,		/* Index: 18 */
1958 
1959 	/* Chain for USCSI commands (non-checksum targets) */
1960 	sd_destroypkt_for_uscsi,	/* Index: 19 */
1961 	sd_destroypkt_for_uscsi,	/* Index: 20 */
1962 
1963 	/* Chain for USCSI commands (checksum targets) */
1964 	sd_destroypkt_for_uscsi,	/* Index: 21 */
1965 	sd_destroypkt_for_uscsi,	/* Index: 22 */
1966 	sd_destroypkt_for_uscsi,	/* Index: 22 */
1967 
1968 	/* Chain for "direct" USCSI commands (all targets) */
1969 	sd_destroypkt_for_uscsi,	/* Index: 24 */
1970 
1971 	/* Chain for "direct priority" USCSI commands (all targets) */
1972 	sd_destroypkt_for_uscsi,	/* Index: 25 */
1973 
1974 };
1975 
1976 
1977 
1978 /*
1979  * Array to map a layering chain index to the appropriate chain "type".
1980  * The chain type indicates a specific property/usage of the chain.
1981  * The redundant entries are present so that the index used for accessing
1982  * the above sd_iostart_chain and sd_iodone_chain tables can be used directly
1983  * with this table as well.
1984  */
1985 
1986 #define	SD_CHAIN_NULL			0	/* for the special RQS cmd */
1987 #define	SD_CHAIN_BUFIO			1	/* regular buf IO */
1988 #define	SD_CHAIN_USCSI			2	/* regular USCSI commands */
1989 #define	SD_CHAIN_DIRECT			3	/* uscsi, w/ bypass power mgt */
1990 #define	SD_CHAIN_DIRECT_PRIORITY	4	/* uscsi, w/ bypass power mgt */
1991 						/* (for error recovery) */
1992 
1993 static int sd_chain_type_map[] = {
1994 
1995 	/* Chain for buf IO for disk drive targets (PM enabled) */
1996 	SD_CHAIN_BUFIO,			/* Index: 0 */
1997 	SD_CHAIN_BUFIO,			/* Index: 1 */
1998 	SD_CHAIN_BUFIO,			/* Index: 2 */
1999 
2000 	/* Chain for buf IO for disk drive targets (PM disabled) */
2001 	SD_CHAIN_BUFIO,			/* Index: 3 */
2002 	SD_CHAIN_BUFIO,			/* Index: 4 */
2003 
2004 	/* Chain for buf IO for removable-media targets (PM enabled) */
2005 	SD_CHAIN_BUFIO,			/* Index: 5 */
2006 	SD_CHAIN_BUFIO,			/* Index: 6 */
2007 	SD_CHAIN_BUFIO,			/* Index: 7 */
2008 	SD_CHAIN_BUFIO,			/* Index: 8 */
2009 
2010 	/* Chain for buf IO for removable-media targets (PM disabled) */
2011 	SD_CHAIN_BUFIO,			/* Index: 9 */
2012 	SD_CHAIN_BUFIO,			/* Index: 10 */
2013 	SD_CHAIN_BUFIO,			/* Index: 11 */
2014 
2015 	/* Chain for buf IO for disk drives with checksumming (PM enabled) */
2016 	SD_CHAIN_BUFIO,			/* Index: 12 */
2017 	SD_CHAIN_BUFIO,			/* Index: 13 */
2018 	SD_CHAIN_BUFIO,			/* Index: 14 */
2019 	SD_CHAIN_BUFIO,			/* Index: 15 */
2020 
2021 	/* Chain for buf IO for disk drives with checksumming (PM disabled) */
2022 	SD_CHAIN_BUFIO,			/* Index: 16 */
2023 	SD_CHAIN_BUFIO,			/* Index: 17 */
2024 	SD_CHAIN_BUFIO,			/* Index: 18 */
2025 
2026 	/* Chain for USCSI commands (non-checksum targets) */
2027 	SD_CHAIN_USCSI,			/* Index: 19 */
2028 	SD_CHAIN_USCSI,			/* Index: 20 */
2029 
2030 	/* Chain for USCSI commands (checksum targets) */
2031 	SD_CHAIN_USCSI,			/* Index: 21 */
2032 	SD_CHAIN_USCSI,			/* Index: 22 */
2033 	SD_CHAIN_USCSI,			/* Index: 22 */
2034 
2035 	/* Chain for "direct" USCSI commands (all targets) */
2036 	SD_CHAIN_DIRECT,		/* Index: 24 */
2037 
2038 	/* Chain for "direct priority" USCSI commands (all targets) */
2039 	SD_CHAIN_DIRECT_PRIORITY,	/* Index: 25 */
2040 };
2041 
2042 
2043 /* Macro to return TRUE if the IO has come from the sd_buf_iostart() chain. */
2044 #define	SD_IS_BUFIO(xp)			\
2045 	(sd_chain_type_map[(xp)->xb_chain_iostart] == SD_CHAIN_BUFIO)
2046 
2047 /* Macro to return TRUE if the IO has come from the "direct priority" chain. */
2048 #define	SD_IS_DIRECT_PRIORITY(xp)	\
2049 	(sd_chain_type_map[(xp)->xb_chain_iostart] == SD_CHAIN_DIRECT_PRIORITY)
2050 
2051 
2052 
2053 /*
2054  * Struct, array, and macros to map a specific chain to the appropriate
2055  * layering indexes in the sd_iostart_chain[] and sd_iodone_chain[] arrays.
2056  *
2057  * The sd_chain_index_map[] array is used at attach time to set the various
2058  * un_xxx_chain type members of the sd_lun softstate to the specific layering
2059  * chain to be used with the instance. This allows different instances to use
2060  * different chain for buf IO, uscsi IO, etc.. Also, since the xb_chain_iostart
2061  * and xb_chain_iodone index values in the sd_xbuf are initialized to these
2062  * values at sd_xbuf init time, this allows (1) layering chains may be changed
2063  * dynamically & without the use of locking; and (2) a layer may update the
2064  * xb_chain_io[start|done] member in a given xbuf with its current index value,
2065  * to allow for deferred processing of an IO within the same chain from a
2066  * different execution context.
2067  */
2068 
2069 struct sd_chain_index {
2070 	int	sci_iostart_index;
2071 	int	sci_iodone_index;
2072 };
2073 
2074 static struct sd_chain_index	sd_chain_index_map[] = {
2075 	{ SD_CHAIN_DISK_IOSTART,		SD_CHAIN_DISK_IODONE },
2076 	{ SD_CHAIN_DISK_IOSTART_NO_PM,		SD_CHAIN_DISK_IODONE_NO_PM },
2077 	{ SD_CHAIN_RMMEDIA_IOSTART,		SD_CHAIN_RMMEDIA_IODONE },
2078 	{ SD_CHAIN_RMMEDIA_IOSTART_NO_PM,	SD_CHAIN_RMMEDIA_IODONE_NO_PM },
2079 	{ SD_CHAIN_CHKSUM_IOSTART,		SD_CHAIN_CHKSUM_IODONE },
2080 	{ SD_CHAIN_CHKSUM_IOSTART_NO_PM,	SD_CHAIN_CHKSUM_IODONE_NO_PM },
2081 	{ SD_CHAIN_USCSI_CMD_IOSTART,		SD_CHAIN_USCSI_CMD_IODONE },
2082 	{ SD_CHAIN_USCSI_CHKSUM_IOSTART,	SD_CHAIN_USCSI_CHKSUM_IODONE },
2083 	{ SD_CHAIN_DIRECT_CMD_IOSTART,		SD_CHAIN_DIRECT_CMD_IODONE },
2084 	{ SD_CHAIN_PRIORITY_CMD_IOSTART,	SD_CHAIN_PRIORITY_CMD_IODONE },
2085 };
2086 
2087 
2088 /*
2089  * The following are indexes into the sd_chain_index_map[] array.
2090  */
2091 
2092 /* un->un_buf_chain_type must be set to one of these */
2093 #define	SD_CHAIN_INFO_DISK		0
2094 #define	SD_CHAIN_INFO_DISK_NO_PM	1
2095 #define	SD_CHAIN_INFO_RMMEDIA		2
2096 #define	SD_CHAIN_INFO_RMMEDIA_NO_PM	3
2097 #define	SD_CHAIN_INFO_CHKSUM		4
2098 #define	SD_CHAIN_INFO_CHKSUM_NO_PM	5
2099 
2100 /* un->un_uscsi_chain_type must be set to one of these */
2101 #define	SD_CHAIN_INFO_USCSI_CMD		6
2102 /* USCSI with PM disabled is the same as DIRECT */
2103 #define	SD_CHAIN_INFO_USCSI_CMD_NO_PM	8
2104 #define	SD_CHAIN_INFO_USCSI_CHKSUM	7
2105 
2106 /* un->un_direct_chain_type must be set to one of these */
2107 #define	SD_CHAIN_INFO_DIRECT_CMD	8
2108 
2109 /* un->un_priority_chain_type must be set to one of these */
2110 #define	SD_CHAIN_INFO_PRIORITY_CMD	9
2111 
2112 /* size for devid inquiries */
2113 #define	MAX_INQUIRY_SIZE		0xF0
2114 
2115 /*
2116  * Macros used by functions to pass a given buf(9S) struct along to the
2117  * next function in the layering chain for further processing.
2118  *
2119  * In the following macros, passing more than three arguments to the called
2120  * routines causes the optimizer for the SPARC compiler to stop doing tail
2121  * call elimination which results in significant performance degradation.
2122  */
2123 #define	SD_BEGIN_IOSTART(index, un, bp)	\
2124 	((*(sd_iostart_chain[index]))(index, un, bp))
2125 
2126 #define	SD_BEGIN_IODONE(index, un, bp)	\
2127 	((*(sd_iodone_chain[index]))(index, un, bp))
2128 
2129 #define	SD_NEXT_IOSTART(index, un, bp)				\
2130 	((*(sd_iostart_chain[(index) + 1]))((index) + 1, un, bp))
2131 
2132 #define	SD_NEXT_IODONE(index, un, bp)				\
2133 	((*(sd_iodone_chain[(index) - 1]))((index) - 1, un, bp))
2134 
2135 
2136 /*
2137  *    Function: _init
2138  *
2139  * Description: This is the driver _init(9E) entry point.
2140  *
2141  * Return Code: Returns the value from mod_install(9F) or
2142  *		ddi_soft_state_init(9F) as appropriate.
2143  *
2144  *     Context: Called when driver module loaded.
2145  */
2146 
2147 int
2148 _init(void)
2149 {
2150 	int	err;
2151 
2152 	/* establish driver name from module name */
2153 	sd_label = mod_modname(&modlinkage);
2154 
2155 	err = ddi_soft_state_init(&sd_state, sizeof (struct sd_lun),
2156 		SD_MAXUNIT);
2157 
2158 	if (err != 0) {
2159 		return (err);
2160 	}
2161 
2162 	mutex_init(&sd_detach_mutex, NULL, MUTEX_DRIVER, NULL);
2163 	mutex_init(&sd_log_mutex,    NULL, MUTEX_DRIVER, NULL);
2164 	mutex_init(&sd_label_mutex,  NULL, MUTEX_DRIVER, NULL);
2165 
2166 	mutex_init(&sd_tr.srq_resv_reclaim_mutex, NULL, MUTEX_DRIVER, NULL);
2167 	cv_init(&sd_tr.srq_resv_reclaim_cv, NULL, CV_DRIVER, NULL);
2168 	cv_init(&sd_tr.srq_inprocess_cv, NULL, CV_DRIVER, NULL);
2169 
2170 	/*
2171 	 * it's ok to init here even for fibre device
2172 	 */
2173 	sd_scsi_probe_cache_init();
2174 
2175 	/*
2176 	 * Creating taskq before mod_install ensures that all callers (threads)
2177 	 * that enter the module after a successfull mod_install encounter
2178 	 * a valid taskq.
2179 	 */
2180 	sd_taskq_create();
2181 
2182 	err = mod_install(&modlinkage);
2183 	if (err != 0) {
2184 		/* delete taskq if install fails */
2185 		sd_taskq_delete();
2186 
2187 		mutex_destroy(&sd_detach_mutex);
2188 		mutex_destroy(&sd_log_mutex);
2189 		mutex_destroy(&sd_label_mutex);
2190 
2191 		mutex_destroy(&sd_tr.srq_resv_reclaim_mutex);
2192 		cv_destroy(&sd_tr.srq_resv_reclaim_cv);
2193 		cv_destroy(&sd_tr.srq_inprocess_cv);
2194 
2195 		sd_scsi_probe_cache_fini();
2196 
2197 		ddi_soft_state_fini(&sd_state);
2198 		return (err);
2199 	}
2200 
2201 	return (err);
2202 }
2203 
2204 
2205 /*
2206  *    Function: _fini
2207  *
2208  * Description: This is the driver _fini(9E) entry point.
2209  *
2210  * Return Code: Returns the value from mod_remove(9F)
2211  *
2212  *     Context: Called when driver module is unloaded.
2213  */
2214 
2215 int
2216 _fini(void)
2217 {
2218 	int err;
2219 
2220 	if ((err = mod_remove(&modlinkage)) != 0) {
2221 		return (err);
2222 	}
2223 
2224 	sd_taskq_delete();
2225 
2226 	mutex_destroy(&sd_detach_mutex);
2227 	mutex_destroy(&sd_log_mutex);
2228 	mutex_destroy(&sd_label_mutex);
2229 	mutex_destroy(&sd_tr.srq_resv_reclaim_mutex);
2230 
2231 	sd_scsi_probe_cache_fini();
2232 
2233 	cv_destroy(&sd_tr.srq_resv_reclaim_cv);
2234 	cv_destroy(&sd_tr.srq_inprocess_cv);
2235 
2236 	ddi_soft_state_fini(&sd_state);
2237 
2238 	return (err);
2239 }
2240 
2241 
2242 /*
2243  *    Function: _info
2244  *
2245  * Description: This is the driver _info(9E) entry point.
2246  *
2247  *   Arguments: modinfop - pointer to the driver modinfo structure
2248  *
2249  * Return Code: Returns the value from mod_info(9F).
2250  *
2251  *     Context: Kernel thread context
2252  */
2253 
2254 int
2255 _info(struct modinfo *modinfop)
2256 {
2257 	return (mod_info(&modlinkage, modinfop));
2258 }
2259 
2260 
2261 /*
2262  * The following routines implement the driver message logging facility.
2263  * They provide component- and level- based debug output filtering.
2264  * Output may also be restricted to messages for a single instance by
2265  * specifying a soft state pointer in sd_debug_un. If sd_debug_un is set
2266  * to NULL, then messages for all instances are printed.
2267  *
2268  * These routines have been cloned from each other due to the language
2269  * constraints of macros and variable argument list processing.
2270  */
2271 
2272 
2273 /*
2274  *    Function: sd_log_err
2275  *
2276  * Description: This routine is called by the SD_ERROR macro for debug
2277  *		logging of error conditions.
2278  *
2279  *   Arguments: comp - driver component being logged
2280  *		dev  - pointer to driver info structure
2281  *		fmt  - error string and format to be logged
2282  */
2283 
2284 static void
2285 sd_log_err(uint_t comp, struct sd_lun *un, const char *fmt, ...)
2286 {
2287 	va_list		ap;
2288 	dev_info_t	*dev;
2289 
2290 	ASSERT(un != NULL);
2291 	dev = SD_DEVINFO(un);
2292 	ASSERT(dev != NULL);
2293 
2294 	/*
2295 	 * Filter messages based on the global component and level masks.
2296 	 * Also print if un matches the value of sd_debug_un, or if
2297 	 * sd_debug_un is set to NULL.
2298 	 */
2299 	if ((sd_component_mask & comp) && (sd_level_mask & SD_LOGMASK_ERROR) &&
2300 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2301 		mutex_enter(&sd_log_mutex);
2302 		va_start(ap, fmt);
2303 		(void) vsprintf(sd_log_buf, fmt, ap);
2304 		va_end(ap);
2305 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2306 		mutex_exit(&sd_log_mutex);
2307 	}
2308 #ifdef SD_FAULT_INJECTION
2309 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2310 	if (un->sd_injection_mask & comp) {
2311 		mutex_enter(&sd_log_mutex);
2312 		va_start(ap, fmt);
2313 		(void) vsprintf(sd_log_buf, fmt, ap);
2314 		va_end(ap);
2315 		sd_injection_log(sd_log_buf, un);
2316 		mutex_exit(&sd_log_mutex);
2317 	}
2318 #endif
2319 }
2320 
2321 
2322 /*
2323  *    Function: sd_log_info
2324  *
2325  * Description: This routine is called by the SD_INFO macro for debug
2326  *		logging of general purpose informational conditions.
2327  *
2328  *   Arguments: comp - driver component being logged
2329  *		dev  - pointer to driver info structure
2330  *		fmt  - info string and format to be logged
2331  */
2332 
2333 static void
2334 sd_log_info(uint_t component, struct sd_lun *un, const char *fmt, ...)
2335 {
2336 	va_list		ap;
2337 	dev_info_t	*dev;
2338 
2339 	ASSERT(un != NULL);
2340 	dev = SD_DEVINFO(un);
2341 	ASSERT(dev != NULL);
2342 
2343 	/*
2344 	 * Filter messages based on the global component and level masks.
2345 	 * Also print if un matches the value of sd_debug_un, or if
2346 	 * sd_debug_un is set to NULL.
2347 	 */
2348 	if ((sd_component_mask & component) &&
2349 	    (sd_level_mask & SD_LOGMASK_INFO) &&
2350 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2351 		mutex_enter(&sd_log_mutex);
2352 		va_start(ap, fmt);
2353 		(void) vsprintf(sd_log_buf, fmt, ap);
2354 		va_end(ap);
2355 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2356 		mutex_exit(&sd_log_mutex);
2357 	}
2358 #ifdef SD_FAULT_INJECTION
2359 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2360 	if (un->sd_injection_mask & component) {
2361 		mutex_enter(&sd_log_mutex);
2362 		va_start(ap, fmt);
2363 		(void) vsprintf(sd_log_buf, fmt, ap);
2364 		va_end(ap);
2365 		sd_injection_log(sd_log_buf, un);
2366 		mutex_exit(&sd_log_mutex);
2367 	}
2368 #endif
2369 }
2370 
2371 
2372 /*
2373  *    Function: sd_log_trace
2374  *
2375  * Description: This routine is called by the SD_TRACE macro for debug
2376  *		logging of trace conditions (i.e. function entry/exit).
2377  *
2378  *   Arguments: comp - driver component being logged
2379  *		dev  - pointer to driver info structure
2380  *		fmt  - trace string and format to be logged
2381  */
2382 
2383 static void
2384 sd_log_trace(uint_t component, struct sd_lun *un, const char *fmt, ...)
2385 {
2386 	va_list		ap;
2387 	dev_info_t	*dev;
2388 
2389 	ASSERT(un != NULL);
2390 	dev = SD_DEVINFO(un);
2391 	ASSERT(dev != NULL);
2392 
2393 	/*
2394 	 * Filter messages based on the global component and level masks.
2395 	 * Also print if un matches the value of sd_debug_un, or if
2396 	 * sd_debug_un is set to NULL.
2397 	 */
2398 	if ((sd_component_mask & component) &&
2399 	    (sd_level_mask & SD_LOGMASK_TRACE) &&
2400 	    ((sd_debug_un == NULL) || (sd_debug_un == un))) {
2401 		mutex_enter(&sd_log_mutex);
2402 		va_start(ap, fmt);
2403 		(void) vsprintf(sd_log_buf, fmt, ap);
2404 		va_end(ap);
2405 		scsi_log(dev, sd_label, CE_CONT, "%s", sd_log_buf);
2406 		mutex_exit(&sd_log_mutex);
2407 	}
2408 #ifdef SD_FAULT_INJECTION
2409 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::sd_injection_mask));
2410 	if (un->sd_injection_mask & component) {
2411 		mutex_enter(&sd_log_mutex);
2412 		va_start(ap, fmt);
2413 		(void) vsprintf(sd_log_buf, fmt, ap);
2414 		va_end(ap);
2415 		sd_injection_log(sd_log_buf, un);
2416 		mutex_exit(&sd_log_mutex);
2417 	}
2418 #endif
2419 }
2420 
2421 
2422 /*
2423  *    Function: sdprobe
2424  *
2425  * Description: This is the driver probe(9e) entry point function.
2426  *
2427  *   Arguments: devi - opaque device info handle
2428  *
2429  * Return Code: DDI_PROBE_SUCCESS: If the probe was successful.
2430  *              DDI_PROBE_FAILURE: If the probe failed.
2431  *              DDI_PROBE_PARTIAL: If the instance is not present now,
2432  *				   but may be present in the future.
2433  */
2434 
2435 static int
2436 sdprobe(dev_info_t *devi)
2437 {
2438 	struct scsi_device	*devp;
2439 	int			rval;
2440 	int			instance;
2441 
2442 	/*
2443 	 * if it wasn't for pln, sdprobe could actually be nulldev
2444 	 * in the "__fibre" case.
2445 	 */
2446 	if (ddi_dev_is_sid(devi) == DDI_SUCCESS) {
2447 		return (DDI_PROBE_DONTCARE);
2448 	}
2449 
2450 	devp = ddi_get_driver_private(devi);
2451 
2452 	if (devp == NULL) {
2453 		/* Ooops... nexus driver is mis-configured... */
2454 		return (DDI_PROBE_FAILURE);
2455 	}
2456 
2457 	instance = ddi_get_instance(devi);
2458 
2459 	if (ddi_get_soft_state(sd_state, instance) != NULL) {
2460 		return (DDI_PROBE_PARTIAL);
2461 	}
2462 
2463 	/*
2464 	 * Call the SCSA utility probe routine to see if we actually
2465 	 * have a target at this SCSI nexus.
2466 	 */
2467 	switch (sd_scsi_probe_with_cache(devp, NULL_FUNC)) {
2468 	case SCSIPROBE_EXISTS:
2469 		switch (devp->sd_inq->inq_dtype) {
2470 		case DTYPE_DIRECT:
2471 			rval = DDI_PROBE_SUCCESS;
2472 			break;
2473 		case DTYPE_RODIRECT:
2474 			/* CDs etc. Can be removable media */
2475 			rval = DDI_PROBE_SUCCESS;
2476 			break;
2477 		case DTYPE_OPTICAL:
2478 			/*
2479 			 * Rewritable optical driver HP115AA
2480 			 * Can also be removable media
2481 			 */
2482 
2483 			/*
2484 			 * Do not attempt to bind to  DTYPE_OPTICAL if
2485 			 * pre solaris 9 sparc sd behavior is required
2486 			 *
2487 			 * If first time through and sd_dtype_optical_bind
2488 			 * has not been set in /etc/system check properties
2489 			 */
2490 
2491 			if (sd_dtype_optical_bind  < 0) {
2492 			    sd_dtype_optical_bind = ddi_prop_get_int
2493 				(DDI_DEV_T_ANY,	devi,	0,
2494 				"optical-device-bind",	1);
2495 			}
2496 
2497 			if (sd_dtype_optical_bind == 0) {
2498 				rval = DDI_PROBE_FAILURE;
2499 			} else {
2500 				rval = DDI_PROBE_SUCCESS;
2501 			}
2502 			break;
2503 
2504 		case DTYPE_NOTPRESENT:
2505 		default:
2506 			rval = DDI_PROBE_FAILURE;
2507 			break;
2508 		}
2509 		break;
2510 	default:
2511 		rval = DDI_PROBE_PARTIAL;
2512 		break;
2513 	}
2514 
2515 	/*
2516 	 * This routine checks for resource allocation prior to freeing,
2517 	 * so it will take care of the "smart probing" case where a
2518 	 * scsi_probe() may or may not have been issued and will *not*
2519 	 * free previously-freed resources.
2520 	 */
2521 	scsi_unprobe(devp);
2522 	return (rval);
2523 }
2524 
2525 
2526 /*
2527  *    Function: sdinfo
2528  *
2529  * Description: This is the driver getinfo(9e) entry point function.
2530  * 		Given the device number, return the devinfo pointer from
2531  *		the scsi_device structure or the instance number
2532  *		associated with the dev_t.
2533  *
2534  *   Arguments: dip     - pointer to device info structure
2535  *		infocmd - command argument (DDI_INFO_DEVT2DEVINFO,
2536  *			  DDI_INFO_DEVT2INSTANCE)
2537  *		arg     - driver dev_t
2538  *		resultp - user buffer for request response
2539  *
2540  * Return Code: DDI_SUCCESS
2541  *              DDI_FAILURE
2542  */
2543 /* ARGSUSED */
2544 static int
2545 sdinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
2546 {
2547 	struct sd_lun	*un;
2548 	dev_t		dev;
2549 	int		instance;
2550 	int		error;
2551 
2552 	switch (infocmd) {
2553 	case DDI_INFO_DEVT2DEVINFO:
2554 		dev = (dev_t)arg;
2555 		instance = SDUNIT(dev);
2556 		if ((un = ddi_get_soft_state(sd_state, instance)) == NULL) {
2557 			return (DDI_FAILURE);
2558 		}
2559 		*result = (void *) SD_DEVINFO(un);
2560 		error = DDI_SUCCESS;
2561 		break;
2562 	case DDI_INFO_DEVT2INSTANCE:
2563 		dev = (dev_t)arg;
2564 		instance = SDUNIT(dev);
2565 		*result = (void *)(uintptr_t)instance;
2566 		error = DDI_SUCCESS;
2567 		break;
2568 	default:
2569 		error = DDI_FAILURE;
2570 	}
2571 	return (error);
2572 }
2573 
2574 /*
2575  *    Function: sd_prop_op
2576  *
2577  * Description: This is the driver prop_op(9e) entry point function.
2578  *		Return the number of blocks for the partition in question
2579  *		or forward the request to the property facilities.
2580  *
2581  *   Arguments: dev       - device number
2582  *		dip       - pointer to device info structure
2583  *		prop_op   - property operator
2584  *		mod_flags - DDI_PROP_DONTPASS, don't pass to parent
2585  *		name      - pointer to property name
2586  *		valuep    - pointer or address of the user buffer
2587  *		lengthp   - property length
2588  *
2589  * Return Code: DDI_PROP_SUCCESS
2590  *              DDI_PROP_NOT_FOUND
2591  *              DDI_PROP_UNDEFINED
2592  *              DDI_PROP_NO_MEMORY
2593  *              DDI_PROP_BUF_TOO_SMALL
2594  */
2595 
2596 static int
2597 sd_prop_op(dev_t dev, dev_info_t *dip, ddi_prop_op_t prop_op, int mod_flags,
2598 	char *name, caddr_t valuep, int *lengthp)
2599 {
2600 	int		instance = ddi_get_instance(dip);
2601 	struct sd_lun	*un;
2602 	uint64_t	nblocks64;
2603 
2604 	/*
2605 	 * Our dynamic properties are all device specific and size oriented.
2606 	 * Requests issued under conditions where size is valid are passed
2607 	 * to ddi_prop_op_nblocks with the size information, otherwise the
2608 	 * request is passed to ddi_prop_op. Size depends on valid geometry.
2609 	 */
2610 	un = ddi_get_soft_state(sd_state, instance);
2611 	if ((dev == DDI_DEV_T_ANY) || (un == NULL) ||
2612 	    (un->un_f_geometry_is_valid == FALSE)) {
2613 		return (ddi_prop_op(dev, dip, prop_op, mod_flags,
2614 		    name, valuep, lengthp));
2615 	} else {
2616 		/* get nblocks value */
2617 		ASSERT(!mutex_owned(SD_MUTEX(un)));
2618 		mutex_enter(SD_MUTEX(un));
2619 		nblocks64 = (ulong_t)un->un_map[SDPART(dev)].dkl_nblk;
2620 		mutex_exit(SD_MUTEX(un));
2621 
2622 		return (ddi_prop_op_nblocks(dev, dip, prop_op, mod_flags,
2623 		    name, valuep, lengthp, nblocks64));
2624 	}
2625 }
2626 
2627 /*
2628  * The following functions are for smart probing:
2629  * sd_scsi_probe_cache_init()
2630  * sd_scsi_probe_cache_fini()
2631  * sd_scsi_clear_probe_cache()
2632  * sd_scsi_probe_with_cache()
2633  */
2634 
2635 /*
2636  *    Function: sd_scsi_probe_cache_init
2637  *
2638  * Description: Initializes the probe response cache mutex and head pointer.
2639  *
2640  *     Context: Kernel thread context
2641  */
2642 
2643 static void
2644 sd_scsi_probe_cache_init(void)
2645 {
2646 	mutex_init(&sd_scsi_probe_cache_mutex, NULL, MUTEX_DRIVER, NULL);
2647 	sd_scsi_probe_cache_head = NULL;
2648 }
2649 
2650 
2651 /*
2652  *    Function: sd_scsi_probe_cache_fini
2653  *
2654  * Description: Frees all resources associated with the probe response cache.
2655  *
2656  *     Context: Kernel thread context
2657  */
2658 
2659 static void
2660 sd_scsi_probe_cache_fini(void)
2661 {
2662 	struct sd_scsi_probe_cache *cp;
2663 	struct sd_scsi_probe_cache *ncp;
2664 
2665 	/* Clean up our smart probing linked list */
2666 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = ncp) {
2667 		ncp = cp->next;
2668 		kmem_free(cp, sizeof (struct sd_scsi_probe_cache));
2669 	}
2670 	sd_scsi_probe_cache_head = NULL;
2671 	mutex_destroy(&sd_scsi_probe_cache_mutex);
2672 }
2673 
2674 
2675 /*
2676  *    Function: sd_scsi_clear_probe_cache
2677  *
2678  * Description: This routine clears the probe response cache. This is
2679  *		done when open() returns ENXIO so that when deferred
2680  *		attach is attempted (possibly after a device has been
2681  *		turned on) we will retry the probe. Since we don't know
2682  *		which target we failed to open, we just clear the
2683  *		entire cache.
2684  *
2685  *     Context: Kernel thread context
2686  */
2687 
2688 static void
2689 sd_scsi_clear_probe_cache(void)
2690 {
2691 	struct sd_scsi_probe_cache	*cp;
2692 	int				i;
2693 
2694 	mutex_enter(&sd_scsi_probe_cache_mutex);
2695 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = cp->next) {
2696 		/*
2697 		 * Reset all entries to SCSIPROBE_EXISTS.  This will
2698 		 * force probing to be performed the next time
2699 		 * sd_scsi_probe_with_cache is called.
2700 		 */
2701 		for (i = 0; i < NTARGETS_WIDE; i++) {
2702 			cp->cache[i] = SCSIPROBE_EXISTS;
2703 		}
2704 	}
2705 	mutex_exit(&sd_scsi_probe_cache_mutex);
2706 }
2707 
2708 
2709 /*
2710  *    Function: sd_scsi_probe_with_cache
2711  *
2712  * Description: This routine implements support for a scsi device probe
2713  *		with cache. The driver maintains a cache of the target
2714  *		responses to scsi probes. If we get no response from a
2715  *		target during a probe inquiry, we remember that, and we
2716  *		avoid additional calls to scsi_probe on non-zero LUNs
2717  *		on the same target until the cache is cleared. By doing
2718  *		so we avoid the 1/4 sec selection timeout for nonzero
2719  *		LUNs. lun0 of a target is always probed.
2720  *
2721  *   Arguments: devp     - Pointer to a scsi_device(9S) structure
2722  *              waitfunc - indicates what the allocator routines should
2723  *			   do when resources are not available. This value
2724  *			   is passed on to scsi_probe() when that routine
2725  *			   is called.
2726  *
2727  * Return Code: SCSIPROBE_NORESP if a NORESP in probe response cache;
2728  *		otherwise the value returned by scsi_probe(9F).
2729  *
2730  *     Context: Kernel thread context
2731  */
2732 
2733 static int
2734 sd_scsi_probe_with_cache(struct scsi_device *devp, int (*waitfn)())
2735 {
2736 	struct sd_scsi_probe_cache	*cp;
2737 	dev_info_t	*pdip = ddi_get_parent(devp->sd_dev);
2738 	int		lun, tgt;
2739 
2740 	lun = ddi_prop_get_int(DDI_DEV_T_ANY, devp->sd_dev, DDI_PROP_DONTPASS,
2741 	    SCSI_ADDR_PROP_LUN, 0);
2742 	tgt = ddi_prop_get_int(DDI_DEV_T_ANY, devp->sd_dev, DDI_PROP_DONTPASS,
2743 	    SCSI_ADDR_PROP_TARGET, -1);
2744 
2745 	/* Make sure caching enabled and target in range */
2746 	if ((tgt < 0) || (tgt >= NTARGETS_WIDE)) {
2747 		/* do it the old way (no cache) */
2748 		return (scsi_probe(devp, waitfn));
2749 	}
2750 
2751 	mutex_enter(&sd_scsi_probe_cache_mutex);
2752 
2753 	/* Find the cache for this scsi bus instance */
2754 	for (cp = sd_scsi_probe_cache_head; cp != NULL; cp = cp->next) {
2755 		if (cp->pdip == pdip) {
2756 			break;
2757 		}
2758 	}
2759 
2760 	/* If we can't find a cache for this pdip, create one */
2761 	if (cp == NULL) {
2762 		int i;
2763 
2764 		cp = kmem_zalloc(sizeof (struct sd_scsi_probe_cache),
2765 		    KM_SLEEP);
2766 		cp->pdip = pdip;
2767 		cp->next = sd_scsi_probe_cache_head;
2768 		sd_scsi_probe_cache_head = cp;
2769 		for (i = 0; i < NTARGETS_WIDE; i++) {
2770 			cp->cache[i] = SCSIPROBE_EXISTS;
2771 		}
2772 	}
2773 
2774 	mutex_exit(&sd_scsi_probe_cache_mutex);
2775 
2776 	/* Recompute the cache for this target if LUN zero */
2777 	if (lun == 0) {
2778 		cp->cache[tgt] = SCSIPROBE_EXISTS;
2779 	}
2780 
2781 	/* Don't probe if cache remembers a NORESP from a previous LUN. */
2782 	if (cp->cache[tgt] != SCSIPROBE_EXISTS) {
2783 		return (SCSIPROBE_NORESP);
2784 	}
2785 
2786 	/* Do the actual probe; save & return the result */
2787 	return (cp->cache[tgt] = scsi_probe(devp, waitfn));
2788 }
2789 
2790 
2791 /*
2792  *    Function: sd_spin_up_unit
2793  *
2794  * Description: Issues the following commands to spin-up the device:
2795  *		START STOP UNIT, and INQUIRY.
2796  *
2797  *   Arguments: un - driver soft state (unit) structure
2798  *
2799  * Return Code: 0 - success
2800  *		EIO - failure
2801  *		EACCES - reservation conflict
2802  *
2803  *     Context: Kernel thread context
2804  */
2805 
2806 static int
2807 sd_spin_up_unit(struct sd_lun *un)
2808 {
2809 	size_t	resid		= 0;
2810 	int	has_conflict	= FALSE;
2811 	uchar_t *bufaddr;
2812 
2813 	ASSERT(un != NULL);
2814 
2815 	/*
2816 	 * Send a throwaway START UNIT command.
2817 	 *
2818 	 * If we fail on this, we don't care presently what precisely
2819 	 * is wrong.  EMC's arrays will also fail this with a check
2820 	 * condition (0x2/0x4/0x3) if the device is "inactive," but
2821 	 * we don't want to fail the attach because it may become
2822 	 * "active" later.
2823 	 */
2824 	if (sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START, SD_PATH_DIRECT)
2825 	    == EACCES)
2826 		has_conflict = TRUE;
2827 
2828 	/*
2829 	 * Send another INQUIRY command to the target. This is necessary for
2830 	 * non-removable media direct access devices because their INQUIRY data
2831 	 * may not be fully qualified until they are spun up (perhaps via the
2832 	 * START command above).  Note: This seems to be needed for some
2833 	 * legacy devices only.) The INQUIRY command should succeed even if a
2834 	 * Reservation Conflict is present.
2835 	 */
2836 	bufaddr = kmem_zalloc(SUN_INQSIZE, KM_SLEEP);
2837 	if (sd_send_scsi_INQUIRY(un, bufaddr, SUN_INQSIZE, 0, 0, &resid) != 0) {
2838 		kmem_free(bufaddr, SUN_INQSIZE);
2839 		return (EIO);
2840 	}
2841 
2842 	/*
2843 	 * If we got enough INQUIRY data, copy it over the old INQUIRY data.
2844 	 * Note that this routine does not return a failure here even if the
2845 	 * INQUIRY command did not return any data.  This is a legacy behavior.
2846 	 */
2847 	if ((SUN_INQSIZE - resid) >= SUN_MIN_INQLEN) {
2848 		bcopy(bufaddr, SD_INQUIRY(un), SUN_INQSIZE);
2849 	}
2850 
2851 	kmem_free(bufaddr, SUN_INQSIZE);
2852 
2853 	/* If we hit a reservation conflict above, tell the caller. */
2854 	if (has_conflict == TRUE) {
2855 		return (EACCES);
2856 	}
2857 
2858 	return (0);
2859 }
2860 
2861 #ifdef _LP64
2862 /*
2863  *    Function: sd_enable_descr_sense
2864  *
2865  * Description: This routine attempts to select descriptor sense format
2866  *		using the Control mode page.  Devices that support 64 bit
2867  *		LBAs (for >2TB luns) should also implement descriptor
2868  *		sense data so we will call this function whenever we see
2869  *		a lun larger than 2TB.  If for some reason the device
2870  *		supports 64 bit LBAs but doesn't support descriptor sense
2871  *		presumably the mode select will fail.  Everything will
2872  *		continue to work normally except that we will not get
2873  *		complete sense data for commands that fail with an LBA
2874  *		larger than 32 bits.
2875  *
2876  *   Arguments: un - driver soft state (unit) structure
2877  *
2878  *     Context: Kernel thread context only
2879  */
2880 
2881 static void
2882 sd_enable_descr_sense(struct sd_lun *un)
2883 {
2884 	uchar_t			*header;
2885 	struct mode_control_scsi3 *ctrl_bufp;
2886 	size_t			buflen;
2887 	size_t			bd_len;
2888 
2889 	/*
2890 	 * Read MODE SENSE page 0xA, Control Mode Page
2891 	 */
2892 	buflen = MODE_HEADER_LENGTH + MODE_BLK_DESC_LENGTH +
2893 	    sizeof (struct mode_control_scsi3);
2894 	header = kmem_zalloc(buflen, KM_SLEEP);
2895 	if (sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
2896 	    MODEPAGE_CTRL_MODE, SD_PATH_DIRECT) != 0) {
2897 		SD_ERROR(SD_LOG_COMMON, un,
2898 		    "sd_enable_descr_sense: mode sense ctrl page failed\n");
2899 		goto eds_exit;
2900 	}
2901 
2902 	/*
2903 	 * Determine size of Block Descriptors in order to locate
2904 	 * the mode page data. ATAPI devices return 0, SCSI devices
2905 	 * should return MODE_BLK_DESC_LENGTH.
2906 	 */
2907 	bd_len  = ((struct mode_header *)header)->bdesc_length;
2908 
2909 	ctrl_bufp = (struct mode_control_scsi3 *)
2910 	    (header + MODE_HEADER_LENGTH + bd_len);
2911 
2912 	/*
2913 	 * Clear PS bit for MODE SELECT
2914 	 */
2915 	ctrl_bufp->mode_page.ps = 0;
2916 
2917 	/*
2918 	 * Set D_SENSE to enable descriptor sense format.
2919 	 */
2920 	ctrl_bufp->d_sense = 1;
2921 
2922 	/*
2923 	 * Use MODE SELECT to commit the change to the D_SENSE bit
2924 	 */
2925 	if (sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, header,
2926 	    buflen, SD_DONTSAVE_PAGE, SD_PATH_DIRECT) != 0) {
2927 		SD_INFO(SD_LOG_COMMON, un,
2928 		    "sd_enable_descr_sense: mode select ctrl page failed\n");
2929 		goto eds_exit;
2930 	}
2931 
2932 eds_exit:
2933 	kmem_free(header, buflen);
2934 }
2935 #endif /* _LP64 */
2936 
2937 
2938 /*
2939  *    Function: sd_set_mmc_caps
2940  *
2941  * Description: This routine determines if the device is MMC compliant and if
2942  *		the device supports CDDA via a mode sense of the CDVD
2943  *		capabilities mode page. Also checks if the device is a
2944  *		dvdram writable device.
2945  *
2946  *   Arguments: un - driver soft state (unit) structure
2947  *
2948  *     Context: Kernel thread context only
2949  */
2950 
2951 static void
2952 sd_set_mmc_caps(struct sd_lun *un)
2953 {
2954 	struct mode_header_grp2		*sense_mhp;
2955 	uchar_t				*sense_page;
2956 	caddr_t				buf;
2957 	int				bd_len;
2958 	int				status;
2959 	struct uscsi_cmd		com;
2960 	int				rtn;
2961 	uchar_t				*out_data_rw, *out_data_hd;
2962 	uchar_t				*rqbuf_rw, *rqbuf_hd;
2963 
2964 	ASSERT(un != NULL);
2965 
2966 	/*
2967 	 * The flags which will be set in this function are - mmc compliant,
2968 	 * dvdram writable device, cdda support. Initialize them to FALSE
2969 	 * and if a capability is detected - it will be set to TRUE.
2970 	 */
2971 	un->un_f_mmc_cap = FALSE;
2972 	un->un_f_dvdram_writable_device = FALSE;
2973 	un->un_f_cfg_cdda = FALSE;
2974 
2975 	buf = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
2976 	status = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, (uchar_t *)buf,
2977 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP, SD_PATH_DIRECT);
2978 
2979 	if (status != 0) {
2980 		/* command failed; just return */
2981 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
2982 		return;
2983 	}
2984 	/*
2985 	 * If the mode sense request for the CDROM CAPABILITIES
2986 	 * page (0x2A) succeeds the device is assumed to be MMC.
2987 	 */
2988 	un->un_f_mmc_cap = TRUE;
2989 
2990 	/* Get to the page data */
2991 	sense_mhp = (struct mode_header_grp2 *)buf;
2992 	bd_len = (sense_mhp->bdesc_length_hi << 8) |
2993 	    sense_mhp->bdesc_length_lo;
2994 	if (bd_len > MODE_BLK_DESC_LENGTH) {
2995 		/*
2996 		 * We did not get back the expected block descriptor
2997 		 * length so we cannot determine if the device supports
2998 		 * CDDA. However, we still indicate the device is MMC
2999 		 * according to the successful response to the page
3000 		 * 0x2A mode sense request.
3001 		 */
3002 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3003 		    "sd_set_mmc_caps: Mode Sense returned "
3004 		    "invalid block descriptor length\n");
3005 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3006 		return;
3007 	}
3008 
3009 	/* See if read CDDA is supported */
3010 	sense_page = (uchar_t *)(buf + MODE_HEADER_LENGTH_GRP2 +
3011 	    bd_len);
3012 	un->un_f_cfg_cdda = (sense_page[5] & 0x01) ? TRUE : FALSE;
3013 
3014 	/* See if writing DVD RAM is supported. */
3015 	un->un_f_dvdram_writable_device = (sense_page[3] & 0x20) ? TRUE : FALSE;
3016 	if (un->un_f_dvdram_writable_device == TRUE) {
3017 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3018 		return;
3019 	}
3020 
3021 	/*
3022 	 * If the device presents DVD or CD capabilities in the mode
3023 	 * page, we can return here since a RRD will not have
3024 	 * these capabilities.
3025 	 */
3026 	if ((sense_page[2] & 0x3f) || (sense_page[3] & 0x3f)) {
3027 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3028 		return;
3029 	}
3030 	kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3031 
3032 	/*
3033 	 * If un->un_f_dvdram_writable_device is still FALSE,
3034 	 * check for a Removable Rigid Disk (RRD).  A RRD
3035 	 * device is identified by the features RANDOM_WRITABLE and
3036 	 * HARDWARE_DEFECT_MANAGEMENT.
3037 	 */
3038 	out_data_rw = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3039 	rqbuf_rw = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3040 
3041 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_rw,
3042 	    SENSE_LENGTH, out_data_rw, SD_CURRENT_FEATURE_LEN,
3043 	    RANDOM_WRITABLE);
3044 	if (rtn != 0) {
3045 		kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3046 		kmem_free(rqbuf_rw, SENSE_LENGTH);
3047 		return;
3048 	}
3049 
3050 	out_data_hd = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3051 	rqbuf_hd = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3052 
3053 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_hd,
3054 	    SENSE_LENGTH, out_data_hd, SD_CURRENT_FEATURE_LEN,
3055 	    HARDWARE_DEFECT_MANAGEMENT);
3056 	if (rtn == 0) {
3057 		/*
3058 		 * We have good information, check for random writable
3059 		 * and hardware defect features.
3060 		 */
3061 		if ((out_data_rw[9] & RANDOM_WRITABLE) &&
3062 		    (out_data_hd[9] & HARDWARE_DEFECT_MANAGEMENT)) {
3063 			un->un_f_dvdram_writable_device = TRUE;
3064 		}
3065 	}
3066 
3067 	kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3068 	kmem_free(rqbuf_rw, SENSE_LENGTH);
3069 	kmem_free(out_data_hd, SD_CURRENT_FEATURE_LEN);
3070 	kmem_free(rqbuf_hd, SENSE_LENGTH);
3071 }
3072 
3073 /*
3074  *    Function: sd_check_for_writable_cd
3075  *
3076  * Description: This routine determines if the media in the device is
3077  *		writable or not. It uses the get configuration command (0x46)
3078  *		to determine if the media is writable
3079  *
3080  *   Arguments: un - driver soft state (unit) structure
3081  *
3082  *     Context: Never called at interrupt context.
3083  */
3084 
3085 static void
3086 sd_check_for_writable_cd(struct sd_lun *un)
3087 {
3088 	struct uscsi_cmd		com;
3089 	uchar_t				*out_data;
3090 	uchar_t				*rqbuf;
3091 	int				rtn;
3092 	uchar_t				*out_data_rw, *out_data_hd;
3093 	uchar_t				*rqbuf_rw, *rqbuf_hd;
3094 	struct mode_header_grp2		*sense_mhp;
3095 	uchar_t				*sense_page;
3096 	caddr_t				buf;
3097 	int				bd_len;
3098 	int				status;
3099 
3100 	ASSERT(un != NULL);
3101 	ASSERT(mutex_owned(SD_MUTEX(un)));
3102 
3103 	/*
3104 	 * Initialize the writable media to false, if configuration info.
3105 	 * tells us otherwise then only we will set it.
3106 	 */
3107 	un->un_f_mmc_writable_media = FALSE;
3108 	mutex_exit(SD_MUTEX(un));
3109 
3110 	out_data = kmem_zalloc(SD_PROFILE_HEADER_LEN, KM_SLEEP);
3111 	rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3112 
3113 	rtn = sd_send_scsi_GET_CONFIGURATION(un, &com, rqbuf, SENSE_LENGTH,
3114 	    out_data, SD_PROFILE_HEADER_LEN);
3115 
3116 	mutex_enter(SD_MUTEX(un));
3117 	if (rtn == 0) {
3118 		/*
3119 		 * We have good information, check for writable DVD.
3120 		 */
3121 		if ((out_data[6] == 0) && (out_data[7] == 0x12)) {
3122 			un->un_f_mmc_writable_media = TRUE;
3123 			kmem_free(out_data, SD_PROFILE_HEADER_LEN);
3124 			kmem_free(rqbuf, SENSE_LENGTH);
3125 			return;
3126 		}
3127 	}
3128 
3129 	kmem_free(out_data, SD_PROFILE_HEADER_LEN);
3130 	kmem_free(rqbuf, SENSE_LENGTH);
3131 
3132 	/*
3133 	 * Determine if this is a RRD type device.
3134 	 */
3135 	mutex_exit(SD_MUTEX(un));
3136 	buf = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
3137 	status = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, (uchar_t *)buf,
3138 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP, SD_PATH_DIRECT);
3139 	mutex_enter(SD_MUTEX(un));
3140 	if (status != 0) {
3141 		/* command failed; just return */
3142 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3143 		return;
3144 	}
3145 
3146 	/* Get to the page data */
3147 	sense_mhp = (struct mode_header_grp2 *)buf;
3148 	bd_len = (sense_mhp->bdesc_length_hi << 8) | sense_mhp->bdesc_length_lo;
3149 	if (bd_len > MODE_BLK_DESC_LENGTH) {
3150 		/*
3151 		 * We did not get back the expected block descriptor length so
3152 		 * we cannot check the mode page.
3153 		 */
3154 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3155 		    "sd_check_for_writable_cd: Mode Sense returned "
3156 		    "invalid block descriptor length\n");
3157 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3158 		return;
3159 	}
3160 
3161 	/*
3162 	 * If the device presents DVD or CD capabilities in the mode
3163 	 * page, we can return here since a RRD device will not have
3164 	 * these capabilities.
3165 	 */
3166 	sense_page = (uchar_t *)(buf + MODE_HEADER_LENGTH_GRP2 + bd_len);
3167 	if ((sense_page[2] & 0x3f) || (sense_page[3] & 0x3f)) {
3168 		kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3169 		return;
3170 	}
3171 	kmem_free(buf, BUFLEN_MODE_CDROM_CAP);
3172 
3173 	/*
3174 	 * If un->un_f_mmc_writable_media is still FALSE,
3175 	 * check for RRD type media.  A RRD device is identified
3176 	 * by the features RANDOM_WRITABLE and HARDWARE_DEFECT_MANAGEMENT.
3177 	 */
3178 	mutex_exit(SD_MUTEX(un));
3179 	out_data_rw = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3180 	rqbuf_rw = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3181 
3182 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_rw,
3183 	    SENSE_LENGTH, out_data_rw, SD_CURRENT_FEATURE_LEN,
3184 	    RANDOM_WRITABLE);
3185 	if (rtn != 0) {
3186 		kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3187 		kmem_free(rqbuf_rw, SENSE_LENGTH);
3188 		mutex_enter(SD_MUTEX(un));
3189 		return;
3190 	}
3191 
3192 	out_data_hd = kmem_zalloc(SD_CURRENT_FEATURE_LEN, KM_SLEEP);
3193 	rqbuf_hd = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
3194 
3195 	rtn = sd_send_scsi_feature_GET_CONFIGURATION(un, &com, rqbuf_hd,
3196 	    SENSE_LENGTH, out_data_hd, SD_CURRENT_FEATURE_LEN,
3197 	    HARDWARE_DEFECT_MANAGEMENT);
3198 	mutex_enter(SD_MUTEX(un));
3199 	if (rtn == 0) {
3200 		/*
3201 		 * We have good information, check for random writable
3202 		 * and hardware defect features as current.
3203 		 */
3204 		if ((out_data_rw[9] & RANDOM_WRITABLE) &&
3205 		    (out_data_rw[10] & 0x1) &&
3206 		    (out_data_hd[9] & HARDWARE_DEFECT_MANAGEMENT) &&
3207 		    (out_data_hd[10] & 0x1)) {
3208 			un->un_f_mmc_writable_media = TRUE;
3209 		}
3210 	}
3211 
3212 	kmem_free(out_data_rw, SD_CURRENT_FEATURE_LEN);
3213 	kmem_free(rqbuf_rw, SENSE_LENGTH);
3214 	kmem_free(out_data_hd, SD_CURRENT_FEATURE_LEN);
3215 	kmem_free(rqbuf_hd, SENSE_LENGTH);
3216 }
3217 
3218 /*
3219  *    Function: sd_read_unit_properties
3220  *
3221  * Description: The following implements a property lookup mechanism.
3222  *		Properties for particular disks (keyed on vendor, model
3223  *		and rev numbers) are sought in the sd.conf file via
3224  *		sd_process_sdconf_file(), and if not found there, are
3225  *		looked for in a list hardcoded in this driver via
3226  *		sd_process_sdconf_table() Once located the properties
3227  *		are used to update the driver unit structure.
3228  *
3229  *   Arguments: un - driver soft state (unit) structure
3230  */
3231 
3232 static void
3233 sd_read_unit_properties(struct sd_lun *un)
3234 {
3235 	/*
3236 	 * sd_process_sdconf_file returns SD_FAILURE if it cannot find
3237 	 * the "sd-config-list" property (from the sd.conf file) or if
3238 	 * there was not a match for the inquiry vid/pid. If this event
3239 	 * occurs the static driver configuration table is searched for
3240 	 * a match.
3241 	 */
3242 	ASSERT(un != NULL);
3243 	if (sd_process_sdconf_file(un) == SD_FAILURE) {
3244 		sd_process_sdconf_table(un);
3245 	}
3246 
3247 	/* check for LSI device */
3248 	sd_is_lsi(un);
3249 
3250 	/*
3251 	 * Set this in sd.conf to 0 in order to disable kstats.  The default
3252 	 * is 1, so they are enabled by default.
3253 	 */
3254 	un->un_f_pkstats_enabled = (ddi_prop_get_int(DDI_DEV_T_ANY,
3255 	    SD_DEVINFO(un), DDI_PROP_DONTPASS, "enable-partition-kstats", 1));
3256 }
3257 
3258 
3259 /*
3260  *    Function: sd_process_sdconf_file
3261  *
3262  * Description: Use ddi_getlongprop to obtain the properties from the
3263  *		driver's config file (ie, sd.conf) and update the driver
3264  *		soft state structure accordingly.
3265  *
3266  *   Arguments: un - driver soft state (unit) structure
3267  *
3268  * Return Code: SD_SUCCESS - The properties were successfully set according
3269  *			     to the driver configuration file.
3270  *		SD_FAILURE - The driver config list was not obtained or
3271  *			     there was no vid/pid match. This indicates that
3272  *			     the static config table should be used.
3273  *
3274  * The config file has a property, "sd-config-list", which consists of
3275  * one or more duplets as follows:
3276  *
3277  *  sd-config-list=
3278  *	<duplet>,
3279  *	[<duplet>,]
3280  *	[<duplet>];
3281  *
3282  * The structure of each duplet is as follows:
3283  *
3284  *  <duplet>:= <vid+pid>,<data-property-name_list>
3285  *
3286  * The first entry of the duplet is the device ID string (the concatenated
3287  * vid & pid; not to be confused with a device_id).  This is defined in
3288  * the same way as in the sd_disk_table.
3289  *
3290  * The second part of the duplet is a string that identifies a
3291  * data-property-name-list. The data-property-name-list is defined as
3292  * follows:
3293  *
3294  *  <data-property-name-list>:=<data-property-name> [<data-property-name>]
3295  *
3296  * The syntax of <data-property-name> depends on the <version> field.
3297  *
3298  * If version = SD_CONF_VERSION_1 we have the following syntax:
3299  *
3300  * 	<data-property-name>:=<version>,<flags>,<prop0>,<prop1>,.....<propN>
3301  *
3302  * where the prop0 value will be used to set prop0 if bit0 set in the
3303  * flags, prop1 if bit1 set, etc. and N = SD_CONF_MAX_ITEMS -1
3304  *
3305  */
3306 
3307 static int
3308 sd_process_sdconf_file(struct sd_lun *un)
3309 {
3310 	char	*config_list = NULL;
3311 	int	config_list_len;
3312 	int	len;
3313 	int	dupletlen = 0;
3314 	char	*vidptr;
3315 	int	vidlen;
3316 	char	*dnlist_ptr;
3317 	char	*dataname_ptr;
3318 	int	dnlist_len;
3319 	int	dataname_len;
3320 	int	*data_list;
3321 	int	data_list_len;
3322 	int	rval = SD_FAILURE;
3323 	int	i;
3324 
3325 	ASSERT(un != NULL);
3326 
3327 	/* Obtain the configuration list associated with the .conf file */
3328 	if (ddi_getlongprop(DDI_DEV_T_ANY, SD_DEVINFO(un), DDI_PROP_DONTPASS,
3329 	    sd_config_list, (caddr_t)&config_list, &config_list_len)
3330 	    != DDI_PROP_SUCCESS) {
3331 		return (SD_FAILURE);
3332 	}
3333 
3334 	/*
3335 	 * Compare vids in each duplet to the inquiry vid - if a match is
3336 	 * made, get the data value and update the soft state structure
3337 	 * accordingly.
3338 	 *
3339 	 * Note: This algorithm is complex and difficult to maintain. It should
3340 	 * be replaced with a more robust implementation.
3341 	 */
3342 	for (len = config_list_len, vidptr = config_list; len > 0;
3343 	    vidptr += dupletlen, len -= dupletlen) {
3344 		/*
3345 		 * Note: The assumption here is that each vid entry is on
3346 		 * a unique line from its associated duplet.
3347 		 */
3348 		vidlen = dupletlen = (int)strlen(vidptr);
3349 		if ((vidlen == 0) ||
3350 		    (sd_sdconf_id_match(un, vidptr, vidlen) != SD_SUCCESS)) {
3351 			dupletlen++;
3352 			continue;
3353 		}
3354 
3355 		/*
3356 		 * dnlist contains 1 or more blank separated
3357 		 * data-property-name entries
3358 		 */
3359 		dnlist_ptr = vidptr + vidlen + 1;
3360 		dnlist_len = (int)strlen(dnlist_ptr);
3361 		dupletlen += dnlist_len + 2;
3362 
3363 		/*
3364 		 * Set a pointer for the first data-property-name
3365 		 * entry in the list
3366 		 */
3367 		dataname_ptr = dnlist_ptr;
3368 		dataname_len = 0;
3369 
3370 		/*
3371 		 * Loop through all data-property-name entries in the
3372 		 * data-property-name-list setting the properties for each.
3373 		 */
3374 		while (dataname_len < dnlist_len) {
3375 			int version;
3376 
3377 			/*
3378 			 * Determine the length of the current
3379 			 * data-property-name entry by indexing until a
3380 			 * blank or NULL is encountered. When the space is
3381 			 * encountered reset it to a NULL for compliance
3382 			 * with ddi_getlongprop().
3383 			 */
3384 			for (i = 0; ((dataname_ptr[i] != ' ') &&
3385 			    (dataname_ptr[i] != '\0')); i++) {
3386 				;
3387 			}
3388 
3389 			dataname_len += i;
3390 			/* If not null terminated, Make it so */
3391 			if (dataname_ptr[i] == ' ') {
3392 				dataname_ptr[i] = '\0';
3393 			}
3394 			dataname_len++;
3395 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3396 			    "sd_process_sdconf_file: disk:%s, data:%s\n",
3397 			    vidptr, dataname_ptr);
3398 
3399 			/* Get the data list */
3400 			if (ddi_getlongprop(DDI_DEV_T_ANY, SD_DEVINFO(un), 0,
3401 			    dataname_ptr, (caddr_t)&data_list, &data_list_len)
3402 			    != DDI_PROP_SUCCESS) {
3403 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
3404 				    "sd_process_sdconf_file: data property (%s)"
3405 				    " has no value\n", dataname_ptr);
3406 				dataname_ptr = dnlist_ptr + dataname_len;
3407 				continue;
3408 			}
3409 
3410 			version = data_list[0];
3411 
3412 			if (version == SD_CONF_VERSION_1) {
3413 				sd_tunables values;
3414 
3415 				/* Set the properties */
3416 				if (sd_chk_vers1_data(un, data_list[1],
3417 				    &data_list[2], data_list_len, dataname_ptr)
3418 				    == SD_SUCCESS) {
3419 					sd_get_tunables_from_conf(un,
3420 					    data_list[1], &data_list[2],
3421 					    &values);
3422 					sd_set_vers1_properties(un,
3423 					    data_list[1], &values);
3424 					rval = SD_SUCCESS;
3425 				} else {
3426 					rval = SD_FAILURE;
3427 				}
3428 			} else {
3429 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3430 				    "data property %s version 0x%x is invalid.",
3431 				    dataname_ptr, version);
3432 				rval = SD_FAILURE;
3433 			}
3434 			kmem_free(data_list, data_list_len);
3435 			dataname_ptr = dnlist_ptr + dataname_len;
3436 		}
3437 	}
3438 
3439 	/* free up the memory allocated by ddi_getlongprop */
3440 	if (config_list) {
3441 		kmem_free(config_list, config_list_len);
3442 	}
3443 
3444 	return (rval);
3445 }
3446 
3447 /*
3448  *    Function: sd_get_tunables_from_conf()
3449  *
3450  *
3451  *    This function reads the data list from the sd.conf file and pulls
3452  *    the values that can have numeric values as arguments and places
3453  *    the values in the apropriate sd_tunables member.
3454  *    Since the order of the data list members varies across platforms
3455  *    This function reads them from the data list in a platform specific
3456  *    order and places them into the correct sd_tunable member that is
3457  *    a consistant across all platforms.
3458  */
3459 static void
3460 sd_get_tunables_from_conf(struct sd_lun *un, int flags, int *data_list,
3461     sd_tunables *values)
3462 {
3463 	int i;
3464 	int mask;
3465 
3466 	bzero(values, sizeof (sd_tunables));
3467 
3468 	for (i = 0; i < SD_CONF_MAX_ITEMS; i++) {
3469 
3470 		mask = 1 << i;
3471 		if (mask > flags) {
3472 			break;
3473 		}
3474 
3475 		switch (mask & flags) {
3476 		case 0:	/* This mask bit not set in flags */
3477 			continue;
3478 		case SD_CONF_BSET_THROTTLE:
3479 			values->sdt_throttle = data_list[i];
3480 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3481 			    "sd_get_tunables_from_conf: throttle = %d\n",
3482 			    values->sdt_throttle);
3483 			break;
3484 		case SD_CONF_BSET_CTYPE:
3485 			values->sdt_ctype = data_list[i];
3486 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3487 			    "sd_get_tunables_from_conf: ctype = %d\n",
3488 			    values->sdt_ctype);
3489 			break;
3490 		case SD_CONF_BSET_NRR_COUNT:
3491 			values->sdt_not_rdy_retries = data_list[i];
3492 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3493 			    "sd_get_tunables_from_conf: not_rdy_retries = %d\n",
3494 			    values->sdt_not_rdy_retries);
3495 			break;
3496 		case SD_CONF_BSET_BSY_RETRY_COUNT:
3497 			values->sdt_busy_retries = data_list[i];
3498 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3499 			    "sd_get_tunables_from_conf: busy_retries = %d\n",
3500 			    values->sdt_busy_retries);
3501 			break;
3502 		case SD_CONF_BSET_RST_RETRIES:
3503 			values->sdt_reset_retries = data_list[i];
3504 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3505 			    "sd_get_tunables_from_conf: reset_retries = %d\n",
3506 			    values->sdt_reset_retries);
3507 			break;
3508 		case SD_CONF_BSET_RSV_REL_TIME:
3509 			values->sdt_reserv_rel_time = data_list[i];
3510 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3511 			    "sd_get_tunables_from_conf: reserv_rel_time = %d\n",
3512 			    values->sdt_reserv_rel_time);
3513 			break;
3514 		case SD_CONF_BSET_MIN_THROTTLE:
3515 			values->sdt_min_throttle = data_list[i];
3516 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3517 			    "sd_get_tunables_from_conf: min_throttle = %d\n",
3518 			    values->sdt_min_throttle);
3519 			break;
3520 		case SD_CONF_BSET_DISKSORT_DISABLED:
3521 			values->sdt_disk_sort_dis = data_list[i];
3522 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3523 			    "sd_get_tunables_from_conf: disk_sort_dis = %d\n",
3524 			    values->sdt_disk_sort_dis);
3525 			break;
3526 		case SD_CONF_BSET_LUN_RESET_ENABLED:
3527 			values->sdt_lun_reset_enable = data_list[i];
3528 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3529 			    "sd_get_tunables_from_conf: lun_reset_enable = %d"
3530 			    "\n", values->sdt_lun_reset_enable);
3531 			break;
3532 		}
3533 	}
3534 }
3535 
3536 /*
3537  *    Function: sd_process_sdconf_table
3538  *
3539  * Description: Search the static configuration table for a match on the
3540  *		inquiry vid/pid and update the driver soft state structure
3541  *		according to the table property values for the device.
3542  *
3543  *		The form of a configuration table entry is:
3544  *		  <vid+pid>,<flags>,<property-data>
3545  *		  "SEAGATE ST42400N",1,63,0,0			(Fibre)
3546  *		  "SEAGATE ST42400N",1,63,0,0,0,0		(Sparc)
3547  *		  "SEAGATE ST42400N",1,63,0,0,0,0,0,0,0,0,0,0	(Intel)
3548  *
3549  *   Arguments: un - driver soft state (unit) structure
3550  */
3551 
3552 static void
3553 sd_process_sdconf_table(struct sd_lun *un)
3554 {
3555 	char	*id = NULL;
3556 	int	table_index;
3557 	int	idlen;
3558 
3559 	ASSERT(un != NULL);
3560 	for (table_index = 0; table_index < sd_disk_table_size;
3561 	    table_index++) {
3562 		id = sd_disk_table[table_index].device_id;
3563 		idlen = strlen(id);
3564 		if (idlen == 0) {
3565 			continue;
3566 		}
3567 
3568 		/*
3569 		 * The static configuration table currently does not
3570 		 * implement version 10 properties. Additionally,
3571 		 * multiple data-property-name entries are not
3572 		 * implemented in the static configuration table.
3573 		 */
3574 		if (sd_sdconf_id_match(un, id, idlen) == SD_SUCCESS) {
3575 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3576 			    "sd_process_sdconf_table: disk %s\n", id);
3577 			sd_set_vers1_properties(un,
3578 			    sd_disk_table[table_index].flags,
3579 			    sd_disk_table[table_index].properties);
3580 			break;
3581 		}
3582 	}
3583 }
3584 
3585 
3586 /*
3587  *    Function: sd_sdconf_id_match
3588  *
3589  * Description: This local function implements a case sensitive vid/pid
3590  *		comparison as well as the boundary cases of wild card and
3591  *		multiple blanks.
3592  *
3593  *		Note: An implicit assumption made here is that the scsi
3594  *		inquiry structure will always keep the vid, pid and
3595  *		revision strings in consecutive sequence, so they can be
3596  *		read as a single string. If this assumption is not the
3597  *		case, a separate string, to be used for the check, needs
3598  *		to be built with these strings concatenated.
3599  *
3600  *   Arguments: un - driver soft state (unit) structure
3601  *		id - table or config file vid/pid
3602  *		idlen  - length of the vid/pid (bytes)
3603  *
3604  * Return Code: SD_SUCCESS - Indicates a match with the inquiry vid/pid
3605  *		SD_FAILURE - Indicates no match with the inquiry vid/pid
3606  */
3607 
3608 static int
3609 sd_sdconf_id_match(struct sd_lun *un, char *id, int idlen)
3610 {
3611 	struct scsi_inquiry	*sd_inq;
3612 	int 			rval = SD_SUCCESS;
3613 
3614 	ASSERT(un != NULL);
3615 	sd_inq = un->un_sd->sd_inq;
3616 	ASSERT(id != NULL);
3617 
3618 	/*
3619 	 * We use the inq_vid as a pointer to a buffer containing the
3620 	 * vid and pid and use the entire vid/pid length of the table
3621 	 * entry for the comparison. This works because the inq_pid
3622 	 * data member follows inq_vid in the scsi_inquiry structure.
3623 	 */
3624 	if (strncasecmp(sd_inq->inq_vid, id, idlen) != 0) {
3625 		/*
3626 		 * The user id string is compared to the inquiry vid/pid
3627 		 * using a case insensitive comparison and ignoring
3628 		 * multiple spaces.
3629 		 */
3630 		rval = sd_blank_cmp(un, id, idlen);
3631 		if (rval != SD_SUCCESS) {
3632 			/*
3633 			 * User id strings that start and end with a "*"
3634 			 * are a special case. These do not have a
3635 			 * specific vendor, and the product string can
3636 			 * appear anywhere in the 16 byte PID portion of
3637 			 * the inquiry data. This is a simple strstr()
3638 			 * type search for the user id in the inquiry data.
3639 			 */
3640 			if ((id[0] == '*') && (id[idlen - 1] == '*')) {
3641 				char	*pidptr = &id[1];
3642 				int	i;
3643 				int	j;
3644 				int	pidstrlen = idlen - 2;
3645 				j = sizeof (SD_INQUIRY(un)->inq_pid) -
3646 				    pidstrlen;
3647 
3648 				if (j < 0) {
3649 					return (SD_FAILURE);
3650 				}
3651 				for (i = 0; i < j; i++) {
3652 					if (bcmp(&SD_INQUIRY(un)->inq_pid[i],
3653 					    pidptr, pidstrlen) == 0) {
3654 						rval = SD_SUCCESS;
3655 						break;
3656 					}
3657 				}
3658 			}
3659 		}
3660 	}
3661 	return (rval);
3662 }
3663 
3664 
3665 /*
3666  *    Function: sd_blank_cmp
3667  *
3668  * Description: If the id string starts and ends with a space, treat
3669  *		multiple consecutive spaces as equivalent to a single
3670  *		space. For example, this causes a sd_disk_table entry
3671  *		of " NEC CDROM " to match a device's id string of
3672  *		"NEC       CDROM".
3673  *
3674  *		Note: The success exit condition for this routine is if
3675  *		the pointer to the table entry is '\0' and the cnt of
3676  *		the inquiry length is zero. This will happen if the inquiry
3677  *		string returned by the device is padded with spaces to be
3678  *		exactly 24 bytes in length (8 byte vid + 16 byte pid). The
3679  *		SCSI spec states that the inquiry string is to be padded with
3680  *		spaces.
3681  *
3682  *   Arguments: un - driver soft state (unit) structure
3683  *		id - table or config file vid/pid
3684  *		idlen  - length of the vid/pid (bytes)
3685  *
3686  * Return Code: SD_SUCCESS - Indicates a match with the inquiry vid/pid
3687  *		SD_FAILURE - Indicates no match with the inquiry vid/pid
3688  */
3689 
3690 static int
3691 sd_blank_cmp(struct sd_lun *un, char *id, int idlen)
3692 {
3693 	char		*p1;
3694 	char		*p2;
3695 	int		cnt;
3696 	cnt = sizeof (SD_INQUIRY(un)->inq_vid) +
3697 	    sizeof (SD_INQUIRY(un)->inq_pid);
3698 
3699 	ASSERT(un != NULL);
3700 	p2 = un->un_sd->sd_inq->inq_vid;
3701 	ASSERT(id != NULL);
3702 	p1 = id;
3703 
3704 	if ((id[0] == ' ') && (id[idlen - 1] == ' ')) {
3705 		/*
3706 		 * Note: string p1 is terminated by a NUL but string p2
3707 		 * isn't.  The end of p2 is determined by cnt.
3708 		 */
3709 		for (;;) {
3710 			/* skip over any extra blanks in both strings */
3711 			while ((*p1 != '\0') && (*p1 == ' ')) {
3712 				p1++;
3713 			}
3714 			while ((cnt != 0) && (*p2 == ' ')) {
3715 				p2++;
3716 				cnt--;
3717 			}
3718 
3719 			/* compare the two strings */
3720 			if ((cnt == 0) ||
3721 			    (SD_TOUPPER(*p1) != SD_TOUPPER(*p2))) {
3722 				break;
3723 			}
3724 			while ((cnt > 0) &&
3725 			    (SD_TOUPPER(*p1) == SD_TOUPPER(*p2))) {
3726 				p1++;
3727 				p2++;
3728 				cnt--;
3729 			}
3730 		}
3731 	}
3732 
3733 	/* return SD_SUCCESS if both strings match */
3734 	return (((*p1 == '\0') && (cnt == 0)) ? SD_SUCCESS : SD_FAILURE);
3735 }
3736 
3737 
3738 /*
3739  *    Function: sd_chk_vers1_data
3740  *
3741  * Description: Verify the version 1 device properties provided by the
3742  *		user via the configuration file
3743  *
3744  *   Arguments: un	     - driver soft state (unit) structure
3745  *		flags	     - integer mask indicating properties to be set
3746  *		prop_list    - integer list of property values
3747  *		list_len     - length of user provided data
3748  *
3749  * Return Code: SD_SUCCESS - Indicates the user provided data is valid
3750  *		SD_FAILURE - Indicates the user provided data is invalid
3751  */
3752 
3753 static int
3754 sd_chk_vers1_data(struct sd_lun *un, int flags, int *prop_list,
3755     int list_len, char *dataname_ptr)
3756 {
3757 	int i;
3758 	int mask = 1;
3759 	int index = 0;
3760 
3761 	ASSERT(un != NULL);
3762 
3763 	/* Check for a NULL property name and list */
3764 	if (dataname_ptr == NULL) {
3765 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3766 		    "sd_chk_vers1_data: NULL data property name.");
3767 		return (SD_FAILURE);
3768 	}
3769 	if (prop_list == NULL) {
3770 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3771 		    "sd_chk_vers1_data: %s NULL data property list.",
3772 		    dataname_ptr);
3773 		return (SD_FAILURE);
3774 	}
3775 
3776 	/* Display a warning if undefined bits are set in the flags */
3777 	if (flags & ~SD_CONF_BIT_MASK) {
3778 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3779 		    "sd_chk_vers1_data: invalid bits 0x%x in data list %s. "
3780 		    "Properties not set.",
3781 		    (flags & ~SD_CONF_BIT_MASK), dataname_ptr);
3782 		return (SD_FAILURE);
3783 	}
3784 
3785 	/*
3786 	 * Verify the length of the list by identifying the highest bit set
3787 	 * in the flags and validating that the property list has a length
3788 	 * up to the index of this bit.
3789 	 */
3790 	for (i = 0; i < SD_CONF_MAX_ITEMS; i++) {
3791 		if (flags & mask) {
3792 			index++;
3793 		}
3794 		mask = 1 << i;
3795 	}
3796 	if ((list_len / sizeof (int)) < (index + 2)) {
3797 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3798 		    "sd_chk_vers1_data: "
3799 		    "Data property list %s size is incorrect. "
3800 		    "Properties not set.", dataname_ptr);
3801 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT, "Size expected: "
3802 		    "version + 1 flagword + %d properties", SD_CONF_MAX_ITEMS);
3803 		return (SD_FAILURE);
3804 	}
3805 	return (SD_SUCCESS);
3806 }
3807 
3808 
3809 /*
3810  *    Function: sd_set_vers1_properties
3811  *
3812  * Description: Set version 1 device properties based on a property list
3813  *		retrieved from the driver configuration file or static
3814  *		configuration table. Version 1 properties have the format:
3815  *
3816  * 	<data-property-name>:=<version>,<flags>,<prop0>,<prop1>,.....<propN>
3817  *
3818  *		where the prop0 value will be used to set prop0 if bit0
3819  *		is set in the flags
3820  *
3821  *   Arguments: un	     - driver soft state (unit) structure
3822  *		flags	     - integer mask indicating properties to be set
3823  *		prop_list    - integer list of property values
3824  */
3825 
3826 static void
3827 sd_set_vers1_properties(struct sd_lun *un, int flags, sd_tunables *prop_list)
3828 {
3829 	ASSERT(un != NULL);
3830 
3831 	/*
3832 	 * Set the flag to indicate cache is to be disabled. An attempt
3833 	 * to disable the cache via sd_disable_caching() will be made
3834 	 * later during attach once the basic initialization is complete.
3835 	 */
3836 	if (flags & SD_CONF_BSET_NOCACHE) {
3837 		un->un_f_opt_disable_cache = TRUE;
3838 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3839 		    "sd_set_vers1_properties: caching disabled flag set\n");
3840 	}
3841 
3842 	/* CD-specific configuration parameters */
3843 	if (flags & SD_CONF_BSET_PLAYMSF_BCD) {
3844 		un->un_f_cfg_playmsf_bcd = TRUE;
3845 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3846 		    "sd_set_vers1_properties: playmsf_bcd set\n");
3847 	}
3848 	if (flags & SD_CONF_BSET_READSUB_BCD) {
3849 		un->un_f_cfg_readsub_bcd = TRUE;
3850 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3851 		    "sd_set_vers1_properties: readsub_bcd set\n");
3852 	}
3853 	if (flags & SD_CONF_BSET_READ_TOC_TRK_BCD) {
3854 		un->un_f_cfg_read_toc_trk_bcd = TRUE;
3855 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3856 		    "sd_set_vers1_properties: read_toc_trk_bcd set\n");
3857 	}
3858 	if (flags & SD_CONF_BSET_READ_TOC_ADDR_BCD) {
3859 		un->un_f_cfg_read_toc_addr_bcd = TRUE;
3860 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3861 		    "sd_set_vers1_properties: read_toc_addr_bcd set\n");
3862 	}
3863 	if (flags & SD_CONF_BSET_NO_READ_HEADER) {
3864 		un->un_f_cfg_no_read_header = TRUE;
3865 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3866 			    "sd_set_vers1_properties: no_read_header set\n");
3867 	}
3868 	if (flags & SD_CONF_BSET_READ_CD_XD4) {
3869 		un->un_f_cfg_read_cd_xd4 = TRUE;
3870 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3871 		    "sd_set_vers1_properties: read_cd_xd4 set\n");
3872 	}
3873 
3874 	/* Support for devices which do not have valid/unique serial numbers */
3875 	if (flags & SD_CONF_BSET_FAB_DEVID) {
3876 		un->un_f_opt_fab_devid = TRUE;
3877 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3878 		    "sd_set_vers1_properties: fab_devid bit set\n");
3879 	}
3880 
3881 	/* Support for user throttle configuration */
3882 	if (flags & SD_CONF_BSET_THROTTLE) {
3883 		ASSERT(prop_list != NULL);
3884 		un->un_saved_throttle = un->un_throttle =
3885 		    prop_list->sdt_throttle;
3886 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3887 		    "sd_set_vers1_properties: throttle set to %d\n",
3888 		    prop_list->sdt_throttle);
3889 	}
3890 
3891 	/* Set the per disk retry count according to the conf file or table. */
3892 	if (flags & SD_CONF_BSET_NRR_COUNT) {
3893 		ASSERT(prop_list != NULL);
3894 		if (prop_list->sdt_not_rdy_retries) {
3895 			un->un_notready_retry_count =
3896 				prop_list->sdt_not_rdy_retries;
3897 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3898 			    "sd_set_vers1_properties: not ready retry count"
3899 			    " set to %d\n", un->un_notready_retry_count);
3900 		}
3901 	}
3902 
3903 	/* The controller type is reported for generic disk driver ioctls */
3904 	if (flags & SD_CONF_BSET_CTYPE) {
3905 		ASSERT(prop_list != NULL);
3906 		switch (prop_list->sdt_ctype) {
3907 		case CTYPE_CDROM:
3908 			un->un_ctype = prop_list->sdt_ctype;
3909 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3910 			    "sd_set_vers1_properties: ctype set to "
3911 			    "CTYPE_CDROM\n");
3912 			break;
3913 		case CTYPE_CCS:
3914 			un->un_ctype = prop_list->sdt_ctype;
3915 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3916 				"sd_set_vers1_properties: ctype set to "
3917 				"CTYPE_CCS\n");
3918 			break;
3919 		case CTYPE_ROD:		/* RW optical */
3920 			un->un_ctype = prop_list->sdt_ctype;
3921 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
3922 			    "sd_set_vers1_properties: ctype set to "
3923 			    "CTYPE_ROD\n");
3924 			break;
3925 		default:
3926 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
3927 			    "sd_set_vers1_properties: Could not set "
3928 			    "invalid ctype value (%d)",
3929 			    prop_list->sdt_ctype);
3930 		}
3931 	}
3932 
3933 	/* Purple failover timeout */
3934 	if (flags & SD_CONF_BSET_BSY_RETRY_COUNT) {
3935 		ASSERT(prop_list != NULL);
3936 		un->un_busy_retry_count =
3937 			prop_list->sdt_busy_retries;
3938 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3939 		    "sd_set_vers1_properties: "
3940 		    "busy retry count set to %d\n",
3941 		    un->un_busy_retry_count);
3942 	}
3943 
3944 	/* Purple reset retry count */
3945 	if (flags & SD_CONF_BSET_RST_RETRIES) {
3946 		ASSERT(prop_list != NULL);
3947 		un->un_reset_retry_count =
3948 			prop_list->sdt_reset_retries;
3949 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3950 		    "sd_set_vers1_properties: "
3951 		    "reset retry count set to %d\n",
3952 		    un->un_reset_retry_count);
3953 	}
3954 
3955 	/* Purple reservation release timeout */
3956 	if (flags & SD_CONF_BSET_RSV_REL_TIME) {
3957 		ASSERT(prop_list != NULL);
3958 		un->un_reserve_release_time =
3959 			prop_list->sdt_reserv_rel_time;
3960 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3961 		    "sd_set_vers1_properties: "
3962 		    "reservation release timeout set to %d\n",
3963 		    un->un_reserve_release_time);
3964 	}
3965 
3966 	/*
3967 	 * Driver flag telling the driver to verify that no commands are pending
3968 	 * for a device before issuing a Test Unit Ready. This is a workaround
3969 	 * for a firmware bug in some Seagate eliteI drives.
3970 	 */
3971 	if (flags & SD_CONF_BSET_TUR_CHECK) {
3972 		un->un_f_cfg_tur_check = TRUE;
3973 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3974 		    "sd_set_vers1_properties: tur queue check set\n");
3975 	}
3976 
3977 	if (flags & SD_CONF_BSET_MIN_THROTTLE) {
3978 		un->un_min_throttle = prop_list->sdt_min_throttle;
3979 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3980 		    "sd_set_vers1_properties: min throttle set to %d\n",
3981 		    un->un_min_throttle);
3982 	}
3983 
3984 	if (flags & SD_CONF_BSET_DISKSORT_DISABLED) {
3985 		un->un_f_disksort_disabled =
3986 		    (prop_list->sdt_disk_sort_dis != 0) ?
3987 		    TRUE : FALSE;
3988 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3989 		    "sd_set_vers1_properties: disksort disabled "
3990 		    "flag set to %d\n",
3991 		    prop_list->sdt_disk_sort_dis);
3992 	}
3993 
3994 	if (flags & SD_CONF_BSET_LUN_RESET_ENABLED) {
3995 		un->un_f_lun_reset_enabled =
3996 		    (prop_list->sdt_lun_reset_enable != 0) ?
3997 		    TRUE : FALSE;
3998 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
3999 		    "sd_set_vers1_properties: lun reset enabled "
4000 		    "flag set to %d\n",
4001 		    prop_list->sdt_lun_reset_enable);
4002 	}
4003 
4004 	/*
4005 	 * Validate the throttle values.
4006 	 * If any of the numbers are invalid, set everything to defaults.
4007 	 */
4008 	if ((un->un_throttle < SD_LOWEST_VALID_THROTTLE) ||
4009 	    (un->un_min_throttle < SD_LOWEST_VALID_THROTTLE) ||
4010 	    (un->un_min_throttle > un->un_throttle)) {
4011 		un->un_saved_throttle = un->un_throttle = sd_max_throttle;
4012 		un->un_min_throttle = sd_min_throttle;
4013 	}
4014 }
4015 
4016 /*
4017  *   Function: sd_is_lsi()
4018  *
4019  *   Description: Check for lsi devices, step throught the static device
4020  *	table to match vid/pid.
4021  *
4022  *   Args: un - ptr to sd_lun
4023  *
4024  *   Notes:  When creating new LSI property, need to add the new LSI property
4025  *		to this function.
4026  */
4027 static void
4028 sd_is_lsi(struct sd_lun *un)
4029 {
4030 	char	*id = NULL;
4031 	int	table_index;
4032 	int	idlen;
4033 	void	*prop;
4034 
4035 	ASSERT(un != NULL);
4036 	for (table_index = 0; table_index < sd_disk_table_size;
4037 	    table_index++) {
4038 		id = sd_disk_table[table_index].device_id;
4039 		idlen = strlen(id);
4040 		if (idlen == 0) {
4041 			continue;
4042 		}
4043 
4044 		if (sd_sdconf_id_match(un, id, idlen) == SD_SUCCESS) {
4045 			prop = sd_disk_table[table_index].properties;
4046 			if (prop == &lsi_properties ||
4047 			    prop == &lsi_oem_properties ||
4048 			    prop == &lsi_properties_scsi ||
4049 			    prop == &symbios_properties) {
4050 				un->un_f_cfg_is_lsi = TRUE;
4051 			}
4052 			break;
4053 		}
4054 	}
4055 }
4056 
4057 
4058 /*
4059  * The following routines support reading and interpretation of disk labels,
4060  * including Solaris BE (8-slice) vtoc's, Solaris LE (16-slice) vtoc's, and
4061  * fdisk tables.
4062  */
4063 
4064 /*
4065  *    Function: sd_validate_geometry
4066  *
4067  * Description: Read the label from the disk (if present). Update the unit's
4068  *		geometry and vtoc information from the data in the label.
4069  *		Verify that the label is valid.
4070  *
4071  *   Arguments: un - driver soft state (unit) structure
4072  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4073  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4074  *			to use the USCSI "direct" chain and bypass the normal
4075  *			command waitq.
4076  *
4077  * Return Code: 0 - Successful completion
4078  *		EINVAL  - Invalid value in un->un_tgt_blocksize or
4079  *			  un->un_blockcount; or label on disk is corrupted
4080  *			  or unreadable.
4081  *		EACCES  - Reservation conflict at the device.
4082  *		ENOMEM  - Resource allocation error
4083  *		ENOTSUP - geometry not applicable
4084  *
4085  *     Context: Kernel thread only (can sleep).
4086  */
4087 
4088 static int
4089 sd_validate_geometry(struct sd_lun *un, int path_flag)
4090 {
4091 	static	char		labelstring[128];
4092 	static	char		buf[256];
4093 	char	*label		= NULL;
4094 	int	label_error	= 0;
4095 	int	gvalid		= un->un_f_geometry_is_valid;
4096 	int	lbasize;
4097 	uint_t	capacity;
4098 	int	count;
4099 
4100 	ASSERT(un != NULL);
4101 	ASSERT(mutex_owned(SD_MUTEX(un)));
4102 
4103 	/*
4104 	 * If the required values are not valid, then try getting them
4105 	 * once via read capacity. If that fails, then fail this call.
4106 	 * This is necessary with the new mpxio failover behavior in
4107 	 * the T300 where we can get an attach for the inactive path
4108 	 * before the active path. The inactive path fails commands with
4109 	 * sense data of 02,04,88 which happens to the read capacity
4110 	 * before mpxio has had sufficient knowledge to know if it should
4111 	 * force a fail over or not. (Which it won't do at attach anyhow).
4112 	 * If the read capacity at attach time fails, un_tgt_blocksize and
4113 	 * un_blockcount won't be valid.
4114 	 */
4115 	if ((un->un_f_tgt_blocksize_is_valid != TRUE) ||
4116 	    (un->un_f_blockcount_is_valid != TRUE)) {
4117 		uint64_t	cap;
4118 		uint32_t	lbasz;
4119 		int		rval;
4120 
4121 		mutex_exit(SD_MUTEX(un));
4122 		rval = sd_send_scsi_READ_CAPACITY(un, &cap,
4123 		    &lbasz, SD_PATH_DIRECT);
4124 		mutex_enter(SD_MUTEX(un));
4125 		if (rval == 0) {
4126 			/*
4127 			 * The following relies on
4128 			 * sd_send_scsi_READ_CAPACITY never
4129 			 * returning 0 for capacity and/or lbasize.
4130 			 */
4131 			sd_update_block_info(un, lbasz, cap);
4132 		}
4133 
4134 		if ((un->un_f_tgt_blocksize_is_valid != TRUE) ||
4135 		    (un->un_f_blockcount_is_valid != TRUE)) {
4136 			return (EINVAL);
4137 		}
4138 	}
4139 
4140 	/*
4141 	 * Copy the lbasize and capacity so that if they're reset while we're
4142 	 * not holding the SD_MUTEX, we will continue to use valid values
4143 	 * after the SD_MUTEX is reacquired. (4119659)
4144 	 */
4145 	lbasize  = un->un_tgt_blocksize;
4146 	capacity = un->un_blockcount;
4147 
4148 #if defined(_SUNOS_VTOC_16)
4149 	/*
4150 	 * Set up the "whole disk" fdisk partition; this should always
4151 	 * exist, regardless of whether the disk contains an fdisk table
4152 	 * or vtoc.
4153 	 */
4154 	un->un_map[P0_RAW_DISK].dkl_cylno = 0;
4155 	un->un_map[P0_RAW_DISK].dkl_nblk  = capacity;
4156 #endif
4157 
4158 	/*
4159 	 * Refresh the logical and physical geometry caches.
4160 	 * (data from MODE SENSE format/rigid disk geometry pages,
4161 	 * and scsi_ifgetcap("geometry").
4162 	 */
4163 	sd_resync_geom_caches(un, capacity, lbasize, path_flag);
4164 
4165 	label_error = sd_use_efi(un, path_flag);
4166 	if (label_error == 0) {
4167 		/* found a valid EFI label */
4168 		SD_TRACE(SD_LOG_IO_PARTITION, un,
4169 			"sd_validate_geometry: found EFI label\n");
4170 		un->un_solaris_offset = 0;
4171 		un->un_solaris_size = capacity;
4172 		return (ENOTSUP);
4173 	}
4174 	if (un->un_blockcount > DK_MAX_BLOCKS) {
4175 		if (label_error == ESRCH) {
4176 			/*
4177 			 * they've configured a LUN over 1TB, but used
4178 			 * format.dat to restrict format's view of the
4179 			 * capacity to be under 1TB
4180 			 */
4181 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
4182 "is >1TB and has a VTOC label: use format(1M) to either decrease the");
4183 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
4184 "size to be < 1TB or relabel the disk with an EFI label");
4185 		} else {
4186 			/* unlabeled disk over 1TB */
4187 			return (ENOTSUP);
4188 		}
4189 	}
4190 	label_error = 0;
4191 
4192 	/*
4193 	 * at this point it is either labeled with a VTOC or it is
4194 	 * under 1TB
4195 	 */
4196 
4197 	/*
4198 	 * Only DIRECT ACCESS devices will have Sun labels.
4199 	 * CD's supposedly have a Sun label, too
4200 	 */
4201 	if (SD_INQUIRY(un)->inq_dtype == DTYPE_DIRECT || ISREMOVABLE(un)) {
4202 		struct	dk_label *dkl;
4203 		offset_t dkl1;
4204 		offset_t label_addr, real_addr;
4205 		int	rval;
4206 		size_t	buffer_size;
4207 
4208 		/*
4209 		 * Note: This will set up un->un_solaris_size and
4210 		 * un->un_solaris_offset.
4211 		 */
4212 		switch (sd_read_fdisk(un, capacity, lbasize, path_flag)) {
4213 		case SD_CMD_RESERVATION_CONFLICT:
4214 			ASSERT(mutex_owned(SD_MUTEX(un)));
4215 			return (EACCES);
4216 		case SD_CMD_FAILURE:
4217 			ASSERT(mutex_owned(SD_MUTEX(un)));
4218 			return (ENOMEM);
4219 		}
4220 
4221 		if (un->un_solaris_size <= DK_LABEL_LOC) {
4222 			/*
4223 			 * Found fdisk table but no Solaris partition entry,
4224 			 * so don't call sd_uselabel() and don't create
4225 			 * a default label.
4226 			 */
4227 			label_error = 0;
4228 			un->un_f_geometry_is_valid = TRUE;
4229 			goto no_solaris_partition;
4230 		}
4231 		label_addr = (daddr_t)(un->un_solaris_offset + DK_LABEL_LOC);
4232 
4233 		/*
4234 		 * sys_blocksize != tgt_blocksize, need to re-adjust
4235 		 * blkno and save the index to beginning of dk_label
4236 		 */
4237 		real_addr = SD_SYS2TGTBLOCK(un, label_addr);
4238 		buffer_size = SD_REQBYTES2TGTBYTES(un,
4239 		    sizeof (struct dk_label));
4240 
4241 		SD_TRACE(SD_LOG_IO_PARTITION, un, "sd_validate_geometry: "
4242 		    "label_addr: 0x%x allocation size: 0x%x\n",
4243 		    label_addr, buffer_size);
4244 		dkl = kmem_zalloc(buffer_size, KM_NOSLEEP);
4245 		if (dkl == NULL) {
4246 			return (ENOMEM);
4247 		}
4248 
4249 		mutex_exit(SD_MUTEX(un));
4250 		rval = sd_send_scsi_READ(un, dkl, buffer_size, real_addr,
4251 		    path_flag);
4252 		mutex_enter(SD_MUTEX(un));
4253 
4254 		switch (rval) {
4255 		case 0:
4256 			/*
4257 			 * sd_uselabel will establish that the geometry
4258 			 * is valid.
4259 			 * For sys_blocksize != tgt_blocksize, need
4260 			 * to index into the beginning of dk_label
4261 			 */
4262 			dkl1 = (daddr_t)dkl
4263 				+ SD_TGTBYTEOFFSET(un, label_addr, real_addr);
4264 			if (sd_uselabel(un, (struct dk_label *)(uintptr_t)dkl1,
4265 			    path_flag) != SD_LABEL_IS_VALID) {
4266 				label_error = EINVAL;
4267 			}
4268 			break;
4269 		case EACCES:
4270 			label_error = EACCES;
4271 			break;
4272 		default:
4273 			label_error = EINVAL;
4274 			break;
4275 		}
4276 
4277 		kmem_free(dkl, buffer_size);
4278 
4279 #if defined(_SUNOS_VTOC_8)
4280 		label = (char *)un->un_asciilabel;
4281 #elif defined(_SUNOS_VTOC_16)
4282 		label = (char *)un->un_vtoc.v_asciilabel;
4283 #else
4284 #error "No VTOC format defined."
4285 #endif
4286 	}
4287 
4288 	/*
4289 	 * If a valid label was not found, AND if no reservation conflict
4290 	 * was detected, then go ahead and create a default label (4069506).
4291 	 *
4292 	 * Note: currently, for VTOC_8 devices, the default label is created
4293 	 * for removables only.  For VTOC_16 devices, the default label will
4294 	 * be created for both removables and non-removables alike.
4295 	 * (see sd_build_default_label)
4296 	 */
4297 #if defined(_SUNOS_VTOC_8)
4298 	if (ISREMOVABLE(un) && (label_error != EACCES)) {
4299 #elif defined(_SUNOS_VTOC_16)
4300 	if (label_error != EACCES) {
4301 #endif
4302 		if (un->un_f_geometry_is_valid == FALSE) {
4303 			sd_build_default_label(un);
4304 		}
4305 		label_error = 0;
4306 	}
4307 
4308 no_solaris_partition:
4309 	if ((!ISREMOVABLE(un) ||
4310 	    (ISREMOVABLE(un) && un->un_mediastate == DKIO_EJECTED)) &&
4311 	    (un->un_state == SD_STATE_NORMAL && gvalid == FALSE)) {
4312 		/*
4313 		 * Print out a message indicating who and what we are.
4314 		 * We do this only when we happen to really validate the
4315 		 * geometry. We may call sd_validate_geometry() at other
4316 		 * times, e.g., ioctl()'s like Get VTOC in which case we
4317 		 * don't want to print the label.
4318 		 * If the geometry is valid, print the label string,
4319 		 * else print vendor and product info, if available
4320 		 */
4321 		if ((un->un_f_geometry_is_valid == TRUE) && (label != NULL)) {
4322 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "?<%s>\n", label);
4323 		} else {
4324 			mutex_enter(&sd_label_mutex);
4325 			sd_inq_fill(SD_INQUIRY(un)->inq_vid, VIDMAX,
4326 			    labelstring);
4327 			sd_inq_fill(SD_INQUIRY(un)->inq_pid, PIDMAX,
4328 			    &labelstring[64]);
4329 			(void) sprintf(buf, "?Vendor '%s', product '%s'",
4330 			    labelstring, &labelstring[64]);
4331 			if (un->un_f_blockcount_is_valid == TRUE) {
4332 				(void) sprintf(&buf[strlen(buf)],
4333 				    ", %llu %u byte blocks\n",
4334 				    (longlong_t)un->un_blockcount,
4335 				    un->un_tgt_blocksize);
4336 			} else {
4337 				(void) sprintf(&buf[strlen(buf)],
4338 				    ", (unknown capacity)\n");
4339 			}
4340 			SD_INFO(SD_LOG_ATTACH_DETACH, un, buf);
4341 			mutex_exit(&sd_label_mutex);
4342 		}
4343 	}
4344 
4345 #if defined(_SUNOS_VTOC_16)
4346 	/*
4347 	 * If we have valid geometry, set up the remaining fdisk partitions.
4348 	 * Note that dkl_cylno is not used for the fdisk map entries, so
4349 	 * we set it to an entirely bogus value.
4350 	 */
4351 	for (count = 0; count < FD_NUMPART; count++) {
4352 		un->un_map[FDISK_P1 + count].dkl_cylno = -1;
4353 		un->un_map[FDISK_P1 + count].dkl_nblk =
4354 		    un->un_fmap[count].fmap_nblk;
4355 
4356 		un->un_offset[FDISK_P1 + count] =
4357 		    un->un_fmap[count].fmap_start;
4358 	}
4359 #endif
4360 
4361 	for (count = 0; count < NDKMAP; count++) {
4362 #if defined(_SUNOS_VTOC_8)
4363 		struct dk_map *lp  = &un->un_map[count];
4364 		un->un_offset[count] =
4365 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
4366 #elif defined(_SUNOS_VTOC_16)
4367 		struct dkl_partition *vp = &un->un_vtoc.v_part[count];
4368 
4369 		un->un_offset[count] = vp->p_start + un->un_solaris_offset;
4370 #else
4371 #error "No VTOC format defined."
4372 #endif
4373 	}
4374 
4375 	return (label_error);
4376 }
4377 
4378 
4379 #if defined(_SUNOS_VTOC_16)
4380 /*
4381  * Macro: MAX_BLKS
4382  *
4383  *	This macro is used for table entries where we need to have the largest
4384  *	possible sector value for that head & SPT (sectors per track)
4385  *	combination.  Other entries for some smaller disk sizes are set by
4386  *	convention to match those used by X86 BIOS usage.
4387  */
4388 #define	MAX_BLKS(heads, spt)	UINT16_MAX * heads * spt, heads, spt
4389 
4390 /*
4391  *    Function: sd_convert_geometry
4392  *
4393  * Description: Convert physical geometry into a dk_geom structure. In
4394  *		other words, make sure we don't wrap 16-bit values.
4395  *		e.g. converting from geom_cache to dk_geom
4396  *
4397  *     Context: Kernel thread only
4398  */
4399 static void
4400 sd_convert_geometry(uint64_t capacity, struct dk_geom *un_g)
4401 {
4402 	int i;
4403 	static const struct chs_values {
4404 		uint_t max_cap;		/* Max Capacity for this HS. */
4405 		uint_t nhead;		/* Heads to use. */
4406 		uint_t nsect;		/* SPT to use. */
4407 	} CHS_values[] = {
4408 		{0x00200000,  64, 32},		/* 1GB or smaller disk. */
4409 		{0x01000000, 128, 32},		/* 8GB or smaller disk. */
4410 		{MAX_BLKS(255,  63)},		/* 502.02GB or smaller disk. */
4411 		{MAX_BLKS(255, 126)},		/* .98TB or smaller disk. */
4412 		{DK_MAX_BLOCKS, 255, 189}	/* Max size is just under 1TB */
4413 	};
4414 
4415 	/* Unlabeled SCSI floppy device */
4416 	if (capacity <= 0x1000) {
4417 		un_g->dkg_nhead = 2;
4418 		un_g->dkg_ncyl = 80;
4419 		un_g->dkg_nsect = capacity / (un_g->dkg_nhead * un_g->dkg_ncyl);
4420 		return;
4421 	}
4422 
4423 	/*
4424 	 * For all devices we calculate cylinders using the
4425 	 * heads and sectors we assign based on capacity of the
4426 	 * device.  The table is designed to be compatible with the
4427 	 * way other operating systems lay out fdisk tables for X86
4428 	 * and to insure that the cylinders never exceed 65535 to
4429 	 * prevent problems with X86 ioctls that report geometry.
4430 	 * We use SPT that are multiples of 63, since other OSes that
4431 	 * are not limited to 16-bits for cylinders stop at 63 SPT
4432 	 * we make do by using multiples of 63 SPT.
4433 	 *
4434 	 * Note than capacities greater than or equal to 1TB will simply
4435 	 * get the largest geometry from the table. This should be okay
4436 	 * since disks this large shouldn't be using CHS values anyway.
4437 	 */
4438 	for (i = 0; CHS_values[i].max_cap < capacity &&
4439 	    CHS_values[i].max_cap != DK_MAX_BLOCKS; i++)
4440 		;
4441 
4442 	un_g->dkg_nhead = CHS_values[i].nhead;
4443 	un_g->dkg_nsect = CHS_values[i].nsect;
4444 }
4445 #endif
4446 
4447 
4448 /*
4449  *    Function: sd_resync_geom_caches
4450  *
4451  * Description: (Re)initialize both geometry caches: the virtual geometry
4452  *		information is extracted from the HBA (the "geometry"
4453  *		capability), and the physical geometry cache data is
4454  *		generated by issuing MODE SENSE commands.
4455  *
4456  *   Arguments: un - driver soft state (unit) structure
4457  *		capacity - disk capacity in #blocks
4458  *		lbasize - disk block size in bytes
4459  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4460  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4461  *			to use the USCSI "direct" chain and bypass the normal
4462  *			command waitq.
4463  *
4464  *     Context: Kernel thread only (can sleep).
4465  */
4466 
4467 static void
4468 sd_resync_geom_caches(struct sd_lun *un, int capacity, int lbasize,
4469 	int path_flag)
4470 {
4471 	struct 	geom_cache 	pgeom;
4472 	struct 	geom_cache	*pgeom_p = &pgeom;
4473 	int 	spc;
4474 	unsigned short nhead;
4475 	unsigned short nsect;
4476 
4477 	ASSERT(un != NULL);
4478 	ASSERT(mutex_owned(SD_MUTEX(un)));
4479 
4480 	/*
4481 	 * Ask the controller for its logical geometry.
4482 	 * Note: if the HBA does not support scsi_ifgetcap("geometry"),
4483 	 * then the lgeom cache will be invalid.
4484 	 */
4485 	sd_get_virtual_geometry(un, capacity, lbasize);
4486 
4487 	/*
4488 	 * Initialize the pgeom cache from lgeom, so that if MODE SENSE
4489 	 * doesn't work, DKIOCG_PHYSGEOM can return reasonable values.
4490 	 */
4491 	if (un->un_lgeom.g_nsect == 0 || un->un_lgeom.g_nhead == 0) {
4492 		/*
4493 		 * Note: Perhaps this needs to be more adaptive? The rationale
4494 		 * is that, if there's no HBA geometry from the HBA driver, any
4495 		 * guess is good, since this is the physical geometry. If MODE
4496 		 * SENSE fails this gives a max cylinder size for non-LBA access
4497 		 */
4498 		nhead = 255;
4499 		nsect = 63;
4500 	} else {
4501 		nhead = un->un_lgeom.g_nhead;
4502 		nsect = un->un_lgeom.g_nsect;
4503 	}
4504 
4505 	if (ISCD(un)) {
4506 		pgeom_p->g_nhead = 1;
4507 		pgeom_p->g_nsect = nsect * nhead;
4508 	} else {
4509 		pgeom_p->g_nhead = nhead;
4510 		pgeom_p->g_nsect = nsect;
4511 	}
4512 
4513 	spc = pgeom_p->g_nhead * pgeom_p->g_nsect;
4514 	pgeom_p->g_capacity = capacity;
4515 	pgeom_p->g_ncyl = pgeom_p->g_capacity / spc;
4516 	pgeom_p->g_acyl = 0;
4517 
4518 	/*
4519 	 * Retrieve fresh geometry data from the hardware, stash it
4520 	 * here temporarily before we rebuild the incore label.
4521 	 *
4522 	 * We want to use the MODE SENSE commands to derive the
4523 	 * physical geometry of the device, but if either command
4524 	 * fails, the logical geometry is used as the fallback for
4525 	 * disk label geometry.
4526 	 */
4527 	mutex_exit(SD_MUTEX(un));
4528 	sd_get_physical_geometry(un, pgeom_p, capacity, lbasize, path_flag);
4529 	mutex_enter(SD_MUTEX(un));
4530 
4531 	/*
4532 	 * Now update the real copy while holding the mutex. This
4533 	 * way the global copy is never in an inconsistent state.
4534 	 */
4535 	bcopy(pgeom_p, &un->un_pgeom,  sizeof (un->un_pgeom));
4536 
4537 	SD_INFO(SD_LOG_COMMON, un, "sd_resync_geom_caches: "
4538 	    "(cached from lgeom)\n");
4539 	SD_INFO(SD_LOG_COMMON, un,
4540 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
4541 	    un->un_pgeom.g_ncyl, un->un_pgeom.g_acyl,
4542 	    un->un_pgeom.g_nhead, un->un_pgeom.g_nsect);
4543 	SD_INFO(SD_LOG_COMMON, un, "   lbasize: %d; capacity: %ld; "
4544 	    "intrlv: %d; rpm: %d\n", un->un_pgeom.g_secsize,
4545 	    un->un_pgeom.g_capacity, un->un_pgeom.g_intrlv,
4546 	    un->un_pgeom.g_rpm);
4547 }
4548 
4549 
4550 /*
4551  *    Function: sd_read_fdisk
4552  *
4553  * Description: utility routine to read the fdisk table.
4554  *
4555  *   Arguments: un - driver soft state (unit) structure
4556  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4557  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4558  *			to use the USCSI "direct" chain and bypass the normal
4559  *			command waitq.
4560  *
4561  * Return Code: SD_CMD_SUCCESS
4562  *		SD_CMD_FAILURE
4563  *
4564  *     Context: Kernel thread only (can sleep).
4565  */
4566 /* ARGSUSED */
4567 static int
4568 sd_read_fdisk(struct sd_lun *un, uint_t capacity, int lbasize, int path_flag)
4569 {
4570 #if defined(_NO_FDISK_PRESENT)
4571 
4572 	un->un_solaris_offset = 0;
4573 	un->un_solaris_size = capacity;
4574 	bzero(un->un_fmap, sizeof (struct fmap) * FD_NUMPART);
4575 	return (SD_CMD_SUCCESS);
4576 
4577 #elif defined(_FIRMWARE_NEEDS_FDISK)
4578 
4579 	struct ipart	*fdp;
4580 	struct mboot	*mbp;
4581 	struct ipart	fdisk[FD_NUMPART];
4582 	int		i;
4583 	char		sigbuf[2];
4584 	caddr_t		bufp;
4585 	int		uidx;
4586 	int		rval;
4587 	int		lba = 0;
4588 	uint_t		solaris_offset;	/* offset to solaris part. */
4589 	daddr_t		solaris_size;	/* size of solaris partition */
4590 	uint32_t	blocksize;
4591 
4592 	ASSERT(un != NULL);
4593 	ASSERT(mutex_owned(SD_MUTEX(un)));
4594 	ASSERT(un->un_f_tgt_blocksize_is_valid == TRUE);
4595 
4596 	blocksize = un->un_tgt_blocksize;
4597 
4598 	/*
4599 	 * Start off assuming no fdisk table
4600 	 */
4601 	solaris_offset = 0;
4602 	solaris_size   = capacity;
4603 
4604 	mutex_exit(SD_MUTEX(un));
4605 	bufp = kmem_zalloc(blocksize, KM_SLEEP);
4606 	rval = sd_send_scsi_READ(un, bufp, blocksize, 0, path_flag);
4607 	mutex_enter(SD_MUTEX(un));
4608 
4609 	if (rval != 0) {
4610 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4611 		    "sd_read_fdisk: fdisk read err\n");
4612 		kmem_free(bufp, blocksize);
4613 		return (SD_CMD_FAILURE);
4614 	}
4615 
4616 	mbp = (struct mboot *)bufp;
4617 
4618 	/*
4619 	 * The fdisk table does not begin on a 4-byte boundary within the
4620 	 * master boot record, so we copy it to an aligned structure to avoid
4621 	 * alignment exceptions on some processors.
4622 	 */
4623 	bcopy(&mbp->parts[0], fdisk, sizeof (fdisk));
4624 
4625 	/*
4626 	 * Check for lba support before verifying sig; sig might not be
4627 	 * there, say on a blank disk, but the max_chs mark may still
4628 	 * be present.
4629 	 *
4630 	 * Note: LBA support and BEFs are an x86-only concept but this
4631 	 * code should work OK on SPARC as well.
4632 	 */
4633 
4634 	/*
4635 	 * First, check for lba-access-ok on root node (or prom root node)
4636 	 * if present there, don't need to search fdisk table.
4637 	 */
4638 	if (ddi_getprop(DDI_DEV_T_ANY, ddi_root_node(), 0,
4639 	    "lba-access-ok", 0) != 0) {
4640 		/* All drives do LBA; don't search fdisk table */
4641 		lba = 1;
4642 	} else {
4643 		/* Okay, look for mark in fdisk table */
4644 		for (fdp = fdisk, i = 0; i < FD_NUMPART; i++, fdp++) {
4645 			/* accumulate "lba" value from all partitions */
4646 			lba = (lba || sd_has_max_chs_vals(fdp));
4647 		}
4648 	}
4649 
4650 	if (lba != 0) {
4651 		dev_t dev = sd_make_device(SD_DEVINFO(un));
4652 
4653 		if (ddi_getprop(dev, SD_DEVINFO(un), DDI_PROP_DONTPASS,
4654 		    "lba-access-ok", 0) == 0) {
4655 			/* not found; create it */
4656 			if (ddi_prop_create(dev, SD_DEVINFO(un), 0,
4657 			    "lba-access-ok", (caddr_t)NULL, 0) !=
4658 			    DDI_PROP_SUCCESS) {
4659 				SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4660 				    "sd_read_fdisk: Can't create lba property "
4661 				    "for instance %d\n",
4662 				    ddi_get_instance(SD_DEVINFO(un)));
4663 			}
4664 		}
4665 	}
4666 
4667 	bcopy(&mbp->signature, sigbuf, sizeof (sigbuf));
4668 
4669 	/*
4670 	 * Endian-independent signature check
4671 	 */
4672 	if (((sigbuf[1] & 0xFF) != ((MBB_MAGIC >> 8) & 0xFF)) ||
4673 	    (sigbuf[0] != (MBB_MAGIC & 0xFF))) {
4674 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
4675 		    "sd_read_fdisk: no fdisk\n");
4676 		bzero(un->un_fmap, sizeof (struct fmap) * FD_NUMPART);
4677 		rval = SD_CMD_SUCCESS;
4678 		goto done;
4679 	}
4680 
4681 #ifdef SDDEBUG
4682 	if (sd_level_mask & SD_LOGMASK_INFO) {
4683 		fdp = fdisk;
4684 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_read_fdisk:\n");
4685 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "         relsect    "
4686 		    "numsect         sysid       bootid\n");
4687 		for (i = 0; i < FD_NUMPART; i++, fdp++) {
4688 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
4689 			    "    %d:  %8d   %8d     0x%08x     0x%08x\n",
4690 			    i, fdp->relsect, fdp->numsect,
4691 			    fdp->systid, fdp->bootid);
4692 		}
4693 	}
4694 #endif
4695 
4696 	/*
4697 	 * Try to find the unix partition
4698 	 */
4699 	uidx = -1;
4700 	solaris_offset = 0;
4701 	solaris_size   = 0;
4702 
4703 	for (fdp = fdisk, i = 0; i < FD_NUMPART; i++, fdp++) {
4704 		int	relsect;
4705 		int	numsect;
4706 
4707 		if (fdp->numsect == 0) {
4708 			un->un_fmap[i].fmap_start = 0;
4709 			un->un_fmap[i].fmap_nblk  = 0;
4710 			continue;
4711 		}
4712 
4713 		/*
4714 		 * Data in the fdisk table is little-endian.
4715 		 */
4716 		relsect = LE_32(fdp->relsect);
4717 		numsect = LE_32(fdp->numsect);
4718 
4719 		un->un_fmap[i].fmap_start = relsect;
4720 		un->un_fmap[i].fmap_nblk  = numsect;
4721 
4722 		if (fdp->systid != SUNIXOS &&
4723 		    fdp->systid != SUNIXOS2 &&
4724 		    fdp->systid != EFI_PMBR) {
4725 			continue;
4726 		}
4727 
4728 		/*
4729 		 * use the last active solaris partition id found
4730 		 * (there should only be 1 active partition id)
4731 		 *
4732 		 * if there are no active solaris partition id
4733 		 * then use the first inactive solaris partition id
4734 		 */
4735 		if ((uidx == -1) || (fdp->bootid == ACTIVE)) {
4736 			uidx = i;
4737 			solaris_offset = relsect;
4738 			solaris_size   = numsect;
4739 		}
4740 	}
4741 
4742 	SD_INFO(SD_LOG_ATTACH_DETACH, un, "fdisk 0x%x 0x%lx",
4743 	    un->un_solaris_offset, un->un_solaris_size);
4744 
4745 	rval = SD_CMD_SUCCESS;
4746 
4747 done:
4748 
4749 	/*
4750 	 * Clear the VTOC info, only if the Solaris partition entry
4751 	 * has moved, changed size, been deleted, or if the size of
4752 	 * the partition is too small to even fit the label sector.
4753 	 */
4754 	if ((un->un_solaris_offset != solaris_offset) ||
4755 	    (un->un_solaris_size != solaris_size) ||
4756 	    solaris_size <= DK_LABEL_LOC) {
4757 		SD_INFO(SD_LOG_ATTACH_DETACH, un, "fdisk moved 0x%x 0x%lx",
4758 			solaris_offset, solaris_size);
4759 		bzero(&un->un_g, sizeof (struct dk_geom));
4760 		bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
4761 		bzero(&un->un_map, NDKMAP * (sizeof (struct dk_map)));
4762 		un->un_f_geometry_is_valid = FALSE;
4763 	}
4764 	un->un_solaris_offset = solaris_offset;
4765 	un->un_solaris_size = solaris_size;
4766 	kmem_free(bufp, blocksize);
4767 	return (rval);
4768 
4769 #else	/* #elif defined(_FIRMWARE_NEEDS_FDISK) */
4770 #error "fdisk table presence undetermined for this platform."
4771 #endif	/* #if defined(_NO_FDISK_PRESENT) */
4772 }
4773 
4774 
4775 /*
4776  *    Function: sd_get_physical_geometry
4777  *
4778  * Description: Retrieve the MODE SENSE page 3 (Format Device Page) and
4779  *		MODE SENSE page 4 (Rigid Disk Drive Geometry Page) from the
4780  *		target, and use this information to initialize the physical
4781  *		geometry cache specified by pgeom_p.
4782  *
4783  *		MODE SENSE is an optional command, so failure in this case
4784  *		does not necessarily denote an error. We want to use the
4785  *		MODE SENSE commands to derive the physical geometry of the
4786  *		device, but if either command fails, the logical geometry is
4787  *		used as the fallback for disk label geometry.
4788  *
4789  *		This requires that un->un_blockcount and un->un_tgt_blocksize
4790  *		have already been initialized for the current target and
4791  *		that the current values be passed as args so that we don't
4792  *		end up ever trying to use -1 as a valid value. This could
4793  *		happen if either value is reset while we're not holding
4794  *		the mutex.
4795  *
4796  *   Arguments: un - driver soft state (unit) structure
4797  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
4798  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
4799  *			to use the USCSI "direct" chain and bypass the normal
4800  *			command waitq.
4801  *
4802  *     Context: Kernel thread only (can sleep).
4803  */
4804 
4805 static void
4806 sd_get_physical_geometry(struct sd_lun *un, struct geom_cache *pgeom_p,
4807 	int capacity, int lbasize, int path_flag)
4808 {
4809 	struct	mode_format	*page3p;
4810 	struct	mode_geometry	*page4p;
4811 	struct	mode_header	*headerp;
4812 	int	sector_size;
4813 	int	nsect;
4814 	int	nhead;
4815 	int	ncyl;
4816 	int	intrlv;
4817 	int	spc;
4818 	int	modesense_capacity;
4819 	int	rpm;
4820 	int	bd_len;
4821 	int	mode_header_length;
4822 	uchar_t	*p3bufp;
4823 	uchar_t	*p4bufp;
4824 	int	cdbsize;
4825 
4826 	ASSERT(un != NULL);
4827 	ASSERT(!(mutex_owned(SD_MUTEX(un))));
4828 
4829 	if (un->un_f_blockcount_is_valid != TRUE) {
4830 		return;
4831 	}
4832 
4833 	if (un->un_f_tgt_blocksize_is_valid != TRUE) {
4834 		return;
4835 	}
4836 
4837 	if (lbasize == 0) {
4838 		if (ISCD(un)) {
4839 			lbasize = 2048;
4840 		} else {
4841 			lbasize = un->un_sys_blocksize;
4842 		}
4843 	}
4844 	pgeom_p->g_secsize = (unsigned short)lbasize;
4845 
4846 	cdbsize = (un->un_f_cfg_is_atapi == TRUE) ? CDB_GROUP2 : CDB_GROUP0;
4847 
4848 	/*
4849 	 * Retrieve MODE SENSE page 3 - Format Device Page
4850 	 */
4851 	p3bufp = kmem_zalloc(SD_MODE_SENSE_PAGE3_LENGTH, KM_SLEEP);
4852 	if (sd_send_scsi_MODE_SENSE(un, cdbsize, p3bufp,
4853 	    SD_MODE_SENSE_PAGE3_LENGTH, SD_MODE_SENSE_PAGE3_CODE, path_flag)
4854 	    != 0) {
4855 		SD_ERROR(SD_LOG_COMMON, un,
4856 		    "sd_get_physical_geometry: mode sense page 3 failed\n");
4857 		goto page3_exit;
4858 	}
4859 
4860 	/*
4861 	 * Determine size of Block Descriptors in order to locate the mode
4862 	 * page data.  ATAPI devices return 0, SCSI devices should return
4863 	 * MODE_BLK_DESC_LENGTH.
4864 	 */
4865 	headerp = (struct mode_header *)p3bufp;
4866 	if (un->un_f_cfg_is_atapi == TRUE) {
4867 		struct mode_header_grp2 *mhp =
4868 		    (struct mode_header_grp2 *)headerp;
4869 		mode_header_length = MODE_HEADER_LENGTH_GRP2;
4870 		bd_len = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
4871 	} else {
4872 		mode_header_length = MODE_HEADER_LENGTH;
4873 		bd_len = ((struct mode_header *)headerp)->bdesc_length;
4874 	}
4875 
4876 	if (bd_len > MODE_BLK_DESC_LENGTH) {
4877 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4878 		    "received unexpected bd_len of %d, page3\n", bd_len);
4879 		goto page3_exit;
4880 	}
4881 
4882 	page3p = (struct mode_format *)
4883 	    ((caddr_t)headerp + mode_header_length + bd_len);
4884 
4885 	if (page3p->mode_page.code != SD_MODE_SENSE_PAGE3_CODE) {
4886 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4887 		    "mode sense pg3 code mismatch %d\n",
4888 		    page3p->mode_page.code);
4889 		goto page3_exit;
4890 	}
4891 
4892 	/*
4893 	 * Use this physical geometry data only if BOTH MODE SENSE commands
4894 	 * complete successfully; otherwise, revert to the logical geometry.
4895 	 * So, we need to save everything in temporary variables.
4896 	 */
4897 	sector_size = BE_16(page3p->data_bytes_sect);
4898 
4899 	/*
4900 	 * 1243403: The NEC D38x7 drives do not support MODE SENSE sector size
4901 	 */
4902 	if (sector_size == 0) {
4903 		sector_size = (ISCD(un)) ? 2048 : un->un_sys_blocksize;
4904 	} else {
4905 		sector_size &= ~(un->un_sys_blocksize - 1);
4906 	}
4907 
4908 	nsect  = BE_16(page3p->sect_track);
4909 	intrlv = BE_16(page3p->interleave);
4910 
4911 	SD_INFO(SD_LOG_COMMON, un,
4912 	    "sd_get_physical_geometry: Format Parameters (page 3)\n");
4913 	SD_INFO(SD_LOG_COMMON, un,
4914 	    "   mode page: %d; nsect: %d; sector size: %d;\n",
4915 	    page3p->mode_page.code, nsect, sector_size);
4916 	SD_INFO(SD_LOG_COMMON, un,
4917 	    "   interleave: %d; track skew: %d; cylinder skew: %d;\n", intrlv,
4918 	    BE_16(page3p->track_skew),
4919 	    BE_16(page3p->cylinder_skew));
4920 
4921 
4922 	/*
4923 	 * Retrieve MODE SENSE page 4 - Rigid Disk Drive Geometry Page
4924 	 */
4925 	p4bufp = kmem_zalloc(SD_MODE_SENSE_PAGE4_LENGTH, KM_SLEEP);
4926 	if (sd_send_scsi_MODE_SENSE(un, cdbsize, p4bufp,
4927 	    SD_MODE_SENSE_PAGE4_LENGTH, SD_MODE_SENSE_PAGE4_CODE, path_flag)
4928 	    != 0) {
4929 		SD_ERROR(SD_LOG_COMMON, un,
4930 		    "sd_get_physical_geometry: mode sense page 4 failed\n");
4931 		goto page4_exit;
4932 	}
4933 
4934 	/*
4935 	 * Determine size of Block Descriptors in order to locate the mode
4936 	 * page data.  ATAPI devices return 0, SCSI devices should return
4937 	 * MODE_BLK_DESC_LENGTH.
4938 	 */
4939 	headerp = (struct mode_header *)p4bufp;
4940 	if (un->un_f_cfg_is_atapi == TRUE) {
4941 		struct mode_header_grp2 *mhp =
4942 		    (struct mode_header_grp2 *)headerp;
4943 		bd_len = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
4944 	} else {
4945 		bd_len = ((struct mode_header *)headerp)->bdesc_length;
4946 	}
4947 
4948 	if (bd_len > MODE_BLK_DESC_LENGTH) {
4949 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4950 		    "received unexpected bd_len of %d, page4\n", bd_len);
4951 		goto page4_exit;
4952 	}
4953 
4954 	page4p = (struct mode_geometry *)
4955 	    ((caddr_t)headerp + mode_header_length + bd_len);
4956 
4957 	if (page4p->mode_page.code != SD_MODE_SENSE_PAGE4_CODE) {
4958 		SD_ERROR(SD_LOG_COMMON, un, "sd_get_physical_geometry: "
4959 		    "mode sense pg4 code mismatch %d\n",
4960 		    page4p->mode_page.code);
4961 		goto page4_exit;
4962 	}
4963 
4964 	/*
4965 	 * Stash the data now, after we know that both commands completed.
4966 	 */
4967 
4968 	mutex_enter(SD_MUTEX(un));
4969 
4970 	nhead = (int)page4p->heads;	/* uchar, so no conversion needed */
4971 	spc   = nhead * nsect;
4972 	ncyl  = (page4p->cyl_ub << 16) + (page4p->cyl_mb << 8) + page4p->cyl_lb;
4973 	rpm   = BE_16(page4p->rpm);
4974 
4975 	modesense_capacity = spc * ncyl;
4976 
4977 	SD_INFO(SD_LOG_COMMON, un,
4978 	    "sd_get_physical_geometry: Geometry Parameters (page 4)\n");
4979 	SD_INFO(SD_LOG_COMMON, un,
4980 	    "   cylinders: %d; heads: %d; rpm: %d;\n", ncyl, nhead, rpm);
4981 	SD_INFO(SD_LOG_COMMON, un,
4982 	    "   computed capacity(h*s*c): %d;\n", modesense_capacity);
4983 	SD_INFO(SD_LOG_COMMON, un, "   pgeom_p: %p; read cap: %d\n",
4984 	    (void *)pgeom_p, capacity);
4985 
4986 	/*
4987 	 * Compensate if the drive's geometry is not rectangular, i.e.,
4988 	 * the product of C * H * S returned by MODE SENSE >= that returned
4989 	 * by read capacity. This is an idiosyncrasy of the original x86
4990 	 * disk subsystem.
4991 	 */
4992 	if (modesense_capacity >= capacity) {
4993 		SD_INFO(SD_LOG_COMMON, un,
4994 		    "sd_get_physical_geometry: adjusting acyl; "
4995 		    "old: %d; new: %d\n", pgeom_p->g_acyl,
4996 		    (modesense_capacity - capacity + spc - 1) / spc);
4997 		if (sector_size != 0) {
4998 			/* 1243403: NEC D38x7 drives don't support sec size */
4999 			pgeom_p->g_secsize = (unsigned short)sector_size;
5000 		}
5001 		pgeom_p->g_nsect    = (unsigned short)nsect;
5002 		pgeom_p->g_nhead    = (unsigned short)nhead;
5003 		pgeom_p->g_capacity = capacity;
5004 		pgeom_p->g_acyl	    =
5005 		    (modesense_capacity - pgeom_p->g_capacity + spc - 1) / spc;
5006 		pgeom_p->g_ncyl	    = ncyl - pgeom_p->g_acyl;
5007 	}
5008 
5009 	pgeom_p->g_rpm    = (unsigned short)rpm;
5010 	pgeom_p->g_intrlv = (unsigned short)intrlv;
5011 
5012 	SD_INFO(SD_LOG_COMMON, un,
5013 	    "sd_get_physical_geometry: mode sense geometry:\n");
5014 	SD_INFO(SD_LOG_COMMON, un,
5015 	    "   nsect: %d; sector size: %d; interlv: %d\n",
5016 	    nsect, sector_size, intrlv);
5017 	SD_INFO(SD_LOG_COMMON, un,
5018 	    "   nhead: %d; ncyl: %d; rpm: %d; capacity(ms): %d\n",
5019 	    nhead, ncyl, rpm, modesense_capacity);
5020 	SD_INFO(SD_LOG_COMMON, un,
5021 	    "sd_get_physical_geometry: (cached)\n");
5022 	SD_INFO(SD_LOG_COMMON, un,
5023 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
5024 	    un->un_pgeom.g_ncyl,  un->un_pgeom.g_acyl,
5025 	    un->un_pgeom.g_nhead, un->un_pgeom.g_nsect);
5026 	SD_INFO(SD_LOG_COMMON, un,
5027 	    "   lbasize: %d; capacity: %ld; intrlv: %d; rpm: %d\n",
5028 	    un->un_pgeom.g_secsize, un->un_pgeom.g_capacity,
5029 	    un->un_pgeom.g_intrlv, un->un_pgeom.g_rpm);
5030 
5031 	mutex_exit(SD_MUTEX(un));
5032 
5033 page4_exit:
5034 	kmem_free(p4bufp, SD_MODE_SENSE_PAGE4_LENGTH);
5035 page3_exit:
5036 	kmem_free(p3bufp, SD_MODE_SENSE_PAGE3_LENGTH);
5037 }
5038 
5039 
5040 /*
5041  *    Function: sd_get_virtual_geometry
5042  *
5043  * Description: Ask the controller to tell us about the target device.
5044  *
5045  *   Arguments: un - pointer to softstate
5046  *		capacity - disk capacity in #blocks
5047  *		lbasize - disk block size in bytes
5048  *
5049  *     Context: Kernel thread only
5050  */
5051 
5052 static void
5053 sd_get_virtual_geometry(struct sd_lun *un, int capacity, int lbasize)
5054 {
5055 	struct	geom_cache 	*lgeom_p = &un->un_lgeom;
5056 	uint_t	geombuf;
5057 	int	spc;
5058 
5059 	ASSERT(un != NULL);
5060 	ASSERT(mutex_owned(SD_MUTEX(un)));
5061 
5062 	mutex_exit(SD_MUTEX(un));
5063 
5064 	/* Set sector size, and total number of sectors */
5065 	(void) scsi_ifsetcap(SD_ADDRESS(un), "sector-size",   lbasize,  1);
5066 	(void) scsi_ifsetcap(SD_ADDRESS(un), "total-sectors", capacity, 1);
5067 
5068 	/* Let the HBA tell us its geometry */
5069 	geombuf = (uint_t)scsi_ifgetcap(SD_ADDRESS(un), "geometry", 1);
5070 
5071 	mutex_enter(SD_MUTEX(un));
5072 
5073 	/* A value of -1 indicates an undefined "geometry" property */
5074 	if (geombuf == (-1)) {
5075 		return;
5076 	}
5077 
5078 	/* Initialize the logical geometry cache. */
5079 	lgeom_p->g_nhead   = (geombuf >> 16) & 0xffff;
5080 	lgeom_p->g_nsect   = geombuf & 0xffff;
5081 	lgeom_p->g_secsize = un->un_sys_blocksize;
5082 
5083 	spc = lgeom_p->g_nhead * lgeom_p->g_nsect;
5084 
5085 	/*
5086 	 * Note: The driver originally converted the capacity value from
5087 	 * target blocks to system blocks. However, the capacity value passed
5088 	 * to this routine is already in terms of system blocks (this scaling
5089 	 * is done when the READ CAPACITY command is issued and processed).
5090 	 * This 'error' may have gone undetected because the usage of g_ncyl
5091 	 * (which is based upon g_capacity) is very limited within the driver
5092 	 */
5093 	lgeom_p->g_capacity = capacity;
5094 
5095 	/*
5096 	 * Set ncyl to zero if the hba returned a zero nhead or nsect value. The
5097 	 * hba may return zero values if the device has been removed.
5098 	 */
5099 	if (spc == 0) {
5100 		lgeom_p->g_ncyl = 0;
5101 	} else {
5102 		lgeom_p->g_ncyl = lgeom_p->g_capacity / spc;
5103 	}
5104 	lgeom_p->g_acyl = 0;
5105 
5106 	SD_INFO(SD_LOG_COMMON, un, "sd_get_virtual_geometry: (cached)\n");
5107 	SD_INFO(SD_LOG_COMMON, un,
5108 	    "   ncyl: %ld; acyl: %d; nhead: %d; nsect: %d\n",
5109 	    un->un_lgeom.g_ncyl,  un->un_lgeom.g_acyl,
5110 	    un->un_lgeom.g_nhead, un->un_lgeom.g_nsect);
5111 	SD_INFO(SD_LOG_COMMON, un, "   lbasize: %d; capacity: %ld; "
5112 	    "intrlv: %d; rpm: %d\n", un->un_lgeom.g_secsize,
5113 	    un->un_lgeom.g_capacity, un->un_lgeom.g_intrlv, un->un_lgeom.g_rpm);
5114 }
5115 
5116 
5117 /*
5118  *    Function: sd_update_block_info
5119  *
5120  * Description: Calculate a byte count to sector count bitshift value
5121  *		from sector size.
5122  *
5123  *   Arguments: un: unit struct.
5124  *		lbasize: new target sector size
5125  *		capacity: new target capacity, ie. block count
5126  *
5127  *     Context: Kernel thread context
5128  */
5129 
5130 static void
5131 sd_update_block_info(struct sd_lun *un, uint32_t lbasize, uint64_t capacity)
5132 {
5133 	if (lbasize != 0) {
5134 		un->un_tgt_blocksize = lbasize;
5135 		un->un_f_tgt_blocksize_is_valid	= TRUE;
5136 	}
5137 
5138 	if (capacity != 0) {
5139 		un->un_blockcount		= capacity;
5140 		un->un_f_blockcount_is_valid	= TRUE;
5141 	}
5142 }
5143 
5144 
5145 static void
5146 sd_swap_efi_gpt(efi_gpt_t *e)
5147 {
5148 	_NOTE(ASSUMING_PROTECTED(*e))
5149 	e->efi_gpt_Signature = LE_64(e->efi_gpt_Signature);
5150 	e->efi_gpt_Revision = LE_32(e->efi_gpt_Revision);
5151 	e->efi_gpt_HeaderSize = LE_32(e->efi_gpt_HeaderSize);
5152 	e->efi_gpt_HeaderCRC32 = LE_32(e->efi_gpt_HeaderCRC32);
5153 	e->efi_gpt_MyLBA = LE_64(e->efi_gpt_MyLBA);
5154 	e->efi_gpt_AlternateLBA = LE_64(e->efi_gpt_AlternateLBA);
5155 	e->efi_gpt_FirstUsableLBA = LE_64(e->efi_gpt_FirstUsableLBA);
5156 	e->efi_gpt_LastUsableLBA = LE_64(e->efi_gpt_LastUsableLBA);
5157 	UUID_LE_CONVERT(e->efi_gpt_DiskGUID, e->efi_gpt_DiskGUID);
5158 	e->efi_gpt_PartitionEntryLBA = LE_64(e->efi_gpt_PartitionEntryLBA);
5159 	e->efi_gpt_NumberOfPartitionEntries =
5160 	    LE_32(e->efi_gpt_NumberOfPartitionEntries);
5161 	e->efi_gpt_SizeOfPartitionEntry =
5162 	    LE_32(e->efi_gpt_SizeOfPartitionEntry);
5163 	e->efi_gpt_PartitionEntryArrayCRC32 =
5164 	    LE_32(e->efi_gpt_PartitionEntryArrayCRC32);
5165 }
5166 
5167 static void
5168 sd_swap_efi_gpe(int nparts, efi_gpe_t *p)
5169 {
5170 	int i;
5171 
5172 	_NOTE(ASSUMING_PROTECTED(*p))
5173 	for (i = 0; i < nparts; i++) {
5174 		UUID_LE_CONVERT(p[i].efi_gpe_PartitionTypeGUID,
5175 		    p[i].efi_gpe_PartitionTypeGUID);
5176 		p[i].efi_gpe_StartingLBA = LE_64(p[i].efi_gpe_StartingLBA);
5177 		p[i].efi_gpe_EndingLBA = LE_64(p[i].efi_gpe_EndingLBA);
5178 		/* PartitionAttrs */
5179 	}
5180 }
5181 
5182 static int
5183 sd_validate_efi(efi_gpt_t *labp)
5184 {
5185 	if (labp->efi_gpt_Signature != EFI_SIGNATURE)
5186 		return (EINVAL);
5187 	/* at least 96 bytes in this version of the spec. */
5188 	if (sizeof (efi_gpt_t) - sizeof (labp->efi_gpt_Reserved2) >
5189 	    labp->efi_gpt_HeaderSize)
5190 		return (EINVAL);
5191 	/* this should be 128 bytes */
5192 	if (labp->efi_gpt_SizeOfPartitionEntry != sizeof (efi_gpe_t))
5193 		return (EINVAL);
5194 	return (0);
5195 }
5196 
5197 static int
5198 sd_use_efi(struct sd_lun *un, int path_flag)
5199 {
5200 	int		i;
5201 	int		rval = 0;
5202 	efi_gpe_t	*partitions;
5203 	uchar_t		*buf;
5204 	uint_t		lbasize;
5205 	uint64_t	cap;
5206 	uint_t		nparts;
5207 	diskaddr_t	gpe_lba;
5208 
5209 	ASSERT(mutex_owned(SD_MUTEX(un)));
5210 	lbasize = un->un_tgt_blocksize;
5211 
5212 	mutex_exit(SD_MUTEX(un));
5213 
5214 	buf = kmem_zalloc(EFI_MIN_ARRAY_SIZE, KM_SLEEP);
5215 
5216 	if (un->un_tgt_blocksize != un->un_sys_blocksize) {
5217 		rval = EINVAL;
5218 		goto done_err;
5219 	}
5220 
5221 	rval = sd_send_scsi_READ(un, buf, lbasize, 0, path_flag);
5222 	if (rval) {
5223 		goto done_err;
5224 	}
5225 	if (((struct dk_label *)buf)->dkl_magic == DKL_MAGIC) {
5226 		/* not ours */
5227 		rval = ESRCH;
5228 		goto done_err;
5229 	}
5230 
5231 	rval = sd_send_scsi_READ(un, buf, lbasize, 1, path_flag);
5232 	if (rval) {
5233 		goto done_err;
5234 	}
5235 	sd_swap_efi_gpt((efi_gpt_t *)buf);
5236 
5237 	if ((rval = sd_validate_efi((efi_gpt_t *)buf)) != 0) {
5238 		/*
5239 		 * Couldn't read the primary, try the backup.  Our
5240 		 * capacity at this point could be based on CHS, so
5241 		 * check what the device reports.
5242 		 */
5243 		rval = sd_send_scsi_READ_CAPACITY(un, &cap, &lbasize,
5244 		    path_flag);
5245 		if (rval) {
5246 			goto done_err;
5247 		}
5248 		if ((rval = sd_send_scsi_READ(un, buf, lbasize,
5249 		    cap - 1, path_flag)) != 0) {
5250 			goto done_err;
5251 		}
5252 		sd_swap_efi_gpt((efi_gpt_t *)buf);
5253 		if ((rval = sd_validate_efi((efi_gpt_t *)buf)) != 0)
5254 			goto done_err;
5255 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5256 		    "primary label corrupt; using backup\n");
5257 	}
5258 
5259 	nparts = ((efi_gpt_t *)buf)->efi_gpt_NumberOfPartitionEntries;
5260 	gpe_lba = ((efi_gpt_t *)buf)->efi_gpt_PartitionEntryLBA;
5261 
5262 	rval = sd_send_scsi_READ(un, buf, EFI_MIN_ARRAY_SIZE, gpe_lba,
5263 	    path_flag);
5264 	if (rval) {
5265 		goto done_err;
5266 	}
5267 	partitions = (efi_gpe_t *)buf;
5268 
5269 	if (nparts > MAXPART) {
5270 		nparts = MAXPART;
5271 	}
5272 	sd_swap_efi_gpe(nparts, partitions);
5273 
5274 	mutex_enter(SD_MUTEX(un));
5275 
5276 	/* Fill in partition table. */
5277 	for (i = 0; i < nparts; i++) {
5278 		if (partitions->efi_gpe_StartingLBA != 0 ||
5279 		    partitions->efi_gpe_EndingLBA != 0) {
5280 			un->un_map[i].dkl_cylno =
5281 			    partitions->efi_gpe_StartingLBA;
5282 			un->un_map[i].dkl_nblk =
5283 			    partitions->efi_gpe_EndingLBA -
5284 			    partitions->efi_gpe_StartingLBA + 1;
5285 			un->un_offset[i] =
5286 			    partitions->efi_gpe_StartingLBA;
5287 		}
5288 		if (i == WD_NODE) {
5289 			/*
5290 			 * minor number 7 corresponds to the whole disk
5291 			 */
5292 			un->un_map[i].dkl_cylno = 0;
5293 			un->un_map[i].dkl_nblk = un->un_blockcount;
5294 			un->un_offset[i] = 0;
5295 		}
5296 		partitions++;
5297 	}
5298 	un->un_solaris_offset = 0;
5299 	un->un_solaris_size = cap;
5300 	un->un_f_geometry_is_valid = TRUE;
5301 	kmem_free(buf, EFI_MIN_ARRAY_SIZE);
5302 	return (0);
5303 
5304 done_err:
5305 	kmem_free(buf, EFI_MIN_ARRAY_SIZE);
5306 	mutex_enter(SD_MUTEX(un));
5307 	/*
5308 	 * if we didn't find something that could look like a VTOC
5309 	 * and the disk is over 1TB, we know there isn't a valid label.
5310 	 * Otherwise let sd_uselabel decide what to do.  We only
5311 	 * want to invalidate this if we're certain the label isn't
5312 	 * valid because sd_prop_op will now fail, which in turn
5313 	 * causes things like opens and stats on the partition to fail.
5314 	 */
5315 	if ((un->un_blockcount > DK_MAX_BLOCKS) && (rval != ESRCH)) {
5316 		un->un_f_geometry_is_valid = FALSE;
5317 	}
5318 	return (rval);
5319 }
5320 
5321 
5322 /*
5323  *    Function: sd_uselabel
5324  *
5325  * Description: Validate the disk label and update the relevant data (geometry,
5326  *		partition, vtoc, and capacity data) in the sd_lun struct.
5327  *		Marks the geometry of the unit as being valid.
5328  *
5329  *   Arguments: un: unit struct.
5330  *		dk_label: disk label
5331  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
5332  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
5333  *			to use the USCSI "direct" chain and bypass the normal
5334  *			command waitq.
5335  *
5336  * Return Code: SD_LABEL_IS_VALID: Label read from disk is OK; geometry,
5337  *		partition, vtoc, and capacity data are good.
5338  *
5339  *		SD_LABEL_IS_INVALID: Magic number or checksum error in the
5340  *		label; or computed capacity does not jibe with capacity
5341  *		reported from the READ CAPACITY command.
5342  *
5343  *     Context: Kernel thread only (can sleep).
5344  */
5345 
5346 static int
5347 sd_uselabel(struct sd_lun *un, struct dk_label *labp, int path_flag)
5348 {
5349 	short	*sp;
5350 	short	sum;
5351 	short	count;
5352 	int	label_error = SD_LABEL_IS_VALID;
5353 	int	i;
5354 	int	capacity;
5355 	int	part_end;
5356 	int	track_capacity;
5357 	int	err;
5358 #if defined(_SUNOS_VTOC_16)
5359 	struct	dkl_partition	*vpartp;
5360 #endif
5361 	ASSERT(un != NULL);
5362 	ASSERT(mutex_owned(SD_MUTEX(un)));
5363 
5364 	/* Validate the magic number of the label. */
5365 	if (labp->dkl_magic != DKL_MAGIC) {
5366 #if defined(__sparc)
5367 		if ((un->un_state == SD_STATE_NORMAL) &&
5368 		    !ISREMOVABLE(un)) {
5369 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5370 			    "Corrupt label; wrong magic number\n");
5371 		}
5372 #endif
5373 		return (SD_LABEL_IS_INVALID);
5374 	}
5375 
5376 	/* Validate the checksum of the label. */
5377 	sp  = (short *)labp;
5378 	sum = 0;
5379 	count = sizeof (struct dk_label) / sizeof (short);
5380 	while (count--)	 {
5381 		sum ^= *sp++;
5382 	}
5383 
5384 	if (sum != 0) {
5385 #if defined(_SUNOS_VTOC_16)
5386 		if (un->un_state == SD_STATE_NORMAL && !ISCD(un)) {
5387 #elif defined(_SUNOS_VTOC_8)
5388 		if (un->un_state == SD_STATE_NORMAL && !ISREMOVABLE(un)) {
5389 #endif
5390 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5391 			    "Corrupt label - label checksum failed\n");
5392 		}
5393 		return (SD_LABEL_IS_INVALID);
5394 	}
5395 
5396 
5397 	/*
5398 	 * Fill in geometry structure with data from label.
5399 	 */
5400 	bzero(&un->un_g, sizeof (struct dk_geom));
5401 	un->un_g.dkg_ncyl   = labp->dkl_ncyl;
5402 	un->un_g.dkg_acyl   = labp->dkl_acyl;
5403 	un->un_g.dkg_bcyl   = 0;
5404 	un->un_g.dkg_nhead  = labp->dkl_nhead;
5405 	un->un_g.dkg_nsect  = labp->dkl_nsect;
5406 	un->un_g.dkg_intrlv = labp->dkl_intrlv;
5407 
5408 #if defined(_SUNOS_VTOC_8)
5409 	un->un_g.dkg_gap1   = labp->dkl_gap1;
5410 	un->un_g.dkg_gap2   = labp->dkl_gap2;
5411 	un->un_g.dkg_bhead  = labp->dkl_bhead;
5412 #endif
5413 #if defined(_SUNOS_VTOC_16)
5414 	un->un_dkg_skew = labp->dkl_skew;
5415 #endif
5416 
5417 #if defined(__i386) || defined(__amd64)
5418 	un->un_g.dkg_apc = labp->dkl_apc;
5419 #endif
5420 
5421 	/*
5422 	 * Currently we rely on the values in the label being accurate. If
5423 	 * dlk_rpm or dlk_pcly are zero in the label, use a default value.
5424 	 *
5425 	 * Note: In the future a MODE SENSE may be used to retrieve this data,
5426 	 * although this command is optional in SCSI-2.
5427 	 */
5428 	un->un_g.dkg_rpm  = (labp->dkl_rpm  != 0) ? labp->dkl_rpm  : 3600;
5429 	un->un_g.dkg_pcyl = (labp->dkl_pcyl != 0) ? labp->dkl_pcyl :
5430 	    (un->un_g.dkg_ncyl + un->un_g.dkg_acyl);
5431 
5432 	/*
5433 	 * The Read and Write reinstruct values may not be valid
5434 	 * for older disks.
5435 	 */
5436 	un->un_g.dkg_read_reinstruct  = labp->dkl_read_reinstruct;
5437 	un->un_g.dkg_write_reinstruct = labp->dkl_write_reinstruct;
5438 
5439 	/* Fill in partition table. */
5440 #if defined(_SUNOS_VTOC_8)
5441 	for (i = 0; i < NDKMAP; i++) {
5442 		un->un_map[i].dkl_cylno = labp->dkl_map[i].dkl_cylno;
5443 		un->un_map[i].dkl_nblk  = labp->dkl_map[i].dkl_nblk;
5444 	}
5445 #endif
5446 #if  defined(_SUNOS_VTOC_16)
5447 	vpartp		= labp->dkl_vtoc.v_part;
5448 	track_capacity	= labp->dkl_nhead * labp->dkl_nsect;
5449 
5450 	/* Prevent divide by zero */
5451 	if (track_capacity == 0) {
5452 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5453 		    "Corrupt label - zero nhead or nsect value\n");
5454 
5455 		return (SD_LABEL_IS_INVALID);
5456 	}
5457 
5458 	for (i = 0; i < NDKMAP; i++, vpartp++) {
5459 		un->un_map[i].dkl_cylno = vpartp->p_start / track_capacity;
5460 		un->un_map[i].dkl_nblk  = vpartp->p_size;
5461 	}
5462 #endif
5463 
5464 	/* Fill in VTOC Structure. */
5465 	bcopy(&labp->dkl_vtoc, &un->un_vtoc, sizeof (struct dk_vtoc));
5466 #if defined(_SUNOS_VTOC_8)
5467 	/*
5468 	 * The 8-slice vtoc does not include the ascii label; save it into
5469 	 * the device's soft state structure here.
5470 	 */
5471 	bcopy(labp->dkl_asciilabel, un->un_asciilabel, LEN_DKL_ASCII);
5472 #endif
5473 
5474 	/* Now look for a valid capacity. */
5475 	track_capacity	= (un->un_g.dkg_nhead * un->un_g.dkg_nsect);
5476 	capacity	= (un->un_g.dkg_ncyl  * track_capacity);
5477 
5478 	if (un->un_g.dkg_acyl) {
5479 #if defined(__i386) || defined(__amd64)
5480 		/* we may have > 1 alts cylinder */
5481 		capacity += (track_capacity * un->un_g.dkg_acyl);
5482 #else
5483 		capacity += track_capacity;
5484 #endif
5485 	}
5486 
5487 	/*
5488 	 * Force check here to ensure the computed capacity is valid.
5489 	 * If capacity is zero, it indicates an invalid label and
5490 	 * we should abort updating the relevant data then.
5491 	 */
5492 	if (capacity == 0) {
5493 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5494 		    "Corrupt label - no valid capacity could be retrieved\n");
5495 
5496 		return (SD_LABEL_IS_INVALID);
5497 	}
5498 
5499 	/* Mark the geometry as valid. */
5500 	un->un_f_geometry_is_valid = TRUE;
5501 
5502 	/*
5503 	 * At this point, un->un_blockcount should contain valid data from
5504 	 * the READ CAPACITY command.
5505 	 */
5506 	if (un->un_f_blockcount_is_valid != TRUE) {
5507 		/*
5508 		 * We have a situation where the target didn't give us a good
5509 		 * READ CAPACITY value, yet there appears to be a valid label.
5510 		 * In this case, we'll fake the capacity.
5511 		 */
5512 		un->un_blockcount = capacity;
5513 		un->un_f_blockcount_is_valid = TRUE;
5514 		goto done;
5515 	}
5516 
5517 
5518 	if ((capacity <= un->un_blockcount) ||
5519 	    (un->un_state != SD_STATE_NORMAL)) {
5520 #if defined(_SUNOS_VTOC_8)
5521 		/*
5522 		 * We can't let this happen on drives that are subdivided
5523 		 * into logical disks (i.e., that have an fdisk table).
5524 		 * The un_blockcount field should always hold the full media
5525 		 * size in sectors, period.  This code would overwrite
5526 		 * un_blockcount with the size of the Solaris fdisk partition.
5527 		 */
5528 		SD_ERROR(SD_LOG_COMMON, un,
5529 		    "sd_uselabel: Label %d blocks; Drive %d blocks\n",
5530 		    capacity, un->un_blockcount);
5531 		un->un_blockcount = capacity;
5532 		un->un_f_blockcount_is_valid = TRUE;
5533 #endif	/* defined(_SUNOS_VTOC_8) */
5534 		goto done;
5535 	}
5536 
5537 	if (ISCD(un)) {
5538 		/* For CDROMs, we trust that the data in the label is OK. */
5539 #if defined(_SUNOS_VTOC_8)
5540 		for (i = 0; i < NDKMAP; i++) {
5541 			part_end = labp->dkl_nhead * labp->dkl_nsect *
5542 			    labp->dkl_map[i].dkl_cylno +
5543 			    labp->dkl_map[i].dkl_nblk  - 1;
5544 
5545 			if ((labp->dkl_map[i].dkl_nblk) &&
5546 			    (part_end > un->un_blockcount)) {
5547 				un->un_f_geometry_is_valid = FALSE;
5548 				break;
5549 			}
5550 		}
5551 #endif
5552 #if defined(_SUNOS_VTOC_16)
5553 		vpartp = &(labp->dkl_vtoc.v_part[0]);
5554 		for (i = 0; i < NDKMAP; i++, vpartp++) {
5555 			part_end = vpartp->p_start + vpartp->p_size;
5556 			if ((vpartp->p_size > 0) &&
5557 			    (part_end > un->un_blockcount)) {
5558 				un->un_f_geometry_is_valid = FALSE;
5559 				break;
5560 			}
5561 		}
5562 #endif
5563 	} else {
5564 		uint64_t t_capacity;
5565 		uint32_t t_lbasize;
5566 
5567 		mutex_exit(SD_MUTEX(un));
5568 		err = sd_send_scsi_READ_CAPACITY(un, &t_capacity, &t_lbasize,
5569 		    path_flag);
5570 		ASSERT(t_capacity <= DK_MAX_BLOCKS);
5571 		mutex_enter(SD_MUTEX(un));
5572 
5573 		if (err == 0) {
5574 			sd_update_block_info(un, t_lbasize, t_capacity);
5575 		}
5576 
5577 		if (capacity > un->un_blockcount) {
5578 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
5579 			    "Corrupt label - bad geometry\n");
5580 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
5581 			    "Label says %u blocks; Drive says %llu blocks\n",
5582 			    capacity, (unsigned long long)un->un_blockcount);
5583 			un->un_f_geometry_is_valid = FALSE;
5584 			label_error = SD_LABEL_IS_INVALID;
5585 		}
5586 	}
5587 
5588 done:
5589 
5590 	SD_INFO(SD_LOG_COMMON, un, "sd_uselabel: (label geometry)\n");
5591 	SD_INFO(SD_LOG_COMMON, un,
5592 	    "   ncyl: %d; acyl: %d; nhead: %d; nsect: %d\n",
5593 	    un->un_g.dkg_ncyl,  un->un_g.dkg_acyl,
5594 	    un->un_g.dkg_nhead, un->un_g.dkg_nsect);
5595 	SD_INFO(SD_LOG_COMMON, un,
5596 	    "   lbasize: %d; capacity: %d; intrlv: %d; rpm: %d\n",
5597 	    un->un_tgt_blocksize, un->un_blockcount,
5598 	    un->un_g.dkg_intrlv, un->un_g.dkg_rpm);
5599 	SD_INFO(SD_LOG_COMMON, un, "   wrt_reinstr: %d; rd_reinstr: %d\n",
5600 	    un->un_g.dkg_write_reinstruct, un->un_g.dkg_read_reinstruct);
5601 
5602 	ASSERT(mutex_owned(SD_MUTEX(un)));
5603 
5604 	return (label_error);
5605 }
5606 
5607 
5608 /*
5609  *    Function: sd_build_default_label
5610  *
5611  * Description: Generate a default label for those devices that do not have
5612  *		one, e.g., new media, removable cartridges, etc..
5613  *
5614  *     Context: Kernel thread only
5615  */
5616 
5617 static void
5618 sd_build_default_label(struct sd_lun *un)
5619 {
5620 #if defined(_SUNOS_VTOC_16)
5621 	uint_t	phys_spc;
5622 	uint_t	disksize;
5623 	struct	dk_geom un_g;
5624 #endif
5625 
5626 	ASSERT(un != NULL);
5627 	ASSERT(mutex_owned(SD_MUTEX(un)));
5628 
5629 #if defined(_SUNOS_VTOC_8)
5630 	/*
5631 	 * Note: This is a legacy check for non-removable devices on VTOC_8
5632 	 * only. This may be a valid check for VTOC_16 as well.
5633 	 */
5634 	if (!ISREMOVABLE(un)) {
5635 		return;
5636 	}
5637 #endif
5638 
5639 	bzero(&un->un_g, sizeof (struct dk_geom));
5640 	bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
5641 	bzero(&un->un_map, NDKMAP * (sizeof (struct dk_map)));
5642 
5643 #if defined(_SUNOS_VTOC_8)
5644 
5645 	/*
5646 	 * It's a REMOVABLE media, therefore no label (on sparc, anyway).
5647 	 * But it is still necessary to set up various geometry information,
5648 	 * and we are doing this here.
5649 	 */
5650 
5651 	/*
5652 	 * For the rpm, we use the minimum for the disk.  For the head, cyl,
5653 	 * and number of sector per track, if the capacity <= 1GB, head = 64,
5654 	 * sect = 32.  else head = 255, sect 63 Note: the capacity should be
5655 	 * equal to C*H*S values.  This will cause some truncation of size due
5656 	 * to round off errors. For CD-ROMs, this truncation can have adverse
5657 	 * side effects, so returning ncyl and nhead as 1. The nsect will
5658 	 * overflow for most of CD-ROMs as nsect is of type ushort. (4190569)
5659 	 */
5660 	if (ISCD(un)) {
5661 		/*
5662 		 * Preserve the old behavior for non-writable
5663 		 * medias. Since dkg_nsect is a ushort, it
5664 		 * will lose bits as cdroms have more than
5665 		 * 65536 sectors. So if we recalculate
5666 		 * capacity, it will become much shorter.
5667 		 * But the dkg_* information is not
5668 		 * used for CDROMs so it is OK. But for
5669 		 * Writable CDs we need this information
5670 		 * to be valid (for newfs say). So we
5671 		 * make nsect and nhead > 1 that way
5672 		 * nsect can still stay within ushort limit
5673 		 * without losing any bits.
5674 		 */
5675 		if (un->un_f_mmc_writable_media == TRUE) {
5676 			un->un_g.dkg_nhead = 64;
5677 			un->un_g.dkg_nsect = 32;
5678 			un->un_g.dkg_ncyl = un->un_blockcount / (64 * 32);
5679 			un->un_blockcount = un->un_g.dkg_ncyl *
5680 			    un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5681 		} else {
5682 			un->un_g.dkg_ncyl  = 1;
5683 			un->un_g.dkg_nhead = 1;
5684 			un->un_g.dkg_nsect = un->un_blockcount;
5685 		}
5686 	} else {
5687 		if (un->un_blockcount <= 0x1000) {
5688 			/* unlabeled SCSI floppy device */
5689 			un->un_g.dkg_nhead = 2;
5690 			un->un_g.dkg_ncyl = 80;
5691 			un->un_g.dkg_nsect = un->un_blockcount / (2 * 80);
5692 		} else if (un->un_blockcount <= 0x200000) {
5693 			un->un_g.dkg_nhead = 64;
5694 			un->un_g.dkg_nsect = 32;
5695 			un->un_g.dkg_ncyl  = un->un_blockcount / (64 * 32);
5696 		} else {
5697 			un->un_g.dkg_nhead = 255;
5698 			un->un_g.dkg_nsect = 63;
5699 			un->un_g.dkg_ncyl  = un->un_blockcount / (255 * 63);
5700 		}
5701 		un->un_blockcount =
5702 		    un->un_g.dkg_ncyl * un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5703 	}
5704 
5705 	un->un_g.dkg_acyl	= 0;
5706 	un->un_g.dkg_bcyl	= 0;
5707 	un->un_g.dkg_rpm	= 200;
5708 	un->un_asciilabel[0]	= '\0';
5709 	un->un_g.dkg_pcyl	= un->un_g.dkg_ncyl;
5710 
5711 	un->un_map[0].dkl_cylno = 0;
5712 	un->un_map[0].dkl_nblk  = un->un_blockcount;
5713 	un->un_map[2].dkl_cylno = 0;
5714 	un->un_map[2].dkl_nblk  = un->un_blockcount;
5715 
5716 #elif defined(_SUNOS_VTOC_16)
5717 
5718 	if (un->un_solaris_size == 0) {
5719 		/*
5720 		 * Got fdisk table but no solaris entry therefore
5721 		 * don't create a default label
5722 		 */
5723 		un->un_f_geometry_is_valid = TRUE;
5724 		return;
5725 	}
5726 
5727 	/*
5728 	 * For CDs we continue to use the physical geometry to calculate
5729 	 * number of cylinders. All other devices must convert the
5730 	 * physical geometry (geom_cache) to values that will fit
5731 	 * in a dk_geom structure.
5732 	 */
5733 	if (ISCD(un)) {
5734 		phys_spc = un->un_pgeom.g_nhead * un->un_pgeom.g_nsect;
5735 	} else {
5736 		/* Convert physical geometry to disk geometry */
5737 		bzero(&un_g, sizeof (struct dk_geom));
5738 		sd_convert_geometry(un->un_blockcount, &un_g);
5739 		bcopy(&un_g, &un->un_g, sizeof (un->un_g));
5740 		phys_spc = un->un_g.dkg_nhead * un->un_g.dkg_nsect;
5741 	}
5742 
5743 	ASSERT(phys_spc != 0);
5744 	un->un_g.dkg_pcyl = un->un_solaris_size / phys_spc;
5745 	un->un_g.dkg_acyl = DK_ACYL;
5746 	un->un_g.dkg_ncyl = un->un_g.dkg_pcyl - DK_ACYL;
5747 	disksize = un->un_g.dkg_ncyl * phys_spc;
5748 
5749 	if (ISCD(un)) {
5750 		/*
5751 		 * CD's don't use the "heads * sectors * cyls"-type of
5752 		 * geometry, but instead use the entire capacity of the media.
5753 		 */
5754 		disksize = un->un_solaris_size;
5755 		un->un_g.dkg_nhead = 1;
5756 		un->un_g.dkg_nsect = 1;
5757 		un->un_g.dkg_rpm =
5758 		    (un->un_pgeom.g_rpm == 0) ? 200 : un->un_pgeom.g_rpm;
5759 
5760 		un->un_vtoc.v_part[0].p_start = 0;
5761 		un->un_vtoc.v_part[0].p_size  = disksize;
5762 		un->un_vtoc.v_part[0].p_tag   = V_BACKUP;
5763 		un->un_vtoc.v_part[0].p_flag  = V_UNMNT;
5764 
5765 		un->un_map[0].dkl_cylno = 0;
5766 		un->un_map[0].dkl_nblk  = disksize;
5767 		un->un_offset[0] = 0;
5768 
5769 	} else {
5770 		/*
5771 		 * Hard disks and removable media cartridges
5772 		 */
5773 		un->un_g.dkg_rpm =
5774 		    (un->un_pgeom.g_rpm == 0) ? 3600: un->un_pgeom.g_rpm;
5775 		un->un_vtoc.v_sectorsz = un->un_sys_blocksize;
5776 
5777 		/* Add boot slice */
5778 		un->un_vtoc.v_part[8].p_start = 0;
5779 		un->un_vtoc.v_part[8].p_size  = phys_spc;
5780 		un->un_vtoc.v_part[8].p_tag   = V_BOOT;
5781 		un->un_vtoc.v_part[8].p_flag  = V_UNMNT;
5782 
5783 		un->un_map[8].dkl_cylno = 0;
5784 		un->un_map[8].dkl_nblk  = phys_spc;
5785 		un->un_offset[8] = 0;
5786 	}
5787 
5788 	un->un_g.dkg_apc = 0;
5789 	un->un_vtoc.v_nparts = V_NUMPAR;
5790 	un->un_vtoc.v_version = V_VERSION;
5791 
5792 	/* Add backup slice */
5793 	un->un_vtoc.v_part[2].p_start = 0;
5794 	un->un_vtoc.v_part[2].p_size  = disksize;
5795 	un->un_vtoc.v_part[2].p_tag   = V_BACKUP;
5796 	un->un_vtoc.v_part[2].p_flag  = V_UNMNT;
5797 
5798 	un->un_map[2].dkl_cylno = 0;
5799 	un->un_map[2].dkl_nblk  = disksize;
5800 	un->un_offset[2] = 0;
5801 
5802 	(void) sprintf(un->un_vtoc.v_asciilabel, "DEFAULT cyl %d alt %d"
5803 	    " hd %d sec %d", un->un_g.dkg_ncyl, un->un_g.dkg_acyl,
5804 	    un->un_g.dkg_nhead, un->un_g.dkg_nsect);
5805 
5806 #else
5807 #error "No VTOC format defined."
5808 #endif
5809 
5810 	un->un_g.dkg_read_reinstruct  = 0;
5811 	un->un_g.dkg_write_reinstruct = 0;
5812 
5813 	un->un_g.dkg_intrlv = 1;
5814 
5815 	un->un_vtoc.v_sanity  = VTOC_SANE;
5816 
5817 	un->un_f_geometry_is_valid = TRUE;
5818 
5819 	SD_INFO(SD_LOG_COMMON, un,
5820 	    "sd_build_default_label: Default label created: "
5821 	    "cyl: %d\tacyl: %d\tnhead: %d\tnsect: %d\tcap: %d\n",
5822 	    un->un_g.dkg_ncyl, un->un_g.dkg_acyl, un->un_g.dkg_nhead,
5823 	    un->un_g.dkg_nsect, un->un_blockcount);
5824 }
5825 
5826 
5827 #if defined(_FIRMWARE_NEEDS_FDISK)
5828 /*
5829  * Max CHS values, as they are encoded into bytes, for 1022/254/63
5830  */
5831 #define	LBA_MAX_SECT	(63 | ((1022 & 0x300) >> 2))
5832 #define	LBA_MAX_CYL	(1022 & 0xFF)
5833 #define	LBA_MAX_HEAD	(254)
5834 
5835 
5836 /*
5837  *    Function: sd_has_max_chs_vals
5838  *
5839  * Description: Return TRUE if Cylinder-Head-Sector values are all at maximum.
5840  *
5841  *   Arguments: fdp - ptr to CHS info
5842  *
5843  * Return Code: True or false
5844  *
5845  *     Context: Any.
5846  */
5847 
5848 static int
5849 sd_has_max_chs_vals(struct ipart *fdp)
5850 {
5851 	return ((fdp->begcyl  == LBA_MAX_CYL)	&&
5852 	    (fdp->beghead == LBA_MAX_HEAD)	&&
5853 	    (fdp->begsect == LBA_MAX_SECT)	&&
5854 	    (fdp->endcyl  == LBA_MAX_CYL)	&&
5855 	    (fdp->endhead == LBA_MAX_HEAD)	&&
5856 	    (fdp->endsect == LBA_MAX_SECT));
5857 }
5858 #endif
5859 
5860 
5861 /*
5862  *    Function: sd_inq_fill
5863  *
5864  * Description: Print a piece of inquiry data, cleaned up for non-printable
5865  *		characters and stopping at the first space character after
5866  *		the beginning of the passed string;
5867  *
5868  *   Arguments: p - source string
5869  *		l - maximum length to copy
5870  *		s - destination string
5871  *
5872  *     Context: Any.
5873  */
5874 
5875 static void
5876 sd_inq_fill(char *p, int l, char *s)
5877 {
5878 	unsigned i = 0;
5879 	char c;
5880 
5881 	while (i++ < l) {
5882 		if ((c = *p++) < ' ' || c >= 0x7F) {
5883 			c = '*';
5884 		} else if (i != 1 && c == ' ') {
5885 			break;
5886 		}
5887 		*s++ = c;
5888 	}
5889 	*s++ = 0;
5890 }
5891 
5892 
5893 /*
5894  *    Function: sd_register_devid
5895  *
5896  * Description: This routine will obtain the device id information from the
5897  *		target, obtain the serial number, and register the device
5898  *		id with the ddi framework.
5899  *
5900  *   Arguments: devi - the system's dev_info_t for the device.
5901  *		un - driver soft state (unit) structure
5902  *		reservation_flag - indicates if a reservation conflict
5903  *		occurred during attach
5904  *
5905  *     Context: Kernel Thread
5906  */
5907 static void
5908 sd_register_devid(struct sd_lun *un, dev_info_t *devi, int reservation_flag)
5909 {
5910 	int		rval		= 0;
5911 	uchar_t		*inq80		= NULL;
5912 	size_t		inq80_len	= MAX_INQUIRY_SIZE;
5913 	size_t		inq80_resid	= 0;
5914 	uchar_t		*inq83		= NULL;
5915 	size_t		inq83_len	= MAX_INQUIRY_SIZE;
5916 	size_t		inq83_resid	= 0;
5917 
5918 	ASSERT(un != NULL);
5919 	ASSERT(mutex_owned(SD_MUTEX(un)));
5920 	ASSERT((SD_DEVINFO(un)) == devi);
5921 
5922 	/*
5923 	 * This is the case of antiquated Sun disk drives that have the
5924 	 * FAB_DEVID property set in the disk_table.  These drives
5925 	 * manage the devid's by storing them in last 2 available sectors
5926 	 * on the drive and have them fabricated by the ddi layer by calling
5927 	 * ddi_devid_init and passing the DEVID_FAB flag.
5928 	 */
5929 	if (un->un_f_opt_fab_devid == TRUE) {
5930 		/*
5931 		 * Depending on EINVAL isn't reliable, since a reserved disk
5932 		 * may result in invalid geometry, so check to make sure a
5933 		 * reservation conflict did not occur during attach.
5934 		 */
5935 		if ((sd_get_devid(un) == EINVAL) &&
5936 		    (reservation_flag != SD_TARGET_IS_RESERVED)) {
5937 			/*
5938 			 * The devid is invalid AND there is no reservation
5939 			 * conflict.  Fabricate a new devid.
5940 			 */
5941 			(void) sd_create_devid(un);
5942 		}
5943 
5944 		/* Register the devid if it exists */
5945 		if (un->un_devid != NULL) {
5946 			(void) ddi_devid_register(SD_DEVINFO(un),
5947 			    un->un_devid);
5948 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
5949 			    "sd_register_devid: Devid Fabricated\n");
5950 		}
5951 		return;
5952 	}
5953 
5954 	/*
5955 	 * We check the availibility of the World Wide Name (0x83) and Unit
5956 	 * Serial Number (0x80) pages in sd_check_vpd_page_support(), and using
5957 	 * un_vpd_page_mask from them, we decide which way to get the WWN.  If
5958 	 * 0x83 is availible, that is the best choice.  Our next choice is
5959 	 * 0x80.  If neither are availible, we munge the devid from the device
5960 	 * vid/pid/serial # for Sun qualified disks, or use the ddi framework
5961 	 * to fabricate a devid for non-Sun qualified disks.
5962 	 */
5963 	if (sd_check_vpd_page_support(un) == 0) {
5964 		/* collect page 80 data if available */
5965 		if (un->un_vpd_page_mask & SD_VPD_UNIT_SERIAL_PG) {
5966 
5967 			mutex_exit(SD_MUTEX(un));
5968 			inq80 = kmem_zalloc(inq80_len, KM_SLEEP);
5969 			rval = sd_send_scsi_INQUIRY(un, inq80, inq80_len,
5970 			    0x01, 0x80, &inq80_resid);
5971 
5972 			if (rval != 0) {
5973 				kmem_free(inq80, inq80_len);
5974 				inq80 = NULL;
5975 				inq80_len = 0;
5976 			}
5977 			mutex_enter(SD_MUTEX(un));
5978 		}
5979 
5980 		/* collect page 83 data if available */
5981 		if (un->un_vpd_page_mask & SD_VPD_DEVID_WWN_PG) {
5982 
5983 			mutex_exit(SD_MUTEX(un));
5984 			inq83 = kmem_zalloc(inq83_len, KM_SLEEP);
5985 			rval = sd_send_scsi_INQUIRY(un, inq83, inq83_len,
5986 			    0x01, 0x83, &inq83_resid);
5987 
5988 			if (rval != 0) {
5989 				kmem_free(inq83, inq83_len);
5990 				inq83 = NULL;
5991 				inq83_len = 0;
5992 			}
5993 			mutex_enter(SD_MUTEX(un));
5994 		}
5995 	}
5996 
5997 	/* encode best devid possible based on data available */
5998 	if (ddi_devid_scsi_encode(DEVID_SCSI_ENCODE_VERSION_LATEST,
5999 	    (char *)ddi_driver_name(SD_DEVINFO(un)),
6000 	    (uchar_t *)SD_INQUIRY(un), sizeof (*SD_INQUIRY(un)),
6001 	    inq80, inq80_len - inq80_resid, inq83, inq83_len -
6002 	    inq83_resid, &un->un_devid) == DDI_SUCCESS) {
6003 
6004 		/* devid successfully encoded, register devid */
6005 		(void) ddi_devid_register(SD_DEVINFO(un), un->un_devid);
6006 
6007 	} else {
6008 		/*
6009 		 * Unable to encode a devid based on data available.
6010 		 * This is not a Sun qualified disk.  Older Sun disk
6011 		 * drives that have the SD_FAB_DEVID property
6012 		 * set in the disk_table and non Sun qualified
6013 		 * disks are treated in the same manner.  These
6014 		 * drives manage the devid's by storing them in
6015 		 * last 2 available sectors on the drive and
6016 		 * have them fabricated by the ddi layer by
6017 		 * calling ddi_devid_init and passing the
6018 		 * DEVID_FAB flag.
6019 		 * Create a fabricate devid only if there's no
6020 		 * fabricate devid existed.
6021 		 */
6022 		if (sd_get_devid(un) == EINVAL) {
6023 			(void) sd_create_devid(un);
6024 			un->un_f_opt_fab_devid = TRUE;
6025 		}
6026 
6027 		/* Register the devid if it exists */
6028 		if (un->un_devid != NULL) {
6029 			(void) ddi_devid_register(SD_DEVINFO(un),
6030 			    un->un_devid);
6031 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
6032 			    "sd_register_devid: devid fabricated using "
6033 			    "ddi framework\n");
6034 		}
6035 	}
6036 
6037 	/* clean up resources */
6038 	if (inq80 != NULL) {
6039 		kmem_free(inq80, inq80_len);
6040 	}
6041 	if (inq83 != NULL) {
6042 		kmem_free(inq83, inq83_len);
6043 	}
6044 }
6045 
6046 static daddr_t
6047 sd_get_devid_block(struct sd_lun *un)
6048 {
6049 	daddr_t			spc, blk, head, cyl;
6050 
6051 	if (un->un_blockcount <= DK_MAX_BLOCKS) {
6052 		/* this geometry doesn't allow us to write a devid */
6053 		if (un->un_g.dkg_acyl < 2) {
6054 			return (-1);
6055 		}
6056 
6057 		/*
6058 		 * Subtract 2 guarantees that the next to last cylinder
6059 		 * is used
6060 		 */
6061 		cyl  = un->un_g.dkg_ncyl  + un->un_g.dkg_acyl - 2;
6062 		spc  = un->un_g.dkg_nhead * un->un_g.dkg_nsect;
6063 		head = un->un_g.dkg_nhead - 1;
6064 		blk  = (cyl * (spc - un->un_g.dkg_apc)) +
6065 		    (head * un->un_g.dkg_nsect) + 1;
6066 	} else {
6067 		if (un->un_reserved != -1) {
6068 			blk = un->un_map[un->un_reserved].dkl_cylno + 1;
6069 		} else {
6070 			return (-1);
6071 		}
6072 	}
6073 	return (blk);
6074 }
6075 
6076 /*
6077  *    Function: sd_get_devid
6078  *
6079  * Description: This routine will return 0 if a valid device id has been
6080  *		obtained from the target and stored in the soft state. If a
6081  *		valid device id has not been previously read and stored, a
6082  *		read attempt will be made.
6083  *
6084  *   Arguments: un - driver soft state (unit) structure
6085  *
6086  * Return Code: 0 if we successfully get the device id
6087  *
6088  *     Context: Kernel Thread
6089  */
6090 
6091 static int
6092 sd_get_devid(struct sd_lun *un)
6093 {
6094 	struct dk_devid		*dkdevid;
6095 	ddi_devid_t		tmpid;
6096 	uint_t			*ip;
6097 	size_t			sz;
6098 	daddr_t			blk;
6099 	int			status;
6100 	int			chksum;
6101 	int			i;
6102 	size_t			buffer_size;
6103 
6104 	ASSERT(un != NULL);
6105 	ASSERT(mutex_owned(SD_MUTEX(un)));
6106 
6107 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_get_devid: entry: un: 0x%p\n",
6108 	    un);
6109 
6110 	if (un->un_devid != NULL) {
6111 		return (0);
6112 	}
6113 
6114 	blk = sd_get_devid_block(un);
6115 	if (blk < 0)
6116 		return (EINVAL);
6117 
6118 	/*
6119 	 * Read and verify device id, stored in the reserved cylinders at the
6120 	 * end of the disk. Backup label is on the odd sectors of the last
6121 	 * track of the last cylinder. Device id will be on track of the next
6122 	 * to last cylinder.
6123 	 */
6124 	buffer_size = SD_REQBYTES2TGTBYTES(un, sizeof (struct dk_devid));
6125 	mutex_exit(SD_MUTEX(un));
6126 	dkdevid = kmem_alloc(buffer_size, KM_SLEEP);
6127 	status = sd_send_scsi_READ(un, dkdevid, buffer_size, blk,
6128 	    SD_PATH_DIRECT);
6129 	if (status != 0) {
6130 		goto error;
6131 	}
6132 
6133 	/* Validate the revision */
6134 	if ((dkdevid->dkd_rev_hi != DK_DEVID_REV_MSB) ||
6135 	    (dkdevid->dkd_rev_lo != DK_DEVID_REV_LSB)) {
6136 		status = EINVAL;
6137 		goto error;
6138 	}
6139 
6140 	/* Calculate the checksum */
6141 	chksum = 0;
6142 	ip = (uint_t *)dkdevid;
6143 	for (i = 0; i < ((un->un_sys_blocksize - sizeof (int))/sizeof (int));
6144 	    i++) {
6145 		chksum ^= ip[i];
6146 	}
6147 
6148 	/* Compare the checksums */
6149 	if (DKD_GETCHKSUM(dkdevid) != chksum) {
6150 		status = EINVAL;
6151 		goto error;
6152 	}
6153 
6154 	/* Validate the device id */
6155 	if (ddi_devid_valid((ddi_devid_t)&dkdevid->dkd_devid) != DDI_SUCCESS) {
6156 		status = EINVAL;
6157 		goto error;
6158 	}
6159 
6160 	/*
6161 	 * Store the device id in the driver soft state
6162 	 */
6163 	sz = ddi_devid_sizeof((ddi_devid_t)&dkdevid->dkd_devid);
6164 	tmpid = kmem_alloc(sz, KM_SLEEP);
6165 
6166 	mutex_enter(SD_MUTEX(un));
6167 
6168 	un->un_devid = tmpid;
6169 	bcopy(&dkdevid->dkd_devid, un->un_devid, sz);
6170 
6171 	kmem_free(dkdevid, buffer_size);
6172 
6173 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_get_devid: exit: un:0x%p\n", un);
6174 
6175 	return (status);
6176 error:
6177 	mutex_enter(SD_MUTEX(un));
6178 	kmem_free(dkdevid, buffer_size);
6179 	return (status);
6180 }
6181 
6182 
6183 /*
6184  *    Function: sd_create_devid
6185  *
6186  * Description: This routine will fabricate the device id and write it
6187  *		to the disk.
6188  *
6189  *   Arguments: un - driver soft state (unit) structure
6190  *
6191  * Return Code: value of the fabricated device id
6192  *
6193  *     Context: Kernel Thread
6194  */
6195 
6196 static ddi_devid_t
6197 sd_create_devid(struct sd_lun *un)
6198 {
6199 	ASSERT(un != NULL);
6200 
6201 	/* Fabricate the devid */
6202 	if (ddi_devid_init(SD_DEVINFO(un), DEVID_FAB, 0, NULL, &un->un_devid)
6203 	    == DDI_FAILURE) {
6204 		return (NULL);
6205 	}
6206 
6207 	/* Write the devid to disk */
6208 	if (sd_write_deviceid(un) != 0) {
6209 		ddi_devid_free(un->un_devid);
6210 		un->un_devid = NULL;
6211 	}
6212 
6213 	return (un->un_devid);
6214 }
6215 
6216 
6217 /*
6218  *    Function: sd_write_deviceid
6219  *
6220  * Description: This routine will write the device id to the disk
6221  *		reserved sector.
6222  *
6223  *   Arguments: un - driver soft state (unit) structure
6224  *
6225  * Return Code: EINVAL
6226  *		value returned by sd_send_scsi_cmd
6227  *
6228  *     Context: Kernel Thread
6229  */
6230 
6231 static int
6232 sd_write_deviceid(struct sd_lun *un)
6233 {
6234 	struct dk_devid		*dkdevid;
6235 	daddr_t			blk;
6236 	uint_t			*ip, chksum;
6237 	int			status;
6238 	int			i;
6239 
6240 	ASSERT(mutex_owned(SD_MUTEX(un)));
6241 
6242 	blk = sd_get_devid_block(un);
6243 	if (blk < 0)
6244 		return (-1);
6245 	mutex_exit(SD_MUTEX(un));
6246 
6247 	/* Allocate the buffer */
6248 	dkdevid = kmem_zalloc(un->un_sys_blocksize, KM_SLEEP);
6249 
6250 	/* Fill in the revision */
6251 	dkdevid->dkd_rev_hi = DK_DEVID_REV_MSB;
6252 	dkdevid->dkd_rev_lo = DK_DEVID_REV_LSB;
6253 
6254 	/* Copy in the device id */
6255 	mutex_enter(SD_MUTEX(un));
6256 	bcopy(un->un_devid, &dkdevid->dkd_devid,
6257 	    ddi_devid_sizeof(un->un_devid));
6258 	mutex_exit(SD_MUTEX(un));
6259 
6260 	/* Calculate the checksum */
6261 	chksum = 0;
6262 	ip = (uint_t *)dkdevid;
6263 	for (i = 0; i < ((un->un_sys_blocksize - sizeof (int))/sizeof (int));
6264 	    i++) {
6265 		chksum ^= ip[i];
6266 	}
6267 
6268 	/* Fill-in checksum */
6269 	DKD_FORMCHKSUM(chksum, dkdevid);
6270 
6271 	/* Write the reserved sector */
6272 	status = sd_send_scsi_WRITE(un, dkdevid, un->un_sys_blocksize, blk,
6273 	    SD_PATH_DIRECT);
6274 
6275 	kmem_free(dkdevid, un->un_sys_blocksize);
6276 
6277 	mutex_enter(SD_MUTEX(un));
6278 	return (status);
6279 }
6280 
6281 
6282 /*
6283  *    Function: sd_check_vpd_page_support
6284  *
6285  * Description: This routine sends an inquiry command with the EVPD bit set and
6286  *		a page code of 0x00 to the device. It is used to determine which
6287  *		vital product pages are availible to find the devid. We are
6288  *		looking for pages 0x83 or 0x80.  If we return a negative 1, the
6289  *		device does not support that command.
6290  *
6291  *   Arguments: un  - driver soft state (unit) structure
6292  *
6293  * Return Code: 0 - success
6294  *		1 - check condition
6295  *
6296  *     Context: This routine can sleep.
6297  */
6298 
6299 static int
6300 sd_check_vpd_page_support(struct sd_lun *un)
6301 {
6302 	uchar_t	*page_list	= NULL;
6303 	uchar_t	page_length	= 0xff;	/* Use max possible length */
6304 	uchar_t	evpd		= 0x01;	/* Set the EVPD bit */
6305 	uchar_t	page_code	= 0x00;	/* Supported VPD Pages */
6306 	int    	rval		= 0;
6307 	int	counter;
6308 
6309 	ASSERT(un != NULL);
6310 	ASSERT(mutex_owned(SD_MUTEX(un)));
6311 
6312 	mutex_exit(SD_MUTEX(un));
6313 
6314 	/*
6315 	 * We'll set the page length to the maximum to save figuring it out
6316 	 * with an additional call.
6317 	 */
6318 	page_list =  kmem_zalloc(page_length, KM_SLEEP);
6319 
6320 	rval = sd_send_scsi_INQUIRY(un, page_list, page_length, evpd,
6321 	    page_code, NULL);
6322 
6323 	mutex_enter(SD_MUTEX(un));
6324 
6325 	/*
6326 	 * Now we must validate that the device accepted the command, as some
6327 	 * drives do not support it.  If the drive does support it, we will
6328 	 * return 0, and the supported pages will be in un_vpd_page_mask.  If
6329 	 * not, we return -1.
6330 	 */
6331 	if ((rval == 0) && (page_list[VPD_MODE_PAGE] == 0x00)) {
6332 		/* Loop to find one of the 2 pages we need */
6333 		counter = 4;  /* Supported pages start at byte 4, with 0x00 */
6334 
6335 		/*
6336 		 * Pages are returned in ascending order, and 0x83 is what we
6337 		 * are hoping for.
6338 		 */
6339 		while ((page_list[counter] <= 0x83) &&
6340 		    (counter <= (page_list[VPD_PAGE_LENGTH] +
6341 		    VPD_HEAD_OFFSET))) {
6342 			/*
6343 			 * Add 3 because page_list[3] is the number of
6344 			 * pages minus 3
6345 			 */
6346 
6347 			switch (page_list[counter]) {
6348 			case 0x00:
6349 				un->un_vpd_page_mask |= SD_VPD_SUPPORTED_PG;
6350 				break;
6351 			case 0x80:
6352 				un->un_vpd_page_mask |= SD_VPD_UNIT_SERIAL_PG;
6353 				break;
6354 			case 0x81:
6355 				un->un_vpd_page_mask |= SD_VPD_OPERATING_PG;
6356 				break;
6357 			case 0x82:
6358 				un->un_vpd_page_mask |= SD_VPD_ASCII_OP_PG;
6359 				break;
6360 			case 0x83:
6361 				un->un_vpd_page_mask |= SD_VPD_DEVID_WWN_PG;
6362 				break;
6363 			}
6364 			counter++;
6365 		}
6366 
6367 	} else {
6368 		rval = -1;
6369 
6370 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
6371 		    "sd_check_vpd_page_support: This drive does not implement "
6372 		    "VPD pages.\n");
6373 	}
6374 
6375 	kmem_free(page_list, page_length);
6376 
6377 	return (rval);
6378 }
6379 
6380 
6381 /*
6382  *    Function: sd_setup_pm
6383  *
6384  * Description: Initialize Power Management on the device
6385  *
6386  *     Context: Kernel Thread
6387  */
6388 
6389 static void
6390 sd_setup_pm(struct sd_lun *un, dev_info_t *devi)
6391 {
6392 	uint_t	log_page_size;
6393 	uchar_t	*log_page_data;
6394 	int	rval;
6395 
6396 	/*
6397 	 * Since we are called from attach, holding a mutex for
6398 	 * un is unnecessary. Because some of the routines called
6399 	 * from here require SD_MUTEX to not be held, assert this
6400 	 * right up front.
6401 	 */
6402 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6403 	/*
6404 	 * Since the sd device does not have the 'reg' property,
6405 	 * cpr will not call its DDI_SUSPEND/DDI_RESUME entries.
6406 	 * The following code is to tell cpr that this device
6407 	 * DOES need to be suspended and resumed.
6408 	 */
6409 	(void) ddi_prop_update_string(DDI_DEV_T_NONE, devi,
6410 	    "pm-hardware-state", "needs-suspend-resume");
6411 
6412 	/*
6413 	 * Check if HBA has set the "pm-capable" property.
6414 	 * If "pm-capable" exists and is non-zero then we can
6415 	 * power manage the device without checking the start/stop
6416 	 * cycle count log sense page.
6417 	 *
6418 	 * If "pm-capable" exists and is SD_PM_CAPABLE_FALSE (0)
6419 	 * then we should not power manage the device.
6420 	 *
6421 	 * If "pm-capable" doesn't exist then un->un_pm_capable_prop will
6422 	 * be set to SD_PM_CAPABLE_UNDEFINED (-1).  In this case, sd will
6423 	 * check the start/stop cycle count log sense page and power manage
6424 	 * the device if the cycle count limit has not been exceeded.
6425 	 */
6426 	un->un_pm_capable_prop =
6427 	    ddi_prop_get_int(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS,
6428 		"pm-capable", SD_PM_CAPABLE_UNDEFINED);
6429 	if (un->un_pm_capable_prop != SD_PM_CAPABLE_UNDEFINED) {
6430 		/*
6431 		 * pm-capable property exists.
6432 		 *
6433 		 * Convert "TRUE" values for un_pm_capable_prop to
6434 		 * SD_PM_CAPABLE_TRUE (1) to make it easier to check later.
6435 		 * "TRUE" values are any values except SD_PM_CAPABLE_FALSE (0)
6436 		 *  and SD_PM_CAPABLE_UNDEFINED (-1)
6437 		 */
6438 		if (un->un_pm_capable_prop != SD_PM_CAPABLE_FALSE) {
6439 			un->un_pm_capable_prop = SD_PM_CAPABLE_TRUE;
6440 		}
6441 
6442 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
6443 		    "sd_unit_attach: un:0x%p pm-capable "
6444 		    "property set to %d.\n", un, un->un_pm_capable_prop);
6445 	}
6446 
6447 	/*
6448 	 * This complies with the new power management framework
6449 	 * for certain desktop machines. Create the pm_components
6450 	 * property as a string array property.
6451 	 *
6452 	 * If this is a removable device or if the pm-capable property
6453 	 * is SD_PM_CAPABLE_TRUE (1) then we should create the
6454 	 * pm_components property without checking for the existance of
6455 	 * the start-stop cycle counter log page
6456 	 */
6457 	if (ISREMOVABLE(un) ||
6458 	    un->un_pm_capable_prop == SD_PM_CAPABLE_TRUE) {
6459 		/*
6460 		 * not all devices have a motor, try it first.
6461 		 * some devices may return ILLEGAL REQUEST, some
6462 		 * will hang
6463 		 */
6464 		un->un_f_start_stop_supported = TRUE;
6465 		if (sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
6466 		    SD_PATH_DIRECT) != 0) {
6467 			un->un_f_start_stop_supported = FALSE;
6468 		}
6469 
6470 		/*
6471 		 * create pm properties anyways otherwise the parent can't
6472 		 * go to sleep
6473 		 */
6474 		(void) sd_create_pm_components(devi, un);
6475 		un->un_f_pm_is_enabled = TRUE;
6476 
6477 		/*
6478 		 * Need to create a zero length (Boolean) property
6479 		 * removable-media for the removable media devices.
6480 		 * Note that the return value of the property is not being
6481 		 * checked, since if unable to create the property
6482 		 * then do not want the attach to fail altogether. Consistent
6483 		 * with other property creation in attach.
6484 		 */
6485 		if (ISREMOVABLE(un)) {
6486 			(void) ddi_prop_create(DDI_DEV_T_NONE, devi,
6487 			    DDI_PROP_CANSLEEP, "removable-media", NULL, 0);
6488 		}
6489 		return;
6490 	}
6491 
6492 	rval = sd_log_page_supported(un, START_STOP_CYCLE_PAGE);
6493 
6494 #ifdef	SDDEBUG
6495 	if (sd_force_pm_supported) {
6496 		/* Force a successful result */
6497 		rval = 1;
6498 	}
6499 #endif
6500 
6501 	/*
6502 	 * If the start-stop cycle counter log page is not supported
6503 	 * or if the pm-capable property is SD_PM_CAPABLE_FALSE (0)
6504 	 * then we should not create the pm_components property.
6505 	 */
6506 	if (rval == -1 || un->un_pm_capable_prop == SD_PM_CAPABLE_FALSE) {
6507 		/*
6508 		 * Error.
6509 		 * Reading log sense failed, most likely this is
6510 		 * an older drive that does not support log sense.
6511 		 * If this fails auto-pm is not supported.
6512 		 */
6513 		un->un_power_level = SD_SPINDLE_ON;
6514 		un->un_f_pm_is_enabled = FALSE;
6515 
6516 	} else if (rval == 0) {
6517 		/*
6518 		 * Page not found.
6519 		 * The start stop cycle counter is implemented as page
6520 		 * START_STOP_CYCLE_PAGE_VU_PAGE (0x31) in older disks. For
6521 		 * newer disks it is implemented as START_STOP_CYCLE_PAGE (0xE).
6522 		 */
6523 		if (sd_log_page_supported(un, START_STOP_CYCLE_VU_PAGE) == 1) {
6524 			/*
6525 			 * Page found, use this one.
6526 			 */
6527 			un->un_start_stop_cycle_page = START_STOP_CYCLE_VU_PAGE;
6528 			un->un_f_pm_is_enabled = TRUE;
6529 		} else {
6530 			/*
6531 			 * Error or page not found.
6532 			 * auto-pm is not supported for this device.
6533 			 */
6534 			un->un_power_level = SD_SPINDLE_ON;
6535 			un->un_f_pm_is_enabled = FALSE;
6536 		}
6537 	} else {
6538 		/*
6539 		 * Page found, use it.
6540 		 */
6541 		un->un_start_stop_cycle_page = START_STOP_CYCLE_PAGE;
6542 		un->un_f_pm_is_enabled = TRUE;
6543 	}
6544 
6545 
6546 	if (un->un_f_pm_is_enabled == TRUE) {
6547 		log_page_size = START_STOP_CYCLE_COUNTER_PAGE_SIZE;
6548 		log_page_data = kmem_zalloc(log_page_size, KM_SLEEP);
6549 
6550 		rval = sd_send_scsi_LOG_SENSE(un, log_page_data,
6551 		    log_page_size, un->un_start_stop_cycle_page,
6552 		    0x01, 0, SD_PATH_DIRECT);
6553 #ifdef	SDDEBUG
6554 		if (sd_force_pm_supported) {
6555 			/* Force a successful result */
6556 			rval = 0;
6557 		}
6558 #endif
6559 
6560 		/*
6561 		 * If the Log sense for Page( Start/stop cycle counter page)
6562 		 * succeeds, then power managment is supported and we can
6563 		 * enable auto-pm.
6564 		 */
6565 		if (rval == 0)  {
6566 			(void) sd_create_pm_components(devi, un);
6567 		} else {
6568 			un->un_power_level = SD_SPINDLE_ON;
6569 			un->un_f_pm_is_enabled = FALSE;
6570 		}
6571 
6572 		kmem_free(log_page_data, log_page_size);
6573 	}
6574 }
6575 
6576 
6577 /*
6578  *    Function: sd_create_pm_components
6579  *
6580  * Description: Initialize PM property.
6581  *
6582  *     Context: Kernel thread context
6583  */
6584 
6585 static void
6586 sd_create_pm_components(dev_info_t *devi, struct sd_lun *un)
6587 {
6588 	char *pm_comp[] = { "NAME=spindle-motor", "0=off", "1=on", NULL };
6589 
6590 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6591 
6592 	if (ddi_prop_update_string_array(DDI_DEV_T_NONE, devi,
6593 	    "pm-components", pm_comp, 3) == DDI_PROP_SUCCESS) {
6594 		/*
6595 		 * When components are initially created they are idle,
6596 		 * power up any non-removables.
6597 		 * Note: the return value of pm_raise_power can't be used
6598 		 * for determining if PM should be enabled for this device.
6599 		 * Even if you check the return values and remove this
6600 		 * property created above, the PM framework will not honor the
6601 		 * change after the first call to pm_raise_power. Hence,
6602 		 * removal of that property does not help if pm_raise_power
6603 		 * fails. In the case of removable media, the start/stop
6604 		 * will fail if the media is not present.
6605 		 */
6606 		if ((!ISREMOVABLE(un)) && (pm_raise_power(SD_DEVINFO(un), 0,
6607 		    SD_SPINDLE_ON) == DDI_SUCCESS)) {
6608 			mutex_enter(SD_MUTEX(un));
6609 			un->un_power_level = SD_SPINDLE_ON;
6610 			mutex_enter(&un->un_pm_mutex);
6611 			/* Set to on and not busy. */
6612 			un->un_pm_count = 0;
6613 		} else {
6614 			mutex_enter(SD_MUTEX(un));
6615 			un->un_power_level = SD_SPINDLE_OFF;
6616 			mutex_enter(&un->un_pm_mutex);
6617 			/* Set to off. */
6618 			un->un_pm_count = -1;
6619 		}
6620 		mutex_exit(&un->un_pm_mutex);
6621 		mutex_exit(SD_MUTEX(un));
6622 	} else {
6623 		un->un_power_level = SD_SPINDLE_ON;
6624 		un->un_f_pm_is_enabled = FALSE;
6625 	}
6626 }
6627 
6628 
6629 /*
6630  *    Function: sd_ddi_suspend
6631  *
6632  * Description: Performs system power-down operations. This includes
6633  *		setting the drive state to indicate its suspended so
6634  *		that no new commands will be accepted. Also, wait for
6635  *		all commands that are in transport or queued to a timer
6636  *		for retry to complete. All timeout threads are cancelled.
6637  *
6638  * Return Code: DDI_FAILURE or DDI_SUCCESS
6639  *
6640  *     Context: Kernel thread context
6641  */
6642 
6643 static int
6644 sd_ddi_suspend(dev_info_t *devi)
6645 {
6646 	struct	sd_lun	*un;
6647 	clock_t		wait_cmds_complete;
6648 
6649 	un = ddi_get_soft_state(sd_state, ddi_get_instance(devi));
6650 	if (un == NULL) {
6651 		return (DDI_FAILURE);
6652 	}
6653 
6654 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: entry\n");
6655 
6656 	mutex_enter(SD_MUTEX(un));
6657 
6658 	/* Return success if the device is already suspended. */
6659 	if (un->un_state == SD_STATE_SUSPENDED) {
6660 		mutex_exit(SD_MUTEX(un));
6661 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6662 		    "device already suspended, exiting\n");
6663 		return (DDI_SUCCESS);
6664 	}
6665 
6666 	/* Return failure if the device is being used by HA */
6667 	if (un->un_resvd_status &
6668 	    (SD_RESERVE | SD_WANT_RESERVE | SD_LOST_RESERVE)) {
6669 		mutex_exit(SD_MUTEX(un));
6670 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6671 		    "device in use by HA, exiting\n");
6672 		return (DDI_FAILURE);
6673 	}
6674 
6675 	/*
6676 	 * Return failure if the device is in a resource wait
6677 	 * or power changing state.
6678 	 */
6679 	if ((un->un_state == SD_STATE_RWAIT) ||
6680 	    (un->un_state == SD_STATE_PM_CHANGING)) {
6681 		mutex_exit(SD_MUTEX(un));
6682 		SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: "
6683 		    "device in resource wait state, exiting\n");
6684 		return (DDI_FAILURE);
6685 	}
6686 
6687 
6688 	un->un_save_state = un->un_last_state;
6689 	New_state(un, SD_STATE_SUSPENDED);
6690 
6691 	/*
6692 	 * Wait for all commands that are in transport or queued to a timer
6693 	 * for retry to complete.
6694 	 *
6695 	 * While waiting, no new commands will be accepted or sent because of
6696 	 * the new state we set above.
6697 	 *
6698 	 * Wait till current operation has completed. If we are in the resource
6699 	 * wait state (with an intr outstanding) then we need to wait till the
6700 	 * intr completes and starts the next cmd. We want to wait for
6701 	 * SD_WAIT_CMDS_COMPLETE seconds before failing the DDI_SUSPEND.
6702 	 */
6703 	wait_cmds_complete = ddi_get_lbolt() +
6704 	    (sd_wait_cmds_complete * drv_usectohz(1000000));
6705 
6706 	while (un->un_ncmds_in_transport != 0) {
6707 		/*
6708 		 * Fail if commands do not finish in the specified time.
6709 		 */
6710 		if (cv_timedwait(&un->un_disk_busy_cv, SD_MUTEX(un),
6711 		    wait_cmds_complete) == -1) {
6712 			/*
6713 			 * Undo the state changes made above. Everything
6714 			 * must go back to it's original value.
6715 			 */
6716 			Restore_state(un);
6717 			un->un_last_state = un->un_save_state;
6718 			/* Wake up any threads that might be waiting. */
6719 			cv_broadcast(&un->un_suspend_cv);
6720 			mutex_exit(SD_MUTEX(un));
6721 			SD_ERROR(SD_LOG_IO_PM, un,
6722 			    "sd_ddi_suspend: failed due to outstanding cmds\n");
6723 			SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: exiting\n");
6724 			return (DDI_FAILURE);
6725 		}
6726 	}
6727 
6728 	/*
6729 	 * Cancel SCSI watch thread and timeouts, if any are active
6730 	 */
6731 
6732 	if (SD_OK_TO_SUSPEND_SCSI_WATCHER(un)) {
6733 		opaque_t temp_token = un->un_swr_token;
6734 		mutex_exit(SD_MUTEX(un));
6735 		scsi_watch_suspend(temp_token);
6736 		mutex_enter(SD_MUTEX(un));
6737 	}
6738 
6739 	if (un->un_reset_throttle_timeid != NULL) {
6740 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
6741 		un->un_reset_throttle_timeid = NULL;
6742 		mutex_exit(SD_MUTEX(un));
6743 		(void) untimeout(temp_id);
6744 		mutex_enter(SD_MUTEX(un));
6745 	}
6746 
6747 	if (un->un_dcvb_timeid != NULL) {
6748 		timeout_id_t temp_id = un->un_dcvb_timeid;
6749 		un->un_dcvb_timeid = NULL;
6750 		mutex_exit(SD_MUTEX(un));
6751 		(void) untimeout(temp_id);
6752 		mutex_enter(SD_MUTEX(un));
6753 	}
6754 
6755 	mutex_enter(&un->un_pm_mutex);
6756 	if (un->un_pm_timeid != NULL) {
6757 		timeout_id_t temp_id = un->un_pm_timeid;
6758 		un->un_pm_timeid = NULL;
6759 		mutex_exit(&un->un_pm_mutex);
6760 		mutex_exit(SD_MUTEX(un));
6761 		(void) untimeout(temp_id);
6762 		mutex_enter(SD_MUTEX(un));
6763 	} else {
6764 		mutex_exit(&un->un_pm_mutex);
6765 	}
6766 
6767 	if (un->un_retry_timeid != NULL) {
6768 		timeout_id_t temp_id = un->un_retry_timeid;
6769 		un->un_retry_timeid = NULL;
6770 		mutex_exit(SD_MUTEX(un));
6771 		(void) untimeout(temp_id);
6772 		mutex_enter(SD_MUTEX(un));
6773 	}
6774 
6775 	if (un->un_direct_priority_timeid != NULL) {
6776 		timeout_id_t temp_id = un->un_direct_priority_timeid;
6777 		un->un_direct_priority_timeid = NULL;
6778 		mutex_exit(SD_MUTEX(un));
6779 		(void) untimeout(temp_id);
6780 		mutex_enter(SD_MUTEX(un));
6781 	}
6782 
6783 	if (un->un_f_is_fibre == TRUE) {
6784 		/*
6785 		 * Remove callbacks for insert and remove events
6786 		 */
6787 		if (un->un_insert_event != NULL) {
6788 			mutex_exit(SD_MUTEX(un));
6789 			(void) ddi_remove_event_handler(un->un_insert_cb_id);
6790 			mutex_enter(SD_MUTEX(un));
6791 			un->un_insert_event = NULL;
6792 		}
6793 
6794 		if (un->un_remove_event != NULL) {
6795 			mutex_exit(SD_MUTEX(un));
6796 			(void) ddi_remove_event_handler(un->un_remove_cb_id);
6797 			mutex_enter(SD_MUTEX(un));
6798 			un->un_remove_event = NULL;
6799 		}
6800 	}
6801 
6802 	mutex_exit(SD_MUTEX(un));
6803 
6804 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_suspend: exit\n");
6805 
6806 	return (DDI_SUCCESS);
6807 }
6808 
6809 
6810 /*
6811  *    Function: sd_ddi_pm_suspend
6812  *
6813  * Description: Set the drive state to low power.
6814  *		Someone else is required to actually change the drive
6815  *		power level.
6816  *
6817  *   Arguments: un - driver soft state (unit) structure
6818  *
6819  * Return Code: DDI_FAILURE or DDI_SUCCESS
6820  *
6821  *     Context: Kernel thread context
6822  */
6823 
6824 static int
6825 sd_ddi_pm_suspend(struct sd_lun *un)
6826 {
6827 	ASSERT(un != NULL);
6828 	SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: entry\n");
6829 
6830 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6831 	mutex_enter(SD_MUTEX(un));
6832 
6833 	/*
6834 	 * Exit if power management is not enabled for this device, or if
6835 	 * the device is being used by HA.
6836 	 */
6837 	if ((un->un_f_pm_is_enabled == FALSE) || (un->un_resvd_status &
6838 	    (SD_RESERVE | SD_WANT_RESERVE | SD_LOST_RESERVE))) {
6839 		mutex_exit(SD_MUTEX(un));
6840 		SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: exiting\n");
6841 		return (DDI_SUCCESS);
6842 	}
6843 
6844 	SD_INFO(SD_LOG_POWER, un, "sd_ddi_pm_suspend: un_ncmds_in_driver=%ld\n",
6845 	    un->un_ncmds_in_driver);
6846 
6847 	/*
6848 	 * See if the device is not busy, ie.:
6849 	 *    - we have no commands in the driver for this device
6850 	 *    - not waiting for resources
6851 	 */
6852 	if ((un->un_ncmds_in_driver == 0) &&
6853 	    (un->un_state != SD_STATE_RWAIT)) {
6854 		/*
6855 		 * The device is not busy, so it is OK to go to low power state.
6856 		 * Indicate low power, but rely on someone else to actually
6857 		 * change it.
6858 		 */
6859 		mutex_enter(&un->un_pm_mutex);
6860 		un->un_pm_count = -1;
6861 		mutex_exit(&un->un_pm_mutex);
6862 		un->un_power_level = SD_SPINDLE_OFF;
6863 	}
6864 
6865 	mutex_exit(SD_MUTEX(un));
6866 
6867 	SD_TRACE(SD_LOG_POWER, un, "sd_ddi_pm_suspend: exit\n");
6868 
6869 	return (DDI_SUCCESS);
6870 }
6871 
6872 
6873 /*
6874  *    Function: sd_ddi_resume
6875  *
6876  * Description: Performs system power-up operations..
6877  *
6878  * Return Code: DDI_SUCCESS
6879  *		DDI_FAILURE
6880  *
6881  *     Context: Kernel thread context
6882  */
6883 
6884 static int
6885 sd_ddi_resume(dev_info_t *devi)
6886 {
6887 	struct	sd_lun	*un;
6888 
6889 	un = ddi_get_soft_state(sd_state, ddi_get_instance(devi));
6890 	if (un == NULL) {
6891 		return (DDI_FAILURE);
6892 	}
6893 
6894 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_resume: entry\n");
6895 
6896 	mutex_enter(SD_MUTEX(un));
6897 	Restore_state(un);
6898 
6899 	/*
6900 	 * Restore the state which was saved to give the
6901 	 * the right state in un_last_state
6902 	 */
6903 	un->un_last_state = un->un_save_state;
6904 	/*
6905 	 * Note: throttle comes back at full.
6906 	 * Also note: this MUST be done before calling pm_raise_power
6907 	 * otherwise the system can get hung in biowait. The scenario where
6908 	 * this'll happen is under cpr suspend. Writing of the system
6909 	 * state goes through sddump, which writes 0 to un_throttle. If
6910 	 * writing the system state then fails, example if the partition is
6911 	 * too small, then cpr attempts a resume. If throttle isn't restored
6912 	 * from the saved value until after calling pm_raise_power then
6913 	 * cmds sent in sdpower are not transported and sd_send_scsi_cmd hangs
6914 	 * in biowait.
6915 	 */
6916 	un->un_throttle = un->un_saved_throttle;
6917 
6918 	/*
6919 	 * The chance of failure is very rare as the only command done in power
6920 	 * entry point is START command when you transition from 0->1 or
6921 	 * unknown->1. Put it to SPINDLE ON state irrespective of the state at
6922 	 * which suspend was done. Ignore the return value as the resume should
6923 	 * not be failed. In the case of removable media the media need not be
6924 	 * inserted and hence there is a chance that raise power will fail with
6925 	 * media not present.
6926 	 */
6927 	if (!ISREMOVABLE(un)) {
6928 		mutex_exit(SD_MUTEX(un));
6929 		(void) pm_raise_power(SD_DEVINFO(un), 0, SD_SPINDLE_ON);
6930 		mutex_enter(SD_MUTEX(un));
6931 	}
6932 
6933 	/*
6934 	 * Don't broadcast to the suspend cv and therefore possibly
6935 	 * start I/O until after power has been restored.
6936 	 */
6937 	cv_broadcast(&un->un_suspend_cv);
6938 	cv_broadcast(&un->un_state_cv);
6939 
6940 	/* restart thread */
6941 	if (SD_OK_TO_RESUME_SCSI_WATCHER(un)) {
6942 		scsi_watch_resume(un->un_swr_token);
6943 	}
6944 
6945 #if (defined(__fibre))
6946 	if (un->un_f_is_fibre == TRUE) {
6947 		/*
6948 		 * Add callbacks for insert and remove events
6949 		 */
6950 		if (strcmp(un->un_node_type, DDI_NT_BLOCK_CHAN)) {
6951 			sd_init_event_callbacks(un);
6952 		}
6953 	}
6954 #endif
6955 
6956 	/*
6957 	 * Transport any pending commands to the target.
6958 	 *
6959 	 * If this is a low-activity device commands in queue will have to wait
6960 	 * until new commands come in, which may take awhile. Also, we
6961 	 * specifically don't check un_ncmds_in_transport because we know that
6962 	 * there really are no commands in progress after the unit was
6963 	 * suspended and we could have reached the throttle level, been
6964 	 * suspended, and have no new commands coming in for awhile. Highly
6965 	 * unlikely, but so is the low-activity disk scenario.
6966 	 */
6967 	ddi_xbuf_dispatch(un->un_xbuf_attr);
6968 
6969 	sd_start_cmds(un, NULL);
6970 	mutex_exit(SD_MUTEX(un));
6971 
6972 	SD_TRACE(SD_LOG_IO_PM, un, "sd_ddi_resume: exit\n");
6973 
6974 	return (DDI_SUCCESS);
6975 }
6976 
6977 
6978 /*
6979  *    Function: sd_ddi_pm_resume
6980  *
6981  * Description: Set the drive state to powered on.
6982  *		Someone else is required to actually change the drive
6983  *		power level.
6984  *
6985  *   Arguments: un - driver soft state (unit) structure
6986  *
6987  * Return Code: DDI_SUCCESS
6988  *
6989  *     Context: Kernel thread context
6990  */
6991 
6992 static int
6993 sd_ddi_pm_resume(struct sd_lun *un)
6994 {
6995 	ASSERT(un != NULL);
6996 
6997 	ASSERT(!mutex_owned(SD_MUTEX(un)));
6998 	mutex_enter(SD_MUTEX(un));
6999 	un->un_power_level = SD_SPINDLE_ON;
7000 
7001 	ASSERT(!mutex_owned(&un->un_pm_mutex));
7002 	mutex_enter(&un->un_pm_mutex);
7003 	if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
7004 		un->un_pm_count++;
7005 		ASSERT(un->un_pm_count == 0);
7006 		/*
7007 		 * Note: no longer do the cv_broadcast on un_suspend_cv. The
7008 		 * un_suspend_cv is for a system resume, not a power management
7009 		 * device resume. (4297749)
7010 		 *	 cv_broadcast(&un->un_suspend_cv);
7011 		 */
7012 	}
7013 	mutex_exit(&un->un_pm_mutex);
7014 	mutex_exit(SD_MUTEX(un));
7015 
7016 	return (DDI_SUCCESS);
7017 }
7018 
7019 
7020 /*
7021  *    Function: sd_pm_idletimeout_handler
7022  *
7023  * Description: A timer routine that's active only while a device is busy.
7024  *		The purpose is to extend slightly the pm framework's busy
7025  *		view of the device to prevent busy/idle thrashing for
7026  *		back-to-back commands. Do this by comparing the current time
7027  *		to the time at which the last command completed and when the
7028  *		difference is greater than sd_pm_idletime, call
7029  *		pm_idle_component. In addition to indicating idle to the pm
7030  *		framework, update the chain type to again use the internal pm
7031  *		layers of the driver.
7032  *
7033  *   Arguments: arg - driver soft state (unit) structure
7034  *
7035  *     Context: Executes in a timeout(9F) thread context
7036  */
7037 
7038 static void
7039 sd_pm_idletimeout_handler(void *arg)
7040 {
7041 	struct sd_lun *un = arg;
7042 
7043 	time_t	now;
7044 
7045 	mutex_enter(&sd_detach_mutex);
7046 	if (un->un_detach_count != 0) {
7047 		/* Abort if the instance is detaching */
7048 		mutex_exit(&sd_detach_mutex);
7049 		return;
7050 	}
7051 	mutex_exit(&sd_detach_mutex);
7052 
7053 	now = ddi_get_time();
7054 	/*
7055 	 * Grab both mutexes, in the proper order, since we're accessing
7056 	 * both PM and softstate variables.
7057 	 */
7058 	mutex_enter(SD_MUTEX(un));
7059 	mutex_enter(&un->un_pm_mutex);
7060 	if (((now - un->un_pm_idle_time) > sd_pm_idletime) &&
7061 	    (un->un_ncmds_in_driver == 0) && (un->un_pm_count == 0)) {
7062 		/*
7063 		 * Update the chain types.
7064 		 * This takes affect on the next new command received.
7065 		 */
7066 		if (ISREMOVABLE(un)) {
7067 			un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA;
7068 		} else {
7069 			un->un_buf_chain_type = SD_CHAIN_INFO_DISK;
7070 		}
7071 		un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD;
7072 
7073 		SD_TRACE(SD_LOG_IO_PM, un,
7074 		    "sd_pm_idletimeout_handler: idling device\n");
7075 		(void) pm_idle_component(SD_DEVINFO(un), 0);
7076 		un->un_pm_idle_timeid = NULL;
7077 	} else {
7078 		un->un_pm_idle_timeid =
7079 			timeout(sd_pm_idletimeout_handler, un,
7080 			(drv_usectohz((clock_t)300000))); /* 300 ms. */
7081 	}
7082 	mutex_exit(&un->un_pm_mutex);
7083 	mutex_exit(SD_MUTEX(un));
7084 }
7085 
7086 
7087 /*
7088  *    Function: sd_pm_timeout_handler
7089  *
7090  * Description: Callback to tell framework we are idle.
7091  *
7092  *     Context: timeout(9f) thread context.
7093  */
7094 
7095 static void
7096 sd_pm_timeout_handler(void *arg)
7097 {
7098 	struct sd_lun *un = arg;
7099 
7100 	(void) pm_idle_component(SD_DEVINFO(un), 0);
7101 	mutex_enter(&un->un_pm_mutex);
7102 	un->un_pm_timeid = NULL;
7103 	mutex_exit(&un->un_pm_mutex);
7104 }
7105 
7106 
7107 /*
7108  *    Function: sdpower
7109  *
7110  * Description: PM entry point.
7111  *
7112  * Return Code: DDI_SUCCESS
7113  *		DDI_FAILURE
7114  *
7115  *     Context: Kernel thread context
7116  */
7117 
7118 static int
7119 sdpower(dev_info_t *devi, int component, int level)
7120 {
7121 	struct sd_lun	*un;
7122 	int		instance;
7123 	int		rval = DDI_SUCCESS;
7124 	uint_t		i, log_page_size, maxcycles, ncycles;
7125 	uchar_t		*log_page_data;
7126 	int		log_sense_page;
7127 	int		medium_present;
7128 	time_t		intvlp;
7129 	dev_t		dev;
7130 	struct pm_trans_data	sd_pm_tran_data;
7131 	uchar_t		save_state;
7132 	int		sval;
7133 	uchar_t		state_before_pm;
7134 	int		got_semaphore_here;
7135 
7136 	instance = ddi_get_instance(devi);
7137 
7138 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
7139 	    (SD_SPINDLE_OFF > level) || (level > SD_SPINDLE_ON) ||
7140 	    component != 0) {
7141 		return (DDI_FAILURE);
7142 	}
7143 
7144 	dev = sd_make_device(SD_DEVINFO(un));
7145 
7146 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: entry, level = %d\n", level);
7147 
7148 	/*
7149 	 * Must synchronize power down with close.
7150 	 * Attempt to decrement/acquire the open/close semaphore,
7151 	 * but do NOT wait on it. If it's not greater than zero,
7152 	 * ie. it can't be decremented without waiting, then
7153 	 * someone else, either open or close, already has it
7154 	 * and the try returns 0. Use that knowledge here to determine
7155 	 * if it's OK to change the device power level.
7156 	 * Also, only increment it on exit if it was decremented, ie. gotten,
7157 	 * here.
7158 	 */
7159 	got_semaphore_here = sema_tryp(&un->un_semoclose);
7160 
7161 	mutex_enter(SD_MUTEX(un));
7162 
7163 	SD_INFO(SD_LOG_POWER, un, "sdpower: un_ncmds_in_driver = %ld\n",
7164 	    un->un_ncmds_in_driver);
7165 
7166 	/*
7167 	 * If un_ncmds_in_driver is non-zero it indicates commands are
7168 	 * already being processed in the driver, or if the semaphore was
7169 	 * not gotten here it indicates an open or close is being processed.
7170 	 * At the same time somebody is requesting to go low power which
7171 	 * can't happen, therefore we need to return failure.
7172 	 */
7173 	if ((level == SD_SPINDLE_OFF) &&
7174 	    ((un->un_ncmds_in_driver != 0) || (got_semaphore_here == 0))) {
7175 		mutex_exit(SD_MUTEX(un));
7176 
7177 		if (got_semaphore_here != 0) {
7178 			sema_v(&un->un_semoclose);
7179 		}
7180 		SD_TRACE(SD_LOG_IO_PM, un,
7181 		    "sdpower: exit, device has queued cmds.\n");
7182 		return (DDI_FAILURE);
7183 	}
7184 
7185 	/*
7186 	 * if it is OFFLINE that means the disk is completely dead
7187 	 * in our case we have to put the disk in on or off by sending commands
7188 	 * Of course that will fail anyway so return back here.
7189 	 *
7190 	 * Power changes to a device that's OFFLINE or SUSPENDED
7191 	 * are not allowed.
7192 	 */
7193 	if ((un->un_state == SD_STATE_OFFLINE) ||
7194 	    (un->un_state == SD_STATE_SUSPENDED)) {
7195 		mutex_exit(SD_MUTEX(un));
7196 
7197 		if (got_semaphore_here != 0) {
7198 			sema_v(&un->un_semoclose);
7199 		}
7200 		SD_TRACE(SD_LOG_IO_PM, un,
7201 		    "sdpower: exit, device is off-line.\n");
7202 		return (DDI_FAILURE);
7203 	}
7204 
7205 	/*
7206 	 * Change the device's state to indicate it's power level
7207 	 * is being changed. Do this to prevent a power off in the
7208 	 * middle of commands, which is especially bad on devices
7209 	 * that are really powered off instead of just spun down.
7210 	 */
7211 	state_before_pm = un->un_state;
7212 	un->un_state = SD_STATE_PM_CHANGING;
7213 
7214 	mutex_exit(SD_MUTEX(un));
7215 
7216 	/*
7217 	 * Bypass checking the log sense information for removables
7218 	 * and devices for which the HBA set the pm-capable property.
7219 	 * If un->un_pm_capable_prop is SD_PM_CAPABLE_UNDEFINED (-1)
7220 	 * then the HBA did not create the property.
7221 	 */
7222 	if ((level == SD_SPINDLE_OFF) && (!ISREMOVABLE(un)) &&
7223 	    un->un_pm_capable_prop == SD_PM_CAPABLE_UNDEFINED) {
7224 		/*
7225 		 * Get the log sense information to understand whether the
7226 		 * the powercycle counts have gone beyond the threshhold.
7227 		 */
7228 		log_page_size = START_STOP_CYCLE_COUNTER_PAGE_SIZE;
7229 		log_page_data = kmem_zalloc(log_page_size, KM_SLEEP);
7230 
7231 		mutex_enter(SD_MUTEX(un));
7232 		log_sense_page = un->un_start_stop_cycle_page;
7233 		mutex_exit(SD_MUTEX(un));
7234 
7235 		rval = sd_send_scsi_LOG_SENSE(un, log_page_data,
7236 		    log_page_size, log_sense_page, 0x01, 0, SD_PATH_DIRECT);
7237 #ifdef	SDDEBUG
7238 		if (sd_force_pm_supported) {
7239 			/* Force a successful result */
7240 			rval = 0;
7241 		}
7242 #endif
7243 		if (rval != 0) {
7244 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
7245 			    "Log Sense Failed\n");
7246 			kmem_free(log_page_data, log_page_size);
7247 			/* Cannot support power management on those drives */
7248 
7249 			if (got_semaphore_here != 0) {
7250 				sema_v(&un->un_semoclose);
7251 			}
7252 			/*
7253 			 * On exit put the state back to it's original value
7254 			 * and broadcast to anyone waiting for the power
7255 			 * change completion.
7256 			 */
7257 			mutex_enter(SD_MUTEX(un));
7258 			un->un_state = state_before_pm;
7259 			cv_broadcast(&un->un_suspend_cv);
7260 			mutex_exit(SD_MUTEX(un));
7261 			SD_TRACE(SD_LOG_IO_PM, un,
7262 			    "sdpower: exit, Log Sense Failed.\n");
7263 			return (DDI_FAILURE);
7264 		}
7265 
7266 		/*
7267 		 * From the page data - Convert the essential information to
7268 		 * pm_trans_data
7269 		 */
7270 		maxcycles =
7271 		    (log_page_data[0x1c] << 24) | (log_page_data[0x1d] << 16) |
7272 		    (log_page_data[0x1E] << 8)  | log_page_data[0x1F];
7273 
7274 		sd_pm_tran_data.un.scsi_cycles.lifemax = maxcycles;
7275 
7276 		ncycles =
7277 		    (log_page_data[0x24] << 24) | (log_page_data[0x25] << 16) |
7278 		    (log_page_data[0x26] << 8)  | log_page_data[0x27];
7279 
7280 		sd_pm_tran_data.un.scsi_cycles.ncycles = ncycles;
7281 
7282 		for (i = 0; i < DC_SCSI_MFR_LEN; i++) {
7283 			sd_pm_tran_data.un.scsi_cycles.svc_date[i] =
7284 			    log_page_data[8+i];
7285 		}
7286 
7287 		kmem_free(log_page_data, log_page_size);
7288 
7289 		/*
7290 		 * Call pm_trans_check routine to get the Ok from
7291 		 * the global policy
7292 		 */
7293 
7294 		sd_pm_tran_data.format = DC_SCSI_FORMAT;
7295 		sd_pm_tran_data.un.scsi_cycles.flag = 0;
7296 
7297 		rval = pm_trans_check(&sd_pm_tran_data, &intvlp);
7298 #ifdef	SDDEBUG
7299 		if (sd_force_pm_supported) {
7300 			/* Force a successful result */
7301 			rval = 1;
7302 		}
7303 #endif
7304 		switch (rval) {
7305 		case 0:
7306 			/*
7307 			 * Not Ok to Power cycle or error in parameters passed
7308 			 * Would have given the advised time to consider power
7309 			 * cycle. Based on the new intvlp parameter we are
7310 			 * supposed to pretend we are busy so that pm framework
7311 			 * will never call our power entry point. Because of
7312 			 * that install a timeout handler and wait for the
7313 			 * recommended time to elapse so that power management
7314 			 * can be effective again.
7315 			 *
7316 			 * To effect this behavior, call pm_busy_component to
7317 			 * indicate to the framework this device is busy.
7318 			 * By not adjusting un_pm_count the rest of PM in
7319 			 * the driver will function normally, and independant
7320 			 * of this but because the framework is told the device
7321 			 * is busy it won't attempt powering down until it gets
7322 			 * a matching idle. The timeout handler sends this.
7323 			 * Note: sd_pm_entry can't be called here to do this
7324 			 * because sdpower may have been called as a result
7325 			 * of a call to pm_raise_power from within sd_pm_entry.
7326 			 *
7327 			 * If a timeout handler is already active then
7328 			 * don't install another.
7329 			 */
7330 			mutex_enter(&un->un_pm_mutex);
7331 			if (un->un_pm_timeid == NULL) {
7332 				un->un_pm_timeid =
7333 				    timeout(sd_pm_timeout_handler,
7334 				    un, intvlp * drv_usectohz(1000000));
7335 				mutex_exit(&un->un_pm_mutex);
7336 				(void) pm_busy_component(SD_DEVINFO(un), 0);
7337 			} else {
7338 				mutex_exit(&un->un_pm_mutex);
7339 			}
7340 			if (got_semaphore_here != 0) {
7341 				sema_v(&un->un_semoclose);
7342 			}
7343 			/*
7344 			 * On exit put the state back to it's original value
7345 			 * and broadcast to anyone waiting for the power
7346 			 * change completion.
7347 			 */
7348 			mutex_enter(SD_MUTEX(un));
7349 			un->un_state = state_before_pm;
7350 			cv_broadcast(&un->un_suspend_cv);
7351 			mutex_exit(SD_MUTEX(un));
7352 
7353 			SD_TRACE(SD_LOG_IO_PM, un, "sdpower: exit, "
7354 			    "trans check Failed, not ok to power cycle.\n");
7355 			return (DDI_FAILURE);
7356 
7357 		case -1:
7358 			if (got_semaphore_here != 0) {
7359 				sema_v(&un->un_semoclose);
7360 			}
7361 			/*
7362 			 * On exit put the state back to it's original value
7363 			 * and broadcast to anyone waiting for the power
7364 			 * change completion.
7365 			 */
7366 			mutex_enter(SD_MUTEX(un));
7367 			un->un_state = state_before_pm;
7368 			cv_broadcast(&un->un_suspend_cv);
7369 			mutex_exit(SD_MUTEX(un));
7370 			SD_TRACE(SD_LOG_IO_PM, un,
7371 			    "sdpower: exit, trans check command Failed.\n");
7372 			return (DDI_FAILURE);
7373 		}
7374 	}
7375 
7376 	if (level == SD_SPINDLE_OFF) {
7377 		/*
7378 		 * Save the last state... if the STOP FAILS we need it
7379 		 * for restoring
7380 		 */
7381 		mutex_enter(SD_MUTEX(un));
7382 		save_state = un->un_last_state;
7383 		/*
7384 		 * There must not be any cmds. getting processed
7385 		 * in the driver when we get here. Power to the
7386 		 * device is potentially going off.
7387 		 */
7388 		ASSERT(un->un_ncmds_in_driver == 0);
7389 		mutex_exit(SD_MUTEX(un));
7390 
7391 		/*
7392 		 * For now suspend the device completely before spindle is
7393 		 * turned off
7394 		 */
7395 		if ((rval = sd_ddi_pm_suspend(un)) == DDI_FAILURE) {
7396 			if (got_semaphore_here != 0) {
7397 				sema_v(&un->un_semoclose);
7398 			}
7399 			/*
7400 			 * On exit put the state back to it's original value
7401 			 * and broadcast to anyone waiting for the power
7402 			 * change completion.
7403 			 */
7404 			mutex_enter(SD_MUTEX(un));
7405 			un->un_state = state_before_pm;
7406 			cv_broadcast(&un->un_suspend_cv);
7407 			mutex_exit(SD_MUTEX(un));
7408 			SD_TRACE(SD_LOG_IO_PM, un,
7409 			    "sdpower: exit, PM suspend Failed.\n");
7410 			return (DDI_FAILURE);
7411 		}
7412 	}
7413 
7414 	/*
7415 	 * The transition from SPINDLE_OFF to SPINDLE_ON can happen in open,
7416 	 * close, or strategy. Dump no long uses this routine, it uses it's
7417 	 * own code so it can be done in polled mode.
7418 	 */
7419 
7420 	medium_present = TRUE;
7421 
7422 	/*
7423 	 * When powering up, issue a TUR in case the device is at unit
7424 	 * attention.  Don't do retries. Bypass the PM layer, otherwise
7425 	 * a deadlock on un_pm_busy_cv will occur.
7426 	 */
7427 	if (level == SD_SPINDLE_ON) {
7428 		(void) sd_send_scsi_TEST_UNIT_READY(un,
7429 		    SD_DONT_RETRY_TUR | SD_BYPASS_PM);
7430 	}
7431 
7432 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: sending \'%s\' unit\n",
7433 	    ((level == SD_SPINDLE_ON) ? "START" : "STOP"));
7434 
7435 	sval = sd_send_scsi_START_STOP_UNIT(un,
7436 	    ((level == SD_SPINDLE_ON) ? SD_TARGET_START : SD_TARGET_STOP),
7437 	    SD_PATH_DIRECT);
7438 	/* Command failed, check for media present. */
7439 	if ((sval == ENXIO) && ISREMOVABLE(un)) {
7440 		medium_present = FALSE;
7441 	}
7442 
7443 	/*
7444 	 * The conditions of interest here are:
7445 	 *   if a spindle off with media present fails,
7446 	 *	then restore the state and return an error.
7447 	 *   else if a spindle on fails,
7448 	 *	then return an error (there's no state to restore).
7449 	 * In all other cases we setup for the new state
7450 	 * and return success.
7451 	 */
7452 	switch (level) {
7453 	case SD_SPINDLE_OFF:
7454 		if ((medium_present == TRUE) && (sval != 0)) {
7455 			/* The stop command from above failed */
7456 			rval = DDI_FAILURE;
7457 			/*
7458 			 * The stop command failed, and we have media
7459 			 * present. Put the level back by calling the
7460 			 * sd_pm_resume() and set the state back to
7461 			 * it's previous value.
7462 			 */
7463 			(void) sd_ddi_pm_resume(un);
7464 			mutex_enter(SD_MUTEX(un));
7465 			un->un_last_state = save_state;
7466 			mutex_exit(SD_MUTEX(un));
7467 			break;
7468 		}
7469 		/*
7470 		 * The stop command from above succeeded.
7471 		 */
7472 		if (ISREMOVABLE(un)) {
7473 			/*
7474 			 * Terminate watch thread in case of removable media
7475 			 * devices going into low power state. This is as per
7476 			 * the requirements of pm framework, otherwise commands
7477 			 * will be generated for the device (through watch
7478 			 * thread), even when the device is in low power state.
7479 			 */
7480 			mutex_enter(SD_MUTEX(un));
7481 			un->un_f_watcht_stopped = FALSE;
7482 			if (un->un_swr_token != NULL) {
7483 				opaque_t temp_token = un->un_swr_token;
7484 				un->un_f_watcht_stopped = TRUE;
7485 				un->un_swr_token = NULL;
7486 				mutex_exit(SD_MUTEX(un));
7487 				(void) scsi_watch_request_terminate(temp_token,
7488 				    SCSI_WATCH_TERMINATE_WAIT);
7489 			} else {
7490 				mutex_exit(SD_MUTEX(un));
7491 			}
7492 		}
7493 		break;
7494 
7495 	default:	/* The level requested is spindle on... */
7496 		/*
7497 		 * Legacy behavior: return success on a failed spinup
7498 		 * if there is no media in the drive.
7499 		 * Do this by looking at medium_present here.
7500 		 */
7501 		if ((sval != 0) && medium_present) {
7502 			/* The start command from above failed */
7503 			rval = DDI_FAILURE;
7504 			break;
7505 		}
7506 		/*
7507 		 * The start command from above succeeded
7508 		 * Resume the devices now that we have
7509 		 * started the disks
7510 		 */
7511 		(void) sd_ddi_pm_resume(un);
7512 
7513 		/*
7514 		 * Resume the watch thread since it was suspended
7515 		 * when the device went into low power mode.
7516 		 */
7517 		if (ISREMOVABLE(un)) {
7518 			mutex_enter(SD_MUTEX(un));
7519 			if (un->un_f_watcht_stopped == TRUE) {
7520 				opaque_t temp_token;
7521 
7522 				un->un_f_watcht_stopped = FALSE;
7523 				mutex_exit(SD_MUTEX(un));
7524 				temp_token = scsi_watch_request_submit(
7525 				    SD_SCSI_DEVP(un),
7526 				    sd_check_media_time,
7527 				    SENSE_LENGTH, sd_media_watch_cb,
7528 				    (caddr_t)dev);
7529 				mutex_enter(SD_MUTEX(un));
7530 				un->un_swr_token = temp_token;
7531 			}
7532 			mutex_exit(SD_MUTEX(un));
7533 		}
7534 	}
7535 	if (got_semaphore_here != 0) {
7536 		sema_v(&un->un_semoclose);
7537 	}
7538 	/*
7539 	 * On exit put the state back to it's original value
7540 	 * and broadcast to anyone waiting for the power
7541 	 * change completion.
7542 	 */
7543 	mutex_enter(SD_MUTEX(un));
7544 	un->un_state = state_before_pm;
7545 	cv_broadcast(&un->un_suspend_cv);
7546 	mutex_exit(SD_MUTEX(un));
7547 
7548 	SD_TRACE(SD_LOG_IO_PM, un, "sdpower: exit, status = 0x%x\n", rval);
7549 
7550 	return (rval);
7551 }
7552 
7553 
7554 
7555 /*
7556  *    Function: sdattach
7557  *
7558  * Description: Driver's attach(9e) entry point function.
7559  *
7560  *   Arguments: devi - opaque device info handle
7561  *		cmd  - attach  type
7562  *
7563  * Return Code: DDI_SUCCESS
7564  *		DDI_FAILURE
7565  *
7566  *     Context: Kernel thread context
7567  */
7568 
7569 static int
7570 sdattach(dev_info_t *devi, ddi_attach_cmd_t cmd)
7571 {
7572 	switch (cmd) {
7573 	case DDI_ATTACH:
7574 		return (sd_unit_attach(devi));
7575 	case DDI_RESUME:
7576 		return (sd_ddi_resume(devi));
7577 	default:
7578 		break;
7579 	}
7580 	return (DDI_FAILURE);
7581 }
7582 
7583 
7584 /*
7585  *    Function: sddetach
7586  *
7587  * Description: Driver's detach(9E) entry point function.
7588  *
7589  *   Arguments: devi - opaque device info handle
7590  *		cmd  - detach  type
7591  *
7592  * Return Code: DDI_SUCCESS
7593  *		DDI_FAILURE
7594  *
7595  *     Context: Kernel thread context
7596  */
7597 
7598 static int
7599 sddetach(dev_info_t *devi, ddi_detach_cmd_t cmd)
7600 {
7601 	switch (cmd) {
7602 	case DDI_DETACH:
7603 		return (sd_unit_detach(devi));
7604 	case DDI_SUSPEND:
7605 		return (sd_ddi_suspend(devi));
7606 	default:
7607 		break;
7608 	}
7609 	return (DDI_FAILURE);
7610 }
7611 
7612 
7613 /*
7614  *     Function: sd_sync_with_callback
7615  *
7616  *  Description: Prevents sd_unit_attach or sd_unit_detach from freeing the soft
7617  *		 state while the callback routine is active.
7618  *
7619  *    Arguments: un: softstate structure for the instance
7620  *
7621  *	Context: Kernel thread context
7622  */
7623 
7624 static void
7625 sd_sync_with_callback(struct sd_lun *un)
7626 {
7627 	ASSERT(un != NULL);
7628 
7629 	mutex_enter(SD_MUTEX(un));
7630 
7631 	ASSERT(un->un_in_callback >= 0);
7632 
7633 	while (un->un_in_callback > 0) {
7634 		mutex_exit(SD_MUTEX(un));
7635 		delay(2);
7636 		mutex_enter(SD_MUTEX(un));
7637 	}
7638 
7639 	mutex_exit(SD_MUTEX(un));
7640 }
7641 
7642 /*
7643  *    Function: sd_unit_attach
7644  *
7645  * Description: Performs DDI_ATTACH processing for sdattach(). Allocates
7646  *		the soft state structure for the device and performs
7647  *		all necessary structure and device initializations.
7648  *
7649  *   Arguments: devi: the system's dev_info_t for the device.
7650  *
7651  * Return Code: DDI_SUCCESS if attach is successful.
7652  *		DDI_FAILURE if any part of the attach fails.
7653  *
7654  *     Context: Called at attach(9e) time for the DDI_ATTACH flag.
7655  *		Kernel thread context only.  Can sleep.
7656  */
7657 
7658 static int
7659 sd_unit_attach(dev_info_t *devi)
7660 {
7661 	struct	scsi_device	*devp;
7662 	struct	sd_lun		*un;
7663 	char			*variantp;
7664 	int	reservation_flag = SD_TARGET_IS_UNRESERVED;
7665 	int	instance;
7666 	int	rval;
7667 	int	wc_enabled;
7668 	uint64_t	capacity;
7669 	uint_t		lbasize;
7670 
7671 	/*
7672 	 * Retrieve the target driver's private data area. This was set
7673 	 * up by the HBA.
7674 	 */
7675 	devp = ddi_get_driver_private(devi);
7676 
7677 	/*
7678 	 * Since we have no idea what state things were left in by the last
7679 	 * user of the device, set up some 'default' settings, ie. turn 'em
7680 	 * off. The scsi_ifsetcap calls force re-negotiations with the drive.
7681 	 * Do this before the scsi_probe, which sends an inquiry.
7682 	 * This is a fix for bug (4430280).
7683 	 * Of special importance is wide-xfer. The drive could have been left
7684 	 * in wide transfer mode by the last driver to communicate with it,
7685 	 * this includes us. If that's the case, and if the following is not
7686 	 * setup properly or we don't re-negotiate with the drive prior to
7687 	 * transferring data to/from the drive, it causes bus parity errors,
7688 	 * data overruns, and unexpected interrupts. This first occurred when
7689 	 * the fix for bug (4378686) was made.
7690 	 */
7691 	(void) scsi_ifsetcap(&devp->sd_address, "lun-reset", 0, 1);
7692 	(void) scsi_ifsetcap(&devp->sd_address, "wide-xfer", 0, 1);
7693 	(void) scsi_ifsetcap(&devp->sd_address, "tagged-qing", 0, 1);
7694 	(void) scsi_ifsetcap(&devp->sd_address, "auto-rqsense", 0, 1);
7695 
7696 	/*
7697 	 * Use scsi_probe() to issue an INQUIRY command to the device.
7698 	 * This call will allocate and fill in the scsi_inquiry structure
7699 	 * and point the sd_inq member of the scsi_device structure to it.
7700 	 * If the attach succeeds, then this memory will not be de-allocated
7701 	 * (via scsi_unprobe()) until the instance is detached.
7702 	 */
7703 	if (scsi_probe(devp, SLEEP_FUNC) != SCSIPROBE_EXISTS) {
7704 		goto probe_failed;
7705 	}
7706 
7707 	/*
7708 	 * Check the device type as specified in the inquiry data and
7709 	 * claim it if it is of a type that we support.
7710 	 */
7711 	switch (devp->sd_inq->inq_dtype) {
7712 	case DTYPE_DIRECT:
7713 		break;
7714 	case DTYPE_RODIRECT:
7715 		break;
7716 	case DTYPE_OPTICAL:
7717 		break;
7718 	case DTYPE_NOTPRESENT:
7719 	default:
7720 		/* Unsupported device type; fail the attach. */
7721 		goto probe_failed;
7722 	}
7723 
7724 	/*
7725 	 * Allocate the soft state structure for this unit.
7726 	 *
7727 	 * We rely upon this memory being set to all zeroes by
7728 	 * ddi_soft_state_zalloc().  We assume that any member of the
7729 	 * soft state structure that is not explicitly initialized by
7730 	 * this routine will have a value of zero.
7731 	 */
7732 	instance = ddi_get_instance(devp->sd_dev);
7733 	if (ddi_soft_state_zalloc(sd_state, instance) != DDI_SUCCESS) {
7734 		goto probe_failed;
7735 	}
7736 
7737 	/*
7738 	 * Retrieve a pointer to the newly-allocated soft state.
7739 	 *
7740 	 * This should NEVER fail if the ddi_soft_state_zalloc() call above
7741 	 * was successful, unless something has gone horribly wrong and the
7742 	 * ddi's soft state internals are corrupt (in which case it is
7743 	 * probably better to halt here than just fail the attach....)
7744 	 */
7745 	if ((un = ddi_get_soft_state(sd_state, instance)) == NULL) {
7746 		panic("sd_unit_attach: NULL soft state on instance:0x%x",
7747 		    instance);
7748 		/*NOTREACHED*/
7749 	}
7750 
7751 	/*
7752 	 * Link the back ptr of the driver soft state to the scsi_device
7753 	 * struct for this lun.
7754 	 * Save a pointer to the softstate in the driver-private area of
7755 	 * the scsi_device struct.
7756 	 * Note: We cannot call SD_INFO, SD_TRACE, SD_ERROR, or SD_DIAG until
7757 	 * we first set un->un_sd below.
7758 	 */
7759 	un->un_sd = devp;
7760 	devp->sd_private = (opaque_t)un;
7761 
7762 	/*
7763 	 * The following must be after devp is stored in the soft state struct.
7764 	 */
7765 #ifdef SDDEBUG
7766 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
7767 	    "%s_unit_attach: un:0x%p instance:%d\n",
7768 	    ddi_driver_name(devi), un, instance);
7769 #endif
7770 
7771 	/*
7772 	 * Set up the device type and node type (for the minor nodes).
7773 	 * By default we assume that the device can at least support the
7774 	 * Common Command Set. Call it a CD-ROM if it reports itself
7775 	 * as a RODIRECT device.
7776 	 */
7777 	switch (devp->sd_inq->inq_dtype) {
7778 	case DTYPE_RODIRECT:
7779 		un->un_node_type = DDI_NT_CD_CHAN;
7780 		un->un_ctype	 = CTYPE_CDROM;
7781 		break;
7782 	case DTYPE_OPTICAL:
7783 		un->un_node_type = DDI_NT_BLOCK_CHAN;
7784 		un->un_ctype	 = CTYPE_ROD;
7785 		break;
7786 	default:
7787 		un->un_node_type = DDI_NT_BLOCK_CHAN;
7788 		un->un_ctype	 = CTYPE_CCS;
7789 		break;
7790 	}
7791 
7792 	/*
7793 	 * Try to read the interconnect type from the HBA.
7794 	 *
7795 	 * Note: This driver is currently compiled as two binaries, a parallel
7796 	 * scsi version (sd) and a fibre channel version (ssd). All functional
7797 	 * differences are determined at compile time. In the future a single
7798 	 * binary will be provided and the inteconnect type will be used to
7799 	 * differentiate between fibre and parallel scsi behaviors. At that time
7800 	 * it will be necessary for all fibre channel HBAs to support this
7801 	 * property.
7802 	 *
7803 	 * set un_f_is_fiber to TRUE ( default fiber )
7804 	 */
7805 	un->un_f_is_fibre = TRUE;
7806 	switch (scsi_ifgetcap(SD_ADDRESS(un), "interconnect-type", -1)) {
7807 	case INTERCONNECT_SSA:
7808 		un->un_interconnect_type = SD_INTERCONNECT_SSA;
7809 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7810 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_SSA\n", un);
7811 		break;
7812 	case INTERCONNECT_PARALLEL:
7813 		un->un_f_is_fibre = FALSE;
7814 		un->un_interconnect_type = SD_INTERCONNECT_PARALLEL;
7815 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7816 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_PARALLEL\n", un);
7817 		break;
7818 	case INTERCONNECT_FIBRE:
7819 		un->un_interconnect_type = SD_INTERCONNECT_FIBRE;
7820 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7821 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_FIBRE\n", un);
7822 		break;
7823 	case INTERCONNECT_FABRIC:
7824 		un->un_interconnect_type = SD_INTERCONNECT_FABRIC;
7825 		un->un_node_type = DDI_NT_BLOCK_FABRIC;
7826 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7827 		    "sd_unit_attach: un:0x%p SD_INTERCONNECT_FABRIC\n", un);
7828 		break;
7829 	default:
7830 #ifdef SD_DEFAULT_INTERCONNECT_TYPE
7831 		/*
7832 		 * The HBA does not support the "interconnect-type" property
7833 		 * (or did not provide a recognized type).
7834 		 *
7835 		 * Note: This will be obsoleted when a single fibre channel
7836 		 * and parallel scsi driver is delivered. In the meantime the
7837 		 * interconnect type will be set to the platform default.If that
7838 		 * type is not parallel SCSI, it means that we should be
7839 		 * assuming "ssd" semantics. However, here this also means that
7840 		 * the FC HBA is not supporting the "interconnect-type" property
7841 		 * like we expect it to, so log this occurrence.
7842 		 */
7843 		un->un_interconnect_type = SD_DEFAULT_INTERCONNECT_TYPE;
7844 		if (!SD_IS_PARALLEL_SCSI(un)) {
7845 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7846 			    "sd_unit_attach: un:0x%p Assuming "
7847 			    "INTERCONNECT_FIBRE\n", un);
7848 		} else {
7849 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7850 			    "sd_unit_attach: un:0x%p Assuming "
7851 			    "INTERCONNECT_PARALLEL\n", un);
7852 			un->un_f_is_fibre = FALSE;
7853 		}
7854 #else
7855 		/*
7856 		 * Note: This source will be implemented when a single fibre
7857 		 * channel and parallel scsi driver is delivered. The default
7858 		 * will be to assume that if a device does not support the
7859 		 * "interconnect-type" property it is a parallel SCSI HBA and
7860 		 * we will set the interconnect type for parallel scsi.
7861 		 */
7862 		un->un_interconnect_type = SD_INTERCONNECT_PARALLEL;
7863 		un->un_f_is_fibre = FALSE;
7864 #endif
7865 		break;
7866 	}
7867 
7868 	if (un->un_f_is_fibre == TRUE) {
7869 		if (scsi_ifgetcap(SD_ADDRESS(un), "scsi-version", 1) ==
7870 			SCSI_VERSION_3) {
7871 			switch (un->un_interconnect_type) {
7872 			case SD_INTERCONNECT_FIBRE:
7873 			case SD_INTERCONNECT_SSA:
7874 				un->un_node_type = DDI_NT_BLOCK_WWN;
7875 				break;
7876 			default:
7877 				break;
7878 			}
7879 		}
7880 	}
7881 
7882 	/*
7883 	 * Initialize the Request Sense command for the target
7884 	 */
7885 	if (sd_alloc_rqs(devp, un) != DDI_SUCCESS) {
7886 		goto alloc_rqs_failed;
7887 	}
7888 
7889 	/*
7890 	 * Set un_retry_count with SD_RETRY_COUNT, this is ok for Sparc
7891 	 * with seperate binary for sd and ssd.
7892 	 *
7893 	 * x86 has 1 binary, un_retry_count is set base on connection type.
7894 	 * The hardcoded values will go away when Sparc uses 1 binary
7895 	 * for sd and ssd.  This hardcoded values need to match
7896 	 * SD_RETRY_COUNT in sddef.h
7897 	 * The value used is base on interconnect type.
7898 	 * fibre = 3, parallel = 5
7899 	 */
7900 #if defined(__i386) || defined(__amd64)
7901 	un->un_retry_count = un->un_f_is_fibre ? 3 : 5;
7902 #else
7903 	un->un_retry_count = SD_RETRY_COUNT;
7904 #endif
7905 
7906 	/*
7907 	 * Set the per disk retry count to the default number of retries
7908 	 * for disks and CDROMs. This value can be overridden by the
7909 	 * disk property list or an entry in sd.conf.
7910 	 */
7911 	un->un_notready_retry_count =
7912 	    ISCD(un) ? CD_NOT_READY_RETRY_COUNT(un)
7913 			: DISK_NOT_READY_RETRY_COUNT(un);
7914 
7915 	/*
7916 	 * Set the busy retry count to the default value of un_retry_count.
7917 	 * This can be overridden by entries in sd.conf or the device
7918 	 * config table.
7919 	 */
7920 	un->un_busy_retry_count = un->un_retry_count;
7921 
7922 	/*
7923 	 * Init the reset threshold for retries.  This number determines
7924 	 * how many retries must be performed before a reset can be issued
7925 	 * (for certain error conditions). This can be overridden by entries
7926 	 * in sd.conf or the device config table.
7927 	 */
7928 	un->un_reset_retry_count = (un->un_retry_count / 2);
7929 
7930 	/*
7931 	 * Set the victim_retry_count to the default un_retry_count
7932 	 */
7933 	un->un_victim_retry_count = (2 * un->un_retry_count);
7934 
7935 	/*
7936 	 * Set the reservation release timeout to the default value of
7937 	 * 5 seconds. This can be overridden by entries in ssd.conf or the
7938 	 * device config table.
7939 	 */
7940 	un->un_reserve_release_time = 5;
7941 
7942 	/*
7943 	 * Set up the default maximum transfer size. Note that this may
7944 	 * get updated later in the attach, when setting up default wide
7945 	 * operations for disks.
7946 	 */
7947 #if defined(__i386) || defined(__amd64)
7948 	un->un_max_xfer_size = (uint_t)SD_DEFAULT_MAX_XFER_SIZE;
7949 #else
7950 	un->un_max_xfer_size = (uint_t)maxphys;
7951 #endif
7952 
7953 	/*
7954 	 * Get "allow bus device reset" property (defaults to "enabled" if
7955 	 * the property was not defined). This is to disable bus resets for
7956 	 * certain kinds of error recovery. Note: In the future when a run-time
7957 	 * fibre check is available the soft state flag should default to
7958 	 * enabled.
7959 	 */
7960 	if (un->un_f_is_fibre == TRUE) {
7961 		un->un_f_allow_bus_device_reset = TRUE;
7962 	} else {
7963 		if (ddi_getprop(DDI_DEV_T_ANY, devi, DDI_PROP_DONTPASS,
7964 			"allow-bus-device-reset", 1) != 0) {
7965 			un->un_f_allow_bus_device_reset = TRUE;
7966 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7967 			"sd_unit_attach: un:0x%p Bus device reset enabled\n",
7968 				un);
7969 		} else {
7970 			un->un_f_allow_bus_device_reset = FALSE;
7971 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7972 			"sd_unit_attach: un:0x%p Bus device reset disabled\n",
7973 				un);
7974 		}
7975 	}
7976 
7977 	/*
7978 	 * Check if this is an ATAPI device. ATAPI devices use Group 1
7979 	 * Read/Write commands and Group 2 Mode Sense/Select commands.
7980 	 *
7981 	 * Note: The "obsolete" way of doing this is to check for the "atapi"
7982 	 * property. The new "variant" property with a value of "atapi" has been
7983 	 * introduced so that future 'variants' of standard SCSI behavior (like
7984 	 * atapi) could be specified by the underlying HBA drivers by supplying
7985 	 * a new value for the "variant" property, instead of having to define a
7986 	 * new property.
7987 	 */
7988 	if (ddi_prop_get_int(DDI_DEV_T_ANY, devi, 0, "atapi", -1) != -1) {
7989 		un->un_f_cfg_is_atapi = TRUE;
7990 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
7991 		    "sd_unit_attach: un:0x%p Atapi device\n", un);
7992 	}
7993 	if (ddi_prop_lookup_string(DDI_DEV_T_ANY, devi, 0, "variant",
7994 	    &variantp) == DDI_PROP_SUCCESS) {
7995 		if (strcmp(variantp, "atapi") == 0) {
7996 			un->un_f_cfg_is_atapi = TRUE;
7997 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
7998 			    "sd_unit_attach: un:0x%p Atapi device\n", un);
7999 		}
8000 		ddi_prop_free(variantp);
8001 	}
8002 
8003 	/*
8004 	 * Assume doorlock commands are supported. If not, the first
8005 	 * call to sd_send_scsi_DOORLOCK() will set to FALSE
8006 	 */
8007 	un->un_f_doorlock_supported = TRUE;
8008 
8009 	un->un_cmd_timeout	= SD_IO_TIME;
8010 
8011 	/* Info on current states, statuses, etc. (Updated frequently) */
8012 	un->un_state		= SD_STATE_NORMAL;
8013 	un->un_last_state	= SD_STATE_NORMAL;
8014 
8015 	/* Control & status info for command throttling */
8016 	un->un_throttle		= sd_max_throttle;
8017 	un->un_saved_throttle	= sd_max_throttle;
8018 	un->un_min_throttle	= sd_min_throttle;
8019 
8020 	if (un->un_f_is_fibre == TRUE) {
8021 		un->un_f_use_adaptive_throttle = TRUE;
8022 	} else {
8023 		un->un_f_use_adaptive_throttle = FALSE;
8024 	}
8025 
8026 	/* Removable media support. */
8027 	cv_init(&un->un_state_cv, NULL, CV_DRIVER, NULL);
8028 	un->un_mediastate		= DKIO_NONE;
8029 	un->un_specified_mediastate	= DKIO_NONE;
8030 
8031 	/* CVs for suspend/resume (PM or DR) */
8032 	cv_init(&un->un_suspend_cv,   NULL, CV_DRIVER, NULL);
8033 	cv_init(&un->un_disk_busy_cv, NULL, CV_DRIVER, NULL);
8034 
8035 	/* Power management support. */
8036 	un->un_power_level = SD_SPINDLE_UNINIT;
8037 
8038 	/*
8039 	 * The open/close semaphore is used to serialize threads executing
8040 	 * in the driver's open & close entry point routines for a given
8041 	 * instance.
8042 	 */
8043 	(void) sema_init(&un->un_semoclose, 1, NULL, SEMA_DRIVER, NULL);
8044 
8045 	/*
8046 	 * The conf file entry and softstate variable is a forceful override,
8047 	 * meaning a non-zero value must be entered to change the default.
8048 	 */
8049 	un->un_f_disksort_disabled = FALSE;
8050 
8051 	/*
8052 	 * Retrieve the properties from the static driver table or the driver
8053 	 * configuration file (.conf) for this unit and update the soft state
8054 	 * for the device as needed for the indicated properties.
8055 	 * Note: the property configuration needs to occur here as some of the
8056 	 * following routines may have dependancies on soft state flags set
8057 	 * as part of the driver property configuration.
8058 	 */
8059 	sd_read_unit_properties(un);
8060 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8061 	    "sd_unit_attach: un:0x%p property configuration complete.\n", un);
8062 
8063 	/*
8064 	 * By default, we mark the capacity, lbazize, and geometry
8065 	 * as invalid. Only if we successfully read a valid capacity
8066 	 * will we update the un_blockcount and un_tgt_blocksize with the
8067 	 * valid values (the geometry will be validated later).
8068 	 */
8069 	un->un_f_blockcount_is_valid	= FALSE;
8070 	un->un_f_tgt_blocksize_is_valid	= FALSE;
8071 	un->un_f_geometry_is_valid	= FALSE;
8072 
8073 	/*
8074 	 * Use DEV_BSIZE and DEV_BSHIFT as defaults, until we can determine
8075 	 * otherwise.
8076 	 */
8077 	un->un_tgt_blocksize  = un->un_sys_blocksize  = DEV_BSIZE;
8078 	un->un_blockcount = 0;
8079 
8080 	/*
8081 	 * Set up the per-instance info needed to determine the correct
8082 	 * CDBs and other info for issuing commands to the target.
8083 	 */
8084 	sd_init_cdb_limits(un);
8085 
8086 	/*
8087 	 * Set up the IO chains to use, based upon the target type.
8088 	 */
8089 	if (ISREMOVABLE(un)) {
8090 		un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA;
8091 	} else {
8092 		un->un_buf_chain_type = SD_CHAIN_INFO_DISK;
8093 	}
8094 	un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD;
8095 	un->un_direct_chain_type = SD_CHAIN_INFO_DIRECT_CMD;
8096 	un->un_priority_chain_type = SD_CHAIN_INFO_PRIORITY_CMD;
8097 
8098 	un->un_xbuf_attr = ddi_xbuf_attr_create(sizeof (struct sd_xbuf),
8099 	    sd_xbuf_strategy, un, sd_xbuf_active_limit,  sd_xbuf_reserve_limit,
8100 	    ddi_driver_major(devi), DDI_XBUF_QTHREAD_DRIVER);
8101 	ddi_xbuf_attr_register_devinfo(un->un_xbuf_attr, devi);
8102 
8103 
8104 	if (ISCD(un)) {
8105 		un->un_additional_codes = sd_additional_codes;
8106 	} else {
8107 		un->un_additional_codes = NULL;
8108 	}
8109 
8110 	/*
8111 	 * Create the kstats here so they can be available for attach-time
8112 	 * routines that send commands to the unit (either polled or via
8113 	 * sd_send_scsi_cmd).
8114 	 *
8115 	 * Note: This is a critical sequence that needs to be maintained:
8116 	 *	1) Instantiate the kstats here, before any routines using the
8117 	 *	   iopath (i.e. sd_send_scsi_cmd).
8118 	 *	2) Initialize the error stats (sd_set_errstats) and partition
8119 	 *	   stats (sd_set_pstats), following sd_validate_geometry(),
8120 	 *	   sd_register_devid(), and sd_disable_caching().
8121 	 */
8122 
8123 	un->un_stats = kstat_create(sd_label, instance,
8124 	    NULL, "disk", KSTAT_TYPE_IO, 1, KSTAT_FLAG_PERSISTENT);
8125 	if (un->un_stats != NULL) {
8126 		un->un_stats->ks_lock = SD_MUTEX(un);
8127 		kstat_install(un->un_stats);
8128 	}
8129 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8130 	    "sd_unit_attach: un:0x%p un_stats created\n", un);
8131 
8132 	sd_create_errstats(un, instance);
8133 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8134 	    "sd_unit_attach: un:0x%p errstats created\n", un);
8135 
8136 	/*
8137 	 * The following if/else code was relocated here from below as part
8138 	 * of the fix for bug (4430280). However with the default setup added
8139 	 * on entry to this routine, it's no longer absolutely necessary for
8140 	 * this to be before the call to sd_spin_up_unit.
8141 	 */
8142 	if (SD_IS_PARALLEL_SCSI(un)) {
8143 		/*
8144 		 * If SCSI-2 tagged queueing is supported by the target
8145 		 * and by the host adapter then we will enable it.
8146 		 */
8147 		un->un_tagflags = 0;
8148 		if ((devp->sd_inq->inq_rdf == RDF_SCSI2) &&
8149 		    (devp->sd_inq->inq_cmdque) &&
8150 		    (un->un_f_arq_enabled == TRUE)) {
8151 			if (scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing",
8152 			    1, 1) == 1) {
8153 				un->un_tagflags = FLAG_STAG;
8154 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8155 				    "sd_unit_attach: un:0x%p tag queueing "
8156 				    "enabled\n", un);
8157 			} else if (scsi_ifgetcap(SD_ADDRESS(un),
8158 			    "untagged-qing", 0) == 1) {
8159 				un->un_f_opt_queueing = TRUE;
8160 				un->un_saved_throttle = un->un_throttle =
8161 				    min(un->un_throttle, 3);
8162 			} else {
8163 				un->un_f_opt_queueing = FALSE;
8164 				un->un_saved_throttle = un->un_throttle = 1;
8165 			}
8166 		} else if ((scsi_ifgetcap(SD_ADDRESS(un), "untagged-qing", 0)
8167 		    == 1) && (un->un_f_arq_enabled == TRUE)) {
8168 			/* The Host Adapter supports internal queueing. */
8169 			un->un_f_opt_queueing = TRUE;
8170 			un->un_saved_throttle = un->un_throttle =
8171 			    min(un->un_throttle, 3);
8172 		} else {
8173 			un->un_f_opt_queueing = FALSE;
8174 			un->un_saved_throttle = un->un_throttle = 1;
8175 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8176 			    "sd_unit_attach: un:0x%p no tag queueing\n", un);
8177 		}
8178 
8179 
8180 		/* Setup or tear down default wide operations for disks */
8181 
8182 		/*
8183 		 * Note: Legacy: it may be possible for both "sd_max_xfer_size"
8184 		 * and "ssd_max_xfer_size" to exist simultaneously on the same
8185 		 * system and be set to different values. In the future this
8186 		 * code may need to be updated when the ssd module is
8187 		 * obsoleted and removed from the system. (4299588)
8188 		 */
8189 		if ((devp->sd_inq->inq_rdf == RDF_SCSI2) &&
8190 		    (devp->sd_inq->inq_wbus16 || devp->sd_inq->inq_wbus32)) {
8191 			if (scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer",
8192 			    1, 1) == 1) {
8193 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8194 				    "sd_unit_attach: un:0x%p Wide Transfer "
8195 				    "enabled\n", un);
8196 			}
8197 
8198 			/*
8199 			 * If tagged queuing has also been enabled, then
8200 			 * enable large xfers
8201 			 */
8202 			if (un->un_saved_throttle == sd_max_throttle) {
8203 				un->un_max_xfer_size =
8204 				    ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8205 				    sd_max_xfer_size, SD_MAX_XFER_SIZE);
8206 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8207 				    "sd_unit_attach: un:0x%p max transfer "
8208 				    "size=0x%x\n", un, un->un_max_xfer_size);
8209 			}
8210 		} else {
8211 			if (scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer",
8212 			    0, 1) == 1) {
8213 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8214 				    "sd_unit_attach: un:0x%p "
8215 				    "Wide Transfer disabled\n", un);
8216 			}
8217 		}
8218 	} else {
8219 		un->un_tagflags = FLAG_STAG;
8220 		un->un_max_xfer_size = ddi_getprop(DDI_DEV_T_ANY,
8221 		    devi, 0, sd_max_xfer_size, SD_MAX_XFER_SIZE);
8222 	}
8223 
8224 	/*
8225 	 * If this target supports LUN reset, try to enable it.
8226 	 */
8227 	if (un->un_f_lun_reset_enabled) {
8228 		if (scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 1, 1) == 1) {
8229 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_unit_attach: "
8230 			    "un:0x%p lun_reset capability set\n", un);
8231 		} else {
8232 			SD_INFO(SD_LOG_ATTACH_DETACH, un, "sd_unit_attach: "
8233 			    "un:0x%p lun-reset capability not set\n", un);
8234 		}
8235 	}
8236 
8237 	/*
8238 	 * At this point in the attach, we have enough info in the
8239 	 * soft state to be able to issue commands to the target.
8240 	 *
8241 	 * All command paths used below MUST issue their commands as
8242 	 * SD_PATH_DIRECT. This is important as intermediate layers
8243 	 * are not all initialized yet (such as PM).
8244 	 */
8245 
8246 	/*
8247 	 * Send a TEST UNIT READY command to the device. This should clear
8248 	 * any outstanding UNIT ATTENTION that may be present.
8249 	 *
8250 	 * Note: Don't check for success, just track if there is a reservation,
8251 	 * this is a throw away command to clear any unit attentions.
8252 	 *
8253 	 * Note: This MUST be the first command issued to the target during
8254 	 * attach to ensure power on UNIT ATTENTIONS are cleared.
8255 	 * Pass in flag SD_DONT_RETRY_TUR to prevent the long delays associated
8256 	 * with attempts at spinning up a device with no media.
8257 	 */
8258 	if (sd_send_scsi_TEST_UNIT_READY(un, SD_DONT_RETRY_TUR) == EACCES) {
8259 		reservation_flag = SD_TARGET_IS_RESERVED;
8260 	}
8261 
8262 	/*
8263 	 * If the device is NOT a removable media device, attempt to spin
8264 	 * it up (using the START_STOP_UNIT command) and read its capacity
8265 	 * (using the READ CAPACITY command).  Note, however, that either
8266 	 * of these could fail and in some cases we would continue with
8267 	 * the attach despite the failure (see below).
8268 	 */
8269 	if (devp->sd_inq->inq_dtype == DTYPE_DIRECT && !ISREMOVABLE(un)) {
8270 		switch (sd_spin_up_unit(un)) {
8271 		case 0:
8272 			/*
8273 			 * Spin-up was successful; now try to read the
8274 			 * capacity.  If successful then save the results
8275 			 * and mark the capacity & lbasize as valid.
8276 			 */
8277 			SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8278 			    "sd_unit_attach: un:0x%p spin-up successful\n", un);
8279 
8280 			switch (sd_send_scsi_READ_CAPACITY(un, &capacity,
8281 			    &lbasize, SD_PATH_DIRECT)) {
8282 			case 0: {
8283 				if (capacity > DK_MAX_BLOCKS) {
8284 #ifdef _LP64
8285 					/*
8286 					 * Enable descriptor format sense data
8287 					 * so that we can get 64 bit sense
8288 					 * data fields.
8289 					 */
8290 					sd_enable_descr_sense(un);
8291 #else
8292 					/* 32-bit kernels can't handle this */
8293 					scsi_log(SD_DEVINFO(un),
8294 					    sd_label, CE_WARN,
8295 					    "disk has %llu blocks, which "
8296 					    "is too large for a 32-bit "
8297 					    "kernel", capacity);
8298 					goto spinup_failed;
8299 #endif
8300 				}
8301 				/*
8302 				 * The following relies on
8303 				 * sd_send_scsi_READ_CAPACITY never
8304 				 * returning 0 for capacity and/or lbasize.
8305 				 */
8306 				sd_update_block_info(un, lbasize, capacity);
8307 
8308 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8309 				    "sd_unit_attach: un:0x%p capacity = %ld "
8310 				    "blocks; lbasize= %ld.\n", un,
8311 				    un->un_blockcount, un->un_tgt_blocksize);
8312 
8313 				break;
8314 			}
8315 			case EACCES:
8316 				/*
8317 				 * Should never get here if the spin-up
8318 				 * succeeded, but code it in anyway.
8319 				 * From here, just continue with the attach...
8320 				 */
8321 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
8322 				    "sd_unit_attach: un:0x%p "
8323 				    "sd_send_scsi_READ_CAPACITY "
8324 				    "returned reservation conflict\n", un);
8325 				reservation_flag = SD_TARGET_IS_RESERVED;
8326 				break;
8327 			default:
8328 				/*
8329 				 * Likewise, should never get here if the
8330 				 * spin-up succeeded. Just continue with
8331 				 * the attach...
8332 				 */
8333 				break;
8334 			}
8335 			break;
8336 		case EACCES:
8337 			/*
8338 			 * Device is reserved by another host.  In this case
8339 			 * we could not spin it up or read the capacity, but
8340 			 * we continue with the attach anyway.
8341 			 */
8342 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8343 			    "sd_unit_attach: un:0x%p spin-up reservation "
8344 			    "conflict.\n", un);
8345 			reservation_flag = SD_TARGET_IS_RESERVED;
8346 			break;
8347 		default:
8348 			/* Fail the attach if the spin-up failed. */
8349 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
8350 			    "sd_unit_attach: un:0x%p spin-up failed.", un);
8351 			goto spinup_failed;
8352 		}
8353 	}
8354 
8355 	/*
8356 	 * Check to see if this is a MMC drive
8357 	 */
8358 	if (ISCD(un)) {
8359 		sd_set_mmc_caps(un);
8360 	}
8361 
8362 	/*
8363 	 * Create the minor nodes for the device.
8364 	 * Note: If we want to support fdisk on both sparc and intel, this will
8365 	 * have to separate out the notion that VTOC8 is always sparc, and
8366 	 * VTOC16 is always intel (tho these can be the defaults).  The vtoc
8367 	 * type will have to be determined at run-time, and the fdisk
8368 	 * partitioning will have to have been read & set up before we
8369 	 * create the minor nodes. (any other inits (such as kstats) that
8370 	 * also ought to be done before creating the minor nodes?) (Doesn't
8371 	 * setting up the minor nodes kind of imply that we're ready to
8372 	 * handle an open from userland?)
8373 	 */
8374 	if (sd_create_minor_nodes(un, devi) != DDI_SUCCESS) {
8375 		goto create_minor_nodes_failed;
8376 	}
8377 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8378 	    "sd_unit_attach: un:0x%p minor nodes created\n", un);
8379 
8380 	/*
8381 	 * Add a zero-length attribute to tell the world we support
8382 	 * kernel ioctls (for layered drivers)
8383 	 */
8384 	(void) ddi_prop_create(DDI_DEV_T_NONE, devi, DDI_PROP_CANSLEEP,
8385 	    DDI_KERNEL_IOCTL, NULL, 0);
8386 
8387 	/*
8388 	 * Add a boolean property to tell the world we support
8389 	 * the B_FAILFAST flag (for layered drivers)
8390 	 */
8391 	(void) ddi_prop_create(DDI_DEV_T_NONE, devi, DDI_PROP_CANSLEEP,
8392 	    "ddi-failfast-supported", NULL, 0);
8393 
8394 	/*
8395 	 * Initialize power management
8396 	 */
8397 	mutex_init(&un->un_pm_mutex, NULL, MUTEX_DRIVER, NULL);
8398 	cv_init(&un->un_pm_busy_cv, NULL, CV_DRIVER, NULL);
8399 	sd_setup_pm(un, devi);
8400 	if (un->un_f_pm_is_enabled == FALSE) {
8401 		/*
8402 		 * For performance, point to a jump table that does
8403 		 * not include pm.
8404 		 * The direct and priority chains don't change with PM.
8405 		 *
8406 		 * Note: this is currently done based on individual device
8407 		 * capabilities. When an interface for determining system
8408 		 * power enabled state becomes available, or when additional
8409 		 * layers are added to the command chain, these values will
8410 		 * have to be re-evaluated for correctness.
8411 		 */
8412 		if (ISREMOVABLE(un)) {
8413 			un->un_buf_chain_type = SD_CHAIN_INFO_RMMEDIA_NO_PM;
8414 		} else {
8415 			un->un_buf_chain_type = SD_CHAIN_INFO_DISK_NO_PM;
8416 		}
8417 		un->un_uscsi_chain_type  = SD_CHAIN_INFO_USCSI_CMD_NO_PM;
8418 	}
8419 
8420 	/*
8421 	 * This property is set to 0 by HA software to avoid retries
8422 	 * on a reserved disk. (The preferred property name is
8423 	 * "retry-on-reservation-conflict") (1189689)
8424 	 *
8425 	 * Note: The use of a global here can have unintended consequences. A
8426 	 * per instance variable is preferrable to match the capabilities of
8427 	 * different underlying hba's (4402600)
8428 	 */
8429 	sd_retry_on_reservation_conflict = ddi_getprop(DDI_DEV_T_ANY, devi,
8430 	    DDI_PROP_DONTPASS, "retry-on-reservation-conflict",
8431 	    sd_retry_on_reservation_conflict);
8432 	if (sd_retry_on_reservation_conflict != 0) {
8433 		sd_retry_on_reservation_conflict = ddi_getprop(DDI_DEV_T_ANY,
8434 		    devi, DDI_PROP_DONTPASS, sd_resv_conflict_name,
8435 		    sd_retry_on_reservation_conflict);
8436 	}
8437 
8438 	/* Set up options for QFULL handling. */
8439 	if ((rval = ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8440 	    "qfull-retries", -1)) != -1) {
8441 		(void) scsi_ifsetcap(SD_ADDRESS(un), "qfull-retries",
8442 		    rval, 1);
8443 	}
8444 	if ((rval = ddi_getprop(DDI_DEV_T_ANY, devi, 0,
8445 	    "qfull-retry-interval", -1)) != -1) {
8446 		(void) scsi_ifsetcap(SD_ADDRESS(un), "qfull-retry-interval",
8447 		    rval, 1);
8448 	}
8449 
8450 	/*
8451 	 * This just prints a message that announces the existence of the
8452 	 * device. The message is always printed in the system logfile, but
8453 	 * only appears on the console if the system is booted with the
8454 	 * -v (verbose) argument.
8455 	 */
8456 	ddi_report_dev(devi);
8457 
8458 	/*
8459 	 * The framework calls driver attach routines single-threaded
8460 	 * for a given instance.  However we still acquire SD_MUTEX here
8461 	 * because this required for calling the sd_validate_geometry()
8462 	 * and sd_register_devid() functions.
8463 	 */
8464 	mutex_enter(SD_MUTEX(un));
8465 	un->un_f_geometry_is_valid = FALSE;
8466 	un->un_mediastate = DKIO_NONE;
8467 	un->un_reserved = -1;
8468 	if (!ISREMOVABLE(un)) {
8469 		/*
8470 		 * Read and validate the device's geometry (ie, disk label)
8471 		 * A new unformatted drive will not have a valid geometry, but
8472 		 * the driver needs to successfully attach to this device so
8473 		 * the drive can be formatted via ioctls.
8474 		 */
8475 		if (((sd_validate_geometry(un, SD_PATH_DIRECT) ==
8476 		    ENOTSUP)) &&
8477 		    (un->un_blockcount < DK_MAX_BLOCKS)) {
8478 			/*
8479 			 * We found a small disk with an EFI label on it;
8480 			 * we need to fix up the minor nodes accordingly.
8481 			 */
8482 			ddi_remove_minor_node(devi, "h");
8483 			ddi_remove_minor_node(devi, "h,raw");
8484 			(void) ddi_create_minor_node(devi, "wd",
8485 			    S_IFBLK,
8486 			    (instance << SDUNIT_SHIFT) | WD_NODE,
8487 			    un->un_node_type, NULL);
8488 			(void) ddi_create_minor_node(devi, "wd,raw",
8489 			    S_IFCHR,
8490 			    (instance << SDUNIT_SHIFT) | WD_NODE,
8491 			    un->un_node_type, NULL);
8492 		}
8493 	}
8494 
8495 	/*
8496 	 * Read and initialize the devid for the unit.
8497 	 */
8498 	ASSERT(un->un_errstats != NULL);
8499 	if (!ISREMOVABLE(un)) {
8500 		sd_register_devid(un, devi, reservation_flag);
8501 	}
8502 	mutex_exit(SD_MUTEX(un));
8503 
8504 #if (defined(__fibre))
8505 	/*
8506 	 * Register callbacks for fibre only.  You can't do this soley
8507 	 * on the basis of the devid_type because this is hba specific.
8508 	 * We need to query our hba capabilities to find out whether to
8509 	 * register or not.
8510 	 */
8511 	if (un->un_f_is_fibre) {
8512 	    if (strcmp(un->un_node_type, DDI_NT_BLOCK_CHAN)) {
8513 		sd_init_event_callbacks(un);
8514 		SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8515 		    "sd_unit_attach: un:0x%p event callbacks inserted", un);
8516 	    }
8517 	}
8518 #endif
8519 
8520 	if (un->un_f_opt_disable_cache == TRUE) {
8521 		if (sd_disable_caching(un) != 0) {
8522 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8523 			    "sd_unit_attach: un:0x%p Could not disable "
8524 			    "caching", un);
8525 			goto devid_failed;
8526 		}
8527 	}
8528 
8529 	/*
8530 	 * NOTE: Since there is currently no mechanism to
8531 	 * change the state of the Write Cache Enable mode select,
8532 	 * this code just checks the value of the WCE bit
8533 	 * at device attach time.  If a mechanism
8534 	 * is added to the driver to change WCE, un_f_write_cache_enabled
8535 	 * must be updated appropriately.
8536 	 */
8537 	(void) sd_get_write_cache_enabled(un, &wc_enabled);
8538 	mutex_enter(SD_MUTEX(un));
8539 	un->un_f_write_cache_enabled = (wc_enabled != 0);
8540 	mutex_exit(SD_MUTEX(un));
8541 
8542 	/*
8543 	 * Set the pstat and error stat values here, so data obtained during the
8544 	 * previous attach-time routines is available.
8545 	 *
8546 	 * Note: This is a critical sequence that needs to be maintained:
8547 	 *	1) Instantiate the kstats before any routines using the iopath
8548 	 *	   (i.e. sd_send_scsi_cmd).
8549 	 *	2) Initialize the error stats (sd_set_errstats) and partition
8550 	 *	   stats (sd_set_pstats)here, following sd_validate_geometry(),
8551 	 *	   sd_register_devid(), and sd_disable_caching().
8552 	 */
8553 	if (!ISREMOVABLE(un) && (un->un_f_pkstats_enabled == TRUE)) {
8554 		sd_set_pstats(un);
8555 		SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8556 		    "sd_unit_attach: un:0x%p pstats created and set\n", un);
8557 	}
8558 
8559 	sd_set_errstats(un);
8560 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8561 	    "sd_unit_attach: un:0x%p errstats set\n", un);
8562 
8563 	/*
8564 	 * Find out what type of reservation this disk supports.
8565 	 */
8566 	switch (sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_KEYS, 0, NULL)) {
8567 	case 0:
8568 		/*
8569 		 * SCSI-3 reservations are supported.
8570 		 */
8571 		un->un_reservation_type = SD_SCSI3_RESERVATION;
8572 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8573 		    "sd_unit_attach: un:0x%p SCSI-3 reservations\n", un);
8574 		break;
8575 	case ENOTSUP:
8576 		/*
8577 		 * The PERSISTENT RESERVE IN command would not be recognized by
8578 		 * a SCSI-2 device, so assume the reservation type is SCSI-2.
8579 		 */
8580 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8581 		    "sd_unit_attach: un:0x%p SCSI-2 reservations\n", un);
8582 		un->un_reservation_type = SD_SCSI2_RESERVATION;
8583 		break;
8584 	default:
8585 		/*
8586 		 * default to SCSI-3 reservations
8587 		 */
8588 		SD_INFO(SD_LOG_ATTACH_DETACH, un,
8589 		    "sd_unit_attach: un:0x%p default SCSI3 reservations\n", un);
8590 		un->un_reservation_type = SD_SCSI3_RESERVATION;
8591 		break;
8592 	}
8593 
8594 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
8595 	    "sd_unit_attach: un:0x%p exit success\n", un);
8596 
8597 	return (DDI_SUCCESS);
8598 
8599 	/*
8600 	 * An error occurred during the attach; clean up & return failure.
8601 	 */
8602 
8603 devid_failed:
8604 
8605 setup_pm_failed:
8606 	ddi_remove_minor_node(devi, NULL);
8607 
8608 create_minor_nodes_failed:
8609 	/*
8610 	 * Cleanup from the scsi_ifsetcap() calls (437868)
8611 	 */
8612 	(void) scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 0, 1);
8613 	(void) scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer", 0, 1);
8614 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
8615 
8616 	if (un->un_f_is_fibre == FALSE) {
8617 	    (void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 0, 1);
8618 	}
8619 
8620 spinup_failed:
8621 
8622 	mutex_enter(SD_MUTEX(un));
8623 
8624 	/* Cancel callback for SD_PATH_DIRECT_PRIORITY cmd. restart */
8625 	if (un->un_direct_priority_timeid != NULL) {
8626 		timeout_id_t temp_id = un->un_direct_priority_timeid;
8627 		un->un_direct_priority_timeid = NULL;
8628 		mutex_exit(SD_MUTEX(un));
8629 		(void) untimeout(temp_id);
8630 		mutex_enter(SD_MUTEX(un));
8631 	}
8632 
8633 	/* Cancel any pending start/stop timeouts */
8634 	if (un->un_startstop_timeid != NULL) {
8635 		timeout_id_t temp_id = un->un_startstop_timeid;
8636 		un->un_startstop_timeid = NULL;
8637 		mutex_exit(SD_MUTEX(un));
8638 		(void) untimeout(temp_id);
8639 		mutex_enter(SD_MUTEX(un));
8640 	}
8641 
8642 	/* Cancel any pending reset-throttle timeouts */
8643 	if (un->un_reset_throttle_timeid != NULL) {
8644 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
8645 		un->un_reset_throttle_timeid = NULL;
8646 		mutex_exit(SD_MUTEX(un));
8647 		(void) untimeout(temp_id);
8648 		mutex_enter(SD_MUTEX(un));
8649 	}
8650 
8651 	/* Cancel any pending retry timeouts */
8652 	if (un->un_retry_timeid != NULL) {
8653 		timeout_id_t temp_id = un->un_retry_timeid;
8654 		un->un_retry_timeid = NULL;
8655 		mutex_exit(SD_MUTEX(un));
8656 		(void) untimeout(temp_id);
8657 		mutex_enter(SD_MUTEX(un));
8658 	}
8659 
8660 	/* Cancel any pending delayed cv broadcast timeouts */
8661 	if (un->un_dcvb_timeid != NULL) {
8662 		timeout_id_t temp_id = un->un_dcvb_timeid;
8663 		un->un_dcvb_timeid = NULL;
8664 		mutex_exit(SD_MUTEX(un));
8665 		(void) untimeout(temp_id);
8666 		mutex_enter(SD_MUTEX(un));
8667 	}
8668 
8669 	mutex_exit(SD_MUTEX(un));
8670 
8671 	/* There should not be any in-progress I/O so ASSERT this check */
8672 	ASSERT(un->un_ncmds_in_transport == 0);
8673 	ASSERT(un->un_ncmds_in_driver == 0);
8674 
8675 	/* Do not free the softstate if the callback routine is active */
8676 	sd_sync_with_callback(un);
8677 
8678 	/*
8679 	 * Partition stats apparently are not used with removables. These would
8680 	 * not have been created during attach, so no need to clean them up...
8681 	 */
8682 	if (un->un_stats != NULL) {
8683 		kstat_delete(un->un_stats);
8684 		un->un_stats = NULL;
8685 	}
8686 	if (un->un_errstats != NULL) {
8687 		kstat_delete(un->un_errstats);
8688 		un->un_errstats = NULL;
8689 	}
8690 
8691 	ddi_xbuf_attr_unregister_devinfo(un->un_xbuf_attr, devi);
8692 	ddi_xbuf_attr_destroy(un->un_xbuf_attr);
8693 
8694 	ddi_prop_remove_all(devi);
8695 	sema_destroy(&un->un_semoclose);
8696 	cv_destroy(&un->un_state_cv);
8697 
8698 getrbuf_failed:
8699 
8700 	sd_free_rqs(un);
8701 
8702 alloc_rqs_failed:
8703 
8704 	devp->sd_private = NULL;
8705 	bzero(un, sizeof (struct sd_lun));	/* Clear any stale data! */
8706 
8707 get_softstate_failed:
8708 	/*
8709 	 * Note: the man pages are unclear as to whether or not doing a
8710 	 * ddi_soft_state_free(sd_state, instance) is the right way to
8711 	 * clean up after the ddi_soft_state_zalloc() if the subsequent
8712 	 * ddi_get_soft_state() fails.  The implication seems to be
8713 	 * that the get_soft_state cannot fail if the zalloc succeeds.
8714 	 */
8715 	ddi_soft_state_free(sd_state, instance);
8716 
8717 probe_failed:
8718 	scsi_unprobe(devp);
8719 #ifdef SDDEBUG
8720 	if ((sd_component_mask & SD_LOG_ATTACH_DETACH) &&
8721 	    (sd_level_mask & SD_LOGMASK_TRACE)) {
8722 		cmn_err(CE_CONT, "sd_unit_attach: un:0x%p exit failure\n",
8723 		    (void *)un);
8724 	}
8725 #endif
8726 	return (DDI_FAILURE);
8727 }
8728 
8729 
8730 /*
8731  *    Function: sd_unit_detach
8732  *
8733  * Description: Performs DDI_DETACH processing for sddetach().
8734  *
8735  * Return Code: DDI_SUCCESS
8736  *		DDI_FAILURE
8737  *
8738  *     Context: Kernel thread context
8739  */
8740 
8741 static int
8742 sd_unit_detach(dev_info_t *devi)
8743 {
8744 	struct scsi_device	*devp;
8745 	struct sd_lun		*un;
8746 	int			i;
8747 	dev_t			dev;
8748 	int			instance = ddi_get_instance(devi);
8749 
8750 	mutex_enter(&sd_detach_mutex);
8751 
8752 	/*
8753 	 * Fail the detach for any of the following:
8754 	 *  - Unable to get the sd_lun struct for the instance
8755 	 *  - A layered driver has an outstanding open on the instance
8756 	 *  - Another thread is already detaching this instance
8757 	 *  - Another thread is currently performing an open
8758 	 */
8759 	devp = ddi_get_driver_private(devi);
8760 	if ((devp == NULL) ||
8761 	    ((un = (struct sd_lun *)devp->sd_private) == NULL) ||
8762 	    (un->un_ncmds_in_driver != 0) || (un->un_layer_count != 0) ||
8763 	    (un->un_detach_count != 0) || (un->un_opens_in_progress != 0)) {
8764 		mutex_exit(&sd_detach_mutex);
8765 		return (DDI_FAILURE);
8766 	}
8767 
8768 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_unit_detach: entry 0x%p\n", un);
8769 
8770 	/*
8771 	 * Mark this instance as currently in a detach, to inhibit any
8772 	 * opens from a layered driver.
8773 	 */
8774 	un->un_detach_count++;
8775 	mutex_exit(&sd_detach_mutex);
8776 
8777 	dev = sd_make_device(SD_DEVINFO(un));
8778 
8779 	_NOTE(COMPETING_THREADS_NOW);
8780 
8781 	mutex_enter(SD_MUTEX(un));
8782 
8783 	/*
8784 	 * Fail the detach if there are any outstanding layered
8785 	 * opens on this device.
8786 	 */
8787 	for (i = 0; i < NDKMAP; i++) {
8788 		if (un->un_ocmap.lyropen[i] != 0) {
8789 			goto err_notclosed;
8790 		}
8791 	}
8792 
8793 	/*
8794 	 * Verify there are NO outstanding commands issued to this device.
8795 	 * ie, un_ncmds_in_transport == 0.
8796 	 * It's possible to have outstanding commands through the physio
8797 	 * code path, even though everything's closed.
8798 	 */
8799 	if ((un->un_ncmds_in_transport != 0) || (un->un_retry_timeid != NULL) ||
8800 	    (un->un_direct_priority_timeid != NULL) ||
8801 	    (un->un_state == SD_STATE_RWAIT)) {
8802 		mutex_exit(SD_MUTEX(un));
8803 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8804 		    "sd_dr_detach: Detach failure due to outstanding cmds\n");
8805 		goto err_stillbusy;
8806 	}
8807 
8808 	/*
8809 	 * If we have the device reserved, release the reservation.
8810 	 */
8811 	if ((un->un_resvd_status & SD_RESERVE) &&
8812 	    !(un->un_resvd_status & SD_LOST_RESERVE)) {
8813 		mutex_exit(SD_MUTEX(un));
8814 		/*
8815 		 * Note: sd_reserve_release sends a command to the device
8816 		 * via the sd_ioctlcmd() path, and can sleep.
8817 		 */
8818 		if (sd_reserve_release(dev, SD_RELEASE) != 0) {
8819 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8820 			    "sd_dr_detach: Cannot release reservation \n");
8821 		}
8822 	} else {
8823 		mutex_exit(SD_MUTEX(un));
8824 	}
8825 
8826 	/*
8827 	 * Untimeout any reserve recover, throttle reset, restart unit
8828 	 * and delayed broadcast timeout threads. Protect the timeout pointer
8829 	 * from getting nulled by their callback functions.
8830 	 */
8831 	mutex_enter(SD_MUTEX(un));
8832 	if (un->un_resvd_timeid != NULL) {
8833 		timeout_id_t temp_id = un->un_resvd_timeid;
8834 		un->un_resvd_timeid = NULL;
8835 		mutex_exit(SD_MUTEX(un));
8836 		(void) untimeout(temp_id);
8837 		mutex_enter(SD_MUTEX(un));
8838 	}
8839 
8840 	if (un->un_reset_throttle_timeid != NULL) {
8841 		timeout_id_t temp_id = un->un_reset_throttle_timeid;
8842 		un->un_reset_throttle_timeid = NULL;
8843 		mutex_exit(SD_MUTEX(un));
8844 		(void) untimeout(temp_id);
8845 		mutex_enter(SD_MUTEX(un));
8846 	}
8847 
8848 	if (un->un_startstop_timeid != NULL) {
8849 		timeout_id_t temp_id = un->un_startstop_timeid;
8850 		un->un_startstop_timeid = NULL;
8851 		mutex_exit(SD_MUTEX(un));
8852 		(void) untimeout(temp_id);
8853 		mutex_enter(SD_MUTEX(un));
8854 	}
8855 
8856 	if (un->un_dcvb_timeid != NULL) {
8857 		timeout_id_t temp_id = un->un_dcvb_timeid;
8858 		un->un_dcvb_timeid = NULL;
8859 		mutex_exit(SD_MUTEX(un));
8860 		(void) untimeout(temp_id);
8861 	} else {
8862 		mutex_exit(SD_MUTEX(un));
8863 	}
8864 
8865 	/* Remove any pending reservation reclaim requests for this device */
8866 	sd_rmv_resv_reclaim_req(dev);
8867 
8868 	mutex_enter(SD_MUTEX(un));
8869 
8870 	/* Cancel any pending callbacks for SD_PATH_DIRECT_PRIORITY cmd. */
8871 	if (un->un_direct_priority_timeid != NULL) {
8872 		timeout_id_t temp_id = un->un_direct_priority_timeid;
8873 		un->un_direct_priority_timeid = NULL;
8874 		mutex_exit(SD_MUTEX(un));
8875 		(void) untimeout(temp_id);
8876 		mutex_enter(SD_MUTEX(un));
8877 	}
8878 
8879 	/* Cancel any active multi-host disk watch thread requests */
8880 	if (un->un_mhd_token != NULL) {
8881 		mutex_exit(SD_MUTEX(un));
8882 		 _NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_mhd_token));
8883 		if (scsi_watch_request_terminate(un->un_mhd_token,
8884 		    SCSI_WATCH_TERMINATE_NOWAIT)) {
8885 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8886 			    "sd_dr_detach: Cannot cancel mhd watch request\n");
8887 			/*
8888 			 * Note: We are returning here after having removed
8889 			 * some driver timeouts above. This is consistent with
8890 			 * the legacy implementation but perhaps the watch
8891 			 * terminate call should be made with the wait flag set.
8892 			 */
8893 			goto err_stillbusy;
8894 		}
8895 		mutex_enter(SD_MUTEX(un));
8896 		un->un_mhd_token = NULL;
8897 	}
8898 
8899 	if (un->un_swr_token != NULL) {
8900 		mutex_exit(SD_MUTEX(un));
8901 		_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_swr_token));
8902 		if (scsi_watch_request_terminate(un->un_swr_token,
8903 		    SCSI_WATCH_TERMINATE_NOWAIT)) {
8904 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8905 			    "sd_dr_detach: Cannot cancel swr watch request\n");
8906 			/*
8907 			 * Note: We are returning here after having removed
8908 			 * some driver timeouts above. This is consistent with
8909 			 * the legacy implementation but perhaps the watch
8910 			 * terminate call should be made with the wait flag set.
8911 			 */
8912 			goto err_stillbusy;
8913 		}
8914 		mutex_enter(SD_MUTEX(un));
8915 		un->un_swr_token = NULL;
8916 	}
8917 
8918 	mutex_exit(SD_MUTEX(un));
8919 
8920 	/*
8921 	 * Clear any scsi_reset_notifies. We clear the reset notifies
8922 	 * if we have not registered one.
8923 	 * Note: The sd_mhd_reset_notify_cb() fn tries to acquire SD_MUTEX!
8924 	 */
8925 	(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_CANCEL,
8926 	    sd_mhd_reset_notify_cb, (caddr_t)un);
8927 
8928 	/*
8929 	 * protect the timeout pointers from getting nulled by
8930 	 * their callback functions during the cancellation process.
8931 	 * In such a scenario untimeout can be invoked with a null value.
8932 	 */
8933 	_NOTE(NO_COMPETING_THREADS_NOW);
8934 
8935 	mutex_enter(&un->un_pm_mutex);
8936 	if (un->un_pm_idle_timeid != NULL) {
8937 		timeout_id_t temp_id = un->un_pm_idle_timeid;
8938 		un->un_pm_idle_timeid = NULL;
8939 		mutex_exit(&un->un_pm_mutex);
8940 
8941 		/*
8942 		 * Timeout is active; cancel it.
8943 		 * Note that it'll never be active on a device
8944 		 * that does not support PM therefore we don't
8945 		 * have to check before calling pm_idle_component.
8946 		 */
8947 		(void) untimeout(temp_id);
8948 		(void) pm_idle_component(SD_DEVINFO(un), 0);
8949 		mutex_enter(&un->un_pm_mutex);
8950 	}
8951 
8952 	/*
8953 	 * Check whether there is already a timeout scheduled for power
8954 	 * management. If yes then don't lower the power here, that's.
8955 	 * the timeout handler's job.
8956 	 */
8957 	if (un->un_pm_timeid != NULL) {
8958 		timeout_id_t temp_id = un->un_pm_timeid;
8959 		un->un_pm_timeid = NULL;
8960 		mutex_exit(&un->un_pm_mutex);
8961 		/*
8962 		 * Timeout is active; cancel it.
8963 		 * Note that it'll never be active on a device
8964 		 * that does not support PM therefore we don't
8965 		 * have to check before calling pm_idle_component.
8966 		 */
8967 		(void) untimeout(temp_id);
8968 		(void) pm_idle_component(SD_DEVINFO(un), 0);
8969 
8970 	} else {
8971 		mutex_exit(&un->un_pm_mutex);
8972 		if ((un->un_f_pm_is_enabled == TRUE) &&
8973 		    (pm_lower_power(SD_DEVINFO(un), 0, SD_SPINDLE_OFF) !=
8974 		    DDI_SUCCESS)) {
8975 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
8976 		    "sd_dr_detach: Lower power request failed, ignoring.\n");
8977 			/*
8978 			 * Fix for bug: 4297749, item # 13
8979 			 * The above test now includes a check to see if PM is
8980 			 * supported by this device before call
8981 			 * pm_lower_power().
8982 			 * Note, the following is not dead code. The call to
8983 			 * pm_lower_power above will generate a call back into
8984 			 * our sdpower routine which might result in a timeout
8985 			 * handler getting activated. Therefore the following
8986 			 * code is valid and necessary.
8987 			 */
8988 			mutex_enter(&un->un_pm_mutex);
8989 			if (un->un_pm_timeid != NULL) {
8990 				timeout_id_t temp_id = un->un_pm_timeid;
8991 				un->un_pm_timeid = NULL;
8992 				mutex_exit(&un->un_pm_mutex);
8993 				(void) untimeout(temp_id);
8994 				(void) pm_idle_component(SD_DEVINFO(un), 0);
8995 			} else {
8996 				mutex_exit(&un->un_pm_mutex);
8997 			}
8998 		}
8999 	}
9000 
9001 	/*
9002 	 * Cleanup from the scsi_ifsetcap() calls (437868)
9003 	 * Relocated here from above to be after the call to
9004 	 * pm_lower_power, which was getting errors.
9005 	 */
9006 	(void) scsi_ifsetcap(SD_ADDRESS(un), "lun-reset", 0, 1);
9007 	(void) scsi_ifsetcap(SD_ADDRESS(un), "wide-xfer", 0, 1);
9008 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
9009 
9010 	if (un->un_f_is_fibre == FALSE) {
9011 		(void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 0, 1);
9012 	}
9013 
9014 	/*
9015 	 * Remove any event callbacks, fibre only
9016 	 */
9017 	if (un->un_f_is_fibre == TRUE) {
9018 		if ((un->un_insert_event != NULL) &&
9019 			(ddi_remove_event_handler(un->un_insert_cb_id) !=
9020 				DDI_SUCCESS)) {
9021 			/*
9022 			 * Note: We are returning here after having done
9023 			 * substantial cleanup above. This is consistent
9024 			 * with the legacy implementation but this may not
9025 			 * be the right thing to do.
9026 			 */
9027 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9028 				"sd_dr_detach: Cannot cancel insert event\n");
9029 			goto err_remove_event;
9030 		}
9031 		un->un_insert_event = NULL;
9032 
9033 		if ((un->un_remove_event != NULL) &&
9034 			(ddi_remove_event_handler(un->un_remove_cb_id) !=
9035 				DDI_SUCCESS)) {
9036 			/*
9037 			 * Note: We are returning here after having done
9038 			 * substantial cleanup above. This is consistent
9039 			 * with the legacy implementation but this may not
9040 			 * be the right thing to do.
9041 			 */
9042 			SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9043 				"sd_dr_detach: Cannot cancel remove event\n");
9044 			goto err_remove_event;
9045 		}
9046 		un->un_remove_event = NULL;
9047 	}
9048 
9049 	/* Do not free the softstate if the callback routine is active */
9050 	sd_sync_with_callback(un);
9051 
9052 	/*
9053 	 * Hold the detach mutex here, to make sure that no other threads ever
9054 	 * can access a (partially) freed soft state structure.
9055 	 */
9056 	mutex_enter(&sd_detach_mutex);
9057 
9058 	/*
9059 	 * Clean up the soft state struct.
9060 	 * Cleanup is done in reverse order of allocs/inits.
9061 	 * At this point there should be no competing threads anymore.
9062 	 */
9063 
9064 	/* Unregister and free device id. */
9065 	ddi_devid_unregister(devi);
9066 	if (un->un_devid) {
9067 		ddi_devid_free(un->un_devid);
9068 		un->un_devid = NULL;
9069 	}
9070 
9071 	/*
9072 	 * Destroy wmap cache if it exists.
9073 	 */
9074 	if (un->un_wm_cache != NULL) {
9075 		kmem_cache_destroy(un->un_wm_cache);
9076 		un->un_wm_cache = NULL;
9077 	}
9078 
9079 	/* Remove minor nodes */
9080 	ddi_remove_minor_node(devi, NULL);
9081 
9082 	/*
9083 	 * kstat cleanup is done in detach for all device types (4363169).
9084 	 * We do not want to fail detach if the device kstats are not deleted
9085 	 * since there is a confusion about the devo_refcnt for the device.
9086 	 * We just delete the kstats and let detach complete successfully.
9087 	 */
9088 	if (un->un_stats != NULL) {
9089 		kstat_delete(un->un_stats);
9090 		un->un_stats = NULL;
9091 	}
9092 	if (un->un_errstats != NULL) {
9093 		kstat_delete(un->un_errstats);
9094 		un->un_errstats = NULL;
9095 	}
9096 
9097 	/* Remove partition stats (not created for removables) */
9098 	if (!ISREMOVABLE(un)) {
9099 		for (i = 0; i < NSDMAP; i++) {
9100 			if (un->un_pstats[i] != NULL) {
9101 				kstat_delete(un->un_pstats[i]);
9102 				un->un_pstats[i] = NULL;
9103 			}
9104 		}
9105 	}
9106 
9107 	/* Remove xbuf registration */
9108 	ddi_xbuf_attr_unregister_devinfo(un->un_xbuf_attr, devi);
9109 	ddi_xbuf_attr_destroy(un->un_xbuf_attr);
9110 
9111 	/* Remove driver properties */
9112 	ddi_prop_remove_all(devi);
9113 
9114 	mutex_destroy(&un->un_pm_mutex);
9115 	cv_destroy(&un->un_pm_busy_cv);
9116 
9117 	/* Open/close semaphore */
9118 	sema_destroy(&un->un_semoclose);
9119 
9120 	/* Removable media condvar. */
9121 	cv_destroy(&un->un_state_cv);
9122 
9123 	/* Suspend/resume condvar. */
9124 	cv_destroy(&un->un_suspend_cv);
9125 	cv_destroy(&un->un_disk_busy_cv);
9126 
9127 	sd_free_rqs(un);
9128 
9129 	/* Free up soft state */
9130 	devp->sd_private = NULL;
9131 	bzero(un, sizeof (struct sd_lun));
9132 	ddi_soft_state_free(sd_state, instance);
9133 
9134 	mutex_exit(&sd_detach_mutex);
9135 
9136 	/* This frees up the INQUIRY data associated with the device. */
9137 	scsi_unprobe(devp);
9138 
9139 	return (DDI_SUCCESS);
9140 
9141 err_notclosed:
9142 	mutex_exit(SD_MUTEX(un));
9143 
9144 err_stillbusy:
9145 	_NOTE(NO_COMPETING_THREADS_NOW);
9146 
9147 err_remove_event:
9148 	mutex_enter(&sd_detach_mutex);
9149 	un->un_detach_count--;
9150 	mutex_exit(&sd_detach_mutex);
9151 
9152 	SD_TRACE(SD_LOG_ATTACH_DETACH, un, "sd_unit_detach: exit failure\n");
9153 	return (DDI_FAILURE);
9154 }
9155 
9156 
9157 /*
9158  * Driver minor node structure and data table
9159  */
9160 struct driver_minor_data {
9161 	char	*name;
9162 	minor_t	minor;
9163 	int	type;
9164 };
9165 
9166 static struct driver_minor_data sd_minor_data[] = {
9167 	{"a", 0, S_IFBLK},
9168 	{"b", 1, S_IFBLK},
9169 	{"c", 2, S_IFBLK},
9170 	{"d", 3, S_IFBLK},
9171 	{"e", 4, S_IFBLK},
9172 	{"f", 5, S_IFBLK},
9173 	{"g", 6, S_IFBLK},
9174 	{"h", 7, S_IFBLK},
9175 #if defined(_SUNOS_VTOC_16)
9176 	{"i", 8, S_IFBLK},
9177 	{"j", 9, S_IFBLK},
9178 	{"k", 10, S_IFBLK},
9179 	{"l", 11, S_IFBLK},
9180 	{"m", 12, S_IFBLK},
9181 	{"n", 13, S_IFBLK},
9182 	{"o", 14, S_IFBLK},
9183 	{"p", 15, S_IFBLK},
9184 #endif			/* defined(_SUNOS_VTOC_16) */
9185 #if defined(_FIRMWARE_NEEDS_FDISK)
9186 	{"q", 16, S_IFBLK},
9187 	{"r", 17, S_IFBLK},
9188 	{"s", 18, S_IFBLK},
9189 	{"t", 19, S_IFBLK},
9190 	{"u", 20, S_IFBLK},
9191 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9192 	{"a,raw", 0, S_IFCHR},
9193 	{"b,raw", 1, S_IFCHR},
9194 	{"c,raw", 2, S_IFCHR},
9195 	{"d,raw", 3, S_IFCHR},
9196 	{"e,raw", 4, S_IFCHR},
9197 	{"f,raw", 5, S_IFCHR},
9198 	{"g,raw", 6, S_IFCHR},
9199 	{"h,raw", 7, S_IFCHR},
9200 #if defined(_SUNOS_VTOC_16)
9201 	{"i,raw", 8, S_IFCHR},
9202 	{"j,raw", 9, S_IFCHR},
9203 	{"k,raw", 10, S_IFCHR},
9204 	{"l,raw", 11, S_IFCHR},
9205 	{"m,raw", 12, S_IFCHR},
9206 	{"n,raw", 13, S_IFCHR},
9207 	{"o,raw", 14, S_IFCHR},
9208 	{"p,raw", 15, S_IFCHR},
9209 #endif			/* defined(_SUNOS_VTOC_16) */
9210 #if defined(_FIRMWARE_NEEDS_FDISK)
9211 	{"q,raw", 16, S_IFCHR},
9212 	{"r,raw", 17, S_IFCHR},
9213 	{"s,raw", 18, S_IFCHR},
9214 	{"t,raw", 19, S_IFCHR},
9215 	{"u,raw", 20, S_IFCHR},
9216 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9217 	{0}
9218 };
9219 
9220 static struct driver_minor_data sd_minor_data_efi[] = {
9221 	{"a", 0, S_IFBLK},
9222 	{"b", 1, S_IFBLK},
9223 	{"c", 2, S_IFBLK},
9224 	{"d", 3, S_IFBLK},
9225 	{"e", 4, S_IFBLK},
9226 	{"f", 5, S_IFBLK},
9227 	{"g", 6, S_IFBLK},
9228 	{"wd", 7, S_IFBLK},
9229 #if defined(_FIRMWARE_NEEDS_FDISK)
9230 	{"q", 16, S_IFBLK},
9231 	{"r", 17, S_IFBLK},
9232 	{"s", 18, S_IFBLK},
9233 	{"t", 19, S_IFBLK},
9234 	{"u", 20, S_IFBLK},
9235 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9236 	{"a,raw", 0, S_IFCHR},
9237 	{"b,raw", 1, S_IFCHR},
9238 	{"c,raw", 2, S_IFCHR},
9239 	{"d,raw", 3, S_IFCHR},
9240 	{"e,raw", 4, S_IFCHR},
9241 	{"f,raw", 5, S_IFCHR},
9242 	{"g,raw", 6, S_IFCHR},
9243 	{"wd,raw", 7, S_IFCHR},
9244 #if defined(_FIRMWARE_NEEDS_FDISK)
9245 	{"q,raw", 16, S_IFCHR},
9246 	{"r,raw", 17, S_IFCHR},
9247 	{"s,raw", 18, S_IFCHR},
9248 	{"t,raw", 19, S_IFCHR},
9249 	{"u,raw", 20, S_IFCHR},
9250 #endif			/* defined(_FIRMWARE_NEEDS_FDISK) */
9251 	{0}
9252 };
9253 
9254 
9255 /*
9256  *    Function: sd_create_minor_nodes
9257  *
9258  * Description: Create the minor device nodes for the instance.
9259  *
9260  *   Arguments: un - driver soft state (unit) structure
9261  *		devi - pointer to device info structure
9262  *
9263  * Return Code: DDI_SUCCESS
9264  *		DDI_FAILURE
9265  *
9266  *     Context: Kernel thread context
9267  */
9268 
9269 static int
9270 sd_create_minor_nodes(struct sd_lun *un, dev_info_t *devi)
9271 {
9272 	struct driver_minor_data	*dmdp;
9273 	struct scsi_device		*devp;
9274 	int				instance;
9275 	char				name[48];
9276 
9277 	ASSERT(un != NULL);
9278 	devp = ddi_get_driver_private(devi);
9279 	instance = ddi_get_instance(devp->sd_dev);
9280 
9281 	/*
9282 	 * Create all the minor nodes for this target.
9283 	 */
9284 	if (un->un_blockcount > DK_MAX_BLOCKS)
9285 		dmdp = sd_minor_data_efi;
9286 	else
9287 		dmdp = sd_minor_data;
9288 	while (dmdp->name != NULL) {
9289 
9290 		(void) sprintf(name, "%s", dmdp->name);
9291 
9292 		if (ddi_create_minor_node(devi, name, dmdp->type,
9293 		    (instance << SDUNIT_SHIFT) | dmdp->minor,
9294 		    un->un_node_type, NULL) == DDI_FAILURE) {
9295 			/*
9296 			 * Clean up any nodes that may have been created, in
9297 			 * case this fails in the middle of the loop.
9298 			 */
9299 			ddi_remove_minor_node(devi, NULL);
9300 			return (DDI_FAILURE);
9301 		}
9302 		dmdp++;
9303 	}
9304 
9305 	return (DDI_SUCCESS);
9306 }
9307 
9308 
9309 /*
9310  *    Function: sd_create_errstats
9311  *
9312  * Description: This routine instantiates the device error stats.
9313  *
9314  *		Note: During attach the stats are instantiated first so they are
9315  *		available for attach-time routines that utilize the driver
9316  *		iopath to send commands to the device. The stats are initialized
9317  *		separately so data obtained during some attach-time routines is
9318  *		available. (4362483)
9319  *
9320  *   Arguments: un - driver soft state (unit) structure
9321  *		instance - driver instance
9322  *
9323  *     Context: Kernel thread context
9324  */
9325 
9326 static void
9327 sd_create_errstats(struct sd_lun *un, int instance)
9328 {
9329 	struct	sd_errstats	*stp;
9330 	char	kstatmodule_err[KSTAT_STRLEN];
9331 	char	kstatname[KSTAT_STRLEN];
9332 	int	ndata = (sizeof (struct sd_errstats) / sizeof (kstat_named_t));
9333 
9334 	ASSERT(un != NULL);
9335 
9336 	if (un->un_errstats != NULL) {
9337 		return;
9338 	}
9339 
9340 	(void) snprintf(kstatmodule_err, sizeof (kstatmodule_err),
9341 	    "%serr", sd_label);
9342 	(void) snprintf(kstatname, sizeof (kstatname),
9343 	    "%s%d,err", sd_label, instance);
9344 
9345 	un->un_errstats = kstat_create(kstatmodule_err, instance, kstatname,
9346 	    "device_error", KSTAT_TYPE_NAMED, ndata, KSTAT_FLAG_PERSISTENT);
9347 
9348 	if (un->un_errstats == NULL) {
9349 		SD_ERROR(SD_LOG_ATTACH_DETACH, un,
9350 		    "sd_create_errstats: Failed kstat_create\n");
9351 		return;
9352 	}
9353 
9354 	stp = (struct sd_errstats *)un->un_errstats->ks_data;
9355 	kstat_named_init(&stp->sd_softerrs,	"Soft Errors",
9356 	    KSTAT_DATA_UINT32);
9357 	kstat_named_init(&stp->sd_harderrs,	"Hard Errors",
9358 	    KSTAT_DATA_UINT32);
9359 	kstat_named_init(&stp->sd_transerrs,	"Transport Errors",
9360 	    KSTAT_DATA_UINT32);
9361 	kstat_named_init(&stp->sd_vid,		"Vendor",
9362 	    KSTAT_DATA_CHAR);
9363 	kstat_named_init(&stp->sd_pid,		"Product",
9364 	    KSTAT_DATA_CHAR);
9365 	kstat_named_init(&stp->sd_revision,	"Revision",
9366 	    KSTAT_DATA_CHAR);
9367 	kstat_named_init(&stp->sd_serial,	"Serial No",
9368 	    KSTAT_DATA_CHAR);
9369 	kstat_named_init(&stp->sd_capacity,	"Size",
9370 	    KSTAT_DATA_ULONGLONG);
9371 	kstat_named_init(&stp->sd_rq_media_err,	"Media Error",
9372 	    KSTAT_DATA_UINT32);
9373 	kstat_named_init(&stp->sd_rq_ntrdy_err,	"Device Not Ready",
9374 	    KSTAT_DATA_UINT32);
9375 	kstat_named_init(&stp->sd_rq_nodev_err,	"No Device",
9376 	    KSTAT_DATA_UINT32);
9377 	kstat_named_init(&stp->sd_rq_recov_err,	"Recoverable",
9378 	    KSTAT_DATA_UINT32);
9379 	kstat_named_init(&stp->sd_rq_illrq_err,	"Illegal Request",
9380 	    KSTAT_DATA_UINT32);
9381 	kstat_named_init(&stp->sd_rq_pfa_err,	"Predictive Failure Analysis",
9382 	    KSTAT_DATA_UINT32);
9383 
9384 	un->un_errstats->ks_private = un;
9385 	un->un_errstats->ks_update  = nulldev;
9386 
9387 	kstat_install(un->un_errstats);
9388 }
9389 
9390 
9391 /*
9392  *    Function: sd_set_errstats
9393  *
9394  * Description: This routine sets the value of the vendor id, product id,
9395  *		revision, serial number, and capacity device error stats.
9396  *
9397  *		Note: During attach the stats are instantiated first so they are
9398  *		available for attach-time routines that utilize the driver
9399  *		iopath to send commands to the device. The stats are initialized
9400  *		separately so data obtained during some attach-time routines is
9401  *		available. (4362483)
9402  *
9403  *   Arguments: un - driver soft state (unit) structure
9404  *
9405  *     Context: Kernel thread context
9406  */
9407 
9408 static void
9409 sd_set_errstats(struct sd_lun *un)
9410 {
9411 	struct	sd_errstats	*stp;
9412 
9413 	ASSERT(un != NULL);
9414 	ASSERT(un->un_errstats != NULL);
9415 	stp = (struct sd_errstats *)un->un_errstats->ks_data;
9416 	ASSERT(stp != NULL);
9417 	(void) strncpy(stp->sd_vid.value.c, un->un_sd->sd_inq->inq_vid, 8);
9418 	(void) strncpy(stp->sd_pid.value.c, un->un_sd->sd_inq->inq_pid, 16);
9419 	(void) strncpy(stp->sd_revision.value.c,
9420 	    un->un_sd->sd_inq->inq_revision, 4);
9421 
9422 	/*
9423 	 * Set the "Serial No" kstat for Sun qualified drives (indicated by
9424 	 * "SUN" in bytes 25-27 of the inquiry data (bytes 9-11 of the pid)
9425 	 * (4376302))
9426 	 */
9427 	if (bcmp(&SD_INQUIRY(un)->inq_pid[9], "SUN", 3) == 0) {
9428 		bcopy(&SD_INQUIRY(un)->inq_serial, stp->sd_serial.value.c,
9429 		    sizeof (SD_INQUIRY(un)->inq_serial));
9430 	}
9431 
9432 	if (un->un_f_blockcount_is_valid != TRUE) {
9433 		/*
9434 		 * Set capacity error stat to 0 for no media. This ensures
9435 		 * a valid capacity is displayed in response to 'iostat -E'
9436 		 * when no media is present in the device.
9437 		 */
9438 		stp->sd_capacity.value.ui64 = 0;
9439 	} else {
9440 		/*
9441 		 * Multiply un_blockcount by un->un_sys_blocksize to get
9442 		 * capacity.
9443 		 *
9444 		 * Note: for non-512 blocksize devices "un_blockcount" has been
9445 		 * "scaled" in sd_send_scsi_READ_CAPACITY by multiplying by
9446 		 * (un_tgt_blocksize / un->un_sys_blocksize).
9447 		 */
9448 		stp->sd_capacity.value.ui64 = (uint64_t)
9449 		    ((uint64_t)un->un_blockcount * un->un_sys_blocksize);
9450 	}
9451 }
9452 
9453 
9454 /*
9455  *    Function: sd_set_pstats
9456  *
9457  * Description: This routine instantiates and initializes the partition
9458  *              stats for each partition with more than zero blocks.
9459  *		(4363169)
9460  *
9461  *   Arguments: un - driver soft state (unit) structure
9462  *
9463  *     Context: Kernel thread context
9464  */
9465 
9466 static void
9467 sd_set_pstats(struct sd_lun *un)
9468 {
9469 	char	kstatname[KSTAT_STRLEN];
9470 	int	instance;
9471 	int	i;
9472 
9473 	ASSERT(un != NULL);
9474 
9475 	instance = ddi_get_instance(SD_DEVINFO(un));
9476 
9477 	/* Note:x86: is this a VTOC8/VTOC16 difference? */
9478 	for (i = 0; i < NSDMAP; i++) {
9479 		if ((un->un_pstats[i] == NULL) &&
9480 		    (un->un_map[i].dkl_nblk != 0)) {
9481 			(void) snprintf(kstatname, sizeof (kstatname),
9482 			    "%s%d,%s", sd_label, instance,
9483 			    sd_minor_data[i].name);
9484 			un->un_pstats[i] = kstat_create(sd_label,
9485 			    instance, kstatname, "partition", KSTAT_TYPE_IO,
9486 			    1, KSTAT_FLAG_PERSISTENT);
9487 			if (un->un_pstats[i] != NULL) {
9488 				un->un_pstats[i]->ks_lock = SD_MUTEX(un);
9489 				kstat_install(un->un_pstats[i]);
9490 			}
9491 		}
9492 	}
9493 }
9494 
9495 
9496 #if (defined(__fibre))
9497 /*
9498  *    Function: sd_init_event_callbacks
9499  *
9500  * Description: This routine initializes the insertion and removal event
9501  *		callbacks. (fibre only)
9502  *
9503  *   Arguments: un - driver soft state (unit) structure
9504  *
9505  *     Context: Kernel thread context
9506  */
9507 
9508 static void
9509 sd_init_event_callbacks(struct sd_lun *un)
9510 {
9511 	ASSERT(un != NULL);
9512 
9513 	if ((un->un_insert_event == NULL) &&
9514 	    (ddi_get_eventcookie(SD_DEVINFO(un), FCAL_INSERT_EVENT,
9515 	    &un->un_insert_event) == DDI_SUCCESS)) {
9516 		/*
9517 		 * Add the callback for an insertion event
9518 		 */
9519 		(void) ddi_add_event_handler(SD_DEVINFO(un),
9520 		    un->un_insert_event, sd_event_callback, (void *)un,
9521 		    &(un->un_insert_cb_id));
9522 	}
9523 
9524 	if ((un->un_remove_event == NULL) &&
9525 	    (ddi_get_eventcookie(SD_DEVINFO(un), FCAL_REMOVE_EVENT,
9526 	    &un->un_remove_event) == DDI_SUCCESS)) {
9527 		/*
9528 		 * Add the callback for a removal event
9529 		 */
9530 		(void) ddi_add_event_handler(SD_DEVINFO(un),
9531 		    un->un_remove_event, sd_event_callback, (void *)un,
9532 		    &(un->un_remove_cb_id));
9533 	}
9534 }
9535 
9536 
9537 /*
9538  *    Function: sd_event_callback
9539  *
9540  * Description: This routine handles insert/remove events (photon). The
9541  *		state is changed to OFFLINE which can be used to supress
9542  *		error msgs. (fibre only)
9543  *
9544  *   Arguments: un - driver soft state (unit) structure
9545  *
9546  *     Context: Callout thread context
9547  */
9548 /* ARGSUSED */
9549 static void
9550 sd_event_callback(dev_info_t *dip, ddi_eventcookie_t event, void *arg,
9551     void *bus_impldata)
9552 {
9553 	struct sd_lun *un = (struct sd_lun *)arg;
9554 
9555 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_insert_event));
9556 	if (event == un->un_insert_event) {
9557 		SD_TRACE(SD_LOG_COMMON, un, "sd_event_callback: insert event");
9558 		mutex_enter(SD_MUTEX(un));
9559 		if (un->un_state == SD_STATE_OFFLINE) {
9560 			if (un->un_last_state != SD_STATE_SUSPENDED) {
9561 				un->un_state = un->un_last_state;
9562 			} else {
9563 				/*
9564 				 * We have gone through SUSPEND/RESUME while
9565 				 * we were offline. Restore the last state
9566 				 */
9567 				un->un_state = un->un_save_state;
9568 			}
9569 		}
9570 		mutex_exit(SD_MUTEX(un));
9571 
9572 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_remove_event));
9573 	} else if (event == un->un_remove_event) {
9574 		SD_TRACE(SD_LOG_COMMON, un, "sd_event_callback: remove event");
9575 		mutex_enter(SD_MUTEX(un));
9576 		/*
9577 		 * We need to handle an event callback that occurs during
9578 		 * the suspend operation, since we don't prevent it.
9579 		 */
9580 		if (un->un_state != SD_STATE_OFFLINE) {
9581 			if (un->un_state != SD_STATE_SUSPENDED) {
9582 				New_state(un, SD_STATE_OFFLINE);
9583 			} else {
9584 				un->un_last_state = SD_STATE_OFFLINE;
9585 			}
9586 		}
9587 		mutex_exit(SD_MUTEX(un));
9588 	} else {
9589 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
9590 		    "!Unknown event\n");
9591 	}
9592 
9593 }
9594 #endif
9595 
9596 
9597 /*
9598  *    Function: sd_disable_caching()
9599  *
9600  * Description: This routine is the driver entry point for disabling
9601  *		read and write caching by modifying the WCE (write cache
9602  *		enable) and RCD (read cache disable) bits of mode
9603  *		page 8 (MODEPAGE_CACHING).
9604  *
9605  *   Arguments: un - driver soft state (unit) structure
9606  *
9607  * Return Code: EIO
9608  *		code returned by sd_send_scsi_MODE_SENSE and
9609  *		sd_send_scsi_MODE_SELECT
9610  *
9611  *     Context: Kernel Thread
9612  */
9613 
9614 static int
9615 sd_disable_caching(struct sd_lun *un)
9616 {
9617 	struct mode_caching	*mode_caching_page;
9618 	uchar_t			*header;
9619 	size_t			buflen;
9620 	int			hdrlen;
9621 	int			bd_len;
9622 	int			rval = 0;
9623 
9624 	ASSERT(un != NULL);
9625 
9626 	/*
9627 	 * Do a test unit ready, otherwise a mode sense may not work if this
9628 	 * is the first command sent to the device after boot.
9629 	 */
9630 	(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
9631 
9632 	if (un->un_f_cfg_is_atapi == TRUE) {
9633 		hdrlen = MODE_HEADER_LENGTH_GRP2;
9634 	} else {
9635 		hdrlen = MODE_HEADER_LENGTH;
9636 	}
9637 
9638 	/*
9639 	 * Allocate memory for the retrieved mode page and its headers.  Set
9640 	 * a pointer to the page itself.
9641 	 */
9642 	buflen = hdrlen + MODE_BLK_DESC_LENGTH + sizeof (struct mode_caching);
9643 	header = kmem_zalloc(buflen, KM_SLEEP);
9644 
9645 	/* Get the information from the device. */
9646 	if (un->un_f_cfg_is_atapi == TRUE) {
9647 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, header, buflen,
9648 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9649 	} else {
9650 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
9651 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9652 	}
9653 	if (rval != 0) {
9654 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
9655 		    "sd_disable_caching: Mode Sense Failed\n");
9656 		kmem_free(header, buflen);
9657 		return (rval);
9658 	}
9659 
9660 	/*
9661 	 * Determine size of Block Descriptors in order to locate
9662 	 * the mode page data. ATAPI devices return 0, SCSI devices
9663 	 * should return MODE_BLK_DESC_LENGTH.
9664 	 */
9665 	if (un->un_f_cfg_is_atapi == TRUE) {
9666 		struct mode_header_grp2	*mhp;
9667 		mhp	= (struct mode_header_grp2 *)header;
9668 		bd_len  = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
9669 	} else {
9670 		bd_len  = ((struct mode_header *)header)->bdesc_length;
9671 	}
9672 
9673 	if (bd_len > MODE_BLK_DESC_LENGTH) {
9674 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
9675 		    "sd_disable_caching: Mode Sense returned invalid "
9676 		    "block descriptor length\n");
9677 		kmem_free(header, buflen);
9678 		return (EIO);
9679 	}
9680 
9681 	mode_caching_page = (struct mode_caching *)(header + hdrlen + bd_len);
9682 
9683 	/* Check the relevant bits on successful mode sense. */
9684 	if ((mode_caching_page->wce) || !(mode_caching_page->rcd)) {
9685 		/*
9686 		 * Read or write caching is enabled.  Disable both of them.
9687 		 */
9688 		mode_caching_page->wce = 0;
9689 		mode_caching_page->rcd = 1;
9690 
9691 		/* Clear reserved bits before mode select. */
9692 		mode_caching_page->mode_page.ps = 0;
9693 
9694 		/*
9695 		 * Clear out mode header for mode select.
9696 		 * The rest of the retrieved page will be reused.
9697 		 */
9698 		bzero(header, hdrlen);
9699 
9700 		/* Change the cache page to disable all caching. */
9701 		if (un->un_f_cfg_is_atapi == TRUE) {
9702 			rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP1, header,
9703 			    buflen, SD_SAVE_PAGE, SD_PATH_DIRECT);
9704 		} else {
9705 			rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, header,
9706 			    buflen, SD_SAVE_PAGE, SD_PATH_DIRECT);
9707 		}
9708 	}
9709 
9710 	kmem_free(header, buflen);
9711 	return (rval);
9712 }
9713 
9714 
9715 /*
9716  *    Function: sd_get_write_cache_enabled()
9717  *
9718  * Description: This routine is the driver entry point for determining if
9719  *		write caching is enabled.  It examines the WCE (write cache
9720  *		enable) bits of mode page 8 (MODEPAGE_CACHING).
9721  *
9722  *   Arguments: un - driver soft state (unit) structure
9723  *   		is_enabled - pointer to int where write cache enabled state
9724  *   			is returned (non-zero -> write cache enabled)
9725  *
9726  *
9727  * Return Code: EIO
9728  *		code returned by sd_send_scsi_MODE_SENSE
9729  *
9730  *     Context: Kernel Thread
9731  *
9732  * NOTE: If ioctl is added to disable write cache, this sequence should
9733  * be followed so that no locking is required for accesses to
9734  * un->un_f_write_cache_enabled:
9735  * 	do mode select to clear wce
9736  * 	do synchronize cache to flush cache
9737  * 	set un->un_f_write_cache_enabled = FALSE
9738  *
9739  * Conversely, an ioctl to enable the write cache should be done
9740  * in this order:
9741  * 	set un->un_f_write_cache_enabled = TRUE
9742  * 	do mode select to set wce
9743  */
9744 
9745 static int
9746 sd_get_write_cache_enabled(struct sd_lun *un, int *is_enabled)
9747 {
9748 	struct mode_caching	*mode_caching_page;
9749 	uchar_t			*header;
9750 	size_t			buflen;
9751 	int			hdrlen;
9752 	int			bd_len;
9753 	int			rval = 0;
9754 
9755 	ASSERT(un != NULL);
9756 	ASSERT(is_enabled != NULL);
9757 
9758 	/* in case of error, flag as enabled */
9759 	*is_enabled = TRUE;
9760 
9761 	/*
9762 	 * Do a test unit ready, otherwise a mode sense may not work if this
9763 	 * is the first command sent to the device after boot.
9764 	 */
9765 	(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
9766 
9767 	if (un->un_f_cfg_is_atapi == TRUE) {
9768 		hdrlen = MODE_HEADER_LENGTH_GRP2;
9769 	} else {
9770 		hdrlen = MODE_HEADER_LENGTH;
9771 	}
9772 
9773 	/*
9774 	 * Allocate memory for the retrieved mode page and its headers.  Set
9775 	 * a pointer to the page itself.
9776 	 */
9777 	buflen = hdrlen + MODE_BLK_DESC_LENGTH + sizeof (struct mode_caching);
9778 	header = kmem_zalloc(buflen, KM_SLEEP);
9779 
9780 	/* Get the information from the device. */
9781 	if (un->un_f_cfg_is_atapi == TRUE) {
9782 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, header, buflen,
9783 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9784 	} else {
9785 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, header, buflen,
9786 		    MODEPAGE_CACHING, SD_PATH_DIRECT);
9787 	}
9788 	if (rval != 0) {
9789 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
9790 		    "sd_get_write_cache_enabled: Mode Sense Failed\n");
9791 		kmem_free(header, buflen);
9792 		return (rval);
9793 	}
9794 
9795 	/*
9796 	 * Determine size of Block Descriptors in order to locate
9797 	 * the mode page data. ATAPI devices return 0, SCSI devices
9798 	 * should return MODE_BLK_DESC_LENGTH.
9799 	 */
9800 	if (un->un_f_cfg_is_atapi == TRUE) {
9801 		struct mode_header_grp2	*mhp;
9802 		mhp	= (struct mode_header_grp2 *)header;
9803 		bd_len  = (mhp->bdesc_length_hi << 8) | mhp->bdesc_length_lo;
9804 	} else {
9805 		bd_len  = ((struct mode_header *)header)->bdesc_length;
9806 	}
9807 
9808 	if (bd_len > MODE_BLK_DESC_LENGTH) {
9809 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
9810 		    "sd_get_write_cache_enabled: Mode Sense returned invalid "
9811 		    "block descriptor length\n");
9812 		kmem_free(header, buflen);
9813 		return (EIO);
9814 	}
9815 
9816 	mode_caching_page = (struct mode_caching *)(header + hdrlen + bd_len);
9817 	*is_enabled = mode_caching_page->wce;
9818 
9819 	kmem_free(header, buflen);
9820 	return (0);
9821 }
9822 
9823 
9824 /*
9825  *    Function: sd_make_device
9826  *
9827  * Description: Utility routine to return the Solaris device number from
9828  *		the data in the device's dev_info structure.
9829  *
9830  * Return Code: The Solaris device number
9831  *
9832  *     Context: Any
9833  */
9834 
9835 static dev_t
9836 sd_make_device(dev_info_t *devi)
9837 {
9838 	return (makedevice(ddi_name_to_major(ddi_get_name(devi)),
9839 	    ddi_get_instance(devi) << SDUNIT_SHIFT));
9840 }
9841 
9842 
9843 /*
9844  *    Function: sd_pm_entry
9845  *
9846  * Description: Called at the start of a new command to manage power
9847  *		and busy status of a device. This includes determining whether
9848  *		the current power state of the device is sufficient for
9849  *		performing the command or whether it must be changed.
9850  *		The PM framework is notified appropriately.
9851  *		Only with a return status of DDI_SUCCESS will the
9852  *		component be busy to the framework.
9853  *
9854  *		All callers of sd_pm_entry must check the return status
9855  *		and only call sd_pm_exit it it was DDI_SUCCESS. A status
9856  *		of DDI_FAILURE indicates the device failed to power up.
9857  *		In this case un_pm_count has been adjusted so the result
9858  *		on exit is still powered down, ie. count is less than 0.
9859  *		Calling sd_pm_exit with this count value hits an ASSERT.
9860  *
9861  * Return Code: DDI_SUCCESS or DDI_FAILURE
9862  *
9863  *     Context: Kernel thread context.
9864  */
9865 
9866 static int
9867 sd_pm_entry(struct sd_lun *un)
9868 {
9869 	int return_status = DDI_SUCCESS;
9870 
9871 	ASSERT(!mutex_owned(SD_MUTEX(un)));
9872 	ASSERT(!mutex_owned(&un->un_pm_mutex));
9873 
9874 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_entry: entry\n");
9875 
9876 	if (un->un_f_pm_is_enabled == FALSE) {
9877 		SD_TRACE(SD_LOG_IO_PM, un,
9878 		    "sd_pm_entry: exiting, PM not enabled\n");
9879 		return (return_status);
9880 	}
9881 
9882 	/*
9883 	 * Just increment a counter if PM is enabled. On the transition from
9884 	 * 0 ==> 1, mark the device as busy.  The iodone side will decrement
9885 	 * the count with each IO and mark the device as idle when the count
9886 	 * hits 0.
9887 	 *
9888 	 * If the count is less than 0 the device is powered down. If a powered
9889 	 * down device is successfully powered up then the count must be
9890 	 * incremented to reflect the power up. Note that it'll get incremented
9891 	 * a second time to become busy.
9892 	 *
9893 	 * Because the following has the potential to change the device state
9894 	 * and must release the un_pm_mutex to do so, only one thread can be
9895 	 * allowed through at a time.
9896 	 */
9897 
9898 	mutex_enter(&un->un_pm_mutex);
9899 	while (un->un_pm_busy == TRUE) {
9900 		cv_wait(&un->un_pm_busy_cv, &un->un_pm_mutex);
9901 	}
9902 	un->un_pm_busy = TRUE;
9903 
9904 	if (un->un_pm_count < 1) {
9905 
9906 		SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_entry: busy component\n");
9907 
9908 		/*
9909 		 * Indicate we are now busy so the framework won't attempt to
9910 		 * power down the device. This call will only fail if either
9911 		 * we passed a bad component number or the device has no
9912 		 * components. Neither of these should ever happen.
9913 		 */
9914 		mutex_exit(&un->un_pm_mutex);
9915 		return_status = pm_busy_component(SD_DEVINFO(un), 0);
9916 		ASSERT(return_status == DDI_SUCCESS);
9917 
9918 		mutex_enter(&un->un_pm_mutex);
9919 
9920 		if (un->un_pm_count < 0) {
9921 			mutex_exit(&un->un_pm_mutex);
9922 
9923 			SD_TRACE(SD_LOG_IO_PM, un,
9924 			    "sd_pm_entry: power up component\n");
9925 
9926 			/*
9927 			 * pm_raise_power will cause sdpower to be called
9928 			 * which brings the device power level to the
9929 			 * desired state, ON in this case. If successful,
9930 			 * un_pm_count and un_power_level will be updated
9931 			 * appropriately.
9932 			 */
9933 			return_status = pm_raise_power(SD_DEVINFO(un), 0,
9934 			    SD_SPINDLE_ON);
9935 
9936 			mutex_enter(&un->un_pm_mutex);
9937 
9938 			if (return_status != DDI_SUCCESS) {
9939 				/*
9940 				 * Power up failed.
9941 				 * Idle the device and adjust the count
9942 				 * so the result on exit is that we're
9943 				 * still powered down, ie. count is less than 0.
9944 				 */
9945 				SD_TRACE(SD_LOG_IO_PM, un,
9946 				    "sd_pm_entry: power up failed,"
9947 				    " idle the component\n");
9948 
9949 				(void) pm_idle_component(SD_DEVINFO(un), 0);
9950 				un->un_pm_count--;
9951 			} else {
9952 				/*
9953 				 * Device is powered up, verify the
9954 				 * count is non-negative.
9955 				 * This is debug only.
9956 				 */
9957 				ASSERT(un->un_pm_count == 0);
9958 			}
9959 		}
9960 
9961 		if (return_status == DDI_SUCCESS) {
9962 			/*
9963 			 * For performance, now that the device has been tagged
9964 			 * as busy, and it's known to be powered up, update the
9965 			 * chain types to use jump tables that do not include
9966 			 * pm. This significantly lowers the overhead and
9967 			 * therefore improves performance.
9968 			 */
9969 
9970 			mutex_exit(&un->un_pm_mutex);
9971 			mutex_enter(SD_MUTEX(un));
9972 			SD_TRACE(SD_LOG_IO_PM, un,
9973 			    "sd_pm_entry: changing uscsi_chain_type from %d\n",
9974 			    un->un_uscsi_chain_type);
9975 
9976 			if (ISREMOVABLE(un)) {
9977 				un->un_buf_chain_type =
9978 				    SD_CHAIN_INFO_RMMEDIA_NO_PM;
9979 			} else {
9980 				un->un_buf_chain_type =
9981 				    SD_CHAIN_INFO_DISK_NO_PM;
9982 			}
9983 			un->un_uscsi_chain_type = SD_CHAIN_INFO_USCSI_CMD_NO_PM;
9984 
9985 			SD_TRACE(SD_LOG_IO_PM, un,
9986 			    "             changed  uscsi_chain_type to   %d\n",
9987 			    un->un_uscsi_chain_type);
9988 			mutex_exit(SD_MUTEX(un));
9989 			mutex_enter(&un->un_pm_mutex);
9990 
9991 			if (un->un_pm_idle_timeid == NULL) {
9992 				/* 300 ms. */
9993 				un->un_pm_idle_timeid =
9994 				    timeout(sd_pm_idletimeout_handler, un,
9995 				    (drv_usectohz((clock_t)300000)));
9996 				/*
9997 				 * Include an extra call to busy which keeps the
9998 				 * device busy with-respect-to the PM layer
9999 				 * until the timer fires, at which time it'll
10000 				 * get the extra idle call.
10001 				 */
10002 				(void) pm_busy_component(SD_DEVINFO(un), 0);
10003 			}
10004 		}
10005 	}
10006 	un->un_pm_busy = FALSE;
10007 	/* Next... */
10008 	cv_signal(&un->un_pm_busy_cv);
10009 
10010 	un->un_pm_count++;
10011 
10012 	SD_TRACE(SD_LOG_IO_PM, un,
10013 	    "sd_pm_entry: exiting, un_pm_count = %d\n", un->un_pm_count);
10014 
10015 	mutex_exit(&un->un_pm_mutex);
10016 
10017 	return (return_status);
10018 }
10019 
10020 
10021 /*
10022  *    Function: sd_pm_exit
10023  *
10024  * Description: Called at the completion of a command to manage busy
10025  *		status for the device. If the device becomes idle the
10026  *		PM framework is notified.
10027  *
10028  *     Context: Kernel thread context
10029  */
10030 
10031 static void
10032 sd_pm_exit(struct sd_lun *un)
10033 {
10034 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10035 	ASSERT(!mutex_owned(&un->un_pm_mutex));
10036 
10037 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_exit: entry\n");
10038 
10039 	/*
10040 	 * After attach the following flag is only read, so don't
10041 	 * take the penalty of acquiring a mutex for it.
10042 	 */
10043 	if (un->un_f_pm_is_enabled == TRUE) {
10044 
10045 		mutex_enter(&un->un_pm_mutex);
10046 		un->un_pm_count--;
10047 
10048 		SD_TRACE(SD_LOG_IO_PM, un,
10049 		    "sd_pm_exit: un_pm_count = %d\n", un->un_pm_count);
10050 
10051 		ASSERT(un->un_pm_count >= 0);
10052 		if (un->un_pm_count == 0) {
10053 			mutex_exit(&un->un_pm_mutex);
10054 
10055 			SD_TRACE(SD_LOG_IO_PM, un,
10056 			    "sd_pm_exit: idle component\n");
10057 
10058 			(void) pm_idle_component(SD_DEVINFO(un), 0);
10059 
10060 		} else {
10061 			mutex_exit(&un->un_pm_mutex);
10062 		}
10063 	}
10064 
10065 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_exit: exiting\n");
10066 }
10067 
10068 
10069 /*
10070  *    Function: sdopen
10071  *
10072  * Description: Driver's open(9e) entry point function.
10073  *
10074  *   Arguments: dev_i   - pointer to device number
10075  *		flag    - how to open file (FEXCL, FNDELAY, FREAD, FWRITE)
10076  *		otyp    - open type (OTYP_BLK, OTYP_CHR, OTYP_LYR)
10077  *		cred_p  - user credential pointer
10078  *
10079  * Return Code: EINVAL
10080  *		ENXIO
10081  *		EIO
10082  *		EROFS
10083  *		EBUSY
10084  *
10085  *     Context: Kernel thread context
10086  */
10087 /* ARGSUSED */
10088 static int
10089 sdopen(dev_t *dev_p, int flag, int otyp, cred_t *cred_p)
10090 {
10091 	struct sd_lun	*un;
10092 	int		nodelay;
10093 	int		part;
10094 	uint64_t	partmask;
10095 	int		instance;
10096 	dev_t		dev;
10097 	int		rval = EIO;
10098 
10099 	/* Validate the open type */
10100 	if (otyp >= OTYPCNT) {
10101 		return (EINVAL);
10102 	}
10103 
10104 	dev = *dev_p;
10105 	instance = SDUNIT(dev);
10106 	mutex_enter(&sd_detach_mutex);
10107 
10108 	/*
10109 	 * Fail the open if there is no softstate for the instance, or
10110 	 * if another thread somewhere is trying to detach the instance.
10111 	 */
10112 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
10113 	    (un->un_detach_count != 0)) {
10114 		mutex_exit(&sd_detach_mutex);
10115 		/*
10116 		 * The probe cache only needs to be cleared when open (9e) fails
10117 		 * with ENXIO (4238046).
10118 		 */
10119 		/*
10120 		 * un-conditionally clearing probe cache is ok with
10121 		 * separate sd/ssd binaries
10122 		 * x86 platform can be an issue with both parallel
10123 		 * and fibre in 1 binary
10124 		 */
10125 		sd_scsi_clear_probe_cache();
10126 		return (ENXIO);
10127 	}
10128 
10129 	/*
10130 	 * The un_layer_count is to prevent another thread in specfs from
10131 	 * trying to detach the instance, which can happen when we are
10132 	 * called from a higher-layer driver instead of thru specfs.
10133 	 * This will not be needed when DDI provides a layered driver
10134 	 * interface that allows specfs to know that an instance is in
10135 	 * use by a layered driver & should not be detached.
10136 	 *
10137 	 * Note: the semantics for layered driver opens are exactly one
10138 	 * close for every open.
10139 	 */
10140 	if (otyp == OTYP_LYR) {
10141 		un->un_layer_count++;
10142 	}
10143 
10144 	/*
10145 	 * Keep a count of the current # of opens in progress. This is because
10146 	 * some layered drivers try to call us as a regular open. This can
10147 	 * cause problems that we cannot prevent, however by keeping this count
10148 	 * we can at least keep our open and detach routines from racing against
10149 	 * each other under such conditions.
10150 	 */
10151 	un->un_opens_in_progress++;
10152 	mutex_exit(&sd_detach_mutex);
10153 
10154 	nodelay  = (flag & (FNDELAY | FNONBLOCK));
10155 	part	 = SDPART(dev);
10156 	partmask = 1 << part;
10157 
10158 	/*
10159 	 * We use a semaphore here in order to serialize
10160 	 * open and close requests on the device.
10161 	 */
10162 	sema_p(&un->un_semoclose);
10163 
10164 	mutex_enter(SD_MUTEX(un));
10165 
10166 	/*
10167 	 * All device accesses go thru sdstrategy() where we check
10168 	 * on suspend status but there could be a scsi_poll command,
10169 	 * which bypasses sdstrategy(), so we need to check pm
10170 	 * status.
10171 	 */
10172 
10173 	if (!nodelay) {
10174 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10175 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10176 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10177 		}
10178 
10179 		mutex_exit(SD_MUTEX(un));
10180 		if (sd_pm_entry(un) != DDI_SUCCESS) {
10181 			rval = EIO;
10182 			SD_ERROR(SD_LOG_OPEN_CLOSE, un,
10183 			    "sdopen: sd_pm_entry failed\n");
10184 			goto open_failed_with_pm;
10185 		}
10186 		mutex_enter(SD_MUTEX(un));
10187 	}
10188 
10189 	/* check for previous exclusive open */
10190 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: un=%p\n", (void *)un);
10191 	SD_TRACE(SD_LOG_OPEN_CLOSE, un,
10192 	    "sdopen: exclopen=%x, flag=%x, regopen=%x\n",
10193 	    un->un_exclopen, flag, un->un_ocmap.regopen[otyp]);
10194 
10195 	if (un->un_exclopen & (partmask)) {
10196 		goto excl_open_fail;
10197 	}
10198 
10199 	if (flag & FEXCL) {
10200 		int i;
10201 		if (un->un_ocmap.lyropen[part]) {
10202 			goto excl_open_fail;
10203 		}
10204 		for (i = 0; i < (OTYPCNT - 1); i++) {
10205 			if (un->un_ocmap.regopen[i] & (partmask)) {
10206 				goto excl_open_fail;
10207 			}
10208 		}
10209 	}
10210 
10211 	/*
10212 	 * Check the write permission if this is a removable media device,
10213 	 * NDELAY has not been set, and writable permission is requested.
10214 	 *
10215 	 * Note: If NDELAY was set and this is write-protected media the WRITE
10216 	 * attempt will fail with EIO as part of the I/O processing. This is a
10217 	 * more permissive implementation that allows the open to succeed and
10218 	 * WRITE attempts to fail when appropriate.
10219 	 */
10220 	if (ISREMOVABLE(un)) {
10221 		if ((flag & FWRITE) && (!nodelay)) {
10222 			mutex_exit(SD_MUTEX(un));
10223 			/*
10224 			 * Defer the check for write permission on writable
10225 			 * DVD drive till sdstrategy and will not fail open even
10226 			 * if FWRITE is set as the device can be writable
10227 			 * depending upon the media and the media can change
10228 			 * after the call to open().
10229 			 */
10230 			if (un->un_f_dvdram_writable_device == FALSE) {
10231 				if (ISCD(un) || sr_check_wp(dev)) {
10232 				rval = EROFS;
10233 				mutex_enter(SD_MUTEX(un));
10234 				SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10235 				    "write to cd or write protected media\n");
10236 				goto open_fail;
10237 				}
10238 			}
10239 			mutex_enter(SD_MUTEX(un));
10240 		}
10241 	}
10242 
10243 	/*
10244 	 * If opening in NDELAY/NONBLOCK mode, just return.
10245 	 * Check if disk is ready and has a valid geometry later.
10246 	 */
10247 	if (!nodelay) {
10248 		mutex_exit(SD_MUTEX(un));
10249 		rval = sd_ready_and_valid(un);
10250 		mutex_enter(SD_MUTEX(un));
10251 		/*
10252 		 * Fail if device is not ready or if the number of disk
10253 		 * blocks is zero or negative for non CD devices.
10254 		 */
10255 		if ((rval != SD_READY_VALID) ||
10256 		    (!ISCD(un) && un->un_map[part].dkl_nblk <= 0)) {
10257 			if (ISREMOVABLE(un)) {
10258 				rval = ENXIO;
10259 			} else {
10260 				rval = EIO;
10261 			}
10262 			SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10263 			    "device not ready or invalid disk block value\n");
10264 			goto open_fail;
10265 		}
10266 #if defined(__i386) || defined(__amd64)
10267 	} else {
10268 		uchar_t *cp;
10269 		/*
10270 		 * x86 requires special nodelay handling, so that p0 is
10271 		 * always defined and accessible.
10272 		 * Invalidate geometry only if device is not already open.
10273 		 */
10274 		cp = &un->un_ocmap.chkd[0];
10275 		while (cp < &un->un_ocmap.chkd[OCSIZE]) {
10276 			if (*cp != (uchar_t)0) {
10277 			    break;
10278 			}
10279 			cp++;
10280 		}
10281 		if (cp == &un->un_ocmap.chkd[OCSIZE]) {
10282 			un->un_f_geometry_is_valid = FALSE;
10283 		}
10284 
10285 #endif
10286 	}
10287 
10288 	if (otyp == OTYP_LYR) {
10289 		un->un_ocmap.lyropen[part]++;
10290 	} else {
10291 		un->un_ocmap.regopen[otyp] |= partmask;
10292 	}
10293 
10294 	/* Set up open and exclusive open flags */
10295 	if (flag & FEXCL) {
10296 		un->un_exclopen |= (partmask);
10297 	}
10298 
10299 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: "
10300 	    "open of part %d type %d\n", part, otyp);
10301 
10302 	mutex_exit(SD_MUTEX(un));
10303 	if (!nodelay) {
10304 		sd_pm_exit(un);
10305 	}
10306 
10307 	sema_v(&un->un_semoclose);
10308 
10309 	mutex_enter(&sd_detach_mutex);
10310 	un->un_opens_in_progress--;
10311 	mutex_exit(&sd_detach_mutex);
10312 
10313 	SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdopen: exit success\n");
10314 	return (DDI_SUCCESS);
10315 
10316 excl_open_fail:
10317 	SD_ERROR(SD_LOG_OPEN_CLOSE, un, "sdopen: fail exclusive open\n");
10318 	rval = EBUSY;
10319 
10320 open_fail:
10321 	mutex_exit(SD_MUTEX(un));
10322 
10323 	/*
10324 	 * On a failed open we must exit the pm management.
10325 	 */
10326 	if (!nodelay) {
10327 		sd_pm_exit(un);
10328 	}
10329 open_failed_with_pm:
10330 	sema_v(&un->un_semoclose);
10331 
10332 	mutex_enter(&sd_detach_mutex);
10333 	un->un_opens_in_progress--;
10334 	if (otyp == OTYP_LYR) {
10335 		un->un_layer_count--;
10336 	}
10337 	mutex_exit(&sd_detach_mutex);
10338 
10339 	return (rval);
10340 }
10341 
10342 
10343 /*
10344  *    Function: sdclose
10345  *
10346  * Description: Driver's close(9e) entry point function.
10347  *
10348  *   Arguments: dev    - device number
10349  *		flag   - file status flag, informational only
10350  *		otyp   - close type (OTYP_BLK, OTYP_CHR, OTYP_LYR)
10351  *		cred_p - user credential pointer
10352  *
10353  * Return Code: ENXIO
10354  *
10355  *     Context: Kernel thread context
10356  */
10357 /* ARGSUSED */
10358 static int
10359 sdclose(dev_t dev, int flag, int otyp, cred_t *cred_p)
10360 {
10361 	struct sd_lun	*un;
10362 	uchar_t		*cp;
10363 	int		part;
10364 	int		nodelay;
10365 	int		rval = 0;
10366 
10367 	/* Validate the open type */
10368 	if (otyp >= OTYPCNT) {
10369 		return (ENXIO);
10370 	}
10371 
10372 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10373 		return (ENXIO);
10374 	}
10375 
10376 	part = SDPART(dev);
10377 	nodelay = flag & (FNDELAY | FNONBLOCK);
10378 
10379 	SD_TRACE(SD_LOG_OPEN_CLOSE, un,
10380 	    "sdclose: close of part %d type %d\n", part, otyp);
10381 
10382 	/*
10383 	 * We use a semaphore here in order to serialize
10384 	 * open and close requests on the device.
10385 	 */
10386 	sema_p(&un->un_semoclose);
10387 
10388 	mutex_enter(SD_MUTEX(un));
10389 
10390 	/* Don't proceed if power is being changed. */
10391 	while (un->un_state == SD_STATE_PM_CHANGING) {
10392 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10393 	}
10394 
10395 	if (un->un_exclopen & (1 << part)) {
10396 		un->un_exclopen &= ~(1 << part);
10397 	}
10398 
10399 	/* Update the open partition map */
10400 	if (otyp == OTYP_LYR) {
10401 		un->un_ocmap.lyropen[part] -= 1;
10402 	} else {
10403 		un->un_ocmap.regopen[otyp] &= ~(1 << part);
10404 	}
10405 
10406 	cp = &un->un_ocmap.chkd[0];
10407 	while (cp < &un->un_ocmap.chkd[OCSIZE]) {
10408 		if (*cp != NULL) {
10409 			break;
10410 		}
10411 		cp++;
10412 	}
10413 
10414 	if (cp == &un->un_ocmap.chkd[OCSIZE]) {
10415 		SD_TRACE(SD_LOG_OPEN_CLOSE, un, "sdclose: last close\n");
10416 
10417 		/*
10418 		 * We avoid persistance upon the last close, and set
10419 		 * the throttle back to the maximum.
10420 		 */
10421 		un->un_throttle = un->un_saved_throttle;
10422 
10423 		if (un->un_state == SD_STATE_OFFLINE) {
10424 			if (un->un_f_is_fibre == FALSE) {
10425 				scsi_log(SD_DEVINFO(un), sd_label,
10426 					CE_WARN, "offline\n");
10427 			}
10428 			un->un_f_geometry_is_valid = FALSE;
10429 
10430 		} else {
10431 			/*
10432 			 * Flush any outstanding writes in NVRAM cache.
10433 			 * Note: SYNCHRONIZE CACHE is an optional SCSI-2
10434 			 * cmd, it may not work for non-Pluto devices.
10435 			 * SYNCHRONIZE CACHE is not required for removables,
10436 			 * except DVD-RAM drives.
10437 			 *
10438 			 * Also note: because SYNCHRONIZE CACHE is currently
10439 			 * the only command issued here that requires the
10440 			 * drive be powered up, only do the power up before
10441 			 * sending the Sync Cache command. If additional
10442 			 * commands are added which require a powered up
10443 			 * drive, the following sequence may have to change.
10444 			 *
10445 			 * And finally, note that parallel SCSI on SPARC
10446 			 * only issues a Sync Cache to DVD-RAM, a newly
10447 			 * supported device.
10448 			 */
10449 #if defined(__i386) || defined(__amd64)
10450 			if (!ISREMOVABLE(un) ||
10451 			    un->un_f_dvdram_writable_device == TRUE) {
10452 #else
10453 			if (un->un_f_dvdram_writable_device == TRUE) {
10454 #endif
10455 				mutex_exit(SD_MUTEX(un));
10456 				if (sd_pm_entry(un) == DDI_SUCCESS) {
10457 					rval =
10458 					    sd_send_scsi_SYNCHRONIZE_CACHE(un,
10459 					    NULL);
10460 					/* ignore error if not supported */
10461 					if (rval == ENOTSUP) {
10462 						rval = 0;
10463 					} else if (rval != 0) {
10464 						rval = EIO;
10465 					}
10466 					sd_pm_exit(un);
10467 				} else {
10468 					rval = EIO;
10469 				}
10470 				mutex_enter(SD_MUTEX(un));
10471 			}
10472 
10473 			/*
10474 			 * For removable media devices, send an ALLOW MEDIA
10475 			 * REMOVAL command, but don't get upset if it fails.
10476 			 * Also invalidate the geometry. We need to raise
10477 			 * the power of the drive before we can call
10478 			 * sd_send_scsi_DOORLOCK()
10479 			 */
10480 			if (ISREMOVABLE(un)) {
10481 				mutex_exit(SD_MUTEX(un));
10482 				if (sd_pm_entry(un) == DDI_SUCCESS) {
10483 					rval = sd_send_scsi_DOORLOCK(un,
10484 					    SD_REMOVAL_ALLOW, SD_PATH_DIRECT);
10485 
10486 					sd_pm_exit(un);
10487 					if (ISCD(un) && (rval != 0) &&
10488 					    (nodelay != 0)) {
10489 						rval = ENXIO;
10490 					}
10491 				} else {
10492 					rval = EIO;
10493 				}
10494 				mutex_enter(SD_MUTEX(un));
10495 
10496 				sr_ejected(un);
10497 				/*
10498 				 * Destroy the cache (if it exists) which was
10499 				 * allocated for the write maps since this is
10500 				 * the last close for this media.
10501 				 */
10502 				if (un->un_wm_cache) {
10503 					/*
10504 					 * Check if there are pending commands.
10505 					 * and if there are give a warning and
10506 					 * do not destroy the cache.
10507 					 */
10508 					if (un->un_ncmds_in_driver > 0) {
10509 						scsi_log(SD_DEVINFO(un),
10510 						    sd_label, CE_WARN,
10511 						    "Unable to clean up memory "
10512 						    "because of pending I/O\n");
10513 					} else {
10514 						kmem_cache_destroy(
10515 						    un->un_wm_cache);
10516 						un->un_wm_cache = NULL;
10517 					}
10518 				}
10519 			}
10520 		}
10521 	}
10522 
10523 	mutex_exit(SD_MUTEX(un));
10524 	sema_v(&un->un_semoclose);
10525 
10526 	if (otyp == OTYP_LYR) {
10527 		mutex_enter(&sd_detach_mutex);
10528 		/*
10529 		 * The detach routine may run when the layer count
10530 		 * drops to zero.
10531 		 */
10532 		un->un_layer_count--;
10533 		mutex_exit(&sd_detach_mutex);
10534 	}
10535 
10536 	return (rval);
10537 }
10538 
10539 
10540 /*
10541  *    Function: sd_ready_and_valid
10542  *
10543  * Description: Test if device is ready and has a valid geometry.
10544  *
10545  *   Arguments: dev - device number
10546  *		un  - driver soft state (unit) structure
10547  *
10548  * Return Code: SD_READY_VALID		ready and valid label
10549  *		SD_READY_NOT_VALID	ready, geom ops never applicable
10550  *		SD_NOT_READY_VALID	not ready, no label
10551  *
10552  *     Context: Never called at interrupt context.
10553  */
10554 
10555 static int
10556 sd_ready_and_valid(struct sd_lun *un)
10557 {
10558 	struct sd_errstats	*stp;
10559 	uint64_t		capacity;
10560 	uint_t			lbasize;
10561 	int			rval = SD_READY_VALID;
10562 	char			name_str[48];
10563 
10564 	ASSERT(un != NULL);
10565 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10566 
10567 	mutex_enter(SD_MUTEX(un));
10568 	if (ISREMOVABLE(un)) {
10569 		mutex_exit(SD_MUTEX(un));
10570 		if (sd_send_scsi_TEST_UNIT_READY(un, 0) != 0) {
10571 			rval = SD_NOT_READY_VALID;
10572 			mutex_enter(SD_MUTEX(un));
10573 			goto done;
10574 		}
10575 
10576 		mutex_enter(SD_MUTEX(un));
10577 		if ((un->un_f_geometry_is_valid == FALSE) ||
10578 		    (un->un_f_blockcount_is_valid == FALSE) ||
10579 		    (un->un_f_tgt_blocksize_is_valid == FALSE)) {
10580 
10581 			/* capacity has to be read every open. */
10582 			mutex_exit(SD_MUTEX(un));
10583 			if (sd_send_scsi_READ_CAPACITY(un, &capacity,
10584 			    &lbasize, SD_PATH_DIRECT) != 0) {
10585 				mutex_enter(SD_MUTEX(un));
10586 				un->un_f_geometry_is_valid = FALSE;
10587 				rval = SD_NOT_READY_VALID;
10588 				goto done;
10589 			} else {
10590 				mutex_enter(SD_MUTEX(un));
10591 				sd_update_block_info(un, lbasize, capacity);
10592 			}
10593 		}
10594 
10595 		/*
10596 		 * If this is a non 512 block device, allocate space for
10597 		 * the wmap cache. This is being done here since every time
10598 		 * a media is changed this routine will be called and the
10599 		 * block size is a function of media rather than device.
10600 		 */
10601 		if (NOT_DEVBSIZE(un)) {
10602 			if (!(un->un_wm_cache)) {
10603 				(void) snprintf(name_str, sizeof (name_str),
10604 				    "%s%d_cache",
10605 				    ddi_driver_name(SD_DEVINFO(un)),
10606 				    ddi_get_instance(SD_DEVINFO(un)));
10607 				un->un_wm_cache = kmem_cache_create(
10608 				    name_str, sizeof (struct sd_w_map),
10609 				    8, sd_wm_cache_constructor,
10610 				    sd_wm_cache_destructor, NULL,
10611 				    (void *)un, NULL, 0);
10612 				if (!(un->un_wm_cache)) {
10613 					rval = ENOMEM;
10614 					goto done;
10615 				}
10616 			}
10617 		}
10618 
10619 		/*
10620 		 * Check if the media in the device is writable or not.
10621 		 */
10622 		if ((un->un_f_geometry_is_valid == FALSE) && ISCD(un)) {
10623 			sd_check_for_writable_cd(un);
10624 		}
10625 
10626 	} else {
10627 		/*
10628 		 * Do a test unit ready to clear any unit attention from non-cd
10629 		 * devices.
10630 		 */
10631 		mutex_exit(SD_MUTEX(un));
10632 		(void) sd_send_scsi_TEST_UNIT_READY(un, 0);
10633 		mutex_enter(SD_MUTEX(un));
10634 	}
10635 
10636 
10637 	if (un->un_state == SD_STATE_NORMAL) {
10638 		/*
10639 		 * If the target is not yet ready here (defined by a TUR
10640 		 * failure), invalidate the geometry and print an 'offline'
10641 		 * message. This is a legacy message, as the state of the
10642 		 * target is not actually changed to SD_STATE_OFFLINE.
10643 		 *
10644 		 * If the TUR fails for EACCES (Reservation Conflict), it
10645 		 * means there actually is nothing wrong with the target that
10646 		 * would require invalidating the geometry, so continue in
10647 		 * that case as if the TUR was successful.
10648 		 */
10649 		int err;
10650 
10651 		mutex_exit(SD_MUTEX(un));
10652 		err = sd_send_scsi_TEST_UNIT_READY(un, 0);
10653 		mutex_enter(SD_MUTEX(un));
10654 
10655 		if ((err != 0) && (err != EACCES)) {
10656 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
10657 			    "offline\n");
10658 			un->un_f_geometry_is_valid = FALSE;
10659 			rval = SD_NOT_READY_VALID;
10660 			goto done;
10661 		}
10662 	}
10663 
10664 	if (un->un_f_format_in_progress == FALSE) {
10665 		/*
10666 		 * Note: sd_validate_geometry may return TRUE, but that does
10667 		 * not necessarily mean un_f_geometry_is_valid == TRUE!
10668 		 */
10669 		rval = sd_validate_geometry(un, SD_PATH_DIRECT);
10670 		if (rval == ENOTSUP) {
10671 			if (un->un_f_geometry_is_valid == TRUE)
10672 				rval = 0;
10673 			else {
10674 				rval = SD_READY_NOT_VALID;
10675 				goto done;
10676 			}
10677 		}
10678 		if (rval != 0) {
10679 			/*
10680 			 * We don't check the validity of geometry for
10681 			 * CDROMs. Also we assume we have a good label
10682 			 * even if sd_validate_geometry returned ENOMEM.
10683 			 */
10684 			if (!ISCD(un) && rval != ENOMEM) {
10685 				rval = SD_NOT_READY_VALID;
10686 				goto done;
10687 			}
10688 		}
10689 	}
10690 
10691 #ifdef DOESNTWORK /* on eliteII, see 1118607 */
10692 	/*
10693 	 * check to see if this disk is write protected, if it is and we have
10694 	 * not set read-only, then fail
10695 	 */
10696 	if ((flag & FWRITE) && (sr_check_wp(dev))) {
10697 		New_state(un, SD_STATE_CLOSED);
10698 		goto done;
10699 	}
10700 #endif
10701 
10702 	/*
10703 	 * If this is a removable media device, try and send
10704 	 * a PREVENT MEDIA REMOVAL command, but don't get upset
10705 	 * if it fails. For a CD, however, it is an error
10706 	 */
10707 	if (ISREMOVABLE(un)) {
10708 		mutex_exit(SD_MUTEX(un));
10709 		if ((sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
10710 		    SD_PATH_DIRECT) != 0) && ISCD(un)) {
10711 			rval = SD_NOT_READY_VALID;
10712 			mutex_enter(SD_MUTEX(un));
10713 			goto done;
10714 		}
10715 		mutex_enter(SD_MUTEX(un));
10716 	}
10717 
10718 	/* The state has changed, inform the media watch routines */
10719 	un->un_mediastate = DKIO_INSERTED;
10720 	cv_broadcast(&un->un_state_cv);
10721 	rval = SD_READY_VALID;
10722 
10723 done:
10724 
10725 	/*
10726 	 * Initialize the capacity kstat value, if no media previously
10727 	 * (capacity kstat is 0) and a media has been inserted
10728 	 * (un_blockcount > 0).
10729 	 * This is a more generic way then checking for ISREMOVABLE.
10730 	 */
10731 	if (un->un_errstats != NULL) {
10732 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
10733 		if ((stp->sd_capacity.value.ui64 == 0) &&
10734 		    (un->un_f_blockcount_is_valid == TRUE)) {
10735 			stp->sd_capacity.value.ui64 =
10736 			    (uint64_t)((uint64_t)un->un_blockcount *
10737 			    un->un_sys_blocksize);
10738 		}
10739 	}
10740 
10741 	mutex_exit(SD_MUTEX(un));
10742 	return (rval);
10743 }
10744 
10745 
10746 /*
10747  *    Function: sdmin
10748  *
10749  * Description: Routine to limit the size of a data transfer. Used in
10750  *		conjunction with physio(9F).
10751  *
10752  *   Arguments: bp - pointer to the indicated buf(9S) struct.
10753  *
10754  *     Context: Kernel thread context.
10755  */
10756 
10757 static void
10758 sdmin(struct buf *bp)
10759 {
10760 	struct sd_lun	*un;
10761 	int		instance;
10762 
10763 	instance = SDUNIT(bp->b_edev);
10764 
10765 	un = ddi_get_soft_state(sd_state, instance);
10766 	ASSERT(un != NULL);
10767 
10768 	if (bp->b_bcount > un->un_max_xfer_size) {
10769 		bp->b_bcount = un->un_max_xfer_size;
10770 	}
10771 }
10772 
10773 
10774 /*
10775  *    Function: sdread
10776  *
10777  * Description: Driver's read(9e) entry point function.
10778  *
10779  *   Arguments: dev   - device number
10780  *		uio   - structure pointer describing where data is to be stored
10781  *			in user's space
10782  *		cred_p  - user credential pointer
10783  *
10784  * Return Code: ENXIO
10785  *		EIO
10786  *		EINVAL
10787  *		value returned by physio
10788  *
10789  *     Context: Kernel thread context.
10790  */
10791 /* ARGSUSED */
10792 static int
10793 sdread(dev_t dev, struct uio *uio, cred_t *cred_p)
10794 {
10795 	struct sd_lun	*un = NULL;
10796 	int		secmask;
10797 	int		err;
10798 
10799 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10800 		return (ENXIO);
10801 	}
10802 
10803 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10804 
10805 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
10806 		mutex_enter(SD_MUTEX(un));
10807 		/*
10808 		 * Because the call to sd_ready_and_valid will issue I/O we
10809 		 * must wait here if either the device is suspended or
10810 		 * if it's power level is changing.
10811 		 */
10812 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10813 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10814 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10815 		}
10816 		un->un_ncmds_in_driver++;
10817 		mutex_exit(SD_MUTEX(un));
10818 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
10819 			mutex_enter(SD_MUTEX(un));
10820 			un->un_ncmds_in_driver--;
10821 			ASSERT(un->un_ncmds_in_driver >= 0);
10822 			mutex_exit(SD_MUTEX(un));
10823 			return (EIO);
10824 		}
10825 		mutex_enter(SD_MUTEX(un));
10826 		un->un_ncmds_in_driver--;
10827 		ASSERT(un->un_ncmds_in_driver >= 0);
10828 		mutex_exit(SD_MUTEX(un));
10829 	}
10830 
10831 	/*
10832 	 * Read requests are restricted to multiples of the system block size.
10833 	 */
10834 	secmask = un->un_sys_blocksize - 1;
10835 
10836 	if (uio->uio_loffset & ((offset_t)(secmask))) {
10837 		SD_ERROR(SD_LOG_READ_WRITE, un,
10838 		    "sdread: file offset not modulo %d\n",
10839 		    un->un_sys_blocksize);
10840 		err = EINVAL;
10841 	} else if (uio->uio_iov->iov_len & (secmask)) {
10842 		SD_ERROR(SD_LOG_READ_WRITE, un,
10843 		    "sdread: transfer length not modulo %d\n",
10844 		    un->un_sys_blocksize);
10845 		err = EINVAL;
10846 	} else {
10847 		err = physio(sdstrategy, NULL, dev, B_READ, sdmin, uio);
10848 	}
10849 	return (err);
10850 }
10851 
10852 
10853 /*
10854  *    Function: sdwrite
10855  *
10856  * Description: Driver's write(9e) entry point function.
10857  *
10858  *   Arguments: dev   - device number
10859  *		uio   - structure pointer describing where data is stored in
10860  *			user's space
10861  *		cred_p  - user credential pointer
10862  *
10863  * Return Code: ENXIO
10864  *		EIO
10865  *		EINVAL
10866  *		value returned by physio
10867  *
10868  *     Context: Kernel thread context.
10869  */
10870 /* ARGSUSED */
10871 static int
10872 sdwrite(dev_t dev, struct uio *uio, cred_t *cred_p)
10873 {
10874 	struct sd_lun	*un = NULL;
10875 	int		secmask;
10876 	int		err;
10877 
10878 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10879 		return (ENXIO);
10880 	}
10881 
10882 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10883 
10884 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
10885 		mutex_enter(SD_MUTEX(un));
10886 		/*
10887 		 * Because the call to sd_ready_and_valid will issue I/O we
10888 		 * must wait here if either the device is suspended or
10889 		 * if it's power level is changing.
10890 		 */
10891 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10892 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10893 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10894 		}
10895 		un->un_ncmds_in_driver++;
10896 		mutex_exit(SD_MUTEX(un));
10897 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
10898 			mutex_enter(SD_MUTEX(un));
10899 			un->un_ncmds_in_driver--;
10900 			ASSERT(un->un_ncmds_in_driver >= 0);
10901 			mutex_exit(SD_MUTEX(un));
10902 			return (EIO);
10903 		}
10904 		mutex_enter(SD_MUTEX(un));
10905 		un->un_ncmds_in_driver--;
10906 		ASSERT(un->un_ncmds_in_driver >= 0);
10907 		mutex_exit(SD_MUTEX(un));
10908 	}
10909 
10910 	/*
10911 	 * Write requests are restricted to multiples of the system block size.
10912 	 */
10913 	secmask = un->un_sys_blocksize - 1;
10914 
10915 	if (uio->uio_loffset & ((offset_t)(secmask))) {
10916 		SD_ERROR(SD_LOG_READ_WRITE, un,
10917 		    "sdwrite: file offset not modulo %d\n",
10918 		    un->un_sys_blocksize);
10919 		err = EINVAL;
10920 	} else if (uio->uio_iov->iov_len & (secmask)) {
10921 		SD_ERROR(SD_LOG_READ_WRITE, un,
10922 		    "sdwrite: transfer length not modulo %d\n",
10923 		    un->un_sys_blocksize);
10924 		err = EINVAL;
10925 	} else {
10926 		err = physio(sdstrategy, NULL, dev, B_WRITE, sdmin, uio);
10927 	}
10928 	return (err);
10929 }
10930 
10931 
10932 /*
10933  *    Function: sdaread
10934  *
10935  * Description: Driver's aread(9e) entry point function.
10936  *
10937  *   Arguments: dev   - device number
10938  *		aio   - structure pointer describing where data is to be stored
10939  *		cred_p  - user credential pointer
10940  *
10941  * Return Code: ENXIO
10942  *		EIO
10943  *		EINVAL
10944  *		value returned by aphysio
10945  *
10946  *     Context: Kernel thread context.
10947  */
10948 /* ARGSUSED */
10949 static int
10950 sdaread(dev_t dev, struct aio_req *aio, cred_t *cred_p)
10951 {
10952 	struct sd_lun	*un = NULL;
10953 	struct uio	*uio = aio->aio_uio;
10954 	int		secmask;
10955 	int		err;
10956 
10957 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
10958 		return (ENXIO);
10959 	}
10960 
10961 	ASSERT(!mutex_owned(SD_MUTEX(un)));
10962 
10963 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
10964 		mutex_enter(SD_MUTEX(un));
10965 		/*
10966 		 * Because the call to sd_ready_and_valid will issue I/O we
10967 		 * must wait here if either the device is suspended or
10968 		 * if it's power level is changing.
10969 		 */
10970 		while ((un->un_state == SD_STATE_SUSPENDED) ||
10971 		    (un->un_state == SD_STATE_PM_CHANGING)) {
10972 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
10973 		}
10974 		un->un_ncmds_in_driver++;
10975 		mutex_exit(SD_MUTEX(un));
10976 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
10977 			mutex_enter(SD_MUTEX(un));
10978 			un->un_ncmds_in_driver--;
10979 			ASSERT(un->un_ncmds_in_driver >= 0);
10980 			mutex_exit(SD_MUTEX(un));
10981 			return (EIO);
10982 		}
10983 		mutex_enter(SD_MUTEX(un));
10984 		un->un_ncmds_in_driver--;
10985 		ASSERT(un->un_ncmds_in_driver >= 0);
10986 		mutex_exit(SD_MUTEX(un));
10987 	}
10988 
10989 	/*
10990 	 * Read requests are restricted to multiples of the system block size.
10991 	 */
10992 	secmask = un->un_sys_blocksize - 1;
10993 
10994 	if (uio->uio_loffset & ((offset_t)(secmask))) {
10995 		SD_ERROR(SD_LOG_READ_WRITE, un,
10996 		    "sdaread: file offset not modulo %d\n",
10997 		    un->un_sys_blocksize);
10998 		err = EINVAL;
10999 	} else if (uio->uio_iov->iov_len & (secmask)) {
11000 		SD_ERROR(SD_LOG_READ_WRITE, un,
11001 		    "sdaread: transfer length not modulo %d\n",
11002 		    un->un_sys_blocksize);
11003 		err = EINVAL;
11004 	} else {
11005 		err = aphysio(sdstrategy, anocancel, dev, B_READ, sdmin, aio);
11006 	}
11007 	return (err);
11008 }
11009 
11010 
11011 /*
11012  *    Function: sdawrite
11013  *
11014  * Description: Driver's awrite(9e) entry point function.
11015  *
11016  *   Arguments: dev   - device number
11017  *		aio   - structure pointer describing where data is stored
11018  *		cred_p  - user credential pointer
11019  *
11020  * Return Code: ENXIO
11021  *		EIO
11022  *		EINVAL
11023  *		value returned by aphysio
11024  *
11025  *     Context: Kernel thread context.
11026  */
11027 /* ARGSUSED */
11028 static int
11029 sdawrite(dev_t dev, struct aio_req *aio, cred_t *cred_p)
11030 {
11031 	struct sd_lun	*un = NULL;
11032 	struct uio	*uio = aio->aio_uio;
11033 	int		secmask;
11034 	int		err;
11035 
11036 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
11037 		return (ENXIO);
11038 	}
11039 
11040 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11041 
11042 	if ((un->un_f_geometry_is_valid == FALSE) && !ISCD(un)) {
11043 		mutex_enter(SD_MUTEX(un));
11044 		/*
11045 		 * Because the call to sd_ready_and_valid will issue I/O we
11046 		 * must wait here if either the device is suspended or
11047 		 * if it's power level is changing.
11048 		 */
11049 		while ((un->un_state == SD_STATE_SUSPENDED) ||
11050 		    (un->un_state == SD_STATE_PM_CHANGING)) {
11051 			cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
11052 		}
11053 		un->un_ncmds_in_driver++;
11054 		mutex_exit(SD_MUTEX(un));
11055 		if ((sd_ready_and_valid(un)) != SD_READY_VALID) {
11056 			mutex_enter(SD_MUTEX(un));
11057 			un->un_ncmds_in_driver--;
11058 			ASSERT(un->un_ncmds_in_driver >= 0);
11059 			mutex_exit(SD_MUTEX(un));
11060 			return (EIO);
11061 		}
11062 		mutex_enter(SD_MUTEX(un));
11063 		un->un_ncmds_in_driver--;
11064 		ASSERT(un->un_ncmds_in_driver >= 0);
11065 		mutex_exit(SD_MUTEX(un));
11066 	}
11067 
11068 	/*
11069 	 * Write requests are restricted to multiples of the system block size.
11070 	 */
11071 	secmask = un->un_sys_blocksize - 1;
11072 
11073 	if (uio->uio_loffset & ((offset_t)(secmask))) {
11074 		SD_ERROR(SD_LOG_READ_WRITE, un,
11075 		    "sdawrite: file offset not modulo %d\n",
11076 		    un->un_sys_blocksize);
11077 		err = EINVAL;
11078 	} else if (uio->uio_iov->iov_len & (secmask)) {
11079 		SD_ERROR(SD_LOG_READ_WRITE, un,
11080 		    "sdawrite: transfer length not modulo %d\n",
11081 		    un->un_sys_blocksize);
11082 		err = EINVAL;
11083 	} else {
11084 		err = aphysio(sdstrategy, anocancel, dev, B_WRITE, sdmin, aio);
11085 	}
11086 	return (err);
11087 }
11088 
11089 
11090 
11091 
11092 
11093 /*
11094  * Driver IO processing follows the following sequence:
11095  *
11096  *     sdioctl(9E)     sdstrategy(9E)         biodone(9F)
11097  *         |                |                     ^
11098  *         v                v                     |
11099  * sd_send_scsi_cmd()  ddi_xbuf_qstrategy()       +-------------------+
11100  *         |                |                     |                   |
11101  *         v                |                     |                   |
11102  * sd_uscsi_strategy() sd_xbuf_strategy()   sd_buf_iodone()   sd_uscsi_iodone()
11103  *         |                |                     ^                   ^
11104  *         v                v                     |                   |
11105  * SD_BEGIN_IOSTART()  SD_BEGIN_IOSTART()         |                   |
11106  *         |                |                     |                   |
11107  *     +---+                |                     +------------+      +-------+
11108  *     |                    |                                  |              |
11109  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11110  *     |                    v                                  |              |
11111  *     |         sd_mapblockaddr_iostart()           sd_mapblockaddr_iodone() |
11112  *     |                    |                                  ^              |
11113  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11114  *     |                    v                                  |              |
11115  *     |         sd_mapblocksize_iostart()           sd_mapblocksize_iodone() |
11116  *     |                    |                                  ^              |
11117  *     |   SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()|              |
11118  *     |                    v                                  |              |
11119  *     |           sd_checksum_iostart()               sd_checksum_iodone()   |
11120  *     |                    |                                  ^              |
11121  *     +-> SD_NEXT_IOSTART()|                  SD_NEXT_IODONE()+------------->+
11122  *     |                    v                                  |              |
11123  *     |              sd_pm_iostart()                     sd_pm_iodone()      |
11124  *     |                    |                                  ^              |
11125  *     |                    |                                  |              |
11126  *     +-> SD_NEXT_IOSTART()|               SD_BEGIN_IODONE()--+--------------+
11127  *                          |                           ^
11128  *                          v                           |
11129  *                   sd_core_iostart()                  |
11130  *                          |                           |
11131  *                          |                           +------>(*destroypkt)()
11132  *                          +-> sd_start_cmds() <-+     |           |
11133  *                          |                     |     |           v
11134  *                          |                     |     |  scsi_destroy_pkt(9F)
11135  *                          |                     |     |
11136  *                          +->(*initpkt)()       +- sdintr()
11137  *                          |  |                        |  |
11138  *                          |  +-> scsi_init_pkt(9F)    |  +-> sd_handle_xxx()
11139  *                          |  +-> scsi_setup_cdb(9F)   |
11140  *                          |                           |
11141  *                          +--> scsi_transport(9F)     |
11142  *                                     |                |
11143  *                                     +----> SCSA ---->+
11144  *
11145  *
11146  * This code is based upon the following presumtions:
11147  *
11148  *   - iostart and iodone functions operate on buf(9S) structures. These
11149  *     functions perform the necessary operations on the buf(9S) and pass
11150  *     them along to the next function in the chain by using the macros
11151  *     SD_NEXT_IOSTART() (for iostart side functions) and SD_NEXT_IODONE()
11152  *     (for iodone side functions).
11153  *
11154  *   - The iostart side functions may sleep. The iodone side functions
11155  *     are called under interrupt context and may NOT sleep. Therefore
11156  *     iodone side functions also may not call iostart side functions.
11157  *     (NOTE: iostart side functions should NOT sleep for memory, as
11158  *     this could result in deadlock.)
11159  *
11160  *   - An iostart side function may call its corresponding iodone side
11161  *     function directly (if necessary).
11162  *
11163  *   - In the event of an error, an iostart side function can return a buf(9S)
11164  *     to its caller by calling SD_BEGIN_IODONE() (after setting B_ERROR and
11165  *     b_error in the usual way of course).
11166  *
11167  *   - The taskq mechanism may be used by the iodone side functions to dispatch
11168  *     requests to the iostart side functions.  The iostart side functions in
11169  *     this case would be called under the context of a taskq thread, so it's
11170  *     OK for them to block/sleep/spin in this case.
11171  *
11172  *   - iostart side functions may allocate "shadow" buf(9S) structs and
11173  *     pass them along to the next function in the chain.  The corresponding
11174  *     iodone side functions must coalesce the "shadow" bufs and return
11175  *     the "original" buf to the next higher layer.
11176  *
11177  *   - The b_private field of the buf(9S) struct holds a pointer to
11178  *     an sd_xbuf struct, which contains information needed to
11179  *     construct the scsi_pkt for the command.
11180  *
11181  *   - The SD_MUTEX(un) is NOT held across calls to the next layer. Each
11182  *     layer must acquire & release the SD_MUTEX(un) as needed.
11183  */
11184 
11185 
11186 /*
11187  * Create taskq for all targets in the system. This is created at
11188  * _init(9E) and destroyed at _fini(9E).
11189  *
11190  * Note: here we set the minalloc to a reasonably high number to ensure that
11191  * we will have an adequate supply of task entries available at interrupt time.
11192  * This is used in conjunction with the TASKQ_PREPOPULATE flag in
11193  * sd_create_taskq().  Since we do not want to sleep for allocations at
11194  * interrupt time, set maxalloc equal to minalloc. That way we will just fail
11195  * the command if we ever try to dispatch more than SD_TASKQ_MAXALLOC taskq
11196  * requests any one instant in time.
11197  */
11198 #define	SD_TASKQ_NUMTHREADS	8
11199 #define	SD_TASKQ_MINALLOC	256
11200 #define	SD_TASKQ_MAXALLOC	256
11201 
11202 static taskq_t	*sd_tq = NULL;
11203 _NOTE(SCHEME_PROTECTS_DATA("stable data", sd_tq))
11204 
11205 static int	sd_taskq_minalloc = SD_TASKQ_MINALLOC;
11206 static int	sd_taskq_maxalloc = SD_TASKQ_MAXALLOC;
11207 
11208 /*
11209  * The following task queue is being created for the write part of
11210  * read-modify-write of non-512 block size devices.
11211  * Limit the number of threads to 1 for now. This number has been choosen
11212  * considering the fact that it applies only to dvd ram drives/MO drives
11213  * currently. Performance for which is not main criteria at this stage.
11214  * Note: It needs to be explored if we can use a single taskq in future
11215  */
11216 #define	SD_WMR_TASKQ_NUMTHREADS	1
11217 static taskq_t	*sd_wmr_tq = NULL;
11218 _NOTE(SCHEME_PROTECTS_DATA("stable data", sd_wmr_tq))
11219 
11220 /*
11221  *    Function: sd_taskq_create
11222  *
11223  * Description: Create taskq thread(s) and preallocate task entries
11224  *
11225  * Return Code: Returns a pointer to the allocated taskq_t.
11226  *
11227  *     Context: Can sleep. Requires blockable context.
11228  *
11229  *       Notes: - The taskq() facility currently is NOT part of the DDI.
11230  *		  (definitely NOT recommeded for 3rd-party drivers!) :-)
11231  *		- taskq_create() will block for memory, also it will panic
11232  *		  if it cannot create the requested number of threads.
11233  *		- Currently taskq_create() creates threads that cannot be
11234  *		  swapped.
11235  *		- We use TASKQ_PREPOPULATE to ensure we have an adequate
11236  *		  supply of taskq entries at interrupt time (ie, so that we
11237  *		  do not have to sleep for memory)
11238  */
11239 
11240 static void
11241 sd_taskq_create(void)
11242 {
11243 	char	taskq_name[TASKQ_NAMELEN];
11244 
11245 	ASSERT(sd_tq == NULL);
11246 	ASSERT(sd_wmr_tq == NULL);
11247 
11248 	(void) snprintf(taskq_name, sizeof (taskq_name),
11249 	    "%s_drv_taskq", sd_label);
11250 	sd_tq = (taskq_create(taskq_name, SD_TASKQ_NUMTHREADS,
11251 	    (v.v_maxsyspri - 2), sd_taskq_minalloc, sd_taskq_maxalloc,
11252 	    TASKQ_PREPOPULATE));
11253 
11254 	(void) snprintf(taskq_name, sizeof (taskq_name),
11255 	    "%s_rmw_taskq", sd_label);
11256 	sd_wmr_tq = (taskq_create(taskq_name, SD_WMR_TASKQ_NUMTHREADS,
11257 	    (v.v_maxsyspri - 2), sd_taskq_minalloc, sd_taskq_maxalloc,
11258 	    TASKQ_PREPOPULATE));
11259 }
11260 
11261 
11262 /*
11263  *    Function: sd_taskq_delete
11264  *
11265  * Description: Complementary cleanup routine for sd_taskq_create().
11266  *
11267  *     Context: Kernel thread context.
11268  */
11269 
11270 static void
11271 sd_taskq_delete(void)
11272 {
11273 	ASSERT(sd_tq != NULL);
11274 	ASSERT(sd_wmr_tq != NULL);
11275 	taskq_destroy(sd_tq);
11276 	taskq_destroy(sd_wmr_tq);
11277 	sd_tq = NULL;
11278 	sd_wmr_tq = NULL;
11279 }
11280 
11281 
11282 /*
11283  *    Function: sdstrategy
11284  *
11285  * Description: Driver's strategy (9E) entry point function.
11286  *
11287  *   Arguments: bp - pointer to buf(9S)
11288  *
11289  * Return Code: Always returns zero
11290  *
11291  *     Context: Kernel thread context.
11292  */
11293 
11294 static int
11295 sdstrategy(struct buf *bp)
11296 {
11297 	struct sd_lun *un;
11298 
11299 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
11300 	if (un == NULL) {
11301 		bioerror(bp, EIO);
11302 		bp->b_resid = bp->b_bcount;
11303 		biodone(bp);
11304 		return (0);
11305 	}
11306 	/* As was done in the past, fail new cmds. if state is dumping. */
11307 	if (un->un_state == SD_STATE_DUMPING) {
11308 		bioerror(bp, ENXIO);
11309 		bp->b_resid = bp->b_bcount;
11310 		biodone(bp);
11311 		return (0);
11312 	}
11313 
11314 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11315 
11316 	/*
11317 	 * Commands may sneak in while we released the mutex in
11318 	 * DDI_SUSPEND, we should block new commands. However, old
11319 	 * commands that are still in the driver at this point should
11320 	 * still be allowed to drain.
11321 	 */
11322 	mutex_enter(SD_MUTEX(un));
11323 	/*
11324 	 * Must wait here if either the device is suspended or
11325 	 * if it's power level is changing.
11326 	 */
11327 	while ((un->un_state == SD_STATE_SUSPENDED) ||
11328 	    (un->un_state == SD_STATE_PM_CHANGING)) {
11329 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
11330 	}
11331 
11332 	un->un_ncmds_in_driver++;
11333 
11334 	/*
11335 	 * atapi: Since we are running the CD for now in PIO mode we need to
11336 	 * call bp_mapin here to avoid bp_mapin called interrupt context under
11337 	 * the HBA's init_pkt routine.
11338 	 */
11339 	if (un->un_f_cfg_is_atapi == TRUE) {
11340 		mutex_exit(SD_MUTEX(un));
11341 		bp_mapin(bp);
11342 		mutex_enter(SD_MUTEX(un));
11343 	}
11344 	SD_INFO(SD_LOG_IO, un, "sdstrategy: un_ncmds_in_driver = %ld\n",
11345 	    un->un_ncmds_in_driver);
11346 
11347 	mutex_exit(SD_MUTEX(un));
11348 
11349 	/*
11350 	 * This will (eventually) allocate the sd_xbuf area and
11351 	 * call sd_xbuf_strategy().  We just want to return the
11352 	 * result of ddi_xbuf_qstrategy so that we have an opt-
11353 	 * imized tail call which saves us a stack frame.
11354 	 */
11355 	return (ddi_xbuf_qstrategy(bp, un->un_xbuf_attr));
11356 }
11357 
11358 
11359 /*
11360  *    Function: sd_xbuf_strategy
11361  *
11362  * Description: Function for initiating IO operations via the
11363  *		ddi_xbuf_qstrategy() mechanism.
11364  *
11365  *     Context: Kernel thread context.
11366  */
11367 
11368 static void
11369 sd_xbuf_strategy(struct buf *bp, ddi_xbuf_t xp, void *arg)
11370 {
11371 	struct sd_lun *un = arg;
11372 
11373 	ASSERT(bp != NULL);
11374 	ASSERT(xp != NULL);
11375 	ASSERT(un != NULL);
11376 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11377 
11378 	/*
11379 	 * Initialize the fields in the xbuf and save a pointer to the
11380 	 * xbuf in bp->b_private.
11381 	 */
11382 	sd_xbuf_init(un, bp, xp, SD_CHAIN_BUFIO, NULL);
11383 
11384 	/* Send the buf down the iostart chain */
11385 	SD_BEGIN_IOSTART(((struct sd_xbuf *)xp)->xb_chain_iostart, un, bp);
11386 }
11387 
11388 
11389 /*
11390  *    Function: sd_xbuf_init
11391  *
11392  * Description: Prepare the given sd_xbuf struct for use.
11393  *
11394  *   Arguments: un - ptr to softstate
11395  *		bp - ptr to associated buf(9S)
11396  *		xp - ptr to associated sd_xbuf
11397  *		chain_type - IO chain type to use:
11398  *			SD_CHAIN_NULL
11399  *			SD_CHAIN_BUFIO
11400  *			SD_CHAIN_USCSI
11401  *			SD_CHAIN_DIRECT
11402  *			SD_CHAIN_DIRECT_PRIORITY
11403  *		pktinfop - ptr to private data struct for scsi_pkt(9S)
11404  *			initialization; may be NULL if none.
11405  *
11406  *     Context: Kernel thread context
11407  */
11408 
11409 static void
11410 sd_xbuf_init(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
11411 	uchar_t chain_type, void *pktinfop)
11412 {
11413 	int index;
11414 
11415 	ASSERT(un != NULL);
11416 	ASSERT(bp != NULL);
11417 	ASSERT(xp != NULL);
11418 
11419 	SD_INFO(SD_LOG_IO, un, "sd_xbuf_init: buf:0x%p chain type:0x%x\n",
11420 	    bp, chain_type);
11421 
11422 	xp->xb_un	= un;
11423 	xp->xb_pktp	= NULL;
11424 	xp->xb_pktinfo	= pktinfop;
11425 	xp->xb_private	= bp->b_private;
11426 	xp->xb_blkno	= (daddr_t)bp->b_blkno;
11427 
11428 	/*
11429 	 * Set up the iostart and iodone chain indexes in the xbuf, based
11430 	 * upon the specified chain type to use.
11431 	 */
11432 	switch (chain_type) {
11433 	case SD_CHAIN_NULL:
11434 		/*
11435 		 * Fall thru to just use the values for the buf type, even
11436 		 * tho for the NULL chain these values will never be used.
11437 		 */
11438 		/* FALLTHRU */
11439 	case SD_CHAIN_BUFIO:
11440 		index = un->un_buf_chain_type;
11441 		break;
11442 	case SD_CHAIN_USCSI:
11443 		index = un->un_uscsi_chain_type;
11444 		break;
11445 	case SD_CHAIN_DIRECT:
11446 		index = un->un_direct_chain_type;
11447 		break;
11448 	case SD_CHAIN_DIRECT_PRIORITY:
11449 		index = un->un_priority_chain_type;
11450 		break;
11451 	default:
11452 		/* We're really broken if we ever get here... */
11453 		panic("sd_xbuf_init: illegal chain type!");
11454 		/*NOTREACHED*/
11455 	}
11456 
11457 	xp->xb_chain_iostart = sd_chain_index_map[index].sci_iostart_index;
11458 	xp->xb_chain_iodone = sd_chain_index_map[index].sci_iodone_index;
11459 
11460 	/*
11461 	 * It might be a bit easier to simply bzero the entire xbuf above,
11462 	 * but it turns out that since we init a fair number of members anyway,
11463 	 * we save a fair number cycles by doing explicit assignment of zero.
11464 	 */
11465 	xp->xb_pkt_flags	= 0;
11466 	xp->xb_dma_resid	= 0;
11467 	xp->xb_retry_count	= 0;
11468 	xp->xb_victim_retry_count = 0;
11469 	xp->xb_ua_retry_count	= 0;
11470 	xp->xb_sense_bp		= NULL;
11471 	xp->xb_sense_status	= 0;
11472 	xp->xb_sense_state	= 0;
11473 	xp->xb_sense_resid	= 0;
11474 
11475 	bp->b_private	= xp;
11476 	bp->b_flags	&= ~(B_DONE | B_ERROR);
11477 	bp->b_resid	= 0;
11478 	bp->av_forw	= NULL;
11479 	bp->av_back	= NULL;
11480 	bioerror(bp, 0);
11481 
11482 	SD_INFO(SD_LOG_IO, un, "sd_xbuf_init: done.\n");
11483 }
11484 
11485 
11486 /*
11487  *    Function: sd_uscsi_strategy
11488  *
11489  * Description: Wrapper for calling into the USCSI chain via physio(9F)
11490  *
11491  *   Arguments: bp - buf struct ptr
11492  *
11493  * Return Code: Always returns 0
11494  *
11495  *     Context: Kernel thread context
11496  */
11497 
11498 static int
11499 sd_uscsi_strategy(struct buf *bp)
11500 {
11501 	struct sd_lun		*un;
11502 	struct sd_uscsi_info	*uip;
11503 	struct sd_xbuf		*xp;
11504 	uchar_t			chain_type;
11505 
11506 	ASSERT(bp != NULL);
11507 
11508 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
11509 	if (un == NULL) {
11510 		bioerror(bp, EIO);
11511 		bp->b_resid = bp->b_bcount;
11512 		biodone(bp);
11513 		return (0);
11514 	}
11515 
11516 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11517 
11518 	SD_TRACE(SD_LOG_IO, un, "sd_uscsi_strategy: entry: buf:0x%p\n", bp);
11519 
11520 	mutex_enter(SD_MUTEX(un));
11521 	/*
11522 	 * atapi: Since we are running the CD for now in PIO mode we need to
11523 	 * call bp_mapin here to avoid bp_mapin called interrupt context under
11524 	 * the HBA's init_pkt routine.
11525 	 */
11526 	if (un->un_f_cfg_is_atapi == TRUE) {
11527 		mutex_exit(SD_MUTEX(un));
11528 		bp_mapin(bp);
11529 		mutex_enter(SD_MUTEX(un));
11530 	}
11531 	un->un_ncmds_in_driver++;
11532 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_strategy: un_ncmds_in_driver = %ld\n",
11533 	    un->un_ncmds_in_driver);
11534 	mutex_exit(SD_MUTEX(un));
11535 
11536 	/*
11537 	 * A pointer to a struct sd_uscsi_info is expected in bp->b_private
11538 	 */
11539 	ASSERT(bp->b_private != NULL);
11540 	uip = (struct sd_uscsi_info *)bp->b_private;
11541 
11542 	switch (uip->ui_flags) {
11543 	case SD_PATH_DIRECT:
11544 		chain_type = SD_CHAIN_DIRECT;
11545 		break;
11546 	case SD_PATH_DIRECT_PRIORITY:
11547 		chain_type = SD_CHAIN_DIRECT_PRIORITY;
11548 		break;
11549 	default:
11550 		chain_type = SD_CHAIN_USCSI;
11551 		break;
11552 	}
11553 
11554 	xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
11555 	sd_xbuf_init(un, bp, xp, chain_type, uip->ui_cmdp);
11556 
11557 	/* Use the index obtained within xbuf_init */
11558 	SD_BEGIN_IOSTART(xp->xb_chain_iostart, un, bp);
11559 
11560 	SD_TRACE(SD_LOG_IO, un, "sd_uscsi_strategy: exit: buf:0x%p\n", bp);
11561 
11562 	return (0);
11563 }
11564 
11565 
11566 /*
11567  * These routines perform raw i/o operations.
11568  */
11569 /*ARGSUSED*/
11570 static void
11571 sduscsimin(struct buf *bp)
11572 {
11573 	/*
11574 	 * do not break up because the CDB count would then
11575 	 * be incorrect and data underruns would result (incomplete
11576 	 * read/writes which would be retried and then failed, see
11577 	 * sdintr().
11578 	 */
11579 }
11580 
11581 
11582 
11583 /*
11584  *    Function: sd_send_scsi_cmd
11585  *
11586  * Description: Runs a USCSI command for user (when called thru sdioctl),
11587  *		or for the driver
11588  *
11589  *   Arguments: dev - the dev_t for the device
11590  *		incmd - ptr to a valid uscsi_cmd struct
11591  *		cdbspace - UIO_USERSPACE or UIO_SYSSPACE
11592  *		dataspace - UIO_USERSPACE or UIO_SYSSPACE
11593  *		rqbufspace - UIO_USERSPACE or UIO_SYSSPACE
11594  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
11595  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
11596  *			to use the USCSI "direct" chain and bypass the normal
11597  *			command waitq.
11598  *
11599  * Return Code: 0 -  successful completion of the given command
11600  *		EIO - scsi_reset() failed, or see biowait()/physio() codes.
11601  *		ENXIO  - soft state not found for specified dev
11602  *		EINVAL
11603  *		EFAULT - copyin/copyout error
11604  *		return code of biowait(9F) or physio(9F):
11605  *			EIO - IO error, caller may check incmd->uscsi_status
11606  *			ENXIO
11607  *			EACCES - reservation conflict
11608  *
11609  *     Context: Waits for command to complete. Can sleep.
11610  */
11611 
11612 static int
11613 sd_send_scsi_cmd(dev_t dev, struct uscsi_cmd *incmd,
11614 	enum uio_seg cdbspace, enum uio_seg dataspace, enum uio_seg rqbufspace,
11615 	int path_flag)
11616 {
11617 	struct sd_uscsi_info	*uip;
11618 	struct uscsi_cmd	*uscmd;
11619 	struct sd_lun	*un;
11620 	struct buf	*bp;
11621 	int	rval;
11622 	int	flags;
11623 
11624 	un = ddi_get_soft_state(sd_state, SDUNIT(dev));
11625 	if (un == NULL) {
11626 		return (ENXIO);
11627 	}
11628 
11629 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11630 
11631 #ifdef SDDEBUG
11632 	switch (dataspace) {
11633 	case UIO_USERSPACE:
11634 		SD_TRACE(SD_LOG_IO, un,
11635 		    "sd_send_scsi_cmd: entry: un:0x%p UIO_USERSPACE\n", un);
11636 		break;
11637 	case UIO_SYSSPACE:
11638 		SD_TRACE(SD_LOG_IO, un,
11639 		    "sd_send_scsi_cmd: entry: un:0x%p UIO_SYSSPACE\n", un);
11640 		break;
11641 	default:
11642 		SD_TRACE(SD_LOG_IO, un,
11643 		    "sd_send_scsi_cmd: entry: un:0x%p UNEXPECTED SPACE\n", un);
11644 		break;
11645 	}
11646 #endif
11647 
11648 	/*
11649 	 * Perform resets directly; no need to generate a command to do it.
11650 	 */
11651 	if (incmd->uscsi_flags & (USCSI_RESET | USCSI_RESET_ALL)) {
11652 		flags = ((incmd->uscsi_flags & USCSI_RESET_ALL) != 0) ?
11653 		    RESET_ALL : RESET_TARGET;
11654 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: Issuing reset\n");
11655 		if (scsi_reset(SD_ADDRESS(un), flags) == 0) {
11656 			/* Reset attempt was unsuccessful */
11657 			SD_TRACE(SD_LOG_IO, un,
11658 			    "sd_send_scsi_cmd: reset: failure\n");
11659 			return (EIO);
11660 		}
11661 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: reset: success\n");
11662 		return (0);
11663 	}
11664 
11665 	/* Perfunctory sanity check... */
11666 	if (incmd->uscsi_cdblen <= 0) {
11667 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11668 		    "invalid uscsi_cdblen, returning EINVAL\n");
11669 		return (EINVAL);
11670 	}
11671 
11672 	/*
11673 	 * In order to not worry about where the uscsi structure came from
11674 	 * (or where the cdb it points to came from) we're going to make
11675 	 * kmem_alloc'd copies of them here. This will also allow reference
11676 	 * to the data they contain long after this process has gone to
11677 	 * sleep and its kernel stack has been unmapped, etc.
11678 	 *
11679 	 * First get some memory for the uscsi_cmd struct and copy the
11680 	 * contents of the given uscsi_cmd struct into it.
11681 	 */
11682 	uscmd = kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
11683 	bcopy(incmd, uscmd, sizeof (struct uscsi_cmd));
11684 
11685 	SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_cmd: uscsi_cmd",
11686 	    (uchar_t *)uscmd, sizeof (struct uscsi_cmd), SD_LOG_HEX);
11687 
11688 	/*
11689 	 * Now get some space for the CDB, and copy the given CDB into
11690 	 * it. Use ddi_copyin() in case the data is in user space.
11691 	 */
11692 	uscmd->uscsi_cdb = kmem_zalloc((size_t)incmd->uscsi_cdblen, KM_SLEEP);
11693 	flags = (cdbspace == UIO_SYSSPACE) ? FKIOCTL : 0;
11694 	if (ddi_copyin(incmd->uscsi_cdb, uscmd->uscsi_cdb,
11695 	    (uint_t)incmd->uscsi_cdblen, flags) != 0) {
11696 		kmem_free(uscmd->uscsi_cdb, (size_t)incmd->uscsi_cdblen);
11697 		kmem_free(uscmd, sizeof (struct uscsi_cmd));
11698 		return (EFAULT);
11699 	}
11700 
11701 	SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_cmd: CDB",
11702 	    (uchar_t *)uscmd->uscsi_cdb, incmd->uscsi_cdblen, SD_LOG_HEX);
11703 
11704 	bp = getrbuf(KM_SLEEP);
11705 
11706 	/*
11707 	 * Allocate an sd_uscsi_info struct and fill it with the info
11708 	 * needed by sd_initpkt_for_uscsi().  Then put the pointer into
11709 	 * b_private in the buf for sd_initpkt_for_uscsi().  Note that
11710 	 * since we allocate the buf here in this function, we do not
11711 	 * need to preserve the prior contents of b_private.
11712 	 * The sd_uscsi_info struct is also used by sd_uscsi_strategy()
11713 	 */
11714 	uip = kmem_zalloc(sizeof (struct sd_uscsi_info), KM_SLEEP);
11715 	uip->ui_flags = path_flag;
11716 	uip->ui_cmdp  = uscmd;
11717 	bp->b_private = uip;
11718 
11719 	/*
11720 	 * Initialize Request Sense buffering, if requested.
11721 	 */
11722 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
11723 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
11724 		/*
11725 		 * Here uscmd->uscsi_rqbuf currently points to the caller's
11726 		 * buffer, but we replace this with a kernel buffer that
11727 		 * we allocate to use with the sense data. The sense data
11728 		 * (if present) gets copied into this new buffer before the
11729 		 * command is completed.  Then we copy the sense data from
11730 		 * our allocated buf into the caller's buffer below. Note
11731 		 * that incmd->uscsi_rqbuf and incmd->uscsi_rqlen are used
11732 		 * below to perform the copy back to the caller's buf.
11733 		 */
11734 		uscmd->uscsi_rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
11735 		if (rqbufspace == UIO_USERSPACE) {
11736 			uscmd->uscsi_rqlen   = SENSE_LENGTH;
11737 			uscmd->uscsi_rqresid = SENSE_LENGTH;
11738 		} else {
11739 			uchar_t rlen = min(SENSE_LENGTH, uscmd->uscsi_rqlen);
11740 			uscmd->uscsi_rqlen   = rlen;
11741 			uscmd->uscsi_rqresid = rlen;
11742 		}
11743 	} else {
11744 		uscmd->uscsi_rqbuf = NULL;
11745 		uscmd->uscsi_rqlen   = 0;
11746 		uscmd->uscsi_rqresid = 0;
11747 	}
11748 
11749 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: rqbuf:0x%p  rqlen:%d\n",
11750 	    uscmd->uscsi_rqbuf, uscmd->uscsi_rqlen);
11751 
11752 	if (un->un_f_is_fibre == FALSE) {
11753 		/*
11754 		 * Force asynchronous mode, if necessary.  Doing this here
11755 		 * has the unfortunate effect of running other queued
11756 		 * commands async also, but since the main purpose of this
11757 		 * capability is downloading new drive firmware, we can
11758 		 * probably live with it.
11759 		 */
11760 		if ((uscmd->uscsi_flags & USCSI_ASYNC) != 0) {
11761 			if (scsi_ifgetcap(SD_ADDRESS(un), "synchronous", 1)
11762 				== 1) {
11763 				if (scsi_ifsetcap(SD_ADDRESS(un),
11764 					    "synchronous", 0, 1) == 1) {
11765 					SD_TRACE(SD_LOG_IO, un,
11766 					"sd_send_scsi_cmd: forced async ok\n");
11767 				} else {
11768 					SD_TRACE(SD_LOG_IO, un,
11769 					"sd_send_scsi_cmd:\
11770 					forced async failed\n");
11771 					rval = EINVAL;
11772 					goto done;
11773 				}
11774 			}
11775 		}
11776 
11777 		/*
11778 		 * Re-enable synchronous mode, if requested
11779 		 */
11780 		if (uscmd->uscsi_flags & USCSI_SYNC) {
11781 			if (scsi_ifgetcap(SD_ADDRESS(un), "synchronous", 1)
11782 				== 0) {
11783 				int i = scsi_ifsetcap(SD_ADDRESS(un),
11784 						"synchronous", 1, 1);
11785 				SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11786 					"re-enabled sync %s\n",
11787 					(i == 1) ? "ok" : "failed");
11788 			}
11789 		}
11790 	}
11791 
11792 	/*
11793 	 * Commands sent with priority are intended for error recovery
11794 	 * situations, and do not have retries performed.
11795 	 */
11796 	if (path_flag == SD_PATH_DIRECT_PRIORITY) {
11797 		uscmd->uscsi_flags |= USCSI_DIAGNOSE;
11798 	}
11799 
11800 	/*
11801 	 * If we're going to do actual I/O, let physio do all the right things
11802 	 */
11803 	if (uscmd->uscsi_buflen != 0) {
11804 		struct iovec	aiov;
11805 		struct uio	auio;
11806 		struct uio	*uio = &auio;
11807 
11808 		bzero(&auio, sizeof (struct uio));
11809 		bzero(&aiov, sizeof (struct iovec));
11810 		aiov.iov_base = uscmd->uscsi_bufaddr;
11811 		aiov.iov_len  = uscmd->uscsi_buflen;
11812 		uio->uio_iov  = &aiov;
11813 
11814 		uio->uio_iovcnt  = 1;
11815 		uio->uio_resid   = uscmd->uscsi_buflen;
11816 		uio->uio_segflg  = dataspace;
11817 
11818 		/*
11819 		 * physio() will block here until the command completes....
11820 		 */
11821 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: calling physio.\n");
11822 
11823 		rval = physio(sd_uscsi_strategy, bp, dev,
11824 		    ((uscmd->uscsi_flags & USCSI_READ) ? B_READ : B_WRITE),
11825 		    sduscsimin, uio);
11826 
11827 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11828 		    "returned from physio with 0x%x\n", rval);
11829 
11830 	} else {
11831 		/*
11832 		 * We have to mimic what physio would do here! Argh!
11833 		 */
11834 		bp->b_flags  = B_BUSY |
11835 		    ((uscmd->uscsi_flags & USCSI_READ) ? B_READ : B_WRITE);
11836 		bp->b_edev   = dev;
11837 		bp->b_dev    = cmpdev(dev);	/* maybe unnecessary? */
11838 		bp->b_bcount = 0;
11839 		bp->b_blkno  = 0;
11840 
11841 		SD_TRACE(SD_LOG_IO, un,
11842 		    "sd_send_scsi_cmd: calling sd_uscsi_strategy...\n");
11843 
11844 		(void) sd_uscsi_strategy(bp);
11845 
11846 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: calling biowait\n");
11847 
11848 		rval = biowait(bp);
11849 
11850 		SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11851 		    "returned from  biowait with 0x%x\n", rval);
11852 	}
11853 
11854 done:
11855 
11856 #ifdef SDDEBUG
11857 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11858 	    "uscsi_status: 0x%02x  uscsi_resid:0x%x\n",
11859 	    uscmd->uscsi_status, uscmd->uscsi_resid);
11860 	if (uscmd->uscsi_bufaddr != NULL) {
11861 		SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11862 		    "uscmd->uscsi_bufaddr: 0x%p  uscmd->uscsi_buflen:%d\n",
11863 		    uscmd->uscsi_bufaddr, uscmd->uscsi_buflen);
11864 		if (dataspace == UIO_SYSSPACE) {
11865 			SD_DUMP_MEMORY(un, SD_LOG_IO,
11866 			    "data", (uchar_t *)uscmd->uscsi_bufaddr,
11867 			    uscmd->uscsi_buflen, SD_LOG_HEX);
11868 		}
11869 	}
11870 #endif
11871 
11872 	/*
11873 	 * Get the status and residual to return to the caller.
11874 	 */
11875 	incmd->uscsi_status = uscmd->uscsi_status;
11876 	incmd->uscsi_resid  = uscmd->uscsi_resid;
11877 
11878 	/*
11879 	 * If the caller wants sense data, copy back whatever sense data
11880 	 * we may have gotten, and update the relevant rqsense info.
11881 	 */
11882 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
11883 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
11884 
11885 		int rqlen = uscmd->uscsi_rqlen - uscmd->uscsi_rqresid;
11886 		rqlen = min(((int)incmd->uscsi_rqlen), rqlen);
11887 
11888 		/* Update the Request Sense status and resid */
11889 		incmd->uscsi_rqresid  = incmd->uscsi_rqlen - rqlen;
11890 		incmd->uscsi_rqstatus = uscmd->uscsi_rqstatus;
11891 
11892 		SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11893 		    "uscsi_rqstatus: 0x%02x  uscsi_rqresid:0x%x\n",
11894 		    incmd->uscsi_rqstatus, incmd->uscsi_rqresid);
11895 
11896 		/* Copy out the sense data for user processes */
11897 		if ((incmd->uscsi_rqbuf != NULL) && (rqlen != 0)) {
11898 			int flags =
11899 			    (rqbufspace == UIO_USERSPACE) ? 0 : FKIOCTL;
11900 			if (ddi_copyout(uscmd->uscsi_rqbuf, incmd->uscsi_rqbuf,
11901 			    rqlen, flags) != 0) {
11902 				rval = EFAULT;
11903 			}
11904 			/*
11905 			 * Note: Can't touch incmd->uscsi_rqbuf so use
11906 			 * uscmd->uscsi_rqbuf instead. They're the same.
11907 			 */
11908 			SD_INFO(SD_LOG_IO, un, "sd_send_scsi_cmd: "
11909 			    "incmd->uscsi_rqbuf: 0x%p  rqlen:%d\n",
11910 			    incmd->uscsi_rqbuf, rqlen);
11911 			SD_DUMP_MEMORY(un, SD_LOG_IO, "rq",
11912 			    (uchar_t *)uscmd->uscsi_rqbuf, rqlen, SD_LOG_HEX);
11913 		}
11914 	}
11915 
11916 	/*
11917 	 * Free allocated resources and return; mapout the buf in case it was
11918 	 * mapped in by a lower layer.
11919 	 */
11920 	bp_mapout(bp);
11921 	freerbuf(bp);
11922 	kmem_free(uip, sizeof (struct sd_uscsi_info));
11923 	if (uscmd->uscsi_rqbuf != NULL) {
11924 		kmem_free(uscmd->uscsi_rqbuf, SENSE_LENGTH);
11925 	}
11926 	kmem_free(uscmd->uscsi_cdb, (size_t)uscmd->uscsi_cdblen);
11927 	kmem_free(uscmd, sizeof (struct uscsi_cmd));
11928 
11929 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_cmd: exit\n");
11930 
11931 	return (rval);
11932 }
11933 
11934 
11935 /*
11936  *    Function: sd_buf_iodone
11937  *
11938  * Description: Frees the sd_xbuf & returns the buf to its originator.
11939  *
11940  *     Context: May be called from interrupt context.
11941  */
11942 /* ARGSUSED */
11943 static void
11944 sd_buf_iodone(int index, struct sd_lun *un, struct buf *bp)
11945 {
11946 	struct sd_xbuf *xp;
11947 
11948 	ASSERT(un != NULL);
11949 	ASSERT(bp != NULL);
11950 	ASSERT(!mutex_owned(SD_MUTEX(un)));
11951 
11952 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_buf_iodone: entry.\n");
11953 
11954 	xp = SD_GET_XBUF(bp);
11955 	ASSERT(xp != NULL);
11956 
11957 	mutex_enter(SD_MUTEX(un));
11958 
11959 	/*
11960 	 * Grab time when the cmd completed.
11961 	 * This is used for determining if the system has been
11962 	 * idle long enough to make it idle to the PM framework.
11963 	 * This is for lowering the overhead, and therefore improving
11964 	 * performance per I/O operation.
11965 	 */
11966 	un->un_pm_idle_time = ddi_get_time();
11967 
11968 	un->un_ncmds_in_driver--;
11969 	ASSERT(un->un_ncmds_in_driver >= 0);
11970 	SD_INFO(SD_LOG_IO, un, "sd_buf_iodone: un_ncmds_in_driver = %ld\n",
11971 	    un->un_ncmds_in_driver);
11972 
11973 	mutex_exit(SD_MUTEX(un));
11974 
11975 	ddi_xbuf_done(bp, un->un_xbuf_attr);	/* xbuf is gone after this */
11976 	biodone(bp);				/* bp is gone after this */
11977 
11978 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_buf_iodone: exit.\n");
11979 }
11980 
11981 
11982 /*
11983  *    Function: sd_uscsi_iodone
11984  *
11985  * Description: Frees the sd_xbuf & returns the buf to its originator.
11986  *
11987  *     Context: May be called from interrupt context.
11988  */
11989 /* ARGSUSED */
11990 static void
11991 sd_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp)
11992 {
11993 	struct sd_xbuf *xp;
11994 
11995 	ASSERT(un != NULL);
11996 	ASSERT(bp != NULL);
11997 
11998 	xp = SD_GET_XBUF(bp);
11999 	ASSERT(xp != NULL);
12000 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12001 
12002 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: entry.\n");
12003 
12004 	bp->b_private = xp->xb_private;
12005 
12006 	mutex_enter(SD_MUTEX(un));
12007 
12008 	/*
12009 	 * Grab time when the cmd completed.
12010 	 * This is used for determining if the system has been
12011 	 * idle long enough to make it idle to the PM framework.
12012 	 * This is for lowering the overhead, and therefore improving
12013 	 * performance per I/O operation.
12014 	 */
12015 	un->un_pm_idle_time = ddi_get_time();
12016 
12017 	un->un_ncmds_in_driver--;
12018 	ASSERT(un->un_ncmds_in_driver >= 0);
12019 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: un_ncmds_in_driver = %ld\n",
12020 	    un->un_ncmds_in_driver);
12021 
12022 	mutex_exit(SD_MUTEX(un));
12023 
12024 	kmem_free(xp, sizeof (struct sd_xbuf));
12025 	biodone(bp);
12026 
12027 	SD_INFO(SD_LOG_IO, un, "sd_uscsi_iodone: exit.\n");
12028 }
12029 
12030 
12031 /*
12032  *    Function: sd_mapblockaddr_iostart
12033  *
12034  * Description: Verify request lies withing the partition limits for
12035  *		the indicated minor device.  Issue "overrun" buf if
12036  *		request would exceed partition range.  Converts
12037  *		partition-relative block address to absolute.
12038  *
12039  *     Context: Can sleep
12040  *
12041  *      Issues: This follows what the old code did, in terms of accessing
12042  *		some of the partition info in the unit struct without holding
12043  *		the mutext.  This is a general issue, if the partition info
12044  *		can be altered while IO is in progress... as soon as we send
12045  *		a buf, its partitioning can be invalid before it gets to the
12046  *		device.  Probably the right fix is to move partitioning out
12047  *		of the driver entirely.
12048  */
12049 
12050 static void
12051 sd_mapblockaddr_iostart(int index, struct sd_lun *un, struct buf *bp)
12052 {
12053 	daddr_t	nblocks;	/* #blocks in the given partition */
12054 	daddr_t	blocknum;	/* Block number specified by the buf */
12055 	size_t	requested_nblocks;
12056 	size_t	available_nblocks;
12057 	int	partition;
12058 	diskaddr_t	partition_offset;
12059 	struct sd_xbuf *xp;
12060 
12061 
12062 	ASSERT(un != NULL);
12063 	ASSERT(bp != NULL);
12064 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12065 
12066 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12067 	    "sd_mapblockaddr_iostart: entry: buf:0x%p\n", bp);
12068 
12069 	xp = SD_GET_XBUF(bp);
12070 	ASSERT(xp != NULL);
12071 
12072 	/*
12073 	 * If the geometry is not indicated as valid, attempt to access
12074 	 * the unit & verify the geometry/label. This can be the case for
12075 	 * removable-media devices, of if the device was opened in
12076 	 * NDELAY/NONBLOCK mode.
12077 	 */
12078 	if ((un->un_f_geometry_is_valid != TRUE) &&
12079 	    (sd_ready_and_valid(un) != SD_READY_VALID)) {
12080 		/*
12081 		 * For removable devices it is possible to start an I/O
12082 		 * without a media by opening the device in nodelay mode.
12083 		 * Also for writable CDs there can be many scenarios where
12084 		 * there is no geometry yet but volume manager is trying to
12085 		 * issue a read() just because it can see TOC on the CD. So
12086 		 * do not print a message for removables.
12087 		 */
12088 		if (!ISREMOVABLE(un)) {
12089 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
12090 			    "i/o to invalid geometry\n");
12091 		}
12092 		bioerror(bp, EIO);
12093 		bp->b_resid = bp->b_bcount;
12094 		SD_BEGIN_IODONE(index, un, bp);
12095 		return;
12096 	}
12097 
12098 	partition = SDPART(bp->b_edev);
12099 
12100 	/* #blocks in partition */
12101 	nblocks = un->un_map[partition].dkl_nblk;    /* #blocks in partition */
12102 
12103 	/* Use of a local variable potentially improves performance slightly */
12104 	partition_offset = un->un_offset[partition];
12105 
12106 	/*
12107 	 * blocknum is the starting block number of the request. At this
12108 	 * point it is still relative to the start of the minor device.
12109 	 */
12110 	blocknum = xp->xb_blkno;
12111 
12112 	/*
12113 	 * Legacy: If the starting block number is one past the last block
12114 	 * in the partition, do not set B_ERROR in the buf.
12115 	 */
12116 	if (blocknum == nblocks)  {
12117 		goto error_exit;
12118 	}
12119 
12120 	/*
12121 	 * Confirm that the first block of the request lies within the
12122 	 * partition limits. Also the requested number of bytes must be
12123 	 * a multiple of the system block size.
12124 	 */
12125 	if ((blocknum < 0) || (blocknum >= nblocks) ||
12126 	    ((bp->b_bcount & (un->un_sys_blocksize - 1)) != 0)) {
12127 		bp->b_flags |= B_ERROR;
12128 		goto error_exit;
12129 	}
12130 
12131 	/*
12132 	 * If the requsted # blocks exceeds the available # blocks, that
12133 	 * is an overrun of the partition.
12134 	 */
12135 	requested_nblocks = SD_BYTES2SYSBLOCKS(un, bp->b_bcount);
12136 	available_nblocks = (size_t)(nblocks - blocknum);
12137 	ASSERT(nblocks >= blocknum);
12138 
12139 	if (requested_nblocks > available_nblocks) {
12140 		/*
12141 		 * Allocate an "overrun" buf to allow the request to proceed
12142 		 * for the amount of space available in the partition. The
12143 		 * amount not transferred will be added into the b_resid
12144 		 * when the operation is complete. The overrun buf
12145 		 * replaces the original buf here, and the original buf
12146 		 * is saved inside the overrun buf, for later use.
12147 		 */
12148 		size_t resid = SD_SYSBLOCKS2BYTES(un,
12149 		    (offset_t)(requested_nblocks - available_nblocks));
12150 		size_t count = bp->b_bcount - resid;
12151 		/*
12152 		 * Note: count is an unsigned entity thus it'll NEVER
12153 		 * be less than 0 so ASSERT the original values are
12154 		 * correct.
12155 		 */
12156 		ASSERT(bp->b_bcount >= resid);
12157 
12158 		bp = sd_bioclone_alloc(bp, count, blocknum,
12159 			(int (*)(struct buf *)) sd_mapblockaddr_iodone);
12160 		xp = SD_GET_XBUF(bp); /* Update for 'new' bp! */
12161 		ASSERT(xp != NULL);
12162 	}
12163 
12164 	/* At this point there should be no residual for this buf. */
12165 	ASSERT(bp->b_resid == 0);
12166 
12167 	/* Convert the block number to an absolute address. */
12168 	xp->xb_blkno += partition_offset;
12169 
12170 	SD_NEXT_IOSTART(index, un, bp);
12171 
12172 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12173 	    "sd_mapblockaddr_iostart: exit 0: buf:0x%p\n", bp);
12174 
12175 	return;
12176 
12177 error_exit:
12178 	bp->b_resid = bp->b_bcount;
12179 	SD_BEGIN_IODONE(index, un, bp);
12180 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12181 	    "sd_mapblockaddr_iostart: exit 1: buf:0x%p\n", bp);
12182 }
12183 
12184 
12185 /*
12186  *    Function: sd_mapblockaddr_iodone
12187  *
12188  * Description: Completion-side processing for partition management.
12189  *
12190  *     Context: May be called under interrupt context
12191  */
12192 
12193 static void
12194 sd_mapblockaddr_iodone(int index, struct sd_lun *un, struct buf *bp)
12195 {
12196 	/* int	partition; */	/* Not used, see below. */
12197 	ASSERT(un != NULL);
12198 	ASSERT(bp != NULL);
12199 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12200 
12201 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12202 	    "sd_mapblockaddr_iodone: entry: buf:0x%p\n", bp);
12203 
12204 	if (bp->b_iodone == (int (*)(struct buf *)) sd_mapblockaddr_iodone) {
12205 		/*
12206 		 * We have an "overrun" buf to deal with...
12207 		 */
12208 		struct sd_xbuf	*xp;
12209 		struct buf	*obp;	/* ptr to the original buf */
12210 
12211 		xp = SD_GET_XBUF(bp);
12212 		ASSERT(xp != NULL);
12213 
12214 		/* Retrieve the pointer to the original buf */
12215 		obp = (struct buf *)xp->xb_private;
12216 		ASSERT(obp != NULL);
12217 
12218 		obp->b_resid = obp->b_bcount - (bp->b_bcount - bp->b_resid);
12219 		bioerror(obp, bp->b_error);
12220 
12221 		sd_bioclone_free(bp);
12222 
12223 		/*
12224 		 * Get back the original buf.
12225 		 * Note that since the restoration of xb_blkno below
12226 		 * was removed, the sd_xbuf is not needed.
12227 		 */
12228 		bp = obp;
12229 		/*
12230 		 * xp = SD_GET_XBUF(bp);
12231 		 * ASSERT(xp != NULL);
12232 		 */
12233 	}
12234 
12235 	/*
12236 	 * Convert sd->xb_blkno back to a minor-device relative value.
12237 	 * Note: this has been commented out, as it is not needed in the
12238 	 * current implementation of the driver (ie, since this function
12239 	 * is at the top of the layering chains, so the info will be
12240 	 * discarded) and it is in the "hot" IO path.
12241 	 *
12242 	 * partition = getminor(bp->b_edev) & SDPART_MASK;
12243 	 * xp->xb_blkno -= un->un_offset[partition];
12244 	 */
12245 
12246 	SD_NEXT_IODONE(index, un, bp);
12247 
12248 	SD_TRACE(SD_LOG_IO_PARTITION, un,
12249 	    "sd_mapblockaddr_iodone: exit: buf:0x%p\n", bp);
12250 }
12251 
12252 
12253 /*
12254  *    Function: sd_mapblocksize_iostart
12255  *
12256  * Description: Convert between system block size (un->un_sys_blocksize)
12257  *		and target block size (un->un_tgt_blocksize).
12258  *
12259  *     Context: Can sleep to allocate resources.
12260  *
12261  * Assumptions: A higher layer has already performed any partition validation,
12262  *		and converted the xp->xb_blkno to an absolute value relative
12263  *		to the start of the device.
12264  *
12265  *		It is also assumed that the higher layer has implemented
12266  *		an "overrun" mechanism for the case where the request would
12267  *		read/write beyond the end of a partition.  In this case we
12268  *		assume (and ASSERT) that bp->b_resid == 0.
12269  *
12270  *		Note: The implementation for this routine assumes the target
12271  *		block size remains constant between allocation and transport.
12272  */
12273 
12274 static void
12275 sd_mapblocksize_iostart(int index, struct sd_lun *un, struct buf *bp)
12276 {
12277 	struct sd_mapblocksize_info	*bsp;
12278 	struct sd_xbuf			*xp;
12279 	offset_t first_byte;
12280 	daddr_t	start_block, end_block;
12281 	daddr_t	request_bytes;
12282 	ushort_t is_aligned = FALSE;
12283 
12284 	ASSERT(un != NULL);
12285 	ASSERT(bp != NULL);
12286 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12287 	ASSERT(bp->b_resid == 0);
12288 
12289 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12290 	    "sd_mapblocksize_iostart: entry: buf:0x%p\n", bp);
12291 
12292 	/*
12293 	 * For a non-writable CD, a write request is an error
12294 	 */
12295 	if (ISCD(un) && ((bp->b_flags & B_READ) == 0) &&
12296 	    (un->un_f_mmc_writable_media == FALSE)) {
12297 		bioerror(bp, EIO);
12298 		bp->b_resid = bp->b_bcount;
12299 		SD_BEGIN_IODONE(index, un, bp);
12300 		return;
12301 	}
12302 
12303 	/*
12304 	 * We do not need a shadow buf if the device is using
12305 	 * un->un_sys_blocksize as its block size or if bcount == 0.
12306 	 * In this case there is no layer-private data block allocated.
12307 	 */
12308 	if ((un->un_tgt_blocksize == un->un_sys_blocksize) ||
12309 	    (bp->b_bcount == 0)) {
12310 		goto done;
12311 	}
12312 
12313 #if defined(__i386) || defined(__amd64)
12314 	/* We do not support non-block-aligned transfers for ROD devices */
12315 	ASSERT(!ISROD(un));
12316 #endif
12317 
12318 	xp = SD_GET_XBUF(bp);
12319 	ASSERT(xp != NULL);
12320 
12321 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12322 	    "tgt_blocksize:0x%x sys_blocksize: 0x%x\n",
12323 	    un->un_tgt_blocksize, un->un_sys_blocksize);
12324 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12325 	    "request start block:0x%x\n", xp->xb_blkno);
12326 	SD_INFO(SD_LOG_IO_RMMEDIA, un, "sd_mapblocksize_iostart: "
12327 	    "request len:0x%x\n", bp->b_bcount);
12328 
12329 	/*
12330 	 * Allocate the layer-private data area for the mapblocksize layer.
12331 	 * Layers are allowed to use the xp_private member of the sd_xbuf
12332 	 * struct to store the pointer to their layer-private data block, but
12333 	 * each layer also has the responsibility of restoring the prior
12334 	 * contents of xb_private before returning the buf/xbuf to the
12335 	 * higher layer that sent it.
12336 	 *
12337 	 * Here we save the prior contents of xp->xb_private into the
12338 	 * bsp->mbs_oprivate field of our layer-private data area. This value
12339 	 * is restored by sd_mapblocksize_iodone() just prior to freeing up
12340 	 * the layer-private area and returning the buf/xbuf to the layer
12341 	 * that sent it.
12342 	 *
12343 	 * Note that here we use kmem_zalloc for the allocation as there are
12344 	 * parts of the mapblocksize code that expect certain fields to be
12345 	 * zero unless explicitly set to a required value.
12346 	 */
12347 	bsp = kmem_zalloc(sizeof (struct sd_mapblocksize_info), KM_SLEEP);
12348 	bsp->mbs_oprivate = xp->xb_private;
12349 	xp->xb_private = bsp;
12350 
12351 	/*
12352 	 * This treats the data on the disk (target) as an array of bytes.
12353 	 * first_byte is the byte offset, from the beginning of the device,
12354 	 * to the location of the request. This is converted from a
12355 	 * un->un_sys_blocksize block address to a byte offset, and then back
12356 	 * to a block address based upon a un->un_tgt_blocksize block size.
12357 	 *
12358 	 * xp->xb_blkno should be absolute upon entry into this function,
12359 	 * but, but it is based upon partitions that use the "system"
12360 	 * block size. It must be adjusted to reflect the block size of
12361 	 * the target.
12362 	 *
12363 	 * Note that end_block is actually the block that follows the last
12364 	 * block of the request, but that's what is needed for the computation.
12365 	 */
12366 	first_byte  = SD_SYSBLOCKS2BYTES(un, (offset_t)xp->xb_blkno);
12367 	start_block = xp->xb_blkno = first_byte / un->un_tgt_blocksize;
12368 	end_block   = (first_byte + bp->b_bcount + un->un_tgt_blocksize - 1) /
12369 	    un->un_tgt_blocksize;
12370 
12371 	/* request_bytes is rounded up to a multiple of the target block size */
12372 	request_bytes = (end_block - start_block) * un->un_tgt_blocksize;
12373 
12374 	/*
12375 	 * See if the starting address of the request and the request
12376 	 * length are aligned on a un->un_tgt_blocksize boundary. If aligned
12377 	 * then we do not need to allocate a shadow buf to handle the request.
12378 	 */
12379 	if (((first_byte   % un->un_tgt_blocksize) == 0) &&
12380 	    ((bp->b_bcount % un->un_tgt_blocksize) == 0)) {
12381 		is_aligned = TRUE;
12382 	}
12383 
12384 	if ((bp->b_flags & B_READ) == 0) {
12385 		/*
12386 		 * Lock the range for a write operation. An aligned request is
12387 		 * considered a simple write; otherwise the request must be a
12388 		 * read-modify-write.
12389 		 */
12390 		bsp->mbs_wmp = sd_range_lock(un, start_block, end_block - 1,
12391 		    (is_aligned == TRUE) ? SD_WTYPE_SIMPLE : SD_WTYPE_RMW);
12392 	}
12393 
12394 	/*
12395 	 * Alloc a shadow buf if the request is not aligned. Also, this is
12396 	 * where the READ command is generated for a read-modify-write. (The
12397 	 * write phase is deferred until after the read completes.)
12398 	 */
12399 	if (is_aligned == FALSE) {
12400 
12401 		struct sd_mapblocksize_info	*shadow_bsp;
12402 		struct sd_xbuf	*shadow_xp;
12403 		struct buf	*shadow_bp;
12404 
12405 		/*
12406 		 * Allocate the shadow buf and it associated xbuf. Note that
12407 		 * after this call the xb_blkno value in both the original
12408 		 * buf's sd_xbuf _and_ the shadow buf's sd_xbuf will be the
12409 		 * same: absolute relative to the start of the device, and
12410 		 * adjusted for the target block size. The b_blkno in the
12411 		 * shadow buf will also be set to this value. We should never
12412 		 * change b_blkno in the original bp however.
12413 		 *
12414 		 * Note also that the shadow buf will always need to be a
12415 		 * READ command, regardless of whether the incoming command
12416 		 * is a READ or a WRITE.
12417 		 */
12418 		shadow_bp = sd_shadow_buf_alloc(bp, request_bytes, B_READ,
12419 		    xp->xb_blkno,
12420 		    (int (*)(struct buf *)) sd_mapblocksize_iodone);
12421 
12422 		shadow_xp = SD_GET_XBUF(shadow_bp);
12423 
12424 		/*
12425 		 * Allocate the layer-private data for the shadow buf.
12426 		 * (No need to preserve xb_private in the shadow xbuf.)
12427 		 */
12428 		shadow_xp->xb_private = shadow_bsp =
12429 		    kmem_zalloc(sizeof (struct sd_mapblocksize_info), KM_SLEEP);
12430 
12431 		/*
12432 		 * bsp->mbs_copy_offset is used later by sd_mapblocksize_iodone
12433 		 * to figure out where the start of the user data is (based upon
12434 		 * the system block size) in the data returned by the READ
12435 		 * command (which will be based upon the target blocksize). Note
12436 		 * that this is only really used if the request is unaligned.
12437 		 */
12438 		bsp->mbs_copy_offset = (ssize_t)(first_byte -
12439 		    ((offset_t)xp->xb_blkno * un->un_tgt_blocksize));
12440 		ASSERT((bsp->mbs_copy_offset >= 0) &&
12441 		    (bsp->mbs_copy_offset < un->un_tgt_blocksize));
12442 
12443 		shadow_bsp->mbs_copy_offset = bsp->mbs_copy_offset;
12444 
12445 		shadow_bsp->mbs_layer_index = bsp->mbs_layer_index = index;
12446 
12447 		/* Transfer the wmap (if any) to the shadow buf */
12448 		shadow_bsp->mbs_wmp = bsp->mbs_wmp;
12449 		bsp->mbs_wmp = NULL;
12450 
12451 		/*
12452 		 * The shadow buf goes on from here in place of the
12453 		 * original buf.
12454 		 */
12455 		shadow_bsp->mbs_orig_bp = bp;
12456 		bp = shadow_bp;
12457 	}
12458 
12459 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12460 	    "sd_mapblocksize_iostart: tgt start block:0x%x\n", xp->xb_blkno);
12461 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12462 	    "sd_mapblocksize_iostart: tgt request len:0x%x\n",
12463 	    request_bytes);
12464 	SD_INFO(SD_LOG_IO_RMMEDIA, un,
12465 	    "sd_mapblocksize_iostart: shadow buf:0x%x\n", bp);
12466 
12467 done:
12468 	SD_NEXT_IOSTART(index, un, bp);
12469 
12470 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12471 	    "sd_mapblocksize_iostart: exit: buf:0x%p\n", bp);
12472 }
12473 
12474 
12475 /*
12476  *    Function: sd_mapblocksize_iodone
12477  *
12478  * Description: Completion side processing for block-size mapping.
12479  *
12480  *     Context: May be called under interrupt context
12481  */
12482 
12483 static void
12484 sd_mapblocksize_iodone(int index, struct sd_lun *un, struct buf *bp)
12485 {
12486 	struct sd_mapblocksize_info	*bsp;
12487 	struct sd_xbuf	*xp;
12488 	struct sd_xbuf	*orig_xp;	/* sd_xbuf for the original buf */
12489 	struct buf	*orig_bp;	/* ptr to the original buf */
12490 	offset_t	shadow_end;
12491 	offset_t	request_end;
12492 	offset_t	shadow_start;
12493 	ssize_t		copy_offset;
12494 	size_t		copy_length;
12495 	size_t		shortfall;
12496 	uint_t		is_write;	/* TRUE if this bp is a WRITE */
12497 	uint_t		has_wmap;	/* TRUE is this bp has a wmap */
12498 
12499 	ASSERT(un != NULL);
12500 	ASSERT(bp != NULL);
12501 
12502 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
12503 	    "sd_mapblocksize_iodone: entry: buf:0x%p\n", bp);
12504 
12505 	/*
12506 	 * There is no shadow buf or layer-private data if the target is
12507 	 * using un->un_sys_blocksize as its block size or if bcount == 0.
12508 	 */
12509 	if ((un->un_tgt_blocksize == un->un_sys_blocksize) ||
12510 	    (bp->b_bcount == 0)) {
12511 		goto exit;
12512 	}
12513 
12514 	xp = SD_GET_XBUF(bp);
12515 	ASSERT(xp != NULL);
12516 
12517 	/* Retrieve the pointer to the layer-private data area from the xbuf. */
12518 	bsp = xp->xb_private;
12519 
12520 	is_write = ((bp->b_flags & B_READ) == 0) ? TRUE : FALSE;
12521 	has_wmap = (bsp->mbs_wmp != NULL) ? TRUE : FALSE;
12522 
12523 	if (is_write) {
12524 		/*
12525 		 * For a WRITE request we must free up the block range that
12526 		 * we have locked up.  This holds regardless of whether this is
12527 		 * an aligned write request or a read-modify-write request.
12528 		 */
12529 		sd_range_unlock(un, bsp->mbs_wmp);
12530 		bsp->mbs_wmp = NULL;
12531 	}
12532 
12533 	if ((bp->b_iodone != (int(*)(struct buf *))sd_mapblocksize_iodone)) {
12534 		/*
12535 		 * An aligned read or write command will have no shadow buf;
12536 		 * there is not much else to do with it.
12537 		 */
12538 		goto done;
12539 	}
12540 
12541 	orig_bp = bsp->mbs_orig_bp;
12542 	ASSERT(orig_bp != NULL);
12543 	orig_xp = SD_GET_XBUF(orig_bp);
12544 	ASSERT(orig_xp != NULL);
12545 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12546 
12547 	if (!is_write && has_wmap) {
12548 		/*
12549 		 * A READ with a wmap means this is the READ phase of a
12550 		 * read-modify-write. If an error occurred on the READ then
12551 		 * we do not proceed with the WRITE phase or copy any data.
12552 		 * Just release the write maps and return with an error.
12553 		 */
12554 		if ((bp->b_resid != 0) || (bp->b_error != 0)) {
12555 			orig_bp->b_resid = orig_bp->b_bcount;
12556 			bioerror(orig_bp, bp->b_error);
12557 			sd_range_unlock(un, bsp->mbs_wmp);
12558 			goto freebuf_done;
12559 		}
12560 	}
12561 
12562 	/*
12563 	 * Here is where we set up to copy the data from the shadow buf
12564 	 * into the space associated with the original buf.
12565 	 *
12566 	 * To deal with the conversion between block sizes, these
12567 	 * computations treat the data as an array of bytes, with the
12568 	 * first byte (byte 0) corresponding to the first byte in the
12569 	 * first block on the disk.
12570 	 */
12571 
12572 	/*
12573 	 * shadow_start and shadow_len indicate the location and size of
12574 	 * the data returned with the shadow IO request.
12575 	 */
12576 	shadow_start  = SD_TGTBLOCKS2BYTES(un, (offset_t)xp->xb_blkno);
12577 	shadow_end    = shadow_start + bp->b_bcount - bp->b_resid;
12578 
12579 	/*
12580 	 * copy_offset gives the offset (in bytes) from the start of the first
12581 	 * block of the READ request to the beginning of the data.  We retrieve
12582 	 * this value from xb_pktp in the ORIGINAL xbuf, as it has been saved
12583 	 * there by sd_mapblockize_iostart(). copy_length gives the amount of
12584 	 * data to be copied (in bytes).
12585 	 */
12586 	copy_offset  = bsp->mbs_copy_offset;
12587 	ASSERT((copy_offset >= 0) && (copy_offset < un->un_tgt_blocksize));
12588 	copy_length  = orig_bp->b_bcount;
12589 	request_end  = shadow_start + copy_offset + orig_bp->b_bcount;
12590 
12591 	/*
12592 	 * Set up the resid and error fields of orig_bp as appropriate.
12593 	 */
12594 	if (shadow_end >= request_end) {
12595 		/* We got all the requested data; set resid to zero */
12596 		orig_bp->b_resid = 0;
12597 	} else {
12598 		/*
12599 		 * We failed to get enough data to fully satisfy the original
12600 		 * request. Just copy back whatever data we got and set
12601 		 * up the residual and error code as required.
12602 		 *
12603 		 * 'shortfall' is the amount by which the data received with the
12604 		 * shadow buf has "fallen short" of the requested amount.
12605 		 */
12606 		shortfall = (size_t)(request_end - shadow_end);
12607 
12608 		if (shortfall > orig_bp->b_bcount) {
12609 			/*
12610 			 * We did not get enough data to even partially
12611 			 * fulfill the original request.  The residual is
12612 			 * equal to the amount requested.
12613 			 */
12614 			orig_bp->b_resid = orig_bp->b_bcount;
12615 		} else {
12616 			/*
12617 			 * We did not get all the data that we requested
12618 			 * from the device, but we will try to return what
12619 			 * portion we did get.
12620 			 */
12621 			orig_bp->b_resid = shortfall;
12622 		}
12623 		ASSERT(copy_length >= orig_bp->b_resid);
12624 		copy_length  -= orig_bp->b_resid;
12625 	}
12626 
12627 	/* Propagate the error code from the shadow buf to the original buf */
12628 	bioerror(orig_bp, bp->b_error);
12629 
12630 	if (is_write) {
12631 		goto freebuf_done;	/* No data copying for a WRITE */
12632 	}
12633 
12634 	if (has_wmap) {
12635 		/*
12636 		 * This is a READ command from the READ phase of a
12637 		 * read-modify-write request. We have to copy the data given
12638 		 * by the user OVER the data returned by the READ command,
12639 		 * then convert the command from a READ to a WRITE and send
12640 		 * it back to the target.
12641 		 */
12642 		bcopy(orig_bp->b_un.b_addr, bp->b_un.b_addr + copy_offset,
12643 		    copy_length);
12644 
12645 		bp->b_flags &= ~((int)B_READ);	/* Convert to a WRITE */
12646 
12647 		/*
12648 		 * Dispatch the WRITE command to the taskq thread, which
12649 		 * will in turn send the command to the target. When the
12650 		 * WRITE command completes, we (sd_mapblocksize_iodone())
12651 		 * will get called again as part of the iodone chain
12652 		 * processing for it. Note that we will still be dealing
12653 		 * with the shadow buf at that point.
12654 		 */
12655 		if (taskq_dispatch(sd_wmr_tq, sd_read_modify_write_task, bp,
12656 		    KM_NOSLEEP) != 0) {
12657 			/*
12658 			 * Dispatch was successful so we are done. Return
12659 			 * without going any higher up the iodone chain. Do
12660 			 * not free up any layer-private data until after the
12661 			 * WRITE completes.
12662 			 */
12663 			return;
12664 		}
12665 
12666 		/*
12667 		 * Dispatch of the WRITE command failed; set up the error
12668 		 * condition and send this IO back up the iodone chain.
12669 		 */
12670 		bioerror(orig_bp, EIO);
12671 		orig_bp->b_resid = orig_bp->b_bcount;
12672 
12673 	} else {
12674 		/*
12675 		 * This is a regular READ request (ie, not a RMW). Copy the
12676 		 * data from the shadow buf into the original buf. The
12677 		 * copy_offset compensates for any "misalignment" between the
12678 		 * shadow buf (with its un->un_tgt_blocksize blocks) and the
12679 		 * original buf (with its un->un_sys_blocksize blocks).
12680 		 */
12681 		bcopy(bp->b_un.b_addr + copy_offset, orig_bp->b_un.b_addr,
12682 		    copy_length);
12683 	}
12684 
12685 freebuf_done:
12686 
12687 	/*
12688 	 * At this point we still have both the shadow buf AND the original
12689 	 * buf to deal with, as well as the layer-private data area in each.
12690 	 * Local variables are as follows:
12691 	 *
12692 	 * bp -- points to shadow buf
12693 	 * xp -- points to xbuf of shadow buf
12694 	 * bsp -- points to layer-private data area of shadow buf
12695 	 * orig_bp -- points to original buf
12696 	 *
12697 	 * First free the shadow buf and its associated xbuf, then free the
12698 	 * layer-private data area from the shadow buf. There is no need to
12699 	 * restore xb_private in the shadow xbuf.
12700 	 */
12701 	sd_shadow_buf_free(bp);
12702 	kmem_free(bsp, sizeof (struct sd_mapblocksize_info));
12703 
12704 	/*
12705 	 * Now update the local variables to point to the original buf, xbuf,
12706 	 * and layer-private area.
12707 	 */
12708 	bp = orig_bp;
12709 	xp = SD_GET_XBUF(bp);
12710 	ASSERT(xp != NULL);
12711 	ASSERT(xp == orig_xp);
12712 	bsp = xp->xb_private;
12713 	ASSERT(bsp != NULL);
12714 
12715 done:
12716 	/*
12717 	 * Restore xb_private to whatever it was set to by the next higher
12718 	 * layer in the chain, then free the layer-private data area.
12719 	 */
12720 	xp->xb_private = bsp->mbs_oprivate;
12721 	kmem_free(bsp, sizeof (struct sd_mapblocksize_info));
12722 
12723 exit:
12724 	SD_TRACE(SD_LOG_IO_RMMEDIA, SD_GET_UN(bp),
12725 	    "sd_mapblocksize_iodone: calling SD_NEXT_IODONE: buf:0x%p\n", bp);
12726 
12727 	SD_NEXT_IODONE(index, un, bp);
12728 }
12729 
12730 
12731 /*
12732  *    Function: sd_checksum_iostart
12733  *
12734  * Description: A stub function for a layer that's currently not used.
12735  *		For now just a placeholder.
12736  *
12737  *     Context: Kernel thread context
12738  */
12739 
12740 static void
12741 sd_checksum_iostart(int index, struct sd_lun *un, struct buf *bp)
12742 {
12743 	ASSERT(un != NULL);
12744 	ASSERT(bp != NULL);
12745 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12746 	SD_NEXT_IOSTART(index, un, bp);
12747 }
12748 
12749 
12750 /*
12751  *    Function: sd_checksum_iodone
12752  *
12753  * Description: A stub function for a layer that's currently not used.
12754  *		For now just a placeholder.
12755  *
12756  *     Context: May be called under interrupt context
12757  */
12758 
12759 static void
12760 sd_checksum_iodone(int index, struct sd_lun *un, struct buf *bp)
12761 {
12762 	ASSERT(un != NULL);
12763 	ASSERT(bp != NULL);
12764 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12765 	SD_NEXT_IODONE(index, un, bp);
12766 }
12767 
12768 
12769 /*
12770  *    Function: sd_checksum_uscsi_iostart
12771  *
12772  * Description: A stub function for a layer that's currently not used.
12773  *		For now just a placeholder.
12774  *
12775  *     Context: Kernel thread context
12776  */
12777 
12778 static void
12779 sd_checksum_uscsi_iostart(int index, struct sd_lun *un, struct buf *bp)
12780 {
12781 	ASSERT(un != NULL);
12782 	ASSERT(bp != NULL);
12783 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12784 	SD_NEXT_IOSTART(index, un, bp);
12785 }
12786 
12787 
12788 /*
12789  *    Function: sd_checksum_uscsi_iodone
12790  *
12791  * Description: A stub function for a layer that's currently not used.
12792  *		For now just a placeholder.
12793  *
12794  *     Context: May be called under interrupt context
12795  */
12796 
12797 static void
12798 sd_checksum_uscsi_iodone(int index, struct sd_lun *un, struct buf *bp)
12799 {
12800 	ASSERT(un != NULL);
12801 	ASSERT(bp != NULL);
12802 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12803 	SD_NEXT_IODONE(index, un, bp);
12804 }
12805 
12806 
12807 /*
12808  *    Function: sd_pm_iostart
12809  *
12810  * Description: iostart-side routine for Power mangement.
12811  *
12812  *     Context: Kernel thread context
12813  */
12814 
12815 static void
12816 sd_pm_iostart(int index, struct sd_lun *un, struct buf *bp)
12817 {
12818 	ASSERT(un != NULL);
12819 	ASSERT(bp != NULL);
12820 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12821 	ASSERT(!mutex_owned(&un->un_pm_mutex));
12822 
12823 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: entry\n");
12824 
12825 	if (sd_pm_entry(un) != DDI_SUCCESS) {
12826 		/*
12827 		 * Set up to return the failed buf back up the 'iodone'
12828 		 * side of the calling chain.
12829 		 */
12830 		bioerror(bp, EIO);
12831 		bp->b_resid = bp->b_bcount;
12832 
12833 		SD_BEGIN_IODONE(index, un, bp);
12834 
12835 		SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: exit\n");
12836 		return;
12837 	}
12838 
12839 	SD_NEXT_IOSTART(index, un, bp);
12840 
12841 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iostart: exit\n");
12842 }
12843 
12844 
12845 /*
12846  *    Function: sd_pm_iodone
12847  *
12848  * Description: iodone-side routine for power mangement.
12849  *
12850  *     Context: may be called from interrupt context
12851  */
12852 
12853 static void
12854 sd_pm_iodone(int index, struct sd_lun *un, struct buf *bp)
12855 {
12856 	ASSERT(un != NULL);
12857 	ASSERT(bp != NULL);
12858 	ASSERT(!mutex_owned(&un->un_pm_mutex));
12859 
12860 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iodone: entry\n");
12861 
12862 	/*
12863 	 * After attach the following flag is only read, so don't
12864 	 * take the penalty of acquiring a mutex for it.
12865 	 */
12866 	if (un->un_f_pm_is_enabled == TRUE) {
12867 		sd_pm_exit(un);
12868 	}
12869 
12870 	SD_NEXT_IODONE(index, un, bp);
12871 
12872 	SD_TRACE(SD_LOG_IO_PM, un, "sd_pm_iodone: exit\n");
12873 }
12874 
12875 
12876 /*
12877  *    Function: sd_core_iostart
12878  *
12879  * Description: Primary driver function for enqueuing buf(9S) structs from
12880  *		the system and initiating IO to the target device
12881  *
12882  *     Context: Kernel thread context. Can sleep.
12883  *
12884  * Assumptions:  - The given xp->xb_blkno is absolute
12885  *		   (ie, relative to the start of the device).
12886  *		 - The IO is to be done using the native blocksize of
12887  *		   the device, as specified in un->un_tgt_blocksize.
12888  */
12889 /* ARGSUSED */
12890 static void
12891 sd_core_iostart(int index, struct sd_lun *un, struct buf *bp)
12892 {
12893 	struct sd_xbuf *xp;
12894 
12895 	ASSERT(un != NULL);
12896 	ASSERT(bp != NULL);
12897 	ASSERT(!mutex_owned(SD_MUTEX(un)));
12898 	ASSERT(bp->b_resid == 0);
12899 
12900 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_core_iostart: entry: bp:0x%p\n", bp);
12901 
12902 	xp = SD_GET_XBUF(bp);
12903 	ASSERT(xp != NULL);
12904 
12905 	mutex_enter(SD_MUTEX(un));
12906 
12907 	/*
12908 	 * If we are currently in the failfast state, fail any new IO
12909 	 * that has B_FAILFAST set, then return.
12910 	 */
12911 	if ((bp->b_flags & B_FAILFAST) &&
12912 	    (un->un_failfast_state == SD_FAILFAST_ACTIVE)) {
12913 		mutex_exit(SD_MUTEX(un));
12914 		bioerror(bp, EIO);
12915 		bp->b_resid = bp->b_bcount;
12916 		SD_BEGIN_IODONE(index, un, bp);
12917 		return;
12918 	}
12919 
12920 	if (SD_IS_DIRECT_PRIORITY(xp)) {
12921 		/*
12922 		 * Priority command -- transport it immediately.
12923 		 *
12924 		 * Note: We may want to assert that USCSI_DIAGNOSE is set,
12925 		 * because all direct priority commands should be associated
12926 		 * with error recovery actions which we don't want to retry.
12927 		 */
12928 		sd_start_cmds(un, bp);
12929 	} else {
12930 		/*
12931 		 * Normal command -- add it to the wait queue, then start
12932 		 * transporting commands from the wait queue.
12933 		 */
12934 		sd_add_buf_to_waitq(un, bp);
12935 		SD_UPDATE_KSTATS(un, kstat_waitq_enter, bp);
12936 		sd_start_cmds(un, NULL);
12937 	}
12938 
12939 	mutex_exit(SD_MUTEX(un));
12940 
12941 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_core_iostart: exit: bp:0x%p\n", bp);
12942 }
12943 
12944 
12945 /*
12946  *    Function: sd_init_cdb_limits
12947  *
12948  * Description: This is to handle scsi_pkt initialization differences
12949  *		between the driver platforms.
12950  *
12951  *		Legacy behaviors:
12952  *
12953  *		If the block number or the sector count exceeds the
12954  *		capabilities of a Group 0 command, shift over to a
12955  *		Group 1 command. We don't blindly use Group 1
12956  *		commands because a) some drives (CDC Wren IVs) get a
12957  *		bit confused, and b) there is probably a fair amount
12958  *		of speed difference for a target to receive and decode
12959  *		a 10 byte command instead of a 6 byte command.
12960  *
12961  *		The xfer time difference of 6 vs 10 byte CDBs is
12962  *		still significant so this code is still worthwhile.
12963  *		10 byte CDBs are very inefficient with the fas HBA driver
12964  *		and older disks. Each CDB byte took 1 usec with some
12965  *		popular disks.
12966  *
12967  *     Context: Must be called at attach time
12968  */
12969 
12970 static void
12971 sd_init_cdb_limits(struct sd_lun *un)
12972 {
12973 	/*
12974 	 * Use CDB_GROUP1 commands for most devices except for
12975 	 * parallel SCSI fixed drives in which case we get better
12976 	 * performance using CDB_GROUP0 commands (where applicable).
12977 	 */
12978 	un->un_mincdb = SD_CDB_GROUP1;
12979 #if !defined(__fibre)
12980 	if (!un->un_f_is_fibre && !un->un_f_cfg_is_atapi && !ISROD(un) &&
12981 	    !ISREMOVABLE(un)) {
12982 		un->un_mincdb = SD_CDB_GROUP0;
12983 	}
12984 #endif
12985 
12986 	/*
12987 	 * Use CDB_GROUP5 commands for removable devices.  Use CDB_GROUP4
12988 	 * commands for fixed disks unless we are building for a 32 bit
12989 	 * kernel.
12990 	 */
12991 #ifdef _LP64
12992 	un->un_maxcdb = (ISREMOVABLE(un)) ? SD_CDB_GROUP5 : SD_CDB_GROUP4;
12993 #else
12994 	un->un_maxcdb = (ISREMOVABLE(un)) ? SD_CDB_GROUP5 : SD_CDB_GROUP1;
12995 #endif
12996 
12997 	/*
12998 	 * x86 systems require the PKT_DMA_PARTIAL flag
12999 	 */
13000 #if defined(__x86)
13001 	un->un_pkt_flags = PKT_DMA_PARTIAL;
13002 #else
13003 	un->un_pkt_flags = 0;
13004 #endif
13005 
13006 	un->un_status_len = (int)((un->un_f_arq_enabled == TRUE)
13007 	    ? sizeof (struct scsi_arq_status) : 1);
13008 	un->un_cmd_timeout = (ushort_t)sd_io_time;
13009 	un->un_uscsi_timeout = ((ISCD(un)) ? 2 : 1) * un->un_cmd_timeout;
13010 }
13011 
13012 
13013 /*
13014  *    Function: sd_initpkt_for_buf
13015  *
13016  * Description: Allocate and initialize for transport a scsi_pkt struct,
13017  *		based upon the info specified in the given buf struct.
13018  *
13019  *		Assumes the xb_blkno in the request is absolute (ie,
13020  *		relative to the start of the device (NOT partition!).
13021  *		Also assumes that the request is using the native block
13022  *		size of the device (as returned by the READ CAPACITY
13023  *		command).
13024  *
13025  * Return Code: SD_PKT_ALLOC_SUCCESS
13026  *		SD_PKT_ALLOC_FAILURE
13027  *		SD_PKT_ALLOC_FAILURE_NO_DMA
13028  *		SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13029  *
13030  *     Context: Kernel thread and may be called from software interrupt context
13031  *		as part of a sdrunout callback. This function may not block or
13032  *		call routines that block
13033  */
13034 
13035 static int
13036 sd_initpkt_for_buf(struct buf *bp, struct scsi_pkt **pktpp)
13037 {
13038 	struct sd_xbuf	*xp;
13039 	struct scsi_pkt *pktp = NULL;
13040 	struct sd_lun	*un;
13041 	size_t		blockcount;
13042 	daddr_t		startblock;
13043 	int		rval;
13044 	int		cmd_flags;
13045 
13046 	ASSERT(bp != NULL);
13047 	ASSERT(pktpp != NULL);
13048 	xp = SD_GET_XBUF(bp);
13049 	ASSERT(xp != NULL);
13050 	un = SD_GET_UN(bp);
13051 	ASSERT(un != NULL);
13052 	ASSERT(mutex_owned(SD_MUTEX(un)));
13053 	ASSERT(bp->b_resid == 0);
13054 
13055 	SD_TRACE(SD_LOG_IO_CORE, un,
13056 	    "sd_initpkt_for_buf: entry: buf:0x%p\n", bp);
13057 
13058 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13059 	if (xp->xb_pkt_flags & SD_XB_DMA_FREED) {
13060 		/*
13061 		 * Already have a scsi_pkt -- just need DMA resources.
13062 		 * We must recompute the CDB in case the mapping returns
13063 		 * a nonzero pkt_resid.
13064 		 * Note: if this is a portion of a PKT_DMA_PARTIAL transfer
13065 		 * that is being retried, the unmap/remap of the DMA resouces
13066 		 * will result in the entire transfer starting over again
13067 		 * from the very first block.
13068 		 */
13069 		ASSERT(xp->xb_pktp != NULL);
13070 		pktp = xp->xb_pktp;
13071 	} else {
13072 		pktp = NULL;
13073 	}
13074 #endif /* __i386 || __amd64 */
13075 
13076 	startblock = xp->xb_blkno;	/* Absolute block num. */
13077 	blockcount = SD_BYTES2TGTBLOCKS(un, bp->b_bcount);
13078 
13079 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13080 
13081 	cmd_flags = un->un_pkt_flags | (xp->xb_pkt_flags & SD_XB_INITPKT_MASK);
13082 
13083 #else
13084 
13085 	cmd_flags = un->un_pkt_flags | xp->xb_pkt_flags;
13086 
13087 #endif
13088 
13089 	/*
13090 	 * sd_setup_rw_pkt will determine the appropriate CDB group to use,
13091 	 * call scsi_init_pkt, and build the CDB.
13092 	 */
13093 	rval = sd_setup_rw_pkt(un, &pktp, bp,
13094 	    cmd_flags, sdrunout, (caddr_t)un,
13095 	    startblock, blockcount);
13096 
13097 	if (rval == 0) {
13098 		/*
13099 		 * Success.
13100 		 *
13101 		 * If partial DMA is being used and required for this transfer.
13102 		 * set it up here.
13103 		 */
13104 		if ((un->un_pkt_flags & PKT_DMA_PARTIAL) != 0 &&
13105 		    (pktp->pkt_resid != 0)) {
13106 
13107 			/*
13108 			 * Save the CDB length and pkt_resid for the
13109 			 * next xfer
13110 			 */
13111 			xp->xb_dma_resid = pktp->pkt_resid;
13112 
13113 			/* rezero resid */
13114 			pktp->pkt_resid = 0;
13115 
13116 		} else {
13117 			xp->xb_dma_resid = 0;
13118 		}
13119 
13120 		pktp->pkt_flags = un->un_tagflags;
13121 		pktp->pkt_time  = un->un_cmd_timeout;
13122 		pktp->pkt_comp  = sdintr;
13123 
13124 		pktp->pkt_private = bp;
13125 		*pktpp = pktp;
13126 
13127 		SD_TRACE(SD_LOG_IO_CORE, un,
13128 		    "sd_initpkt_for_buf: exit: buf:0x%p\n", bp);
13129 
13130 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
13131 		xp->xb_pkt_flags &= ~SD_XB_DMA_FREED;
13132 #endif
13133 
13134 		return (SD_PKT_ALLOC_SUCCESS);
13135 
13136 	}
13137 
13138 	/*
13139 	 * SD_PKT_ALLOC_FAILURE is the only expected failure code
13140 	 * from sd_setup_rw_pkt.
13141 	 */
13142 	ASSERT(rval == SD_PKT_ALLOC_FAILURE);
13143 
13144 	if (rval == SD_PKT_ALLOC_FAILURE) {
13145 		*pktpp = NULL;
13146 		/*
13147 		 * Set the driver state to RWAIT to indicate the driver
13148 		 * is waiting on resource allocations. The driver will not
13149 		 * suspend, pm_suspend, or detatch while the state is RWAIT.
13150 		 */
13151 		New_state(un, SD_STATE_RWAIT);
13152 
13153 		SD_ERROR(SD_LOG_IO_CORE, un,
13154 		    "sd_initpkt_for_buf: No pktp. exit bp:0x%p\n", bp);
13155 
13156 		if ((bp->b_flags & B_ERROR) != 0) {
13157 			return (SD_PKT_ALLOC_FAILURE_NO_DMA);
13158 		}
13159 		return (SD_PKT_ALLOC_FAILURE);
13160 	} else {
13161 		/*
13162 		 * PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13163 		 *
13164 		 * This should never happen.  Maybe someone messed with the
13165 		 * kernel's minphys?
13166 		 */
13167 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13168 		    "Request rejected: too large for CDB: "
13169 		    "lba:0x%08lx  len:0x%08lx\n", startblock, blockcount);
13170 		SD_ERROR(SD_LOG_IO_CORE, un,
13171 		    "sd_initpkt_for_buf: No cp. exit bp:0x%p\n", bp);
13172 		return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13173 
13174 	}
13175 }
13176 
13177 
13178 /*
13179  *    Function: sd_destroypkt_for_buf
13180  *
13181  * Description: Free the scsi_pkt(9S) for the given bp (buf IO processing).
13182  *
13183  *     Context: Kernel thread or interrupt context
13184  */
13185 
13186 static void
13187 sd_destroypkt_for_buf(struct buf *bp)
13188 {
13189 	ASSERT(bp != NULL);
13190 	ASSERT(SD_GET_UN(bp) != NULL);
13191 
13192 	SD_TRACE(SD_LOG_IO_CORE, SD_GET_UN(bp),
13193 	    "sd_destroypkt_for_buf: entry: buf:0x%p\n", bp);
13194 
13195 	ASSERT(SD_GET_PKTP(bp) != NULL);
13196 	scsi_destroy_pkt(SD_GET_PKTP(bp));
13197 
13198 	SD_TRACE(SD_LOG_IO_CORE, SD_GET_UN(bp),
13199 	    "sd_destroypkt_for_buf: exit: buf:0x%p\n", bp);
13200 }
13201 
13202 /*
13203  *    Function: sd_setup_rw_pkt
13204  *
13205  * Description: Determines appropriate CDB group for the requested LBA
13206  *		and transfer length, calls scsi_init_pkt, and builds
13207  *		the CDB.  Do not use for partial DMA transfers except
13208  *		for the initial transfer since the CDB size must
13209  *		remain constant.
13210  *
13211  *     Context: Kernel thread and may be called from software interrupt
13212  *		context as part of a sdrunout callback. This function may not
13213  *		block or call routines that block
13214  */
13215 
13216 
13217 int
13218 sd_setup_rw_pkt(struct sd_lun *un,
13219     struct scsi_pkt **pktpp, struct buf *bp, int flags,
13220     int (*callback)(caddr_t), caddr_t callback_arg,
13221     diskaddr_t lba, uint32_t blockcount)
13222 {
13223 	struct scsi_pkt *return_pktp;
13224 	union scsi_cdb *cdbp;
13225 	struct sd_cdbinfo *cp = NULL;
13226 	int i;
13227 
13228 	/*
13229 	 * See which size CDB to use, based upon the request.
13230 	 */
13231 	for (i = un->un_mincdb; i <= un->un_maxcdb; i++) {
13232 
13233 		/*
13234 		 * Check lba and block count against sd_cdbtab limits.
13235 		 * In the partial DMA case, we have to use the same size
13236 		 * CDB for all the transfers.  Check lba + blockcount
13237 		 * against the max LBA so we know that segment of the
13238 		 * transfer can use the CDB we select.
13239 		 */
13240 		if ((lba + blockcount - 1 <= sd_cdbtab[i].sc_maxlba) &&
13241 		    (blockcount <= sd_cdbtab[i].sc_maxlen)) {
13242 
13243 			/*
13244 			 * The command will fit into the CDB type
13245 			 * specified by sd_cdbtab[i].
13246 			 */
13247 			cp = sd_cdbtab + i;
13248 
13249 			/*
13250 			 * Call scsi_init_pkt so we can fill in the
13251 			 * CDB.
13252 			 */
13253 			return_pktp = scsi_init_pkt(SD_ADDRESS(un), *pktpp,
13254 			    bp, cp->sc_grpcode, un->un_status_len, 0,
13255 			    flags, callback, callback_arg);
13256 
13257 			if (return_pktp != NULL) {
13258 
13259 				/*
13260 				 * Return new value of pkt
13261 				 */
13262 				*pktpp = return_pktp;
13263 
13264 				/*
13265 				 * To be safe, zero the CDB insuring there is
13266 				 * no leftover data from a previous command.
13267 				 */
13268 				bzero(return_pktp->pkt_cdbp, cp->sc_grpcode);
13269 
13270 				/*
13271 				 * Handle partial DMA mapping
13272 				 */
13273 				if (return_pktp->pkt_resid != 0) {
13274 
13275 					/*
13276 					 * Not going to xfer as many blocks as
13277 					 * originally expected
13278 					 */
13279 					blockcount -=
13280 					    SD_BYTES2TGTBLOCKS(un,
13281 						return_pktp->pkt_resid);
13282 				}
13283 
13284 				cdbp = (union scsi_cdb *)return_pktp->pkt_cdbp;
13285 
13286 				/*
13287 				 * Set command byte based on the CDB
13288 				 * type we matched.
13289 				 */
13290 				cdbp->scc_cmd = cp->sc_grpmask |
13291 				    ((bp->b_flags & B_READ) ?
13292 					SCMD_READ : SCMD_WRITE);
13293 
13294 				SD_FILL_SCSI1_LUN(un, return_pktp);
13295 
13296 				/*
13297 				 * Fill in LBA and length
13298 				 */
13299 				ASSERT((cp->sc_grpcode == CDB_GROUP1) ||
13300 				    (cp->sc_grpcode == CDB_GROUP4) ||
13301 				    (cp->sc_grpcode == CDB_GROUP0) ||
13302 				    (cp->sc_grpcode == CDB_GROUP5));
13303 
13304 				if (cp->sc_grpcode == CDB_GROUP1) {
13305 					FORMG1ADDR(cdbp, lba);
13306 					FORMG1COUNT(cdbp, blockcount);
13307 					return (0);
13308 				} else if (cp->sc_grpcode == CDB_GROUP4) {
13309 					FORMG4LONGADDR(cdbp, lba);
13310 					FORMG4COUNT(cdbp, blockcount);
13311 					return (0);
13312 				} else if (cp->sc_grpcode == CDB_GROUP0) {
13313 					FORMG0ADDR(cdbp, lba);
13314 					FORMG0COUNT(cdbp, blockcount);
13315 					return (0);
13316 				} else if (cp->sc_grpcode == CDB_GROUP5) {
13317 					FORMG5ADDR(cdbp, lba);
13318 					FORMG5COUNT(cdbp, blockcount);
13319 					return (0);
13320 				}
13321 
13322 				/*
13323 				 * It should be impossible to not match one
13324 				 * of the CDB types above, so we should never
13325 				 * reach this point.  Set the CDB command byte
13326 				 * to test-unit-ready to avoid writing
13327 				 * to somewhere we don't intend.
13328 				 */
13329 				cdbp->scc_cmd = SCMD_TEST_UNIT_READY;
13330 				return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13331 			} else {
13332 				/*
13333 				 * Couldn't get scsi_pkt
13334 				 */
13335 				return (SD_PKT_ALLOC_FAILURE);
13336 			}
13337 		}
13338 	}
13339 
13340 	/*
13341 	 * None of the available CDB types were suitable.  This really
13342 	 * should never happen:  on a 64 bit system we support
13343 	 * READ16/WRITE16 which will hold an entire 64 bit disk address
13344 	 * and on a 32 bit system we will refuse to bind to a device
13345 	 * larger than 2TB so addresses will never be larger than 32 bits.
13346 	 */
13347 	return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13348 }
13349 
13350 #if defined(__i386) || defined(__amd64)
13351 /*
13352  *    Function: sd_setup_next_rw_pkt
13353  *
13354  * Description: Setup packet for partial DMA transfers, except for the
13355  * 		initial transfer.  sd_setup_rw_pkt should be used for
13356  *		the initial transfer.
13357  *
13358  *     Context: Kernel thread and may be called from interrupt context.
13359  */
13360 
13361 int
13362 sd_setup_next_rw_pkt(struct sd_lun *un,
13363     struct scsi_pkt *pktp, struct buf *bp,
13364     diskaddr_t lba, uint32_t blockcount)
13365 {
13366 	uchar_t com;
13367 	union scsi_cdb *cdbp;
13368 	uchar_t cdb_group_id;
13369 
13370 	ASSERT(pktp != NULL);
13371 	ASSERT(pktp->pkt_cdbp != NULL);
13372 
13373 	cdbp = (union scsi_cdb *)pktp->pkt_cdbp;
13374 	com = cdbp->scc_cmd;
13375 	cdb_group_id = CDB_GROUPID(com);
13376 
13377 	ASSERT((cdb_group_id == CDB_GROUPID_0) ||
13378 	    (cdb_group_id == CDB_GROUPID_1) ||
13379 	    (cdb_group_id == CDB_GROUPID_4) ||
13380 	    (cdb_group_id == CDB_GROUPID_5));
13381 
13382 	/*
13383 	 * Move pkt to the next portion of the xfer.
13384 	 * func is NULL_FUNC so we do not have to release
13385 	 * the disk mutex here.
13386 	 */
13387 	if (scsi_init_pkt(SD_ADDRESS(un), pktp, bp, 0, 0, 0, 0,
13388 	    NULL_FUNC, NULL) == pktp) {
13389 		/* Success.  Handle partial DMA */
13390 		if (pktp->pkt_resid != 0) {
13391 			blockcount -=
13392 			    SD_BYTES2TGTBLOCKS(un, pktp->pkt_resid);
13393 		}
13394 
13395 		cdbp->scc_cmd = com;
13396 		SD_FILL_SCSI1_LUN(un, pktp);
13397 		if (cdb_group_id == CDB_GROUPID_1) {
13398 			FORMG1ADDR(cdbp, lba);
13399 			FORMG1COUNT(cdbp, blockcount);
13400 			return (0);
13401 		} else if (cdb_group_id == CDB_GROUPID_4) {
13402 			FORMG4LONGADDR(cdbp, lba);
13403 			FORMG4COUNT(cdbp, blockcount);
13404 			return (0);
13405 		} else if (cdb_group_id == CDB_GROUPID_0) {
13406 			FORMG0ADDR(cdbp, lba);
13407 			FORMG0COUNT(cdbp, blockcount);
13408 			return (0);
13409 		} else if (cdb_group_id == CDB_GROUPID_5) {
13410 			FORMG5ADDR(cdbp, lba);
13411 			FORMG5COUNT(cdbp, blockcount);
13412 			return (0);
13413 		}
13414 
13415 		/* Unreachable */
13416 		return (SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL);
13417 	}
13418 
13419 	/*
13420 	 * Error setting up next portion of cmd transfer.
13421 	 * Something is definitely very wrong and this
13422 	 * should not happen.
13423 	 */
13424 	return (SD_PKT_ALLOC_FAILURE);
13425 }
13426 #endif /* defined(__i386) || defined(__amd64) */
13427 
13428 /*
13429  *    Function: sd_initpkt_for_uscsi
13430  *
13431  * Description: Allocate and initialize for transport a scsi_pkt struct,
13432  *		based upon the info specified in the given uscsi_cmd struct.
13433  *
13434  * Return Code: SD_PKT_ALLOC_SUCCESS
13435  *		SD_PKT_ALLOC_FAILURE
13436  *		SD_PKT_ALLOC_FAILURE_NO_DMA
13437  *		SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL
13438  *
13439  *     Context: Kernel thread and may be called from software interrupt context
13440  *		as part of a sdrunout callback. This function may not block or
13441  *		call routines that block
13442  */
13443 
13444 static int
13445 sd_initpkt_for_uscsi(struct buf *bp, struct scsi_pkt **pktpp)
13446 {
13447 	struct uscsi_cmd *uscmd;
13448 	struct sd_xbuf	*xp;
13449 	struct scsi_pkt	*pktp;
13450 	struct sd_lun	*un;
13451 	uint32_t	flags = 0;
13452 
13453 	ASSERT(bp != NULL);
13454 	ASSERT(pktpp != NULL);
13455 	xp = SD_GET_XBUF(bp);
13456 	ASSERT(xp != NULL);
13457 	un = SD_GET_UN(bp);
13458 	ASSERT(un != NULL);
13459 	ASSERT(mutex_owned(SD_MUTEX(un)));
13460 
13461 	/* The pointer to the uscsi_cmd struct is expected in xb_pktinfo */
13462 	uscmd = (struct uscsi_cmd *)xp->xb_pktinfo;
13463 	ASSERT(uscmd != NULL);
13464 
13465 	SD_TRACE(SD_LOG_IO_CORE, un,
13466 	    "sd_initpkt_for_uscsi: entry: buf:0x%p\n", bp);
13467 
13468 	/*
13469 	 * Allocate the scsi_pkt for the command.
13470 	 * Note: If PKT_DMA_PARTIAL flag is set, scsi_vhci binds a path
13471 	 *	 during scsi_init_pkt time and will continue to use the
13472 	 *	 same path as long as the same scsi_pkt is used without
13473 	 *	 intervening scsi_dma_free(). Since uscsi command does
13474 	 *	 not call scsi_dmafree() before retry failed command, it
13475 	 *	 is necessary to make sure PKT_DMA_PARTIAL flag is NOT
13476 	 *	 set such that scsi_vhci can use other available path for
13477 	 *	 retry. Besides, ucsci command does not allow DMA breakup,
13478 	 *	 so there is no need to set PKT_DMA_PARTIAL flag.
13479 	 */
13480 	pktp = scsi_init_pkt(SD_ADDRESS(un), NULL,
13481 	    ((bp->b_bcount != 0) ? bp : NULL), uscmd->uscsi_cdblen,
13482 	    sizeof (struct scsi_arq_status), 0,
13483 	    (un->un_pkt_flags & ~PKT_DMA_PARTIAL),
13484 	    sdrunout, (caddr_t)un);
13485 
13486 	if (pktp == NULL) {
13487 		*pktpp = NULL;
13488 		/*
13489 		 * Set the driver state to RWAIT to indicate the driver
13490 		 * is waiting on resource allocations. The driver will not
13491 		 * suspend, pm_suspend, or detatch while the state is RWAIT.
13492 		 */
13493 		New_state(un, SD_STATE_RWAIT);
13494 
13495 		SD_ERROR(SD_LOG_IO_CORE, un,
13496 		    "sd_initpkt_for_uscsi: No pktp. exit bp:0x%p\n", bp);
13497 
13498 		if ((bp->b_flags & B_ERROR) != 0) {
13499 			return (SD_PKT_ALLOC_FAILURE_NO_DMA);
13500 		}
13501 		return (SD_PKT_ALLOC_FAILURE);
13502 	}
13503 
13504 	/*
13505 	 * We do not do DMA breakup for USCSI commands, so return failure
13506 	 * here if all the needed DMA resources were not allocated.
13507 	 */
13508 	if ((un->un_pkt_flags & PKT_DMA_PARTIAL) &&
13509 	    (bp->b_bcount != 0) && (pktp->pkt_resid != 0)) {
13510 		scsi_destroy_pkt(pktp);
13511 		SD_ERROR(SD_LOG_IO_CORE, un, "sd_initpkt_for_uscsi: "
13512 		    "No partial DMA for USCSI. exit: buf:0x%p\n", bp);
13513 		return (SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL);
13514 	}
13515 
13516 	/* Init the cdb from the given uscsi struct */
13517 	(void) scsi_setup_cdb((union scsi_cdb *)pktp->pkt_cdbp,
13518 	    uscmd->uscsi_cdb[0], 0, 0, 0);
13519 
13520 	SD_FILL_SCSI1_LUN(un, pktp);
13521 
13522 	/*
13523 	 * Set up the optional USCSI flags. See the uscsi (7I) man page
13524 	 * for listing of the supported flags.
13525 	 */
13526 
13527 	if (uscmd->uscsi_flags & USCSI_SILENT) {
13528 		flags |= FLAG_SILENT;
13529 	}
13530 
13531 	if (uscmd->uscsi_flags & USCSI_DIAGNOSE) {
13532 		flags |= FLAG_DIAGNOSE;
13533 	}
13534 
13535 	if (uscmd->uscsi_flags & USCSI_ISOLATE) {
13536 		flags |= FLAG_ISOLATE;
13537 	}
13538 
13539 	if (un->un_f_is_fibre == FALSE) {
13540 		if (uscmd->uscsi_flags & USCSI_RENEGOT) {
13541 			flags |= FLAG_RENEGOTIATE_WIDE_SYNC;
13542 		}
13543 	}
13544 
13545 	/*
13546 	 * Set the pkt flags here so we save time later.
13547 	 * Note: These flags are NOT in the uscsi man page!!!
13548 	 */
13549 	if (uscmd->uscsi_flags & USCSI_HEAD) {
13550 		flags |= FLAG_HEAD;
13551 	}
13552 
13553 	if (uscmd->uscsi_flags & USCSI_NOINTR) {
13554 		flags |= FLAG_NOINTR;
13555 	}
13556 
13557 	/*
13558 	 * For tagged queueing, things get a bit complicated.
13559 	 * Check first for head of queue and last for ordered queue.
13560 	 * If neither head nor order, use the default driver tag flags.
13561 	 */
13562 	if ((uscmd->uscsi_flags & USCSI_NOTAG) == 0) {
13563 		if (uscmd->uscsi_flags & USCSI_HTAG) {
13564 			flags |= FLAG_HTAG;
13565 		} else if (uscmd->uscsi_flags & USCSI_OTAG) {
13566 			flags |= FLAG_OTAG;
13567 		} else {
13568 			flags |= un->un_tagflags & FLAG_TAGMASK;
13569 		}
13570 	}
13571 
13572 	if (uscmd->uscsi_flags & USCSI_NODISCON) {
13573 		flags = (flags & ~FLAG_TAGMASK) | FLAG_NODISCON;
13574 	}
13575 
13576 	pktp->pkt_flags = flags;
13577 
13578 	/* Copy the caller's CDB into the pkt... */
13579 	bcopy(uscmd->uscsi_cdb, pktp->pkt_cdbp, uscmd->uscsi_cdblen);
13580 
13581 	if (uscmd->uscsi_timeout == 0) {
13582 		pktp->pkt_time = un->un_uscsi_timeout;
13583 	} else {
13584 		pktp->pkt_time = uscmd->uscsi_timeout;
13585 	}
13586 
13587 	/* need it later to identify USCSI request in sdintr */
13588 	xp->xb_pkt_flags |= SD_XB_USCSICMD;
13589 
13590 	xp->xb_sense_resid = uscmd->uscsi_rqresid;
13591 
13592 	pktp->pkt_private = bp;
13593 	pktp->pkt_comp = sdintr;
13594 	*pktpp = pktp;
13595 
13596 	SD_TRACE(SD_LOG_IO_CORE, un,
13597 	    "sd_initpkt_for_uscsi: exit: buf:0x%p\n", bp);
13598 
13599 	return (SD_PKT_ALLOC_SUCCESS);
13600 }
13601 
13602 
13603 /*
13604  *    Function: sd_destroypkt_for_uscsi
13605  *
13606  * Description: Free the scsi_pkt(9S) struct for the given bp, for uscsi
13607  *		IOs.. Also saves relevant info into the associated uscsi_cmd
13608  *		struct.
13609  *
13610  *     Context: May be called under interrupt context
13611  */
13612 
13613 static void
13614 sd_destroypkt_for_uscsi(struct buf *bp)
13615 {
13616 	struct uscsi_cmd *uscmd;
13617 	struct sd_xbuf	*xp;
13618 	struct scsi_pkt	*pktp;
13619 	struct sd_lun	*un;
13620 
13621 	ASSERT(bp != NULL);
13622 	xp = SD_GET_XBUF(bp);
13623 	ASSERT(xp != NULL);
13624 	un = SD_GET_UN(bp);
13625 	ASSERT(un != NULL);
13626 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13627 	pktp = SD_GET_PKTP(bp);
13628 	ASSERT(pktp != NULL);
13629 
13630 	SD_TRACE(SD_LOG_IO_CORE, un,
13631 	    "sd_destroypkt_for_uscsi: entry: buf:0x%p\n", bp);
13632 
13633 	/* The pointer to the uscsi_cmd struct is expected in xb_pktinfo */
13634 	uscmd = (struct uscsi_cmd *)xp->xb_pktinfo;
13635 	ASSERT(uscmd != NULL);
13636 
13637 	/* Save the status and the residual into the uscsi_cmd struct */
13638 	uscmd->uscsi_status = ((*(pktp)->pkt_scbp) & STATUS_MASK);
13639 	uscmd->uscsi_resid  = bp->b_resid;
13640 
13641 	/*
13642 	 * If enabled, copy any saved sense data into the area specified
13643 	 * by the uscsi command.
13644 	 */
13645 	if (((uscmd->uscsi_flags & USCSI_RQENABLE) != 0) &&
13646 	    (uscmd->uscsi_rqlen != 0) && (uscmd->uscsi_rqbuf != NULL)) {
13647 		/*
13648 		 * Note: uscmd->uscsi_rqbuf should always point to a buffer
13649 		 * at least SENSE_LENGTH bytes in size (see sd_send_scsi_cmd())
13650 		 */
13651 		uscmd->uscsi_rqstatus = xp->xb_sense_status;
13652 		uscmd->uscsi_rqresid  = xp->xb_sense_resid;
13653 		bcopy(xp->xb_sense_data, uscmd->uscsi_rqbuf, SENSE_LENGTH);
13654 	}
13655 
13656 	/* We are done with the scsi_pkt; free it now */
13657 	ASSERT(SD_GET_PKTP(bp) != NULL);
13658 	scsi_destroy_pkt(SD_GET_PKTP(bp));
13659 
13660 	SD_TRACE(SD_LOG_IO_CORE, un,
13661 	    "sd_destroypkt_for_uscsi: exit: buf:0x%p\n", bp);
13662 }
13663 
13664 
13665 /*
13666  *    Function: sd_bioclone_alloc
13667  *
13668  * Description: Allocate a buf(9S) and init it as per the given buf
13669  *		and the various arguments.  The associated sd_xbuf
13670  *		struct is (nearly) duplicated.  The struct buf *bp
13671  *		argument is saved in new_xp->xb_private.
13672  *
13673  *   Arguments: bp - ptr the the buf(9S) to be "shadowed"
13674  *		datalen - size of data area for the shadow bp
13675  *		blkno - starting LBA
13676  *		func - function pointer for b_iodone in the shadow buf. (May
13677  *			be NULL if none.)
13678  *
13679  * Return Code: Pointer to allocates buf(9S) struct
13680  *
13681  *     Context: Can sleep.
13682  */
13683 
13684 static struct buf *
13685 sd_bioclone_alloc(struct buf *bp, size_t datalen,
13686 	daddr_t blkno, int (*func)(struct buf *))
13687 {
13688 	struct	sd_lun	*un;
13689 	struct	sd_xbuf	*xp;
13690 	struct	sd_xbuf	*new_xp;
13691 	struct	buf	*new_bp;
13692 
13693 	ASSERT(bp != NULL);
13694 	xp = SD_GET_XBUF(bp);
13695 	ASSERT(xp != NULL);
13696 	un = SD_GET_UN(bp);
13697 	ASSERT(un != NULL);
13698 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13699 
13700 	new_bp = bioclone(bp, 0, datalen, SD_GET_DEV(un), blkno, func,
13701 	    NULL, KM_SLEEP);
13702 
13703 	new_bp->b_lblkno	= blkno;
13704 
13705 	/*
13706 	 * Allocate an xbuf for the shadow bp and copy the contents of the
13707 	 * original xbuf into it.
13708 	 */
13709 	new_xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
13710 	bcopy(xp, new_xp, sizeof (struct sd_xbuf));
13711 
13712 	/*
13713 	 * The given bp is automatically saved in the xb_private member
13714 	 * of the new xbuf.  Callers are allowed to depend on this.
13715 	 */
13716 	new_xp->xb_private = bp;
13717 
13718 	new_bp->b_private  = new_xp;
13719 
13720 	return (new_bp);
13721 }
13722 
13723 /*
13724  *    Function: sd_shadow_buf_alloc
13725  *
13726  * Description: Allocate a buf(9S) and init it as per the given buf
13727  *		and the various arguments.  The associated sd_xbuf
13728  *		struct is (nearly) duplicated.  The struct buf *bp
13729  *		argument is saved in new_xp->xb_private.
13730  *
13731  *   Arguments: bp - ptr the the buf(9S) to be "shadowed"
13732  *		datalen - size of data area for the shadow bp
13733  *		bflags - B_READ or B_WRITE (pseudo flag)
13734  *		blkno - starting LBA
13735  *		func - function pointer for b_iodone in the shadow buf. (May
13736  *			be NULL if none.)
13737  *
13738  * Return Code: Pointer to allocates buf(9S) struct
13739  *
13740  *     Context: Can sleep.
13741  */
13742 
13743 static struct buf *
13744 sd_shadow_buf_alloc(struct buf *bp, size_t datalen, uint_t bflags,
13745 	daddr_t blkno, int (*func)(struct buf *))
13746 {
13747 	struct	sd_lun	*un;
13748 	struct	sd_xbuf	*xp;
13749 	struct	sd_xbuf	*new_xp;
13750 	struct	buf	*new_bp;
13751 
13752 	ASSERT(bp != NULL);
13753 	xp = SD_GET_XBUF(bp);
13754 	ASSERT(xp != NULL);
13755 	un = SD_GET_UN(bp);
13756 	ASSERT(un != NULL);
13757 	ASSERT(!mutex_owned(SD_MUTEX(un)));
13758 
13759 	if (bp->b_flags & (B_PAGEIO | B_PHYS)) {
13760 		bp_mapin(bp);
13761 	}
13762 
13763 	bflags &= (B_READ | B_WRITE);
13764 #if defined(__i386) || defined(__amd64)
13765 	new_bp = getrbuf(KM_SLEEP);
13766 	new_bp->b_un.b_addr = kmem_zalloc(datalen, KM_SLEEP);
13767 	new_bp->b_bcount = datalen;
13768 	new_bp->b_flags	= bp->b_flags | bflags;
13769 #else
13770 	new_bp = scsi_alloc_consistent_buf(SD_ADDRESS(un), NULL,
13771 	    datalen, bflags, SLEEP_FUNC, NULL);
13772 #endif
13773 	new_bp->av_forw	= NULL;
13774 	new_bp->av_back	= NULL;
13775 	new_bp->b_dev	= bp->b_dev;
13776 	new_bp->b_blkno	= blkno;
13777 	new_bp->b_iodone = func;
13778 	new_bp->b_edev	= bp->b_edev;
13779 	new_bp->b_resid	= 0;
13780 
13781 	/* We need to preserve the B_FAILFAST flag */
13782 	if (bp->b_flags & B_FAILFAST) {
13783 		new_bp->b_flags |= B_FAILFAST;
13784 	}
13785 
13786 	/*
13787 	 * Allocate an xbuf for the shadow bp and copy the contents of the
13788 	 * original xbuf into it.
13789 	 */
13790 	new_xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
13791 	bcopy(xp, new_xp, sizeof (struct sd_xbuf));
13792 
13793 	/* Need later to copy data between the shadow buf & original buf! */
13794 	new_xp->xb_pkt_flags |= PKT_CONSISTENT;
13795 
13796 	/*
13797 	 * The given bp is automatically saved in the xb_private member
13798 	 * of the new xbuf.  Callers are allowed to depend on this.
13799 	 */
13800 	new_xp->xb_private = bp;
13801 
13802 	new_bp->b_private  = new_xp;
13803 
13804 	return (new_bp);
13805 }
13806 
13807 /*
13808  *    Function: sd_bioclone_free
13809  *
13810  * Description: Deallocate a buf(9S) that was used for 'shadow' IO operations
13811  *		in the larger than partition operation.
13812  *
13813  *     Context: May be called under interrupt context
13814  */
13815 
13816 static void
13817 sd_bioclone_free(struct buf *bp)
13818 {
13819 	struct sd_xbuf	*xp;
13820 
13821 	ASSERT(bp != NULL);
13822 	xp = SD_GET_XBUF(bp);
13823 	ASSERT(xp != NULL);
13824 
13825 	/*
13826 	 * Call bp_mapout() before freeing the buf,  in case a lower
13827 	 * layer or HBA  had done a bp_mapin().  we must do this here
13828 	 * as we are the "originator" of the shadow buf.
13829 	 */
13830 	bp_mapout(bp);
13831 
13832 	/*
13833 	 * Null out b_iodone before freeing the bp, to ensure that the driver
13834 	 * never gets confused by a stale value in this field. (Just a little
13835 	 * extra defensiveness here.)
13836 	 */
13837 	bp->b_iodone = NULL;
13838 
13839 	freerbuf(bp);
13840 
13841 	kmem_free(xp, sizeof (struct sd_xbuf));
13842 }
13843 
13844 /*
13845  *    Function: sd_shadow_buf_free
13846  *
13847  * Description: Deallocate a buf(9S) that was used for 'shadow' IO operations.
13848  *
13849  *     Context: May be called under interrupt context
13850  */
13851 
13852 static void
13853 sd_shadow_buf_free(struct buf *bp)
13854 {
13855 	struct sd_xbuf	*xp;
13856 
13857 	ASSERT(bp != NULL);
13858 	xp = SD_GET_XBUF(bp);
13859 	ASSERT(xp != NULL);
13860 
13861 #if defined(__sparc)
13862 	/*
13863 	 * Call bp_mapout() before freeing the buf,  in case a lower
13864 	 * layer or HBA  had done a bp_mapin().  we must do this here
13865 	 * as we are the "originator" of the shadow buf.
13866 	 */
13867 	bp_mapout(bp);
13868 #endif
13869 
13870 	/*
13871 	 * Null out b_iodone before freeing the bp, to ensure that the driver
13872 	 * never gets confused by a stale value in this field. (Just a little
13873 	 * extra defensiveness here.)
13874 	 */
13875 	bp->b_iodone = NULL;
13876 
13877 #if defined(__i386) || defined(__amd64)
13878 	kmem_free(bp->b_un.b_addr, bp->b_bcount);
13879 	freerbuf(bp);
13880 #else
13881 	scsi_free_consistent_buf(bp);
13882 #endif
13883 
13884 	kmem_free(xp, sizeof (struct sd_xbuf));
13885 }
13886 
13887 
13888 /*
13889  *    Function: sd_print_transport_rejected_message
13890  *
13891  * Description: This implements the ludicrously complex rules for printing
13892  *		a "transport rejected" message.  This is to address the
13893  *		specific problem of having a flood of this error message
13894  *		produced when a failover occurs.
13895  *
13896  *     Context: Any.
13897  */
13898 
13899 static void
13900 sd_print_transport_rejected_message(struct sd_lun *un, struct sd_xbuf *xp,
13901 	int code)
13902 {
13903 	ASSERT(un != NULL);
13904 	ASSERT(mutex_owned(SD_MUTEX(un)));
13905 	ASSERT(xp != NULL);
13906 
13907 	/*
13908 	 * Print the "transport rejected" message under the following
13909 	 * conditions:
13910 	 *
13911 	 * - Whenever the SD_LOGMASK_DIAG bit of sd_level_mask is set
13912 	 * - The error code from scsi_transport() is NOT a TRAN_FATAL_ERROR.
13913 	 * - If the error code IS a TRAN_FATAL_ERROR, then the message is
13914 	 *   printed the FIRST time a TRAN_FATAL_ERROR is returned from
13915 	 *   scsi_transport(9F) (which indicates that the target might have
13916 	 *   gone off-line).  This uses the un->un_tran_fatal_count
13917 	 *   count, which is incremented whenever a TRAN_FATAL_ERROR is
13918 	 *   received, and reset to zero whenver a TRAN_ACCEPT is returned
13919 	 *   from scsi_transport().
13920 	 *
13921 	 * The FLAG_SILENT in the scsi_pkt must be CLEARED in ALL of
13922 	 * the preceeding cases in order for the message to be printed.
13923 	 */
13924 	if ((xp->xb_pktp->pkt_flags & FLAG_SILENT) == 0) {
13925 		if ((sd_level_mask & SD_LOGMASK_DIAG) ||
13926 		    (code != TRAN_FATAL_ERROR) ||
13927 		    (un->un_tran_fatal_count == 1)) {
13928 			switch (code) {
13929 			case TRAN_BADPKT:
13930 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13931 				    "transport rejected bad packet\n");
13932 				break;
13933 			case TRAN_FATAL_ERROR:
13934 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13935 				    "transport rejected fatal error\n");
13936 				break;
13937 			default:
13938 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
13939 				    "transport rejected (%d)\n", code);
13940 				break;
13941 			}
13942 		}
13943 	}
13944 }
13945 
13946 
13947 /*
13948  *    Function: sd_add_buf_to_waitq
13949  *
13950  * Description: Add the given buf(9S) struct to the wait queue for the
13951  *		instance.  If sorting is enabled, then the buf is added
13952  *		to the queue via an elevator sort algorithm (a la
13953  *		disksort(9F)).  The SD_GET_BLKNO(bp) is used as the sort key.
13954  *		If sorting is not enabled, then the buf is just added
13955  *		to the end of the wait queue.
13956  *
13957  * Return Code: void
13958  *
13959  *     Context: Does not sleep/block, therefore technically can be called
13960  *		from any context.  However if sorting is enabled then the
13961  *		execution time is indeterminate, and may take long if
13962  *		the wait queue grows large.
13963  */
13964 
13965 static void
13966 sd_add_buf_to_waitq(struct sd_lun *un, struct buf *bp)
13967 {
13968 	struct buf *ap;
13969 
13970 	ASSERT(bp != NULL);
13971 	ASSERT(un != NULL);
13972 	ASSERT(mutex_owned(SD_MUTEX(un)));
13973 
13974 	/* If the queue is empty, add the buf as the only entry & return. */
13975 	if (un->un_waitq_headp == NULL) {
13976 		ASSERT(un->un_waitq_tailp == NULL);
13977 		un->un_waitq_headp = un->un_waitq_tailp = bp;
13978 		bp->av_forw = NULL;
13979 		return;
13980 	}
13981 
13982 	ASSERT(un->un_waitq_tailp != NULL);
13983 
13984 	/*
13985 	 * If sorting is disabled, just add the buf to the tail end of
13986 	 * the wait queue and return.
13987 	 */
13988 	if (un->un_f_disksort_disabled) {
13989 		un->un_waitq_tailp->av_forw = bp;
13990 		un->un_waitq_tailp = bp;
13991 		bp->av_forw = NULL;
13992 		return;
13993 	}
13994 
13995 	/*
13996 	 * Sort thru the list of requests currently on the wait queue
13997 	 * and add the new buf request at the appropriate position.
13998 	 *
13999 	 * The un->un_waitq_headp is an activity chain pointer on which
14000 	 * we keep two queues, sorted in ascending SD_GET_BLKNO() order. The
14001 	 * first queue holds those requests which are positioned after
14002 	 * the current SD_GET_BLKNO() (in the first request); the second holds
14003 	 * requests which came in after their SD_GET_BLKNO() number was passed.
14004 	 * Thus we implement a one way scan, retracting after reaching
14005 	 * the end of the drive to the first request on the second
14006 	 * queue, at which time it becomes the first queue.
14007 	 * A one-way scan is natural because of the way UNIX read-ahead
14008 	 * blocks are allocated.
14009 	 *
14010 	 * If we lie after the first request, then we must locate the
14011 	 * second request list and add ourselves to it.
14012 	 */
14013 	ap = un->un_waitq_headp;
14014 	if (SD_GET_BLKNO(bp) < SD_GET_BLKNO(ap)) {
14015 		while (ap->av_forw != NULL) {
14016 			/*
14017 			 * Look for an "inversion" in the (normally
14018 			 * ascending) block numbers. This indicates
14019 			 * the start of the second request list.
14020 			 */
14021 			if (SD_GET_BLKNO(ap->av_forw) < SD_GET_BLKNO(ap)) {
14022 				/*
14023 				 * Search the second request list for the
14024 				 * first request at a larger block number.
14025 				 * We go before that; however if there is
14026 				 * no such request, we go at the end.
14027 				 */
14028 				do {
14029 					if (SD_GET_BLKNO(bp) <
14030 					    SD_GET_BLKNO(ap->av_forw)) {
14031 						goto insert;
14032 					}
14033 					ap = ap->av_forw;
14034 				} while (ap->av_forw != NULL);
14035 				goto insert;		/* after last */
14036 			}
14037 			ap = ap->av_forw;
14038 		}
14039 
14040 		/*
14041 		 * No inversions... we will go after the last, and
14042 		 * be the first request in the second request list.
14043 		 */
14044 		goto insert;
14045 	}
14046 
14047 	/*
14048 	 * Request is at/after the current request...
14049 	 * sort in the first request list.
14050 	 */
14051 	while (ap->av_forw != NULL) {
14052 		/*
14053 		 * We want to go after the current request (1) if
14054 		 * there is an inversion after it (i.e. it is the end
14055 		 * of the first request list), or (2) if the next
14056 		 * request is a larger block no. than our request.
14057 		 */
14058 		if ((SD_GET_BLKNO(ap->av_forw) < SD_GET_BLKNO(ap)) ||
14059 		    (SD_GET_BLKNO(bp) < SD_GET_BLKNO(ap->av_forw))) {
14060 			goto insert;
14061 		}
14062 		ap = ap->av_forw;
14063 	}
14064 
14065 	/*
14066 	 * Neither a second list nor a larger request, therefore
14067 	 * we go at the end of the first list (which is the same
14068 	 * as the end of the whole schebang).
14069 	 */
14070 insert:
14071 	bp->av_forw = ap->av_forw;
14072 	ap->av_forw = bp;
14073 
14074 	/*
14075 	 * If we inserted onto the tail end of the waitq, make sure the
14076 	 * tail pointer is updated.
14077 	 */
14078 	if (ap == un->un_waitq_tailp) {
14079 		un->un_waitq_tailp = bp;
14080 	}
14081 }
14082 
14083 
14084 /*
14085  *    Function: sd_start_cmds
14086  *
14087  * Description: Remove and transport cmds from the driver queues.
14088  *
14089  *   Arguments: un - pointer to the unit (soft state) struct for the target.
14090  *
14091  *		immed_bp - ptr to a buf to be transported immediately. Only
14092  *		the immed_bp is transported; bufs on the waitq are not
14093  *		processed and the un_retry_bp is not checked.  If immed_bp is
14094  *		NULL, then normal queue processing is performed.
14095  *
14096  *     Context: May be called from kernel thread context, interrupt context,
14097  *		or runout callback context. This function may not block or
14098  *		call routines that block.
14099  */
14100 
14101 static void
14102 sd_start_cmds(struct sd_lun *un, struct buf *immed_bp)
14103 {
14104 	struct	sd_xbuf	*xp;
14105 	struct	buf	*bp;
14106 	void	(*statp)(kstat_io_t *);
14107 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14108 	void	(*saved_statp)(kstat_io_t *);
14109 #endif
14110 	int	rval;
14111 
14112 	ASSERT(un != NULL);
14113 	ASSERT(mutex_owned(SD_MUTEX(un)));
14114 	ASSERT(un->un_ncmds_in_transport >= 0);
14115 	ASSERT(un->un_throttle >= 0);
14116 
14117 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_start_cmds: entry\n");
14118 
14119 	do {
14120 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14121 		saved_statp = NULL;
14122 #endif
14123 
14124 		/*
14125 		 * If we are syncing or dumping, fail the command to
14126 		 * avoid recursively calling back into scsi_transport().
14127 		 * The dump I/O itself uses a separate code path so this
14128 		 * only prevents non-dump I/O from being sent while dumping.
14129 		 * File system sync takes place before dumping begins.
14130 		 * During panic, filesystem I/O is allowed provided
14131 		 * un_in_callback is <= 1.  This is to prevent recursion
14132 		 * such as sd_start_cmds -> scsi_transport -> sdintr ->
14133 		 * sd_start_cmds and so on.  See panic.c for more information
14134 		 * about the states the system can be in during panic.
14135 		 */
14136 		if ((un->un_state == SD_STATE_DUMPING) ||
14137 		    (ddi_in_panic() && (un->un_in_callback > 1))) {
14138 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14139 			    "sd_start_cmds: panicking\n");
14140 			goto exit;
14141 		}
14142 
14143 		if ((bp = immed_bp) != NULL) {
14144 			/*
14145 			 * We have a bp that must be transported immediately.
14146 			 * It's OK to transport the immed_bp here without doing
14147 			 * the throttle limit check because the immed_bp is
14148 			 * always used in a retry/recovery case. This means
14149 			 * that we know we are not at the throttle limit by
14150 			 * virtue of the fact that to get here we must have
14151 			 * already gotten a command back via sdintr(). This also
14152 			 * relies on (1) the command on un_retry_bp preventing
14153 			 * further commands from the waitq from being issued;
14154 			 * and (2) the code in sd_retry_command checking the
14155 			 * throttle limit before issuing a delayed or immediate
14156 			 * retry. This holds even if the throttle limit is
14157 			 * currently ratcheted down from its maximum value.
14158 			 */
14159 			statp = kstat_runq_enter;
14160 			if (bp == un->un_retry_bp) {
14161 				ASSERT((un->un_retry_statp == NULL) ||
14162 				    (un->un_retry_statp == kstat_waitq_enter) ||
14163 				    (un->un_retry_statp ==
14164 				    kstat_runq_back_to_waitq));
14165 				/*
14166 				 * If the waitq kstat was incremented when
14167 				 * sd_set_retry_bp() queued this bp for a retry,
14168 				 * then we must set up statp so that the waitq
14169 				 * count will get decremented correctly below.
14170 				 * Also we must clear un->un_retry_statp to
14171 				 * ensure that we do not act on a stale value
14172 				 * in this field.
14173 				 */
14174 				if ((un->un_retry_statp == kstat_waitq_enter) ||
14175 				    (un->un_retry_statp ==
14176 				    kstat_runq_back_to_waitq)) {
14177 					statp = kstat_waitq_to_runq;
14178 				}
14179 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14180 				saved_statp = un->un_retry_statp;
14181 #endif
14182 				un->un_retry_statp = NULL;
14183 
14184 				SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
14185 				    "sd_start_cmds: un:0x%p: GOT retry_bp:0x%p "
14186 				    "un_throttle:%d un_ncmds_in_transport:%d\n",
14187 				    un, un->un_retry_bp, un->un_throttle,
14188 				    un->un_ncmds_in_transport);
14189 			} else {
14190 				SD_TRACE(SD_LOG_IO_CORE, un, "sd_start_cmds: "
14191 				    "processing priority bp:0x%p\n", bp);
14192 			}
14193 
14194 		} else if ((bp = un->un_waitq_headp) != NULL) {
14195 			/*
14196 			 * A command on the waitq is ready to go, but do not
14197 			 * send it if:
14198 			 *
14199 			 * (1) the throttle limit has been reached, or
14200 			 * (2) a retry is pending, or
14201 			 * (3) a START_STOP_UNIT callback pending, or
14202 			 * (4) a callback for a SD_PATH_DIRECT_PRIORITY
14203 			 *	command is pending.
14204 			 *
14205 			 * For all of these conditions, IO processing will
14206 			 * restart after the condition is cleared.
14207 			 */
14208 			if (un->un_ncmds_in_transport >= un->un_throttle) {
14209 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14210 				    "sd_start_cmds: exiting, "
14211 				    "throttle limit reached!\n");
14212 				goto exit;
14213 			}
14214 			if (un->un_retry_bp != NULL) {
14215 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14216 				    "sd_start_cmds: exiting, retry pending!\n");
14217 				goto exit;
14218 			}
14219 			if (un->un_startstop_timeid != NULL) {
14220 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14221 				    "sd_start_cmds: exiting, "
14222 				    "START_STOP pending!\n");
14223 				goto exit;
14224 			}
14225 			if (un->un_direct_priority_timeid != NULL) {
14226 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14227 				    "sd_start_cmds: exiting, "
14228 				    "SD_PATH_DIRECT_PRIORITY cmd. pending!\n");
14229 				goto exit;
14230 			}
14231 
14232 			/* Dequeue the command */
14233 			un->un_waitq_headp = bp->av_forw;
14234 			if (un->un_waitq_headp == NULL) {
14235 				un->un_waitq_tailp = NULL;
14236 			}
14237 			bp->av_forw = NULL;
14238 			statp = kstat_waitq_to_runq;
14239 			SD_TRACE(SD_LOG_IO_CORE, un,
14240 			    "sd_start_cmds: processing waitq bp:0x%p\n", bp);
14241 
14242 		} else {
14243 			/* No work to do so bail out now */
14244 			SD_TRACE(SD_LOG_IO_CORE, un,
14245 			    "sd_start_cmds: no more work, exiting!\n");
14246 			goto exit;
14247 		}
14248 
14249 		/*
14250 		 * Reset the state to normal. This is the mechanism by which
14251 		 * the state transitions from either SD_STATE_RWAIT or
14252 		 * SD_STATE_OFFLINE to SD_STATE_NORMAL.
14253 		 * If state is SD_STATE_PM_CHANGING then this command is
14254 		 * part of the device power control and the state must
14255 		 * not be put back to normal. Doing so would would
14256 		 * allow new commands to proceed when they shouldn't,
14257 		 * the device may be going off.
14258 		 */
14259 		if ((un->un_state != SD_STATE_SUSPENDED) &&
14260 		    (un->un_state != SD_STATE_PM_CHANGING)) {
14261 			New_state(un, SD_STATE_NORMAL);
14262 		    }
14263 
14264 		xp = SD_GET_XBUF(bp);
14265 		ASSERT(xp != NULL);
14266 
14267 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14268 		/*
14269 		 * Allocate the scsi_pkt if we need one, or attach DMA
14270 		 * resources if we have a scsi_pkt that needs them. The
14271 		 * latter should only occur for commands that are being
14272 		 * retried.
14273 		 */
14274 		if ((xp->xb_pktp == NULL) ||
14275 		    ((xp->xb_pkt_flags & SD_XB_DMA_FREED) != 0)) {
14276 #else
14277 		if (xp->xb_pktp == NULL) {
14278 #endif
14279 			/*
14280 			 * There is no scsi_pkt allocated for this buf. Call
14281 			 * the initpkt function to allocate & init one.
14282 			 *
14283 			 * The scsi_init_pkt runout callback functionality is
14284 			 * implemented as follows:
14285 			 *
14286 			 * 1) The initpkt function always calls
14287 			 *    scsi_init_pkt(9F) with sdrunout specified as the
14288 			 *    callback routine.
14289 			 * 2) A successful packet allocation is initialized and
14290 			 *    the I/O is transported.
14291 			 * 3) The I/O associated with an allocation resource
14292 			 *    failure is left on its queue to be retried via
14293 			 *    runout or the next I/O.
14294 			 * 4) The I/O associated with a DMA error is removed
14295 			 *    from the queue and failed with EIO. Processing of
14296 			 *    the transport queues is also halted to be
14297 			 *    restarted via runout or the next I/O.
14298 			 * 5) The I/O associated with a CDB size or packet
14299 			 *    size error is removed from the queue and failed
14300 			 *    with EIO. Processing of the transport queues is
14301 			 *    continued.
14302 			 *
14303 			 * Note: there is no interface for canceling a runout
14304 			 * callback. To prevent the driver from detaching or
14305 			 * suspending while a runout is pending the driver
14306 			 * state is set to SD_STATE_RWAIT
14307 			 *
14308 			 * Note: using the scsi_init_pkt callback facility can
14309 			 * result in an I/O request persisting at the head of
14310 			 * the list which cannot be satisfied even after
14311 			 * multiple retries. In the future the driver may
14312 			 * implement some kind of maximum runout count before
14313 			 * failing an I/O.
14314 			 *
14315 			 * Note: the use of funcp below may seem superfluous,
14316 			 * but it helps warlock figure out the correct
14317 			 * initpkt function calls (see [s]sd.wlcmd).
14318 			 */
14319 			struct scsi_pkt	*pktp;
14320 			int (*funcp)(struct buf *bp, struct scsi_pkt **pktp);
14321 
14322 			ASSERT(bp != un->un_rqs_bp);
14323 
14324 			funcp = sd_initpkt_map[xp->xb_chain_iostart];
14325 			switch ((*funcp)(bp, &pktp)) {
14326 			case  SD_PKT_ALLOC_SUCCESS:
14327 				xp->xb_pktp = pktp;
14328 				SD_TRACE(SD_LOG_IO_CORE, un,
14329 				    "sd_start_cmd: SD_PKT_ALLOC_SUCCESS 0x%p\n",
14330 				    pktp);
14331 				goto got_pkt;
14332 
14333 			case SD_PKT_ALLOC_FAILURE:
14334 				/*
14335 				 * Temporary (hopefully) resource depletion.
14336 				 * Since retries and RQS commands always have a
14337 				 * scsi_pkt allocated, these cases should never
14338 				 * get here. So the only cases this needs to
14339 				 * handle is a bp from the waitq (which we put
14340 				 * back onto the waitq for sdrunout), or a bp
14341 				 * sent as an immed_bp (which we just fail).
14342 				 */
14343 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14344 				    "sd_start_cmds: SD_PKT_ALLOC_FAILURE\n");
14345 
14346 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14347 
14348 				if (bp == immed_bp) {
14349 					/*
14350 					 * If SD_XB_DMA_FREED is clear, then
14351 					 * this is a failure to allocate a
14352 					 * scsi_pkt, and we must fail the
14353 					 * command.
14354 					 */
14355 					if ((xp->xb_pkt_flags &
14356 					    SD_XB_DMA_FREED) == 0) {
14357 						break;
14358 					}
14359 
14360 					/*
14361 					 * If this immediate command is NOT our
14362 					 * un_retry_bp, then we must fail it.
14363 					 */
14364 					if (bp != un->un_retry_bp) {
14365 						break;
14366 					}
14367 
14368 					/*
14369 					 * We get here if this cmd is our
14370 					 * un_retry_bp that was DMAFREED, but
14371 					 * scsi_init_pkt() failed to reallocate
14372 					 * DMA resources when we attempted to
14373 					 * retry it. This can happen when an
14374 					 * mpxio failover is in progress, but
14375 					 * we don't want to just fail the
14376 					 * command in this case.
14377 					 *
14378 					 * Use timeout(9F) to restart it after
14379 					 * a 100ms delay.  We don't want to
14380 					 * let sdrunout() restart it, because
14381 					 * sdrunout() is just supposed to start
14382 					 * commands that are sitting on the
14383 					 * wait queue.  The un_retry_bp stays
14384 					 * set until the command completes, but
14385 					 * sdrunout can be called many times
14386 					 * before that happens.  Since sdrunout
14387 					 * cannot tell if the un_retry_bp is
14388 					 * already in the transport, it could
14389 					 * end up calling scsi_transport() for
14390 					 * the un_retry_bp multiple times.
14391 					 *
14392 					 * Also: don't schedule the callback
14393 					 * if some other callback is already
14394 					 * pending.
14395 					 */
14396 					if (un->un_retry_statp == NULL) {
14397 						/*
14398 						 * restore the kstat pointer to
14399 						 * keep kstat counts coherent
14400 						 * when we do retry the command.
14401 						 */
14402 						un->un_retry_statp =
14403 						    saved_statp;
14404 					}
14405 
14406 					if ((un->un_startstop_timeid == NULL) &&
14407 					    (un->un_retry_timeid == NULL) &&
14408 					    (un->un_direct_priority_timeid ==
14409 					    NULL)) {
14410 
14411 						un->un_retry_timeid =
14412 						    timeout(
14413 						    sd_start_retry_command,
14414 						    un, SD_RESTART_TIMEOUT);
14415 					}
14416 					goto exit;
14417 				}
14418 
14419 #else
14420 				if (bp == immed_bp) {
14421 					break;	/* Just fail the command */
14422 				}
14423 #endif
14424 
14425 				/* Add the buf back to the head of the waitq */
14426 				bp->av_forw = un->un_waitq_headp;
14427 				un->un_waitq_headp = bp;
14428 				if (un->un_waitq_tailp == NULL) {
14429 					un->un_waitq_tailp = bp;
14430 				}
14431 				goto exit;
14432 
14433 			case SD_PKT_ALLOC_FAILURE_NO_DMA:
14434 				/*
14435 				 * HBA DMA resource failure. Fail the command
14436 				 * and continue processing of the queues.
14437 				 */
14438 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14439 				    "sd_start_cmds: "
14440 				    "SD_PKT_ALLOC_FAILURE_NO_DMA\n");
14441 				break;
14442 
14443 			case SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL:
14444 				/*
14445 				 * Note:x86: Partial DMA mapping not supported
14446 				 * for USCSI commands, and all the needed DMA
14447 				 * resources were not allocated.
14448 				 */
14449 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14450 				    "sd_start_cmds: "
14451 				    "SD_PKT_ALLOC_FAILURE_PKT_TOO_SMALL\n");
14452 				break;
14453 
14454 			case SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL:
14455 				/*
14456 				 * Note:x86: Request cannot fit into CDB based
14457 				 * on lba and len.
14458 				 */
14459 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14460 				    "sd_start_cmds: "
14461 				    "SD_PKT_ALLOC_FAILURE_CDB_TOO_SMALL\n");
14462 				break;
14463 
14464 			default:
14465 				/* Should NEVER get here! */
14466 				panic("scsi_initpkt error");
14467 				/*NOTREACHED*/
14468 			}
14469 
14470 			/*
14471 			 * Fatal error in allocating a scsi_pkt for this buf.
14472 			 * Update kstats & return the buf with an error code.
14473 			 * We must use sd_return_failed_command_no_restart() to
14474 			 * avoid a recursive call back into sd_start_cmds().
14475 			 * However this also means that we must keep processing
14476 			 * the waitq here in order to avoid stalling.
14477 			 */
14478 			if (statp == kstat_waitq_to_runq) {
14479 				SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
14480 			}
14481 			sd_return_failed_command_no_restart(un, bp, EIO);
14482 			if (bp == immed_bp) {
14483 				/* immed_bp is gone by now, so clear this */
14484 				immed_bp = NULL;
14485 			}
14486 			continue;
14487 		}
14488 got_pkt:
14489 		if (bp == immed_bp) {
14490 			/* goto the head of the class.... */
14491 			xp->xb_pktp->pkt_flags |= FLAG_HEAD;
14492 		}
14493 
14494 		un->un_ncmds_in_transport++;
14495 		SD_UPDATE_KSTATS(un, statp, bp);
14496 
14497 		/*
14498 		 * Call scsi_transport() to send the command to the target.
14499 		 * According to SCSA architecture, we must drop the mutex here
14500 		 * before calling scsi_transport() in order to avoid deadlock.
14501 		 * Note that the scsi_pkt's completion routine can be executed
14502 		 * (from interrupt context) even before the call to
14503 		 * scsi_transport() returns.
14504 		 */
14505 		SD_TRACE(SD_LOG_IO_CORE, un,
14506 		    "sd_start_cmds: calling scsi_transport()\n");
14507 		DTRACE_PROBE1(scsi__transport__dispatch, struct buf *, bp);
14508 
14509 		mutex_exit(SD_MUTEX(un));
14510 		rval = scsi_transport(xp->xb_pktp);
14511 		mutex_enter(SD_MUTEX(un));
14512 
14513 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14514 		    "sd_start_cmds: scsi_transport() returned %d\n", rval);
14515 
14516 		switch (rval) {
14517 		case TRAN_ACCEPT:
14518 			/* Clear this with every pkt accepted by the HBA */
14519 			un->un_tran_fatal_count = 0;
14520 			break;	/* Success; try the next cmd (if any) */
14521 
14522 		case TRAN_BUSY:
14523 			un->un_ncmds_in_transport--;
14524 			ASSERT(un->un_ncmds_in_transport >= 0);
14525 
14526 			/*
14527 			 * Don't retry request sense, the sense data
14528 			 * is lost when another request is sent.
14529 			 * Free up the rqs buf and retry
14530 			 * the original failed cmd.  Update kstat.
14531 			 */
14532 			if (bp == un->un_rqs_bp) {
14533 				SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14534 				bp = sd_mark_rqs_idle(un, xp);
14535 				sd_retry_command(un, bp, SD_RETRIES_STANDARD,
14536 					NULL, NULL, EIO, SD_BSY_TIMEOUT / 500,
14537 					kstat_waitq_enter);
14538 				goto exit;
14539 			}
14540 
14541 #if defined(__i386) || defined(__amd64)	/* DMAFREE for x86 only */
14542 			/*
14543 			 * Free the DMA resources for the  scsi_pkt. This will
14544 			 * allow mpxio to select another path the next time
14545 			 * we call scsi_transport() with this scsi_pkt.
14546 			 * See sdintr() for the rationalization behind this.
14547 			 */
14548 			if ((un->un_f_is_fibre == TRUE) &&
14549 			    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
14550 			    ((xp->xb_pktp->pkt_flags & FLAG_SENSING) == 0)) {
14551 				scsi_dmafree(xp->xb_pktp);
14552 				xp->xb_pkt_flags |= SD_XB_DMA_FREED;
14553 			}
14554 #endif
14555 
14556 			if (SD_IS_DIRECT_PRIORITY(SD_GET_XBUF(bp))) {
14557 				/*
14558 				 * Commands that are SD_PATH_DIRECT_PRIORITY
14559 				 * are for error recovery situations. These do
14560 				 * not use the normal command waitq, so if they
14561 				 * get a TRAN_BUSY we cannot put them back onto
14562 				 * the waitq for later retry. One possible
14563 				 * problem is that there could already be some
14564 				 * other command on un_retry_bp that is waiting
14565 				 * for this one to complete, so we would be
14566 				 * deadlocked if we put this command back onto
14567 				 * the waitq for later retry (since un_retry_bp
14568 				 * must complete before the driver gets back to
14569 				 * commands on the waitq).
14570 				 *
14571 				 * To avoid deadlock we must schedule a callback
14572 				 * that will restart this command after a set
14573 				 * interval.  This should keep retrying for as
14574 				 * long as the underlying transport keeps
14575 				 * returning TRAN_BUSY (just like for other
14576 				 * commands).  Use the same timeout interval as
14577 				 * for the ordinary TRAN_BUSY retry.
14578 				 */
14579 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14580 				    "sd_start_cmds: scsi_transport() returned "
14581 				    "TRAN_BUSY for DIRECT_PRIORITY cmd!\n");
14582 
14583 				SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14584 				un->un_direct_priority_timeid =
14585 				    timeout(sd_start_direct_priority_command,
14586 				    bp, SD_BSY_TIMEOUT / 500);
14587 
14588 				goto exit;
14589 			}
14590 
14591 			/*
14592 			 * For TRAN_BUSY, we want to reduce the throttle value,
14593 			 * unless we are retrying a command.
14594 			 */
14595 			if (bp != un->un_retry_bp) {
14596 				sd_reduce_throttle(un, SD_THROTTLE_TRAN_BUSY);
14597 			}
14598 
14599 			/*
14600 			 * Set up the bp to be tried again 10 ms later.
14601 			 * Note:x86: Is there a timeout value in the sd_lun
14602 			 * for this condition?
14603 			 */
14604 			sd_set_retry_bp(un, bp, SD_BSY_TIMEOUT / 500,
14605 				kstat_runq_back_to_waitq);
14606 			goto exit;
14607 
14608 		case TRAN_FATAL_ERROR:
14609 			un->un_tran_fatal_count++;
14610 			/* FALLTHRU */
14611 
14612 		case TRAN_BADPKT:
14613 		default:
14614 			un->un_ncmds_in_transport--;
14615 			ASSERT(un->un_ncmds_in_transport >= 0);
14616 
14617 			/*
14618 			 * If this is our REQUEST SENSE command with a
14619 			 * transport error, we must get back the pointers
14620 			 * to the original buf, and mark the REQUEST
14621 			 * SENSE command as "available".
14622 			 */
14623 			if (bp == un->un_rqs_bp) {
14624 				bp = sd_mark_rqs_idle(un, xp);
14625 				xp = SD_GET_XBUF(bp);
14626 			} else {
14627 				/*
14628 				 * Legacy behavior: do not update transport
14629 				 * error count for request sense commands.
14630 				 */
14631 				SD_UPDATE_ERRSTATS(un, sd_transerrs);
14632 			}
14633 
14634 			SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
14635 			sd_print_transport_rejected_message(un, xp, rval);
14636 
14637 			/*
14638 			 * We must use sd_return_failed_command_no_restart() to
14639 			 * avoid a recursive call back into sd_start_cmds().
14640 			 * However this also means that we must keep processing
14641 			 * the waitq here in order to avoid stalling.
14642 			 */
14643 			sd_return_failed_command_no_restart(un, bp, EIO);
14644 
14645 			/*
14646 			 * Notify any threads waiting in sd_ddi_suspend() that
14647 			 * a command completion has occurred.
14648 			 */
14649 			if (un->un_state == SD_STATE_SUSPENDED) {
14650 				cv_broadcast(&un->un_disk_busy_cv);
14651 			}
14652 
14653 			if (bp == immed_bp) {
14654 				/* immed_bp is gone by now, so clear this */
14655 				immed_bp = NULL;
14656 			}
14657 			break;
14658 		}
14659 
14660 	} while (immed_bp == NULL);
14661 
14662 exit:
14663 	ASSERT(mutex_owned(SD_MUTEX(un)));
14664 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_start_cmds: exit\n");
14665 }
14666 
14667 
14668 /*
14669  *    Function: sd_return_command
14670  *
14671  * Description: Returns a command to its originator (with or without an
14672  *		error).  Also starts commands waiting to be transported
14673  *		to the target.
14674  *
14675  *     Context: May be called from interrupt, kernel, or timeout context
14676  */
14677 
14678 static void
14679 sd_return_command(struct sd_lun *un, struct buf *bp)
14680 {
14681 	struct sd_xbuf *xp;
14682 #if defined(__i386) || defined(__amd64)
14683 	struct scsi_pkt *pktp;
14684 #endif
14685 
14686 	ASSERT(bp != NULL);
14687 	ASSERT(un != NULL);
14688 	ASSERT(mutex_owned(SD_MUTEX(un)));
14689 	ASSERT(bp != un->un_rqs_bp);
14690 	xp = SD_GET_XBUF(bp);
14691 	ASSERT(xp != NULL);
14692 
14693 #if defined(__i386) || defined(__amd64)
14694 	pktp = SD_GET_PKTP(bp);
14695 #endif
14696 
14697 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_return_command: entry\n");
14698 
14699 #if defined(__i386) || defined(__amd64)
14700 	/*
14701 	 * Note:x86: check for the "sdrestart failed" case.
14702 	 */
14703 	if (((xp->xb_pkt_flags & SD_XB_USCSICMD) != SD_XB_USCSICMD) &&
14704 		(geterror(bp) == 0) && (xp->xb_dma_resid != 0) &&
14705 		(xp->xb_pktp->pkt_resid == 0)) {
14706 
14707 		if (sd_setup_next_xfer(un, bp, pktp, xp) != 0) {
14708 			/*
14709 			 * Successfully set up next portion of cmd
14710 			 * transfer, try sending it
14711 			 */
14712 			sd_retry_command(un, bp, SD_RETRIES_NOCHECK,
14713 			    NULL, NULL, 0, (clock_t)0, NULL);
14714 			sd_start_cmds(un, NULL);
14715 			return;	/* Note:x86: need a return here? */
14716 		}
14717 	}
14718 #endif
14719 
14720 	/*
14721 	 * If this is the failfast bp, clear it from un_failfast_bp. This
14722 	 * can happen if upon being re-tried the failfast bp either
14723 	 * succeeded or encountered another error (possibly even a different
14724 	 * error than the one that precipitated the failfast state, but in
14725 	 * that case it would have had to exhaust retries as well). Regardless,
14726 	 * this should not occur whenever the instance is in the active
14727 	 * failfast state.
14728 	 */
14729 	if (bp == un->un_failfast_bp) {
14730 		ASSERT(un->un_failfast_state == SD_FAILFAST_INACTIVE);
14731 		un->un_failfast_bp = NULL;
14732 	}
14733 
14734 	/*
14735 	 * Clear the failfast state upon successful completion of ANY cmd.
14736 	 */
14737 	if (bp->b_error == 0) {
14738 		un->un_failfast_state = SD_FAILFAST_INACTIVE;
14739 	}
14740 
14741 	/*
14742 	 * This is used if the command was retried one or more times. Show that
14743 	 * we are done with it, and allow processing of the waitq to resume.
14744 	 */
14745 	if (bp == un->un_retry_bp) {
14746 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14747 		    "sd_return_command: un:0x%p: "
14748 		    "RETURNING retry_bp:0x%p\n", un, un->un_retry_bp);
14749 		un->un_retry_bp = NULL;
14750 		un->un_retry_statp = NULL;
14751 	}
14752 
14753 	SD_UPDATE_RDWR_STATS(un, bp);
14754 	SD_UPDATE_PARTITION_STATS(un, bp);
14755 
14756 	switch (un->un_state) {
14757 	case SD_STATE_SUSPENDED:
14758 		/*
14759 		 * Notify any threads waiting in sd_ddi_suspend() that
14760 		 * a command completion has occurred.
14761 		 */
14762 		cv_broadcast(&un->un_disk_busy_cv);
14763 		break;
14764 	default:
14765 		sd_start_cmds(un, NULL);
14766 		break;
14767 	}
14768 
14769 	/* Return this command up the iodone chain to its originator. */
14770 	mutex_exit(SD_MUTEX(un));
14771 
14772 	(*(sd_destroypkt_map[xp->xb_chain_iodone]))(bp);
14773 	xp->xb_pktp = NULL;
14774 
14775 	SD_BEGIN_IODONE(xp->xb_chain_iodone, un, bp);
14776 
14777 	ASSERT(!mutex_owned(SD_MUTEX(un)));
14778 	mutex_enter(SD_MUTEX(un));
14779 
14780 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_return_command: exit\n");
14781 }
14782 
14783 
14784 /*
14785  *    Function: sd_return_failed_command
14786  *
14787  * Description: Command completion when an error occurred.
14788  *
14789  *     Context: May be called from interrupt context
14790  */
14791 
14792 static void
14793 sd_return_failed_command(struct sd_lun *un, struct buf *bp, int errcode)
14794 {
14795 	ASSERT(bp != NULL);
14796 	ASSERT(un != NULL);
14797 	ASSERT(mutex_owned(SD_MUTEX(un)));
14798 
14799 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14800 	    "sd_return_failed_command: entry\n");
14801 
14802 	/*
14803 	 * b_resid could already be nonzero due to a partial data
14804 	 * transfer, so do not change it here.
14805 	 */
14806 	SD_BIOERROR(bp, errcode);
14807 
14808 	sd_return_command(un, bp);
14809 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14810 	    "sd_return_failed_command: exit\n");
14811 }
14812 
14813 
14814 /*
14815  *    Function: sd_return_failed_command_no_restart
14816  *
14817  * Description: Same as sd_return_failed_command, but ensures that no
14818  *		call back into sd_start_cmds will be issued.
14819  *
14820  *     Context: May be called from interrupt context
14821  */
14822 
14823 static void
14824 sd_return_failed_command_no_restart(struct sd_lun *un, struct buf *bp,
14825 	int errcode)
14826 {
14827 	struct sd_xbuf *xp;
14828 
14829 	ASSERT(bp != NULL);
14830 	ASSERT(un != NULL);
14831 	ASSERT(mutex_owned(SD_MUTEX(un)));
14832 	xp = SD_GET_XBUF(bp);
14833 	ASSERT(xp != NULL);
14834 	ASSERT(errcode != 0);
14835 
14836 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14837 	    "sd_return_failed_command_no_restart: entry\n");
14838 
14839 	/*
14840 	 * b_resid could already be nonzero due to a partial data
14841 	 * transfer, so do not change it here.
14842 	 */
14843 	SD_BIOERROR(bp, errcode);
14844 
14845 	/*
14846 	 * If this is the failfast bp, clear it. This can happen if the
14847 	 * failfast bp encounterd a fatal error when we attempted to
14848 	 * re-try it (such as a scsi_transport(9F) failure).  However
14849 	 * we should NOT be in an active failfast state if the failfast
14850 	 * bp is not NULL.
14851 	 */
14852 	if (bp == un->un_failfast_bp) {
14853 		ASSERT(un->un_failfast_state == SD_FAILFAST_INACTIVE);
14854 		un->un_failfast_bp = NULL;
14855 	}
14856 
14857 	if (bp == un->un_retry_bp) {
14858 		/*
14859 		 * This command was retried one or more times. Show that we are
14860 		 * done with it, and allow processing of the waitq to resume.
14861 		 */
14862 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14863 		    "sd_return_failed_command_no_restart: "
14864 		    " un:0x%p: RETURNING retry_bp:0x%p\n", un, un->un_retry_bp);
14865 		un->un_retry_bp = NULL;
14866 		un->un_retry_statp = NULL;
14867 	}
14868 
14869 	SD_UPDATE_RDWR_STATS(un, bp);
14870 	SD_UPDATE_PARTITION_STATS(un, bp);
14871 
14872 	mutex_exit(SD_MUTEX(un));
14873 
14874 	if (xp->xb_pktp != NULL) {
14875 		(*(sd_destroypkt_map[xp->xb_chain_iodone]))(bp);
14876 		xp->xb_pktp = NULL;
14877 	}
14878 
14879 	SD_BEGIN_IODONE(xp->xb_chain_iodone, un, bp);
14880 
14881 	mutex_enter(SD_MUTEX(un));
14882 
14883 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
14884 	    "sd_return_failed_command_no_restart: exit\n");
14885 }
14886 
14887 
14888 /*
14889  *    Function: sd_retry_command
14890  *
14891  * Description: queue up a command for retry, or (optionally) fail it
14892  *		if retry counts are exhausted.
14893  *
14894  *   Arguments: un - Pointer to the sd_lun struct for the target.
14895  *
14896  *		bp - Pointer to the buf for the command to be retried.
14897  *
14898  *		retry_check_flag - Flag to see which (if any) of the retry
14899  *		   counts should be decremented/checked. If the indicated
14900  *		   retry count is exhausted, then the command will not be
14901  *		   retried; it will be failed instead. This should use a
14902  *		   value equal to one of the following:
14903  *
14904  *			SD_RETRIES_NOCHECK
14905  *			SD_RESD_RETRIES_STANDARD
14906  *			SD_RETRIES_VICTIM
14907  *
14908  *		   Optionally may be bitwise-OR'ed with SD_RETRIES_ISOLATE
14909  *		   if the check should be made to see of FLAG_ISOLATE is set
14910  *		   in the pkt. If FLAG_ISOLATE is set, then the command is
14911  *		   not retried, it is simply failed.
14912  *
14913  *		user_funcp - Ptr to function to call before dispatching the
14914  *		   command. May be NULL if no action needs to be performed.
14915  *		   (Primarily intended for printing messages.)
14916  *
14917  *		user_arg - Optional argument to be passed along to
14918  *		   the user_funcp call.
14919  *
14920  *		failure_code - errno return code to set in the bp if the
14921  *		   command is going to be failed.
14922  *
14923  *		retry_delay - Retry delay interval in (clock_t) units. May
14924  *		   be zero which indicates that the retry should be retried
14925  *		   immediately (ie, without an intervening delay).
14926  *
14927  *		statp - Ptr to kstat function to be updated if the command
14928  *		   is queued for a delayed retry. May be NULL if no kstat
14929  *		   update is desired.
14930  *
14931  *     Context: May be called from interupt context.
14932  */
14933 
14934 static void
14935 sd_retry_command(struct sd_lun *un, struct buf *bp, int retry_check_flag,
14936 	void (*user_funcp)(struct sd_lun *un, struct buf *bp, void *argp, int
14937 	code), void *user_arg, int failure_code,  clock_t retry_delay,
14938 	void (*statp)(kstat_io_t *))
14939 {
14940 	struct sd_xbuf	*xp;
14941 	struct scsi_pkt	*pktp;
14942 
14943 	ASSERT(un != NULL);
14944 	ASSERT(mutex_owned(SD_MUTEX(un)));
14945 	ASSERT(bp != NULL);
14946 	xp = SD_GET_XBUF(bp);
14947 	ASSERT(xp != NULL);
14948 	pktp = SD_GET_PKTP(bp);
14949 	ASSERT(pktp != NULL);
14950 
14951 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
14952 	    "sd_retry_command: entry: bp:0x%p xp:0x%p\n", bp, xp);
14953 
14954 	/*
14955 	 * If we are syncing or dumping, fail the command to avoid
14956 	 * recursively calling back into scsi_transport().
14957 	 */
14958 	if (ddi_in_panic()) {
14959 		goto fail_command_no_log;
14960 	}
14961 
14962 	/*
14963 	 * We should never be be retrying a command with FLAG_DIAGNOSE set, so
14964 	 * log an error and fail the command.
14965 	 */
14966 	if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
14967 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
14968 		    "ERROR, retrying FLAG_DIAGNOSE command.\n");
14969 		sd_dump_memory(un, SD_LOG_IO, "CDB",
14970 		    (uchar_t *)pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
14971 		sd_dump_memory(un, SD_LOG_IO, "Sense Data",
14972 		    (uchar_t *)xp->xb_sense_data, SENSE_LENGTH, SD_LOG_HEX);
14973 		goto fail_command;
14974 	}
14975 
14976 	/*
14977 	 * If we are suspended, then put the command onto head of the
14978 	 * wait queue since we don't want to start more commands.
14979 	 */
14980 	switch (un->un_state) {
14981 	case SD_STATE_SUSPENDED:
14982 	case SD_STATE_DUMPING:
14983 		bp->av_forw = un->un_waitq_headp;
14984 		un->un_waitq_headp = bp;
14985 		if (un->un_waitq_tailp == NULL) {
14986 			un->un_waitq_tailp = bp;
14987 		}
14988 		SD_UPDATE_KSTATS(un, kstat_waitq_enter, bp);
14989 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: "
14990 		    "exiting; cmd bp:0x%p requeued for SUSPEND/DUMP\n", bp);
14991 		return;
14992 	default:
14993 		break;
14994 	}
14995 
14996 	/*
14997 	 * If the caller wants us to check FLAG_ISOLATE, then see if that
14998 	 * is set; if it is then we do not want to retry the command.
14999 	 * Normally, FLAG_ISOLATE is only used with USCSI cmds.
15000 	 */
15001 	if ((retry_check_flag & SD_RETRIES_ISOLATE) != 0) {
15002 		if ((pktp->pkt_flags & FLAG_ISOLATE) != 0) {
15003 			goto fail_command;
15004 		}
15005 	}
15006 
15007 
15008 	/*
15009 	 * If SD_RETRIES_FAILFAST is set, it indicates that either a
15010 	 * command timeout or a selection timeout has occurred. This means
15011 	 * that we were unable to establish an kind of communication with
15012 	 * the target, and subsequent retries and/or commands are likely
15013 	 * to encounter similar results and take a long time to complete.
15014 	 *
15015 	 * If this is a failfast error condition, we need to update the
15016 	 * failfast state, even if this bp does not have B_FAILFAST set.
15017 	 */
15018 	if (retry_check_flag & SD_RETRIES_FAILFAST) {
15019 		if (un->un_failfast_state == SD_FAILFAST_ACTIVE) {
15020 			ASSERT(un->un_failfast_bp == NULL);
15021 			/*
15022 			 * If we are already in the active failfast state, and
15023 			 * another failfast error condition has been detected,
15024 			 * then fail this command if it has B_FAILFAST set.
15025 			 * If B_FAILFAST is clear, then maintain the legacy
15026 			 * behavior of retrying heroically, even tho this will
15027 			 * take a lot more time to fail the command.
15028 			 */
15029 			if (bp->b_flags & B_FAILFAST) {
15030 				goto fail_command;
15031 			}
15032 		} else {
15033 			/*
15034 			 * We're not in the active failfast state, but we
15035 			 * have a failfast error condition, so we must begin
15036 			 * transition to the next state. We do this regardless
15037 			 * of whether or not this bp has B_FAILFAST set.
15038 			 */
15039 			if (un->un_failfast_bp == NULL) {
15040 				/*
15041 				 * This is the first bp to meet a failfast
15042 				 * condition so save it on un_failfast_bp &
15043 				 * do normal retry processing. Do not enter
15044 				 * active failfast state yet. This marks
15045 				 * entry into the "failfast pending" state.
15046 				 */
15047 				un->un_failfast_bp = bp;
15048 
15049 			} else if (un->un_failfast_bp == bp) {
15050 				/*
15051 				 * This is the second time *this* bp has
15052 				 * encountered a failfast error condition,
15053 				 * so enter active failfast state & flush
15054 				 * queues as appropriate.
15055 				 */
15056 				un->un_failfast_state = SD_FAILFAST_ACTIVE;
15057 				un->un_failfast_bp = NULL;
15058 				sd_failfast_flushq(un);
15059 
15060 				/*
15061 				 * Fail this bp now if B_FAILFAST set;
15062 				 * otherwise continue with retries. (It would
15063 				 * be pretty ironic if this bp succeeded on a
15064 				 * subsequent retry after we just flushed all
15065 				 * the queues).
15066 				 */
15067 				if (bp->b_flags & B_FAILFAST) {
15068 					goto fail_command;
15069 				}
15070 
15071 #if !defined(lint) && !defined(__lint)
15072 			} else {
15073 				/*
15074 				 * If neither of the preceeding conditionals
15075 				 * was true, it means that there is some
15076 				 * *other* bp that has met an inital failfast
15077 				 * condition and is currently either being
15078 				 * retried or is waiting to be retried. In
15079 				 * that case we should perform normal retry
15080 				 * processing on *this* bp, since there is a
15081 				 * chance that the current failfast condition
15082 				 * is transient and recoverable. If that does
15083 				 * not turn out to be the case, then retries
15084 				 * will be cleared when the wait queue is
15085 				 * flushed anyway.
15086 				 */
15087 #endif
15088 			}
15089 		}
15090 	} else {
15091 		/*
15092 		 * SD_RETRIES_FAILFAST is clear, which indicates that we
15093 		 * likely were able to at least establish some level of
15094 		 * communication with the target and subsequent commands
15095 		 * and/or retries are likely to get through to the target,
15096 		 * In this case we want to be aggressive about clearing
15097 		 * the failfast state. Note that this does not affect
15098 		 * the "failfast pending" condition.
15099 		 */
15100 		un->un_failfast_state = SD_FAILFAST_INACTIVE;
15101 	}
15102 
15103 
15104 	/*
15105 	 * Check the specified retry count to see if we can still do
15106 	 * any retries with this pkt before we should fail it.
15107 	 */
15108 	switch (retry_check_flag & SD_RETRIES_MASK) {
15109 	case SD_RETRIES_VICTIM:
15110 		/*
15111 		 * Check the victim retry count. If exhausted, then fall
15112 		 * thru & check against the standard retry count.
15113 		 */
15114 		if (xp->xb_victim_retry_count < un->un_victim_retry_count) {
15115 			/* Increment count & proceed with the retry */
15116 			xp->xb_victim_retry_count++;
15117 			break;
15118 		}
15119 		/* Victim retries exhausted, fall back to std. retries... */
15120 		/* FALLTHRU */
15121 
15122 	case SD_RETRIES_STANDARD:
15123 		if (xp->xb_retry_count >= un->un_retry_count) {
15124 			/* Retries exhausted, fail the command */
15125 			SD_TRACE(SD_LOG_IO_CORE, un,
15126 			    "sd_retry_command: retries exhausted!\n");
15127 			/*
15128 			 * update b_resid for failed SCMD_READ & SCMD_WRITE
15129 			 * commands with nonzero pkt_resid.
15130 			 */
15131 			if ((pktp->pkt_reason == CMD_CMPLT) &&
15132 			    (SD_GET_PKT_STATUS(pktp) == STATUS_GOOD) &&
15133 			    (pktp->pkt_resid != 0)) {
15134 				uchar_t op = SD_GET_PKT_OPCODE(pktp) & 0x1F;
15135 				if ((op == SCMD_READ) || (op == SCMD_WRITE)) {
15136 					SD_UPDATE_B_RESID(bp, pktp);
15137 				}
15138 			}
15139 			goto fail_command;
15140 		}
15141 		xp->xb_retry_count++;
15142 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15143 		    "sd_retry_command: retry count:%d\n", xp->xb_retry_count);
15144 		break;
15145 
15146 	case SD_RETRIES_UA:
15147 		if (xp->xb_ua_retry_count >= sd_ua_retry_count) {
15148 			/* Retries exhausted, fail the command */
15149 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
15150 			    "Unit Attention retries exhausted. "
15151 			    "Check the target.\n");
15152 			goto fail_command;
15153 		}
15154 		xp->xb_ua_retry_count++;
15155 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15156 		    "sd_retry_command: retry count:%d\n",
15157 			xp->xb_ua_retry_count);
15158 		break;
15159 
15160 	case SD_RETRIES_BUSY:
15161 		if (xp->xb_retry_count >= un->un_busy_retry_count) {
15162 			/* Retries exhausted, fail the command */
15163 			SD_TRACE(SD_LOG_IO_CORE, un,
15164 			    "sd_retry_command: retries exhausted!\n");
15165 			goto fail_command;
15166 		}
15167 		xp->xb_retry_count++;
15168 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15169 		    "sd_retry_command: retry count:%d\n", xp->xb_retry_count);
15170 		break;
15171 
15172 	case SD_RETRIES_NOCHECK:
15173 	default:
15174 		/* No retry count to check. Just proceed with the retry */
15175 		break;
15176 	}
15177 
15178 	xp->xb_pktp->pkt_flags |= FLAG_HEAD;
15179 
15180 	/*
15181 	 * If we were given a zero timeout, we must attempt to retry the
15182 	 * command immediately (ie, without a delay).
15183 	 */
15184 	if (retry_delay == 0) {
15185 		/*
15186 		 * Check some limiting conditions to see if we can actually
15187 		 * do the immediate retry.  If we cannot, then we must
15188 		 * fall back to queueing up a delayed retry.
15189 		 */
15190 		if (un->un_ncmds_in_transport >= un->un_throttle) {
15191 			/*
15192 			 * We are at the throttle limit for the target,
15193 			 * fall back to delayed retry.
15194 			 */
15195 			retry_delay = SD_BSY_TIMEOUT;
15196 			statp = kstat_waitq_enter;
15197 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15198 			    "sd_retry_command: immed. retry hit "
15199 			    "throttle!\n");
15200 		} else {
15201 			/*
15202 			 * We're clear to proceed with the immediate retry.
15203 			 * First call the user-provided function (if any)
15204 			 */
15205 			if (user_funcp != NULL) {
15206 				(*user_funcp)(un, bp, user_arg,
15207 				    SD_IMMEDIATE_RETRY_ISSUED);
15208 			}
15209 
15210 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15211 			    "sd_retry_command: issuing immediate retry\n");
15212 
15213 			/*
15214 			 * Call sd_start_cmds() to transport the command to
15215 			 * the target.
15216 			 */
15217 			sd_start_cmds(un, bp);
15218 
15219 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15220 			    "sd_retry_command exit\n");
15221 			return;
15222 		}
15223 	}
15224 
15225 	/*
15226 	 * Set up to retry the command after a delay.
15227 	 * First call the user-provided function (if any)
15228 	 */
15229 	if (user_funcp != NULL) {
15230 		(*user_funcp)(un, bp, user_arg, SD_DELAYED_RETRY_ISSUED);
15231 	}
15232 
15233 	sd_set_retry_bp(un, bp, retry_delay, statp);
15234 
15235 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: exit\n");
15236 	return;
15237 
15238 fail_command:
15239 
15240 	if (user_funcp != NULL) {
15241 		(*user_funcp)(un, bp, user_arg, SD_NO_RETRY_ISSUED);
15242 	}
15243 
15244 fail_command_no_log:
15245 
15246 	SD_INFO(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15247 	    "sd_retry_command: returning failed command\n");
15248 
15249 	sd_return_failed_command(un, bp, failure_code);
15250 
15251 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_retry_command: exit\n");
15252 }
15253 
15254 
15255 /*
15256  *    Function: sd_set_retry_bp
15257  *
15258  * Description: Set up the given bp for retry.
15259  *
15260  *   Arguments: un - ptr to associated softstate
15261  *		bp - ptr to buf(9S) for the command
15262  *		retry_delay - time interval before issuing retry (may be 0)
15263  *		statp - optional pointer to kstat function
15264  *
15265  *     Context: May be called under interrupt context
15266  */
15267 
15268 static void
15269 sd_set_retry_bp(struct sd_lun *un, struct buf *bp, clock_t retry_delay,
15270 	void (*statp)(kstat_io_t *))
15271 {
15272 	ASSERT(un != NULL);
15273 	ASSERT(mutex_owned(SD_MUTEX(un)));
15274 	ASSERT(bp != NULL);
15275 
15276 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
15277 	    "sd_set_retry_bp: entry: un:0x%p bp:0x%p\n", un, bp);
15278 
15279 	/*
15280 	 * Indicate that the command is being retried. This will not allow any
15281 	 * other commands on the wait queue to be transported to the target
15282 	 * until this command has been completed (success or failure). The
15283 	 * "retry command" is not transported to the target until the given
15284 	 * time delay expires, unless the user specified a 0 retry_delay.
15285 	 *
15286 	 * Note: the timeout(9F) callback routine is what actually calls
15287 	 * sd_start_cmds() to transport the command, with the exception of a
15288 	 * zero retry_delay. The only current implementor of a zero retry delay
15289 	 * is the case where a START_STOP_UNIT is sent to spin-up a device.
15290 	 */
15291 	if (un->un_retry_bp == NULL) {
15292 		ASSERT(un->un_retry_statp == NULL);
15293 		un->un_retry_bp = bp;
15294 
15295 		/*
15296 		 * If the user has not specified a delay the command should
15297 		 * be queued and no timeout should be scheduled.
15298 		 */
15299 		if (retry_delay == 0) {
15300 			/*
15301 			 * Save the kstat pointer that will be used in the
15302 			 * call to SD_UPDATE_KSTATS() below, so that
15303 			 * sd_start_cmds() can correctly decrement the waitq
15304 			 * count when it is time to transport this command.
15305 			 */
15306 			un->un_retry_statp = statp;
15307 			goto done;
15308 		}
15309 	}
15310 
15311 	if (un->un_retry_bp == bp) {
15312 		/*
15313 		 * Save the kstat pointer that will be used in the call to
15314 		 * SD_UPDATE_KSTATS() below, so that sd_start_cmds() can
15315 		 * correctly decrement the waitq count when it is time to
15316 		 * transport this command.
15317 		 */
15318 		un->un_retry_statp = statp;
15319 
15320 		/*
15321 		 * Schedule a timeout if:
15322 		 *   1) The user has specified a delay.
15323 		 *   2) There is not a START_STOP_UNIT callback pending.
15324 		 *
15325 		 * If no delay has been specified, then it is up to the caller
15326 		 * to ensure that IO processing continues without stalling.
15327 		 * Effectively, this means that the caller will issue the
15328 		 * required call to sd_start_cmds(). The START_STOP_UNIT
15329 		 * callback does this after the START STOP UNIT command has
15330 		 * completed. In either of these cases we should not schedule
15331 		 * a timeout callback here.  Also don't schedule the timeout if
15332 		 * an SD_PATH_DIRECT_PRIORITY command is waiting to restart.
15333 		 */
15334 		if ((retry_delay != 0) && (un->un_startstop_timeid == NULL) &&
15335 		    (un->un_direct_priority_timeid == NULL)) {
15336 			un->un_retry_timeid =
15337 			    timeout(sd_start_retry_command, un, retry_delay);
15338 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15339 			    "sd_set_retry_bp: setting timeout: un: 0x%p"
15340 			    " bp:0x%p un_retry_timeid:0x%p\n",
15341 			    un, bp, un->un_retry_timeid);
15342 		}
15343 	} else {
15344 		/*
15345 		 * We only get in here if there is already another command
15346 		 * waiting to be retried.  In this case, we just put the
15347 		 * given command onto the wait queue, so it can be transported
15348 		 * after the current retry command has completed.
15349 		 *
15350 		 * Also we have to make sure that if the command at the head
15351 		 * of the wait queue is the un_failfast_bp, that we do not
15352 		 * put ahead of it any other commands that are to be retried.
15353 		 */
15354 		if ((un->un_failfast_bp != NULL) &&
15355 		    (un->un_failfast_bp == un->un_waitq_headp)) {
15356 			/*
15357 			 * Enqueue this command AFTER the first command on
15358 			 * the wait queue (which is also un_failfast_bp).
15359 			 */
15360 			bp->av_forw = un->un_waitq_headp->av_forw;
15361 			un->un_waitq_headp->av_forw = bp;
15362 			if (un->un_waitq_headp == un->un_waitq_tailp) {
15363 				un->un_waitq_tailp = bp;
15364 			}
15365 		} else {
15366 			/* Enqueue this command at the head of the waitq. */
15367 			bp->av_forw = un->un_waitq_headp;
15368 			un->un_waitq_headp = bp;
15369 			if (un->un_waitq_tailp == NULL) {
15370 				un->un_waitq_tailp = bp;
15371 			}
15372 		}
15373 
15374 		if (statp == NULL) {
15375 			statp = kstat_waitq_enter;
15376 		}
15377 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15378 		    "sd_set_retry_bp: un:0x%p already delayed retry\n", un);
15379 	}
15380 
15381 done:
15382 	if (statp != NULL) {
15383 		SD_UPDATE_KSTATS(un, statp, bp);
15384 	}
15385 
15386 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15387 	    "sd_set_retry_bp: exit un:0x%p\n", un);
15388 }
15389 
15390 
15391 /*
15392  *    Function: sd_start_retry_command
15393  *
15394  * Description: Start the command that has been waiting on the target's
15395  *		retry queue.  Called from timeout(9F) context after the
15396  *		retry delay interval has expired.
15397  *
15398  *   Arguments: arg - pointer to associated softstate for the device.
15399  *
15400  *     Context: timeout(9F) thread context.  May not sleep.
15401  */
15402 
15403 static void
15404 sd_start_retry_command(void *arg)
15405 {
15406 	struct sd_lun *un = arg;
15407 
15408 	ASSERT(un != NULL);
15409 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15410 
15411 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15412 	    "sd_start_retry_command: entry\n");
15413 
15414 	mutex_enter(SD_MUTEX(un));
15415 
15416 	un->un_retry_timeid = NULL;
15417 
15418 	if (un->un_retry_bp != NULL) {
15419 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15420 		    "sd_start_retry_command: un:0x%p STARTING bp:0x%p\n",
15421 		    un, un->un_retry_bp);
15422 		sd_start_cmds(un, un->un_retry_bp);
15423 	}
15424 
15425 	mutex_exit(SD_MUTEX(un));
15426 
15427 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15428 	    "sd_start_retry_command: exit\n");
15429 }
15430 
15431 
15432 /*
15433  *    Function: sd_start_direct_priority_command
15434  *
15435  * Description: Used to re-start an SD_PATH_DIRECT_PRIORITY command that had
15436  *		received TRAN_BUSY when we called scsi_transport() to send it
15437  *		to the underlying HBA. This function is called from timeout(9F)
15438  *		context after the delay interval has expired.
15439  *
15440  *   Arguments: arg - pointer to associated buf(9S) to be restarted.
15441  *
15442  *     Context: timeout(9F) thread context.  May not sleep.
15443  */
15444 
15445 static void
15446 sd_start_direct_priority_command(void *arg)
15447 {
15448 	struct buf	*priority_bp = arg;
15449 	struct sd_lun	*un;
15450 
15451 	ASSERT(priority_bp != NULL);
15452 	un = SD_GET_UN(priority_bp);
15453 	ASSERT(un != NULL);
15454 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15455 
15456 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15457 	    "sd_start_direct_priority_command: entry\n");
15458 
15459 	mutex_enter(SD_MUTEX(un));
15460 	un->un_direct_priority_timeid = NULL;
15461 	sd_start_cmds(un, priority_bp);
15462 	mutex_exit(SD_MUTEX(un));
15463 
15464 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15465 	    "sd_start_direct_priority_command: exit\n");
15466 }
15467 
15468 
15469 /*
15470  *    Function: sd_send_request_sense_command
15471  *
15472  * Description: Sends a REQUEST SENSE command to the target
15473  *
15474  *     Context: May be called from interrupt context.
15475  */
15476 
15477 static void
15478 sd_send_request_sense_command(struct sd_lun *un, struct buf *bp,
15479 	struct scsi_pkt *pktp)
15480 {
15481 	ASSERT(bp != NULL);
15482 	ASSERT(un != NULL);
15483 	ASSERT(mutex_owned(SD_MUTEX(un)));
15484 
15485 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_send_request_sense_command: "
15486 	    "entry: buf:0x%p\n", bp);
15487 
15488 	/*
15489 	 * If we are syncing or dumping, then fail the command to avoid a
15490 	 * recursive callback into scsi_transport(). Also fail the command
15491 	 * if we are suspended (legacy behavior).
15492 	 */
15493 	if (ddi_in_panic() || (un->un_state == SD_STATE_SUSPENDED) ||
15494 	    (un->un_state == SD_STATE_DUMPING)) {
15495 		sd_return_failed_command(un, bp, EIO);
15496 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15497 		    "sd_send_request_sense_command: syncing/dumping, exit\n");
15498 		return;
15499 	}
15500 
15501 	/*
15502 	 * Retry the failed command and don't issue the request sense if:
15503 	 *    1) the sense buf is busy
15504 	 *    2) we have 1 or more outstanding commands on the target
15505 	 *    (the sense data will be cleared or invalidated any way)
15506 	 *
15507 	 * Note: There could be an issue with not checking a retry limit here,
15508 	 * the problem is determining which retry limit to check.
15509 	 */
15510 	if ((un->un_sense_isbusy != 0) || (un->un_ncmds_in_transport > 0)) {
15511 		/* Don't retry if the command is flagged as non-retryable */
15512 		if ((pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
15513 			sd_retry_command(un, bp, SD_RETRIES_NOCHECK,
15514 			    NULL, NULL, 0, SD_BSY_TIMEOUT, kstat_waitq_enter);
15515 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15516 			    "sd_send_request_sense_command: "
15517 			    "at full throttle, retrying exit\n");
15518 		} else {
15519 			sd_return_failed_command(un, bp, EIO);
15520 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15521 			    "sd_send_request_sense_command: "
15522 			    "at full throttle, non-retryable exit\n");
15523 		}
15524 		return;
15525 	}
15526 
15527 	sd_mark_rqs_busy(un, bp);
15528 	sd_start_cmds(un, un->un_rqs_bp);
15529 
15530 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15531 	    "sd_send_request_sense_command: exit\n");
15532 }
15533 
15534 
15535 /*
15536  *    Function: sd_mark_rqs_busy
15537  *
15538  * Description: Indicate that the request sense bp for this instance is
15539  *		in use.
15540  *
15541  *     Context: May be called under interrupt context
15542  */
15543 
15544 static void
15545 sd_mark_rqs_busy(struct sd_lun *un, struct buf *bp)
15546 {
15547 	struct sd_xbuf	*sense_xp;
15548 
15549 	ASSERT(un != NULL);
15550 	ASSERT(bp != NULL);
15551 	ASSERT(mutex_owned(SD_MUTEX(un)));
15552 	ASSERT(un->un_sense_isbusy == 0);
15553 
15554 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_mark_rqs_busy: entry: "
15555 	    "buf:0x%p xp:0x%p un:0x%p\n", bp, SD_GET_XBUF(bp), un);
15556 
15557 	sense_xp = SD_GET_XBUF(un->un_rqs_bp);
15558 	ASSERT(sense_xp != NULL);
15559 
15560 	SD_INFO(SD_LOG_IO, un,
15561 	    "sd_mark_rqs_busy: entry: sense_xp:0x%p\n", sense_xp);
15562 
15563 	ASSERT(sense_xp->xb_pktp != NULL);
15564 	ASSERT((sense_xp->xb_pktp->pkt_flags & (FLAG_SENSING | FLAG_HEAD))
15565 	    == (FLAG_SENSING | FLAG_HEAD));
15566 
15567 	un->un_sense_isbusy = 1;
15568 	un->un_rqs_bp->b_resid = 0;
15569 	sense_xp->xb_pktp->pkt_resid  = 0;
15570 	sense_xp->xb_pktp->pkt_reason = 0;
15571 
15572 	/* So we can get back the bp at interrupt time! */
15573 	sense_xp->xb_sense_bp = bp;
15574 
15575 	bzero(un->un_rqs_bp->b_un.b_addr, SENSE_LENGTH);
15576 
15577 	/*
15578 	 * Mark this buf as awaiting sense data. (This is already set in
15579 	 * the pkt_flags for the RQS packet.)
15580 	 */
15581 	((SD_GET_XBUF(bp))->xb_pktp)->pkt_flags |= FLAG_SENSING;
15582 
15583 	sense_xp->xb_retry_count	= 0;
15584 	sense_xp->xb_victim_retry_count = 0;
15585 	sense_xp->xb_ua_retry_count	= 0;
15586 	sense_xp->xb_dma_resid  = 0;
15587 
15588 	/* Clean up the fields for auto-request sense */
15589 	sense_xp->xb_sense_status = 0;
15590 	sense_xp->xb_sense_state  = 0;
15591 	sense_xp->xb_sense_resid  = 0;
15592 	bzero(sense_xp->xb_sense_data, sizeof (sense_xp->xb_sense_data));
15593 
15594 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_mark_rqs_busy: exit\n");
15595 }
15596 
15597 
15598 /*
15599  *    Function: sd_mark_rqs_idle
15600  *
15601  * Description: SD_MUTEX must be held continuously through this routine
15602  *		to prevent reuse of the rqs struct before the caller can
15603  *		complete it's processing.
15604  *
15605  * Return Code: Pointer to the RQS buf
15606  *
15607  *     Context: May be called under interrupt context
15608  */
15609 
15610 static struct buf *
15611 sd_mark_rqs_idle(struct sd_lun *un, struct sd_xbuf *sense_xp)
15612 {
15613 	struct buf *bp;
15614 	ASSERT(un != NULL);
15615 	ASSERT(sense_xp != NULL);
15616 	ASSERT(mutex_owned(SD_MUTEX(un)));
15617 	ASSERT(un->un_sense_isbusy != 0);
15618 
15619 	un->un_sense_isbusy = 0;
15620 	bp = sense_xp->xb_sense_bp;
15621 	sense_xp->xb_sense_bp = NULL;
15622 
15623 	/* This pkt is no longer interested in getting sense data */
15624 	((SD_GET_XBUF(bp))->xb_pktp)->pkt_flags &= ~FLAG_SENSING;
15625 
15626 	return (bp);
15627 }
15628 
15629 
15630 
15631 /*
15632  *    Function: sd_alloc_rqs
15633  *
15634  * Description: Set up the unit to receive auto request sense data
15635  *
15636  * Return Code: DDI_SUCCESS or DDI_FAILURE
15637  *
15638  *     Context: Called under attach(9E) context
15639  */
15640 
15641 static int
15642 sd_alloc_rqs(struct scsi_device *devp, struct sd_lun *un)
15643 {
15644 	struct sd_xbuf *xp;
15645 
15646 	ASSERT(un != NULL);
15647 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15648 	ASSERT(un->un_rqs_bp == NULL);
15649 	ASSERT(un->un_rqs_pktp == NULL);
15650 
15651 	/*
15652 	 * First allocate the required buf and scsi_pkt structs, then set up
15653 	 * the CDB in the scsi_pkt for a REQUEST SENSE command.
15654 	 */
15655 	un->un_rqs_bp = scsi_alloc_consistent_buf(&devp->sd_address, NULL,
15656 	    SENSE_LENGTH, B_READ, SLEEP_FUNC, NULL);
15657 	if (un->un_rqs_bp == NULL) {
15658 		return (DDI_FAILURE);
15659 	}
15660 
15661 	un->un_rqs_pktp = scsi_init_pkt(&devp->sd_address, NULL, un->un_rqs_bp,
15662 	    CDB_GROUP0, 1, 0, PKT_CONSISTENT, SLEEP_FUNC, NULL);
15663 
15664 	if (un->un_rqs_pktp == NULL) {
15665 		sd_free_rqs(un);
15666 		return (DDI_FAILURE);
15667 	}
15668 
15669 	/* Set up the CDB in the scsi_pkt for a REQUEST SENSE command. */
15670 	(void) scsi_setup_cdb((union scsi_cdb *)un->un_rqs_pktp->pkt_cdbp,
15671 	    SCMD_REQUEST_SENSE, 0, SENSE_LENGTH, 0);
15672 
15673 	SD_FILL_SCSI1_LUN(un, un->un_rqs_pktp);
15674 
15675 	/* Set up the other needed members in the ARQ scsi_pkt. */
15676 	un->un_rqs_pktp->pkt_comp   = sdintr;
15677 	un->un_rqs_pktp->pkt_time   = sd_io_time;
15678 	un->un_rqs_pktp->pkt_flags |=
15679 	    (FLAG_SENSING | FLAG_HEAD);	/* (1222170) */
15680 
15681 	/*
15682 	 * Allocate  & init the sd_xbuf struct for the RQS command. Do not
15683 	 * provide any intpkt, destroypkt routines as we take care of
15684 	 * scsi_pkt allocation/freeing here and in sd_free_rqs().
15685 	 */
15686 	xp = kmem_alloc(sizeof (struct sd_xbuf), KM_SLEEP);
15687 	sd_xbuf_init(un, un->un_rqs_bp, xp, SD_CHAIN_NULL, NULL);
15688 	xp->xb_pktp = un->un_rqs_pktp;
15689 	SD_INFO(SD_LOG_ATTACH_DETACH, un,
15690 	    "sd_alloc_rqs: un 0x%p, rqs  xp 0x%p,  pkt 0x%p,  buf 0x%p\n",
15691 	    un, xp, un->un_rqs_pktp, un->un_rqs_bp);
15692 
15693 	/*
15694 	 * Save the pointer to the request sense private bp so it can
15695 	 * be retrieved in sdintr.
15696 	 */
15697 	un->un_rqs_pktp->pkt_private = un->un_rqs_bp;
15698 	ASSERT(un->un_rqs_bp->b_private == xp);
15699 
15700 	/*
15701 	 * See if the HBA supports auto-request sense for the specified
15702 	 * target/lun. If it does, then try to enable it (if not already
15703 	 * enabled).
15704 	 *
15705 	 * Note: For some HBAs (ifp & sf), scsi_ifsetcap will always return
15706 	 * failure, while for other HBAs (pln) scsi_ifsetcap will always
15707 	 * return success.  However, in both of these cases ARQ is always
15708 	 * enabled and scsi_ifgetcap will always return true. The best approach
15709 	 * is to issue the scsi_ifgetcap() first, then try the scsi_ifsetcap().
15710 	 *
15711 	 * The 3rd case is the HBA (adp) always return enabled on
15712 	 * scsi_ifgetgetcap even when it's not enable, the best approach
15713 	 * is issue a scsi_ifsetcap then a scsi_ifgetcap
15714 	 * Note: this case is to circumvent the Adaptec bug. (x86 only)
15715 	 */
15716 
15717 	if (un->un_f_is_fibre == TRUE) {
15718 		un->un_f_arq_enabled = TRUE;
15719 	} else {
15720 #if defined(__i386) || defined(__amd64)
15721 		/*
15722 		 * Circumvent the Adaptec bug, remove this code when
15723 		 * the bug is fixed
15724 		 */
15725 		(void) scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 1, 1);
15726 #endif
15727 		switch (scsi_ifgetcap(SD_ADDRESS(un), "auto-rqsense", 1)) {
15728 		case 0:
15729 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15730 				"sd_alloc_rqs: HBA supports ARQ\n");
15731 			/*
15732 			 * ARQ is supported by this HBA but currently is not
15733 			 * enabled. Attempt to enable it and if successful then
15734 			 * mark this instance as ARQ enabled.
15735 			 */
15736 			if (scsi_ifsetcap(SD_ADDRESS(un), "auto-rqsense", 1, 1)
15737 				== 1) {
15738 				/* Successfully enabled ARQ in the HBA */
15739 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
15740 					"sd_alloc_rqs: ARQ enabled\n");
15741 				un->un_f_arq_enabled = TRUE;
15742 			} else {
15743 				/* Could not enable ARQ in the HBA */
15744 				SD_INFO(SD_LOG_ATTACH_DETACH, un,
15745 				"sd_alloc_rqs: failed ARQ enable\n");
15746 				un->un_f_arq_enabled = FALSE;
15747 			}
15748 			break;
15749 		case 1:
15750 			/*
15751 			 * ARQ is supported by this HBA and is already enabled.
15752 			 * Just mark ARQ as enabled for this instance.
15753 			 */
15754 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15755 				"sd_alloc_rqs: ARQ already enabled\n");
15756 			un->un_f_arq_enabled = TRUE;
15757 			break;
15758 		default:
15759 			/*
15760 			 * ARQ is not supported by this HBA; disable it for this
15761 			 * instance.
15762 			 */
15763 			SD_INFO(SD_LOG_ATTACH_DETACH, un,
15764 				"sd_alloc_rqs: HBA does not support ARQ\n");
15765 			un->un_f_arq_enabled = FALSE;
15766 			break;
15767 		}
15768 	}
15769 
15770 	return (DDI_SUCCESS);
15771 }
15772 
15773 
15774 /*
15775  *    Function: sd_free_rqs
15776  *
15777  * Description: Cleanup for the pre-instance RQS command.
15778  *
15779  *     Context: Kernel thread context
15780  */
15781 
15782 static void
15783 sd_free_rqs(struct sd_lun *un)
15784 {
15785 	ASSERT(un != NULL);
15786 
15787 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_free_rqs: entry\n");
15788 
15789 	/*
15790 	 * If consistent memory is bound to a scsi_pkt, the pkt
15791 	 * has to be destroyed *before* freeing the consistent memory.
15792 	 * Don't change the sequence of this operations.
15793 	 * scsi_destroy_pkt() might access memory, which isn't allowed,
15794 	 * after it was freed in scsi_free_consistent_buf().
15795 	 */
15796 	if (un->un_rqs_pktp != NULL) {
15797 		scsi_destroy_pkt(un->un_rqs_pktp);
15798 		un->un_rqs_pktp = NULL;
15799 	}
15800 
15801 	if (un->un_rqs_bp != NULL) {
15802 		kmem_free(SD_GET_XBUF(un->un_rqs_bp), sizeof (struct sd_xbuf));
15803 		scsi_free_consistent_buf(un->un_rqs_bp);
15804 		un->un_rqs_bp = NULL;
15805 	}
15806 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_free_rqs: exit\n");
15807 }
15808 
15809 
15810 
15811 /*
15812  *    Function: sd_reduce_throttle
15813  *
15814  * Description: Reduces the maximun # of outstanding commands on a
15815  *		target to the current number of outstanding commands.
15816  *		Queues a tiemout(9F) callback to restore the limit
15817  *		after a specified interval has elapsed.
15818  *		Typically used when we get a TRAN_BUSY return code
15819  *		back from scsi_transport().
15820  *
15821  *   Arguments: un - ptr to the sd_lun softstate struct
15822  *		throttle_type: SD_THROTTLE_TRAN_BUSY or SD_THROTTLE_QFULL
15823  *
15824  *     Context: May be called from interrupt context
15825  */
15826 
15827 static void
15828 sd_reduce_throttle(struct sd_lun *un, int throttle_type)
15829 {
15830 	ASSERT(un != NULL);
15831 	ASSERT(mutex_owned(SD_MUTEX(un)));
15832 	ASSERT(un->un_ncmds_in_transport >= 0);
15833 
15834 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reduce_throttle: "
15835 	    "entry: un:0x%p un_throttle:%d un_ncmds_in_transport:%d\n",
15836 	    un, un->un_throttle, un->un_ncmds_in_transport);
15837 
15838 	if (un->un_throttle > 1) {
15839 		if (un->un_f_use_adaptive_throttle == TRUE) {
15840 			switch (throttle_type) {
15841 			case SD_THROTTLE_TRAN_BUSY:
15842 				if (un->un_busy_throttle == 0) {
15843 					un->un_busy_throttle = un->un_throttle;
15844 				}
15845 				break;
15846 			case SD_THROTTLE_QFULL:
15847 				un->un_busy_throttle = 0;
15848 				break;
15849 			default:
15850 				ASSERT(FALSE);
15851 			}
15852 
15853 			if (un->un_ncmds_in_transport > 0) {
15854 			    un->un_throttle = un->un_ncmds_in_transport;
15855 			}
15856 
15857 		} else {
15858 			if (un->un_ncmds_in_transport == 0) {
15859 				un->un_throttle = 1;
15860 			} else {
15861 				un->un_throttle = un->un_ncmds_in_transport;
15862 			}
15863 		}
15864 	}
15865 
15866 	/* Reschedule the timeout if none is currently active */
15867 	if (un->un_reset_throttle_timeid == NULL) {
15868 		un->un_reset_throttle_timeid = timeout(sd_restore_throttle,
15869 		    un, SD_THROTTLE_RESET_INTERVAL);
15870 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
15871 		    "sd_reduce_throttle: timeout scheduled!\n");
15872 	}
15873 
15874 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reduce_throttle: "
15875 	    "exit: un:0x%p un_throttle:%d\n", un, un->un_throttle);
15876 }
15877 
15878 
15879 
15880 /*
15881  *    Function: sd_restore_throttle
15882  *
15883  * Description: Callback function for timeout(9F).  Resets the current
15884  *		value of un->un_throttle to its default.
15885  *
15886  *   Arguments: arg - pointer to associated softstate for the device.
15887  *
15888  *     Context: May be called from interrupt context
15889  */
15890 
15891 static void
15892 sd_restore_throttle(void *arg)
15893 {
15894 	struct sd_lun	*un = arg;
15895 
15896 	ASSERT(un != NULL);
15897 	ASSERT(!mutex_owned(SD_MUTEX(un)));
15898 
15899 	mutex_enter(SD_MUTEX(un));
15900 
15901 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: "
15902 	    "entry: un:0x%p un_throttle:%d\n", un, un->un_throttle);
15903 
15904 	un->un_reset_throttle_timeid = NULL;
15905 
15906 	if (un->un_f_use_adaptive_throttle == TRUE) {
15907 		/*
15908 		 * If un_busy_throttle is nonzero, then it contains the
15909 		 * value that un_throttle was when we got a TRAN_BUSY back
15910 		 * from scsi_transport(). We want to revert back to this
15911 		 * value.
15912 		 *
15913 		 * In the QFULL case, the throttle limit will incrementally
15914 		 * increase until it reaches max throttle.
15915 		 */
15916 		if (un->un_busy_throttle > 0) {
15917 			un->un_throttle = un->un_busy_throttle;
15918 			un->un_busy_throttle = 0;
15919 		} else {
15920 			/*
15921 			 * increase throttle by 10% open gate slowly, schedule
15922 			 * another restore if saved throttle has not been
15923 			 * reached
15924 			 */
15925 			short throttle;
15926 			if (sd_qfull_throttle_enable) {
15927 				throttle = un->un_throttle +
15928 				    max((un->un_throttle / 10), 1);
15929 				un->un_throttle =
15930 				    (throttle < un->un_saved_throttle) ?
15931 				    throttle : un->un_saved_throttle;
15932 				if (un->un_throttle < un->un_saved_throttle) {
15933 				    un->un_reset_throttle_timeid =
15934 					timeout(sd_restore_throttle,
15935 					un, SD_QFULL_THROTTLE_RESET_INTERVAL);
15936 				}
15937 			}
15938 		}
15939 
15940 		/*
15941 		 * If un_throttle has fallen below the low-water mark, we
15942 		 * restore the maximum value here (and allow it to ratchet
15943 		 * down again if necessary).
15944 		 */
15945 		if (un->un_throttle < un->un_min_throttle) {
15946 			un->un_throttle = un->un_saved_throttle;
15947 		}
15948 	} else {
15949 		SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: "
15950 		    "restoring limit from 0x%x to 0x%x\n",
15951 		    un->un_throttle, un->un_saved_throttle);
15952 		un->un_throttle = un->un_saved_throttle;
15953 	}
15954 
15955 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
15956 	    "sd_restore_throttle: calling sd_start_cmds!\n");
15957 
15958 	sd_start_cmds(un, NULL);
15959 
15960 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un,
15961 	    "sd_restore_throttle: exit: un:0x%p un_throttle:%d\n",
15962 	    un, un->un_throttle);
15963 
15964 	mutex_exit(SD_MUTEX(un));
15965 
15966 	SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sd_restore_throttle: exit\n");
15967 }
15968 
15969 /*
15970  *    Function: sdrunout
15971  *
15972  * Description: Callback routine for scsi_init_pkt when a resource allocation
15973  *		fails.
15974  *
15975  *   Arguments: arg - a pointer to the sd_lun unit struct for the particular
15976  *		soft state instance.
15977  *
15978  * Return Code: The scsi_init_pkt routine allows for the callback function to
15979  *		return a 0 indicating the callback should be rescheduled or a 1
15980  *		indicating not to reschedule. This routine always returns 1
15981  *		because the driver always provides a callback function to
15982  *		scsi_init_pkt. This results in a callback always being scheduled
15983  *		(via the scsi_init_pkt callback implementation) if a resource
15984  *		failure occurs.
15985  *
15986  *     Context: This callback function may not block or call routines that block
15987  *
15988  *        Note: Using the scsi_init_pkt callback facility can result in an I/O
15989  *		request persisting at the head of the list which cannot be
15990  *		satisfied even after multiple retries. In the future the driver
15991  *		may implement some time of maximum runout count before failing
15992  *		an I/O.
15993  */
15994 
15995 static int
15996 sdrunout(caddr_t arg)
15997 {
15998 	struct sd_lun	*un = (struct sd_lun *)arg;
15999 
16000 	ASSERT(un != NULL);
16001 	ASSERT(!mutex_owned(SD_MUTEX(un)));
16002 
16003 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdrunout: entry\n");
16004 
16005 	mutex_enter(SD_MUTEX(un));
16006 	sd_start_cmds(un, NULL);
16007 	mutex_exit(SD_MUTEX(un));
16008 	/*
16009 	 * This callback routine always returns 1 (i.e. do not reschedule)
16010 	 * because we always specify sdrunout as the callback handler for
16011 	 * scsi_init_pkt inside the call to sd_start_cmds.
16012 	 */
16013 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdrunout: exit\n");
16014 	return (1);
16015 }
16016 
16017 
16018 /*
16019  *    Function: sdintr
16020  *
16021  * Description: Completion callback routine for scsi_pkt(9S) structs
16022  *		sent to the HBA driver via scsi_transport(9F).
16023  *
16024  *     Context: Interrupt context
16025  */
16026 
16027 static void
16028 sdintr(struct scsi_pkt *pktp)
16029 {
16030 	struct buf	*bp;
16031 	struct sd_xbuf	*xp;
16032 	struct sd_lun	*un;
16033 
16034 	ASSERT(pktp != NULL);
16035 	bp = (struct buf *)pktp->pkt_private;
16036 	ASSERT(bp != NULL);
16037 	xp = SD_GET_XBUF(bp);
16038 	ASSERT(xp != NULL);
16039 	ASSERT(xp->xb_pktp != NULL);
16040 	un = SD_GET_UN(bp);
16041 	ASSERT(un != NULL);
16042 	ASSERT(!mutex_owned(SD_MUTEX(un)));
16043 
16044 #ifdef SD_FAULT_INJECTION
16045 
16046 	SD_INFO(SD_LOG_IOERR, un, "sdintr: sdintr calling Fault injection\n");
16047 	/* SD FaultInjection */
16048 	sd_faultinjection(pktp);
16049 
16050 #endif /* SD_FAULT_INJECTION */
16051 
16052 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdintr: entry: buf:0x%p,"
16053 	    " xp:0x%p, un:0x%p\n", bp, xp, un);
16054 
16055 	mutex_enter(SD_MUTEX(un));
16056 
16057 	/* Reduce the count of the #commands currently in transport */
16058 	un->un_ncmds_in_transport--;
16059 	ASSERT(un->un_ncmds_in_transport >= 0);
16060 
16061 	/* Increment counter to indicate that the callback routine is active */
16062 	un->un_in_callback++;
16063 
16064 	SD_UPDATE_KSTATS(un, kstat_runq_exit, bp);
16065 
16066 #ifdef	SDDEBUG
16067 	if (bp == un->un_retry_bp) {
16068 		SD_TRACE(SD_LOG_IO | SD_LOG_ERROR, un, "sdintr: "
16069 		    "un:0x%p: GOT retry_bp:0x%p un_ncmds_in_transport:%d\n",
16070 		    un, un->un_retry_bp, un->un_ncmds_in_transport);
16071 	}
16072 #endif
16073 
16074 	/*
16075 	 * If pkt_reason is CMD_DEV_GONE, just fail the command
16076 	 */
16077 	if (pktp->pkt_reason == CMD_DEV_GONE) {
16078 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16079 			    "Device is gone\n");
16080 		sd_return_failed_command(un, bp, EIO);
16081 		goto exit;
16082 	}
16083 
16084 	/*
16085 	 * First see if the pkt has auto-request sense data with it....
16086 	 * Look at the packet state first so we don't take a performance
16087 	 * hit looking at the arq enabled flag unless absolutely necessary.
16088 	 */
16089 	if ((pktp->pkt_state & STATE_ARQ_DONE) &&
16090 	    (un->un_f_arq_enabled == TRUE)) {
16091 		/*
16092 		 * The HBA did an auto request sense for this command so check
16093 		 * for FLAG_DIAGNOSE. If set this indicates a uscsi or internal
16094 		 * driver command that should not be retried.
16095 		 */
16096 		if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
16097 			/*
16098 			 * Save the relevant sense info into the xp for the
16099 			 * original cmd.
16100 			 */
16101 			struct scsi_arq_status *asp;
16102 			asp = (struct scsi_arq_status *)(pktp->pkt_scbp);
16103 			xp->xb_sense_status =
16104 			    *((uchar_t *)(&(asp->sts_rqpkt_status)));
16105 			xp->xb_sense_state  = asp->sts_rqpkt_state;
16106 			xp->xb_sense_resid  = asp->sts_rqpkt_resid;
16107 			bcopy(&asp->sts_sensedata, xp->xb_sense_data,
16108 			    min(sizeof (struct scsi_extended_sense),
16109 			    SENSE_LENGTH));
16110 
16111 			/* fail the command */
16112 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16113 			    "sdintr: arq done and FLAG_DIAGNOSE set\n");
16114 			sd_return_failed_command(un, bp, EIO);
16115 			goto exit;
16116 		}
16117 
16118 #if (defined(__i386) || defined(__amd64))	/* DMAFREE for x86 only */
16119 		/*
16120 		 * We want to either retry or fail this command, so free
16121 		 * the DMA resources here.  If we retry the command then
16122 		 * the DMA resources will be reallocated in sd_start_cmds().
16123 		 * Note that when PKT_DMA_PARTIAL is used, this reallocation
16124 		 * causes the *entire* transfer to start over again from the
16125 		 * beginning of the request, even for PARTIAL chunks that
16126 		 * have already transferred successfully.
16127 		 */
16128 		if ((un->un_f_is_fibre == TRUE) &&
16129 		    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
16130 		    ((pktp->pkt_flags & FLAG_SENSING) == 0))  {
16131 			scsi_dmafree(pktp);
16132 			xp->xb_pkt_flags |= SD_XB_DMA_FREED;
16133 		}
16134 #endif
16135 
16136 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16137 		    "sdintr: arq done, sd_handle_auto_request_sense\n");
16138 
16139 		sd_handle_auto_request_sense(un, bp, xp, pktp);
16140 		goto exit;
16141 	}
16142 
16143 	/* Next see if this is the REQUEST SENSE pkt for the instance */
16144 	if (pktp->pkt_flags & FLAG_SENSING)  {
16145 		/* This pktp is from the unit's REQUEST_SENSE command */
16146 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16147 		    "sdintr: sd_handle_request_sense\n");
16148 		sd_handle_request_sense(un, bp, xp, pktp);
16149 		goto exit;
16150 	}
16151 
16152 	/*
16153 	 * Check to see if the command successfully completed as requested;
16154 	 * this is the most common case (and also the hot performance path).
16155 	 *
16156 	 * Requirements for successful completion are:
16157 	 * pkt_reason is CMD_CMPLT and packet status is status good.
16158 	 * In addition:
16159 	 * - A residual of zero indicates successful completion no matter what
16160 	 *   the command is.
16161 	 * - If the residual is not zero and the command is not a read or
16162 	 *   write, then it's still defined as successful completion. In other
16163 	 *   words, if the command is a read or write the residual must be
16164 	 *   zero for successful completion.
16165 	 * - If the residual is not zero and the command is a read or
16166 	 *   write, and it's a USCSICMD, then it's still defined as
16167 	 *   successful completion.
16168 	 */
16169 	if ((pktp->pkt_reason == CMD_CMPLT) &&
16170 	    (SD_GET_PKT_STATUS(pktp) == STATUS_GOOD)) {
16171 
16172 		/*
16173 		 * Since this command is returned with a good status, we
16174 		 * can reset the count for Sonoma failover.
16175 		 */
16176 		un->un_sonoma_failure_count = 0;
16177 
16178 		/*
16179 		 * Return all USCSI commands on good status
16180 		 */
16181 		if (pktp->pkt_resid == 0) {
16182 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16183 			    "sdintr: returning command for resid == 0\n");
16184 		} else if (((SD_GET_PKT_OPCODE(pktp) & 0x1F) != SCMD_READ) &&
16185 		    ((SD_GET_PKT_OPCODE(pktp) & 0x1F) != SCMD_WRITE)) {
16186 			SD_UPDATE_B_RESID(bp, pktp);
16187 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16188 			    "sdintr: returning command for resid != 0\n");
16189 		} else if (xp->xb_pkt_flags & SD_XB_USCSICMD) {
16190 			SD_UPDATE_B_RESID(bp, pktp);
16191 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16192 				"sdintr: returning uscsi command\n");
16193 		} else {
16194 			goto not_successful;
16195 		}
16196 		sd_return_command(un, bp);
16197 
16198 		/*
16199 		 * Decrement counter to indicate that the callback routine
16200 		 * is done.
16201 		 */
16202 		un->un_in_callback--;
16203 		ASSERT(un->un_in_callback >= 0);
16204 		mutex_exit(SD_MUTEX(un));
16205 
16206 		return;
16207 	}
16208 
16209 not_successful:
16210 
16211 #if (defined(__i386) || defined(__amd64))	/* DMAFREE for x86 only */
16212 	/*
16213 	 * The following is based upon knowledge of the underlying transport
16214 	 * and its use of DMA resources.  This code should be removed when
16215 	 * PKT_DMA_PARTIAL support is taken out of the disk driver in favor
16216 	 * of the new PKT_CMD_BREAKUP protocol. See also sd_initpkt_for_buf()
16217 	 * and sd_start_cmds().
16218 	 *
16219 	 * Free any DMA resources associated with this command if there
16220 	 * is a chance it could be retried or enqueued for later retry.
16221 	 * If we keep the DMA binding then mpxio cannot reissue the
16222 	 * command on another path whenever a path failure occurs.
16223 	 *
16224 	 * Note that when PKT_DMA_PARTIAL is used, free/reallocation
16225 	 * causes the *entire* transfer to start over again from the
16226 	 * beginning of the request, even for PARTIAL chunks that
16227 	 * have already transferred successfully.
16228 	 *
16229 	 * This is only done for non-uscsi commands (and also skipped for the
16230 	 * driver's internal RQS command). Also just do this for Fibre Channel
16231 	 * devices as these are the only ones that support mpxio.
16232 	 */
16233 	if ((un->un_f_is_fibre == TRUE) &&
16234 	    ((xp->xb_pkt_flags & SD_XB_USCSICMD) == 0) &&
16235 	    ((pktp->pkt_flags & FLAG_SENSING) == 0))  {
16236 		scsi_dmafree(pktp);
16237 		xp->xb_pkt_flags |= SD_XB_DMA_FREED;
16238 	}
16239 #endif
16240 
16241 	/*
16242 	 * The command did not successfully complete as requested so check
16243 	 * for FLAG_DIAGNOSE. If set this indicates a uscsi or internal
16244 	 * driver command that should not be retried so just return. If
16245 	 * FLAG_DIAGNOSE is not set the error will be processed below.
16246 	 */
16247 	if ((pktp->pkt_flags & FLAG_DIAGNOSE) != 0) {
16248 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16249 		    "sdintr: FLAG_DIAGNOSE: sd_return_failed_command\n");
16250 		/*
16251 		 * Issue a request sense if a check condition caused the error
16252 		 * (we handle the auto request sense case above), otherwise
16253 		 * just fail the command.
16254 		 */
16255 		if ((pktp->pkt_reason == CMD_CMPLT) &&
16256 		    (SD_GET_PKT_STATUS(pktp) == STATUS_CHECK)) {
16257 			sd_send_request_sense_command(un, bp, pktp);
16258 		} else {
16259 			sd_return_failed_command(un, bp, EIO);
16260 		}
16261 		goto exit;
16262 	}
16263 
16264 	/*
16265 	 * The command did not successfully complete as requested so process
16266 	 * the error, retry, and/or attempt recovery.
16267 	 */
16268 	switch (pktp->pkt_reason) {
16269 	case CMD_CMPLT:
16270 		switch (SD_GET_PKT_STATUS(pktp)) {
16271 		case STATUS_GOOD:
16272 			/*
16273 			 * The command completed successfully with a non-zero
16274 			 * residual
16275 			 */
16276 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16277 			    "sdintr: STATUS_GOOD \n");
16278 			sd_pkt_status_good(un, bp, xp, pktp);
16279 			break;
16280 
16281 		case STATUS_CHECK:
16282 		case STATUS_TERMINATED:
16283 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16284 			    "sdintr: STATUS_TERMINATED | STATUS_CHECK\n");
16285 			sd_pkt_status_check_condition(un, bp, xp, pktp);
16286 			break;
16287 
16288 		case STATUS_BUSY:
16289 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16290 			    "sdintr: STATUS_BUSY\n");
16291 			sd_pkt_status_busy(un, bp, xp, pktp);
16292 			break;
16293 
16294 		case STATUS_RESERVATION_CONFLICT:
16295 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16296 			    "sdintr: STATUS_RESERVATION_CONFLICT\n");
16297 			sd_pkt_status_reservation_conflict(un, bp, xp, pktp);
16298 			break;
16299 
16300 		case STATUS_QFULL:
16301 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16302 			    "sdintr: STATUS_QFULL\n");
16303 			sd_pkt_status_qfull(un, bp, xp, pktp);
16304 			break;
16305 
16306 		case STATUS_MET:
16307 		case STATUS_INTERMEDIATE:
16308 		case STATUS_SCSI2:
16309 		case STATUS_INTERMEDIATE_MET:
16310 		case STATUS_ACA_ACTIVE:
16311 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16312 			    "Unexpected SCSI status received: 0x%x\n",
16313 			    SD_GET_PKT_STATUS(pktp));
16314 			sd_return_failed_command(un, bp, EIO);
16315 			break;
16316 
16317 		default:
16318 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
16319 			    "Invalid SCSI status received: 0x%x\n",
16320 			    SD_GET_PKT_STATUS(pktp));
16321 			sd_return_failed_command(un, bp, EIO);
16322 			break;
16323 
16324 		}
16325 		break;
16326 
16327 	case CMD_INCOMPLETE:
16328 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16329 		    "sdintr:  CMD_INCOMPLETE\n");
16330 		sd_pkt_reason_cmd_incomplete(un, bp, xp, pktp);
16331 		break;
16332 	case CMD_TRAN_ERR:
16333 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16334 		    "sdintr: CMD_TRAN_ERR\n");
16335 		sd_pkt_reason_cmd_tran_err(un, bp, xp, pktp);
16336 		break;
16337 	case CMD_RESET:
16338 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16339 		    "sdintr: CMD_RESET \n");
16340 		sd_pkt_reason_cmd_reset(un, bp, xp, pktp);
16341 		break;
16342 	case CMD_ABORTED:
16343 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16344 		    "sdintr: CMD_ABORTED \n");
16345 		sd_pkt_reason_cmd_aborted(un, bp, xp, pktp);
16346 		break;
16347 	case CMD_TIMEOUT:
16348 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16349 		    "sdintr: CMD_TIMEOUT\n");
16350 		sd_pkt_reason_cmd_timeout(un, bp, xp, pktp);
16351 		break;
16352 	case CMD_UNX_BUS_FREE:
16353 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16354 		    "sdintr: CMD_UNX_BUS_FREE \n");
16355 		sd_pkt_reason_cmd_unx_bus_free(un, bp, xp, pktp);
16356 		break;
16357 	case CMD_TAG_REJECT:
16358 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16359 		    "sdintr: CMD_TAG_REJECT\n");
16360 		sd_pkt_reason_cmd_tag_reject(un, bp, xp, pktp);
16361 		break;
16362 	default:
16363 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
16364 		    "sdintr: default\n");
16365 		sd_pkt_reason_default(un, bp, xp, pktp);
16366 		break;
16367 	}
16368 
16369 exit:
16370 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sdintr: exit\n");
16371 
16372 	/* Decrement counter to indicate that the callback routine is done. */
16373 	un->un_in_callback--;
16374 	ASSERT(un->un_in_callback >= 0);
16375 
16376 	/*
16377 	 * At this point, the pkt has been dispatched, ie, it is either
16378 	 * being re-tried or has been returned to its caller and should
16379 	 * not be referenced.
16380 	 */
16381 
16382 	mutex_exit(SD_MUTEX(un));
16383 }
16384 
16385 
16386 /*
16387  *    Function: sd_print_incomplete_msg
16388  *
16389  * Description: Prints the error message for a CMD_INCOMPLETE error.
16390  *
16391  *   Arguments: un - ptr to associated softstate for the device.
16392  *		bp - ptr to the buf(9S) for the command.
16393  *		arg - message string ptr
16394  *		code - SD_DELAYED_RETRY_ISSUED, SD_IMMEDIATE_RETRY_ISSUED,
16395  *			or SD_NO_RETRY_ISSUED.
16396  *
16397  *     Context: May be called under interrupt context
16398  */
16399 
16400 static void
16401 sd_print_incomplete_msg(struct sd_lun *un, struct buf *bp, void *arg, int code)
16402 {
16403 	struct scsi_pkt	*pktp;
16404 	char	*msgp;
16405 	char	*cmdp = arg;
16406 
16407 	ASSERT(un != NULL);
16408 	ASSERT(mutex_owned(SD_MUTEX(un)));
16409 	ASSERT(bp != NULL);
16410 	ASSERT(arg != NULL);
16411 	pktp = SD_GET_PKTP(bp);
16412 	ASSERT(pktp != NULL);
16413 
16414 	switch (code) {
16415 	case SD_DELAYED_RETRY_ISSUED:
16416 	case SD_IMMEDIATE_RETRY_ISSUED:
16417 		msgp = "retrying";
16418 		break;
16419 	case SD_NO_RETRY_ISSUED:
16420 	default:
16421 		msgp = "giving up";
16422 		break;
16423 	}
16424 
16425 	if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
16426 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16427 		    "incomplete %s- %s\n", cmdp, msgp);
16428 	}
16429 }
16430 
16431 
16432 
16433 /*
16434  *    Function: sd_pkt_status_good
16435  *
16436  * Description: Processing for a STATUS_GOOD code in pkt_status.
16437  *
16438  *     Context: May be called under interrupt context
16439  */
16440 
16441 static void
16442 sd_pkt_status_good(struct sd_lun *un, struct buf *bp,
16443 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
16444 {
16445 	char	*cmdp;
16446 
16447 	ASSERT(un != NULL);
16448 	ASSERT(mutex_owned(SD_MUTEX(un)));
16449 	ASSERT(bp != NULL);
16450 	ASSERT(xp != NULL);
16451 	ASSERT(pktp != NULL);
16452 	ASSERT(pktp->pkt_reason == CMD_CMPLT);
16453 	ASSERT(SD_GET_PKT_STATUS(pktp) == STATUS_GOOD);
16454 	ASSERT(pktp->pkt_resid != 0);
16455 
16456 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: entry\n");
16457 
16458 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
16459 	switch (SD_GET_PKT_OPCODE(pktp) & 0x1F) {
16460 	case SCMD_READ:
16461 		cmdp = "read";
16462 		break;
16463 	case SCMD_WRITE:
16464 		cmdp = "write";
16465 		break;
16466 	default:
16467 		SD_UPDATE_B_RESID(bp, pktp);
16468 		sd_return_command(un, bp);
16469 		SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: exit\n");
16470 		return;
16471 	}
16472 
16473 	/*
16474 	 * See if we can retry the read/write, preferrably immediately.
16475 	 * If retries are exhaused, then sd_retry_command() will update
16476 	 * the b_resid count.
16477 	 */
16478 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_incomplete_msg,
16479 	    cmdp, EIO, (clock_t)0, NULL);
16480 
16481 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_good: exit\n");
16482 }
16483 
16484 
16485 
16486 
16487 
16488 /*
16489  *    Function: sd_handle_request_sense
16490  *
16491  * Description: Processing for non-auto Request Sense command.
16492  *
16493  *   Arguments: un - ptr to associated softstate
16494  *		sense_bp - ptr to buf(9S) for the RQS command
16495  *		sense_xp - ptr to the sd_xbuf for the RQS command
16496  *		sense_pktp - ptr to the scsi_pkt(9S) for the RQS command
16497  *
16498  *     Context: May be called under interrupt context
16499  */
16500 
16501 static void
16502 sd_handle_request_sense(struct sd_lun *un, struct buf *sense_bp,
16503 	struct sd_xbuf *sense_xp, struct scsi_pkt *sense_pktp)
16504 {
16505 	struct buf	*cmd_bp;	/* buf for the original command */
16506 	struct sd_xbuf	*cmd_xp;	/* sd_xbuf for the original command */
16507 	struct scsi_pkt *cmd_pktp;	/* pkt for the original command */
16508 
16509 	ASSERT(un != NULL);
16510 	ASSERT(mutex_owned(SD_MUTEX(un)));
16511 	ASSERT(sense_bp != NULL);
16512 	ASSERT(sense_xp != NULL);
16513 	ASSERT(sense_pktp != NULL);
16514 
16515 	/*
16516 	 * Note the sense_bp, sense_xp, and sense_pktp here are for the
16517 	 * RQS command and not the original command.
16518 	 */
16519 	ASSERT(sense_pktp == un->un_rqs_pktp);
16520 	ASSERT(sense_bp   == un->un_rqs_bp);
16521 	ASSERT((sense_pktp->pkt_flags & (FLAG_SENSING | FLAG_HEAD)) ==
16522 	    (FLAG_SENSING | FLAG_HEAD));
16523 	ASSERT((((SD_GET_XBUF(sense_xp->xb_sense_bp))->xb_pktp->pkt_flags) &
16524 	    FLAG_SENSING) == FLAG_SENSING);
16525 
16526 	/* These are the bp, xp, and pktp for the original command */
16527 	cmd_bp = sense_xp->xb_sense_bp;
16528 	cmd_xp = SD_GET_XBUF(cmd_bp);
16529 	cmd_pktp = SD_GET_PKTP(cmd_bp);
16530 
16531 	if (sense_pktp->pkt_reason != CMD_CMPLT) {
16532 		/*
16533 		 * The REQUEST SENSE command failed.  Release the REQUEST
16534 		 * SENSE command for re-use, get back the bp for the original
16535 		 * command, and attempt to re-try the original command if
16536 		 * FLAG_DIAGNOSE is not set in the original packet.
16537 		 */
16538 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
16539 		if ((cmd_pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
16540 			cmd_bp = sd_mark_rqs_idle(un, sense_xp);
16541 			sd_retry_command(un, cmd_bp, SD_RETRIES_STANDARD,
16542 			    NULL, NULL, EIO, (clock_t)0, NULL);
16543 			return;
16544 		}
16545 	}
16546 
16547 	/*
16548 	 * Save the relevant sense info into the xp for the original cmd.
16549 	 *
16550 	 * Note: if the request sense failed the state info will be zero
16551 	 * as set in sd_mark_rqs_busy()
16552 	 */
16553 	cmd_xp->xb_sense_status = *(sense_pktp->pkt_scbp);
16554 	cmd_xp->xb_sense_state  = sense_pktp->pkt_state;
16555 	cmd_xp->xb_sense_resid  = sense_pktp->pkt_resid;
16556 	bcopy(sense_bp->b_un.b_addr, cmd_xp->xb_sense_data, SENSE_LENGTH);
16557 
16558 	/*
16559 	 *  Free up the RQS command....
16560 	 *  NOTE:
16561 	 *	Must do this BEFORE calling sd_validate_sense_data!
16562 	 *	sd_validate_sense_data may return the original command in
16563 	 *	which case the pkt will be freed and the flags can no
16564 	 *	longer be touched.
16565 	 *	SD_MUTEX is held through this process until the command
16566 	 *	is dispatched based upon the sense data, so there are
16567 	 *	no race conditions.
16568 	 */
16569 	(void) sd_mark_rqs_idle(un, sense_xp);
16570 
16571 	/*
16572 	 * For a retryable command see if we have valid sense data, if so then
16573 	 * turn it over to sd_decode_sense() to figure out the right course of
16574 	 * action. Just fail a non-retryable command.
16575 	 */
16576 	if ((cmd_pktp->pkt_flags & FLAG_DIAGNOSE) == 0) {
16577 		if (sd_validate_sense_data(un, cmd_bp, cmd_xp) ==
16578 		    SD_SENSE_DATA_IS_VALID) {
16579 			sd_decode_sense(un, cmd_bp, cmd_xp, cmd_pktp);
16580 		}
16581 	} else {
16582 		SD_DUMP_MEMORY(un, SD_LOG_IO_CORE, "Failed CDB",
16583 		    (uchar_t *)cmd_pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
16584 		SD_DUMP_MEMORY(un, SD_LOG_IO_CORE, "Sense Data",
16585 		    (uchar_t *)cmd_xp->xb_sense_data, SENSE_LENGTH, SD_LOG_HEX);
16586 		sd_return_failed_command(un, cmd_bp, EIO);
16587 	}
16588 }
16589 
16590 
16591 
16592 
16593 /*
16594  *    Function: sd_handle_auto_request_sense
16595  *
16596  * Description: Processing for auto-request sense information.
16597  *
16598  *   Arguments: un - ptr to associated softstate
16599  *		bp - ptr to buf(9S) for the command
16600  *		xp - ptr to the sd_xbuf for the command
16601  *		pktp - ptr to the scsi_pkt(9S) for the command
16602  *
16603  *     Context: May be called under interrupt context
16604  */
16605 
16606 static void
16607 sd_handle_auto_request_sense(struct sd_lun *un, struct buf *bp,
16608 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
16609 {
16610 	struct scsi_arq_status *asp;
16611 
16612 	ASSERT(un != NULL);
16613 	ASSERT(mutex_owned(SD_MUTEX(un)));
16614 	ASSERT(bp != NULL);
16615 	ASSERT(xp != NULL);
16616 	ASSERT(pktp != NULL);
16617 	ASSERT(pktp != un->un_rqs_pktp);
16618 	ASSERT(bp   != un->un_rqs_bp);
16619 
16620 	/*
16621 	 * For auto-request sense, we get a scsi_arq_status back from
16622 	 * the HBA, with the sense data in the sts_sensedata member.
16623 	 * The pkt_scbp of the packet points to this scsi_arq_status.
16624 	 */
16625 	asp = (struct scsi_arq_status *)(pktp->pkt_scbp);
16626 
16627 	if (asp->sts_rqpkt_reason != CMD_CMPLT) {
16628 		/*
16629 		 * The auto REQUEST SENSE failed; see if we can re-try
16630 		 * the original command.
16631 		 */
16632 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16633 		    "auto request sense failed (reason=%s)\n",
16634 		    scsi_rname(asp->sts_rqpkt_reason));
16635 
16636 		sd_reset_target(un, pktp);
16637 
16638 		sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16639 		    NULL, NULL, EIO, (clock_t)0, NULL);
16640 		return;
16641 	}
16642 
16643 	/* Save the relevant sense info into the xp for the original cmd. */
16644 	xp->xb_sense_status = *((uchar_t *)(&(asp->sts_rqpkt_status)));
16645 	xp->xb_sense_state  = asp->sts_rqpkt_state;
16646 	xp->xb_sense_resid  = asp->sts_rqpkt_resid;
16647 	bcopy(&asp->sts_sensedata, xp->xb_sense_data,
16648 	    min(sizeof (struct scsi_extended_sense), SENSE_LENGTH));
16649 
16650 	/*
16651 	 * See if we have valid sense data, if so then turn it over to
16652 	 * sd_decode_sense() to figure out the right course of action.
16653 	 */
16654 	if (sd_validate_sense_data(un, bp, xp) == SD_SENSE_DATA_IS_VALID) {
16655 		sd_decode_sense(un, bp, xp, pktp);
16656 	}
16657 }
16658 
16659 
16660 /*
16661  *    Function: sd_print_sense_failed_msg
16662  *
16663  * Description: Print log message when RQS has failed.
16664  *
16665  *   Arguments: un - ptr to associated softstate
16666  *		bp - ptr to buf(9S) for the command
16667  *		arg - generic message string ptr
16668  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
16669  *			or SD_NO_RETRY_ISSUED
16670  *
16671  *     Context: May be called from interrupt context
16672  */
16673 
16674 static void
16675 sd_print_sense_failed_msg(struct sd_lun *un, struct buf *bp, void *arg,
16676 	int code)
16677 {
16678 	char	*msgp = arg;
16679 
16680 	ASSERT(un != NULL);
16681 	ASSERT(mutex_owned(SD_MUTEX(un)));
16682 	ASSERT(bp != NULL);
16683 
16684 	if ((code == SD_NO_RETRY_ISSUED) && (msgp != NULL)) {
16685 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, msgp);
16686 	}
16687 }
16688 
16689 
16690 /*
16691  *    Function: sd_validate_sense_data
16692  *
16693  * Description: Check the given sense data for validity.
16694  *		If the sense data is not valid, the command will
16695  *		be either failed or retried!
16696  *
16697  * Return Code: SD_SENSE_DATA_IS_INVALID
16698  *		SD_SENSE_DATA_IS_VALID
16699  *
16700  *     Context: May be called from interrupt context
16701  */
16702 
16703 static int
16704 sd_validate_sense_data(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp)
16705 {
16706 	struct scsi_extended_sense *esp;
16707 	struct	scsi_pkt *pktp;
16708 	size_t	actual_len;
16709 	char	*msgp = NULL;
16710 
16711 	ASSERT(un != NULL);
16712 	ASSERT(mutex_owned(SD_MUTEX(un)));
16713 	ASSERT(bp != NULL);
16714 	ASSERT(bp != un->un_rqs_bp);
16715 	ASSERT(xp != NULL);
16716 
16717 	pktp = SD_GET_PKTP(bp);
16718 	ASSERT(pktp != NULL);
16719 
16720 	/*
16721 	 * Check the status of the RQS command (auto or manual).
16722 	 */
16723 	switch (xp->xb_sense_status & STATUS_MASK) {
16724 	case STATUS_GOOD:
16725 		break;
16726 
16727 	case STATUS_RESERVATION_CONFLICT:
16728 		sd_pkt_status_reservation_conflict(un, bp, xp, pktp);
16729 		return (SD_SENSE_DATA_IS_INVALID);
16730 
16731 	case STATUS_BUSY:
16732 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16733 		    "Busy Status on REQUEST SENSE\n");
16734 		sd_retry_command(un, bp, SD_RETRIES_BUSY, NULL,
16735 		    NULL, EIO, SD_BSY_TIMEOUT / 500, kstat_waitq_enter);
16736 		return (SD_SENSE_DATA_IS_INVALID);
16737 
16738 	case STATUS_QFULL:
16739 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
16740 		    "QFULL Status on REQUEST SENSE\n");
16741 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL,
16742 		    NULL, EIO, SD_BSY_TIMEOUT / 500, kstat_waitq_enter);
16743 		return (SD_SENSE_DATA_IS_INVALID);
16744 
16745 	case STATUS_CHECK:
16746 	case STATUS_TERMINATED:
16747 		msgp = "Check Condition on REQUEST SENSE\n";
16748 		goto sense_failed;
16749 
16750 	default:
16751 		msgp = "Not STATUS_GOOD on REQUEST_SENSE\n";
16752 		goto sense_failed;
16753 	}
16754 
16755 	/*
16756 	 * See if we got the minimum required amount of sense data.
16757 	 * Note: We are assuming the returned sense data is SENSE_LENGTH bytes
16758 	 * or less.
16759 	 */
16760 	actual_len = (int)(SENSE_LENGTH - xp->xb_sense_resid);
16761 	if (((xp->xb_sense_state & STATE_XFERRED_DATA) == 0) ||
16762 	    (actual_len == 0)) {
16763 		msgp = "Request Sense couldn't get sense data\n";
16764 		goto sense_failed;
16765 	}
16766 
16767 	if (actual_len < SUN_MIN_SENSE_LENGTH) {
16768 		msgp = "Not enough sense information\n";
16769 		goto sense_failed;
16770 	}
16771 
16772 	/*
16773 	 * We require the extended sense data
16774 	 */
16775 	esp = (struct scsi_extended_sense *)xp->xb_sense_data;
16776 	if (esp->es_class != CLASS_EXTENDED_SENSE) {
16777 		if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
16778 			static char tmp[8];
16779 			static char buf[148];
16780 			char *p = (char *)(xp->xb_sense_data);
16781 			int i;
16782 
16783 			mutex_enter(&sd_sense_mutex);
16784 			(void) strcpy(buf, "undecodable sense information:");
16785 			for (i = 0; i < actual_len; i++) {
16786 				(void) sprintf(tmp, " 0x%x", *(p++)&0xff);
16787 				(void) strcpy(&buf[strlen(buf)], tmp);
16788 			}
16789 			i = strlen(buf);
16790 			(void) strcpy(&buf[i], "-(assumed fatal)\n");
16791 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, buf);
16792 			mutex_exit(&sd_sense_mutex);
16793 		}
16794 		/* Note: Legacy behavior, fail the command with no retry */
16795 		sd_return_failed_command(un, bp, EIO);
16796 		return (SD_SENSE_DATA_IS_INVALID);
16797 	}
16798 
16799 	/*
16800 	 * Check that es_code is valid (es_class concatenated with es_code
16801 	 * make up the "response code" field.  es_class will always be 7, so
16802 	 * make sure es_code is 0, 1, 2, 3 or 0xf.  es_code will indicate the
16803 	 * format.
16804 	 */
16805 	if ((esp->es_code != CODE_FMT_FIXED_CURRENT) &&
16806 	    (esp->es_code != CODE_FMT_FIXED_DEFERRED) &&
16807 	    (esp->es_code != CODE_FMT_DESCR_CURRENT) &&
16808 	    (esp->es_code != CODE_FMT_DESCR_DEFERRED) &&
16809 	    (esp->es_code != CODE_FMT_VENDOR_SPECIFIC)) {
16810 		goto sense_failed;
16811 	}
16812 
16813 	return (SD_SENSE_DATA_IS_VALID);
16814 
16815 sense_failed:
16816 	/*
16817 	 * If the request sense failed (for whatever reason), attempt
16818 	 * to retry the original command.
16819 	 */
16820 #if defined(__i386) || defined(__amd64)
16821 	/*
16822 	 * SD_RETRY_DELAY is conditionally compile (#if fibre) in
16823 	 * sddef.h for Sparc platform, and x86 uses 1 binary
16824 	 * for both SCSI/FC.
16825 	 * The SD_RETRY_DELAY value need to be adjusted here
16826 	 * when SD_RETRY_DELAY change in sddef.h
16827 	 */
16828 	sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16829 	    sd_print_sense_failed_msg, msgp, EIO,
16830 		un->un_f_is_fibre?drv_usectohz(100000):(clock_t)0, NULL);
16831 #else
16832 	sd_retry_command(un, bp, SD_RETRIES_STANDARD,
16833 	    sd_print_sense_failed_msg, msgp, EIO, SD_RETRY_DELAY, NULL);
16834 #endif
16835 
16836 	return (SD_SENSE_DATA_IS_INVALID);
16837 }
16838 
16839 
16840 
16841 /*
16842  *    Function: sd_decode_sense
16843  *
16844  * Description: Take recovery action(s) when SCSI Sense Data is received.
16845  *
16846  *     Context: Interrupt context.
16847  */
16848 
16849 static void
16850 sd_decode_sense(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
16851 	struct scsi_pkt *pktp)
16852 {
16853 	struct scsi_extended_sense *esp;
16854 	struct scsi_descr_sense_hdr *sdsp;
16855 	uint8_t asc, ascq, sense_key;
16856 
16857 	ASSERT(un != NULL);
16858 	ASSERT(mutex_owned(SD_MUTEX(un)));
16859 	ASSERT(bp != NULL);
16860 	ASSERT(bp != un->un_rqs_bp);
16861 	ASSERT(xp != NULL);
16862 	ASSERT(pktp != NULL);
16863 
16864 	esp = (struct scsi_extended_sense *)xp->xb_sense_data;
16865 
16866 	switch (esp->es_code) {
16867 	case CODE_FMT_DESCR_CURRENT:
16868 	case CODE_FMT_DESCR_DEFERRED:
16869 		sdsp = (struct scsi_descr_sense_hdr *)xp->xb_sense_data;
16870 		sense_key = sdsp->ds_key;
16871 		asc = sdsp->ds_add_code;
16872 		ascq = sdsp->ds_qual_code;
16873 		break;
16874 	case CODE_FMT_VENDOR_SPECIFIC:
16875 	case CODE_FMT_FIXED_CURRENT:
16876 	case CODE_FMT_FIXED_DEFERRED:
16877 	default:
16878 		sense_key = esp->es_key;
16879 		asc = esp->es_add_code;
16880 		ascq = esp->es_qual_code;
16881 		break;
16882 	}
16883 
16884 	switch (sense_key) {
16885 	case KEY_NO_SENSE:
16886 		sd_sense_key_no_sense(un, bp, xp, pktp);
16887 		break;
16888 	case KEY_RECOVERABLE_ERROR:
16889 		sd_sense_key_recoverable_error(un, asc, bp, xp, pktp);
16890 		break;
16891 	case KEY_NOT_READY:
16892 		sd_sense_key_not_ready(un, asc, ascq, bp, xp, pktp);
16893 		break;
16894 	case KEY_MEDIUM_ERROR:
16895 	case KEY_HARDWARE_ERROR:
16896 		sd_sense_key_medium_or_hardware_error(un,
16897 		    sense_key, asc, bp, xp, pktp);
16898 		break;
16899 	case KEY_ILLEGAL_REQUEST:
16900 		sd_sense_key_illegal_request(un, bp, xp, pktp);
16901 		break;
16902 	case KEY_UNIT_ATTENTION:
16903 		sd_sense_key_unit_attention(un, asc, bp, xp, pktp);
16904 		break;
16905 	case KEY_WRITE_PROTECT:
16906 	case KEY_VOLUME_OVERFLOW:
16907 	case KEY_MISCOMPARE:
16908 		sd_sense_key_fail_command(un, bp, xp, pktp);
16909 		break;
16910 	case KEY_BLANK_CHECK:
16911 		sd_sense_key_blank_check(un, bp, xp, pktp);
16912 		break;
16913 	case KEY_ABORTED_COMMAND:
16914 		sd_sense_key_aborted_command(un, bp, xp, pktp);
16915 		break;
16916 	case KEY_VENDOR_UNIQUE:
16917 	case KEY_COPY_ABORTED:
16918 	case KEY_EQUAL:
16919 	case KEY_RESERVED:
16920 	default:
16921 		sd_sense_key_default(un, sense_key, bp, xp, pktp);
16922 		break;
16923 	}
16924 }
16925 
16926 
16927 /*
16928  *    Function: sd_dump_memory
16929  *
16930  * Description: Debug logging routine to print the contents of a user provided
16931  *		buffer. The output of the buffer is broken up into 256 byte
16932  *		segments due to a size constraint of the scsi_log.
16933  *		implementation.
16934  *
16935  *   Arguments: un - ptr to softstate
16936  *		comp - component mask
16937  *		title - "title" string to preceed data when printed
16938  *		data - ptr to data block to be printed
16939  *		len - size of data block to be printed
16940  *		fmt - SD_LOG_HEX (use 0x%02x format) or SD_LOG_CHAR (use %c)
16941  *
16942  *     Context: May be called from interrupt context
16943  */
16944 
16945 #define	SD_DUMP_MEMORY_BUF_SIZE	256
16946 
16947 static char *sd_dump_format_string[] = {
16948 		" 0x%02x",
16949 		" %c"
16950 };
16951 
16952 static void
16953 sd_dump_memory(struct sd_lun *un, uint_t comp, char *title, uchar_t *data,
16954     int len, int fmt)
16955 {
16956 	int	i, j;
16957 	int	avail_count;
16958 	int	start_offset;
16959 	int	end_offset;
16960 	size_t	entry_len;
16961 	char	*bufp;
16962 	char	*local_buf;
16963 	char	*format_string;
16964 
16965 	ASSERT((fmt == SD_LOG_HEX) || (fmt == SD_LOG_CHAR));
16966 
16967 	/*
16968 	 * In the debug version of the driver, this function is called from a
16969 	 * number of places which are NOPs in the release driver.
16970 	 * The debug driver therefore has additional methods of filtering
16971 	 * debug output.
16972 	 */
16973 #ifdef SDDEBUG
16974 	/*
16975 	 * In the debug version of the driver we can reduce the amount of debug
16976 	 * messages by setting sd_error_level to something other than
16977 	 * SCSI_ERR_ALL and clearing bits in sd_level_mask and
16978 	 * sd_component_mask.
16979 	 */
16980 	if (((sd_level_mask & (SD_LOGMASK_DUMP_MEM | SD_LOGMASK_DIAG)) == 0) ||
16981 	    (sd_error_level != SCSI_ERR_ALL)) {
16982 		return;
16983 	}
16984 	if (((sd_component_mask & comp) == 0) ||
16985 	    (sd_error_level != SCSI_ERR_ALL)) {
16986 		return;
16987 	}
16988 #else
16989 	if (sd_error_level != SCSI_ERR_ALL) {
16990 		return;
16991 	}
16992 #endif
16993 
16994 	local_buf = kmem_zalloc(SD_DUMP_MEMORY_BUF_SIZE, KM_SLEEP);
16995 	bufp = local_buf;
16996 	/*
16997 	 * Available length is the length of local_buf[], minus the
16998 	 * length of the title string, minus one for the ":", minus
16999 	 * one for the newline, minus one for the NULL terminator.
17000 	 * This gives the #bytes available for holding the printed
17001 	 * values from the given data buffer.
17002 	 */
17003 	if (fmt == SD_LOG_HEX) {
17004 		format_string = sd_dump_format_string[0];
17005 	} else /* SD_LOG_CHAR */ {
17006 		format_string = sd_dump_format_string[1];
17007 	}
17008 	/*
17009 	 * Available count is the number of elements from the given
17010 	 * data buffer that we can fit into the available length.
17011 	 * This is based upon the size of the format string used.
17012 	 * Make one entry and find it's size.
17013 	 */
17014 	(void) sprintf(bufp, format_string, data[0]);
17015 	entry_len = strlen(bufp);
17016 	avail_count = (SD_DUMP_MEMORY_BUF_SIZE - strlen(title) - 3) / entry_len;
17017 
17018 	j = 0;
17019 	while (j < len) {
17020 		bufp = local_buf;
17021 		bzero(bufp, SD_DUMP_MEMORY_BUF_SIZE);
17022 		start_offset = j;
17023 
17024 		end_offset = start_offset + avail_count;
17025 
17026 		(void) sprintf(bufp, "%s:", title);
17027 		bufp += strlen(bufp);
17028 		for (i = start_offset; ((i < end_offset) && (j < len));
17029 		    i++, j++) {
17030 			(void) sprintf(bufp, format_string, data[i]);
17031 			bufp += entry_len;
17032 		}
17033 		(void) sprintf(bufp, "\n");
17034 
17035 		scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE, "%s", local_buf);
17036 	}
17037 	kmem_free(local_buf, SD_DUMP_MEMORY_BUF_SIZE);
17038 }
17039 
17040 /*
17041  *    Function: sd_print_sense_msg
17042  *
17043  * Description: Log a message based upon the given sense data.
17044  *
17045  *   Arguments: un - ptr to associated softstate
17046  *		bp - ptr to buf(9S) for the command
17047  *		arg - ptr to associate sd_sense_info struct
17048  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
17049  *			or SD_NO_RETRY_ISSUED
17050  *
17051  *     Context: May be called from interrupt context
17052  */
17053 
17054 static void
17055 sd_print_sense_msg(struct sd_lun *un, struct buf *bp, void *arg, int code)
17056 {
17057 	struct sd_xbuf	*xp;
17058 	struct scsi_pkt	*pktp;
17059 	struct scsi_extended_sense *sensep;
17060 	daddr_t request_blkno;
17061 	diskaddr_t err_blkno;
17062 	int severity;
17063 	int pfa_flag;
17064 	int fixed_format = TRUE;
17065 	extern struct scsi_key_strings scsi_cmds[];
17066 
17067 	ASSERT(un != NULL);
17068 	ASSERT(mutex_owned(SD_MUTEX(un)));
17069 	ASSERT(bp != NULL);
17070 	xp = SD_GET_XBUF(bp);
17071 	ASSERT(xp != NULL);
17072 	pktp = SD_GET_PKTP(bp);
17073 	ASSERT(pktp != NULL);
17074 	ASSERT(arg != NULL);
17075 
17076 	severity = ((struct sd_sense_info *)(arg))->ssi_severity;
17077 	pfa_flag = ((struct sd_sense_info *)(arg))->ssi_pfa_flag;
17078 
17079 	if ((code == SD_DELAYED_RETRY_ISSUED) ||
17080 	    (code == SD_IMMEDIATE_RETRY_ISSUED)) {
17081 		severity = SCSI_ERR_RETRYABLE;
17082 	}
17083 
17084 	/* Use absolute block number for the request block number */
17085 	request_blkno = xp->xb_blkno;
17086 
17087 	/*
17088 	 * Now try to get the error block number from the sense data
17089 	 */
17090 	sensep = (struct scsi_extended_sense *)xp->xb_sense_data;
17091 	switch (sensep->es_code) {
17092 	case CODE_FMT_DESCR_CURRENT:
17093 	case CODE_FMT_DESCR_DEFERRED:
17094 		err_blkno =
17095 		    sd_extract_sense_info_descr(
17096 			(struct scsi_descr_sense_hdr *)sensep);
17097 		fixed_format = FALSE;
17098 		break;
17099 	case CODE_FMT_FIXED_CURRENT:
17100 	case CODE_FMT_FIXED_DEFERRED:
17101 	case CODE_FMT_VENDOR_SPECIFIC:
17102 	default:
17103 		/*
17104 		 * With the es_valid bit set, we assume that the error
17105 		 * blkno is in the sense data.  Also, if xp->xb_blkno is
17106 		 * greater than 0xffffffff then the target *should* have used
17107 		 * a descriptor sense format (or it shouldn't have set
17108 		 * the es_valid bit), and we may as well ignore the
17109 		 * 32-bit value.
17110 		 */
17111 		if ((sensep->es_valid != 0) && (xp->xb_blkno <= 0xffffffff)) {
17112 			err_blkno = (diskaddr_t)
17113 			    ((sensep->es_info_1 << 24) |
17114 			    (sensep->es_info_2 << 16) |
17115 			    (sensep->es_info_3 << 8)  |
17116 			    (sensep->es_info_4));
17117 		} else {
17118 			err_blkno = (diskaddr_t)-1;
17119 		}
17120 		break;
17121 	}
17122 
17123 	if (err_blkno == (diskaddr_t)-1) {
17124 		/*
17125 		 * Without the es_valid bit set (for fixed format) or an
17126 		 * information descriptor (for descriptor format) we cannot
17127 		 * be certain of the error blkno, so just use the
17128 		 * request_blkno.
17129 		 */
17130 		err_blkno = (diskaddr_t)request_blkno;
17131 	} else {
17132 		/*
17133 		 * We retrieved the error block number from the information
17134 		 * portion of the sense data.
17135 		 *
17136 		 * For USCSI commands we are better off using the error
17137 		 * block no. as the requested block no. (This is the best
17138 		 * we can estimate.)
17139 		 */
17140 		if ((SD_IS_BUFIO(xp) == FALSE) &&
17141 		    ((pktp->pkt_flags & FLAG_SILENT) == 0)) {
17142 			request_blkno = err_blkno;
17143 		}
17144 	}
17145 
17146 	/*
17147 	 * The following will log the buffer contents for the release driver
17148 	 * if the SD_LOGMASK_DIAG bit of sd_level_mask is set, or the error
17149 	 * level is set to verbose.
17150 	 */
17151 	sd_dump_memory(un, SD_LOG_IO, "Failed CDB",
17152 	    (uchar_t *)pktp->pkt_cdbp, CDB_SIZE, SD_LOG_HEX);
17153 	sd_dump_memory(un, SD_LOG_IO, "Sense Data",
17154 	    (uchar_t *)sensep, SENSE_LENGTH, SD_LOG_HEX);
17155 
17156 	if (pfa_flag == FALSE) {
17157 		/* This is normally only set for USCSI */
17158 		if ((pktp->pkt_flags & FLAG_SILENT) != 0) {
17159 			return;
17160 		}
17161 
17162 		if ((SD_IS_BUFIO(xp) == TRUE) &&
17163 		    (((sd_level_mask & SD_LOGMASK_DIAG) == 0) &&
17164 		    (severity < sd_error_level))) {
17165 			return;
17166 		}
17167 	}
17168 
17169 	/*
17170 	 * If the data is fixed format then check for Sonoma Failover,
17171 	 * and keep a count of how many failed I/O's.  We should not have
17172 	 * to worry about Sonoma returning descriptor format sense data,
17173 	 * and asc/ascq are in a different location in descriptor format.
17174 	 */
17175 	if (fixed_format &&
17176 	    (SD_IS_LSI(un)) && (sensep->es_key == KEY_ILLEGAL_REQUEST) &&
17177 	    (sensep->es_add_code == 0x94) && (sensep->es_qual_code == 0x01)) {
17178 		un->un_sonoma_failure_count++;
17179 		if (un->un_sonoma_failure_count > 1) {
17180 			return;
17181 		}
17182 	}
17183 
17184 	scsi_vu_errmsg(SD_SCSI_DEVP(un), pktp, sd_label, severity,
17185 	    request_blkno, err_blkno, scsi_cmds, sensep,
17186 	    un->un_additional_codes, NULL);
17187 }
17188 
17189 /*
17190  *    Function: sd_extract_sense_info_descr
17191  *
17192  * Description: Retrieve "information" field from descriptor format
17193  *              sense data.  Iterates through each sense descriptor
17194  *              looking for the information descriptor and returns
17195  *              the information field from that descriptor.
17196  *
17197  *     Context: May be called from interrupt context
17198  */
17199 
17200 static diskaddr_t
17201 sd_extract_sense_info_descr(struct scsi_descr_sense_hdr *sdsp)
17202 {
17203 	diskaddr_t result;
17204 	uint8_t *descr_offset;
17205 	int valid_sense_length;
17206 	struct scsi_information_sense_descr *isd;
17207 
17208 	/*
17209 	 * Initialize result to -1 indicating there is no information
17210 	 * descriptor
17211 	 */
17212 	result = (diskaddr_t)-1;
17213 
17214 	/*
17215 	 * The first descriptor will immediately follow the header
17216 	 */
17217 	descr_offset = (uint8_t *)(sdsp+1); /* Pointer arithmetic */
17218 
17219 	/*
17220 	 * Calculate the amount of valid sense data
17221 	 */
17222 	valid_sense_length =
17223 	    min((sizeof (struct scsi_descr_sense_hdr) +
17224 	    sdsp->ds_addl_sense_length),
17225 	    SENSE_LENGTH);
17226 
17227 	/*
17228 	 * Iterate through the list of descriptors, stopping when we
17229 	 * run out of sense data
17230 	 */
17231 	while ((descr_offset + sizeof (struct scsi_information_sense_descr)) <=
17232 	    (uint8_t *)sdsp + valid_sense_length) {
17233 		/*
17234 		 * Check if this is an information descriptor.  We can
17235 		 * use the scsi_information_sense_descr structure as a
17236 		 * template sense the first two fields are always the
17237 		 * same
17238 		 */
17239 		isd = (struct scsi_information_sense_descr *)descr_offset;
17240 		if (isd->isd_descr_type == DESCR_INFORMATION) {
17241 			/*
17242 			 * Found an information descriptor.  Copy the
17243 			 * information field.  There will only be one
17244 			 * information descriptor so we can stop looking.
17245 			 */
17246 			result =
17247 			    (((diskaddr_t)isd->isd_information[0] << 56) |
17248 				((diskaddr_t)isd->isd_information[1] << 48) |
17249 				((diskaddr_t)isd->isd_information[2] << 40) |
17250 				((diskaddr_t)isd->isd_information[3] << 32) |
17251 				((diskaddr_t)isd->isd_information[4] << 24) |
17252 				((diskaddr_t)isd->isd_information[5] << 16) |
17253 				((diskaddr_t)isd->isd_information[6] << 8)  |
17254 				((diskaddr_t)isd->isd_information[7]));
17255 			break;
17256 		}
17257 
17258 		/*
17259 		 * Get pointer to the next descriptor.  The "additional
17260 		 * length" field holds the length of the descriptor except
17261 		 * for the "type" and "additional length" fields, so
17262 		 * we need to add 2 to get the total length.
17263 		 */
17264 		descr_offset += (isd->isd_addl_length + 2);
17265 	}
17266 
17267 	return (result);
17268 }
17269 
17270 /*
17271  *    Function: sd_sense_key_no_sense
17272  *
17273  * Description: Recovery action when sense data was not received.
17274  *
17275  *     Context: May be called from interrupt context
17276  */
17277 
17278 static void
17279 sd_sense_key_no_sense(struct sd_lun *un, struct buf *bp,
17280 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17281 {
17282 	struct sd_sense_info	si;
17283 
17284 	ASSERT(un != NULL);
17285 	ASSERT(mutex_owned(SD_MUTEX(un)));
17286 	ASSERT(bp != NULL);
17287 	ASSERT(xp != NULL);
17288 	ASSERT(pktp != NULL);
17289 
17290 	si.ssi_severity = SCSI_ERR_FATAL;
17291 	si.ssi_pfa_flag = FALSE;
17292 
17293 	SD_UPDATE_ERRSTATS(un, sd_softerrs);
17294 
17295 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17296 		&si, EIO, (clock_t)0, NULL);
17297 }
17298 
17299 
17300 /*
17301  *    Function: sd_sense_key_recoverable_error
17302  *
17303  * Description: Recovery actions for a SCSI "Recovered Error" sense key.
17304  *
17305  *     Context: May be called from interrupt context
17306  */
17307 
17308 static void
17309 sd_sense_key_recoverable_error(struct sd_lun *un,
17310 	uint8_t asc,
17311 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17312 {
17313 	struct sd_sense_info	si;
17314 
17315 	ASSERT(un != NULL);
17316 	ASSERT(mutex_owned(SD_MUTEX(un)));
17317 	ASSERT(bp != NULL);
17318 	ASSERT(xp != NULL);
17319 	ASSERT(pktp != NULL);
17320 
17321 	/*
17322 	 * 0x5D: FAILURE PREDICTION THRESHOLD EXCEEDED
17323 	 */
17324 	if ((asc == 0x5D) && (sd_report_pfa != 0)) {
17325 		SD_UPDATE_ERRSTATS(un, sd_rq_pfa_err);
17326 		si.ssi_severity = SCSI_ERR_INFO;
17327 		si.ssi_pfa_flag = TRUE;
17328 	} else {
17329 		SD_UPDATE_ERRSTATS(un, sd_softerrs);
17330 		SD_UPDATE_ERRSTATS(un, sd_rq_recov_err);
17331 		si.ssi_severity = SCSI_ERR_RECOVERED;
17332 		si.ssi_pfa_flag = FALSE;
17333 	}
17334 
17335 	if (pktp->pkt_resid == 0) {
17336 		sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17337 		sd_return_command(un, bp);
17338 		return;
17339 	}
17340 
17341 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17342 	    &si, EIO, (clock_t)0, NULL);
17343 }
17344 
17345 
17346 
17347 
17348 /*
17349  *    Function: sd_sense_key_not_ready
17350  *
17351  * Description: Recovery actions for a SCSI "Not Ready" sense key.
17352  *
17353  *     Context: May be called from interrupt context
17354  */
17355 
17356 static void
17357 sd_sense_key_not_ready(struct sd_lun *un,
17358 	uint8_t asc, uint8_t ascq,
17359 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17360 {
17361 	struct sd_sense_info	si;
17362 
17363 	ASSERT(un != NULL);
17364 	ASSERT(mutex_owned(SD_MUTEX(un)));
17365 	ASSERT(bp != NULL);
17366 	ASSERT(xp != NULL);
17367 	ASSERT(pktp != NULL);
17368 
17369 	si.ssi_severity = SCSI_ERR_FATAL;
17370 	si.ssi_pfa_flag = FALSE;
17371 
17372 	/*
17373 	 * Update error stats after first NOT READY error. Disks may have
17374 	 * been powered down and may need to be restarted.  For CDROMs,
17375 	 * report NOT READY errors only if media is present.
17376 	 */
17377 	if ((ISCD(un) && (un->un_f_geometry_is_valid == TRUE)) ||
17378 	    (xp->xb_retry_count > 0)) {
17379 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
17380 		SD_UPDATE_ERRSTATS(un, sd_rq_ntrdy_err);
17381 	}
17382 
17383 	/*
17384 	 * Just fail if the "not ready" retry limit has been reached.
17385 	 */
17386 	if (xp->xb_retry_count >= un->un_notready_retry_count) {
17387 		/* Special check for error message printing for removables. */
17388 		if ((ISREMOVABLE(un)) && (asc == 0x04) &&
17389 		    (ascq >= 0x04)) {
17390 			si.ssi_severity = SCSI_ERR_ALL;
17391 		}
17392 		goto fail_command;
17393 	}
17394 
17395 	/*
17396 	 * Check the ASC and ASCQ in the sense data as needed, to determine
17397 	 * what to do.
17398 	 */
17399 	switch (asc) {
17400 	case 0x04:	/* LOGICAL UNIT NOT READY */
17401 		/*
17402 		 * disk drives that don't spin up result in a very long delay
17403 		 * in format without warning messages. We will log a message
17404 		 * if the error level is set to verbose.
17405 		 */
17406 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17407 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17408 			    "logical unit not ready, resetting disk\n");
17409 		}
17410 
17411 		/*
17412 		 * There are different requirements for CDROMs and disks for
17413 		 * the number of retries.  If a CD-ROM is giving this, it is
17414 		 * probably reading TOC and is in the process of getting
17415 		 * ready, so we should keep on trying for a long time to make
17416 		 * sure that all types of media are taken in account (for
17417 		 * some media the drive takes a long time to read TOC).  For
17418 		 * disks we do not want to retry this too many times as this
17419 		 * can cause a long hang in format when the drive refuses to
17420 		 * spin up (a very common failure).
17421 		 */
17422 		switch (ascq) {
17423 		case 0x00:  /* LUN NOT READY, CAUSE NOT REPORTABLE */
17424 			/*
17425 			 * Disk drives frequently refuse to spin up which
17426 			 * results in a very long hang in format without
17427 			 * warning messages.
17428 			 *
17429 			 * Note: This code preserves the legacy behavior of
17430 			 * comparing xb_retry_count against zero for fibre
17431 			 * channel targets instead of comparing against the
17432 			 * un_reset_retry_count value.  The reason for this
17433 			 * discrepancy has been so utterly lost beneath the
17434 			 * Sands of Time that even Indiana Jones could not
17435 			 * find it.
17436 			 */
17437 			if (un->un_f_is_fibre == TRUE) {
17438 				if (((sd_level_mask & SD_LOGMASK_DIAG) ||
17439 					(xp->xb_retry_count > 0)) &&
17440 					(un->un_startstop_timeid == NULL)) {
17441 					scsi_log(SD_DEVINFO(un), sd_label,
17442 					CE_WARN, "logical unit not ready, "
17443 					"resetting disk\n");
17444 					sd_reset_target(un, pktp);
17445 				}
17446 			} else {
17447 				if (((sd_level_mask & SD_LOGMASK_DIAG) ||
17448 					(xp->xb_retry_count >
17449 					un->un_reset_retry_count)) &&
17450 					(un->un_startstop_timeid == NULL)) {
17451 					scsi_log(SD_DEVINFO(un), sd_label,
17452 					CE_WARN, "logical unit not ready, "
17453 					"resetting disk\n");
17454 					sd_reset_target(un, pktp);
17455 				}
17456 			}
17457 			break;
17458 
17459 		case 0x01:  /* LUN IS IN PROCESS OF BECOMING READY */
17460 			/*
17461 			 * If the target is in the process of becoming
17462 			 * ready, just proceed with the retry. This can
17463 			 * happen with CD-ROMs that take a long time to
17464 			 * read TOC after a power cycle or reset.
17465 			 */
17466 			goto do_retry;
17467 
17468 		case 0x02:  /* LUN NOT READY, INITITIALIZING CMD REQUIRED */
17469 			break;
17470 
17471 		case 0x03:  /* LUN NOT READY, MANUAL INTERVENTION REQUIRED */
17472 			/*
17473 			 * Retries cannot help here so just fail right away.
17474 			 */
17475 			goto fail_command;
17476 
17477 		case 0x88:
17478 			/*
17479 			 * Vendor-unique code for T3/T4: it indicates a
17480 			 * path problem in a mutipathed config, but as far as
17481 			 * the target driver is concerned it equates to a fatal
17482 			 * error, so we should just fail the command right away
17483 			 * (without printing anything to the console). If this
17484 			 * is not a T3/T4, fall thru to the default recovery
17485 			 * action.
17486 			 * T3/T4 is FC only, don't need to check is_fibre
17487 			 */
17488 			if (SD_IS_T3(un) || SD_IS_T4(un)) {
17489 				sd_return_failed_command(un, bp, EIO);
17490 				return;
17491 			}
17492 			/* FALLTHRU */
17493 
17494 		case 0x04:  /* LUN NOT READY, FORMAT IN PROGRESS */
17495 		case 0x05:  /* LUN NOT READY, REBUILD IN PROGRESS */
17496 		case 0x06:  /* LUN NOT READY, RECALCULATION IN PROGRESS */
17497 		case 0x07:  /* LUN NOT READY, OPERATION IN PROGRESS */
17498 		case 0x08:  /* LUN NOT READY, LONG WRITE IN PROGRESS */
17499 		default:    /* Possible future codes in SCSI spec? */
17500 			/*
17501 			 * For removable-media devices, do not retry if
17502 			 * ASCQ > 2 as these result mostly from USCSI commands
17503 			 * on MMC devices issued to check status of an
17504 			 * operation initiated in immediate mode.  Also for
17505 			 * ASCQ >= 4 do not print console messages as these
17506 			 * mainly represent a user-initiated operation
17507 			 * instead of a system failure.
17508 			 */
17509 			if (ISREMOVABLE(un)) {
17510 				si.ssi_severity = SCSI_ERR_ALL;
17511 				goto fail_command;
17512 			}
17513 			break;
17514 		}
17515 
17516 		/*
17517 		 * As part of our recovery attempt for the NOT READY
17518 		 * condition, we issue a START STOP UNIT command. However
17519 		 * we want to wait for a short delay before attempting this
17520 		 * as there may still be more commands coming back from the
17521 		 * target with the check condition. To do this we use
17522 		 * timeout(9F) to call sd_start_stop_unit_callback() after
17523 		 * the delay interval expires. (sd_start_stop_unit_callback()
17524 		 * dispatches sd_start_stop_unit_task(), which will issue
17525 		 * the actual START STOP UNIT command. The delay interval
17526 		 * is one-half of the delay that we will use to retry the
17527 		 * command that generated the NOT READY condition.
17528 		 *
17529 		 * Note that we could just dispatch sd_start_stop_unit_task()
17530 		 * from here and allow it to sleep for the delay interval,
17531 		 * but then we would be tying up the taskq thread
17532 		 * uncesessarily for the duration of the delay.
17533 		 *
17534 		 * Do not issue the START STOP UNIT if the current command
17535 		 * is already a START STOP UNIT.
17536 		 */
17537 		if (pktp->pkt_cdbp[0] == SCMD_START_STOP) {
17538 			break;
17539 		}
17540 
17541 		/*
17542 		 * Do not schedule the timeout if one is already pending.
17543 		 */
17544 		if (un->un_startstop_timeid != NULL) {
17545 			SD_INFO(SD_LOG_ERROR, un,
17546 			    "sd_sense_key_not_ready: restart already issued to"
17547 			    " %s%d\n", ddi_driver_name(SD_DEVINFO(un)),
17548 			    ddi_get_instance(SD_DEVINFO(un)));
17549 			break;
17550 		}
17551 
17552 		/*
17553 		 * Schedule the START STOP UNIT command, then queue the command
17554 		 * for a retry.
17555 		 *
17556 		 * Note: A timeout is not scheduled for this retry because we
17557 		 * want the retry to be serial with the START_STOP_UNIT. The
17558 		 * retry will be started when the START_STOP_UNIT is completed
17559 		 * in sd_start_stop_unit_task.
17560 		 */
17561 		un->un_startstop_timeid = timeout(sd_start_stop_unit_callback,
17562 		    un, SD_BSY_TIMEOUT / 2);
17563 		xp->xb_retry_count++;
17564 		sd_set_retry_bp(un, bp, 0, kstat_waitq_enter);
17565 		return;
17566 
17567 	case 0x05:	/* LOGICAL UNIT DOES NOT RESPOND TO SELECTION */
17568 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17569 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17570 			    "unit does not respond to selection\n");
17571 		}
17572 		break;
17573 
17574 	case 0x3A:	/* MEDIUM NOT PRESENT */
17575 		if (sd_error_level >= SCSI_ERR_FATAL) {
17576 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17577 			    "Caddy not inserted in drive\n");
17578 		}
17579 
17580 		sr_ejected(un);
17581 		un->un_mediastate = DKIO_EJECTED;
17582 		/* The state has changed, inform the media watch routines */
17583 		cv_broadcast(&un->un_state_cv);
17584 		/* Just fail if no media is present in the drive. */
17585 		goto fail_command;
17586 
17587 	default:
17588 		if (sd_error_level < SCSI_ERR_RETRYABLE) {
17589 			scsi_log(SD_DEVINFO(un), sd_label, CE_NOTE,
17590 			    "Unit not Ready. Additional sense code 0x%x\n",
17591 			    asc);
17592 		}
17593 		break;
17594 	}
17595 
17596 do_retry:
17597 
17598 	/*
17599 	 * Retry the command, as some targets may report NOT READY for
17600 	 * several seconds after being reset.
17601 	 */
17602 	xp->xb_retry_count++;
17603 	si.ssi_severity = SCSI_ERR_RETRYABLE;
17604 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, sd_print_sense_msg,
17605 	    &si, EIO, SD_BSY_TIMEOUT, NULL);
17606 
17607 	return;
17608 
17609 fail_command:
17610 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17611 	sd_return_failed_command(un, bp, EIO);
17612 }
17613 
17614 
17615 
17616 /*
17617  *    Function: sd_sense_key_medium_or_hardware_error
17618  *
17619  * Description: Recovery actions for a SCSI "Medium Error" or "Hardware Error"
17620  *		sense key.
17621  *
17622  *     Context: May be called from interrupt context
17623  */
17624 
17625 static void
17626 sd_sense_key_medium_or_hardware_error(struct sd_lun *un,
17627 	int sense_key, uint8_t asc,
17628 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17629 {
17630 	struct sd_sense_info	si;
17631 
17632 	ASSERT(un != NULL);
17633 	ASSERT(mutex_owned(SD_MUTEX(un)));
17634 	ASSERT(bp != NULL);
17635 	ASSERT(xp != NULL);
17636 	ASSERT(pktp != NULL);
17637 
17638 	si.ssi_severity = SCSI_ERR_FATAL;
17639 	si.ssi_pfa_flag = FALSE;
17640 
17641 	if (sense_key == KEY_MEDIUM_ERROR) {
17642 		SD_UPDATE_ERRSTATS(un, sd_rq_media_err);
17643 	}
17644 
17645 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17646 
17647 	if ((un->un_reset_retry_count != 0) &&
17648 	    (xp->xb_retry_count == un->un_reset_retry_count)) {
17649 		mutex_exit(SD_MUTEX(un));
17650 		/* Do NOT do a RESET_ALL here: too intrusive. (4112858) */
17651 		if (un->un_f_allow_bus_device_reset == TRUE) {
17652 
17653 			boolean_t try_resetting_target = B_TRUE;
17654 
17655 			/*
17656 			 * We need to be able to handle specific ASC when we are
17657 			 * handling a KEY_HARDWARE_ERROR. In particular
17658 			 * taking the default action of resetting the target may
17659 			 * not be the appropriate way to attempt recovery.
17660 			 * Resetting a target because of a single LUN failure
17661 			 * victimizes all LUNs on that target.
17662 			 *
17663 			 * This is true for the LSI arrays, if an LSI
17664 			 * array controller returns an ASC of 0x84 (LUN Dead) we
17665 			 * should trust it.
17666 			 */
17667 
17668 			if (sense_key == KEY_HARDWARE_ERROR) {
17669 				switch (asc) {
17670 				case 0x84:
17671 					if (SD_IS_LSI(un)) {
17672 						try_resetting_target = B_FALSE;
17673 					}
17674 					break;
17675 				default:
17676 					break;
17677 				}
17678 			}
17679 
17680 			if (try_resetting_target == B_TRUE) {
17681 				int reset_retval = 0;
17682 				if (un->un_f_lun_reset_enabled == TRUE) {
17683 					SD_TRACE(SD_LOG_IO_CORE, un,
17684 					    "sd_sense_key_medium_or_hardware_"
17685 					    "error: issuing RESET_LUN\n");
17686 					reset_retval =
17687 					    scsi_reset(SD_ADDRESS(un),
17688 					    RESET_LUN);
17689 				}
17690 				if (reset_retval == 0) {
17691 					SD_TRACE(SD_LOG_IO_CORE, un,
17692 					    "sd_sense_key_medium_or_hardware_"
17693 					    "error: issuing RESET_TARGET\n");
17694 					(void) scsi_reset(SD_ADDRESS(un),
17695 					    RESET_TARGET);
17696 				}
17697 			}
17698 		}
17699 		mutex_enter(SD_MUTEX(un));
17700 	}
17701 
17702 	/*
17703 	 * This really ought to be a fatal error, but we will retry anyway
17704 	 * as some drives report this as a spurious error.
17705 	 */
17706 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17707 	    &si, EIO, (clock_t)0, NULL);
17708 }
17709 
17710 
17711 
17712 /*
17713  *    Function: sd_sense_key_illegal_request
17714  *
17715  * Description: Recovery actions for a SCSI "Illegal Request" sense key.
17716  *
17717  *     Context: May be called from interrupt context
17718  */
17719 
17720 static void
17721 sd_sense_key_illegal_request(struct sd_lun *un, struct buf *bp,
17722 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17723 {
17724 	struct sd_sense_info	si;
17725 
17726 	ASSERT(un != NULL);
17727 	ASSERT(mutex_owned(SD_MUTEX(un)));
17728 	ASSERT(bp != NULL);
17729 	ASSERT(xp != NULL);
17730 	ASSERT(pktp != NULL);
17731 
17732 	SD_UPDATE_ERRSTATS(un, sd_softerrs);
17733 	SD_UPDATE_ERRSTATS(un, sd_rq_illrq_err);
17734 
17735 	si.ssi_severity = SCSI_ERR_INFO;
17736 	si.ssi_pfa_flag = FALSE;
17737 
17738 	/* Pointless to retry if the target thinks it's an illegal request */
17739 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17740 	sd_return_failed_command(un, bp, EIO);
17741 }
17742 
17743 
17744 
17745 
17746 /*
17747  *    Function: sd_sense_key_unit_attention
17748  *
17749  * Description: Recovery actions for a SCSI "Unit Attention" sense key.
17750  *
17751  *     Context: May be called from interrupt context
17752  */
17753 
17754 static void
17755 sd_sense_key_unit_attention(struct sd_lun *un,
17756 	uint8_t asc,
17757 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17758 {
17759 	/*
17760 	 * For UNIT ATTENTION we allow retries for one minute. Devices
17761 	 * like Sonoma can return UNIT ATTENTION close to a minute
17762 	 * under certain conditions.
17763 	 */
17764 	int	retry_check_flag = SD_RETRIES_UA;
17765 	struct	sd_sense_info		si;
17766 
17767 	ASSERT(un != NULL);
17768 	ASSERT(mutex_owned(SD_MUTEX(un)));
17769 	ASSERT(bp != NULL);
17770 	ASSERT(xp != NULL);
17771 	ASSERT(pktp != NULL);
17772 
17773 	si.ssi_severity = SCSI_ERR_INFO;
17774 	si.ssi_pfa_flag = FALSE;
17775 
17776 
17777 	switch (asc) {
17778 	case 0x5D:  /* FAILURE PREDICTION THRESHOLD EXCEEDED */
17779 		if (sd_report_pfa != 0) {
17780 			SD_UPDATE_ERRSTATS(un, sd_rq_pfa_err);
17781 			si.ssi_pfa_flag = TRUE;
17782 			retry_check_flag = SD_RETRIES_STANDARD;
17783 			goto do_retry;
17784 		}
17785 		break;
17786 
17787 	case 0x29:  /* POWER ON, RESET, OR BUS DEVICE RESET OCCURRED */
17788 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
17789 			un->un_resvd_status |=
17790 			    (SD_LOST_RESERVE | SD_WANT_RESERVE);
17791 		}
17792 		/* FALLTHRU */
17793 
17794 	case 0x28: /* NOT READY TO READY CHANGE, MEDIUM MAY HAVE CHANGED */
17795 		if (!ISREMOVABLE(un)) {
17796 			break;
17797 		}
17798 
17799 		/*
17800 		 * When we get a unit attention from a removable-media device,
17801 		 * it may be in a state that will take a long time to recover
17802 		 * (e.g., from a reset).  Since we are executing in interrupt
17803 		 * context here, we cannot wait around for the device to come
17804 		 * back. So hand this command off to sd_media_change_task()
17805 		 * for deferred processing under taskq thread context. (Note
17806 		 * that the command still may be failed if a problem is
17807 		 * encountered at a later time.)
17808 		 */
17809 		if (taskq_dispatch(sd_tq, sd_media_change_task, pktp,
17810 		    KM_NOSLEEP) == 0) {
17811 			/*
17812 			 * Cannot dispatch the request so fail the command.
17813 			 */
17814 			SD_UPDATE_ERRSTATS(un, sd_harderrs);
17815 			SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
17816 			si.ssi_severity = SCSI_ERR_FATAL;
17817 			sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17818 			sd_return_failed_command(un, bp, EIO);
17819 		}
17820 		/*
17821 		 * Either the command has been successfully dispatched to a
17822 		 * task Q for retrying, or the dispatch failed. In either case
17823 		 * do NOT retry again by calling sd_retry_command. This sets up
17824 		 * two retries of the same command and when one completes and
17825 		 * frees the resources the other will access freed memory,
17826 		 * a bad thing.
17827 		 */
17828 		return;
17829 
17830 	default:
17831 		break;
17832 	}
17833 
17834 	if (!ISREMOVABLE(un)) {
17835 		/*
17836 		 * Do not update these here for removables. For removables
17837 		 * these stats are updated (1) above if we failed to dispatch
17838 		 * sd_media_change_task(), or (2) sd_media_change_task() may
17839 		 * update these later if it encounters an error.
17840 		 */
17841 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
17842 		SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
17843 	}
17844 
17845 do_retry:
17846 	sd_retry_command(un, bp, retry_check_flag, sd_print_sense_msg, &si,
17847 	    EIO, SD_UA_RETRY_DELAY, NULL);
17848 }
17849 
17850 
17851 
17852 /*
17853  *    Function: sd_sense_key_fail_command
17854  *
17855  * Description: Use to fail a command when we don't like the sense key that
17856  *		was returned.
17857  *
17858  *     Context: May be called from interrupt context
17859  */
17860 
17861 static void
17862 sd_sense_key_fail_command(struct sd_lun *un, struct buf *bp,
17863 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17864 {
17865 	struct sd_sense_info	si;
17866 
17867 	ASSERT(un != NULL);
17868 	ASSERT(mutex_owned(SD_MUTEX(un)));
17869 	ASSERT(bp != NULL);
17870 	ASSERT(xp != NULL);
17871 	ASSERT(pktp != NULL);
17872 
17873 	si.ssi_severity = SCSI_ERR_FATAL;
17874 	si.ssi_pfa_flag = FALSE;
17875 
17876 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17877 	sd_return_failed_command(un, bp, EIO);
17878 }
17879 
17880 
17881 
17882 /*
17883  *    Function: sd_sense_key_blank_check
17884  *
17885  * Description: Recovery actions for a SCSI "Blank Check" sense key.
17886  *		Has no monetary connotation.
17887  *
17888  *     Context: May be called from interrupt context
17889  */
17890 
17891 static void
17892 sd_sense_key_blank_check(struct sd_lun *un, struct buf *bp,
17893 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17894 {
17895 	struct sd_sense_info	si;
17896 
17897 	ASSERT(un != NULL);
17898 	ASSERT(mutex_owned(SD_MUTEX(un)));
17899 	ASSERT(bp != NULL);
17900 	ASSERT(xp != NULL);
17901 	ASSERT(pktp != NULL);
17902 
17903 	/*
17904 	 * Blank check is not fatal for removable devices, therefore
17905 	 * it does not require a console message.
17906 	 */
17907 	si.ssi_severity = (ISREMOVABLE(un)) ? SCSI_ERR_ALL : SCSI_ERR_FATAL;
17908 	si.ssi_pfa_flag = FALSE;
17909 
17910 	sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
17911 	sd_return_failed_command(un, bp, EIO);
17912 }
17913 
17914 
17915 
17916 
17917 /*
17918  *    Function: sd_sense_key_aborted_command
17919  *
17920  * Description: Recovery actions for a SCSI "Aborted Command" sense key.
17921  *
17922  *     Context: May be called from interrupt context
17923  */
17924 
17925 static void
17926 sd_sense_key_aborted_command(struct sd_lun *un, struct buf *bp,
17927 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
17928 {
17929 	struct sd_sense_info	si;
17930 
17931 	ASSERT(un != NULL);
17932 	ASSERT(mutex_owned(SD_MUTEX(un)));
17933 	ASSERT(bp != NULL);
17934 	ASSERT(xp != NULL);
17935 	ASSERT(pktp != NULL);
17936 
17937 	si.ssi_severity = SCSI_ERR_FATAL;
17938 	si.ssi_pfa_flag = FALSE;
17939 
17940 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17941 
17942 	/*
17943 	 * This really ought to be a fatal error, but we will retry anyway
17944 	 * as some drives report this as a spurious error.
17945 	 */
17946 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17947 	    &si, EIO, (clock_t)0, NULL);
17948 }
17949 
17950 
17951 
17952 /*
17953  *    Function: sd_sense_key_default
17954  *
17955  * Description: Default recovery action for several SCSI sense keys (basically
17956  *		attempts a retry).
17957  *
17958  *     Context: May be called from interrupt context
17959  */
17960 
17961 static void
17962 sd_sense_key_default(struct sd_lun *un,
17963 	int sense_key,
17964 	struct buf *bp, struct sd_xbuf *xp, struct scsi_pkt *pktp)
17965 {
17966 	struct sd_sense_info	si;
17967 
17968 	ASSERT(un != NULL);
17969 	ASSERT(mutex_owned(SD_MUTEX(un)));
17970 	ASSERT(bp != NULL);
17971 	ASSERT(xp != NULL);
17972 	ASSERT(pktp != NULL);
17973 
17974 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
17975 
17976 	/*
17977 	 * Undecoded sense key.	Attempt retries and hope that will fix
17978 	 * the problem.  Otherwise, we're dead.
17979 	 */
17980 	if ((pktp->pkt_flags & FLAG_SILENT) == 0) {
17981 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
17982 		    "Unhandled Sense Key '%s'\n", sense_keys[sense_key]);
17983 	}
17984 
17985 	si.ssi_severity = SCSI_ERR_FATAL;
17986 	si.ssi_pfa_flag = FALSE;
17987 
17988 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, sd_print_sense_msg,
17989 	    &si, EIO, (clock_t)0, NULL);
17990 }
17991 
17992 
17993 
17994 /*
17995  *    Function: sd_print_retry_msg
17996  *
17997  * Description: Print a message indicating the retry action being taken.
17998  *
17999  *   Arguments: un - ptr to associated softstate
18000  *		bp - ptr to buf(9S) for the command
18001  *		arg - not used.
18002  *		flag - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
18003  *			or SD_NO_RETRY_ISSUED
18004  *
18005  *     Context: May be called from interrupt context
18006  */
18007 /* ARGSUSED */
18008 static void
18009 sd_print_retry_msg(struct sd_lun *un, struct buf *bp, void *arg, int flag)
18010 {
18011 	struct sd_xbuf	*xp;
18012 	struct scsi_pkt *pktp;
18013 	char *reasonp;
18014 	char *msgp;
18015 
18016 	ASSERT(un != NULL);
18017 	ASSERT(mutex_owned(SD_MUTEX(un)));
18018 	ASSERT(bp != NULL);
18019 	pktp = SD_GET_PKTP(bp);
18020 	ASSERT(pktp != NULL);
18021 	xp = SD_GET_XBUF(bp);
18022 	ASSERT(xp != NULL);
18023 
18024 	ASSERT(!mutex_owned(&un->un_pm_mutex));
18025 	mutex_enter(&un->un_pm_mutex);
18026 	if ((un->un_state == SD_STATE_SUSPENDED) ||
18027 	    (SD_DEVICE_IS_IN_LOW_POWER(un)) ||
18028 	    (pktp->pkt_flags & FLAG_SILENT)) {
18029 		mutex_exit(&un->un_pm_mutex);
18030 		goto update_pkt_reason;
18031 	}
18032 	mutex_exit(&un->un_pm_mutex);
18033 
18034 	/*
18035 	 * Suppress messages if they are all the same pkt_reason; with
18036 	 * TQ, many (up to 256) are returned with the same pkt_reason.
18037 	 * If we are in panic, then suppress the retry messages.
18038 	 */
18039 	switch (flag) {
18040 	case SD_NO_RETRY_ISSUED:
18041 		msgp = "giving up";
18042 		break;
18043 	case SD_IMMEDIATE_RETRY_ISSUED:
18044 	case SD_DELAYED_RETRY_ISSUED:
18045 		if (ddi_in_panic() || (un->un_state == SD_STATE_OFFLINE) ||
18046 		    ((pktp->pkt_reason == un->un_last_pkt_reason) &&
18047 		    (sd_error_level != SCSI_ERR_ALL))) {
18048 			return;
18049 		}
18050 		msgp = "retrying command";
18051 		break;
18052 	default:
18053 		goto update_pkt_reason;
18054 	}
18055 
18056 	reasonp = (((pktp->pkt_statistics & STAT_PERR) != 0) ? "parity error" :
18057 	    scsi_rname(pktp->pkt_reason));
18058 
18059 	scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18060 	    "SCSI transport failed: reason '%s': %s\n", reasonp, msgp);
18061 
18062 update_pkt_reason:
18063 	/*
18064 	 * Update un->un_last_pkt_reason with the value in pktp->pkt_reason.
18065 	 * This is to prevent multiple console messages for the same failure
18066 	 * condition.  Note that un->un_last_pkt_reason is NOT restored if &
18067 	 * when the command is retried successfully because there still may be
18068 	 * more commands coming back with the same value of pktp->pkt_reason.
18069 	 */
18070 	if ((pktp->pkt_reason != CMD_CMPLT) || (xp->xb_retry_count == 0)) {
18071 		un->un_last_pkt_reason = pktp->pkt_reason;
18072 	}
18073 }
18074 
18075 
18076 /*
18077  *    Function: sd_print_cmd_incomplete_msg
18078  *
18079  * Description: Message logging fn. for a SCSA "CMD_INCOMPLETE" pkt_reason.
18080  *
18081  *   Arguments: un - ptr to associated softstate
18082  *		bp - ptr to buf(9S) for the command
18083  *		arg - passed to sd_print_retry_msg()
18084  *		code - SD_IMMEDIATE_RETRY_ISSUED, SD_DELAYED_RETRY_ISSUED,
18085  *			or SD_NO_RETRY_ISSUED
18086  *
18087  *     Context: May be called from interrupt context
18088  */
18089 
18090 static void
18091 sd_print_cmd_incomplete_msg(struct sd_lun *un, struct buf *bp, void *arg,
18092 	int code)
18093 {
18094 	dev_info_t	*dip;
18095 
18096 	ASSERT(un != NULL);
18097 	ASSERT(mutex_owned(SD_MUTEX(un)));
18098 	ASSERT(bp != NULL);
18099 
18100 	switch (code) {
18101 	case SD_NO_RETRY_ISSUED:
18102 		/* Command was failed. Someone turned off this target? */
18103 		if (un->un_state != SD_STATE_OFFLINE) {
18104 			/*
18105 			 * Suppress message if we are detaching and
18106 			 * device has been disconnected
18107 			 * Note that DEVI_IS_DEVICE_REMOVED is a consolidation
18108 			 * private interface and not part of the DDI
18109 			 */
18110 			dip = un->un_sd->sd_dev;
18111 			if (!(DEVI_IS_DETACHING(dip) &&
18112 			    DEVI_IS_DEVICE_REMOVED(dip))) {
18113 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18114 				"disk not responding to selection\n");
18115 			}
18116 			New_state(un, SD_STATE_OFFLINE);
18117 		}
18118 		break;
18119 
18120 	case SD_DELAYED_RETRY_ISSUED:
18121 	case SD_IMMEDIATE_RETRY_ISSUED:
18122 	default:
18123 		/* Command was successfully queued for retry */
18124 		sd_print_retry_msg(un, bp, arg, code);
18125 		break;
18126 	}
18127 }
18128 
18129 
18130 /*
18131  *    Function: sd_pkt_reason_cmd_incomplete
18132  *
18133  * Description: Recovery actions for a SCSA "CMD_INCOMPLETE" pkt_reason.
18134  *
18135  *     Context: May be called from interrupt context
18136  */
18137 
18138 static void
18139 sd_pkt_reason_cmd_incomplete(struct sd_lun *un, struct buf *bp,
18140 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18141 {
18142 	int flag = SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE;
18143 
18144 	ASSERT(un != NULL);
18145 	ASSERT(mutex_owned(SD_MUTEX(un)));
18146 	ASSERT(bp != NULL);
18147 	ASSERT(xp != NULL);
18148 	ASSERT(pktp != NULL);
18149 
18150 	/* Do not do a reset if selection did not complete */
18151 	/* Note: Should this not just check the bit? */
18152 	if (pktp->pkt_state != STATE_GOT_BUS) {
18153 		SD_UPDATE_ERRSTATS(un, sd_transerrs);
18154 		sd_reset_target(un, pktp);
18155 	}
18156 
18157 	/*
18158 	 * If the target was not successfully selected, then set
18159 	 * SD_RETRIES_FAILFAST to indicate that we lost communication
18160 	 * with the target, and further retries and/or commands are
18161 	 * likely to take a long time.
18162 	 */
18163 	if ((pktp->pkt_state & STATE_GOT_TARGET) == 0) {
18164 		flag |= SD_RETRIES_FAILFAST;
18165 	}
18166 
18167 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18168 
18169 	sd_retry_command(un, bp, flag,
18170 	    sd_print_cmd_incomplete_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18171 }
18172 
18173 
18174 
18175 /*
18176  *    Function: sd_pkt_reason_cmd_tran_err
18177  *
18178  * Description: Recovery actions for a SCSA "CMD_TRAN_ERR" pkt_reason.
18179  *
18180  *     Context: May be called from interrupt context
18181  */
18182 
18183 static void
18184 sd_pkt_reason_cmd_tran_err(struct sd_lun *un, struct buf *bp,
18185 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18186 {
18187 	ASSERT(un != NULL);
18188 	ASSERT(mutex_owned(SD_MUTEX(un)));
18189 	ASSERT(bp != NULL);
18190 	ASSERT(xp != NULL);
18191 	ASSERT(pktp != NULL);
18192 
18193 	/*
18194 	 * Do not reset if we got a parity error, or if
18195 	 * selection did not complete.
18196 	 */
18197 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18198 	/* Note: Should this not just check the bit for pkt_state? */
18199 	if (((pktp->pkt_statistics & STAT_PERR) == 0) &&
18200 	    (pktp->pkt_state != STATE_GOT_BUS)) {
18201 		SD_UPDATE_ERRSTATS(un, sd_transerrs);
18202 		sd_reset_target(un, pktp);
18203 	}
18204 
18205 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18206 
18207 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18208 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18209 }
18210 
18211 
18212 
18213 /*
18214  *    Function: sd_pkt_reason_cmd_reset
18215  *
18216  * Description: Recovery actions for a SCSA "CMD_RESET" pkt_reason.
18217  *
18218  *     Context: May be called from interrupt context
18219  */
18220 
18221 static void
18222 sd_pkt_reason_cmd_reset(struct sd_lun *un, struct buf *bp,
18223 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18224 {
18225 	ASSERT(un != NULL);
18226 	ASSERT(mutex_owned(SD_MUTEX(un)));
18227 	ASSERT(bp != NULL);
18228 	ASSERT(xp != NULL);
18229 	ASSERT(pktp != NULL);
18230 
18231 	/* The target may still be running the command, so try to reset. */
18232 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18233 	sd_reset_target(un, pktp);
18234 
18235 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18236 
18237 	/*
18238 	 * If pkt_reason is CMD_RESET chances are that this pkt got
18239 	 * reset because another target on this bus caused it. The target
18240 	 * that caused it should get CMD_TIMEOUT with pkt_statistics
18241 	 * of STAT_TIMEOUT/STAT_DEV_RESET.
18242 	 */
18243 
18244 	sd_retry_command(un, bp, (SD_RETRIES_VICTIM | SD_RETRIES_ISOLATE),
18245 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18246 }
18247 
18248 
18249 
18250 
18251 /*
18252  *    Function: sd_pkt_reason_cmd_aborted
18253  *
18254  * Description: Recovery actions for a SCSA "CMD_ABORTED" pkt_reason.
18255  *
18256  *     Context: May be called from interrupt context
18257  */
18258 
18259 static void
18260 sd_pkt_reason_cmd_aborted(struct sd_lun *un, struct buf *bp,
18261 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18262 {
18263 	ASSERT(un != NULL);
18264 	ASSERT(mutex_owned(SD_MUTEX(un)));
18265 	ASSERT(bp != NULL);
18266 	ASSERT(xp != NULL);
18267 	ASSERT(pktp != NULL);
18268 
18269 	/* The target may still be running the command, so try to reset. */
18270 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18271 	sd_reset_target(un, pktp);
18272 
18273 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18274 
18275 	/*
18276 	 * If pkt_reason is CMD_ABORTED chances are that this pkt got
18277 	 * aborted because another target on this bus caused it. The target
18278 	 * that caused it should get CMD_TIMEOUT with pkt_statistics
18279 	 * of STAT_TIMEOUT/STAT_DEV_RESET.
18280 	 */
18281 
18282 	sd_retry_command(un, bp, (SD_RETRIES_VICTIM | SD_RETRIES_ISOLATE),
18283 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18284 }
18285 
18286 
18287 
18288 /*
18289  *    Function: sd_pkt_reason_cmd_timeout
18290  *
18291  * Description: Recovery actions for a SCSA "CMD_TIMEOUT" pkt_reason.
18292  *
18293  *     Context: May be called from interrupt context
18294  */
18295 
18296 static void
18297 sd_pkt_reason_cmd_timeout(struct sd_lun *un, struct buf *bp,
18298 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18299 {
18300 	ASSERT(un != NULL);
18301 	ASSERT(mutex_owned(SD_MUTEX(un)));
18302 	ASSERT(bp != NULL);
18303 	ASSERT(xp != NULL);
18304 	ASSERT(pktp != NULL);
18305 
18306 
18307 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18308 	sd_reset_target(un, pktp);
18309 
18310 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18311 
18312 	/*
18313 	 * A command timeout indicates that we could not establish
18314 	 * communication with the target, so set SD_RETRIES_FAILFAST
18315 	 * as further retries/commands are likely to take a long time.
18316 	 */
18317 	sd_retry_command(un, bp,
18318 	    (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE | SD_RETRIES_FAILFAST),
18319 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18320 }
18321 
18322 
18323 
18324 /*
18325  *    Function: sd_pkt_reason_cmd_unx_bus_free
18326  *
18327  * Description: Recovery actions for a SCSA "CMD_UNX_BUS_FREE" pkt_reason.
18328  *
18329  *     Context: May be called from interrupt context
18330  */
18331 
18332 static void
18333 sd_pkt_reason_cmd_unx_bus_free(struct sd_lun *un, struct buf *bp,
18334 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18335 {
18336 	void (*funcp)(struct sd_lun *un, struct buf *bp, void *arg, int code);
18337 
18338 	ASSERT(un != NULL);
18339 	ASSERT(mutex_owned(SD_MUTEX(un)));
18340 	ASSERT(bp != NULL);
18341 	ASSERT(xp != NULL);
18342 	ASSERT(pktp != NULL);
18343 
18344 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18345 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18346 
18347 	funcp = ((pktp->pkt_statistics & STAT_PERR) == 0) ?
18348 	    sd_print_retry_msg : NULL;
18349 
18350 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18351 	    funcp, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18352 }
18353 
18354 
18355 /*
18356  *    Function: sd_pkt_reason_cmd_tag_reject
18357  *
18358  * Description: Recovery actions for a SCSA "CMD_TAG_REJECT" pkt_reason.
18359  *
18360  *     Context: May be called from interrupt context
18361  */
18362 
18363 static void
18364 sd_pkt_reason_cmd_tag_reject(struct sd_lun *un, struct buf *bp,
18365 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18366 {
18367 	ASSERT(un != NULL);
18368 	ASSERT(mutex_owned(SD_MUTEX(un)));
18369 	ASSERT(bp != NULL);
18370 	ASSERT(xp != NULL);
18371 	ASSERT(pktp != NULL);
18372 
18373 	SD_UPDATE_ERRSTATS(un, sd_harderrs);
18374 	pktp->pkt_flags = 0;
18375 	un->un_tagflags = 0;
18376 	if (un->un_f_opt_queueing == TRUE) {
18377 		un->un_throttle = min(un->un_throttle, 3);
18378 	} else {
18379 		un->un_throttle = 1;
18380 	}
18381 	mutex_exit(SD_MUTEX(un));
18382 	(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
18383 	mutex_enter(SD_MUTEX(un));
18384 
18385 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18386 
18387 	/* Legacy behavior not to check retry counts here. */
18388 	sd_retry_command(un, bp, (SD_RETRIES_NOCHECK | SD_RETRIES_ISOLATE),
18389 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18390 }
18391 
18392 
18393 /*
18394  *    Function: sd_pkt_reason_default
18395  *
18396  * Description: Default recovery actions for SCSA pkt_reason values that
18397  *		do not have more explicit recovery actions.
18398  *
18399  *     Context: May be called from interrupt context
18400  */
18401 
18402 static void
18403 sd_pkt_reason_default(struct sd_lun *un, struct buf *bp,
18404 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18405 {
18406 	ASSERT(un != NULL);
18407 	ASSERT(mutex_owned(SD_MUTEX(un)));
18408 	ASSERT(bp != NULL);
18409 	ASSERT(xp != NULL);
18410 	ASSERT(pktp != NULL);
18411 
18412 	SD_UPDATE_ERRSTATS(un, sd_transerrs);
18413 	sd_reset_target(un, pktp);
18414 
18415 	SD_UPDATE_RESERVATION_STATUS(un, pktp);
18416 
18417 	sd_retry_command(un, bp, (SD_RETRIES_STANDARD | SD_RETRIES_ISOLATE),
18418 	    sd_print_retry_msg, NULL, EIO, SD_RESTART_TIMEOUT, NULL);
18419 }
18420 
18421 
18422 
18423 /*
18424  *    Function: sd_pkt_status_check_condition
18425  *
18426  * Description: Recovery actions for a "STATUS_CHECK" SCSI command status.
18427  *
18428  *     Context: May be called from interrupt context
18429  */
18430 
18431 static void
18432 sd_pkt_status_check_condition(struct sd_lun *un, struct buf *bp,
18433 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18434 {
18435 	ASSERT(un != NULL);
18436 	ASSERT(mutex_owned(SD_MUTEX(un)));
18437 	ASSERT(bp != NULL);
18438 	ASSERT(xp != NULL);
18439 	ASSERT(pktp != NULL);
18440 
18441 	SD_TRACE(SD_LOG_IO, un, "sd_pkt_status_check_condition: "
18442 	    "entry: buf:0x%p xp:0x%p\n", bp, xp);
18443 
18444 	/*
18445 	 * If ARQ is NOT enabled, then issue a REQUEST SENSE command (the
18446 	 * command will be retried after the request sense). Otherwise, retry
18447 	 * the command. Note: we are issuing the request sense even though the
18448 	 * retry limit may have been reached for the failed command.
18449 	 */
18450 	if (un->un_f_arq_enabled == FALSE) {
18451 		SD_INFO(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: "
18452 		    "no ARQ, sending request sense command\n");
18453 		sd_send_request_sense_command(un, bp, pktp);
18454 	} else {
18455 		SD_INFO(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: "
18456 		    "ARQ,retrying request sense command\n");
18457 #if defined(__i386) || defined(__amd64)
18458 		/*
18459 		 * The SD_RETRY_DELAY value need to be adjusted here
18460 		 * when SD_RETRY_DELAY change in sddef.h
18461 		 */
18462 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL, EIO,
18463 			un->un_f_is_fibre?drv_usectohz(100000):(clock_t)0,
18464 			NULL);
18465 #else
18466 		sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL,
18467 		    EIO, SD_RETRY_DELAY, NULL);
18468 #endif
18469 	}
18470 
18471 	SD_TRACE(SD_LOG_IO_CORE, un, "sd_pkt_status_check_condition: exit\n");
18472 }
18473 
18474 
18475 /*
18476  *    Function: sd_pkt_status_busy
18477  *
18478  * Description: Recovery actions for a "STATUS_BUSY" SCSI command status.
18479  *
18480  *     Context: May be called from interrupt context
18481  */
18482 
18483 static void
18484 sd_pkt_status_busy(struct sd_lun *un, struct buf *bp, struct sd_xbuf *xp,
18485 	struct scsi_pkt *pktp)
18486 {
18487 	ASSERT(un != NULL);
18488 	ASSERT(mutex_owned(SD_MUTEX(un)));
18489 	ASSERT(bp != NULL);
18490 	ASSERT(xp != NULL);
18491 	ASSERT(pktp != NULL);
18492 
18493 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18494 	    "sd_pkt_status_busy: entry\n");
18495 
18496 	/* If retries are exhausted, just fail the command. */
18497 	if (xp->xb_retry_count >= un->un_busy_retry_count) {
18498 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
18499 		    "device busy too long\n");
18500 		sd_return_failed_command(un, bp, EIO);
18501 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18502 		    "sd_pkt_status_busy: exit\n");
18503 		return;
18504 	}
18505 	xp->xb_retry_count++;
18506 
18507 	/*
18508 	 * Try to reset the target. However, we do not want to perform
18509 	 * more than one reset if the device continues to fail. The reset
18510 	 * will be performed when the retry count reaches the reset
18511 	 * threshold.  This threshold should be set such that at least
18512 	 * one retry is issued before the reset is performed.
18513 	 */
18514 	if (xp->xb_retry_count ==
18515 	    ((un->un_reset_retry_count < 2) ? 2 : un->un_reset_retry_count)) {
18516 		int rval = 0;
18517 		mutex_exit(SD_MUTEX(un));
18518 		if (un->un_f_allow_bus_device_reset == TRUE) {
18519 			/*
18520 			 * First try to reset the LUN; if we cannot then
18521 			 * try to reset the target.
18522 			 */
18523 			if (un->un_f_lun_reset_enabled == TRUE) {
18524 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18525 				    "sd_pkt_status_busy: RESET_LUN\n");
18526 				rval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
18527 			}
18528 			if (rval == 0) {
18529 				SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18530 				    "sd_pkt_status_busy: RESET_TARGET\n");
18531 				rval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
18532 			}
18533 		}
18534 		if (rval == 0) {
18535 			/*
18536 			 * If the RESET_LUN and/or RESET_TARGET failed,
18537 			 * try RESET_ALL
18538 			 */
18539 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18540 			    "sd_pkt_status_busy: RESET_ALL\n");
18541 			rval = scsi_reset(SD_ADDRESS(un), RESET_ALL);
18542 		}
18543 		mutex_enter(SD_MUTEX(un));
18544 		if (rval == 0) {
18545 			/*
18546 			 * The RESET_LUN, RESET_TARGET, and/or RESET_ALL failed.
18547 			 * At this point we give up & fail the command.
18548 			 */
18549 			sd_return_failed_command(un, bp, EIO);
18550 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18551 			    "sd_pkt_status_busy: exit (failed cmd)\n");
18552 			return;
18553 		}
18554 	}
18555 
18556 	/*
18557 	 * Retry the command. Be sure to specify SD_RETRIES_NOCHECK as
18558 	 * we have already checked the retry counts above.
18559 	 */
18560 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, NULL, NULL,
18561 	    EIO, SD_BSY_TIMEOUT, NULL);
18562 
18563 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18564 	    "sd_pkt_status_busy: exit\n");
18565 }
18566 
18567 
18568 /*
18569  *    Function: sd_pkt_status_reservation_conflict
18570  *
18571  * Description: Recovery actions for a "STATUS_RESERVATION_CONFLICT" SCSI
18572  *		command status.
18573  *
18574  *     Context: May be called from interrupt context
18575  */
18576 
18577 static void
18578 sd_pkt_status_reservation_conflict(struct sd_lun *un, struct buf *bp,
18579 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18580 {
18581 	ASSERT(un != NULL);
18582 	ASSERT(mutex_owned(SD_MUTEX(un)));
18583 	ASSERT(bp != NULL);
18584 	ASSERT(xp != NULL);
18585 	ASSERT(pktp != NULL);
18586 
18587 	/*
18588 	 * If the command was PERSISTENT_RESERVATION_[IN|OUT] then reservation
18589 	 * conflict could be due to various reasons like incorrect keys, not
18590 	 * registered or not reserved etc. So, we return EACCES to the caller.
18591 	 */
18592 	if (un->un_reservation_type == SD_SCSI3_RESERVATION) {
18593 		int cmd = SD_GET_PKT_OPCODE(pktp);
18594 		if ((cmd == SCMD_PERSISTENT_RESERVE_IN) ||
18595 		    (cmd == SCMD_PERSISTENT_RESERVE_OUT)) {
18596 			sd_return_failed_command(un, bp, EACCES);
18597 			return;
18598 		}
18599 	}
18600 
18601 	un->un_resvd_status |= SD_RESERVATION_CONFLICT;
18602 
18603 	if ((un->un_resvd_status & SD_FAILFAST) != 0) {
18604 		if (sd_failfast_enable != 0) {
18605 			/* By definition, we must panic here.... */
18606 			sd_panic_for_res_conflict(un);
18607 			/*NOTREACHED*/
18608 		}
18609 		SD_ERROR(SD_LOG_IO, un,
18610 		    "sd_handle_resv_conflict: Disk Reserved\n");
18611 		sd_return_failed_command(un, bp, EACCES);
18612 		return;
18613 	}
18614 
18615 	/*
18616 	 * 1147670: retry only if sd_retry_on_reservation_conflict
18617 	 * property is set (default is 1). Retries will not succeed
18618 	 * on a disk reserved by another initiator. HA systems
18619 	 * may reset this via sd.conf to avoid these retries.
18620 	 *
18621 	 * Note: The legacy return code for this failure is EIO, however EACCES
18622 	 * seems more appropriate for a reservation conflict.
18623 	 */
18624 	if (sd_retry_on_reservation_conflict == 0) {
18625 		SD_ERROR(SD_LOG_IO, un,
18626 		    "sd_handle_resv_conflict: Device Reserved\n");
18627 		sd_return_failed_command(un, bp, EIO);
18628 		return;
18629 	}
18630 
18631 	/*
18632 	 * Retry the command if we can.
18633 	 *
18634 	 * Note: The legacy return code for this failure is EIO, however EACCES
18635 	 * seems more appropriate for a reservation conflict.
18636 	 */
18637 	sd_retry_command(un, bp, SD_RETRIES_STANDARD, NULL, NULL, EIO,
18638 	    (clock_t)2, NULL);
18639 }
18640 
18641 
18642 
18643 /*
18644  *    Function: sd_pkt_status_qfull
18645  *
18646  * Description: Handle a QUEUE FULL condition from the target.  This can
18647  *		occur if the HBA does not handle the queue full condition.
18648  *		(Basically this means third-party HBAs as Sun HBAs will
18649  *		handle the queue full condition.)  Note that if there are
18650  *		some commands already in the transport, then the queue full
18651  *		has occurred because the queue for this nexus is actually
18652  *		full. If there are no commands in the transport, then the
18653  *		queue full is resulting from some other initiator or lun
18654  *		consuming all the resources at the target.
18655  *
18656  *     Context: May be called from interrupt context
18657  */
18658 
18659 static void
18660 sd_pkt_status_qfull(struct sd_lun *un, struct buf *bp,
18661 	struct sd_xbuf *xp, struct scsi_pkt *pktp)
18662 {
18663 	ASSERT(un != NULL);
18664 	ASSERT(mutex_owned(SD_MUTEX(un)));
18665 	ASSERT(bp != NULL);
18666 	ASSERT(xp != NULL);
18667 	ASSERT(pktp != NULL);
18668 
18669 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18670 	    "sd_pkt_status_qfull: entry\n");
18671 
18672 	/*
18673 	 * Just lower the QFULL throttle and retry the command.  Note that
18674 	 * we do not limit the number of retries here.
18675 	 */
18676 	sd_reduce_throttle(un, SD_THROTTLE_QFULL);
18677 	sd_retry_command(un, bp, SD_RETRIES_NOCHECK, NULL, NULL, 0,
18678 	    SD_RESTART_TIMEOUT, NULL);
18679 
18680 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18681 	    "sd_pkt_status_qfull: exit\n");
18682 }
18683 
18684 
18685 /*
18686  *    Function: sd_reset_target
18687  *
18688  * Description: Issue a scsi_reset(9F), with either RESET_LUN,
18689  *		RESET_TARGET, or RESET_ALL.
18690  *
18691  *     Context: May be called under interrupt context.
18692  */
18693 
18694 static void
18695 sd_reset_target(struct sd_lun *un, struct scsi_pkt *pktp)
18696 {
18697 	int rval = 0;
18698 
18699 	ASSERT(un != NULL);
18700 	ASSERT(mutex_owned(SD_MUTEX(un)));
18701 	ASSERT(pktp != NULL);
18702 
18703 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reset_target: entry\n");
18704 
18705 	/*
18706 	 * No need to reset if the transport layer has already done so.
18707 	 */
18708 	if ((pktp->pkt_statistics &
18709 	    (STAT_BUS_RESET | STAT_DEV_RESET | STAT_ABORTED)) != 0) {
18710 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18711 		    "sd_reset_target: no reset\n");
18712 		return;
18713 	}
18714 
18715 	mutex_exit(SD_MUTEX(un));
18716 
18717 	if (un->un_f_allow_bus_device_reset == TRUE) {
18718 		if (un->un_f_lun_reset_enabled == TRUE) {
18719 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18720 			    "sd_reset_target: RESET_LUN\n");
18721 			rval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
18722 		}
18723 		if (rval == 0) {
18724 			SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18725 			    "sd_reset_target: RESET_TARGET\n");
18726 			rval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
18727 		}
18728 	}
18729 
18730 	if (rval == 0) {
18731 		SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
18732 		    "sd_reset_target: RESET_ALL\n");
18733 		(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
18734 	}
18735 
18736 	mutex_enter(SD_MUTEX(un));
18737 
18738 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un, "sd_reset_target: exit\n");
18739 }
18740 
18741 
18742 /*
18743  *    Function: sd_media_change_task
18744  *
18745  * Description: Recovery action for CDROM to become available.
18746  *
18747  *     Context: Executes in a taskq() thread context
18748  */
18749 
18750 static void
18751 sd_media_change_task(void *arg)
18752 {
18753 	struct	scsi_pkt	*pktp = arg;
18754 	struct	sd_lun		*un;
18755 	struct	buf		*bp;
18756 	struct	sd_xbuf		*xp;
18757 	int	err		= 0;
18758 	int	retry_count	= 0;
18759 	int	retry_limit	= SD_UNIT_ATTENTION_RETRY/10;
18760 	struct	sd_sense_info	si;
18761 
18762 	ASSERT(pktp != NULL);
18763 	bp = (struct buf *)pktp->pkt_private;
18764 	ASSERT(bp != NULL);
18765 	xp = SD_GET_XBUF(bp);
18766 	ASSERT(xp != NULL);
18767 	un = SD_GET_UN(bp);
18768 	ASSERT(un != NULL);
18769 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18770 	ASSERT(ISREMOVABLE(un));
18771 
18772 	si.ssi_severity = SCSI_ERR_INFO;
18773 	si.ssi_pfa_flag = FALSE;
18774 
18775 	/*
18776 	 * When a reset is issued on a CDROM, it takes a long time to
18777 	 * recover. First few attempts to read capacity and other things
18778 	 * related to handling unit attention fail (with a ASC 0x4 and
18779 	 * ASCQ 0x1). In that case we want to do enough retries and we want
18780 	 * to limit the retries in other cases of genuine failures like
18781 	 * no media in drive.
18782 	 */
18783 	while (retry_count++ < retry_limit) {
18784 		if ((err = sd_handle_mchange(un)) == 0) {
18785 			break;
18786 		}
18787 		if (err == EAGAIN) {
18788 			retry_limit = SD_UNIT_ATTENTION_RETRY;
18789 		}
18790 		/* Sleep for 0.5 sec. & try again */
18791 		delay(drv_usectohz(500000));
18792 	}
18793 
18794 	/*
18795 	 * Dispatch (retry or fail) the original command here,
18796 	 * along with appropriate console messages....
18797 	 *
18798 	 * Must grab the mutex before calling sd_retry_command,
18799 	 * sd_print_sense_msg and sd_return_failed_command.
18800 	 */
18801 	mutex_enter(SD_MUTEX(un));
18802 	if (err != SD_CMD_SUCCESS) {
18803 		SD_UPDATE_ERRSTATS(un, sd_harderrs);
18804 		SD_UPDATE_ERRSTATS(un, sd_rq_nodev_err);
18805 		si.ssi_severity = SCSI_ERR_FATAL;
18806 		sd_print_sense_msg(un, bp, &si, SD_NO_RETRY_ISSUED);
18807 		sd_return_failed_command(un, bp, EIO);
18808 	} else {
18809 		sd_retry_command(un, bp, SD_RETRIES_NOCHECK, sd_print_sense_msg,
18810 		    &si, EIO, (clock_t)0, NULL);
18811 	}
18812 	mutex_exit(SD_MUTEX(un));
18813 }
18814 
18815 
18816 
18817 /*
18818  *    Function: sd_handle_mchange
18819  *
18820  * Description: Perform geometry validation & other recovery when CDROM
18821  *		has been removed from drive.
18822  *
18823  * Return Code: 0 for success
18824  *		errno-type return code of either sd_send_scsi_DOORLOCK() or
18825  *		sd_send_scsi_READ_CAPACITY()
18826  *
18827  *     Context: Executes in a taskq() thread context
18828  */
18829 
18830 static int
18831 sd_handle_mchange(struct sd_lun *un)
18832 {
18833 	uint64_t	capacity;
18834 	uint32_t	lbasize;
18835 	int		rval;
18836 
18837 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18838 	ASSERT(ISREMOVABLE(un));
18839 
18840 	if ((rval = sd_send_scsi_READ_CAPACITY(un, &capacity, &lbasize,
18841 	    SD_PATH_DIRECT_PRIORITY)) != 0) {
18842 		return (rval);
18843 	}
18844 
18845 	mutex_enter(SD_MUTEX(un));
18846 	sd_update_block_info(un, lbasize, capacity);
18847 
18848 	if (un->un_errstats != NULL) {
18849 		struct	sd_errstats *stp =
18850 		    (struct sd_errstats *)un->un_errstats->ks_data;
18851 		stp->sd_capacity.value.ui64 = (uint64_t)
18852 		    ((uint64_t)un->un_blockcount *
18853 		    (uint64_t)un->un_tgt_blocksize);
18854 	}
18855 
18856 	/*
18857 	 * Note: Maybe let the strategy/partitioning chain worry about getting
18858 	 * valid geometry.
18859 	 */
18860 	un->un_f_geometry_is_valid = FALSE;
18861 	(void) sd_validate_geometry(un, SD_PATH_DIRECT_PRIORITY);
18862 	if (un->un_f_geometry_is_valid == FALSE) {
18863 		mutex_exit(SD_MUTEX(un));
18864 		return (EIO);
18865 	}
18866 
18867 	mutex_exit(SD_MUTEX(un));
18868 
18869 	/*
18870 	 * Try to lock the door
18871 	 */
18872 	return (sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
18873 	    SD_PATH_DIRECT_PRIORITY));
18874 }
18875 
18876 
18877 /*
18878  *    Function: sd_send_scsi_DOORLOCK
18879  *
18880  * Description: Issue the scsi DOOR LOCK command
18881  *
18882  *   Arguments: un    - pointer to driver soft state (unit) structure for
18883  *			this target.
18884  *		flag  - SD_REMOVAL_ALLOW
18885  *			SD_REMOVAL_PREVENT
18886  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
18887  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
18888  *			to use the USCSI "direct" chain and bypass the normal
18889  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
18890  *			command is issued as part of an error recovery action.
18891  *
18892  * Return Code: 0   - Success
18893  *		errno return code from sd_send_scsi_cmd()
18894  *
18895  *     Context: Can sleep.
18896  */
18897 
18898 static int
18899 sd_send_scsi_DOORLOCK(struct sd_lun *un, int flag, int path_flag)
18900 {
18901 	union scsi_cdb		cdb;
18902 	struct uscsi_cmd	ucmd_buf;
18903 	struct scsi_extended_sense	sense_buf;
18904 	int			status;
18905 
18906 	ASSERT(un != NULL);
18907 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18908 
18909 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_DOORLOCK: entry: un:0x%p\n", un);
18910 
18911 	/* already determined doorlock is not supported, fake success */
18912 	if (un->un_f_doorlock_supported == FALSE) {
18913 		return (0);
18914 	}
18915 
18916 	bzero(&cdb, sizeof (cdb));
18917 	bzero(&ucmd_buf, sizeof (ucmd_buf));
18918 
18919 	cdb.scc_cmd = SCMD_DOORLOCK;
18920 	cdb.cdb_opaque[4] = (uchar_t)flag;
18921 
18922 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
18923 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
18924 	ucmd_buf.uscsi_bufaddr	= NULL;
18925 	ucmd_buf.uscsi_buflen	= 0;
18926 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
18927 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
18928 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
18929 	ucmd_buf.uscsi_timeout	= 15;
18930 
18931 	SD_TRACE(SD_LOG_IO, un,
18932 	    "sd_send_scsi_DOORLOCK: returning sd_send_scsi_cmd()\n");
18933 
18934 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
18935 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
18936 
18937 	if ((status == EIO) && (ucmd_buf.uscsi_status == STATUS_CHECK) &&
18938 	    (ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
18939 	    (sense_buf.es_key == KEY_ILLEGAL_REQUEST)) {
18940 		/* fake success and skip subsequent doorlock commands */
18941 		un->un_f_doorlock_supported = FALSE;
18942 		return (0);
18943 	}
18944 
18945 	return (status);
18946 }
18947 
18948 
18949 /*
18950  *    Function: sd_send_scsi_READ_CAPACITY
18951  *
18952  * Description: This routine uses the scsi READ CAPACITY command to determine
18953  *		the device capacity in number of blocks and the device native
18954  *		block size. If this function returns a failure, then the
18955  *		values in *capp and *lbap are undefined.  If the capacity
18956  *		returned is 0xffffffff then the lun is too large for a
18957  *		normal READ CAPACITY command and the results of a
18958  *		READ CAPACITY 16 will be used instead.
18959  *
18960  *   Arguments: un   - ptr to soft state struct for the target
18961  *		capp - ptr to unsigned 64-bit variable to receive the
18962  *			capacity value from the command.
18963  *		lbap - ptr to unsigned 32-bit varaible to receive the
18964  *			block size value from the command
18965  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
18966  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
18967  *			to use the USCSI "direct" chain and bypass the normal
18968  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
18969  *			command is issued as part of an error recovery action.
18970  *
18971  * Return Code: 0   - Success
18972  *		EIO - IO error
18973  *		EACCES - Reservation conflict detected
18974  *		EAGAIN - Device is becoming ready
18975  *		errno return code from sd_send_scsi_cmd()
18976  *
18977  *     Context: Can sleep.  Blocks until command completes.
18978  */
18979 
18980 #define	SD_CAPACITY_SIZE	sizeof (struct scsi_capacity)
18981 
18982 static int
18983 sd_send_scsi_READ_CAPACITY(struct sd_lun *un, uint64_t *capp, uint32_t *lbap,
18984 	int path_flag)
18985 {
18986 	struct	scsi_extended_sense	sense_buf;
18987 	struct	uscsi_cmd	ucmd_buf;
18988 	union	scsi_cdb	cdb;
18989 	uint32_t		*capacity_buf;
18990 	uint64_t		capacity;
18991 	uint32_t		lbasize;
18992 	int			status;
18993 
18994 	ASSERT(un != NULL);
18995 	ASSERT(!mutex_owned(SD_MUTEX(un)));
18996 	ASSERT(capp != NULL);
18997 	ASSERT(lbap != NULL);
18998 
18999 	SD_TRACE(SD_LOG_IO, un,
19000 	    "sd_send_scsi_READ_CAPACITY: entry: un:0x%p\n", un);
19001 
19002 	/*
19003 	 * First send a READ_CAPACITY command to the target.
19004 	 * (This command is mandatory under SCSI-2.)
19005 	 *
19006 	 * Set up the CDB for the READ_CAPACITY command.  The Partial
19007 	 * Medium Indicator bit is cleared.  The address field must be
19008 	 * zero if the PMI bit is zero.
19009 	 */
19010 	bzero(&cdb, sizeof (cdb));
19011 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19012 
19013 	capacity_buf = kmem_zalloc(SD_CAPACITY_SIZE, KM_SLEEP);
19014 
19015 	cdb.scc_cmd = SCMD_READ_CAPACITY;
19016 
19017 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19018 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19019 	ucmd_buf.uscsi_bufaddr	= (caddr_t)capacity_buf;
19020 	ucmd_buf.uscsi_buflen	= SD_CAPACITY_SIZE;
19021 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19022 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
19023 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19024 	ucmd_buf.uscsi_timeout	= 60;
19025 
19026 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19027 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19028 
19029 	switch (status) {
19030 	case 0:
19031 		/* Return failure if we did not get valid capacity data. */
19032 		if (ucmd_buf.uscsi_resid != 0) {
19033 			kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19034 			return (EIO);
19035 		}
19036 
19037 		/*
19038 		 * Read capacity and block size from the READ CAPACITY 10 data.
19039 		 * This data may be adjusted later due to device specific
19040 		 * issues.
19041 		 *
19042 		 * According to the SCSI spec, the READ CAPACITY 10
19043 		 * command returns the following:
19044 		 *
19045 		 *  bytes 0-3: Maximum logical block address available.
19046 		 *		(MSB in byte:0 & LSB in byte:3)
19047 		 *
19048 		 *  bytes 4-7: Block length in bytes
19049 		 *		(MSB in byte:4 & LSB in byte:7)
19050 		 *
19051 		 */
19052 		capacity = BE_32(capacity_buf[0]);
19053 		lbasize = BE_32(capacity_buf[1]);
19054 
19055 		/*
19056 		 * Done with capacity_buf
19057 		 */
19058 		kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19059 
19060 		/*
19061 		 * if the reported capacity is set to all 0xf's, then
19062 		 * this disk is too large and requires SBC-2 commands.
19063 		 * Reissue the request using READ CAPACITY 16.
19064 		 */
19065 		if (capacity == 0xffffffff) {
19066 			status = sd_send_scsi_READ_CAPACITY_16(un, &capacity,
19067 			    &lbasize, path_flag);
19068 			if (status != 0) {
19069 				return (status);
19070 			}
19071 		}
19072 		break;	/* Success! */
19073 	case EIO:
19074 		switch (ucmd_buf.uscsi_status) {
19075 		case STATUS_RESERVATION_CONFLICT:
19076 			status = EACCES;
19077 			break;
19078 		case STATUS_CHECK:
19079 			/*
19080 			 * Check condition; look for ASC/ASCQ of 0x04/0x01
19081 			 * (LOGICAL UNIT IS IN PROCESS OF BECOMING READY)
19082 			 */
19083 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19084 			    (sense_buf.es_add_code  == 0x04) &&
19085 			    (sense_buf.es_qual_code == 0x01)) {
19086 				kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19087 				return (EAGAIN);
19088 			}
19089 			break;
19090 		default:
19091 			break;
19092 		}
19093 		/* FALLTHRU */
19094 	default:
19095 		kmem_free(capacity_buf, SD_CAPACITY_SIZE);
19096 		return (status);
19097 	}
19098 
19099 	/*
19100 	 * Some ATAPI CD-ROM drives report inaccurate LBA size values
19101 	 * (2352 and 0 are common) so for these devices always force the value
19102 	 * to 2048 as required by the ATAPI specs.
19103 	 */
19104 	if ((un->un_f_cfg_is_atapi == TRUE) && (ISCD(un))) {
19105 		lbasize = 2048;
19106 	}
19107 
19108 	/*
19109 	 * Get the maximum LBA value from the READ CAPACITY data.
19110 	 * Here we assume that the Partial Medium Indicator (PMI) bit
19111 	 * was cleared when issuing the command. This means that the LBA
19112 	 * returned from the device is the LBA of the last logical block
19113 	 * on the logical unit.  The actual logical block count will be
19114 	 * this value plus one.
19115 	 *
19116 	 * Currently the capacity is saved in terms of un->un_sys_blocksize,
19117 	 * so scale the capacity value to reflect this.
19118 	 */
19119 	capacity = (capacity + 1) * (lbasize / un->un_sys_blocksize);
19120 
19121 #if defined(__i386) || defined(__amd64)
19122 	/*
19123 	 * On x86, compensate for off-by-1 error (number of sectors on
19124 	 * media)  (1175930)
19125 	 */
19126 	if (!ISREMOVABLE(un) && (lbasize == un->un_sys_blocksize)) {
19127 		capacity -= 1;
19128 	}
19129 #endif
19130 
19131 	/*
19132 	 * Copy the values from the READ CAPACITY command into the space
19133 	 * provided by the caller.
19134 	 */
19135 	*capp = capacity;
19136 	*lbap = lbasize;
19137 
19138 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_READ_CAPACITY: "
19139 	    "capacity:0x%llx  lbasize:0x%x\n", capacity, lbasize);
19140 
19141 	/*
19142 	 * Both the lbasize and capacity from the device must be nonzero,
19143 	 * otherwise we assume that the values are not valid and return
19144 	 * failure to the caller. (4203735)
19145 	 */
19146 	if ((capacity == 0) || (lbasize == 0)) {
19147 		return (EIO);
19148 	}
19149 
19150 	return (0);
19151 }
19152 
19153 /*
19154  *    Function: sd_send_scsi_READ_CAPACITY_16
19155  *
19156  * Description: This routine uses the scsi READ CAPACITY 16 command to
19157  *		determine the device capacity in number of blocks and the
19158  *		device native block size.  If this function returns a failure,
19159  *		then the values in *capp and *lbap are undefined.
19160  *		This routine should always be called by
19161  *		sd_send_scsi_READ_CAPACITY which will appy any device
19162  *		specific adjustments to capacity and lbasize.
19163  *
19164  *   Arguments: un   - ptr to soft state struct for the target
19165  *		capp - ptr to unsigned 64-bit variable to receive the
19166  *			capacity value from the command.
19167  *		lbap - ptr to unsigned 32-bit varaible to receive the
19168  *			block size value from the command
19169  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
19170  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
19171  *			to use the USCSI "direct" chain and bypass the normal
19172  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when
19173  *			this command is issued as part of an error recovery
19174  *			action.
19175  *
19176  * Return Code: 0   - Success
19177  *		EIO - IO error
19178  *		EACCES - Reservation conflict detected
19179  *		EAGAIN - Device is becoming ready
19180  *		errno return code from sd_send_scsi_cmd()
19181  *
19182  *     Context: Can sleep.  Blocks until command completes.
19183  */
19184 
19185 #define	SD_CAPACITY_16_SIZE	sizeof (struct scsi_capacity_16)
19186 
19187 static int
19188 sd_send_scsi_READ_CAPACITY_16(struct sd_lun *un, uint64_t *capp,
19189 	uint32_t *lbap, int path_flag)
19190 {
19191 	struct	scsi_extended_sense	sense_buf;
19192 	struct	uscsi_cmd	ucmd_buf;
19193 	union	scsi_cdb	cdb;
19194 	uint64_t		*capacity16_buf;
19195 	uint64_t		capacity;
19196 	uint32_t		lbasize;
19197 	int			status;
19198 
19199 	ASSERT(un != NULL);
19200 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19201 	ASSERT(capp != NULL);
19202 	ASSERT(lbap != NULL);
19203 
19204 	SD_TRACE(SD_LOG_IO, un,
19205 	    "sd_send_scsi_READ_CAPACITY: entry: un:0x%p\n", un);
19206 
19207 	/*
19208 	 * First send a READ_CAPACITY_16 command to the target.
19209 	 *
19210 	 * Set up the CDB for the READ_CAPACITY_16 command.  The Partial
19211 	 * Medium Indicator bit is cleared.  The address field must be
19212 	 * zero if the PMI bit is zero.
19213 	 */
19214 	bzero(&cdb, sizeof (cdb));
19215 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19216 
19217 	capacity16_buf = kmem_zalloc(SD_CAPACITY_16_SIZE, KM_SLEEP);
19218 
19219 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19220 	ucmd_buf.uscsi_cdblen	= CDB_GROUP4;
19221 	ucmd_buf.uscsi_bufaddr	= (caddr_t)capacity16_buf;
19222 	ucmd_buf.uscsi_buflen	= SD_CAPACITY_16_SIZE;
19223 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19224 	ucmd_buf.uscsi_rqlen	= sizeof (sense_buf);
19225 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19226 	ucmd_buf.uscsi_timeout	= 60;
19227 
19228 	/*
19229 	 * Read Capacity (16) is a Service Action In command.  One
19230 	 * command byte (0x9E) is overloaded for multiple operations,
19231 	 * with the second CDB byte specifying the desired operation
19232 	 */
19233 	cdb.scc_cmd = SCMD_SVC_ACTION_IN_G4;
19234 	cdb.cdb_opaque[1] = SSVC_ACTION_READ_CAPACITY_G4;
19235 
19236 	/*
19237 	 * Fill in allocation length field
19238 	 */
19239 	FORMG4COUNT(&cdb, ucmd_buf.uscsi_buflen);
19240 
19241 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19242 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19243 
19244 	switch (status) {
19245 	case 0:
19246 		/* Return failure if we did not get valid capacity data. */
19247 		if (ucmd_buf.uscsi_resid > 20) {
19248 			kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19249 			return (EIO);
19250 		}
19251 
19252 		/*
19253 		 * Read capacity and block size from the READ CAPACITY 10 data.
19254 		 * This data may be adjusted later due to device specific
19255 		 * issues.
19256 		 *
19257 		 * According to the SCSI spec, the READ CAPACITY 10
19258 		 * command returns the following:
19259 		 *
19260 		 *  bytes 0-7: Maximum logical block address available.
19261 		 *		(MSB in byte:0 & LSB in byte:7)
19262 		 *
19263 		 *  bytes 8-11: Block length in bytes
19264 		 *		(MSB in byte:8 & LSB in byte:11)
19265 		 *
19266 		 */
19267 		capacity = BE_64(capacity16_buf[0]);
19268 		lbasize = BE_32(*(uint32_t *)&capacity16_buf[1]);
19269 
19270 		/*
19271 		 * Done with capacity16_buf
19272 		 */
19273 		kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19274 
19275 		/*
19276 		 * if the reported capacity is set to all 0xf's, then
19277 		 * this disk is too large.  This could only happen with
19278 		 * a device that supports LBAs larger than 64 bits which
19279 		 * are not defined by any current T10 standards.
19280 		 */
19281 		if (capacity == 0xffffffffffffffff) {
19282 			return (EIO);
19283 		}
19284 		break;	/* Success! */
19285 	case EIO:
19286 		switch (ucmd_buf.uscsi_status) {
19287 		case STATUS_RESERVATION_CONFLICT:
19288 			status = EACCES;
19289 			break;
19290 		case STATUS_CHECK:
19291 			/*
19292 			 * Check condition; look for ASC/ASCQ of 0x04/0x01
19293 			 * (LOGICAL UNIT IS IN PROCESS OF BECOMING READY)
19294 			 */
19295 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19296 			    (sense_buf.es_add_code  == 0x04) &&
19297 			    (sense_buf.es_qual_code == 0x01)) {
19298 				kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19299 				return (EAGAIN);
19300 			}
19301 			break;
19302 		default:
19303 			break;
19304 		}
19305 		/* FALLTHRU */
19306 	default:
19307 		kmem_free(capacity16_buf, SD_CAPACITY_16_SIZE);
19308 		return (status);
19309 	}
19310 
19311 	*capp = capacity;
19312 	*lbap = lbasize;
19313 
19314 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_READ_CAPACITY_16: "
19315 	    "capacity:0x%llx  lbasize:0x%x\n", capacity, lbasize);
19316 
19317 	return (0);
19318 }
19319 
19320 
19321 /*
19322  *    Function: sd_send_scsi_START_STOP_UNIT
19323  *
19324  * Description: Issue a scsi START STOP UNIT command to the target.
19325  *
19326  *   Arguments: un    - pointer to driver soft state (unit) structure for
19327  *			this target.
19328  *		flag  - SD_TARGET_START
19329  *			SD_TARGET_STOP
19330  *			SD_TARGET_EJECT
19331  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
19332  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
19333  *			to use the USCSI "direct" chain and bypass the normal
19334  *			command waitq. SD_PATH_DIRECT_PRIORITY is used when this
19335  *			command is issued as part of an error recovery action.
19336  *
19337  * Return Code: 0   - Success
19338  *		EIO - IO error
19339  *		EACCES - Reservation conflict detected
19340  *		ENXIO  - Not Ready, medium not present
19341  *		errno return code from sd_send_scsi_cmd()
19342  *
19343  *     Context: Can sleep.
19344  */
19345 
19346 static int
19347 sd_send_scsi_START_STOP_UNIT(struct sd_lun *un, int flag, int path_flag)
19348 {
19349 	struct	scsi_extended_sense	sense_buf;
19350 	union scsi_cdb		cdb;
19351 	struct uscsi_cmd	ucmd_buf;
19352 	int			status;
19353 
19354 	ASSERT(un != NULL);
19355 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19356 
19357 	SD_TRACE(SD_LOG_IO, un,
19358 	    "sd_send_scsi_START_STOP_UNIT: entry: un:0x%p\n", un);
19359 
19360 	if (ISREMOVABLE(un) &&
19361 	    ((flag == SD_TARGET_START) || (flag == SD_TARGET_STOP)) &&
19362 	    (un->un_f_start_stop_supported != TRUE)) {
19363 		return (0);
19364 	}
19365 
19366 	bzero(&cdb, sizeof (cdb));
19367 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19368 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19369 
19370 	cdb.scc_cmd = SCMD_START_STOP;
19371 	cdb.cdb_opaque[4] = (uchar_t)flag;
19372 
19373 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19374 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19375 	ucmd_buf.uscsi_bufaddr	= NULL;
19376 	ucmd_buf.uscsi_buflen	= 0;
19377 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19378 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19379 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
19380 	ucmd_buf.uscsi_timeout	= 200;
19381 
19382 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19383 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
19384 
19385 	switch (status) {
19386 	case 0:
19387 		break;	/* Success! */
19388 	case EIO:
19389 		switch (ucmd_buf.uscsi_status) {
19390 		case STATUS_RESERVATION_CONFLICT:
19391 			status = EACCES;
19392 			break;
19393 		case STATUS_CHECK:
19394 			if (ucmd_buf.uscsi_rqstatus == STATUS_GOOD) {
19395 				switch (sense_buf.es_key) {
19396 				case KEY_ILLEGAL_REQUEST:
19397 					status = ENOTSUP;
19398 					break;
19399 				case KEY_NOT_READY:
19400 					if (sense_buf.es_add_code == 0x3A) {
19401 						status = ENXIO;
19402 					}
19403 					break;
19404 				default:
19405 					break;
19406 				}
19407 			}
19408 			break;
19409 		default:
19410 			break;
19411 		}
19412 		break;
19413 	default:
19414 		break;
19415 	}
19416 
19417 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_START_STOP_UNIT: exit\n");
19418 
19419 	return (status);
19420 }
19421 
19422 
19423 /*
19424  *    Function: sd_start_stop_unit_callback
19425  *
19426  * Description: timeout(9F) callback to begin recovery process for a
19427  *		device that has spun down.
19428  *
19429  *   Arguments: arg - pointer to associated softstate struct.
19430  *
19431  *     Context: Executes in a timeout(9F) thread context
19432  */
19433 
19434 static void
19435 sd_start_stop_unit_callback(void *arg)
19436 {
19437 	struct sd_lun	*un = arg;
19438 	ASSERT(un != NULL);
19439 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19440 
19441 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_callback: entry\n");
19442 
19443 	(void) taskq_dispatch(sd_tq, sd_start_stop_unit_task, un, KM_NOSLEEP);
19444 }
19445 
19446 
19447 /*
19448  *    Function: sd_start_stop_unit_task
19449  *
19450  * Description: Recovery procedure when a drive is spun down.
19451  *
19452  *   Arguments: arg - pointer to associated softstate struct.
19453  *
19454  *     Context: Executes in a taskq() thread context
19455  */
19456 
19457 static void
19458 sd_start_stop_unit_task(void *arg)
19459 {
19460 	struct sd_lun	*un = arg;
19461 
19462 	ASSERT(un != NULL);
19463 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19464 
19465 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_task: entry\n");
19466 
19467 	/*
19468 	 * Some unformatted drives report not ready error, no need to
19469 	 * restart if format has been initiated.
19470 	 */
19471 	mutex_enter(SD_MUTEX(un));
19472 	if (un->un_f_format_in_progress == TRUE) {
19473 		mutex_exit(SD_MUTEX(un));
19474 		return;
19475 	}
19476 	mutex_exit(SD_MUTEX(un));
19477 
19478 	/*
19479 	 * When a START STOP command is issued from here, it is part of a
19480 	 * failure recovery operation and must be issued before any other
19481 	 * commands, including any pending retries. Thus it must be sent
19482 	 * using SD_PATH_DIRECT_PRIORITY. It doesn't matter if the spin up
19483 	 * succeeds or not, we will start I/O after the attempt.
19484 	 */
19485 	(void) sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
19486 	    SD_PATH_DIRECT_PRIORITY);
19487 
19488 	/*
19489 	 * The above call blocks until the START_STOP_UNIT command completes.
19490 	 * Now that it has completed, we must re-try the original IO that
19491 	 * received the NOT READY condition in the first place. There are
19492 	 * three possible conditions here:
19493 	 *
19494 	 *  (1) The original IO is on un_retry_bp.
19495 	 *  (2) The original IO is on the regular wait queue, and un_retry_bp
19496 	 *	is NULL.
19497 	 *  (3) The original IO is on the regular wait queue, and un_retry_bp
19498 	 *	points to some other, unrelated bp.
19499 	 *
19500 	 * For each case, we must call sd_start_cmds() with un_retry_bp
19501 	 * as the argument. If un_retry_bp is NULL, this will initiate
19502 	 * processing of the regular wait queue.  If un_retry_bp is not NULL,
19503 	 * then this will process the bp on un_retry_bp. That may or may not
19504 	 * be the original IO, but that does not matter: the important thing
19505 	 * is to keep the IO processing going at this point.
19506 	 *
19507 	 * Note: This is a very specific error recovery sequence associated
19508 	 * with a drive that is not spun up. We attempt a START_STOP_UNIT and
19509 	 * serialize the I/O with completion of the spin-up.
19510 	 */
19511 	mutex_enter(SD_MUTEX(un));
19512 	SD_TRACE(SD_LOG_IO_CORE | SD_LOG_ERROR, un,
19513 	    "sd_start_stop_unit_task: un:0x%p starting bp:0x%p\n",
19514 	    un, un->un_retry_bp);
19515 	un->un_startstop_timeid = NULL;	/* Timeout is no longer pending */
19516 	sd_start_cmds(un, un->un_retry_bp);
19517 	mutex_exit(SD_MUTEX(un));
19518 
19519 	SD_TRACE(SD_LOG_IO, un, "sd_start_stop_unit_task: exit\n");
19520 }
19521 
19522 
19523 /*
19524  *    Function: sd_send_scsi_INQUIRY
19525  *
19526  * Description: Issue the scsi INQUIRY command.
19527  *
19528  *   Arguments: un
19529  *		bufaddr
19530  *		buflen
19531  *		evpd
19532  *		page_code
19533  *		page_length
19534  *
19535  * Return Code: 0   - Success
19536  *		errno return code from sd_send_scsi_cmd()
19537  *
19538  *     Context: Can sleep. Does not return until command is completed.
19539  */
19540 
19541 static int
19542 sd_send_scsi_INQUIRY(struct sd_lun *un, uchar_t *bufaddr, size_t buflen,
19543 	uchar_t evpd, uchar_t page_code, size_t *residp)
19544 {
19545 	union scsi_cdb		cdb;
19546 	struct uscsi_cmd	ucmd_buf;
19547 	int			status;
19548 
19549 	ASSERT(un != NULL);
19550 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19551 	ASSERT(bufaddr != NULL);
19552 
19553 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_INQUIRY: entry: un:0x%p\n", un);
19554 
19555 	bzero(&cdb, sizeof (cdb));
19556 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19557 	bzero(bufaddr, buflen);
19558 
19559 	cdb.scc_cmd = SCMD_INQUIRY;
19560 	cdb.cdb_opaque[1] = evpd;
19561 	cdb.cdb_opaque[2] = page_code;
19562 	FORMG0COUNT(&cdb, buflen);
19563 
19564 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19565 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19566 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
19567 	ucmd_buf.uscsi_buflen	= buflen;
19568 	ucmd_buf.uscsi_rqbuf	= NULL;
19569 	ucmd_buf.uscsi_rqlen	= 0;
19570 	ucmd_buf.uscsi_flags	= USCSI_READ | USCSI_SILENT;
19571 	ucmd_buf.uscsi_timeout	= 200;	/* Excessive legacy value */
19572 
19573 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19574 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_DIRECT);
19575 
19576 	if ((status == 0) && (residp != NULL)) {
19577 		*residp = ucmd_buf.uscsi_resid;
19578 	}
19579 
19580 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_INQUIRY: exit\n");
19581 
19582 	return (status);
19583 }
19584 
19585 
19586 /*
19587  *    Function: sd_send_scsi_TEST_UNIT_READY
19588  *
19589  * Description: Issue the scsi TEST UNIT READY command.
19590  *		This routine can be told to set the flag USCSI_DIAGNOSE to
19591  *		prevent retrying failed commands. Use this when the intent
19592  *		is either to check for device readiness, to clear a Unit
19593  *		Attention, or to clear any outstanding sense data.
19594  *		However under specific conditions the expected behavior
19595  *		is for retries to bring a device ready, so use the flag
19596  *		with caution.
19597  *
19598  *   Arguments: un
19599  *		flag:   SD_CHECK_FOR_MEDIA: return ENXIO if no media present
19600  *			SD_DONT_RETRY_TUR: include uscsi flag USCSI_DIAGNOSE.
19601  *			0: dont check for media present, do retries on cmd.
19602  *
19603  * Return Code: 0   - Success
19604  *		EIO - IO error
19605  *		EACCES - Reservation conflict detected
19606  *		ENXIO  - Not Ready, medium not present
19607  *		errno return code from sd_send_scsi_cmd()
19608  *
19609  *     Context: Can sleep. Does not return until command is completed.
19610  */
19611 
19612 static int
19613 sd_send_scsi_TEST_UNIT_READY(struct sd_lun *un, int flag)
19614 {
19615 	struct	scsi_extended_sense	sense_buf;
19616 	union scsi_cdb		cdb;
19617 	struct uscsi_cmd	ucmd_buf;
19618 	int			status;
19619 
19620 	ASSERT(un != NULL);
19621 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19622 
19623 	SD_TRACE(SD_LOG_IO, un,
19624 	    "sd_send_scsi_TEST_UNIT_READY: entry: un:0x%p\n", un);
19625 
19626 	/*
19627 	 * Some Seagate elite1 TQ devices get hung with disconnect/reconnect
19628 	 * timeouts when they receive a TUR and the queue is not empty. Check
19629 	 * the configuration flag set during attach (indicating the drive has
19630 	 * this firmware bug) and un_ncmds_in_transport before issuing the
19631 	 * TUR. If there are
19632 	 * pending commands return success, this is a bit arbitrary but is ok
19633 	 * for non-removables (i.e. the eliteI disks) and non-clustering
19634 	 * configurations.
19635 	 */
19636 	if (un->un_f_cfg_tur_check == TRUE) {
19637 		mutex_enter(SD_MUTEX(un));
19638 		if (un->un_ncmds_in_transport != 0) {
19639 			mutex_exit(SD_MUTEX(un));
19640 			return (0);
19641 		}
19642 		mutex_exit(SD_MUTEX(un));
19643 	}
19644 
19645 	bzero(&cdb, sizeof (cdb));
19646 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19647 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19648 
19649 	cdb.scc_cmd = SCMD_TEST_UNIT_READY;
19650 
19651 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19652 	ucmd_buf.uscsi_cdblen	= CDB_GROUP0;
19653 	ucmd_buf.uscsi_bufaddr	= NULL;
19654 	ucmd_buf.uscsi_buflen	= 0;
19655 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19656 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19657 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_SILENT;
19658 
19659 	/* Use flag USCSI_DIAGNOSE to prevent retries if it fails. */
19660 	if ((flag & SD_DONT_RETRY_TUR) != 0) {
19661 		ucmd_buf.uscsi_flags |= USCSI_DIAGNOSE;
19662 	}
19663 	ucmd_buf.uscsi_timeout	= 60;
19664 
19665 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19666 	    UIO_SYSSPACE, UIO_SYSSPACE,
19667 	    ((flag & SD_BYPASS_PM) ? SD_PATH_DIRECT : SD_PATH_STANDARD));
19668 
19669 	switch (status) {
19670 	case 0:
19671 		break;	/* Success! */
19672 	case EIO:
19673 		switch (ucmd_buf.uscsi_status) {
19674 		case STATUS_RESERVATION_CONFLICT:
19675 			status = EACCES;
19676 			break;
19677 		case STATUS_CHECK:
19678 			if ((flag & SD_CHECK_FOR_MEDIA) == 0) {
19679 				break;
19680 			}
19681 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19682 			    (sense_buf.es_key == KEY_NOT_READY) &&
19683 			    (sense_buf.es_add_code == 0x3A)) {
19684 				status = ENXIO;
19685 			}
19686 			break;
19687 		default:
19688 			break;
19689 		}
19690 		break;
19691 	default:
19692 		break;
19693 	}
19694 
19695 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_TEST_UNIT_READY: exit\n");
19696 
19697 	return (status);
19698 }
19699 
19700 
19701 /*
19702  *    Function: sd_send_scsi_PERSISTENT_RESERVE_IN
19703  *
19704  * Description: Issue the scsi PERSISTENT RESERVE IN command.
19705  *
19706  *   Arguments: un
19707  *
19708  * Return Code: 0   - Success
19709  *		EACCES
19710  *		ENOTSUP
19711  *		errno return code from sd_send_scsi_cmd()
19712  *
19713  *     Context: Can sleep. Does not return until command is completed.
19714  */
19715 
19716 static int
19717 sd_send_scsi_PERSISTENT_RESERVE_IN(struct sd_lun *un, uchar_t  usr_cmd,
19718 	uint16_t data_len, uchar_t *data_bufp)
19719 {
19720 	struct scsi_extended_sense	sense_buf;
19721 	union scsi_cdb		cdb;
19722 	struct uscsi_cmd	ucmd_buf;
19723 	int			status;
19724 	int			no_caller_buf = FALSE;
19725 
19726 	ASSERT(un != NULL);
19727 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19728 	ASSERT((usr_cmd == SD_READ_KEYS) || (usr_cmd == SD_READ_RESV));
19729 
19730 	SD_TRACE(SD_LOG_IO, un,
19731 	    "sd_send_scsi_PERSISTENT_RESERVE_IN: entry: un:0x%p\n", un);
19732 
19733 	bzero(&cdb, sizeof (cdb));
19734 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19735 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19736 	if (data_bufp == NULL) {
19737 		/* Allocate a default buf if the caller did not give one */
19738 		ASSERT(data_len == 0);
19739 		data_len  = MHIOC_RESV_KEY_SIZE;
19740 		data_bufp = kmem_zalloc(MHIOC_RESV_KEY_SIZE, KM_SLEEP);
19741 		no_caller_buf = TRUE;
19742 	}
19743 
19744 	cdb.scc_cmd = SCMD_PERSISTENT_RESERVE_IN;
19745 	cdb.cdb_opaque[1] = usr_cmd;
19746 	FORMG1COUNT(&cdb, data_len);
19747 
19748 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19749 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19750 	ucmd_buf.uscsi_bufaddr	= (caddr_t)data_bufp;
19751 	ucmd_buf.uscsi_buflen	= data_len;
19752 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19753 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19754 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
19755 	ucmd_buf.uscsi_timeout	= 60;
19756 
19757 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19758 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
19759 
19760 	switch (status) {
19761 	case 0:
19762 		break;	/* Success! */
19763 	case EIO:
19764 		switch (ucmd_buf.uscsi_status) {
19765 		case STATUS_RESERVATION_CONFLICT:
19766 			status = EACCES;
19767 			break;
19768 		case STATUS_CHECK:
19769 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19770 			    (sense_buf.es_key == KEY_ILLEGAL_REQUEST)) {
19771 				status = ENOTSUP;
19772 			}
19773 			break;
19774 		default:
19775 			break;
19776 		}
19777 		break;
19778 	default:
19779 		break;
19780 	}
19781 
19782 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_PERSISTENT_RESERVE_IN: exit\n");
19783 
19784 	if (no_caller_buf == TRUE) {
19785 		kmem_free(data_bufp, data_len);
19786 	}
19787 
19788 	return (status);
19789 }
19790 
19791 
19792 /*
19793  *    Function: sd_send_scsi_PERSISTENT_RESERVE_OUT
19794  *
19795  * Description: This routine is the driver entry point for handling CD-ROM
19796  *		multi-host persistent reservation requests (MHIOCGRP_INKEYS,
19797  *		MHIOCGRP_INRESV) by sending the SCSI-3 PROUT commands to the
19798  *		device.
19799  *
19800  *   Arguments: un  -   Pointer to soft state struct for the target.
19801  *		usr_cmd SCSI-3 reservation facility command (one of
19802  *			SD_SCSI3_REGISTER, SD_SCSI3_RESERVE, SD_SCSI3_RELEASE,
19803  *			SD_SCSI3_PREEMPTANDABORT)
19804  *		usr_bufp - user provided pointer register, reserve descriptor or
19805  *			preempt and abort structure (mhioc_register_t,
19806  *                      mhioc_resv_desc_t, mhioc_preemptandabort_t)
19807  *
19808  * Return Code: 0   - Success
19809  *		EACCES
19810  *		ENOTSUP
19811  *		errno return code from sd_send_scsi_cmd()
19812  *
19813  *     Context: Can sleep. Does not return until command is completed.
19814  */
19815 
19816 static int
19817 sd_send_scsi_PERSISTENT_RESERVE_OUT(struct sd_lun *un, uchar_t usr_cmd,
19818 	uchar_t	*usr_bufp)
19819 {
19820 	struct scsi_extended_sense	sense_buf;
19821 	union scsi_cdb		cdb;
19822 	struct uscsi_cmd	ucmd_buf;
19823 	int			status;
19824 	uchar_t			data_len = sizeof (sd_prout_t);
19825 	sd_prout_t		*prp;
19826 
19827 	ASSERT(un != NULL);
19828 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19829 	ASSERT(data_len == 24);	/* required by scsi spec */
19830 
19831 	SD_TRACE(SD_LOG_IO, un,
19832 	    "sd_send_scsi_PERSISTENT_RESERVE_OUT: entry: un:0x%p\n", un);
19833 
19834 	if (usr_bufp == NULL) {
19835 		return (EINVAL);
19836 	}
19837 
19838 	bzero(&cdb, sizeof (cdb));
19839 	bzero(&ucmd_buf, sizeof (ucmd_buf));
19840 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
19841 	prp = kmem_zalloc(data_len, KM_SLEEP);
19842 
19843 	cdb.scc_cmd = SCMD_PERSISTENT_RESERVE_OUT;
19844 	cdb.cdb_opaque[1] = usr_cmd;
19845 	FORMG1COUNT(&cdb, data_len);
19846 
19847 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
19848 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
19849 	ucmd_buf.uscsi_bufaddr	= (caddr_t)prp;
19850 	ucmd_buf.uscsi_buflen	= data_len;
19851 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
19852 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
19853 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_WRITE | USCSI_SILENT;
19854 	ucmd_buf.uscsi_timeout	= 60;
19855 
19856 	switch (usr_cmd) {
19857 	case SD_SCSI3_REGISTER: {
19858 		mhioc_register_t *ptr = (mhioc_register_t *)usr_bufp;
19859 
19860 		bcopy(ptr->oldkey.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19861 		bcopy(ptr->newkey.key, prp->service_key,
19862 		    MHIOC_RESV_KEY_SIZE);
19863 		prp->aptpl = ptr->aptpl;
19864 		break;
19865 	}
19866 	case SD_SCSI3_RESERVE:
19867 	case SD_SCSI3_RELEASE: {
19868 		mhioc_resv_desc_t *ptr = (mhioc_resv_desc_t *)usr_bufp;
19869 
19870 		bcopy(ptr->key.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19871 		prp->scope_address = BE_32(ptr->scope_specific_addr);
19872 		cdb.cdb_opaque[2] = ptr->type;
19873 		break;
19874 	}
19875 	case SD_SCSI3_PREEMPTANDABORT: {
19876 		mhioc_preemptandabort_t *ptr =
19877 		    (mhioc_preemptandabort_t *)usr_bufp;
19878 
19879 		bcopy(ptr->resvdesc.key.key, prp->res_key, MHIOC_RESV_KEY_SIZE);
19880 		bcopy(ptr->victim_key.key, prp->service_key,
19881 		    MHIOC_RESV_KEY_SIZE);
19882 		prp->scope_address = BE_32(ptr->resvdesc.scope_specific_addr);
19883 		cdb.cdb_opaque[2] = ptr->resvdesc.type;
19884 		ucmd_buf.uscsi_flags |= USCSI_HEAD;
19885 		break;
19886 	}
19887 	case SD_SCSI3_REGISTERANDIGNOREKEY:
19888 	{
19889 		mhioc_registerandignorekey_t *ptr;
19890 		ptr = (mhioc_registerandignorekey_t *)usr_bufp;
19891 		bcopy(ptr->newkey.key,
19892 		    prp->service_key, MHIOC_RESV_KEY_SIZE);
19893 		prp->aptpl = ptr->aptpl;
19894 		break;
19895 	}
19896 	default:
19897 		ASSERT(FALSE);
19898 		break;
19899 	}
19900 
19901 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
19902 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
19903 
19904 	switch (status) {
19905 	case 0:
19906 		break;	/* Success! */
19907 	case EIO:
19908 		switch (ucmd_buf.uscsi_status) {
19909 		case STATUS_RESERVATION_CONFLICT:
19910 			status = EACCES;
19911 			break;
19912 		case STATUS_CHECK:
19913 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
19914 			    (sense_buf.es_key == KEY_ILLEGAL_REQUEST)) {
19915 				status = ENOTSUP;
19916 			}
19917 			break;
19918 		default:
19919 			break;
19920 		}
19921 		break;
19922 	default:
19923 		break;
19924 	}
19925 
19926 	kmem_free(prp, data_len);
19927 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_PERSISTENT_RESERVE_OUT: exit\n");
19928 	return (status);
19929 }
19930 
19931 
19932 /*
19933  *    Function: sd_send_scsi_SYNCHRONIZE_CACHE
19934  *
19935  * Description: Issues a scsi SYNCHRONIZE CACHE command to the target
19936  *
19937  *   Arguments: un - pointer to the target's soft state struct
19938  *
19939  * Return Code: 0 - success
19940  *		errno-type error code
19941  *
19942  *     Context: kernel thread context only.
19943  */
19944 
19945 static int
19946 sd_send_scsi_SYNCHRONIZE_CACHE(struct sd_lun *un, struct dk_callback *dkc)
19947 {
19948 	struct sd_uscsi_info	*uip;
19949 	struct uscsi_cmd	*uscmd;
19950 	union scsi_cdb		*cdb;
19951 	struct buf		*bp;
19952 	int			rval = 0;
19953 
19954 	SD_TRACE(SD_LOG_IO, un,
19955 	    "sd_send_scsi_SYNCHRONIZE_CACHE: entry: un:0x%p\n", un);
19956 
19957 	ASSERT(un != NULL);
19958 	ASSERT(!mutex_owned(SD_MUTEX(un)));
19959 
19960 	cdb = kmem_zalloc(CDB_GROUP1, KM_SLEEP);
19961 	cdb->scc_cmd = SCMD_SYNCHRONIZE_CACHE;
19962 
19963 	/*
19964 	 * First get some memory for the uscsi_cmd struct and cdb
19965 	 * and initialize for SYNCHRONIZE_CACHE cmd.
19966 	 */
19967 	uscmd = kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
19968 	uscmd->uscsi_cdblen = CDB_GROUP1;
19969 	uscmd->uscsi_cdb = (caddr_t)cdb;
19970 	uscmd->uscsi_bufaddr = NULL;
19971 	uscmd->uscsi_buflen = 0;
19972 	uscmd->uscsi_rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
19973 	uscmd->uscsi_rqlen = SENSE_LENGTH;
19974 	uscmd->uscsi_rqresid = SENSE_LENGTH;
19975 	uscmd->uscsi_flags = USCSI_RQENABLE | USCSI_SILENT;
19976 	uscmd->uscsi_timeout = sd_io_time;
19977 
19978 	/*
19979 	 * Allocate an sd_uscsi_info struct and fill it with the info
19980 	 * needed by sd_initpkt_for_uscsi().  Then put the pointer into
19981 	 * b_private in the buf for sd_initpkt_for_uscsi().  Note that
19982 	 * since we allocate the buf here in this function, we do not
19983 	 * need to preserve the prior contents of b_private.
19984 	 * The sd_uscsi_info struct is also used by sd_uscsi_strategy()
19985 	 */
19986 	uip = kmem_zalloc(sizeof (struct sd_uscsi_info), KM_SLEEP);
19987 	uip->ui_flags = SD_PATH_DIRECT;
19988 	uip->ui_cmdp  = uscmd;
19989 
19990 	bp = getrbuf(KM_SLEEP);
19991 	bp->b_private = uip;
19992 
19993 	/*
19994 	 * Setup buffer to carry uscsi request.
19995 	 */
19996 	bp->b_flags  = B_BUSY;
19997 	bp->b_bcount = 0;
19998 	bp->b_blkno  = 0;
19999 
20000 	if (dkc != NULL) {
20001 		bp->b_iodone = sd_send_scsi_SYNCHRONIZE_CACHE_biodone;
20002 		uip->ui_dkc = *dkc;
20003 	}
20004 
20005 	bp->b_edev = SD_GET_DEV(un);
20006 	bp->b_dev = cmpdev(bp->b_edev);	/* maybe unnecessary? */
20007 
20008 	(void) sd_uscsi_strategy(bp);
20009 
20010 	/*
20011 	 * If synchronous request, wait for completion
20012 	 * If async just return and let b_iodone callback
20013 	 * cleanup.
20014 	 * NOTE: On return, u_ncmds_in_driver will be decremented,
20015 	 * but it was also incremented in sd_uscsi_strategy(), so
20016 	 * we should be ok.
20017 	 */
20018 	if (dkc == NULL) {
20019 		(void) biowait(bp);
20020 		rval = sd_send_scsi_SYNCHRONIZE_CACHE_biodone(bp);
20021 	}
20022 
20023 	return (rval);
20024 }
20025 
20026 
20027 static int
20028 sd_send_scsi_SYNCHRONIZE_CACHE_biodone(struct buf *bp)
20029 {
20030 	struct sd_uscsi_info *uip;
20031 	struct uscsi_cmd *uscmd;
20032 	struct scsi_extended_sense *sense_buf;
20033 	struct sd_lun *un;
20034 	int status;
20035 
20036 	uip = (struct sd_uscsi_info *)(bp->b_private);
20037 	ASSERT(uip != NULL);
20038 
20039 	uscmd = uip->ui_cmdp;
20040 	ASSERT(uscmd != NULL);
20041 
20042 	sense_buf = (struct scsi_extended_sense *)uscmd->uscsi_rqbuf;
20043 	ASSERT(sense_buf != NULL);
20044 
20045 	un = ddi_get_soft_state(sd_state, SD_GET_INSTANCE_FROM_BUF(bp));
20046 	ASSERT(un != NULL);
20047 
20048 	status = geterror(bp);
20049 	switch (status) {
20050 	case 0:
20051 		break;	/* Success! */
20052 	case EIO:
20053 		switch (uscmd->uscsi_status) {
20054 		case STATUS_RESERVATION_CONFLICT:
20055 			/* Ignore reservation conflict */
20056 			status = 0;
20057 			goto done;
20058 
20059 		case STATUS_CHECK:
20060 			if ((uscmd->uscsi_rqstatus == STATUS_GOOD) &&
20061 			    (sense_buf->es_key == KEY_ILLEGAL_REQUEST)) {
20062 				/* Ignore Illegal Request error */
20063 				mutex_enter(SD_MUTEX(un));
20064 				un->un_f_sync_cache_unsupported = TRUE;
20065 				mutex_exit(SD_MUTEX(un));
20066 				status = ENOTSUP;
20067 				goto done;
20068 			}
20069 			break;
20070 		default:
20071 			break;
20072 		}
20073 		/* FALLTHRU */
20074 	default:
20075 		/* Ignore error if the media is not present */
20076 		if (sd_send_scsi_TEST_UNIT_READY(un, 0) != 0) {
20077 			status = 0;
20078 			goto done;
20079 		}
20080 		/* If we reach this, we had an error */
20081 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
20082 		    "SYNCHRONIZE CACHE command failed (%d)\n", status);
20083 		break;
20084 	}
20085 
20086 done:
20087 	if (uip->ui_dkc.dkc_callback != NULL) {
20088 		(*uip->ui_dkc.dkc_callback)(uip->ui_dkc.dkc_cookie, status);
20089 	}
20090 
20091 	ASSERT((bp->b_flags & B_REMAPPED) == 0);
20092 	freerbuf(bp);
20093 	kmem_free(uip, sizeof (struct sd_uscsi_info));
20094 	kmem_free(uscmd->uscsi_rqbuf, SENSE_LENGTH);
20095 	kmem_free(uscmd->uscsi_cdb, (size_t)uscmd->uscsi_cdblen);
20096 	kmem_free(uscmd, sizeof (struct uscsi_cmd));
20097 
20098 	return (status);
20099 }
20100 
20101 
20102 /*
20103  *    Function: sd_send_scsi_GET_CONFIGURATION
20104  *
20105  * Description: Issues the get configuration command to the device.
20106  *		Called from sd_check_for_writable_cd & sd_get_media_info
20107  *		caller needs to ensure that buflen = SD_PROFILE_HEADER_LEN
20108  *   Arguments: un
20109  *		ucmdbuf
20110  *		rqbuf
20111  *		rqbuflen
20112  *		bufaddr
20113  *		buflen
20114  *
20115  * Return Code: 0   - Success
20116  *		errno return code from sd_send_scsi_cmd()
20117  *
20118  *     Context: Can sleep. Does not return until command is completed.
20119  *
20120  */
20121 
20122 static int
20123 sd_send_scsi_GET_CONFIGURATION(struct sd_lun *un, struct uscsi_cmd *ucmdbuf,
20124 	uchar_t *rqbuf, uint_t rqbuflen, uchar_t *bufaddr, uint_t buflen)
20125 {
20126 	char	cdb[CDB_GROUP1];
20127 	int	status;
20128 
20129 	ASSERT(un != NULL);
20130 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20131 	ASSERT(bufaddr != NULL);
20132 	ASSERT(ucmdbuf != NULL);
20133 	ASSERT(rqbuf != NULL);
20134 
20135 	SD_TRACE(SD_LOG_IO, un,
20136 	    "sd_send_scsi_GET_CONFIGURATION: entry: un:0x%p\n", un);
20137 
20138 	bzero(cdb, sizeof (cdb));
20139 	bzero(ucmdbuf, sizeof (struct uscsi_cmd));
20140 	bzero(rqbuf, rqbuflen);
20141 	bzero(bufaddr, buflen);
20142 
20143 	/*
20144 	 * Set up cdb field for the get configuration command.
20145 	 */
20146 	cdb[0] = SCMD_GET_CONFIGURATION;
20147 	cdb[1] = 0x02;  /* Requested Type */
20148 	cdb[8] = SD_PROFILE_HEADER_LEN;
20149 	ucmdbuf->uscsi_cdb = cdb;
20150 	ucmdbuf->uscsi_cdblen = CDB_GROUP1;
20151 	ucmdbuf->uscsi_bufaddr = (caddr_t)bufaddr;
20152 	ucmdbuf->uscsi_buflen = buflen;
20153 	ucmdbuf->uscsi_timeout = sd_io_time;
20154 	ucmdbuf->uscsi_rqbuf = (caddr_t)rqbuf;
20155 	ucmdbuf->uscsi_rqlen = rqbuflen;
20156 	ucmdbuf->uscsi_flags = USCSI_RQENABLE|USCSI_SILENT|USCSI_READ;
20157 
20158 	status = sd_send_scsi_cmd(SD_GET_DEV(un), ucmdbuf, UIO_SYSSPACE,
20159 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
20160 
20161 	switch (status) {
20162 	case 0:
20163 		break;  /* Success! */
20164 	case EIO:
20165 		switch (ucmdbuf->uscsi_status) {
20166 		case STATUS_RESERVATION_CONFLICT:
20167 			status = EACCES;
20168 			break;
20169 		default:
20170 			break;
20171 		}
20172 		break;
20173 	default:
20174 		break;
20175 	}
20176 
20177 	if (status == 0) {
20178 		SD_DUMP_MEMORY(un, SD_LOG_IO,
20179 		    "sd_send_scsi_GET_CONFIGURATION: data",
20180 		    (uchar_t *)bufaddr, SD_PROFILE_HEADER_LEN, SD_LOG_HEX);
20181 	}
20182 
20183 	SD_TRACE(SD_LOG_IO, un,
20184 	    "sd_send_scsi_GET_CONFIGURATION: exit\n");
20185 
20186 	return (status);
20187 }
20188 
20189 /*
20190  *    Function: sd_send_scsi_feature_GET_CONFIGURATION
20191  *
20192  * Description: Issues the get configuration command to the device to
20193  *              retrieve a specfic feature. Called from
20194  *		sd_check_for_writable_cd & sd_set_mmc_caps.
20195  *   Arguments: un
20196  *              ucmdbuf
20197  *              rqbuf
20198  *              rqbuflen
20199  *              bufaddr
20200  *              buflen
20201  *		feature
20202  *
20203  * Return Code: 0   - Success
20204  *              errno return code from sd_send_scsi_cmd()
20205  *
20206  *     Context: Can sleep. Does not return until command is completed.
20207  *
20208  */
20209 static int
20210 sd_send_scsi_feature_GET_CONFIGURATION(struct sd_lun *un,
20211 	struct uscsi_cmd *ucmdbuf, uchar_t *rqbuf, uint_t rqbuflen,
20212 	uchar_t *bufaddr, uint_t buflen, char feature)
20213 {
20214 	char    cdb[CDB_GROUP1];
20215 	int	status;
20216 
20217 	ASSERT(un != NULL);
20218 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20219 	ASSERT(bufaddr != NULL);
20220 	ASSERT(ucmdbuf != NULL);
20221 	ASSERT(rqbuf != NULL);
20222 
20223 	SD_TRACE(SD_LOG_IO, un,
20224 	    "sd_send_scsi_feature_GET_CONFIGURATION: entry: un:0x%p\n", un);
20225 
20226 	bzero(cdb, sizeof (cdb));
20227 	bzero(ucmdbuf, sizeof (struct uscsi_cmd));
20228 	bzero(rqbuf, rqbuflen);
20229 	bzero(bufaddr, buflen);
20230 
20231 	/*
20232 	 * Set up cdb field for the get configuration command.
20233 	 */
20234 	cdb[0] = SCMD_GET_CONFIGURATION;
20235 	cdb[1] = 0x02;  /* Requested Type */
20236 	cdb[3] = feature;
20237 	cdb[8] = buflen;
20238 	ucmdbuf->uscsi_cdb = cdb;
20239 	ucmdbuf->uscsi_cdblen = CDB_GROUP1;
20240 	ucmdbuf->uscsi_bufaddr = (caddr_t)bufaddr;
20241 	ucmdbuf->uscsi_buflen = buflen;
20242 	ucmdbuf->uscsi_timeout = sd_io_time;
20243 	ucmdbuf->uscsi_rqbuf = (caddr_t)rqbuf;
20244 	ucmdbuf->uscsi_rqlen = rqbuflen;
20245 	ucmdbuf->uscsi_flags = USCSI_RQENABLE|USCSI_SILENT|USCSI_READ;
20246 
20247 	status = sd_send_scsi_cmd(SD_GET_DEV(un), ucmdbuf, UIO_SYSSPACE,
20248 	    UIO_SYSSPACE, UIO_SYSSPACE, SD_PATH_STANDARD);
20249 
20250 	switch (status) {
20251 	case 0:
20252 		break;  /* Success! */
20253 	case EIO:
20254 		switch (ucmdbuf->uscsi_status) {
20255 		case STATUS_RESERVATION_CONFLICT:
20256 			status = EACCES;
20257 			break;
20258 		default:
20259 			break;
20260 		}
20261 		break;
20262 	default:
20263 		break;
20264 	}
20265 
20266 	if (status == 0) {
20267 		SD_DUMP_MEMORY(un, SD_LOG_IO,
20268 		    "sd_send_scsi_feature_GET_CONFIGURATION: data",
20269 		    (uchar_t *)bufaddr, SD_PROFILE_HEADER_LEN, SD_LOG_HEX);
20270 	}
20271 
20272 	SD_TRACE(SD_LOG_IO, un,
20273 	    "sd_send_scsi_feature_GET_CONFIGURATION: exit\n");
20274 
20275 	return (status);
20276 }
20277 
20278 
20279 /*
20280  *    Function: sd_send_scsi_MODE_SENSE
20281  *
20282  * Description: Utility function for issuing a scsi MODE SENSE command.
20283  *		Note: This routine uses a consistent implementation for Group0,
20284  *		Group1, and Group2 commands across all platforms. ATAPI devices
20285  *		use Group 1 Read/Write commands and Group 2 Mode Sense/Select
20286  *
20287  *   Arguments: un - pointer to the softstate struct for the target.
20288  *		cdbsize - size CDB to be used (CDB_GROUP0 (6 byte), or
20289  *			  CDB_GROUP[1|2] (10 byte).
20290  *		bufaddr - buffer for page data retrieved from the target.
20291  *		buflen - size of page to be retrieved.
20292  *		page_code - page code of data to be retrieved from the target.
20293  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20294  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20295  *			to use the USCSI "direct" chain and bypass the normal
20296  *			command waitq.
20297  *
20298  * Return Code: 0   - Success
20299  *		errno return code from sd_send_scsi_cmd()
20300  *
20301  *     Context: Can sleep. Does not return until command is completed.
20302  */
20303 
20304 static int
20305 sd_send_scsi_MODE_SENSE(struct sd_lun *un, int cdbsize, uchar_t *bufaddr,
20306 	size_t buflen,  uchar_t page_code, int path_flag)
20307 {
20308 	struct	scsi_extended_sense	sense_buf;
20309 	union scsi_cdb		cdb;
20310 	struct uscsi_cmd	ucmd_buf;
20311 	int			status;
20312 
20313 	ASSERT(un != NULL);
20314 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20315 	ASSERT(bufaddr != NULL);
20316 	ASSERT((cdbsize == CDB_GROUP0) || (cdbsize == CDB_GROUP1) ||
20317 	    (cdbsize == CDB_GROUP2));
20318 
20319 	SD_TRACE(SD_LOG_IO, un,
20320 	    "sd_send_scsi_MODE_SENSE: entry: un:0x%p\n", un);
20321 
20322 	bzero(&cdb, sizeof (cdb));
20323 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20324 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20325 	bzero(bufaddr, buflen);
20326 
20327 	if (cdbsize == CDB_GROUP0) {
20328 		cdb.scc_cmd = SCMD_MODE_SENSE;
20329 		cdb.cdb_opaque[2] = page_code;
20330 		FORMG0COUNT(&cdb, buflen);
20331 	} else {
20332 		cdb.scc_cmd = SCMD_MODE_SENSE_G1;
20333 		cdb.cdb_opaque[2] = page_code;
20334 		FORMG1COUNT(&cdb, buflen);
20335 	}
20336 
20337 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20338 
20339 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20340 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20341 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20342 	ucmd_buf.uscsi_buflen	= buflen;
20343 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20344 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20345 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
20346 	ucmd_buf.uscsi_timeout	= 60;
20347 
20348 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20349 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20350 
20351 	switch (status) {
20352 	case 0:
20353 		break;	/* Success! */
20354 	case EIO:
20355 		switch (ucmd_buf.uscsi_status) {
20356 		case STATUS_RESERVATION_CONFLICT:
20357 			status = EACCES;
20358 			break;
20359 		default:
20360 			break;
20361 		}
20362 		break;
20363 	default:
20364 		break;
20365 	}
20366 
20367 	if (status == 0) {
20368 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_MODE_SENSE: data",
20369 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20370 	}
20371 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_MODE_SENSE: exit\n");
20372 
20373 	return (status);
20374 }
20375 
20376 
20377 /*
20378  *    Function: sd_send_scsi_MODE_SELECT
20379  *
20380  * Description: Utility function for issuing a scsi MODE SELECT command.
20381  *		Note: This routine uses a consistent implementation for Group0,
20382  *		Group1, and Group2 commands across all platforms. ATAPI devices
20383  *		use Group 1 Read/Write commands and Group 2 Mode Sense/Select
20384  *
20385  *   Arguments: un - pointer to the softstate struct for the target.
20386  *		cdbsize - size CDB to be used (CDB_GROUP0 (6 byte), or
20387  *			  CDB_GROUP[1|2] (10 byte).
20388  *		bufaddr - buffer for page data retrieved from the target.
20389  *		buflen - size of page to be retrieved.
20390  *		save_page - boolean to determin if SP bit should be set.
20391  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20392  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20393  *			to use the USCSI "direct" chain and bypass the normal
20394  *			command waitq.
20395  *
20396  * Return Code: 0   - Success
20397  *		errno return code from sd_send_scsi_cmd()
20398  *
20399  *     Context: Can sleep. Does not return until command is completed.
20400  */
20401 
20402 static int
20403 sd_send_scsi_MODE_SELECT(struct sd_lun *un, int cdbsize, uchar_t *bufaddr,
20404 	size_t buflen,  uchar_t save_page, int path_flag)
20405 {
20406 	struct	scsi_extended_sense	sense_buf;
20407 	union scsi_cdb		cdb;
20408 	struct uscsi_cmd	ucmd_buf;
20409 	int			status;
20410 
20411 	ASSERT(un != NULL);
20412 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20413 	ASSERT(bufaddr != NULL);
20414 	ASSERT((cdbsize == CDB_GROUP0) || (cdbsize == CDB_GROUP1) ||
20415 	    (cdbsize == CDB_GROUP2));
20416 
20417 	SD_TRACE(SD_LOG_IO, un,
20418 	    "sd_send_scsi_MODE_SELECT: entry: un:0x%p\n", un);
20419 
20420 	bzero(&cdb, sizeof (cdb));
20421 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20422 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20423 
20424 	/* Set the PF bit for many third party drives */
20425 	cdb.cdb_opaque[1] = 0x10;
20426 
20427 	/* Set the savepage(SP) bit if given */
20428 	if (save_page == SD_SAVE_PAGE) {
20429 		cdb.cdb_opaque[1] |= 0x01;
20430 	}
20431 
20432 	if (cdbsize == CDB_GROUP0) {
20433 		cdb.scc_cmd = SCMD_MODE_SELECT;
20434 		FORMG0COUNT(&cdb, buflen);
20435 	} else {
20436 		cdb.scc_cmd = SCMD_MODE_SELECT_G1;
20437 		FORMG1COUNT(&cdb, buflen);
20438 	}
20439 
20440 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20441 
20442 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20443 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20444 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20445 	ucmd_buf.uscsi_buflen	= buflen;
20446 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20447 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20448 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_WRITE | USCSI_SILENT;
20449 	ucmd_buf.uscsi_timeout	= 60;
20450 
20451 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20452 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20453 
20454 	switch (status) {
20455 	case 0:
20456 		break;	/* Success! */
20457 	case EIO:
20458 		switch (ucmd_buf.uscsi_status) {
20459 		case STATUS_RESERVATION_CONFLICT:
20460 			status = EACCES;
20461 			break;
20462 		default:
20463 			break;
20464 		}
20465 		break;
20466 	default:
20467 		break;
20468 	}
20469 
20470 	if (status == 0) {
20471 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_MODE_SELECT: data",
20472 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20473 	}
20474 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_MODE_SELECT: exit\n");
20475 
20476 	return (status);
20477 }
20478 
20479 
20480 /*
20481  *    Function: sd_send_scsi_RDWR
20482  *
20483  * Description: Issue a scsi READ or WRITE command with the given parameters.
20484  *
20485  *   Arguments: un:      Pointer to the sd_lun struct for the target.
20486  *		cmd:	 SCMD_READ or SCMD_WRITE
20487  *		bufaddr: Address of caller's buffer to receive the RDWR data
20488  *		buflen:  Length of caller's buffer receive the RDWR data.
20489  *		start_block: Block number for the start of the RDWR operation.
20490  *			 (Assumes target-native block size.)
20491  *		residp:  Pointer to variable to receive the redisual of the
20492  *			 RDWR operation (may be NULL of no residual requested).
20493  *		path_flag - SD_PATH_DIRECT to use the USCSI "direct" chain and
20494  *			the normal command waitq, or SD_PATH_DIRECT_PRIORITY
20495  *			to use the USCSI "direct" chain and bypass the normal
20496  *			command waitq.
20497  *
20498  * Return Code: 0   - Success
20499  *		errno return code from sd_send_scsi_cmd()
20500  *
20501  *     Context: Can sleep. Does not return until command is completed.
20502  */
20503 
20504 static int
20505 sd_send_scsi_RDWR(struct sd_lun *un, uchar_t cmd, void *bufaddr,
20506 	size_t buflen, daddr_t start_block, int path_flag)
20507 {
20508 	struct	scsi_extended_sense	sense_buf;
20509 	union scsi_cdb		cdb;
20510 	struct uscsi_cmd	ucmd_buf;
20511 	uint32_t		block_count;
20512 	int			status;
20513 	int			cdbsize;
20514 	uchar_t			flag;
20515 
20516 	ASSERT(un != NULL);
20517 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20518 	ASSERT(bufaddr != NULL);
20519 	ASSERT((cmd == SCMD_READ) || (cmd == SCMD_WRITE));
20520 
20521 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_RDWR: entry: un:0x%p\n", un);
20522 
20523 	if (un->un_f_tgt_blocksize_is_valid != TRUE) {
20524 		return (EINVAL);
20525 	}
20526 
20527 	mutex_enter(SD_MUTEX(un));
20528 	block_count = SD_BYTES2TGTBLOCKS(un, buflen);
20529 	mutex_exit(SD_MUTEX(un));
20530 
20531 	flag = (cmd == SCMD_READ) ? USCSI_READ : USCSI_WRITE;
20532 
20533 	SD_INFO(SD_LOG_IO, un, "sd_send_scsi_RDWR: "
20534 	    "bufaddr:0x%p buflen:0x%x start_block:0x%p block_count:0x%x\n",
20535 	    bufaddr, buflen, start_block, block_count);
20536 
20537 	bzero(&cdb, sizeof (cdb));
20538 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20539 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20540 
20541 	/* Compute CDB size to use */
20542 	if (start_block > 0xffffffff)
20543 		cdbsize = CDB_GROUP4;
20544 	else if ((start_block & 0xFFE00000) ||
20545 	    (un->un_f_cfg_is_atapi == TRUE))
20546 		cdbsize = CDB_GROUP1;
20547 	else
20548 		cdbsize = CDB_GROUP0;
20549 
20550 	switch (cdbsize) {
20551 	case CDB_GROUP0:	/* 6-byte CDBs */
20552 		cdb.scc_cmd = cmd;
20553 		FORMG0ADDR(&cdb, start_block);
20554 		FORMG0COUNT(&cdb, block_count);
20555 		break;
20556 	case CDB_GROUP1:	/* 10-byte CDBs */
20557 		cdb.scc_cmd = cmd | SCMD_GROUP1;
20558 		FORMG1ADDR(&cdb, start_block);
20559 		FORMG1COUNT(&cdb, block_count);
20560 		break;
20561 	case CDB_GROUP4:	/* 16-byte CDBs */
20562 		cdb.scc_cmd = cmd | SCMD_GROUP4;
20563 		FORMG4LONGADDR(&cdb, (uint64_t)start_block);
20564 		FORMG4COUNT(&cdb, block_count);
20565 		break;
20566 	case CDB_GROUP5:	/* 12-byte CDBs (currently unsupported) */
20567 	default:
20568 		/* All others reserved */
20569 		return (EINVAL);
20570 	}
20571 
20572 	/* Set LUN bit(s) in CDB if this is a SCSI-1 device */
20573 	SD_FILL_SCSI1_LUN_CDB(un, &cdb);
20574 
20575 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20576 	ucmd_buf.uscsi_cdblen	= (uchar_t)cdbsize;
20577 	ucmd_buf.uscsi_bufaddr	= bufaddr;
20578 	ucmd_buf.uscsi_buflen	= buflen;
20579 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20580 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20581 	ucmd_buf.uscsi_flags	= flag | USCSI_RQENABLE | USCSI_SILENT;
20582 	ucmd_buf.uscsi_timeout	= 60;
20583 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20584 				UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20585 	switch (status) {
20586 	case 0:
20587 		break;	/* Success! */
20588 	case EIO:
20589 		switch (ucmd_buf.uscsi_status) {
20590 		case STATUS_RESERVATION_CONFLICT:
20591 			status = EACCES;
20592 			break;
20593 		default:
20594 			break;
20595 		}
20596 		break;
20597 	default:
20598 		break;
20599 	}
20600 
20601 	if (status == 0) {
20602 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_RDWR: data",
20603 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20604 	}
20605 
20606 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_RDWR: exit\n");
20607 
20608 	return (status);
20609 }
20610 
20611 
20612 /*
20613  *    Function: sd_send_scsi_LOG_SENSE
20614  *
20615  * Description: Issue a scsi LOG_SENSE command with the given parameters.
20616  *
20617  *   Arguments: un:      Pointer to the sd_lun struct for the target.
20618  *
20619  * Return Code: 0   - Success
20620  *		errno return code from sd_send_scsi_cmd()
20621  *
20622  *     Context: Can sleep. Does not return until command is completed.
20623  */
20624 
20625 static int
20626 sd_send_scsi_LOG_SENSE(struct sd_lun *un, uchar_t *bufaddr, uint16_t buflen,
20627 	uchar_t page_code, uchar_t page_control, uint16_t param_ptr,
20628 	int path_flag)
20629 
20630 {
20631 	struct	scsi_extended_sense	sense_buf;
20632 	union scsi_cdb		cdb;
20633 	struct uscsi_cmd	ucmd_buf;
20634 	int			status;
20635 
20636 	ASSERT(un != NULL);
20637 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20638 
20639 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_LOG_SENSE: entry: un:0x%p\n", un);
20640 
20641 	bzero(&cdb, sizeof (cdb));
20642 	bzero(&ucmd_buf, sizeof (ucmd_buf));
20643 	bzero(&sense_buf, sizeof (struct scsi_extended_sense));
20644 
20645 	cdb.scc_cmd = SCMD_LOG_SENSE_G1;
20646 	cdb.cdb_opaque[2] = (page_control << 6) | page_code;
20647 	cdb.cdb_opaque[5] = (uchar_t)((param_ptr & 0xFF00) >> 8);
20648 	cdb.cdb_opaque[6] = (uchar_t)(param_ptr  & 0x00FF);
20649 	FORMG1COUNT(&cdb, buflen);
20650 
20651 	ucmd_buf.uscsi_cdb	= (char *)&cdb;
20652 	ucmd_buf.uscsi_cdblen	= CDB_GROUP1;
20653 	ucmd_buf.uscsi_bufaddr	= (caddr_t)bufaddr;
20654 	ucmd_buf.uscsi_buflen	= buflen;
20655 	ucmd_buf.uscsi_rqbuf	= (caddr_t)&sense_buf;
20656 	ucmd_buf.uscsi_rqlen	= sizeof (struct scsi_extended_sense);
20657 	ucmd_buf.uscsi_flags	= USCSI_RQENABLE | USCSI_READ | USCSI_SILENT;
20658 	ucmd_buf.uscsi_timeout	= 60;
20659 
20660 	status = sd_send_scsi_cmd(SD_GET_DEV(un), &ucmd_buf, UIO_SYSSPACE,
20661 	    UIO_SYSSPACE, UIO_SYSSPACE, path_flag);
20662 
20663 	switch (status) {
20664 	case 0:
20665 		break;
20666 	case EIO:
20667 		switch (ucmd_buf.uscsi_status) {
20668 		case STATUS_RESERVATION_CONFLICT:
20669 			status = EACCES;
20670 			break;
20671 		case STATUS_CHECK:
20672 			if ((ucmd_buf.uscsi_rqstatus == STATUS_GOOD) &&
20673 			    (sense_buf.es_key == KEY_ILLEGAL_REQUEST) &&
20674 			    (sense_buf.es_add_code == 0x24)) {
20675 				/*
20676 				 * ASC 0x24: INVALID FIELD IN CDB
20677 				 */
20678 				switch (page_code) {
20679 				case START_STOP_CYCLE_PAGE:
20680 					/*
20681 					 * The start stop cycle counter is
20682 					 * implemented as page 0x31 in earlier
20683 					 * generation disks. In new generation
20684 					 * disks the start stop cycle counter is
20685 					 * implemented as page 0xE. To properly
20686 					 * handle this case if an attempt for
20687 					 * log page 0xE is made and fails we
20688 					 * will try again using page 0x31.
20689 					 *
20690 					 * Network storage BU committed to
20691 					 * maintain the page 0x31 for this
20692 					 * purpose and will not have any other
20693 					 * page implemented with page code 0x31
20694 					 * until all disks transition to the
20695 					 * standard page.
20696 					 */
20697 					mutex_enter(SD_MUTEX(un));
20698 					un->un_start_stop_cycle_page =
20699 					    START_STOP_CYCLE_VU_PAGE;
20700 					cdb.cdb_opaque[2] =
20701 					    (char)(page_control << 6) |
20702 					    un->un_start_stop_cycle_page;
20703 					mutex_exit(SD_MUTEX(un));
20704 					status = sd_send_scsi_cmd(
20705 					    SD_GET_DEV(un), &ucmd_buf,
20706 					    UIO_SYSSPACE, UIO_SYSSPACE,
20707 					    UIO_SYSSPACE, path_flag);
20708 
20709 					break;
20710 				case TEMPERATURE_PAGE:
20711 					status = ENOTTY;
20712 					break;
20713 				default:
20714 					break;
20715 				}
20716 			}
20717 			break;
20718 		default:
20719 			break;
20720 		}
20721 		break;
20722 	default:
20723 		break;
20724 	}
20725 
20726 	if (status == 0) {
20727 		SD_DUMP_MEMORY(un, SD_LOG_IO, "sd_send_scsi_LOG_SENSE: data",
20728 		    (uchar_t *)bufaddr, buflen, SD_LOG_HEX);
20729 	}
20730 
20731 	SD_TRACE(SD_LOG_IO, un, "sd_send_scsi_LOG_SENSE: exit\n");
20732 
20733 	return (status);
20734 }
20735 
20736 
20737 /*
20738  *    Function: sdioctl
20739  *
20740  * Description: Driver's ioctl(9e) entry point function.
20741  *
20742  *   Arguments: dev     - device number
20743  *		cmd     - ioctl operation to be performed
20744  *		arg     - user argument, contains data to be set or reference
20745  *			  parameter for get
20746  *		flag    - bit flag, indicating open settings, 32/64 bit type
20747  *		cred_p  - user credential pointer
20748  *		rval_p  - calling process return value (OPT)
20749  *
20750  * Return Code: EINVAL
20751  *		ENOTTY
20752  *		ENXIO
20753  *		EIO
20754  *		EFAULT
20755  *		ENOTSUP
20756  *		EPERM
20757  *
20758  *     Context: Called from the device switch at normal priority.
20759  */
20760 
20761 static int
20762 sdioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *cred_p, int *rval_p)
20763 {
20764 	struct sd_lun	*un = NULL;
20765 	int		geom_validated = FALSE;
20766 	int		err = 0;
20767 	int		i = 0;
20768 	cred_t		*cr;
20769 
20770 	/*
20771 	 * All device accesses go thru sdstrategy where we check on suspend
20772 	 * status
20773 	 */
20774 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
20775 		return (ENXIO);
20776 	}
20777 
20778 	ASSERT(!mutex_owned(SD_MUTEX(un)));
20779 
20780 	/*
20781 	 * Moved this wait from sd_uscsi_strategy to here for
20782 	 * reasons of deadlock prevention. Internal driver commands,
20783 	 * specifically those to change a devices power level, result
20784 	 * in a call to sd_uscsi_strategy.
20785 	 */
20786 	mutex_enter(SD_MUTEX(un));
20787 	while ((un->un_state == SD_STATE_SUSPENDED) ||
20788 	    (un->un_state == SD_STATE_PM_CHANGING)) {
20789 		cv_wait(&un->un_suspend_cv, SD_MUTEX(un));
20790 	}
20791 	/*
20792 	 * Twiddling the counter here protects commands from now
20793 	 * through to the top of sd_uscsi_strategy. Without the
20794 	 * counter inc. a power down, for example, could get in
20795 	 * after the above check for state is made and before
20796 	 * execution gets to the top of sd_uscsi_strategy.
20797 	 * That would cause problems.
20798 	 */
20799 	un->un_ncmds_in_driver++;
20800 
20801 	if ((un->un_f_geometry_is_valid == FALSE) &&
20802 	    (flag & (FNDELAY | FNONBLOCK))) {
20803 		switch (cmd) {
20804 		case CDROMPAUSE:
20805 		case CDROMRESUME:
20806 		case CDROMPLAYMSF:
20807 		case CDROMPLAYTRKIND:
20808 		case CDROMREADTOCHDR:
20809 		case CDROMREADTOCENTRY:
20810 		case CDROMSTOP:
20811 		case CDROMSTART:
20812 		case CDROMVOLCTRL:
20813 		case CDROMSUBCHNL:
20814 		case CDROMREADMODE2:
20815 		case CDROMREADMODE1:
20816 		case CDROMREADOFFSET:
20817 		case CDROMSBLKMODE:
20818 		case CDROMGBLKMODE:
20819 		case CDROMGDRVSPEED:
20820 		case CDROMSDRVSPEED:
20821 		case CDROMCDDA:
20822 		case CDROMCDXA:
20823 		case CDROMSUBCODE:
20824 			if (!ISCD(un)) {
20825 				un->un_ncmds_in_driver--;
20826 				ASSERT(un->un_ncmds_in_driver >= 0);
20827 				mutex_exit(SD_MUTEX(un));
20828 				return (ENOTTY);
20829 			}
20830 			break;
20831 		case FDEJECT:
20832 		case DKIOCEJECT:
20833 		case CDROMEJECT:
20834 			if (!ISREMOVABLE(un)) {
20835 				un->un_ncmds_in_driver--;
20836 				ASSERT(un->un_ncmds_in_driver >= 0);
20837 				mutex_exit(SD_MUTEX(un));
20838 				return (ENOTTY);
20839 			}
20840 			break;
20841 		case DKIOCSVTOC:
20842 		case DKIOCSETEFI:
20843 		case DKIOCSMBOOT:
20844 		case DKIOCFLUSHWRITECACHE:
20845 			mutex_exit(SD_MUTEX(un));
20846 			err = sd_send_scsi_TEST_UNIT_READY(un, 0);
20847 			if (err != 0) {
20848 				mutex_enter(SD_MUTEX(un));
20849 				un->un_ncmds_in_driver--;
20850 				ASSERT(un->un_ncmds_in_driver >= 0);
20851 				mutex_exit(SD_MUTEX(un));
20852 				return (EIO);
20853 			}
20854 			mutex_enter(SD_MUTEX(un));
20855 			/* FALLTHROUGH */
20856 		case DKIOCREMOVABLE:
20857 		case DKIOCINFO:
20858 		case DKIOCGMEDIAINFO:
20859 		case MHIOCENFAILFAST:
20860 		case MHIOCSTATUS:
20861 		case MHIOCTKOWN:
20862 		case MHIOCRELEASE:
20863 		case MHIOCGRP_INKEYS:
20864 		case MHIOCGRP_INRESV:
20865 		case MHIOCGRP_REGISTER:
20866 		case MHIOCGRP_RESERVE:
20867 		case MHIOCGRP_PREEMPTANDABORT:
20868 		case MHIOCGRP_REGISTERANDIGNOREKEY:
20869 		case CDROMCLOSETRAY:
20870 		case USCSICMD:
20871 			goto skip_ready_valid;
20872 		default:
20873 			break;
20874 		}
20875 
20876 		mutex_exit(SD_MUTEX(un));
20877 		err = sd_ready_and_valid(un);
20878 		mutex_enter(SD_MUTEX(un));
20879 		if (err == SD_READY_NOT_VALID) {
20880 			switch (cmd) {
20881 			case DKIOCGAPART:
20882 			case DKIOCGGEOM:
20883 			case DKIOCSGEOM:
20884 			case DKIOCGVTOC:
20885 			case DKIOCSVTOC:
20886 			case DKIOCSAPART:
20887 			case DKIOCG_PHYGEOM:
20888 			case DKIOCG_VIRTGEOM:
20889 				err = ENOTSUP;
20890 				un->un_ncmds_in_driver--;
20891 				ASSERT(un->un_ncmds_in_driver >= 0);
20892 				mutex_exit(SD_MUTEX(un));
20893 				return (err);
20894 			}
20895 		}
20896 		if (err != SD_READY_VALID) {
20897 			switch (cmd) {
20898 			case DKIOCSTATE:
20899 			case CDROMGDRVSPEED:
20900 			case CDROMSDRVSPEED:
20901 			case FDEJECT:	/* for eject command */
20902 			case DKIOCEJECT:
20903 			case CDROMEJECT:
20904 			case DKIOCGETEFI:
20905 			case DKIOCSGEOM:
20906 			case DKIOCREMOVABLE:
20907 			case DKIOCSAPART:
20908 			case DKIOCSETEFI:
20909 				break;
20910 			default:
20911 				if (ISREMOVABLE(un)) {
20912 					err = ENXIO;
20913 				} else {
20914 					/* Do not map EACCES to EIO */
20915 					if (err != EACCES)
20916 						err = EIO;
20917 				}
20918 				un->un_ncmds_in_driver--;
20919 				ASSERT(un->un_ncmds_in_driver >= 0);
20920 				mutex_exit(SD_MUTEX(un));
20921 				return (err);
20922 			}
20923 		}
20924 		geom_validated = TRUE;
20925 	}
20926 	if ((un->un_f_geometry_is_valid == TRUE) &&
20927 	    (un->un_solaris_size > 0)) {
20928 		/*
20929 		 * the "geometry_is_valid" flag could be true if we
20930 		 * have an fdisk table but no Solaris partition
20931 		 */
20932 		if (un->un_vtoc.v_sanity != VTOC_SANE) {
20933 			/* it is EFI, so return ENOTSUP for these */
20934 			switch (cmd) {
20935 			case DKIOCGAPART:
20936 			case DKIOCGGEOM:
20937 			case DKIOCGVTOC:
20938 			case DKIOCSVTOC:
20939 			case DKIOCSAPART:
20940 				err = ENOTSUP;
20941 				un->un_ncmds_in_driver--;
20942 				ASSERT(un->un_ncmds_in_driver >= 0);
20943 				mutex_exit(SD_MUTEX(un));
20944 				return (err);
20945 			}
20946 		}
20947 	}
20948 
20949 skip_ready_valid:
20950 	mutex_exit(SD_MUTEX(un));
20951 
20952 	switch (cmd) {
20953 	case DKIOCINFO:
20954 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCINFO\n");
20955 		err = sd_dkio_ctrl_info(dev, (caddr_t)arg, flag);
20956 		break;
20957 
20958 	case DKIOCGMEDIAINFO:
20959 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGMEDIAINFO\n");
20960 		err = sd_get_media_info(dev, (caddr_t)arg, flag);
20961 		break;
20962 
20963 	case DKIOCGGEOM:
20964 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGGEOM\n");
20965 		err = sd_dkio_get_geometry(dev, (caddr_t)arg, flag,
20966 		    geom_validated);
20967 		break;
20968 
20969 	case DKIOCSGEOM:
20970 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSGEOM\n");
20971 		err = sd_dkio_set_geometry(dev, (caddr_t)arg, flag);
20972 		break;
20973 
20974 	case DKIOCGAPART:
20975 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGAPART\n");
20976 		err = sd_dkio_get_partition(dev, (caddr_t)arg, flag,
20977 		    geom_validated);
20978 		break;
20979 
20980 	case DKIOCSAPART:
20981 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSAPART\n");
20982 		err = sd_dkio_set_partition(dev, (caddr_t)arg, flag);
20983 		break;
20984 
20985 	case DKIOCGVTOC:
20986 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGVTOC\n");
20987 		err = sd_dkio_get_vtoc(dev, (caddr_t)arg, flag,
20988 		    geom_validated);
20989 		break;
20990 
20991 	case DKIOCGETEFI:
20992 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGETEFI\n");
20993 		err = sd_dkio_get_efi(dev, (caddr_t)arg, flag);
20994 		break;
20995 
20996 	case DKIOCPARTITION:
20997 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTITION\n");
20998 		err = sd_dkio_partition(dev, (caddr_t)arg, flag);
20999 		break;
21000 
21001 	case DKIOCSVTOC:
21002 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSVTOC\n");
21003 		err = sd_dkio_set_vtoc(dev, (caddr_t)arg, flag);
21004 		break;
21005 
21006 	case DKIOCSETEFI:
21007 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSETEFI\n");
21008 		err = sd_dkio_set_efi(dev, (caddr_t)arg, flag);
21009 		break;
21010 
21011 	case DKIOCGMBOOT:
21012 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGMBOOT\n");
21013 		err = sd_dkio_get_mboot(dev, (caddr_t)arg, flag);
21014 		break;
21015 
21016 	case DKIOCSMBOOT:
21017 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSMBOOT\n");
21018 		err = sd_dkio_set_mboot(dev, (caddr_t)arg, flag);
21019 		break;
21020 
21021 	case DKIOCLOCK:
21022 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCLOCK\n");
21023 		err = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
21024 		    SD_PATH_STANDARD);
21025 		break;
21026 
21027 	case DKIOCUNLOCK:
21028 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCUNLOCK\n");
21029 		err = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_ALLOW,
21030 		    SD_PATH_STANDARD);
21031 		break;
21032 
21033 	case DKIOCSTATE: {
21034 		enum dkio_state		state;
21035 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCSTATE\n");
21036 
21037 		if (ddi_copyin((void *)arg, &state, sizeof (int), flag) != 0) {
21038 			err = EFAULT;
21039 		} else {
21040 			err = sd_check_media(dev, state);
21041 			if (err == 0) {
21042 				if (ddi_copyout(&un->un_mediastate, (void *)arg,
21043 				    sizeof (int), flag) != 0)
21044 					err = EFAULT;
21045 			}
21046 		}
21047 		break;
21048 	}
21049 
21050 	case DKIOCREMOVABLE:
21051 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCREMOVABLE\n");
21052 		if (ISREMOVABLE(un)) {
21053 			i = 1;
21054 		} else {
21055 			i = 0;
21056 		}
21057 		if (ddi_copyout(&i, (void *)arg, sizeof (int), flag) != 0) {
21058 			err = EFAULT;
21059 		} else {
21060 			err = 0;
21061 		}
21062 		break;
21063 
21064 	case DKIOCGTEMPERATURE:
21065 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCGTEMPERATURE\n");
21066 		err = sd_dkio_get_temp(dev, (caddr_t)arg, flag);
21067 		break;
21068 
21069 	case MHIOCENFAILFAST:
21070 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCENFAILFAST\n");
21071 		if ((err = drv_priv(cred_p)) == 0) {
21072 			err = sd_mhdioc_failfast(dev, (caddr_t)arg, flag);
21073 		}
21074 		break;
21075 
21076 	case MHIOCTKOWN:
21077 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCTKOWN\n");
21078 		if ((err = drv_priv(cred_p)) == 0) {
21079 			err = sd_mhdioc_takeown(dev, (caddr_t)arg, flag);
21080 		}
21081 		break;
21082 
21083 	case MHIOCRELEASE:
21084 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCRELEASE\n");
21085 		if ((err = drv_priv(cred_p)) == 0) {
21086 			err = sd_mhdioc_release(dev);
21087 		}
21088 		break;
21089 
21090 	case MHIOCSTATUS:
21091 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCSTATUS\n");
21092 		if ((err = drv_priv(cred_p)) == 0) {
21093 			switch (sd_send_scsi_TEST_UNIT_READY(un, 0)) {
21094 			case 0:
21095 				err = 0;
21096 				break;
21097 			case EACCES:
21098 				*rval_p = 1;
21099 				err = 0;
21100 				break;
21101 			default:
21102 				err = EIO;
21103 				break;
21104 			}
21105 		}
21106 		break;
21107 
21108 	case MHIOCQRESERVE:
21109 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCQRESERVE\n");
21110 		if ((err = drv_priv(cred_p)) == 0) {
21111 			err = sd_reserve_release(dev, SD_RESERVE);
21112 		}
21113 		break;
21114 
21115 	case MHIOCREREGISTERDEVID:
21116 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCREREGISTERDEVID\n");
21117 		if (drv_priv(cred_p) == EPERM) {
21118 			err = EPERM;
21119 		} else if (ISREMOVABLE(un) || ISCD(un)) {
21120 			err = ENOTTY;
21121 		} else {
21122 			err = sd_mhdioc_register_devid(dev);
21123 		}
21124 		break;
21125 
21126 	case MHIOCGRP_INKEYS:
21127 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_INKEYS\n");
21128 		if (((err = drv_priv(cred_p)) != EPERM) && arg != NULL) {
21129 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21130 				err = ENOTSUP;
21131 			} else {
21132 				err = sd_mhdioc_inkeys(dev, (caddr_t)arg,
21133 				    flag);
21134 			}
21135 		}
21136 		break;
21137 
21138 	case MHIOCGRP_INRESV:
21139 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_INRESV\n");
21140 		if (((err = drv_priv(cred_p)) != EPERM) && arg != NULL) {
21141 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21142 				err = ENOTSUP;
21143 			} else {
21144 				err = sd_mhdioc_inresv(dev, (caddr_t)arg, flag);
21145 			}
21146 		}
21147 		break;
21148 
21149 	case MHIOCGRP_REGISTER:
21150 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_REGISTER\n");
21151 		if ((err = drv_priv(cred_p)) != EPERM) {
21152 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21153 				err = ENOTSUP;
21154 			} else if (arg != NULL) {
21155 				mhioc_register_t reg;
21156 				if (ddi_copyin((void *)arg, &reg,
21157 				    sizeof (mhioc_register_t), flag) != 0) {
21158 					err = EFAULT;
21159 				} else {
21160 					err =
21161 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21162 					    un, SD_SCSI3_REGISTER,
21163 					    (uchar_t *)&reg);
21164 				}
21165 			}
21166 		}
21167 		break;
21168 
21169 	case MHIOCGRP_RESERVE:
21170 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_RESERVE\n");
21171 		if ((err = drv_priv(cred_p)) != EPERM) {
21172 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21173 				err = ENOTSUP;
21174 			} else if (arg != NULL) {
21175 				mhioc_resv_desc_t resv_desc;
21176 				if (ddi_copyin((void *)arg, &resv_desc,
21177 				    sizeof (mhioc_resv_desc_t), flag) != 0) {
21178 					err = EFAULT;
21179 				} else {
21180 					err =
21181 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21182 					    un, SD_SCSI3_RESERVE,
21183 					    (uchar_t *)&resv_desc);
21184 				}
21185 			}
21186 		}
21187 		break;
21188 
21189 	case MHIOCGRP_PREEMPTANDABORT:
21190 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_PREEMPTANDABORT\n");
21191 		if ((err = drv_priv(cred_p)) != EPERM) {
21192 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21193 				err = ENOTSUP;
21194 			} else if (arg != NULL) {
21195 				mhioc_preemptandabort_t preempt_abort;
21196 				if (ddi_copyin((void *)arg, &preempt_abort,
21197 				    sizeof (mhioc_preemptandabort_t),
21198 				    flag) != 0) {
21199 					err = EFAULT;
21200 				} else {
21201 					err =
21202 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21203 					    un, SD_SCSI3_PREEMPTANDABORT,
21204 					    (uchar_t *)&preempt_abort);
21205 				}
21206 			}
21207 		}
21208 		break;
21209 
21210 	case MHIOCGRP_REGISTERANDIGNOREKEY:
21211 		SD_TRACE(SD_LOG_IOCTL, un, "MHIOCGRP_PREEMPTANDABORT\n");
21212 		if ((err = drv_priv(cred_p)) != EPERM) {
21213 			if (un->un_reservation_type == SD_SCSI2_RESERVATION) {
21214 				err = ENOTSUP;
21215 			} else if (arg != NULL) {
21216 				mhioc_registerandignorekey_t r_and_i;
21217 				if (ddi_copyin((void *)arg, (void *)&r_and_i,
21218 				    sizeof (mhioc_registerandignorekey_t),
21219 				    flag) != 0) {
21220 					err = EFAULT;
21221 				} else {
21222 					err =
21223 					    sd_send_scsi_PERSISTENT_RESERVE_OUT(
21224 					    un, SD_SCSI3_REGISTERANDIGNOREKEY,
21225 					    (uchar_t *)&r_and_i);
21226 				}
21227 			}
21228 		}
21229 		break;
21230 
21231 	case USCSICMD:
21232 		SD_TRACE(SD_LOG_IOCTL, un, "USCSICMD\n");
21233 		cr = ddi_get_cred();
21234 		if ((drv_priv(cred_p) != 0) && (drv_priv(cr) != 0)) {
21235 			err = EPERM;
21236 		} else {
21237 			err = sd_uscsi_ioctl(dev, (caddr_t)arg, flag);
21238 		}
21239 		break;
21240 
21241 	case CDROMPAUSE:
21242 	case CDROMRESUME:
21243 		SD_TRACE(SD_LOG_IOCTL, un, "PAUSE-RESUME\n");
21244 		if (!ISCD(un)) {
21245 			err = ENOTTY;
21246 		} else {
21247 			err = sr_pause_resume(dev, cmd);
21248 		}
21249 		break;
21250 
21251 	case CDROMPLAYMSF:
21252 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMPLAYMSF\n");
21253 		if (!ISCD(un)) {
21254 			err = ENOTTY;
21255 		} else {
21256 			err = sr_play_msf(dev, (caddr_t)arg, flag);
21257 		}
21258 		break;
21259 
21260 	case CDROMPLAYTRKIND:
21261 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMPLAYTRKIND\n");
21262 #if defined(__i386) || defined(__amd64)
21263 		/*
21264 		 * not supported on ATAPI CD drives, use CDROMPLAYMSF instead
21265 		 */
21266 		if (!ISCD(un) || (un->un_f_cfg_is_atapi == TRUE)) {
21267 #else
21268 		if (!ISCD(un)) {
21269 #endif
21270 			err = ENOTTY;
21271 		} else {
21272 			err = sr_play_trkind(dev, (caddr_t)arg, flag);
21273 		}
21274 		break;
21275 
21276 	case CDROMREADTOCHDR:
21277 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADTOCHDR\n");
21278 		if (!ISCD(un)) {
21279 			err = ENOTTY;
21280 		} else {
21281 			err = sr_read_tochdr(dev, (caddr_t)arg, flag);
21282 		}
21283 		break;
21284 
21285 	case CDROMREADTOCENTRY:
21286 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADTOCENTRY\n");
21287 		if (!ISCD(un)) {
21288 			err = ENOTTY;
21289 		} else {
21290 			err = sr_read_tocentry(dev, (caddr_t)arg, flag);
21291 		}
21292 		break;
21293 
21294 	case CDROMSTOP:
21295 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSTOP\n");
21296 		if (!ISCD(un)) {
21297 			err = ENOTTY;
21298 		} else {
21299 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_STOP,
21300 			    SD_PATH_STANDARD);
21301 		}
21302 		break;
21303 
21304 	case CDROMSTART:
21305 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSTART\n");
21306 		if (!ISCD(un)) {
21307 			err = ENOTTY;
21308 		} else {
21309 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_START,
21310 			    SD_PATH_STANDARD);
21311 		}
21312 		break;
21313 
21314 	case CDROMCLOSETRAY:
21315 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCLOSETRAY\n");
21316 		if (!ISCD(un)) {
21317 			err = ENOTTY;
21318 		} else {
21319 			err = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_CLOSE,
21320 			    SD_PATH_STANDARD);
21321 		}
21322 		break;
21323 
21324 	case FDEJECT:	/* for eject command */
21325 	case DKIOCEJECT:
21326 	case CDROMEJECT:
21327 		SD_TRACE(SD_LOG_IOCTL, un, "EJECT\n");
21328 		if (!ISREMOVABLE(un)) {
21329 			err = ENOTTY;
21330 		} else {
21331 			err = sr_eject(dev);
21332 		}
21333 		break;
21334 
21335 	case CDROMVOLCTRL:
21336 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMVOLCTRL\n");
21337 		if (!ISCD(un)) {
21338 			err = ENOTTY;
21339 		} else {
21340 			err = sr_volume_ctrl(dev, (caddr_t)arg, flag);
21341 		}
21342 		break;
21343 
21344 	case CDROMSUBCHNL:
21345 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSUBCHNL\n");
21346 		if (!ISCD(un)) {
21347 			err = ENOTTY;
21348 		} else {
21349 			err = sr_read_subchannel(dev, (caddr_t)arg, flag);
21350 		}
21351 		break;
21352 
21353 	case CDROMREADMODE2:
21354 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADMODE2\n");
21355 		if (!ISCD(un)) {
21356 			err = ENOTTY;
21357 		} else if (un->un_f_cfg_is_atapi == TRUE) {
21358 			/*
21359 			 * If the drive supports READ CD, use that instead of
21360 			 * switching the LBA size via a MODE SELECT
21361 			 * Block Descriptor
21362 			 */
21363 			err = sr_read_cd_mode2(dev, (caddr_t)arg, flag);
21364 		} else {
21365 			err = sr_read_mode2(dev, (caddr_t)arg, flag);
21366 		}
21367 		break;
21368 
21369 	case CDROMREADMODE1:
21370 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADMODE1\n");
21371 		if (!ISCD(un)) {
21372 			err = ENOTTY;
21373 		} else {
21374 			err = sr_read_mode1(dev, (caddr_t)arg, flag);
21375 		}
21376 		break;
21377 
21378 	case CDROMREADOFFSET:
21379 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMREADOFFSET\n");
21380 		if (!ISCD(un)) {
21381 			err = ENOTTY;
21382 		} else {
21383 			err = sr_read_sony_session_offset(dev, (caddr_t)arg,
21384 			    flag);
21385 		}
21386 		break;
21387 
21388 	case CDROMSBLKMODE:
21389 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSBLKMODE\n");
21390 		/*
21391 		 * There is no means of changing block size in case of atapi
21392 		 * drives, thus return ENOTTY if drive type is atapi
21393 		 */
21394 		if (!ISCD(un) || (un->un_f_cfg_is_atapi == TRUE)) {
21395 			err = ENOTTY;
21396 		} else if (un->un_f_mmc_cap == TRUE) {
21397 
21398 			/*
21399 			 * MMC Devices do not support changing the
21400 			 * logical block size
21401 			 *
21402 			 * Note: EINVAL is being returned instead of ENOTTY to
21403 			 * maintain consistancy with the original mmc
21404 			 * driver update.
21405 			 */
21406 			err = EINVAL;
21407 		} else {
21408 			mutex_enter(SD_MUTEX(un));
21409 			if ((!(un->un_exclopen & (1<<SDPART(dev)))) ||
21410 			    (un->un_ncmds_in_transport > 0)) {
21411 				mutex_exit(SD_MUTEX(un));
21412 				err = EINVAL;
21413 			} else {
21414 				mutex_exit(SD_MUTEX(un));
21415 				err = sr_change_blkmode(dev, cmd, arg, flag);
21416 			}
21417 		}
21418 		break;
21419 
21420 	case CDROMGBLKMODE:
21421 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMGBLKMODE\n");
21422 		if (!ISCD(un)) {
21423 			err = ENOTTY;
21424 		} else if ((un->un_f_cfg_is_atapi != FALSE) &&
21425 		    (un->un_f_blockcount_is_valid != FALSE)) {
21426 			/*
21427 			 * Drive is an ATAPI drive so return target block
21428 			 * size for ATAPI drives since we cannot change the
21429 			 * blocksize on ATAPI drives. Used primarily to detect
21430 			 * if an ATAPI cdrom is present.
21431 			 */
21432 			if (ddi_copyout(&un->un_tgt_blocksize, (void *)arg,
21433 			    sizeof (int), flag) != 0) {
21434 				err = EFAULT;
21435 			} else {
21436 				err = 0;
21437 			}
21438 
21439 		} else {
21440 			/*
21441 			 * Drive supports changing block sizes via a Mode
21442 			 * Select.
21443 			 */
21444 			err = sr_change_blkmode(dev, cmd, arg, flag);
21445 		}
21446 		break;
21447 
21448 	case CDROMGDRVSPEED:
21449 	case CDROMSDRVSPEED:
21450 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMXDRVSPEED\n");
21451 		if (!ISCD(un)) {
21452 			err = ENOTTY;
21453 		} else if (un->un_f_mmc_cap == TRUE) {
21454 			/*
21455 			 * Note: In the future the driver implementation
21456 			 * for getting and
21457 			 * setting cd speed should entail:
21458 			 * 1) If non-mmc try the Toshiba mode page
21459 			 *    (sr_change_speed)
21460 			 * 2) If mmc but no support for Real Time Streaming try
21461 			 *    the SET CD SPEED (0xBB) command
21462 			 *   (sr_atapi_change_speed)
21463 			 * 3) If mmc and support for Real Time Streaming
21464 			 *    try the GET PERFORMANCE and SET STREAMING
21465 			 *    commands (not yet implemented, 4380808)
21466 			 */
21467 			/*
21468 			 * As per recent MMC spec, CD-ROM speed is variable
21469 			 * and changes with LBA. Since there is no such
21470 			 * things as drive speed now, fail this ioctl.
21471 			 *
21472 			 * Note: EINVAL is returned for consistancy of original
21473 			 * implementation which included support for getting
21474 			 * the drive speed of mmc devices but not setting
21475 			 * the drive speed. Thus EINVAL would be returned
21476 			 * if a set request was made for an mmc device.
21477 			 * We no longer support get or set speed for
21478 			 * mmc but need to remain consistant with regard
21479 			 * to the error code returned.
21480 			 */
21481 			err = EINVAL;
21482 		} else if (un->un_f_cfg_is_atapi == TRUE) {
21483 			err = sr_atapi_change_speed(dev, cmd, arg, flag);
21484 		} else {
21485 			err = sr_change_speed(dev, cmd, arg, flag);
21486 		}
21487 		break;
21488 
21489 	case CDROMCDDA:
21490 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCDDA\n");
21491 		if (!ISCD(un)) {
21492 			err = ENOTTY;
21493 		} else {
21494 			err = sr_read_cdda(dev, (void *)arg, flag);
21495 		}
21496 		break;
21497 
21498 	case CDROMCDXA:
21499 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMCDXA\n");
21500 		if (!ISCD(un)) {
21501 			err = ENOTTY;
21502 		} else {
21503 			err = sr_read_cdxa(dev, (caddr_t)arg, flag);
21504 		}
21505 		break;
21506 
21507 	case CDROMSUBCODE:
21508 		SD_TRACE(SD_LOG_IOCTL, un, "CDROMSUBCODE\n");
21509 		if (!ISCD(un)) {
21510 			err = ENOTTY;
21511 		} else {
21512 			err = sr_read_all_subcodes(dev, (caddr_t)arg, flag);
21513 		}
21514 		break;
21515 
21516 	case DKIOCPARTINFO: {
21517 		/*
21518 		 * Return parameters describing the selected disk slice.
21519 		 * Note: this ioctl is for the intel platform only
21520 		 */
21521 #if defined(__i386) || defined(__amd64)
21522 		int part;
21523 
21524 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTINFO\n");
21525 		part = SDPART(dev);
21526 
21527 		/* don't check un_solaris_size for pN */
21528 		if (part < P0_RAW_DISK && un->un_solaris_size == 0) {
21529 			err = EIO;
21530 		} else {
21531 			struct part_info p;
21532 
21533 			p.p_start = (daddr_t)un->un_offset[part];
21534 			p.p_length = (int)un->un_map[part].dkl_nblk;
21535 #ifdef _MULTI_DATAMODEL
21536 			switch (ddi_model_convert_from(flag & FMODELS)) {
21537 			case DDI_MODEL_ILP32:
21538 			{
21539 				struct part_info32 p32;
21540 
21541 				p32.p_start = (daddr32_t)p.p_start;
21542 				p32.p_length = p.p_length;
21543 				if (ddi_copyout(&p32, (void *)arg,
21544 				    sizeof (p32), flag))
21545 					err = EFAULT;
21546 				break;
21547 			}
21548 
21549 			case DDI_MODEL_NONE:
21550 			{
21551 				if (ddi_copyout(&p, (void *)arg, sizeof (p),
21552 				    flag))
21553 					err = EFAULT;
21554 				break;
21555 			}
21556 			}
21557 #else /* ! _MULTI_DATAMODEL */
21558 			if (ddi_copyout(&p, (void *)arg, sizeof (p), flag))
21559 				err = EFAULT;
21560 #endif /* _MULTI_DATAMODEL */
21561 		}
21562 #else
21563 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCPARTINFO\n");
21564 		err = ENOTTY;
21565 #endif
21566 		break;
21567 	}
21568 
21569 	case DKIOCG_PHYGEOM: {
21570 		/* Return the driver's notion of the media physical geometry */
21571 #if defined(__i386) || defined(__amd64)
21572 		struct dk_geom	disk_geom;
21573 		struct dk_geom	*dkgp = &disk_geom;
21574 
21575 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_PHYGEOM\n");
21576 		mutex_enter(SD_MUTEX(un));
21577 
21578 		if (un->un_g.dkg_nhead != 0 &&
21579 		    un->un_g.dkg_nsect != 0) {
21580 			/*
21581 			 * We succeeded in getting a geometry, but
21582 			 * right now it is being reported as just the
21583 			 * Solaris fdisk partition, just like for
21584 			 * DKIOCGGEOM. We need to change that to be
21585 			 * correct for the entire disk now.
21586 			 */
21587 			bcopy(&un->un_g, dkgp, sizeof (*dkgp));
21588 			dkgp->dkg_acyl = 0;
21589 			dkgp->dkg_ncyl = un->un_blockcount /
21590 			    (dkgp->dkg_nhead * dkgp->dkg_nsect);
21591 		} else {
21592 			bzero(dkgp, sizeof (struct dk_geom));
21593 			/*
21594 			 * This disk does not have a Solaris VTOC
21595 			 * so we must present a physical geometry
21596 			 * that will remain consistent regardless
21597 			 * of how the disk is used. This will ensure
21598 			 * that the geometry does not change regardless
21599 			 * of the fdisk partition type (ie. EFI, FAT32,
21600 			 * Solaris, etc).
21601 			 */
21602 			if (ISCD(un)) {
21603 				dkgp->dkg_nhead = un->un_pgeom.g_nhead;
21604 				dkgp->dkg_nsect = un->un_pgeom.g_nsect;
21605 				dkgp->dkg_ncyl = un->un_pgeom.g_ncyl;
21606 				dkgp->dkg_acyl = un->un_pgeom.g_acyl;
21607 			} else {
21608 				/*
21609 				 * Invalid un_blockcount can generate invalid
21610 				 * dk_geom and may result in division by zero
21611 				 * system failure. Should make sure blockcount
21612 				 * is valid before using it here.
21613 				 */
21614 				if (un->un_f_blockcount_is_valid == FALSE) {
21615 					mutex_exit(SD_MUTEX(un));
21616 					err = EIO;
21617 
21618 					break;
21619 				}
21620 				sd_convert_geometry(un->un_blockcount, dkgp);
21621 				dkgp->dkg_acyl = 0;
21622 				dkgp->dkg_ncyl = un->un_blockcount /
21623 				    (dkgp->dkg_nhead * dkgp->dkg_nsect);
21624 			}
21625 		}
21626 		dkgp->dkg_pcyl = dkgp->dkg_ncyl + dkgp->dkg_acyl;
21627 
21628 		if (ddi_copyout(dkgp, (void *)arg,
21629 		    sizeof (struct dk_geom), flag)) {
21630 			mutex_exit(SD_MUTEX(un));
21631 			err = EFAULT;
21632 		} else {
21633 			mutex_exit(SD_MUTEX(un));
21634 			err = 0;
21635 		}
21636 #else
21637 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_PHYGEOM\n");
21638 		err = ENOTTY;
21639 #endif
21640 		break;
21641 	}
21642 
21643 	case DKIOCG_VIRTGEOM: {
21644 		/* Return the driver's notion of the media's logical geometry */
21645 #if defined(__i386) || defined(__amd64)
21646 		struct dk_geom	disk_geom;
21647 		struct dk_geom	*dkgp = &disk_geom;
21648 
21649 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_VIRTGEOM\n");
21650 		mutex_enter(SD_MUTEX(un));
21651 		/*
21652 		 * If there is no HBA geometry available, or
21653 		 * if the HBA returned us something that doesn't
21654 		 * really fit into an Int 13/function 8 geometry
21655 		 * result, just fail the ioctl.  See PSARC 1998/313.
21656 		 */
21657 		if (un->un_lgeom.g_nhead == 0 ||
21658 		    un->un_lgeom.g_nsect == 0 ||
21659 		    un->un_lgeom.g_ncyl > 1024) {
21660 			mutex_exit(SD_MUTEX(un));
21661 			err = EINVAL;
21662 		} else {
21663 			dkgp->dkg_ncyl	= un->un_lgeom.g_ncyl;
21664 			dkgp->dkg_acyl	= un->un_lgeom.g_acyl;
21665 			dkgp->dkg_pcyl	= dkgp->dkg_ncyl + dkgp->dkg_acyl;
21666 			dkgp->dkg_nhead	= un->un_lgeom.g_nhead;
21667 			dkgp->dkg_nsect	= un->un_lgeom.g_nsect;
21668 
21669 			if (ddi_copyout(dkgp, (void *)arg,
21670 			    sizeof (struct dk_geom), flag)) {
21671 				mutex_exit(SD_MUTEX(un));
21672 				err = EFAULT;
21673 			} else {
21674 				mutex_exit(SD_MUTEX(un));
21675 				err = 0;
21676 			}
21677 		}
21678 #else
21679 		SD_TRACE(SD_LOG_IOCTL, un, "DKIOCG_VIRTGEOM\n");
21680 		err = ENOTTY;
21681 #endif
21682 		break;
21683 	}
21684 #ifdef SDDEBUG
21685 /* RESET/ABORTS testing ioctls */
21686 	case DKIOCRESET: {
21687 		int	reset_level;
21688 
21689 		if (ddi_copyin((void *)arg, &reset_level, sizeof (int), flag)) {
21690 			err = EFAULT;
21691 		} else {
21692 			SD_INFO(SD_LOG_IOCTL, un, "sdioctl: DKIOCRESET: "
21693 			    "reset_level = 0x%lx\n", reset_level);
21694 			if (scsi_reset(SD_ADDRESS(un), reset_level)) {
21695 				err = 0;
21696 			} else {
21697 				err = EIO;
21698 			}
21699 		}
21700 		break;
21701 	}
21702 
21703 	case DKIOCABORT:
21704 		SD_INFO(SD_LOG_IOCTL, un, "sdioctl: DKIOCABORT:\n");
21705 		if (scsi_abort(SD_ADDRESS(un), NULL)) {
21706 			err = 0;
21707 		} else {
21708 			err = EIO;
21709 		}
21710 		break;
21711 #endif
21712 
21713 #ifdef SD_FAULT_INJECTION
21714 /* SDIOC FaultInjection testing ioctls */
21715 	case SDIOCSTART:
21716 	case SDIOCSTOP:
21717 	case SDIOCINSERTPKT:
21718 	case SDIOCINSERTXB:
21719 	case SDIOCINSERTUN:
21720 	case SDIOCINSERTARQ:
21721 	case SDIOCPUSH:
21722 	case SDIOCRETRIEVE:
21723 	case SDIOCRUN:
21724 		SD_INFO(SD_LOG_SDTEST, un, "sdioctl:"
21725 		    "SDIOC detected cmd:0x%X:\n", cmd);
21726 		/* call error generator */
21727 		sd_faultinjection_ioctl(cmd, arg, un);
21728 		err = 0;
21729 		break;
21730 
21731 #endif /* SD_FAULT_INJECTION */
21732 
21733 	case DKIOCFLUSHWRITECACHE:
21734 		{
21735 			struct dk_callback *dkc = (struct dk_callback *)arg;
21736 
21737 			mutex_enter(SD_MUTEX(un));
21738 			if (un->un_f_sync_cache_unsupported ||
21739 			    ! un->un_f_write_cache_enabled) {
21740 				err = un->un_f_sync_cache_unsupported ?
21741 					ENOTSUP : 0;
21742 				mutex_exit(SD_MUTEX(un));
21743 				if ((flag & FKIOCTL) && dkc != NULL &&
21744 				    dkc->dkc_callback != NULL) {
21745 					(*dkc->dkc_callback)(dkc->dkc_cookie,
21746 					    err);
21747 					/*
21748 					 * Did callback and reported error.
21749 					 * Since we did a callback, ioctl
21750 					 * should return 0.
21751 					 */
21752 					err = 0;
21753 				}
21754 				break;
21755 			}
21756 			mutex_exit(SD_MUTEX(un));
21757 
21758 			if ((flag & FKIOCTL) && dkc != NULL &&
21759 			    dkc->dkc_callback != NULL) {
21760 				/* async SYNC CACHE request */
21761 				err = sd_send_scsi_SYNCHRONIZE_CACHE(un, dkc);
21762 			} else {
21763 				/* synchronous SYNC CACHE request */
21764 				err = sd_send_scsi_SYNCHRONIZE_CACHE(un, NULL);
21765 			}
21766 		}
21767 		break;
21768 
21769 	default:
21770 		err = ENOTTY;
21771 		break;
21772 	}
21773 	mutex_enter(SD_MUTEX(un));
21774 	un->un_ncmds_in_driver--;
21775 	ASSERT(un->un_ncmds_in_driver >= 0);
21776 	mutex_exit(SD_MUTEX(un));
21777 
21778 	SD_TRACE(SD_LOG_IOCTL, un, "sdioctl: exit: %d\n", err);
21779 	return (err);
21780 }
21781 
21782 
21783 /*
21784  *    Function: sd_uscsi_ioctl
21785  *
21786  * Description: This routine is the driver entry point for handling USCSI ioctl
21787  *		requests (USCSICMD).
21788  *
21789  *   Arguments: dev	- the device number
21790  *		arg	- user provided scsi command
21791  *		flag	- this argument is a pass through to ddi_copyxxx()
21792  *			  directly from the mode argument of ioctl().
21793  *
21794  * Return Code: code returned by sd_send_scsi_cmd
21795  *		ENXIO
21796  *		EFAULT
21797  *		EAGAIN
21798  */
21799 
21800 static int
21801 sd_uscsi_ioctl(dev_t dev, caddr_t arg, int flag)
21802 {
21803 #ifdef _MULTI_DATAMODEL
21804 	/*
21805 	 * For use when a 32 bit app makes a call into a
21806 	 * 64 bit ioctl
21807 	 */
21808 	struct uscsi_cmd32	uscsi_cmd_32_for_64;
21809 	struct uscsi_cmd32	*ucmd32 = &uscsi_cmd_32_for_64;
21810 	model_t			model;
21811 #endif /* _MULTI_DATAMODEL */
21812 	struct uscsi_cmd	*scmd = NULL;
21813 	struct sd_lun		*un = NULL;
21814 	enum uio_seg		uioseg;
21815 	char			cdb[CDB_GROUP0];
21816 	int			rval = 0;
21817 
21818 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
21819 		return (ENXIO);
21820 	}
21821 
21822 	SD_TRACE(SD_LOG_IOCTL, un, "sd_uscsi_ioctl: entry: un:0x%p\n", un);
21823 
21824 	scmd = (struct uscsi_cmd *)
21825 	    kmem_zalloc(sizeof (struct uscsi_cmd), KM_SLEEP);
21826 
21827 #ifdef _MULTI_DATAMODEL
21828 	switch (model = ddi_model_convert_from(flag & FMODELS)) {
21829 	case DDI_MODEL_ILP32:
21830 	{
21831 		if (ddi_copyin((void *)arg, ucmd32, sizeof (*ucmd32), flag)) {
21832 			rval = EFAULT;
21833 			goto done;
21834 		}
21835 		/*
21836 		 * Convert the ILP32 uscsi data from the
21837 		 * application to LP64 for internal use.
21838 		 */
21839 		uscsi_cmd32touscsi_cmd(ucmd32, scmd);
21840 		break;
21841 	}
21842 	case DDI_MODEL_NONE:
21843 		if (ddi_copyin((void *)arg, scmd, sizeof (*scmd), flag)) {
21844 			rval = EFAULT;
21845 			goto done;
21846 		}
21847 		break;
21848 	}
21849 #else /* ! _MULTI_DATAMODEL */
21850 	if (ddi_copyin((void *)arg, scmd, sizeof (*scmd), flag)) {
21851 		rval = EFAULT;
21852 		goto done;
21853 	}
21854 #endif /* _MULTI_DATAMODEL */
21855 
21856 	scmd->uscsi_flags &= ~USCSI_NOINTR;
21857 	uioseg = (flag & FKIOCTL) ? UIO_SYSSPACE : UIO_USERSPACE;
21858 	if (un->un_f_format_in_progress == TRUE) {
21859 		rval = EAGAIN;
21860 		goto done;
21861 	}
21862 
21863 	/*
21864 	 * Gotta do the ddi_copyin() here on the uscsi_cdb so that
21865 	 * we will have a valid cdb[0] to test.
21866 	 */
21867 	if ((ddi_copyin(scmd->uscsi_cdb, cdb, CDB_GROUP0, flag) == 0) &&
21868 	    (cdb[0] == SCMD_FORMAT)) {
21869 		SD_TRACE(SD_LOG_IOCTL, un,
21870 		    "sd_uscsi_ioctl: scmd->uscsi_cdb 0x%x\n", cdb[0]);
21871 		mutex_enter(SD_MUTEX(un));
21872 		un->un_f_format_in_progress = TRUE;
21873 		mutex_exit(SD_MUTEX(un));
21874 		rval = sd_send_scsi_cmd(dev, scmd, uioseg, uioseg, uioseg,
21875 		    SD_PATH_STANDARD);
21876 		mutex_enter(SD_MUTEX(un));
21877 		un->un_f_format_in_progress = FALSE;
21878 		mutex_exit(SD_MUTEX(un));
21879 	} else {
21880 		SD_TRACE(SD_LOG_IOCTL, un,
21881 		    "sd_uscsi_ioctl: scmd->uscsi_cdb 0x%x\n", cdb[0]);
21882 		/*
21883 		 * It's OK to fall into here even if the ddi_copyin()
21884 		 * on the uscsi_cdb above fails, because sd_send_scsi_cmd()
21885 		 * does this same copyin and will return the EFAULT
21886 		 * if it fails.
21887 		 */
21888 		rval = sd_send_scsi_cmd(dev, scmd, uioseg, uioseg, uioseg,
21889 		    SD_PATH_STANDARD);
21890 	}
21891 #ifdef _MULTI_DATAMODEL
21892 	switch (model) {
21893 	case DDI_MODEL_ILP32:
21894 		/*
21895 		 * Convert back to ILP32 before copyout to the
21896 		 * application
21897 		 */
21898 		uscsi_cmdtouscsi_cmd32(scmd, ucmd32);
21899 		if (ddi_copyout(ucmd32, (void *)arg, sizeof (*ucmd32), flag)) {
21900 			if (rval != 0) {
21901 				rval = EFAULT;
21902 			}
21903 		}
21904 		break;
21905 	case DDI_MODEL_NONE:
21906 		if (ddi_copyout(scmd, (void *)arg, sizeof (*scmd), flag)) {
21907 			if (rval != 0) {
21908 				rval = EFAULT;
21909 			}
21910 		}
21911 		break;
21912 	}
21913 #else /* ! _MULTI_DATAMODE */
21914 	if (ddi_copyout(scmd, (void *)arg, sizeof (*scmd), flag)) {
21915 		if (rval != 0) {
21916 			rval = EFAULT;
21917 		}
21918 	}
21919 #endif /* _MULTI_DATAMODE */
21920 done:
21921 	kmem_free(scmd, sizeof (struct uscsi_cmd));
21922 
21923 	SD_TRACE(SD_LOG_IOCTL, un, "sd_uscsi_ioctl: exit: un:0x%p\n", un);
21924 
21925 	return (rval);
21926 }
21927 
21928 
21929 /*
21930  *    Function: sd_dkio_ctrl_info
21931  *
21932  * Description: This routine is the driver entry point for handling controller
21933  *		information ioctl requests (DKIOCINFO).
21934  *
21935  *   Arguments: dev  - the device number
21936  *		arg  - pointer to user provided dk_cinfo structure
21937  *		       specifying the controller type and attributes.
21938  *		flag - this argument is a pass through to ddi_copyxxx()
21939  *		       directly from the mode argument of ioctl().
21940  *
21941  * Return Code: 0
21942  *		EFAULT
21943  *		ENXIO
21944  */
21945 
21946 static int
21947 sd_dkio_ctrl_info(dev_t dev, caddr_t arg, int flag)
21948 {
21949 	struct sd_lun	*un = NULL;
21950 	struct dk_cinfo	*info;
21951 	dev_info_t	*pdip;
21952 	int		lun, tgt;
21953 
21954 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
21955 		return (ENXIO);
21956 	}
21957 
21958 	info = (struct dk_cinfo *)
21959 		kmem_zalloc(sizeof (struct dk_cinfo), KM_SLEEP);
21960 
21961 	switch (un->un_ctype) {
21962 	case CTYPE_CDROM:
21963 		info->dki_ctype = DKC_CDROM;
21964 		break;
21965 	default:
21966 		info->dki_ctype = DKC_SCSI_CCS;
21967 		break;
21968 	}
21969 	pdip = ddi_get_parent(SD_DEVINFO(un));
21970 	info->dki_cnum = ddi_get_instance(pdip);
21971 	if (strlen(ddi_get_name(pdip)) < DK_DEVLEN) {
21972 		(void) strcpy(info->dki_cname, ddi_get_name(pdip));
21973 	} else {
21974 		(void) strncpy(info->dki_cname, ddi_node_name(pdip),
21975 		    DK_DEVLEN - 1);
21976 	}
21977 
21978 	lun = ddi_prop_get_int(DDI_DEV_T_ANY, SD_DEVINFO(un),
21979 	    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_LUN, 0);
21980 	tgt = ddi_prop_get_int(DDI_DEV_T_ANY, SD_DEVINFO(un),
21981 	    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_TARGET, 0);
21982 
21983 	/* Unit Information */
21984 	info->dki_unit = ddi_get_instance(SD_DEVINFO(un));
21985 	info->dki_slave = ((tgt << 3) | lun);
21986 	(void) strncpy(info->dki_dname, ddi_driver_name(SD_DEVINFO(un)),
21987 	    DK_DEVLEN - 1);
21988 	info->dki_flags = DKI_FMTVOL;
21989 	info->dki_partition = SDPART(dev);
21990 
21991 	/* Max Transfer size of this device in blocks */
21992 	info->dki_maxtransfer = un->un_max_xfer_size / un->un_sys_blocksize;
21993 	info->dki_addr = 0;
21994 	info->dki_space = 0;
21995 	info->dki_prio = 0;
21996 	info->dki_vec = 0;
21997 
21998 	if (ddi_copyout(info, arg, sizeof (struct dk_cinfo), flag) != 0) {
21999 		kmem_free(info, sizeof (struct dk_cinfo));
22000 		return (EFAULT);
22001 	} else {
22002 		kmem_free(info, sizeof (struct dk_cinfo));
22003 		return (0);
22004 	}
22005 }
22006 
22007 
22008 /*
22009  *    Function: sd_get_media_info
22010  *
22011  * Description: This routine is the driver entry point for handling ioctl
22012  *		requests for the media type or command set profile used by the
22013  *		drive to operate on the media (DKIOCGMEDIAINFO).
22014  *
22015  *   Arguments: dev	- the device number
22016  *		arg	- pointer to user provided dk_minfo structure
22017  *			  specifying the media type, logical block size and
22018  *			  drive capacity.
22019  *		flag	- this argument is a pass through to ddi_copyxxx()
22020  *			  directly from the mode argument of ioctl().
22021  *
22022  * Return Code: 0
22023  *		EACCESS
22024  *		EFAULT
22025  *		ENXIO
22026  *		EIO
22027  */
22028 
22029 static int
22030 sd_get_media_info(dev_t dev, caddr_t arg, int flag)
22031 {
22032 	struct sd_lun		*un = NULL;
22033 	struct uscsi_cmd	com;
22034 	struct scsi_inquiry	*sinq;
22035 	struct dk_minfo		media_info;
22036 	u_longlong_t		media_capacity;
22037 	uint64_t		capacity;
22038 	uint_t			lbasize;
22039 	uchar_t			*out_data;
22040 	uchar_t			*rqbuf;
22041 	int			rval = 0;
22042 	int			rtn;
22043 
22044 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
22045 	    (un->un_state == SD_STATE_OFFLINE)) {
22046 		return (ENXIO);
22047 	}
22048 
22049 	SD_TRACE(SD_LOG_IOCTL_DKIO, un, "sd_get_media_info: entry\n");
22050 
22051 	out_data = kmem_zalloc(SD_PROFILE_HEADER_LEN, KM_SLEEP);
22052 	rqbuf = kmem_zalloc(SENSE_LENGTH, KM_SLEEP);
22053 
22054 	/* Issue a TUR to determine if the drive is ready with media present */
22055 	rval = sd_send_scsi_TEST_UNIT_READY(un, SD_CHECK_FOR_MEDIA);
22056 	if (rval == ENXIO) {
22057 		goto done;
22058 	}
22059 
22060 	/* Now get configuration data */
22061 	if (ISCD(un)) {
22062 		media_info.dki_media_type = DK_CDROM;
22063 
22064 		/* Allow SCMD_GET_CONFIGURATION to MMC devices only */
22065 		if (un->un_f_mmc_cap == TRUE) {
22066 			rtn = sd_send_scsi_GET_CONFIGURATION(un, &com, rqbuf,
22067 				SENSE_LENGTH, out_data, SD_PROFILE_HEADER_LEN);
22068 
22069 			if (rtn) {
22070 				/*
22071 				 * Failed for other than an illegal request
22072 				 * or command not supported
22073 				 */
22074 				if ((com.uscsi_status == STATUS_CHECK) &&
22075 				    (com.uscsi_rqstatus == STATUS_GOOD)) {
22076 					if ((rqbuf[2] != KEY_ILLEGAL_REQUEST) ||
22077 					    (rqbuf[12] != 0x20)) {
22078 						rval = EIO;
22079 						goto done;
22080 					}
22081 				}
22082 			} else {
22083 				/*
22084 				 * The GET CONFIGURATION command succeeded
22085 				 * so set the media type according to the
22086 				 * returned data
22087 				 */
22088 				media_info.dki_media_type = out_data[6];
22089 				media_info.dki_media_type <<= 8;
22090 				media_info.dki_media_type |= out_data[7];
22091 			}
22092 		}
22093 	} else {
22094 		/*
22095 		 * The profile list is not available, so we attempt to identify
22096 		 * the media type based on the inquiry data
22097 		 */
22098 		sinq = un->un_sd->sd_inq;
22099 		if (sinq->inq_qual == 0) {
22100 			/* This is a direct access device */
22101 			media_info.dki_media_type = DK_FIXED_DISK;
22102 
22103 			if ((bcmp(sinq->inq_vid, "IOMEGA", 6) == 0) ||
22104 			    (bcmp(sinq->inq_vid, "iomega", 6) == 0)) {
22105 				if ((bcmp(sinq->inq_pid, "ZIP", 3) == 0)) {
22106 					media_info.dki_media_type = DK_ZIP;
22107 				} else if (
22108 				    (bcmp(sinq->inq_pid, "jaz", 3) == 0)) {
22109 					media_info.dki_media_type = DK_JAZ;
22110 				}
22111 			}
22112 		} else {
22113 			/* Not a CD or direct access so return unknown media */
22114 			media_info.dki_media_type = DK_UNKNOWN;
22115 		}
22116 	}
22117 
22118 	/* Now read the capacity so we can provide the lbasize and capacity */
22119 	switch (sd_send_scsi_READ_CAPACITY(un, &capacity, &lbasize,
22120 	    SD_PATH_DIRECT)) {
22121 	case 0:
22122 		break;
22123 	case EACCES:
22124 		rval = EACCES;
22125 		goto done;
22126 	default:
22127 		rval = EIO;
22128 		goto done;
22129 	}
22130 
22131 	media_info.dki_lbsize = lbasize;
22132 	media_capacity = capacity;
22133 
22134 	/*
22135 	 * sd_send_scsi_READ_CAPACITY() reports capacity in
22136 	 * un->un_sys_blocksize chunks. So we need to convert it into
22137 	 * cap.lbasize chunks.
22138 	 */
22139 	media_capacity *= un->un_sys_blocksize;
22140 	media_capacity /= lbasize;
22141 	media_info.dki_capacity = media_capacity;
22142 
22143 	if (ddi_copyout(&media_info, arg, sizeof (struct dk_minfo), flag)) {
22144 		rval = EFAULT;
22145 		/* Put goto. Anybody might add some code below in future */
22146 		goto done;
22147 	}
22148 done:
22149 	kmem_free(out_data, SD_PROFILE_HEADER_LEN);
22150 	kmem_free(rqbuf, SENSE_LENGTH);
22151 	return (rval);
22152 }
22153 
22154 
22155 /*
22156  *    Function: sd_dkio_get_geometry
22157  *
22158  * Description: This routine is the driver entry point for handling user
22159  *		requests to get the device geometry (DKIOCGGEOM).
22160  *
22161  *   Arguments: dev  - the device number
22162  *		arg  - pointer to user provided dk_geom structure specifying
22163  *			the controller's notion of the current geometry.
22164  *		flag - this argument is a pass through to ddi_copyxxx()
22165  *		       directly from the mode argument of ioctl().
22166  *		geom_validated - flag indicating if the device geometry has been
22167  *				 previously validated in the sdioctl routine.
22168  *
22169  * Return Code: 0
22170  *		EFAULT
22171  *		ENXIO
22172  *		EIO
22173  */
22174 
22175 static int
22176 sd_dkio_get_geometry(dev_t dev, caddr_t arg, int flag, int geom_validated)
22177 {
22178 	struct sd_lun	*un = NULL;
22179 	struct dk_geom	*tmp_geom = NULL;
22180 	int		rval = 0;
22181 
22182 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22183 		return (ENXIO);
22184 	}
22185 
22186 #if defined(__i386) || defined(__amd64)
22187 	if (un->un_solaris_size == 0) {
22188 		return (EIO);
22189 	}
22190 #endif
22191 	if (geom_validated == FALSE) {
22192 		/*
22193 		 * sd_validate_geometry does not spin a disk up
22194 		 * if it was spun down. We need to make sure it
22195 		 * is ready.
22196 		 */
22197 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22198 			return (rval);
22199 		}
22200 		mutex_enter(SD_MUTEX(un));
22201 		rval = sd_validate_geometry(un, SD_PATH_DIRECT);
22202 		mutex_exit(SD_MUTEX(un));
22203 	}
22204 	if (rval)
22205 		return (rval);
22206 
22207 	/*
22208 	 * Make a local copy of the soft state geometry to avoid some potential
22209 	 * race conditions associated with holding the mutex and updating the
22210 	 * write_reinstruct value
22211 	 */
22212 	tmp_geom = kmem_zalloc(sizeof (struct dk_geom), KM_SLEEP);
22213 	mutex_enter(SD_MUTEX(un));
22214 	bcopy(&un->un_g, tmp_geom, sizeof (struct dk_geom));
22215 	mutex_exit(SD_MUTEX(un));
22216 
22217 	if (tmp_geom->dkg_write_reinstruct == 0) {
22218 		tmp_geom->dkg_write_reinstruct =
22219 		    (int)((int)(tmp_geom->dkg_nsect * tmp_geom->dkg_rpm *
22220 		    sd_rot_delay) / (int)60000);
22221 	}
22222 
22223 	rval = ddi_copyout(tmp_geom, (void *)arg, sizeof (struct dk_geom),
22224 	    flag);
22225 	if (rval != 0) {
22226 		rval = EFAULT;
22227 	}
22228 
22229 	kmem_free(tmp_geom, sizeof (struct dk_geom));
22230 	return (rval);
22231 
22232 }
22233 
22234 
22235 /*
22236  *    Function: sd_dkio_set_geometry
22237  *
22238  * Description: This routine is the driver entry point for handling user
22239  *		requests to set the device geometry (DKIOCSGEOM). The actual
22240  *		device geometry is not updated, just the driver "notion" of it.
22241  *
22242  *   Arguments: dev  - the device number
22243  *		arg  - pointer to user provided dk_geom structure used to set
22244  *			the controller's notion of the current geometry.
22245  *		flag - this argument is a pass through to ddi_copyxxx()
22246  *		       directly from the mode argument of ioctl().
22247  *
22248  * Return Code: 0
22249  *		EFAULT
22250  *		ENXIO
22251  *		EIO
22252  */
22253 
22254 static int
22255 sd_dkio_set_geometry(dev_t dev, caddr_t arg, int flag)
22256 {
22257 	struct sd_lun	*un = NULL;
22258 	struct dk_geom	*tmp_geom;
22259 	struct dk_map	*lp;
22260 	int		rval = 0;
22261 	int		i;
22262 
22263 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22264 		return (ENXIO);
22265 	}
22266 
22267 #if defined(__i386) || defined(__amd64)
22268 	if (un->un_solaris_size == 0) {
22269 		return (EIO);
22270 	}
22271 #endif
22272 	/*
22273 	 * We need to copy the user specified geometry into local
22274 	 * storage and then update the softstate. We don't want to hold
22275 	 * the mutex and copyin directly from the user to the soft state
22276 	 */
22277 	tmp_geom = (struct dk_geom *)
22278 	    kmem_zalloc(sizeof (struct dk_geom), KM_SLEEP);
22279 	rval = ddi_copyin(arg, tmp_geom, sizeof (struct dk_geom), flag);
22280 	if (rval != 0) {
22281 		kmem_free(tmp_geom, sizeof (struct dk_geom));
22282 		return (EFAULT);
22283 	}
22284 
22285 	mutex_enter(SD_MUTEX(un));
22286 	bcopy(tmp_geom, &un->un_g, sizeof (struct dk_geom));
22287 	for (i = 0; i < NDKMAP; i++) {
22288 		lp  = &un->un_map[i];
22289 		un->un_offset[i] =
22290 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
22291 #if defined(__i386) || defined(__amd64)
22292 		un->un_offset[i] += un->un_solaris_offset;
22293 #endif
22294 	}
22295 	un->un_f_geometry_is_valid = FALSE;
22296 	mutex_exit(SD_MUTEX(un));
22297 	kmem_free(tmp_geom, sizeof (struct dk_geom));
22298 
22299 	return (rval);
22300 }
22301 
22302 
22303 /*
22304  *    Function: sd_dkio_get_partition
22305  *
22306  * Description: This routine is the driver entry point for handling user
22307  *		requests to get the partition table (DKIOCGAPART).
22308  *
22309  *   Arguments: dev  - the device number
22310  *		arg  - pointer to user provided dk_allmap structure specifying
22311  *			the controller's notion of the current partition table.
22312  *		flag - this argument is a pass through to ddi_copyxxx()
22313  *		       directly from the mode argument of ioctl().
22314  *		geom_validated - flag indicating if the device geometry has been
22315  *				 previously validated in the sdioctl routine.
22316  *
22317  * Return Code: 0
22318  *		EFAULT
22319  *		ENXIO
22320  *		EIO
22321  */
22322 
22323 static int
22324 sd_dkio_get_partition(dev_t dev, caddr_t arg, int flag, int geom_validated)
22325 {
22326 	struct sd_lun	*un = NULL;
22327 	int		rval = 0;
22328 	int		size;
22329 
22330 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22331 		return (ENXIO);
22332 	}
22333 
22334 #if defined(__i386) || defined(__amd64)
22335 	if (un->un_solaris_size == 0) {
22336 		return (EIO);
22337 	}
22338 #endif
22339 	/*
22340 	 * Make sure the geometry is valid before getting the partition
22341 	 * information.
22342 	 */
22343 	mutex_enter(SD_MUTEX(un));
22344 	if (geom_validated == FALSE) {
22345 		/*
22346 		 * sd_validate_geometry does not spin a disk up
22347 		 * if it was spun down. We need to make sure it
22348 		 * is ready before validating the geometry.
22349 		 */
22350 		mutex_exit(SD_MUTEX(un));
22351 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22352 			return (rval);
22353 		}
22354 		mutex_enter(SD_MUTEX(un));
22355 
22356 		if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT)) != 0) {
22357 			mutex_exit(SD_MUTEX(un));
22358 			return (rval);
22359 		}
22360 	}
22361 	mutex_exit(SD_MUTEX(un));
22362 
22363 #ifdef _MULTI_DATAMODEL
22364 	switch (ddi_model_convert_from(flag & FMODELS)) {
22365 	case DDI_MODEL_ILP32: {
22366 		struct dk_map32 dk_map32[NDKMAP];
22367 		int		i;
22368 
22369 		for (i = 0; i < NDKMAP; i++) {
22370 			dk_map32[i].dkl_cylno = un->un_map[i].dkl_cylno;
22371 			dk_map32[i].dkl_nblk  = un->un_map[i].dkl_nblk;
22372 		}
22373 		size = NDKMAP * sizeof (struct dk_map32);
22374 		rval = ddi_copyout(dk_map32, (void *)arg, size, flag);
22375 		if (rval != 0) {
22376 			rval = EFAULT;
22377 		}
22378 		break;
22379 	}
22380 	case DDI_MODEL_NONE:
22381 		size = NDKMAP * sizeof (struct dk_map);
22382 		rval = ddi_copyout(un->un_map, (void *)arg, size, flag);
22383 		if (rval != 0) {
22384 			rval = EFAULT;
22385 		}
22386 		break;
22387 	}
22388 #else /* ! _MULTI_DATAMODEL */
22389 	size = NDKMAP * sizeof (struct dk_map);
22390 	rval = ddi_copyout(un->un_map, (void *)arg, size, flag);
22391 	if (rval != 0) {
22392 		rval = EFAULT;
22393 	}
22394 #endif /* _MULTI_DATAMODEL */
22395 	return (rval);
22396 }
22397 
22398 
22399 /*
22400  *    Function: sd_dkio_set_partition
22401  *
22402  * Description: This routine is the driver entry point for handling user
22403  *		requests to set the partition table (DKIOCSAPART). The actual
22404  *		device partition is not updated.
22405  *
22406  *   Arguments: dev  - the device number
22407  *		arg  - pointer to user provided dk_allmap structure used to set
22408  *			the controller's notion of the partition table.
22409  *		flag - this argument is a pass through to ddi_copyxxx()
22410  *		       directly from the mode argument of ioctl().
22411  *
22412  * Return Code: 0
22413  *		EINVAL
22414  *		EFAULT
22415  *		ENXIO
22416  *		EIO
22417  */
22418 
22419 static int
22420 sd_dkio_set_partition(dev_t dev, caddr_t arg, int flag)
22421 {
22422 	struct sd_lun	*un = NULL;
22423 	struct dk_map	dk_map[NDKMAP];
22424 	struct dk_map	*lp;
22425 	int		rval = 0;
22426 	int		size;
22427 	int		i;
22428 #if defined(_SUNOS_VTOC_16)
22429 	struct dkl_partition	*vp;
22430 #endif
22431 
22432 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22433 		return (ENXIO);
22434 	}
22435 
22436 	/*
22437 	 * Set the map for all logical partitions.  We lock
22438 	 * the priority just to make sure an interrupt doesn't
22439 	 * come in while the map is half updated.
22440 	 */
22441 	_NOTE(DATA_READABLE_WITHOUT_LOCK(sd_lun::un_solaris_size))
22442 	mutex_enter(SD_MUTEX(un));
22443 	if (un->un_blockcount > DK_MAX_BLOCKS) {
22444 		mutex_exit(SD_MUTEX(un));
22445 		return (ENOTSUP);
22446 	}
22447 	mutex_exit(SD_MUTEX(un));
22448 	if (un->un_solaris_size == 0) {
22449 		return (EIO);
22450 	}
22451 
22452 #ifdef _MULTI_DATAMODEL
22453 	switch (ddi_model_convert_from(flag & FMODELS)) {
22454 	case DDI_MODEL_ILP32: {
22455 		struct dk_map32 dk_map32[NDKMAP];
22456 
22457 		size = NDKMAP * sizeof (struct dk_map32);
22458 		rval = ddi_copyin((void *)arg, dk_map32, size, flag);
22459 		if (rval != 0) {
22460 			return (EFAULT);
22461 		}
22462 		for (i = 0; i < NDKMAP; i++) {
22463 			dk_map[i].dkl_cylno = dk_map32[i].dkl_cylno;
22464 			dk_map[i].dkl_nblk  = dk_map32[i].dkl_nblk;
22465 		}
22466 		break;
22467 	}
22468 	case DDI_MODEL_NONE:
22469 		size = NDKMAP * sizeof (struct dk_map);
22470 		rval = ddi_copyin((void *)arg, dk_map, size, flag);
22471 		if (rval != 0) {
22472 			return (EFAULT);
22473 		}
22474 		break;
22475 	}
22476 #else /* ! _MULTI_DATAMODEL */
22477 	size = NDKMAP * sizeof (struct dk_map);
22478 	rval = ddi_copyin((void *)arg, dk_map, size, flag);
22479 	if (rval != 0) {
22480 		return (EFAULT);
22481 	}
22482 #endif /* _MULTI_DATAMODEL */
22483 
22484 	mutex_enter(SD_MUTEX(un));
22485 	/* Note: The size used in this bcopy is set based upon the data model */
22486 	bcopy(dk_map, un->un_map, size);
22487 #if defined(_SUNOS_VTOC_16)
22488 	vp = (struct dkl_partition *)&(un->un_vtoc);
22489 #endif	/* defined(_SUNOS_VTOC_16) */
22490 	for (i = 0; i < NDKMAP; i++) {
22491 		lp  = &un->un_map[i];
22492 		un->un_offset[i] =
22493 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
22494 #if defined(_SUNOS_VTOC_16)
22495 		vp->p_start = un->un_offset[i];
22496 		vp->p_size = lp->dkl_nblk;
22497 		vp++;
22498 #endif	/* defined(_SUNOS_VTOC_16) */
22499 #if defined(__i386) || defined(__amd64)
22500 		un->un_offset[i] += un->un_solaris_offset;
22501 #endif
22502 	}
22503 	mutex_exit(SD_MUTEX(un));
22504 	return (rval);
22505 }
22506 
22507 
22508 /*
22509  *    Function: sd_dkio_get_vtoc
22510  *
22511  * Description: This routine is the driver entry point for handling user
22512  *		requests to get the current volume table of contents
22513  *		(DKIOCGVTOC).
22514  *
22515  *   Arguments: dev  - the device number
22516  *		arg  - pointer to user provided vtoc structure specifying
22517  *			the current vtoc.
22518  *		flag - this argument is a pass through to ddi_copyxxx()
22519  *		       directly from the mode argument of ioctl().
22520  *		geom_validated - flag indicating if the device geometry has been
22521  *				 previously validated in the sdioctl routine.
22522  *
22523  * Return Code: 0
22524  *		EFAULT
22525  *		ENXIO
22526  *		EIO
22527  */
22528 
22529 static int
22530 sd_dkio_get_vtoc(dev_t dev, caddr_t arg, int flag, int geom_validated)
22531 {
22532 	struct sd_lun	*un = NULL;
22533 #if defined(_SUNOS_VTOC_8)
22534 	struct vtoc	user_vtoc;
22535 #endif	/* defined(_SUNOS_VTOC_8) */
22536 	int		rval = 0;
22537 
22538 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22539 		return (ENXIO);
22540 	}
22541 
22542 	mutex_enter(SD_MUTEX(un));
22543 	if (geom_validated == FALSE) {
22544 		/*
22545 		 * sd_validate_geometry does not spin a disk up
22546 		 * if it was spun down. We need to make sure it
22547 		 * is ready.
22548 		 */
22549 		mutex_exit(SD_MUTEX(un));
22550 		if ((rval = sd_send_scsi_TEST_UNIT_READY(un, 0)) != 0) {
22551 			return (rval);
22552 		}
22553 		mutex_enter(SD_MUTEX(un));
22554 		if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT)) != 0) {
22555 			mutex_exit(SD_MUTEX(un));
22556 			return (rval);
22557 		}
22558 	}
22559 
22560 #if defined(_SUNOS_VTOC_8)
22561 	sd_build_user_vtoc(un, &user_vtoc);
22562 	mutex_exit(SD_MUTEX(un));
22563 
22564 #ifdef _MULTI_DATAMODEL
22565 	switch (ddi_model_convert_from(flag & FMODELS)) {
22566 	case DDI_MODEL_ILP32: {
22567 		struct vtoc32 user_vtoc32;
22568 
22569 		vtoctovtoc32(user_vtoc, user_vtoc32);
22570 		if (ddi_copyout(&user_vtoc32, (void *)arg,
22571 		    sizeof (struct vtoc32), flag)) {
22572 			return (EFAULT);
22573 		}
22574 		break;
22575 	}
22576 
22577 	case DDI_MODEL_NONE:
22578 		if (ddi_copyout(&user_vtoc, (void *)arg,
22579 		    sizeof (struct vtoc), flag)) {
22580 			return (EFAULT);
22581 		}
22582 		break;
22583 	}
22584 #else /* ! _MULTI_DATAMODEL */
22585 	if (ddi_copyout(&user_vtoc, (void *)arg, sizeof (struct vtoc), flag)) {
22586 		return (EFAULT);
22587 	}
22588 #endif /* _MULTI_DATAMODEL */
22589 
22590 #elif defined(_SUNOS_VTOC_16)
22591 	mutex_exit(SD_MUTEX(un));
22592 
22593 #ifdef _MULTI_DATAMODEL
22594 	/*
22595 	 * The un_vtoc structure is a "struct dk_vtoc"  which is always
22596 	 * 32-bit to maintain compatibility with existing on-disk
22597 	 * structures.  Thus, we need to convert the structure when copying
22598 	 * it out to a datamodel-dependent "struct vtoc" in a 64-bit
22599 	 * program.  If the target is a 32-bit program, then no conversion
22600 	 * is necessary.
22601 	 */
22602 	/* LINTED: logical expression always true: op "||" */
22603 	ASSERT(sizeof (un->un_vtoc) == sizeof (struct vtoc32));
22604 	switch (ddi_model_convert_from(flag & FMODELS)) {
22605 	case DDI_MODEL_ILP32:
22606 		if (ddi_copyout(&(un->un_vtoc), (void *)arg,
22607 		    sizeof (un->un_vtoc), flag)) {
22608 			return (EFAULT);
22609 		}
22610 		break;
22611 
22612 	case DDI_MODEL_NONE: {
22613 		struct vtoc user_vtoc;
22614 
22615 		vtoc32tovtoc(un->un_vtoc, user_vtoc);
22616 		if (ddi_copyout(&user_vtoc, (void *)arg,
22617 		    sizeof (struct vtoc), flag)) {
22618 			return (EFAULT);
22619 		}
22620 		break;
22621 	}
22622 	}
22623 #else /* ! _MULTI_DATAMODEL */
22624 	if (ddi_copyout(&(un->un_vtoc), (void *)arg, sizeof (un->un_vtoc),
22625 	    flag)) {
22626 		return (EFAULT);
22627 	}
22628 #endif /* _MULTI_DATAMODEL */
22629 #else
22630 #error "No VTOC format defined."
22631 #endif
22632 
22633 	return (rval);
22634 }
22635 
22636 static int
22637 sd_dkio_get_efi(dev_t dev, caddr_t arg, int flag)
22638 {
22639 	struct sd_lun	*un = NULL;
22640 	dk_efi_t	user_efi;
22641 	int		rval = 0;
22642 	void		*buffer;
22643 
22644 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL)
22645 		return (ENXIO);
22646 
22647 	if (ddi_copyin(arg, &user_efi, sizeof (dk_efi_t), flag))
22648 		return (EFAULT);
22649 
22650 	user_efi.dki_data = (void *)(uintptr_t)user_efi.dki_data_64;
22651 
22652 	if ((user_efi.dki_length % un->un_tgt_blocksize) ||
22653 	    (user_efi.dki_length > un->un_max_xfer_size))
22654 		return (EINVAL);
22655 
22656 	buffer = kmem_alloc(user_efi.dki_length, KM_SLEEP);
22657 	rval = sd_send_scsi_READ(un, buffer, user_efi.dki_length,
22658 	    user_efi.dki_lba, SD_PATH_DIRECT);
22659 	if (rval == 0 && ddi_copyout(buffer, user_efi.dki_data,
22660 	    user_efi.dki_length, flag) != 0)
22661 		rval = EFAULT;
22662 
22663 	kmem_free(buffer, user_efi.dki_length);
22664 	return (rval);
22665 }
22666 
22667 /*
22668  *    Function: sd_build_user_vtoc
22669  *
22670  * Description: This routine populates a pass by reference variable with the
22671  *		current volume table of contents.
22672  *
22673  *   Arguments: un - driver soft state (unit) structure
22674  *		user_vtoc - pointer to vtoc structure to be populated
22675  */
22676 
22677 static void
22678 sd_build_user_vtoc(struct sd_lun *un, struct vtoc *user_vtoc)
22679 {
22680 	struct dk_map2		*lpart;
22681 	struct dk_map		*lmap;
22682 	struct partition	*vpart;
22683 	int			nblks;
22684 	int			i;
22685 
22686 	ASSERT(mutex_owned(SD_MUTEX(un)));
22687 
22688 	/*
22689 	 * Return vtoc structure fields in the provided VTOC area, addressed
22690 	 * by *vtoc.
22691 	 */
22692 	bzero(user_vtoc, sizeof (struct vtoc));
22693 	user_vtoc->v_bootinfo[0] = un->un_vtoc.v_bootinfo[0];
22694 	user_vtoc->v_bootinfo[1] = un->un_vtoc.v_bootinfo[1];
22695 	user_vtoc->v_bootinfo[2] = un->un_vtoc.v_bootinfo[2];
22696 	user_vtoc->v_sanity	= VTOC_SANE;
22697 	user_vtoc->v_version	= un->un_vtoc.v_version;
22698 	bcopy(un->un_vtoc.v_volume, user_vtoc->v_volume, LEN_DKL_VVOL);
22699 	user_vtoc->v_sectorsz = un->un_sys_blocksize;
22700 	user_vtoc->v_nparts = un->un_vtoc.v_nparts;
22701 	bcopy(un->un_vtoc.v_reserved, user_vtoc->v_reserved,
22702 	    sizeof (un->un_vtoc.v_reserved));
22703 	/*
22704 	 * Convert partitioning information.
22705 	 *
22706 	 * Note the conversion from starting cylinder number
22707 	 * to starting sector number.
22708 	 */
22709 	lmap = un->un_map;
22710 	lpart = (struct dk_map2 *)un->un_vtoc.v_part;
22711 	vpart = user_vtoc->v_part;
22712 
22713 	nblks = un->un_g.dkg_nsect * un->un_g.dkg_nhead;
22714 
22715 	for (i = 0; i < V_NUMPAR; i++) {
22716 		vpart->p_tag	= lpart->p_tag;
22717 		vpart->p_flag	= lpart->p_flag;
22718 		vpart->p_start	= lmap->dkl_cylno * nblks;
22719 		vpart->p_size	= lmap->dkl_nblk;
22720 		lmap++;
22721 		lpart++;
22722 		vpart++;
22723 
22724 		/* (4364927) */
22725 		user_vtoc->timestamp[i] = (time_t)un->un_vtoc.v_timestamp[i];
22726 	}
22727 
22728 	bcopy(un->un_asciilabel, user_vtoc->v_asciilabel, LEN_DKL_ASCII);
22729 }
22730 
22731 static int
22732 sd_dkio_partition(dev_t dev, caddr_t arg, int flag)
22733 {
22734 	struct sd_lun		*un = NULL;
22735 	struct partition64	p64;
22736 	int			rval = 0;
22737 	uint_t			nparts;
22738 	efi_gpe_t		*partitions;
22739 	efi_gpt_t		*buffer;
22740 	diskaddr_t		gpe_lba;
22741 
22742 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22743 		return (ENXIO);
22744 	}
22745 
22746 	if (ddi_copyin((const void *)arg, &p64,
22747 	    sizeof (struct partition64), flag)) {
22748 		return (EFAULT);
22749 	}
22750 
22751 	buffer = kmem_alloc(EFI_MIN_ARRAY_SIZE, KM_SLEEP);
22752 	rval = sd_send_scsi_READ(un, buffer, DEV_BSIZE,
22753 		1, SD_PATH_DIRECT);
22754 	if (rval != 0)
22755 		goto done_error;
22756 
22757 	sd_swap_efi_gpt(buffer);
22758 
22759 	if ((rval = sd_validate_efi(buffer)) != 0)
22760 		goto done_error;
22761 
22762 	nparts = buffer->efi_gpt_NumberOfPartitionEntries;
22763 	gpe_lba = buffer->efi_gpt_PartitionEntryLBA;
22764 	if (p64.p_partno > nparts) {
22765 		/* couldn't find it */
22766 		rval = ESRCH;
22767 		goto done_error;
22768 	}
22769 	/*
22770 	 * if we're dealing with a partition that's out of the normal
22771 	 * 16K block, adjust accordingly
22772 	 */
22773 	gpe_lba += p64.p_partno / sizeof (efi_gpe_t);
22774 	rval = sd_send_scsi_READ(un, buffer, EFI_MIN_ARRAY_SIZE,
22775 			gpe_lba, SD_PATH_DIRECT);
22776 	if (rval) {
22777 		goto done_error;
22778 	}
22779 	partitions = (efi_gpe_t *)buffer;
22780 
22781 	sd_swap_efi_gpe(nparts, partitions);
22782 
22783 	partitions += p64.p_partno;
22784 	bcopy(&partitions->efi_gpe_PartitionTypeGUID, &p64.p_type,
22785 	    sizeof (struct uuid));
22786 	p64.p_start = partitions->efi_gpe_StartingLBA;
22787 	p64.p_size = partitions->efi_gpe_EndingLBA -
22788 			p64.p_start + 1;
22789 
22790 	if (ddi_copyout(&p64, (void *)arg, sizeof (struct partition64), flag))
22791 		rval = EFAULT;
22792 
22793 done_error:
22794 	kmem_free(buffer, EFI_MIN_ARRAY_SIZE);
22795 	return (rval);
22796 }
22797 
22798 
22799 /*
22800  *    Function: sd_dkio_set_vtoc
22801  *
22802  * Description: This routine is the driver entry point for handling user
22803  *		requests to set the current volume table of contents
22804  *		(DKIOCSVTOC).
22805  *
22806  *   Arguments: dev  - the device number
22807  *		arg  - pointer to user provided vtoc structure used to set the
22808  *			current vtoc.
22809  *		flag - this argument is a pass through to ddi_copyxxx()
22810  *		       directly from the mode argument of ioctl().
22811  *
22812  * Return Code: 0
22813  *		EFAULT
22814  *		ENXIO
22815  *		EINVAL
22816  *		ENOTSUP
22817  */
22818 
22819 static int
22820 sd_dkio_set_vtoc(dev_t dev, caddr_t arg, int flag)
22821 {
22822 	struct sd_lun	*un = NULL;
22823 	struct vtoc	user_vtoc;
22824 	int		rval = 0;
22825 
22826 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
22827 		return (ENXIO);
22828 	}
22829 
22830 #if defined(__i386) || defined(__amd64)
22831 	if (un->un_tgt_blocksize != un->un_sys_blocksize) {
22832 		return (EINVAL);
22833 	}
22834 #endif
22835 
22836 #ifdef _MULTI_DATAMODEL
22837 	switch (ddi_model_convert_from(flag & FMODELS)) {
22838 	case DDI_MODEL_ILP32: {
22839 		struct vtoc32 user_vtoc32;
22840 
22841 		if (ddi_copyin((const void *)arg, &user_vtoc32,
22842 		    sizeof (struct vtoc32), flag)) {
22843 			return (EFAULT);
22844 		}
22845 		vtoc32tovtoc(user_vtoc32, user_vtoc);
22846 		break;
22847 	}
22848 
22849 	case DDI_MODEL_NONE:
22850 		if (ddi_copyin((const void *)arg, &user_vtoc,
22851 		    sizeof (struct vtoc), flag)) {
22852 			return (EFAULT);
22853 		}
22854 		break;
22855 	}
22856 #else /* ! _MULTI_DATAMODEL */
22857 	if (ddi_copyin((const void *)arg, &user_vtoc,
22858 	    sizeof (struct vtoc), flag)) {
22859 		return (EFAULT);
22860 	}
22861 #endif /* _MULTI_DATAMODEL */
22862 
22863 	mutex_enter(SD_MUTEX(un));
22864 	if (un->un_blockcount > DK_MAX_BLOCKS) {
22865 		mutex_exit(SD_MUTEX(un));
22866 		return (ENOTSUP);
22867 	}
22868 	if (un->un_g.dkg_ncyl == 0) {
22869 		mutex_exit(SD_MUTEX(un));
22870 		return (EINVAL);
22871 	}
22872 
22873 	mutex_exit(SD_MUTEX(un));
22874 	sd_clear_efi(un);
22875 	ddi_remove_minor_node(SD_DEVINFO(un), "wd");
22876 	ddi_remove_minor_node(SD_DEVINFO(un), "wd,raw");
22877 	(void) ddi_create_minor_node(SD_DEVINFO(un), "h",
22878 	    S_IFBLK, (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
22879 	    un->un_node_type, NULL);
22880 	(void) ddi_create_minor_node(SD_DEVINFO(un), "h,raw",
22881 	    S_IFCHR, (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
22882 	    un->un_node_type, NULL);
22883 	mutex_enter(SD_MUTEX(un));
22884 
22885 	if ((rval = sd_build_label_vtoc(un, &user_vtoc)) == 0) {
22886 		if ((rval = sd_write_label(dev)) == 0) {
22887 			if ((rval = sd_validate_geometry(un, SD_PATH_DIRECT))
22888 			    != 0) {
22889 				SD_ERROR(SD_LOG_IOCTL_DKIO, un,
22890 				    "sd_dkio_set_vtoc: "
22891 				    "Failed validate geometry\n");
22892 			}
22893 		}
22894 	}
22895 
22896 	/*
22897 	 * If sd_build_label_vtoc, or sd_write_label failed above write the
22898 	 * devid anyway, what can it hurt? Also preserve the device id by
22899 	 * writing to the disk acyl for the case where a devid has been
22900 	 * fabricated.
22901 	 */
22902 	if (!ISREMOVABLE(un) && !ISCD(un) &&
22903 	    (un->un_f_opt_fab_devid == TRUE)) {
22904 		if (un->un_devid == NULL) {
22905 			sd_register_devid(un, SD_DEVINFO(un),
22906 			    SD_TARGET_IS_UNRESERVED);
22907 		} else {
22908 			/*
22909 			 * The device id for this disk has been
22910 			 * fabricated. Fabricated device id's are
22911 			 * managed by storing them in the last 2
22912 			 * available sectors on the drive. The device
22913 			 * id must be preserved by writing it back out
22914 			 * to this location.
22915 			 */
22916 			if (sd_write_deviceid(un) != 0) {
22917 				ddi_devid_free(un->un_devid);
22918 				un->un_devid = NULL;
22919 			}
22920 		}
22921 	}
22922 	mutex_exit(SD_MUTEX(un));
22923 	return (rval);
22924 }
22925 
22926 
22927 /*
22928  *    Function: sd_build_label_vtoc
22929  *
22930  * Description: This routine updates the driver soft state current volume table
22931  *		of contents based on a user specified vtoc.
22932  *
22933  *   Arguments: un - driver soft state (unit) structure
22934  *		user_vtoc - pointer to vtoc structure specifying vtoc to be used
22935  *			    to update the driver soft state.
22936  *
22937  * Return Code: 0
22938  *		EINVAL
22939  */
22940 
22941 static int
22942 sd_build_label_vtoc(struct sd_lun *un, struct vtoc *user_vtoc)
22943 {
22944 	struct dk_map		*lmap;
22945 	struct partition	*vpart;
22946 	int			nblks;
22947 #if defined(_SUNOS_VTOC_8)
22948 	int			ncyl;
22949 	struct dk_map2		*lpart;
22950 #endif	/* defined(_SUNOS_VTOC_8) */
22951 	int			i;
22952 
22953 	ASSERT(mutex_owned(SD_MUTEX(un)));
22954 
22955 	/* Sanity-check the vtoc */
22956 	if (user_vtoc->v_sanity != VTOC_SANE ||
22957 	    user_vtoc->v_sectorsz != un->un_sys_blocksize ||
22958 	    user_vtoc->v_nparts != V_NUMPAR) {
22959 		return (EINVAL);
22960 	}
22961 
22962 	nblks = un->un_g.dkg_nsect * un->un_g.dkg_nhead;
22963 	if (nblks == 0) {
22964 		return (EINVAL);
22965 	}
22966 
22967 #if defined(_SUNOS_VTOC_8)
22968 	vpart = user_vtoc->v_part;
22969 	for (i = 0; i < V_NUMPAR; i++) {
22970 		if ((vpart->p_start % nblks) != 0) {
22971 			return (EINVAL);
22972 		}
22973 		ncyl = vpart->p_start / nblks;
22974 		ncyl += vpart->p_size / nblks;
22975 		if ((vpart->p_size % nblks) != 0) {
22976 			ncyl++;
22977 		}
22978 		if (ncyl > (int)un->un_g.dkg_ncyl) {
22979 			return (EINVAL);
22980 		}
22981 		vpart++;
22982 	}
22983 #endif	/* defined(_SUNOS_VTOC_8) */
22984 
22985 	/* Put appropriate vtoc structure fields into the disk label */
22986 #if defined(_SUNOS_VTOC_16)
22987 	/*
22988 	 * The vtoc is always a 32bit data structure to maintain the
22989 	 * on-disk format. Convert "in place" instead of bcopying it.
22990 	 */
22991 	vtoctovtoc32((*user_vtoc), (*((struct vtoc32 *)&(un->un_vtoc))));
22992 
22993 	/*
22994 	 * in the 16-slice vtoc, starting sectors are expressed in
22995 	 * numbers *relative* to the start of the Solaris fdisk partition.
22996 	 */
22997 	lmap = un->un_map;
22998 	vpart = user_vtoc->v_part;
22999 
23000 	for (i = 0; i < (int)user_vtoc->v_nparts; i++, lmap++, vpart++) {
23001 		lmap->dkl_cylno = vpart->p_start / nblks;
23002 		lmap->dkl_nblk = vpart->p_size;
23003 	}
23004 
23005 #elif defined(_SUNOS_VTOC_8)
23006 
23007 	un->un_vtoc.v_bootinfo[0] = (uint32_t)user_vtoc->v_bootinfo[0];
23008 	un->un_vtoc.v_bootinfo[1] = (uint32_t)user_vtoc->v_bootinfo[1];
23009 	un->un_vtoc.v_bootinfo[2] = (uint32_t)user_vtoc->v_bootinfo[2];
23010 
23011 	un->un_vtoc.v_sanity = (uint32_t)user_vtoc->v_sanity;
23012 	un->un_vtoc.v_version = (uint32_t)user_vtoc->v_version;
23013 
23014 	bcopy(user_vtoc->v_volume, un->un_vtoc.v_volume, LEN_DKL_VVOL);
23015 
23016 	un->un_vtoc.v_nparts = user_vtoc->v_nparts;
23017 
23018 	bcopy(user_vtoc->v_reserved, un->un_vtoc.v_reserved,
23019 	    sizeof (un->un_vtoc.v_reserved));
23020 
23021 	/*
23022 	 * Note the conversion from starting sector number
23023 	 * to starting cylinder number.
23024 	 * Return error if division results in a remainder.
23025 	 */
23026 	lmap = un->un_map;
23027 	lpart = un->un_vtoc.v_part;
23028 	vpart = user_vtoc->v_part;
23029 
23030 	for (i = 0; i < (int)user_vtoc->v_nparts; i++) {
23031 		lpart->p_tag  = vpart->p_tag;
23032 		lpart->p_flag = vpart->p_flag;
23033 		lmap->dkl_cylno = vpart->p_start / nblks;
23034 		lmap->dkl_nblk = vpart->p_size;
23035 
23036 		lmap++;
23037 		lpart++;
23038 		vpart++;
23039 
23040 		/* (4387723) */
23041 #ifdef _LP64
23042 		if (user_vtoc->timestamp[i] > TIME32_MAX) {
23043 			un->un_vtoc.v_timestamp[i] = TIME32_MAX;
23044 		} else {
23045 			un->un_vtoc.v_timestamp[i] = user_vtoc->timestamp[i];
23046 		}
23047 #else
23048 		un->un_vtoc.v_timestamp[i] = user_vtoc->timestamp[i];
23049 #endif
23050 	}
23051 
23052 	bcopy(user_vtoc->v_asciilabel, un->un_asciilabel, LEN_DKL_ASCII);
23053 #else
23054 #error "No VTOC format defined."
23055 #endif
23056 	return (0);
23057 }
23058 
23059 /*
23060  *    Function: sd_clear_efi
23061  *
23062  * Description: This routine clears all EFI labels.
23063  *
23064  *   Arguments: un - driver soft state (unit) structure
23065  *
23066  * Return Code: void
23067  */
23068 
23069 static void
23070 sd_clear_efi(struct sd_lun *un)
23071 {
23072 	efi_gpt_t	*gpt;
23073 	uint_t		lbasize;
23074 	uint64_t	cap;
23075 	int rval;
23076 
23077 	ASSERT(!mutex_owned(SD_MUTEX(un)));
23078 
23079 	gpt = kmem_alloc(sizeof (efi_gpt_t), KM_SLEEP);
23080 
23081 	if (sd_send_scsi_READ(un, gpt, DEV_BSIZE, 1, SD_PATH_DIRECT) != 0) {
23082 		goto done;
23083 	}
23084 
23085 	sd_swap_efi_gpt(gpt);
23086 	rval = sd_validate_efi(gpt);
23087 	if (rval == 0) {
23088 		/* clear primary */
23089 		bzero(gpt, sizeof (efi_gpt_t));
23090 		if ((rval = sd_send_scsi_WRITE(un, gpt, EFI_LABEL_SIZE, 1,
23091 			SD_PATH_DIRECT))) {
23092 			SD_INFO(SD_LOG_IO_PARTITION, un,
23093 				"sd_clear_efi: clear primary label failed\n");
23094 		}
23095 	}
23096 	/* the backup */
23097 	rval = sd_send_scsi_READ_CAPACITY(un, &cap, &lbasize,
23098 	    SD_PATH_DIRECT);
23099 	if (rval) {
23100 		goto done;
23101 	}
23102 	if ((rval = sd_send_scsi_READ(un, gpt, lbasize,
23103 	    cap - 1, SD_PATH_DIRECT)) != 0) {
23104 		goto done;
23105 	}
23106 	sd_swap_efi_gpt(gpt);
23107 	rval = sd_validate_efi(gpt);
23108 	if (rval == 0) {
23109 		/* clear backup */
23110 		SD_TRACE(SD_LOG_IOCTL, un, "sd_clear_efi clear backup@%lu\n",
23111 			cap-1);
23112 		bzero(gpt, sizeof (efi_gpt_t));
23113 		if ((rval = sd_send_scsi_WRITE(un, gpt, EFI_LABEL_SIZE,
23114 		    cap-1, SD_PATH_DIRECT))) {
23115 			SD_INFO(SD_LOG_IO_PARTITION, un,
23116 				"sd_clear_efi: clear backup label failed\n");
23117 		}
23118 	}
23119 
23120 done:
23121 	kmem_free(gpt, sizeof (efi_gpt_t));
23122 }
23123 
23124 /*
23125  *    Function: sd_set_vtoc
23126  *
23127  * Description: This routine writes data to the appropriate positions
23128  *
23129  *   Arguments: un - driver soft state (unit) structure
23130  *              dkl  - the data to be written
23131  *
23132  * Return: void
23133  */
23134 
23135 static int
23136 sd_set_vtoc(struct sd_lun *un, struct dk_label *dkl)
23137 {
23138 	void			*shadow_buf;
23139 	uint_t			label_addr;
23140 	int			sec;
23141 	int			blk;
23142 	int			head;
23143 	int			cyl;
23144 	int			rval;
23145 
23146 #if defined(__i386) || defined(__amd64)
23147 	label_addr = un->un_solaris_offset + DK_LABEL_LOC;
23148 #else
23149 	/* Write the primary label at block 0 of the solaris partition. */
23150 	label_addr = 0;
23151 #endif
23152 
23153 	if (NOT_DEVBSIZE(un)) {
23154 		shadow_buf = kmem_zalloc(un->un_tgt_blocksize, KM_SLEEP);
23155 		/*
23156 		 * Read the target's first block.
23157 		 */
23158 		if ((rval = sd_send_scsi_READ(un, shadow_buf,
23159 		    un->un_tgt_blocksize, label_addr,
23160 		    SD_PATH_STANDARD)) != 0) {
23161 			goto exit;
23162 		}
23163 		/*
23164 		 * Copy the contents of the label into the shadow buffer
23165 		 * which is of the size of target block size.
23166 		 */
23167 		bcopy(dkl, shadow_buf, sizeof (struct dk_label));
23168 	}
23169 
23170 	/* Write the primary label */
23171 	if (NOT_DEVBSIZE(un)) {
23172 		rval = sd_send_scsi_WRITE(un, shadow_buf, un->un_tgt_blocksize,
23173 		    label_addr, SD_PATH_STANDARD);
23174 	} else {
23175 		rval = sd_send_scsi_WRITE(un, dkl, un->un_sys_blocksize,
23176 		    label_addr, SD_PATH_STANDARD);
23177 	}
23178 	if (rval != 0) {
23179 		return (rval);
23180 	}
23181 
23182 	/*
23183 	 * Calculate where the backup labels go.  They are always on
23184 	 * the last alternate cylinder, but some older drives put them
23185 	 * on head 2 instead of the last head.	They are always on the
23186 	 * first 5 odd sectors of the appropriate track.
23187 	 *
23188 	 * We have no choice at this point, but to believe that the
23189 	 * disk label is valid.	 Use the geometry of the disk
23190 	 * as described in the label.
23191 	 */
23192 	cyl  = dkl->dkl_ncyl  + dkl->dkl_acyl - 1;
23193 	head = dkl->dkl_nhead - 1;
23194 
23195 	/*
23196 	 * Write and verify the backup labels. Make sure we don't try to
23197 	 * write past the last cylinder.
23198 	 */
23199 	for (sec = 1; ((sec < 5 * 2 + 1) && (sec < dkl->dkl_nsect)); sec += 2) {
23200 		blk = (daddr_t)(
23201 		    (cyl * ((dkl->dkl_nhead * dkl->dkl_nsect) - dkl->dkl_apc)) +
23202 		    (head * dkl->dkl_nsect) + sec);
23203 #if defined(__i386) || defined(__amd64)
23204 		blk += un->un_solaris_offset;
23205 #endif
23206 		if (NOT_DEVBSIZE(un)) {
23207 			uint64_t	tblk;
23208 			/*
23209 			 * Need to read the block first for read modify write.
23210 			 */
23211 			tblk = (uint64_t)blk;
23212 			blk = (int)((tblk * un->un_sys_blocksize) /
23213 			    un->un_tgt_blocksize);
23214 			if ((rval = sd_send_scsi_READ(un, shadow_buf,
23215 			    un->un_tgt_blocksize, blk,
23216 			    SD_PATH_STANDARD)) != 0) {
23217 				goto exit;
23218 			}
23219 			/*
23220 			 * Modify the shadow buffer with the label.
23221 			 */
23222 			bcopy(dkl, shadow_buf, sizeof (struct dk_label));
23223 			rval = sd_send_scsi_WRITE(un, shadow_buf,
23224 			    un->un_tgt_blocksize, blk, SD_PATH_STANDARD);
23225 		} else {
23226 			rval = sd_send_scsi_WRITE(un, dkl, un->un_sys_blocksize,
23227 			    blk, SD_PATH_STANDARD);
23228 			SD_INFO(SD_LOG_IO_PARTITION, un,
23229 			"sd_set_vtoc: wrote backup label %d\n", blk);
23230 		}
23231 		if (rval != 0) {
23232 			goto exit;
23233 		}
23234 	}
23235 exit:
23236 	if (NOT_DEVBSIZE(un)) {
23237 		kmem_free(shadow_buf, un->un_tgt_blocksize);
23238 	}
23239 	return (rval);
23240 }
23241 
23242 /*
23243  *    Function: sd_clear_vtoc
23244  *
23245  * Description: This routine clears out the VTOC labels.
23246  *
23247  *   Arguments: un - driver soft state (unit) structure
23248  *
23249  * Return: void
23250  */
23251 
23252 static void
23253 sd_clear_vtoc(struct sd_lun *un)
23254 {
23255 	struct dk_label		*dkl;
23256 
23257 	mutex_exit(SD_MUTEX(un));
23258 	dkl = kmem_zalloc(sizeof (struct dk_label), KM_SLEEP);
23259 	mutex_enter(SD_MUTEX(un));
23260 	/*
23261 	 * sd_set_vtoc uses these fields in order to figure out
23262 	 * where to overwrite the backup labels
23263 	 */
23264 	dkl->dkl_apc    = un->un_g.dkg_apc;
23265 	dkl->dkl_ncyl   = un->un_g.dkg_ncyl;
23266 	dkl->dkl_acyl   = un->un_g.dkg_acyl;
23267 	dkl->dkl_nhead  = un->un_g.dkg_nhead;
23268 	dkl->dkl_nsect  = un->un_g.dkg_nsect;
23269 	mutex_exit(SD_MUTEX(un));
23270 	(void) sd_set_vtoc(un, dkl);
23271 	kmem_free(dkl, sizeof (struct dk_label));
23272 
23273 	mutex_enter(SD_MUTEX(un));
23274 }
23275 
23276 /*
23277  *    Function: sd_write_label
23278  *
23279  * Description: This routine will validate and write the driver soft state vtoc
23280  *		contents to the device.
23281  *
23282  *   Arguments: dev - the device number
23283  *
23284  * Return Code: the code returned by sd_send_scsi_cmd()
23285  *		0
23286  *		EINVAL
23287  *		ENXIO
23288  *		ENOMEM
23289  */
23290 
23291 static int
23292 sd_write_label(dev_t dev)
23293 {
23294 	struct sd_lun		*un;
23295 	struct dk_label		*dkl;
23296 	short			sum;
23297 	short			*sp;
23298 	int			i;
23299 	int			rval;
23300 
23301 	if (((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) ||
23302 	    (un->un_state == SD_STATE_OFFLINE)) {
23303 		return (ENXIO);
23304 	}
23305 	ASSERT(mutex_owned(SD_MUTEX(un)));
23306 	mutex_exit(SD_MUTEX(un));
23307 	dkl = kmem_zalloc(sizeof (struct dk_label), KM_SLEEP);
23308 	mutex_enter(SD_MUTEX(un));
23309 
23310 	bcopy(&un->un_vtoc, &dkl->dkl_vtoc, sizeof (struct dk_vtoc));
23311 	dkl->dkl_rpm	= un->un_g.dkg_rpm;
23312 	dkl->dkl_pcyl	= un->un_g.dkg_pcyl;
23313 	dkl->dkl_apc	= un->un_g.dkg_apc;
23314 	dkl->dkl_intrlv = un->un_g.dkg_intrlv;
23315 	dkl->dkl_ncyl	= un->un_g.dkg_ncyl;
23316 	dkl->dkl_acyl	= un->un_g.dkg_acyl;
23317 	dkl->dkl_nhead	= un->un_g.dkg_nhead;
23318 	dkl->dkl_nsect	= un->un_g.dkg_nsect;
23319 
23320 #if defined(_SUNOS_VTOC_8)
23321 	dkl->dkl_obs1	= un->un_g.dkg_obs1;
23322 	dkl->dkl_obs2	= un->un_g.dkg_obs2;
23323 	dkl->dkl_obs3	= un->un_g.dkg_obs3;
23324 	for (i = 0; i < NDKMAP; i++) {
23325 		dkl->dkl_map[i].dkl_cylno = un->un_map[i].dkl_cylno;
23326 		dkl->dkl_map[i].dkl_nblk  = un->un_map[i].dkl_nblk;
23327 	}
23328 	bcopy(un->un_asciilabel, dkl->dkl_asciilabel, LEN_DKL_ASCII);
23329 #elif defined(_SUNOS_VTOC_16)
23330 	dkl->dkl_skew	= un->un_dkg_skew;
23331 #else
23332 #error "No VTOC format defined."
23333 #endif
23334 
23335 	dkl->dkl_magic			= DKL_MAGIC;
23336 	dkl->dkl_write_reinstruct	= un->un_g.dkg_write_reinstruct;
23337 	dkl->dkl_read_reinstruct	= un->un_g.dkg_read_reinstruct;
23338 
23339 	/* Construct checksum for the new disk label */
23340 	sum = 0;
23341 	sp = (short *)dkl;
23342 	i = sizeof (struct dk_label) / sizeof (short);
23343 	while (i--) {
23344 		sum ^= *sp++;
23345 	}
23346 	dkl->dkl_cksum = sum;
23347 
23348 	mutex_exit(SD_MUTEX(un));
23349 
23350 	rval = sd_set_vtoc(un, dkl);
23351 exit:
23352 	kmem_free(dkl, sizeof (struct dk_label));
23353 	mutex_enter(SD_MUTEX(un));
23354 	return (rval);
23355 }
23356 
23357 static int
23358 sd_dkio_set_efi(dev_t dev, caddr_t arg, int flag)
23359 {
23360 	struct sd_lun	*un = NULL;
23361 	dk_efi_t	user_efi;
23362 	int		rval = 0;
23363 	void		*buffer;
23364 
23365 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL)
23366 		return (ENXIO);
23367 
23368 	if (ddi_copyin(arg, &user_efi, sizeof (dk_efi_t), flag))
23369 		return (EFAULT);
23370 
23371 	user_efi.dki_data = (void *)(uintptr_t)user_efi.dki_data_64;
23372 
23373 	if ((user_efi.dki_length % un->un_tgt_blocksize) ||
23374 	    (user_efi.dki_length > un->un_max_xfer_size))
23375 		return (EINVAL);
23376 
23377 	buffer = kmem_alloc(user_efi.dki_length, KM_SLEEP);
23378 	if (ddi_copyin(user_efi.dki_data, buffer, user_efi.dki_length, flag)) {
23379 		rval = EFAULT;
23380 	} else {
23381 		/*
23382 		 * let's clear the vtoc labels and clear the softstate
23383 		 * vtoc.
23384 		 */
23385 		mutex_enter(SD_MUTEX(un));
23386 		if (un->un_vtoc.v_sanity == VTOC_SANE) {
23387 			SD_TRACE(SD_LOG_IO_PARTITION, un,
23388 				"sd_dkio_set_efi: CLEAR VTOC\n");
23389 			sd_clear_vtoc(un);
23390 			bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
23391 			mutex_exit(SD_MUTEX(un));
23392 			ddi_remove_minor_node(SD_DEVINFO(un), "h");
23393 			ddi_remove_minor_node(SD_DEVINFO(un), "h,raw");
23394 			(void) ddi_create_minor_node(SD_DEVINFO(un), "wd",
23395 			    S_IFBLK,
23396 			    (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
23397 			    un->un_node_type, NULL);
23398 			(void) ddi_create_minor_node(SD_DEVINFO(un), "wd,raw",
23399 			    S_IFCHR,
23400 			    (SDUNIT(dev) << SDUNIT_SHIFT) | WD_NODE,
23401 			    un->un_node_type, NULL);
23402 		} else
23403 			mutex_exit(SD_MUTEX(un));
23404 		rval = sd_send_scsi_WRITE(un, buffer, user_efi.dki_length,
23405 		    user_efi.dki_lba, SD_PATH_DIRECT);
23406 		if (rval == 0) {
23407 			mutex_enter(SD_MUTEX(un));
23408 			un->un_f_geometry_is_valid = FALSE;
23409 			mutex_exit(SD_MUTEX(un));
23410 		}
23411 	}
23412 	kmem_free(buffer, user_efi.dki_length);
23413 	return (rval);
23414 }
23415 
23416 /*
23417  *    Function: sd_dkio_get_mboot
23418  *
23419  * Description: This routine is the driver entry point for handling user
23420  *		requests to get the current device mboot (DKIOCGMBOOT)
23421  *
23422  *   Arguments: dev  - the device number
23423  *		arg  - pointer to user provided mboot structure specifying
23424  *			the current mboot.
23425  *		flag - this argument is a pass through to ddi_copyxxx()
23426  *		       directly from the mode argument of ioctl().
23427  *
23428  * Return Code: 0
23429  *		EINVAL
23430  *		EFAULT
23431  *		ENXIO
23432  */
23433 
23434 static int
23435 sd_dkio_get_mboot(dev_t dev, caddr_t arg, int flag)
23436 {
23437 	struct sd_lun	*un;
23438 	struct mboot	*mboot;
23439 	int		rval;
23440 	size_t		buffer_size;
23441 
23442 	if (((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) ||
23443 	    (un->un_state == SD_STATE_OFFLINE)) {
23444 		return (ENXIO);
23445 	}
23446 
23447 #if defined(_SUNOS_VTOC_8)
23448 	if ((!ISREMOVABLE(un)) || (arg == NULL)) {
23449 #elif defined(_SUNOS_VTOC_16)
23450 	if (arg == NULL) {
23451 #endif
23452 		return (EINVAL);
23453 	}
23454 
23455 	/*
23456 	 * Read the mboot block, located at absolute block 0 on the target.
23457 	 */
23458 	buffer_size = SD_REQBYTES2TGTBYTES(un, sizeof (struct mboot));
23459 
23460 	SD_TRACE(SD_LOG_IO_PARTITION, un,
23461 	    "sd_dkio_get_mboot: allocation size: 0x%x\n", buffer_size);
23462 
23463 	mboot = kmem_zalloc(buffer_size, KM_SLEEP);
23464 	if ((rval = sd_send_scsi_READ(un, mboot, buffer_size, 0,
23465 	    SD_PATH_STANDARD)) == 0) {
23466 		if (ddi_copyout(mboot, (void *)arg,
23467 		    sizeof (struct mboot), flag) != 0) {
23468 			rval = EFAULT;
23469 		}
23470 	}
23471 	kmem_free(mboot, buffer_size);
23472 	return (rval);
23473 }
23474 
23475 
23476 /*
23477  *    Function: sd_dkio_set_mboot
23478  *
23479  * Description: This routine is the driver entry point for handling user
23480  *		requests to validate and set the device master boot
23481  *		(DKIOCSMBOOT).
23482  *
23483  *   Arguments: dev  - the device number
23484  *		arg  - pointer to user provided mboot structure used to set the
23485  *			master boot.
23486  *		flag - this argument is a pass through to ddi_copyxxx()
23487  *		       directly from the mode argument of ioctl().
23488  *
23489  * Return Code: 0
23490  *		EINVAL
23491  *		EFAULT
23492  *		ENXIO
23493  */
23494 
23495 static int
23496 sd_dkio_set_mboot(dev_t dev, caddr_t arg, int flag)
23497 {
23498 	struct sd_lun	*un = NULL;
23499 	struct mboot	*mboot = NULL;
23500 	int		rval;
23501 	ushort_t	magic;
23502 
23503 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
23504 		return (ENXIO);
23505 	}
23506 
23507 	ASSERT(!mutex_owned(SD_MUTEX(un)));
23508 
23509 #if defined(_SUNOS_VTOC_8)
23510 	if (!ISREMOVABLE(un)) {
23511 		return (EINVAL);
23512 	}
23513 #endif
23514 
23515 	if (arg == NULL) {
23516 		return (EINVAL);
23517 	}
23518 
23519 	mboot = kmem_zalloc(sizeof (struct mboot), KM_SLEEP);
23520 
23521 	if (ddi_copyin((const void *)arg, mboot,
23522 	    sizeof (struct mboot), flag) != 0) {
23523 		kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23524 		return (EFAULT);
23525 	}
23526 
23527 	/* Is this really a master boot record? */
23528 	magic = LE_16(mboot->signature);
23529 	if (magic != MBB_MAGIC) {
23530 		kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23531 		return (EINVAL);
23532 	}
23533 
23534 	rval = sd_send_scsi_WRITE(un, mboot, un->un_sys_blocksize, 0,
23535 	    SD_PATH_STANDARD);
23536 
23537 	mutex_enter(SD_MUTEX(un));
23538 #if defined(__i386) || defined(__amd64)
23539 	if (rval == 0) {
23540 		/*
23541 		 * mboot has been written successfully.
23542 		 * update the fdisk and vtoc tables in memory
23543 		 */
23544 		rval = sd_update_fdisk_and_vtoc(un);
23545 		if ((un->un_f_geometry_is_valid == FALSE) || (rval != 0)) {
23546 			mutex_exit(SD_MUTEX(un));
23547 			kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23548 			return (rval);
23549 		}
23550 	}
23551 
23552 	/*
23553 	 * If the mboot write fails, write the devid anyway, what can it hurt?
23554 	 * Also preserve the device id by writing to the disk acyl for the case
23555 	 * where a devid has been fabricated.
23556 	 */
23557 	if (!ISREMOVABLE(un) && !ISCD(un) &&
23558 	    (un->un_f_opt_fab_devid == TRUE)) {
23559 		if (un->un_devid == NULL) {
23560 			sd_register_devid(un, SD_DEVINFO(un),
23561 			    SD_TARGET_IS_UNRESERVED);
23562 		} else {
23563 			/*
23564 			 * The device id for this disk has been
23565 			 * fabricated. Fabricated device id's are
23566 			 * managed by storing them in the last 2
23567 			 * available sectors on the drive. The device
23568 			 * id must be preserved by writing it back out
23569 			 * to this location.
23570 			 */
23571 			if (sd_write_deviceid(un) != 0) {
23572 				ddi_devid_free(un->un_devid);
23573 				un->un_devid = NULL;
23574 			}
23575 		}
23576 	}
23577 #else
23578 	if (rval == 0) {
23579 		/*
23580 		 * mboot has been written successfully.
23581 		 * set up the default geometry and VTOC
23582 		 */
23583 		if (un->un_blockcount <= DK_MAX_BLOCKS)
23584 			sd_setup_default_geometry(un);
23585 	}
23586 #endif
23587 	mutex_exit(SD_MUTEX(un));
23588 	kmem_free(mboot, (size_t)(sizeof (struct mboot)));
23589 	return (rval);
23590 }
23591 
23592 
23593 /*
23594  *    Function: sd_setup_default_geometry
23595  *
23596  * Description: This local utility routine sets the default geometry as part of
23597  *		setting the device mboot.
23598  *
23599  *   Arguments: un - driver soft state (unit) structure
23600  *
23601  * Note: This may be redundant with sd_build_default_label.
23602  */
23603 
23604 static void
23605 sd_setup_default_geometry(struct sd_lun *un)
23606 {
23607 	/* zero out the soft state geometry and partition table. */
23608 	bzero(&un->un_g, sizeof (struct dk_geom));
23609 	bzero(&un->un_vtoc, sizeof (struct dk_vtoc));
23610 	bzero(un->un_map, NDKMAP * (sizeof (struct dk_map)));
23611 	un->un_asciilabel[0] = '\0';
23612 
23613 	/*
23614 	 * For the rpm, we use the minimum for the disk.
23615 	 * For the head, cyl and number of sector per track,
23616 	 * if the capacity <= 1GB, head = 64, sect = 32.
23617 	 * else head = 255, sect 63
23618 	 * Note: the capacity should be equal to C*H*S values.
23619 	 * This will cause some truncation of size due to
23620 	 * round off errors. For CD-ROMs, this truncation can
23621 	 * have adverse side effects, so returning ncyl and
23622 	 * nhead as 1. The nsect will overflow for most of
23623 	 * CD-ROMs as nsect is of type ushort.
23624 	 */
23625 	if (ISCD(un)) {
23626 		un->un_g.dkg_ncyl = 1;
23627 		un->un_g.dkg_nhead = 1;
23628 		un->un_g.dkg_nsect = un->un_blockcount;
23629 	} else {
23630 		if (un->un_blockcount <= 0x1000) {
23631 			/* Needed for unlabeled SCSI floppies. */
23632 			un->un_g.dkg_nhead = 2;
23633 			un->un_g.dkg_ncyl = 80;
23634 			un->un_g.dkg_pcyl = 80;
23635 			un->un_g.dkg_nsect = un->un_blockcount / (2 * 80);
23636 		} else if (un->un_blockcount <= 0x200000) {
23637 			un->un_g.dkg_nhead = 64;
23638 			un->un_g.dkg_nsect = 32;
23639 			un->un_g.dkg_ncyl = un->un_blockcount / (64 * 32);
23640 		} else {
23641 			un->un_g.dkg_nhead = 255;
23642 			un->un_g.dkg_nsect = 63;
23643 			un->un_g.dkg_ncyl = un->un_blockcount / (255 * 63);
23644 		}
23645 		un->un_blockcount = un->un_g.dkg_ncyl *
23646 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect;
23647 	}
23648 	un->un_g.dkg_acyl = 0;
23649 	un->un_g.dkg_bcyl = 0;
23650 	un->un_g.dkg_intrlv = 1;
23651 	un->un_g.dkg_rpm = 200;
23652 	un->un_g.dkg_read_reinstruct = 0;
23653 	un->un_g.dkg_write_reinstruct = 0;
23654 	if (un->un_g.dkg_pcyl == 0) {
23655 		un->un_g.dkg_pcyl = un->un_g.dkg_ncyl + un->un_g.dkg_acyl;
23656 	}
23657 
23658 	un->un_map['a'-'a'].dkl_cylno = 0;
23659 	un->un_map['a'-'a'].dkl_nblk = un->un_blockcount;
23660 	un->un_map['c'-'a'].dkl_cylno = 0;
23661 	un->un_map['c'-'a'].dkl_nblk = un->un_blockcount;
23662 	un->un_f_geometry_is_valid = FALSE;
23663 }
23664 
23665 
23666 #if defined(__i386) || defined(__amd64)
23667 /*
23668  *    Function: sd_update_fdisk_and_vtoc
23669  *
23670  * Description: This local utility routine updates the device fdisk and vtoc
23671  *		as part of setting the device mboot.
23672  *
23673  *   Arguments: un - driver soft state (unit) structure
23674  *
23675  * Return Code: 0 for success or errno-type return code.
23676  *
23677  *    Note:x86: This looks like a duplicate of sd_validate_geometry(), but
23678  *		these did exist seperately in x86 sd.c!!!
23679  */
23680 
23681 static int
23682 sd_update_fdisk_and_vtoc(struct sd_lun *un)
23683 {
23684 	static char	labelstring[128];
23685 	static char	buf[256];
23686 	char		*label = 0;
23687 	int		count;
23688 	int		label_rc = 0;
23689 	int		gvalid = un->un_f_geometry_is_valid;
23690 	int		fdisk_rval;
23691 	int		lbasize;
23692 	int		capacity;
23693 
23694 	ASSERT(mutex_owned(SD_MUTEX(un)));
23695 
23696 	if (un->un_f_tgt_blocksize_is_valid == FALSE) {
23697 		return (EINVAL);
23698 	}
23699 
23700 	if (un->un_f_blockcount_is_valid == FALSE) {
23701 		return (EINVAL);
23702 	}
23703 
23704 #if defined(_SUNOS_VTOC_16)
23705 	/*
23706 	 * Set up the "whole disk" fdisk partition; this should always
23707 	 * exist, regardless of whether the disk contains an fdisk table
23708 	 * or vtoc.
23709 	 */
23710 	un->un_map[P0_RAW_DISK].dkl_cylno = 0;
23711 	un->un_map[P0_RAW_DISK].dkl_nblk = un->un_blockcount;
23712 #endif	/* defined(_SUNOS_VTOC_16) */
23713 
23714 	/*
23715 	 * copy the lbasize and capacity so that if they're
23716 	 * reset while we're not holding the SD_MUTEX(un), we will
23717 	 * continue to use valid values after the SD_MUTEX(un) is
23718 	 * reacquired.
23719 	 */
23720 	lbasize  = un->un_tgt_blocksize;
23721 	capacity = un->un_blockcount;
23722 
23723 	/*
23724 	 * refresh the logical and physical geometry caches.
23725 	 * (data from mode sense format/rigid disk geometry pages,
23726 	 * and scsi_ifgetcap("geometry").
23727 	 */
23728 	sd_resync_geom_caches(un, capacity, lbasize, SD_PATH_DIRECT);
23729 
23730 	/*
23731 	 * Only DIRECT ACCESS devices will have Sun labels.
23732 	 * CD's supposedly have a Sun label, too
23733 	 */
23734 	if (SD_INQUIRY(un)->inq_dtype == DTYPE_DIRECT || ISREMOVABLE(un)) {
23735 		fdisk_rval = sd_read_fdisk(un, capacity, lbasize,
23736 		    SD_PATH_DIRECT);
23737 		if (fdisk_rval == SD_CMD_FAILURE) {
23738 			ASSERT(mutex_owned(SD_MUTEX(un)));
23739 			return (EIO);
23740 		}
23741 
23742 		if (fdisk_rval == SD_CMD_RESERVATION_CONFLICT) {
23743 			ASSERT(mutex_owned(SD_MUTEX(un)));
23744 			return (EACCES);
23745 		}
23746 
23747 		if (un->un_solaris_size <= DK_LABEL_LOC) {
23748 			/*
23749 			 * Found fdisk table but no Solaris partition entry,
23750 			 * so don't call sd_uselabel() and don't create
23751 			 * a default label.
23752 			 */
23753 			label_rc = 0;
23754 			un->un_f_geometry_is_valid = TRUE;
23755 			goto no_solaris_partition;
23756 		}
23757 
23758 #if defined(_SUNOS_VTOC_8)
23759 		label = (char *)un->un_asciilabel;
23760 #elif defined(_SUNOS_VTOC_16)
23761 		label = (char *)un->un_vtoc.v_asciilabel;
23762 #else
23763 #error "No VTOC format defined."
23764 #endif
23765 	} else if (capacity < 0) {
23766 		ASSERT(mutex_owned(SD_MUTEX(un)));
23767 		return (EINVAL);
23768 	}
23769 
23770 	/*
23771 	 * For Removable media We reach here if we have found a
23772 	 * SOLARIS PARTITION.
23773 	 * If un_f_geometry_is_valid is FALSE it indicates that the SOLARIS
23774 	 * PARTITION has changed from the previous one, hence we will setup a
23775 	 * default VTOC in this case.
23776 	 */
23777 	if (un->un_f_geometry_is_valid == FALSE) {
23778 		sd_build_default_label(un);
23779 		label_rc = 0;
23780 	}
23781 
23782 no_solaris_partition:
23783 	if ((!ISREMOVABLE(un) ||
23784 	    (ISREMOVABLE(un) && un->un_mediastate == DKIO_EJECTED)) &&
23785 	    (un->un_state == SD_STATE_NORMAL && gvalid == FALSE)) {
23786 		/*
23787 		 * Print out a message indicating who and what we are.
23788 		 * We do this only when we happen to really validate the
23789 		 * geometry. We may call sd_validate_geometry() at other
23790 		 * times, ioctl()'s like Get VTOC in which case we
23791 		 * don't want to print the label.
23792 		 * If the geometry is valid, print the label string,
23793 		 * else print vendor and product info, if available
23794 		 */
23795 		if ((un->un_f_geometry_is_valid == TRUE) && (label != NULL)) {
23796 			SD_INFO(SD_LOG_IOCTL_DKIO, un, "?<%s>\n", label);
23797 		} else {
23798 			mutex_enter(&sd_label_mutex);
23799 			sd_inq_fill(SD_INQUIRY(un)->inq_vid, VIDMAX,
23800 			    labelstring);
23801 			sd_inq_fill(SD_INQUIRY(un)->inq_pid, PIDMAX,
23802 			    &labelstring[64]);
23803 			(void) sprintf(buf, "?Vendor '%s', product '%s'",
23804 			    labelstring, &labelstring[64]);
23805 			if (un->un_f_blockcount_is_valid == TRUE) {
23806 				(void) sprintf(&buf[strlen(buf)],
23807 				    ", %" PRIu64 " %u byte blocks\n",
23808 				    un->un_blockcount,
23809 				    un->un_tgt_blocksize);
23810 			} else {
23811 				(void) sprintf(&buf[strlen(buf)],
23812 				    ", (unknown capacity)\n");
23813 			}
23814 			SD_INFO(SD_LOG_IOCTL_DKIO, un, buf);
23815 			mutex_exit(&sd_label_mutex);
23816 		}
23817 	}
23818 
23819 #if defined(_SUNOS_VTOC_16)
23820 	/*
23821 	 * If we have valid geometry, set up the remaining fdisk partitions.
23822 	 * Note that dkl_cylno is not used for the fdisk map entries, so
23823 	 * we set it to an entirely bogus value.
23824 	 */
23825 	for (count = 0; count < FD_NUMPART; count++) {
23826 		un->un_map[FDISK_P1 + count].dkl_cylno = -1;
23827 		un->un_map[FDISK_P1 + count].dkl_nblk =
23828 		    un->un_fmap[count].fmap_nblk;
23829 		un->un_offset[FDISK_P1 + count] =
23830 		    un->un_fmap[count].fmap_start;
23831 	}
23832 #endif
23833 
23834 	for (count = 0; count < NDKMAP; count++) {
23835 #if defined(_SUNOS_VTOC_8)
23836 		struct dk_map *lp  = &un->un_map[count];
23837 		un->un_offset[count] =
23838 		    un->un_g.dkg_nhead * un->un_g.dkg_nsect * lp->dkl_cylno;
23839 #elif defined(_SUNOS_VTOC_16)
23840 		struct dkl_partition *vp = &un->un_vtoc.v_part[count];
23841 		un->un_offset[count] = vp->p_start + un->un_solaris_offset;
23842 #else
23843 #error "No VTOC format defined."
23844 #endif
23845 	}
23846 
23847 	ASSERT(mutex_owned(SD_MUTEX(un)));
23848 	return (label_rc);
23849 }
23850 #endif
23851 
23852 
23853 /*
23854  *    Function: sd_check_media
23855  *
23856  * Description: This utility routine implements the functionality for the
23857  *		DKIOCSTATE ioctl. This ioctl blocks the user thread until the
23858  *		driver state changes from that specified by the user
23859  *		(inserted or ejected). For example, if the user specifies
23860  *		DKIO_EJECTED and the current media state is inserted this
23861  *		routine will immediately return DKIO_INSERTED. However, if the
23862  *		current media state is not inserted the user thread will be
23863  *		blocked until the drive state changes. If DKIO_NONE is specified
23864  *		the user thread will block until a drive state change occurs.
23865  *
23866  *   Arguments: dev  - the device number
23867  *		state  - user pointer to a dkio_state, updated with the current
23868  *			drive state at return.
23869  *
23870  * Return Code: ENXIO
23871  *		EIO
23872  *		EAGAIN
23873  *		EINTR
23874  */
23875 
23876 static int
23877 sd_check_media(dev_t dev, enum dkio_state state)
23878 {
23879 	struct sd_lun		*un = NULL;
23880 	enum dkio_state		prev_state;
23881 	opaque_t		token = NULL;
23882 	int			rval = 0;
23883 
23884 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
23885 		return (ENXIO);
23886 	}
23887 
23888 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: entry\n");
23889 
23890 	mutex_enter(SD_MUTEX(un));
23891 
23892 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: "
23893 	    "state=%x, mediastate=%x\n", state, un->un_mediastate);
23894 
23895 	prev_state = un->un_mediastate;
23896 
23897 	/* is there anything to do? */
23898 	if (state == un->un_mediastate || un->un_mediastate == DKIO_NONE) {
23899 		/*
23900 		 * submit the request to the scsi_watch service;
23901 		 * scsi_media_watch_cb() does the real work
23902 		 */
23903 		mutex_exit(SD_MUTEX(un));
23904 
23905 		/*
23906 		 * This change handles the case where a scsi watch request is
23907 		 * added to a device that is powered down. To accomplish this
23908 		 * we power up the device before adding the scsi watch request,
23909 		 * since the scsi watch sends a TUR directly to the device
23910 		 * which the device cannot handle if it is powered down.
23911 		 */
23912 		if (sd_pm_entry(un) != DDI_SUCCESS) {
23913 			mutex_enter(SD_MUTEX(un));
23914 			goto done;
23915 		}
23916 
23917 		token = scsi_watch_request_submit(SD_SCSI_DEVP(un),
23918 		    sd_check_media_time, SENSE_LENGTH, sd_media_watch_cb,
23919 		    (caddr_t)dev);
23920 
23921 		sd_pm_exit(un);
23922 
23923 		mutex_enter(SD_MUTEX(un));
23924 		if (token == NULL) {
23925 			rval = EAGAIN;
23926 			goto done;
23927 		}
23928 
23929 		/*
23930 		 * This is a special case IOCTL that doesn't return
23931 		 * until the media state changes. Routine sdpower
23932 		 * knows about and handles this so don't count it
23933 		 * as an active cmd in the driver, which would
23934 		 * keep the device busy to the pm framework.
23935 		 * If the count isn't decremented the device can't
23936 		 * be powered down.
23937 		 */
23938 		un->un_ncmds_in_driver--;
23939 		ASSERT(un->un_ncmds_in_driver >= 0);
23940 
23941 		/*
23942 		 * if a prior request had been made, this will be the same
23943 		 * token, as scsi_watch was designed that way.
23944 		 */
23945 		un->un_swr_token = token;
23946 		un->un_specified_mediastate = state;
23947 
23948 		/*
23949 		 * now wait for media change
23950 		 * we will not be signalled unless mediastate == state but it is
23951 		 * still better to test for this condition, since there is a
23952 		 * 2 sec cv_broadcast delay when mediastate == DKIO_INSERTED
23953 		 */
23954 		SD_TRACE(SD_LOG_COMMON, un,
23955 		    "sd_check_media: waiting for media state change\n");
23956 		while (un->un_mediastate == state) {
23957 			if (cv_wait_sig(&un->un_state_cv, SD_MUTEX(un)) == 0) {
23958 				SD_TRACE(SD_LOG_COMMON, un,
23959 				    "sd_check_media: waiting for media state "
23960 				    "was interrupted\n");
23961 				un->un_ncmds_in_driver++;
23962 				rval = EINTR;
23963 				goto done;
23964 			}
23965 			SD_TRACE(SD_LOG_COMMON, un,
23966 			    "sd_check_media: received signal, state=%x\n",
23967 			    un->un_mediastate);
23968 		}
23969 		/*
23970 		 * Inc the counter to indicate the device once again
23971 		 * has an active outstanding cmd.
23972 		 */
23973 		un->un_ncmds_in_driver++;
23974 	}
23975 
23976 	/* invalidate geometry */
23977 	if (prev_state == DKIO_INSERTED && un->un_mediastate == DKIO_EJECTED) {
23978 		sr_ejected(un);
23979 	}
23980 
23981 	if (un->un_mediastate == DKIO_INSERTED && prev_state != DKIO_INSERTED) {
23982 		uint64_t	capacity;
23983 		uint_t		lbasize;
23984 
23985 		SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: media inserted\n");
23986 		mutex_exit(SD_MUTEX(un));
23987 		/*
23988 		 * Since the following routines use SD_PATH_DIRECT, we must
23989 		 * call PM directly before the upcoming disk accesses. This
23990 		 * may cause the disk to be power/spin up.
23991 		 */
23992 
23993 		if (sd_pm_entry(un) == DDI_SUCCESS) {
23994 			rval = sd_send_scsi_READ_CAPACITY(un,
23995 			    &capacity,
23996 			    &lbasize, SD_PATH_DIRECT);
23997 			if (rval != 0) {
23998 				sd_pm_exit(un);
23999 				mutex_enter(SD_MUTEX(un));
24000 				goto done;
24001 			}
24002 		} else {
24003 			rval = EIO;
24004 			mutex_enter(SD_MUTEX(un));
24005 			goto done;
24006 		}
24007 		mutex_enter(SD_MUTEX(un));
24008 
24009 		sd_update_block_info(un, lbasize, capacity);
24010 
24011 		un->un_f_geometry_is_valid	= FALSE;
24012 		(void) sd_validate_geometry(un, SD_PATH_DIRECT);
24013 
24014 		mutex_exit(SD_MUTEX(un));
24015 		rval = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_PREVENT,
24016 		    SD_PATH_DIRECT);
24017 		sd_pm_exit(un);
24018 
24019 		mutex_enter(SD_MUTEX(un));
24020 	}
24021 done:
24022 	un->un_f_watcht_stopped = FALSE;
24023 	if (un->un_swr_token) {
24024 		/*
24025 		 * Use of this local token and the mutex ensures that we avoid
24026 		 * some race conditions associated with terminating the
24027 		 * scsi watch.
24028 		 */
24029 		token = un->un_swr_token;
24030 		un->un_swr_token = (opaque_t)NULL;
24031 		mutex_exit(SD_MUTEX(un));
24032 		(void) scsi_watch_request_terminate(token,
24033 		    SCSI_WATCH_TERMINATE_WAIT);
24034 		mutex_enter(SD_MUTEX(un));
24035 	}
24036 
24037 	/*
24038 	 * Update the capacity kstat value, if no media previously
24039 	 * (capacity kstat is 0) and a media has been inserted
24040 	 * (un_f_blockcount_is_valid == TRUE)
24041 	 * This is a more generic way then checking for ISREMOVABLE.
24042 	 */
24043 	if (un->un_errstats) {
24044 		struct sd_errstats	*stp = NULL;
24045 
24046 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
24047 		if ((stp->sd_capacity.value.ui64 == 0) &&
24048 		    (un->un_f_blockcount_is_valid == TRUE)) {
24049 			stp->sd_capacity.value.ui64 =
24050 			    (uint64_t)((uint64_t)un->un_blockcount *
24051 			    un->un_sys_blocksize);
24052 		}
24053 	}
24054 	mutex_exit(SD_MUTEX(un));
24055 	SD_TRACE(SD_LOG_COMMON, un, "sd_check_media: done\n");
24056 	return (rval);
24057 }
24058 
24059 
24060 /*
24061  *    Function: sd_delayed_cv_broadcast
24062  *
24063  * Description: Delayed cv_broadcast to allow for target to recover from media
24064  *		insertion.
24065  *
24066  *   Arguments: arg - driver soft state (unit) structure
24067  */
24068 
24069 static void
24070 sd_delayed_cv_broadcast(void *arg)
24071 {
24072 	struct sd_lun *un = arg;
24073 
24074 	SD_TRACE(SD_LOG_COMMON, un, "sd_delayed_cv_broadcast\n");
24075 
24076 	mutex_enter(SD_MUTEX(un));
24077 	un->un_dcvb_timeid = NULL;
24078 	cv_broadcast(&un->un_state_cv);
24079 	mutex_exit(SD_MUTEX(un));
24080 }
24081 
24082 
24083 /*
24084  *    Function: sd_media_watch_cb
24085  *
24086  * Description: Callback routine used for support of the DKIOCSTATE ioctl. This
24087  *		routine processes the TUR sense data and updates the driver
24088  *		state if a transition has occurred. The user thread
24089  *		(sd_check_media) is then signalled.
24090  *
24091  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
24092  *			among multiple watches that share this callback function
24093  *		resultp - scsi watch facility result packet containing scsi
24094  *			  packet, status byte and sense data
24095  *
24096  * Return Code: 0 for success, -1 for failure
24097  */
24098 
24099 static int
24100 sd_media_watch_cb(caddr_t arg, struct scsi_watch_result *resultp)
24101 {
24102 	struct sd_lun			*un;
24103 	struct scsi_status		*statusp = resultp->statusp;
24104 	struct scsi_extended_sense	*sensep = resultp->sensep;
24105 	enum dkio_state			state = DKIO_NONE;
24106 	dev_t				dev = (dev_t)arg;
24107 	uchar_t				actual_sense_length;
24108 
24109 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24110 		return (-1);
24111 	}
24112 	actual_sense_length = resultp->actual_sense_length;
24113 
24114 	mutex_enter(SD_MUTEX(un));
24115 	SD_TRACE(SD_LOG_COMMON, un,
24116 	    "sd_media_watch_cb: status=%x, sensep=%p, len=%x\n",
24117 	    *((char *)statusp), (void *)sensep, actual_sense_length);
24118 
24119 	if (resultp->pkt->pkt_reason == CMD_DEV_GONE) {
24120 		un->un_mediastate = DKIO_DEV_GONE;
24121 		cv_broadcast(&un->un_state_cv);
24122 		mutex_exit(SD_MUTEX(un));
24123 
24124 		return (0);
24125 	}
24126 
24127 	/*
24128 	 * If there was a check condition then sensep points to valid sense data
24129 	 * If status was not a check condition but a reservation or busy status
24130 	 * then the new state is DKIO_NONE
24131 	 */
24132 	if (sensep != NULL) {
24133 		SD_INFO(SD_LOG_COMMON, un,
24134 		    "sd_media_watch_cb: sense KEY=%x, ASC=%x, ASCQ=%x\n",
24135 		    sensep->es_key, sensep->es_add_code, sensep->es_qual_code);
24136 		/* This routine only uses up to 13 bytes of sense data. */
24137 		if (actual_sense_length >= 13) {
24138 			if (sensep->es_key == KEY_UNIT_ATTENTION) {
24139 				if (sensep->es_add_code == 0x28) {
24140 					state = DKIO_INSERTED;
24141 				}
24142 			} else {
24143 				/*
24144 				 * if 02/04/02  means that the host
24145 				 * should send start command. Explicitly
24146 				 * leave the media state as is
24147 				 * (inserted) as the media is inserted
24148 				 * and host has stopped device for PM
24149 				 * reasons. Upon next true read/write
24150 				 * to this media will bring the
24151 				 * device to the right state good for
24152 				 * media access.
24153 				 */
24154 				if ((sensep->es_key == KEY_NOT_READY) &&
24155 				    (sensep->es_add_code == 0x3a)) {
24156 					state = DKIO_EJECTED;
24157 				}
24158 
24159 				/*
24160 				 * If the drivge is busy with an operation
24161 				 * or long write, keep the media in an
24162 				 * inserted state.
24163 				 */
24164 
24165 				if ((sensep->es_key == KEY_NOT_READY) &&
24166 				    (sensep->es_add_code == 0x04) &&
24167 				    ((sensep->es_qual_code == 0x02) ||
24168 				    (sensep->es_qual_code == 0x07) ||
24169 				    (sensep->es_qual_code == 0x08))) {
24170 					state = DKIO_INSERTED;
24171 				}
24172 			}
24173 		}
24174 	} else if ((*((char *)statusp) == STATUS_GOOD) &&
24175 	    (resultp->pkt->pkt_reason == CMD_CMPLT)) {
24176 		state = DKIO_INSERTED;
24177 	}
24178 
24179 	SD_TRACE(SD_LOG_COMMON, un,
24180 	    "sd_media_watch_cb: state=%x, specified=%x\n",
24181 	    state, un->un_specified_mediastate);
24182 
24183 	/*
24184 	 * now signal the waiting thread if this is *not* the specified state;
24185 	 * delay the signal if the state is DKIO_INSERTED to allow the target
24186 	 * to recover
24187 	 */
24188 	if (state != un->un_specified_mediastate) {
24189 		un->un_mediastate = state;
24190 		if (state == DKIO_INSERTED) {
24191 			/*
24192 			 * delay the signal to give the drive a chance
24193 			 * to do what it apparently needs to do
24194 			 */
24195 			SD_TRACE(SD_LOG_COMMON, un,
24196 			    "sd_media_watch_cb: delayed cv_broadcast\n");
24197 			if (un->un_dcvb_timeid == NULL) {
24198 				un->un_dcvb_timeid =
24199 				    timeout(sd_delayed_cv_broadcast, un,
24200 				    drv_usectohz((clock_t)MEDIA_ACCESS_DELAY));
24201 			}
24202 		} else {
24203 			SD_TRACE(SD_LOG_COMMON, un,
24204 			    "sd_media_watch_cb: immediate cv_broadcast\n");
24205 			cv_broadcast(&un->un_state_cv);
24206 		}
24207 	}
24208 	mutex_exit(SD_MUTEX(un));
24209 	return (0);
24210 }
24211 
24212 
24213 /*
24214  *    Function: sd_dkio_get_temp
24215  *
24216  * Description: This routine is the driver entry point for handling ioctl
24217  *		requests to get the disk temperature.
24218  *
24219  *   Arguments: dev  - the device number
24220  *		arg  - pointer to user provided dk_temperature structure.
24221  *		flag - this argument is a pass through to ddi_copyxxx()
24222  *		       directly from the mode argument of ioctl().
24223  *
24224  * Return Code: 0
24225  *		EFAULT
24226  *		ENXIO
24227  *		EAGAIN
24228  */
24229 
24230 static int
24231 sd_dkio_get_temp(dev_t dev, caddr_t arg, int flag)
24232 {
24233 	struct sd_lun		*un = NULL;
24234 	struct dk_temperature	*dktemp = NULL;
24235 	uchar_t			*temperature_page;
24236 	int			rval = 0;
24237 	int			path_flag = SD_PATH_STANDARD;
24238 
24239 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24240 		return (ENXIO);
24241 	}
24242 
24243 	dktemp = kmem_zalloc(sizeof (struct dk_temperature), KM_SLEEP);
24244 
24245 	/* copyin the disk temp argument to get the user flags */
24246 	if (ddi_copyin((void *)arg, dktemp,
24247 	    sizeof (struct dk_temperature), flag) != 0) {
24248 		rval = EFAULT;
24249 		goto done;
24250 	}
24251 
24252 	/* Initialize the temperature to invalid. */
24253 	dktemp->dkt_cur_temp = (short)DKT_INVALID_TEMP;
24254 	dktemp->dkt_ref_temp = (short)DKT_INVALID_TEMP;
24255 
24256 	/*
24257 	 * Note: Investigate removing the "bypass pm" semantic.
24258 	 * Can we just bypass PM always?
24259 	 */
24260 	if (dktemp->dkt_flags & DKT_BYPASS_PM) {
24261 		path_flag = SD_PATH_DIRECT;
24262 		ASSERT(!mutex_owned(&un->un_pm_mutex));
24263 		mutex_enter(&un->un_pm_mutex);
24264 		if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
24265 			/*
24266 			 * If DKT_BYPASS_PM is set, and the drive happens to be
24267 			 * in low power mode, we can not wake it up, Need to
24268 			 * return EAGAIN.
24269 			 */
24270 			mutex_exit(&un->un_pm_mutex);
24271 			rval = EAGAIN;
24272 			goto done;
24273 		} else {
24274 			/*
24275 			 * Indicate to PM the device is busy. This is required
24276 			 * to avoid a race - i.e. the ioctl is issuing a
24277 			 * command and the pm framework brings down the device
24278 			 * to low power mode (possible power cut-off on some
24279 			 * platforms).
24280 			 */
24281 			mutex_exit(&un->un_pm_mutex);
24282 			if (sd_pm_entry(un) != DDI_SUCCESS) {
24283 				rval = EAGAIN;
24284 				goto done;
24285 			}
24286 		}
24287 	}
24288 
24289 	temperature_page = kmem_zalloc(TEMPERATURE_PAGE_SIZE, KM_SLEEP);
24290 
24291 	if ((rval = sd_send_scsi_LOG_SENSE(un, temperature_page,
24292 	    TEMPERATURE_PAGE_SIZE, TEMPERATURE_PAGE, 1, 0, path_flag)) != 0) {
24293 		goto done2;
24294 	}
24295 
24296 	/*
24297 	 * For the current temperature verify that the parameter length is 0x02
24298 	 * and the parameter code is 0x00
24299 	 */
24300 	if ((temperature_page[7] == 0x02) && (temperature_page[4] == 0x00) &&
24301 	    (temperature_page[5] == 0x00)) {
24302 		if (temperature_page[9] == 0xFF) {
24303 			dktemp->dkt_cur_temp = (short)DKT_INVALID_TEMP;
24304 		} else {
24305 			dktemp->dkt_cur_temp = (short)(temperature_page[9]);
24306 		}
24307 	}
24308 
24309 	/*
24310 	 * For the reference temperature verify that the parameter
24311 	 * length is 0x02 and the parameter code is 0x01
24312 	 */
24313 	if ((temperature_page[13] == 0x02) && (temperature_page[10] == 0x00) &&
24314 	    (temperature_page[11] == 0x01)) {
24315 		if (temperature_page[15] == 0xFF) {
24316 			dktemp->dkt_ref_temp = (short)DKT_INVALID_TEMP;
24317 		} else {
24318 			dktemp->dkt_ref_temp = (short)(temperature_page[15]);
24319 		}
24320 	}
24321 
24322 	/* Do the copyout regardless of the temperature commands status. */
24323 	if (ddi_copyout(dktemp, (void *)arg, sizeof (struct dk_temperature),
24324 	    flag) != 0) {
24325 		rval = EFAULT;
24326 	}
24327 
24328 done2:
24329 	if (path_flag == SD_PATH_DIRECT) {
24330 		sd_pm_exit(un);
24331 	}
24332 
24333 	kmem_free(temperature_page, TEMPERATURE_PAGE_SIZE);
24334 done:
24335 	if (dktemp != NULL) {
24336 		kmem_free(dktemp, sizeof (struct dk_temperature));
24337 	}
24338 
24339 	return (rval);
24340 }
24341 
24342 
24343 /*
24344  *    Function: sd_log_page_supported
24345  *
24346  * Description: This routine uses sd_send_scsi_LOG_SENSE to find the list of
24347  *		supported log pages.
24348  *
24349  *   Arguments: un -
24350  *		log_page -
24351  *
24352  * Return Code: -1 - on error (log sense is optional and may not be supported).
24353  *		0  - log page not found.
24354  *  		1  - log page found.
24355  */
24356 
24357 static int
24358 sd_log_page_supported(struct sd_lun *un, int log_page)
24359 {
24360 	uchar_t *log_page_data;
24361 	int	i;
24362 	int	match = 0;
24363 	int	log_size;
24364 
24365 	log_page_data = kmem_zalloc(0xFF, KM_SLEEP);
24366 
24367 	if (sd_send_scsi_LOG_SENSE(un, log_page_data, 0xFF, 0, 0x01, 0,
24368 	    SD_PATH_DIRECT) != 0) {
24369 		SD_ERROR(SD_LOG_COMMON, un,
24370 		    "sd_log_page_supported: failed log page retrieval\n");
24371 		kmem_free(log_page_data, 0xFF);
24372 		return (-1);
24373 	}
24374 	log_size = log_page_data[3];
24375 
24376 	/*
24377 	 * The list of supported log pages start from the fourth byte. Check
24378 	 * until we run out of log pages or a match is found.
24379 	 */
24380 	for (i = 4; (i < (log_size + 4)) && !match; i++) {
24381 		if (log_page_data[i] == log_page) {
24382 			match++;
24383 		}
24384 	}
24385 	kmem_free(log_page_data, 0xFF);
24386 	return (match);
24387 }
24388 
24389 
24390 /*
24391  *    Function: sd_mhdioc_failfast
24392  *
24393  * Description: This routine is the driver entry point for handling ioctl
24394  *		requests to enable/disable the multihost failfast option.
24395  *		(MHIOCENFAILFAST)
24396  *
24397  *   Arguments: dev	- the device number
24398  *		arg	- user specified probing interval.
24399  *		flag	- this argument is a pass through to ddi_copyxxx()
24400  *			  directly from the mode argument of ioctl().
24401  *
24402  * Return Code: 0
24403  *		EFAULT
24404  *		ENXIO
24405  */
24406 
24407 static int
24408 sd_mhdioc_failfast(dev_t dev, caddr_t arg, int flag)
24409 {
24410 	struct sd_lun	*un = NULL;
24411 	int		mh_time;
24412 	int		rval = 0;
24413 
24414 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24415 		return (ENXIO);
24416 	}
24417 
24418 	if (ddi_copyin((void *)arg, &mh_time, sizeof (int), flag))
24419 		return (EFAULT);
24420 
24421 	if (mh_time) {
24422 		mutex_enter(SD_MUTEX(un));
24423 		un->un_resvd_status |= SD_FAILFAST;
24424 		mutex_exit(SD_MUTEX(un));
24425 		/*
24426 		 * If mh_time is INT_MAX, then this ioctl is being used for
24427 		 * SCSI-3 PGR purposes, and we don't need to spawn watch thread.
24428 		 */
24429 		if (mh_time != INT_MAX) {
24430 			rval = sd_check_mhd(dev, mh_time);
24431 		}
24432 	} else {
24433 		(void) sd_check_mhd(dev, 0);
24434 		mutex_enter(SD_MUTEX(un));
24435 		un->un_resvd_status &= ~SD_FAILFAST;
24436 		mutex_exit(SD_MUTEX(un));
24437 	}
24438 	return (rval);
24439 }
24440 
24441 
24442 /*
24443  *    Function: sd_mhdioc_takeown
24444  *
24445  * Description: This routine is the driver entry point for handling ioctl
24446  *		requests to forcefully acquire exclusive access rights to the
24447  *		multihost disk (MHIOCTKOWN).
24448  *
24449  *   Arguments: dev	- the device number
24450  *		arg	- user provided structure specifying the delay
24451  *			  parameters in milliseconds
24452  *		flag	- this argument is a pass through to ddi_copyxxx()
24453  *			  directly from the mode argument of ioctl().
24454  *
24455  * Return Code: 0
24456  *		EFAULT
24457  *		ENXIO
24458  */
24459 
24460 static int
24461 sd_mhdioc_takeown(dev_t dev, caddr_t arg, int flag)
24462 {
24463 	struct sd_lun		*un = NULL;
24464 	struct mhioctkown	*tkown = NULL;
24465 	int			rval = 0;
24466 
24467 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24468 		return (ENXIO);
24469 	}
24470 
24471 	if (arg != NULL) {
24472 		tkown = (struct mhioctkown *)
24473 		    kmem_zalloc(sizeof (struct mhioctkown), KM_SLEEP);
24474 		rval = ddi_copyin(arg, tkown, sizeof (struct mhioctkown), flag);
24475 		if (rval != 0) {
24476 			rval = EFAULT;
24477 			goto error;
24478 		}
24479 	}
24480 
24481 	rval = sd_take_ownership(dev, tkown);
24482 	mutex_enter(SD_MUTEX(un));
24483 	if (rval == 0) {
24484 		un->un_resvd_status |= SD_RESERVE;
24485 		if (tkown != NULL && tkown->reinstate_resv_delay != 0) {
24486 			sd_reinstate_resv_delay =
24487 			    tkown->reinstate_resv_delay * 1000;
24488 		} else {
24489 			sd_reinstate_resv_delay = SD_REINSTATE_RESV_DELAY;
24490 		}
24491 		/*
24492 		 * Give the scsi_watch routine interval set by
24493 		 * the MHIOCENFAILFAST ioctl precedence here.
24494 		 */
24495 		if ((un->un_resvd_status & SD_FAILFAST) == 0) {
24496 			mutex_exit(SD_MUTEX(un));
24497 			(void) sd_check_mhd(dev, sd_reinstate_resv_delay/1000);
24498 			SD_TRACE(SD_LOG_IOCTL_MHD, un,
24499 			    "sd_mhdioc_takeown : %d\n",
24500 			    sd_reinstate_resv_delay);
24501 		} else {
24502 			mutex_exit(SD_MUTEX(un));
24503 		}
24504 		(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_NOTIFY,
24505 		    sd_mhd_reset_notify_cb, (caddr_t)un);
24506 	} else {
24507 		un->un_resvd_status &= ~SD_RESERVE;
24508 		mutex_exit(SD_MUTEX(un));
24509 	}
24510 
24511 error:
24512 	if (tkown != NULL) {
24513 		kmem_free(tkown, sizeof (struct mhioctkown));
24514 	}
24515 	return (rval);
24516 }
24517 
24518 
24519 /*
24520  *    Function: sd_mhdioc_release
24521  *
24522  * Description: This routine is the driver entry point for handling ioctl
24523  *		requests to release exclusive access rights to the multihost
24524  *		disk (MHIOCRELEASE).
24525  *
24526  *   Arguments: dev	- the device number
24527  *
24528  * Return Code: 0
24529  *		ENXIO
24530  */
24531 
24532 static int
24533 sd_mhdioc_release(dev_t dev)
24534 {
24535 	struct sd_lun		*un = NULL;
24536 	timeout_id_t		resvd_timeid_save;
24537 	int			resvd_status_save;
24538 	int			rval = 0;
24539 
24540 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24541 		return (ENXIO);
24542 	}
24543 
24544 	mutex_enter(SD_MUTEX(un));
24545 	resvd_status_save = un->un_resvd_status;
24546 	un->un_resvd_status &=
24547 	    ~(SD_RESERVE | SD_LOST_RESERVE | SD_WANT_RESERVE);
24548 	if (un->un_resvd_timeid) {
24549 		resvd_timeid_save = un->un_resvd_timeid;
24550 		un->un_resvd_timeid = NULL;
24551 		mutex_exit(SD_MUTEX(un));
24552 		(void) untimeout(resvd_timeid_save);
24553 	} else {
24554 		mutex_exit(SD_MUTEX(un));
24555 	}
24556 
24557 	/*
24558 	 * destroy any pending timeout thread that may be attempting to
24559 	 * reinstate reservation on this device.
24560 	 */
24561 	sd_rmv_resv_reclaim_req(dev);
24562 
24563 	if ((rval = sd_reserve_release(dev, SD_RELEASE)) == 0) {
24564 		mutex_enter(SD_MUTEX(un));
24565 		if ((un->un_mhd_token) &&
24566 		    ((un->un_resvd_status & SD_FAILFAST) == 0)) {
24567 			mutex_exit(SD_MUTEX(un));
24568 			(void) sd_check_mhd(dev, 0);
24569 		} else {
24570 			mutex_exit(SD_MUTEX(un));
24571 		}
24572 		(void) scsi_reset_notify(SD_ADDRESS(un), SCSI_RESET_CANCEL,
24573 		    sd_mhd_reset_notify_cb, (caddr_t)un);
24574 	} else {
24575 		/*
24576 		 * sd_mhd_watch_cb will restart the resvd recover timeout thread
24577 		 */
24578 		mutex_enter(SD_MUTEX(un));
24579 		un->un_resvd_status = resvd_status_save;
24580 		mutex_exit(SD_MUTEX(un));
24581 	}
24582 	return (rval);
24583 }
24584 
24585 
24586 /*
24587  *    Function: sd_mhdioc_register_devid
24588  *
24589  * Description: This routine is the driver entry point for handling ioctl
24590  *		requests to register the device id (MHIOCREREGISTERDEVID).
24591  *
24592  *		Note: The implementation for this ioctl has been updated to
24593  *		be consistent with the original PSARC case (1999/357)
24594  *		(4375899, 4241671, 4220005)
24595  *
24596  *   Arguments: dev	- the device number
24597  *
24598  * Return Code: 0
24599  *		ENXIO
24600  */
24601 
24602 static int
24603 sd_mhdioc_register_devid(dev_t dev)
24604 {
24605 	struct sd_lun	*un = NULL;
24606 	int		rval = 0;
24607 
24608 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24609 		return (ENXIO);
24610 	}
24611 
24612 	ASSERT(!mutex_owned(SD_MUTEX(un)));
24613 
24614 	mutex_enter(SD_MUTEX(un));
24615 
24616 	/* If a devid already exists, de-register it */
24617 	if (un->un_devid != NULL) {
24618 		ddi_devid_unregister(SD_DEVINFO(un));
24619 		/*
24620 		 * After unregister devid, needs to free devid memory
24621 		 */
24622 		ddi_devid_free(un->un_devid);
24623 		un->un_devid = NULL;
24624 	}
24625 
24626 	/* Check for reservation conflict */
24627 	mutex_exit(SD_MUTEX(un));
24628 	rval = sd_send_scsi_TEST_UNIT_READY(un, 0);
24629 	mutex_enter(SD_MUTEX(un));
24630 
24631 	switch (rval) {
24632 	case 0:
24633 		sd_register_devid(un, SD_DEVINFO(un), SD_TARGET_IS_UNRESERVED);
24634 		break;
24635 	case EACCES:
24636 		break;
24637 	default:
24638 		rval = EIO;
24639 	}
24640 
24641 	mutex_exit(SD_MUTEX(un));
24642 	return (rval);
24643 }
24644 
24645 
24646 /*
24647  *    Function: sd_mhdioc_inkeys
24648  *
24649  * Description: This routine is the driver entry point for handling ioctl
24650  *		requests to issue the SCSI-3 Persistent In Read Keys command
24651  *		to the device (MHIOCGRP_INKEYS).
24652  *
24653  *   Arguments: dev	- the device number
24654  *		arg	- user provided in_keys structure
24655  *		flag	- this argument is a pass through to ddi_copyxxx()
24656  *			  directly from the mode argument of ioctl().
24657  *
24658  * Return Code: code returned by sd_persistent_reservation_in_read_keys()
24659  *		ENXIO
24660  *		EFAULT
24661  */
24662 
24663 static int
24664 sd_mhdioc_inkeys(dev_t dev, caddr_t arg, int flag)
24665 {
24666 	struct sd_lun		*un;
24667 	mhioc_inkeys_t		inkeys;
24668 	int			rval = 0;
24669 
24670 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24671 		return (ENXIO);
24672 	}
24673 
24674 #ifdef _MULTI_DATAMODEL
24675 	switch (ddi_model_convert_from(flag & FMODELS)) {
24676 	case DDI_MODEL_ILP32: {
24677 		struct mhioc_inkeys32	inkeys32;
24678 
24679 		if (ddi_copyin(arg, &inkeys32,
24680 		    sizeof (struct mhioc_inkeys32), flag) != 0) {
24681 			return (EFAULT);
24682 		}
24683 		inkeys.li = (mhioc_key_list_t *)(uintptr_t)inkeys32.li;
24684 		if ((rval = sd_persistent_reservation_in_read_keys(un,
24685 		    &inkeys, flag)) != 0) {
24686 			return (rval);
24687 		}
24688 		inkeys32.generation = inkeys.generation;
24689 		if (ddi_copyout(&inkeys32, arg, sizeof (struct mhioc_inkeys32),
24690 		    flag) != 0) {
24691 			return (EFAULT);
24692 		}
24693 		break;
24694 	}
24695 	case DDI_MODEL_NONE:
24696 		if (ddi_copyin(arg, &inkeys, sizeof (mhioc_inkeys_t),
24697 		    flag) != 0) {
24698 			return (EFAULT);
24699 		}
24700 		if ((rval = sd_persistent_reservation_in_read_keys(un,
24701 		    &inkeys, flag)) != 0) {
24702 			return (rval);
24703 		}
24704 		if (ddi_copyout(&inkeys, arg, sizeof (mhioc_inkeys_t),
24705 		    flag) != 0) {
24706 			return (EFAULT);
24707 		}
24708 		break;
24709 	}
24710 
24711 #else /* ! _MULTI_DATAMODEL */
24712 
24713 	if (ddi_copyin(arg, &inkeys, sizeof (mhioc_inkeys_t), flag) != 0) {
24714 		return (EFAULT);
24715 	}
24716 	rval = sd_persistent_reservation_in_read_keys(un, &inkeys, flag);
24717 	if (rval != 0) {
24718 		return (rval);
24719 	}
24720 	if (ddi_copyout(&inkeys, arg, sizeof (mhioc_inkeys_t), flag) != 0) {
24721 		return (EFAULT);
24722 	}
24723 
24724 #endif /* _MULTI_DATAMODEL */
24725 
24726 	return (rval);
24727 }
24728 
24729 
24730 /*
24731  *    Function: sd_mhdioc_inresv
24732  *
24733  * Description: This routine is the driver entry point for handling ioctl
24734  *		requests to issue the SCSI-3 Persistent In Read Reservations
24735  *		command to the device (MHIOCGRP_INKEYS).
24736  *
24737  *   Arguments: dev	- the device number
24738  *		arg	- user provided in_resv structure
24739  *		flag	- this argument is a pass through to ddi_copyxxx()
24740  *			  directly from the mode argument of ioctl().
24741  *
24742  * Return Code: code returned by sd_persistent_reservation_in_read_resv()
24743  *		ENXIO
24744  *		EFAULT
24745  */
24746 
24747 static int
24748 sd_mhdioc_inresv(dev_t dev, caddr_t arg, int flag)
24749 {
24750 	struct sd_lun		*un;
24751 	mhioc_inresvs_t		inresvs;
24752 	int			rval = 0;
24753 
24754 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24755 		return (ENXIO);
24756 	}
24757 
24758 #ifdef _MULTI_DATAMODEL
24759 
24760 	switch (ddi_model_convert_from(flag & FMODELS)) {
24761 	case DDI_MODEL_ILP32: {
24762 		struct mhioc_inresvs32	inresvs32;
24763 
24764 		if (ddi_copyin(arg, &inresvs32,
24765 		    sizeof (struct mhioc_inresvs32), flag) != 0) {
24766 			return (EFAULT);
24767 		}
24768 		inresvs.li = (mhioc_resv_desc_list_t *)(uintptr_t)inresvs32.li;
24769 		if ((rval = sd_persistent_reservation_in_read_resv(un,
24770 		    &inresvs, flag)) != 0) {
24771 			return (rval);
24772 		}
24773 		inresvs32.generation = inresvs.generation;
24774 		if (ddi_copyout(&inresvs32, arg,
24775 		    sizeof (struct mhioc_inresvs32), flag) != 0) {
24776 			return (EFAULT);
24777 		}
24778 		break;
24779 	}
24780 	case DDI_MODEL_NONE:
24781 		if (ddi_copyin(arg, &inresvs,
24782 		    sizeof (mhioc_inresvs_t), flag) != 0) {
24783 			return (EFAULT);
24784 		}
24785 		if ((rval = sd_persistent_reservation_in_read_resv(un,
24786 		    &inresvs, flag)) != 0) {
24787 			return (rval);
24788 		}
24789 		if (ddi_copyout(&inresvs, arg,
24790 		    sizeof (mhioc_inresvs_t), flag) != 0) {
24791 			return (EFAULT);
24792 		}
24793 		break;
24794 	}
24795 
24796 #else /* ! _MULTI_DATAMODEL */
24797 
24798 	if (ddi_copyin(arg, &inresvs, sizeof (mhioc_inresvs_t), flag) != 0) {
24799 		return (EFAULT);
24800 	}
24801 	rval = sd_persistent_reservation_in_read_resv(un, &inresvs, flag);
24802 	if (rval != 0) {
24803 		return (rval);
24804 	}
24805 	if (ddi_copyout(&inresvs, arg, sizeof (mhioc_inresvs_t), flag)) {
24806 		return (EFAULT);
24807 	}
24808 
24809 #endif /* ! _MULTI_DATAMODEL */
24810 
24811 	return (rval);
24812 }
24813 
24814 
24815 /*
24816  * The following routines support the clustering functionality described below
24817  * and implement lost reservation reclaim functionality.
24818  *
24819  * Clustering
24820  * ----------
24821  * The clustering code uses two different, independent forms of SCSI
24822  * reservation. Traditional SCSI-2 Reserve/Release and the newer SCSI-3
24823  * Persistent Group Reservations. For any particular disk, it will use either
24824  * SCSI-2 or SCSI-3 PGR but never both at the same time for the same disk.
24825  *
24826  * SCSI-2
24827  * The cluster software takes ownership of a multi-hosted disk by issuing the
24828  * MHIOCTKOWN ioctl to the disk driver. It releases ownership by issuing the
24829  * MHIOCRELEASE ioctl.Closely related is the MHIOCENFAILFAST ioctl -- a cluster,
24830  * just after taking ownership of the disk with the MHIOCTKOWN ioctl then issues
24831  * the MHIOCENFAILFAST ioctl.  This ioctl "enables failfast" in the driver. The
24832  * meaning of failfast is that if the driver (on this host) ever encounters the
24833  * scsi error return code RESERVATION_CONFLICT from the device, it should
24834  * immediately panic the host. The motivation for this ioctl is that if this
24835  * host does encounter reservation conflict, the underlying cause is that some
24836  * other host of the cluster has decided that this host is no longer in the
24837  * cluster and has seized control of the disks for itself. Since this host is no
24838  * longer in the cluster, it ought to panic itself. The MHIOCENFAILFAST ioctl
24839  * does two things:
24840  *	(a) it sets a flag that will cause any returned RESERVATION_CONFLICT
24841  *      error to panic the host
24842  *      (b) it sets up a periodic timer to test whether this host still has
24843  *      "access" (in that no other host has reserved the device):  if the
24844  *      periodic timer gets RESERVATION_CONFLICT, the host is panicked. The
24845  *      purpose of that periodic timer is to handle scenarios where the host is
24846  *      otherwise temporarily quiescent, temporarily doing no real i/o.
24847  * The MHIOCTKOWN ioctl will "break" a reservation that is held by another host,
24848  * by issuing a SCSI Bus Device Reset.  It will then issue a SCSI Reserve for
24849  * the device itself.
24850  *
24851  * SCSI-3 PGR
24852  * A direct semantic implementation of the SCSI-3 Persistent Reservation
24853  * facility is supported through the shared multihost disk ioctls
24854  * (MHIOCGRP_INKEYS, MHIOCGRP_INRESV, MHIOCGRP_REGISTER, MHIOCGRP_RESERVE,
24855  * MHIOCGRP_PREEMPTANDABORT)
24856  *
24857  * Reservation Reclaim:
24858  * --------------------
24859  * To support the lost reservation reclaim operations this driver creates a
24860  * single thread to handle reinstating reservations on all devices that have
24861  * lost reservations sd_resv_reclaim_requests are logged for all devices that
24862  * have LOST RESERVATIONS when the scsi watch facility callsback sd_mhd_watch_cb
24863  * and the reservation reclaim thread loops through the requests to regain the
24864  * lost reservations.
24865  */
24866 
24867 /*
24868  *    Function: sd_check_mhd()
24869  *
24870  * Description: This function sets up and submits a scsi watch request or
24871  *		terminates an existing watch request. This routine is used in
24872  *		support of reservation reclaim.
24873  *
24874  *   Arguments: dev    - the device 'dev_t' is used for context to discriminate
24875  *			 among multiple watches that share the callback function
24876  *		interval - the number of microseconds specifying the watch
24877  *			   interval for issuing TEST UNIT READY commands. If
24878  *			   set to 0 the watch should be terminated. If the
24879  *			   interval is set to 0 and if the device is required
24880  *			   to hold reservation while disabling failfast, the
24881  *			   watch is restarted with an interval of
24882  *			   reinstate_resv_delay.
24883  *
24884  * Return Code: 0	   - Successful submit/terminate of scsi watch request
24885  *		ENXIO      - Indicates an invalid device was specified
24886  *		EAGAIN     - Unable to submit the scsi watch request
24887  */
24888 
24889 static int
24890 sd_check_mhd(dev_t dev, int interval)
24891 {
24892 	struct sd_lun	*un;
24893 	opaque_t	token;
24894 
24895 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
24896 		return (ENXIO);
24897 	}
24898 
24899 	/* is this a watch termination request? */
24900 	if (interval == 0) {
24901 		mutex_enter(SD_MUTEX(un));
24902 		/* if there is an existing watch task then terminate it */
24903 		if (un->un_mhd_token) {
24904 			token = un->un_mhd_token;
24905 			un->un_mhd_token = NULL;
24906 			mutex_exit(SD_MUTEX(un));
24907 			(void) scsi_watch_request_terminate(token,
24908 			    SCSI_WATCH_TERMINATE_WAIT);
24909 			mutex_enter(SD_MUTEX(un));
24910 		} else {
24911 			mutex_exit(SD_MUTEX(un));
24912 			/*
24913 			 * Note: If we return here we don't check for the
24914 			 * failfast case. This is the original legacy
24915 			 * implementation but perhaps we should be checking
24916 			 * the failfast case.
24917 			 */
24918 			return (0);
24919 		}
24920 		/*
24921 		 * If the device is required to hold reservation while
24922 		 * disabling failfast, we need to restart the scsi_watch
24923 		 * routine with an interval of reinstate_resv_delay.
24924 		 */
24925 		if (un->un_resvd_status & SD_RESERVE) {
24926 			interval = sd_reinstate_resv_delay/1000;
24927 		} else {
24928 			/* no failfast so bail */
24929 			mutex_exit(SD_MUTEX(un));
24930 			return (0);
24931 		}
24932 		mutex_exit(SD_MUTEX(un));
24933 	}
24934 
24935 	/*
24936 	 * adjust minimum time interval to 1 second,
24937 	 * and convert from msecs to usecs
24938 	 */
24939 	if (interval > 0 && interval < 1000) {
24940 		interval = 1000;
24941 	}
24942 	interval *= 1000;
24943 
24944 	/*
24945 	 * submit the request to the scsi_watch service
24946 	 */
24947 	token = scsi_watch_request_submit(SD_SCSI_DEVP(un), interval,
24948 	    SENSE_LENGTH, sd_mhd_watch_cb, (caddr_t)dev);
24949 	if (token == NULL) {
24950 		return (EAGAIN);
24951 	}
24952 
24953 	/*
24954 	 * save token for termination later on
24955 	 */
24956 	mutex_enter(SD_MUTEX(un));
24957 	un->un_mhd_token = token;
24958 	mutex_exit(SD_MUTEX(un));
24959 	return (0);
24960 }
24961 
24962 
24963 /*
24964  *    Function: sd_mhd_watch_cb()
24965  *
24966  * Description: This function is the call back function used by the scsi watch
24967  *		facility. The scsi watch facility sends the "Test Unit Ready"
24968  *		and processes the status. If applicable (i.e. a "Unit Attention"
24969  *		status and automatic "Request Sense" not used) the scsi watch
24970  *		facility will send a "Request Sense" and retrieve the sense data
24971  *		to be passed to this callback function. In either case the
24972  *		automatic "Request Sense" or the facility submitting one, this
24973  *		callback is passed the status and sense data.
24974  *
24975  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
24976  *			among multiple watches that share this callback function
24977  *		resultp - scsi watch facility result packet containing scsi
24978  *			  packet, status byte and sense data
24979  *
24980  * Return Code: 0 - continue the watch task
24981  *		non-zero - terminate the watch task
24982  */
24983 
24984 static int
24985 sd_mhd_watch_cb(caddr_t arg, struct scsi_watch_result *resultp)
24986 {
24987 	struct sd_lun			*un;
24988 	struct scsi_status		*statusp;
24989 	struct scsi_extended_sense	*sensep;
24990 	struct scsi_pkt			*pkt;
24991 	uchar_t				actual_sense_length;
24992 	dev_t  				dev = (dev_t)arg;
24993 
24994 	ASSERT(resultp != NULL);
24995 	statusp			= resultp->statusp;
24996 	sensep			= resultp->sensep;
24997 	pkt			= resultp->pkt;
24998 	actual_sense_length	= resultp->actual_sense_length;
24999 
25000 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25001 		return (ENXIO);
25002 	}
25003 
25004 	SD_TRACE(SD_LOG_IOCTL_MHD, un,
25005 	    "sd_mhd_watch_cb: reason '%s', status '%s'\n",
25006 	    scsi_rname(pkt->pkt_reason), sd_sname(*((unsigned char *)statusp)));
25007 
25008 	/* Begin processing of the status and/or sense data */
25009 	if (pkt->pkt_reason != CMD_CMPLT) {
25010 		/* Handle the incomplete packet */
25011 		sd_mhd_watch_incomplete(un, pkt);
25012 		return (0);
25013 	} else if (*((unsigned char *)statusp) != STATUS_GOOD) {
25014 		if (*((unsigned char *)statusp)
25015 		    == STATUS_RESERVATION_CONFLICT) {
25016 			/*
25017 			 * Handle a reservation conflict by panicking if
25018 			 * configured for failfast or by logging the conflict
25019 			 * and updating the reservation status
25020 			 */
25021 			mutex_enter(SD_MUTEX(un));
25022 			if ((un->un_resvd_status & SD_FAILFAST) &&
25023 			    (sd_failfast_enable)) {
25024 				sd_panic_for_res_conflict(un);
25025 				/*NOTREACHED*/
25026 			}
25027 			SD_INFO(SD_LOG_IOCTL_MHD, un,
25028 			    "sd_mhd_watch_cb: Reservation Conflict\n");
25029 			un->un_resvd_status |= SD_RESERVATION_CONFLICT;
25030 			mutex_exit(SD_MUTEX(un));
25031 		}
25032 	}
25033 
25034 	if (sensep != NULL) {
25035 		if (actual_sense_length >= (SENSE_LENGTH - 2)) {
25036 			mutex_enter(SD_MUTEX(un));
25037 			if ((sensep->es_add_code == SD_SCSI_RESET_SENSE_CODE) &&
25038 			    (un->un_resvd_status & SD_RESERVE)) {
25039 				/*
25040 				 * The additional sense code indicates a power
25041 				 * on or bus device reset has occurred; update
25042 				 * the reservation status.
25043 				 */
25044 				un->un_resvd_status |=
25045 				    (SD_LOST_RESERVE | SD_WANT_RESERVE);
25046 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25047 				    "sd_mhd_watch_cb: Lost Reservation\n");
25048 			}
25049 		} else {
25050 			return (0);
25051 		}
25052 	} else {
25053 		mutex_enter(SD_MUTEX(un));
25054 	}
25055 
25056 	if ((un->un_resvd_status & SD_RESERVE) &&
25057 	    (un->un_resvd_status & SD_LOST_RESERVE)) {
25058 		if (un->un_resvd_status & SD_WANT_RESERVE) {
25059 			/*
25060 			 * A reset occurred in between the last probe and this
25061 			 * one so if a timeout is pending cancel it.
25062 			 */
25063 			if (un->un_resvd_timeid) {
25064 				timeout_id_t temp_id = un->un_resvd_timeid;
25065 				un->un_resvd_timeid = NULL;
25066 				mutex_exit(SD_MUTEX(un));
25067 				(void) untimeout(temp_id);
25068 				mutex_enter(SD_MUTEX(un));
25069 			}
25070 			un->un_resvd_status &= ~SD_WANT_RESERVE;
25071 		}
25072 		if (un->un_resvd_timeid == 0) {
25073 			/* Schedule a timeout to handle the lost reservation */
25074 			un->un_resvd_timeid = timeout(sd_mhd_resvd_recover,
25075 			    (void *)dev,
25076 			    drv_usectohz(sd_reinstate_resv_delay));
25077 		}
25078 	}
25079 	mutex_exit(SD_MUTEX(un));
25080 	return (0);
25081 }
25082 
25083 
25084 /*
25085  *    Function: sd_mhd_watch_incomplete()
25086  *
25087  * Description: This function is used to find out why a scsi pkt sent by the
25088  *		scsi watch facility was not completed. Under some scenarios this
25089  *		routine will return. Otherwise it will send a bus reset to see
25090  *		if the drive is still online.
25091  *
25092  *   Arguments: un  - driver soft state (unit) structure
25093  *		pkt - incomplete scsi pkt
25094  */
25095 
25096 static void
25097 sd_mhd_watch_incomplete(struct sd_lun *un, struct scsi_pkt *pkt)
25098 {
25099 	int	be_chatty;
25100 	int	perr;
25101 
25102 	ASSERT(pkt != NULL);
25103 	ASSERT(un != NULL);
25104 	be_chatty	= (!(pkt->pkt_flags & FLAG_SILENT));
25105 	perr		= (pkt->pkt_statistics & STAT_PERR);
25106 
25107 	mutex_enter(SD_MUTEX(un));
25108 	if (un->un_state == SD_STATE_DUMPING) {
25109 		mutex_exit(SD_MUTEX(un));
25110 		return;
25111 	}
25112 
25113 	switch (pkt->pkt_reason) {
25114 	case CMD_UNX_BUS_FREE:
25115 		/*
25116 		 * If we had a parity error that caused the target to drop BSY*,
25117 		 * don't be chatty about it.
25118 		 */
25119 		if (perr && be_chatty) {
25120 			be_chatty = 0;
25121 		}
25122 		break;
25123 	case CMD_TAG_REJECT:
25124 		/*
25125 		 * The SCSI-2 spec states that a tag reject will be sent by the
25126 		 * target if tagged queuing is not supported. A tag reject may
25127 		 * also be sent during certain initialization periods or to
25128 		 * control internal resources. For the latter case the target
25129 		 * may also return Queue Full.
25130 		 *
25131 		 * If this driver receives a tag reject from a target that is
25132 		 * going through an init period or controlling internal
25133 		 * resources tagged queuing will be disabled. This is a less
25134 		 * than optimal behavior but the driver is unable to determine
25135 		 * the target state and assumes tagged queueing is not supported
25136 		 */
25137 		pkt->pkt_flags = 0;
25138 		un->un_tagflags = 0;
25139 
25140 		if (un->un_f_opt_queueing == TRUE) {
25141 			un->un_throttle = min(un->un_throttle, 3);
25142 		} else {
25143 			un->un_throttle = 1;
25144 		}
25145 		mutex_exit(SD_MUTEX(un));
25146 		(void) scsi_ifsetcap(SD_ADDRESS(un), "tagged-qing", 0, 1);
25147 		mutex_enter(SD_MUTEX(un));
25148 		break;
25149 	case CMD_INCOMPLETE:
25150 		/*
25151 		 * The transport stopped with an abnormal state, fallthrough and
25152 		 * reset the target and/or bus unless selection did not complete
25153 		 * (indicated by STATE_GOT_BUS) in which case we don't want to
25154 		 * go through a target/bus reset
25155 		 */
25156 		if (pkt->pkt_state == STATE_GOT_BUS) {
25157 			break;
25158 		}
25159 		/*FALLTHROUGH*/
25160 
25161 	case CMD_TIMEOUT:
25162 	default:
25163 		/*
25164 		 * The lun may still be running the command, so a lun reset
25165 		 * should be attempted. If the lun reset fails or cannot be
25166 		 * issued, than try a target reset. Lastly try a bus reset.
25167 		 */
25168 		if ((pkt->pkt_statistics &
25169 		    (STAT_BUS_RESET|STAT_DEV_RESET|STAT_ABORTED)) == 0) {
25170 			int reset_retval = 0;
25171 			mutex_exit(SD_MUTEX(un));
25172 			if (un->un_f_allow_bus_device_reset == TRUE) {
25173 				if (un->un_f_lun_reset_enabled == TRUE) {
25174 					reset_retval =
25175 					    scsi_reset(SD_ADDRESS(un),
25176 					    RESET_LUN);
25177 				}
25178 				if (reset_retval == 0) {
25179 					reset_retval =
25180 					    scsi_reset(SD_ADDRESS(un),
25181 					    RESET_TARGET);
25182 				}
25183 			}
25184 			if (reset_retval == 0) {
25185 				(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
25186 			}
25187 			mutex_enter(SD_MUTEX(un));
25188 		}
25189 		break;
25190 	}
25191 
25192 	/* A device/bus reset has occurred; update the reservation status. */
25193 	if ((pkt->pkt_reason == CMD_RESET) || (pkt->pkt_statistics &
25194 	    (STAT_BUS_RESET | STAT_DEV_RESET))) {
25195 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25196 			un->un_resvd_status |=
25197 			    (SD_LOST_RESERVE | SD_WANT_RESERVE);
25198 			SD_INFO(SD_LOG_IOCTL_MHD, un,
25199 			    "sd_mhd_watch_incomplete: Lost Reservation\n");
25200 		}
25201 	}
25202 
25203 	/*
25204 	 * The disk has been turned off; Update the device state.
25205 	 *
25206 	 * Note: Should we be offlining the disk here?
25207 	 */
25208 	if (pkt->pkt_state == STATE_GOT_BUS) {
25209 		SD_INFO(SD_LOG_IOCTL_MHD, un, "sd_mhd_watch_incomplete: "
25210 		    "Disk not responding to selection\n");
25211 		if (un->un_state != SD_STATE_OFFLINE) {
25212 			New_state(un, SD_STATE_OFFLINE);
25213 		}
25214 	} else if (be_chatty) {
25215 		/*
25216 		 * suppress messages if they are all the same pkt reason;
25217 		 * with TQ, many (up to 256) are returned with the same
25218 		 * pkt_reason
25219 		 */
25220 		if (pkt->pkt_reason != un->un_last_pkt_reason) {
25221 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
25222 			    "sd_mhd_watch_incomplete: "
25223 			    "SCSI transport failed: reason '%s'\n",
25224 			    scsi_rname(pkt->pkt_reason));
25225 		}
25226 	}
25227 	un->un_last_pkt_reason = pkt->pkt_reason;
25228 	mutex_exit(SD_MUTEX(un));
25229 }
25230 
25231 
25232 /*
25233  *    Function: sd_sname()
25234  *
25235  * Description: This is a simple little routine to return a string containing
25236  *		a printable description of command status byte for use in
25237  *		logging.
25238  *
25239  *   Arguments: status - pointer to a status byte
25240  *
25241  * Return Code: char * - string containing status description.
25242  */
25243 
25244 static char *
25245 sd_sname(uchar_t status)
25246 {
25247 	switch (status & STATUS_MASK) {
25248 	case STATUS_GOOD:
25249 		return ("good status");
25250 	case STATUS_CHECK:
25251 		return ("check condition");
25252 	case STATUS_MET:
25253 		return ("condition met");
25254 	case STATUS_BUSY:
25255 		return ("busy");
25256 	case STATUS_INTERMEDIATE:
25257 		return ("intermediate");
25258 	case STATUS_INTERMEDIATE_MET:
25259 		return ("intermediate - condition met");
25260 	case STATUS_RESERVATION_CONFLICT:
25261 		return ("reservation_conflict");
25262 	case STATUS_TERMINATED:
25263 		return ("command terminated");
25264 	case STATUS_QFULL:
25265 		return ("queue full");
25266 	default:
25267 		return ("<unknown status>");
25268 	}
25269 }
25270 
25271 
25272 /*
25273  *    Function: sd_mhd_resvd_recover()
25274  *
25275  * Description: This function adds a reservation entry to the
25276  *		sd_resv_reclaim_request list and signals the reservation
25277  *		reclaim thread that there is work pending. If the reservation
25278  *		reclaim thread has not been previously created this function
25279  *		will kick it off.
25280  *
25281  *   Arguments: arg -   the device 'dev_t' is used for context to discriminate
25282  *			among multiple watches that share this callback function
25283  *
25284  *     Context: This routine is called by timeout() and is run in interrupt
25285  *		context. It must not sleep or call other functions which may
25286  *		sleep.
25287  */
25288 
25289 static void
25290 sd_mhd_resvd_recover(void *arg)
25291 {
25292 	dev_t			dev = (dev_t)arg;
25293 	struct sd_lun		*un;
25294 	struct sd_thr_request	*sd_treq = NULL;
25295 	struct sd_thr_request	*sd_cur = NULL;
25296 	struct sd_thr_request	*sd_prev = NULL;
25297 	int			already_there = 0;
25298 
25299 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25300 		return;
25301 	}
25302 
25303 	mutex_enter(SD_MUTEX(un));
25304 	un->un_resvd_timeid = NULL;
25305 	if (un->un_resvd_status & SD_WANT_RESERVE) {
25306 		/*
25307 		 * There was a reset so don't issue the reserve, allow the
25308 		 * sd_mhd_watch_cb callback function to notice this and
25309 		 * reschedule the timeout for reservation.
25310 		 */
25311 		mutex_exit(SD_MUTEX(un));
25312 		return;
25313 	}
25314 	mutex_exit(SD_MUTEX(un));
25315 
25316 	/*
25317 	 * Add this device to the sd_resv_reclaim_request list and the
25318 	 * sd_resv_reclaim_thread should take care of the rest.
25319 	 *
25320 	 * Note: We can't sleep in this context so if the memory allocation
25321 	 * fails allow the sd_mhd_watch_cb callback function to notice this and
25322 	 * reschedule the timeout for reservation.  (4378460)
25323 	 */
25324 	sd_treq = (struct sd_thr_request *)
25325 	    kmem_zalloc(sizeof (struct sd_thr_request), KM_NOSLEEP);
25326 	if (sd_treq == NULL) {
25327 		return;
25328 	}
25329 
25330 	sd_treq->sd_thr_req_next = NULL;
25331 	sd_treq->dev = dev;
25332 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25333 	if (sd_tr.srq_thr_req_head == NULL) {
25334 		sd_tr.srq_thr_req_head = sd_treq;
25335 	} else {
25336 		sd_cur = sd_prev = sd_tr.srq_thr_req_head;
25337 		for (; sd_cur != NULL; sd_cur = sd_cur->sd_thr_req_next) {
25338 			if (sd_cur->dev == dev) {
25339 				/*
25340 				 * already in Queue so don't log
25341 				 * another request for the device
25342 				 */
25343 				already_there = 1;
25344 				break;
25345 			}
25346 			sd_prev = sd_cur;
25347 		}
25348 		if (!already_there) {
25349 			SD_INFO(SD_LOG_IOCTL_MHD, un, "sd_mhd_resvd_recover: "
25350 			    "logging request for %lx\n", dev);
25351 			sd_prev->sd_thr_req_next = sd_treq;
25352 		} else {
25353 			kmem_free(sd_treq, sizeof (struct sd_thr_request));
25354 		}
25355 	}
25356 
25357 	/*
25358 	 * Create a kernel thread to do the reservation reclaim and free up this
25359 	 * thread. We cannot block this thread while we go away to do the
25360 	 * reservation reclaim
25361 	 */
25362 	if (sd_tr.srq_resv_reclaim_thread == NULL)
25363 		sd_tr.srq_resv_reclaim_thread = thread_create(NULL, 0,
25364 		    sd_resv_reclaim_thread, NULL,
25365 		    0, &p0, TS_RUN, v.v_maxsyspri - 2);
25366 
25367 	/* Tell the reservation reclaim thread that it has work to do */
25368 	cv_signal(&sd_tr.srq_resv_reclaim_cv);
25369 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25370 }
25371 
25372 /*
25373  *    Function: sd_resv_reclaim_thread()
25374  *
25375  * Description: This function implements the reservation reclaim operations
25376  *
25377  *   Arguments: arg - the device 'dev_t' is used for context to discriminate
25378  *		      among multiple watches that share this callback function
25379  */
25380 
25381 static void
25382 sd_resv_reclaim_thread()
25383 {
25384 	struct sd_lun		*un;
25385 	struct sd_thr_request	*sd_mhreq;
25386 
25387 	/* Wait for work */
25388 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25389 	if (sd_tr.srq_thr_req_head == NULL) {
25390 		cv_wait(&sd_tr.srq_resv_reclaim_cv,
25391 		    &sd_tr.srq_resv_reclaim_mutex);
25392 	}
25393 
25394 	/* Loop while we have work */
25395 	while ((sd_tr.srq_thr_cur_req = sd_tr.srq_thr_req_head) != NULL) {
25396 		un = ddi_get_soft_state(sd_state,
25397 		    SDUNIT(sd_tr.srq_thr_cur_req->dev));
25398 		if (un == NULL) {
25399 			/*
25400 			 * softstate structure is NULL so just
25401 			 * dequeue the request and continue
25402 			 */
25403 			sd_tr.srq_thr_req_head =
25404 			    sd_tr.srq_thr_cur_req->sd_thr_req_next;
25405 			kmem_free(sd_tr.srq_thr_cur_req,
25406 			    sizeof (struct sd_thr_request));
25407 			continue;
25408 		}
25409 
25410 		/* dequeue the request */
25411 		sd_mhreq = sd_tr.srq_thr_cur_req;
25412 		sd_tr.srq_thr_req_head =
25413 		    sd_tr.srq_thr_cur_req->sd_thr_req_next;
25414 		mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25415 
25416 		/*
25417 		 * Reclaim reservation only if SD_RESERVE is still set. There
25418 		 * may have been a call to MHIOCRELEASE before we got here.
25419 		 */
25420 		mutex_enter(SD_MUTEX(un));
25421 		if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25422 			/*
25423 			 * Note: The SD_LOST_RESERVE flag is cleared before
25424 			 * reclaiming the reservation. If this is done after the
25425 			 * call to sd_reserve_release a reservation loss in the
25426 			 * window between pkt completion of reserve cmd and
25427 			 * mutex_enter below may not be recognized
25428 			 */
25429 			un->un_resvd_status &= ~SD_LOST_RESERVE;
25430 			mutex_exit(SD_MUTEX(un));
25431 
25432 			if (sd_reserve_release(sd_mhreq->dev,
25433 			    SD_RESERVE) == 0) {
25434 				mutex_enter(SD_MUTEX(un));
25435 				un->un_resvd_status |= SD_RESERVE;
25436 				mutex_exit(SD_MUTEX(un));
25437 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25438 				    "sd_resv_reclaim_thread: "
25439 				    "Reservation Recovered\n");
25440 			} else {
25441 				mutex_enter(SD_MUTEX(un));
25442 				un->un_resvd_status |= SD_LOST_RESERVE;
25443 				mutex_exit(SD_MUTEX(un));
25444 				SD_INFO(SD_LOG_IOCTL_MHD, un,
25445 				    "sd_resv_reclaim_thread: Failed "
25446 				    "Reservation Recovery\n");
25447 			}
25448 		} else {
25449 			mutex_exit(SD_MUTEX(un));
25450 		}
25451 		mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25452 		ASSERT(sd_mhreq == sd_tr.srq_thr_cur_req);
25453 		kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25454 		sd_mhreq = sd_tr.srq_thr_cur_req = NULL;
25455 		/*
25456 		 * wakeup the destroy thread if anyone is waiting on
25457 		 * us to complete.
25458 		 */
25459 		cv_signal(&sd_tr.srq_inprocess_cv);
25460 		SD_TRACE(SD_LOG_IOCTL_MHD, un,
25461 		    "sd_resv_reclaim_thread: cv_signalling current request \n");
25462 	}
25463 
25464 	/*
25465 	 * cleanup the sd_tr structure now that this thread will not exist
25466 	 */
25467 	ASSERT(sd_tr.srq_thr_req_head == NULL);
25468 	ASSERT(sd_tr.srq_thr_cur_req == NULL);
25469 	sd_tr.srq_resv_reclaim_thread = NULL;
25470 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25471 	thread_exit();
25472 }
25473 
25474 
25475 /*
25476  *    Function: sd_rmv_resv_reclaim_req()
25477  *
25478  * Description: This function removes any pending reservation reclaim requests
25479  *		for the specified device.
25480  *
25481  *   Arguments: dev - the device 'dev_t'
25482  */
25483 
25484 static void
25485 sd_rmv_resv_reclaim_req(dev_t dev)
25486 {
25487 	struct sd_thr_request *sd_mhreq;
25488 	struct sd_thr_request *sd_prev;
25489 
25490 	/* Remove a reservation reclaim request from the list */
25491 	mutex_enter(&sd_tr.srq_resv_reclaim_mutex);
25492 	if (sd_tr.srq_thr_cur_req && sd_tr.srq_thr_cur_req->dev == dev) {
25493 		/*
25494 		 * We are attempting to reinstate reservation for
25495 		 * this device. We wait for sd_reserve_release()
25496 		 * to return before we return.
25497 		 */
25498 		cv_wait(&sd_tr.srq_inprocess_cv,
25499 		    &sd_tr.srq_resv_reclaim_mutex);
25500 	} else {
25501 		sd_prev = sd_mhreq = sd_tr.srq_thr_req_head;
25502 		if (sd_mhreq && sd_mhreq->dev == dev) {
25503 			sd_tr.srq_thr_req_head = sd_mhreq->sd_thr_req_next;
25504 			kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25505 			mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25506 			return;
25507 		}
25508 		for (; sd_mhreq != NULL; sd_mhreq = sd_mhreq->sd_thr_req_next) {
25509 			if (sd_mhreq && sd_mhreq->dev == dev) {
25510 				break;
25511 			}
25512 			sd_prev = sd_mhreq;
25513 		}
25514 		if (sd_mhreq != NULL) {
25515 			sd_prev->sd_thr_req_next = sd_mhreq->sd_thr_req_next;
25516 			kmem_free(sd_mhreq, sizeof (struct sd_thr_request));
25517 		}
25518 	}
25519 	mutex_exit(&sd_tr.srq_resv_reclaim_mutex);
25520 }
25521 
25522 
25523 /*
25524  *    Function: sd_mhd_reset_notify_cb()
25525  *
25526  * Description: This is a call back function for scsi_reset_notify. This
25527  *		function updates the softstate reserved status and logs the
25528  *		reset. The driver scsi watch facility callback function
25529  *		(sd_mhd_watch_cb) and reservation reclaim thread functionality
25530  *		will reclaim the reservation.
25531  *
25532  *   Arguments: arg  - driver soft state (unit) structure
25533  */
25534 
25535 static void
25536 sd_mhd_reset_notify_cb(caddr_t arg)
25537 {
25538 	struct sd_lun *un = (struct sd_lun *)arg;
25539 
25540 	mutex_enter(SD_MUTEX(un));
25541 	if ((un->un_resvd_status & SD_RESERVE) == SD_RESERVE) {
25542 		un->un_resvd_status |= (SD_LOST_RESERVE | SD_WANT_RESERVE);
25543 		SD_INFO(SD_LOG_IOCTL_MHD, un,
25544 		    "sd_mhd_reset_notify_cb: Lost Reservation\n");
25545 	}
25546 	mutex_exit(SD_MUTEX(un));
25547 }
25548 
25549 
25550 /*
25551  *    Function: sd_take_ownership()
25552  *
25553  * Description: This routine implements an algorithm to achieve a stable
25554  *		reservation on disks which don't implement priority reserve,
25555  *		and makes sure that other host lose re-reservation attempts.
25556  *		This algorithm contains of a loop that keeps issuing the RESERVE
25557  *		for some period of time (min_ownership_delay, default 6 seconds)
25558  *		During that loop, it looks to see if there has been a bus device
25559  *		reset or bus reset (both of which cause an existing reservation
25560  *		to be lost). If the reservation is lost issue RESERVE until a
25561  *		period of min_ownership_delay with no resets has gone by, or
25562  *		until max_ownership_delay has expired. This loop ensures that
25563  *		the host really did manage to reserve the device, in spite of
25564  *		resets. The looping for min_ownership_delay (default six
25565  *		seconds) is important to early generation clustering products,
25566  *		Solstice HA 1.x and Sun Cluster 2.x. Those products use an
25567  *		MHIOCENFAILFAST periodic timer of two seconds. By having
25568  *		MHIOCTKOWN issue Reserves in a loop for six seconds, and having
25569  *		MHIOCENFAILFAST poll every two seconds, the idea is that by the
25570  *		time the MHIOCTKOWN ioctl returns, the other host (if any) will
25571  *		have already noticed, via the MHIOCENFAILFAST polling, that it
25572  *		no longer "owns" the disk and will have panicked itself.  Thus,
25573  *		the host issuing the MHIOCTKOWN is assured (with timing
25574  *		dependencies) that by the time it actually starts to use the
25575  *		disk for real work, the old owner is no longer accessing it.
25576  *
25577  *		min_ownership_delay is the minimum amount of time for which the
25578  *		disk must be reserved continuously devoid of resets before the
25579  *		MHIOCTKOWN ioctl will return success.
25580  *
25581  *		max_ownership_delay indicates the amount of time by which the
25582  *		take ownership should succeed or timeout with an error.
25583  *
25584  *   Arguments: dev - the device 'dev_t'
25585  *		*p  - struct containing timing info.
25586  *
25587  * Return Code: 0 for success or error code
25588  */
25589 
25590 static int
25591 sd_take_ownership(dev_t dev, struct mhioctkown *p)
25592 {
25593 	struct sd_lun	*un;
25594 	int		rval;
25595 	int		err;
25596 	int		reservation_count   = 0;
25597 	int		min_ownership_delay =  6000000; /* in usec */
25598 	int		max_ownership_delay = 30000000; /* in usec */
25599 	clock_t		start_time;	/* starting time of this algorithm */
25600 	clock_t		end_time;	/* time limit for giving up */
25601 	clock_t		ownership_time;	/* time limit for stable ownership */
25602 	clock_t		current_time;
25603 	clock_t		previous_current_time;
25604 
25605 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25606 		return (ENXIO);
25607 	}
25608 
25609 	/*
25610 	 * Attempt a device reservation. A priority reservation is requested.
25611 	 */
25612 	if ((rval = sd_reserve_release(dev, SD_PRIORITY_RESERVE))
25613 	    != SD_SUCCESS) {
25614 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
25615 		    "sd_take_ownership: return(1)=%d\n", rval);
25616 		return (rval);
25617 	}
25618 
25619 	/* Update the softstate reserved status to indicate the reservation */
25620 	mutex_enter(SD_MUTEX(un));
25621 	un->un_resvd_status |= SD_RESERVE;
25622 	un->un_resvd_status &=
25623 	    ~(SD_LOST_RESERVE | SD_WANT_RESERVE | SD_RESERVATION_CONFLICT);
25624 	mutex_exit(SD_MUTEX(un));
25625 
25626 	if (p != NULL) {
25627 		if (p->min_ownership_delay != 0) {
25628 			min_ownership_delay = p->min_ownership_delay * 1000;
25629 		}
25630 		if (p->max_ownership_delay != 0) {
25631 			max_ownership_delay = p->max_ownership_delay * 1000;
25632 		}
25633 	}
25634 	SD_INFO(SD_LOG_IOCTL_MHD, un,
25635 	    "sd_take_ownership: min, max delays: %d, %d\n",
25636 	    min_ownership_delay, max_ownership_delay);
25637 
25638 	start_time = ddi_get_lbolt();
25639 	current_time	= start_time;
25640 	ownership_time	= current_time + drv_usectohz(min_ownership_delay);
25641 	end_time	= start_time + drv_usectohz(max_ownership_delay);
25642 
25643 	while (current_time - end_time < 0) {
25644 		delay(drv_usectohz(500000));
25645 
25646 		if ((err = sd_reserve_release(dev, SD_RESERVE)) != 0) {
25647 			if ((sd_reserve_release(dev, SD_RESERVE)) != 0) {
25648 				mutex_enter(SD_MUTEX(un));
25649 				rval = (un->un_resvd_status &
25650 				    SD_RESERVATION_CONFLICT) ? EACCES : EIO;
25651 				mutex_exit(SD_MUTEX(un));
25652 				break;
25653 			}
25654 		}
25655 		previous_current_time = current_time;
25656 		current_time = ddi_get_lbolt();
25657 		mutex_enter(SD_MUTEX(un));
25658 		if (err || (un->un_resvd_status & SD_LOST_RESERVE)) {
25659 			ownership_time = ddi_get_lbolt() +
25660 			    drv_usectohz(min_ownership_delay);
25661 			reservation_count = 0;
25662 		} else {
25663 			reservation_count++;
25664 		}
25665 		un->un_resvd_status |= SD_RESERVE;
25666 		un->un_resvd_status &= ~(SD_LOST_RESERVE | SD_WANT_RESERVE);
25667 		mutex_exit(SD_MUTEX(un));
25668 
25669 		SD_INFO(SD_LOG_IOCTL_MHD, un,
25670 		    "sd_take_ownership: ticks for loop iteration=%ld, "
25671 		    "reservation=%s\n", (current_time - previous_current_time),
25672 		    reservation_count ? "ok" : "reclaimed");
25673 
25674 		if (current_time - ownership_time >= 0 &&
25675 		    reservation_count >= 4) {
25676 			rval = 0; /* Achieved a stable ownership */
25677 			break;
25678 		}
25679 		if (current_time - end_time >= 0) {
25680 			rval = EACCES; /* No ownership in max possible time */
25681 			break;
25682 		}
25683 	}
25684 	SD_TRACE(SD_LOG_IOCTL_MHD, un,
25685 	    "sd_take_ownership: return(2)=%d\n", rval);
25686 	return (rval);
25687 }
25688 
25689 
25690 /*
25691  *    Function: sd_reserve_release()
25692  *
25693  * Description: This function builds and sends scsi RESERVE, RELEASE, and
25694  *		PRIORITY RESERVE commands based on a user specified command type
25695  *
25696  *   Arguments: dev - the device 'dev_t'
25697  *		cmd - user specified command type; one of SD_PRIORITY_RESERVE,
25698  *		      SD_RESERVE, SD_RELEASE
25699  *
25700  * Return Code: 0 or Error Code
25701  */
25702 
25703 static int
25704 sd_reserve_release(dev_t dev, int cmd)
25705 {
25706 	struct uscsi_cmd	*com = NULL;
25707 	struct sd_lun		*un = NULL;
25708 	char			cdb[CDB_GROUP0];
25709 	int			rval;
25710 
25711 	ASSERT((cmd == SD_RELEASE) || (cmd == SD_RESERVE) ||
25712 	    (cmd == SD_PRIORITY_RESERVE));
25713 
25714 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
25715 		return (ENXIO);
25716 	}
25717 
25718 	/* instantiate and initialize the command and cdb */
25719 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
25720 	bzero(cdb, CDB_GROUP0);
25721 	com->uscsi_flags   = USCSI_SILENT;
25722 	com->uscsi_timeout = un->un_reserve_release_time;
25723 	com->uscsi_cdblen  = CDB_GROUP0;
25724 	com->uscsi_cdb	   = cdb;
25725 	if (cmd == SD_RELEASE) {
25726 		cdb[0] = SCMD_RELEASE;
25727 	} else {
25728 		cdb[0] = SCMD_RESERVE;
25729 	}
25730 
25731 	/* Send the command. */
25732 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
25733 	    UIO_SYSSPACE, SD_PATH_STANDARD);
25734 
25735 	/*
25736 	 * "break" a reservation that is held by another host, by issuing a
25737 	 * reset if priority reserve is desired, and we could not get the
25738 	 * device.
25739 	 */
25740 	if ((cmd == SD_PRIORITY_RESERVE) &&
25741 	    (rval != 0) && (com->uscsi_status == STATUS_RESERVATION_CONFLICT)) {
25742 		/*
25743 		 * First try to reset the LUN. If we cannot, then try a target
25744 		 * reset, followed by a bus reset if the target reset fails.
25745 		 */
25746 		int reset_retval = 0;
25747 		if (un->un_f_lun_reset_enabled == TRUE) {
25748 			reset_retval = scsi_reset(SD_ADDRESS(un), RESET_LUN);
25749 		}
25750 		if (reset_retval == 0) {
25751 			/* The LUN reset either failed or was not issued */
25752 			reset_retval = scsi_reset(SD_ADDRESS(un), RESET_TARGET);
25753 		}
25754 		if ((reset_retval == 0) &&
25755 		    (scsi_reset(SD_ADDRESS(un), RESET_ALL) == 0)) {
25756 			rval = EIO;
25757 			kmem_free(com, sizeof (*com));
25758 			return (rval);
25759 		}
25760 
25761 		bzero(com, sizeof (struct uscsi_cmd));
25762 		com->uscsi_flags   = USCSI_SILENT;
25763 		com->uscsi_cdb	   = cdb;
25764 		com->uscsi_cdblen  = CDB_GROUP0;
25765 		com->uscsi_timeout = 5;
25766 
25767 		/*
25768 		 * Reissue the last reserve command, this time without request
25769 		 * sense.  Assume that it is just a regular reserve command.
25770 		 */
25771 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
25772 		    UIO_SYSSPACE, SD_PATH_STANDARD);
25773 	}
25774 
25775 	/* Return an error if still getting a reservation conflict. */
25776 	if ((rval != 0) && (com->uscsi_status == STATUS_RESERVATION_CONFLICT)) {
25777 		rval = EACCES;
25778 	}
25779 
25780 	kmem_free(com, sizeof (*com));
25781 	return (rval);
25782 }
25783 
25784 
25785 #define	SD_NDUMP_RETRIES	12
25786 /*
25787  *	System Crash Dump routine
25788  */
25789 
25790 static int
25791 sddump(dev_t dev, caddr_t addr, daddr_t blkno, int nblk)
25792 {
25793 	int		instance;
25794 	int		partition;
25795 	int		i;
25796 	int		err;
25797 	struct sd_lun	*un;
25798 	struct dk_map	*lp;
25799 	struct scsi_pkt *wr_pktp;
25800 	struct buf	*wr_bp;
25801 	struct buf	wr_buf;
25802 	daddr_t		tgt_byte_offset; /* rmw - byte offset for target */
25803 	daddr_t		tgt_blkno;	/* rmw - blkno for target */
25804 	size_t		tgt_byte_count; /* rmw -  # of bytes to xfer */
25805 	size_t		tgt_nblk; /* rmw -  # of tgt blks to xfer */
25806 	size_t		io_start_offset;
25807 	int		doing_rmw = FALSE;
25808 	int		rval;
25809 #if defined(__i386) || defined(__amd64)
25810 	ssize_t dma_resid;
25811 	daddr_t oblkno;
25812 #endif
25813 
25814 	instance = SDUNIT(dev);
25815 	if (((un = ddi_get_soft_state(sd_state, instance)) == NULL) ||
25816 	    (!un->un_f_geometry_is_valid) || ISCD(un)) {
25817 		return (ENXIO);
25818 	}
25819 
25820 	_NOTE(NOW_INVISIBLE_TO_OTHER_THREADS(*un))
25821 
25822 	SD_TRACE(SD_LOG_DUMP, un, "sddump: entry\n");
25823 
25824 	partition = SDPART(dev);
25825 	SD_INFO(SD_LOG_DUMP, un, "sddump: partition = %d\n", partition);
25826 
25827 	/* Validate blocks to dump at against partition size. */
25828 	lp = &un->un_map[partition];
25829 	if ((blkno + nblk) > lp->dkl_nblk) {
25830 		SD_TRACE(SD_LOG_DUMP, un,
25831 		    "sddump: dump range larger than partition: "
25832 		    "blkno = 0x%x, nblk = 0x%x, dkl_nblk = 0x%x\n",
25833 		    blkno, nblk, lp->dkl_nblk);
25834 		return (EINVAL);
25835 	}
25836 
25837 	mutex_enter(&un->un_pm_mutex);
25838 	if (SD_DEVICE_IS_IN_LOW_POWER(un)) {
25839 		struct scsi_pkt *start_pktp;
25840 
25841 		mutex_exit(&un->un_pm_mutex);
25842 
25843 		/*
25844 		 * use pm framework to power on HBA 1st
25845 		 */
25846 		(void) pm_raise_power(SD_DEVINFO(un), 0, SD_SPINDLE_ON);
25847 
25848 		/*
25849 		 * Dump no long uses sdpower to power on a device, it's
25850 		 * in-line here so it can be done in polled mode.
25851 		 */
25852 
25853 		SD_INFO(SD_LOG_DUMP, un, "sddump: starting device\n");
25854 
25855 		start_pktp = scsi_init_pkt(SD_ADDRESS(un), NULL, NULL,
25856 		    CDB_GROUP0, un->un_status_len, 0, 0, NULL_FUNC, NULL);
25857 
25858 		if (start_pktp == NULL) {
25859 			/* We were not given a SCSI packet, fail. */
25860 			return (EIO);
25861 		}
25862 		bzero(start_pktp->pkt_cdbp, CDB_GROUP0);
25863 		start_pktp->pkt_cdbp[0] = SCMD_START_STOP;
25864 		start_pktp->pkt_cdbp[4] = SD_TARGET_START;
25865 		start_pktp->pkt_flags = FLAG_NOINTR;
25866 
25867 		mutex_enter(SD_MUTEX(un));
25868 		SD_FILL_SCSI1_LUN(un, start_pktp);
25869 		mutex_exit(SD_MUTEX(un));
25870 		/*
25871 		 * Scsi_poll returns 0 (success) if the command completes and
25872 		 * the status block is STATUS_GOOD.
25873 		 */
25874 		if (sd_scsi_poll(un, start_pktp) != 0) {
25875 			scsi_destroy_pkt(start_pktp);
25876 			return (EIO);
25877 		}
25878 		scsi_destroy_pkt(start_pktp);
25879 		(void) sd_ddi_pm_resume(un);
25880 	} else {
25881 		mutex_exit(&un->un_pm_mutex);
25882 	}
25883 
25884 	mutex_enter(SD_MUTEX(un));
25885 	un->un_throttle = 0;
25886 
25887 	/*
25888 	 * The first time through, reset the specific target device.
25889 	 * However, when cpr calls sddump we know that sd is in a
25890 	 * a good state so no bus reset is required.
25891 	 * Clear sense data via Request Sense cmd.
25892 	 * In sddump we don't care about allow_bus_device_reset anymore
25893 	 */
25894 
25895 	if ((un->un_state != SD_STATE_SUSPENDED) &&
25896 	    (un->un_state != SD_STATE_DUMPING)) {
25897 
25898 		New_state(un, SD_STATE_DUMPING);
25899 
25900 		if (un->un_f_is_fibre == FALSE) {
25901 			mutex_exit(SD_MUTEX(un));
25902 			/*
25903 			 * Attempt a bus reset for parallel scsi.
25904 			 *
25905 			 * Note: A bus reset is required because on some host
25906 			 * systems (i.e. E420R) a bus device reset is
25907 			 * insufficient to reset the state of the target.
25908 			 *
25909 			 * Note: Don't issue the reset for fibre-channel,
25910 			 * because this tends to hang the bus (loop) for
25911 			 * too long while everyone is logging out and in
25912 			 * and the deadman timer for dumping will fire
25913 			 * before the dump is complete.
25914 			 */
25915 			if (scsi_reset(SD_ADDRESS(un), RESET_ALL) == 0) {
25916 				mutex_enter(SD_MUTEX(un));
25917 				Restore_state(un);
25918 				mutex_exit(SD_MUTEX(un));
25919 				return (EIO);
25920 			}
25921 
25922 			/* Delay to give the device some recovery time. */
25923 			drv_usecwait(10000);
25924 
25925 			if (sd_send_polled_RQS(un) == SD_FAILURE) {
25926 				SD_INFO(SD_LOG_DUMP, un,
25927 					"sddump: sd_send_polled_RQS failed\n");
25928 			}
25929 			mutex_enter(SD_MUTEX(un));
25930 		}
25931 	}
25932 
25933 	/*
25934 	 * Convert the partition-relative block number to a
25935 	 * disk physical block number.
25936 	 */
25937 	blkno += un->un_offset[partition];
25938 	SD_INFO(SD_LOG_DUMP, un, "sddump: disk blkno = 0x%x\n", blkno);
25939 
25940 
25941 	/*
25942 	 * Check if the device has a non-512 block size.
25943 	 */
25944 	wr_bp = NULL;
25945 	if (NOT_DEVBSIZE(un)) {
25946 		tgt_byte_offset = blkno * un->un_sys_blocksize;
25947 		tgt_byte_count = nblk * un->un_sys_blocksize;
25948 		if ((tgt_byte_offset % un->un_tgt_blocksize) ||
25949 		    (tgt_byte_count % un->un_tgt_blocksize)) {
25950 			doing_rmw = TRUE;
25951 			/*
25952 			 * Calculate the block number and number of block
25953 			 * in terms of the media block size.
25954 			 */
25955 			tgt_blkno = tgt_byte_offset / un->un_tgt_blocksize;
25956 			tgt_nblk =
25957 			    ((tgt_byte_offset + tgt_byte_count +
25958 				(un->un_tgt_blocksize - 1)) /
25959 				un->un_tgt_blocksize) - tgt_blkno;
25960 
25961 			/*
25962 			 * Invoke the routine which is going to do read part
25963 			 * of read-modify-write.
25964 			 * Note that this routine returns a pointer to
25965 			 * a valid bp in wr_bp.
25966 			 */
25967 			err = sddump_do_read_of_rmw(un, tgt_blkno, tgt_nblk,
25968 			    &wr_bp);
25969 			if (err) {
25970 				mutex_exit(SD_MUTEX(un));
25971 				return (err);
25972 			}
25973 			/*
25974 			 * Offset is being calculated as -
25975 			 * (original block # * system block size) -
25976 			 * (new block # * target block size)
25977 			 */
25978 			io_start_offset =
25979 			    ((uint64_t)(blkno * un->un_sys_blocksize)) -
25980 			    ((uint64_t)(tgt_blkno * un->un_tgt_blocksize));
25981 
25982 			ASSERT((io_start_offset >= 0) &&
25983 			    (io_start_offset < un->un_tgt_blocksize));
25984 			/*
25985 			 * Do the modify portion of read modify write.
25986 			 */
25987 			bcopy(addr, &wr_bp->b_un.b_addr[io_start_offset],
25988 			    (size_t)nblk * un->un_sys_blocksize);
25989 		} else {
25990 			doing_rmw = FALSE;
25991 			tgt_blkno = tgt_byte_offset / un->un_tgt_blocksize;
25992 			tgt_nblk = tgt_byte_count / un->un_tgt_blocksize;
25993 		}
25994 
25995 		/* Convert blkno and nblk to target blocks */
25996 		blkno = tgt_blkno;
25997 		nblk = tgt_nblk;
25998 	} else {
25999 		wr_bp = &wr_buf;
26000 		bzero(wr_bp, sizeof (struct buf));
26001 		wr_bp->b_flags		= B_BUSY;
26002 		wr_bp->b_un.b_addr	= addr;
26003 		wr_bp->b_bcount		= nblk << DEV_BSHIFT;
26004 		wr_bp->b_resid		= 0;
26005 	}
26006 
26007 	mutex_exit(SD_MUTEX(un));
26008 
26009 	/*
26010 	 * Obtain a SCSI packet for the write command.
26011 	 * It should be safe to call the allocator here without
26012 	 * worrying about being locked for DVMA mapping because
26013 	 * the address we're passed is already a DVMA mapping
26014 	 *
26015 	 * We are also not going to worry about semaphore ownership
26016 	 * in the dump buffer. Dumping is single threaded at present.
26017 	 */
26018 
26019 	wr_pktp = NULL;
26020 
26021 #if defined(__i386) || defined(__amd64)
26022 	dma_resid = wr_bp->b_bcount;
26023 	oblkno = blkno;
26024 	while (dma_resid != 0) {
26025 #endif
26026 
26027 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
26028 		wr_bp->b_flags &= ~B_ERROR;
26029 
26030 #if defined(__i386) || defined(__amd64)
26031 		blkno = oblkno +
26032 			((wr_bp->b_bcount - dma_resid) /
26033 			    un->un_tgt_blocksize);
26034 		nblk = dma_resid / un->un_tgt_blocksize;
26035 
26036 		if (wr_pktp) {
26037 			/* Partial DMA transfers after initial transfer */
26038 			rval = sd_setup_next_rw_pkt(un, wr_pktp, wr_bp,
26039 			    blkno, nblk);
26040 		} else {
26041 			/* Initial transfer */
26042 			rval = sd_setup_rw_pkt(un, &wr_pktp, wr_bp,
26043 			    un->un_pkt_flags, NULL_FUNC, NULL,
26044 			    blkno, nblk);
26045 		}
26046 #else
26047 		rval = sd_setup_rw_pkt(un, &wr_pktp, wr_bp,
26048 		    0, NULL_FUNC, NULL, blkno, nblk);
26049 #endif
26050 
26051 		if (rval == 0) {
26052 			/* We were given a SCSI packet, continue. */
26053 			break;
26054 		}
26055 
26056 		if (i == 0) {
26057 			if (wr_bp->b_flags & B_ERROR) {
26058 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26059 				    "no resources for dumping; "
26060 				    "error code: 0x%x, retrying",
26061 				    geterror(wr_bp));
26062 			} else {
26063 				scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26064 				    "no resources for dumping; retrying");
26065 			}
26066 		} else if (i != (SD_NDUMP_RETRIES - 1)) {
26067 			if (wr_bp->b_flags & B_ERROR) {
26068 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26069 				    "no resources for dumping; error code: "
26070 				    "0x%x, retrying\n", geterror(wr_bp));
26071 			}
26072 		} else {
26073 			if (wr_bp->b_flags & B_ERROR) {
26074 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26075 				    "no resources for dumping; "
26076 				    "error code: 0x%x, retries failed, "
26077 				    "giving up.\n", geterror(wr_bp));
26078 			} else {
26079 				scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26080 				    "no resources for dumping; "
26081 				    "retries failed, giving up.\n");
26082 			}
26083 			mutex_enter(SD_MUTEX(un));
26084 			Restore_state(un);
26085 			if (NOT_DEVBSIZE(un) && (doing_rmw == TRUE)) {
26086 				mutex_exit(SD_MUTEX(un));
26087 				scsi_free_consistent_buf(wr_bp);
26088 			} else {
26089 				mutex_exit(SD_MUTEX(un));
26090 			}
26091 			return (EIO);
26092 		}
26093 		drv_usecwait(10000);
26094 	}
26095 
26096 #if defined(__i386) || defined(__amd64)
26097 	/*
26098 	 * save the resid from PARTIAL_DMA
26099 	 */
26100 	dma_resid = wr_pktp->pkt_resid;
26101 	if (dma_resid != 0)
26102 		nblk -= SD_BYTES2TGTBLOCKS(un, dma_resid);
26103 	wr_pktp->pkt_resid = 0;
26104 #endif
26105 
26106 	/* SunBug 1222170 */
26107 	wr_pktp->pkt_flags = FLAG_NOINTR;
26108 
26109 	err = EIO;
26110 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
26111 
26112 		/*
26113 		 * Scsi_poll returns 0 (success) if the command completes and
26114 		 * the status block is STATUS_GOOD.  We should only check
26115 		 * errors if this condition is not true.  Even then we should
26116 		 * send our own request sense packet only if we have a check
26117 		 * condition and auto request sense has not been performed by
26118 		 * the hba.
26119 		 */
26120 		SD_TRACE(SD_LOG_DUMP, un, "sddump: sending write\n");
26121 
26122 		if ((sd_scsi_poll(un, wr_pktp) == 0) &&
26123 		    (wr_pktp->pkt_resid == 0)) {
26124 			err = SD_SUCCESS;
26125 			break;
26126 		}
26127 
26128 		/*
26129 		 * Check CMD_DEV_GONE 1st, give up if device is gone.
26130 		 */
26131 		if (wr_pktp->pkt_reason == CMD_DEV_GONE) {
26132 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
26133 			    "Device is gone\n");
26134 			break;
26135 		}
26136 
26137 		if (SD_GET_PKT_STATUS(wr_pktp) == STATUS_CHECK) {
26138 			SD_INFO(SD_LOG_DUMP, un,
26139 			    "sddump: write failed with CHECK, try # %d\n", i);
26140 			if (((wr_pktp->pkt_state & STATE_ARQ_DONE) == 0)) {
26141 				(void) sd_send_polled_RQS(un);
26142 			}
26143 
26144 			continue;
26145 		}
26146 
26147 		if (SD_GET_PKT_STATUS(wr_pktp) == STATUS_BUSY) {
26148 			int reset_retval = 0;
26149 
26150 			SD_INFO(SD_LOG_DUMP, un,
26151 			    "sddump: write failed with BUSY, try # %d\n", i);
26152 
26153 			if (un->un_f_lun_reset_enabled == TRUE) {
26154 				reset_retval = scsi_reset(SD_ADDRESS(un),
26155 				    RESET_LUN);
26156 			}
26157 			if (reset_retval == 0) {
26158 				(void) scsi_reset(SD_ADDRESS(un), RESET_TARGET);
26159 			}
26160 			(void) sd_send_polled_RQS(un);
26161 
26162 		} else {
26163 			SD_INFO(SD_LOG_DUMP, un,
26164 			    "sddump: write failed with 0x%x, try # %d\n",
26165 			    SD_GET_PKT_STATUS(wr_pktp), i);
26166 			mutex_enter(SD_MUTEX(un));
26167 			sd_reset_target(un, wr_pktp);
26168 			mutex_exit(SD_MUTEX(un));
26169 		}
26170 
26171 		/*
26172 		 * If we are not getting anywhere with lun/target resets,
26173 		 * let's reset the bus.
26174 		 */
26175 		if (i == SD_NDUMP_RETRIES/2) {
26176 			(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
26177 			(void) sd_send_polled_RQS(un);
26178 		}
26179 
26180 	}
26181 #if defined(__i386) || defined(__amd64)
26182 	}	/* dma_resid */
26183 #endif
26184 
26185 	scsi_destroy_pkt(wr_pktp);
26186 	mutex_enter(SD_MUTEX(un));
26187 	if ((NOT_DEVBSIZE(un)) && (doing_rmw == TRUE)) {
26188 		mutex_exit(SD_MUTEX(un));
26189 		scsi_free_consistent_buf(wr_bp);
26190 	} else {
26191 		mutex_exit(SD_MUTEX(un));
26192 	}
26193 	SD_TRACE(SD_LOG_DUMP, un, "sddump: exit: err = %d\n", err);
26194 	return (err);
26195 }
26196 
26197 /*
26198  *    Function: sd_scsi_poll()
26199  *
26200  * Description: This is a wrapper for the scsi_poll call.
26201  *
26202  *   Arguments: sd_lun - The unit structure
26203  *              scsi_pkt - The scsi packet being sent to the device.
26204  *
26205  * Return Code: 0 - Command completed successfully with good status
26206  *             -1 - Command failed.  This could indicate a check condition
26207  *                  or other status value requiring recovery action.
26208  *
26209  */
26210 
26211 static int
26212 sd_scsi_poll(struct sd_lun *un, struct scsi_pkt *pktp)
26213 {
26214 	int status;
26215 
26216 	ASSERT(un != NULL);
26217 	ASSERT(!mutex_owned(SD_MUTEX(un)));
26218 	ASSERT(pktp != NULL);
26219 
26220 	status = SD_SUCCESS;
26221 
26222 	if (scsi_ifgetcap(&pktp->pkt_address, "tagged-qing", 1) == 1) {
26223 		pktp->pkt_flags |= un->un_tagflags;
26224 		pktp->pkt_flags &= ~FLAG_NODISCON;
26225 	}
26226 
26227 	status = sd_ddi_scsi_poll(pktp);
26228 	/*
26229 	 * Scsi_poll returns 0 (success) if the command completes and the
26230 	 * status block is STATUS_GOOD.  We should only check errors if this
26231 	 * condition is not true.  Even then we should send our own request
26232 	 * sense packet only if we have a check condition and auto
26233 	 * request sense has not been performed by the hba.
26234 	 * Don't get RQS data if pkt_reason is CMD_DEV_GONE.
26235 	 */
26236 	if ((status != SD_SUCCESS) &&
26237 	    (SD_GET_PKT_STATUS(pktp) == STATUS_CHECK) &&
26238 	    (pktp->pkt_state & STATE_ARQ_DONE) == 0 &&
26239 	    (pktp->pkt_reason != CMD_DEV_GONE))
26240 		(void) sd_send_polled_RQS(un);
26241 
26242 	return (status);
26243 }
26244 
26245 /*
26246  *    Function: sd_send_polled_RQS()
26247  *
26248  * Description: This sends the request sense command to a device.
26249  *
26250  *   Arguments: sd_lun - The unit structure
26251  *
26252  * Return Code: 0 - Command completed successfully with good status
26253  *             -1 - Command failed.
26254  *
26255  */
26256 
26257 static int
26258 sd_send_polled_RQS(struct sd_lun *un)
26259 {
26260 	int	ret_val;
26261 	struct	scsi_pkt	*rqs_pktp;
26262 	struct	buf		*rqs_bp;
26263 
26264 	ASSERT(un != NULL);
26265 	ASSERT(!mutex_owned(SD_MUTEX(un)));
26266 
26267 	ret_val = SD_SUCCESS;
26268 
26269 	rqs_pktp = un->un_rqs_pktp;
26270 	rqs_bp	 = un->un_rqs_bp;
26271 
26272 	mutex_enter(SD_MUTEX(un));
26273 
26274 	if (un->un_sense_isbusy) {
26275 		ret_val = SD_FAILURE;
26276 		mutex_exit(SD_MUTEX(un));
26277 		return (ret_val);
26278 	}
26279 
26280 	/*
26281 	 * If the request sense buffer (and packet) is not in use,
26282 	 * let's set the un_sense_isbusy and send our packet
26283 	 */
26284 	un->un_sense_isbusy 	= 1;
26285 	rqs_pktp->pkt_resid  	= 0;
26286 	rqs_pktp->pkt_reason 	= 0;
26287 	rqs_pktp->pkt_flags |= FLAG_NOINTR;
26288 	bzero(rqs_bp->b_un.b_addr, SENSE_LENGTH);
26289 
26290 	mutex_exit(SD_MUTEX(un));
26291 
26292 	SD_INFO(SD_LOG_COMMON, un, "sd_send_polled_RQS: req sense buf at"
26293 	    " 0x%p\n", rqs_bp->b_un.b_addr);
26294 
26295 	/*
26296 	 * Can't send this to sd_scsi_poll, we wrap ourselves around the
26297 	 * axle - it has a call into us!
26298 	 */
26299 	if ((ret_val = sd_ddi_scsi_poll(rqs_pktp)) != 0) {
26300 		SD_INFO(SD_LOG_COMMON, un,
26301 		    "sd_send_polled_RQS: RQS failed\n");
26302 	}
26303 
26304 	SD_DUMP_MEMORY(un, SD_LOG_COMMON, "sd_send_polled_RQS:",
26305 	    (uchar_t *)rqs_bp->b_un.b_addr, SENSE_LENGTH, SD_LOG_HEX);
26306 
26307 	mutex_enter(SD_MUTEX(un));
26308 	un->un_sense_isbusy = 0;
26309 	mutex_exit(SD_MUTEX(un));
26310 
26311 	return (ret_val);
26312 }
26313 
26314 /*
26315  * Defines needed for localized version of the scsi_poll routine.
26316  */
26317 #define	SD_CSEC		10000			/* usecs */
26318 #define	SD_SEC_TO_CSEC	(1000000/SD_CSEC)
26319 
26320 
26321 /*
26322  *    Function: sd_ddi_scsi_poll()
26323  *
26324  * Description: Localized version of the scsi_poll routine.  The purpose is to
26325  *		send a scsi_pkt to a device as a polled command.  This version
26326  *		is to ensure more robust handling of transport errors.
26327  *		Specifically this routine cures not ready, coming ready
26328  *		transition for power up and reset of sonoma's.  This can take
26329  *		up to 45 seconds for power-on and 20 seconds for reset of a
26330  * 		sonoma lun.
26331  *
26332  *   Arguments: scsi_pkt - The scsi_pkt being sent to a device
26333  *
26334  * Return Code: 0 - Command completed successfully with good status
26335  *             -1 - Command failed.
26336  *
26337  */
26338 
26339 static int
26340 sd_ddi_scsi_poll(struct scsi_pkt *pkt)
26341 {
26342 	int busy_count;
26343 	int timeout;
26344 	int rval = SD_FAILURE;
26345 	int savef;
26346 	struct scsi_extended_sense *sensep;
26347 	long savet;
26348 	void (*savec)();
26349 	/*
26350 	 * The following is defined in machdep.c and is used in determining if
26351 	 * the scsi transport system will do polled I/O instead of interrupt
26352 	 * I/O when called from xx_dump().
26353 	 */
26354 	extern int do_polled_io;
26355 
26356 	/*
26357 	 * save old flags in pkt, to restore at end
26358 	 */
26359 	savef = pkt->pkt_flags;
26360 	savec = pkt->pkt_comp;
26361 	savet = pkt->pkt_time;
26362 
26363 	pkt->pkt_flags |= FLAG_NOINTR;
26364 
26365 	/*
26366 	 * XXX there is nothing in the SCSA spec that states that we should not
26367 	 * do a callback for polled cmds; however, removing this will break sd
26368 	 * and probably other target drivers
26369 	 */
26370 	pkt->pkt_comp = NULL;
26371 
26372 	/*
26373 	 * we don't like a polled command without timeout.
26374 	 * 60 seconds seems long enough.
26375 	 */
26376 	if (pkt->pkt_time == 0) {
26377 		pkt->pkt_time = SCSI_POLL_TIMEOUT;
26378 	}
26379 
26380 	/*
26381 	 * Send polled cmd.
26382 	 *
26383 	 * We do some error recovery for various errors.  Tran_busy,
26384 	 * queue full, and non-dispatched commands are retried every 10 msec.
26385 	 * as they are typically transient failures.  Busy status and Not
26386 	 * Ready are retried every second as this status takes a while to
26387 	 * change.  Unit attention is retried for pkt_time (60) times
26388 	 * with no delay.
26389 	 */
26390 	timeout = pkt->pkt_time * SD_SEC_TO_CSEC;
26391 
26392 	for (busy_count = 0; busy_count < timeout; busy_count++) {
26393 		int rc;
26394 		int poll_delay;
26395 
26396 		/*
26397 		 * Initialize pkt status variables.
26398 		 */
26399 		*pkt->pkt_scbp = pkt->pkt_reason = pkt->pkt_state = 0;
26400 
26401 		if ((rc = scsi_transport(pkt)) != TRAN_ACCEPT) {
26402 			if (rc != TRAN_BUSY) {
26403 				/* Transport failed - give up. */
26404 				break;
26405 			} else {
26406 				/* Transport busy - try again. */
26407 				poll_delay = 1 * SD_CSEC; /* 10 msec */
26408 			}
26409 		} else {
26410 			/*
26411 			 * Transport accepted - check pkt status.
26412 			 */
26413 			rc = (*pkt->pkt_scbp) & STATUS_MASK;
26414 			if (pkt->pkt_reason == CMD_CMPLT &&
26415 			    rc == STATUS_CHECK &&
26416 			    pkt->pkt_state & STATE_ARQ_DONE) {
26417 				struct scsi_arq_status *arqstat =
26418 				    (struct scsi_arq_status *)(pkt->pkt_scbp);
26419 
26420 				sensep = &arqstat->sts_sensedata;
26421 			} else {
26422 				sensep = NULL;
26423 			}
26424 
26425 			if ((pkt->pkt_reason == CMD_CMPLT) &&
26426 			    (rc == STATUS_GOOD)) {
26427 				/* No error - we're done */
26428 				rval = SD_SUCCESS;
26429 				break;
26430 
26431 			} else if (pkt->pkt_reason == CMD_DEV_GONE) {
26432 				/* Lost connection - give up */
26433 				break;
26434 
26435 			} else if ((pkt->pkt_reason == CMD_INCOMPLETE) &&
26436 			    (pkt->pkt_state == 0)) {
26437 				/* Pkt not dispatched - try again. */
26438 				poll_delay = 1 * SD_CSEC; /* 10 msec. */
26439 
26440 			} else if ((pkt->pkt_reason == CMD_CMPLT) &&
26441 			    (rc == STATUS_QFULL)) {
26442 				/* Queue full - try again. */
26443 				poll_delay = 1 * SD_CSEC; /* 10 msec. */
26444 
26445 			} else if ((pkt->pkt_reason == CMD_CMPLT) &&
26446 			    (rc == STATUS_BUSY)) {
26447 				/* Busy - try again. */
26448 				poll_delay = 100 * SD_CSEC; /* 1 sec. */
26449 				busy_count += (SD_SEC_TO_CSEC - 1);
26450 
26451 			} else if ((sensep != NULL) &&
26452 			    (sensep->es_key == KEY_UNIT_ATTENTION)) {
26453 				/* Unit Attention - try again */
26454 				busy_count += (SD_SEC_TO_CSEC - 1); /* 1 */
26455 				continue;
26456 
26457 			} else if ((sensep != NULL) &&
26458 			    (sensep->es_key == KEY_NOT_READY) &&
26459 			    (sensep->es_add_code == 0x04) &&
26460 			    (sensep->es_qual_code == 0x01)) {
26461 				/* Not ready -> ready - try again. */
26462 				poll_delay = 100 * SD_CSEC; /* 1 sec. */
26463 				busy_count += (SD_SEC_TO_CSEC - 1);
26464 
26465 			} else {
26466 				/* BAD status - give up. */
26467 				break;
26468 			}
26469 		}
26470 
26471 		if ((curthread->t_flag & T_INTR_THREAD) == 0 &&
26472 		    !do_polled_io) {
26473 			delay(drv_usectohz(poll_delay));
26474 		} else {
26475 			/* we busy wait during cpr_dump or interrupt threads */
26476 			drv_usecwait(poll_delay);
26477 		}
26478 	}
26479 
26480 	pkt->pkt_flags = savef;
26481 	pkt->pkt_comp = savec;
26482 	pkt->pkt_time = savet;
26483 	return (rval);
26484 }
26485 
26486 
26487 /*
26488  *    Function: sd_persistent_reservation_in_read_keys
26489  *
26490  * Description: This routine is the driver entry point for handling CD-ROM
26491  *		multi-host persistent reservation requests (MHIOCGRP_INKEYS)
26492  *		by sending the SCSI-3 PRIN commands to the device.
26493  *		Processes the read keys command response by copying the
26494  *		reservation key information into the user provided buffer.
26495  *		Support for the 32/64 bit _MULTI_DATAMODEL is implemented.
26496  *
26497  *   Arguments: un   -  Pointer to soft state struct for the target.
26498  *		usrp -	user provided pointer to multihost Persistent In Read
26499  *			Keys structure (mhioc_inkeys_t)
26500  *		flag -	this argument is a pass through to ddi_copyxxx()
26501  *			directly from the mode argument of ioctl().
26502  *
26503  * Return Code: 0   - Success
26504  *		EACCES
26505  *		ENOTSUP
26506  *		errno return code from sd_send_scsi_cmd()
26507  *
26508  *     Context: Can sleep. Does not return until command is completed.
26509  */
26510 
26511 static int
26512 sd_persistent_reservation_in_read_keys(struct sd_lun *un,
26513     mhioc_inkeys_t *usrp, int flag)
26514 {
26515 #ifdef _MULTI_DATAMODEL
26516 	struct mhioc_key_list32	li32;
26517 #endif
26518 	sd_prin_readkeys_t	*in;
26519 	mhioc_inkeys_t		*ptr;
26520 	mhioc_key_list_t	li;
26521 	uchar_t			*data_bufp;
26522 	int 			data_len;
26523 	int			rval;
26524 	size_t			copysz;
26525 
26526 	if ((ptr = (mhioc_inkeys_t *)usrp) == NULL) {
26527 		return (EINVAL);
26528 	}
26529 	bzero(&li, sizeof (mhioc_key_list_t));
26530 
26531 	/*
26532 	 * Get the listsize from user
26533 	 */
26534 #ifdef _MULTI_DATAMODEL
26535 
26536 	switch (ddi_model_convert_from(flag & FMODELS)) {
26537 	case DDI_MODEL_ILP32:
26538 		copysz = sizeof (struct mhioc_key_list32);
26539 		if (ddi_copyin(ptr->li, &li32, copysz, flag)) {
26540 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26541 			    "sd_persistent_reservation_in_read_keys: "
26542 			    "failed ddi_copyin: mhioc_key_list32_t\n");
26543 			rval = EFAULT;
26544 			goto done;
26545 		}
26546 		li.listsize = li32.listsize;
26547 		li.list = (mhioc_resv_key_t *)(uintptr_t)li32.list;
26548 		break;
26549 
26550 	case DDI_MODEL_NONE:
26551 		copysz = sizeof (mhioc_key_list_t);
26552 		if (ddi_copyin(ptr->li, &li, copysz, flag)) {
26553 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26554 			    "sd_persistent_reservation_in_read_keys: "
26555 			    "failed ddi_copyin: mhioc_key_list_t\n");
26556 			rval = EFAULT;
26557 			goto done;
26558 		}
26559 		break;
26560 	}
26561 
26562 #else /* ! _MULTI_DATAMODEL */
26563 	copysz = sizeof (mhioc_key_list_t);
26564 	if (ddi_copyin(ptr->li, &li, copysz, flag)) {
26565 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26566 		    "sd_persistent_reservation_in_read_keys: "
26567 		    "failed ddi_copyin: mhioc_key_list_t\n");
26568 		rval = EFAULT;
26569 		goto done;
26570 	}
26571 #endif
26572 
26573 	data_len  = li.listsize * MHIOC_RESV_KEY_SIZE;
26574 	data_len += (sizeof (sd_prin_readkeys_t) - sizeof (caddr_t));
26575 	data_bufp = kmem_zalloc(data_len, KM_SLEEP);
26576 
26577 	if ((rval = sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_KEYS,
26578 	    data_len, data_bufp)) != 0) {
26579 		goto done;
26580 	}
26581 	in = (sd_prin_readkeys_t *)data_bufp;
26582 	ptr->generation = BE_32(in->generation);
26583 	li.listlen = BE_32(in->len) / MHIOC_RESV_KEY_SIZE;
26584 
26585 	/*
26586 	 * Return the min(listsize, listlen) keys
26587 	 */
26588 #ifdef _MULTI_DATAMODEL
26589 
26590 	switch (ddi_model_convert_from(flag & FMODELS)) {
26591 	case DDI_MODEL_ILP32:
26592 		li32.listlen = li.listlen;
26593 		if (ddi_copyout(&li32, ptr->li, copysz, flag)) {
26594 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26595 			    "sd_persistent_reservation_in_read_keys: "
26596 			    "failed ddi_copyout: mhioc_key_list32_t\n");
26597 			rval = EFAULT;
26598 			goto done;
26599 		}
26600 		break;
26601 
26602 	case DDI_MODEL_NONE:
26603 		if (ddi_copyout(&li, ptr->li, copysz, flag)) {
26604 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26605 			    "sd_persistent_reservation_in_read_keys: "
26606 			    "failed ddi_copyout: mhioc_key_list_t\n");
26607 			rval = EFAULT;
26608 			goto done;
26609 		}
26610 		break;
26611 	}
26612 
26613 #else /* ! _MULTI_DATAMODEL */
26614 
26615 	if (ddi_copyout(&li, ptr->li, copysz, flag)) {
26616 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26617 		    "sd_persistent_reservation_in_read_keys: "
26618 		    "failed ddi_copyout: mhioc_key_list_t\n");
26619 		rval = EFAULT;
26620 		goto done;
26621 	}
26622 
26623 #endif /* _MULTI_DATAMODEL */
26624 
26625 	copysz = min(li.listlen * MHIOC_RESV_KEY_SIZE,
26626 	    li.listsize * MHIOC_RESV_KEY_SIZE);
26627 	if (ddi_copyout(&in->keylist, li.list, copysz, flag)) {
26628 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26629 		    "sd_persistent_reservation_in_read_keys: "
26630 		    "failed ddi_copyout: keylist\n");
26631 		rval = EFAULT;
26632 	}
26633 done:
26634 	kmem_free(data_bufp, data_len);
26635 	return (rval);
26636 }
26637 
26638 
26639 /*
26640  *    Function: sd_persistent_reservation_in_read_resv
26641  *
26642  * Description: This routine is the driver entry point for handling CD-ROM
26643  *		multi-host persistent reservation requests (MHIOCGRP_INRESV)
26644  *		by sending the SCSI-3 PRIN commands to the device.
26645  *		Process the read persistent reservations command response by
26646  *		copying the reservation information into the user provided
26647  *		buffer. Support for the 32/64 _MULTI_DATAMODEL is implemented.
26648  *
26649  *   Arguments: un   -  Pointer to soft state struct for the target.
26650  *		usrp -	user provided pointer to multihost Persistent In Read
26651  *			Keys structure (mhioc_inkeys_t)
26652  *		flag -	this argument is a pass through to ddi_copyxxx()
26653  *			directly from the mode argument of ioctl().
26654  *
26655  * Return Code: 0   - Success
26656  *		EACCES
26657  *		ENOTSUP
26658  *		errno return code from sd_send_scsi_cmd()
26659  *
26660  *     Context: Can sleep. Does not return until command is completed.
26661  */
26662 
26663 static int
26664 sd_persistent_reservation_in_read_resv(struct sd_lun *un,
26665     mhioc_inresvs_t *usrp, int flag)
26666 {
26667 #ifdef _MULTI_DATAMODEL
26668 	struct mhioc_resv_desc_list32 resvlist32;
26669 #endif
26670 	sd_prin_readresv_t	*in;
26671 	mhioc_inresvs_t		*ptr;
26672 	sd_readresv_desc_t	*readresv_ptr;
26673 	mhioc_resv_desc_list_t	resvlist;
26674 	mhioc_resv_desc_t 	resvdesc;
26675 	uchar_t			*data_bufp;
26676 	int 			data_len;
26677 	int			rval;
26678 	int			i;
26679 	size_t			copysz;
26680 	mhioc_resv_desc_t	*bufp;
26681 
26682 	if ((ptr = usrp) == NULL) {
26683 		return (EINVAL);
26684 	}
26685 
26686 	/*
26687 	 * Get the listsize from user
26688 	 */
26689 #ifdef _MULTI_DATAMODEL
26690 	switch (ddi_model_convert_from(flag & FMODELS)) {
26691 	case DDI_MODEL_ILP32:
26692 		copysz = sizeof (struct mhioc_resv_desc_list32);
26693 		if (ddi_copyin(ptr->li, &resvlist32, copysz, flag)) {
26694 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26695 			    "sd_persistent_reservation_in_read_resv: "
26696 			    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26697 			rval = EFAULT;
26698 			goto done;
26699 		}
26700 		resvlist.listsize = resvlist32.listsize;
26701 		resvlist.list = (mhioc_resv_desc_t *)(uintptr_t)resvlist32.list;
26702 		break;
26703 
26704 	case DDI_MODEL_NONE:
26705 		copysz = sizeof (mhioc_resv_desc_list_t);
26706 		if (ddi_copyin(ptr->li, &resvlist, copysz, flag)) {
26707 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26708 			    "sd_persistent_reservation_in_read_resv: "
26709 			    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26710 			rval = EFAULT;
26711 			goto done;
26712 		}
26713 		break;
26714 	}
26715 #else /* ! _MULTI_DATAMODEL */
26716 	copysz = sizeof (mhioc_resv_desc_list_t);
26717 	if (ddi_copyin(ptr->li, &resvlist, copysz, flag)) {
26718 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26719 		    "sd_persistent_reservation_in_read_resv: "
26720 		    "failed ddi_copyin: mhioc_resv_desc_list_t\n");
26721 		rval = EFAULT;
26722 		goto done;
26723 	}
26724 #endif /* ! _MULTI_DATAMODEL */
26725 
26726 	data_len  = resvlist.listsize * SCSI3_RESV_DESC_LEN;
26727 	data_len += (sizeof (sd_prin_readresv_t) - sizeof (caddr_t));
26728 	data_bufp = kmem_zalloc(data_len, KM_SLEEP);
26729 
26730 	if ((rval = sd_send_scsi_PERSISTENT_RESERVE_IN(un, SD_READ_RESV,
26731 	    data_len, data_bufp)) != 0) {
26732 		goto done;
26733 	}
26734 	in = (sd_prin_readresv_t *)data_bufp;
26735 	ptr->generation = BE_32(in->generation);
26736 	resvlist.listlen = BE_32(in->len) / SCSI3_RESV_DESC_LEN;
26737 
26738 	/*
26739 	 * Return the min(listsize, listlen( keys
26740 	 */
26741 #ifdef _MULTI_DATAMODEL
26742 
26743 	switch (ddi_model_convert_from(flag & FMODELS)) {
26744 	case DDI_MODEL_ILP32:
26745 		resvlist32.listlen = resvlist.listlen;
26746 		if (ddi_copyout(&resvlist32, ptr->li, copysz, flag)) {
26747 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26748 			    "sd_persistent_reservation_in_read_resv: "
26749 			    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26750 			rval = EFAULT;
26751 			goto done;
26752 		}
26753 		break;
26754 
26755 	case DDI_MODEL_NONE:
26756 		if (ddi_copyout(&resvlist, ptr->li, copysz, flag)) {
26757 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26758 			    "sd_persistent_reservation_in_read_resv: "
26759 			    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26760 			rval = EFAULT;
26761 			goto done;
26762 		}
26763 		break;
26764 	}
26765 
26766 #else /* ! _MULTI_DATAMODEL */
26767 
26768 	if (ddi_copyout(&resvlist, ptr->li, copysz, flag)) {
26769 		SD_ERROR(SD_LOG_IOCTL_MHD, un,
26770 		    "sd_persistent_reservation_in_read_resv: "
26771 		    "failed ddi_copyout: mhioc_resv_desc_list_t\n");
26772 		rval = EFAULT;
26773 		goto done;
26774 	}
26775 
26776 #endif /* ! _MULTI_DATAMODEL */
26777 
26778 	readresv_ptr = (sd_readresv_desc_t *)&in->readresv_desc;
26779 	bufp = resvlist.list;
26780 	copysz = sizeof (mhioc_resv_desc_t);
26781 	for (i = 0; i < min(resvlist.listlen, resvlist.listsize);
26782 	    i++, readresv_ptr++, bufp++) {
26783 
26784 		bcopy(&readresv_ptr->resvkey, &resvdesc.key,
26785 		    MHIOC_RESV_KEY_SIZE);
26786 		resvdesc.type  = readresv_ptr->type;
26787 		resvdesc.scope = readresv_ptr->scope;
26788 		resvdesc.scope_specific_addr =
26789 		    BE_32(readresv_ptr->scope_specific_addr);
26790 
26791 		if (ddi_copyout(&resvdesc, bufp, copysz, flag)) {
26792 			SD_ERROR(SD_LOG_IOCTL_MHD, un,
26793 			    "sd_persistent_reservation_in_read_resv: "
26794 			    "failed ddi_copyout: resvlist\n");
26795 			rval = EFAULT;
26796 			goto done;
26797 		}
26798 	}
26799 done:
26800 	kmem_free(data_bufp, data_len);
26801 	return (rval);
26802 }
26803 
26804 
26805 /*
26806  *    Function: sr_change_blkmode()
26807  *
26808  * Description: This routine is the driver entry point for handling CD-ROM
26809  *		block mode ioctl requests. Support for returning and changing
26810  *		the current block size in use by the device is implemented. The
26811  *		LBA size is changed via a MODE SELECT Block Descriptor.
26812  *
26813  *		This routine issues a mode sense with an allocation length of
26814  *		12 bytes for the mode page header and a single block descriptor.
26815  *
26816  *   Arguments: dev - the device 'dev_t'
26817  *		cmd - the request type; one of CDROMGBLKMODE (get) or
26818  *		      CDROMSBLKMODE (set)
26819  *		data - current block size or requested block size
26820  *		flag - this argument is a pass through to ddi_copyxxx() directly
26821  *		       from the mode argument of ioctl().
26822  *
26823  * Return Code: the code returned by sd_send_scsi_cmd()
26824  *		EINVAL if invalid arguments are provided
26825  *		EFAULT if ddi_copyxxx() fails
26826  *		ENXIO if fail ddi_get_soft_state
26827  *		EIO if invalid mode sense block descriptor length
26828  *
26829  */
26830 
26831 static int
26832 sr_change_blkmode(dev_t dev, int cmd, intptr_t data, int flag)
26833 {
26834 	struct sd_lun			*un = NULL;
26835 	struct mode_header		*sense_mhp, *select_mhp;
26836 	struct block_descriptor		*sense_desc, *select_desc;
26837 	int				current_bsize;
26838 	int				rval = EINVAL;
26839 	uchar_t				*sense = NULL;
26840 	uchar_t				*select = NULL;
26841 
26842 	ASSERT((cmd == CDROMGBLKMODE) || (cmd == CDROMSBLKMODE));
26843 
26844 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
26845 		return (ENXIO);
26846 	}
26847 
26848 	/*
26849 	 * The block length is changed via the Mode Select block descriptor, the
26850 	 * "Read/Write Error Recovery" mode page (0x1) contents are not actually
26851 	 * required as part of this routine. Therefore the mode sense allocation
26852 	 * length is specified to be the length of a mode page header and a
26853 	 * block descriptor.
26854 	 */
26855 	sense = kmem_zalloc(BUFLEN_CHG_BLK_MODE, KM_SLEEP);
26856 
26857 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
26858 	    BUFLEN_CHG_BLK_MODE, MODEPAGE_ERR_RECOV, SD_PATH_STANDARD)) != 0) {
26859 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26860 		    "sr_change_blkmode: Mode Sense Failed\n");
26861 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26862 		return (rval);
26863 	}
26864 
26865 	/* Check the block descriptor len to handle only 1 block descriptor */
26866 	sense_mhp = (struct mode_header *)sense;
26867 	if ((sense_mhp->bdesc_length == 0) ||
26868 	    (sense_mhp->bdesc_length > MODE_BLK_DESC_LENGTH)) {
26869 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26870 		    "sr_change_blkmode: Mode Sense returned invalid block"
26871 		    " descriptor length\n");
26872 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26873 		return (EIO);
26874 	}
26875 	sense_desc = (struct block_descriptor *)(sense + MODE_HEADER_LENGTH);
26876 	current_bsize = ((sense_desc->blksize_hi << 16) |
26877 	    (sense_desc->blksize_mid << 8) | sense_desc->blksize_lo);
26878 
26879 	/* Process command */
26880 	switch (cmd) {
26881 	case CDROMGBLKMODE:
26882 		/* Return the block size obtained during the mode sense */
26883 		if (ddi_copyout(&current_bsize, (void *)data,
26884 		    sizeof (int), flag) != 0)
26885 			rval = EFAULT;
26886 		break;
26887 	case CDROMSBLKMODE:
26888 		/* Validate the requested block size */
26889 		switch (data) {
26890 		case CDROM_BLK_512:
26891 		case CDROM_BLK_1024:
26892 		case CDROM_BLK_2048:
26893 		case CDROM_BLK_2056:
26894 		case CDROM_BLK_2336:
26895 		case CDROM_BLK_2340:
26896 		case CDROM_BLK_2352:
26897 		case CDROM_BLK_2368:
26898 		case CDROM_BLK_2448:
26899 		case CDROM_BLK_2646:
26900 		case CDROM_BLK_2647:
26901 			break;
26902 		default:
26903 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26904 			    "sr_change_blkmode: "
26905 			    "Block Size '%ld' Not Supported\n", data);
26906 			kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26907 			return (EINVAL);
26908 		}
26909 
26910 		/*
26911 		 * The current block size matches the requested block size so
26912 		 * there is no need to send the mode select to change the size
26913 		 */
26914 		if (current_bsize == data) {
26915 			break;
26916 		}
26917 
26918 		/* Build the select data for the requested block size */
26919 		select = kmem_zalloc(BUFLEN_CHG_BLK_MODE, KM_SLEEP);
26920 		select_mhp = (struct mode_header *)select;
26921 		select_desc =
26922 		    (struct block_descriptor *)(select + MODE_HEADER_LENGTH);
26923 		/*
26924 		 * The LBA size is changed via the block descriptor, so the
26925 		 * descriptor is built according to the user data
26926 		 */
26927 		select_mhp->bdesc_length = MODE_BLK_DESC_LENGTH;
26928 		select_desc->blksize_hi  = (char)(((data) & 0x00ff0000) >> 16);
26929 		select_desc->blksize_mid = (char)(((data) & 0x0000ff00) >> 8);
26930 		select_desc->blksize_lo  = (char)((data) & 0x000000ff);
26931 
26932 		/* Send the mode select for the requested block size */
26933 		if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0,
26934 		    select, BUFLEN_CHG_BLK_MODE, SD_DONTSAVE_PAGE,
26935 		    SD_PATH_STANDARD)) != 0) {
26936 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26937 			    "sr_change_blkmode: Mode Select Failed\n");
26938 			/*
26939 			 * The mode select failed for the requested block size,
26940 			 * so reset the data for the original block size and
26941 			 * send it to the target. The error is indicated by the
26942 			 * return value for the failed mode select.
26943 			 */
26944 			select_desc->blksize_hi  = sense_desc->blksize_hi;
26945 			select_desc->blksize_mid = sense_desc->blksize_mid;
26946 			select_desc->blksize_lo  = sense_desc->blksize_lo;
26947 			(void) sd_send_scsi_MODE_SELECT(un, CDB_GROUP0,
26948 			    select, BUFLEN_CHG_BLK_MODE, SD_DONTSAVE_PAGE,
26949 			    SD_PATH_STANDARD);
26950 		} else {
26951 			ASSERT(!mutex_owned(SD_MUTEX(un)));
26952 			mutex_enter(SD_MUTEX(un));
26953 			sd_update_block_info(un, (uint32_t)data, 0);
26954 
26955 			mutex_exit(SD_MUTEX(un));
26956 		}
26957 		break;
26958 	default:
26959 		/* should not reach here, but check anyway */
26960 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
26961 		    "sr_change_blkmode: Command '%x' Not Supported\n", cmd);
26962 		rval = EINVAL;
26963 		break;
26964 	}
26965 
26966 	if (select) {
26967 		kmem_free(select, BUFLEN_CHG_BLK_MODE);
26968 	}
26969 	if (sense) {
26970 		kmem_free(sense, BUFLEN_CHG_BLK_MODE);
26971 	}
26972 	return (rval);
26973 }
26974 
26975 
26976 /*
26977  * Note: The following sr_change_speed() and sr_atapi_change_speed() routines
26978  * implement driver support for getting and setting the CD speed. The command
26979  * set used will be based on the device type. If the device has not been
26980  * identified as MMC the Toshiba vendor specific mode page will be used. If
26981  * the device is MMC but does not support the Real Time Streaming feature
26982  * the SET CD SPEED command will be used to set speed and mode page 0x2A will
26983  * be used to read the speed.
26984  */
26985 
26986 /*
26987  *    Function: sr_change_speed()
26988  *
26989  * Description: This routine is the driver entry point for handling CD-ROM
26990  *		drive speed ioctl requests for devices supporting the Toshiba
26991  *		vendor specific drive speed mode page. Support for returning
26992  *		and changing the current drive speed in use by the device is
26993  *		implemented.
26994  *
26995  *   Arguments: dev - the device 'dev_t'
26996  *		cmd - the request type; one of CDROMGDRVSPEED (get) or
26997  *		      CDROMSDRVSPEED (set)
26998  *		data - current drive speed or requested drive speed
26999  *		flag - this argument is a pass through to ddi_copyxxx() directly
27000  *		       from the mode argument of ioctl().
27001  *
27002  * Return Code: the code returned by sd_send_scsi_cmd()
27003  *		EINVAL if invalid arguments are provided
27004  *		EFAULT if ddi_copyxxx() fails
27005  *		ENXIO if fail ddi_get_soft_state
27006  *		EIO if invalid mode sense block descriptor length
27007  */
27008 
27009 static int
27010 sr_change_speed(dev_t dev, int cmd, intptr_t data, int flag)
27011 {
27012 	struct sd_lun			*un = NULL;
27013 	struct mode_header		*sense_mhp, *select_mhp;
27014 	struct mode_speed		*sense_page, *select_page;
27015 	int				current_speed;
27016 	int				rval = EINVAL;
27017 	int				bd_len;
27018 	uchar_t				*sense = NULL;
27019 	uchar_t				*select = NULL;
27020 
27021 	ASSERT((cmd == CDROMGDRVSPEED) || (cmd == CDROMSDRVSPEED));
27022 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27023 		return (ENXIO);
27024 	}
27025 
27026 	/*
27027 	 * Note: The drive speed is being modified here according to a Toshiba
27028 	 * vendor specific mode page (0x31).
27029 	 */
27030 	sense = kmem_zalloc(BUFLEN_MODE_CDROM_SPEED, KM_SLEEP);
27031 
27032 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
27033 	    BUFLEN_MODE_CDROM_SPEED, CDROM_MODE_SPEED,
27034 	    SD_PATH_STANDARD)) != 0) {
27035 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27036 		    "sr_change_speed: Mode Sense Failed\n");
27037 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27038 		return (rval);
27039 	}
27040 	sense_mhp  = (struct mode_header *)sense;
27041 
27042 	/* Check the block descriptor len to handle only 1 block descriptor */
27043 	bd_len = sense_mhp->bdesc_length;
27044 	if (bd_len > MODE_BLK_DESC_LENGTH) {
27045 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27046 		    "sr_change_speed: Mode Sense returned invalid block "
27047 		    "descriptor length\n");
27048 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27049 		return (EIO);
27050 	}
27051 
27052 	sense_page = (struct mode_speed *)
27053 	    (sense + MODE_HEADER_LENGTH + sense_mhp->bdesc_length);
27054 	current_speed = sense_page->speed;
27055 
27056 	/* Process command */
27057 	switch (cmd) {
27058 	case CDROMGDRVSPEED:
27059 		/* Return the drive speed obtained during the mode sense */
27060 		if (current_speed == 0x2) {
27061 			current_speed = CDROM_TWELVE_SPEED;
27062 		}
27063 		if (ddi_copyout(&current_speed, (void *)data,
27064 		    sizeof (int), flag) != 0) {
27065 			rval = EFAULT;
27066 		}
27067 		break;
27068 	case CDROMSDRVSPEED:
27069 		/* Validate the requested drive speed */
27070 		switch ((uchar_t)data) {
27071 		case CDROM_TWELVE_SPEED:
27072 			data = 0x2;
27073 			/*FALLTHROUGH*/
27074 		case CDROM_NORMAL_SPEED:
27075 		case CDROM_DOUBLE_SPEED:
27076 		case CDROM_QUAD_SPEED:
27077 		case CDROM_MAXIMUM_SPEED:
27078 			break;
27079 		default:
27080 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27081 			    "sr_change_speed: "
27082 			    "Drive Speed '%d' Not Supported\n", (uchar_t)data);
27083 			kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27084 			return (EINVAL);
27085 		}
27086 
27087 		/*
27088 		 * The current drive speed matches the requested drive speed so
27089 		 * there is no need to send the mode select to change the speed
27090 		 */
27091 		if (current_speed == data) {
27092 			break;
27093 		}
27094 
27095 		/* Build the select data for the requested drive speed */
27096 		select = kmem_zalloc(BUFLEN_MODE_CDROM_SPEED, KM_SLEEP);
27097 		select_mhp = (struct mode_header *)select;
27098 		select_mhp->bdesc_length = 0;
27099 		select_page =
27100 		    (struct mode_speed *)(select + MODE_HEADER_LENGTH);
27101 		select_page =
27102 		    (struct mode_speed *)(select + MODE_HEADER_LENGTH);
27103 		select_page->mode_page.code = CDROM_MODE_SPEED;
27104 		select_page->mode_page.length = 2;
27105 		select_page->speed = (uchar_t)data;
27106 
27107 		/* Send the mode select for the requested block size */
27108 		if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
27109 		    MODEPAGE_CDROM_SPEED_LEN + MODE_HEADER_LENGTH,
27110 		    SD_DONTSAVE_PAGE, SD_PATH_STANDARD)) != 0) {
27111 			/*
27112 			 * The mode select failed for the requested drive speed,
27113 			 * so reset the data for the original drive speed and
27114 			 * send it to the target. The error is indicated by the
27115 			 * return value for the failed mode select.
27116 			 */
27117 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27118 			    "sr_drive_speed: Mode Select Failed\n");
27119 			select_page->speed = sense_page->speed;
27120 			(void) sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
27121 			    MODEPAGE_CDROM_SPEED_LEN + MODE_HEADER_LENGTH,
27122 			    SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
27123 		}
27124 		break;
27125 	default:
27126 		/* should not reach here, but check anyway */
27127 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27128 		    "sr_change_speed: Command '%x' Not Supported\n", cmd);
27129 		rval = EINVAL;
27130 		break;
27131 	}
27132 
27133 	if (select) {
27134 		kmem_free(select, BUFLEN_MODE_CDROM_SPEED);
27135 	}
27136 	if (sense) {
27137 		kmem_free(sense, BUFLEN_MODE_CDROM_SPEED);
27138 	}
27139 
27140 	return (rval);
27141 }
27142 
27143 
27144 /*
27145  *    Function: sr_atapi_change_speed()
27146  *
27147  * Description: This routine is the driver entry point for handling CD-ROM
27148  *		drive speed ioctl requests for MMC devices that do not support
27149  *		the Real Time Streaming feature (0x107).
27150  *
27151  *		Note: This routine will use the SET SPEED command which may not
27152  *		be supported by all devices.
27153  *
27154  *   Arguments: dev- the device 'dev_t'
27155  *		cmd- the request type; one of CDROMGDRVSPEED (get) or
27156  *		     CDROMSDRVSPEED (set)
27157  *		data- current drive speed or requested drive speed
27158  *		flag- this argument is a pass through to ddi_copyxxx() directly
27159  *		      from the mode argument of ioctl().
27160  *
27161  * Return Code: the code returned by sd_send_scsi_cmd()
27162  *		EINVAL if invalid arguments are provided
27163  *		EFAULT if ddi_copyxxx() fails
27164  *		ENXIO if fail ddi_get_soft_state
27165  *		EIO if invalid mode sense block descriptor length
27166  */
27167 
27168 static int
27169 sr_atapi_change_speed(dev_t dev, int cmd, intptr_t data, int flag)
27170 {
27171 	struct sd_lun			*un;
27172 	struct uscsi_cmd		*com = NULL;
27173 	struct mode_header_grp2		*sense_mhp;
27174 	uchar_t				*sense_page;
27175 	uchar_t				*sense = NULL;
27176 	char				cdb[CDB_GROUP5];
27177 	int				bd_len;
27178 	int				current_speed = 0;
27179 	int				max_speed = 0;
27180 	int				rval;
27181 
27182 	ASSERT((cmd == CDROMGDRVSPEED) || (cmd == CDROMSDRVSPEED));
27183 
27184 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27185 		return (ENXIO);
27186 	}
27187 
27188 	sense = kmem_zalloc(BUFLEN_MODE_CDROM_CAP, KM_SLEEP);
27189 
27190 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense,
27191 	    BUFLEN_MODE_CDROM_CAP, MODEPAGE_CDROM_CAP,
27192 	    SD_PATH_STANDARD)) != 0) {
27193 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27194 		    "sr_atapi_change_speed: Mode Sense Failed\n");
27195 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27196 		return (rval);
27197 	}
27198 
27199 	/* Check the block descriptor len to handle only 1 block descriptor */
27200 	sense_mhp = (struct mode_header_grp2 *)sense;
27201 	bd_len = (sense_mhp->bdesc_length_hi << 8) | sense_mhp->bdesc_length_lo;
27202 	if (bd_len > MODE_BLK_DESC_LENGTH) {
27203 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27204 		    "sr_atapi_change_speed: Mode Sense returned invalid "
27205 		    "block descriptor length\n");
27206 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27207 		return (EIO);
27208 	}
27209 
27210 	/* Calculate the current and maximum drive speeds */
27211 	sense_page = (uchar_t *)(sense + MODE_HEADER_LENGTH_GRP2 + bd_len);
27212 	current_speed = (sense_page[14] << 8) | sense_page[15];
27213 	max_speed = (sense_page[8] << 8) | sense_page[9];
27214 
27215 	/* Process the command */
27216 	switch (cmd) {
27217 	case CDROMGDRVSPEED:
27218 		current_speed /= SD_SPEED_1X;
27219 		if (ddi_copyout(&current_speed, (void *)data,
27220 		    sizeof (int), flag) != 0)
27221 			rval = EFAULT;
27222 		break;
27223 	case CDROMSDRVSPEED:
27224 		/* Convert the speed code to KB/sec */
27225 		switch ((uchar_t)data) {
27226 		case CDROM_NORMAL_SPEED:
27227 			current_speed = SD_SPEED_1X;
27228 			break;
27229 		case CDROM_DOUBLE_SPEED:
27230 			current_speed = 2 * SD_SPEED_1X;
27231 			break;
27232 		case CDROM_QUAD_SPEED:
27233 			current_speed = 4 * SD_SPEED_1X;
27234 			break;
27235 		case CDROM_TWELVE_SPEED:
27236 			current_speed = 12 * SD_SPEED_1X;
27237 			break;
27238 		case CDROM_MAXIMUM_SPEED:
27239 			current_speed = 0xffff;
27240 			break;
27241 		default:
27242 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27243 			    "sr_atapi_change_speed: invalid drive speed %d\n",
27244 			    (uchar_t)data);
27245 			kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27246 			return (EINVAL);
27247 		}
27248 
27249 		/* Check the request against the drive's max speed. */
27250 		if (current_speed != 0xffff) {
27251 			if (current_speed > max_speed) {
27252 				kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27253 				return (EINVAL);
27254 			}
27255 		}
27256 
27257 		/*
27258 		 * Build and send the SET SPEED command
27259 		 *
27260 		 * Note: The SET SPEED (0xBB) command used in this routine is
27261 		 * obsolete per the SCSI MMC spec but still supported in the
27262 		 * MT FUJI vendor spec. Most equipment is adhereing to MT FUJI
27263 		 * therefore the command is still implemented in this routine.
27264 		 */
27265 		bzero(cdb, sizeof (cdb));
27266 		cdb[0] = (char)SCMD_SET_CDROM_SPEED;
27267 		cdb[2] = (uchar_t)(current_speed >> 8);
27268 		cdb[3] = (uchar_t)current_speed;
27269 		com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27270 		com->uscsi_cdb	   = (caddr_t)cdb;
27271 		com->uscsi_cdblen  = CDB_GROUP5;
27272 		com->uscsi_bufaddr = NULL;
27273 		com->uscsi_buflen  = 0;
27274 		com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT;
27275 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, 0,
27276 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27277 		break;
27278 	default:
27279 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27280 		    "sr_atapi_change_speed: Command '%x' Not Supported\n", cmd);
27281 		rval = EINVAL;
27282 	}
27283 
27284 	if (sense) {
27285 		kmem_free(sense, BUFLEN_MODE_CDROM_CAP);
27286 	}
27287 	if (com) {
27288 		kmem_free(com, sizeof (*com));
27289 	}
27290 	return (rval);
27291 }
27292 
27293 
27294 /*
27295  *    Function: sr_pause_resume()
27296  *
27297  * Description: This routine is the driver entry point for handling CD-ROM
27298  *		pause/resume ioctl requests. This only affects the audio play
27299  *		operation.
27300  *
27301  *   Arguments: dev - the device 'dev_t'
27302  *		cmd - the request type; one of CDROMPAUSE or CDROMRESUME, used
27303  *		      for setting the resume bit of the cdb.
27304  *
27305  * Return Code: the code returned by sd_send_scsi_cmd()
27306  *		EINVAL if invalid mode specified
27307  *
27308  */
27309 
27310 static int
27311 sr_pause_resume(dev_t dev, int cmd)
27312 {
27313 	struct sd_lun		*un;
27314 	struct uscsi_cmd	*com;
27315 	char			cdb[CDB_GROUP1];
27316 	int			rval;
27317 
27318 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27319 		return (ENXIO);
27320 	}
27321 
27322 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27323 	bzero(cdb, CDB_GROUP1);
27324 	cdb[0] = SCMD_PAUSE_RESUME;
27325 	switch (cmd) {
27326 	case CDROMRESUME:
27327 		cdb[8] = 1;
27328 		break;
27329 	case CDROMPAUSE:
27330 		cdb[8] = 0;
27331 		break;
27332 	default:
27333 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_pause_resume:"
27334 		    " Command '%x' Not Supported\n", cmd);
27335 		rval = EINVAL;
27336 		goto done;
27337 	}
27338 
27339 	com->uscsi_cdb    = cdb;
27340 	com->uscsi_cdblen = CDB_GROUP1;
27341 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27342 
27343 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27344 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27345 
27346 done:
27347 	kmem_free(com, sizeof (*com));
27348 	return (rval);
27349 }
27350 
27351 
27352 /*
27353  *    Function: sr_play_msf()
27354  *
27355  * Description: This routine is the driver entry point for handling CD-ROM
27356  *		ioctl requests to output the audio signals at the specified
27357  *		starting address and continue the audio play until the specified
27358  *		ending address (CDROMPLAYMSF) The address is in Minute Second
27359  *		Frame (MSF) format.
27360  *
27361  *   Arguments: dev	- the device 'dev_t'
27362  *		data	- pointer to user provided audio msf structure,
27363  *		          specifying start/end addresses.
27364  *		flag	- this argument is a pass through to ddi_copyxxx()
27365  *		          directly from the mode argument of ioctl().
27366  *
27367  * Return Code: the code returned by sd_send_scsi_cmd()
27368  *		EFAULT if ddi_copyxxx() fails
27369  *		ENXIO if fail ddi_get_soft_state
27370  *		EINVAL if data pointer is NULL
27371  */
27372 
27373 static int
27374 sr_play_msf(dev_t dev, caddr_t data, int flag)
27375 {
27376 	struct sd_lun		*un;
27377 	struct uscsi_cmd	*com;
27378 	struct cdrom_msf	msf_struct;
27379 	struct cdrom_msf	*msf = &msf_struct;
27380 	char			cdb[CDB_GROUP1];
27381 	int			rval;
27382 
27383 	if (data == NULL) {
27384 		return (EINVAL);
27385 	}
27386 
27387 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27388 		return (ENXIO);
27389 	}
27390 
27391 	if (ddi_copyin(data, msf, sizeof (struct cdrom_msf), flag)) {
27392 		return (EFAULT);
27393 	}
27394 
27395 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27396 	bzero(cdb, CDB_GROUP1);
27397 	cdb[0] = SCMD_PLAYAUDIO_MSF;
27398 	if (un->un_f_cfg_playmsf_bcd == TRUE) {
27399 		cdb[3] = BYTE_TO_BCD(msf->cdmsf_min0);
27400 		cdb[4] = BYTE_TO_BCD(msf->cdmsf_sec0);
27401 		cdb[5] = BYTE_TO_BCD(msf->cdmsf_frame0);
27402 		cdb[6] = BYTE_TO_BCD(msf->cdmsf_min1);
27403 		cdb[7] = BYTE_TO_BCD(msf->cdmsf_sec1);
27404 		cdb[8] = BYTE_TO_BCD(msf->cdmsf_frame1);
27405 	} else {
27406 		cdb[3] = msf->cdmsf_min0;
27407 		cdb[4] = msf->cdmsf_sec0;
27408 		cdb[5] = msf->cdmsf_frame0;
27409 		cdb[6] = msf->cdmsf_min1;
27410 		cdb[7] = msf->cdmsf_sec1;
27411 		cdb[8] = msf->cdmsf_frame1;
27412 	}
27413 	com->uscsi_cdb    = cdb;
27414 	com->uscsi_cdblen = CDB_GROUP1;
27415 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27416 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27417 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27418 	kmem_free(com, sizeof (*com));
27419 	return (rval);
27420 }
27421 
27422 
27423 /*
27424  *    Function: sr_play_trkind()
27425  *
27426  * Description: This routine is the driver entry point for handling CD-ROM
27427  *		ioctl requests to output the audio signals at the specified
27428  *		starting address and continue the audio play until the specified
27429  *		ending address (CDROMPLAYTRKIND). The address is in Track Index
27430  *		format.
27431  *
27432  *   Arguments: dev	- the device 'dev_t'
27433  *		data	- pointer to user provided audio track/index structure,
27434  *		          specifying start/end addresses.
27435  *		flag	- this argument is a pass through to ddi_copyxxx()
27436  *		          directly from the mode argument of ioctl().
27437  *
27438  * Return Code: the code returned by sd_send_scsi_cmd()
27439  *		EFAULT if ddi_copyxxx() fails
27440  *		ENXIO if fail ddi_get_soft_state
27441  *		EINVAL if data pointer is NULL
27442  */
27443 
27444 static int
27445 sr_play_trkind(dev_t dev, caddr_t data, int flag)
27446 {
27447 	struct cdrom_ti		ti_struct;
27448 	struct cdrom_ti		*ti = &ti_struct;
27449 	struct uscsi_cmd	*com = NULL;
27450 	char			cdb[CDB_GROUP1];
27451 	int			rval;
27452 
27453 	if (data == NULL) {
27454 		return (EINVAL);
27455 	}
27456 
27457 	if (ddi_copyin(data, ti, sizeof (struct cdrom_ti), flag)) {
27458 		return (EFAULT);
27459 	}
27460 
27461 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27462 	bzero(cdb, CDB_GROUP1);
27463 	cdb[0] = SCMD_PLAYAUDIO_TI;
27464 	cdb[4] = ti->cdti_trk0;
27465 	cdb[5] = ti->cdti_ind0;
27466 	cdb[7] = ti->cdti_trk1;
27467 	cdb[8] = ti->cdti_ind1;
27468 	com->uscsi_cdb    = cdb;
27469 	com->uscsi_cdblen = CDB_GROUP1;
27470 	com->uscsi_flags  = USCSI_DIAGNOSE|USCSI_SILENT;
27471 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27472 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27473 	kmem_free(com, sizeof (*com));
27474 	return (rval);
27475 }
27476 
27477 
27478 /*
27479  *    Function: sr_read_all_subcodes()
27480  *
27481  * Description: This routine is the driver entry point for handling CD-ROM
27482  *		ioctl requests to return raw subcode data while the target is
27483  *		playing audio (CDROMSUBCODE).
27484  *
27485  *   Arguments: dev	- the device 'dev_t'
27486  *		data	- pointer to user provided cdrom subcode structure,
27487  *		          specifying the transfer length and address.
27488  *		flag	- this argument is a pass through to ddi_copyxxx()
27489  *		          directly from the mode argument of ioctl().
27490  *
27491  * Return Code: the code returned by sd_send_scsi_cmd()
27492  *		EFAULT if ddi_copyxxx() fails
27493  *		ENXIO if fail ddi_get_soft_state
27494  *		EINVAL if data pointer is NULL
27495  */
27496 
27497 static int
27498 sr_read_all_subcodes(dev_t dev, caddr_t data, int flag)
27499 {
27500 	struct sd_lun		*un = NULL;
27501 	struct uscsi_cmd	*com = NULL;
27502 	struct cdrom_subcode	*subcode = NULL;
27503 	int			rval;
27504 	size_t			buflen;
27505 	char			cdb[CDB_GROUP5];
27506 
27507 #ifdef _MULTI_DATAMODEL
27508 	/* To support ILP32 applications in an LP64 world */
27509 	struct cdrom_subcode32		cdrom_subcode32;
27510 	struct cdrom_subcode32		*cdsc32 = &cdrom_subcode32;
27511 #endif
27512 	if (data == NULL) {
27513 		return (EINVAL);
27514 	}
27515 
27516 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
27517 		return (ENXIO);
27518 	}
27519 
27520 	subcode = kmem_zalloc(sizeof (struct cdrom_subcode), KM_SLEEP);
27521 
27522 #ifdef _MULTI_DATAMODEL
27523 	switch (ddi_model_convert_from(flag & FMODELS)) {
27524 	case DDI_MODEL_ILP32:
27525 		if (ddi_copyin(data, cdsc32, sizeof (*cdsc32), flag)) {
27526 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27527 			    "sr_read_all_subcodes: ddi_copyin Failed\n");
27528 			kmem_free(subcode, sizeof (struct cdrom_subcode));
27529 			return (EFAULT);
27530 		}
27531 		/* Convert the ILP32 uscsi data from the application to LP64 */
27532 		cdrom_subcode32tocdrom_subcode(cdsc32, subcode);
27533 		break;
27534 	case DDI_MODEL_NONE:
27535 		if (ddi_copyin(data, subcode,
27536 		    sizeof (struct cdrom_subcode), flag)) {
27537 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27538 			    "sr_read_all_subcodes: ddi_copyin Failed\n");
27539 			kmem_free(subcode, sizeof (struct cdrom_subcode));
27540 			return (EFAULT);
27541 		}
27542 		break;
27543 	}
27544 #else /* ! _MULTI_DATAMODEL */
27545 	if (ddi_copyin(data, subcode, sizeof (struct cdrom_subcode), flag)) {
27546 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27547 		    "sr_read_all_subcodes: ddi_copyin Failed\n");
27548 		kmem_free(subcode, sizeof (struct cdrom_subcode));
27549 		return (EFAULT);
27550 	}
27551 #endif /* _MULTI_DATAMODEL */
27552 
27553 	/*
27554 	 * Since MMC-2 expects max 3 bytes for length, check if the
27555 	 * length input is greater than 3 bytes
27556 	 */
27557 	if ((subcode->cdsc_length & 0xFF000000) != 0) {
27558 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
27559 		    "sr_read_all_subcodes: "
27560 		    "cdrom transfer length too large: %d (limit %d)\n",
27561 		    subcode->cdsc_length, 0xFFFFFF);
27562 		kmem_free(subcode, sizeof (struct cdrom_subcode));
27563 		return (EINVAL);
27564 	}
27565 
27566 	buflen = CDROM_BLK_SUBCODE * subcode->cdsc_length;
27567 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27568 	bzero(cdb, CDB_GROUP5);
27569 
27570 	if (un->un_f_mmc_cap == TRUE) {
27571 		cdb[0] = (char)SCMD_READ_CD;
27572 		cdb[2] = (char)0xff;
27573 		cdb[3] = (char)0xff;
27574 		cdb[4] = (char)0xff;
27575 		cdb[5] = (char)0xff;
27576 		cdb[6] = (((subcode->cdsc_length) & 0x00ff0000) >> 16);
27577 		cdb[7] = (((subcode->cdsc_length) & 0x0000ff00) >> 8);
27578 		cdb[8] = ((subcode->cdsc_length) & 0x000000ff);
27579 		cdb[10] = 1;
27580 	} else {
27581 		/*
27582 		 * Note: A vendor specific command (0xDF) is being used her to
27583 		 * request a read of all subcodes.
27584 		 */
27585 		cdb[0] = (char)SCMD_READ_ALL_SUBCODES;
27586 		cdb[6] = (((subcode->cdsc_length) & 0xff000000) >> 24);
27587 		cdb[7] = (((subcode->cdsc_length) & 0x00ff0000) >> 16);
27588 		cdb[8] = (((subcode->cdsc_length) & 0x0000ff00) >> 8);
27589 		cdb[9] = ((subcode->cdsc_length) & 0x000000ff);
27590 	}
27591 	com->uscsi_cdb	   = cdb;
27592 	com->uscsi_cdblen  = CDB_GROUP5;
27593 	com->uscsi_bufaddr = (caddr_t)subcode->cdsc_addr;
27594 	com->uscsi_buflen  = buflen;
27595 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
27596 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
27597 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27598 	kmem_free(subcode, sizeof (struct cdrom_subcode));
27599 	kmem_free(com, sizeof (*com));
27600 	return (rval);
27601 }
27602 
27603 
27604 /*
27605  *    Function: sr_read_subchannel()
27606  *
27607  * Description: This routine is the driver entry point for handling CD-ROM
27608  *		ioctl requests to return the Q sub-channel data of the CD
27609  *		current position block. (CDROMSUBCHNL) The data includes the
27610  *		track number, index number, absolute CD-ROM address (LBA or MSF
27611  *		format per the user) , track relative CD-ROM address (LBA or MSF
27612  *		format per the user), control data and audio status.
27613  *
27614  *   Arguments: dev	- the device 'dev_t'
27615  *		data	- pointer to user provided cdrom sub-channel structure
27616  *		flag	- this argument is a pass through to ddi_copyxxx()
27617  *		          directly from the mode argument of ioctl().
27618  *
27619  * Return Code: the code returned by sd_send_scsi_cmd()
27620  *		EFAULT if ddi_copyxxx() fails
27621  *		ENXIO if fail ddi_get_soft_state
27622  *		EINVAL if data pointer is NULL
27623  */
27624 
27625 static int
27626 sr_read_subchannel(dev_t dev, caddr_t data, int flag)
27627 {
27628 	struct sd_lun		*un;
27629 	struct uscsi_cmd	*com;
27630 	struct cdrom_subchnl	subchanel;
27631 	struct cdrom_subchnl	*subchnl = &subchanel;
27632 	char			cdb[CDB_GROUP1];
27633 	caddr_t			buffer;
27634 	int			rval;
27635 
27636 	if (data == NULL) {
27637 		return (EINVAL);
27638 	}
27639 
27640 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27641 	    (un->un_state == SD_STATE_OFFLINE)) {
27642 		return (ENXIO);
27643 	}
27644 
27645 	if (ddi_copyin(data, subchnl, sizeof (struct cdrom_subchnl), flag)) {
27646 		return (EFAULT);
27647 	}
27648 
27649 	buffer = kmem_zalloc((size_t)16, KM_SLEEP);
27650 	bzero(cdb, CDB_GROUP1);
27651 	cdb[0] = SCMD_READ_SUBCHANNEL;
27652 	/* Set the MSF bit based on the user requested address format */
27653 	cdb[1] = (subchnl->cdsc_format & CDROM_LBA) ? 0 : 0x02;
27654 	/*
27655 	 * Set the Q bit in byte 2 to indicate that Q sub-channel data be
27656 	 * returned
27657 	 */
27658 	cdb[2] = 0x40;
27659 	/*
27660 	 * Set byte 3 to specify the return data format. A value of 0x01
27661 	 * indicates that the CD-ROM current position should be returned.
27662 	 */
27663 	cdb[3] = 0x01;
27664 	cdb[8] = 0x10;
27665 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27666 	com->uscsi_cdb	   = cdb;
27667 	com->uscsi_cdblen  = CDB_GROUP1;
27668 	com->uscsi_bufaddr = buffer;
27669 	com->uscsi_buflen  = 16;
27670 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
27671 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27672 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27673 	if (rval != 0) {
27674 		kmem_free(buffer, 16);
27675 		kmem_free(com, sizeof (*com));
27676 		return (rval);
27677 	}
27678 
27679 	/* Process the returned Q sub-channel data */
27680 	subchnl->cdsc_audiostatus = buffer[1];
27681 	subchnl->cdsc_adr	= (buffer[5] & 0xF0);
27682 	subchnl->cdsc_ctrl	= (buffer[5] & 0x0F);
27683 	subchnl->cdsc_trk	= buffer[6];
27684 	subchnl->cdsc_ind	= buffer[7];
27685 	if (subchnl->cdsc_format & CDROM_LBA) {
27686 		subchnl->cdsc_absaddr.lba =
27687 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
27688 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
27689 		subchnl->cdsc_reladdr.lba =
27690 		    ((uchar_t)buffer[12] << 24) + ((uchar_t)buffer[13] << 16) +
27691 		    ((uchar_t)buffer[14] << 8) + ((uchar_t)buffer[15]);
27692 	} else if (un->un_f_cfg_readsub_bcd == TRUE) {
27693 		subchnl->cdsc_absaddr.msf.minute = BCD_TO_BYTE(buffer[9]);
27694 		subchnl->cdsc_absaddr.msf.second = BCD_TO_BYTE(buffer[10]);
27695 		subchnl->cdsc_absaddr.msf.frame  = BCD_TO_BYTE(buffer[11]);
27696 		subchnl->cdsc_reladdr.msf.minute = BCD_TO_BYTE(buffer[13]);
27697 		subchnl->cdsc_reladdr.msf.second = BCD_TO_BYTE(buffer[14]);
27698 		subchnl->cdsc_reladdr.msf.frame  = BCD_TO_BYTE(buffer[15]);
27699 	} else {
27700 		subchnl->cdsc_absaddr.msf.minute = buffer[9];
27701 		subchnl->cdsc_absaddr.msf.second = buffer[10];
27702 		subchnl->cdsc_absaddr.msf.frame  = buffer[11];
27703 		subchnl->cdsc_reladdr.msf.minute = buffer[13];
27704 		subchnl->cdsc_reladdr.msf.second = buffer[14];
27705 		subchnl->cdsc_reladdr.msf.frame  = buffer[15];
27706 	}
27707 	kmem_free(buffer, 16);
27708 	kmem_free(com, sizeof (*com));
27709 	if (ddi_copyout(subchnl, data, sizeof (struct cdrom_subchnl), flag)
27710 	    != 0) {
27711 		return (EFAULT);
27712 	}
27713 	return (rval);
27714 }
27715 
27716 
27717 /*
27718  *    Function: sr_read_tocentry()
27719  *
27720  * Description: This routine is the driver entry point for handling CD-ROM
27721  *		ioctl requests to read from the Table of Contents (TOC)
27722  *		(CDROMREADTOCENTRY). This routine provides the ADR and CTRL
27723  *		fields, the starting address (LBA or MSF format per the user)
27724  *		and the data mode if the user specified track is a data track.
27725  *
27726  *		Note: The READ HEADER (0x44) command used in this routine is
27727  *		obsolete per the SCSI MMC spec but still supported in the
27728  *		MT FUJI vendor spec. Most equipment is adhereing to MT FUJI
27729  *		therefore the command is still implemented in this routine.
27730  *
27731  *   Arguments: dev	- the device 'dev_t'
27732  *		data	- pointer to user provided toc entry structure,
27733  *			  specifying the track # and the address format
27734  *			  (LBA or MSF).
27735  *		flag	- this argument is a pass through to ddi_copyxxx()
27736  *		          directly from the mode argument of ioctl().
27737  *
27738  * Return Code: the code returned by sd_send_scsi_cmd()
27739  *		EFAULT if ddi_copyxxx() fails
27740  *		ENXIO if fail ddi_get_soft_state
27741  *		EINVAL if data pointer is NULL
27742  */
27743 
27744 static int
27745 sr_read_tocentry(dev_t dev, caddr_t data, int flag)
27746 {
27747 	struct sd_lun		*un = NULL;
27748 	struct uscsi_cmd	*com;
27749 	struct cdrom_tocentry	toc_entry;
27750 	struct cdrom_tocentry	*entry = &toc_entry;
27751 	caddr_t			buffer;
27752 	int			rval;
27753 	char			cdb[CDB_GROUP1];
27754 
27755 	if (data == NULL) {
27756 		return (EINVAL);
27757 	}
27758 
27759 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27760 	    (un->un_state == SD_STATE_OFFLINE)) {
27761 		return (ENXIO);
27762 	}
27763 
27764 	if (ddi_copyin(data, entry, sizeof (struct cdrom_tocentry), flag)) {
27765 		return (EFAULT);
27766 	}
27767 
27768 	/* Validate the requested track and address format */
27769 	if (!(entry->cdte_format & (CDROM_LBA | CDROM_MSF))) {
27770 		return (EINVAL);
27771 	}
27772 
27773 	if (entry->cdte_track == 0) {
27774 		return (EINVAL);
27775 	}
27776 
27777 	buffer = kmem_zalloc((size_t)12, KM_SLEEP);
27778 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27779 	bzero(cdb, CDB_GROUP1);
27780 
27781 	cdb[0] = SCMD_READ_TOC;
27782 	/* Set the MSF bit based on the user requested address format  */
27783 	cdb[1] = ((entry->cdte_format & CDROM_LBA) ? 0 : 2);
27784 	if (un->un_f_cfg_read_toc_trk_bcd == TRUE) {
27785 		cdb[6] = BYTE_TO_BCD(entry->cdte_track);
27786 	} else {
27787 		cdb[6] = entry->cdte_track;
27788 	}
27789 
27790 	/*
27791 	 * Bytes 7 & 8 are the 12 byte allocation length for a single entry.
27792 	 * (4 byte TOC response header + 8 byte track descriptor)
27793 	 */
27794 	cdb[8] = 12;
27795 	com->uscsi_cdb	   = cdb;
27796 	com->uscsi_cdblen  = CDB_GROUP1;
27797 	com->uscsi_bufaddr = buffer;
27798 	com->uscsi_buflen  = 0x0C;
27799 	com->uscsi_flags   = (USCSI_DIAGNOSE | USCSI_SILENT | USCSI_READ);
27800 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27801 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27802 	if (rval != 0) {
27803 		kmem_free(buffer, 12);
27804 		kmem_free(com, sizeof (*com));
27805 		return (rval);
27806 	}
27807 
27808 	/* Process the toc entry */
27809 	entry->cdte_adr		= (buffer[5] & 0xF0) >> 4;
27810 	entry->cdte_ctrl	= (buffer[5] & 0x0F);
27811 	if (entry->cdte_format & CDROM_LBA) {
27812 		entry->cdte_addr.lba =
27813 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
27814 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
27815 	} else if (un->un_f_cfg_read_toc_addr_bcd == TRUE) {
27816 		entry->cdte_addr.msf.minute	= BCD_TO_BYTE(buffer[9]);
27817 		entry->cdte_addr.msf.second	= BCD_TO_BYTE(buffer[10]);
27818 		entry->cdte_addr.msf.frame	= BCD_TO_BYTE(buffer[11]);
27819 		/*
27820 		 * Send a READ TOC command using the LBA address format to get
27821 		 * the LBA for the track requested so it can be used in the
27822 		 * READ HEADER request
27823 		 *
27824 		 * Note: The MSF bit of the READ HEADER command specifies the
27825 		 * output format. The block address specified in that command
27826 		 * must be in LBA format.
27827 		 */
27828 		cdb[1] = 0;
27829 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27830 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27831 		if (rval != 0) {
27832 			kmem_free(buffer, 12);
27833 			kmem_free(com, sizeof (*com));
27834 			return (rval);
27835 		}
27836 	} else {
27837 		entry->cdte_addr.msf.minute	= buffer[9];
27838 		entry->cdte_addr.msf.second	= buffer[10];
27839 		entry->cdte_addr.msf.frame	= buffer[11];
27840 		/*
27841 		 * Send a READ TOC command using the LBA address format to get
27842 		 * the LBA for the track requested so it can be used in the
27843 		 * READ HEADER request
27844 		 *
27845 		 * Note: The MSF bit of the READ HEADER command specifies the
27846 		 * output format. The block address specified in that command
27847 		 * must be in LBA format.
27848 		 */
27849 		cdb[1] = 0;
27850 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27851 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27852 		if (rval != 0) {
27853 			kmem_free(buffer, 12);
27854 			kmem_free(com, sizeof (*com));
27855 			return (rval);
27856 		}
27857 	}
27858 
27859 	/*
27860 	 * Build and send the READ HEADER command to determine the data mode of
27861 	 * the user specified track.
27862 	 */
27863 	if ((entry->cdte_ctrl & CDROM_DATA_TRACK) &&
27864 	    (entry->cdte_track != CDROM_LEADOUT)) {
27865 		bzero(cdb, CDB_GROUP1);
27866 		cdb[0] = SCMD_READ_HEADER;
27867 		cdb[2] = buffer[8];
27868 		cdb[3] = buffer[9];
27869 		cdb[4] = buffer[10];
27870 		cdb[5] = buffer[11];
27871 		cdb[8] = 0x08;
27872 		com->uscsi_buflen = 0x08;
27873 		rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27874 		    UIO_SYSSPACE, SD_PATH_STANDARD);
27875 		if (rval == 0) {
27876 			entry->cdte_datamode = buffer[0];
27877 		} else {
27878 			/*
27879 			 * READ HEADER command failed, since this is
27880 			 * obsoleted in one spec, its better to return
27881 			 * -1 for an invlid track so that we can still
27882 			 * recieve the rest of the TOC data.
27883 			 */
27884 			entry->cdte_datamode = (uchar_t)-1;
27885 		}
27886 	} else {
27887 		entry->cdte_datamode = (uchar_t)-1;
27888 	}
27889 
27890 	kmem_free(buffer, 12);
27891 	kmem_free(com, sizeof (*com));
27892 	if (ddi_copyout(entry, data, sizeof (struct cdrom_tocentry), flag) != 0)
27893 		return (EFAULT);
27894 
27895 	return (rval);
27896 }
27897 
27898 
27899 /*
27900  *    Function: sr_read_tochdr()
27901  *
27902  * Description: This routine is the driver entry point for handling CD-ROM
27903  * 		ioctl requests to read the Table of Contents (TOC) header
27904  *		(CDROMREADTOHDR). The TOC header consists of the disk starting
27905  *		and ending track numbers
27906  *
27907  *   Arguments: dev	- the device 'dev_t'
27908  *		data	- pointer to user provided toc header structure,
27909  *			  specifying the starting and ending track numbers.
27910  *		flag	- this argument is a pass through to ddi_copyxxx()
27911  *			  directly from the mode argument of ioctl().
27912  *
27913  * Return Code: the code returned by sd_send_scsi_cmd()
27914  *		EFAULT if ddi_copyxxx() fails
27915  *		ENXIO if fail ddi_get_soft_state
27916  *		EINVAL if data pointer is NULL
27917  */
27918 
27919 static int
27920 sr_read_tochdr(dev_t dev, caddr_t data, int flag)
27921 {
27922 	struct sd_lun		*un;
27923 	struct uscsi_cmd	*com;
27924 	struct cdrom_tochdr	toc_header;
27925 	struct cdrom_tochdr	*hdr = &toc_header;
27926 	char			cdb[CDB_GROUP1];
27927 	int			rval;
27928 	caddr_t			buffer;
27929 
27930 	if (data == NULL) {
27931 		return (EINVAL);
27932 	}
27933 
27934 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
27935 	    (un->un_state == SD_STATE_OFFLINE)) {
27936 		return (ENXIO);
27937 	}
27938 
27939 	buffer = kmem_zalloc(4, KM_SLEEP);
27940 	bzero(cdb, CDB_GROUP1);
27941 	cdb[0] = SCMD_READ_TOC;
27942 	/*
27943 	 * Specifying a track number of 0x00 in the READ TOC command indicates
27944 	 * that the TOC header should be returned
27945 	 */
27946 	cdb[6] = 0x00;
27947 	/*
27948 	 * Bytes 7 & 8 are the 4 byte allocation length for TOC header.
27949 	 * (2 byte data len + 1 byte starting track # + 1 byte ending track #)
27950 	 */
27951 	cdb[8] = 0x04;
27952 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
27953 	com->uscsi_cdb	   = cdb;
27954 	com->uscsi_cdblen  = CDB_GROUP1;
27955 	com->uscsi_bufaddr = buffer;
27956 	com->uscsi_buflen  = 0x04;
27957 	com->uscsi_timeout = 300;
27958 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
27959 
27960 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
27961 	    UIO_SYSSPACE, SD_PATH_STANDARD);
27962 	if (un->un_f_cfg_read_toc_trk_bcd == TRUE) {
27963 		hdr->cdth_trk0 = BCD_TO_BYTE(buffer[2]);
27964 		hdr->cdth_trk1 = BCD_TO_BYTE(buffer[3]);
27965 	} else {
27966 		hdr->cdth_trk0 = buffer[2];
27967 		hdr->cdth_trk1 = buffer[3];
27968 	}
27969 	kmem_free(buffer, 4);
27970 	kmem_free(com, sizeof (*com));
27971 	if (ddi_copyout(hdr, data, sizeof (struct cdrom_tochdr), flag) != 0) {
27972 		return (EFAULT);
27973 	}
27974 	return (rval);
27975 }
27976 
27977 
27978 /*
27979  * Note: The following sr_read_mode1(), sr_read_cd_mode2(), sr_read_mode2(),
27980  * sr_read_cdda(), sr_read_cdxa(), routines implement driver support for
27981  * handling CDROMREAD ioctl requests for mode 1 user data, mode 2 user data,
27982  * digital audio and extended architecture digital audio. These modes are
27983  * defined in the IEC908 (Red Book), ISO10149 (Yellow Book), and the SCSI3
27984  * MMC specs.
27985  *
27986  * In addition to support for the various data formats these routines also
27987  * include support for devices that implement only the direct access READ
27988  * commands (0x08, 0x28), devices that implement the READ_CD commands
27989  * (0xBE, 0xD4), and devices that implement the vendor unique READ CDDA and
27990  * READ CDXA commands (0xD8, 0xDB)
27991  */
27992 
27993 /*
27994  *    Function: sr_read_mode1()
27995  *
27996  * Description: This routine is the driver entry point for handling CD-ROM
27997  *		ioctl read mode1 requests (CDROMREADMODE1).
27998  *
27999  *   Arguments: dev	- the device 'dev_t'
28000  *		data	- pointer to user provided cd read structure specifying
28001  *			  the lba buffer address and length.
28002  *		flag	- this argument is a pass through to ddi_copyxxx()
28003  *			  directly from the mode argument of ioctl().
28004  *
28005  * Return Code: the code returned by sd_send_scsi_cmd()
28006  *		EFAULT if ddi_copyxxx() fails
28007  *		ENXIO if fail ddi_get_soft_state
28008  *		EINVAL if data pointer is NULL
28009  */
28010 
28011 static int
28012 sr_read_mode1(dev_t dev, caddr_t data, int flag)
28013 {
28014 	struct sd_lun		*un;
28015 	struct cdrom_read	mode1_struct;
28016 	struct cdrom_read	*mode1 = &mode1_struct;
28017 	int			rval;
28018 #ifdef _MULTI_DATAMODEL
28019 	/* To support ILP32 applications in an LP64 world */
28020 	struct cdrom_read32	cdrom_read32;
28021 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28022 #endif /* _MULTI_DATAMODEL */
28023 
28024 	if (data == NULL) {
28025 		return (EINVAL);
28026 	}
28027 
28028 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28029 	    (un->un_state == SD_STATE_OFFLINE)) {
28030 		return (ENXIO);
28031 	}
28032 
28033 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28034 	    "sd_read_mode1: entry: un:0x%p\n", un);
28035 
28036 #ifdef _MULTI_DATAMODEL
28037 	switch (ddi_model_convert_from(flag & FMODELS)) {
28038 	case DDI_MODEL_ILP32:
28039 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28040 			return (EFAULT);
28041 		}
28042 		/* Convert the ILP32 uscsi data from the application to LP64 */
28043 		cdrom_read32tocdrom_read(cdrd32, mode1);
28044 		break;
28045 	case DDI_MODEL_NONE:
28046 		if (ddi_copyin(data, mode1, sizeof (struct cdrom_read), flag)) {
28047 			return (EFAULT);
28048 		}
28049 	}
28050 #else /* ! _MULTI_DATAMODEL */
28051 	if (ddi_copyin(data, mode1, sizeof (struct cdrom_read), flag)) {
28052 		return (EFAULT);
28053 	}
28054 #endif /* _MULTI_DATAMODEL */
28055 
28056 	rval = sd_send_scsi_READ(un, mode1->cdread_bufaddr,
28057 	    mode1->cdread_buflen, mode1->cdread_lba, SD_PATH_STANDARD);
28058 
28059 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28060 	    "sd_read_mode1: exit: un:0x%p\n", un);
28061 
28062 	return (rval);
28063 }
28064 
28065 
28066 /*
28067  *    Function: sr_read_cd_mode2()
28068  *
28069  * Description: This routine is the driver entry point for handling CD-ROM
28070  *		ioctl read mode2 requests (CDROMREADMODE2) for devices that
28071  *		support the READ CD (0xBE) command or the 1st generation
28072  *		READ CD (0xD4) command.
28073  *
28074  *   Arguments: dev	- the device 'dev_t'
28075  *		data	- pointer to user provided cd read structure specifying
28076  *			  the lba buffer address and length.
28077  *		flag	- this argument is a pass through to ddi_copyxxx()
28078  *			  directly from the mode argument of ioctl().
28079  *
28080  * Return Code: the code returned by sd_send_scsi_cmd()
28081  *		EFAULT if ddi_copyxxx() fails
28082  *		ENXIO if fail ddi_get_soft_state
28083  *		EINVAL if data pointer is NULL
28084  */
28085 
28086 static int
28087 sr_read_cd_mode2(dev_t dev, caddr_t data, int flag)
28088 {
28089 	struct sd_lun		*un;
28090 	struct uscsi_cmd	*com;
28091 	struct cdrom_read	mode2_struct;
28092 	struct cdrom_read	*mode2 = &mode2_struct;
28093 	uchar_t			cdb[CDB_GROUP5];
28094 	int			nblocks;
28095 	int			rval;
28096 #ifdef _MULTI_DATAMODEL
28097 	/*  To support ILP32 applications in an LP64 world */
28098 	struct cdrom_read32	cdrom_read32;
28099 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28100 #endif /* _MULTI_DATAMODEL */
28101 
28102 	if (data == NULL) {
28103 		return (EINVAL);
28104 	}
28105 
28106 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28107 	    (un->un_state == SD_STATE_OFFLINE)) {
28108 		return (ENXIO);
28109 	}
28110 
28111 #ifdef _MULTI_DATAMODEL
28112 	switch (ddi_model_convert_from(flag & FMODELS)) {
28113 	case DDI_MODEL_ILP32:
28114 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28115 			return (EFAULT);
28116 		}
28117 		/* Convert the ILP32 uscsi data from the application to LP64 */
28118 		cdrom_read32tocdrom_read(cdrd32, mode2);
28119 		break;
28120 	case DDI_MODEL_NONE:
28121 		if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28122 			return (EFAULT);
28123 		}
28124 		break;
28125 	}
28126 
28127 #else /* ! _MULTI_DATAMODEL */
28128 	if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28129 		return (EFAULT);
28130 	}
28131 #endif /* _MULTI_DATAMODEL */
28132 
28133 	bzero(cdb, sizeof (cdb));
28134 	if (un->un_f_cfg_read_cd_xd4 == TRUE) {
28135 		/* Read command supported by 1st generation atapi drives */
28136 		cdb[0] = SCMD_READ_CDD4;
28137 	} else {
28138 		/* Universal CD Access Command */
28139 		cdb[0] = SCMD_READ_CD;
28140 	}
28141 
28142 	/*
28143 	 * Set expected sector type to: 2336s byte, Mode 2 Yellow Book
28144 	 */
28145 	cdb[1] = CDROM_SECTOR_TYPE_MODE2;
28146 
28147 	/* set the start address */
28148 	cdb[2] = (uchar_t)((mode2->cdread_lba >> 24) & 0XFF);
28149 	cdb[3] = (uchar_t)((mode2->cdread_lba >> 16) & 0XFF);
28150 	cdb[4] = (uchar_t)((mode2->cdread_lba >> 8) & 0xFF);
28151 	cdb[5] = (uchar_t)(mode2->cdread_lba & 0xFF);
28152 
28153 	/* set the transfer length */
28154 	nblocks = mode2->cdread_buflen / 2336;
28155 	cdb[6] = (uchar_t)(nblocks >> 16);
28156 	cdb[7] = (uchar_t)(nblocks >> 8);
28157 	cdb[8] = (uchar_t)nblocks;
28158 
28159 	/* set the filter bits */
28160 	cdb[9] = CDROM_READ_CD_USERDATA;
28161 
28162 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28163 	com->uscsi_cdb = (caddr_t)cdb;
28164 	com->uscsi_cdblen = sizeof (cdb);
28165 	com->uscsi_bufaddr = mode2->cdread_bufaddr;
28166 	com->uscsi_buflen = mode2->cdread_buflen;
28167 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28168 
28169 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28170 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28171 	kmem_free(com, sizeof (*com));
28172 	return (rval);
28173 }
28174 
28175 
28176 /*
28177  *    Function: sr_read_mode2()
28178  *
28179  * Description: This routine is the driver entry point for handling CD-ROM
28180  *		ioctl read mode2 requests (CDROMREADMODE2) for devices that
28181  *		do not support the READ CD (0xBE) command.
28182  *
28183  *   Arguments: dev	- the device 'dev_t'
28184  *		data	- pointer to user provided cd read structure specifying
28185  *			  the lba buffer address and length.
28186  *		flag	- this argument is a pass through to ddi_copyxxx()
28187  *			  directly from the mode argument of ioctl().
28188  *
28189  * Return Code: the code returned by sd_send_scsi_cmd()
28190  *		EFAULT if ddi_copyxxx() fails
28191  *		ENXIO if fail ddi_get_soft_state
28192  *		EINVAL if data pointer is NULL
28193  *		EIO if fail to reset block size
28194  *		EAGAIN if commands are in progress in the driver
28195  */
28196 
28197 static int
28198 sr_read_mode2(dev_t dev, caddr_t data, int flag)
28199 {
28200 	struct sd_lun		*un;
28201 	struct cdrom_read	mode2_struct;
28202 	struct cdrom_read	*mode2 = &mode2_struct;
28203 	int			rval;
28204 	uint32_t		restore_blksize;
28205 	struct uscsi_cmd	*com;
28206 	uchar_t			cdb[CDB_GROUP0];
28207 	int			nblocks;
28208 
28209 #ifdef _MULTI_DATAMODEL
28210 	/* To support ILP32 applications in an LP64 world */
28211 	struct cdrom_read32	cdrom_read32;
28212 	struct cdrom_read32	*cdrd32 = &cdrom_read32;
28213 #endif /* _MULTI_DATAMODEL */
28214 
28215 	if (data == NULL) {
28216 		return (EINVAL);
28217 	}
28218 
28219 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28220 	    (un->un_state == SD_STATE_OFFLINE)) {
28221 		return (ENXIO);
28222 	}
28223 
28224 	/*
28225 	 * Because this routine will update the device and driver block size
28226 	 * being used we want to make sure there are no commands in progress.
28227 	 * If commands are in progress the user will have to try again.
28228 	 *
28229 	 * We check for 1 instead of 0 because we increment un_ncmds_in_driver
28230 	 * in sdioctl to protect commands from sdioctl through to the top of
28231 	 * sd_uscsi_strategy. See sdioctl for details.
28232 	 */
28233 	mutex_enter(SD_MUTEX(un));
28234 	if (un->un_ncmds_in_driver != 1) {
28235 		mutex_exit(SD_MUTEX(un));
28236 		return (EAGAIN);
28237 	}
28238 	mutex_exit(SD_MUTEX(un));
28239 
28240 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28241 	    "sd_read_mode2: entry: un:0x%p\n", un);
28242 
28243 #ifdef _MULTI_DATAMODEL
28244 	switch (ddi_model_convert_from(flag & FMODELS)) {
28245 	case DDI_MODEL_ILP32:
28246 		if (ddi_copyin(data, cdrd32, sizeof (*cdrd32), flag) != 0) {
28247 			return (EFAULT);
28248 		}
28249 		/* Convert the ILP32 uscsi data from the application to LP64 */
28250 		cdrom_read32tocdrom_read(cdrd32, mode2);
28251 		break;
28252 	case DDI_MODEL_NONE:
28253 		if (ddi_copyin(data, mode2, sizeof (*mode2), flag) != 0) {
28254 			return (EFAULT);
28255 		}
28256 		break;
28257 	}
28258 #else /* ! _MULTI_DATAMODEL */
28259 	if (ddi_copyin(data, mode2, sizeof (*mode2), flag)) {
28260 		return (EFAULT);
28261 	}
28262 #endif /* _MULTI_DATAMODEL */
28263 
28264 	/* Store the current target block size for restoration later */
28265 	restore_blksize = un->un_tgt_blocksize;
28266 
28267 	/* Change the device and soft state target block size to 2336 */
28268 	if (sr_sector_mode(dev, SD_MODE2_BLKSIZE) != 0) {
28269 		rval = EIO;
28270 		goto done;
28271 	}
28272 
28273 
28274 	bzero(cdb, sizeof (cdb));
28275 
28276 	/* set READ operation */
28277 	cdb[0] = SCMD_READ;
28278 
28279 	/* adjust lba for 2kbyte blocks from 512 byte blocks */
28280 	mode2->cdread_lba >>= 2;
28281 
28282 	/* set the start address */
28283 	cdb[1] = (uchar_t)((mode2->cdread_lba >> 16) & 0X1F);
28284 	cdb[2] = (uchar_t)((mode2->cdread_lba >> 8) & 0xFF);
28285 	cdb[3] = (uchar_t)(mode2->cdread_lba & 0xFF);
28286 
28287 	/* set the transfer length */
28288 	nblocks = mode2->cdread_buflen / 2336;
28289 	cdb[4] = (uchar_t)nblocks & 0xFF;
28290 
28291 	/* build command */
28292 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28293 	com->uscsi_cdb = (caddr_t)cdb;
28294 	com->uscsi_cdblen = sizeof (cdb);
28295 	com->uscsi_bufaddr = mode2->cdread_bufaddr;
28296 	com->uscsi_buflen = mode2->cdread_buflen;
28297 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28298 
28299 	/*
28300 	 * Issue SCSI command with user space address for read buffer.
28301 	 *
28302 	 * This sends the command through main channel in the driver.
28303 	 *
28304 	 * Since this is accessed via an IOCTL call, we go through the
28305 	 * standard path, so that if the device was powered down, then
28306 	 * it would be 'awakened' to handle the command.
28307 	 */
28308 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28309 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28310 
28311 	kmem_free(com, sizeof (*com));
28312 
28313 	/* Restore the device and soft state target block size */
28314 	if (sr_sector_mode(dev, restore_blksize) != 0) {
28315 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28316 		    "can't do switch back to mode 1\n");
28317 		/*
28318 		 * If sd_send_scsi_READ succeeded we still need to report
28319 		 * an error because we failed to reset the block size
28320 		 */
28321 		if (rval == 0) {
28322 			rval = EIO;
28323 		}
28324 	}
28325 
28326 done:
28327 	SD_TRACE(SD_LOG_ATTACH_DETACH, un,
28328 	    "sd_read_mode2: exit: un:0x%p\n", un);
28329 
28330 	return (rval);
28331 }
28332 
28333 
28334 /*
28335  *    Function: sr_sector_mode()
28336  *
28337  * Description: This utility function is used by sr_read_mode2 to set the target
28338  *		block size based on the user specified size. This is a legacy
28339  *		implementation based upon a vendor specific mode page
28340  *
28341  *   Arguments: dev	- the device 'dev_t'
28342  *		data	- flag indicating if block size is being set to 2336 or
28343  *			  512.
28344  *
28345  * Return Code: the code returned by sd_send_scsi_cmd()
28346  *		EFAULT if ddi_copyxxx() fails
28347  *		ENXIO if fail ddi_get_soft_state
28348  *		EINVAL if data pointer is NULL
28349  */
28350 
28351 static int
28352 sr_sector_mode(dev_t dev, uint32_t blksize)
28353 {
28354 	struct sd_lun	*un;
28355 	uchar_t		*sense;
28356 	uchar_t		*select;
28357 	int		rval;
28358 
28359 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28360 	    (un->un_state == SD_STATE_OFFLINE)) {
28361 		return (ENXIO);
28362 	}
28363 
28364 	sense = kmem_zalloc(20, KM_SLEEP);
28365 
28366 	/* Note: This is a vendor specific mode page (0x81) */
28367 	if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense, 20, 0x81,
28368 	    SD_PATH_STANDARD)) != 0) {
28369 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28370 		    "sr_sector_mode: Mode Sense failed\n");
28371 		kmem_free(sense, 20);
28372 		return (rval);
28373 	}
28374 	select = kmem_zalloc(20, KM_SLEEP);
28375 	select[3] = 0x08;
28376 	select[10] = ((blksize >> 8) & 0xff);
28377 	select[11] = (blksize & 0xff);
28378 	select[12] = 0x01;
28379 	select[13] = 0x06;
28380 	select[14] = sense[14];
28381 	select[15] = sense[15];
28382 	if (blksize == SD_MODE2_BLKSIZE) {
28383 		select[14] |= 0x01;
28384 	}
28385 
28386 	if ((rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select, 20,
28387 	    SD_DONTSAVE_PAGE, SD_PATH_STANDARD)) != 0) {
28388 		SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28389 		    "sr_sector_mode: Mode Select failed\n");
28390 	} else {
28391 		/*
28392 		 * Only update the softstate block size if we successfully
28393 		 * changed the device block mode.
28394 		 */
28395 		mutex_enter(SD_MUTEX(un));
28396 		sd_update_block_info(un, blksize, 0);
28397 		mutex_exit(SD_MUTEX(un));
28398 	}
28399 	kmem_free(sense, 20);
28400 	kmem_free(select, 20);
28401 	return (rval);
28402 }
28403 
28404 
28405 /*
28406  *    Function: sr_read_cdda()
28407  *
28408  * Description: This routine is the driver entry point for handling CD-ROM
28409  *		ioctl requests to return CD-DA or subcode data. (CDROMCDDA) If
28410  *		the target supports CDDA these requests are handled via a vendor
28411  *		specific command (0xD8) If the target does not support CDDA
28412  *		these requests are handled via the READ CD command (0xBE).
28413  *
28414  *   Arguments: dev	- the device 'dev_t'
28415  *		data	- pointer to user provided CD-DA structure specifying
28416  *			  the track starting address, transfer length, and
28417  *			  subcode options.
28418  *		flag	- this argument is a pass through to ddi_copyxxx()
28419  *			  directly from the mode argument of ioctl().
28420  *
28421  * Return Code: the code returned by sd_send_scsi_cmd()
28422  *		EFAULT if ddi_copyxxx() fails
28423  *		ENXIO if fail ddi_get_soft_state
28424  *		EINVAL if invalid arguments are provided
28425  *		ENOTTY
28426  */
28427 
28428 static int
28429 sr_read_cdda(dev_t dev, caddr_t data, int flag)
28430 {
28431 	struct sd_lun			*un;
28432 	struct uscsi_cmd		*com;
28433 	struct cdrom_cdda		*cdda;
28434 	int				rval;
28435 	size_t				buflen;
28436 	char				cdb[CDB_GROUP5];
28437 
28438 #ifdef _MULTI_DATAMODEL
28439 	/* To support ILP32 applications in an LP64 world */
28440 	struct cdrom_cdda32	cdrom_cdda32;
28441 	struct cdrom_cdda32	*cdda32 = &cdrom_cdda32;
28442 #endif /* _MULTI_DATAMODEL */
28443 
28444 	if (data == NULL) {
28445 		return (EINVAL);
28446 	}
28447 
28448 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28449 		return (ENXIO);
28450 	}
28451 
28452 	cdda = kmem_zalloc(sizeof (struct cdrom_cdda), KM_SLEEP);
28453 
28454 #ifdef _MULTI_DATAMODEL
28455 	switch (ddi_model_convert_from(flag & FMODELS)) {
28456 	case DDI_MODEL_ILP32:
28457 		if (ddi_copyin(data, cdda32, sizeof (*cdda32), flag)) {
28458 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28459 			    "sr_read_cdda: ddi_copyin Failed\n");
28460 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28461 			return (EFAULT);
28462 		}
28463 		/* Convert the ILP32 uscsi data from the application to LP64 */
28464 		cdrom_cdda32tocdrom_cdda(cdda32, cdda);
28465 		break;
28466 	case DDI_MODEL_NONE:
28467 		if (ddi_copyin(data, cdda, sizeof (struct cdrom_cdda), flag)) {
28468 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28469 			    "sr_read_cdda: ddi_copyin Failed\n");
28470 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28471 			return (EFAULT);
28472 		}
28473 		break;
28474 	}
28475 #else /* ! _MULTI_DATAMODEL */
28476 	if (ddi_copyin(data, cdda, sizeof (struct cdrom_cdda), flag)) {
28477 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28478 		    "sr_read_cdda: ddi_copyin Failed\n");
28479 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28480 		return (EFAULT);
28481 	}
28482 #endif /* _MULTI_DATAMODEL */
28483 
28484 	/*
28485 	 * Since MMC-2 expects max 3 bytes for length, check if the
28486 	 * length input is greater than 3 bytes
28487 	 */
28488 	if ((cdda->cdda_length & 0xFF000000) != 0) {
28489 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_read_cdda: "
28490 		    "cdrom transfer length too large: %d (limit %d)\n",
28491 		    cdda->cdda_length, 0xFFFFFF);
28492 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28493 		return (EINVAL);
28494 	}
28495 
28496 	switch (cdda->cdda_subcode) {
28497 	case CDROM_DA_NO_SUBCODE:
28498 		buflen = CDROM_BLK_2352 * cdda->cdda_length;
28499 		break;
28500 	case CDROM_DA_SUBQ:
28501 		buflen = CDROM_BLK_2368 * cdda->cdda_length;
28502 		break;
28503 	case CDROM_DA_ALL_SUBCODE:
28504 		buflen = CDROM_BLK_2448 * cdda->cdda_length;
28505 		break;
28506 	case CDROM_DA_SUBCODE_ONLY:
28507 		buflen = CDROM_BLK_SUBCODE * cdda->cdda_length;
28508 		break;
28509 	default:
28510 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28511 		    "sr_read_cdda: Subcode '0x%x' Not Supported\n",
28512 		    cdda->cdda_subcode);
28513 		kmem_free(cdda, sizeof (struct cdrom_cdda));
28514 		return (EINVAL);
28515 	}
28516 
28517 	/* Build and send the command */
28518 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28519 	bzero(cdb, CDB_GROUP5);
28520 
28521 	if (un->un_f_cfg_cdda == TRUE) {
28522 		cdb[0] = (char)SCMD_READ_CD;
28523 		cdb[1] = 0x04;
28524 		cdb[2] = (((cdda->cdda_addr) & 0xff000000) >> 24);
28525 		cdb[3] = (((cdda->cdda_addr) & 0x00ff0000) >> 16);
28526 		cdb[4] = (((cdda->cdda_addr) & 0x0000ff00) >> 8);
28527 		cdb[5] = ((cdda->cdda_addr) & 0x000000ff);
28528 		cdb[6] = (((cdda->cdda_length) & 0x00ff0000) >> 16);
28529 		cdb[7] = (((cdda->cdda_length) & 0x0000ff00) >> 8);
28530 		cdb[8] = ((cdda->cdda_length) & 0x000000ff);
28531 		cdb[9] = 0x10;
28532 		switch (cdda->cdda_subcode) {
28533 		case CDROM_DA_NO_SUBCODE :
28534 			cdb[10] = 0x0;
28535 			break;
28536 		case CDROM_DA_SUBQ :
28537 			cdb[10] = 0x2;
28538 			break;
28539 		case CDROM_DA_ALL_SUBCODE :
28540 			cdb[10] = 0x1;
28541 			break;
28542 		case CDROM_DA_SUBCODE_ONLY :
28543 			/* FALLTHROUGH */
28544 		default :
28545 			kmem_free(cdda, sizeof (struct cdrom_cdda));
28546 			kmem_free(com, sizeof (*com));
28547 			return (ENOTTY);
28548 		}
28549 	} else {
28550 		cdb[0] = (char)SCMD_READ_CDDA;
28551 		cdb[2] = (((cdda->cdda_addr) & 0xff000000) >> 24);
28552 		cdb[3] = (((cdda->cdda_addr) & 0x00ff0000) >> 16);
28553 		cdb[4] = (((cdda->cdda_addr) & 0x0000ff00) >> 8);
28554 		cdb[5] = ((cdda->cdda_addr) & 0x000000ff);
28555 		cdb[6] = (((cdda->cdda_length) & 0xff000000) >> 24);
28556 		cdb[7] = (((cdda->cdda_length) & 0x00ff0000) >> 16);
28557 		cdb[8] = (((cdda->cdda_length) & 0x0000ff00) >> 8);
28558 		cdb[9] = ((cdda->cdda_length) & 0x000000ff);
28559 		cdb[10] = cdda->cdda_subcode;
28560 	}
28561 
28562 	com->uscsi_cdb = cdb;
28563 	com->uscsi_cdblen = CDB_GROUP5;
28564 	com->uscsi_bufaddr = (caddr_t)cdda->cdda_data;
28565 	com->uscsi_buflen = buflen;
28566 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28567 
28568 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28569 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28570 
28571 	kmem_free(cdda, sizeof (struct cdrom_cdda));
28572 	kmem_free(com, sizeof (*com));
28573 	return (rval);
28574 }
28575 
28576 
28577 /*
28578  *    Function: sr_read_cdxa()
28579  *
28580  * Description: This routine is the driver entry point for handling CD-ROM
28581  *		ioctl requests to return CD-XA (Extended Architecture) data.
28582  *		(CDROMCDXA).
28583  *
28584  *   Arguments: dev	- the device 'dev_t'
28585  *		data	- pointer to user provided CD-XA structure specifying
28586  *			  the data starting address, transfer length, and format
28587  *		flag	- this argument is a pass through to ddi_copyxxx()
28588  *			  directly from the mode argument of ioctl().
28589  *
28590  * Return Code: the code returned by sd_send_scsi_cmd()
28591  *		EFAULT if ddi_copyxxx() fails
28592  *		ENXIO if fail ddi_get_soft_state
28593  *		EINVAL if data pointer is NULL
28594  */
28595 
28596 static int
28597 sr_read_cdxa(dev_t dev, caddr_t data, int flag)
28598 {
28599 	struct sd_lun		*un;
28600 	struct uscsi_cmd	*com;
28601 	struct cdrom_cdxa	*cdxa;
28602 	int			rval;
28603 	size_t			buflen;
28604 	char			cdb[CDB_GROUP5];
28605 	uchar_t			read_flags;
28606 
28607 #ifdef _MULTI_DATAMODEL
28608 	/* To support ILP32 applications in an LP64 world */
28609 	struct cdrom_cdxa32		cdrom_cdxa32;
28610 	struct cdrom_cdxa32		*cdxa32 = &cdrom_cdxa32;
28611 #endif /* _MULTI_DATAMODEL */
28612 
28613 	if (data == NULL) {
28614 		return (EINVAL);
28615 	}
28616 
28617 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28618 		return (ENXIO);
28619 	}
28620 
28621 	cdxa = kmem_zalloc(sizeof (struct cdrom_cdxa), KM_SLEEP);
28622 
28623 #ifdef _MULTI_DATAMODEL
28624 	switch (ddi_model_convert_from(flag & FMODELS)) {
28625 	case DDI_MODEL_ILP32:
28626 		if (ddi_copyin(data, cdxa32, sizeof (*cdxa32), flag)) {
28627 			kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28628 			return (EFAULT);
28629 		}
28630 		/*
28631 		 * Convert the ILP32 uscsi data from the
28632 		 * application to LP64 for internal use.
28633 		 */
28634 		cdrom_cdxa32tocdrom_cdxa(cdxa32, cdxa);
28635 		break;
28636 	case DDI_MODEL_NONE:
28637 		if (ddi_copyin(data, cdxa, sizeof (struct cdrom_cdxa), flag)) {
28638 			kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28639 			return (EFAULT);
28640 		}
28641 		break;
28642 	}
28643 #else /* ! _MULTI_DATAMODEL */
28644 	if (ddi_copyin(data, cdxa, sizeof (struct cdrom_cdxa), flag)) {
28645 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28646 		return (EFAULT);
28647 	}
28648 #endif /* _MULTI_DATAMODEL */
28649 
28650 	/*
28651 	 * Since MMC-2 expects max 3 bytes for length, check if the
28652 	 * length input is greater than 3 bytes
28653 	 */
28654 	if ((cdxa->cdxa_length & 0xFF000000) != 0) {
28655 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN, "sr_read_cdxa: "
28656 		    "cdrom transfer length too large: %d (limit %d)\n",
28657 		    cdxa->cdxa_length, 0xFFFFFF);
28658 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28659 		return (EINVAL);
28660 	}
28661 
28662 	switch (cdxa->cdxa_format) {
28663 	case CDROM_XA_DATA:
28664 		buflen = CDROM_BLK_2048 * cdxa->cdxa_length;
28665 		read_flags = 0x10;
28666 		break;
28667 	case CDROM_XA_SECTOR_DATA:
28668 		buflen = CDROM_BLK_2352 * cdxa->cdxa_length;
28669 		read_flags = 0xf8;
28670 		break;
28671 	case CDROM_XA_DATA_W_ERROR:
28672 		buflen = CDROM_BLK_2646 * cdxa->cdxa_length;
28673 		read_flags = 0xfc;
28674 		break;
28675 	default:
28676 		scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28677 		    "sr_read_cdxa: Format '0x%x' Not Supported\n",
28678 		    cdxa->cdxa_format);
28679 		kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28680 		return (EINVAL);
28681 	}
28682 
28683 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
28684 	bzero(cdb, CDB_GROUP5);
28685 	if (un->un_f_mmc_cap == TRUE) {
28686 		cdb[0] = (char)SCMD_READ_CD;
28687 		cdb[2] = (((cdxa->cdxa_addr) & 0xff000000) >> 24);
28688 		cdb[3] = (((cdxa->cdxa_addr) & 0x00ff0000) >> 16);
28689 		cdb[4] = (((cdxa->cdxa_addr) & 0x0000ff00) >> 8);
28690 		cdb[5] = ((cdxa->cdxa_addr) & 0x000000ff);
28691 		cdb[6] = (((cdxa->cdxa_length) & 0x00ff0000) >> 16);
28692 		cdb[7] = (((cdxa->cdxa_length) & 0x0000ff00) >> 8);
28693 		cdb[8] = ((cdxa->cdxa_length) & 0x000000ff);
28694 		cdb[9] = (char)read_flags;
28695 	} else {
28696 		/*
28697 		 * Note: A vendor specific command (0xDB) is being used her to
28698 		 * request a read of all subcodes.
28699 		 */
28700 		cdb[0] = (char)SCMD_READ_CDXA;
28701 		cdb[2] = (((cdxa->cdxa_addr) & 0xff000000) >> 24);
28702 		cdb[3] = (((cdxa->cdxa_addr) & 0x00ff0000) >> 16);
28703 		cdb[4] = (((cdxa->cdxa_addr) & 0x0000ff00) >> 8);
28704 		cdb[5] = ((cdxa->cdxa_addr) & 0x000000ff);
28705 		cdb[6] = (((cdxa->cdxa_length) & 0xff000000) >> 24);
28706 		cdb[7] = (((cdxa->cdxa_length) & 0x00ff0000) >> 16);
28707 		cdb[8] = (((cdxa->cdxa_length) & 0x0000ff00) >> 8);
28708 		cdb[9] = ((cdxa->cdxa_length) & 0x000000ff);
28709 		cdb[10] = cdxa->cdxa_format;
28710 	}
28711 	com->uscsi_cdb	   = cdb;
28712 	com->uscsi_cdblen  = CDB_GROUP5;
28713 	com->uscsi_bufaddr = (caddr_t)cdxa->cdxa_data;
28714 	com->uscsi_buflen  = buflen;
28715 	com->uscsi_flags   = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
28716 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_USERSPACE,
28717 	    UIO_SYSSPACE, SD_PATH_STANDARD);
28718 	kmem_free(cdxa, sizeof (struct cdrom_cdxa));
28719 	kmem_free(com, sizeof (*com));
28720 	return (rval);
28721 }
28722 
28723 
28724 /*
28725  *    Function: sr_eject()
28726  *
28727  * Description: This routine is the driver entry point for handling CD-ROM
28728  *		eject ioctl requests (FDEJECT, DKIOCEJECT, CDROMEJECT)
28729  *
28730  *   Arguments: dev	- the device 'dev_t'
28731  *
28732  * Return Code: the code returned by sd_send_scsi_cmd()
28733  */
28734 
28735 static int
28736 sr_eject(dev_t dev)
28737 {
28738 	struct sd_lun	*un;
28739 	int		rval;
28740 
28741 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28742 	    (un->un_state == SD_STATE_OFFLINE)) {
28743 		return (ENXIO);
28744 	}
28745 	if ((rval = sd_send_scsi_DOORLOCK(un, SD_REMOVAL_ALLOW,
28746 	    SD_PATH_STANDARD)) != 0) {
28747 		return (rval);
28748 	}
28749 
28750 	rval = sd_send_scsi_START_STOP_UNIT(un, SD_TARGET_EJECT,
28751 	    SD_PATH_STANDARD);
28752 
28753 	if (rval == 0) {
28754 		mutex_enter(SD_MUTEX(un));
28755 		sr_ejected(un);
28756 		un->un_mediastate = DKIO_EJECTED;
28757 		cv_broadcast(&un->un_state_cv);
28758 		mutex_exit(SD_MUTEX(un));
28759 	}
28760 	return (rval);
28761 }
28762 
28763 
28764 /*
28765  *    Function: sr_ejected()
28766  *
28767  * Description: This routine updates the soft state structure to invalidate the
28768  *		geometry information after the media has been ejected or a
28769  *		media eject has been detected.
28770  *
28771  *   Arguments: un - driver soft state (unit) structure
28772  */
28773 
28774 static void
28775 sr_ejected(struct sd_lun *un)
28776 {
28777 	struct sd_errstats *stp;
28778 
28779 	ASSERT(un != NULL);
28780 	ASSERT(mutex_owned(SD_MUTEX(un)));
28781 
28782 	un->un_f_blockcount_is_valid	= FALSE;
28783 	un->un_f_tgt_blocksize_is_valid	= FALSE;
28784 	un->un_f_geometry_is_valid	= FALSE;
28785 
28786 	if (un->un_errstats != NULL) {
28787 		stp = (struct sd_errstats *)un->un_errstats->ks_data;
28788 		stp->sd_capacity.value.ui64 = 0;
28789 	}
28790 }
28791 
28792 
28793 /*
28794  *    Function: sr_check_wp()
28795  *
28796  * Description: This routine checks the write protection of a removable media
28797  *		disk via the write protect bit of the Mode Page Header device
28798  *		specific field.  This routine has been implemented to use the
28799  *		error recovery mode page for all device types.
28800  *		Note: In the future use a sd_send_scsi_MODE_SENSE() routine
28801  *
28802  *   Arguments: dev		- the device 'dev_t'
28803  *
28804  * Return Code: int indicating if the device is write protected (1) or not (0)
28805  *
28806  *     Context: Kernel thread.
28807  *
28808  */
28809 
28810 static int
28811 sr_check_wp(dev_t dev)
28812 {
28813 	struct sd_lun	*un;
28814 	uchar_t		device_specific;
28815 	uchar_t		*sense;
28816 	int		hdrlen;
28817 	int		rval;
28818 	int		retry_flag = FALSE;
28819 
28820 	/*
28821 	 * Note: The return codes for this routine should be reworked to
28822 	 * properly handle the case of a NULL softstate.
28823 	 */
28824 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL) {
28825 		return (FALSE);
28826 	}
28827 
28828 	if (un->un_f_cfg_is_atapi == TRUE) {
28829 		retry_flag = TRUE;
28830 	}
28831 
28832 retry:
28833 	if (un->un_f_cfg_is_atapi == TRUE) {
28834 		/*
28835 		 * The mode page contents are not required; set the allocation
28836 		 * length for the mode page header only
28837 		 */
28838 		hdrlen = MODE_HEADER_LENGTH_GRP2;
28839 		sense = kmem_zalloc(hdrlen, KM_SLEEP);
28840 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense, hdrlen,
28841 		    MODEPAGE_ERR_RECOV, SD_PATH_STANDARD);
28842 		device_specific =
28843 		    ((struct mode_header_grp2 *)sense)->device_specific;
28844 	} else {
28845 		hdrlen = MODE_HEADER_LENGTH;
28846 		sense = kmem_zalloc(hdrlen, KM_SLEEP);
28847 		rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense, hdrlen,
28848 		    MODEPAGE_ERR_RECOV, SD_PATH_STANDARD);
28849 		device_specific =
28850 		    ((struct mode_header *)sense)->device_specific;
28851 	}
28852 
28853 	if (rval != 0) {
28854 		if ((un->un_f_cfg_is_atapi == TRUE) && (retry_flag)) {
28855 			/*
28856 			 * For an Atapi Zip drive, observed the drive
28857 			 * reporting check condition for the first attempt.
28858 			 * Sense data indicating power on or bus device/reset.
28859 			 * Hence in case of failure need to try at least once
28860 			 * for Atapi devices.
28861 			 */
28862 			retry_flag = FALSE;
28863 			kmem_free(sense, hdrlen);
28864 			goto retry;
28865 		} else {
28866 			/*
28867 			 * Write protect mode sense failed; not all disks
28868 			 * understand this query. Return FALSE assuming that
28869 			 * these devices are not writable.
28870 			 */
28871 			rval = FALSE;
28872 		}
28873 	} else {
28874 		if (device_specific & WRITE_PROTECT) {
28875 			rval = TRUE;
28876 		} else {
28877 			rval = FALSE;
28878 		}
28879 	}
28880 	kmem_free(sense, hdrlen);
28881 	return (rval);
28882 }
28883 
28884 
28885 /*
28886  *    Function: sr_volume_ctrl()
28887  *
28888  * Description: This routine is the driver entry point for handling CD-ROM
28889  *		audio output volume ioctl requests. (CDROMVOLCTRL)
28890  *
28891  *   Arguments: dev	- the device 'dev_t'
28892  *		data	- pointer to user audio volume control structure
28893  *		flag	- this argument is a pass through to ddi_copyxxx()
28894  *			  directly from the mode argument of ioctl().
28895  *
28896  * Return Code: the code returned by sd_send_scsi_cmd()
28897  *		EFAULT if ddi_copyxxx() fails
28898  *		ENXIO if fail ddi_get_soft_state
28899  *		EINVAL if data pointer is NULL
28900  *
28901  */
28902 
28903 static int
28904 sr_volume_ctrl(dev_t dev, caddr_t data, int flag)
28905 {
28906 	struct sd_lun		*un;
28907 	struct cdrom_volctrl    volume;
28908 	struct cdrom_volctrl    *vol = &volume;
28909 	uchar_t			*sense_page;
28910 	uchar_t			*select_page;
28911 	uchar_t			*sense;
28912 	uchar_t			*select;
28913 	int			sense_buflen;
28914 	int			select_buflen;
28915 	int			rval;
28916 
28917 	if (data == NULL) {
28918 		return (EINVAL);
28919 	}
28920 
28921 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
28922 	    (un->un_state == SD_STATE_OFFLINE)) {
28923 		return (ENXIO);
28924 	}
28925 
28926 	if (ddi_copyin(data, vol, sizeof (struct cdrom_volctrl), flag)) {
28927 		return (EFAULT);
28928 	}
28929 
28930 	if ((un->un_f_cfg_is_atapi == TRUE) || (un->un_f_mmc_cap == TRUE)) {
28931 		struct mode_header_grp2		*sense_mhp;
28932 		struct mode_header_grp2		*select_mhp;
28933 		int				bd_len;
28934 
28935 		sense_buflen = MODE_PARAM_LENGTH_GRP2 + MODEPAGE_AUDIO_CTRL_LEN;
28936 		select_buflen = MODE_HEADER_LENGTH_GRP2 +
28937 		    MODEPAGE_AUDIO_CTRL_LEN;
28938 		sense  = kmem_zalloc(sense_buflen, KM_SLEEP);
28939 		select = kmem_zalloc(select_buflen, KM_SLEEP);
28940 		if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP1, sense,
28941 		    sense_buflen, MODEPAGE_AUDIO_CTRL,
28942 		    SD_PATH_STANDARD)) != 0) {
28943 			SD_ERROR(SD_LOG_IOCTL_RMMEDIA, un,
28944 			    "sr_volume_ctrl: Mode Sense Failed\n");
28945 			kmem_free(sense, sense_buflen);
28946 			kmem_free(select, select_buflen);
28947 			return (rval);
28948 		}
28949 		sense_mhp = (struct mode_header_grp2 *)sense;
28950 		select_mhp = (struct mode_header_grp2 *)select;
28951 		bd_len = (sense_mhp->bdesc_length_hi << 8) |
28952 		    sense_mhp->bdesc_length_lo;
28953 		if (bd_len > MODE_BLK_DESC_LENGTH) {
28954 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28955 			    "sr_volume_ctrl: Mode Sense returned invalid "
28956 			    "block descriptor length\n");
28957 			kmem_free(sense, sense_buflen);
28958 			kmem_free(select, select_buflen);
28959 			return (EIO);
28960 		}
28961 		sense_page = (uchar_t *)
28962 		    (sense + MODE_HEADER_LENGTH_GRP2 + bd_len);
28963 		select_page = (uchar_t *)(select + MODE_HEADER_LENGTH_GRP2);
28964 		select_mhp->length_msb = 0;
28965 		select_mhp->length_lsb = 0;
28966 		select_mhp->bdesc_length_hi = 0;
28967 		select_mhp->bdesc_length_lo = 0;
28968 	} else {
28969 		struct mode_header		*sense_mhp, *select_mhp;
28970 
28971 		sense_buflen = MODE_PARAM_LENGTH + MODEPAGE_AUDIO_CTRL_LEN;
28972 		select_buflen = MODE_HEADER_LENGTH + MODEPAGE_AUDIO_CTRL_LEN;
28973 		sense  = kmem_zalloc(sense_buflen, KM_SLEEP);
28974 		select = kmem_zalloc(select_buflen, KM_SLEEP);
28975 		if ((rval = sd_send_scsi_MODE_SENSE(un, CDB_GROUP0, sense,
28976 		    sense_buflen, MODEPAGE_AUDIO_CTRL,
28977 		    SD_PATH_STANDARD)) != 0) {
28978 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28979 			    "sr_volume_ctrl: Mode Sense Failed\n");
28980 			kmem_free(sense, sense_buflen);
28981 			kmem_free(select, select_buflen);
28982 			return (rval);
28983 		}
28984 		sense_mhp  = (struct mode_header *)sense;
28985 		select_mhp = (struct mode_header *)select;
28986 		if (sense_mhp->bdesc_length > MODE_BLK_DESC_LENGTH) {
28987 			scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
28988 			    "sr_volume_ctrl: Mode Sense returned invalid "
28989 			    "block descriptor length\n");
28990 			kmem_free(sense, sense_buflen);
28991 			kmem_free(select, select_buflen);
28992 			return (EIO);
28993 		}
28994 		sense_page = (uchar_t *)
28995 		    (sense + MODE_HEADER_LENGTH + sense_mhp->bdesc_length);
28996 		select_page = (uchar_t *)(select + MODE_HEADER_LENGTH);
28997 		select_mhp->length = 0;
28998 		select_mhp->bdesc_length = 0;
28999 	}
29000 	/*
29001 	 * Note: An audio control data structure could be created and overlayed
29002 	 * on the following in place of the array indexing method implemented.
29003 	 */
29004 
29005 	/* Build the select data for the user volume data */
29006 	select_page[0] = MODEPAGE_AUDIO_CTRL;
29007 	select_page[1] = 0xE;
29008 	/* Set the immediate bit */
29009 	select_page[2] = 0x04;
29010 	/* Zero out reserved fields */
29011 	select_page[3] = 0x00;
29012 	select_page[4] = 0x00;
29013 	/* Return sense data for fields not to be modified */
29014 	select_page[5] = sense_page[5];
29015 	select_page[6] = sense_page[6];
29016 	select_page[7] = sense_page[7];
29017 	/* Set the user specified volume levels for channel 0 and 1 */
29018 	select_page[8] = 0x01;
29019 	select_page[9] = vol->channel0;
29020 	select_page[10] = 0x02;
29021 	select_page[11] = vol->channel1;
29022 	/* Channel 2 and 3 are currently unsupported so return the sense data */
29023 	select_page[12] = sense_page[12];
29024 	select_page[13] = sense_page[13];
29025 	select_page[14] = sense_page[14];
29026 	select_page[15] = sense_page[15];
29027 
29028 	if ((un->un_f_cfg_is_atapi == TRUE) || (un->un_f_mmc_cap == TRUE)) {
29029 		rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP1, select,
29030 		    select_buflen, SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
29031 	} else {
29032 		rval = sd_send_scsi_MODE_SELECT(un, CDB_GROUP0, select,
29033 		    select_buflen, SD_DONTSAVE_PAGE, SD_PATH_STANDARD);
29034 	}
29035 
29036 	kmem_free(sense, sense_buflen);
29037 	kmem_free(select, select_buflen);
29038 	return (rval);
29039 }
29040 
29041 
29042 /*
29043  *    Function: sr_read_sony_session_offset()
29044  *
29045  * Description: This routine is the driver entry point for handling CD-ROM
29046  *		ioctl requests for session offset information. (CDROMREADOFFSET)
29047  *		The address of the first track in the last session of a
29048  *		multi-session CD-ROM is returned
29049  *
29050  *		Note: This routine uses a vendor specific key value in the
29051  *		command control field without implementing any vendor check here
29052  *		or in the ioctl routine.
29053  *
29054  *   Arguments: dev	- the device 'dev_t'
29055  *		data	- pointer to an int to hold the requested address
29056  *		flag	- this argument is a pass through to ddi_copyxxx()
29057  *			  directly from the mode argument of ioctl().
29058  *
29059  * Return Code: the code returned by sd_send_scsi_cmd()
29060  *		EFAULT if ddi_copyxxx() fails
29061  *		ENXIO if fail ddi_get_soft_state
29062  *		EINVAL if data pointer is NULL
29063  */
29064 
29065 static int
29066 sr_read_sony_session_offset(dev_t dev, caddr_t data, int flag)
29067 {
29068 	struct sd_lun		*un;
29069 	struct uscsi_cmd	*com;
29070 	caddr_t			buffer;
29071 	char			cdb[CDB_GROUP1];
29072 	int			session_offset = 0;
29073 	int			rval;
29074 
29075 	if (data == NULL) {
29076 		return (EINVAL);
29077 	}
29078 
29079 	if ((un = ddi_get_soft_state(sd_state, SDUNIT(dev))) == NULL ||
29080 	    (un->un_state == SD_STATE_OFFLINE)) {
29081 		return (ENXIO);
29082 	}
29083 
29084 	buffer = kmem_zalloc((size_t)SONY_SESSION_OFFSET_LEN, KM_SLEEP);
29085 	bzero(cdb, CDB_GROUP1);
29086 	cdb[0] = SCMD_READ_TOC;
29087 	/*
29088 	 * Bytes 7 & 8 are the 12 byte allocation length for a single entry.
29089 	 * (4 byte TOC response header + 8 byte response data)
29090 	 */
29091 	cdb[8] = SONY_SESSION_OFFSET_LEN;
29092 	/* Byte 9 is the control byte. A vendor specific value is used */
29093 	cdb[9] = SONY_SESSION_OFFSET_KEY;
29094 	com = kmem_zalloc(sizeof (*com), KM_SLEEP);
29095 	com->uscsi_cdb = cdb;
29096 	com->uscsi_cdblen = CDB_GROUP1;
29097 	com->uscsi_bufaddr = buffer;
29098 	com->uscsi_buflen = SONY_SESSION_OFFSET_LEN;
29099 	com->uscsi_flags = USCSI_DIAGNOSE|USCSI_SILENT|USCSI_READ;
29100 
29101 	rval = sd_send_scsi_cmd(dev, com, UIO_SYSSPACE, UIO_SYSSPACE,
29102 	    UIO_SYSSPACE, SD_PATH_STANDARD);
29103 	if (rval != 0) {
29104 		kmem_free(buffer, SONY_SESSION_OFFSET_LEN);
29105 		kmem_free(com, sizeof (*com));
29106 		return (rval);
29107 	}
29108 	if (buffer[1] == SONY_SESSION_OFFSET_VALID) {
29109 		session_offset =
29110 		    ((uchar_t)buffer[8] << 24) + ((uchar_t)buffer[9] << 16) +
29111 		    ((uchar_t)buffer[10] << 8) + ((uchar_t)buffer[11]);
29112 		/*
29113 		 * Offset returned offset in current lbasize block's. Convert to
29114 		 * 2k block's to return to the user
29115 		 */
29116 		if (un->un_tgt_blocksize == CDROM_BLK_512) {
29117 			session_offset >>= 2;
29118 		} else if (un->un_tgt_blocksize == CDROM_BLK_1024) {
29119 			session_offset >>= 1;
29120 		}
29121 	}
29122 
29123 	if (ddi_copyout(&session_offset, data, sizeof (int), flag) != 0) {
29124 		rval = EFAULT;
29125 	}
29126 
29127 	kmem_free(buffer, SONY_SESSION_OFFSET_LEN);
29128 	kmem_free(com, sizeof (*com));
29129 	return (rval);
29130 }
29131 
29132 
29133 /*
29134  *    Function: sd_wm_cache_constructor()
29135  *
29136  * Description: Cache Constructor for the wmap cache for the read/modify/write
29137  * 		devices.
29138  *
29139  *   Arguments: wm      - A pointer to the sd_w_map to be initialized.
29140  *		un	- sd_lun structure for the device.
29141  *		flag	- the km flags passed to constructor
29142  *
29143  * Return Code: 0 on success.
29144  *		-1 on failure.
29145  */
29146 
29147 /*ARGSUSED*/
29148 static int
29149 sd_wm_cache_constructor(void *wm, void *un, int flags)
29150 {
29151 	bzero(wm, sizeof (struct sd_w_map));
29152 	cv_init(&((struct sd_w_map *)wm)->wm_avail, NULL, CV_DRIVER, NULL);
29153 	return (0);
29154 }
29155 
29156 
29157 /*
29158  *    Function: sd_wm_cache_destructor()
29159  *
29160  * Description: Cache destructor for the wmap cache for the read/modify/write
29161  * 		devices.
29162  *
29163  *   Arguments: wm      - A pointer to the sd_w_map to be initialized.
29164  *		un	- sd_lun structure for the device.
29165  */
29166 /*ARGSUSED*/
29167 static void
29168 sd_wm_cache_destructor(void *wm, void *un)
29169 {
29170 	cv_destroy(&((struct sd_w_map *)wm)->wm_avail);
29171 }
29172 
29173 
29174 /*
29175  *    Function: sd_range_lock()
29176  *
29177  * Description: Lock the range of blocks specified as parameter to ensure
29178  *		that read, modify write is atomic and no other i/o writes
29179  *		to the same location. The range is specified in terms
29180  *		of start and end blocks. Block numbers are the actual
29181  *		media block numbers and not system.
29182  *
29183  *   Arguments: un	- sd_lun structure for the device.
29184  *		startb - The starting block number
29185  *		endb - The end block number
29186  *		typ - type of i/o - simple/read_modify_write
29187  *
29188  * Return Code: wm  - pointer to the wmap structure.
29189  *
29190  *     Context: This routine can sleep.
29191  */
29192 
29193 static struct sd_w_map *
29194 sd_range_lock(struct sd_lun *un, daddr_t startb, daddr_t endb, ushort_t typ)
29195 {
29196 	struct sd_w_map *wmp = NULL;
29197 	struct sd_w_map *sl_wmp = NULL;
29198 	struct sd_w_map *tmp_wmp;
29199 	wm_state state = SD_WM_CHK_LIST;
29200 
29201 
29202 	ASSERT(un != NULL);
29203 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29204 
29205 	mutex_enter(SD_MUTEX(un));
29206 
29207 	while (state != SD_WM_DONE) {
29208 
29209 		switch (state) {
29210 		case SD_WM_CHK_LIST:
29211 			/*
29212 			 * This is the starting state. Check the wmap list
29213 			 * to see if the range is currently available.
29214 			 */
29215 			if (!(typ & SD_WTYPE_RMW) && !(un->un_rmw_count)) {
29216 				/*
29217 				 * If this is a simple write and no rmw
29218 				 * i/o is pending then try to lock the
29219 				 * range as the range should be available.
29220 				 */
29221 				state = SD_WM_LOCK_RANGE;
29222 			} else {
29223 				tmp_wmp = sd_get_range(un, startb, endb);
29224 				if (tmp_wmp != NULL) {
29225 					if ((wmp != NULL) && ONLIST(un, wmp)) {
29226 						/*
29227 						 * Should not keep onlist wmps
29228 						 * while waiting this macro
29229 						 * will also do wmp = NULL;
29230 						 */
29231 						FREE_ONLIST_WMAP(un, wmp);
29232 					}
29233 					/*
29234 					 * sl_wmp is the wmap on which wait
29235 					 * is done, since the tmp_wmp points
29236 					 * to the inuse wmap, set sl_wmp to
29237 					 * tmp_wmp and change the state to sleep
29238 					 */
29239 					sl_wmp = tmp_wmp;
29240 					state = SD_WM_WAIT_MAP;
29241 				} else {
29242 					state = SD_WM_LOCK_RANGE;
29243 				}
29244 
29245 			}
29246 			break;
29247 
29248 		case SD_WM_LOCK_RANGE:
29249 			ASSERT(un->un_wm_cache);
29250 			/*
29251 			 * The range need to be locked, try to get a wmap.
29252 			 * First attempt it with NO_SLEEP, want to avoid a sleep
29253 			 * if possible as we will have to release the sd mutex
29254 			 * if we have to sleep.
29255 			 */
29256 			if (wmp == NULL)
29257 				wmp = kmem_cache_alloc(un->un_wm_cache,
29258 				    KM_NOSLEEP);
29259 			if (wmp == NULL) {
29260 				mutex_exit(SD_MUTEX(un));
29261 				_NOTE(DATA_READABLE_WITHOUT_LOCK
29262 				    (sd_lun::un_wm_cache))
29263 				wmp = kmem_cache_alloc(un->un_wm_cache,
29264 				    KM_SLEEP);
29265 				mutex_enter(SD_MUTEX(un));
29266 				/*
29267 				 * we released the mutex so recheck and go to
29268 				 * check list state.
29269 				 */
29270 				state = SD_WM_CHK_LIST;
29271 			} else {
29272 				/*
29273 				 * We exit out of state machine since we
29274 				 * have the wmap. Do the housekeeping first.
29275 				 * place the wmap on the wmap list if it is not
29276 				 * on it already and then set the state to done.
29277 				 */
29278 				wmp->wm_start = startb;
29279 				wmp->wm_end = endb;
29280 				wmp->wm_flags = typ | SD_WM_BUSY;
29281 				if (typ & SD_WTYPE_RMW) {
29282 					un->un_rmw_count++;
29283 				}
29284 				/*
29285 				 * If not already on the list then link
29286 				 */
29287 				if (!ONLIST(un, wmp)) {
29288 					wmp->wm_next = un->un_wm;
29289 					wmp->wm_prev = NULL;
29290 					if (wmp->wm_next)
29291 						wmp->wm_next->wm_prev = wmp;
29292 					un->un_wm = wmp;
29293 				}
29294 				state = SD_WM_DONE;
29295 			}
29296 			break;
29297 
29298 		case SD_WM_WAIT_MAP:
29299 			ASSERT(sl_wmp->wm_flags & SD_WM_BUSY);
29300 			/*
29301 			 * Wait is done on sl_wmp, which is set in the
29302 			 * check_list state.
29303 			 */
29304 			sl_wmp->wm_wanted_count++;
29305 			cv_wait(&sl_wmp->wm_avail, SD_MUTEX(un));
29306 			sl_wmp->wm_wanted_count--;
29307 			if (!(sl_wmp->wm_flags & SD_WM_BUSY)) {
29308 				if (wmp != NULL)
29309 					CHK_N_FREEWMP(un, wmp);
29310 				wmp = sl_wmp;
29311 			}
29312 			sl_wmp = NULL;
29313 			/*
29314 			 * After waking up, need to recheck for availability of
29315 			 * range.
29316 			 */
29317 			state = SD_WM_CHK_LIST;
29318 			break;
29319 
29320 		default:
29321 			panic("sd_range_lock: "
29322 			    "Unknown state %d in sd_range_lock", state);
29323 			/*NOTREACHED*/
29324 		} /* switch(state) */
29325 
29326 	} /* while(state != SD_WM_DONE) */
29327 
29328 	mutex_exit(SD_MUTEX(un));
29329 
29330 	ASSERT(wmp != NULL);
29331 
29332 	return (wmp);
29333 }
29334 
29335 
29336 /*
29337  *    Function: sd_get_range()
29338  *
29339  * Description: Find if there any overlapping I/O to this one
29340  *		Returns the write-map of 1st such I/O, NULL otherwise.
29341  *
29342  *   Arguments: un	- sd_lun structure for the device.
29343  *		startb - The starting block number
29344  *		endb - The end block number
29345  *
29346  * Return Code: wm  - pointer to the wmap structure.
29347  */
29348 
29349 static struct sd_w_map *
29350 sd_get_range(struct sd_lun *un, daddr_t startb, daddr_t endb)
29351 {
29352 	struct sd_w_map *wmp;
29353 
29354 	ASSERT(un != NULL);
29355 
29356 	for (wmp = un->un_wm; wmp != NULL; wmp = wmp->wm_next) {
29357 		if (!(wmp->wm_flags & SD_WM_BUSY)) {
29358 			continue;
29359 		}
29360 		if ((startb >= wmp->wm_start) && (startb <= wmp->wm_end)) {
29361 			break;
29362 		}
29363 		if ((endb >= wmp->wm_start) && (endb <= wmp->wm_end)) {
29364 			break;
29365 		}
29366 	}
29367 
29368 	return (wmp);
29369 }
29370 
29371 
29372 /*
29373  *    Function: sd_free_inlist_wmap()
29374  *
29375  * Description: Unlink and free a write map struct.
29376  *
29377  *   Arguments: un      - sd_lun structure for the device.
29378  *		wmp	- sd_w_map which needs to be unlinked.
29379  */
29380 
29381 static void
29382 sd_free_inlist_wmap(struct sd_lun *un, struct sd_w_map *wmp)
29383 {
29384 	ASSERT(un != NULL);
29385 
29386 	if (un->un_wm == wmp) {
29387 		un->un_wm = wmp->wm_next;
29388 	} else {
29389 		wmp->wm_prev->wm_next = wmp->wm_next;
29390 	}
29391 
29392 	if (wmp->wm_next) {
29393 		wmp->wm_next->wm_prev = wmp->wm_prev;
29394 	}
29395 
29396 	wmp->wm_next = wmp->wm_prev = NULL;
29397 
29398 	kmem_cache_free(un->un_wm_cache, wmp);
29399 }
29400 
29401 
29402 /*
29403  *    Function: sd_range_unlock()
29404  *
29405  * Description: Unlock the range locked by wm.
29406  *		Free write map if nobody else is waiting on it.
29407  *
29408  *   Arguments: un      - sd_lun structure for the device.
29409  *              wmp     - sd_w_map which needs to be unlinked.
29410  */
29411 
29412 static void
29413 sd_range_unlock(struct sd_lun *un, struct sd_w_map *wm)
29414 {
29415 	ASSERT(un != NULL);
29416 	ASSERT(wm != NULL);
29417 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29418 
29419 	mutex_enter(SD_MUTEX(un));
29420 
29421 	if (wm->wm_flags & SD_WTYPE_RMW) {
29422 		un->un_rmw_count--;
29423 	}
29424 
29425 	if (wm->wm_wanted_count) {
29426 		wm->wm_flags = 0;
29427 		/*
29428 		 * Broadcast that the wmap is available now.
29429 		 */
29430 		cv_broadcast(&wm->wm_avail);
29431 	} else {
29432 		/*
29433 		 * If no one is waiting on the map, it should be free'ed.
29434 		 */
29435 		sd_free_inlist_wmap(un, wm);
29436 	}
29437 
29438 	mutex_exit(SD_MUTEX(un));
29439 }
29440 
29441 
29442 /*
29443  *    Function: sd_read_modify_write_task
29444  *
29445  * Description: Called from a taskq thread to initiate the write phase of
29446  *		a read-modify-write request.  This is used for targets where
29447  *		un->un_sys_blocksize != un->un_tgt_blocksize.
29448  *
29449  *   Arguments: arg - a pointer to the buf(9S) struct for the write command.
29450  *
29451  *     Context: Called under taskq thread context.
29452  */
29453 
29454 static void
29455 sd_read_modify_write_task(void *arg)
29456 {
29457 	struct sd_mapblocksize_info	*bsp;
29458 	struct buf	*bp;
29459 	struct sd_xbuf	*xp;
29460 	struct sd_lun	*un;
29461 
29462 	bp = arg;	/* The bp is given in arg */
29463 	ASSERT(bp != NULL);
29464 
29465 	/* Get the pointer to the layer-private data struct */
29466 	xp = SD_GET_XBUF(bp);
29467 	ASSERT(xp != NULL);
29468 	bsp = xp->xb_private;
29469 	ASSERT(bsp != NULL);
29470 
29471 	un = SD_GET_UN(bp);
29472 	ASSERT(un != NULL);
29473 	ASSERT(!mutex_owned(SD_MUTEX(un)));
29474 
29475 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
29476 	    "sd_read_modify_write_task: entry: buf:0x%p\n", bp);
29477 
29478 	/*
29479 	 * This is the write phase of a read-modify-write request, called
29480 	 * under the context of a taskq thread in response to the completion
29481 	 * of the read portion of the rmw request completing under interrupt
29482 	 * context. The write request must be sent from here down the iostart
29483 	 * chain as if it were being sent from sd_mapblocksize_iostart(), so
29484 	 * we use the layer index saved in the layer-private data area.
29485 	 */
29486 	SD_NEXT_IOSTART(bsp->mbs_layer_index, un, bp);
29487 
29488 	SD_TRACE(SD_LOG_IO_RMMEDIA, un,
29489 	    "sd_read_modify_write_task: exit: buf:0x%p\n", bp);
29490 }
29491 
29492 
29493 /*
29494  *    Function: sddump_do_read_of_rmw()
29495  *
29496  * Description: This routine will be called from sddump, If sddump is called
29497  *		with an I/O which not aligned on device blocksize boundary
29498  *		then the write has to be converted to read-modify-write.
29499  *		Do the read part here in order to keep sddump simple.
29500  *		Note - That the sd_mutex is held across the call to this
29501  *		routine.
29502  *
29503  *   Arguments: un	- sd_lun
29504  *		blkno	- block number in terms of media block size.
29505  *		nblk	- number of blocks.
29506  *		bpp	- pointer to pointer to the buf structure. On return
29507  *			from this function, *bpp points to the valid buffer
29508  *			to which the write has to be done.
29509  *
29510  * Return Code: 0 for success or errno-type return code
29511  */
29512 
29513 static int
29514 sddump_do_read_of_rmw(struct sd_lun *un, uint64_t blkno, uint64_t nblk,
29515 	struct buf **bpp)
29516 {
29517 	int err;
29518 	int i;
29519 	int rval;
29520 	struct buf *bp;
29521 	struct scsi_pkt *pkt = NULL;
29522 	uint32_t target_blocksize;
29523 
29524 	ASSERT(un != NULL);
29525 	ASSERT(mutex_owned(SD_MUTEX(un)));
29526 
29527 	target_blocksize = un->un_tgt_blocksize;
29528 
29529 	mutex_exit(SD_MUTEX(un));
29530 
29531 	bp = scsi_alloc_consistent_buf(SD_ADDRESS(un), (struct buf *)NULL,
29532 	    (size_t)(nblk * target_blocksize), B_READ, NULL_FUNC, NULL);
29533 	if (bp == NULL) {
29534 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29535 		    "no resources for dumping; giving up");
29536 		err = ENOMEM;
29537 		goto done;
29538 	}
29539 
29540 	rval = sd_setup_rw_pkt(un, &pkt, bp, 0, NULL_FUNC, NULL,
29541 	    blkno, nblk);
29542 	if (rval != 0) {
29543 		scsi_free_consistent_buf(bp);
29544 		scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29545 		    "no resources for dumping; giving up");
29546 		err = ENOMEM;
29547 		goto done;
29548 	}
29549 
29550 	pkt->pkt_flags |= FLAG_NOINTR;
29551 
29552 	err = EIO;
29553 	for (i = 0; i < SD_NDUMP_RETRIES; i++) {
29554 
29555 		/*
29556 		 * Scsi_poll returns 0 (success) if the command completes and
29557 		 * the status block is STATUS_GOOD.  We should only check
29558 		 * errors if this condition is not true.  Even then we should
29559 		 * send our own request sense packet only if we have a check
29560 		 * condition and auto request sense has not been performed by
29561 		 * the hba.
29562 		 */
29563 		SD_TRACE(SD_LOG_DUMP, un, "sddump: sending read\n");
29564 
29565 		if ((sd_scsi_poll(un, pkt) == 0) && (pkt->pkt_resid == 0)) {
29566 			err = 0;
29567 			break;
29568 		}
29569 
29570 		/*
29571 		 * Check CMD_DEV_GONE 1st, give up if device is gone,
29572 		 * no need to read RQS data.
29573 		 */
29574 		if (pkt->pkt_reason == CMD_DEV_GONE) {
29575 			scsi_log(SD_DEVINFO(un), sd_label, CE_CONT,
29576 			    "Device is gone\n");
29577 			break;
29578 		}
29579 
29580 		if (SD_GET_PKT_STATUS(pkt) == STATUS_CHECK) {
29581 			SD_INFO(SD_LOG_DUMP, un,
29582 			    "sddump: read failed with CHECK, try # %d\n", i);
29583 			if (((pkt->pkt_state & STATE_ARQ_DONE) == 0)) {
29584 				(void) sd_send_polled_RQS(un);
29585 			}
29586 
29587 			continue;
29588 		}
29589 
29590 		if (SD_GET_PKT_STATUS(pkt) == STATUS_BUSY) {
29591 			int reset_retval = 0;
29592 
29593 			SD_INFO(SD_LOG_DUMP, un,
29594 			    "sddump: read failed with BUSY, try # %d\n", i);
29595 
29596 			if (un->un_f_lun_reset_enabled == TRUE) {
29597 				reset_retval = scsi_reset(SD_ADDRESS(un),
29598 				    RESET_LUN);
29599 			}
29600 			if (reset_retval == 0) {
29601 				(void) scsi_reset(SD_ADDRESS(un), RESET_TARGET);
29602 			}
29603 			(void) sd_send_polled_RQS(un);
29604 
29605 		} else {
29606 			SD_INFO(SD_LOG_DUMP, un,
29607 			    "sddump: read failed with 0x%x, try # %d\n",
29608 			    SD_GET_PKT_STATUS(pkt), i);
29609 			mutex_enter(SD_MUTEX(un));
29610 			sd_reset_target(un, pkt);
29611 			mutex_exit(SD_MUTEX(un));
29612 		}
29613 
29614 		/*
29615 		 * If we are not getting anywhere with lun/target resets,
29616 		 * let's reset the bus.
29617 		 */
29618 		if (i > SD_NDUMP_RETRIES/2) {
29619 			(void) scsi_reset(SD_ADDRESS(un), RESET_ALL);
29620 			(void) sd_send_polled_RQS(un);
29621 		}
29622 
29623 	}
29624 	scsi_destroy_pkt(pkt);
29625 
29626 	if (err != 0) {
29627 		scsi_free_consistent_buf(bp);
29628 		*bpp = NULL;
29629 	} else {
29630 		*bpp = bp;
29631 	}
29632 
29633 done:
29634 	mutex_enter(SD_MUTEX(un));
29635 	return (err);
29636 }
29637 
29638 
29639 /*
29640  *    Function: sd_failfast_flushq
29641  *
29642  * Description: Take all bp's on the wait queue that have B_FAILFAST set
29643  *		in b_flags and move them onto the failfast queue, then kick
29644  *		off a thread to return all bp's on the failfast queue to
29645  *		their owners with an error set.
29646  *
29647  *   Arguments: un - pointer to the soft state struct for the instance.
29648  *
29649  *     Context: may execute in interrupt context.
29650  */
29651 
29652 static void
29653 sd_failfast_flushq(struct sd_lun *un)
29654 {
29655 	struct buf *bp;
29656 	struct buf *next_waitq_bp;
29657 	struct buf *prev_waitq_bp = NULL;
29658 
29659 	ASSERT(un != NULL);
29660 	ASSERT(mutex_owned(SD_MUTEX(un)));
29661 	ASSERT(un->un_failfast_state == SD_FAILFAST_ACTIVE);
29662 	ASSERT(un->un_failfast_bp == NULL);
29663 
29664 	SD_TRACE(SD_LOG_IO_FAILFAST, un,
29665 	    "sd_failfast_flushq: entry: un:0x%p\n", un);
29666 
29667 	/*
29668 	 * Check if we should flush all bufs when entering failfast state, or
29669 	 * just those with B_FAILFAST set.
29670 	 */
29671 	if (sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_BUFS) {
29672 		/*
29673 		 * Move *all* bp's on the wait queue to the failfast flush
29674 		 * queue, including those that do NOT have B_FAILFAST set.
29675 		 */
29676 		if (un->un_failfast_headp == NULL) {
29677 			ASSERT(un->un_failfast_tailp == NULL);
29678 			un->un_failfast_headp = un->un_waitq_headp;
29679 		} else {
29680 			ASSERT(un->un_failfast_tailp != NULL);
29681 			un->un_failfast_tailp->av_forw = un->un_waitq_headp;
29682 		}
29683 
29684 		un->un_failfast_tailp = un->un_waitq_tailp;
29685 
29686 		/* update kstat for each bp moved out of the waitq */
29687 		for (bp = un->un_waitq_headp; bp != NULL; bp = bp->av_forw) {
29688 			SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
29689 		}
29690 
29691 		/* empty the waitq */
29692 		un->un_waitq_headp = un->un_waitq_tailp = NULL;
29693 
29694 	} else {
29695 		/*
29696 		 * Go thru the wait queue, pick off all entries with
29697 		 * B_FAILFAST set, and move these onto the failfast queue.
29698 		 */
29699 		for (bp = un->un_waitq_headp; bp != NULL; bp = next_waitq_bp) {
29700 			/*
29701 			 * Save the pointer to the next bp on the wait queue,
29702 			 * so we get to it on the next iteration of this loop.
29703 			 */
29704 			next_waitq_bp = bp->av_forw;
29705 
29706 			/*
29707 			 * If this bp from the wait queue does NOT have
29708 			 * B_FAILFAST set, just move on to the next element
29709 			 * in the wait queue. Note, this is the only place
29710 			 * where it is correct to set prev_waitq_bp.
29711 			 */
29712 			if ((bp->b_flags & B_FAILFAST) == 0) {
29713 				prev_waitq_bp = bp;
29714 				continue;
29715 			}
29716 
29717 			/*
29718 			 * Remove the bp from the wait queue.
29719 			 */
29720 			if (bp == un->un_waitq_headp) {
29721 				/* The bp is the first element of the waitq. */
29722 				un->un_waitq_headp = next_waitq_bp;
29723 				if (un->un_waitq_headp == NULL) {
29724 					/* The wait queue is now empty */
29725 					un->un_waitq_tailp = NULL;
29726 				}
29727 			} else {
29728 				/*
29729 				 * The bp is either somewhere in the middle
29730 				 * or at the end of the wait queue.
29731 				 */
29732 				ASSERT(un->un_waitq_headp != NULL);
29733 				ASSERT(prev_waitq_bp != NULL);
29734 				ASSERT((prev_waitq_bp->b_flags & B_FAILFAST)
29735 				    == 0);
29736 				if (bp == un->un_waitq_tailp) {
29737 					/* bp is the last entry on the waitq. */
29738 					ASSERT(next_waitq_bp == NULL);
29739 					un->un_waitq_tailp = prev_waitq_bp;
29740 				}
29741 				prev_waitq_bp->av_forw = next_waitq_bp;
29742 			}
29743 			bp->av_forw = NULL;
29744 
29745 			/*
29746 			 * update kstat since the bp is moved out of
29747 			 * the waitq
29748 			 */
29749 			SD_UPDATE_KSTATS(un, kstat_waitq_exit, bp);
29750 
29751 			/*
29752 			 * Now put the bp onto the failfast queue.
29753 			 */
29754 			if (un->un_failfast_headp == NULL) {
29755 				/* failfast queue is currently empty */
29756 				ASSERT(un->un_failfast_tailp == NULL);
29757 				un->un_failfast_headp =
29758 				    un->un_failfast_tailp = bp;
29759 			} else {
29760 				/* Add the bp to the end of the failfast q */
29761 				ASSERT(un->un_failfast_tailp != NULL);
29762 				ASSERT(un->un_failfast_tailp->b_flags &
29763 				    B_FAILFAST);
29764 				un->un_failfast_tailp->av_forw = bp;
29765 				un->un_failfast_tailp = bp;
29766 			}
29767 		}
29768 	}
29769 
29770 	/*
29771 	 * Now return all bp's on the failfast queue to their owners.
29772 	 */
29773 	while ((bp = un->un_failfast_headp) != NULL) {
29774 
29775 		un->un_failfast_headp = bp->av_forw;
29776 		if (un->un_failfast_headp == NULL) {
29777 			un->un_failfast_tailp = NULL;
29778 		}
29779 
29780 		/*
29781 		 * We want to return the bp with a failure error code, but
29782 		 * we do not want a call to sd_start_cmds() to occur here,
29783 		 * so use sd_return_failed_command_no_restart() instead of
29784 		 * sd_return_failed_command().
29785 		 */
29786 		sd_return_failed_command_no_restart(un, bp, EIO);
29787 	}
29788 
29789 	/* Flush the xbuf queues if required. */
29790 	if (sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_QUEUES) {
29791 		ddi_xbuf_flushq(un->un_xbuf_attr, sd_failfast_flushq_callback);
29792 	}
29793 
29794 	SD_TRACE(SD_LOG_IO_FAILFAST, un,
29795 	    "sd_failfast_flushq: exit: un:0x%p\n", un);
29796 }
29797 
29798 
29799 /*
29800  *    Function: sd_failfast_flushq_callback
29801  *
29802  * Description: Return TRUE if the given bp meets the criteria for failfast
29803  *		flushing. Used with ddi_xbuf_flushq(9F).
29804  *
29805  *   Arguments: bp - ptr to buf struct to be examined.
29806  *
29807  *     Context: Any
29808  */
29809 
29810 static int
29811 sd_failfast_flushq_callback(struct buf *bp)
29812 {
29813 	/*
29814 	 * Return TRUE if (1) we want to flush ALL bufs when the failfast
29815 	 * state is entered; OR (2) the given bp has B_FAILFAST set.
29816 	 */
29817 	return (((sd_failfast_flushctl & SD_FAILFAST_FLUSH_ALL_BUFS) ||
29818 	    (bp->b_flags & B_FAILFAST)) ? TRUE : FALSE);
29819 }
29820 
29821 
29822 
29823 #if defined(__i386) || defined(__amd64)
29824 /*
29825  * Function: sd_setup_next_xfer
29826  *
29827  * Description: Prepare next I/O operation using DMA_PARTIAL
29828  *
29829  */
29830 
29831 static int
29832 sd_setup_next_xfer(struct sd_lun *un, struct buf *bp,
29833     struct scsi_pkt *pkt, struct sd_xbuf *xp)
29834 {
29835 	ssize_t	num_blks_not_xfered;
29836 	daddr_t	strt_blk_num;
29837 	ssize_t	bytes_not_xfered;
29838 	int	rval;
29839 
29840 	ASSERT(pkt->pkt_resid == 0);
29841 
29842 	/*
29843 	 * Calculate next block number and amount to be transferred.
29844 	 *
29845 	 * How much data NOT transfered to the HBA yet.
29846 	 */
29847 	bytes_not_xfered = xp->xb_dma_resid;
29848 
29849 	/*
29850 	 * figure how many blocks NOT transfered to the HBA yet.
29851 	 */
29852 	num_blks_not_xfered = SD_BYTES2TGTBLOCKS(un, bytes_not_xfered);
29853 
29854 	/*
29855 	 * set starting block number to the end of what WAS transfered.
29856 	 */
29857 	strt_blk_num = xp->xb_blkno +
29858 	    SD_BYTES2TGTBLOCKS(un, bp->b_bcount - bytes_not_xfered);
29859 
29860 	/*
29861 	 * Move pkt to the next portion of the xfer.  sd_setup_next_rw_pkt
29862 	 * will call scsi_initpkt with NULL_FUNC so we do not have to release
29863 	 * the disk mutex here.
29864 	 */
29865 	rval = sd_setup_next_rw_pkt(un, pkt, bp,
29866 	    strt_blk_num, num_blks_not_xfered);
29867 
29868 	if (rval == 0) {
29869 
29870 		/*
29871 		 * Success.
29872 		 *
29873 		 * Adjust things if there are still more blocks to be
29874 		 * transfered.
29875 		 */
29876 		xp->xb_dma_resid = pkt->pkt_resid;
29877 		pkt->pkt_resid = 0;
29878 
29879 		return (1);
29880 	}
29881 
29882 	/*
29883 	 * There's really only one possible return value from
29884 	 * sd_setup_next_rw_pkt which occurs when scsi_init_pkt
29885 	 * returns NULL.
29886 	 */
29887 	ASSERT(rval == SD_PKT_ALLOC_FAILURE);
29888 
29889 	bp->b_resid = bp->b_bcount;
29890 	bp->b_flags |= B_ERROR;
29891 
29892 	scsi_log(SD_DEVINFO(un), sd_label, CE_WARN,
29893 	    "Error setting up next portion of DMA transfer\n");
29894 
29895 	return (0);
29896 }
29897 #endif
29898 
29899 /*
29900  *    Function: sd_panic_for_res_conflict
29901  *
29902  * Description: Call panic with a string formated with "Reservation Conflict"
29903  *		and a human readable identifier indicating the SD instance
29904  *		that experienced the reservation conflict.
29905  *
29906  *   Arguments: un - pointer to the soft state struct for the instance.
29907  *
29908  *     Context: may execute in interrupt context.
29909  */
29910 
29911 #define	SD_RESV_CONFLICT_FMT_LEN 40
29912 void
29913 sd_panic_for_res_conflict(struct sd_lun *un)
29914 {
29915 	char panic_str[SD_RESV_CONFLICT_FMT_LEN+MAXPATHLEN];
29916 	char path_str[MAXPATHLEN];
29917 
29918 	(void) snprintf(panic_str, sizeof (panic_str),
29919 	    "Reservation Conflict\nDisk: %s",
29920 	    ddi_pathname(SD_DEVINFO(un), path_str));
29921 
29922 	panic(panic_str);
29923 }
29924 
29925 /*
29926  * Note: The following sd_faultinjection_ioctl( ) routines implement
29927  * driver support for handling fault injection for error analysis
29928  * causing faults in multiple layers of the driver.
29929  *
29930  */
29931 
29932 #ifdef SD_FAULT_INJECTION
29933 static uint_t   sd_fault_injection_on = 0;
29934 
29935 /*
29936  *    Function: sd_faultinjection_ioctl()
29937  *
29938  * Description: This routine is the driver entry point for handling
29939  *              faultinjection ioctls to inject errors into the
29940  *              layer model
29941  *
29942  *   Arguments: cmd	- the ioctl cmd recieved
29943  *		arg	- the arguments from user and returns
29944  */
29945 
29946 static void
29947 sd_faultinjection_ioctl(int cmd, intptr_t arg,  struct sd_lun *un) {
29948 
29949 	uint_t i;
29950 	uint_t rval;
29951 
29952 	SD_TRACE(SD_LOG_IOERR, un, "sd_faultinjection_ioctl: entry\n");
29953 
29954 	mutex_enter(SD_MUTEX(un));
29955 
29956 	switch (cmd) {
29957 	case SDIOCRUN:
29958 		/* Allow pushed faults to be injected */
29959 		SD_INFO(SD_LOG_SDTEST, un,
29960 		    "sd_faultinjection_ioctl: Injecting Fault Run\n");
29961 
29962 		sd_fault_injection_on = 1;
29963 
29964 		SD_INFO(SD_LOG_IOERR, un,
29965 		    "sd_faultinjection_ioctl: run finished\n");
29966 		break;
29967 
29968 	case SDIOCSTART:
29969 		/* Start Injection Session */
29970 		SD_INFO(SD_LOG_SDTEST, un,
29971 		    "sd_faultinjection_ioctl: Injecting Fault Start\n");
29972 
29973 		sd_fault_injection_on = 0;
29974 		un->sd_injection_mask = 0xFFFFFFFF;
29975 		for (i = 0; i < SD_FI_MAX_ERROR; i++) {
29976 			un->sd_fi_fifo_pkt[i] = NULL;
29977 			un->sd_fi_fifo_xb[i] = NULL;
29978 			un->sd_fi_fifo_un[i] = NULL;
29979 			un->sd_fi_fifo_arq[i] = NULL;
29980 		}
29981 		un->sd_fi_fifo_start = 0;
29982 		un->sd_fi_fifo_end = 0;
29983 
29984 		mutex_enter(&(un->un_fi_mutex));
29985 		un->sd_fi_log[0] = '\0';
29986 		un->sd_fi_buf_len = 0;
29987 		mutex_exit(&(un->un_fi_mutex));
29988 
29989 		SD_INFO(SD_LOG_IOERR, un,
29990 		    "sd_faultinjection_ioctl: start finished\n");
29991 		break;
29992 
29993 	case SDIOCSTOP:
29994 		/* Stop Injection Session */
29995 		SD_INFO(SD_LOG_SDTEST, un,
29996 		    "sd_faultinjection_ioctl: Injecting Fault Stop\n");
29997 		sd_fault_injection_on = 0;
29998 		un->sd_injection_mask = 0x0;
29999 
30000 		/* Empty stray or unuseds structs from fifo */
30001 		for (i = 0; i < SD_FI_MAX_ERROR; i++) {
30002 			if (un->sd_fi_fifo_pkt[i] != NULL) {
30003 				kmem_free(un->sd_fi_fifo_pkt[i],
30004 				    sizeof (struct sd_fi_pkt));
30005 			}
30006 			if (un->sd_fi_fifo_xb[i] != NULL) {
30007 				kmem_free(un->sd_fi_fifo_xb[i],
30008 				    sizeof (struct sd_fi_xb));
30009 			}
30010 			if (un->sd_fi_fifo_un[i] != NULL) {
30011 				kmem_free(un->sd_fi_fifo_un[i],
30012 				    sizeof (struct sd_fi_un));
30013 			}
30014 			if (un->sd_fi_fifo_arq[i] != NULL) {
30015 				kmem_free(un->sd_fi_fifo_arq[i],
30016 				    sizeof (struct sd_fi_arq));
30017 			}
30018 			un->sd_fi_fifo_pkt[i] = NULL;
30019 			un->sd_fi_fifo_un[i] = NULL;
30020 			un->sd_fi_fifo_xb[i] = NULL;
30021 			un->sd_fi_fifo_arq[i] = NULL;
30022 		}
30023 		un->sd_fi_fifo_start = 0;
30024 		un->sd_fi_fifo_end = 0;
30025 
30026 		SD_INFO(SD_LOG_IOERR, un,
30027 		    "sd_faultinjection_ioctl: stop finished\n");
30028 		break;
30029 
30030 	case SDIOCINSERTPKT:
30031 		/* Store a packet struct to be pushed onto fifo */
30032 		SD_INFO(SD_LOG_SDTEST, un,
30033 		    "sd_faultinjection_ioctl: Injecting Fault Insert Pkt\n");
30034 
30035 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30036 
30037 		sd_fault_injection_on = 0;
30038 
30039 		/* No more that SD_FI_MAX_ERROR allowed in Queue */
30040 		if (un->sd_fi_fifo_pkt[i] != NULL) {
30041 			kmem_free(un->sd_fi_fifo_pkt[i],
30042 			    sizeof (struct sd_fi_pkt));
30043 		}
30044 		if (arg != NULL) {
30045 			un->sd_fi_fifo_pkt[i] =
30046 			    kmem_alloc(sizeof (struct sd_fi_pkt), KM_NOSLEEP);
30047 			if (un->sd_fi_fifo_pkt[i] == NULL) {
30048 				/* Alloc failed don't store anything */
30049 				break;
30050 			}
30051 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_pkt[i],
30052 			    sizeof (struct sd_fi_pkt), 0);
30053 			if (rval == -1) {
30054 				kmem_free(un->sd_fi_fifo_pkt[i],
30055 				    sizeof (struct sd_fi_pkt));
30056 				un->sd_fi_fifo_pkt[i] = NULL;
30057 			}
30058 		} else {
30059 			SD_INFO(SD_LOG_IOERR, un,
30060 			    "sd_faultinjection_ioctl: pkt null\n");
30061 		}
30062 		break;
30063 
30064 	case SDIOCINSERTXB:
30065 		/* Store a xb struct to be pushed onto fifo */
30066 		SD_INFO(SD_LOG_SDTEST, un,
30067 		    "sd_faultinjection_ioctl: Injecting Fault Insert XB\n");
30068 
30069 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30070 
30071 		sd_fault_injection_on = 0;
30072 
30073 		if (un->sd_fi_fifo_xb[i] != NULL) {
30074 			kmem_free(un->sd_fi_fifo_xb[i],
30075 			    sizeof (struct sd_fi_xb));
30076 			un->sd_fi_fifo_xb[i] = NULL;
30077 		}
30078 		if (arg != NULL) {
30079 			un->sd_fi_fifo_xb[i] =
30080 			    kmem_alloc(sizeof (struct sd_fi_xb), KM_NOSLEEP);
30081 			if (un->sd_fi_fifo_xb[i] == NULL) {
30082 				/* Alloc failed don't store anything */
30083 				break;
30084 			}
30085 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_xb[i],
30086 			    sizeof (struct sd_fi_xb), 0);
30087 
30088 			if (rval == -1) {
30089 				kmem_free(un->sd_fi_fifo_xb[i],
30090 				    sizeof (struct sd_fi_xb));
30091 				un->sd_fi_fifo_xb[i] = NULL;
30092 			}
30093 		} else {
30094 			SD_INFO(SD_LOG_IOERR, un,
30095 			    "sd_faultinjection_ioctl: xb null\n");
30096 		}
30097 		break;
30098 
30099 	case SDIOCINSERTUN:
30100 		/* Store a un struct to be pushed onto fifo */
30101 		SD_INFO(SD_LOG_SDTEST, un,
30102 		    "sd_faultinjection_ioctl: Injecting Fault Insert UN\n");
30103 
30104 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30105 
30106 		sd_fault_injection_on = 0;
30107 
30108 		if (un->sd_fi_fifo_un[i] != NULL) {
30109 			kmem_free(un->sd_fi_fifo_un[i],
30110 			    sizeof (struct sd_fi_un));
30111 			un->sd_fi_fifo_un[i] = NULL;
30112 		}
30113 		if (arg != NULL) {
30114 			un->sd_fi_fifo_un[i] =
30115 			    kmem_alloc(sizeof (struct sd_fi_un), KM_NOSLEEP);
30116 			if (un->sd_fi_fifo_un[i] == NULL) {
30117 				/* Alloc failed don't store anything */
30118 				break;
30119 			}
30120 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_un[i],
30121 			    sizeof (struct sd_fi_un), 0);
30122 			if (rval == -1) {
30123 				kmem_free(un->sd_fi_fifo_un[i],
30124 				    sizeof (struct sd_fi_un));
30125 				un->sd_fi_fifo_un[i] = NULL;
30126 			}
30127 
30128 		} else {
30129 			SD_INFO(SD_LOG_IOERR, un,
30130 			    "sd_faultinjection_ioctl: un null\n");
30131 		}
30132 
30133 		break;
30134 
30135 	case SDIOCINSERTARQ:
30136 		/* Store a arq struct to be pushed onto fifo */
30137 		SD_INFO(SD_LOG_SDTEST, un,
30138 		    "sd_faultinjection_ioctl: Injecting Fault Insert ARQ\n");
30139 		i = un->sd_fi_fifo_end % SD_FI_MAX_ERROR;
30140 
30141 		sd_fault_injection_on = 0;
30142 
30143 		if (un->sd_fi_fifo_arq[i] != NULL) {
30144 			kmem_free(un->sd_fi_fifo_arq[i],
30145 			    sizeof (struct sd_fi_arq));
30146 			un->sd_fi_fifo_arq[i] = NULL;
30147 		}
30148 		if (arg != NULL) {
30149 			un->sd_fi_fifo_arq[i] =
30150 			    kmem_alloc(sizeof (struct sd_fi_arq), KM_NOSLEEP);
30151 			if (un->sd_fi_fifo_arq[i] == NULL) {
30152 				/* Alloc failed don't store anything */
30153 				break;
30154 			}
30155 			rval = ddi_copyin((void *)arg, un->sd_fi_fifo_arq[i],
30156 			    sizeof (struct sd_fi_arq), 0);
30157 			if (rval == -1) {
30158 				kmem_free(un->sd_fi_fifo_arq[i],
30159 				    sizeof (struct sd_fi_arq));
30160 				un->sd_fi_fifo_arq[i] = NULL;
30161 			}
30162 
30163 		} else {
30164 			SD_INFO(SD_LOG_IOERR, un,
30165 			    "sd_faultinjection_ioctl: arq null\n");
30166 		}
30167 
30168 		break;
30169 
30170 	case SDIOCPUSH:
30171 		/* Push stored xb, pkt, un, and arq onto fifo */
30172 		sd_fault_injection_on = 0;
30173 
30174 		if (arg != NULL) {
30175 			rval = ddi_copyin((void *)arg, &i, sizeof (uint_t), 0);
30176 			if (rval != -1 &&
30177 			    un->sd_fi_fifo_end + i < SD_FI_MAX_ERROR) {
30178 				un->sd_fi_fifo_end += i;
30179 			}
30180 		} else {
30181 			SD_INFO(SD_LOG_IOERR, un,
30182 			    "sd_faultinjection_ioctl: push arg null\n");
30183 			if (un->sd_fi_fifo_end + i < SD_FI_MAX_ERROR) {
30184 				un->sd_fi_fifo_end++;
30185 			}
30186 		}
30187 		SD_INFO(SD_LOG_IOERR, un,
30188 		    "sd_faultinjection_ioctl: push to end=%d\n",
30189 		    un->sd_fi_fifo_end);
30190 		break;
30191 
30192 	case SDIOCRETRIEVE:
30193 		/* Return buffer of log from Injection session */
30194 		SD_INFO(SD_LOG_SDTEST, un,
30195 		    "sd_faultinjection_ioctl: Injecting Fault Retreive");
30196 
30197 		sd_fault_injection_on = 0;
30198 
30199 		mutex_enter(&(un->un_fi_mutex));
30200 		rval = ddi_copyout(un->sd_fi_log, (void *)arg,
30201 		    un->sd_fi_buf_len+1, 0);
30202 		mutex_exit(&(un->un_fi_mutex));
30203 
30204 		if (rval == -1) {
30205 			/*
30206 			 * arg is possibly invalid setting
30207 			 * it to NULL for return
30208 			 */
30209 			arg = NULL;
30210 		}
30211 		break;
30212 	}
30213 
30214 	mutex_exit(SD_MUTEX(un));
30215 	SD_TRACE(SD_LOG_IOERR, un, "sd_faultinjection_ioctl:"
30216 			    " exit\n");
30217 }
30218 
30219 
30220 /*
30221  *    Function: sd_injection_log()
30222  *
30223  * Description: This routine adds buff to the already existing injection log
30224  *              for retrieval via faultinjection_ioctl for use in fault
30225  *              detection and recovery
30226  *
30227  *   Arguments: buf - the string to add to the log
30228  */
30229 
30230 static void
30231 sd_injection_log(char *buf, struct sd_lun *un)
30232 {
30233 	uint_t len;
30234 
30235 	ASSERT(un != NULL);
30236 	ASSERT(buf != NULL);
30237 
30238 	mutex_enter(&(un->un_fi_mutex));
30239 
30240 	len = min(strlen(buf), 255);
30241 	/* Add logged value to Injection log to be returned later */
30242 	if (len + un->sd_fi_buf_len < SD_FI_MAX_BUF) {
30243 		uint_t	offset = strlen((char *)un->sd_fi_log);
30244 		char *destp = (char *)un->sd_fi_log + offset;
30245 		int i;
30246 		for (i = 0; i < len; i++) {
30247 			*destp++ = *buf++;
30248 		}
30249 		un->sd_fi_buf_len += len;
30250 		un->sd_fi_log[un->sd_fi_buf_len] = '\0';
30251 	}
30252 
30253 	mutex_exit(&(un->un_fi_mutex));
30254 }
30255 
30256 
30257 /*
30258  *    Function: sd_faultinjection()
30259  *
30260  * Description: This routine takes the pkt and changes its
30261  *		content based on error injection scenerio.
30262  *
30263  *   Arguments: pktp	- packet to be changed
30264  */
30265 
30266 static void
30267 sd_faultinjection(struct scsi_pkt *pktp)
30268 {
30269 	uint_t i;
30270 	struct sd_fi_pkt *fi_pkt;
30271 	struct sd_fi_xb *fi_xb;
30272 	struct sd_fi_un *fi_un;
30273 	struct sd_fi_arq *fi_arq;
30274 	struct buf *bp;
30275 	struct sd_xbuf *xb;
30276 	struct sd_lun *un;
30277 
30278 	ASSERT(pktp != NULL);
30279 
30280 	/* pull bp xb and un from pktp */
30281 	bp = (struct buf *)pktp->pkt_private;
30282 	xb = SD_GET_XBUF(bp);
30283 	un = SD_GET_UN(bp);
30284 
30285 	ASSERT(un != NULL);
30286 
30287 	mutex_enter(SD_MUTEX(un));
30288 
30289 	SD_TRACE(SD_LOG_SDTEST, un,
30290 	    "sd_faultinjection: entry Injection from sdintr\n");
30291 
30292 	/* if injection is off return */
30293 	if (sd_fault_injection_on == 0 ||
30294 		un->sd_fi_fifo_start == un->sd_fi_fifo_end) {
30295 		mutex_exit(SD_MUTEX(un));
30296 		return;
30297 	}
30298 
30299 
30300 	/* take next set off fifo */
30301 	i = un->sd_fi_fifo_start % SD_FI_MAX_ERROR;
30302 
30303 	fi_pkt = un->sd_fi_fifo_pkt[i];
30304 	fi_xb = un->sd_fi_fifo_xb[i];
30305 	fi_un = un->sd_fi_fifo_un[i];
30306 	fi_arq = un->sd_fi_fifo_arq[i];
30307 
30308 
30309 	/* set variables accordingly */
30310 	/* set pkt if it was on fifo */
30311 	if (fi_pkt != NULL) {
30312 		SD_CONDSET(pktp, pkt, pkt_flags, "pkt_flags");
30313 		SD_CONDSET(*pktp, pkt, pkt_scbp, "pkt_scbp");
30314 		SD_CONDSET(*pktp, pkt, pkt_cdbp, "pkt_cdbp");
30315 		SD_CONDSET(pktp, pkt, pkt_state, "pkt_state");
30316 		SD_CONDSET(pktp, pkt, pkt_statistics, "pkt_statistics");
30317 		SD_CONDSET(pktp, pkt, pkt_reason, "pkt_reason");
30318 
30319 	}
30320 
30321 	/* set xb if it was on fifo */
30322 	if (fi_xb != NULL) {
30323 		SD_CONDSET(xb, xb, xb_blkno, "xb_blkno");
30324 		SD_CONDSET(xb, xb, xb_dma_resid, "xb_dma_resid");
30325 		SD_CONDSET(xb, xb, xb_retry_count, "xb_retry_count");
30326 		SD_CONDSET(xb, xb, xb_victim_retry_count,
30327 		    "xb_victim_retry_count");
30328 		SD_CONDSET(xb, xb, xb_sense_status, "xb_sense_status");
30329 		SD_CONDSET(xb, xb, xb_sense_state, "xb_sense_state");
30330 		SD_CONDSET(xb, xb, xb_sense_resid, "xb_sense_resid");
30331 
30332 		/* copy in block data from sense */
30333 		if (fi_xb->xb_sense_data[0] != -1) {
30334 			bcopy(fi_xb->xb_sense_data, xb->xb_sense_data,
30335 			    SENSE_LENGTH);
30336 		}
30337 
30338 		/* copy in extended sense codes */
30339 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_code,
30340 		    "es_code");
30341 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_key,
30342 		    "es_key");
30343 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb, es_add_code,
30344 		    "es_add_code");
30345 		SD_CONDSET(((struct scsi_extended_sense *)xb), xb,
30346 		    es_qual_code, "es_qual_code");
30347 	}
30348 
30349 	/* set un if it was on fifo */
30350 	if (fi_un != NULL) {
30351 		SD_CONDSET(un->un_sd->sd_inq, un, inq_rmb, "inq_rmb");
30352 		SD_CONDSET(un, un, un_ctype, "un_ctype");
30353 		SD_CONDSET(un, un, un_reset_retry_count,
30354 		    "un_reset_retry_count");
30355 		SD_CONDSET(un, un, un_reservation_type, "un_reservation_type");
30356 		SD_CONDSET(un, un, un_resvd_status, "un_resvd_status");
30357 		SD_CONDSET(un, un, un_f_arq_enabled, "un_f_arq_enabled");
30358 		SD_CONDSET(un, un, un_f_geometry_is_valid,
30359 		    "un_f_geometry_is_valid");
30360 		SD_CONDSET(un, un, un_f_allow_bus_device_reset,
30361 		    "un_f_allow_bus_device_reset");
30362 		SD_CONDSET(un, un, un_f_opt_queueing, "un_f_opt_queueing");
30363 
30364 	}
30365 
30366 	/* copy in auto request sense if it was on fifo */
30367 	if (fi_arq != NULL) {
30368 		bcopy(fi_arq, pktp->pkt_scbp, sizeof (struct sd_fi_arq));
30369 	}
30370 
30371 	/* free structs */
30372 	if (un->sd_fi_fifo_pkt[i] != NULL) {
30373 		kmem_free(un->sd_fi_fifo_pkt[i], sizeof (struct sd_fi_pkt));
30374 	}
30375 	if (un->sd_fi_fifo_xb[i] != NULL) {
30376 		kmem_free(un->sd_fi_fifo_xb[i], sizeof (struct sd_fi_xb));
30377 	}
30378 	if (un->sd_fi_fifo_un[i] != NULL) {
30379 		kmem_free(un->sd_fi_fifo_un[i], sizeof (struct sd_fi_un));
30380 	}
30381 	if (un->sd_fi_fifo_arq[i] != NULL) {
30382 		kmem_free(un->sd_fi_fifo_arq[i], sizeof (struct sd_fi_arq));
30383 	}
30384 
30385 	/*
30386 	 * kmem_free does not gurantee to set to NULL
30387 	 * since we uses these to determine if we set
30388 	 * values or not lets confirm they are always
30389 	 * NULL after free
30390 	 */
30391 	un->sd_fi_fifo_pkt[i] = NULL;
30392 	un->sd_fi_fifo_un[i] = NULL;
30393 	un->sd_fi_fifo_xb[i] = NULL;
30394 	un->sd_fi_fifo_arq[i] = NULL;
30395 
30396 	un->sd_fi_fifo_start++;
30397 
30398 	mutex_exit(SD_MUTEX(un));
30399 
30400 	SD_TRACE(SD_LOG_SDTEST, un, "sd_faultinjection: exit\n");
30401 }
30402 
30403 #endif /* SD_FAULT_INJECTION */
30404