Merge from vendor branch BINUTILS:
[dragonfly.git] / sys / bus / cam / scsi / scsi_cd.c
1 /*
2  * Copyright (c) 1997 Justin T. Gibbs.
3  * Copyright (c) 1997, 1998, 1999, 2000, 2001, 2003, 2003 Kenneth D. Merry.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions, and the following disclaimer,
11  *    without modification, immediately at the beginning of the file.
12  * 2. The name of the author may not be used to endorse or promote products
13  *    derived from this software without specific prior written permission.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
19  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  *
27  * $FreeBSD: src/sys/cam/scsi/scsi_cd.c,v 1.31.2.16 2003/10/21 22:26:11 thomas Exp $
28  * $DragonFly: src/sys/bus/cam/scsi/scsi_cd.c,v 1.10 2003/12/29 06:42:10 dillon Exp $
29  */
30 /*
31  * Portions of this driver taken from the original FreeBSD cd driver.
32  * Written by Julian Elischer (julian@tfs.com)
33  * for TRW Financial Systems for use under the MACH(2.5) operating system.
34  *
35  * TRW Financial Systems, in accordance with their agreement with Carnegie
36  * Mellon University, makes this software available to CMU to distribute
37  * or use in any manner that they see fit as long as this message is kept with
38  * the software. For this reason TFS also grants any other persons or
39  * organisations permission to use or modify this software.
40  *
41  * TFS supplies this software to be publicly redistributed
42  * on the understanding that TFS is not responsible for the correct
43  * functioning of this software in any circumstances.
44  *
45  * Ported to run under 386BSD by Julian Elischer (julian@tfs.com) Sept 1992
46  *
47  *      from: cd.c,v 1.83 1997/05/04 15:24:22 joerg Exp $
48  */
49
50 #include "opt_cd.h"
51
52 #include <sys/param.h>
53 #include <sys/bootmaj.h>
54 #include <sys/systm.h>
55 #include <sys/kernel.h>
56 #include <sys/buf.h>
57 #include <sys/conf.h>
58 #include <sys/disk.h>
59 #include <sys/malloc.h>
60 #include <sys/cdio.h>
61 #include <sys/cdrio.h>
62 #include <sys/dvdio.h>
63 #include <sys/devicestat.h>
64 #include <sys/sysctl.h>
65 #include <sys/taskqueue.h>
66 #include <sys/proc.h>
67 #include <sys/buf2.h>
68
69 #include "../cam.h"
70 #include "../cam_ccb.h"
71 #include "../cam_extend.h"
72 #include "../cam_periph.h"
73 #include "../cam_xpt_periph.h"
74 #include "../cam_queue.h"
75
76 #include "scsi_message.h"
77 #include "scsi_da.h"
78 #include "scsi_cd.h"
79
80 #define LEADOUT         0xaa            /* leadout toc entry */
81
82 struct cd_params {
83         u_int32_t blksize;
84         u_long    disksize;
85 };
86
87 typedef enum {
88         CD_Q_NONE               = 0x00,
89         CD_Q_NO_TOUCH           = 0x01,
90         CD_Q_BCD_TRACKS         = 0x02,
91         CD_Q_NO_CHANGER         = 0x04,
92         CD_Q_CHANGER            = 0x08,
93         CD_Q_10_BYTE_ONLY       = 0x10
94 } cd_quirks;
95
96 typedef enum {
97         CD_FLAG_INVALID         = 0x0001,
98         CD_FLAG_NEW_DISC        = 0x0002,
99         CD_FLAG_DISC_LOCKED     = 0x0004,
100         CD_FLAG_DISC_REMOVABLE  = 0x0008,
101         CD_FLAG_TAGGED_QUEUING  = 0x0010,
102         CD_FLAG_CHANGER         = 0x0040,
103         CD_FLAG_ACTIVE          = 0x0080,
104         CD_FLAG_SCHED_ON_COMP   = 0x0100,
105         CD_FLAG_RETRY_UA        = 0x0200,
106         CD_FLAG_VALID_MEDIA     = 0x0400,
107         CD_FLAG_VALID_TOC       = 0x0800,
108         CD_FLAG_OPEN            = 0x1000,
109         CD_FLAG_SCTX_INIT       = 0x2000
110 } cd_flags;
111
112 typedef enum {
113         CD_CCB_PROBE            = 0x01,
114         CD_CCB_BUFFER_IO        = 0x02,
115         CD_CCB_WAITING          = 0x03,
116         CD_CCB_TYPE_MASK        = 0x0F,
117         CD_CCB_RETRY_UA         = 0x10
118 } cd_ccb_state;
119
120 typedef enum {
121         CHANGER_TIMEOUT_SCHED           = 0x01,
122         CHANGER_SHORT_TMOUT_SCHED       = 0x02,
123         CHANGER_MANUAL_CALL             = 0x04,
124         CHANGER_NEED_TIMEOUT            = 0x08
125 } cd_changer_flags;
126
127 #define ccb_state ppriv_field0
128 #define ccb_bp ppriv_ptr1
129
130 struct cd_tocdata {
131         struct ioc_toc_header header;
132         struct cd_toc_entry entries[100];
133 };
134
135 struct cd_toc_single {
136         struct ioc_toc_header header;
137         struct cd_toc_entry entry;
138 };
139
140 typedef enum {
141         CD_STATE_PROBE,
142         CD_STATE_NORMAL
143 } cd_state;
144
145 struct cd_softc {
146         cam_pinfo               pinfo;
147         cd_state                state;
148         volatile cd_flags       flags;
149         struct buf_queue_head   buf_queue;
150         LIST_HEAD(, ccb_hdr)    pending_ccbs;
151         struct cd_params        params;
152         struct disk             disk;
153         union ccb               saved_ccb;
154         cd_quirks               quirks;
155         struct devstat          device_stats;
156         STAILQ_ENTRY(cd_softc)  changer_links;
157         struct cdchanger        *changer;
158         int                     bufs_left;
159         struct cam_periph       *periph;
160         int                     minimum_command_size;
161         struct task             sysctl_task;
162         struct sysctl_ctx_list  sysctl_ctx;
163         struct sysctl_oid       *sysctl_tree;
164         STAILQ_HEAD(, cd_mode_params)   mode_queue;
165         struct cd_tocdata       toc;
166 };
167
168 struct cd_page_sizes {
169         int page;
170         int page_size;
171 };
172
173 static struct cd_page_sizes cd_page_size_table[] =
174 {
175         { AUDIO_PAGE, sizeof(struct cd_audio_page)}
176 };
177
178 struct cd_quirk_entry {
179         struct scsi_inquiry_pattern inq_pat;
180         cd_quirks quirks;
181 };
182
183 /*
184  * The changer quirk entries aren't strictly necessary.  Basically, what
185  * they do is tell cdregister() up front that a device is a changer.
186  * Otherwise, it will figure that fact out once it sees a LUN on the device
187  * that is greater than 0.  If it is known up front that a device is a changer,
188  * all I/O to the device will go through the changer scheduling routines, as
189  * opposed to the "normal" CD code.
190  *
191  * NOTE ON 10_BYTE_ONLY quirks:  Any 10_BYTE_ONLY quirks MUST be because
192  * your device hangs when it gets a 10 byte command.  Adding a quirk just
193  * to get rid of the informative diagnostic message is not acceptable.  All
194  * 10_BYTE_ONLY quirks must be documented in full in a PR (which should be
195  * referenced in a comment along with the quirk) , and must be approved by
196  * ken@FreeBSD.org.  Any quirks added that don't adhere to this policy may
197  * be removed until the submitter can explain why they are needed.
198  * 10_BYTE_ONLY quirks will be removed (as they will no longer be necessary)
199  * when the CAM_NEW_TRAN_CODE work is done.
200  */
201 static struct cd_quirk_entry cd_quirk_table[] =
202 {
203         {
204                 { T_CDROM, SIP_MEDIA_REMOVABLE, "NRC", "MBR-7", "*"},
205                  /*quirks*/ CD_Q_CHANGER
206         },
207         {
208                 { T_CDROM, SIP_MEDIA_REMOVABLE, "PIONEER", "CD-ROM DRM*",
209                   "*"}, /* quirks */ CD_Q_CHANGER
210         },
211         {
212                 { T_CDROM, SIP_MEDIA_REMOVABLE, "NAKAMICH", "MJ-*", "*"},
213                  /* quirks */ CD_Q_CHANGER
214         },
215         {
216                 { T_CDROM, SIP_MEDIA_REMOVABLE, "CHINON", "CD-ROM CDS-535","*"},
217                 /* quirks */ CD_Q_BCD_TRACKS
218         }
219 };
220
221 static  d_open_t        cdopen;
222 static  d_close_t       cdclose;
223 static  d_ioctl_t       cdioctl;
224 static  d_strategy_t    cdstrategy;
225
226 static  periph_init_t   cdinit;
227 static  periph_ctor_t   cdregister;
228 static  periph_dtor_t   cdcleanup;
229 static  periph_start_t  cdstart;
230 static  periph_oninv_t  cdoninvalidate;
231 static  void            cdasync(void *callback_arg, u_int32_t code,
232                                 struct cam_path *path, void *arg);
233 static  int             cdcmdsizesysctl(SYSCTL_HANDLER_ARGS);
234 static  void            cdshorttimeout(void *arg);
235 static  void            cdschedule(struct cam_periph *periph, int priority);
236 static  void            cdrunchangerqueue(void *arg);
237 static  void            cdchangerschedule(struct cd_softc *softc);
238 static  int             cdrunccb(union ccb *ccb,
239                                  int (*error_routine)(union ccb *ccb,
240                                                       u_int32_t cam_flags,
241                                                       u_int32_t sense_flags),
242                                  u_int32_t cam_flags, u_int32_t sense_flags);
243 static union    ccb     *cdgetccb(struct cam_periph *periph,
244                                   u_int32_t priority);
245 static  void            cddone(struct cam_periph *periph,
246                                union ccb *start_ccb);
247 static  int             cderror(union ccb *ccb, u_int32_t cam_flags,
248                                 u_int32_t sense_flags);
249 static  union cd_pages  *cdgetpage(struct cd_mode_params *mode_params);
250 static  int             cdgetpagesize(int page_num);
251 static  void            cdprevent(struct cam_periph *periph, int action);
252 static  int             cdcheckmedia(struct cam_periph *periph);
253 static  int             cdsize(struct cam_periph *periph, u_int32_t *size);
254 static  int             cd6byteworkaround(union ccb *ccb);
255 static  int             cdreadtoc(struct cam_periph *periph, u_int32_t mode, 
256                                   u_int32_t start, u_int8_t *data, 
257                                   u_int32_t len, u_int32_t sense_flags);
258 static  int             cdgetmode(struct cam_periph *periph, 
259                                   struct cd_mode_params *data, u_int32_t page);
260 static  int             cdsetmode(struct cam_periph *periph,
261                                   struct cd_mode_params *data);
262 static  int             cdplay(struct cam_periph *periph, u_int32_t blk, 
263                                u_int32_t len);
264 static  int             cdreadsubchannel(struct cam_periph *periph, 
265                                          u_int32_t mode, u_int32_t format, 
266                                          int track, 
267                                          struct cd_sub_channel_info *data, 
268                                          u_int32_t len);
269 static  int             cdplaymsf(struct cam_periph *periph, u_int32_t startm, 
270                                   u_int32_t starts, u_int32_t startf, 
271                                   u_int32_t endm, u_int32_t ends, 
272                                   u_int32_t endf);
273 static  int             cdplaytracks(struct cam_periph *periph, 
274                                      u_int32_t strack, u_int32_t sindex,
275                                      u_int32_t etrack, u_int32_t eindex);
276 static  int             cdpause(struct cam_periph *periph, u_int32_t go);
277 static  int             cdstopunit(struct cam_periph *periph, u_int32_t eject);
278 static  int             cdstartunit(struct cam_periph *periph, int load);
279 static  int             cdsetspeed(struct cam_periph *periph,
280                                    u_int32_t rdspeed, u_int32_t wrspeed);
281 static  int             cdreportkey(struct cam_periph *periph,
282                                     struct dvd_authinfo *authinfo);
283 static  int             cdsendkey(struct cam_periph *periph,
284                                   struct dvd_authinfo *authinfo);
285 static  int             cdreaddvdstructure(struct cam_periph *periph,
286                                            struct dvd_struct *dvdstruct);
287
288 static struct periph_driver cddriver =
289 {
290         cdinit, "cd",
291         TAILQ_HEAD_INITIALIZER(cddriver.units), /* generation */ 0
292 };
293
294 DATA_SET(periphdriver_set, cddriver);
295
296 /* For 2.2-stable support */
297 #ifndef D_DISK
298 #define D_DISK 0
299 #endif
300 static struct cdevsw cd_cdevsw = {
301         /* name */      "cd",
302         /* maj */       SCSICD_CDEV_MAJOR,
303         /* flags */     D_DISK,
304         /* port */      NULL,
305         /* autoq */     0,
306
307         /* open */      cdopen,
308         /* close */     cdclose,
309         /* read */      physread,
310         /* write */     physwrite,
311         /* ioctl */     cdioctl,
312         /* poll */      nopoll,
313         /* mmap */      nommap,
314         /* strategy */  cdstrategy,
315         /* dump */      nodump,
316         /* psize */     nopsize,
317 };
318
319 static struct extend_array *cdperiphs;
320 static int num_changers;
321
322 #ifndef CHANGER_MIN_BUSY_SECONDS
323 #define CHANGER_MIN_BUSY_SECONDS        5
324 #endif
325 #ifndef CHANGER_MAX_BUSY_SECONDS
326 #define CHANGER_MAX_BUSY_SECONDS        15
327 #endif
328
329 static int changer_min_busy_seconds = CHANGER_MIN_BUSY_SECONDS;
330 static int changer_max_busy_seconds = CHANGER_MAX_BUSY_SECONDS;
331
332 /*
333  * XXX KDM this CAM node should be moved if we ever get more CAM sysctl
334  * variables.
335  */
336 SYSCTL_NODE(_kern, OID_AUTO, cam, CTLFLAG_RD, 0, "CAM Subsystem");
337 SYSCTL_NODE(_kern_cam, OID_AUTO, cd, CTLFLAG_RD, 0, "CAM CDROM driver");
338 SYSCTL_NODE(_kern_cam_cd, OID_AUTO, changer, CTLFLAG_RD, 0, "CD Changer");
339 SYSCTL_INT(_kern_cam_cd_changer, OID_AUTO, min_busy_seconds, CTLFLAG_RW,
340            &changer_min_busy_seconds, 0, "Minimum changer scheduling quantum");
341 TUNABLE_INT("kern.cam.cd.changer.min_busy_seconds", &changer_min_busy_seconds);
342 SYSCTL_INT(_kern_cam_cd_changer, OID_AUTO, max_busy_seconds, CTLFLAG_RW,
343            &changer_max_busy_seconds, 0, "Maximum changer scheduling quantum");
344 TUNABLE_INT("kern.cam.cd.changer.max_busy_seconds", &changer_max_busy_seconds);
345
346 struct cdchanger {
347         path_id_t                        path_id;
348         target_id_t                      target_id;
349         int                              num_devices;
350         struct camq                      devq;
351         struct timeval                   start_time;
352         struct cd_softc                  *cur_device;
353         struct callout_handle            short_handle;
354         struct callout_handle            long_handle;
355         volatile cd_changer_flags        flags;
356         STAILQ_ENTRY(cdchanger)          changer_links;
357         STAILQ_HEAD(chdevlist, cd_softc) chluns;
358 };
359
360 static STAILQ_HEAD(changerlist, cdchanger) changerq;
361
362 void
363 cdinit(void)
364 {
365         cam_status status;
366         struct cam_path *path;
367
368         /*
369          * Create our extend array for storing the devices we attach to.
370          */
371         cdperiphs = cam_extend_new();
372         if (cdperiphs == NULL) {
373                 printf("cd: Failed to alloc extend array!\n");
374                 return;
375         }
376
377         /*
378          * Install a global async callback.  This callback will
379          * receive async callbacks like "new device found".
380          */
381         status = xpt_create_path(&path, /*periph*/NULL, CAM_XPT_PATH_ID,
382                                  CAM_TARGET_WILDCARD, CAM_LUN_WILDCARD);
383
384         if (status == CAM_REQ_CMP) {
385                 struct ccb_setasync csa;
386
387                 xpt_setup_ccb(&csa.ccb_h, path, /*priority*/5);
388                 csa.ccb_h.func_code = XPT_SASYNC_CB;
389                 csa.event_enable = AC_FOUND_DEVICE;
390                 csa.callback = cdasync;
391                 csa.callback_arg = NULL;
392                 xpt_action((union ccb *)&csa);
393                 status = csa.ccb_h.status;
394                 xpt_free_path(path);
395         }
396
397         if (status != CAM_REQ_CMP) {
398                 printf("cd: Failed to attach master async callback "
399                        "due to status 0x%x!\n", status);
400         }
401 }
402
403 static void
404 cdoninvalidate(struct cam_periph *periph)
405 {
406         int s;
407         struct cd_softc *softc;
408         struct buf *q_bp;
409         struct ccb_setasync csa;
410
411         softc = (struct cd_softc *)periph->softc;
412
413         /*
414          * De-register any async callbacks.
415          */
416         xpt_setup_ccb(&csa.ccb_h, periph->path,
417                       /* priority */ 5);
418         csa.ccb_h.func_code = XPT_SASYNC_CB;
419         csa.event_enable = 0;
420         csa.callback = cdasync;
421         csa.callback_arg = periph;
422         xpt_action((union ccb *)&csa);
423
424         softc->flags |= CD_FLAG_INVALID;
425
426         /*
427          * Although the oninvalidate() routines are always called at
428          * splsoftcam, we need to be at splbio() here to keep the buffer
429          * queue from being modified while we traverse it.
430          */
431         s = splbio();
432
433         /*
434          * Return all queued I/O with ENXIO.
435          * XXX Handle any transactions queued to the card
436          *     with XPT_ABORT_CCB.
437          */
438         while ((q_bp = bufq_first(&softc->buf_queue)) != NULL){
439                 bufq_remove(&softc->buf_queue, q_bp);
440                 q_bp->b_resid = q_bp->b_bcount;
441                 q_bp->b_error = ENXIO;
442                 q_bp->b_flags |= B_ERROR;
443                 biodone(q_bp);
444         }
445         splx(s);
446
447         /*
448          * If this device is part of a changer, and it was scheduled
449          * to run, remove it from the run queue since we just nuked
450          * all of its scheduled I/O.
451          */
452         if ((softc->flags & CD_FLAG_CHANGER)
453          && (softc->pinfo.index != CAM_UNQUEUED_INDEX))
454                 camq_remove(&softc->changer->devq, softc->pinfo.index);
455
456         xpt_print_path(periph->path);
457         printf("lost device\n");
458 }
459
460 static void
461 cdcleanup(struct cam_periph *periph)
462 {
463         struct cd_softc *softc;
464         int s;
465
466         softc = (struct cd_softc *)periph->softc;
467
468         xpt_print_path(periph->path);
469         printf("removing device entry\n");
470
471         if ((softc->flags & CD_FLAG_SCTX_INIT) != 0
472             && sysctl_ctx_free(&softc->sysctl_ctx) != 0) {
473                 xpt_print_path(periph->path);
474                 printf("can't remove sysctl context\n");
475         }
476
477         s = splsoftcam();
478         /*
479          * In the queued, non-active case, the device in question
480          * has already been removed from the changer run queue.  Since this
481          * device is active, we need to de-activate it, and schedule
482          * another device to run.  (if there is another one to run)
483          */
484         if ((softc->flags & CD_FLAG_CHANGER)
485          && (softc->flags & CD_FLAG_ACTIVE)) {
486
487                 /*
488                  * The purpose of the short timeout is soley to determine
489                  * whether the current device has finished or not.  Well,
490                  * since we're removing the active device, we know that it
491                  * is finished.  So, get rid of the short timeout.
492                  * Otherwise, if we're in the time period before the short
493                  * timeout fires, and there are no other devices in the
494                  * queue to run, there won't be any other device put in the
495                  * active slot.  i.e., when we call cdrunchangerqueue()
496                  * below, it won't do anything.  Then, when the short
497                  * timeout fires, it'll look at the "current device", which
498                  * we are free below, and possibly panic the kernel on a
499                  * bogus pointer reference.
500                  *
501                  * The long timeout doesn't really matter, since we
502                  * decrement the qfrozen_cnt to indicate that there is
503                  * nothing in the active slot now.  Therefore, there won't
504                  * be any bogus pointer references there.
505                  */
506                 if (softc->changer->flags & CHANGER_SHORT_TMOUT_SCHED) {
507                         untimeout(cdshorttimeout, softc->changer,
508                                   softc->changer->short_handle);
509                         softc->changer->flags &= ~CHANGER_SHORT_TMOUT_SCHED;
510                 }
511                 softc->changer->devq.qfrozen_cnt--;
512                 softc->changer->flags |= CHANGER_MANUAL_CALL;
513                 cdrunchangerqueue(softc->changer);
514         }
515
516         /*
517          * If we're removing the last device on the changer, go ahead and
518          * remove the changer device structure.
519          */
520         if ((softc->flags & CD_FLAG_CHANGER)
521          && (--softc->changer->num_devices == 0)) {
522
523                 /*
524                  * Theoretically, there shouldn't be any timeouts left, but
525                  * I'm not completely sure that that will be the case.  So,
526                  * it won't hurt to check and see if there are any left.
527                  */
528                 if (softc->changer->flags & CHANGER_TIMEOUT_SCHED) {
529                         untimeout(cdrunchangerqueue, softc->changer,
530                                   softc->changer->long_handle);
531                         softc->changer->flags &= ~CHANGER_TIMEOUT_SCHED;
532                 }
533
534                 if (softc->changer->flags & CHANGER_SHORT_TMOUT_SCHED) {
535                         untimeout(cdshorttimeout, softc->changer,
536                                   softc->changer->short_handle);
537                         softc->changer->flags &= ~CHANGER_SHORT_TMOUT_SCHED;
538                 }
539
540                 STAILQ_REMOVE(&changerq, softc->changer, cdchanger,
541                               changer_links);
542                 xpt_print_path(periph->path);
543                 printf("removing changer entry\n");
544                 free(softc->changer, M_DEVBUF);
545                 num_changers--;
546         }
547         devstat_remove_entry(&softc->device_stats);
548         cam_extend_release(cdperiphs, periph->unit_number);
549         if (softc->disk.d_dev) {
550                 disk_destroy(&softc->disk);
551         }
552         free(softc, M_DEVBUF);
553         splx(s);
554 }
555
556 static void
557 cdasync(void *callback_arg, u_int32_t code,
558         struct cam_path *path, void *arg)
559 {
560         struct cam_periph *periph;
561
562         periph = (struct cam_periph *)callback_arg;
563         switch (code) {
564         case AC_FOUND_DEVICE:
565         {
566                 struct ccb_getdev *cgd;
567                 cam_status status;
568
569                 cgd = (struct ccb_getdev *)arg;
570
571                 if (SID_TYPE(&cgd->inq_data) != T_CDROM
572                     && SID_TYPE(&cgd->inq_data) != T_WORM)
573                         break;
574
575                 /*
576                  * Allocate a peripheral instance for
577                  * this device and start the probe
578                  * process.
579                  */
580                 status = cam_periph_alloc(cdregister, cdoninvalidate,
581                                           cdcleanup, cdstart,
582                                           "cd", CAM_PERIPH_BIO,
583                                           cgd->ccb_h.path, cdasync,
584                                           AC_FOUND_DEVICE, cgd);
585
586                 if (status != CAM_REQ_CMP
587                  && status != CAM_REQ_INPROG)
588                         printf("cdasync: Unable to attach new device "
589                                "due to status 0x%x\n", status);
590
591                 break;
592         }
593         case AC_SENT_BDR:
594         case AC_BUS_RESET:
595         {
596                 struct cd_softc *softc;
597                 struct ccb_hdr *ccbh;
598                 int s;
599
600                 softc = (struct cd_softc *)periph->softc;
601                 s = splsoftcam();
602                 /*
603                  * Don't fail on the expected unit attention
604                  * that will occur.
605                  */
606                 softc->flags |= CD_FLAG_RETRY_UA;
607                 for (ccbh = LIST_FIRST(&softc->pending_ccbs);
608                      ccbh != NULL; ccbh = LIST_NEXT(ccbh, periph_links.le))
609                         ccbh->ccb_state |= CD_CCB_RETRY_UA;
610                 splx(s);
611                 /* FALLTHROUGH */
612         }
613         default:
614                 cam_periph_async(periph, code, path, arg);
615                 break;
616         }
617 }
618
619 static void
620 cdsysctlinit(void *context, int pending)
621 {
622         struct cam_periph *periph;
623         struct cd_softc *softc;
624         char tmpstr[80], tmpstr2[80];
625
626         periph = (struct cam_periph *)context;
627         softc = (struct cd_softc *)periph->softc;
628
629         snprintf(tmpstr, sizeof(tmpstr), "CAM CD unit %d", periph->unit_number);
630         snprintf(tmpstr2, sizeof(tmpstr2), "%d", periph->unit_number);
631
632         sysctl_ctx_init(&softc->sysctl_ctx);
633         softc->flags |= CD_FLAG_SCTX_INIT;
634         softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
635         SYSCTL_STATIC_CHILDREN(_kern_cam_cd), OID_AUTO,
636         tmpstr2, CTLFLAG_RD, 0, tmpstr);
637
638         if (softc->sysctl_tree == NULL) {
639                 printf("cdsysctlinit: unable to allocate sysctl tree\n");
640                 return;
641         }
642
643         /*
644          * Now register the sysctl handler, so the user can the value on
645          * the fly.
646          */
647         SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
648                         OID_AUTO, "minimum_cmd_size", CTLTYPE_INT | CTLFLAG_RW,
649                         &softc->minimum_command_size, 0, cdcmdsizesysctl, "I",
650                         "Minimum CDB size");
651 }
652
653 /*
654  * We have a handler function for this so we can check the values when the
655  * user sets them, instead of every time we look at them.
656  */
657 static int
658 cdcmdsizesysctl(SYSCTL_HANDLER_ARGS)
659 {
660         int error, value;
661
662         value = *(int *)arg1;
663
664         error = sysctl_handle_int(oidp, &value, 0, req);
665
666         if ((error != 0) || (req->newptr == NULL))
667                 return (error);
668
669         /*
670          * The only real values we can have here are 6 or 10.  I don't
671          * really forsee having 12 be an option at any time in the future.
672          * So if the user sets something less than or equal to 6, we'll set
673          * it to 6.  If he sets something greater than 6, we'll set it to 10.
674          *
675          * I suppose we could just return an error here for the wrong values,
676          * but I don't think it's necessary to do so, as long as we can
677          * determine the user's intent without too much trouble.
678          */
679         if (value < 6)
680                 value = 6;
681         else if (value > 6)
682                 value = 10;
683
684         *(int *)arg1 = value;
685
686         return (0);
687 }
688
689
690 static cam_status
691 cdregister(struct cam_periph *periph, void *arg)
692 {
693         struct cd_softc *softc;
694         struct ccb_setasync csa;
695         struct ccb_pathinq cpi;
696         struct ccb_getdev *cgd;
697         char tmpstr[80];
698         caddr_t match;
699
700         cgd = (struct ccb_getdev *)arg;
701         if (periph == NULL) {
702                 printf("cdregister: periph was NULL!!\n");
703                 return(CAM_REQ_CMP_ERR);
704         }
705         if (cgd == NULL) {
706                 printf("cdregister: no getdev CCB, can't register device\n");
707                 return(CAM_REQ_CMP_ERR);
708         }
709
710         softc = (struct cd_softc *)malloc(sizeof(*softc),M_DEVBUF,M_NOWAIT);
711
712         if (softc == NULL) {
713                 printf("cdregister: Unable to probe new device. "
714                        "Unable to allocate softc\n");                           
715                 return(CAM_REQ_CMP_ERR);
716         }
717
718         bzero(softc, sizeof(*softc));
719         LIST_INIT(&softc->pending_ccbs);
720         STAILQ_INIT(&softc->mode_queue);
721         softc->state = CD_STATE_PROBE;
722         bufq_init(&softc->buf_queue);
723         if (SID_IS_REMOVABLE(&cgd->inq_data))
724                 softc->flags |= CD_FLAG_DISC_REMOVABLE;
725         if ((cgd->inq_data.flags & SID_CmdQue) != 0)
726                 softc->flags |= CD_FLAG_TAGGED_QUEUING;
727
728         periph->softc = softc;
729         softc->periph = periph;
730
731         cam_extend_set(cdperiphs, periph->unit_number, periph);
732
733         /*
734          * See if this device has any quirks.
735          */
736         match = cam_quirkmatch((caddr_t)&cgd->inq_data,
737                                (caddr_t)cd_quirk_table,
738                                sizeof(cd_quirk_table)/sizeof(*cd_quirk_table),
739                                sizeof(*cd_quirk_table), scsi_inquiry_match);
740
741         if (match != NULL)
742                 softc->quirks = ((struct cd_quirk_entry *)match)->quirks;
743         else
744                 softc->quirks = CD_Q_NONE;
745
746         /* Check if the SIM does not want 6 byte commands */
747         xpt_setup_ccb(&cpi.ccb_h, periph->path, /*priority*/1);
748         cpi.ccb_h.func_code = XPT_PATH_INQ;
749         xpt_action((union ccb *)&cpi);
750         if (cpi.ccb_h.status == CAM_REQ_CMP && (cpi.hba_misc & PIM_NO_6_BYTE))
751                 softc->quirks |= CD_Q_10_BYTE_ONLY;
752
753         TASK_INIT(&softc->sysctl_task, 0, cdsysctlinit, periph);
754
755         /* The default is 6 byte commands, unless quirked otherwise */
756         if (softc->quirks & CD_Q_10_BYTE_ONLY)
757                 softc->minimum_command_size = 10;
758         else
759                 softc->minimum_command_size = 6;
760
761         /*
762          * Load the user's default, if any.
763          */
764         snprintf(tmpstr, sizeof(tmpstr), "kern.cam.cd.%d.minimum_cmd_size",
765                 periph->unit_number);
766         TUNABLE_INT_FETCH(tmpstr, &softc->minimum_command_size);
767
768         /* 6 and 10 are the only permissible values here. */
769         if (softc->minimum_command_size < 6)
770                 softc->minimum_command_size = 6;
771         else if (softc->minimum_command_size > 6)
772                 softc->minimum_command_size = 10;
773
774         /*
775          * We need to register the statistics structure for this device,
776          * but we don't have the blocksize yet for it.  So, we register
777          * the structure and indicate that we don't have the blocksize
778          * yet.  Unlike other SCSI peripheral drivers, we explicitly set
779          * the device type here to be CDROM, rather than just ORing in
780          * the device type.  This is because this driver can attach to either
781          * CDROM or WORM devices, and we want this peripheral driver to
782          * show up in the devstat list as a CD peripheral driver, not a
783          * WORM peripheral driver.  WORM drives will also have the WORM
784          * driver attached to them.
785          */
786         devstat_add_entry(&softc->device_stats, "cd", 
787                           periph->unit_number, 0,
788                           DEVSTAT_BS_UNAVAILABLE,
789                           DEVSTAT_TYPE_CDROM | DEVSTAT_TYPE_IF_SCSI,
790                           DEVSTAT_PRIORITY_CD);
791         disk_create(periph->unit_number, &softc->disk,
792                     DSO_ONESLICE | DSO_COMPATLABEL, &cd_cdevsw);
793
794         /*
795          * Add an async callback so that we get
796          * notified if this device goes away.
797          */
798         xpt_setup_ccb(&csa.ccb_h, periph->path,
799                       /* priority */ 5);
800         csa.ccb_h.func_code = XPT_SASYNC_CB;
801         csa.event_enable = AC_SENT_BDR | AC_BUS_RESET | AC_LOST_DEVICE;
802         csa.callback = cdasync;
803         csa.callback_arg = periph;
804         xpt_action((union ccb *)&csa);
805
806         /*
807          * If the target lun is greater than 0, we most likely have a CD
808          * changer device.  Check the quirk entries as well, though, just
809          * in case someone has a CD tower with one lun per drive or
810          * something like that.  Also, if we know up front that a
811          * particular device is a changer, we can mark it as such starting
812          * with lun 0, instead of lun 1.  It shouldn't be necessary to have
813          * a quirk entry to define something as a changer, however.
814          */
815         if (((cgd->ccb_h.target_lun > 0)
816           && ((softc->quirks & CD_Q_NO_CHANGER) == 0))
817          || ((softc->quirks & CD_Q_CHANGER) != 0)) {
818                 struct cdchanger *nchanger;
819                 struct cam_periph *nperiph;
820                 struct cam_path *path;
821                 cam_status status;
822                 int found;
823
824                 /* Set the changer flag in the current device's softc */
825                 softc->flags |= CD_FLAG_CHANGER;
826
827                 if (num_changers == 0)
828                         STAILQ_INIT(&changerq);
829
830                 /*
831                  * Now, look around for an existing changer device with the
832                  * same path and target ID as the current device.
833                  */
834                 for (found = 0,
835                      nchanger = (struct cdchanger *)STAILQ_FIRST(&changerq);
836                      nchanger != NULL;
837                      nchanger = STAILQ_NEXT(nchanger, changer_links)){
838                         if ((nchanger->path_id == cgd->ccb_h.path_id) 
839                          && (nchanger->target_id == cgd->ccb_h.target_id)) {
840                                 found = 1;
841                                 break;
842                         }
843                 }
844
845                 /*
846                  * If we found a matching entry, just add this device to
847                  * the list of devices on this changer.
848                  */
849                 if (found == 1) {
850                         struct chdevlist *chlunhead;
851
852                         chlunhead = &nchanger->chluns;
853
854                         /*
855                          * XXX KDM look at consolidating this code with the
856                          * code below in a separate function.
857                          */
858
859                         /*
860                          * Create a path with lun id 0, and see if we can
861                          * find a matching device
862                          */
863                         status = xpt_create_path(&path, /*periph*/ periph,
864                                                  cgd->ccb_h.path_id,
865                                                  cgd->ccb_h.target_id, 0);
866
867                         if ((status == CAM_REQ_CMP)
868                          && ((nperiph = cam_periph_find(path, "cd")) != NULL)){
869                                 struct cd_softc *nsoftc;
870
871                                 nsoftc = (struct cd_softc *)nperiph->softc;
872
873                                 if ((nsoftc->flags & CD_FLAG_CHANGER) == 0){
874                                         nsoftc->flags |= CD_FLAG_CHANGER;
875                                         nchanger->num_devices++;
876                                         if (camq_resize(&nchanger->devq,
877                                            nchanger->num_devices)!=CAM_REQ_CMP){
878                                                 printf("cdregister: "
879                                                        "camq_resize "
880                                                        "failed, changer "
881                                                        "support may "
882                                                        "be messed up\n");
883                                         }
884                                         nsoftc->changer = nchanger;
885                                         nsoftc->pinfo.index =CAM_UNQUEUED_INDEX;
886
887                                         STAILQ_INSERT_TAIL(&nchanger->chluns,
888                                                           nsoftc,changer_links);
889                                 }
890                                 xpt_free_path(path);
891                         } else if (status == CAM_REQ_CMP)
892                                 xpt_free_path(path);
893                         else {
894                                 printf("cdregister: unable to allocate path\n"
895                                        "cdregister: changer support may be "
896                                        "broken\n");
897                         }
898
899                         nchanger->num_devices++;
900
901                         softc->changer = nchanger;
902                         softc->pinfo.index = CAM_UNQUEUED_INDEX;
903
904                         if (camq_resize(&nchanger->devq,
905                             nchanger->num_devices) != CAM_REQ_CMP) {
906                                 printf("cdregister: camq_resize "
907                                        "failed, changer support may "
908                                        "be messed up\n");
909                         }
910
911                         STAILQ_INSERT_TAIL(chlunhead, softc, changer_links);
912                 }
913                 /*
914                  * In this case, we don't already have an entry for this
915                  * particular changer, so we need to create one, add it to
916                  * the queue, and queue this device on the list for this
917                  * changer.  Before we queue this device, however, we need
918                  * to search for lun id 0 on this target, and add it to the
919                  * queue first, if it exists.  (and if it hasn't already
920                  * been marked as part of the changer.)
921                  */
922                 else {
923                         nchanger = malloc(sizeof(struct cdchanger),
924                                 M_DEVBUF, M_NOWAIT);
925
926                         if (nchanger == NULL) {
927                                 softc->flags &= ~CD_FLAG_CHANGER;
928                                 printf("cdregister: unable to malloc "
929                                        "changer structure\ncdregister: "
930                                        "changer support disabled\n");
931
932                                 /*
933                                  * Yes, gotos can be gross but in this case
934                                  * I think it's justified..
935                                  */
936                                 goto cdregisterexit;
937                         }
938
939                         /* zero the structure */
940                         bzero(nchanger, sizeof(struct cdchanger));
941
942                         if (camq_init(&nchanger->devq, 1) != 0) {
943                                 softc->flags &= ~CD_FLAG_CHANGER;
944                                 printf("cdregister: changer support "
945                                        "disabled\n");
946                                 goto cdregisterexit;
947                         }
948
949                         num_changers++;
950
951                         nchanger->path_id = cgd->ccb_h.path_id;
952                         nchanger->target_id = cgd->ccb_h.target_id;
953
954                         /* this is superfluous, but it makes things clearer */
955                         nchanger->num_devices = 0;
956
957                         STAILQ_INIT(&nchanger->chluns);
958
959                         STAILQ_INSERT_TAIL(&changerq, nchanger,
960                                            changer_links);
961                         
962                         /*
963                          * Create a path with lun id 0, and see if we can
964                          * find a matching device
965                          */
966                         status = xpt_create_path(&path, /*periph*/ periph,
967                                                  cgd->ccb_h.path_id,
968                                                  cgd->ccb_h.target_id, 0);
969
970                         /*
971                          * If we were able to allocate the path, and if we
972                          * find a matching device and it isn't already
973                          * marked as part of a changer, then we add it to
974                          * the current changer.
975                          */
976                         if ((status == CAM_REQ_CMP)
977                          && ((nperiph = cam_periph_find(path, "cd")) != NULL)
978                          && ((((struct cd_softc *)periph->softc)->flags &
979                                CD_FLAG_CHANGER) == 0)) {
980                                 struct cd_softc *nsoftc;
981
982                                 nsoftc = (struct cd_softc *)nperiph->softc;
983
984                                 nsoftc->flags |= CD_FLAG_CHANGER;
985                                 nchanger->num_devices++;
986                                 if (camq_resize(&nchanger->devq,
987                                     nchanger->num_devices) != CAM_REQ_CMP) {
988                                         printf("cdregister: camq_resize "
989                                                "failed, changer support may "
990                                                "be messed up\n");
991                                 }
992                                 nsoftc->changer = nchanger;
993                                 nsoftc->pinfo.index = CAM_UNQUEUED_INDEX;
994
995                                 STAILQ_INSERT_TAIL(&nchanger->chluns,
996                                                    nsoftc, changer_links);
997                                 xpt_free_path(path);
998                         } else if (status == CAM_REQ_CMP)
999                                 xpt_free_path(path);
1000                         else {
1001                                 printf("cdregister: unable to allocate path\n"
1002                                        "cdregister: changer support may be "
1003                                        "broken\n");
1004                         }
1005
1006                         softc->changer = nchanger;
1007                         softc->pinfo.index = CAM_UNQUEUED_INDEX;
1008                         nchanger->num_devices++;
1009                         if (camq_resize(&nchanger->devq,
1010                             nchanger->num_devices) != CAM_REQ_CMP) {
1011                                 printf("cdregister: camq_resize "
1012                                        "failed, changer support may "
1013                                        "be messed up\n");
1014                         }
1015                         STAILQ_INSERT_TAIL(&nchanger->chluns, softc,
1016                                            changer_links);
1017                 }
1018         }
1019
1020 cdregisterexit:
1021
1022         /* Lock this peripheral until we are setup */
1023         /* Can't block */
1024         cam_periph_lock(periph, 0); 
1025
1026         if ((softc->flags & CD_FLAG_CHANGER) == 0)
1027                 xpt_schedule(periph, /*priority*/5);
1028         else
1029                 cdschedule(periph, /*priority*/ 5);
1030
1031         return(CAM_REQ_CMP);
1032 }
1033
1034 static int
1035 cdopen(dev_t dev, int flags, int fmt, struct thread *td)
1036 {
1037         struct cam_periph *periph;
1038         struct cd_softc *softc;
1039         int unit, error;
1040         int s;
1041
1042         unit = dkunit(dev);
1043         periph = cam_extend_get(cdperiphs, unit);
1044
1045         if (periph == NULL)
1046                 return (ENXIO);
1047
1048         softc = (struct cd_softc *)periph->softc;
1049
1050         /*
1051          * Grab splsoftcam and hold it until we lock the peripheral.
1052          */
1053         s = splsoftcam();
1054         if (softc->flags & CD_FLAG_INVALID) {
1055                 splx(s);
1056                 return(ENXIO);
1057         }
1058
1059         if ((error = cam_periph_lock(periph, PCATCH)) != 0) {
1060                 splx(s);
1061                 return (error);
1062         }
1063
1064         splx(s);
1065
1066         if (cam_periph_acquire(periph) != CAM_REQ_CMP)
1067                 return(ENXIO);
1068
1069         /*
1070          * Check for media, and set the appropriate flags.  We don't bail
1071          * if we don't have media, but then we don't allow anything but the
1072          * CDIOCEJECT/CDIOCCLOSE ioctls if there is no media.
1073          *
1074          * XXX KDM for now, we do fail the open if we don't have media.  We
1075          * can change this once we've figured out how to make the slice
1076          * code work well with media changing underneath it.
1077          */
1078         error = cdcheckmedia(periph);
1079
1080         if (error == 0)
1081                 softc->flags |= CD_FLAG_OPEN;
1082
1083         cam_periph_unlock(periph);
1084
1085         CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("leaving cdopen\n"));
1086
1087         return (error);
1088 }
1089
1090 static int
1091 cdclose(dev_t dev, int flag, int fmt, struct thread *td)
1092 {
1093         struct  cam_periph *periph;
1094         struct  cd_softc *softc;
1095         int     unit, error;
1096
1097         unit = dkunit(dev);
1098         periph = cam_extend_get(cdperiphs, unit);
1099         if (periph == NULL)
1100                 return (ENXIO); 
1101
1102         softc = (struct cd_softc *)periph->softc;
1103
1104         if ((error = cam_periph_lock(periph, 0)) != 0)
1105                 return (error);
1106
1107         if ((softc->flags & CD_FLAG_DISC_REMOVABLE) != 0)
1108                 cdprevent(periph, PR_ALLOW);
1109
1110         /*
1111          * Unconditionally set the dsopen() flags back to their default
1112          * state.
1113          */
1114         softc->disk.d_dsflags &= ~DSO_NOLABELS;
1115         softc->disk.d_dsflags |= DSO_COMPATLABEL;
1116
1117         /*
1118          * Since we're closing this CD, mark the blocksize as unavailable.
1119          * It will be marked as available when the CD is opened again.
1120          */
1121         softc->device_stats.flags |= DEVSTAT_BS_UNAVAILABLE;
1122
1123         /*
1124          * We'll check the media and toc again at the next open().
1125          */
1126         softc->flags &= ~(CD_FLAG_VALID_MEDIA|CD_FLAG_VALID_TOC);
1127         
1128         softc->flags &= ~CD_FLAG_OPEN;
1129
1130         cam_periph_unlock(periph);
1131         cam_periph_release(periph);
1132
1133         return (0);
1134 }
1135
1136 static void
1137 cdshorttimeout(void *arg)
1138 {
1139         struct cdchanger *changer;
1140         int s;
1141
1142         s = splsoftcam();
1143
1144         changer = (struct cdchanger *)arg;
1145
1146         /* Always clear the short timeout flag, since that's what we're in */
1147         changer->flags &= ~CHANGER_SHORT_TMOUT_SCHED;
1148
1149         /*
1150          * Check to see if there is any more pending or outstanding I/O for
1151          * this device.  If not, move it out of the active slot.
1152          */
1153         if ((bufq_first(&changer->cur_device->buf_queue) == NULL)
1154          && (changer->cur_device->device_stats.busy_count == 0)) {
1155                 changer->flags |= CHANGER_MANUAL_CALL;
1156                 cdrunchangerqueue(changer);
1157         }
1158
1159         splx(s);
1160 }
1161
1162 /*
1163  * This is a wrapper for xpt_schedule.  It only applies to changers.
1164  */
1165 static void
1166 cdschedule(struct cam_periph *periph, int priority)
1167 {
1168         struct cd_softc *softc;
1169         int s;
1170
1171         s = splsoftcam();
1172
1173         softc = (struct cd_softc *)periph->softc;
1174
1175         /*
1176          * If this device isn't currently queued, and if it isn't
1177          * the active device, then we queue this device and run the
1178          * changer queue if there is no timeout scheduled to do it.
1179          * If this device is the active device, just schedule it
1180          * to run again.  If this device is queued, there should be
1181          * a timeout in place already that will make sure it runs.
1182          */
1183         if ((softc->pinfo.index == CAM_UNQUEUED_INDEX) 
1184          && ((softc->flags & CD_FLAG_ACTIVE) == 0)) {
1185                 /*
1186                  * We don't do anything with the priority here.
1187                  * This is strictly a fifo queue.
1188                  */
1189                 softc->pinfo.priority = 1;
1190                 softc->pinfo.generation = ++softc->changer->devq.generation;
1191                 camq_insert(&softc->changer->devq, (cam_pinfo *)softc);
1192
1193                 /*
1194                  * Since we just put a device in the changer queue,
1195                  * check and see if there is a timeout scheduled for
1196                  * this changer.  If so, let the timeout handle
1197                  * switching this device into the active slot.  If
1198                  * not, manually call the timeout routine to
1199                  * bootstrap things.
1200                  */
1201                 if (((softc->changer->flags & CHANGER_TIMEOUT_SCHED)==0)
1202                  && ((softc->changer->flags & CHANGER_NEED_TIMEOUT)==0)
1203                  && ((softc->changer->flags & CHANGER_SHORT_TMOUT_SCHED)==0)){
1204                         softc->changer->flags |= CHANGER_MANUAL_CALL;
1205                         cdrunchangerqueue(softc->changer);
1206                 }
1207         } else if ((softc->flags & CD_FLAG_ACTIVE)
1208                 && ((softc->flags & CD_FLAG_SCHED_ON_COMP) == 0))
1209                 xpt_schedule(periph, priority);
1210
1211         splx(s);
1212
1213 }
1214
1215 static void
1216 cdrunchangerqueue(void *arg)
1217 {
1218         struct cd_softc *softc;
1219         struct cdchanger *changer;
1220         int called_from_timeout;
1221         int s;
1222
1223         s = splsoftcam();
1224
1225         changer = (struct cdchanger *)arg;
1226
1227         /*
1228          * If we have NOT been called from cdstrategy() or cddone(), and
1229          * instead from a timeout routine, go ahead and clear the
1230          * timeout flag.
1231          */
1232         if ((changer->flags & CHANGER_MANUAL_CALL) == 0) {
1233                 changer->flags &= ~CHANGER_TIMEOUT_SCHED;
1234                 called_from_timeout = 1;
1235         } else
1236                 called_from_timeout = 0;
1237
1238         /* Always clear the manual call flag */
1239         changer->flags &= ~CHANGER_MANUAL_CALL;
1240
1241         /* nothing to do if the queue is empty */
1242         if (changer->devq.entries <= 0) {
1243                 splx(s);
1244                 return;
1245         }
1246
1247         /*
1248          * If the changer queue is frozen, that means we have an active
1249          * device.
1250          */
1251         if (changer->devq.qfrozen_cnt > 0) {
1252
1253                 if (changer->cur_device->device_stats.busy_count > 0) {
1254                         changer->cur_device->flags |= CD_FLAG_SCHED_ON_COMP;
1255                         changer->cur_device->bufs_left = 
1256                                 changer->cur_device->device_stats.busy_count;
1257                         if (called_from_timeout) {
1258                                 changer->long_handle =
1259                                         timeout(cdrunchangerqueue, changer,
1260                                         changer_max_busy_seconds * hz);
1261                                 changer->flags |= CHANGER_TIMEOUT_SCHED;
1262                         }
1263                         splx(s);
1264                         return;
1265                 }
1266
1267                 /*
1268                  * We always need to reset the frozen count and clear the
1269                  * active flag.
1270                  */
1271                 changer->devq.qfrozen_cnt--;
1272                 changer->cur_device->flags &= ~CD_FLAG_ACTIVE;
1273                 changer->cur_device->flags &= ~CD_FLAG_SCHED_ON_COMP;
1274
1275                 /*
1276                  * Check to see whether the current device has any I/O left
1277                  * to do.  If so, requeue it at the end of the queue.  If
1278                  * not, there is no need to requeue it.
1279                  */
1280                 if (bufq_first(&changer->cur_device->buf_queue) != NULL) {
1281
1282                         changer->cur_device->pinfo.generation =
1283                                 ++changer->devq.generation;
1284                         camq_insert(&changer->devq,
1285                                 (cam_pinfo *)changer->cur_device);
1286                 } 
1287         }
1288
1289         softc = (struct cd_softc *)camq_remove(&changer->devq, CAMQ_HEAD);
1290
1291         changer->cur_device = softc;
1292
1293         changer->devq.qfrozen_cnt++;
1294         softc->flags |= CD_FLAG_ACTIVE;
1295
1296         /* Just in case this device is waiting */
1297         wakeup(&softc->changer);
1298         xpt_schedule(softc->periph, /*priority*/ 1);
1299
1300         /*
1301          * Get rid of any pending timeouts, and set a flag to schedule new
1302          * ones so this device gets its full time quantum.
1303          */
1304         if (changer->flags & CHANGER_TIMEOUT_SCHED) {
1305                 untimeout(cdrunchangerqueue, changer, changer->long_handle);
1306                 changer->flags &= ~CHANGER_TIMEOUT_SCHED;
1307         }
1308
1309         if (changer->flags & CHANGER_SHORT_TMOUT_SCHED) {
1310                 untimeout(cdshorttimeout, changer, changer->short_handle);
1311                 changer->flags &= ~CHANGER_SHORT_TMOUT_SCHED;
1312         }
1313
1314         /*
1315          * We need to schedule timeouts, but we only do this after the
1316          * first transaction has completed.  This eliminates the changer
1317          * switch time.
1318          */
1319         changer->flags |= CHANGER_NEED_TIMEOUT;
1320
1321         splx(s);
1322 }
1323
1324 static void
1325 cdchangerschedule(struct cd_softc *softc)
1326 {
1327         struct cdchanger *changer;
1328         int s;
1329
1330         s = splsoftcam();
1331
1332         changer = softc->changer;
1333
1334         /*
1335          * If this is a changer, and this is the current device,
1336          * and this device has at least the minimum time quantum to
1337          * run, see if we can switch it out.
1338          */
1339         if ((softc->flags & CD_FLAG_ACTIVE) 
1340          && ((changer->flags & CHANGER_SHORT_TMOUT_SCHED) == 0)
1341          && ((changer->flags & CHANGER_NEED_TIMEOUT) == 0)) {
1342                 /*
1343                  * We try three things here.  The first is that we
1344                  * check to see whether the schedule on completion
1345                  * flag is set.  If it is, we decrement the number
1346                  * of buffers left, and if it's zero, we reschedule.
1347                  * Next, we check to see whether the pending buffer
1348                  * queue is empty and whether there are no
1349                  * outstanding transactions.  If so, we reschedule.
1350                  * Next, we see if the pending buffer queue is empty.
1351                  * If it is, we set the number of buffers left to
1352                  * the current active buffer count and set the
1353                  * schedule on complete flag.
1354                  */
1355                 if (softc->flags & CD_FLAG_SCHED_ON_COMP) {
1356                         if (--softc->bufs_left == 0) {
1357                                 softc->changer->flags |=
1358                                         CHANGER_MANUAL_CALL;
1359                                 softc->flags &= ~CD_FLAG_SCHED_ON_COMP;
1360                                 cdrunchangerqueue(softc->changer);
1361                         }
1362                 } else if ((bufq_first(&softc->buf_queue) == NULL)
1363                         && (softc->device_stats.busy_count == 0)) {
1364                         softc->changer->flags |= CHANGER_MANUAL_CALL;
1365                         cdrunchangerqueue(softc->changer);
1366                 }
1367         } else if ((softc->changer->flags & CHANGER_NEED_TIMEOUT) 
1368                 && (softc->flags & CD_FLAG_ACTIVE)) {
1369
1370                 /*
1371                  * Now that the first transaction to this
1372                  * particular device has completed, we can go ahead
1373                  * and schedule our timeouts.
1374                  */
1375                 if ((changer->flags & CHANGER_TIMEOUT_SCHED) == 0) {
1376                         changer->long_handle =
1377                             timeout(cdrunchangerqueue, changer,
1378                                     changer_max_busy_seconds * hz);
1379                         changer->flags |= CHANGER_TIMEOUT_SCHED;
1380                 } else
1381                         printf("cdchangerschedule: already have a long"
1382                                " timeout!\n");
1383
1384                 if ((changer->flags & CHANGER_SHORT_TMOUT_SCHED) == 0) {
1385                         changer->short_handle =
1386                             timeout(cdshorttimeout, changer,
1387                                     changer_min_busy_seconds * hz);
1388                         changer->flags |= CHANGER_SHORT_TMOUT_SCHED;
1389                 } else
1390                         printf("cdchangerschedule: already have a short "
1391                                "timeout!\n");
1392
1393                 /*
1394                  * We just scheduled timeouts, no need to schedule
1395                  * more.
1396                  */
1397                 changer->flags &= ~CHANGER_NEED_TIMEOUT;
1398
1399         }
1400         splx(s);
1401 }
1402
1403 static int
1404 cdrunccb(union ccb *ccb, int (*error_routine)(union ccb *ccb,
1405                                               u_int32_t cam_flags,
1406                                               u_int32_t sense_flags),
1407          u_int32_t cam_flags, u_int32_t sense_flags)
1408 {
1409         struct cd_softc *softc;
1410         struct cam_periph *periph;
1411         int error;
1412
1413         periph = xpt_path_periph(ccb->ccb_h.path);
1414         softc = (struct cd_softc *)periph->softc;
1415
1416         error = cam_periph_runccb(ccb, error_routine, cam_flags, sense_flags,
1417                                   &softc->device_stats);
1418
1419         if (softc->flags & CD_FLAG_CHANGER)
1420                 cdchangerschedule(softc);
1421
1422         return(error);
1423 }
1424
1425 static union ccb *
1426 cdgetccb(struct cam_periph *periph, u_int32_t priority)
1427 {
1428         struct cd_softc *softc;
1429         int s;
1430
1431         softc = (struct cd_softc *)periph->softc;
1432
1433         if (softc->flags & CD_FLAG_CHANGER) {
1434
1435                 s = splsoftcam();
1436
1437                 /*
1438                  * This should work the first time this device is woken up,
1439                  * but just in case it doesn't, we use a while loop.
1440                  */
1441                 while ((softc->flags & CD_FLAG_ACTIVE) == 0) {
1442                         /*
1443                          * If this changer isn't already queued, queue it up.
1444                          */
1445                         if (softc->pinfo.index == CAM_UNQUEUED_INDEX) {
1446                                 softc->pinfo.priority = 1;
1447                                 softc->pinfo.generation =
1448                                         ++softc->changer->devq.generation;
1449                                 camq_insert(&softc->changer->devq,
1450                                             (cam_pinfo *)softc);
1451                         }
1452                         if (((softc->changer->flags & CHANGER_TIMEOUT_SCHED)==0)
1453                          && ((softc->changer->flags & CHANGER_NEED_TIMEOUT)==0)
1454                          && ((softc->changer->flags
1455                               & CHANGER_SHORT_TMOUT_SCHED)==0)) {
1456                                 softc->changer->flags |= CHANGER_MANUAL_CALL;
1457                                 cdrunchangerqueue(softc->changer);
1458                         } else
1459                                 tsleep(&softc->changer, 0, "cgticb", 0);
1460                 }
1461                 splx(s);
1462         }
1463         return(cam_periph_getccb(periph, priority));
1464 }
1465
1466
1467 /*
1468  * Actually translate the requested transfer into one the physical driver
1469  * can understand.  The transfer is described by a buf and will include
1470  * only one physical transfer.
1471  */
1472 static void
1473 cdstrategy(struct buf *bp)
1474 {
1475         struct cam_periph *periph;
1476         struct cd_softc *softc;
1477         u_int  unit, part;
1478         int    s;
1479
1480         unit = dkunit(bp->b_dev);
1481         part = dkpart(bp->b_dev);
1482         periph = cam_extend_get(cdperiphs, unit);
1483         if (periph == NULL) {
1484                 bp->b_error = ENXIO;
1485                 goto bad;
1486         }
1487
1488         CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("entering cdstrategy\n"));
1489
1490         softc = (struct cd_softc *)periph->softc;
1491
1492         /*
1493          * Mask interrupts so that the pack cannot be invalidated until
1494          * after we are in the queue.  Otherwise, we might not properly
1495          * clean up one of the buffers.
1496          */
1497         s = splbio();
1498         
1499         /*
1500          * If the device has been made invalid, error out
1501          */
1502         if ((softc->flags & CD_FLAG_INVALID)) {
1503                 splx(s);
1504                 bp->b_error = ENXIO;
1505                 goto bad;
1506         }
1507
1508         /*
1509          * If we don't have valid media, look for it before trying to
1510          * schedule the I/O.
1511          */
1512         if ((softc->flags & CD_FLAG_VALID_MEDIA) == 0) {
1513                 int error;
1514
1515                 error = cdcheckmedia(periph);
1516                 if (error != 0) {
1517                         splx(s);
1518                         bp->b_error = error;
1519                         goto bad;
1520                 }
1521         }
1522
1523         /*
1524          * Place it in the queue of disk activities for this disk
1525          */
1526         bufqdisksort(&softc->buf_queue, bp);
1527
1528         splx(s);
1529         
1530         /*
1531          * Schedule ourselves for performing the work.  We do things
1532          * differently for changers.
1533          */
1534         if ((softc->flags & CD_FLAG_CHANGER) == 0)
1535                 xpt_schedule(periph, /* XXX priority */1);
1536         else
1537                 cdschedule(periph, /* priority */ 1);
1538
1539         return;
1540 bad:
1541         bp->b_flags |= B_ERROR;
1542         /*
1543          * Correctly set the buf to indicate a completed xfer
1544          */
1545         bp->b_resid = bp->b_bcount;
1546         biodone(bp);
1547         return;
1548 }
1549
1550 static void
1551 cdstart(struct cam_periph *periph, union ccb *start_ccb)
1552 {
1553         struct cd_softc *softc;
1554         struct buf *bp;
1555         struct ccb_scsiio *csio;
1556         struct scsi_read_capacity_data *rcap;
1557         int s;
1558
1559         softc = (struct cd_softc *)periph->softc;
1560
1561         CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("entering cdstart\n"));
1562
1563         switch (softc->state) {
1564         case CD_STATE_NORMAL:
1565         {
1566                 int oldspl;
1567
1568                 s = splbio();
1569                 bp = bufq_first(&softc->buf_queue);
1570                 if (periph->immediate_priority <= periph->pinfo.priority) {
1571                         start_ccb->ccb_h.ccb_state = CD_CCB_WAITING;
1572
1573                         SLIST_INSERT_HEAD(&periph->ccb_list, &start_ccb->ccb_h,
1574                                           periph_links.sle);
1575                         periph->immediate_priority = CAM_PRIORITY_NONE;
1576                         splx(s);
1577                         wakeup(&periph->ccb_list);
1578                 } else if (bp == NULL) {
1579                         splx(s);
1580                         xpt_release_ccb(start_ccb);
1581                 } else {
1582                         bufq_remove(&softc->buf_queue, bp);
1583
1584                         devstat_start_transaction(&softc->device_stats);
1585
1586                         scsi_read_write(&start_ccb->csio,
1587                                         /*retries*/4,
1588                                         /* cbfcnp */ cddone,
1589                                         (bp->b_flags & B_ORDERED) != 0 ?
1590                                             MSG_ORDERED_Q_TAG : 
1591                                             MSG_SIMPLE_Q_TAG,
1592                                         /* read */bp->b_flags & B_READ,
1593                                         /* byte2 */ 0,
1594                                         /* minimum_cmd_size */ 10,
1595                                         /* lba */ bp->b_pblkno,
1596                                         bp->b_bcount / softc->params.blksize,
1597                                         /* data_ptr */ bp->b_data,
1598                                         /* dxfer_len */ bp->b_bcount,
1599                                         /* sense_len */ SSD_FULL_SIZE,
1600                                         /* timeout */ 30000);
1601                         start_ccb->ccb_h.ccb_state = CD_CCB_BUFFER_IO;
1602
1603                         
1604                         /*
1605                          * Block out any asyncronous callbacks
1606                          * while we touch the pending ccb list.
1607                          */
1608                         oldspl = splcam();
1609                         LIST_INSERT_HEAD(&softc->pending_ccbs,
1610                                          &start_ccb->ccb_h, periph_links.le);
1611                         splx(oldspl);
1612
1613                         /* We expect a unit attention from this device */
1614                         if ((softc->flags & CD_FLAG_RETRY_UA) != 0) {
1615                                 start_ccb->ccb_h.ccb_state |= CD_CCB_RETRY_UA;
1616                                 softc->flags &= ~CD_FLAG_RETRY_UA;
1617                         }
1618
1619                         start_ccb->ccb_h.ccb_bp = bp;
1620                         bp = bufq_first(&softc->buf_queue);
1621                         splx(s);
1622
1623                         xpt_action(start_ccb);
1624                 }
1625                 if (bp != NULL) {
1626                         /* Have more work to do, so ensure we stay scheduled */
1627                         xpt_schedule(periph, /* XXX priority */1);
1628                 }
1629                 break;
1630         }
1631         case CD_STATE_PROBE:
1632         {
1633
1634                 rcap = (struct scsi_read_capacity_data *)malloc(sizeof(*rcap),
1635                                                                 M_TEMP,
1636                                                                 M_NOWAIT);
1637                 if (rcap == NULL) {
1638                         xpt_print_path(periph->path);
1639                         printf("cdstart: Couldn't malloc read_capacity data\n");
1640                         /* cd_free_periph??? */
1641                         break;
1642                 }
1643                 csio = &start_ccb->csio;
1644                 scsi_read_capacity(csio,
1645                                    /*retries*/1,
1646                                    cddone,
1647                                    MSG_SIMPLE_Q_TAG,
1648                                    rcap,
1649                                    SSD_FULL_SIZE,
1650                                    /*timeout*/20000);
1651                 start_ccb->ccb_h.ccb_bp = NULL;
1652                 start_ccb->ccb_h.ccb_state = CD_CCB_PROBE;
1653                 xpt_action(start_ccb);
1654                 break;
1655         }
1656         }
1657 }
1658
1659 static void
1660 cddone(struct cam_periph *periph, union ccb *done_ccb)
1661
1662         struct cd_softc *softc;
1663         struct ccb_scsiio *csio;
1664
1665         CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("entering cddone\n"));
1666
1667         softc = (struct cd_softc *)periph->softc;
1668         csio = &done_ccb->csio;
1669
1670         switch (csio->ccb_h.ccb_state & CD_CCB_TYPE_MASK) {
1671         case CD_CCB_BUFFER_IO:
1672         {
1673                 struct buf      *bp;
1674                 int             error;
1675                 int             oldspl;
1676
1677                 bp = (struct buf *)done_ccb->ccb_h.ccb_bp;
1678                 error = 0;
1679
1680                 if ((done_ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
1681                         int sf;
1682
1683                         if ((done_ccb->ccb_h.ccb_state & CD_CCB_RETRY_UA) != 0)
1684                                 sf = SF_RETRY_UA;
1685                         else
1686                                 sf = 0;
1687
1688                         /* Retry selection timeouts */
1689                         sf |= SF_RETRY_SELTO;
1690
1691                         if ((error = cderror(done_ccb, 0, sf)) == ERESTART) {
1692                                 /*
1693                                  * A retry was scheuled, so
1694                                  * just return.
1695                                  */
1696                                 return;
1697                         }
1698                 }
1699
1700                 if (error != 0) {
1701                         int s;
1702                         struct buf *q_bp;
1703
1704                         xpt_print_path(periph->path);
1705                         printf("cddone: got error %#x back\n", error);
1706                         s = splbio();
1707                         while ((q_bp = bufq_first(&softc->buf_queue)) != NULL) {
1708                                 bufq_remove(&softc->buf_queue, q_bp);
1709                                 q_bp->b_resid = q_bp->b_bcount;
1710                                 q_bp->b_error = EIO;
1711                                 q_bp->b_flags |= B_ERROR;
1712                                 biodone(q_bp);
1713                         }
1714                         splx(s);
1715                         bp->b_resid = bp->b_bcount;
1716                         bp->b_error = error;
1717                         bp->b_flags |= B_ERROR;
1718                         cam_release_devq(done_ccb->ccb_h.path,
1719                                          /*relsim_flags*/0,
1720                                          /*reduction*/0,
1721                                          /*timeout*/0,
1722                                          /*getcount_only*/0);
1723
1724                 } else {
1725                         bp->b_resid = csio->resid;
1726                         bp->b_error = 0;
1727                         if (bp->b_resid != 0) {
1728                                 /* Short transfer ??? */
1729                                 bp->b_flags |= B_ERROR;
1730                         }
1731                 }
1732
1733                 /*
1734                  * Block out any asyncronous callbacks
1735                  * while we touch the pending ccb list.
1736                  */
1737                 oldspl = splcam();
1738                 LIST_REMOVE(&done_ccb->ccb_h, periph_links.le);
1739                 splx(oldspl);
1740
1741                 if (softc->flags & CD_FLAG_CHANGER)
1742                         cdchangerschedule(softc);
1743
1744                 devstat_end_transaction_buf(&softc->device_stats, bp);
1745                 biodone(bp);
1746                 break;
1747         }
1748         case CD_CCB_PROBE:
1749         {
1750                 struct     scsi_read_capacity_data *rdcap;
1751                 char       announce_buf[120]; /*
1752                                                * Currently (9/30/97) the 
1753                                                * longest possible announce 
1754                                                * buffer is 108 bytes, for the 
1755                                                * first error case below.  
1756                                                * That is 39 bytes for the 
1757                                                * basic string, 16 bytes for the
1758                                                * biggest sense key (hardware 
1759                                                * error), 52 bytes for the
1760                                                * text of the largest sense 
1761                                                * qualifier valid for a CDROM,
1762                                                * (0x72, 0x03 or 0x04,
1763                                                * 0x03), and one byte for the
1764                                                * null terminating character.
1765                                                * To allow for longer strings, 
1766                                                * the announce buffer is 120
1767                                                * bytes.
1768                                                */
1769                 struct     cd_params *cdp;
1770
1771                 cdp = &softc->params;
1772
1773                 rdcap = (struct scsi_read_capacity_data *)csio->data_ptr;
1774                 
1775                 cdp->disksize = scsi_4btoul (rdcap->addr) + 1;
1776                 cdp->blksize = scsi_4btoul (rdcap->length);
1777
1778                 if ((csio->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_CMP) {
1779
1780                         snprintf(announce_buf, sizeof(announce_buf),
1781                                 "cd present [%lu x %lu byte records]",
1782                                 cdp->disksize, (u_long)cdp->blksize);
1783
1784                 } else {
1785                         int     error;
1786                         /*
1787                          * Retry any UNIT ATTENTION type errors.  They
1788                          * are expected at boot.
1789                          */
1790                         error = cderror(done_ccb, 0, SF_RETRY_UA |
1791                                         SF_NO_PRINT | SF_RETRY_SELTO);
1792                         if (error == ERESTART) {
1793                                 /*
1794                                  * A retry was scheuled, so
1795                                  * just return.
1796                                  */
1797                                 return;
1798                         } else if (error != 0) {
1799
1800                                 struct scsi_sense_data *sense;
1801                                 int asc, ascq;
1802                                 int sense_key, error_code;
1803                                 int have_sense;
1804                                 cam_status status;
1805                                 struct ccb_getdev cgd;
1806
1807                                 /* Don't wedge this device's queue */
1808                                 cam_release_devq(done_ccb->ccb_h.path,
1809                                                  /*relsim_flags*/0,
1810                                                  /*reduction*/0,
1811                                                  /*timeout*/0,
1812                                                  /*getcount_only*/0);
1813
1814                                 status = done_ccb->ccb_h.status;
1815
1816                                 xpt_setup_ccb(&cgd.ccb_h, 
1817                                               done_ccb->ccb_h.path,
1818                                               /* priority */ 1);
1819                                 cgd.ccb_h.func_code = XPT_GDEV_TYPE;
1820                                 xpt_action((union ccb *)&cgd);
1821
1822                                 if (((csio->ccb_h.flags & CAM_SENSE_PHYS) != 0)
1823                                  || ((csio->ccb_h.flags & CAM_SENSE_PTR) != 0)
1824                                  || ((status & CAM_AUTOSNS_VALID) == 0))
1825                                         have_sense = FALSE;
1826                                 else
1827                                         have_sense = TRUE;
1828
1829                                 if (have_sense) {
1830                                         sense = &csio->sense_data;
1831                                         scsi_extract_sense(sense, &error_code,
1832                                                            &sense_key, 
1833                                                            &asc, &ascq);
1834                                 }
1835                                 /*
1836                                  * Attach to anything that claims to be a
1837                                  * CDROM or WORM device, as long as it
1838                                  * doesn't return a "Logical unit not
1839                                  * supported" (0x25) error.
1840                                  */
1841                                 if ((have_sense) && (asc != 0x25)
1842                                  && (error_code == SSD_CURRENT_ERROR))
1843                                         snprintf(announce_buf,
1844                                             sizeof(announce_buf),
1845                                                 "Attempt to query device "
1846                                                 "size failed: %s, %s",
1847                                                 scsi_sense_key_text[sense_key],
1848                                                 scsi_sense_desc(asc,ascq,
1849                                                                 &cgd.inq_data));
1850                                 else if ((have_sense == 0)
1851                                       && ((status & CAM_STATUS_MASK) ==
1852                                            CAM_SCSI_STATUS_ERROR)
1853                                       && (csio->scsi_status ==
1854                                           SCSI_STATUS_BUSY)) {
1855                                         snprintf(announce_buf,
1856                                             sizeof(announce_buf),
1857                                             "Attempt to query device "
1858                                             "size failed: SCSI status: BUSY");
1859                                 } else if (SID_TYPE(&cgd.inq_data) == T_CDROM) {
1860                                         /*
1861                                          * We only print out an error for
1862                                          * CDROM type devices.  For WORM
1863                                          * devices, we don't print out an
1864                                          * error since a few WORM devices
1865                                          * don't support CDROM commands.
1866                                          * If we have sense information, go
1867                                          * ahead and print it out.
1868                                          * Otherwise, just say that we 
1869                                          * couldn't attach.
1870                                          */
1871
1872                                         /*
1873                                          * Just print out the error, not
1874                                          * the full probe message, when we
1875                                          * don't attach.
1876                                          */
1877                                         if (have_sense)
1878                                                 scsi_sense_print(
1879                                                         &done_ccb->csio);
1880                                         else {
1881                                                 xpt_print_path(periph->path);
1882                                                 printf("got CAM status %#x\n",
1883                                                        done_ccb->ccb_h.status);
1884                                         }
1885                                         xpt_print_path(periph->path);
1886                                         printf("fatal error, failed" 
1887                                                " to attach to device\n");
1888
1889                                         /*
1890                                          * Invalidate this peripheral.
1891                                          */
1892                                         cam_periph_invalidate(periph);
1893
1894                                         announce_buf[0] = '\0';
1895                                 } else {
1896
1897                                         /*
1898                                          * Invalidate this peripheral.
1899                                          */
1900                                         cam_periph_invalidate(periph);
1901                                         announce_buf[0] = '\0';
1902                                 }
1903                         }
1904                 }
1905                 free(rdcap, M_TEMP);
1906                 if (announce_buf[0] != '\0') {
1907                         xpt_announce_periph(periph, announce_buf);
1908                         if (softc->flags & CD_FLAG_CHANGER)
1909                                 cdchangerschedule(softc);
1910                         /*
1911                          * Create our sysctl variables, now that we know
1912                          * we have successfully attached.
1913                          */
1914                         taskqueue_enqueue(taskqueue_thread,&softc->sysctl_task);
1915                 }
1916                 softc->state = CD_STATE_NORMAL;         
1917                 /*
1918                  * Since our peripheral may be invalidated by an error
1919                  * above or an external event, we must release our CCB
1920                  * before releasing the probe lock on the peripheral.
1921                  * The peripheral will only go away once the last lock
1922                  * is removed, and we need it around for the CCB release
1923                  * operation.
1924                  */
1925                 xpt_release_ccb(done_ccb);
1926                 cam_periph_unlock(periph);
1927                 return;
1928         }
1929         case CD_CCB_WAITING:
1930         {
1931                 /* Caller will release the CCB */
1932                 CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, 
1933                           ("trying to wakeup ccbwait\n"));
1934
1935                 wakeup(&done_ccb->ccb_h.cbfcnp);
1936                 return;
1937         }
1938         default:
1939                 break;
1940         }
1941         xpt_release_ccb(done_ccb);
1942 }
1943
1944 static union cd_pages *
1945 cdgetpage(struct cd_mode_params *mode_params)
1946 {
1947         union cd_pages *page;
1948
1949         if (mode_params->cdb_size == 10)
1950                 page = (union cd_pages *)find_mode_page_10(
1951                         (struct scsi_mode_header_10 *)mode_params->mode_buf);
1952         else
1953                 page = (union cd_pages *)find_mode_page_6(
1954                         (struct scsi_mode_header_6 *)mode_params->mode_buf);
1955
1956         return (page);
1957 }
1958
1959 static int
1960 cdgetpagesize(int page_num)
1961 {
1962         int i;
1963
1964         for (i = 0; i < (sizeof(cd_page_size_table)/
1965             sizeof(cd_page_size_table[0])); i++) {
1966                 if (cd_page_size_table[i].page == page_num)
1967                         return (cd_page_size_table[i].page_size);
1968         }
1969         return (-1);
1970 }
1971
1972 static int
1973 cdioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct thread *td)
1974 {
1975
1976         struct  cam_periph *periph;
1977         struct  cd_softc *softc;
1978         int     error, unit;
1979
1980         unit = dkunit(dev);
1981
1982         periph = cam_extend_get(cdperiphs, unit);
1983         if (periph == NULL)
1984                 return(ENXIO);  
1985
1986         CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("entering cdioctl\n"));
1987
1988         softc = (struct cd_softc *)periph->softc;
1989
1990         CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, 
1991                   ("trying to do ioctl %#lx\n", cmd));
1992
1993         error = cam_periph_lock(periph, PCATCH);
1994
1995         if (error != 0)
1996                 return(error);
1997
1998         /*
1999          * If we don't have media loaded, check for it.  If still don't
2000          * have media loaded, we can only do a load or eject.
2001          */
2002         if (((softc->flags & CD_FLAG_VALID_MEDIA) == 0)
2003             && ((cmd != CDIOCCLOSE)
2004             && (cmd != CDIOCEJECT))) {
2005                 error = cdcheckmedia(periph);
2006                 if (error != 0) {
2007                         cam_periph_unlock(periph);
2008                         return (error);
2009                 }
2010         }
2011
2012         switch (cmd) {
2013
2014         case CDIOCPLAYTRACKS:
2015                 {
2016                         struct ioc_play_track *args
2017                             = (struct ioc_play_track *) addr;
2018                         struct cd_mode_params params;
2019                         union cd_pages *page;
2020
2021                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2022                         params.mode_buf = malloc(params.alloc_len, M_TEMP,
2023                                                  M_WAITOK | M_ZERO);
2024
2025                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2026                                   ("trying to do CDIOCPLAYTRACKS\n"));
2027
2028                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2029                         if (error) {
2030                                 free(params.mode_buf, M_TEMP);
2031                                 break;
2032                         }
2033                         page = cdgetpage(&params);
2034
2035                         page->audio.flags &= ~CD_PA_SOTC;
2036                         page->audio.flags |= CD_PA_IMMED;
2037                         error = cdsetmode(periph, &params);
2038                         free(params.mode_buf, M_TEMP);
2039                         if (error)
2040                                 break;
2041
2042                         /*
2043                          * This was originally implemented with the PLAY
2044                          * AUDIO TRACK INDEX command, but that command was
2045                          * deprecated after SCSI-2.  Most (all?) SCSI CDROM
2046                          * drives support it but ATAPI and ATAPI-derivative
2047                          * drives don't seem to support it.  So we keep a
2048                          * cache of the table of contents and translate
2049                          * track numbers to MSF format.
2050                          */
2051                         if (softc->flags & CD_FLAG_VALID_TOC) {
2052                                 union msf_lba *sentry, *eentry;
2053                                 int st, et;
2054
2055                                 if (args->end_track <
2056                                     softc->toc.header.ending_track + 1)
2057                                         args->end_track++;
2058                                 if (args->end_track >
2059                                     softc->toc.header.ending_track + 1)
2060                                         args->end_track =
2061                                             softc->toc.header.ending_track + 1;
2062                                 st = args->start_track -
2063                                         softc->toc.header.starting_track;
2064                                 et = args->end_track -
2065                                         softc->toc.header.starting_track;
2066                                 if ((st < 0)
2067                                  || (et < 0)
2068                                  || (st > (softc->toc.header.ending_track -
2069                                      softc->toc.header.starting_track))) {
2070                                         error = EINVAL;
2071                                         break;
2072                                 }
2073                                 sentry = &softc->toc.entries[st].addr;
2074                                 eentry = &softc->toc.entries[et].addr;
2075                                 error = cdplaymsf(periph,
2076                                                   sentry->msf.minute,
2077                                                   sentry->msf.second,
2078                                                   sentry->msf.frame,
2079                                                   eentry->msf.minute,
2080                                                   eentry->msf.second,
2081                                                   eentry->msf.frame);
2082                         } else {
2083                                 /*
2084                                  * If we don't have a valid TOC, try the
2085                                  * play track index command.  It is part of
2086                                  * the SCSI-2 spec, but was removed in the
2087                                  * MMC specs.  ATAPI and ATAPI-derived
2088                                  * drives don't support it.
2089                                  */
2090                                 if (softc->quirks & CD_Q_BCD_TRACKS) {
2091                                         args->start_track =
2092                                                 bin2bcd(args->start_track);
2093                                         args->end_track =
2094                                                 bin2bcd(args->end_track);
2095                                 }
2096                                 error = cdplaytracks(periph,
2097                                                      args->start_track,
2098                                                      args->start_index,
2099                                                      args->end_track,
2100                                                      args->end_index);
2101                         }
2102                 }
2103                 break;
2104         case CDIOCPLAYMSF:
2105                 {
2106                         struct ioc_play_msf *args
2107                                 = (struct ioc_play_msf *) addr;
2108                         struct cd_mode_params params;
2109                         union cd_pages *page;
2110
2111                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2112                         params.mode_buf = malloc(params.alloc_len, M_TEMP,
2113                                                  M_WAITOK | M_ZERO);
2114
2115                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2116                                   ("trying to do CDIOCPLAYMSF\n"));
2117
2118                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2119                         if (error) {
2120                                 free(params.mode_buf, M_TEMP);
2121                                 break;
2122                         }
2123                         page = cdgetpage(&params);
2124
2125                         page->audio.flags &= ~CD_PA_SOTC;
2126                         page->audio.flags |= CD_PA_IMMED;
2127                         error = cdsetmode(periph, &params);
2128                         free(params.mode_buf, M_TEMP);
2129                         if (error)
2130                                 break;
2131                         error = cdplaymsf(periph,
2132                                           args->start_m,
2133                                           args->start_s,
2134                                           args->start_f,
2135                                           args->end_m,
2136                                           args->end_s,
2137                                           args->end_f);
2138                 }
2139                 break;
2140         case CDIOCPLAYBLOCKS:
2141                 {
2142                         struct ioc_play_blocks *args
2143                                 = (struct ioc_play_blocks *) addr;
2144                         struct cd_mode_params params;
2145                         union cd_pages *page;
2146
2147                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2148                                   ("trying to do CDIOCPLAYBLOCKS\n"));
2149
2150                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2151                         params.mode_buf = malloc(params.alloc_len, M_TEMP,
2152                                                  M_WAITOK | M_ZERO);
2153
2154                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2155                         if (error) {
2156                                 free(params.mode_buf, M_TEMP);
2157                                 break;
2158                         }
2159                         page = cdgetpage(&params);
2160
2161                         page->audio.flags &= ~CD_PA_SOTC;
2162                         page->audio.flags |= CD_PA_IMMED;
2163                         error = cdsetmode(periph, &params);
2164                         free(params.mode_buf, M_TEMP);
2165                         if (error)
2166                                 break;
2167                         error = cdplay(periph, args->blk, args->len);
2168                 }
2169                 break;
2170         case CDIOCREADSUBCHANNEL:
2171                 {
2172                         struct ioc_read_subchannel *args
2173                                 = (struct ioc_read_subchannel *) addr;
2174                         struct cd_sub_channel_info *data;
2175                         u_int32_t len = args->data_len;
2176
2177                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2178                                   ("trying to do CDIOCREADSUBCHANNEL\n"));
2179
2180                         data = malloc(sizeof(struct cd_sub_channel_info), 
2181                                       M_TEMP, M_WAITOK);
2182
2183                         if ((len > sizeof(struct cd_sub_channel_info)) ||
2184                             (len < sizeof(struct cd_sub_channel_header))) {
2185                                 printf(
2186                                         "scsi_cd: cdioctl: "
2187                                         "cdioreadsubchannel: error, len=%d\n",
2188                                         len);
2189                                 error = EINVAL;
2190                                 free(data, M_TEMP);
2191                                 break;
2192                         }
2193
2194                         if (softc->quirks & CD_Q_BCD_TRACKS)
2195                                 args->track = bin2bcd(args->track);
2196
2197                         error = cdreadsubchannel(periph, args->address_format,
2198                                 args->data_format, args->track, data, len);
2199
2200                         if (error) {
2201                                 free(data, M_TEMP);
2202                                 break;
2203                         }
2204                         if (softc->quirks & CD_Q_BCD_TRACKS)
2205                                 data->what.track_info.track_number =
2206                                     bcd2bin(data->what.track_info.track_number);
2207                         len = min(len, ((data->header.data_len[0] << 8) +
2208                                 data->header.data_len[1] +
2209                                 sizeof(struct cd_sub_channel_header)));
2210                         if (copyout(data, args->data, len) != 0) {
2211                                 error = EFAULT;
2212                         }
2213                         free(data, M_TEMP);
2214                 }
2215                 break;
2216
2217         case CDIOREADTOCHEADER:
2218                 {
2219                         struct ioc_toc_header *th;
2220
2221                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2222                                   ("trying to do CDIOREADTOCHEADER\n"));
2223
2224                         th = malloc(sizeof(struct ioc_toc_header), M_TEMP,
2225                                     M_WAITOK);
2226                         error = cdreadtoc(periph, 0, 0, (u_int8_t *)th, 
2227                                           sizeof (*th), /*sense_flags*/0);
2228                         if (error) {
2229                                 free(th, M_TEMP);
2230                                 break;
2231                         }
2232                         if (softc->quirks & CD_Q_BCD_TRACKS) {
2233                                 /* we are going to have to convert the BCD
2234                                  * encoding on the cd to what is expected
2235                                  */
2236                                 th->starting_track = 
2237                                         bcd2bin(th->starting_track);
2238                                 th->ending_track = bcd2bin(th->ending_track);
2239                         }
2240                         NTOHS(th->len);
2241                         bcopy(th, addr, sizeof(*th));
2242                         free(th, M_TEMP);
2243                 }
2244                 break;
2245         case CDIOREADTOCENTRYS:
2246                 {
2247                         struct cd_tocdata *data;
2248                         struct cd_toc_single *lead;
2249                         struct ioc_read_toc_entry *te =
2250                                 (struct ioc_read_toc_entry *) addr;
2251                         struct ioc_toc_header *th;
2252                         u_int32_t len, readlen, idx, num;
2253                         u_int32_t starting_track = te->starting_track;
2254
2255                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2256                                   ("trying to do CDIOREADTOCENTRYS\n"));
2257
2258                         data = malloc(sizeof(*data), M_TEMP, M_WAITOK);
2259                         lead = malloc(sizeof(*lead), M_TEMP, M_WAITOK);
2260
2261                         if (te->data_len < sizeof(struct cd_toc_entry)
2262                          || (te->data_len % sizeof(struct cd_toc_entry)) != 0
2263                          || (te->address_format != CD_MSF_FORMAT
2264                           && te->address_format != CD_LBA_FORMAT)) {
2265                                 error = EINVAL;
2266                                 printf("scsi_cd: error in readtocentries, "
2267                                        "returning EINVAL\n");
2268                                 free(data, M_TEMP);
2269                                 free(lead, M_TEMP);
2270                                 break;
2271                         }
2272
2273                         th = &data->header;
2274                         error = cdreadtoc(periph, 0, 0, (u_int8_t *)th, 
2275                                           sizeof (*th), /*sense_flags*/0);
2276                         if (error) {
2277                                 free(data, M_TEMP);
2278                                 free(lead, M_TEMP);
2279                                 break;
2280                         }
2281
2282                         if (softc->quirks & CD_Q_BCD_TRACKS) {
2283                                 /* we are going to have to convert the BCD
2284                                  * encoding on the cd to what is expected
2285                                  */
2286                                 th->starting_track =
2287                                     bcd2bin(th->starting_track);
2288                                 th->ending_track = bcd2bin(th->ending_track);
2289                         }
2290
2291                         if (starting_track == 0)
2292                                 starting_track = th->starting_track;
2293                         else if (starting_track == LEADOUT)
2294                                 starting_track = th->ending_track + 1;
2295                         else if (starting_track < th->starting_track ||
2296                                  starting_track > th->ending_track + 1) {
2297                                 printf("scsi_cd: error in readtocentries, "
2298                                        "returning EINVAL\n");
2299                                 free(data, M_TEMP);
2300                                 free(lead, M_TEMP);
2301                                 error = EINVAL;
2302                                 break;
2303                         }
2304
2305                         /* calculate reading length without leadout entry */
2306                         readlen = (th->ending_track - starting_track + 1) *
2307                                   sizeof(struct cd_toc_entry);
2308
2309                         /* and with leadout entry */
2310                         len = readlen + sizeof(struct cd_toc_entry);
2311                         if (te->data_len < len) {
2312                                 len = te->data_len;
2313                                 if (readlen > len)
2314                                         readlen = len;
2315                         }
2316                         if (len > sizeof(data->entries)) {
2317                                 printf("scsi_cd: error in readtocentries, "
2318                                        "returning EINVAL\n");
2319                                 error = EINVAL;
2320                                 free(data, M_TEMP);
2321                                 free(lead, M_TEMP);
2322                                 break;
2323                         }
2324                         num = len / sizeof(struct cd_toc_entry);
2325
2326                         if (readlen > 0) {
2327                                 error = cdreadtoc(periph, te->address_format,
2328                                                   starting_track,
2329                                                   (u_int8_t *)data,
2330                                                   readlen + sizeof (*th),
2331                                                   /*sense_flags*/0);
2332                                 if (error) {
2333                                         free(data, M_TEMP);
2334                                         free(lead, M_TEMP);
2335                                         break;
2336                                 }
2337                         }
2338
2339                         /* make leadout entry if needed */
2340                         idx = starting_track + num - 1;
2341                         if (softc->quirks & CD_Q_BCD_TRACKS)
2342                                 th->ending_track = bcd2bin(th->ending_track);
2343                         if (idx == th->ending_track + 1) {
2344                                 error = cdreadtoc(periph, te->address_format,
2345                                                   LEADOUT, (u_int8_t *)lead,
2346                                                   sizeof(*lead),
2347                                                   /*sense_flags*/0);
2348                                 if (error) {
2349                                         free(data, M_TEMP);
2350                                         free(lead, M_TEMP);
2351                                         break;
2352                                 }
2353                                 data->entries[idx - starting_track] = 
2354                                         lead->entry;
2355                         }
2356                         if (softc->quirks & CD_Q_BCD_TRACKS) {
2357                                 for (idx = 0; idx < num - 1; idx++) {
2358                                         data->entries[idx].track =
2359                                             bcd2bin(data->entries[idx].track);
2360                                 }
2361                         }
2362
2363                         error = copyout(data->entries, te->data, len);
2364                         free(data, M_TEMP);
2365                         free(lead, M_TEMP);
2366                 }
2367                 break;
2368         case CDIOREADTOCENTRY:
2369                 {
2370                         struct cd_toc_single *data;
2371                         struct ioc_read_toc_single_entry *te =
2372                                 (struct ioc_read_toc_single_entry *) addr;
2373                         struct ioc_toc_header *th;
2374                         u_int32_t track;
2375
2376                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2377                                   ("trying to do CDIOREADTOCENTRY\n"));
2378
2379                         data = malloc(sizeof(*data), M_TEMP, M_WAITOK);
2380
2381                         if (te->address_format != CD_MSF_FORMAT
2382                             && te->address_format != CD_LBA_FORMAT) {
2383                                 printf("error in readtocentry, "
2384                                        " returning EINVAL\n");
2385                                 free(data, M_TEMP);
2386                                 error = EINVAL;
2387                                 break;
2388                         }
2389
2390                         th = &data->header;
2391                         error = cdreadtoc(periph, 0, 0, (u_int8_t *)th,
2392                                           sizeof (*th), /*sense_flags*/0);
2393                         if (error) {
2394                                 free(data, M_TEMP);
2395                                 break;
2396                         }
2397
2398                         if (softc->quirks & CD_Q_BCD_TRACKS) {
2399                                 /* we are going to have to convert the BCD
2400                                  * encoding on the cd to what is expected
2401                                  */
2402                                 th->starting_track =
2403                                     bcd2bin(th->starting_track);
2404                                 th->ending_track = bcd2bin(th->ending_track);
2405                         }
2406                         track = te->track;
2407                         if (track == 0)
2408                                 track = th->starting_track;
2409                         else if (track == LEADOUT)
2410                                 /* OK */;
2411                         else if (track < th->starting_track ||
2412                                  track > th->ending_track + 1) {
2413                                 printf("error in readtocentry, "
2414                                        " returning EINVAL\n");
2415                                 free(data, M_TEMP);
2416                                 error = EINVAL;
2417                                 break;
2418                         }
2419
2420                         error = cdreadtoc(periph, te->address_format, track,
2421                                           (u_int8_t *)data, sizeof(*data),
2422                                           /*sense_flags*/0);
2423                         if (error) {
2424                                 free(data, M_TEMP);
2425                                 break;
2426                         }
2427
2428                         if (softc->quirks & CD_Q_BCD_TRACKS)
2429                                 data->entry.track = bcd2bin(data->entry.track);
2430                         bcopy(&data->entry, &te->entry,
2431                               sizeof(struct cd_toc_entry));
2432                         free(data, M_TEMP);
2433                 }
2434                 break;
2435         case CDIOCSETPATCH:
2436                 {
2437                         struct ioc_patch *arg = (struct ioc_patch *)addr;
2438                         struct cd_mode_params params;
2439                         union cd_pages *page;
2440
2441                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2442                                   ("trying to do CDIOCSETPATCH\n"));
2443
2444                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2445                         params.mode_buf = malloc(params.alloc_len, M_TEMP, 
2446                                                  M_WAITOK | M_ZERO);
2447                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2448                         if (error) {
2449                                 free(params.mode_buf, M_TEMP);
2450                                 break;
2451                         }
2452                         page = cdgetpage(&params);
2453
2454                         page->audio.port[LEFT_PORT].channels = 
2455                                 arg->patch[0];
2456                         page->audio.port[RIGHT_PORT].channels = 
2457                                 arg->patch[1];
2458                         page->audio.port[2].channels = arg->patch[2];
2459                         page->audio.port[3].channels = arg->patch[3];
2460                         error = cdsetmode(periph, &params);
2461                         free(params.mode_buf, M_TEMP);
2462                 }
2463                 break;
2464         case CDIOCGETVOL:
2465                 {
2466                         struct ioc_vol *arg = (struct ioc_vol *) addr;
2467                         struct cd_mode_params params;
2468                         union cd_pages *page;
2469
2470                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2471                                   ("trying to do CDIOCGETVOL\n"));
2472
2473                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2474                         params.mode_buf = malloc(params.alloc_len, M_TEMP, 
2475                                                  M_WAITOK | M_ZERO);
2476                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2477                         if (error) {
2478                                 free(params.mode_buf, M_TEMP);
2479                                 break;
2480                         }
2481                         page = cdgetpage(&params);
2482
2483                         arg->vol[LEFT_PORT] = 
2484                                 page->audio.port[LEFT_PORT].volume;
2485                         arg->vol[RIGHT_PORT] = 
2486                                 page->audio.port[RIGHT_PORT].volume;
2487                         arg->vol[2] = page->audio.port[2].volume;
2488                         arg->vol[3] = page->audio.port[3].volume;
2489                         free(params.mode_buf, M_TEMP);
2490                 }
2491                 break;
2492         case CDIOCSETVOL:
2493                 {
2494                         struct ioc_vol *arg = (struct ioc_vol *) addr;
2495                         struct cd_mode_params params;
2496                         union cd_pages *page;
2497
2498                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2499                                   ("trying to do CDIOCSETVOL\n"));
2500
2501                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2502                         params.mode_buf = malloc(params.alloc_len, M_TEMP, 
2503                                                  M_WAITOK | M_ZERO);
2504                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2505                         if (error) {
2506                                 free(params.mode_buf, M_TEMP);
2507                                 break;
2508                         }
2509                         page = cdgetpage(&params);
2510
2511                         page->audio.port[LEFT_PORT].channels = CHANNEL_0;
2512                         page->audio.port[LEFT_PORT].volume = 
2513                                 arg->vol[LEFT_PORT];
2514                         page->audio.port[RIGHT_PORT].channels = CHANNEL_1;
2515                         page->audio.port[RIGHT_PORT].volume = 
2516                                 arg->vol[RIGHT_PORT];
2517                         page->audio.port[2].volume = arg->vol[2];
2518                         page->audio.port[3].volume = arg->vol[3];
2519                         error = cdsetmode(periph, &params);
2520                         free(params.mode_buf, M_TEMP);
2521                 }
2522                 break;
2523         case CDIOCSETMONO:
2524                 {
2525                         struct cd_mode_params params;
2526                         union cd_pages *page;
2527
2528                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2529                                   ("trying to do CDIOCSETMONO\n"));
2530
2531                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2532                         params.mode_buf = malloc(params.alloc_len, M_TEMP,
2533                                                  M_WAITOK | M_ZERO);
2534                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2535                         if (error) {
2536                                 free(params.mode_buf, M_TEMP);
2537                                 break;
2538                         }
2539                         page = cdgetpage(&params);
2540
2541                         page->audio.port[LEFT_PORT].channels = 
2542                                 LEFT_CHANNEL | RIGHT_CHANNEL;
2543                         page->audio.port[RIGHT_PORT].channels = 
2544                                 LEFT_CHANNEL | RIGHT_CHANNEL;
2545                         page->audio.port[2].channels = 0;
2546                         page->audio.port[3].channels = 0;
2547                         error = cdsetmode(periph, &params);
2548                         free(params.mode_buf, M_TEMP);
2549                 }
2550                 break;
2551         case CDIOCSETSTEREO:
2552                 {
2553                         struct cd_mode_params params;
2554                         union cd_pages *page;
2555
2556                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2557                                   ("trying to do CDIOCSETSTEREO\n"));
2558
2559                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2560                         params.mode_buf = malloc(params.alloc_len, M_TEMP,
2561                                                  M_WAITOK | M_ZERO);
2562                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2563                         if (error) {
2564                                 free(params.mode_buf, M_TEMP);
2565                                 break;
2566                         }
2567                         page = cdgetpage(&params);
2568
2569                         page->audio.port[LEFT_PORT].channels = 
2570                                 LEFT_CHANNEL;
2571                         page->audio.port[RIGHT_PORT].channels = 
2572                                 RIGHT_CHANNEL;
2573                         page->audio.port[2].channels = 0;
2574                         page->audio.port[3].channels = 0;
2575                         error = cdsetmode(periph, &params);
2576                         free(params.mode_buf, M_TEMP);
2577                 }
2578                 break;
2579         case CDIOCSETMUTE:
2580                 {
2581                         struct cd_mode_params params;
2582                         union cd_pages *page;
2583
2584                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2585                                   ("trying to do CDIOCSETMUTE\n"));
2586
2587                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2588                         params.mode_buf = malloc(params.alloc_len, M_TEMP,
2589                                                  M_WAITOK | M_ZERO);
2590                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2591                         if (error) {
2592                                 free(&params, M_TEMP);
2593                                 break;
2594                         }
2595                         page = cdgetpage(&params);
2596
2597                         page->audio.port[LEFT_PORT].channels = 0;
2598                         page->audio.port[RIGHT_PORT].channels = 0;
2599                         page->audio.port[2].channels = 0;
2600                         page->audio.port[3].channels = 0;
2601                         error = cdsetmode(periph, &params);
2602                         free(params.mode_buf, M_TEMP);
2603                 }
2604                 break;
2605         case CDIOCSETLEFT:
2606                 {
2607                         struct cd_mode_params params;
2608                         union cd_pages *page;
2609
2610                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2611                                   ("trying to do CDIOCSETLEFT\n"));
2612
2613                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2614                         params.mode_buf = malloc(params.alloc_len, M_TEMP,
2615                                                  M_WAITOK | M_ZERO);
2616                         
2617                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2618                         if (error) {
2619                                 free(params.mode_buf, M_TEMP);
2620                                 break;
2621                         }
2622                         page = cdgetpage(&params);
2623
2624                         page->audio.port[LEFT_PORT].channels = LEFT_CHANNEL;
2625                         page->audio.port[RIGHT_PORT].channels = LEFT_CHANNEL;
2626                         page->audio.port[2].channels = 0;
2627                         page->audio.port[3].channels = 0;
2628                         error = cdsetmode(periph, &params);
2629                         free(params.mode_buf, M_TEMP);
2630                 }
2631                 break;
2632         case CDIOCSETRIGHT:
2633                 {
2634                         struct cd_mode_params params;
2635                         union cd_pages *page;
2636
2637                         CAM_DEBUG(periph->path, CAM_DEBUG_SUBTRACE, 
2638                                   ("trying to do CDIOCSETRIGHT\n"));
2639
2640                         params.alloc_len = sizeof(union cd_mode_data_6_10);
2641                         params.mode_buf = malloc(params.alloc_len, M_TEMP,
2642                                                  M_WAITOK | M_ZERO);
2643
2644                         error = cdgetmode(periph, &params, AUDIO_PAGE);
2645                         if (error) {
2646                                 free(params.mode_buf, M_TEMP);
2647                                 break;
2648                         }
2649                         page = cdgetpage(&params);
2650
2651                         page->audio.port[LEFT_PORT].channels = RIGHT_CHANNEL;
2652                         page->audio.port[RIGHT_PORT].channels = RIGHT_CHANNEL;
2653                         page->audio.port[2].channels = 0;
2654                         page->audio.port[3].channels = 0;
2655                         error = cdsetmode(periph, &params);
2656                         free(params.mode_buf, M_TEMP);
2657                 }
2658                 break;
2659         case CDIOCRESUME:
2660                 error = cdpause(periph, 1);
2661                 break;
2662         case CDIOCPAUSE:
2663                 error = cdpause(periph, 0);
2664                 break;
2665         case CDIOCSTART:
2666                 error = cdstartunit(periph, 0);
2667                 break;
2668         case CDIOCCLOSE:
2669                 error = cdstartunit(periph, 1);
2670
2671 #ifdef notyet
2672                 if (error != 0)
2673                         break;
2674
2675                 /*
2676                  * The user successfully closed the tray, run
2677                  * cdcheckmedia() again so we can re-sync the disklabel
2678                  * information.
2679                  */
2680                 cdcheckmedia(periph);
2681 #endif /* notyet */
2682                 break;
2683         case CDIOCSTOP:
2684                 error = cdstopunit(periph, 0);
2685                 break;
2686         case CDIOCEJECT:
2687                 error = cdstopunit(periph, 1);
2688
2689 #ifdef notyet
2690                 if (error != 0)
2691                         break;
2692
2693                 /*
2694                  * Since we've successfully ejected the media, run
2695                  * cdcheckmedia() again so we re-sync the disklabel
2696                  * information.
2697                  */
2698                 cdcheckmedia(periph);
2699 #endif /* notyet */
2700                 break;
2701         case CDIOCALLOW:
2702                 cdprevent(periph, PR_ALLOW);
2703                 break;
2704         case CDIOCPREVENT:
2705                 cdprevent(periph, PR_PREVENT);
2706                 break;
2707         case CDIOCSETDEBUG:
2708                 /* sc_link->flags |= (SDEV_DB1 | SDEV_DB2); */
2709                 error = ENOTTY;
2710                 break;
2711         case CDIOCCLRDEBUG:
2712                 /* sc_link->flags &= ~(SDEV_DB1 | SDEV_DB2); */
2713                 error = ENOTTY;
2714                 break;
2715         case CDIOCRESET:
2716                 /* return (cd_reset(periph)); */
2717                 error = ENOTTY;
2718                 break;
2719         case CDRIOCREADSPEED:
2720                 error = cdsetspeed(periph, *(u_int32_t *)addr, CDR_MAX_SPEED);
2721                 break;
2722         case CDRIOCWRITESPEED:
2723                 error = cdsetspeed(periph, CDR_MAX_SPEED, *(u_int32_t *)addr);
2724                 break;
2725         case DVDIOCSENDKEY:
2726         case DVDIOCREPORTKEY: {
2727                 struct dvd_authinfo *authinfo;
2728
2729                 authinfo = (struct dvd_authinfo *)addr;
2730
2731                 if (cmd == DVDIOCREPORTKEY)
2732                         error = cdreportkey(periph, authinfo);
2733                 else
2734                         error = cdsendkey(periph, authinfo);
2735                 break;
2736         }
2737         case DVDIOCREADSTRUCTURE: {
2738                 struct dvd_struct *dvdstruct;
2739
2740                 dvdstruct = (struct dvd_struct *)addr;
2741
2742                 error = cdreaddvdstructure(periph, dvdstruct);
2743
2744                 break;
2745         }
2746         default:
2747                 error = cam_periph_ioctl(periph, cmd, addr, cderror);
2748                 break;
2749         }
2750
2751         cam_periph_unlock(periph);
2752
2753         CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("leaving cdioctl\n"));
2754
2755         return (error);
2756 }
2757
2758 static void
2759 cdprevent(struct cam_periph *periph, int action)
2760 {
2761         union   ccb *ccb;
2762         struct  cd_softc *softc;
2763         int     error;
2764
2765         CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("entering cdprevent\n"));
2766
2767         softc = (struct cd_softc *)periph->softc;
2768         
2769         if (((action == PR_ALLOW)
2770           && (softc->flags & CD_FLAG_DISC_LOCKED) == 0)
2771          || ((action == PR_PREVENT)
2772           && (softc->flags & CD_FLAG_DISC_LOCKED) != 0)) {
2773                 return;
2774         }
2775             
2776         ccb = cdgetccb(periph, /* priority */ 1);
2777
2778         scsi_prevent(&ccb->csio, 
2779                      /*retries*/ 1,
2780                      cddone,
2781                      MSG_SIMPLE_Q_TAG,
2782                      action,
2783                      SSD_FULL_SIZE,
2784                      /* timeout */60000);
2785         
2786         error = cdrunccb(ccb, cderror, /*cam_flags*/0,
2787                         /*sense_flags*/SF_RETRY_UA|SF_NO_PRINT|SF_RETRY_SELTO);
2788
2789         xpt_release_ccb(ccb);
2790
2791         if (error == 0) {
2792                 if (action == PR_ALLOW)
2793                         softc->flags &= ~CD_FLAG_DISC_LOCKED;
2794                 else
2795                         softc->flags |= CD_FLAG_DISC_LOCKED;
2796         }
2797 }
2798
2799 int
2800 cdcheckmedia(struct cam_periph *periph)
2801 {
2802         struct cd_softc *softc;
2803         struct ioc_toc_header *toch;
2804         struct cd_toc_single leadout;
2805         struct ccb_getdev cgd;
2806         u_int32_t size, toclen;
2807         int error, num_entries, cdindex;
2808         int first_track_audio;
2809         struct disklabel *label;
2810
2811         softc = (struct cd_softc *)periph->softc;
2812
2813         first_track_audio = -1;
2814         error = 0;
2815
2816         cdprevent(periph, PR_PREVENT);
2817
2818         /*
2819          * Build prototype label for whole disk.
2820          * Should take information about different data tracks from the
2821          * TOC and put it in the partition table.
2822          */
2823         label = &softc->disk.d_label;
2824         bzero(label, sizeof(*label));
2825         label->d_type = DTYPE_SCSI;
2826
2827         /*
2828          * Grab the inquiry data to get the vendor and product names.
2829          * Put them in the typename and packname for the label.
2830          */
2831         xpt_setup_ccb(&cgd.ccb_h, periph->path, /*priority*/ 1);
2832         cgd.ccb_h.func_code = XPT_GDEV_TYPE;
2833         xpt_action((union ccb *)&cgd);
2834
2835         strncpy(label->d_typename, cgd.inq_data.vendor,
2836                 min(SID_VENDOR_SIZE, sizeof(label->d_typename)));
2837         strncpy(label->d_packname, cgd.inq_data.product,
2838                 min(SID_PRODUCT_SIZE, sizeof(label->d_packname)));
2839                 
2840         label->d_flags = D_REMOVABLE;
2841         /*
2842          * Make partition 'a' cover the whole disk.  This is a temporary
2843          * compatibility hack.  The 'a' partition should not exist, so
2844          * the slice code won't create it.  The slice code will make
2845          * partition (RAW_PART + 'a') cover the whole disk and fill in
2846          * some more defaults.
2847          */
2848         label->d_partitions[0].p_size = label->d_secperunit;
2849         label->d_partitions[0].p_fstype = FS_OTHER;
2850
2851         /*
2852          * Default to not reading the disklabel off the disk, until we can
2853          * verify that we have media, that we have a table of contents, and
2854          * that the first track is a data track (which could theoretically
2855          * contain a disklabel).
2856          */
2857         softc->disk.d_dsflags &= ~DSO_COMPATLABEL;
2858         softc->disk.d_dsflags |= DSO_NOLABELS;
2859
2860         /*
2861          * Clear the valid media and TOC flags until we've verified that we
2862          * have both.
2863          */
2864         softc->flags &= ~(CD_FLAG_VALID_MEDIA|CD_FLAG_VALID_TOC);
2865
2866         /*
2867          * Get the disc size and block size.  If we can't get it, we don't
2868          * have media, most likely.
2869          */
2870         if ((error = cdsize(periph, &size)) != 0) {
2871                 /*
2872                  * Set a bogus sector size, so the slice code won't try to
2873                  * divide by 0 and panic the kernel.
2874                  */
2875                 label->d_secsize = 2048;
2876
2877                 label->d_secperunit = 0;
2878
2879                 /*
2880                  * XXX KDM is this a good idea?  Seems to cause more
2881                  * problems.
2882                  */
2883                 if (softc->flags & CD_FLAG_OPEN) {
2884                         int force;
2885
2886                         force = 1;
2887
2888                         /*
2889                          * We don't bother checking the return value here,
2890                          * since we already have an error...
2891                          */
2892                         dsioctl(softc->disk.d_dev, DIOCSYNCSLICEINFO,
2893                                 /*data*/(caddr_t)&force, /*flags*/ 0,
2894                                 &softc->disk.d_slice);
2895                 }
2896
2897                 /*
2898                  * Tell devstat(9) we don't have a blocksize.
2899                  */
2900                 softc->device_stats.flags |= DEVSTAT_BS_UNAVAILABLE;
2901
2902                 cdprevent(periph, PR_ALLOW);
2903
2904                 return (error);
2905         } else {
2906
2907                 label->d_secsize = softc->params.blksize;
2908                 label->d_secperunit = softc->params.disksize;
2909
2910                 /*
2911                  * Force a re-sync of slice information, like the blocksize,
2912                  * now that we know it.  It isn't pretty...but according to
2913                  * Bruce Evans, this is probably the best way to do it in
2914                  * -stable.  We only do this if we're already open, and
2915                  * therefore dsopen() has already run.  If CD_FLAG_OPEN
2916                  * isn't set, this isn't necessary.
2917                  */
2918                 if (softc->flags & CD_FLAG_OPEN) {
2919                         int force;
2920
2921                         force = 1;
2922
2923                         error = dsioctl(softc->disk.d_dev, DIOCSYNCSLICEINFO,
2924                                         /*data*/(caddr_t)&force, /*flags*/ 0,
2925                                         &softc->disk.d_slice);
2926                         if (error != 0) {
2927                                 /*
2928                                  * Set a bogus sector size, so the slice code
2929                                  * won't try to divide by 0 and panic the
2930                                  * kernel.
2931                                  */
2932                                 label->d_secsize = 2048;
2933
2934                                 label->d_secperunit = 0;
2935
2936                                 /*
2937                                  * Tell devstat(9) we don't have a blocksize.
2938                                  */
2939                                 softc->device_stats.flags |=
2940                                         DEVSTAT_BS_UNAVAILABLE;
2941
2942                                 cdprevent(periph, PR_ALLOW);
2943                         }
2944                 }
2945
2946                 /*
2947                  * We unconditionally (re)set the blocksize each time the
2948                  * CD device is opened.  This is because the CD can change,
2949                  * and therefore the blocksize might change.
2950                  * XXX problems here if some slice or partition is still
2951                  * open with the old size?
2952                  */
2953                 if ((softc->device_stats.flags & DEVSTAT_BS_UNAVAILABLE) != 0)
2954                         softc->device_stats.flags &= ~DEVSTAT_BS_UNAVAILABLE;
2955                 softc->device_stats.block_size = softc->params.blksize;
2956
2957                 softc->flags |= CD_FLAG_VALID_MEDIA;
2958         }
2959
2960         /*
2961          * Now we check the table of contents.  This (currently) is only
2962          * used for the CDIOCPLAYTRACKS ioctl.  It may be used later to do
2963          * things like present a separate entry in /dev for each track,
2964          * like that acd(4) driver does.
2965          */
2966         bzero(&softc->toc, sizeof(softc->toc));
2967         toch = &softc->toc.header;
2968
2969         /*
2970          * We will get errors here for media that doesn't have a table of
2971          * contents.  According to the MMC-3 spec: "When a Read TOC/PMA/ATIP
2972          * command is presented for a DDCD/CD-R/RW media, where the first TOC
2973          * has not been recorded (no complete session) and the Format codes
2974          * 0000b, 0001b, or 0010b are specified, this command shall be rejected
2975          * with an INVALID FIELD IN CDB.  Devices that are not capable of
2976          * reading an incomplete session on DDC/CD-R/RW media shall report
2977          * CANNOT READ MEDIUM - INCOMPATIBLE FORMAT."
2978          *
2979          * So this isn't fatal if we can't read the table of contents, it
2980          * just means that the user won't be able to issue the play tracks
2981          * ioctl, and likely lots of other stuff won't work either.  They
2982          * need to burn the CD before we can do a whole lot with it.  So
2983          * we don't print anything here if we get an error back.
2984          */
2985         error = cdreadtoc(periph, 0, 0, (u_int8_t *)toch, sizeof(*toch),
2986                           SF_NO_PRINT);
2987         /*
2988          * Errors in reading the table of contents aren't fatal, we just
2989          * won't have a valid table of contents cached.
2990          */
2991         if (error != 0) {
2992                 error = 0;
2993                 bzero(&softc->toc, sizeof(softc->toc));
2994                 goto bailout;
2995         }
2996
2997         if (softc->quirks & CD_Q_BCD_TRACKS) {
2998                 toch->starting_track = bcd2bin(toch->starting_track);
2999                 toch->ending_track = bcd2bin(toch->ending_track);
3000         }
3001
3002         /* Number of TOC entries, plus leadout */
3003         num_entries = (toch->ending_track - toch->starting_track) + 2;
3004
3005         if (num_entries <= 0)
3006                 goto bailout;
3007
3008         toclen = num_entries * sizeof(struct cd_toc_entry);
3009
3010         error = cdreadtoc(periph, CD_MSF_FORMAT, toch->starting_track,
3011                           (u_int8_t *)&softc->toc, toclen + sizeof(*toch),
3012                           SF_NO_PRINT);
3013         if (error != 0) {
3014                 error = 0;
3015                 bzero(&softc->toc, sizeof(softc->toc));
3016                 goto bailout;
3017         }
3018
3019         if (softc->quirks & CD_Q_BCD_TRACKS) {
3020                 toch->starting_track = bcd2bin(toch->starting_track);
3021                 toch->ending_track = bcd2bin(toch->ending_track);
3022         }
3023         toch->len = scsi_2btoul((uint8_t *)&toch->len);
3024
3025         /*
3026          * XXX KDM is this necessary?  Probably only if the drive doesn't
3027          * return leadout information with the table of contents.
3028          */
3029         cdindex = toch->starting_track + num_entries -1;
3030         if (cdindex == toch->ending_track + 1) {
3031
3032                 error = cdreadtoc(periph, CD_MSF_FORMAT, LEADOUT, 
3033                                   (u_int8_t *)&leadout, sizeof(leadout),
3034                                   SF_NO_PRINT);
3035                 if (error != 0) {
3036                         error = 0;
3037                         goto bailout;
3038                 }
3039                 softc->toc.entries[cdindex - toch->starting_track] =
3040                         leadout.entry;
3041         }
3042         if (softc->quirks & CD_Q_BCD_TRACKS) {
3043                 for (cdindex = 0; cdindex < (num_entries - 1); cdindex++) {
3044                         softc->toc.entries[cdindex].track =
3045                                 bcd2bin(softc->toc.entries[cdindex].track);
3046                 }
3047         }
3048
3049         /*
3050          * Run through the TOC entries, find the first entry and determine
3051          * whether it is an audio or data track.
3052          */
3053         for (cdindex = 0; cdindex < (num_entries - 1); cdindex++) {
3054                 if (softc->toc.entries[cdindex].track == toch->starting_track) {
3055                         if (softc->toc.entries[cdindex].control & 0x04)
3056                                 first_track_audio = 0;
3057                         else
3058                                 first_track_audio = 1;
3059                         break;
3060                 }
3061         }
3062
3063         /*
3064          * If first_track_audio is non-zero, we either have an error (e.g.
3065          * couldn't find the starting track) or the first track is an audio
3066          * track.  If first_track_audio is 0, the first track is a data
3067          * track that could have a disklabel.  Attempt to read the
3068          * disklabel off the media, just in case the user put one there.
3069          */
3070         if (first_track_audio == 0) {
3071                 softc->disk.d_dsflags |= DSO_COMPATLABEL;
3072                 softc->disk.d_dsflags &= ~DSO_NOLABELS;
3073         }
3074         softc->flags |= CD_FLAG_VALID_TOC;
3075
3076 bailout:
3077         return (error);
3078 }
3079
3080 static int
3081 cdsize(struct cam_periph *periph, u_int32_t *size)
3082 {
3083         struct cd_softc *softc;
3084         union ccb *ccb;
3085         struct scsi_read_capacity_data *rcap_buf;
3086         int error;
3087
3088         CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("entering cdsize\n"));
3089
3090         softc = (struct cd_softc *)periph->softc;
3091              
3092         ccb = cdgetccb(periph, /* priority */ 1);
3093
3094         rcap_buf = malloc(sizeof(struct scsi_read_capacity_data), 
3095                           M_TEMP, M_WAITOK);
3096
3097         scsi_read_capacity(&ccb->csio, 
3098                            /*retries*/ 1,
3099                            cddone,
3100                            MSG_SIMPLE_Q_TAG,
3101                            rcap_buf,
3102                            SSD_FULL_SIZE,
3103                            /* timeout */20000);
3104
3105         error = cdrunccb(ccb, cderror, /*cam_flags*/0,
3106                          /*sense_flags*/SF_RETRY_UA|SF_NO_PRINT|SF_RETRY_SELTO);
3107
3108         xpt_release_ccb(ccb);
3109
3110         softc->params.disksize = scsi_4btoul(rcap_buf->addr) + 1;
3111         softc->params.blksize  = scsi_4btoul(rcap_buf->length);
3112         /*
3113          * SCSI-3 mandates that the reported blocksize shall be 2048.
3114          * Older drives sometimes report funny values, trim it down to
3115          * 2048, or other parts of the kernel will get confused.
3116          *
3117          * XXX we leave drives alone that might report 512 bytes, as
3118          * well as drives reporting more weird sizes like perhaps 4K.
3119          */
3120         if (softc->params.blksize > 2048 && softc->params.blksize <= 2352)
3121                 softc->params.blksize = 2048;
3122
3123         free(rcap_buf, M_TEMP);
3124         *size = softc->params.disksize;
3125
3126         return (error);
3127
3128 }
3129
3130 static int
3131 cd6byteworkaround(union ccb *ccb)
3132 {
3133         u_int8_t *cdb;
3134         struct cam_periph *periph;
3135         struct cd_softc *softc;
3136         struct cd_mode_params *params;
3137         int frozen, found;
3138
3139         periph = xpt_path_periph(ccb->ccb_h.path);
3140         softc = (struct cd_softc *)periph->softc;
3141
3142         cdb = ccb->csio.cdb_io.cdb_bytes;
3143
3144         if ((ccb->ccb_h.flags & CAM_CDB_POINTER)
3145          || ((cdb[0] != MODE_SENSE_6)
3146           && (cdb[0] != MODE_SELECT_6)))
3147                 return (0);
3148
3149         /*
3150          * Because there is no convenient place to stash the overall
3151          * cd_mode_params structure pointer, we have to grab it like this.
3152          * This means that ALL MODE_SENSE and MODE_SELECT requests in the
3153          * cd(4) driver MUST go through cdgetmode() and cdsetmode()!
3154          *
3155          * XXX It would be nice if, at some point, we could increase the
3156          * number of available peripheral private pointers.  Both pointers
3157          * are currently used in most every peripheral driver.
3158          */
3159         found = 0;
3160
3161         STAILQ_FOREACH(params, &softc->mode_queue, links) {
3162                 if (params->mode_buf == ccb->csio.data_ptr) {
3163                         found = 1;
3164                         break;
3165                 }
3166         }
3167
3168         /*
3169          * This shouldn't happen.  All mode sense and mode select
3170          * operations in the cd(4) driver MUST go through cdgetmode() and
3171          * cdsetmode()!
3172          */
3173         if (found == 0) {
3174                 xpt_print_path(periph->path);
3175                 printf("mode buffer not found in mode queue!\n");
3176                 return (0);
3177         }
3178
3179         params->cdb_size = 10;
3180         softc->minimum_command_size = 10;
3181         xpt_print_path(ccb->ccb_h.path);
3182         printf("%s(6) failed, increasing minimum CDB size to 10 bytes\n",
3183                (cdb[0] == MODE_SENSE_6) ? "MODE_SENSE" : "MODE_SELECT");
3184
3185         if (cdb[0] == MODE_SENSE_6) {
3186                 struct scsi_mode_sense_10 ms10;
3187                 struct scsi_mode_sense_6 *ms6;
3188                 int len;
3189
3190                 ms6 = (struct scsi_mode_sense_6 *)cdb;
3191
3192                 bzero(&ms10, sizeof(ms10));
3193                 ms10.opcode = MODE_SENSE_10;
3194                 ms10.byte2 = ms6->byte2;
3195                 ms10.page = ms6->page;
3196
3197                 /*
3198                  * 10 byte mode header, block descriptor,
3199                  * sizeof(union cd_pages)
3200                  */
3201                 len = sizeof(struct cd_mode_data_10);
3202                 ccb->csio.dxfer_len = len;
3203
3204                 scsi_ulto2b(len, ms10.length);
3205                 ms10.control = ms6->control;
3206                 bcopy(&ms10, cdb, 10);
3207                 ccb->csio.cdb_len = 10;
3208         } else {
3209                 struct scsi_mode_select_10 ms10;
3210                 struct scsi_mode_select_6 *ms6;
3211                 struct scsi_mode_header_6 *header6;
3212                 struct scsi_mode_header_10 *header10;
3213                 struct scsi_mode_page_header *page_header;
3214                 int blk_desc_len, page_num, page_size, len;
3215
3216                 ms6 = (struct scsi_mode_select_6 *)cdb;
3217
3218                 bzero(&ms10, sizeof(ms10));
3219                 ms10.opcode = MODE_SELECT_10;
3220                 ms10.byte2 = ms6->byte2;
3221
3222                 header6 = (struct scsi_mode_header_6 *)params->mode_buf;
3223                 header10 = (struct scsi_mode_header_10 *)params->mode_buf;
3224
3225                 page_header = find_mode_page_6(header6);
3226                 page_num = page_header->page_code;
3227
3228                 blk_desc_len = header6->blk_desc_len;
3229
3230                 page_size = cdgetpagesize(page_num);
3231
3232                 if (page_size != (page_header->page_length +
3233                     sizeof(*page_header)))
3234                         page_size = page_header->page_length +
3235                                 sizeof(*page_header);
3236
3237                 len = sizeof(*header10) + blk_desc_len + page_size;
3238
3239                 len = min(params->alloc_len, len);
3240
3241                 /*
3242                  * Since the 6 byte parameter header is shorter than the 10
3243                  * byte parameter header, we need to copy the actual mode
3244                  * page data, and the block descriptor, if any, so things wind
3245                  * up in the right place.  The regions will overlap, but
3246                  * bcopy() does the right thing.
3247                  */
3248                 bcopy(params->mode_buf + sizeof(*header6),
3249                       params->mode_buf + sizeof(*header10),
3250                       len - sizeof(*header10));
3251
3252                 /* Make sure these fields are set correctly. */
3253                 scsi_ulto2b(0, header10->data_length);
3254                 header10->medium_type = 0;
3255                 scsi_ulto2b(blk_desc_len, header10->blk_desc_len);
3256
3257                 ccb->csio.dxfer_len = len;
3258
3259                 scsi_ulto2b(len, ms10.length);
3260                 ms10.control = ms6->control;
3261                 bcopy(&ms10, cdb, 10);
3262                 ccb->csio.cdb_len = 10;
3263         }
3264
3265         frozen = (ccb->ccb_h.status & CAM_DEV_QFRZN) != 0;
3266         ccb->ccb_h.status = CAM_REQUEUE_REQ;
3267         xpt_action(ccb);
3268         if (frozen) {
3269                 cam_release_devq(ccb->ccb_h.path,
3270                                  /*relsim_flags*/0,
3271                                  /*openings*/0,
3272                                  /*timeout*/0,
3273                                  /*getcount_only*/0);
3274         }
3275
3276         return (ERESTART);
3277 }
3278
3279 static int
3280 cderror(union ccb *ccb, u_int32_t cam_flags, u_int32_t sense_flags)
3281 {
3282         struct cd_softc *softc;
3283         struct cam_periph *periph;
3284         int error;
3285
3286         periph = xpt_path_periph(ccb->ccb_h.path);
3287         softc = (struct cd_softc *)periph->softc;
3288
3289         error = 0;
3290
3291         /*
3292          * We use a status of CAM_REQ_INVALID as shorthand -- if a 6 byte
3293          * CDB comes back with this particular error, try transforming it
3294          * into the 10 byte version.
3295          */
3296         if ((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_INVALID) {
3297                 error = cd6byteworkaround(ccb);
3298         } else if (((ccb->ccb_h.status & CAM_STATUS_MASK) ==
3299                      CAM_SCSI_STATUS_ERROR)
3300          && (ccb->ccb_h.status & CAM_AUTOSNS_VALID)
3301          && (ccb->csio.scsi_status == SCSI_STATUS_CHECK_COND)
3302          && ((ccb->ccb_h.flags & CAM_SENSE_PHYS) == 0)
3303          && ((ccb->ccb_h.flags & CAM_SENSE_PTR) == 0)) {
3304                 int sense_key, error_code, asc, ascq;
3305
3306                 scsi_extract_sense(&ccb->csio.sense_data,
3307                                    &error_code, &sense_key, &asc, &ascq);
3308                 if (sense_key == SSD_KEY_ILLEGAL_REQUEST)
3309                         error = cd6byteworkaround(ccb);
3310         }
3311
3312         if (error == ERESTART)
3313                 return (error);
3314
3315         /*
3316          * XXX
3317          * Until we have a better way of doing pack validation,
3318          * don't treat UAs as errors.
3319          */
3320         sense_flags |= SF_RETRY_UA;
3321         return (cam_periph_error(ccb, cam_flags, sense_flags, 
3322                                  &softc->saved_ccb));
3323 }
3324
3325 /*
3326  * Read table of contents
3327  */
3328 static int 
3329 cdreadtoc(struct cam_periph *periph, u_int32_t mode, u_int32_t start, 
3330           u_int8_t *data, u_int32_t len, u_int32_t sense_flags)
3331 {
3332         struct scsi_read_toc *scsi_cmd;
3333         u_int32_t ntoc;
3334         struct ccb_scsiio *csio;
3335         union ccb *ccb;
3336         int error;
3337
3338         ntoc = len;
3339         error = 0;
3340
3341         ccb = cdgetccb(periph, /* priority */ 1);
3342
3343         csio = &ccb->csio;
3344
3345         cam_fill_csio(csio, 
3346                       /* retries */ 1, 
3347                       /* cbfcnp */ cddone, 
3348                       /* flags */ CAM_DIR_IN,
3349                       /* tag_action */ MSG_SIMPLE_Q_TAG,
3350                       /* data_ptr */ data,
3351                       /* dxfer_len */ len,
3352                       /* sense_len */ SSD_FULL_SIZE,
3353                       sizeof(struct scsi_read_toc),
3354                       /* timeout */ 50000);
3355
3356         scsi_cmd = (struct scsi_read_toc *)&csio->cdb_io.cdb_bytes;
3357         bzero (scsi_cmd, sizeof(*scsi_cmd));
3358
3359         if (mode == CD_MSF_FORMAT)
3360                 scsi_cmd->byte2 |= CD_MSF;
3361         scsi_cmd->from_track = start;
3362         /* scsi_ulto2b(ntoc, (u_int8_t *)scsi_cmd->data_len); */
3363         scsi_cmd->data_len[0] = (ntoc) >> 8;
3364         scsi_cmd->data_len[1] = (ntoc) & 0xff;
3365
3366         scsi_cmd->op_code = READ_TOC;
3367
3368         error = cdrunccb(ccb, cderror, /*cam_flags*/0,
3369                          /*sense_flags*/SF_RETRY_UA | SF_RETRY_SELTO |
3370                          sense_flags);
3371
3372         xpt_release_ccb(ccb);
3373
3374         return(error);
3375 }
3376
3377 static int
3378 cdreadsubchannel(struct cam_periph *periph, u_int32_t mode, 
3379                  u_int32_t format, int track, 
3380                  struct cd_sub_channel_info *data, u_int32_t len) 
3381 {
3382         struct scsi_read_subchannel *scsi_cmd;
3383         struct ccb_scsiio *csio;
3384         union ccb *ccb;
3385         int error;
3386
3387         error = 0;
3388
3389         ccb = cdgetccb(periph, /* priority */ 1);
3390
3391         csio = &ccb->csio;
3392
3393         cam_fill_csio(csio, 
3394                       /* retries */ 1, 
3395                       /* cbfcnp */ cddone, 
3396                       /* flags */ CAM_DIR_IN,
3397                       /* tag_action */ MSG_SIMPLE_Q_TAG,
3398                       /* data_ptr */ (u_int8_t *)data,
3399                       /* dxfer_len */ len,
3400                       /* sense_len */ SSD_FULL_SIZE,
3401                       sizeof(struct scsi_read_subchannel),
3402                       /* timeout */ 50000);
3403
3404         scsi_cmd = (struct scsi_read_subchannel *)&csio->cdb_io.cdb_bytes;
3405         bzero (scsi_cmd, sizeof(*scsi_cmd));
3406
3407         scsi_cmd->op_code = READ_SUBCHANNEL;
3408         if (mode == CD_MSF_FORMAT)
3409                 scsi_cmd->byte1 |= CD_MSF;
3410         scsi_cmd->byte2 = SRS_SUBQ;
3411         scsi_cmd->subchan_format = format;
3412         scsi_cmd->track = track;
3413         scsi_ulto2b(len, (u_int8_t *)scsi_cmd->data_len);
3414         scsi_cmd->control = 0;
3415
3416         error = cdrunccb(ccb, cderror, /*cam_flags*/0,
3417                          /*sense_flags*/SF_RETRY_UA|SF_RETRY_SELTO);
3418
3419         xpt_release_ccb(ccb);
3420
3421         return(error);
3422 }
3423
3424 /*
3425  * All MODE_SENSE requests in the cd(4) driver MUST go through this
3426  * routine.  See comments in cd6byteworkaround() for details.
3427  */
3428 static int
3429 cdgetmode(struct cam_periph *periph, struct cd_mode_params *data,
3430           u_int32_t page)
3431 {
3432         struct ccb_scsiio *csio;
3433         struct cd_softc *softc;
3434         union ccb *ccb;
3435         int param_len;
3436         int error;
3437
3438         softc = (struct cd_softc *)periph->softc;
3439
3440         ccb = cdgetccb(periph, /* priority */ 1);
3441
3442         csio = &ccb->csio;
3443
3444         data->cdb_size = softc->minimum_command_size;
3445         if (data->cdb_size < 10)
3446                 param_len = sizeof(struct cd_mode_data);
3447         else
3448                 param_len = sizeof(struct cd_mode_data_10);
3449
3450         /* Don't say we've got more room than we actually allocated */
3451         param_len = min(param_len, data->alloc_len);
3452
3453         scsi_mode_sense_len(csio,
3454                             /* retries */ 1,
3455                             /* cbfcnp */ cddone,
3456                             /* tag_action */ MSG_SIMPLE_Q_TAG,
3457                             /* dbd */ 0,
3458                             /* page_code */ SMS_PAGE_CTRL_CURRENT,
3459                             /* page */ page,
3460                             /* param_buf */ data->mode_buf,
3461                             /* param_len */ param_len,
3462                             /* minimum_cmd_size */ softc->minimum_command_size,
3463                             /* sense_len */ SSD_FULL_SIZE,
3464                             /* timeout */ 50000);
3465
3466         /*
3467          * It would be nice not to have to do this, but there's no
3468          * available pointer in the CCB that would allow us to stuff the
3469          * mode params structure in there and retrieve it in
3470          * cd6byteworkaround(), so we can set the cdb size.  The cdb size
3471          * lets the caller know what CDB size we ended up using, so they
3472          * can find the actual mode page offset.
3473          */
3474         STAILQ_INSERT_TAIL(&softc->mode_queue, data, links);
3475
3476         error = cdrunccb(ccb, cderror, /*cam_flags*/0,
3477                          /*sense_flags*/SF_RETRY_UA|SF_RETRY_SELTO);
3478
3479         xpt_release_ccb(ccb);
3480
3481         STAILQ_REMOVE(&softc->mode_queue, data, cd_mode_params, links);
3482
3483         /*
3484          * This is a bit of belt-and-suspenders checking, but if we run
3485          * into a situation where the target sends back multiple block
3486          * descriptors, we might not have enough space in the buffer to
3487          * see the whole mode page.  Better to return an error than
3488          * potentially access memory beyond our malloced region.
3489          */
3490         if (error == 0) {
3491                 u_int32_t data_len;
3492
3493                 if (data->cdb_size == 10) {
3494                         struct scsi_mode_header_10 *hdr10;
3495
3496                         hdr10 = (struct scsi_mode_header_10 *)data->mode_buf;
3497                         data_len = scsi_2btoul(hdr10->data_length);
3498                         data_len += sizeof(hdr10->data_length);
3499                 } else {
3500                         struct scsi_mode_header_6 *hdr6;
3501
3502                         hdr6 = (struct scsi_mode_header_6 *)data->mode_buf;
3503                         data_len = hdr6->data_length;
3504                         data_len += sizeof(hdr6->data_length);
3505                 }
3506
3507                 /*
3508                  * Complain if there is more mode data available than we
3509                  * allocated space for.  This could potentially happen if
3510                  * we miscalculated the page length for some reason, if the
3511                  * drive returns multiple block descriptors, or if it sets
3512                  * the data length incorrectly.
3513                  */
3514                 if (data_len > data->alloc_len) {
3515                         xpt_print_path(periph->path);
3516                         printf("allocated modepage %d length %d < returned "
3517                                "length %d\n", page, data->alloc_len, data_len);
3518
3519                         error = ENOSPC;
3520                 }
3521         }
3522         return (error);
3523 }
3524
3525 /*
3526  * All MODE_SELECT requests in the cd(4) driver MUST go through this
3527  * routine.  See comments in cd6byteworkaround() for details.
3528  */
3529 static int
3530 cdsetmode(struct cam_periph *periph, struct cd_mode_params *data)
3531 {
3532         struct ccb_scsiio *csio;
3533         struct cd_softc *softc;
3534         union ccb *ccb;
3535         int cdb_size, param_len;
3536         int error;
3537
3538         softc = (struct cd_softc *)periph->softc;
3539
3540         ccb = cdgetccb(periph, /* priority */ 1);
3541
3542         csio = &ccb->csio;
3543
3544         error = 0;
3545
3546         /*
3547          * If the data is formatted for the 10 byte version of the mode
3548          * select parameter list, we need to use the 10 byte CDB.
3549          * Otherwise, we use whatever the stored minimum command size.
3550          */
3551         if (data->cdb_size == 10)
3552                 cdb_size = data->cdb_size;
3553         else
3554                 cdb_size = softc->minimum_command_size;
3555
3556         if (cdb_size >= 10) {
3557                 struct scsi_mode_header_10 *mode_header;
3558                 u_int32_t data_len;
3559
3560                 mode_header = (struct scsi_mode_header_10 *)data->mode_buf;
3561
3562                 data_len = scsi_2btoul(mode_header->data_length);
3563
3564                 scsi_ulto2b(0, mode_header->data_length);
3565                 /*
3566                  * SONY drives do not allow a mode select with a medium_type
3567                  * value that has just been returned by a mode sense; use a
3568                  * medium_type of 0 (Default) instead.
3569                  */
3570                 mode_header->medium_type = 0;
3571
3572                 /*
3573                  * Pass back whatever the drive passed to us, plus the size
3574                  * of the data length field.
3575                 &