1 /* 2 * QEMU ESP/NCR53C9x emulation 3 * 4 * Copyright (c) 2005-2006 Fabrice Bellard 5 * Copyright (c) 2012 Herve Poussineau 6 * Copyright (c) 2023 Mark Cave-Ayland 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "qemu/osdep.h" 28 #include "hw/sysbus.h" 29 #include "migration/vmstate.h" 30 #include "hw/irq.h" 31 #include "hw/scsi/esp.h" 32 #include "trace.h" 33 #include "qemu/log.h" 34 #include "qemu/module.h" 35 36 /* 37 * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O), 38 * also produced as NCR89C100. See 39 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt 40 * and 41 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt 42 * 43 * On Macintosh Quadra it is a NCR53C96. 44 */ 45 46 static void esp_raise_irq(ESPState *s) 47 { 48 if (!(s->rregs[ESP_RSTAT] & STAT_INT)) { 49 s->rregs[ESP_RSTAT] |= STAT_INT; 50 qemu_irq_raise(s->irq); 51 trace_esp_raise_irq(); 52 } 53 } 54 55 static void esp_lower_irq(ESPState *s) 56 { 57 if (s->rregs[ESP_RSTAT] & STAT_INT) { 58 s->rregs[ESP_RSTAT] &= ~STAT_INT; 59 qemu_irq_lower(s->irq); 60 trace_esp_lower_irq(); 61 } 62 } 63 64 static void esp_raise_drq(ESPState *s) 65 { 66 if (!(s->drq_state)) { 67 qemu_irq_raise(s->drq_irq); 68 trace_esp_raise_drq(); 69 s->drq_state = true; 70 } 71 } 72 73 static void esp_lower_drq(ESPState *s) 74 { 75 if (s->drq_state) { 76 qemu_irq_lower(s->drq_irq); 77 trace_esp_lower_drq(); 78 s->drq_state = false; 79 } 80 } 81 82 static const char *esp_phase_names[8] = { 83 "DATA OUT", "DATA IN", "COMMAND", "STATUS", 84 "(reserved)", "(reserved)", "MESSAGE OUT", "MESSAGE IN" 85 }; 86 87 static void esp_set_phase(ESPState *s, uint8_t phase) 88 { 89 s->rregs[ESP_RSTAT] &= ~7; 90 s->rregs[ESP_RSTAT] |= phase; 91 92 trace_esp_set_phase(esp_phase_names[phase]); 93 } 94 95 static uint8_t esp_get_phase(ESPState *s) 96 { 97 return s->rregs[ESP_RSTAT] & 7; 98 } 99 100 void esp_dma_enable(ESPState *s, int irq, int level) 101 { 102 if (level) { 103 s->dma_enabled = 1; 104 trace_esp_dma_enable(); 105 if (s->dma_cb) { 106 s->dma_cb(s); 107 s->dma_cb = NULL; 108 } 109 } else { 110 trace_esp_dma_disable(); 111 s->dma_enabled = 0; 112 } 113 } 114 115 void esp_request_cancelled(SCSIRequest *req) 116 { 117 ESPState *s = req->hba_private; 118 119 if (req == s->current_req) { 120 scsi_req_unref(s->current_req); 121 s->current_req = NULL; 122 s->current_dev = NULL; 123 s->async_len = 0; 124 } 125 } 126 127 static void esp_update_drq(ESPState *s) 128 { 129 bool to_device; 130 131 switch (esp_get_phase(s)) { 132 case STAT_MO: 133 case STAT_CD: 134 case STAT_DO: 135 to_device = true; 136 break; 137 138 case STAT_DI: 139 case STAT_ST: 140 case STAT_MI: 141 to_device = false; 142 break; 143 144 default: 145 return; 146 } 147 148 if (s->dma) { 149 /* DMA request so update DRQ according to transfer direction */ 150 if (to_device) { 151 if (fifo8_num_free(&s->fifo) < 2) { 152 esp_lower_drq(s); 153 } else { 154 esp_raise_drq(s); 155 } 156 } else { 157 if (fifo8_num_used(&s->fifo) < 2) { 158 esp_lower_drq(s); 159 } else { 160 esp_raise_drq(s); 161 } 162 } 163 } else { 164 /* Not a DMA request */ 165 esp_lower_drq(s); 166 } 167 } 168 169 static void esp_fifo_push(ESPState *s, uint8_t val) 170 { 171 if (fifo8_num_used(&s->fifo) == s->fifo.capacity) { 172 trace_esp_error_fifo_overrun(); 173 } else { 174 fifo8_push(&s->fifo, val); 175 } 176 177 esp_update_drq(s); 178 } 179 180 static void esp_fifo_push_buf(ESPState *s, uint8_t *buf, int len) 181 { 182 fifo8_push_all(&s->fifo, buf, len); 183 esp_update_drq(s); 184 } 185 186 static uint8_t esp_fifo_pop(ESPState *s) 187 { 188 uint8_t val; 189 190 if (fifo8_is_empty(&s->fifo)) { 191 val = 0; 192 } else { 193 val = fifo8_pop(&s->fifo); 194 } 195 196 esp_update_drq(s); 197 return val; 198 } 199 200 static uint32_t esp_fifo_pop_buf(ESPState *s, uint8_t *dest, int maxlen) 201 { 202 uint32_t len = fifo8_pop_buf(&s->fifo, dest, maxlen); 203 204 esp_update_drq(s); 205 return len; 206 } 207 208 static uint32_t esp_get_tc(ESPState *s) 209 { 210 uint32_t dmalen; 211 212 dmalen = s->rregs[ESP_TCLO]; 213 dmalen |= s->rregs[ESP_TCMID] << 8; 214 dmalen |= s->rregs[ESP_TCHI] << 16; 215 216 return dmalen; 217 } 218 219 static void esp_set_tc(ESPState *s, uint32_t dmalen) 220 { 221 uint32_t old_tc = esp_get_tc(s); 222 223 s->rregs[ESP_TCLO] = dmalen; 224 s->rregs[ESP_TCMID] = dmalen >> 8; 225 s->rregs[ESP_TCHI] = dmalen >> 16; 226 227 if (old_tc && dmalen == 0) { 228 s->rregs[ESP_RSTAT] |= STAT_TC; 229 } 230 } 231 232 static uint32_t esp_get_stc(ESPState *s) 233 { 234 uint32_t dmalen; 235 236 dmalen = s->wregs[ESP_TCLO]; 237 dmalen |= s->wregs[ESP_TCMID] << 8; 238 dmalen |= s->wregs[ESP_TCHI] << 16; 239 240 return dmalen; 241 } 242 243 static uint8_t esp_pdma_read(ESPState *s) 244 { 245 return esp_fifo_pop(s); 246 } 247 248 static void esp_pdma_write(ESPState *s, uint8_t val) 249 { 250 uint32_t dmalen = esp_get_tc(s); 251 252 esp_fifo_push(s, val); 253 254 if (dmalen && s->drq_state) { 255 dmalen--; 256 esp_set_tc(s, dmalen); 257 } 258 } 259 260 static int esp_select(ESPState *s) 261 { 262 int target; 263 264 target = s->wregs[ESP_WBUSID] & BUSID_DID; 265 266 s->ti_size = 0; 267 s->rregs[ESP_RSEQ] = SEQ_0; 268 269 if (s->current_req) { 270 /* Started a new command before the old one finished. Cancel it. */ 271 scsi_req_cancel(s->current_req); 272 } 273 274 s->current_dev = scsi_device_find(&s->bus, 0, target, 0); 275 if (!s->current_dev) { 276 /* No such drive */ 277 s->rregs[ESP_RSTAT] = 0; 278 s->asc_mode = ESP_ASC_MODE_DIS; 279 s->rregs[ESP_RINTR] = INTR_DC; 280 esp_raise_irq(s); 281 return -1; 282 } 283 284 /* 285 * Note that we deliberately don't raise the IRQ here: this will be done 286 * either in esp_transfer_data() or esp_command_complete() 287 */ 288 s->asc_mode = ESP_ASC_MODE_INI; 289 return 0; 290 } 291 292 static void esp_do_dma(ESPState *s); 293 static void esp_do_nodma(ESPState *s); 294 295 static void do_command_phase(ESPState *s) 296 { 297 uint32_t cmdlen; 298 int32_t datalen; 299 SCSIDevice *current_lun; 300 uint8_t buf[ESP_CMDFIFO_SZ]; 301 302 trace_esp_do_command_phase(s->lun); 303 cmdlen = fifo8_num_used(&s->cmdfifo); 304 if (!cmdlen || !s->current_dev) { 305 return; 306 } 307 fifo8_pop_buf(&s->cmdfifo, buf, cmdlen); 308 309 current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, s->lun); 310 if (!current_lun) { 311 /* No such drive */ 312 s->rregs[ESP_RSTAT] = 0; 313 s->asc_mode = ESP_ASC_MODE_DIS; 314 s->rregs[ESP_RINTR] = INTR_DC; 315 s->rregs[ESP_RSEQ] = SEQ_0; 316 esp_raise_irq(s); 317 return; 318 } 319 320 s->current_req = scsi_req_new(current_lun, 0, s->lun, buf, cmdlen, s); 321 datalen = scsi_req_enqueue(s->current_req); 322 s->ti_size = datalen; 323 fifo8_reset(&s->cmdfifo); 324 s->data_ready = false; 325 if (datalen != 0) { 326 /* 327 * Switch to DATA phase but wait until initial data xfer is 328 * complete before raising the command completion interrupt 329 */ 330 if (datalen > 0) { 331 esp_set_phase(s, STAT_DI); 332 } else { 333 esp_set_phase(s, STAT_DO); 334 } 335 scsi_req_continue(s->current_req); 336 return; 337 } 338 } 339 340 static void do_message_phase(ESPState *s) 341 { 342 if (s->cmdfifo_cdb_offset) { 343 uint8_t message = fifo8_is_empty(&s->cmdfifo) ? 0 : 344 fifo8_pop(&s->cmdfifo); 345 346 trace_esp_do_identify(message); 347 s->lun = message & 7; 348 s->cmdfifo_cdb_offset--; 349 } 350 351 /* Ignore extended messages for now */ 352 if (s->cmdfifo_cdb_offset) { 353 int len = MIN(s->cmdfifo_cdb_offset, fifo8_num_used(&s->cmdfifo)); 354 fifo8_drop(&s->cmdfifo, len); 355 s->cmdfifo_cdb_offset = 0; 356 } 357 } 358 359 static void do_cmd(ESPState *s) 360 { 361 do_message_phase(s); 362 assert(s->cmdfifo_cdb_offset == 0); 363 do_command_phase(s); 364 } 365 366 static void handle_satn(ESPState *s) 367 { 368 if (s->dma && !s->dma_enabled) { 369 s->dma_cb = handle_satn; 370 return; 371 } 372 373 if (esp_select(s) < 0) { 374 return; 375 } 376 377 esp_set_phase(s, STAT_MO); 378 379 if (s->dma) { 380 esp_do_dma(s); 381 } else { 382 esp_do_nodma(s); 383 } 384 } 385 386 static void handle_s_without_atn(ESPState *s) 387 { 388 if (s->dma && !s->dma_enabled) { 389 s->dma_cb = handle_s_without_atn; 390 return; 391 } 392 393 if (esp_select(s) < 0) { 394 return; 395 } 396 397 esp_set_phase(s, STAT_CD); 398 s->cmdfifo_cdb_offset = 0; 399 400 if (s->dma) { 401 esp_do_dma(s); 402 } else { 403 esp_do_nodma(s); 404 } 405 } 406 407 static void handle_satn_stop(ESPState *s) 408 { 409 if (s->dma && !s->dma_enabled) { 410 s->dma_cb = handle_satn_stop; 411 return; 412 } 413 414 if (esp_select(s) < 0) { 415 return; 416 } 417 418 esp_set_phase(s, STAT_MO); 419 s->cmdfifo_cdb_offset = 0; 420 421 if (s->dma) { 422 esp_do_dma(s); 423 } else { 424 esp_do_nodma(s); 425 } 426 } 427 428 static void handle_pad(ESPState *s) 429 { 430 if (s->dma) { 431 esp_do_dma(s); 432 } else { 433 esp_do_nodma(s); 434 } 435 } 436 437 static void write_response(ESPState *s) 438 { 439 trace_esp_write_response(s->status); 440 441 if (s->dma) { 442 esp_do_dma(s); 443 } else { 444 esp_do_nodma(s); 445 } 446 } 447 448 static bool esp_cdb_ready(ESPState *s) 449 { 450 int len = fifo8_num_used(&s->cmdfifo) - s->cmdfifo_cdb_offset; 451 const uint8_t *pbuf; 452 uint32_t n; 453 int cdblen; 454 455 if (len <= 0) { 456 return false; 457 } 458 459 pbuf = fifo8_peek_bufptr(&s->cmdfifo, len, &n); 460 if (n < len) { 461 /* 462 * In normal use the cmdfifo should never wrap, but include this check 463 * to prevent a malicious guest from reading past the end of the 464 * cmdfifo data buffer below 465 */ 466 return false; 467 } 468 469 cdblen = scsi_cdb_length((uint8_t *)&pbuf[s->cmdfifo_cdb_offset]); 470 471 return cdblen < 0 ? false : (len >= cdblen); 472 } 473 474 static void esp_dma_ti_check(ESPState *s) 475 { 476 if (esp_get_tc(s) == 0 && fifo8_num_used(&s->fifo) < 2) { 477 s->rregs[ESP_RINTR] |= INTR_BS; 478 esp_raise_irq(s); 479 } 480 } 481 482 static void esp_do_dma(ESPState *s) 483 { 484 uint32_t len, cmdlen; 485 uint8_t buf[ESP_CMDFIFO_SZ]; 486 487 len = esp_get_tc(s); 488 489 switch (esp_get_phase(s)) { 490 case STAT_MO: 491 if (s->dma_memory_read) { 492 len = MIN(len, fifo8_num_free(&s->cmdfifo)); 493 if (len) { 494 s->dma_memory_read(s->dma_opaque, buf, len); 495 esp_set_tc(s, esp_get_tc(s) - len); 496 } 497 } else { 498 len = esp_fifo_pop_buf(s, buf, fifo8_num_used(&s->fifo)); 499 len = MIN(fifo8_num_free(&s->cmdfifo), len); 500 } 501 502 fifo8_push_all(&s->cmdfifo, buf, len); 503 s->cmdfifo_cdb_offset += len; 504 505 switch (s->rregs[ESP_CMD]) { 506 case CMD_SELATN | CMD_DMA: 507 if (fifo8_num_used(&s->cmdfifo) >= 1) { 508 /* First byte received, switch to command phase */ 509 esp_set_phase(s, STAT_CD); 510 s->rregs[ESP_RSEQ] = SEQ_CD; 511 s->cmdfifo_cdb_offset = 1; 512 513 if (fifo8_num_used(&s->cmdfifo) > 1) { 514 /* Process any additional command phase data */ 515 esp_do_dma(s); 516 } 517 } 518 break; 519 520 case CMD_SELATNS | CMD_DMA: 521 if (fifo8_num_used(&s->cmdfifo) == 1) { 522 /* First byte received, stop in message out phase */ 523 s->rregs[ESP_RSEQ] = SEQ_MO; 524 s->cmdfifo_cdb_offset = 1; 525 526 /* Raise command completion interrupt */ 527 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC; 528 esp_raise_irq(s); 529 } 530 break; 531 532 case CMD_TI | CMD_DMA: 533 /* ATN remains asserted until TC == 0 */ 534 if (esp_get_tc(s) == 0) { 535 esp_set_phase(s, STAT_CD); 536 s->rregs[ESP_CMD] = 0; 537 s->rregs[ESP_RINTR] |= INTR_BS; 538 esp_raise_irq(s); 539 } 540 break; 541 } 542 break; 543 544 case STAT_CD: 545 cmdlen = fifo8_num_used(&s->cmdfifo); 546 trace_esp_do_dma(cmdlen, len); 547 if (s->dma_memory_read) { 548 len = MIN(len, fifo8_num_free(&s->cmdfifo)); 549 if (len) { 550 s->dma_memory_read(s->dma_opaque, buf, len); 551 fifo8_push_all(&s->cmdfifo, buf, len); 552 esp_set_tc(s, esp_get_tc(s) - len); 553 } 554 } else { 555 len = esp_fifo_pop_buf(s, buf, fifo8_num_used(&s->fifo)); 556 len = MIN(fifo8_num_free(&s->cmdfifo), len); 557 fifo8_push_all(&s->cmdfifo, buf, len); 558 } 559 trace_esp_handle_ti_cmd(cmdlen); 560 s->ti_size = 0; 561 if (esp_get_tc(s) == 0) { 562 /* Command has been received */ 563 do_cmd(s); 564 } 565 break; 566 567 case STAT_DO: 568 if (!s->current_req) { 569 return; 570 } 571 if (s->async_len == 0 && esp_get_tc(s)) { 572 /* Defer until data is available. */ 573 return; 574 } 575 if (len > s->async_len) { 576 len = s->async_len; 577 } 578 579 switch (s->rregs[ESP_CMD]) { 580 case CMD_TI | CMD_DMA: 581 if (s->dma_memory_read) { 582 if (len) { 583 s->dma_memory_read(s->dma_opaque, s->async_buf, len); 584 esp_set_tc(s, esp_get_tc(s) - len); 585 } 586 } else { 587 /* Copy FIFO data to device */ 588 len = MIN(s->async_len, ESP_FIFO_SZ); 589 len = MIN(len, fifo8_num_used(&s->fifo)); 590 len = esp_fifo_pop_buf(s, s->async_buf, len); 591 } 592 593 s->async_buf += len; 594 s->async_len -= len; 595 s->ti_size += len; 596 break; 597 598 case CMD_PAD | CMD_DMA: 599 /* Copy TC zero bytes into the incoming stream */ 600 if (!s->dma_memory_read) { 601 len = MIN(s->async_len, ESP_FIFO_SZ); 602 len = MIN(len, fifo8_num_free(&s->fifo)); 603 } 604 605 memset(s->async_buf, 0, len); 606 607 s->async_buf += len; 608 s->async_len -= len; 609 s->ti_size += len; 610 break; 611 } 612 613 if (s->async_len == 0 && fifo8_num_used(&s->fifo) < 2) { 614 /* Defer until the scsi layer has completed */ 615 scsi_req_continue(s->current_req); 616 return; 617 } 618 619 esp_dma_ti_check(s); 620 break; 621 622 case STAT_DI: 623 if (!s->current_req) { 624 return; 625 } 626 if (s->async_len == 0 && esp_get_tc(s)) { 627 /* Defer until data is available. */ 628 return; 629 } 630 if (len > s->async_len) { 631 len = s->async_len; 632 } 633 634 switch (s->rregs[ESP_CMD]) { 635 case CMD_TI | CMD_DMA: 636 if (s->dma_memory_write) { 637 if (len) { 638 s->dma_memory_write(s->dma_opaque, s->async_buf, len); 639 } 640 } else { 641 /* Copy device data to FIFO */ 642 len = MIN(len, fifo8_num_free(&s->fifo)); 643 esp_fifo_push_buf(s, s->async_buf, len); 644 } 645 646 s->async_buf += len; 647 s->async_len -= len; 648 s->ti_size -= len; 649 esp_set_tc(s, esp_get_tc(s) - len); 650 break; 651 652 case CMD_PAD | CMD_DMA: 653 /* Drop TC bytes from the incoming stream */ 654 if (!s->dma_memory_write) { 655 len = MIN(len, fifo8_num_free(&s->fifo)); 656 } 657 658 s->async_buf += len; 659 s->async_len -= len; 660 s->ti_size -= len; 661 esp_set_tc(s, esp_get_tc(s) - len); 662 break; 663 } 664 665 if (s->async_len == 0 && s->ti_size == 0 && esp_get_tc(s)) { 666 /* If the guest underflows TC then terminate SCSI request */ 667 scsi_req_continue(s->current_req); 668 return; 669 } 670 671 if (s->async_len == 0 && fifo8_num_used(&s->fifo) < 2) { 672 /* Defer until the scsi layer has completed */ 673 scsi_req_continue(s->current_req); 674 return; 675 } 676 677 esp_dma_ti_check(s); 678 break; 679 680 case STAT_ST: 681 switch (s->rregs[ESP_CMD]) { 682 case CMD_ICCS | CMD_DMA: 683 len = MIN(len, 1); 684 685 if (len) { 686 buf[0] = s->status; 687 688 if (s->dma_memory_write) { 689 /* Length already non-zero */ 690 s->dma_memory_write(s->dma_opaque, buf, len); 691 } else { 692 esp_fifo_push_buf(s, buf, len); 693 } 694 695 esp_set_tc(s, esp_get_tc(s) - len); 696 esp_set_phase(s, STAT_MI); 697 698 if (esp_get_tc(s) > 0) { 699 /* Process any message in phase data */ 700 esp_do_dma(s); 701 } 702 } 703 break; 704 705 default: 706 /* Consume remaining data if the guest underflows TC */ 707 if (fifo8_num_used(&s->fifo) < 2) { 708 s->rregs[ESP_RINTR] |= INTR_BS; 709 esp_raise_irq(s); 710 } 711 break; 712 } 713 break; 714 715 case STAT_MI: 716 switch (s->rregs[ESP_CMD]) { 717 case CMD_ICCS | CMD_DMA: 718 len = MIN(len, 1); 719 720 if (len) { 721 buf[0] = 0; 722 723 if (s->dma_memory_write) { 724 /* Length already non-zero */ 725 s->dma_memory_write(s->dma_opaque, buf, len); 726 } else { 727 esp_fifo_push_buf(s, buf, len); 728 } 729 730 esp_set_tc(s, esp_get_tc(s) - len); 731 732 /* Raise end of command interrupt */ 733 s->rregs[ESP_RINTR] |= INTR_FC; 734 esp_raise_irq(s); 735 } 736 break; 737 } 738 break; 739 } 740 } 741 742 static void esp_nodma_ti_dataout(ESPState *s) 743 { 744 int len; 745 746 if (!s->current_req) { 747 return; 748 } 749 if (s->async_len == 0) { 750 /* Defer until data is available. */ 751 return; 752 } 753 len = MIN(s->async_len, ESP_FIFO_SZ); 754 len = MIN(len, fifo8_num_used(&s->fifo)); 755 esp_fifo_pop_buf(s, s->async_buf, len); 756 s->async_buf += len; 757 s->async_len -= len; 758 s->ti_size += len; 759 760 if (s->async_len == 0) { 761 scsi_req_continue(s->current_req); 762 return; 763 } 764 765 s->rregs[ESP_RINTR] |= INTR_BS; 766 esp_raise_irq(s); 767 } 768 769 static void esp_do_nodma(ESPState *s) 770 { 771 uint8_t buf[ESP_FIFO_SZ]; 772 uint32_t cmdlen; 773 int len; 774 775 switch (esp_get_phase(s)) { 776 case STAT_MO: 777 switch (s->rregs[ESP_CMD]) { 778 case CMD_SELATN: 779 /* Copy FIFO into cmdfifo */ 780 len = esp_fifo_pop_buf(s, buf, fifo8_num_used(&s->fifo)); 781 len = MIN(fifo8_num_free(&s->cmdfifo), len); 782 fifo8_push_all(&s->cmdfifo, buf, len); 783 784 if (fifo8_num_used(&s->cmdfifo) >= 1) { 785 /* First byte received, switch to command phase */ 786 esp_set_phase(s, STAT_CD); 787 s->rregs[ESP_RSEQ] = SEQ_CD; 788 s->cmdfifo_cdb_offset = 1; 789 790 if (fifo8_num_used(&s->cmdfifo) > 1) { 791 /* Process any additional command phase data */ 792 esp_do_nodma(s); 793 } 794 } 795 break; 796 797 case CMD_SELATNS: 798 /* Copy one byte from FIFO into cmdfifo */ 799 len = esp_fifo_pop_buf(s, buf, 800 MIN(fifo8_num_used(&s->fifo), 1)); 801 len = MIN(fifo8_num_free(&s->cmdfifo), len); 802 fifo8_push_all(&s->cmdfifo, buf, len); 803 804 if (fifo8_num_used(&s->cmdfifo) >= 1) { 805 /* First byte received, stop in message out phase */ 806 s->rregs[ESP_RSEQ] = SEQ_MO; 807 s->cmdfifo_cdb_offset = 1; 808 809 /* Raise command completion interrupt */ 810 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC; 811 esp_raise_irq(s); 812 } 813 break; 814 815 case CMD_TI: 816 /* Copy FIFO into cmdfifo */ 817 len = esp_fifo_pop_buf(s, buf, fifo8_num_used(&s->fifo)); 818 len = MIN(fifo8_num_free(&s->cmdfifo), len); 819 fifo8_push_all(&s->cmdfifo, buf, len); 820 821 /* ATN remains asserted until FIFO empty */ 822 s->cmdfifo_cdb_offset = fifo8_num_used(&s->cmdfifo); 823 esp_set_phase(s, STAT_CD); 824 s->rregs[ESP_CMD] = 0; 825 s->rregs[ESP_RINTR] |= INTR_BS; 826 esp_raise_irq(s); 827 break; 828 } 829 break; 830 831 case STAT_CD: 832 switch (s->rregs[ESP_CMD]) { 833 case CMD_TI: 834 /* Copy FIFO into cmdfifo */ 835 len = esp_fifo_pop_buf(s, buf, fifo8_num_used(&s->fifo)); 836 len = MIN(fifo8_num_free(&s->cmdfifo), len); 837 fifo8_push_all(&s->cmdfifo, buf, len); 838 839 cmdlen = fifo8_num_used(&s->cmdfifo); 840 trace_esp_handle_ti_cmd(cmdlen); 841 842 /* CDB may be transferred in one or more TI commands */ 843 if (esp_cdb_ready(s)) { 844 /* Command has been received */ 845 do_cmd(s); 846 } else { 847 /* 848 * If data was transferred from the FIFO then raise bus 849 * service interrupt to indicate transfer complete. Otherwise 850 * defer until the next FIFO write. 851 */ 852 if (len) { 853 /* Raise interrupt to indicate transfer complete */ 854 s->rregs[ESP_RINTR] |= INTR_BS; 855 esp_raise_irq(s); 856 } 857 } 858 break; 859 860 case CMD_SEL | CMD_DMA: 861 case CMD_SELATN | CMD_DMA: 862 /* Copy FIFO into cmdfifo */ 863 len = esp_fifo_pop_buf(s, buf, fifo8_num_used(&s->fifo)); 864 len = MIN(fifo8_num_free(&s->cmdfifo), len); 865 fifo8_push_all(&s->cmdfifo, buf, len); 866 867 /* Handle when DMA transfer is terminated by non-DMA FIFO write */ 868 if (esp_cdb_ready(s)) { 869 /* Command has been received */ 870 do_cmd(s); 871 } 872 break; 873 874 case CMD_SEL: 875 case CMD_SELATN: 876 /* FIFO already contain entire CDB: copy to cmdfifo and execute */ 877 len = esp_fifo_pop_buf(s, buf, fifo8_num_used(&s->fifo)); 878 len = MIN(fifo8_num_free(&s->cmdfifo), len); 879 fifo8_push_all(&s->cmdfifo, buf, len); 880 881 do_cmd(s); 882 break; 883 } 884 break; 885 886 case STAT_DO: 887 /* Accumulate data in FIFO until non-DMA TI is executed */ 888 break; 889 890 case STAT_DI: 891 if (!s->current_req) { 892 return; 893 } 894 if (s->async_len == 0) { 895 /* Defer until data is available. */ 896 return; 897 } 898 if (fifo8_is_empty(&s->fifo)) { 899 esp_fifo_push(s, s->async_buf[0]); 900 s->async_buf++; 901 s->async_len--; 902 s->ti_size--; 903 } 904 905 if (s->async_len == 0) { 906 scsi_req_continue(s->current_req); 907 return; 908 } 909 910 /* If preloading the FIFO, defer until TI command issued */ 911 if (s->rregs[ESP_CMD] != CMD_TI) { 912 return; 913 } 914 915 s->rregs[ESP_RINTR] |= INTR_BS; 916 esp_raise_irq(s); 917 break; 918 919 case STAT_ST: 920 switch (s->rregs[ESP_CMD]) { 921 case CMD_ICCS: 922 esp_fifo_push(s, s->status); 923 esp_set_phase(s, STAT_MI); 924 925 /* Process any message in phase data */ 926 esp_do_nodma(s); 927 break; 928 } 929 break; 930 931 case STAT_MI: 932 switch (s->rregs[ESP_CMD]) { 933 case CMD_ICCS: 934 esp_fifo_push(s, 0); 935 936 /* Raise end of command interrupt */ 937 s->rregs[ESP_RINTR] |= INTR_FC; 938 esp_raise_irq(s); 939 break; 940 } 941 break; 942 } 943 } 944 945 void esp_command_complete(SCSIRequest *req, size_t resid) 946 { 947 ESPState *s = req->hba_private; 948 int to_device = (esp_get_phase(s) == STAT_DO); 949 950 trace_esp_command_complete(); 951 952 /* 953 * Non-DMA transfers from the target will leave the last byte in 954 * the FIFO so don't reset ti_size in this case 955 */ 956 if (s->dma || to_device) { 957 if (s->ti_size != 0) { 958 trace_esp_command_complete_unexpected(); 959 } 960 } 961 962 s->async_len = 0; 963 if (req->status) { 964 trace_esp_command_complete_fail(); 965 } 966 s->status = req->status; 967 968 /* 969 * Switch to status phase. For non-DMA transfers from the target the last 970 * byte is still in the FIFO 971 */ 972 s->ti_size = 0; 973 974 switch (s->rregs[ESP_CMD]) { 975 case CMD_SEL | CMD_DMA: 976 case CMD_SEL: 977 case CMD_SELATN | CMD_DMA: 978 case CMD_SELATN: 979 /* 980 * No data phase for sequencer command so raise deferred bus service 981 * and function complete interrupt 982 */ 983 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC; 984 s->rregs[ESP_RSEQ] = SEQ_CD; 985 break; 986 987 case CMD_TI | CMD_DMA: 988 case CMD_TI: 989 s->rregs[ESP_CMD] = 0; 990 break; 991 } 992 993 /* Raise bus service interrupt to indicate change to STATUS phase */ 994 esp_set_phase(s, STAT_ST); 995 s->rregs[ESP_RINTR] |= INTR_BS; 996 esp_raise_irq(s); 997 998 if (s->current_req) { 999 scsi_req_unref(s->current_req); 1000 s->current_req = NULL; 1001 s->current_dev = NULL; 1002 } 1003 } 1004 1005 void esp_transfer_data(SCSIRequest *req, uint32_t len) 1006 { 1007 ESPState *s = req->hba_private; 1008 uint32_t dmalen = esp_get_tc(s); 1009 1010 trace_esp_transfer_data(dmalen, s->ti_size); 1011 s->async_len = len; 1012 s->async_buf = scsi_req_get_buf(req); 1013 1014 if (!s->data_ready) { 1015 s->data_ready = true; 1016 1017 switch (s->rregs[ESP_CMD]) { 1018 case CMD_SEL | CMD_DMA: 1019 case CMD_SEL: 1020 case CMD_SELATN | CMD_DMA: 1021 case CMD_SELATN: 1022 /* 1023 * Initial incoming data xfer is complete for sequencer command 1024 * so raise deferred bus service and function complete interrupt 1025 */ 1026 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC; 1027 s->rregs[ESP_RSEQ] = SEQ_CD; 1028 esp_raise_irq(s); 1029 break; 1030 1031 case CMD_SELATNS | CMD_DMA: 1032 case CMD_SELATNS: 1033 /* 1034 * Initial incoming data xfer is complete so raise command 1035 * completion interrupt 1036 */ 1037 s->rregs[ESP_RINTR] |= INTR_BS; 1038 s->rregs[ESP_RSEQ] = SEQ_MO; 1039 esp_raise_irq(s); 1040 break; 1041 1042 case CMD_TI | CMD_DMA: 1043 case CMD_TI: 1044 /* 1045 * If the final COMMAND phase data was transferred using a TI 1046 * command, clear ESP_CMD to terminate the TI command and raise 1047 * the completion interrupt 1048 */ 1049 s->rregs[ESP_CMD] = 0; 1050 s->rregs[ESP_RINTR] |= INTR_BS; 1051 esp_raise_irq(s); 1052 break; 1053 } 1054 } 1055 1056 /* 1057 * Always perform the initial transfer upon reception of the next TI 1058 * command to ensure the DMA/non-DMA status of the command is correct. 1059 * It is not possible to use s->dma directly in the section below as 1060 * some OSs send non-DMA NOP commands after a DMA transfer. Hence if the 1061 * async data transfer is delayed then s->dma is set incorrectly. 1062 */ 1063 1064 if (s->rregs[ESP_CMD] == (CMD_TI | CMD_DMA)) { 1065 /* When the SCSI layer returns more data, raise deferred INTR_BS */ 1066 esp_dma_ti_check(s); 1067 1068 esp_do_dma(s); 1069 } else if (s->rregs[ESP_CMD] == CMD_TI) { 1070 esp_do_nodma(s); 1071 } 1072 } 1073 1074 static void handle_ti(ESPState *s) 1075 { 1076 uint32_t dmalen; 1077 1078 if (s->dma && !s->dma_enabled) { 1079 s->dma_cb = handle_ti; 1080 return; 1081 } 1082 1083 if (s->dma) { 1084 dmalen = esp_get_tc(s); 1085 trace_esp_handle_ti(dmalen); 1086 esp_do_dma(s); 1087 } else { 1088 trace_esp_handle_ti(s->ti_size); 1089 esp_do_nodma(s); 1090 1091 if (esp_get_phase(s) == STAT_DO) { 1092 esp_nodma_ti_dataout(s); 1093 } 1094 } 1095 } 1096 1097 void esp_hard_reset(ESPState *s) 1098 { 1099 memset(s->rregs, 0, ESP_REGS); 1100 memset(s->wregs, 0, ESP_REGS); 1101 s->tchi_written = 0; 1102 s->ti_size = 0; 1103 s->async_len = 0; 1104 fifo8_reset(&s->fifo); 1105 fifo8_reset(&s->cmdfifo); 1106 s->dma = 0; 1107 s->dma_cb = NULL; 1108 s->asc_mode = ESP_ASC_MODE_DIS; 1109 1110 s->rregs[ESP_CFG1] = 7; 1111 } 1112 1113 static void esp_soft_reset(ESPState *s) 1114 { 1115 qemu_irq_lower(s->irq); 1116 qemu_irq_lower(s->drq_irq); 1117 esp_hard_reset(s); 1118 } 1119 1120 static void esp_bus_reset(ESPState *s) 1121 { 1122 bus_cold_reset(BUS(&s->bus)); 1123 } 1124 1125 static void parent_esp_reset(ESPState *s, int irq, int level) 1126 { 1127 if (level) { 1128 esp_soft_reset(s); 1129 } 1130 } 1131 1132 static void esp_run_cmd(ESPState *s) 1133 { 1134 uint8_t cmd = s->rregs[ESP_CMD]; 1135 1136 if (cmd & CMD_DMA) { 1137 s->dma = 1; 1138 /* Reload DMA counter. */ 1139 if (esp_get_stc(s) == 0) { 1140 esp_set_tc(s, 0x10000); 1141 } else { 1142 esp_set_tc(s, esp_get_stc(s)); 1143 } 1144 } else { 1145 s->dma = 0; 1146 } 1147 switch (cmd & CMD_CMD) { 1148 case CMD_NOP: 1149 trace_esp_mem_writeb_cmd_nop(cmd); 1150 break; 1151 case CMD_FLUSH: 1152 trace_esp_mem_writeb_cmd_flush(cmd); 1153 fifo8_reset(&s->fifo); 1154 break; 1155 case CMD_RESET: 1156 trace_esp_mem_writeb_cmd_reset(cmd); 1157 esp_soft_reset(s); 1158 break; 1159 case CMD_BUSRESET: 1160 trace_esp_mem_writeb_cmd_bus_reset(cmd); 1161 esp_bus_reset(s); 1162 if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) { 1163 s->rregs[ESP_RINTR] |= INTR_RST; 1164 esp_raise_irq(s); 1165 } 1166 break; 1167 case CMD_TI: 1168 trace_esp_mem_writeb_cmd_ti(cmd); 1169 handle_ti(s); 1170 break; 1171 case CMD_ICCS: 1172 trace_esp_mem_writeb_cmd_iccs(cmd); 1173 write_response(s); 1174 break; 1175 case CMD_MSGACC: 1176 trace_esp_mem_writeb_cmd_msgacc(cmd); 1177 s->asc_mode = ESP_ASC_MODE_DIS; 1178 s->rregs[ESP_RINTR] |= INTR_DC; 1179 s->rregs[ESP_RSEQ] = 0; 1180 s->rregs[ESP_RFLAGS] = 0; 1181 esp_raise_irq(s); 1182 break; 1183 case CMD_PAD: 1184 trace_esp_mem_writeb_cmd_pad(cmd); 1185 handle_pad(s); 1186 break; 1187 case CMD_SATN: 1188 trace_esp_mem_writeb_cmd_satn(cmd); 1189 break; 1190 case CMD_RSTATN: 1191 trace_esp_mem_writeb_cmd_rstatn(cmd); 1192 break; 1193 case CMD_SEL: 1194 trace_esp_mem_writeb_cmd_sel(cmd); 1195 handle_s_without_atn(s); 1196 break; 1197 case CMD_SELATN: 1198 trace_esp_mem_writeb_cmd_selatn(cmd); 1199 handle_satn(s); 1200 break; 1201 case CMD_SELATNS: 1202 trace_esp_mem_writeb_cmd_selatns(cmd); 1203 handle_satn_stop(s); 1204 break; 1205 case CMD_ENSEL: 1206 trace_esp_mem_writeb_cmd_ensel(cmd); 1207 s->rregs[ESP_RINTR] = 0; 1208 break; 1209 case CMD_DISSEL: 1210 trace_esp_mem_writeb_cmd_dissel(cmd); 1211 s->rregs[ESP_RINTR] = 0; 1212 esp_raise_irq(s); 1213 break; 1214 default: 1215 trace_esp_error_unhandled_command(cmd); 1216 break; 1217 } 1218 } 1219 1220 uint64_t esp_reg_read(ESPState *s, uint32_t saddr) 1221 { 1222 uint32_t val; 1223 1224 switch (saddr) { 1225 case ESP_FIFO: 1226 s->rregs[ESP_FIFO] = esp_fifo_pop(s); 1227 val = s->rregs[ESP_FIFO]; 1228 break; 1229 case ESP_RINTR: 1230 /* 1231 * Clear sequence step, interrupt register and all status bits 1232 * except TC 1233 */ 1234 val = s->rregs[ESP_RINTR]; 1235 s->rregs[ESP_RINTR] = 0; 1236 esp_lower_irq(s); 1237 s->rregs[ESP_RSTAT] &= STAT_TC | 7; 1238 /* 1239 * According to the datasheet ESP_RSEQ should be cleared, but as the 1240 * emulation currently defers information transfers to the next TI 1241 * command leave it for now so that pedantic guests such as the old 1242 * Linux 2.6 driver see the correct flags before the next SCSI phase 1243 * transition. 1244 * 1245 * s->rregs[ESP_RSEQ] = SEQ_0; 1246 */ 1247 break; 1248 case ESP_TCHI: 1249 /* Return the unique id if the value has never been written */ 1250 if (!s->tchi_written) { 1251 val = s->chip_id; 1252 } else { 1253 val = s->rregs[saddr]; 1254 } 1255 break; 1256 case ESP_RFLAGS: 1257 /* Bottom 5 bits indicate number of bytes in FIFO */ 1258 val = fifo8_num_used(&s->fifo); 1259 break; 1260 default: 1261 val = s->rregs[saddr]; 1262 break; 1263 } 1264 1265 trace_esp_mem_readb(saddr, val); 1266 return val; 1267 } 1268 1269 void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) 1270 { 1271 trace_esp_mem_writeb(saddr, s->wregs[saddr], val); 1272 switch (saddr) { 1273 case ESP_TCHI: 1274 s->tchi_written = true; 1275 /* fall through */ 1276 case ESP_TCLO: 1277 case ESP_TCMID: 1278 s->rregs[ESP_RSTAT] &= ~STAT_TC; 1279 break; 1280 case ESP_FIFO: 1281 if (!fifo8_is_full(&s->fifo)) { 1282 esp_fifo_push(s, val); 1283 } 1284 esp_do_nodma(s); 1285 break; 1286 case ESP_CMD: 1287 s->rregs[saddr] = val; 1288 esp_run_cmd(s); 1289 break; 1290 case ESP_WBUSID ... ESP_WSYNO: 1291 break; 1292 case ESP_CFG1: 1293 case ESP_CFG2: case ESP_CFG3: 1294 case ESP_RES3: case ESP_RES4: 1295 s->rregs[saddr] = val; 1296 break; 1297 case ESP_WCCF ... ESP_WTEST: 1298 break; 1299 default: 1300 trace_esp_error_invalid_write(val, saddr); 1301 return; 1302 } 1303 s->wregs[saddr] = val; 1304 } 1305 1306 static bool esp_mem_accepts(void *opaque, hwaddr addr, 1307 unsigned size, bool is_write, 1308 MemTxAttrs attrs) 1309 { 1310 return (size == 1) || (is_write && size == 4); 1311 } 1312 1313 static bool esp_is_before_version_5(void *opaque, int version_id) 1314 { 1315 ESPState *s = ESP(opaque); 1316 1317 version_id = MIN(version_id, s->mig_version_id); 1318 return version_id < 5; 1319 } 1320 1321 static bool esp_is_version_5(void *opaque, int version_id) 1322 { 1323 ESPState *s = ESP(opaque); 1324 1325 version_id = MIN(version_id, s->mig_version_id); 1326 return version_id >= 5; 1327 } 1328 1329 static bool esp_is_version_6(void *opaque, int version_id) 1330 { 1331 ESPState *s = ESP(opaque); 1332 1333 version_id = MIN(version_id, s->mig_version_id); 1334 return version_id >= 6; 1335 } 1336 1337 static bool esp_is_between_version_5_and_6(void *opaque, int version_id) 1338 { 1339 ESPState *s = ESP(opaque); 1340 1341 version_id = MIN(version_id, s->mig_version_id); 1342 return version_id >= 5 && version_id <= 6; 1343 } 1344 1345 static bool esp_is_version_8(void *opaque, int version_id) 1346 { 1347 ESPState *s = ESP(opaque); 1348 1349 version_id = MIN(version_id, s->mig_version_id); 1350 return version_id >= 8; 1351 } 1352 1353 int esp_pre_save(void *opaque) 1354 { 1355 ESPState *s = ESP(object_resolve_path_component( 1356 OBJECT(opaque), "esp")); 1357 1358 s->mig_version_id = vmstate_esp.version_id; 1359 return 0; 1360 } 1361 1362 static int esp_post_load(void *opaque, int version_id) 1363 { 1364 ESPState *s = ESP(opaque); 1365 int len, i; 1366 1367 version_id = MIN(version_id, s->mig_version_id); 1368 1369 if (version_id < 5) { 1370 esp_set_tc(s, s->mig_dma_left); 1371 1372 /* Migrate ti_buf to fifo */ 1373 len = s->mig_ti_wptr - s->mig_ti_rptr; 1374 for (i = 0; i < len; i++) { 1375 fifo8_push(&s->fifo, s->mig_ti_buf[i]); 1376 } 1377 1378 /* Migrate cmdbuf to cmdfifo */ 1379 for (i = 0; i < s->mig_cmdlen; i++) { 1380 fifo8_push(&s->cmdfifo, s->mig_cmdbuf[i]); 1381 } 1382 } 1383 1384 if (version_id < 8) { 1385 /* Assume initiator mode to allow all commands to continue */ 1386 s->asc_mode = ESP_ASC_MODE_INI; 1387 } 1388 1389 s->mig_version_id = vmstate_esp.version_id; 1390 return 0; 1391 } 1392 1393 const VMStateDescription vmstate_esp = { 1394 .name = "esp", 1395 .version_id = 8, 1396 .minimum_version_id = 3, 1397 .post_load = esp_post_load, 1398 .fields = (const VMStateField[]) { 1399 VMSTATE_BUFFER(rregs, ESPState), 1400 VMSTATE_BUFFER(wregs, ESPState), 1401 VMSTATE_INT32(ti_size, ESPState), 1402 VMSTATE_UINT32_TEST(mig_ti_rptr, ESPState, esp_is_before_version_5), 1403 VMSTATE_UINT32_TEST(mig_ti_wptr, ESPState, esp_is_before_version_5), 1404 VMSTATE_BUFFER_TEST(mig_ti_buf, ESPState, esp_is_before_version_5), 1405 VMSTATE_UINT32(status, ESPState), 1406 VMSTATE_UINT32_TEST(mig_deferred_status, ESPState, 1407 esp_is_before_version_5), 1408 VMSTATE_BOOL_TEST(mig_deferred_complete, ESPState, 1409 esp_is_before_version_5), 1410 VMSTATE_UINT32(dma, ESPState), 1411 VMSTATE_STATIC_BUFFER(mig_cmdbuf, ESPState, 0, 1412 esp_is_before_version_5, 0, 16), 1413 VMSTATE_STATIC_BUFFER(mig_cmdbuf, ESPState, 4, 1414 esp_is_before_version_5, 16, 1415 sizeof(typeof_field(ESPState, mig_cmdbuf))), 1416 VMSTATE_UINT32_TEST(mig_cmdlen, ESPState, esp_is_before_version_5), 1417 VMSTATE_UINT32(do_cmd, ESPState), 1418 VMSTATE_UINT32_TEST(mig_dma_left, ESPState, esp_is_before_version_5), 1419 VMSTATE_BOOL_TEST(data_ready, ESPState, esp_is_version_5), 1420 VMSTATE_UINT8_TEST(cmdfifo_cdb_offset, ESPState, esp_is_version_5), 1421 VMSTATE_FIFO8_TEST(fifo, ESPState, esp_is_version_5), 1422 VMSTATE_FIFO8_TEST(cmdfifo, ESPState, esp_is_version_5), 1423 VMSTATE_UINT8_TEST(mig_ti_cmd, ESPState, 1424 esp_is_between_version_5_and_6), 1425 VMSTATE_UINT8_TEST(lun, ESPState, esp_is_version_6), 1426 VMSTATE_BOOL(drq_state, ESPState), 1427 VMSTATE_UINT8_TEST(asc_mode, ESPState, esp_is_version_8), 1428 VMSTATE_END_OF_LIST() 1429 }, 1430 }; 1431 1432 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, 1433 uint64_t val, unsigned int size) 1434 { 1435 SysBusESPState *sysbus = opaque; 1436 ESPState *s = ESP(&sysbus->esp); 1437 uint32_t saddr; 1438 1439 saddr = addr >> sysbus->it_shift; 1440 esp_reg_write(s, saddr, val); 1441 } 1442 1443 static uint64_t sysbus_esp_mem_read(void *opaque, hwaddr addr, 1444 unsigned int size) 1445 { 1446 SysBusESPState *sysbus = opaque; 1447 ESPState *s = ESP(&sysbus->esp); 1448 uint32_t saddr; 1449 1450 saddr = addr >> sysbus->it_shift; 1451 return esp_reg_read(s, saddr); 1452 } 1453 1454 static const MemoryRegionOps sysbus_esp_mem_ops = { 1455 .read = sysbus_esp_mem_read, 1456 .write = sysbus_esp_mem_write, 1457 .endianness = DEVICE_NATIVE_ENDIAN, 1458 .valid.accepts = esp_mem_accepts, 1459 }; 1460 1461 static void sysbus_esp_pdma_write(void *opaque, hwaddr addr, 1462 uint64_t val, unsigned int size) 1463 { 1464 SysBusESPState *sysbus = opaque; 1465 ESPState *s = ESP(&sysbus->esp); 1466 1467 trace_esp_pdma_write(size); 1468 1469 switch (size) { 1470 case 1: 1471 esp_pdma_write(s, val); 1472 break; 1473 case 2: 1474 esp_pdma_write(s, val >> 8); 1475 esp_pdma_write(s, val); 1476 break; 1477 } 1478 esp_do_dma(s); 1479 } 1480 1481 static uint64_t sysbus_esp_pdma_read(void *opaque, hwaddr addr, 1482 unsigned int size) 1483 { 1484 SysBusESPState *sysbus = opaque; 1485 ESPState *s = ESP(&sysbus->esp); 1486 uint64_t val = 0; 1487 1488 trace_esp_pdma_read(size); 1489 1490 switch (size) { 1491 case 1: 1492 val = esp_pdma_read(s); 1493 break; 1494 case 2: 1495 val = esp_pdma_read(s); 1496 val = (val << 8) | esp_pdma_read(s); 1497 break; 1498 } 1499 esp_do_dma(s); 1500 return val; 1501 } 1502 1503 static void *esp_load_request(QEMUFile *f, SCSIRequest *req) 1504 { 1505 ESPState *s = container_of(req->bus, ESPState, bus); 1506 1507 scsi_req_ref(req); 1508 s->current_req = req; 1509 return s; 1510 } 1511 1512 static const MemoryRegionOps sysbus_esp_pdma_ops = { 1513 .read = sysbus_esp_pdma_read, 1514 .write = sysbus_esp_pdma_write, 1515 .endianness = DEVICE_NATIVE_ENDIAN, 1516 .valid.min_access_size = 1, 1517 .valid.max_access_size = 4, 1518 .impl.min_access_size = 1, 1519 .impl.max_access_size = 2, 1520 }; 1521 1522 static const struct SCSIBusInfo esp_scsi_info = { 1523 .tcq = false, 1524 .max_target = ESP_MAX_DEVS, 1525 .max_lun = 7, 1526 1527 .load_request = esp_load_request, 1528 .transfer_data = esp_transfer_data, 1529 .complete = esp_command_complete, 1530 .cancel = esp_request_cancelled 1531 }; 1532 1533 static void sysbus_esp_gpio_demux(void *opaque, int irq, int level) 1534 { 1535 SysBusESPState *sysbus = SYSBUS_ESP(opaque); 1536 ESPState *s = ESP(&sysbus->esp); 1537 1538 switch (irq) { 1539 case 0: 1540 parent_esp_reset(s, irq, level); 1541 break; 1542 case 1: 1543 esp_dma_enable(s, irq, level); 1544 break; 1545 } 1546 } 1547 1548 static void sysbus_esp_realize(DeviceState *dev, Error **errp) 1549 { 1550 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1551 SysBusESPState *sysbus = SYSBUS_ESP(dev); 1552 ESPState *s = ESP(&sysbus->esp); 1553 1554 if (!qdev_realize(DEVICE(s), NULL, errp)) { 1555 return; 1556 } 1557 1558 sysbus_init_irq(sbd, &s->irq); 1559 sysbus_init_irq(sbd, &s->drq_irq); 1560 assert(sysbus->it_shift != -1); 1561 1562 s->chip_id = TCHI_FAS100A; 1563 memory_region_init_io(&sysbus->iomem, OBJECT(sysbus), &sysbus_esp_mem_ops, 1564 sysbus, "esp-regs", ESP_REGS << sysbus->it_shift); 1565 sysbus_init_mmio(sbd, &sysbus->iomem); 1566 memory_region_init_io(&sysbus->pdma, OBJECT(sysbus), &sysbus_esp_pdma_ops, 1567 sysbus, "esp-pdma", 4); 1568 sysbus_init_mmio(sbd, &sysbus->pdma); 1569 1570 qdev_init_gpio_in(dev, sysbus_esp_gpio_demux, 2); 1571 1572 scsi_bus_init(&s->bus, sizeof(s->bus), dev, &esp_scsi_info); 1573 } 1574 1575 static void sysbus_esp_hard_reset(DeviceState *dev) 1576 { 1577 SysBusESPState *sysbus = SYSBUS_ESP(dev); 1578 ESPState *s = ESP(&sysbus->esp); 1579 1580 esp_hard_reset(s); 1581 } 1582 1583 static void sysbus_esp_init(Object *obj) 1584 { 1585 SysBusESPState *sysbus = SYSBUS_ESP(obj); 1586 1587 object_initialize_child(obj, "esp", &sysbus->esp, TYPE_ESP); 1588 } 1589 1590 static const VMStateDescription vmstate_sysbus_esp_scsi = { 1591 .name = "sysbusespscsi", 1592 .version_id = 2, 1593 .minimum_version_id = 1, 1594 .pre_save = esp_pre_save, 1595 .fields = (const VMStateField[]) { 1596 VMSTATE_UINT8_V(esp.mig_version_id, SysBusESPState, 2), 1597 VMSTATE_STRUCT(esp, SysBusESPState, 0, vmstate_esp, ESPState), 1598 VMSTATE_END_OF_LIST() 1599 } 1600 }; 1601 1602 static void sysbus_esp_class_init(ObjectClass *klass, const void *data) 1603 { 1604 DeviceClass *dc = DEVICE_CLASS(klass); 1605 1606 dc->realize = sysbus_esp_realize; 1607 device_class_set_legacy_reset(dc, sysbus_esp_hard_reset); 1608 dc->vmsd = &vmstate_sysbus_esp_scsi; 1609 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1610 } 1611 1612 static void esp_finalize(Object *obj) 1613 { 1614 ESPState *s = ESP(obj); 1615 1616 fifo8_destroy(&s->fifo); 1617 fifo8_destroy(&s->cmdfifo); 1618 } 1619 1620 static void esp_init(Object *obj) 1621 { 1622 ESPState *s = ESP(obj); 1623 1624 fifo8_create(&s->fifo, ESP_FIFO_SZ); 1625 fifo8_create(&s->cmdfifo, ESP_CMDFIFO_SZ); 1626 } 1627 1628 static void esp_class_init(ObjectClass *klass, const void *data) 1629 { 1630 DeviceClass *dc = DEVICE_CLASS(klass); 1631 1632 /* internal device for sysbusesp/pciespscsi, not user-creatable */ 1633 dc->user_creatable = false; 1634 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1635 } 1636 1637 static const TypeInfo esp_info_types[] = { 1638 { 1639 .name = TYPE_SYSBUS_ESP, 1640 .parent = TYPE_SYS_BUS_DEVICE, 1641 .instance_init = sysbus_esp_init, 1642 .instance_size = sizeof(SysBusESPState), 1643 .class_init = sysbus_esp_class_init, 1644 }, 1645 { 1646 .name = TYPE_ESP, 1647 .parent = TYPE_DEVICE, 1648 .instance_init = esp_init, 1649 .instance_finalize = esp_finalize, 1650 .instance_size = sizeof(ESPState), 1651 .class_init = esp_class_init, 1652 }, 1653 }; 1654 1655 DEFINE_TYPES(esp_info_types) 1656