xref: /openbmc/qemu/hw/scsi/esp.c (revision c2387413)
1 /*
2  * QEMU ESP/NCR53C9x emulation
3  *
4  * Copyright (c) 2005-2006 Fabrice Bellard
5  * Copyright (c) 2012 Herve Poussineau
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 
26 #include "qemu/osdep.h"
27 #include "hw/sysbus.h"
28 #include "migration/vmstate.h"
29 #include "hw/irq.h"
30 #include "hw/scsi/esp.h"
31 #include "trace.h"
32 #include "qemu/log.h"
33 #include "qemu/module.h"
34 
35 /*
36  * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O),
37  * also produced as NCR89C100. See
38  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
39  * and
40  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
41  *
42  * On Macintosh Quadra it is a NCR53C96.
43  */
44 
45 static void esp_raise_irq(ESPState *s)
46 {
47     if (!(s->rregs[ESP_RSTAT] & STAT_INT)) {
48         s->rregs[ESP_RSTAT] |= STAT_INT;
49         qemu_irq_raise(s->irq);
50         trace_esp_raise_irq();
51     }
52 }
53 
54 static void esp_lower_irq(ESPState *s)
55 {
56     if (s->rregs[ESP_RSTAT] & STAT_INT) {
57         s->rregs[ESP_RSTAT] &= ~STAT_INT;
58         qemu_irq_lower(s->irq);
59         trace_esp_lower_irq();
60     }
61 }
62 
63 static void esp_raise_drq(ESPState *s)
64 {
65     qemu_irq_raise(s->irq_data);
66 }
67 
68 static void esp_lower_drq(ESPState *s)
69 {
70     qemu_irq_lower(s->irq_data);
71 }
72 
73 void esp_dma_enable(ESPState *s, int irq, int level)
74 {
75     if (level) {
76         s->dma_enabled = 1;
77         trace_esp_dma_enable();
78         if (s->dma_cb) {
79             s->dma_cb(s);
80             s->dma_cb = NULL;
81         }
82     } else {
83         trace_esp_dma_disable();
84         s->dma_enabled = 0;
85     }
86 }
87 
88 void esp_request_cancelled(SCSIRequest *req)
89 {
90     ESPState *s = req->hba_private;
91 
92     if (req == s->current_req) {
93         scsi_req_unref(s->current_req);
94         s->current_req = NULL;
95         s->current_dev = NULL;
96     }
97 }
98 
99 static void set_pdma(ESPState *s, enum pdma_origin_id origin,
100                      uint32_t index, uint32_t len)
101 {
102     s->pdma_origin = origin;
103     s->pdma_start = index;
104     s->pdma_cur = index;
105     s->pdma_len = len;
106 }
107 
108 static uint8_t *get_pdma_buf(ESPState *s)
109 {
110     switch (s->pdma_origin) {
111     case PDMA:
112         return s->pdma_buf;
113     case TI:
114         return s->ti_buf;
115     case CMD:
116         return s->cmdbuf;
117     case ASYNC:
118         return s->async_buf;
119     }
120     return NULL;
121 }
122 
123 static int get_cmd_cb(ESPState *s)
124 {
125     int target;
126 
127     target = s->wregs[ESP_WBUSID] & BUSID_DID;
128 
129     s->ti_size = 0;
130     s->ti_rptr = 0;
131     s->ti_wptr = 0;
132 
133     if (s->current_req) {
134         /* Started a new command before the old one finished.  Cancel it.  */
135         scsi_req_cancel(s->current_req);
136         s->async_len = 0;
137     }
138 
139     s->current_dev = scsi_device_find(&s->bus, 0, target, 0);
140     if (!s->current_dev) {
141         /* No such drive */
142         s->rregs[ESP_RSTAT] = 0;
143         s->rregs[ESP_RINTR] = INTR_DC;
144         s->rregs[ESP_RSEQ] = SEQ_0;
145         esp_raise_irq(s);
146         return -1;
147     }
148     return 0;
149 }
150 
151 static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
152 {
153     uint32_t dmalen;
154     int target;
155 
156     target = s->wregs[ESP_WBUSID] & BUSID_DID;
157     if (s->dma) {
158         dmalen = s->rregs[ESP_TCLO];
159         dmalen |= s->rregs[ESP_TCMID] << 8;
160         dmalen |= s->rregs[ESP_TCHI] << 16;
161         if (dmalen > buflen) {
162             return 0;
163         }
164         if (s->dma_memory_read) {
165             s->dma_memory_read(s->dma_opaque, buf, dmalen);
166         } else {
167             memcpy(s->pdma_buf, buf, dmalen);
168             set_pdma(s, PDMA, 0, dmalen);
169             esp_raise_drq(s);
170             return 0;
171         }
172     } else {
173         dmalen = s->ti_size;
174         if (dmalen > TI_BUFSZ) {
175             return 0;
176         }
177         memcpy(buf, s->ti_buf, dmalen);
178         buf[0] = buf[2] >> 5;
179     }
180     trace_esp_get_cmd(dmalen, target);
181 
182     if (get_cmd_cb(s) < 0) {
183         return 0;
184     }
185     return dmalen;
186 }
187 
188 static void do_busid_cmd(ESPState *s, uint8_t *buf, uint8_t busid)
189 {
190     int32_t datalen;
191     int lun;
192     SCSIDevice *current_lun;
193 
194     trace_esp_do_busid_cmd(busid);
195     lun = busid & 7;
196     current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, lun);
197     s->current_req = scsi_req_new(current_lun, 0, lun, buf, s);
198     datalen = scsi_req_enqueue(s->current_req);
199     s->ti_size = datalen;
200     if (datalen != 0) {
201         s->rregs[ESP_RSTAT] = STAT_TC;
202         s->dma_left = 0;
203         s->dma_counter = 0;
204         if (datalen > 0) {
205             s->rregs[ESP_RSTAT] |= STAT_DI;
206         } else {
207             s->rregs[ESP_RSTAT] |= STAT_DO;
208         }
209         scsi_req_continue(s->current_req);
210     }
211     s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
212     s->rregs[ESP_RSEQ] = SEQ_CD;
213     esp_raise_irq(s);
214 }
215 
216 static void do_cmd(ESPState *s, uint8_t *buf)
217 {
218     uint8_t busid = buf[0];
219 
220     do_busid_cmd(s, &buf[1], busid);
221 }
222 
223 static void satn_pdma_cb(ESPState *s)
224 {
225     if (get_cmd_cb(s) < 0) {
226         return;
227     }
228     if (s->pdma_cur != s->pdma_start) {
229         do_cmd(s, get_pdma_buf(s) + s->pdma_start);
230     }
231 }
232 
233 static void handle_satn(ESPState *s)
234 {
235     uint8_t buf[32];
236     int len;
237 
238     if (s->dma && !s->dma_enabled) {
239         s->dma_cb = handle_satn;
240         return;
241     }
242     s->pdma_cb = satn_pdma_cb;
243     len = get_cmd(s, buf, sizeof(buf));
244     if (len)
245         do_cmd(s, buf);
246 }
247 
248 static void s_without_satn_pdma_cb(ESPState *s)
249 {
250     if (get_cmd_cb(s) < 0) {
251         return;
252     }
253     if (s->pdma_cur != s->pdma_start) {
254         do_busid_cmd(s, get_pdma_buf(s) + s->pdma_start, 0);
255     }
256 }
257 
258 static void handle_s_without_atn(ESPState *s)
259 {
260     uint8_t buf[32];
261     int len;
262 
263     if (s->dma && !s->dma_enabled) {
264         s->dma_cb = handle_s_without_atn;
265         return;
266     }
267     s->pdma_cb = s_without_satn_pdma_cb;
268     len = get_cmd(s, buf, sizeof(buf));
269     if (len) {
270         do_busid_cmd(s, buf, 0);
271     }
272 }
273 
274 static void satn_stop_pdma_cb(ESPState *s)
275 {
276     if (get_cmd_cb(s) < 0) {
277         return;
278     }
279     s->cmdlen = s->pdma_cur - s->pdma_start;
280     if (s->cmdlen) {
281         trace_esp_handle_satn_stop(s->cmdlen);
282         s->do_cmd = 1;
283         s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD;
284         s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
285         s->rregs[ESP_RSEQ] = SEQ_CD;
286         esp_raise_irq(s);
287     }
288 }
289 
290 static void handle_satn_stop(ESPState *s)
291 {
292     if (s->dma && !s->dma_enabled) {
293         s->dma_cb = handle_satn_stop;
294         return;
295     }
296     s->pdma_cb = satn_stop_pdma_cb;
297     s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf));
298     if (s->cmdlen) {
299         trace_esp_handle_satn_stop(s->cmdlen);
300         s->do_cmd = 1;
301         s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD;
302         s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
303         s->rregs[ESP_RSEQ] = SEQ_CD;
304         esp_raise_irq(s);
305     }
306 }
307 
308 static void write_response_pdma_cb(ESPState *s)
309 {
310     s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST;
311     s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
312     s->rregs[ESP_RSEQ] = SEQ_CD;
313     esp_raise_irq(s);
314 }
315 
316 static void write_response(ESPState *s)
317 {
318     trace_esp_write_response(s->status);
319     s->ti_buf[0] = s->status;
320     s->ti_buf[1] = 0;
321     if (s->dma) {
322         if (s->dma_memory_write) {
323             s->dma_memory_write(s->dma_opaque, s->ti_buf, 2);
324             s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST;
325             s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
326             s->rregs[ESP_RSEQ] = SEQ_CD;
327         } else {
328             set_pdma(s, TI, 0, 2);
329             s->pdma_cb = write_response_pdma_cb;
330             esp_raise_drq(s);
331             return;
332         }
333     } else {
334         s->ti_size = 2;
335         s->ti_rptr = 0;
336         s->ti_wptr = 2;
337         s->rregs[ESP_RFLAGS] = 2;
338     }
339     esp_raise_irq(s);
340 }
341 
342 static void esp_dma_done(ESPState *s)
343 {
344     s->rregs[ESP_RSTAT] |= STAT_TC;
345     s->rregs[ESP_RINTR] = INTR_BS;
346     s->rregs[ESP_RSEQ] = 0;
347     s->rregs[ESP_RFLAGS] = 0;
348     s->rregs[ESP_TCLO] = 0;
349     s->rregs[ESP_TCMID] = 0;
350     s->rregs[ESP_TCHI] = 0;
351     esp_raise_irq(s);
352 }
353 
354 static void do_dma_pdma_cb(ESPState *s)
355 {
356     int to_device = (s->ti_size < 0);
357     int len = s->pdma_cur - s->pdma_start;
358     if (s->do_cmd) {
359         s->ti_size = 0;
360         s->cmdlen = 0;
361         s->do_cmd = 0;
362         do_cmd(s, s->cmdbuf);
363         return;
364     }
365     s->dma_left -= len;
366     s->async_buf += len;
367     s->async_len -= len;
368     if (to_device) {
369         s->ti_size += len;
370     } else {
371         s->ti_size -= len;
372     }
373     if (s->async_len == 0) {
374         scsi_req_continue(s->current_req);
375         /*
376          * If there is still data to be read from the device then
377          * complete the DMA operation immediately.  Otherwise defer
378          * until the scsi layer has completed.
379          */
380         if (to_device || s->dma_left != 0 || s->ti_size == 0) {
381             return;
382         }
383     }
384 
385     /* Partially filled a scsi buffer. Complete immediately.  */
386     esp_dma_done(s);
387 }
388 
389 static void esp_do_dma(ESPState *s)
390 {
391     uint32_t len;
392     int to_device;
393 
394     len = s->dma_left;
395     if (s->do_cmd) {
396         /*
397          * handle_ti_cmd() case: esp_do_dma() is called only from
398          * handle_ti_cmd() with do_cmd != NULL (see the assert())
399          */
400         trace_esp_do_dma(s->cmdlen, len);
401         assert (s->cmdlen <= sizeof(s->cmdbuf) &&
402                 len <= sizeof(s->cmdbuf) - s->cmdlen);
403         if (s->dma_memory_read) {
404             s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
405         } else {
406             set_pdma(s, CMD, s->cmdlen, len);
407             s->pdma_cb = do_dma_pdma_cb;
408             esp_raise_drq(s);
409             return;
410         }
411         trace_esp_handle_ti_cmd(s->cmdlen);
412         s->ti_size = 0;
413         s->cmdlen = 0;
414         s->do_cmd = 0;
415         do_cmd(s, s->cmdbuf);
416         return;
417     }
418     if (s->async_len == 0) {
419         /* Defer until data is available.  */
420         return;
421     }
422     if (len > s->async_len) {
423         len = s->async_len;
424     }
425     to_device = (s->ti_size < 0);
426     if (to_device) {
427         if (s->dma_memory_read) {
428             s->dma_memory_read(s->dma_opaque, s->async_buf, len);
429         } else {
430             set_pdma(s, ASYNC, 0, len);
431             s->pdma_cb = do_dma_pdma_cb;
432             esp_raise_drq(s);
433             return;
434         }
435     } else {
436         if (s->dma_memory_write) {
437             s->dma_memory_write(s->dma_opaque, s->async_buf, len);
438         } else {
439             set_pdma(s, ASYNC, 0, len);
440             s->pdma_cb = do_dma_pdma_cb;
441             esp_raise_drq(s);
442             return;
443         }
444     }
445     s->dma_left -= len;
446     s->async_buf += len;
447     s->async_len -= len;
448     if (to_device)
449         s->ti_size += len;
450     else
451         s->ti_size -= len;
452     if (s->async_len == 0) {
453         scsi_req_continue(s->current_req);
454         /* If there is still data to be read from the device then
455            complete the DMA operation immediately.  Otherwise defer
456            until the scsi layer has completed.  */
457         if (to_device || s->dma_left != 0 || s->ti_size == 0) {
458             return;
459         }
460     }
461 
462     /* Partially filled a scsi buffer. Complete immediately.  */
463     esp_dma_done(s);
464 }
465 
466 static void esp_report_command_complete(ESPState *s, uint32_t status)
467 {
468     trace_esp_command_complete();
469     if (s->ti_size != 0) {
470         trace_esp_command_complete_unexpected();
471     }
472     s->ti_size = 0;
473     s->dma_left = 0;
474     s->async_len = 0;
475     if (status) {
476         trace_esp_command_complete_fail();
477     }
478     s->status = status;
479     s->rregs[ESP_RSTAT] = STAT_ST;
480     esp_dma_done(s);
481     if (s->current_req) {
482         scsi_req_unref(s->current_req);
483         s->current_req = NULL;
484         s->current_dev = NULL;
485     }
486 }
487 
488 void esp_command_complete(SCSIRequest *req, size_t resid)
489 {
490     ESPState *s = req->hba_private;
491 
492     if (s->rregs[ESP_RSTAT] & STAT_INT) {
493         /* Defer handling command complete until the previous
494          * interrupt has been handled.
495          */
496         trace_esp_command_complete_deferred();
497         s->deferred_status = req->status;
498         s->deferred_complete = true;
499         return;
500     }
501     esp_report_command_complete(s, req->status);
502 }
503 
504 void esp_transfer_data(SCSIRequest *req, uint32_t len)
505 {
506     ESPState *s = req->hba_private;
507 
508     assert(!s->do_cmd);
509     trace_esp_transfer_data(s->dma_left, s->ti_size);
510     s->async_len = len;
511     s->async_buf = scsi_req_get_buf(req);
512     if (s->dma_left) {
513         esp_do_dma(s);
514     } else if (s->dma_counter != 0 && s->ti_size <= 0) {
515         /* If this was the last part of a DMA transfer then the
516            completion interrupt is deferred to here.  */
517         esp_dma_done(s);
518     }
519 }
520 
521 static void handle_ti(ESPState *s)
522 {
523     uint32_t dmalen, minlen;
524 
525     if (s->dma && !s->dma_enabled) {
526         s->dma_cb = handle_ti;
527         return;
528     }
529 
530     dmalen = s->rregs[ESP_TCLO];
531     dmalen |= s->rregs[ESP_TCMID] << 8;
532     dmalen |= s->rregs[ESP_TCHI] << 16;
533     if (dmalen==0) {
534       dmalen=0x10000;
535     }
536     s->dma_counter = dmalen;
537 
538     if (s->do_cmd)
539         minlen = (dmalen < ESP_CMDBUF_SZ) ? dmalen : ESP_CMDBUF_SZ;
540     else if (s->ti_size < 0)
541         minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
542     else
543         minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size;
544     trace_esp_handle_ti(minlen);
545     if (s->dma) {
546         s->dma_left = minlen;
547         s->rregs[ESP_RSTAT] &= ~STAT_TC;
548         esp_do_dma(s);
549     } else if (s->do_cmd) {
550         trace_esp_handle_ti_cmd(s->cmdlen);
551         s->ti_size = 0;
552         s->cmdlen = 0;
553         s->do_cmd = 0;
554         do_cmd(s, s->cmdbuf);
555     }
556 }
557 
558 void esp_hard_reset(ESPState *s)
559 {
560     memset(s->rregs, 0, ESP_REGS);
561     memset(s->wregs, 0, ESP_REGS);
562     s->tchi_written = 0;
563     s->ti_size = 0;
564     s->ti_rptr = 0;
565     s->ti_wptr = 0;
566     s->dma = 0;
567     s->do_cmd = 0;
568     s->dma_cb = NULL;
569 
570     s->rregs[ESP_CFG1] = 7;
571 }
572 
573 static void esp_soft_reset(ESPState *s)
574 {
575     qemu_irq_lower(s->irq);
576     qemu_irq_lower(s->irq_data);
577     esp_hard_reset(s);
578 }
579 
580 static void parent_esp_reset(ESPState *s, int irq, int level)
581 {
582     if (level) {
583         esp_soft_reset(s);
584     }
585 }
586 
587 uint64_t esp_reg_read(ESPState *s, uint32_t saddr)
588 {
589     uint32_t old_val;
590 
591     trace_esp_mem_readb(saddr, s->rregs[saddr]);
592     switch (saddr) {
593     case ESP_FIFO:
594         if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
595             /* Data out.  */
596             qemu_log_mask(LOG_UNIMP, "esp: PIO data read not implemented\n");
597             s->rregs[ESP_FIFO] = 0;
598         } else if (s->ti_rptr < s->ti_wptr) {
599             s->ti_size--;
600             s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
601         }
602         if (s->ti_rptr == s->ti_wptr) {
603             s->ti_rptr = 0;
604             s->ti_wptr = 0;
605         }
606         break;
607     case ESP_RINTR:
608         /* Clear sequence step, interrupt register and all status bits
609            except TC */
610         old_val = s->rregs[ESP_RINTR];
611         s->rregs[ESP_RINTR] = 0;
612         s->rregs[ESP_RSTAT] &= ~STAT_TC;
613         s->rregs[ESP_RSEQ] = SEQ_CD;
614         esp_lower_irq(s);
615         if (s->deferred_complete) {
616             esp_report_command_complete(s, s->deferred_status);
617             s->deferred_complete = false;
618         }
619         return old_val;
620     case ESP_TCHI:
621         /* Return the unique id if the value has never been written */
622         if (!s->tchi_written) {
623             return s->chip_id;
624         }
625     default:
626         break;
627     }
628     return s->rregs[saddr];
629 }
630 
631 void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
632 {
633     trace_esp_mem_writeb(saddr, s->wregs[saddr], val);
634     switch (saddr) {
635     case ESP_TCHI:
636         s->tchi_written = true;
637         /* fall through */
638     case ESP_TCLO:
639     case ESP_TCMID:
640         s->rregs[ESP_RSTAT] &= ~STAT_TC;
641         break;
642     case ESP_FIFO:
643         if (s->do_cmd) {
644             if (s->cmdlen < ESP_CMDBUF_SZ) {
645                 s->cmdbuf[s->cmdlen++] = val & 0xff;
646             } else {
647                 trace_esp_error_fifo_overrun();
648             }
649         } else if (s->ti_wptr == TI_BUFSZ - 1) {
650             trace_esp_error_fifo_overrun();
651         } else {
652             s->ti_size++;
653             s->ti_buf[s->ti_wptr++] = val & 0xff;
654         }
655         break;
656     case ESP_CMD:
657         s->rregs[saddr] = val;
658         if (val & CMD_DMA) {
659             s->dma = 1;
660             /* Reload DMA counter.  */
661             s->rregs[ESP_TCLO] = s->wregs[ESP_TCLO];
662             s->rregs[ESP_TCMID] = s->wregs[ESP_TCMID];
663             s->rregs[ESP_TCHI] = s->wregs[ESP_TCHI];
664         } else {
665             s->dma = 0;
666         }
667         switch(val & CMD_CMD) {
668         case CMD_NOP:
669             trace_esp_mem_writeb_cmd_nop(val);
670             break;
671         case CMD_FLUSH:
672             trace_esp_mem_writeb_cmd_flush(val);
673             //s->ti_size = 0;
674             s->rregs[ESP_RINTR] = INTR_FC;
675             s->rregs[ESP_RSEQ] = 0;
676             s->rregs[ESP_RFLAGS] = 0;
677             break;
678         case CMD_RESET:
679             trace_esp_mem_writeb_cmd_reset(val);
680             esp_soft_reset(s);
681             break;
682         case CMD_BUSRESET:
683             trace_esp_mem_writeb_cmd_bus_reset(val);
684             s->rregs[ESP_RINTR] = INTR_RST;
685             if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) {
686                 esp_raise_irq(s);
687             }
688             break;
689         case CMD_TI:
690             handle_ti(s);
691             break;
692         case CMD_ICCS:
693             trace_esp_mem_writeb_cmd_iccs(val);
694             write_response(s);
695             s->rregs[ESP_RINTR] = INTR_FC;
696             s->rregs[ESP_RSTAT] |= STAT_MI;
697             break;
698         case CMD_MSGACC:
699             trace_esp_mem_writeb_cmd_msgacc(val);
700             s->rregs[ESP_RINTR] = INTR_DC;
701             s->rregs[ESP_RSEQ] = 0;
702             s->rregs[ESP_RFLAGS] = 0;
703             esp_raise_irq(s);
704             break;
705         case CMD_PAD:
706             trace_esp_mem_writeb_cmd_pad(val);
707             s->rregs[ESP_RSTAT] = STAT_TC;
708             s->rregs[ESP_RINTR] = INTR_FC;
709             s->rregs[ESP_RSEQ] = 0;
710             break;
711         case CMD_SATN:
712             trace_esp_mem_writeb_cmd_satn(val);
713             break;
714         case CMD_RSTATN:
715             trace_esp_mem_writeb_cmd_rstatn(val);
716             break;
717         case CMD_SEL:
718             trace_esp_mem_writeb_cmd_sel(val);
719             handle_s_without_atn(s);
720             break;
721         case CMD_SELATN:
722             trace_esp_mem_writeb_cmd_selatn(val);
723             handle_satn(s);
724             break;
725         case CMD_SELATNS:
726             trace_esp_mem_writeb_cmd_selatns(val);
727             handle_satn_stop(s);
728             break;
729         case CMD_ENSEL:
730             trace_esp_mem_writeb_cmd_ensel(val);
731             s->rregs[ESP_RINTR] = 0;
732             break;
733         case CMD_DISSEL:
734             trace_esp_mem_writeb_cmd_dissel(val);
735             s->rregs[ESP_RINTR] = 0;
736             esp_raise_irq(s);
737             break;
738         default:
739             trace_esp_error_unhandled_command(val);
740             break;
741         }
742         break;
743     case ESP_WBUSID ... ESP_WSYNO:
744         break;
745     case ESP_CFG1:
746     case ESP_CFG2: case ESP_CFG3:
747     case ESP_RES3: case ESP_RES4:
748         s->rregs[saddr] = val;
749         break;
750     case ESP_WCCF ... ESP_WTEST:
751         break;
752     default:
753         trace_esp_error_invalid_write(val, saddr);
754         return;
755     }
756     s->wregs[saddr] = val;
757 }
758 
759 static bool esp_mem_accepts(void *opaque, hwaddr addr,
760                             unsigned size, bool is_write,
761                             MemTxAttrs attrs)
762 {
763     return (size == 1) || (is_write && size == 4);
764 }
765 
766 static bool esp_pdma_needed(void *opaque)
767 {
768     ESPState *s = opaque;
769     return s->dma_memory_read == NULL && s->dma_memory_write == NULL &&
770            s->dma_enabled;
771 }
772 
773 static const VMStateDescription vmstate_esp_pdma = {
774     .name = "esp/pdma",
775     .version_id = 1,
776     .minimum_version_id = 1,
777     .needed = esp_pdma_needed,
778     .fields = (VMStateField[]) {
779         VMSTATE_BUFFER(pdma_buf, ESPState),
780         VMSTATE_INT32(pdma_origin, ESPState),
781         VMSTATE_UINT32(pdma_len, ESPState),
782         VMSTATE_UINT32(pdma_start, ESPState),
783         VMSTATE_UINT32(pdma_cur, ESPState),
784         VMSTATE_END_OF_LIST()
785     }
786 };
787 
788 const VMStateDescription vmstate_esp = {
789     .name ="esp",
790     .version_id = 4,
791     .minimum_version_id = 3,
792     .fields = (VMStateField[]) {
793         VMSTATE_BUFFER(rregs, ESPState),
794         VMSTATE_BUFFER(wregs, ESPState),
795         VMSTATE_INT32(ti_size, ESPState),
796         VMSTATE_UINT32(ti_rptr, ESPState),
797         VMSTATE_UINT32(ti_wptr, ESPState),
798         VMSTATE_BUFFER(ti_buf, ESPState),
799         VMSTATE_UINT32(status, ESPState),
800         VMSTATE_UINT32(deferred_status, ESPState),
801         VMSTATE_BOOL(deferred_complete, ESPState),
802         VMSTATE_UINT32(dma, ESPState),
803         VMSTATE_PARTIAL_BUFFER(cmdbuf, ESPState, 16),
804         VMSTATE_BUFFER_START_MIDDLE_V(cmdbuf, ESPState, 16, 4),
805         VMSTATE_UINT32(cmdlen, ESPState),
806         VMSTATE_UINT32(do_cmd, ESPState),
807         VMSTATE_UINT32(dma_left, ESPState),
808         VMSTATE_END_OF_LIST()
809     },
810     .subsections = (const VMStateDescription * []) {
811         &vmstate_esp_pdma,
812         NULL
813     }
814 };
815 
816 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,
817                                  uint64_t val, unsigned int size)
818 {
819     SysBusESPState *sysbus = opaque;
820     uint32_t saddr;
821 
822     saddr = addr >> sysbus->it_shift;
823     esp_reg_write(&sysbus->esp, saddr, val);
824 }
825 
826 static uint64_t sysbus_esp_mem_read(void *opaque, hwaddr addr,
827                                     unsigned int size)
828 {
829     SysBusESPState *sysbus = opaque;
830     uint32_t saddr;
831 
832     saddr = addr >> sysbus->it_shift;
833     return esp_reg_read(&sysbus->esp, saddr);
834 }
835 
836 static const MemoryRegionOps sysbus_esp_mem_ops = {
837     .read = sysbus_esp_mem_read,
838     .write = sysbus_esp_mem_write,
839     .endianness = DEVICE_NATIVE_ENDIAN,
840     .valid.accepts = esp_mem_accepts,
841 };
842 
843 static void sysbus_esp_pdma_write(void *opaque, hwaddr addr,
844                                   uint64_t val, unsigned int size)
845 {
846     SysBusESPState *sysbus = opaque;
847     ESPState *s = &sysbus->esp;
848     uint32_t dmalen;
849     uint8_t *buf = get_pdma_buf(s);
850 
851     dmalen = s->rregs[ESP_TCLO];
852     dmalen |= s->rregs[ESP_TCMID] << 8;
853     dmalen |= s->rregs[ESP_TCHI] << 16;
854     if (dmalen == 0 || s->pdma_len == 0) {
855         return;
856     }
857     switch (size) {
858     case 1:
859         buf[s->pdma_cur++] = val;
860         s->pdma_len--;
861         dmalen--;
862         break;
863     case 2:
864         buf[s->pdma_cur++] = val >> 8;
865         buf[s->pdma_cur++] = val;
866         s->pdma_len -= 2;
867         dmalen -= 2;
868         break;
869     }
870     s->rregs[ESP_TCLO] = dmalen & 0xff;
871     s->rregs[ESP_TCMID] = dmalen >> 8;
872     s->rregs[ESP_TCHI] = dmalen >> 16;
873     if (s->pdma_len == 0 && s->pdma_cb) {
874         esp_lower_drq(s);
875         s->pdma_cb(s);
876         s->pdma_cb = NULL;
877     }
878 }
879 
880 static uint64_t sysbus_esp_pdma_read(void *opaque, hwaddr addr,
881                                      unsigned int size)
882 {
883     SysBusESPState *sysbus = opaque;
884     ESPState *s = &sysbus->esp;
885     uint8_t *buf = get_pdma_buf(s);
886     uint64_t val = 0;
887 
888     if (s->pdma_len == 0) {
889         return 0;
890     }
891     switch (size) {
892     case 1:
893         val = buf[s->pdma_cur++];
894         s->pdma_len--;
895         break;
896     case 2:
897         val = buf[s->pdma_cur++];
898         val = (val << 8) | buf[s->pdma_cur++];
899         s->pdma_len -= 2;
900         break;
901     }
902 
903     if (s->pdma_len == 0 && s->pdma_cb) {
904         esp_lower_drq(s);
905         s->pdma_cb(s);
906         s->pdma_cb = NULL;
907     }
908     return val;
909 }
910 
911 static const MemoryRegionOps sysbus_esp_pdma_ops = {
912     .read = sysbus_esp_pdma_read,
913     .write = sysbus_esp_pdma_write,
914     .endianness = DEVICE_NATIVE_ENDIAN,
915     .valid.min_access_size = 1,
916     .valid.max_access_size = 2,
917 };
918 
919 static const struct SCSIBusInfo esp_scsi_info = {
920     .tcq = false,
921     .max_target = ESP_MAX_DEVS,
922     .max_lun = 7,
923 
924     .transfer_data = esp_transfer_data,
925     .complete = esp_command_complete,
926     .cancel = esp_request_cancelled
927 };
928 
929 static void sysbus_esp_gpio_demux(void *opaque, int irq, int level)
930 {
931     SysBusESPState *sysbus = ESP(opaque);
932     ESPState *s = &sysbus->esp;
933 
934     switch (irq) {
935     case 0:
936         parent_esp_reset(s, irq, level);
937         break;
938     case 1:
939         esp_dma_enable(opaque, irq, level);
940         break;
941     }
942 }
943 
944 static void sysbus_esp_realize(DeviceState *dev, Error **errp)
945 {
946     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
947     SysBusESPState *sysbus = ESP(dev);
948     ESPState *s = &sysbus->esp;
949 
950     sysbus_init_irq(sbd, &s->irq);
951     sysbus_init_irq(sbd, &s->irq_data);
952     assert(sysbus->it_shift != -1);
953 
954     s->chip_id = TCHI_FAS100A;
955     memory_region_init_io(&sysbus->iomem, OBJECT(sysbus), &sysbus_esp_mem_ops,
956                           sysbus, "esp-regs", ESP_REGS << sysbus->it_shift);
957     sysbus_init_mmio(sbd, &sysbus->iomem);
958     memory_region_init_io(&sysbus->pdma, OBJECT(sysbus), &sysbus_esp_pdma_ops,
959                           sysbus, "esp-pdma", 2);
960     sysbus_init_mmio(sbd, &sysbus->pdma);
961 
962     qdev_init_gpio_in(dev, sysbus_esp_gpio_demux, 2);
963 
964     scsi_bus_new(&s->bus, sizeof(s->bus), dev, &esp_scsi_info, NULL);
965 }
966 
967 static void sysbus_esp_hard_reset(DeviceState *dev)
968 {
969     SysBusESPState *sysbus = ESP(dev);
970     esp_hard_reset(&sysbus->esp);
971 }
972 
973 static const VMStateDescription vmstate_sysbus_esp_scsi = {
974     .name = "sysbusespscsi",
975     .version_id = 1,
976     .minimum_version_id = 1,
977     .fields = (VMStateField[]) {
978         VMSTATE_STRUCT(esp, SysBusESPState, 0, vmstate_esp, ESPState),
979         VMSTATE_END_OF_LIST()
980     }
981 };
982 
983 static void sysbus_esp_class_init(ObjectClass *klass, void *data)
984 {
985     DeviceClass *dc = DEVICE_CLASS(klass);
986 
987     dc->realize = sysbus_esp_realize;
988     dc->reset = sysbus_esp_hard_reset;
989     dc->vmsd = &vmstate_sysbus_esp_scsi;
990     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
991 }
992 
993 static const TypeInfo sysbus_esp_info = {
994     .name          = TYPE_ESP,
995     .parent        = TYPE_SYS_BUS_DEVICE,
996     .instance_size = sizeof(SysBusESPState),
997     .class_init    = sysbus_esp_class_init,
998 };
999 
1000 static void esp_register_types(void)
1001 {
1002     type_register_static(&sysbus_esp_info);
1003 }
1004 
1005 type_init(esp_register_types)
1006