xref: /openbmc/qemu/hw/scsi/esp.c (revision ea2fde5b)
1 /*
2  * QEMU ESP/NCR53C9x emulation
3  *
4  * Copyright (c) 2005-2006 Fabrice Bellard
5  * Copyright (c) 2012 Herve Poussineau
6  * Copyright (c) 2023 Mark Cave-Ayland
7  *
8  * Permission is hereby granted, free of charge, to any person obtaining a copy
9  * of this software and associated documentation files (the "Software"), to deal
10  * in the Software without restriction, including without limitation the rights
11  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12  * copies of the Software, and to permit persons to whom the Software is
13  * furnished to do so, subject to the following conditions:
14  *
15  * The above copyright notice and this permission notice shall be included in
16  * all copies or substantial portions of the Software.
17  *
18  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24  * THE SOFTWARE.
25  */
26 
27 #include "qemu/osdep.h"
28 #include "hw/sysbus.h"
29 #include "migration/vmstate.h"
30 #include "hw/irq.h"
31 #include "hw/scsi/esp.h"
32 #include "trace.h"
33 #include "qemu/log.h"
34 #include "qemu/module.h"
35 
36 /*
37  * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O),
38  * also produced as NCR89C100. See
39  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
40  * and
41  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
42  *
43  * On Macintosh Quadra it is a NCR53C96.
44  */
45 
46 static void esp_raise_irq(ESPState *s)
47 {
48     if (!(s->rregs[ESP_RSTAT] & STAT_INT)) {
49         s->rregs[ESP_RSTAT] |= STAT_INT;
50         qemu_irq_raise(s->irq);
51         trace_esp_raise_irq();
52     }
53 }
54 
55 static void esp_lower_irq(ESPState *s)
56 {
57     if (s->rregs[ESP_RSTAT] & STAT_INT) {
58         s->rregs[ESP_RSTAT] &= ~STAT_INT;
59         qemu_irq_lower(s->irq);
60         trace_esp_lower_irq();
61     }
62 }
63 
64 static void esp_raise_drq(ESPState *s)
65 {
66     if (!(s->drq_state)) {
67         qemu_irq_raise(s->drq_irq);
68         trace_esp_raise_drq();
69         s->drq_state = true;
70     }
71 }
72 
73 static void esp_lower_drq(ESPState *s)
74 {
75     if (s->drq_state) {
76         qemu_irq_lower(s->drq_irq);
77         trace_esp_lower_drq();
78         s->drq_state = false;
79     }
80 }
81 
82 void esp_dma_enable(ESPState *s, int irq, int level)
83 {
84     if (level) {
85         s->dma_enabled = 1;
86         trace_esp_dma_enable();
87         if (s->dma_cb) {
88             s->dma_cb(s);
89             s->dma_cb = NULL;
90         }
91     } else {
92         trace_esp_dma_disable();
93         s->dma_enabled = 0;
94     }
95 }
96 
97 void esp_request_cancelled(SCSIRequest *req)
98 {
99     ESPState *s = req->hba_private;
100 
101     if (req == s->current_req) {
102         scsi_req_unref(s->current_req);
103         s->current_req = NULL;
104         s->current_dev = NULL;
105         s->async_len = 0;
106     }
107 }
108 
109 static void esp_fifo_push(Fifo8 *fifo, uint8_t val)
110 {
111     if (fifo8_num_used(fifo) == fifo->capacity) {
112         trace_esp_error_fifo_overrun();
113         return;
114     }
115 
116     fifo8_push(fifo, val);
117 }
118 
119 static uint8_t esp_fifo_pop(Fifo8 *fifo)
120 {
121     if (fifo8_is_empty(fifo)) {
122         return 0;
123     }
124 
125     return fifo8_pop(fifo);
126 }
127 
128 static uint32_t esp_fifo_pop_buf(Fifo8 *fifo, uint8_t *dest, int maxlen)
129 {
130     const uint8_t *buf;
131     uint32_t n, n2;
132     int len;
133 
134     if (maxlen == 0) {
135         return 0;
136     }
137 
138     len = maxlen;
139     buf = fifo8_pop_buf(fifo, len, &n);
140     if (dest) {
141         memcpy(dest, buf, n);
142     }
143 
144     /* Add FIFO wraparound if needed */
145     len -= n;
146     len = MIN(len, fifo8_num_used(fifo));
147     if (len) {
148         buf = fifo8_pop_buf(fifo, len, &n2);
149         if (dest) {
150             memcpy(&dest[n], buf, n2);
151         }
152         n += n2;
153     }
154 
155     return n;
156 }
157 
158 static uint32_t esp_get_tc(ESPState *s)
159 {
160     uint32_t dmalen;
161 
162     dmalen = s->rregs[ESP_TCLO];
163     dmalen |= s->rregs[ESP_TCMID] << 8;
164     dmalen |= s->rregs[ESP_TCHI] << 16;
165 
166     return dmalen;
167 }
168 
169 static void esp_set_tc(ESPState *s, uint32_t dmalen)
170 {
171     uint32_t old_tc = esp_get_tc(s);
172 
173     s->rregs[ESP_TCLO] = dmalen;
174     s->rregs[ESP_TCMID] = dmalen >> 8;
175     s->rregs[ESP_TCHI] = dmalen >> 16;
176 
177     if (old_tc && dmalen == 0) {
178         s->rregs[ESP_RSTAT] |= STAT_TC;
179     }
180 }
181 
182 static uint32_t esp_get_stc(ESPState *s)
183 {
184     uint32_t dmalen;
185 
186     dmalen = s->wregs[ESP_TCLO];
187     dmalen |= s->wregs[ESP_TCMID] << 8;
188     dmalen |= s->wregs[ESP_TCHI] << 16;
189 
190     return dmalen;
191 }
192 
193 static const char *esp_phase_names[8] = {
194     "DATA OUT", "DATA IN", "COMMAND", "STATUS",
195     "(reserved)", "(reserved)", "MESSAGE OUT", "MESSAGE IN"
196 };
197 
198 static void esp_set_phase(ESPState *s, uint8_t phase)
199 {
200     s->rregs[ESP_RSTAT] &= ~7;
201     s->rregs[ESP_RSTAT] |= phase;
202 
203     trace_esp_set_phase(esp_phase_names[phase]);
204 }
205 
206 static uint8_t esp_get_phase(ESPState *s)
207 {
208     return s->rregs[ESP_RSTAT] & 7;
209 }
210 
211 static uint8_t esp_pdma_read(ESPState *s)
212 {
213     uint8_t val;
214 
215     val = esp_fifo_pop(&s->fifo);
216     return val;
217 }
218 
219 static void esp_pdma_write(ESPState *s, uint8_t val)
220 {
221     uint32_t dmalen = esp_get_tc(s);
222 
223     if (dmalen == 0) {
224         return;
225     }
226 
227     esp_fifo_push(&s->fifo, val);
228 
229     dmalen--;
230     esp_set_tc(s, dmalen);
231 }
232 
233 static int esp_select(ESPState *s)
234 {
235     int target;
236 
237     target = s->wregs[ESP_WBUSID] & BUSID_DID;
238 
239     s->ti_size = 0;
240     s->rregs[ESP_RSEQ] = SEQ_0;
241 
242     if (s->current_req) {
243         /* Started a new command before the old one finished. Cancel it. */
244         scsi_req_cancel(s->current_req);
245     }
246 
247     s->current_dev = scsi_device_find(&s->bus, 0, target, 0);
248     if (!s->current_dev) {
249         /* No such drive */
250         s->rregs[ESP_RSTAT] = 0;
251         s->rregs[ESP_RINTR] = INTR_DC;
252         esp_raise_irq(s);
253         return -1;
254     }
255 
256     /*
257      * Note that we deliberately don't raise the IRQ here: this will be done
258      * either in esp_transfer_data() or esp_command_complete()
259      */
260     return 0;
261 }
262 
263 static void esp_do_dma(ESPState *s);
264 static void esp_do_nodma(ESPState *s);
265 
266 static void do_command_phase(ESPState *s)
267 {
268     uint32_t cmdlen;
269     int32_t datalen;
270     SCSIDevice *current_lun;
271     uint8_t buf[ESP_CMDFIFO_SZ];
272 
273     trace_esp_do_command_phase(s->lun);
274     cmdlen = fifo8_num_used(&s->cmdfifo);
275     if (!cmdlen || !s->current_dev) {
276         return;
277     }
278     esp_fifo_pop_buf(&s->cmdfifo, buf, cmdlen);
279 
280     current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, s->lun);
281     if (!current_lun) {
282         /* No such drive */
283         s->rregs[ESP_RSTAT] = 0;
284         s->rregs[ESP_RINTR] = INTR_DC;
285         s->rregs[ESP_RSEQ] = SEQ_0;
286         esp_raise_irq(s);
287         return;
288     }
289 
290     s->current_req = scsi_req_new(current_lun, 0, s->lun, buf, cmdlen, s);
291     datalen = scsi_req_enqueue(s->current_req);
292     s->ti_size = datalen;
293     fifo8_reset(&s->cmdfifo);
294     s->data_ready = false;
295     if (datalen != 0) {
296         /*
297          * Switch to DATA phase but wait until initial data xfer is
298          * complete before raising the command completion interrupt
299          */
300         if (datalen > 0) {
301             esp_set_phase(s, STAT_DI);
302         } else {
303             esp_set_phase(s, STAT_DO);
304         }
305         scsi_req_continue(s->current_req);
306         return;
307     }
308 }
309 
310 static void do_message_phase(ESPState *s)
311 {
312     if (s->cmdfifo_cdb_offset) {
313         uint8_t message = esp_fifo_pop(&s->cmdfifo);
314 
315         trace_esp_do_identify(message);
316         s->lun = message & 7;
317         s->cmdfifo_cdb_offset--;
318     }
319 
320     /* Ignore extended messages for now */
321     if (s->cmdfifo_cdb_offset) {
322         int len = MIN(s->cmdfifo_cdb_offset, fifo8_num_used(&s->cmdfifo));
323         esp_fifo_pop_buf(&s->cmdfifo, NULL, len);
324         s->cmdfifo_cdb_offset = 0;
325     }
326 }
327 
328 static void do_cmd(ESPState *s)
329 {
330     do_message_phase(s);
331     assert(s->cmdfifo_cdb_offset == 0);
332     do_command_phase(s);
333 }
334 
335 static void handle_satn(ESPState *s)
336 {
337     if (s->dma && !s->dma_enabled) {
338         s->dma_cb = handle_satn;
339         return;
340     }
341 
342     if (esp_select(s) < 0) {
343         return;
344     }
345 
346     esp_set_phase(s, STAT_MO);
347 
348     if (s->dma) {
349         esp_do_dma(s);
350     } else {
351         esp_do_nodma(s);
352     }
353 }
354 
355 static void handle_s_without_atn(ESPState *s)
356 {
357     if (s->dma && !s->dma_enabled) {
358         s->dma_cb = handle_s_without_atn;
359         return;
360     }
361 
362     if (esp_select(s) < 0) {
363         return;
364     }
365 
366     esp_set_phase(s, STAT_CD);
367     s->cmdfifo_cdb_offset = 0;
368 
369     if (s->dma) {
370         esp_do_dma(s);
371     } else {
372         esp_do_nodma(s);
373     }
374 }
375 
376 static void handle_satn_stop(ESPState *s)
377 {
378     if (s->dma && !s->dma_enabled) {
379         s->dma_cb = handle_satn_stop;
380         return;
381     }
382 
383     if (esp_select(s) < 0) {
384         return;
385     }
386 
387     esp_set_phase(s, STAT_MO);
388     s->cmdfifo_cdb_offset = 0;
389 
390     if (s->dma) {
391         esp_do_dma(s);
392     } else {
393         esp_do_nodma(s);
394     }
395 }
396 
397 static void handle_pad(ESPState *s)
398 {
399     if (s->dma) {
400         esp_do_dma(s);
401     } else {
402         esp_do_nodma(s);
403     }
404 }
405 
406 static void write_response(ESPState *s)
407 {
408     trace_esp_write_response(s->status);
409 
410     if (s->dma) {
411         esp_do_dma(s);
412     } else {
413         esp_do_nodma(s);
414     }
415 }
416 
417 static int esp_cdb_length(ESPState *s)
418 {
419     const uint8_t *pbuf;
420     int cmdlen, len;
421 
422     cmdlen = fifo8_num_used(&s->cmdfifo);
423     if (cmdlen < s->cmdfifo_cdb_offset) {
424         return 0;
425     }
426 
427     pbuf = fifo8_peek_buf(&s->cmdfifo, cmdlen, NULL);
428     len = scsi_cdb_length((uint8_t *)&pbuf[s->cmdfifo_cdb_offset]);
429 
430     return len;
431 }
432 
433 static void esp_dma_ti_check(ESPState *s)
434 {
435     if (esp_get_tc(s) == 0 && fifo8_num_used(&s->fifo) < 2) {
436         s->rregs[ESP_RINTR] |= INTR_BS;
437         esp_raise_irq(s);
438         esp_lower_drq(s);
439     }
440 }
441 
442 static void esp_do_dma(ESPState *s)
443 {
444     uint32_t len, cmdlen;
445     uint8_t buf[ESP_CMDFIFO_SZ];
446 
447     len = esp_get_tc(s);
448 
449     switch (esp_get_phase(s)) {
450     case STAT_MO:
451         if (s->dma_memory_read) {
452             len = MIN(len, fifo8_num_free(&s->cmdfifo));
453             s->dma_memory_read(s->dma_opaque, buf, len);
454             esp_set_tc(s, esp_get_tc(s) - len);
455         } else {
456             len = esp_fifo_pop_buf(&s->fifo, buf, fifo8_num_used(&s->fifo));
457             len = MIN(fifo8_num_free(&s->cmdfifo), len);
458             esp_raise_drq(s);
459         }
460 
461         fifo8_push_all(&s->cmdfifo, buf, len);
462         s->cmdfifo_cdb_offset += len;
463 
464         switch (s->rregs[ESP_CMD]) {
465         case CMD_SELATN | CMD_DMA:
466             if (fifo8_num_used(&s->cmdfifo) >= 1) {
467                 /* First byte received, switch to command phase */
468                 esp_set_phase(s, STAT_CD);
469                 s->rregs[ESP_RSEQ] = SEQ_CD;
470                 s->cmdfifo_cdb_offset = 1;
471 
472                 if (fifo8_num_used(&s->cmdfifo) > 1) {
473                     /* Process any additional command phase data */
474                     esp_do_dma(s);
475                 }
476             }
477             break;
478 
479         case CMD_SELATNS | CMD_DMA:
480             if (fifo8_num_used(&s->cmdfifo) == 1) {
481                 /* First byte received, stop in message out phase */
482                 s->rregs[ESP_RSEQ] = SEQ_MO;
483                 s->cmdfifo_cdb_offset = 1;
484 
485                 /* Raise command completion interrupt */
486                 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC;
487                 esp_raise_irq(s);
488             }
489             break;
490 
491         case CMD_TI | CMD_DMA:
492             /* ATN remains asserted until TC == 0 */
493             if (esp_get_tc(s) == 0) {
494                 esp_set_phase(s, STAT_CD);
495                 s->rregs[ESP_CMD] = 0;
496                 s->rregs[ESP_RINTR] |= INTR_BS;
497                 esp_raise_irq(s);
498             }
499             break;
500         }
501         break;
502 
503     case STAT_CD:
504         cmdlen = fifo8_num_used(&s->cmdfifo);
505         trace_esp_do_dma(cmdlen, len);
506         if (s->dma_memory_read) {
507             len = MIN(len, fifo8_num_free(&s->cmdfifo));
508             s->dma_memory_read(s->dma_opaque, buf, len);
509             fifo8_push_all(&s->cmdfifo, buf, len);
510             esp_set_tc(s, esp_get_tc(s) - len);
511         } else {
512             len = esp_fifo_pop_buf(&s->fifo, buf, fifo8_num_used(&s->fifo));
513             len = MIN(fifo8_num_free(&s->cmdfifo), len);
514             fifo8_push_all(&s->cmdfifo, buf, len);
515             esp_raise_drq(s);
516         }
517         trace_esp_handle_ti_cmd(cmdlen);
518         s->ti_size = 0;
519         if (esp_get_tc(s) == 0) {
520             /* Command has been received */
521             do_cmd(s);
522         }
523         break;
524 
525     case STAT_DO:
526         if (!s->current_req) {
527             return;
528         }
529         if (s->async_len == 0 && esp_get_tc(s) && s->ti_size) {
530             /* Defer until data is available.  */
531             return;
532         }
533         if (len > s->async_len) {
534             len = s->async_len;
535         }
536 
537         switch (s->rregs[ESP_CMD]) {
538         case CMD_TI | CMD_DMA:
539             if (s->dma_memory_read) {
540                 s->dma_memory_read(s->dma_opaque, s->async_buf, len);
541                 esp_set_tc(s, esp_get_tc(s) - len);
542             } else {
543                 /* Copy FIFO data to device */
544                 len = MIN(s->async_len, ESP_FIFO_SZ);
545                 len = MIN(len, fifo8_num_used(&s->fifo));
546                 len = esp_fifo_pop_buf(&s->fifo, s->async_buf, len);
547                 esp_raise_drq(s);
548             }
549 
550             s->async_buf += len;
551             s->async_len -= len;
552             s->ti_size += len;
553             break;
554 
555         case CMD_PAD | CMD_DMA:
556             /* Copy TC zero bytes into the incoming stream */
557             if (!s->dma_memory_read) {
558                 len = MIN(s->async_len, ESP_FIFO_SZ);
559                 len = MIN(len, fifo8_num_free(&s->fifo));
560             }
561 
562             memset(s->async_buf, 0, len);
563 
564             s->async_buf += len;
565             s->async_len -= len;
566             s->ti_size += len;
567             break;
568         }
569 
570         if (s->async_len == 0 && fifo8_num_used(&s->fifo) < 2) {
571             /* Defer until the scsi layer has completed */
572             scsi_req_continue(s->current_req);
573             return;
574         }
575 
576         esp_dma_ti_check(s);
577         break;
578 
579     case STAT_DI:
580         if (!s->current_req) {
581             return;
582         }
583         if (s->async_len == 0 && esp_get_tc(s) && s->ti_size) {
584             /* Defer until data is available.  */
585             return;
586         }
587         if (len > s->async_len) {
588             len = s->async_len;
589         }
590 
591         switch (s->rregs[ESP_CMD]) {
592         case CMD_TI | CMD_DMA:
593             if (s->dma_memory_write) {
594                 s->dma_memory_write(s->dma_opaque, s->async_buf, len);
595             } else {
596                 /* Copy device data to FIFO */
597                 len = MIN(len, fifo8_num_free(&s->fifo));
598                 fifo8_push_all(&s->fifo, s->async_buf, len);
599                 esp_raise_drq(s);
600             }
601 
602             s->async_buf += len;
603             s->async_len -= len;
604             s->ti_size -= len;
605             esp_set_tc(s, esp_get_tc(s) - len);
606             break;
607 
608         case CMD_PAD | CMD_DMA:
609             /* Drop TC bytes from the incoming stream */
610             if (!s->dma_memory_write) {
611                 len = MIN(len, fifo8_num_free(&s->fifo));
612             }
613 
614             s->async_buf += len;
615             s->async_len -= len;
616             s->ti_size -= len;
617             esp_set_tc(s, esp_get_tc(s) - len);
618             break;
619         }
620 
621         if (s->async_len == 0 && s->ti_size == 0 && esp_get_tc(s)) {
622             /* If the guest underflows TC then terminate SCSI request */
623             scsi_req_continue(s->current_req);
624             return;
625         }
626 
627         if (s->async_len == 0 && fifo8_num_used(&s->fifo) < 2) {
628             /* Defer until the scsi layer has completed */
629             scsi_req_continue(s->current_req);
630             return;
631         }
632 
633         esp_dma_ti_check(s);
634         break;
635 
636     case STAT_ST:
637         switch (s->rregs[ESP_CMD]) {
638         case CMD_ICCS | CMD_DMA:
639             len = MIN(len, 1);
640 
641             if (len) {
642                 buf[0] = s->status;
643 
644                 if (s->dma_memory_write) {
645                     s->dma_memory_write(s->dma_opaque, buf, len);
646                 } else {
647                     fifo8_push_all(&s->fifo, buf, len);
648                 }
649 
650                 esp_set_tc(s, esp_get_tc(s) - len);
651                 esp_set_phase(s, STAT_MI);
652 
653                 if (esp_get_tc(s) > 0) {
654                     /* Process any message in phase data */
655                     esp_do_dma(s);
656                 }
657             }
658             break;
659 
660         default:
661             /* Consume remaining data if the guest underflows TC */
662             if (fifo8_num_used(&s->fifo) < 2) {
663                 s->rregs[ESP_RINTR] |= INTR_BS;
664                 esp_raise_irq(s);
665                 esp_lower_drq(s);
666             }
667             break;
668         }
669         break;
670 
671     case STAT_MI:
672         switch (s->rregs[ESP_CMD]) {
673         case CMD_ICCS | CMD_DMA:
674             len = MIN(len, 1);
675 
676             if (len) {
677                 buf[0] = 0;
678 
679                 if (s->dma_memory_write) {
680                     s->dma_memory_write(s->dma_opaque, buf, len);
681                 } else {
682                     fifo8_push_all(&s->fifo, buf, len);
683                 }
684 
685                 esp_set_tc(s, esp_get_tc(s) - len);
686 
687                 /* Raise end of command interrupt */
688                 s->rregs[ESP_RINTR] |= INTR_FC;
689                 esp_raise_irq(s);
690             }
691             break;
692         }
693         break;
694     }
695 }
696 
697 static void esp_nodma_ti_dataout(ESPState *s)
698 {
699     int len;
700 
701     if (!s->current_req) {
702         return;
703     }
704     if (s->async_len == 0) {
705         /* Defer until data is available.  */
706         return;
707     }
708     len = MIN(s->async_len, ESP_FIFO_SZ);
709     len = MIN(len, fifo8_num_used(&s->fifo));
710     esp_fifo_pop_buf(&s->fifo, s->async_buf, len);
711     s->async_buf += len;
712     s->async_len -= len;
713     s->ti_size += len;
714 
715     if (s->async_len == 0) {
716         scsi_req_continue(s->current_req);
717         return;
718     }
719 
720     s->rregs[ESP_RINTR] |= INTR_BS;
721     esp_raise_irq(s);
722 }
723 
724 static void esp_do_nodma(ESPState *s)
725 {
726     uint8_t buf[ESP_FIFO_SZ];
727     uint32_t cmdlen;
728     int len;
729 
730     switch (esp_get_phase(s)) {
731     case STAT_MO:
732         switch (s->rregs[ESP_CMD]) {
733         case CMD_SELATN:
734             /* Copy FIFO into cmdfifo */
735             len = esp_fifo_pop_buf(&s->fifo, buf, fifo8_num_used(&s->fifo));
736             len = MIN(fifo8_num_free(&s->cmdfifo), len);
737             fifo8_push_all(&s->cmdfifo, buf, len);
738 
739             if (fifo8_num_used(&s->cmdfifo) >= 1) {
740                 /* First byte received, switch to command phase */
741                 esp_set_phase(s, STAT_CD);
742                 s->rregs[ESP_RSEQ] = SEQ_CD;
743                 s->cmdfifo_cdb_offset = 1;
744 
745                 if (fifo8_num_used(&s->cmdfifo) > 1) {
746                     /* Process any additional command phase data */
747                     esp_do_nodma(s);
748                 }
749             }
750             break;
751 
752         case CMD_SELATNS:
753             /* Copy one byte from FIFO into cmdfifo */
754             len = esp_fifo_pop_buf(&s->fifo, buf, 1);
755             len = MIN(fifo8_num_free(&s->cmdfifo), len);
756             fifo8_push_all(&s->cmdfifo, buf, len);
757 
758             if (fifo8_num_used(&s->cmdfifo) >= 1) {
759                 /* First byte received, stop in message out phase */
760                 s->rregs[ESP_RSEQ] = SEQ_MO;
761                 s->cmdfifo_cdb_offset = 1;
762 
763                 /* Raise command completion interrupt */
764                 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC;
765                 esp_raise_irq(s);
766             }
767             break;
768 
769         case CMD_TI:
770             /* Copy FIFO into cmdfifo */
771             len = esp_fifo_pop_buf(&s->fifo, buf, fifo8_num_used(&s->fifo));
772             len = MIN(fifo8_num_free(&s->cmdfifo), len);
773             fifo8_push_all(&s->cmdfifo, buf, len);
774 
775             /* ATN remains asserted until FIFO empty */
776             s->cmdfifo_cdb_offset = fifo8_num_used(&s->cmdfifo);
777             esp_set_phase(s, STAT_CD);
778             s->rregs[ESP_CMD] = 0;
779             s->rregs[ESP_RINTR] |= INTR_BS;
780             esp_raise_irq(s);
781             break;
782         }
783         break;
784 
785     case STAT_CD:
786         switch (s->rregs[ESP_CMD]) {
787         case CMD_TI:
788             /* Copy FIFO into cmdfifo */
789             len = esp_fifo_pop_buf(&s->fifo, buf, fifo8_num_used(&s->fifo));
790             len = MIN(fifo8_num_free(&s->cmdfifo), len);
791             fifo8_push_all(&s->cmdfifo, buf, len);
792 
793             cmdlen = fifo8_num_used(&s->cmdfifo);
794             trace_esp_handle_ti_cmd(cmdlen);
795 
796             /* CDB may be transferred in one or more TI commands */
797             if (esp_cdb_length(s) && esp_cdb_length(s) ==
798                 fifo8_num_used(&s->cmdfifo) - s->cmdfifo_cdb_offset) {
799                     /* Command has been received */
800                     do_cmd(s);
801             } else {
802                 /*
803                  * If data was transferred from the FIFO then raise bus
804                  * service interrupt to indicate transfer complete. Otherwise
805                  * defer until the next FIFO write.
806                  */
807                 if (len) {
808                     /* Raise interrupt to indicate transfer complete */
809                     s->rregs[ESP_RINTR] |= INTR_BS;
810                     esp_raise_irq(s);
811                 }
812             }
813             break;
814 
815         case CMD_SEL | CMD_DMA:
816         case CMD_SELATN | CMD_DMA:
817             /* Copy FIFO into cmdfifo */
818             len = esp_fifo_pop_buf(&s->fifo, buf, fifo8_num_used(&s->fifo));
819             len = MIN(fifo8_num_free(&s->cmdfifo), len);
820             fifo8_push_all(&s->cmdfifo, buf, len);
821 
822             /* Handle when DMA transfer is terminated by non-DMA FIFO write */
823             if (esp_cdb_length(s) && esp_cdb_length(s) ==
824                 fifo8_num_used(&s->cmdfifo) - s->cmdfifo_cdb_offset) {
825                     /* Command has been received */
826                     do_cmd(s);
827             }
828             break;
829 
830         case CMD_SEL:
831         case CMD_SELATN:
832             /* FIFO already contain entire CDB: copy to cmdfifo and execute */
833             len = esp_fifo_pop_buf(&s->fifo, buf, fifo8_num_used(&s->fifo));
834             len = MIN(fifo8_num_free(&s->cmdfifo), len);
835             fifo8_push_all(&s->cmdfifo, buf, len);
836 
837             do_cmd(s);
838             break;
839         }
840         break;
841 
842     case STAT_DO:
843         /* Accumulate data in FIFO until non-DMA TI is executed */
844         break;
845 
846     case STAT_DI:
847         if (!s->current_req) {
848             return;
849         }
850         if (s->async_len == 0) {
851             /* Defer until data is available.  */
852             return;
853         }
854         if (fifo8_is_empty(&s->fifo)) {
855             fifo8_push(&s->fifo, s->async_buf[0]);
856             s->async_buf++;
857             s->async_len--;
858             s->ti_size--;
859         }
860 
861         if (s->async_len == 0) {
862             scsi_req_continue(s->current_req);
863             return;
864         }
865 
866         /* If preloading the FIFO, defer until TI command issued */
867         if (s->rregs[ESP_CMD] != CMD_TI) {
868             return;
869         }
870 
871         s->rregs[ESP_RINTR] |= INTR_BS;
872         esp_raise_irq(s);
873         break;
874 
875     case STAT_ST:
876         switch (s->rregs[ESP_CMD]) {
877         case CMD_ICCS:
878             fifo8_push(&s->fifo, s->status);
879             esp_set_phase(s, STAT_MI);
880 
881             /* Process any message in phase data */
882             esp_do_nodma(s);
883             break;
884         }
885         break;
886 
887     case STAT_MI:
888         switch (s->rregs[ESP_CMD]) {
889         case CMD_ICCS:
890             fifo8_push(&s->fifo, 0);
891 
892             /* Raise end of command interrupt */
893             s->rregs[ESP_RINTR] |= INTR_FC;
894             esp_raise_irq(s);
895             break;
896         }
897         break;
898     }
899 }
900 
901 void esp_command_complete(SCSIRequest *req, size_t resid)
902 {
903     ESPState *s = req->hba_private;
904     int to_device = (esp_get_phase(s) == STAT_DO);
905 
906     trace_esp_command_complete();
907 
908     /*
909      * Non-DMA transfers from the target will leave the last byte in
910      * the FIFO so don't reset ti_size in this case
911      */
912     if (s->dma || to_device) {
913         if (s->ti_size != 0) {
914             trace_esp_command_complete_unexpected();
915         }
916     }
917 
918     s->async_len = 0;
919     if (req->status) {
920         trace_esp_command_complete_fail();
921     }
922     s->status = req->status;
923 
924     /*
925      * Switch to status phase. For non-DMA transfers from the target the last
926      * byte is still in the FIFO
927      */
928     s->ti_size = 0;
929 
930     switch (s->rregs[ESP_CMD]) {
931     case CMD_SEL | CMD_DMA:
932     case CMD_SEL:
933     case CMD_SELATN | CMD_DMA:
934     case CMD_SELATN:
935         /*
936          * No data phase for sequencer command so raise deferred bus service
937          * and function complete interrupt
938          */
939         s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC;
940         s->rregs[ESP_RSEQ] = SEQ_CD;
941         break;
942 
943     case CMD_TI | CMD_DMA:
944     case CMD_TI:
945         s->rregs[ESP_CMD] = 0;
946         break;
947     }
948 
949     /* Raise bus service interrupt to indicate change to STATUS phase */
950     esp_set_phase(s, STAT_ST);
951     s->rregs[ESP_RINTR] |= INTR_BS;
952     esp_raise_irq(s);
953 
954     /* Ensure DRQ is set correctly for TC underflow or normal completion */
955     esp_dma_ti_check(s);
956 
957     if (s->current_req) {
958         scsi_req_unref(s->current_req);
959         s->current_req = NULL;
960         s->current_dev = NULL;
961     }
962 }
963 
964 void esp_transfer_data(SCSIRequest *req, uint32_t len)
965 {
966     ESPState *s = req->hba_private;
967     uint32_t dmalen = esp_get_tc(s);
968 
969     trace_esp_transfer_data(dmalen, s->ti_size);
970     s->async_len = len;
971     s->async_buf = scsi_req_get_buf(req);
972 
973     if (!s->data_ready) {
974         s->data_ready = true;
975 
976         switch (s->rregs[ESP_CMD]) {
977         case CMD_SEL | CMD_DMA:
978         case CMD_SEL:
979         case CMD_SELATN | CMD_DMA:
980         case CMD_SELATN:
981             /*
982              * Initial incoming data xfer is complete for sequencer command
983              * so raise deferred bus service and function complete interrupt
984              */
985              s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC;
986              s->rregs[ESP_RSEQ] = SEQ_CD;
987              break;
988 
989         case CMD_SELATNS | CMD_DMA:
990         case CMD_SELATNS:
991             /*
992              * Initial incoming data xfer is complete so raise command
993              * completion interrupt
994              */
995              s->rregs[ESP_RINTR] |= INTR_BS;
996              s->rregs[ESP_RSEQ] = SEQ_MO;
997              break;
998 
999         case CMD_TI | CMD_DMA:
1000         case CMD_TI:
1001             /*
1002              * Bus service interrupt raised because of initial change to
1003              * DATA phase
1004              */
1005             s->rregs[ESP_CMD] = 0;
1006             s->rregs[ESP_RINTR] |= INTR_BS;
1007             break;
1008         }
1009 
1010         esp_raise_irq(s);
1011     }
1012 
1013     /*
1014      * Always perform the initial transfer upon reception of the next TI
1015      * command to ensure the DMA/non-DMA status of the command is correct.
1016      * It is not possible to use s->dma directly in the section below as
1017      * some OSs send non-DMA NOP commands after a DMA transfer. Hence if the
1018      * async data transfer is delayed then s->dma is set incorrectly.
1019      */
1020 
1021     if (s->rregs[ESP_CMD] == (CMD_TI | CMD_DMA)) {
1022         /* When the SCSI layer returns more data, raise deferred INTR_BS */
1023         esp_dma_ti_check(s);
1024 
1025         esp_do_dma(s);
1026     } else if (s->rregs[ESP_CMD] == CMD_TI) {
1027         esp_do_nodma(s);
1028     }
1029 }
1030 
1031 static void handle_ti(ESPState *s)
1032 {
1033     uint32_t dmalen;
1034 
1035     if (s->dma && !s->dma_enabled) {
1036         s->dma_cb = handle_ti;
1037         return;
1038     }
1039 
1040     if (s->dma) {
1041         dmalen = esp_get_tc(s);
1042         trace_esp_handle_ti(dmalen);
1043         esp_do_dma(s);
1044     } else {
1045         trace_esp_handle_ti(s->ti_size);
1046         esp_do_nodma(s);
1047 
1048         if (esp_get_phase(s) == STAT_DO) {
1049             esp_nodma_ti_dataout(s);
1050         }
1051     }
1052 }
1053 
1054 void esp_hard_reset(ESPState *s)
1055 {
1056     memset(s->rregs, 0, ESP_REGS);
1057     memset(s->wregs, 0, ESP_REGS);
1058     s->tchi_written = 0;
1059     s->ti_size = 0;
1060     s->async_len = 0;
1061     fifo8_reset(&s->fifo);
1062     fifo8_reset(&s->cmdfifo);
1063     s->dma = 0;
1064     s->dma_cb = NULL;
1065 
1066     s->rregs[ESP_CFG1] = 7;
1067 }
1068 
1069 static void esp_soft_reset(ESPState *s)
1070 {
1071     qemu_irq_lower(s->irq);
1072     qemu_irq_lower(s->drq_irq);
1073     esp_hard_reset(s);
1074 }
1075 
1076 static void esp_bus_reset(ESPState *s)
1077 {
1078     bus_cold_reset(BUS(&s->bus));
1079 }
1080 
1081 static void parent_esp_reset(ESPState *s, int irq, int level)
1082 {
1083     if (level) {
1084         esp_soft_reset(s);
1085     }
1086 }
1087 
1088 static void esp_run_cmd(ESPState *s)
1089 {
1090     uint8_t cmd = s->rregs[ESP_CMD];
1091 
1092     if (cmd & CMD_DMA) {
1093         s->dma = 1;
1094         /* Reload DMA counter.  */
1095         if (esp_get_stc(s) == 0) {
1096             esp_set_tc(s, 0x10000);
1097         } else {
1098             esp_set_tc(s, esp_get_stc(s));
1099         }
1100     } else {
1101         s->dma = 0;
1102     }
1103     switch (cmd & CMD_CMD) {
1104     case CMD_NOP:
1105         trace_esp_mem_writeb_cmd_nop(cmd);
1106         break;
1107     case CMD_FLUSH:
1108         trace_esp_mem_writeb_cmd_flush(cmd);
1109         fifo8_reset(&s->fifo);
1110         break;
1111     case CMD_RESET:
1112         trace_esp_mem_writeb_cmd_reset(cmd);
1113         esp_soft_reset(s);
1114         break;
1115     case CMD_BUSRESET:
1116         trace_esp_mem_writeb_cmd_bus_reset(cmd);
1117         esp_bus_reset(s);
1118         if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) {
1119             s->rregs[ESP_RINTR] |= INTR_RST;
1120             esp_raise_irq(s);
1121         }
1122         break;
1123     case CMD_TI:
1124         trace_esp_mem_writeb_cmd_ti(cmd);
1125         handle_ti(s);
1126         break;
1127     case CMD_ICCS:
1128         trace_esp_mem_writeb_cmd_iccs(cmd);
1129         write_response(s);
1130         break;
1131     case CMD_MSGACC:
1132         trace_esp_mem_writeb_cmd_msgacc(cmd);
1133         s->rregs[ESP_RINTR] |= INTR_DC;
1134         s->rregs[ESP_RSEQ] = 0;
1135         s->rregs[ESP_RFLAGS] = 0;
1136         esp_raise_irq(s);
1137         break;
1138     case CMD_PAD:
1139         trace_esp_mem_writeb_cmd_pad(cmd);
1140         handle_pad(s);
1141         break;
1142     case CMD_SATN:
1143         trace_esp_mem_writeb_cmd_satn(cmd);
1144         break;
1145     case CMD_RSTATN:
1146         trace_esp_mem_writeb_cmd_rstatn(cmd);
1147         break;
1148     case CMD_SEL:
1149         trace_esp_mem_writeb_cmd_sel(cmd);
1150         handle_s_without_atn(s);
1151         break;
1152     case CMD_SELATN:
1153         trace_esp_mem_writeb_cmd_selatn(cmd);
1154         handle_satn(s);
1155         break;
1156     case CMD_SELATNS:
1157         trace_esp_mem_writeb_cmd_selatns(cmd);
1158         handle_satn_stop(s);
1159         break;
1160     case CMD_ENSEL:
1161         trace_esp_mem_writeb_cmd_ensel(cmd);
1162         s->rregs[ESP_RINTR] = 0;
1163         break;
1164     case CMD_DISSEL:
1165         trace_esp_mem_writeb_cmd_dissel(cmd);
1166         s->rregs[ESP_RINTR] = 0;
1167         esp_raise_irq(s);
1168         break;
1169     default:
1170         trace_esp_error_unhandled_command(cmd);
1171         break;
1172     }
1173 }
1174 
1175 uint64_t esp_reg_read(ESPState *s, uint32_t saddr)
1176 {
1177     uint32_t val;
1178 
1179     switch (saddr) {
1180     case ESP_FIFO:
1181         s->rregs[ESP_FIFO] = esp_fifo_pop(&s->fifo);
1182         val = s->rregs[ESP_FIFO];
1183         break;
1184     case ESP_RINTR:
1185         /*
1186          * Clear sequence step, interrupt register and all status bits
1187          * except TC
1188          */
1189         val = s->rregs[ESP_RINTR];
1190         s->rregs[ESP_RINTR] = 0;
1191         esp_lower_irq(s);
1192         s->rregs[ESP_RSTAT] &= STAT_TC | 7;
1193         /*
1194          * According to the datasheet ESP_RSEQ should be cleared, but as the
1195          * emulation currently defers information transfers to the next TI
1196          * command leave it for now so that pedantic guests such as the old
1197          * Linux 2.6 driver see the correct flags before the next SCSI phase
1198          * transition.
1199          *
1200          * s->rregs[ESP_RSEQ] = SEQ_0;
1201          */
1202         break;
1203     case ESP_TCHI:
1204         /* Return the unique id if the value has never been written */
1205         if (!s->tchi_written) {
1206             val = s->chip_id;
1207         } else {
1208             val = s->rregs[saddr];
1209         }
1210         break;
1211      case ESP_RFLAGS:
1212         /* Bottom 5 bits indicate number of bytes in FIFO */
1213         val = fifo8_num_used(&s->fifo);
1214         break;
1215     default:
1216         val = s->rregs[saddr];
1217         break;
1218     }
1219 
1220     trace_esp_mem_readb(saddr, val);
1221     return val;
1222 }
1223 
1224 void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
1225 {
1226     trace_esp_mem_writeb(saddr, s->wregs[saddr], val);
1227     switch (saddr) {
1228     case ESP_TCHI:
1229         s->tchi_written = true;
1230         /* fall through */
1231     case ESP_TCLO:
1232     case ESP_TCMID:
1233         s->rregs[ESP_RSTAT] &= ~STAT_TC;
1234         break;
1235     case ESP_FIFO:
1236         if (!fifo8_is_full(&s->fifo)) {
1237             esp_fifo_push(&s->fifo, val);
1238         }
1239         esp_do_nodma(s);
1240         break;
1241     case ESP_CMD:
1242         s->rregs[saddr] = val;
1243         esp_run_cmd(s);
1244         break;
1245     case ESP_WBUSID ... ESP_WSYNO:
1246         break;
1247     case ESP_CFG1:
1248     case ESP_CFG2: case ESP_CFG3:
1249     case ESP_RES3: case ESP_RES4:
1250         s->rregs[saddr] = val;
1251         break;
1252     case ESP_WCCF ... ESP_WTEST:
1253         break;
1254     default:
1255         trace_esp_error_invalid_write(val, saddr);
1256         return;
1257     }
1258     s->wregs[saddr] = val;
1259 }
1260 
1261 static bool esp_mem_accepts(void *opaque, hwaddr addr,
1262                             unsigned size, bool is_write,
1263                             MemTxAttrs attrs)
1264 {
1265     return (size == 1) || (is_write && size == 4);
1266 }
1267 
1268 static bool esp_is_before_version_5(void *opaque, int version_id)
1269 {
1270     ESPState *s = ESP(opaque);
1271 
1272     version_id = MIN(version_id, s->mig_version_id);
1273     return version_id < 5;
1274 }
1275 
1276 static bool esp_is_version_5(void *opaque, int version_id)
1277 {
1278     ESPState *s = ESP(opaque);
1279 
1280     version_id = MIN(version_id, s->mig_version_id);
1281     return version_id >= 5;
1282 }
1283 
1284 static bool esp_is_version_6(void *opaque, int version_id)
1285 {
1286     ESPState *s = ESP(opaque);
1287 
1288     version_id = MIN(version_id, s->mig_version_id);
1289     return version_id >= 6;
1290 }
1291 
1292 static bool esp_is_between_version_5_and_6(void *opaque, int version_id)
1293 {
1294     ESPState *s = ESP(opaque);
1295 
1296     version_id = MIN(version_id, s->mig_version_id);
1297     return version_id >= 5 && version_id <= 6;
1298 }
1299 
1300 int esp_pre_save(void *opaque)
1301 {
1302     ESPState *s = ESP(object_resolve_path_component(
1303                       OBJECT(opaque), "esp"));
1304 
1305     s->mig_version_id = vmstate_esp.version_id;
1306     return 0;
1307 }
1308 
1309 static int esp_post_load(void *opaque, int version_id)
1310 {
1311     ESPState *s = ESP(opaque);
1312     int len, i;
1313 
1314     version_id = MIN(version_id, s->mig_version_id);
1315 
1316     if (version_id < 5) {
1317         esp_set_tc(s, s->mig_dma_left);
1318 
1319         /* Migrate ti_buf to fifo */
1320         len = s->mig_ti_wptr - s->mig_ti_rptr;
1321         for (i = 0; i < len; i++) {
1322             fifo8_push(&s->fifo, s->mig_ti_buf[i]);
1323         }
1324 
1325         /* Migrate cmdbuf to cmdfifo */
1326         for (i = 0; i < s->mig_cmdlen; i++) {
1327             fifo8_push(&s->cmdfifo, s->mig_cmdbuf[i]);
1328         }
1329     }
1330 
1331     s->mig_version_id = vmstate_esp.version_id;
1332     return 0;
1333 }
1334 
1335 const VMStateDescription vmstate_esp = {
1336     .name = "esp",
1337     .version_id = 7,
1338     .minimum_version_id = 3,
1339     .post_load = esp_post_load,
1340     .fields = (const VMStateField[]) {
1341         VMSTATE_BUFFER(rregs, ESPState),
1342         VMSTATE_BUFFER(wregs, ESPState),
1343         VMSTATE_INT32(ti_size, ESPState),
1344         VMSTATE_UINT32_TEST(mig_ti_rptr, ESPState, esp_is_before_version_5),
1345         VMSTATE_UINT32_TEST(mig_ti_wptr, ESPState, esp_is_before_version_5),
1346         VMSTATE_BUFFER_TEST(mig_ti_buf, ESPState, esp_is_before_version_5),
1347         VMSTATE_UINT32(status, ESPState),
1348         VMSTATE_UINT32_TEST(mig_deferred_status, ESPState,
1349                             esp_is_before_version_5),
1350         VMSTATE_BOOL_TEST(mig_deferred_complete, ESPState,
1351                           esp_is_before_version_5),
1352         VMSTATE_UINT32(dma, ESPState),
1353         VMSTATE_STATIC_BUFFER(mig_cmdbuf, ESPState, 0,
1354                               esp_is_before_version_5, 0, 16),
1355         VMSTATE_STATIC_BUFFER(mig_cmdbuf, ESPState, 4,
1356                               esp_is_before_version_5, 16,
1357                               sizeof(typeof_field(ESPState, mig_cmdbuf))),
1358         VMSTATE_UINT32_TEST(mig_cmdlen, ESPState, esp_is_before_version_5),
1359         VMSTATE_UINT32(do_cmd, ESPState),
1360         VMSTATE_UINT32_TEST(mig_dma_left, ESPState, esp_is_before_version_5),
1361         VMSTATE_BOOL_TEST(data_ready, ESPState, esp_is_version_5),
1362         VMSTATE_UINT8_TEST(cmdfifo_cdb_offset, ESPState, esp_is_version_5),
1363         VMSTATE_FIFO8_TEST(fifo, ESPState, esp_is_version_5),
1364         VMSTATE_FIFO8_TEST(cmdfifo, ESPState, esp_is_version_5),
1365         VMSTATE_UINT8_TEST(mig_ti_cmd, ESPState,
1366                            esp_is_between_version_5_and_6),
1367         VMSTATE_UINT8_TEST(lun, ESPState, esp_is_version_6),
1368         VMSTATE_BOOL(drq_state, ESPState),
1369         VMSTATE_END_OF_LIST()
1370     },
1371 };
1372 
1373 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,
1374                                  uint64_t val, unsigned int size)
1375 {
1376     SysBusESPState *sysbus = opaque;
1377     ESPState *s = ESP(&sysbus->esp);
1378     uint32_t saddr;
1379 
1380     saddr = addr >> sysbus->it_shift;
1381     esp_reg_write(s, saddr, val);
1382 }
1383 
1384 static uint64_t sysbus_esp_mem_read(void *opaque, hwaddr addr,
1385                                     unsigned int size)
1386 {
1387     SysBusESPState *sysbus = opaque;
1388     ESPState *s = ESP(&sysbus->esp);
1389     uint32_t saddr;
1390 
1391     saddr = addr >> sysbus->it_shift;
1392     return esp_reg_read(s, saddr);
1393 }
1394 
1395 static const MemoryRegionOps sysbus_esp_mem_ops = {
1396     .read = sysbus_esp_mem_read,
1397     .write = sysbus_esp_mem_write,
1398     .endianness = DEVICE_NATIVE_ENDIAN,
1399     .valid.accepts = esp_mem_accepts,
1400 };
1401 
1402 static void sysbus_esp_pdma_write(void *opaque, hwaddr addr,
1403                                   uint64_t val, unsigned int size)
1404 {
1405     SysBusESPState *sysbus = opaque;
1406     ESPState *s = ESP(&sysbus->esp);
1407 
1408     trace_esp_pdma_write(size);
1409 
1410     switch (size) {
1411     case 1:
1412         esp_pdma_write(s, val);
1413         break;
1414     case 2:
1415         esp_pdma_write(s, val >> 8);
1416         esp_pdma_write(s, val);
1417         break;
1418     }
1419     esp_do_dma(s);
1420 }
1421 
1422 static uint64_t sysbus_esp_pdma_read(void *opaque, hwaddr addr,
1423                                      unsigned int size)
1424 {
1425     SysBusESPState *sysbus = opaque;
1426     ESPState *s = ESP(&sysbus->esp);
1427     uint64_t val = 0;
1428 
1429     trace_esp_pdma_read(size);
1430 
1431     switch (size) {
1432     case 1:
1433         val = esp_pdma_read(s);
1434         break;
1435     case 2:
1436         val = esp_pdma_read(s);
1437         val = (val << 8) | esp_pdma_read(s);
1438         break;
1439     }
1440     esp_do_dma(s);
1441     return val;
1442 }
1443 
1444 static void *esp_load_request(QEMUFile *f, SCSIRequest *req)
1445 {
1446     ESPState *s = container_of(req->bus, ESPState, bus);
1447 
1448     scsi_req_ref(req);
1449     s->current_req = req;
1450     return s;
1451 }
1452 
1453 static const MemoryRegionOps sysbus_esp_pdma_ops = {
1454     .read = sysbus_esp_pdma_read,
1455     .write = sysbus_esp_pdma_write,
1456     .endianness = DEVICE_NATIVE_ENDIAN,
1457     .valid.min_access_size = 1,
1458     .valid.max_access_size = 4,
1459     .impl.min_access_size = 1,
1460     .impl.max_access_size = 2,
1461 };
1462 
1463 static const struct SCSIBusInfo esp_scsi_info = {
1464     .tcq = false,
1465     .max_target = ESP_MAX_DEVS,
1466     .max_lun = 7,
1467 
1468     .load_request = esp_load_request,
1469     .transfer_data = esp_transfer_data,
1470     .complete = esp_command_complete,
1471     .cancel = esp_request_cancelled
1472 };
1473 
1474 static void sysbus_esp_gpio_demux(void *opaque, int irq, int level)
1475 {
1476     SysBusESPState *sysbus = SYSBUS_ESP(opaque);
1477     ESPState *s = ESP(&sysbus->esp);
1478 
1479     switch (irq) {
1480     case 0:
1481         parent_esp_reset(s, irq, level);
1482         break;
1483     case 1:
1484         esp_dma_enable(s, irq, level);
1485         break;
1486     }
1487 }
1488 
1489 static void sysbus_esp_realize(DeviceState *dev, Error **errp)
1490 {
1491     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1492     SysBusESPState *sysbus = SYSBUS_ESP(dev);
1493     ESPState *s = ESP(&sysbus->esp);
1494 
1495     if (!qdev_realize(DEVICE(s), NULL, errp)) {
1496         return;
1497     }
1498 
1499     sysbus_init_irq(sbd, &s->irq);
1500     sysbus_init_irq(sbd, &s->drq_irq);
1501     assert(sysbus->it_shift != -1);
1502 
1503     s->chip_id = TCHI_FAS100A;
1504     memory_region_init_io(&sysbus->iomem, OBJECT(sysbus), &sysbus_esp_mem_ops,
1505                           sysbus, "esp-regs", ESP_REGS << sysbus->it_shift);
1506     sysbus_init_mmio(sbd, &sysbus->iomem);
1507     memory_region_init_io(&sysbus->pdma, OBJECT(sysbus), &sysbus_esp_pdma_ops,
1508                           sysbus, "esp-pdma", 4);
1509     sysbus_init_mmio(sbd, &sysbus->pdma);
1510 
1511     qdev_init_gpio_in(dev, sysbus_esp_gpio_demux, 2);
1512 
1513     scsi_bus_init(&s->bus, sizeof(s->bus), dev, &esp_scsi_info);
1514 }
1515 
1516 static void sysbus_esp_hard_reset(DeviceState *dev)
1517 {
1518     SysBusESPState *sysbus = SYSBUS_ESP(dev);
1519     ESPState *s = ESP(&sysbus->esp);
1520 
1521     esp_hard_reset(s);
1522 }
1523 
1524 static void sysbus_esp_init(Object *obj)
1525 {
1526     SysBusESPState *sysbus = SYSBUS_ESP(obj);
1527 
1528     object_initialize_child(obj, "esp", &sysbus->esp, TYPE_ESP);
1529 }
1530 
1531 static const VMStateDescription vmstate_sysbus_esp_scsi = {
1532     .name = "sysbusespscsi",
1533     .version_id = 2,
1534     .minimum_version_id = 1,
1535     .pre_save = esp_pre_save,
1536     .fields = (const VMStateField[]) {
1537         VMSTATE_UINT8_V(esp.mig_version_id, SysBusESPState, 2),
1538         VMSTATE_STRUCT(esp, SysBusESPState, 0, vmstate_esp, ESPState),
1539         VMSTATE_END_OF_LIST()
1540     }
1541 };
1542 
1543 static void sysbus_esp_class_init(ObjectClass *klass, void *data)
1544 {
1545     DeviceClass *dc = DEVICE_CLASS(klass);
1546 
1547     dc->realize = sysbus_esp_realize;
1548     dc->reset = sysbus_esp_hard_reset;
1549     dc->vmsd = &vmstate_sysbus_esp_scsi;
1550     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
1551 }
1552 
1553 static void esp_finalize(Object *obj)
1554 {
1555     ESPState *s = ESP(obj);
1556 
1557     fifo8_destroy(&s->fifo);
1558     fifo8_destroy(&s->cmdfifo);
1559 }
1560 
1561 static void esp_init(Object *obj)
1562 {
1563     ESPState *s = ESP(obj);
1564 
1565     fifo8_create(&s->fifo, ESP_FIFO_SZ);
1566     fifo8_create(&s->cmdfifo, ESP_CMDFIFO_SZ);
1567 }
1568 
1569 static void esp_class_init(ObjectClass *klass, void *data)
1570 {
1571     DeviceClass *dc = DEVICE_CLASS(klass);
1572 
1573     /* internal device for sysbusesp/pciespscsi, not user-creatable */
1574     dc->user_creatable = false;
1575     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
1576 }
1577 
1578 static const TypeInfo esp_info_types[] = {
1579     {
1580         .name          = TYPE_SYSBUS_ESP,
1581         .parent        = TYPE_SYS_BUS_DEVICE,
1582         .instance_init = sysbus_esp_init,
1583         .instance_size = sizeof(SysBusESPState),
1584         .class_init    = sysbus_esp_class_init,
1585     },
1586     {
1587         .name = TYPE_ESP,
1588         .parent = TYPE_DEVICE,
1589         .instance_init = esp_init,
1590         .instance_finalize = esp_finalize,
1591         .instance_size = sizeof(ESPState),
1592         .class_init = esp_class_init,
1593     },
1594 };
1595 
1596 DEFINE_TYPES(esp_info_types)
1597