1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include <assert.h> 17 18 #include "hw/hw.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "sysemu/dma.h" 22 #include "qemu/error-report.h" 23 24 //#define DEBUG_LSI 25 //#define DEBUG_LSI_REG 26 27 #ifdef DEBUG_LSI 28 #define DPRINTF(fmt, ...) \ 29 do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0) 30 #define BADF(fmt, ...) \ 31 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0) 32 #else 33 #define DPRINTF(fmt, ...) do {} while(0) 34 #define BADF(fmt, ...) \ 35 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0) 36 #endif 37 38 #define LSI_MAX_DEVS 7 39 40 #define LSI_SCNTL0_TRG 0x01 41 #define LSI_SCNTL0_AAP 0x02 42 #define LSI_SCNTL0_EPC 0x08 43 #define LSI_SCNTL0_WATN 0x10 44 #define LSI_SCNTL0_START 0x20 45 46 #define LSI_SCNTL1_SST 0x01 47 #define LSI_SCNTL1_IARB 0x02 48 #define LSI_SCNTL1_AESP 0x04 49 #define LSI_SCNTL1_RST 0x08 50 #define LSI_SCNTL1_CON 0x10 51 #define LSI_SCNTL1_DHP 0x20 52 #define LSI_SCNTL1_ADB 0x40 53 #define LSI_SCNTL1_EXC 0x80 54 55 #define LSI_SCNTL2_WSR 0x01 56 #define LSI_SCNTL2_VUE0 0x02 57 #define LSI_SCNTL2_VUE1 0x04 58 #define LSI_SCNTL2_WSS 0x08 59 #define LSI_SCNTL2_SLPHBEN 0x10 60 #define LSI_SCNTL2_SLPMD 0x20 61 #define LSI_SCNTL2_CHM 0x40 62 #define LSI_SCNTL2_SDU 0x80 63 64 #define LSI_ISTAT0_DIP 0x01 65 #define LSI_ISTAT0_SIP 0x02 66 #define LSI_ISTAT0_INTF 0x04 67 #define LSI_ISTAT0_CON 0x08 68 #define LSI_ISTAT0_SEM 0x10 69 #define LSI_ISTAT0_SIGP 0x20 70 #define LSI_ISTAT0_SRST 0x40 71 #define LSI_ISTAT0_ABRT 0x80 72 73 #define LSI_ISTAT1_SI 0x01 74 #define LSI_ISTAT1_SRUN 0x02 75 #define LSI_ISTAT1_FLSH 0x04 76 77 #define LSI_SSTAT0_SDP0 0x01 78 #define LSI_SSTAT0_RST 0x02 79 #define LSI_SSTAT0_WOA 0x04 80 #define LSI_SSTAT0_LOA 0x08 81 #define LSI_SSTAT0_AIP 0x10 82 #define LSI_SSTAT0_OLF 0x20 83 #define LSI_SSTAT0_ORF 0x40 84 #define LSI_SSTAT0_ILF 0x80 85 86 #define LSI_SIST0_PAR 0x01 87 #define LSI_SIST0_RST 0x02 88 #define LSI_SIST0_UDC 0x04 89 #define LSI_SIST0_SGE 0x08 90 #define LSI_SIST0_RSL 0x10 91 #define LSI_SIST0_SEL 0x20 92 #define LSI_SIST0_CMP 0x40 93 #define LSI_SIST0_MA 0x80 94 95 #define LSI_SIST1_HTH 0x01 96 #define LSI_SIST1_GEN 0x02 97 #define LSI_SIST1_STO 0x04 98 #define LSI_SIST1_SBMC 0x10 99 100 #define LSI_SOCL_IO 0x01 101 #define LSI_SOCL_CD 0x02 102 #define LSI_SOCL_MSG 0x04 103 #define LSI_SOCL_ATN 0x08 104 #define LSI_SOCL_SEL 0x10 105 #define LSI_SOCL_BSY 0x20 106 #define LSI_SOCL_ACK 0x40 107 #define LSI_SOCL_REQ 0x80 108 109 #define LSI_DSTAT_IID 0x01 110 #define LSI_DSTAT_SIR 0x04 111 #define LSI_DSTAT_SSI 0x08 112 #define LSI_DSTAT_ABRT 0x10 113 #define LSI_DSTAT_BF 0x20 114 #define LSI_DSTAT_MDPE 0x40 115 #define LSI_DSTAT_DFE 0x80 116 117 #define LSI_DCNTL_COM 0x01 118 #define LSI_DCNTL_IRQD 0x02 119 #define LSI_DCNTL_STD 0x04 120 #define LSI_DCNTL_IRQM 0x08 121 #define LSI_DCNTL_SSM 0x10 122 #define LSI_DCNTL_PFEN 0x20 123 #define LSI_DCNTL_PFF 0x40 124 #define LSI_DCNTL_CLSE 0x80 125 126 #define LSI_DMODE_MAN 0x01 127 #define LSI_DMODE_BOF 0x02 128 #define LSI_DMODE_ERMP 0x04 129 #define LSI_DMODE_ERL 0x08 130 #define LSI_DMODE_DIOM 0x10 131 #define LSI_DMODE_SIOM 0x20 132 133 #define LSI_CTEST2_DACK 0x01 134 #define LSI_CTEST2_DREQ 0x02 135 #define LSI_CTEST2_TEOP 0x04 136 #define LSI_CTEST2_PCICIE 0x08 137 #define LSI_CTEST2_CM 0x10 138 #define LSI_CTEST2_CIO 0x20 139 #define LSI_CTEST2_SIGP 0x40 140 #define LSI_CTEST2_DDIR 0x80 141 142 #define LSI_CTEST5_BL2 0x04 143 #define LSI_CTEST5_DDIR 0x08 144 #define LSI_CTEST5_MASR 0x10 145 #define LSI_CTEST5_DFSN 0x20 146 #define LSI_CTEST5_BBCK 0x40 147 #define LSI_CTEST5_ADCK 0x80 148 149 #define LSI_CCNTL0_DILS 0x01 150 #define LSI_CCNTL0_DISFC 0x10 151 #define LSI_CCNTL0_ENNDJ 0x20 152 #define LSI_CCNTL0_PMJCTL 0x40 153 #define LSI_CCNTL0_ENPMJ 0x80 154 155 #define LSI_CCNTL1_EN64DBMV 0x01 156 #define LSI_CCNTL1_EN64TIBMV 0x02 157 #define LSI_CCNTL1_64TIMOD 0x04 158 #define LSI_CCNTL1_DDAC 0x08 159 #define LSI_CCNTL1_ZMOD 0x80 160 161 /* Enable Response to Reselection */ 162 #define LSI_SCID_RRE 0x60 163 164 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 165 166 #define PHASE_DO 0 167 #define PHASE_DI 1 168 #define PHASE_CMD 2 169 #define PHASE_ST 3 170 #define PHASE_MO 6 171 #define PHASE_MI 7 172 #define PHASE_MASK 7 173 174 /* Maximum length of MSG IN data. */ 175 #define LSI_MAX_MSGIN_LEN 8 176 177 /* Flag set if this is a tagged command. */ 178 #define LSI_TAG_VALID (1 << 16) 179 180 typedef struct lsi_request { 181 SCSIRequest *req; 182 uint32_t tag; 183 uint32_t dma_len; 184 uint8_t *dma_buf; 185 uint32_t pending; 186 int out; 187 QTAILQ_ENTRY(lsi_request) next; 188 } lsi_request; 189 190 typedef struct { 191 /*< private >*/ 192 PCIDevice parent_obj; 193 /*< public >*/ 194 195 MemoryRegion mmio_io; 196 MemoryRegion ram_io; 197 MemoryRegion io_io; 198 199 int carry; /* ??? Should this be an a visible register somewhere? */ 200 int status; 201 /* Action to take at the end of a MSG IN phase. 202 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */ 203 int msg_action; 204 int msg_len; 205 uint8_t msg[LSI_MAX_MSGIN_LEN]; 206 /* 0 if SCRIPTS are running or stopped. 207 * 1 if a Wait Reselect instruction has been issued. 208 * 2 if processing DMA from lsi_execute_script. 209 * 3 if a DMA operation is in progress. */ 210 int waiting; 211 SCSIBus bus; 212 int current_lun; 213 /* The tag is a combination of the device ID and the SCSI tag. */ 214 uint32_t select_tag; 215 int command_complete; 216 QTAILQ_HEAD(, lsi_request) queue; 217 lsi_request *current; 218 219 uint32_t dsa; 220 uint32_t temp; 221 uint32_t dnad; 222 uint32_t dbc; 223 uint8_t istat0; 224 uint8_t istat1; 225 uint8_t dcmd; 226 uint8_t dstat; 227 uint8_t dien; 228 uint8_t sist0; 229 uint8_t sist1; 230 uint8_t sien0; 231 uint8_t sien1; 232 uint8_t mbox0; 233 uint8_t mbox1; 234 uint8_t dfifo; 235 uint8_t ctest2; 236 uint8_t ctest3; 237 uint8_t ctest4; 238 uint8_t ctest5; 239 uint8_t ccntl0; 240 uint8_t ccntl1; 241 uint32_t dsp; 242 uint32_t dsps; 243 uint8_t dmode; 244 uint8_t dcntl; 245 uint8_t scntl0; 246 uint8_t scntl1; 247 uint8_t scntl2; 248 uint8_t scntl3; 249 uint8_t sstat0; 250 uint8_t sstat1; 251 uint8_t scid; 252 uint8_t sxfer; 253 uint8_t socl; 254 uint8_t sdid; 255 uint8_t ssid; 256 uint8_t sfbr; 257 uint8_t stest1; 258 uint8_t stest2; 259 uint8_t stest3; 260 uint8_t sidl; 261 uint8_t stime0; 262 uint8_t respid0; 263 uint8_t respid1; 264 uint32_t mmrs; 265 uint32_t mmws; 266 uint32_t sfs; 267 uint32_t drs; 268 uint32_t sbms; 269 uint32_t dbms; 270 uint32_t dnad64; 271 uint32_t pmjad1; 272 uint32_t pmjad2; 273 uint32_t rbc; 274 uint32_t ua; 275 uint32_t ia; 276 uint32_t sbc; 277 uint32_t csbc; 278 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 279 uint8_t sbr; 280 uint32_t adder; 281 282 /* Script ram is stored as 32-bit words in host byteorder. */ 283 uint32_t script_ram[2048]; 284 } LSIState; 285 286 #define TYPE_LSI53C810 "lsi53c810" 287 #define TYPE_LSI53C895A "lsi53c895a" 288 289 #define LSI53C895A(obj) \ 290 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A) 291 292 static inline int lsi_irq_on_rsl(LSIState *s) 293 { 294 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 295 } 296 297 static void lsi_soft_reset(LSIState *s) 298 { 299 DPRINTF("Reset\n"); 300 s->carry = 0; 301 302 s->msg_action = 0; 303 s->msg_len = 0; 304 s->waiting = 0; 305 s->dsa = 0; 306 s->dnad = 0; 307 s->dbc = 0; 308 s->temp = 0; 309 memset(s->scratch, 0, sizeof(s->scratch)); 310 s->istat0 = 0; 311 s->istat1 = 0; 312 s->dcmd = 0x40; 313 s->dstat = LSI_DSTAT_DFE; 314 s->dien = 0; 315 s->sist0 = 0; 316 s->sist1 = 0; 317 s->sien0 = 0; 318 s->sien1 = 0; 319 s->mbox0 = 0; 320 s->mbox1 = 0; 321 s->dfifo = 0; 322 s->ctest2 = LSI_CTEST2_DACK; 323 s->ctest3 = 0; 324 s->ctest4 = 0; 325 s->ctest5 = 0; 326 s->ccntl0 = 0; 327 s->ccntl1 = 0; 328 s->dsp = 0; 329 s->dsps = 0; 330 s->dmode = 0; 331 s->dcntl = 0; 332 s->scntl0 = 0xc0; 333 s->scntl1 = 0; 334 s->scntl2 = 0; 335 s->scntl3 = 0; 336 s->sstat0 = 0; 337 s->sstat1 = 0; 338 s->scid = 7; 339 s->sxfer = 0; 340 s->socl = 0; 341 s->sdid = 0; 342 s->ssid = 0; 343 s->stest1 = 0; 344 s->stest2 = 0; 345 s->stest3 = 0; 346 s->sidl = 0; 347 s->stime0 = 0; 348 s->respid0 = 0x80; 349 s->respid1 = 0; 350 s->mmrs = 0; 351 s->mmws = 0; 352 s->sfs = 0; 353 s->drs = 0; 354 s->sbms = 0; 355 s->dbms = 0; 356 s->dnad64 = 0; 357 s->pmjad1 = 0; 358 s->pmjad2 = 0; 359 s->rbc = 0; 360 s->ua = 0; 361 s->ia = 0; 362 s->sbc = 0; 363 s->csbc = 0; 364 s->sbr = 0; 365 assert(QTAILQ_EMPTY(&s->queue)); 366 assert(!s->current); 367 } 368 369 static int lsi_dma_40bit(LSIState *s) 370 { 371 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 372 return 1; 373 return 0; 374 } 375 376 static int lsi_dma_ti64bit(LSIState *s) 377 { 378 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 379 return 1; 380 return 0; 381 } 382 383 static int lsi_dma_64bit(LSIState *s) 384 { 385 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 386 return 1; 387 return 0; 388 } 389 390 static uint8_t lsi_reg_readb(LSIState *s, int offset); 391 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 392 static void lsi_execute_script(LSIState *s); 393 static void lsi_reselect(LSIState *s, lsi_request *p); 394 395 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 396 { 397 uint32_t buf; 398 399 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 400 return cpu_to_le32(buf); 401 } 402 403 static void lsi_stop_script(LSIState *s) 404 { 405 s->istat1 &= ~LSI_ISTAT1_SRUN; 406 } 407 408 static void lsi_update_irq(LSIState *s) 409 { 410 PCIDevice *d = PCI_DEVICE(s); 411 int level; 412 static int last_level; 413 lsi_request *p; 414 415 /* It's unclear whether the DIP/SIP bits should be cleared when the 416 Interrupt Status Registers are cleared or when istat0 is read. 417 We currently do the formwer, which seems to work. */ 418 level = 0; 419 if (s->dstat) { 420 if (s->dstat & s->dien) 421 level = 1; 422 s->istat0 |= LSI_ISTAT0_DIP; 423 } else { 424 s->istat0 &= ~LSI_ISTAT0_DIP; 425 } 426 427 if (s->sist0 || s->sist1) { 428 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 429 level = 1; 430 s->istat0 |= LSI_ISTAT0_SIP; 431 } else { 432 s->istat0 &= ~LSI_ISTAT0_SIP; 433 } 434 if (s->istat0 & LSI_ISTAT0_INTF) 435 level = 1; 436 437 if (level != last_level) { 438 DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n", 439 level, s->dstat, s->sist1, s->sist0); 440 last_level = level; 441 } 442 pci_set_irq(d, level); 443 444 if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 445 DPRINTF("Handled IRQs & disconnected, looking for pending " 446 "processes\n"); 447 QTAILQ_FOREACH(p, &s->queue, next) { 448 if (p->pending) { 449 lsi_reselect(s, p); 450 break; 451 } 452 } 453 } 454 } 455 456 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 457 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 458 { 459 uint32_t mask0; 460 uint32_t mask1; 461 462 DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n", 463 stat1, stat0, s->sist1, s->sist0); 464 s->sist0 |= stat0; 465 s->sist1 |= stat1; 466 /* Stop processor on fatal or unmasked interrupt. As a special hack 467 we don't stop processing when raising STO. Instead continue 468 execution and stop at the next insn that accesses the SCSI bus. */ 469 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 470 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 471 mask1 &= ~LSI_SIST1_STO; 472 if (s->sist0 & mask0 || s->sist1 & mask1) { 473 lsi_stop_script(s); 474 } 475 lsi_update_irq(s); 476 } 477 478 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 479 static void lsi_script_dma_interrupt(LSIState *s, int stat) 480 { 481 DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat); 482 s->dstat |= stat; 483 lsi_update_irq(s); 484 lsi_stop_script(s); 485 } 486 487 static inline void lsi_set_phase(LSIState *s, int phase) 488 { 489 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 490 } 491 492 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 493 { 494 /* Trigger a phase mismatch. */ 495 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 496 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 497 s->dsp = out ? s->pmjad1 : s->pmjad2; 498 } else { 499 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 500 } 501 DPRINTF("Data phase mismatch jump to %08x\n", s->dsp); 502 } else { 503 DPRINTF("Phase mismatch interrupt\n"); 504 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 505 lsi_stop_script(s); 506 } 507 lsi_set_phase(s, new_phase); 508 } 509 510 511 /* Resume SCRIPTS execution after a DMA operation. */ 512 static void lsi_resume_script(LSIState *s) 513 { 514 if (s->waiting != 2) { 515 s->waiting = 0; 516 lsi_execute_script(s); 517 } else { 518 s->waiting = 0; 519 } 520 } 521 522 static void lsi_disconnect(LSIState *s) 523 { 524 s->scntl1 &= ~LSI_SCNTL1_CON; 525 s->sstat1 &= ~PHASE_MASK; 526 } 527 528 static void lsi_bad_selection(LSIState *s, uint32_t id) 529 { 530 DPRINTF("Selected absent target %d\n", id); 531 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 532 lsi_disconnect(s); 533 } 534 535 /* Initiate a SCSI layer data transfer. */ 536 static void lsi_do_dma(LSIState *s, int out) 537 { 538 PCIDevice *pci_dev; 539 uint32_t count; 540 dma_addr_t addr; 541 SCSIDevice *dev; 542 543 assert(s->current); 544 if (!s->current->dma_len) { 545 /* Wait until data is available. */ 546 DPRINTF("DMA no data available\n"); 547 return; 548 } 549 550 pci_dev = PCI_DEVICE(s); 551 dev = s->current->req->dev; 552 assert(dev); 553 554 count = s->dbc; 555 if (count > s->current->dma_len) 556 count = s->current->dma_len; 557 558 addr = s->dnad; 559 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 560 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 561 addr |= ((uint64_t)s->dnad64 << 32); 562 else if (s->dbms) 563 addr |= ((uint64_t)s->dbms << 32); 564 else if (s->sbms) 565 addr |= ((uint64_t)s->sbms << 32); 566 567 DPRINTF("DMA addr=0x" DMA_ADDR_FMT " len=%d\n", addr, count); 568 s->csbc += count; 569 s->dnad += count; 570 s->dbc -= count; 571 if (s->current->dma_buf == NULL) { 572 s->current->dma_buf = scsi_req_get_buf(s->current->req); 573 } 574 /* ??? Set SFBR to first data byte. */ 575 if (out) { 576 pci_dma_read(pci_dev, addr, s->current->dma_buf, count); 577 } else { 578 pci_dma_write(pci_dev, addr, s->current->dma_buf, count); 579 } 580 s->current->dma_len -= count; 581 if (s->current->dma_len == 0) { 582 s->current->dma_buf = NULL; 583 scsi_req_continue(s->current->req); 584 } else { 585 s->current->dma_buf += count; 586 lsi_resume_script(s); 587 } 588 } 589 590 591 /* Add a command to the queue. */ 592 static void lsi_queue_command(LSIState *s) 593 { 594 lsi_request *p = s->current; 595 596 DPRINTF("Queueing tag=0x%x\n", p->tag); 597 assert(s->current != NULL); 598 assert(s->current->dma_len == 0); 599 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 600 s->current = NULL; 601 602 p->pending = 0; 603 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 604 } 605 606 /* Queue a byte for a MSG IN phase. */ 607 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 608 { 609 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 610 BADF("MSG IN data too long\n"); 611 } else { 612 DPRINTF("MSG IN 0x%02x\n", data); 613 s->msg[s->msg_len++] = data; 614 } 615 } 616 617 /* Perform reselection to continue a command. */ 618 static void lsi_reselect(LSIState *s, lsi_request *p) 619 { 620 int id; 621 622 assert(s->current == NULL); 623 QTAILQ_REMOVE(&s->queue, p, next); 624 s->current = p; 625 626 id = (p->tag >> 8) & 0xf; 627 s->ssid = id | 0x80; 628 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 629 if (!(s->dcntl & LSI_DCNTL_COM)) { 630 s->sfbr = 1 << (id & 0x7); 631 } 632 DPRINTF("Reselected target %d\n", id); 633 s->scntl1 |= LSI_SCNTL1_CON; 634 lsi_set_phase(s, PHASE_MI); 635 s->msg_action = p->out ? 2 : 3; 636 s->current->dma_len = p->pending; 637 lsi_add_msg_byte(s, 0x80); 638 if (s->current->tag & LSI_TAG_VALID) { 639 lsi_add_msg_byte(s, 0x20); 640 lsi_add_msg_byte(s, p->tag & 0xff); 641 } 642 643 if (lsi_irq_on_rsl(s)) { 644 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 645 } 646 } 647 648 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 649 { 650 lsi_request *p; 651 652 QTAILQ_FOREACH(p, &s->queue, next) { 653 if (p->tag == tag) { 654 return p; 655 } 656 } 657 658 return NULL; 659 } 660 661 static void lsi_request_free(LSIState *s, lsi_request *p) 662 { 663 if (p == s->current) { 664 s->current = NULL; 665 } else { 666 QTAILQ_REMOVE(&s->queue, p, next); 667 } 668 g_free(p); 669 } 670 671 static void lsi_request_cancelled(SCSIRequest *req) 672 { 673 LSIState *s = LSI53C895A(req->bus->qbus.parent); 674 lsi_request *p = req->hba_private; 675 676 req->hba_private = NULL; 677 lsi_request_free(s, p); 678 scsi_req_unref(req); 679 } 680 681 /* Record that data is available for a queued command. Returns zero if 682 the device was reselected, nonzero if the IO is deferred. */ 683 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 684 { 685 lsi_request *p = req->hba_private; 686 687 if (p->pending) { 688 BADF("Multiple IO pending for request %p\n", p); 689 } 690 p->pending = len; 691 /* Reselect if waiting for it, or if reselection triggers an IRQ 692 and the bus is free. 693 Since no interrupt stacking is implemented in the emulation, it 694 is also required that there are no pending interrupts waiting 695 for service from the device driver. */ 696 if (s->waiting == 1 || 697 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 698 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 699 /* Reselect device. */ 700 lsi_reselect(s, p); 701 return 0; 702 } else { 703 DPRINTF("Queueing IO tag=0x%x\n", p->tag); 704 p->pending = len; 705 return 1; 706 } 707 } 708 709 /* Callback to indicate that the SCSI layer has completed a command. */ 710 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 711 { 712 LSIState *s = LSI53C895A(req->bus->qbus.parent); 713 int out; 714 715 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 716 DPRINTF("Command complete status=%d\n", (int)status); 717 s->status = status; 718 s->command_complete = 2; 719 if (s->waiting && s->dbc != 0) { 720 /* Raise phase mismatch for short transfers. */ 721 lsi_bad_phase(s, out, PHASE_ST); 722 } else { 723 lsi_set_phase(s, PHASE_ST); 724 } 725 726 if (req->hba_private == s->current) { 727 req->hba_private = NULL; 728 lsi_request_free(s, s->current); 729 scsi_req_unref(req); 730 } 731 lsi_resume_script(s); 732 } 733 734 /* Callback to indicate that the SCSI layer has completed a transfer. */ 735 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 736 { 737 LSIState *s = LSI53C895A(req->bus->qbus.parent); 738 int out; 739 740 assert(req->hba_private); 741 if (s->waiting == 1 || req->hba_private != s->current || 742 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 743 if (lsi_queue_req(s, req, len)) { 744 return; 745 } 746 } 747 748 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 749 750 /* host adapter (re)connected */ 751 DPRINTF("Data ready tag=0x%x len=%d\n", req->tag, len); 752 s->current->dma_len = len; 753 s->command_complete = 1; 754 if (s->waiting) { 755 if (s->waiting == 1 || s->dbc == 0) { 756 lsi_resume_script(s); 757 } else { 758 lsi_do_dma(s, out); 759 } 760 } 761 } 762 763 static void lsi_do_command(LSIState *s) 764 { 765 SCSIDevice *dev; 766 uint8_t buf[16]; 767 uint32_t id; 768 int n; 769 770 DPRINTF("Send command len=%d\n", s->dbc); 771 if (s->dbc > 16) 772 s->dbc = 16; 773 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 774 s->sfbr = buf[0]; 775 s->command_complete = 0; 776 777 id = (s->select_tag >> 8) & 0xf; 778 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 779 if (!dev) { 780 lsi_bad_selection(s, id); 781 return; 782 } 783 784 assert(s->current == NULL); 785 s->current = g_new0(lsi_request, 1); 786 s->current->tag = s->select_tag; 787 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 788 s->current); 789 790 n = scsi_req_enqueue(s->current->req); 791 if (n) { 792 if (n > 0) { 793 lsi_set_phase(s, PHASE_DI); 794 } else if (n < 0) { 795 lsi_set_phase(s, PHASE_DO); 796 } 797 scsi_req_continue(s->current->req); 798 } 799 if (!s->command_complete) { 800 if (n) { 801 /* Command did not complete immediately so disconnect. */ 802 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 803 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 804 /* wait data */ 805 lsi_set_phase(s, PHASE_MI); 806 s->msg_action = 1; 807 lsi_queue_command(s); 808 } else { 809 /* wait command complete */ 810 lsi_set_phase(s, PHASE_DI); 811 } 812 } 813 } 814 815 static void lsi_do_status(LSIState *s) 816 { 817 uint8_t status; 818 DPRINTF("Get status len=%d status=%d\n", s->dbc, s->status); 819 if (s->dbc != 1) 820 BADF("Bad Status move\n"); 821 s->dbc = 1; 822 status = s->status; 823 s->sfbr = status; 824 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 825 lsi_set_phase(s, PHASE_MI); 826 s->msg_action = 1; 827 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 828 } 829 830 static void lsi_do_msgin(LSIState *s) 831 { 832 int len; 833 DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len); 834 s->sfbr = s->msg[0]; 835 len = s->msg_len; 836 if (len > s->dbc) 837 len = s->dbc; 838 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 839 /* Linux drivers rely on the last byte being in the SIDL. */ 840 s->sidl = s->msg[len - 1]; 841 s->msg_len -= len; 842 if (s->msg_len) { 843 memmove(s->msg, s->msg + len, s->msg_len); 844 } else { 845 /* ??? Check if ATN (not yet implemented) is asserted and maybe 846 switch to PHASE_MO. */ 847 switch (s->msg_action) { 848 case 0: 849 lsi_set_phase(s, PHASE_CMD); 850 break; 851 case 1: 852 lsi_disconnect(s); 853 break; 854 case 2: 855 lsi_set_phase(s, PHASE_DO); 856 break; 857 case 3: 858 lsi_set_phase(s, PHASE_DI); 859 break; 860 default: 861 abort(); 862 } 863 } 864 } 865 866 /* Read the next byte during a MSGOUT phase. */ 867 static uint8_t lsi_get_msgbyte(LSIState *s) 868 { 869 uint8_t data; 870 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 871 s->dnad++; 872 s->dbc--; 873 return data; 874 } 875 876 /* Skip the next n bytes during a MSGOUT phase. */ 877 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 878 { 879 s->dnad += n; 880 s->dbc -= n; 881 } 882 883 static void lsi_do_msgout(LSIState *s) 884 { 885 uint8_t msg; 886 int len; 887 uint32_t current_tag; 888 lsi_request *current_req, *p, *p_next; 889 890 if (s->current) { 891 current_tag = s->current->tag; 892 current_req = s->current; 893 } else { 894 current_tag = s->select_tag; 895 current_req = lsi_find_by_tag(s, current_tag); 896 } 897 898 DPRINTF("MSG out len=%d\n", s->dbc); 899 while (s->dbc) { 900 msg = lsi_get_msgbyte(s); 901 s->sfbr = msg; 902 903 switch (msg) { 904 case 0x04: 905 DPRINTF("MSG: Disconnect\n"); 906 lsi_disconnect(s); 907 break; 908 case 0x08: 909 DPRINTF("MSG: No Operation\n"); 910 lsi_set_phase(s, PHASE_CMD); 911 break; 912 case 0x01: 913 len = lsi_get_msgbyte(s); 914 msg = lsi_get_msgbyte(s); 915 (void)len; /* avoid a warning about unused variable*/ 916 DPRINTF("Extended message 0x%x (len %d)\n", msg, len); 917 switch (msg) { 918 case 1: 919 DPRINTF("SDTR (ignored)\n"); 920 lsi_skip_msgbytes(s, 2); 921 break; 922 case 3: 923 DPRINTF("WDTR (ignored)\n"); 924 lsi_skip_msgbytes(s, 1); 925 break; 926 default: 927 goto bad; 928 } 929 break; 930 case 0x20: /* SIMPLE queue */ 931 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 932 DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff); 933 break; 934 case 0x21: /* HEAD of queue */ 935 BADF("HEAD queue not implemented\n"); 936 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 937 break; 938 case 0x22: /* ORDERED queue */ 939 BADF("ORDERED queue not implemented\n"); 940 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 941 break; 942 case 0x0d: 943 /* The ABORT TAG message clears the current I/O process only. */ 944 DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag); 945 if (current_req) { 946 scsi_req_cancel(current_req->req); 947 } 948 lsi_disconnect(s); 949 break; 950 case 0x06: 951 case 0x0e: 952 case 0x0c: 953 /* The ABORT message clears all I/O processes for the selecting 954 initiator on the specified logical unit of the target. */ 955 if (msg == 0x06) { 956 DPRINTF("MSG: ABORT tag=0x%x\n", current_tag); 957 } 958 /* The CLEAR QUEUE message clears all I/O processes for all 959 initiators on the specified logical unit of the target. */ 960 if (msg == 0x0e) { 961 DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag); 962 } 963 /* The BUS DEVICE RESET message clears all I/O processes for all 964 initiators on all logical units of the target. */ 965 if (msg == 0x0c) { 966 DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag); 967 } 968 969 /* clear the current I/O process */ 970 if (s->current) { 971 scsi_req_cancel(s->current->req); 972 } 973 974 /* As the current implemented devices scsi_disk and scsi_generic 975 only support one LUN, we don't need to keep track of LUNs. 976 Clearing I/O processes for other initiators could be possible 977 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 978 device, but this is currently not implemented (and seems not 979 to be really necessary). So let's simply clear all queued 980 commands for the current device: */ 981 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 982 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 983 scsi_req_cancel(p->req); 984 } 985 } 986 987 lsi_disconnect(s); 988 break; 989 default: 990 if ((msg & 0x80) == 0) { 991 goto bad; 992 } 993 s->current_lun = msg & 7; 994 DPRINTF("Select LUN %d\n", s->current_lun); 995 lsi_set_phase(s, PHASE_CMD); 996 break; 997 } 998 } 999 return; 1000 bad: 1001 BADF("Unimplemented message 0x%02x\n", msg); 1002 lsi_set_phase(s, PHASE_MI); 1003 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1004 s->msg_action = 0; 1005 } 1006 1007 #define LSI_BUF_SIZE 4096 1008 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1009 { 1010 PCIDevice *d = PCI_DEVICE(s); 1011 int n; 1012 uint8_t buf[LSI_BUF_SIZE]; 1013 1014 DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count); 1015 while (count) { 1016 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1017 pci_dma_read(d, src, buf, n); 1018 pci_dma_write(d, dest, buf, n); 1019 src += n; 1020 dest += n; 1021 count -= n; 1022 } 1023 } 1024 1025 static void lsi_wait_reselect(LSIState *s) 1026 { 1027 lsi_request *p; 1028 1029 DPRINTF("Wait Reselect\n"); 1030 1031 QTAILQ_FOREACH(p, &s->queue, next) { 1032 if (p->pending) { 1033 lsi_reselect(s, p); 1034 break; 1035 } 1036 } 1037 if (s->current == NULL) { 1038 s->waiting = 1; 1039 } 1040 } 1041 1042 static void lsi_execute_script(LSIState *s) 1043 { 1044 PCIDevice *pci_dev = PCI_DEVICE(s); 1045 uint32_t insn; 1046 uint32_t addr, addr_high; 1047 int opcode; 1048 int insn_processed = 0; 1049 1050 s->istat1 |= LSI_ISTAT1_SRUN; 1051 again: 1052 insn_processed++; 1053 insn = read_dword(s, s->dsp); 1054 if (!insn) { 1055 /* If we receive an empty opcode increment the DSP by 4 bytes 1056 instead of 8 and execute the next opcode at that location */ 1057 s->dsp += 4; 1058 goto again; 1059 } 1060 addr = read_dword(s, s->dsp + 4); 1061 addr_high = 0; 1062 DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr); 1063 s->dsps = addr; 1064 s->dcmd = insn >> 24; 1065 s->dsp += 8; 1066 switch (insn >> 30) { 1067 case 0: /* Block move. */ 1068 if (s->sist1 & LSI_SIST1_STO) { 1069 DPRINTF("Delayed select timeout\n"); 1070 lsi_stop_script(s); 1071 break; 1072 } 1073 s->dbc = insn & 0xffffff; 1074 s->rbc = s->dbc; 1075 /* ??? Set ESA. */ 1076 s->ia = s->dsp - 8; 1077 if (insn & (1 << 29)) { 1078 /* Indirect addressing. */ 1079 addr = read_dword(s, addr); 1080 } else if (insn & (1 << 28)) { 1081 uint32_t buf[2]; 1082 int32_t offset; 1083 /* Table indirect addressing. */ 1084 1085 /* 32-bit Table indirect */ 1086 offset = sextract32(addr, 0, 24); 1087 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1088 /* byte count is stored in bits 0:23 only */ 1089 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1090 s->rbc = s->dbc; 1091 addr = cpu_to_le32(buf[1]); 1092 1093 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1094 * table, bits [31:24] */ 1095 if (lsi_dma_40bit(s)) 1096 addr_high = cpu_to_le32(buf[0]) >> 24; 1097 else if (lsi_dma_ti64bit(s)) { 1098 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1099 switch (selector) { 1100 case 0 ... 0x0f: 1101 /* offset index into scratch registers since 1102 * TI64 mode can use registers C to R */ 1103 addr_high = s->scratch[2 + selector]; 1104 break; 1105 case 0x10: 1106 addr_high = s->mmrs; 1107 break; 1108 case 0x11: 1109 addr_high = s->mmws; 1110 break; 1111 case 0x12: 1112 addr_high = s->sfs; 1113 break; 1114 case 0x13: 1115 addr_high = s->drs; 1116 break; 1117 case 0x14: 1118 addr_high = s->sbms; 1119 break; 1120 case 0x15: 1121 addr_high = s->dbms; 1122 break; 1123 default: 1124 BADF("Illegal selector specified (0x%x > 0x15)" 1125 " for 64-bit DMA block move", selector); 1126 break; 1127 } 1128 } 1129 } else if (lsi_dma_64bit(s)) { 1130 /* fetch a 3rd dword if 64-bit direct move is enabled and 1131 only if we're not doing table indirect or indirect addressing */ 1132 s->dbms = read_dword(s, s->dsp); 1133 s->dsp += 4; 1134 s->ia = s->dsp - 12; 1135 } 1136 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1137 DPRINTF("Wrong phase got %d expected %d\n", 1138 s->sstat1 & PHASE_MASK, (insn >> 24) & 7); 1139 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1140 break; 1141 } 1142 s->dnad = addr; 1143 s->dnad64 = addr_high; 1144 switch (s->sstat1 & 0x7) { 1145 case PHASE_DO: 1146 s->waiting = 2; 1147 lsi_do_dma(s, 1); 1148 if (s->waiting) 1149 s->waiting = 3; 1150 break; 1151 case PHASE_DI: 1152 s->waiting = 2; 1153 lsi_do_dma(s, 0); 1154 if (s->waiting) 1155 s->waiting = 3; 1156 break; 1157 case PHASE_CMD: 1158 lsi_do_command(s); 1159 break; 1160 case PHASE_ST: 1161 lsi_do_status(s); 1162 break; 1163 case PHASE_MO: 1164 lsi_do_msgout(s); 1165 break; 1166 case PHASE_MI: 1167 lsi_do_msgin(s); 1168 break; 1169 default: 1170 BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK); 1171 exit(1); 1172 } 1173 s->dfifo = s->dbc & 0xff; 1174 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1175 s->sbc = s->dbc; 1176 s->rbc -= s->dbc; 1177 s->ua = addr + s->dbc; 1178 break; 1179 1180 case 1: /* IO or Read/Write instruction. */ 1181 opcode = (insn >> 27) & 7; 1182 if (opcode < 5) { 1183 uint32_t id; 1184 1185 if (insn & (1 << 25)) { 1186 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1187 } else { 1188 id = insn; 1189 } 1190 id = (id >> 16) & 0xf; 1191 if (insn & (1 << 26)) { 1192 addr = s->dsp + sextract32(addr, 0, 24); 1193 } 1194 s->dnad = addr; 1195 switch (opcode) { 1196 case 0: /* Select */ 1197 s->sdid = id; 1198 if (s->scntl1 & LSI_SCNTL1_CON) { 1199 DPRINTF("Already reselected, jumping to alternative address\n"); 1200 s->dsp = s->dnad; 1201 break; 1202 } 1203 s->sstat0 |= LSI_SSTAT0_WOA; 1204 s->scntl1 &= ~LSI_SCNTL1_IARB; 1205 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1206 lsi_bad_selection(s, id); 1207 break; 1208 } 1209 DPRINTF("Selected target %d%s\n", 1210 id, insn & (1 << 3) ? " ATN" : ""); 1211 /* ??? Linux drivers compain when this is set. Maybe 1212 it only applies in low-level mode (unimplemented). 1213 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1214 s->select_tag = id << 8; 1215 s->scntl1 |= LSI_SCNTL1_CON; 1216 if (insn & (1 << 3)) { 1217 s->socl |= LSI_SOCL_ATN; 1218 } 1219 lsi_set_phase(s, PHASE_MO); 1220 break; 1221 case 1: /* Disconnect */ 1222 DPRINTF("Wait Disconnect\n"); 1223 s->scntl1 &= ~LSI_SCNTL1_CON; 1224 break; 1225 case 2: /* Wait Reselect */ 1226 if (!lsi_irq_on_rsl(s)) { 1227 lsi_wait_reselect(s); 1228 } 1229 break; 1230 case 3: /* Set */ 1231 DPRINTF("Set%s%s%s%s\n", 1232 insn & (1 << 3) ? " ATN" : "", 1233 insn & (1 << 6) ? " ACK" : "", 1234 insn & (1 << 9) ? " TM" : "", 1235 insn & (1 << 10) ? " CC" : ""); 1236 if (insn & (1 << 3)) { 1237 s->socl |= LSI_SOCL_ATN; 1238 lsi_set_phase(s, PHASE_MO); 1239 } 1240 if (insn & (1 << 9)) { 1241 BADF("Target mode not implemented\n"); 1242 exit(1); 1243 } 1244 if (insn & (1 << 10)) 1245 s->carry = 1; 1246 break; 1247 case 4: /* Clear */ 1248 DPRINTF("Clear%s%s%s%s\n", 1249 insn & (1 << 3) ? " ATN" : "", 1250 insn & (1 << 6) ? " ACK" : "", 1251 insn & (1 << 9) ? " TM" : "", 1252 insn & (1 << 10) ? " CC" : ""); 1253 if (insn & (1 << 3)) { 1254 s->socl &= ~LSI_SOCL_ATN; 1255 } 1256 if (insn & (1 << 10)) 1257 s->carry = 0; 1258 break; 1259 } 1260 } else { 1261 uint8_t op0; 1262 uint8_t op1; 1263 uint8_t data8; 1264 int reg; 1265 int operator; 1266 #ifdef DEBUG_LSI 1267 static const char *opcode_names[3] = 1268 {"Write", "Read", "Read-Modify-Write"}; 1269 static const char *operator_names[8] = 1270 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1271 #endif 1272 1273 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1274 data8 = (insn >> 8) & 0xff; 1275 opcode = (insn >> 27) & 7; 1276 operator = (insn >> 24) & 7; 1277 DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n", 1278 opcode_names[opcode - 5], reg, 1279 operator_names[operator], data8, s->sfbr, 1280 (insn & (1 << 23)) ? " SFBR" : ""); 1281 op0 = op1 = 0; 1282 switch (opcode) { 1283 case 5: /* From SFBR */ 1284 op0 = s->sfbr; 1285 op1 = data8; 1286 break; 1287 case 6: /* To SFBR */ 1288 if (operator) 1289 op0 = lsi_reg_readb(s, reg); 1290 op1 = data8; 1291 break; 1292 case 7: /* Read-modify-write */ 1293 if (operator) 1294 op0 = lsi_reg_readb(s, reg); 1295 if (insn & (1 << 23)) { 1296 op1 = s->sfbr; 1297 } else { 1298 op1 = data8; 1299 } 1300 break; 1301 } 1302 1303 switch (operator) { 1304 case 0: /* move */ 1305 op0 = op1; 1306 break; 1307 case 1: /* Shift left */ 1308 op1 = op0 >> 7; 1309 op0 = (op0 << 1) | s->carry; 1310 s->carry = op1; 1311 break; 1312 case 2: /* OR */ 1313 op0 |= op1; 1314 break; 1315 case 3: /* XOR */ 1316 op0 ^= op1; 1317 break; 1318 case 4: /* AND */ 1319 op0 &= op1; 1320 break; 1321 case 5: /* SHR */ 1322 op1 = op0 & 1; 1323 op0 = (op0 >> 1) | (s->carry << 7); 1324 s->carry = op1; 1325 break; 1326 case 6: /* ADD */ 1327 op0 += op1; 1328 s->carry = op0 < op1; 1329 break; 1330 case 7: /* ADC */ 1331 op0 += op1 + s->carry; 1332 if (s->carry) 1333 s->carry = op0 <= op1; 1334 else 1335 s->carry = op0 < op1; 1336 break; 1337 } 1338 1339 switch (opcode) { 1340 case 5: /* From SFBR */ 1341 case 7: /* Read-modify-write */ 1342 lsi_reg_writeb(s, reg, op0); 1343 break; 1344 case 6: /* To SFBR */ 1345 s->sfbr = op0; 1346 break; 1347 } 1348 } 1349 break; 1350 1351 case 2: /* Transfer Control. */ 1352 { 1353 int cond; 1354 int jmp; 1355 1356 if ((insn & 0x002e0000) == 0) { 1357 DPRINTF("NOP\n"); 1358 break; 1359 } 1360 if (s->sist1 & LSI_SIST1_STO) { 1361 DPRINTF("Delayed select timeout\n"); 1362 lsi_stop_script(s); 1363 break; 1364 } 1365 cond = jmp = (insn & (1 << 19)) != 0; 1366 if (cond == jmp && (insn & (1 << 21))) { 1367 DPRINTF("Compare carry %d\n", s->carry == jmp); 1368 cond = s->carry != 0; 1369 } 1370 if (cond == jmp && (insn & (1 << 17))) { 1371 DPRINTF("Compare phase %d %c= %d\n", 1372 (s->sstat1 & PHASE_MASK), 1373 jmp ? '=' : '!', 1374 ((insn >> 24) & 7)); 1375 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1376 } 1377 if (cond == jmp && (insn & (1 << 18))) { 1378 uint8_t mask; 1379 1380 mask = (~insn >> 8) & 0xff; 1381 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n", 1382 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1383 cond = (s->sfbr & mask) == (insn & mask); 1384 } 1385 if (cond == jmp) { 1386 if (insn & (1 << 23)) { 1387 /* Relative address. */ 1388 addr = s->dsp + sextract32(addr, 0, 24); 1389 } 1390 switch ((insn >> 27) & 7) { 1391 case 0: /* Jump */ 1392 DPRINTF("Jump to 0x%08x\n", addr); 1393 s->adder = addr; 1394 s->dsp = addr; 1395 break; 1396 case 1: /* Call */ 1397 DPRINTF("Call 0x%08x\n", addr); 1398 s->temp = s->dsp; 1399 s->dsp = addr; 1400 break; 1401 case 2: /* Return */ 1402 DPRINTF("Return to 0x%08x\n", s->temp); 1403 s->dsp = s->temp; 1404 break; 1405 case 3: /* Interrupt */ 1406 DPRINTF("Interrupt 0x%08x\n", s->dsps); 1407 if ((insn & (1 << 20)) != 0) { 1408 s->istat0 |= LSI_ISTAT0_INTF; 1409 lsi_update_irq(s); 1410 } else { 1411 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1412 } 1413 break; 1414 default: 1415 DPRINTF("Illegal transfer control\n"); 1416 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1417 break; 1418 } 1419 } else { 1420 DPRINTF("Control condition failed\n"); 1421 } 1422 } 1423 break; 1424 1425 case 3: 1426 if ((insn & (1 << 29)) == 0) { 1427 /* Memory move. */ 1428 uint32_t dest; 1429 /* ??? The docs imply the destination address is loaded into 1430 the TEMP register. However the Linux drivers rely on 1431 the value being presrved. */ 1432 dest = read_dword(s, s->dsp); 1433 s->dsp += 4; 1434 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1435 } else { 1436 uint8_t data[7]; 1437 int reg; 1438 int n; 1439 int i; 1440 1441 if (insn & (1 << 28)) { 1442 addr = s->dsa + sextract32(addr, 0, 24); 1443 } 1444 n = (insn & 7); 1445 reg = (insn >> 16) & 0xff; 1446 if (insn & (1 << 24)) { 1447 pci_dma_read(pci_dev, addr, data, n); 1448 DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n, 1449 addr, *(int *)data); 1450 for (i = 0; i < n; i++) { 1451 lsi_reg_writeb(s, reg + i, data[i]); 1452 } 1453 } else { 1454 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr); 1455 for (i = 0; i < n; i++) { 1456 data[i] = lsi_reg_readb(s, reg + i); 1457 } 1458 pci_dma_write(pci_dev, addr, data, n); 1459 } 1460 } 1461 } 1462 if (insn_processed > 10000 && !s->waiting) { 1463 /* Some windows drivers make the device spin waiting for a memory 1464 location to change. If we have been executed a lot of code then 1465 assume this is the case and force an unexpected device disconnect. 1466 This is apparently sufficient to beat the drivers into submission. 1467 */ 1468 if (!(s->sien0 & LSI_SIST0_UDC)) 1469 fprintf(stderr, "inf. loop with UDC masked\n"); 1470 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1471 lsi_disconnect(s); 1472 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) { 1473 if (s->dcntl & LSI_DCNTL_SSM) { 1474 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1475 } else { 1476 goto again; 1477 } 1478 } 1479 DPRINTF("SCRIPTS execution stopped\n"); 1480 } 1481 1482 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1483 { 1484 uint8_t tmp; 1485 #define CASE_GET_REG24(name, addr) \ 1486 case addr: return s->name & 0xff; \ 1487 case addr + 1: return (s->name >> 8) & 0xff; \ 1488 case addr + 2: return (s->name >> 16) & 0xff; 1489 1490 #define CASE_GET_REG32(name, addr) \ 1491 case addr: return s->name & 0xff; \ 1492 case addr + 1: return (s->name >> 8) & 0xff; \ 1493 case addr + 2: return (s->name >> 16) & 0xff; \ 1494 case addr + 3: return (s->name >> 24) & 0xff; 1495 1496 #ifdef DEBUG_LSI_REG 1497 DPRINTF("Read reg %x\n", offset); 1498 #endif 1499 switch (offset) { 1500 case 0x00: /* SCNTL0 */ 1501 return s->scntl0; 1502 case 0x01: /* SCNTL1 */ 1503 return s->scntl1; 1504 case 0x02: /* SCNTL2 */ 1505 return s->scntl2; 1506 case 0x03: /* SCNTL3 */ 1507 return s->scntl3; 1508 case 0x04: /* SCID */ 1509 return s->scid; 1510 case 0x05: /* SXFER */ 1511 return s->sxfer; 1512 case 0x06: /* SDID */ 1513 return s->sdid; 1514 case 0x07: /* GPREG0 */ 1515 return 0x7f; 1516 case 0x08: /* Revision ID */ 1517 return 0x00; 1518 case 0x09: /* SOCL */ 1519 return s->socl; 1520 case 0xa: /* SSID */ 1521 return s->ssid; 1522 case 0xb: /* SBCL */ 1523 /* ??? This is not correct. However it's (hopefully) only 1524 used for diagnostics, so should be ok. */ 1525 return 0; 1526 case 0xc: /* DSTAT */ 1527 tmp = s->dstat | LSI_DSTAT_DFE; 1528 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1529 s->dstat = 0; 1530 lsi_update_irq(s); 1531 return tmp; 1532 case 0x0d: /* SSTAT0 */ 1533 return s->sstat0; 1534 case 0x0e: /* SSTAT1 */ 1535 return s->sstat1; 1536 case 0x0f: /* SSTAT2 */ 1537 return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1538 CASE_GET_REG32(dsa, 0x10) 1539 case 0x14: /* ISTAT0 */ 1540 return s->istat0; 1541 case 0x15: /* ISTAT1 */ 1542 return s->istat1; 1543 case 0x16: /* MBOX0 */ 1544 return s->mbox0; 1545 case 0x17: /* MBOX1 */ 1546 return s->mbox1; 1547 case 0x18: /* CTEST0 */ 1548 return 0xff; 1549 case 0x19: /* CTEST1 */ 1550 return 0; 1551 case 0x1a: /* CTEST2 */ 1552 tmp = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1553 if (s->istat0 & LSI_ISTAT0_SIGP) { 1554 s->istat0 &= ~LSI_ISTAT0_SIGP; 1555 tmp |= LSI_CTEST2_SIGP; 1556 } 1557 return tmp; 1558 case 0x1b: /* CTEST3 */ 1559 return s->ctest3; 1560 CASE_GET_REG32(temp, 0x1c) 1561 case 0x20: /* DFIFO */ 1562 return 0; 1563 case 0x21: /* CTEST4 */ 1564 return s->ctest4; 1565 case 0x22: /* CTEST5 */ 1566 return s->ctest5; 1567 case 0x23: /* CTEST6 */ 1568 return 0; 1569 CASE_GET_REG24(dbc, 0x24) 1570 case 0x27: /* DCMD */ 1571 return s->dcmd; 1572 CASE_GET_REG32(dnad, 0x28) 1573 CASE_GET_REG32(dsp, 0x2c) 1574 CASE_GET_REG32(dsps, 0x30) 1575 CASE_GET_REG32(scratch[0], 0x34) 1576 case 0x38: /* DMODE */ 1577 return s->dmode; 1578 case 0x39: /* DIEN */ 1579 return s->dien; 1580 case 0x3a: /* SBR */ 1581 return s->sbr; 1582 case 0x3b: /* DCNTL */ 1583 return s->dcntl; 1584 /* ADDER Output (Debug of relative jump address) */ 1585 CASE_GET_REG32(adder, 0x3c) 1586 case 0x40: /* SIEN0 */ 1587 return s->sien0; 1588 case 0x41: /* SIEN1 */ 1589 return s->sien1; 1590 case 0x42: /* SIST0 */ 1591 tmp = s->sist0; 1592 s->sist0 = 0; 1593 lsi_update_irq(s); 1594 return tmp; 1595 case 0x43: /* SIST1 */ 1596 tmp = s->sist1; 1597 s->sist1 = 0; 1598 lsi_update_irq(s); 1599 return tmp; 1600 case 0x46: /* MACNTL */ 1601 return 0x0f; 1602 case 0x47: /* GPCNTL0 */ 1603 return 0x0f; 1604 case 0x48: /* STIME0 */ 1605 return s->stime0; 1606 case 0x4a: /* RESPID0 */ 1607 return s->respid0; 1608 case 0x4b: /* RESPID1 */ 1609 return s->respid1; 1610 case 0x4d: /* STEST1 */ 1611 return s->stest1; 1612 case 0x4e: /* STEST2 */ 1613 return s->stest2; 1614 case 0x4f: /* STEST3 */ 1615 return s->stest3; 1616 case 0x50: /* SIDL */ 1617 /* This is needed by the linux drivers. We currently only update it 1618 during the MSG IN phase. */ 1619 return s->sidl; 1620 case 0x52: /* STEST4 */ 1621 return 0xe0; 1622 case 0x56: /* CCNTL0 */ 1623 return s->ccntl0; 1624 case 0x57: /* CCNTL1 */ 1625 return s->ccntl1; 1626 case 0x58: /* SBDL */ 1627 /* Some drivers peek at the data bus during the MSG IN phase. */ 1628 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) 1629 return s->msg[0]; 1630 return 0; 1631 case 0x59: /* SBDL high */ 1632 return 0; 1633 CASE_GET_REG32(mmrs, 0xa0) 1634 CASE_GET_REG32(mmws, 0xa4) 1635 CASE_GET_REG32(sfs, 0xa8) 1636 CASE_GET_REG32(drs, 0xac) 1637 CASE_GET_REG32(sbms, 0xb0) 1638 CASE_GET_REG32(dbms, 0xb4) 1639 CASE_GET_REG32(dnad64, 0xb8) 1640 CASE_GET_REG32(pmjad1, 0xc0) 1641 CASE_GET_REG32(pmjad2, 0xc4) 1642 CASE_GET_REG32(rbc, 0xc8) 1643 CASE_GET_REG32(ua, 0xcc) 1644 CASE_GET_REG32(ia, 0xd4) 1645 CASE_GET_REG32(sbc, 0xd8) 1646 CASE_GET_REG32(csbc, 0xdc) 1647 } 1648 if (offset >= 0x5c && offset < 0xa0) { 1649 int n; 1650 int shift; 1651 n = (offset - 0x58) >> 2; 1652 shift = (offset & 3) * 8; 1653 return (s->scratch[n] >> shift) & 0xff; 1654 } 1655 BADF("readb 0x%x\n", offset); 1656 exit(1); 1657 #undef CASE_GET_REG24 1658 #undef CASE_GET_REG32 1659 } 1660 1661 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1662 { 1663 #define CASE_SET_REG24(name, addr) \ 1664 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1665 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1666 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1667 1668 #define CASE_SET_REG32(name, addr) \ 1669 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1670 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1671 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1672 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1673 1674 #ifdef DEBUG_LSI_REG 1675 DPRINTF("Write reg %x = %02x\n", offset, val); 1676 #endif 1677 switch (offset) { 1678 case 0x00: /* SCNTL0 */ 1679 s->scntl0 = val; 1680 if (val & LSI_SCNTL0_START) { 1681 BADF("Start sequence not implemented\n"); 1682 } 1683 break; 1684 case 0x01: /* SCNTL1 */ 1685 s->scntl1 = val & ~LSI_SCNTL1_SST; 1686 if (val & LSI_SCNTL1_IARB) { 1687 BADF("Immediate Arbritration not implemented\n"); 1688 } 1689 if (val & LSI_SCNTL1_RST) { 1690 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1691 qbus_reset_all(&s->bus.qbus); 1692 s->sstat0 |= LSI_SSTAT0_RST; 1693 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1694 } 1695 } else { 1696 s->sstat0 &= ~LSI_SSTAT0_RST; 1697 } 1698 break; 1699 case 0x02: /* SCNTL2 */ 1700 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1701 s->scntl2 = val; 1702 break; 1703 case 0x03: /* SCNTL3 */ 1704 s->scntl3 = val; 1705 break; 1706 case 0x04: /* SCID */ 1707 s->scid = val; 1708 break; 1709 case 0x05: /* SXFER */ 1710 s->sxfer = val; 1711 break; 1712 case 0x06: /* SDID */ 1713 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1714 BADF("Destination ID does not match SSID\n"); 1715 } 1716 s->sdid = val & 0xf; 1717 break; 1718 case 0x07: /* GPREG0 */ 1719 break; 1720 case 0x08: /* SFBR */ 1721 /* The CPU is not allowed to write to this register. However the 1722 SCRIPTS register move instructions are. */ 1723 s->sfbr = val; 1724 break; 1725 case 0x0a: case 0x0b: 1726 /* Openserver writes to these readonly registers on startup */ 1727 return; 1728 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1729 /* Linux writes to these readonly registers on startup. */ 1730 return; 1731 CASE_SET_REG32(dsa, 0x10) 1732 case 0x14: /* ISTAT0 */ 1733 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1734 if (val & LSI_ISTAT0_ABRT) { 1735 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1736 } 1737 if (val & LSI_ISTAT0_INTF) { 1738 s->istat0 &= ~LSI_ISTAT0_INTF; 1739 lsi_update_irq(s); 1740 } 1741 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) { 1742 DPRINTF("Woken by SIGP\n"); 1743 s->waiting = 0; 1744 s->dsp = s->dnad; 1745 lsi_execute_script(s); 1746 } 1747 if (val & LSI_ISTAT0_SRST) { 1748 qdev_reset_all(DEVICE(s)); 1749 } 1750 break; 1751 case 0x16: /* MBOX0 */ 1752 s->mbox0 = val; 1753 break; 1754 case 0x17: /* MBOX1 */ 1755 s->mbox1 = val; 1756 break; 1757 case 0x18: /* CTEST0 */ 1758 /* nothing to do */ 1759 break; 1760 case 0x1a: /* CTEST2 */ 1761 s->ctest2 = val & LSI_CTEST2_PCICIE; 1762 break; 1763 case 0x1b: /* CTEST3 */ 1764 s->ctest3 = val & 0x0f; 1765 break; 1766 CASE_SET_REG32(temp, 0x1c) 1767 case 0x21: /* CTEST4 */ 1768 if (val & 7) { 1769 BADF("Unimplemented CTEST4-FBL 0x%x\n", val); 1770 } 1771 s->ctest4 = val; 1772 break; 1773 case 0x22: /* CTEST5 */ 1774 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1775 BADF("CTEST5 DMA increment not implemented\n"); 1776 } 1777 s->ctest5 = val; 1778 break; 1779 CASE_SET_REG24(dbc, 0x24) 1780 CASE_SET_REG32(dnad, 0x28) 1781 case 0x2c: /* DSP[0:7] */ 1782 s->dsp &= 0xffffff00; 1783 s->dsp |= val; 1784 break; 1785 case 0x2d: /* DSP[8:15] */ 1786 s->dsp &= 0xffff00ff; 1787 s->dsp |= val << 8; 1788 break; 1789 case 0x2e: /* DSP[16:23] */ 1790 s->dsp &= 0xff00ffff; 1791 s->dsp |= val << 16; 1792 break; 1793 case 0x2f: /* DSP[24:31] */ 1794 s->dsp &= 0x00ffffff; 1795 s->dsp |= val << 24; 1796 if ((s->dmode & LSI_DMODE_MAN) == 0 1797 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1798 lsi_execute_script(s); 1799 break; 1800 CASE_SET_REG32(dsps, 0x30) 1801 CASE_SET_REG32(scratch[0], 0x34) 1802 case 0x38: /* DMODE */ 1803 if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) { 1804 BADF("IO mappings not implemented\n"); 1805 } 1806 s->dmode = val; 1807 break; 1808 case 0x39: /* DIEN */ 1809 s->dien = val; 1810 lsi_update_irq(s); 1811 break; 1812 case 0x3a: /* SBR */ 1813 s->sbr = val; 1814 break; 1815 case 0x3b: /* DCNTL */ 1816 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1817 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1818 lsi_execute_script(s); 1819 break; 1820 case 0x40: /* SIEN0 */ 1821 s->sien0 = val; 1822 lsi_update_irq(s); 1823 break; 1824 case 0x41: /* SIEN1 */ 1825 s->sien1 = val; 1826 lsi_update_irq(s); 1827 break; 1828 case 0x47: /* GPCNTL0 */ 1829 break; 1830 case 0x48: /* STIME0 */ 1831 s->stime0 = val; 1832 break; 1833 case 0x49: /* STIME1 */ 1834 if (val & 0xf) { 1835 DPRINTF("General purpose timer not implemented\n"); 1836 /* ??? Raising the interrupt immediately seems to be sufficient 1837 to keep the FreeBSD driver happy. */ 1838 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 1839 } 1840 break; 1841 case 0x4a: /* RESPID0 */ 1842 s->respid0 = val; 1843 break; 1844 case 0x4b: /* RESPID1 */ 1845 s->respid1 = val; 1846 break; 1847 case 0x4d: /* STEST1 */ 1848 s->stest1 = val; 1849 break; 1850 case 0x4e: /* STEST2 */ 1851 if (val & 1) { 1852 BADF("Low level mode not implemented\n"); 1853 } 1854 s->stest2 = val; 1855 break; 1856 case 0x4f: /* STEST3 */ 1857 if (val & 0x41) { 1858 BADF("SCSI FIFO test mode not implemented\n"); 1859 } 1860 s->stest3 = val; 1861 break; 1862 case 0x56: /* CCNTL0 */ 1863 s->ccntl0 = val; 1864 break; 1865 case 0x57: /* CCNTL1 */ 1866 s->ccntl1 = val; 1867 break; 1868 CASE_SET_REG32(mmrs, 0xa0) 1869 CASE_SET_REG32(mmws, 0xa4) 1870 CASE_SET_REG32(sfs, 0xa8) 1871 CASE_SET_REG32(drs, 0xac) 1872 CASE_SET_REG32(sbms, 0xb0) 1873 CASE_SET_REG32(dbms, 0xb4) 1874 CASE_SET_REG32(dnad64, 0xb8) 1875 CASE_SET_REG32(pmjad1, 0xc0) 1876 CASE_SET_REG32(pmjad2, 0xc4) 1877 CASE_SET_REG32(rbc, 0xc8) 1878 CASE_SET_REG32(ua, 0xcc) 1879 CASE_SET_REG32(ia, 0xd4) 1880 CASE_SET_REG32(sbc, 0xd8) 1881 CASE_SET_REG32(csbc, 0xdc) 1882 default: 1883 if (offset >= 0x5c && offset < 0xa0) { 1884 int n; 1885 int shift; 1886 n = (offset - 0x58) >> 2; 1887 shift = (offset & 3) * 8; 1888 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 1889 } else { 1890 BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val); 1891 } 1892 } 1893 #undef CASE_SET_REG24 1894 #undef CASE_SET_REG32 1895 } 1896 1897 static void lsi_mmio_write(void *opaque, hwaddr addr, 1898 uint64_t val, unsigned size) 1899 { 1900 LSIState *s = opaque; 1901 1902 lsi_reg_writeb(s, addr & 0xff, val); 1903 } 1904 1905 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 1906 unsigned size) 1907 { 1908 LSIState *s = opaque; 1909 1910 return lsi_reg_readb(s, addr & 0xff); 1911 } 1912 1913 static const MemoryRegionOps lsi_mmio_ops = { 1914 .read = lsi_mmio_read, 1915 .write = lsi_mmio_write, 1916 .endianness = DEVICE_NATIVE_ENDIAN, 1917 .impl = { 1918 .min_access_size = 1, 1919 .max_access_size = 1, 1920 }, 1921 }; 1922 1923 static void lsi_ram_write(void *opaque, hwaddr addr, 1924 uint64_t val, unsigned size) 1925 { 1926 LSIState *s = opaque; 1927 uint32_t newval; 1928 uint32_t mask; 1929 int shift; 1930 1931 newval = s->script_ram[addr >> 2]; 1932 shift = (addr & 3) * 8; 1933 mask = ((uint64_t)1 << (size * 8)) - 1; 1934 newval &= ~(mask << shift); 1935 newval |= val << shift; 1936 s->script_ram[addr >> 2] = newval; 1937 } 1938 1939 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 1940 unsigned size) 1941 { 1942 LSIState *s = opaque; 1943 uint32_t val; 1944 uint32_t mask; 1945 1946 val = s->script_ram[addr >> 2]; 1947 mask = ((uint64_t)1 << (size * 8)) - 1; 1948 val >>= (addr & 3) * 8; 1949 return val & mask; 1950 } 1951 1952 static const MemoryRegionOps lsi_ram_ops = { 1953 .read = lsi_ram_read, 1954 .write = lsi_ram_write, 1955 .endianness = DEVICE_NATIVE_ENDIAN, 1956 }; 1957 1958 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 1959 unsigned size) 1960 { 1961 LSIState *s = opaque; 1962 return lsi_reg_readb(s, addr & 0xff); 1963 } 1964 1965 static void lsi_io_write(void *opaque, hwaddr addr, 1966 uint64_t val, unsigned size) 1967 { 1968 LSIState *s = opaque; 1969 lsi_reg_writeb(s, addr & 0xff, val); 1970 } 1971 1972 static const MemoryRegionOps lsi_io_ops = { 1973 .read = lsi_io_read, 1974 .write = lsi_io_write, 1975 .endianness = DEVICE_NATIVE_ENDIAN, 1976 .impl = { 1977 .min_access_size = 1, 1978 .max_access_size = 1, 1979 }, 1980 }; 1981 1982 static void lsi_scsi_reset(DeviceState *dev) 1983 { 1984 LSIState *s = LSI53C895A(dev); 1985 1986 lsi_soft_reset(s); 1987 } 1988 1989 static void lsi_pre_save(void *opaque) 1990 { 1991 LSIState *s = opaque; 1992 1993 if (s->current) { 1994 assert(s->current->dma_buf == NULL); 1995 assert(s->current->dma_len == 0); 1996 } 1997 assert(QTAILQ_EMPTY(&s->queue)); 1998 } 1999 2000 static const VMStateDescription vmstate_lsi_scsi = { 2001 .name = "lsiscsi", 2002 .version_id = 0, 2003 .minimum_version_id = 0, 2004 .pre_save = lsi_pre_save, 2005 .fields = (VMStateField[]) { 2006 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2007 2008 VMSTATE_INT32(carry, LSIState), 2009 VMSTATE_INT32(status, LSIState), 2010 VMSTATE_INT32(msg_action, LSIState), 2011 VMSTATE_INT32(msg_len, LSIState), 2012 VMSTATE_BUFFER(msg, LSIState), 2013 VMSTATE_INT32(waiting, LSIState), 2014 2015 VMSTATE_UINT32(dsa, LSIState), 2016 VMSTATE_UINT32(temp, LSIState), 2017 VMSTATE_UINT32(dnad, LSIState), 2018 VMSTATE_UINT32(dbc, LSIState), 2019 VMSTATE_UINT8(istat0, LSIState), 2020 VMSTATE_UINT8(istat1, LSIState), 2021 VMSTATE_UINT8(dcmd, LSIState), 2022 VMSTATE_UINT8(dstat, LSIState), 2023 VMSTATE_UINT8(dien, LSIState), 2024 VMSTATE_UINT8(sist0, LSIState), 2025 VMSTATE_UINT8(sist1, LSIState), 2026 VMSTATE_UINT8(sien0, LSIState), 2027 VMSTATE_UINT8(sien1, LSIState), 2028 VMSTATE_UINT8(mbox0, LSIState), 2029 VMSTATE_UINT8(mbox1, LSIState), 2030 VMSTATE_UINT8(dfifo, LSIState), 2031 VMSTATE_UINT8(ctest2, LSIState), 2032 VMSTATE_UINT8(ctest3, LSIState), 2033 VMSTATE_UINT8(ctest4, LSIState), 2034 VMSTATE_UINT8(ctest5, LSIState), 2035 VMSTATE_UINT8(ccntl0, LSIState), 2036 VMSTATE_UINT8(ccntl1, LSIState), 2037 VMSTATE_UINT32(dsp, LSIState), 2038 VMSTATE_UINT32(dsps, LSIState), 2039 VMSTATE_UINT8(dmode, LSIState), 2040 VMSTATE_UINT8(dcntl, LSIState), 2041 VMSTATE_UINT8(scntl0, LSIState), 2042 VMSTATE_UINT8(scntl1, LSIState), 2043 VMSTATE_UINT8(scntl2, LSIState), 2044 VMSTATE_UINT8(scntl3, LSIState), 2045 VMSTATE_UINT8(sstat0, LSIState), 2046 VMSTATE_UINT8(sstat1, LSIState), 2047 VMSTATE_UINT8(scid, LSIState), 2048 VMSTATE_UINT8(sxfer, LSIState), 2049 VMSTATE_UINT8(socl, LSIState), 2050 VMSTATE_UINT8(sdid, LSIState), 2051 VMSTATE_UINT8(ssid, LSIState), 2052 VMSTATE_UINT8(sfbr, LSIState), 2053 VMSTATE_UINT8(stest1, LSIState), 2054 VMSTATE_UINT8(stest2, LSIState), 2055 VMSTATE_UINT8(stest3, LSIState), 2056 VMSTATE_UINT8(sidl, LSIState), 2057 VMSTATE_UINT8(stime0, LSIState), 2058 VMSTATE_UINT8(respid0, LSIState), 2059 VMSTATE_UINT8(respid1, LSIState), 2060 VMSTATE_UINT32(mmrs, LSIState), 2061 VMSTATE_UINT32(mmws, LSIState), 2062 VMSTATE_UINT32(sfs, LSIState), 2063 VMSTATE_UINT32(drs, LSIState), 2064 VMSTATE_UINT32(sbms, LSIState), 2065 VMSTATE_UINT32(dbms, LSIState), 2066 VMSTATE_UINT32(dnad64, LSIState), 2067 VMSTATE_UINT32(pmjad1, LSIState), 2068 VMSTATE_UINT32(pmjad2, LSIState), 2069 VMSTATE_UINT32(rbc, LSIState), 2070 VMSTATE_UINT32(ua, LSIState), 2071 VMSTATE_UINT32(ia, LSIState), 2072 VMSTATE_UINT32(sbc, LSIState), 2073 VMSTATE_UINT32(csbc, LSIState), 2074 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2075 VMSTATE_UINT8(sbr, LSIState), 2076 2077 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)), 2078 VMSTATE_END_OF_LIST() 2079 } 2080 }; 2081 2082 static const struct SCSIBusInfo lsi_scsi_info = { 2083 .tcq = true, 2084 .max_target = LSI_MAX_DEVS, 2085 .max_lun = 0, /* LUN support is buggy */ 2086 2087 .transfer_data = lsi_transfer_data, 2088 .complete = lsi_command_complete, 2089 .cancel = lsi_request_cancelled 2090 }; 2091 2092 static int lsi_scsi_init(PCIDevice *dev) 2093 { 2094 LSIState *s = LSI53C895A(dev); 2095 DeviceState *d = DEVICE(dev); 2096 uint8_t *pci_conf; 2097 Error *err = NULL; 2098 2099 pci_conf = dev->config; 2100 2101 /* PCI latency timer = 255 */ 2102 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2103 /* Interrupt pin A */ 2104 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2105 2106 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2107 "lsi-mmio", 0x400); 2108 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2109 "lsi-ram", 0x2000); 2110 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2111 "lsi-io", 256); 2112 2113 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2114 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2115 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2116 QTAILQ_INIT(&s->queue); 2117 2118 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2119 if (!d->hotplugged) { 2120 scsi_bus_legacy_handle_cmdline(&s->bus, &err); 2121 if (err != NULL) { 2122 error_free(err); 2123 return -1; 2124 } 2125 } 2126 return 0; 2127 } 2128 2129 static void lsi_class_init(ObjectClass *klass, void *data) 2130 { 2131 DeviceClass *dc = DEVICE_CLASS(klass); 2132 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2133 2134 k->init = lsi_scsi_init; 2135 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2136 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2137 k->class_id = PCI_CLASS_STORAGE_SCSI; 2138 k->subsystem_id = 0x1000; 2139 dc->reset = lsi_scsi_reset; 2140 dc->vmsd = &vmstate_lsi_scsi; 2141 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2142 } 2143 2144 static const TypeInfo lsi_info = { 2145 .name = TYPE_LSI53C895A, 2146 .parent = TYPE_PCI_DEVICE, 2147 .instance_size = sizeof(LSIState), 2148 .class_init = lsi_class_init, 2149 }; 2150 2151 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2152 { 2153 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2154 2155 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2156 } 2157 2158 static TypeInfo lsi53c810_info = { 2159 .name = TYPE_LSI53C810, 2160 .parent = TYPE_LSI53C895A, 2161 .class_init = lsi53c810_class_init, 2162 }; 2163 2164 static void lsi53c895a_register_types(void) 2165 { 2166 type_register_static(&lsi_info); 2167 type_register_static(&lsi53c810_info); 2168 } 2169 2170 type_init(lsi53c895a_register_types) 2171