1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/hw.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "sysemu/dma.h" 22 #include "qemu/log.h" 23 #include "trace.h" 24 25 static const char *names[] = { 26 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 27 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 28 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 29 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 30 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 31 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 32 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 33 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 34 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 35 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 36 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 37 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 38 }; 39 40 #define LSI_MAX_DEVS 7 41 42 #define LSI_SCNTL0_TRG 0x01 43 #define LSI_SCNTL0_AAP 0x02 44 #define LSI_SCNTL0_EPC 0x08 45 #define LSI_SCNTL0_WATN 0x10 46 #define LSI_SCNTL0_START 0x20 47 48 #define LSI_SCNTL1_SST 0x01 49 #define LSI_SCNTL1_IARB 0x02 50 #define LSI_SCNTL1_AESP 0x04 51 #define LSI_SCNTL1_RST 0x08 52 #define LSI_SCNTL1_CON 0x10 53 #define LSI_SCNTL1_DHP 0x20 54 #define LSI_SCNTL1_ADB 0x40 55 #define LSI_SCNTL1_EXC 0x80 56 57 #define LSI_SCNTL2_WSR 0x01 58 #define LSI_SCNTL2_VUE0 0x02 59 #define LSI_SCNTL2_VUE1 0x04 60 #define LSI_SCNTL2_WSS 0x08 61 #define LSI_SCNTL2_SLPHBEN 0x10 62 #define LSI_SCNTL2_SLPMD 0x20 63 #define LSI_SCNTL2_CHM 0x40 64 #define LSI_SCNTL2_SDU 0x80 65 66 #define LSI_ISTAT0_DIP 0x01 67 #define LSI_ISTAT0_SIP 0x02 68 #define LSI_ISTAT0_INTF 0x04 69 #define LSI_ISTAT0_CON 0x08 70 #define LSI_ISTAT0_SEM 0x10 71 #define LSI_ISTAT0_SIGP 0x20 72 #define LSI_ISTAT0_SRST 0x40 73 #define LSI_ISTAT0_ABRT 0x80 74 75 #define LSI_ISTAT1_SI 0x01 76 #define LSI_ISTAT1_SRUN 0x02 77 #define LSI_ISTAT1_FLSH 0x04 78 79 #define LSI_SSTAT0_SDP0 0x01 80 #define LSI_SSTAT0_RST 0x02 81 #define LSI_SSTAT0_WOA 0x04 82 #define LSI_SSTAT0_LOA 0x08 83 #define LSI_SSTAT0_AIP 0x10 84 #define LSI_SSTAT0_OLF 0x20 85 #define LSI_SSTAT0_ORF 0x40 86 #define LSI_SSTAT0_ILF 0x80 87 88 #define LSI_SIST0_PAR 0x01 89 #define LSI_SIST0_RST 0x02 90 #define LSI_SIST0_UDC 0x04 91 #define LSI_SIST0_SGE 0x08 92 #define LSI_SIST0_RSL 0x10 93 #define LSI_SIST0_SEL 0x20 94 #define LSI_SIST0_CMP 0x40 95 #define LSI_SIST0_MA 0x80 96 97 #define LSI_SIST1_HTH 0x01 98 #define LSI_SIST1_GEN 0x02 99 #define LSI_SIST1_STO 0x04 100 #define LSI_SIST1_SBMC 0x10 101 102 #define LSI_SOCL_IO 0x01 103 #define LSI_SOCL_CD 0x02 104 #define LSI_SOCL_MSG 0x04 105 #define LSI_SOCL_ATN 0x08 106 #define LSI_SOCL_SEL 0x10 107 #define LSI_SOCL_BSY 0x20 108 #define LSI_SOCL_ACK 0x40 109 #define LSI_SOCL_REQ 0x80 110 111 #define LSI_DSTAT_IID 0x01 112 #define LSI_DSTAT_SIR 0x04 113 #define LSI_DSTAT_SSI 0x08 114 #define LSI_DSTAT_ABRT 0x10 115 #define LSI_DSTAT_BF 0x20 116 #define LSI_DSTAT_MDPE 0x40 117 #define LSI_DSTAT_DFE 0x80 118 119 #define LSI_DCNTL_COM 0x01 120 #define LSI_DCNTL_IRQD 0x02 121 #define LSI_DCNTL_STD 0x04 122 #define LSI_DCNTL_IRQM 0x08 123 #define LSI_DCNTL_SSM 0x10 124 #define LSI_DCNTL_PFEN 0x20 125 #define LSI_DCNTL_PFF 0x40 126 #define LSI_DCNTL_CLSE 0x80 127 128 #define LSI_DMODE_MAN 0x01 129 #define LSI_DMODE_BOF 0x02 130 #define LSI_DMODE_ERMP 0x04 131 #define LSI_DMODE_ERL 0x08 132 #define LSI_DMODE_DIOM 0x10 133 #define LSI_DMODE_SIOM 0x20 134 135 #define LSI_CTEST2_DACK 0x01 136 #define LSI_CTEST2_DREQ 0x02 137 #define LSI_CTEST2_TEOP 0x04 138 #define LSI_CTEST2_PCICIE 0x08 139 #define LSI_CTEST2_CM 0x10 140 #define LSI_CTEST2_CIO 0x20 141 #define LSI_CTEST2_SIGP 0x40 142 #define LSI_CTEST2_DDIR 0x80 143 144 #define LSI_CTEST5_BL2 0x04 145 #define LSI_CTEST5_DDIR 0x08 146 #define LSI_CTEST5_MASR 0x10 147 #define LSI_CTEST5_DFSN 0x20 148 #define LSI_CTEST5_BBCK 0x40 149 #define LSI_CTEST5_ADCK 0x80 150 151 #define LSI_CCNTL0_DILS 0x01 152 #define LSI_CCNTL0_DISFC 0x10 153 #define LSI_CCNTL0_ENNDJ 0x20 154 #define LSI_CCNTL0_PMJCTL 0x40 155 #define LSI_CCNTL0_ENPMJ 0x80 156 157 #define LSI_CCNTL1_EN64DBMV 0x01 158 #define LSI_CCNTL1_EN64TIBMV 0x02 159 #define LSI_CCNTL1_64TIMOD 0x04 160 #define LSI_CCNTL1_DDAC 0x08 161 #define LSI_CCNTL1_ZMOD 0x80 162 163 #define LSI_SBCL_ATN 0x08 164 #define LSI_SBCL_BSY 0x20 165 #define LSI_SBCL_ACK 0x40 166 #define LSI_SBCL_REQ 0x80 167 168 /* Enable Response to Reselection */ 169 #define LSI_SCID_RRE 0x60 170 171 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 172 173 #define PHASE_DO 0 174 #define PHASE_DI 1 175 #define PHASE_CMD 2 176 #define PHASE_ST 3 177 #define PHASE_MO 6 178 #define PHASE_MI 7 179 #define PHASE_MASK 7 180 181 /* Maximum length of MSG IN data. */ 182 #define LSI_MAX_MSGIN_LEN 8 183 184 /* Flag set if this is a tagged command. */ 185 #define LSI_TAG_VALID (1 << 16) 186 187 typedef struct lsi_request { 188 SCSIRequest *req; 189 uint32_t tag; 190 uint32_t dma_len; 191 uint8_t *dma_buf; 192 uint32_t pending; 193 int out; 194 QTAILQ_ENTRY(lsi_request) next; 195 } lsi_request; 196 197 typedef struct { 198 /*< private >*/ 199 PCIDevice parent_obj; 200 /*< public >*/ 201 202 qemu_irq ext_irq; 203 MemoryRegion mmio_io; 204 MemoryRegion ram_io; 205 MemoryRegion io_io; 206 AddressSpace pci_io_as; 207 208 int carry; /* ??? Should this be an a visible register somewhere? */ 209 int status; 210 /* Action to take at the end of a MSG IN phase. 211 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */ 212 int msg_action; 213 int msg_len; 214 uint8_t msg[LSI_MAX_MSGIN_LEN]; 215 /* 0 if SCRIPTS are running or stopped. 216 * 1 if a Wait Reselect instruction has been issued. 217 * 2 if processing DMA from lsi_execute_script. 218 * 3 if a DMA operation is in progress. */ 219 int waiting; 220 SCSIBus bus; 221 int current_lun; 222 /* The tag is a combination of the device ID and the SCSI tag. */ 223 uint32_t select_tag; 224 int command_complete; 225 QTAILQ_HEAD(, lsi_request) queue; 226 lsi_request *current; 227 228 uint32_t dsa; 229 uint32_t temp; 230 uint32_t dnad; 231 uint32_t dbc; 232 uint8_t istat0; 233 uint8_t istat1; 234 uint8_t dcmd; 235 uint8_t dstat; 236 uint8_t dien; 237 uint8_t sist0; 238 uint8_t sist1; 239 uint8_t sien0; 240 uint8_t sien1; 241 uint8_t mbox0; 242 uint8_t mbox1; 243 uint8_t dfifo; 244 uint8_t ctest2; 245 uint8_t ctest3; 246 uint8_t ctest4; 247 uint8_t ctest5; 248 uint8_t ccntl0; 249 uint8_t ccntl1; 250 uint32_t dsp; 251 uint32_t dsps; 252 uint8_t dmode; 253 uint8_t dcntl; 254 uint8_t scntl0; 255 uint8_t scntl1; 256 uint8_t scntl2; 257 uint8_t scntl3; 258 uint8_t sstat0; 259 uint8_t sstat1; 260 uint8_t scid; 261 uint8_t sxfer; 262 uint8_t socl; 263 uint8_t sdid; 264 uint8_t ssid; 265 uint8_t sfbr; 266 uint8_t sbcl; 267 uint8_t stest1; 268 uint8_t stest2; 269 uint8_t stest3; 270 uint8_t sidl; 271 uint8_t stime0; 272 uint8_t respid0; 273 uint8_t respid1; 274 uint32_t mmrs; 275 uint32_t mmws; 276 uint32_t sfs; 277 uint32_t drs; 278 uint32_t sbms; 279 uint32_t dbms; 280 uint32_t dnad64; 281 uint32_t pmjad1; 282 uint32_t pmjad2; 283 uint32_t rbc; 284 uint32_t ua; 285 uint32_t ia; 286 uint32_t sbc; 287 uint32_t csbc; 288 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 289 uint8_t sbr; 290 uint32_t adder; 291 292 /* Script ram is stored as 32-bit words in host byteorder. */ 293 uint32_t script_ram[2048]; 294 } LSIState; 295 296 #define TYPE_LSI53C810 "lsi53c810" 297 #define TYPE_LSI53C895A "lsi53c895a" 298 299 #define LSI53C895A(obj) \ 300 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A) 301 302 static inline int lsi_irq_on_rsl(LSIState *s) 303 { 304 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 305 } 306 307 static lsi_request *get_pending_req(LSIState *s) 308 { 309 lsi_request *p; 310 311 QTAILQ_FOREACH(p, &s->queue, next) { 312 if (p->pending) { 313 return p; 314 } 315 } 316 return NULL; 317 } 318 319 static void lsi_soft_reset(LSIState *s) 320 { 321 trace_lsi_reset(); 322 s->carry = 0; 323 324 s->msg_action = 0; 325 s->msg_len = 0; 326 s->waiting = 0; 327 s->dsa = 0; 328 s->dnad = 0; 329 s->dbc = 0; 330 s->temp = 0; 331 memset(s->scratch, 0, sizeof(s->scratch)); 332 s->istat0 = 0; 333 s->istat1 = 0; 334 s->dcmd = 0x40; 335 s->dstat = 0; 336 s->dien = 0; 337 s->sist0 = 0; 338 s->sist1 = 0; 339 s->sien0 = 0; 340 s->sien1 = 0; 341 s->mbox0 = 0; 342 s->mbox1 = 0; 343 s->dfifo = 0; 344 s->ctest2 = LSI_CTEST2_DACK; 345 s->ctest3 = 0; 346 s->ctest4 = 0; 347 s->ctest5 = 0; 348 s->ccntl0 = 0; 349 s->ccntl1 = 0; 350 s->dsp = 0; 351 s->dsps = 0; 352 s->dmode = 0; 353 s->dcntl = 0; 354 s->scntl0 = 0xc0; 355 s->scntl1 = 0; 356 s->scntl2 = 0; 357 s->scntl3 = 0; 358 s->sstat0 = 0; 359 s->sstat1 = 0; 360 s->scid = 7; 361 s->sxfer = 0; 362 s->socl = 0; 363 s->sdid = 0; 364 s->ssid = 0; 365 s->sbcl = 0; 366 s->stest1 = 0; 367 s->stest2 = 0; 368 s->stest3 = 0; 369 s->sidl = 0; 370 s->stime0 = 0; 371 s->respid0 = 0x80; 372 s->respid1 = 0; 373 s->mmrs = 0; 374 s->mmws = 0; 375 s->sfs = 0; 376 s->drs = 0; 377 s->sbms = 0; 378 s->dbms = 0; 379 s->dnad64 = 0; 380 s->pmjad1 = 0; 381 s->pmjad2 = 0; 382 s->rbc = 0; 383 s->ua = 0; 384 s->ia = 0; 385 s->sbc = 0; 386 s->csbc = 0; 387 s->sbr = 0; 388 assert(QTAILQ_EMPTY(&s->queue)); 389 assert(!s->current); 390 } 391 392 static int lsi_dma_40bit(LSIState *s) 393 { 394 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 395 return 1; 396 return 0; 397 } 398 399 static int lsi_dma_ti64bit(LSIState *s) 400 { 401 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 402 return 1; 403 return 0; 404 } 405 406 static int lsi_dma_64bit(LSIState *s) 407 { 408 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 409 return 1; 410 return 0; 411 } 412 413 static uint8_t lsi_reg_readb(LSIState *s, int offset); 414 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 415 static void lsi_execute_script(LSIState *s); 416 static void lsi_reselect(LSIState *s, lsi_request *p); 417 418 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 419 void *buf, dma_addr_t len) 420 { 421 if (s->dmode & LSI_DMODE_SIOM) { 422 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 423 buf, len); 424 } else { 425 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 426 } 427 } 428 429 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 430 const void *buf, dma_addr_t len) 431 { 432 if (s->dmode & LSI_DMODE_DIOM) { 433 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 434 buf, len); 435 } else { 436 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 437 } 438 } 439 440 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 441 { 442 uint32_t buf; 443 444 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 445 return cpu_to_le32(buf); 446 } 447 448 static void lsi_stop_script(LSIState *s) 449 { 450 s->istat1 &= ~LSI_ISTAT1_SRUN; 451 } 452 453 static void lsi_set_irq(LSIState *s, int level) 454 { 455 PCIDevice *d = PCI_DEVICE(s); 456 457 if (s->ext_irq) { 458 qemu_set_irq(s->ext_irq, level); 459 } else { 460 pci_set_irq(d, level); 461 } 462 } 463 464 static void lsi_update_irq(LSIState *s) 465 { 466 int level; 467 static int last_level; 468 469 /* It's unclear whether the DIP/SIP bits should be cleared when the 470 Interrupt Status Registers are cleared or when istat0 is read. 471 We currently do the formwer, which seems to work. */ 472 level = 0; 473 if (s->dstat) { 474 if (s->dstat & s->dien) 475 level = 1; 476 s->istat0 |= LSI_ISTAT0_DIP; 477 } else { 478 s->istat0 &= ~LSI_ISTAT0_DIP; 479 } 480 481 if (s->sist0 || s->sist1) { 482 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 483 level = 1; 484 s->istat0 |= LSI_ISTAT0_SIP; 485 } else { 486 s->istat0 &= ~LSI_ISTAT0_SIP; 487 } 488 if (s->istat0 & LSI_ISTAT0_INTF) 489 level = 1; 490 491 if (level != last_level) { 492 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 493 last_level = level; 494 } 495 lsi_set_irq(s, level); 496 497 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 498 lsi_request *p; 499 500 trace_lsi_update_irq_disconnected(); 501 p = get_pending_req(s); 502 if (p) { 503 lsi_reselect(s, p); 504 } 505 } 506 } 507 508 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 509 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 510 { 511 uint32_t mask0; 512 uint32_t mask1; 513 514 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 515 s->sist0 |= stat0; 516 s->sist1 |= stat1; 517 /* Stop processor on fatal or unmasked interrupt. As a special hack 518 we don't stop processing when raising STO. Instead continue 519 execution and stop at the next insn that accesses the SCSI bus. */ 520 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 521 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 522 mask1 &= ~LSI_SIST1_STO; 523 if (s->sist0 & mask0 || s->sist1 & mask1) { 524 lsi_stop_script(s); 525 } 526 lsi_update_irq(s); 527 } 528 529 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 530 static void lsi_script_dma_interrupt(LSIState *s, int stat) 531 { 532 trace_lsi_script_dma_interrupt(stat, s->dstat); 533 s->dstat |= stat; 534 lsi_update_irq(s); 535 lsi_stop_script(s); 536 } 537 538 static inline void lsi_set_phase(LSIState *s, int phase) 539 { 540 s->sbcl &= ~PHASE_MASK; 541 s->sbcl |= phase | LSI_SBCL_REQ; 542 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 543 } 544 545 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 546 { 547 /* Trigger a phase mismatch. */ 548 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 549 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 550 s->dsp = out ? s->pmjad1 : s->pmjad2; 551 } else { 552 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 553 } 554 trace_lsi_bad_phase_jump(s->dsp); 555 } else { 556 trace_lsi_bad_phase_interrupt(); 557 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 558 lsi_stop_script(s); 559 } 560 lsi_set_phase(s, new_phase); 561 } 562 563 564 /* Resume SCRIPTS execution after a DMA operation. */ 565 static void lsi_resume_script(LSIState *s) 566 { 567 if (s->waiting != 2) { 568 s->waiting = 0; 569 lsi_execute_script(s); 570 } else { 571 s->waiting = 0; 572 } 573 } 574 575 static void lsi_disconnect(LSIState *s) 576 { 577 s->scntl1 &= ~LSI_SCNTL1_CON; 578 s->sstat1 &= ~PHASE_MASK; 579 s->sbcl = 0; 580 } 581 582 static void lsi_bad_selection(LSIState *s, uint32_t id) 583 { 584 trace_lsi_bad_selection(id); 585 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 586 lsi_disconnect(s); 587 } 588 589 /* Initiate a SCSI layer data transfer. */ 590 static void lsi_do_dma(LSIState *s, int out) 591 { 592 uint32_t count; 593 dma_addr_t addr; 594 SCSIDevice *dev; 595 596 assert(s->current); 597 if (!s->current->dma_len) { 598 /* Wait until data is available. */ 599 trace_lsi_do_dma_unavailable(); 600 return; 601 } 602 603 dev = s->current->req->dev; 604 assert(dev); 605 606 count = s->dbc; 607 if (count > s->current->dma_len) 608 count = s->current->dma_len; 609 610 addr = s->dnad; 611 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 612 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 613 addr |= ((uint64_t)s->dnad64 << 32); 614 else if (s->dbms) 615 addr |= ((uint64_t)s->dbms << 32); 616 else if (s->sbms) 617 addr |= ((uint64_t)s->sbms << 32); 618 619 trace_lsi_do_dma(addr, count); 620 s->csbc += count; 621 s->dnad += count; 622 s->dbc -= count; 623 if (s->current->dma_buf == NULL) { 624 s->current->dma_buf = scsi_req_get_buf(s->current->req); 625 } 626 /* ??? Set SFBR to first data byte. */ 627 if (out) { 628 lsi_mem_read(s, addr, s->current->dma_buf, count); 629 } else { 630 lsi_mem_write(s, addr, s->current->dma_buf, count); 631 } 632 s->current->dma_len -= count; 633 if (s->current->dma_len == 0) { 634 s->current->dma_buf = NULL; 635 scsi_req_continue(s->current->req); 636 } else { 637 s->current->dma_buf += count; 638 lsi_resume_script(s); 639 } 640 } 641 642 643 /* Add a command to the queue. */ 644 static void lsi_queue_command(LSIState *s) 645 { 646 lsi_request *p = s->current; 647 648 trace_lsi_queue_command(p->tag); 649 assert(s->current != NULL); 650 assert(s->current->dma_len == 0); 651 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 652 s->current = NULL; 653 654 p->pending = 0; 655 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 656 } 657 658 /* Queue a byte for a MSG IN phase. */ 659 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 660 { 661 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 662 trace_lsi_add_msg_byte_error(); 663 } else { 664 trace_lsi_add_msg_byte(data); 665 s->msg[s->msg_len++] = data; 666 } 667 } 668 669 /* Perform reselection to continue a command. */ 670 static void lsi_reselect(LSIState *s, lsi_request *p) 671 { 672 int id; 673 674 assert(s->current == NULL); 675 QTAILQ_REMOVE(&s->queue, p, next); 676 s->current = p; 677 678 id = (p->tag >> 8) & 0xf; 679 s->ssid = id | 0x80; 680 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 681 if (!(s->dcntl & LSI_DCNTL_COM)) { 682 s->sfbr = 1 << (id & 0x7); 683 } 684 trace_lsi_reselect(id); 685 s->scntl1 |= LSI_SCNTL1_CON; 686 lsi_set_phase(s, PHASE_MI); 687 s->msg_action = p->out ? 2 : 3; 688 s->current->dma_len = p->pending; 689 lsi_add_msg_byte(s, 0x80); 690 if (s->current->tag & LSI_TAG_VALID) { 691 lsi_add_msg_byte(s, 0x20); 692 lsi_add_msg_byte(s, p->tag & 0xff); 693 } 694 695 if (lsi_irq_on_rsl(s)) { 696 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 697 } 698 } 699 700 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 701 { 702 lsi_request *p; 703 704 QTAILQ_FOREACH(p, &s->queue, next) { 705 if (p->tag == tag) { 706 return p; 707 } 708 } 709 710 return NULL; 711 } 712 713 static void lsi_request_free(LSIState *s, lsi_request *p) 714 { 715 if (p == s->current) { 716 s->current = NULL; 717 } else { 718 QTAILQ_REMOVE(&s->queue, p, next); 719 } 720 g_free(p); 721 } 722 723 static void lsi_request_cancelled(SCSIRequest *req) 724 { 725 LSIState *s = LSI53C895A(req->bus->qbus.parent); 726 lsi_request *p = req->hba_private; 727 728 req->hba_private = NULL; 729 lsi_request_free(s, p); 730 scsi_req_unref(req); 731 } 732 733 /* Record that data is available for a queued command. Returns zero if 734 the device was reselected, nonzero if the IO is deferred. */ 735 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 736 { 737 lsi_request *p = req->hba_private; 738 739 if (p->pending) { 740 trace_lsi_queue_req_error(p); 741 } 742 p->pending = len; 743 /* Reselect if waiting for it, or if reselection triggers an IRQ 744 and the bus is free. 745 Since no interrupt stacking is implemented in the emulation, it 746 is also required that there are no pending interrupts waiting 747 for service from the device driver. */ 748 if (s->waiting == 1 || 749 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 750 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 751 /* Reselect device. */ 752 lsi_reselect(s, p); 753 return 0; 754 } else { 755 trace_lsi_queue_req(p->tag); 756 p->pending = len; 757 return 1; 758 } 759 } 760 761 /* Callback to indicate that the SCSI layer has completed a command. */ 762 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 763 { 764 LSIState *s = LSI53C895A(req->bus->qbus.parent); 765 int out; 766 767 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 768 trace_lsi_command_complete(status); 769 s->status = status; 770 s->command_complete = 2; 771 if (s->waiting && s->dbc != 0) { 772 /* Raise phase mismatch for short transfers. */ 773 lsi_bad_phase(s, out, PHASE_ST); 774 } else { 775 lsi_set_phase(s, PHASE_ST); 776 } 777 778 if (req->hba_private == s->current) { 779 req->hba_private = NULL; 780 lsi_request_free(s, s->current); 781 scsi_req_unref(req); 782 } 783 lsi_resume_script(s); 784 } 785 786 /* Callback to indicate that the SCSI layer has completed a transfer. */ 787 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 788 { 789 LSIState *s = LSI53C895A(req->bus->qbus.parent); 790 int out; 791 792 assert(req->hba_private); 793 if (s->waiting == 1 || req->hba_private != s->current || 794 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 795 if (lsi_queue_req(s, req, len)) { 796 return; 797 } 798 } 799 800 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 801 802 /* host adapter (re)connected */ 803 trace_lsi_transfer_data(req->tag, len); 804 s->current->dma_len = len; 805 s->command_complete = 1; 806 if (s->waiting) { 807 if (s->waiting == 1 || s->dbc == 0) { 808 lsi_resume_script(s); 809 } else { 810 lsi_do_dma(s, out); 811 } 812 } 813 } 814 815 static void lsi_do_command(LSIState *s) 816 { 817 SCSIDevice *dev; 818 uint8_t buf[16]; 819 uint32_t id; 820 int n; 821 822 trace_lsi_do_command(s->dbc); 823 if (s->dbc > 16) 824 s->dbc = 16; 825 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 826 s->sfbr = buf[0]; 827 s->command_complete = 0; 828 829 id = (s->select_tag >> 8) & 0xf; 830 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 831 if (!dev) { 832 lsi_bad_selection(s, id); 833 return; 834 } 835 836 assert(s->current == NULL); 837 s->current = g_new0(lsi_request, 1); 838 s->current->tag = s->select_tag; 839 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 840 s->current); 841 842 n = scsi_req_enqueue(s->current->req); 843 if (n) { 844 if (n > 0) { 845 lsi_set_phase(s, PHASE_DI); 846 } else if (n < 0) { 847 lsi_set_phase(s, PHASE_DO); 848 } 849 scsi_req_continue(s->current->req); 850 } 851 if (!s->command_complete) { 852 if (n) { 853 /* Command did not complete immediately so disconnect. */ 854 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 855 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 856 /* wait data */ 857 lsi_set_phase(s, PHASE_MI); 858 s->msg_action = 1; 859 lsi_queue_command(s); 860 } else { 861 /* wait command complete */ 862 lsi_set_phase(s, PHASE_DI); 863 } 864 } 865 } 866 867 static void lsi_do_status(LSIState *s) 868 { 869 uint8_t status; 870 trace_lsi_do_status(s->dbc, s->status); 871 if (s->dbc != 1) { 872 trace_lsi_do_status_error(); 873 } 874 s->dbc = 1; 875 status = s->status; 876 s->sfbr = status; 877 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 878 lsi_set_phase(s, PHASE_MI); 879 s->msg_action = 1; 880 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 881 } 882 883 static void lsi_do_msgin(LSIState *s) 884 { 885 uint8_t len; 886 trace_lsi_do_msgin(s->dbc, s->msg_len); 887 s->sfbr = s->msg[0]; 888 len = s->msg_len; 889 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN); 890 if (len > s->dbc) 891 len = s->dbc; 892 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 893 /* Linux drivers rely on the last byte being in the SIDL. */ 894 s->sidl = s->msg[len - 1]; 895 s->msg_len -= len; 896 if (s->msg_len) { 897 memmove(s->msg, s->msg + len, s->msg_len); 898 } else { 899 /* ??? Check if ATN (not yet implemented) is asserted and maybe 900 switch to PHASE_MO. */ 901 switch (s->msg_action) { 902 case 0: 903 lsi_set_phase(s, PHASE_CMD); 904 break; 905 case 1: 906 lsi_disconnect(s); 907 break; 908 case 2: 909 lsi_set_phase(s, PHASE_DO); 910 break; 911 case 3: 912 lsi_set_phase(s, PHASE_DI); 913 break; 914 default: 915 abort(); 916 } 917 } 918 } 919 920 /* Read the next byte during a MSGOUT phase. */ 921 static uint8_t lsi_get_msgbyte(LSIState *s) 922 { 923 uint8_t data; 924 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 925 s->dnad++; 926 s->dbc--; 927 return data; 928 } 929 930 /* Skip the next n bytes during a MSGOUT phase. */ 931 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 932 { 933 s->dnad += n; 934 s->dbc -= n; 935 } 936 937 static void lsi_do_msgout(LSIState *s) 938 { 939 uint8_t msg; 940 int len; 941 uint32_t current_tag; 942 lsi_request *current_req, *p, *p_next; 943 944 if (s->current) { 945 current_tag = s->current->tag; 946 current_req = s->current; 947 } else { 948 current_tag = s->select_tag; 949 current_req = lsi_find_by_tag(s, current_tag); 950 } 951 952 trace_lsi_do_msgout(s->dbc); 953 while (s->dbc) { 954 msg = lsi_get_msgbyte(s); 955 s->sfbr = msg; 956 957 switch (msg) { 958 case 0x04: 959 trace_lsi_do_msgout_disconnect(); 960 lsi_disconnect(s); 961 break; 962 case 0x08: 963 trace_lsi_do_msgout_noop(); 964 lsi_set_phase(s, PHASE_CMD); 965 break; 966 case 0x01: 967 len = lsi_get_msgbyte(s); 968 msg = lsi_get_msgbyte(s); 969 (void)len; /* avoid a warning about unused variable*/ 970 trace_lsi_do_msgout_extended(msg, len); 971 switch (msg) { 972 case 1: 973 trace_lsi_do_msgout_ignored("SDTR"); 974 lsi_skip_msgbytes(s, 2); 975 break; 976 case 3: 977 trace_lsi_do_msgout_ignored("WDTR"); 978 lsi_skip_msgbytes(s, 1); 979 break; 980 case 4: 981 trace_lsi_do_msgout_ignored("PPR"); 982 lsi_skip_msgbytes(s, 5); 983 break; 984 default: 985 goto bad; 986 } 987 break; 988 case 0x20: /* SIMPLE queue */ 989 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 990 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 991 break; 992 case 0x21: /* HEAD of queue */ 993 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 994 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 995 break; 996 case 0x22: /* ORDERED queue */ 997 qemu_log_mask(LOG_UNIMP, 998 "lsi_scsi: ORDERED queue not implemented\n"); 999 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1000 break; 1001 case 0x0d: 1002 /* The ABORT TAG message clears the current I/O process only. */ 1003 trace_lsi_do_msgout_abort(current_tag); 1004 if (current_req) { 1005 scsi_req_cancel(current_req->req); 1006 } 1007 lsi_disconnect(s); 1008 break; 1009 case 0x06: 1010 case 0x0e: 1011 case 0x0c: 1012 /* The ABORT message clears all I/O processes for the selecting 1013 initiator on the specified logical unit of the target. */ 1014 if (msg == 0x06) { 1015 trace_lsi_do_msgout_abort(current_tag); 1016 } 1017 /* The CLEAR QUEUE message clears all I/O processes for all 1018 initiators on the specified logical unit of the target. */ 1019 if (msg == 0x0e) { 1020 trace_lsi_do_msgout_clearqueue(current_tag); 1021 } 1022 /* The BUS DEVICE RESET message clears all I/O processes for all 1023 initiators on all logical units of the target. */ 1024 if (msg == 0x0c) { 1025 trace_lsi_do_msgout_busdevicereset(current_tag); 1026 } 1027 1028 /* clear the current I/O process */ 1029 if (s->current) { 1030 scsi_req_cancel(s->current->req); 1031 } 1032 1033 /* As the current implemented devices scsi_disk and scsi_generic 1034 only support one LUN, we don't need to keep track of LUNs. 1035 Clearing I/O processes for other initiators could be possible 1036 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1037 device, but this is currently not implemented (and seems not 1038 to be really necessary). So let's simply clear all queued 1039 commands for the current device: */ 1040 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1041 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1042 scsi_req_cancel(p->req); 1043 } 1044 } 1045 1046 lsi_disconnect(s); 1047 break; 1048 default: 1049 if ((msg & 0x80) == 0) { 1050 goto bad; 1051 } 1052 s->current_lun = msg & 7; 1053 trace_lsi_do_msgout_select(s->current_lun); 1054 lsi_set_phase(s, PHASE_CMD); 1055 break; 1056 } 1057 } 1058 return; 1059 bad: 1060 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1061 lsi_set_phase(s, PHASE_MI); 1062 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1063 s->msg_action = 0; 1064 } 1065 1066 #define LSI_BUF_SIZE 4096 1067 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1068 { 1069 int n; 1070 uint8_t buf[LSI_BUF_SIZE]; 1071 1072 trace_lsi_memcpy(dest, src, count); 1073 while (count) { 1074 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1075 lsi_mem_read(s, src, buf, n); 1076 lsi_mem_write(s, dest, buf, n); 1077 src += n; 1078 dest += n; 1079 count -= n; 1080 } 1081 } 1082 1083 static void lsi_wait_reselect(LSIState *s) 1084 { 1085 lsi_request *p; 1086 1087 trace_lsi_wait_reselect(); 1088 1089 if (s->current) { 1090 return; 1091 } 1092 p = get_pending_req(s); 1093 if (p) { 1094 lsi_reselect(s, p); 1095 } 1096 if (s->current == NULL) { 1097 s->waiting = 1; 1098 } 1099 } 1100 1101 static void lsi_execute_script(LSIState *s) 1102 { 1103 PCIDevice *pci_dev = PCI_DEVICE(s); 1104 uint32_t insn; 1105 uint32_t addr, addr_high; 1106 int opcode; 1107 int insn_processed = 0; 1108 1109 s->istat1 |= LSI_ISTAT1_SRUN; 1110 again: 1111 insn_processed++; 1112 insn = read_dword(s, s->dsp); 1113 if (!insn) { 1114 /* If we receive an empty opcode increment the DSP by 4 bytes 1115 instead of 8 and execute the next opcode at that location */ 1116 s->dsp += 4; 1117 goto again; 1118 } 1119 addr = read_dword(s, s->dsp + 4); 1120 addr_high = 0; 1121 trace_lsi_execute_script(s->dsp, insn, addr); 1122 s->dsps = addr; 1123 s->dcmd = insn >> 24; 1124 s->dsp += 8; 1125 switch (insn >> 30) { 1126 case 0: /* Block move. */ 1127 if (s->sist1 & LSI_SIST1_STO) { 1128 trace_lsi_execute_script_blockmove_delayed(); 1129 lsi_stop_script(s); 1130 break; 1131 } 1132 s->dbc = insn & 0xffffff; 1133 s->rbc = s->dbc; 1134 /* ??? Set ESA. */ 1135 s->ia = s->dsp - 8; 1136 if (insn & (1 << 29)) { 1137 /* Indirect addressing. */ 1138 addr = read_dword(s, addr); 1139 } else if (insn & (1 << 28)) { 1140 uint32_t buf[2]; 1141 int32_t offset; 1142 /* Table indirect addressing. */ 1143 1144 /* 32-bit Table indirect */ 1145 offset = sextract32(addr, 0, 24); 1146 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1147 /* byte count is stored in bits 0:23 only */ 1148 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1149 s->rbc = s->dbc; 1150 addr = cpu_to_le32(buf[1]); 1151 1152 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1153 * table, bits [31:24] */ 1154 if (lsi_dma_40bit(s)) 1155 addr_high = cpu_to_le32(buf[0]) >> 24; 1156 else if (lsi_dma_ti64bit(s)) { 1157 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1158 switch (selector) { 1159 case 0 ... 0x0f: 1160 /* offset index into scratch registers since 1161 * TI64 mode can use registers C to R */ 1162 addr_high = s->scratch[2 + selector]; 1163 break; 1164 case 0x10: 1165 addr_high = s->mmrs; 1166 break; 1167 case 0x11: 1168 addr_high = s->mmws; 1169 break; 1170 case 0x12: 1171 addr_high = s->sfs; 1172 break; 1173 case 0x13: 1174 addr_high = s->drs; 1175 break; 1176 case 0x14: 1177 addr_high = s->sbms; 1178 break; 1179 case 0x15: 1180 addr_high = s->dbms; 1181 break; 1182 default: 1183 qemu_log_mask(LOG_GUEST_ERROR, 1184 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1185 "for 64-bit DMA block move", selector); 1186 break; 1187 } 1188 } 1189 } else if (lsi_dma_64bit(s)) { 1190 /* fetch a 3rd dword if 64-bit direct move is enabled and 1191 only if we're not doing table indirect or indirect addressing */ 1192 s->dbms = read_dword(s, s->dsp); 1193 s->dsp += 4; 1194 s->ia = s->dsp - 12; 1195 } 1196 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1197 trace_lsi_execute_script_blockmove_badphase(s->sstat1 & PHASE_MASK, 1198 (insn >> 24) & 7); 1199 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1200 break; 1201 } 1202 s->dnad = addr; 1203 s->dnad64 = addr_high; 1204 switch (s->sstat1 & 0x7) { 1205 case PHASE_DO: 1206 s->waiting = 2; 1207 lsi_do_dma(s, 1); 1208 if (s->waiting) 1209 s->waiting = 3; 1210 break; 1211 case PHASE_DI: 1212 s->waiting = 2; 1213 lsi_do_dma(s, 0); 1214 if (s->waiting) 1215 s->waiting = 3; 1216 break; 1217 case PHASE_CMD: 1218 lsi_do_command(s); 1219 break; 1220 case PHASE_ST: 1221 lsi_do_status(s); 1222 break; 1223 case PHASE_MO: 1224 lsi_do_msgout(s); 1225 break; 1226 case PHASE_MI: 1227 lsi_do_msgin(s); 1228 break; 1229 default: 1230 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %d\n", 1231 s->sstat1 & PHASE_MASK); 1232 } 1233 s->dfifo = s->dbc & 0xff; 1234 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1235 s->sbc = s->dbc; 1236 s->rbc -= s->dbc; 1237 s->ua = addr + s->dbc; 1238 break; 1239 1240 case 1: /* IO or Read/Write instruction. */ 1241 opcode = (insn >> 27) & 7; 1242 if (opcode < 5) { 1243 uint32_t id; 1244 1245 if (insn & (1 << 25)) { 1246 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1247 } else { 1248 id = insn; 1249 } 1250 id = (id >> 16) & 0xf; 1251 if (insn & (1 << 26)) { 1252 addr = s->dsp + sextract32(addr, 0, 24); 1253 } 1254 s->dnad = addr; 1255 switch (opcode) { 1256 case 0: /* Select */ 1257 s->sdid = id; 1258 if (s->scntl1 & LSI_SCNTL1_CON) { 1259 trace_lsi_execute_script_io_alreadyreselected(); 1260 s->dsp = s->dnad; 1261 break; 1262 } 1263 s->sstat0 |= LSI_SSTAT0_WOA; 1264 s->scntl1 &= ~LSI_SCNTL1_IARB; 1265 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1266 lsi_bad_selection(s, id); 1267 break; 1268 } 1269 trace_lsi_execute_script_io_selected(id, 1270 insn & (1 << 3) ? " ATN" : ""); 1271 /* ??? Linux drivers compain when this is set. Maybe 1272 it only applies in low-level mode (unimplemented). 1273 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1274 s->select_tag = id << 8; 1275 s->scntl1 |= LSI_SCNTL1_CON; 1276 if (insn & (1 << 3)) { 1277 s->socl |= LSI_SOCL_ATN; 1278 s->sbcl |= LSI_SBCL_ATN; 1279 } 1280 s->sbcl |= LSI_SBCL_BSY; 1281 lsi_set_phase(s, PHASE_MO); 1282 break; 1283 case 1: /* Disconnect */ 1284 trace_lsi_execute_script_io_disconnect(); 1285 s->scntl1 &= ~LSI_SCNTL1_CON; 1286 /* FIXME: this is not entirely correct; the target need not ask 1287 * for reselection until it has to send data, while here we force a 1288 * reselection as soon as the bus is free. The correct flow would 1289 * reselect before lsi_transfer_data and disconnect as soon as 1290 * DMA ends. 1291 */ 1292 if (!s->current) { 1293 lsi_request *p = get_pending_req(s); 1294 if (p) { 1295 lsi_reselect(s, p); 1296 } 1297 } 1298 break; 1299 case 2: /* Wait Reselect */ 1300 if (s->istat0 & LSI_ISTAT0_SIGP) { 1301 s->dsp = s->dnad; 1302 } else if (!lsi_irq_on_rsl(s)) { 1303 lsi_wait_reselect(s); 1304 } 1305 break; 1306 case 3: /* Set */ 1307 trace_lsi_execute_script_io_set( 1308 insn & (1 << 3) ? " ATN" : "", 1309 insn & (1 << 6) ? " ACK" : "", 1310 insn & (1 << 9) ? " TM" : "", 1311 insn & (1 << 10) ? " CC" : ""); 1312 if (insn & (1 << 3)) { 1313 s->socl |= LSI_SOCL_ATN; 1314 s->sbcl |= LSI_SBCL_ATN; 1315 lsi_set_phase(s, PHASE_MO); 1316 } 1317 1318 if (insn & (1 << 6)) { 1319 s->sbcl |= LSI_SBCL_ACK; 1320 } 1321 1322 if (insn & (1 << 9)) { 1323 qemu_log_mask(LOG_UNIMP, 1324 "lsi_scsi: Target mode not implemented\n"); 1325 } 1326 if (insn & (1 << 10)) 1327 s->carry = 1; 1328 break; 1329 case 4: /* Clear */ 1330 trace_lsi_execute_script_io_clear( 1331 insn & (1 << 3) ? " ATN" : "", 1332 insn & (1 << 6) ? " ACK" : "", 1333 insn & (1 << 9) ? " TM" : "", 1334 insn & (1 << 10) ? " CC" : ""); 1335 if (insn & (1 << 3)) { 1336 s->socl &= ~LSI_SOCL_ATN; 1337 s->sbcl &= ~LSI_SBCL_ATN; 1338 } 1339 1340 if (insn & (1 << 6)) { 1341 s->sbcl &= ~LSI_SBCL_ACK; 1342 } 1343 1344 if (insn & (1 << 10)) 1345 s->carry = 0; 1346 break; 1347 } 1348 } else { 1349 uint8_t op0; 1350 uint8_t op1; 1351 uint8_t data8; 1352 int reg; 1353 int operator; 1354 1355 static const char *opcode_names[3] = 1356 {"Write", "Read", "Read-Modify-Write"}; 1357 static const char *operator_names[8] = 1358 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1359 1360 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1361 data8 = (insn >> 8) & 0xff; 1362 opcode = (insn >> 27) & 7; 1363 operator = (insn >> 24) & 7; 1364 trace_lsi_execute_script_io_opcode( 1365 opcode_names[opcode - 5], reg, 1366 operator_names[operator], data8, s->sfbr, 1367 (insn & (1 << 23)) ? " SFBR" : ""); 1368 op0 = op1 = 0; 1369 switch (opcode) { 1370 case 5: /* From SFBR */ 1371 op0 = s->sfbr; 1372 op1 = data8; 1373 break; 1374 case 6: /* To SFBR */ 1375 if (operator) 1376 op0 = lsi_reg_readb(s, reg); 1377 op1 = data8; 1378 break; 1379 case 7: /* Read-modify-write */ 1380 if (operator) 1381 op0 = lsi_reg_readb(s, reg); 1382 if (insn & (1 << 23)) { 1383 op1 = s->sfbr; 1384 } else { 1385 op1 = data8; 1386 } 1387 break; 1388 } 1389 1390 switch (operator) { 1391 case 0: /* move */ 1392 op0 = op1; 1393 break; 1394 case 1: /* Shift left */ 1395 op1 = op0 >> 7; 1396 op0 = (op0 << 1) | s->carry; 1397 s->carry = op1; 1398 break; 1399 case 2: /* OR */ 1400 op0 |= op1; 1401 break; 1402 case 3: /* XOR */ 1403 op0 ^= op1; 1404 break; 1405 case 4: /* AND */ 1406 op0 &= op1; 1407 break; 1408 case 5: /* SHR */ 1409 op1 = op0 & 1; 1410 op0 = (op0 >> 1) | (s->carry << 7); 1411 s->carry = op1; 1412 break; 1413 case 6: /* ADD */ 1414 op0 += op1; 1415 s->carry = op0 < op1; 1416 break; 1417 case 7: /* ADC */ 1418 op0 += op1 + s->carry; 1419 if (s->carry) 1420 s->carry = op0 <= op1; 1421 else 1422 s->carry = op0 < op1; 1423 break; 1424 } 1425 1426 switch (opcode) { 1427 case 5: /* From SFBR */ 1428 case 7: /* Read-modify-write */ 1429 lsi_reg_writeb(s, reg, op0); 1430 break; 1431 case 6: /* To SFBR */ 1432 s->sfbr = op0; 1433 break; 1434 } 1435 } 1436 break; 1437 1438 case 2: /* Transfer Control. */ 1439 { 1440 int cond; 1441 int jmp; 1442 1443 if ((insn & 0x002e0000) == 0) { 1444 trace_lsi_execute_script_tc_nop(); 1445 break; 1446 } 1447 if (s->sist1 & LSI_SIST1_STO) { 1448 trace_lsi_execute_script_tc_delayedselect_timeout(); 1449 lsi_stop_script(s); 1450 break; 1451 } 1452 cond = jmp = (insn & (1 << 19)) != 0; 1453 if (cond == jmp && (insn & (1 << 21))) { 1454 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1455 cond = s->carry != 0; 1456 } 1457 if (cond == jmp && (insn & (1 << 17))) { 1458 trace_lsi_execute_script_tc_compp( 1459 (s->sstat1 & PHASE_MASK), 1460 jmp ? '=' : '!', 1461 ((insn >> 24) & 7)); 1462 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1463 } 1464 if (cond == jmp && (insn & (1 << 18))) { 1465 uint8_t mask; 1466 1467 mask = (~insn >> 8) & 0xff; 1468 trace_lsi_execute_script_tc_compd( 1469 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1470 cond = (s->sfbr & mask) == (insn & mask); 1471 } 1472 if (cond == jmp) { 1473 if (insn & (1 << 23)) { 1474 /* Relative address. */ 1475 addr = s->dsp + sextract32(addr, 0, 24); 1476 } 1477 switch ((insn >> 27) & 7) { 1478 case 0: /* Jump */ 1479 trace_lsi_execute_script_tc_jump(addr); 1480 s->adder = addr; 1481 s->dsp = addr; 1482 break; 1483 case 1: /* Call */ 1484 trace_lsi_execute_script_tc_call(addr); 1485 s->temp = s->dsp; 1486 s->dsp = addr; 1487 break; 1488 case 2: /* Return */ 1489 trace_lsi_execute_script_tc_return(s->temp); 1490 s->dsp = s->temp; 1491 break; 1492 case 3: /* Interrupt */ 1493 trace_lsi_execute_script_tc_interrupt(s->dsps); 1494 if ((insn & (1 << 20)) != 0) { 1495 s->istat0 |= LSI_ISTAT0_INTF; 1496 lsi_update_irq(s); 1497 } else { 1498 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1499 } 1500 break; 1501 default: 1502 trace_lsi_execute_script_tc_illegal(); 1503 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1504 break; 1505 } 1506 } else { 1507 trace_lsi_execute_script_tc_cc_failed(); 1508 } 1509 } 1510 break; 1511 1512 case 3: 1513 if ((insn & (1 << 29)) == 0) { 1514 /* Memory move. */ 1515 uint32_t dest; 1516 /* ??? The docs imply the destination address is loaded into 1517 the TEMP register. However the Linux drivers rely on 1518 the value being presrved. */ 1519 dest = read_dword(s, s->dsp); 1520 s->dsp += 4; 1521 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1522 } else { 1523 uint8_t data[7]; 1524 int reg; 1525 int n; 1526 int i; 1527 1528 if (insn & (1 << 28)) { 1529 addr = s->dsa + sextract32(addr, 0, 24); 1530 } 1531 n = (insn & 7); 1532 reg = (insn >> 16) & 0xff; 1533 if (insn & (1 << 24)) { 1534 pci_dma_read(pci_dev, addr, data, n); 1535 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1536 for (i = 0; i < n; i++) { 1537 lsi_reg_writeb(s, reg + i, data[i]); 1538 } 1539 } else { 1540 trace_lsi_execute_script_mm_store(reg, n, addr); 1541 for (i = 0; i < n; i++) { 1542 data[i] = lsi_reg_readb(s, reg + i); 1543 } 1544 pci_dma_write(pci_dev, addr, data, n); 1545 } 1546 } 1547 } 1548 if (insn_processed > 10000 && !s->waiting) { 1549 /* Some windows drivers make the device spin waiting for a memory 1550 location to change. If we have been executed a lot of code then 1551 assume this is the case and force an unexpected device disconnect. 1552 This is apparently sufficient to beat the drivers into submission. 1553 */ 1554 if (!(s->sien0 & LSI_SIST0_UDC)) { 1555 qemu_log_mask(LOG_GUEST_ERROR, 1556 "lsi_scsi: inf. loop with UDC masked"); 1557 } 1558 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1559 lsi_disconnect(s); 1560 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) { 1561 if (s->dcntl & LSI_DCNTL_SSM) { 1562 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1563 } else { 1564 goto again; 1565 } 1566 } 1567 trace_lsi_execute_script_stop(); 1568 } 1569 1570 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1571 { 1572 uint8_t ret; 1573 1574 #define CASE_GET_REG24(name, addr) \ 1575 case addr: ret = s->name & 0xff; break; \ 1576 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1577 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1578 1579 #define CASE_GET_REG32(name, addr) \ 1580 case addr: ret = s->name & 0xff; break; \ 1581 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1582 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1583 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1584 1585 switch (offset) { 1586 case 0x00: /* SCNTL0 */ 1587 ret = s->scntl0; 1588 break; 1589 case 0x01: /* SCNTL1 */ 1590 ret = s->scntl1; 1591 break; 1592 case 0x02: /* SCNTL2 */ 1593 ret = s->scntl2; 1594 break; 1595 case 0x03: /* SCNTL3 */ 1596 ret = s->scntl3; 1597 break; 1598 case 0x04: /* SCID */ 1599 ret = s->scid; 1600 break; 1601 case 0x05: /* SXFER */ 1602 ret = s->sxfer; 1603 break; 1604 case 0x06: /* SDID */ 1605 ret = s->sdid; 1606 break; 1607 case 0x07: /* GPREG0 */ 1608 ret = 0x7f; 1609 break; 1610 case 0x08: /* Revision ID */ 1611 ret = 0x00; 1612 break; 1613 case 0x09: /* SOCL */ 1614 ret = s->socl; 1615 break; 1616 case 0xa: /* SSID */ 1617 ret = s->ssid; 1618 break; 1619 case 0xb: /* SBCL */ 1620 ret = s->sbcl; 1621 break; 1622 case 0xc: /* DSTAT */ 1623 ret = s->dstat | LSI_DSTAT_DFE; 1624 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1625 s->dstat = 0; 1626 lsi_update_irq(s); 1627 break; 1628 case 0x0d: /* SSTAT0 */ 1629 ret = s->sstat0; 1630 break; 1631 case 0x0e: /* SSTAT1 */ 1632 ret = s->sstat1; 1633 break; 1634 case 0x0f: /* SSTAT2 */ 1635 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1636 break; 1637 CASE_GET_REG32(dsa, 0x10) 1638 case 0x14: /* ISTAT0 */ 1639 ret = s->istat0; 1640 break; 1641 case 0x15: /* ISTAT1 */ 1642 ret = s->istat1; 1643 break; 1644 case 0x16: /* MBOX0 */ 1645 ret = s->mbox0; 1646 break; 1647 case 0x17: /* MBOX1 */ 1648 ret = s->mbox1; 1649 break; 1650 case 0x18: /* CTEST0 */ 1651 ret = 0xff; 1652 break; 1653 case 0x19: /* CTEST1 */ 1654 ret = 0; 1655 break; 1656 case 0x1a: /* CTEST2 */ 1657 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1658 if (s->istat0 & LSI_ISTAT0_SIGP) { 1659 s->istat0 &= ~LSI_ISTAT0_SIGP; 1660 ret |= LSI_CTEST2_SIGP; 1661 } 1662 break; 1663 case 0x1b: /* CTEST3 */ 1664 ret = s->ctest3; 1665 break; 1666 CASE_GET_REG32(temp, 0x1c) 1667 case 0x20: /* DFIFO */ 1668 ret = 0; 1669 break; 1670 case 0x21: /* CTEST4 */ 1671 ret = s->ctest4; 1672 break; 1673 case 0x22: /* CTEST5 */ 1674 ret = s->ctest5; 1675 break; 1676 case 0x23: /* CTEST6 */ 1677 ret = 0; 1678 break; 1679 CASE_GET_REG24(dbc, 0x24) 1680 case 0x27: /* DCMD */ 1681 ret = s->dcmd; 1682 break; 1683 CASE_GET_REG32(dnad, 0x28) 1684 CASE_GET_REG32(dsp, 0x2c) 1685 CASE_GET_REG32(dsps, 0x30) 1686 CASE_GET_REG32(scratch[0], 0x34) 1687 case 0x38: /* DMODE */ 1688 ret = s->dmode; 1689 break; 1690 case 0x39: /* DIEN */ 1691 ret = s->dien; 1692 break; 1693 case 0x3a: /* SBR */ 1694 ret = s->sbr; 1695 break; 1696 case 0x3b: /* DCNTL */ 1697 ret = s->dcntl; 1698 break; 1699 /* ADDER Output (Debug of relative jump address) */ 1700 CASE_GET_REG32(adder, 0x3c) 1701 case 0x40: /* SIEN0 */ 1702 ret = s->sien0; 1703 break; 1704 case 0x41: /* SIEN1 */ 1705 ret = s->sien1; 1706 break; 1707 case 0x42: /* SIST0 */ 1708 ret = s->sist0; 1709 s->sist0 = 0; 1710 lsi_update_irq(s); 1711 break; 1712 case 0x43: /* SIST1 */ 1713 ret = s->sist1; 1714 s->sist1 = 0; 1715 lsi_update_irq(s); 1716 break; 1717 case 0x46: /* MACNTL */ 1718 ret = 0x0f; 1719 break; 1720 case 0x47: /* GPCNTL0 */ 1721 ret = 0x0f; 1722 break; 1723 case 0x48: /* STIME0 */ 1724 ret = s->stime0; 1725 break; 1726 case 0x4a: /* RESPID0 */ 1727 ret = s->respid0; 1728 break; 1729 case 0x4b: /* RESPID1 */ 1730 ret = s->respid1; 1731 break; 1732 case 0x4d: /* STEST1 */ 1733 ret = s->stest1; 1734 break; 1735 case 0x4e: /* STEST2 */ 1736 ret = s->stest2; 1737 break; 1738 case 0x4f: /* STEST3 */ 1739 ret = s->stest3; 1740 break; 1741 case 0x50: /* SIDL */ 1742 /* This is needed by the linux drivers. We currently only update it 1743 during the MSG IN phase. */ 1744 ret = s->sidl; 1745 break; 1746 case 0x52: /* STEST4 */ 1747 ret = 0xe0; 1748 break; 1749 case 0x56: /* CCNTL0 */ 1750 ret = s->ccntl0; 1751 break; 1752 case 0x57: /* CCNTL1 */ 1753 ret = s->ccntl1; 1754 break; 1755 case 0x58: /* SBDL */ 1756 /* Some drivers peek at the data bus during the MSG IN phase. */ 1757 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) { 1758 assert(s->msg_len > 0); 1759 return s->msg[0]; 1760 } 1761 ret = 0; 1762 break; 1763 case 0x59: /* SBDL high */ 1764 ret = 0; 1765 break; 1766 CASE_GET_REG32(mmrs, 0xa0) 1767 CASE_GET_REG32(mmws, 0xa4) 1768 CASE_GET_REG32(sfs, 0xa8) 1769 CASE_GET_REG32(drs, 0xac) 1770 CASE_GET_REG32(sbms, 0xb0) 1771 CASE_GET_REG32(dbms, 0xb4) 1772 CASE_GET_REG32(dnad64, 0xb8) 1773 CASE_GET_REG32(pmjad1, 0xc0) 1774 CASE_GET_REG32(pmjad2, 0xc4) 1775 CASE_GET_REG32(rbc, 0xc8) 1776 CASE_GET_REG32(ua, 0xcc) 1777 CASE_GET_REG32(ia, 0xd4) 1778 CASE_GET_REG32(sbc, 0xd8) 1779 CASE_GET_REG32(csbc, 0xdc) 1780 case 0x5c ... 0x9f: 1781 { 1782 int n; 1783 int shift; 1784 n = (offset - 0x58) >> 2; 1785 shift = (offset & 3) * 8; 1786 ret = (s->scratch[n] >> shift) & 0xff; 1787 break; 1788 } 1789 default: 1790 { 1791 qemu_log_mask(LOG_GUEST_ERROR, 1792 "lsi_scsi: invalid read from reg %s %x\n", 1793 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1794 offset); 1795 ret = 0xff; 1796 break; 1797 } 1798 } 1799 #undef CASE_GET_REG24 1800 #undef CASE_GET_REG32 1801 1802 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1803 offset, ret); 1804 1805 return ret; 1806 } 1807 1808 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1809 { 1810 #define CASE_SET_REG24(name, addr) \ 1811 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1812 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1813 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1814 1815 #define CASE_SET_REG32(name, addr) \ 1816 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1817 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1818 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1819 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1820 1821 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1822 offset, val); 1823 1824 switch (offset) { 1825 case 0x00: /* SCNTL0 */ 1826 s->scntl0 = val; 1827 if (val & LSI_SCNTL0_START) { 1828 qemu_log_mask(LOG_UNIMP, 1829 "lsi_scsi: Start sequence not implemented\n"); 1830 } 1831 break; 1832 case 0x01: /* SCNTL1 */ 1833 s->scntl1 = val & ~LSI_SCNTL1_SST; 1834 if (val & LSI_SCNTL1_IARB) { 1835 qemu_log_mask(LOG_UNIMP, 1836 "lsi_scsi: Immediate Arbritration not implemented\n"); 1837 } 1838 if (val & LSI_SCNTL1_RST) { 1839 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1840 qbus_reset_all(&s->bus.qbus); 1841 s->sstat0 |= LSI_SSTAT0_RST; 1842 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1843 } 1844 } else { 1845 s->sstat0 &= ~LSI_SSTAT0_RST; 1846 } 1847 break; 1848 case 0x02: /* SCNTL2 */ 1849 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1850 s->scntl2 = val; 1851 break; 1852 case 0x03: /* SCNTL3 */ 1853 s->scntl3 = val; 1854 break; 1855 case 0x04: /* SCID */ 1856 s->scid = val; 1857 break; 1858 case 0x05: /* SXFER */ 1859 s->sxfer = val; 1860 break; 1861 case 0x06: /* SDID */ 1862 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1863 qemu_log_mask(LOG_GUEST_ERROR, 1864 "lsi_scsi: Destination ID does not match SSID\n"); 1865 } 1866 s->sdid = val & 0xf; 1867 break; 1868 case 0x07: /* GPREG0 */ 1869 break; 1870 case 0x08: /* SFBR */ 1871 /* The CPU is not allowed to write to this register. However the 1872 SCRIPTS register move instructions are. */ 1873 s->sfbr = val; 1874 break; 1875 case 0x0a: case 0x0b: 1876 /* Openserver writes to these readonly registers on startup */ 1877 return; 1878 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1879 /* Linux writes to these readonly registers on startup. */ 1880 return; 1881 CASE_SET_REG32(dsa, 0x10) 1882 case 0x14: /* ISTAT0 */ 1883 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1884 if (val & LSI_ISTAT0_ABRT) { 1885 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1886 } 1887 if (val & LSI_ISTAT0_INTF) { 1888 s->istat0 &= ~LSI_ISTAT0_INTF; 1889 lsi_update_irq(s); 1890 } 1891 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) { 1892 trace_lsi_awoken(); 1893 s->waiting = 0; 1894 s->dsp = s->dnad; 1895 lsi_execute_script(s); 1896 } 1897 if (val & LSI_ISTAT0_SRST) { 1898 qdev_reset_all(DEVICE(s)); 1899 } 1900 break; 1901 case 0x16: /* MBOX0 */ 1902 s->mbox0 = val; 1903 break; 1904 case 0x17: /* MBOX1 */ 1905 s->mbox1 = val; 1906 break; 1907 case 0x18: /* CTEST0 */ 1908 /* nothing to do */ 1909 break; 1910 case 0x1a: /* CTEST2 */ 1911 s->ctest2 = val & LSI_CTEST2_PCICIE; 1912 break; 1913 case 0x1b: /* CTEST3 */ 1914 s->ctest3 = val & 0x0f; 1915 break; 1916 CASE_SET_REG32(temp, 0x1c) 1917 case 0x21: /* CTEST4 */ 1918 if (val & 7) { 1919 qemu_log_mask(LOG_UNIMP, 1920 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1921 } 1922 s->ctest4 = val; 1923 break; 1924 case 0x22: /* CTEST5 */ 1925 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1926 qemu_log_mask(LOG_UNIMP, 1927 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1928 } 1929 s->ctest5 = val; 1930 break; 1931 CASE_SET_REG24(dbc, 0x24) 1932 CASE_SET_REG32(dnad, 0x28) 1933 case 0x2c: /* DSP[0:7] */ 1934 s->dsp &= 0xffffff00; 1935 s->dsp |= val; 1936 break; 1937 case 0x2d: /* DSP[8:15] */ 1938 s->dsp &= 0xffff00ff; 1939 s->dsp |= val << 8; 1940 break; 1941 case 0x2e: /* DSP[16:23] */ 1942 s->dsp &= 0xff00ffff; 1943 s->dsp |= val << 16; 1944 break; 1945 case 0x2f: /* DSP[24:31] */ 1946 s->dsp &= 0x00ffffff; 1947 s->dsp |= val << 24; 1948 if ((s->dmode & LSI_DMODE_MAN) == 0 1949 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1950 lsi_execute_script(s); 1951 break; 1952 CASE_SET_REG32(dsps, 0x30) 1953 CASE_SET_REG32(scratch[0], 0x34) 1954 case 0x38: /* DMODE */ 1955 s->dmode = val; 1956 break; 1957 case 0x39: /* DIEN */ 1958 s->dien = val; 1959 lsi_update_irq(s); 1960 break; 1961 case 0x3a: /* SBR */ 1962 s->sbr = val; 1963 break; 1964 case 0x3b: /* DCNTL */ 1965 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1966 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1967 lsi_execute_script(s); 1968 break; 1969 case 0x40: /* SIEN0 */ 1970 s->sien0 = val; 1971 lsi_update_irq(s); 1972 break; 1973 case 0x41: /* SIEN1 */ 1974 s->sien1 = val; 1975 lsi_update_irq(s); 1976 break; 1977 case 0x47: /* GPCNTL0 */ 1978 break; 1979 case 0x48: /* STIME0 */ 1980 s->stime0 = val; 1981 break; 1982 case 0x49: /* STIME1 */ 1983 if (val & 0xf) { 1984 qemu_log_mask(LOG_UNIMP, 1985 "lsi_scsi: General purpose timer not implemented\n"); 1986 /* ??? Raising the interrupt immediately seems to be sufficient 1987 to keep the FreeBSD driver happy. */ 1988 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 1989 } 1990 break; 1991 case 0x4a: /* RESPID0 */ 1992 s->respid0 = val; 1993 break; 1994 case 0x4b: /* RESPID1 */ 1995 s->respid1 = val; 1996 break; 1997 case 0x4d: /* STEST1 */ 1998 s->stest1 = val; 1999 break; 2000 case 0x4e: /* STEST2 */ 2001 if (val & 1) { 2002 qemu_log_mask(LOG_UNIMP, 2003 "lsi_scsi: Low level mode not implemented\n"); 2004 } 2005 s->stest2 = val; 2006 break; 2007 case 0x4f: /* STEST3 */ 2008 if (val & 0x41) { 2009 qemu_log_mask(LOG_UNIMP, 2010 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 2011 } 2012 s->stest3 = val; 2013 break; 2014 case 0x56: /* CCNTL0 */ 2015 s->ccntl0 = val; 2016 break; 2017 case 0x57: /* CCNTL1 */ 2018 s->ccntl1 = val; 2019 break; 2020 CASE_SET_REG32(mmrs, 0xa0) 2021 CASE_SET_REG32(mmws, 0xa4) 2022 CASE_SET_REG32(sfs, 0xa8) 2023 CASE_SET_REG32(drs, 0xac) 2024 CASE_SET_REG32(sbms, 0xb0) 2025 CASE_SET_REG32(dbms, 0xb4) 2026 CASE_SET_REG32(dnad64, 0xb8) 2027 CASE_SET_REG32(pmjad1, 0xc0) 2028 CASE_SET_REG32(pmjad2, 0xc4) 2029 CASE_SET_REG32(rbc, 0xc8) 2030 CASE_SET_REG32(ua, 0xcc) 2031 CASE_SET_REG32(ia, 0xd4) 2032 CASE_SET_REG32(sbc, 0xd8) 2033 CASE_SET_REG32(csbc, 0xdc) 2034 default: 2035 if (offset >= 0x5c && offset < 0xa0) { 2036 int n; 2037 int shift; 2038 n = (offset - 0x58) >> 2; 2039 shift = (offset & 3) * 8; 2040 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 2041 } else { 2042 qemu_log_mask(LOG_GUEST_ERROR, 2043 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 2044 offset < ARRAY_SIZE(names) ? names[offset] : "???", 2045 offset, val); 2046 } 2047 } 2048 #undef CASE_SET_REG24 2049 #undef CASE_SET_REG32 2050 } 2051 2052 static void lsi_mmio_write(void *opaque, hwaddr addr, 2053 uint64_t val, unsigned size) 2054 { 2055 LSIState *s = opaque; 2056 2057 lsi_reg_writeb(s, addr & 0xff, val); 2058 } 2059 2060 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2061 unsigned size) 2062 { 2063 LSIState *s = opaque; 2064 2065 return lsi_reg_readb(s, addr & 0xff); 2066 } 2067 2068 static const MemoryRegionOps lsi_mmio_ops = { 2069 .read = lsi_mmio_read, 2070 .write = lsi_mmio_write, 2071 .endianness = DEVICE_NATIVE_ENDIAN, 2072 .impl = { 2073 .min_access_size = 1, 2074 .max_access_size = 1, 2075 }, 2076 }; 2077 2078 static void lsi_ram_write(void *opaque, hwaddr addr, 2079 uint64_t val, unsigned size) 2080 { 2081 LSIState *s = opaque; 2082 uint32_t newval; 2083 uint32_t mask; 2084 int shift; 2085 2086 newval = s->script_ram[addr >> 2]; 2087 shift = (addr & 3) * 8; 2088 mask = ((uint64_t)1 << (size * 8)) - 1; 2089 newval &= ~(mask << shift); 2090 newval |= val << shift; 2091 s->script_ram[addr >> 2] = newval; 2092 } 2093 2094 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2095 unsigned size) 2096 { 2097 LSIState *s = opaque; 2098 uint32_t val; 2099 uint32_t mask; 2100 2101 val = s->script_ram[addr >> 2]; 2102 mask = ((uint64_t)1 << (size * 8)) - 1; 2103 val >>= (addr & 3) * 8; 2104 return val & mask; 2105 } 2106 2107 static const MemoryRegionOps lsi_ram_ops = { 2108 .read = lsi_ram_read, 2109 .write = lsi_ram_write, 2110 .endianness = DEVICE_NATIVE_ENDIAN, 2111 }; 2112 2113 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2114 unsigned size) 2115 { 2116 LSIState *s = opaque; 2117 return lsi_reg_readb(s, addr & 0xff); 2118 } 2119 2120 static void lsi_io_write(void *opaque, hwaddr addr, 2121 uint64_t val, unsigned size) 2122 { 2123 LSIState *s = opaque; 2124 lsi_reg_writeb(s, addr & 0xff, val); 2125 } 2126 2127 static const MemoryRegionOps lsi_io_ops = { 2128 .read = lsi_io_read, 2129 .write = lsi_io_write, 2130 .endianness = DEVICE_NATIVE_ENDIAN, 2131 .impl = { 2132 .min_access_size = 1, 2133 .max_access_size = 1, 2134 }, 2135 }; 2136 2137 static void lsi_scsi_reset(DeviceState *dev) 2138 { 2139 LSIState *s = LSI53C895A(dev); 2140 2141 lsi_soft_reset(s); 2142 } 2143 2144 static int lsi_pre_save(void *opaque) 2145 { 2146 LSIState *s = opaque; 2147 2148 if (s->current) { 2149 assert(s->current->dma_buf == NULL); 2150 assert(s->current->dma_len == 0); 2151 } 2152 assert(QTAILQ_EMPTY(&s->queue)); 2153 2154 return 0; 2155 } 2156 2157 static int lsi_post_load(void *opaque, int version_id) 2158 { 2159 LSIState *s = opaque; 2160 2161 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) { 2162 return -EINVAL; 2163 } 2164 2165 return 0; 2166 } 2167 2168 static const VMStateDescription vmstate_lsi_scsi = { 2169 .name = "lsiscsi", 2170 .version_id = 1, 2171 .minimum_version_id = 0, 2172 .pre_save = lsi_pre_save, 2173 .post_load = lsi_post_load, 2174 .fields = (VMStateField[]) { 2175 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2176 2177 VMSTATE_INT32(carry, LSIState), 2178 VMSTATE_INT32(status, LSIState), 2179 VMSTATE_INT32(msg_action, LSIState), 2180 VMSTATE_INT32(msg_len, LSIState), 2181 VMSTATE_BUFFER(msg, LSIState), 2182 VMSTATE_INT32(waiting, LSIState), 2183 2184 VMSTATE_UINT32(dsa, LSIState), 2185 VMSTATE_UINT32(temp, LSIState), 2186 VMSTATE_UINT32(dnad, LSIState), 2187 VMSTATE_UINT32(dbc, LSIState), 2188 VMSTATE_UINT8(istat0, LSIState), 2189 VMSTATE_UINT8(istat1, LSIState), 2190 VMSTATE_UINT8(dcmd, LSIState), 2191 VMSTATE_UINT8(dstat, LSIState), 2192 VMSTATE_UINT8(dien, LSIState), 2193 VMSTATE_UINT8(sist0, LSIState), 2194 VMSTATE_UINT8(sist1, LSIState), 2195 VMSTATE_UINT8(sien0, LSIState), 2196 VMSTATE_UINT8(sien1, LSIState), 2197 VMSTATE_UINT8(mbox0, LSIState), 2198 VMSTATE_UINT8(mbox1, LSIState), 2199 VMSTATE_UINT8(dfifo, LSIState), 2200 VMSTATE_UINT8(ctest2, LSIState), 2201 VMSTATE_UINT8(ctest3, LSIState), 2202 VMSTATE_UINT8(ctest4, LSIState), 2203 VMSTATE_UINT8(ctest5, LSIState), 2204 VMSTATE_UINT8(ccntl0, LSIState), 2205 VMSTATE_UINT8(ccntl1, LSIState), 2206 VMSTATE_UINT32(dsp, LSIState), 2207 VMSTATE_UINT32(dsps, LSIState), 2208 VMSTATE_UINT8(dmode, LSIState), 2209 VMSTATE_UINT8(dcntl, LSIState), 2210 VMSTATE_UINT8(scntl0, LSIState), 2211 VMSTATE_UINT8(scntl1, LSIState), 2212 VMSTATE_UINT8(scntl2, LSIState), 2213 VMSTATE_UINT8(scntl3, LSIState), 2214 VMSTATE_UINT8(sstat0, LSIState), 2215 VMSTATE_UINT8(sstat1, LSIState), 2216 VMSTATE_UINT8(scid, LSIState), 2217 VMSTATE_UINT8(sxfer, LSIState), 2218 VMSTATE_UINT8(socl, LSIState), 2219 VMSTATE_UINT8(sdid, LSIState), 2220 VMSTATE_UINT8(ssid, LSIState), 2221 VMSTATE_UINT8(sfbr, LSIState), 2222 VMSTATE_UINT8(stest1, LSIState), 2223 VMSTATE_UINT8(stest2, LSIState), 2224 VMSTATE_UINT8(stest3, LSIState), 2225 VMSTATE_UINT8(sidl, LSIState), 2226 VMSTATE_UINT8(stime0, LSIState), 2227 VMSTATE_UINT8(respid0, LSIState), 2228 VMSTATE_UINT8(respid1, LSIState), 2229 VMSTATE_UINT8_V(sbcl, LSIState, 1), 2230 VMSTATE_UINT32(mmrs, LSIState), 2231 VMSTATE_UINT32(mmws, LSIState), 2232 VMSTATE_UINT32(sfs, LSIState), 2233 VMSTATE_UINT32(drs, LSIState), 2234 VMSTATE_UINT32(sbms, LSIState), 2235 VMSTATE_UINT32(dbms, LSIState), 2236 VMSTATE_UINT32(dnad64, LSIState), 2237 VMSTATE_UINT32(pmjad1, LSIState), 2238 VMSTATE_UINT32(pmjad2, LSIState), 2239 VMSTATE_UINT32(rbc, LSIState), 2240 VMSTATE_UINT32(ua, LSIState), 2241 VMSTATE_UINT32(ia, LSIState), 2242 VMSTATE_UINT32(sbc, LSIState), 2243 VMSTATE_UINT32(csbc, LSIState), 2244 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2245 VMSTATE_UINT8(sbr, LSIState), 2246 2247 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)), 2248 VMSTATE_END_OF_LIST() 2249 } 2250 }; 2251 2252 static const struct SCSIBusInfo lsi_scsi_info = { 2253 .tcq = true, 2254 .max_target = LSI_MAX_DEVS, 2255 .max_lun = 0, /* LUN support is buggy */ 2256 2257 .transfer_data = lsi_transfer_data, 2258 .complete = lsi_command_complete, 2259 .cancel = lsi_request_cancelled 2260 }; 2261 2262 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2263 { 2264 LSIState *s = LSI53C895A(dev); 2265 DeviceState *d = DEVICE(dev); 2266 uint8_t *pci_conf; 2267 2268 pci_conf = dev->config; 2269 2270 /* PCI latency timer = 255 */ 2271 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2272 /* Interrupt pin A */ 2273 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2274 2275 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2276 "lsi-mmio", 0x400); 2277 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2278 "lsi-ram", 0x2000); 2279 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2280 "lsi-io", 256); 2281 2282 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2283 qdev_init_gpio_out(d, &s->ext_irq, 1); 2284 2285 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2286 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2287 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2288 QTAILQ_INIT(&s->queue); 2289 2290 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2291 } 2292 2293 static void lsi_scsi_unrealize(DeviceState *dev, Error **errp) 2294 { 2295 LSIState *s = LSI53C895A(dev); 2296 2297 address_space_destroy(&s->pci_io_as); 2298 } 2299 2300 static void lsi_class_init(ObjectClass *klass, void *data) 2301 { 2302 DeviceClass *dc = DEVICE_CLASS(klass); 2303 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2304 2305 k->realize = lsi_scsi_realize; 2306 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2307 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2308 k->class_id = PCI_CLASS_STORAGE_SCSI; 2309 k->subsystem_id = 0x1000; 2310 dc->unrealize = lsi_scsi_unrealize; 2311 dc->reset = lsi_scsi_reset; 2312 dc->vmsd = &vmstate_lsi_scsi; 2313 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2314 } 2315 2316 static const TypeInfo lsi_info = { 2317 .name = TYPE_LSI53C895A, 2318 .parent = TYPE_PCI_DEVICE, 2319 .instance_size = sizeof(LSIState), 2320 .class_init = lsi_class_init, 2321 .interfaces = (InterfaceInfo[]) { 2322 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2323 { }, 2324 }, 2325 }; 2326 2327 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2328 { 2329 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2330 2331 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2332 } 2333 2334 static TypeInfo lsi53c810_info = { 2335 .name = TYPE_LSI53C810, 2336 .parent = TYPE_LSI53C895A, 2337 .class_init = lsi53c810_class_init, 2338 }; 2339 2340 static void lsi53c895a_register_types(void) 2341 { 2342 type_register_static(&lsi_info); 2343 type_register_static(&lsi53c810_info); 2344 } 2345 2346 type_init(lsi53c895a_register_types) 2347 2348 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2349 { 2350 LSIState *s = LSI53C895A(lsi_dev); 2351 2352 scsi_bus_legacy_handle_cmdline(&s->bus); 2353 } 2354