1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/irq.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "migration/vmstate.h" 22 #include "sysemu/dma.h" 23 #include "qemu/log.h" 24 #include "qemu/module.h" 25 #include "trace.h" 26 27 static const char *names[] = { 28 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 29 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 30 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 31 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 32 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 33 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 34 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 35 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 36 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 37 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 38 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 39 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 40 }; 41 42 #define LSI_MAX_DEVS 7 43 44 #define LSI_SCNTL0_TRG 0x01 45 #define LSI_SCNTL0_AAP 0x02 46 #define LSI_SCNTL0_EPC 0x08 47 #define LSI_SCNTL0_WATN 0x10 48 #define LSI_SCNTL0_START 0x20 49 50 #define LSI_SCNTL1_SST 0x01 51 #define LSI_SCNTL1_IARB 0x02 52 #define LSI_SCNTL1_AESP 0x04 53 #define LSI_SCNTL1_RST 0x08 54 #define LSI_SCNTL1_CON 0x10 55 #define LSI_SCNTL1_DHP 0x20 56 #define LSI_SCNTL1_ADB 0x40 57 #define LSI_SCNTL1_EXC 0x80 58 59 #define LSI_SCNTL2_WSR 0x01 60 #define LSI_SCNTL2_VUE0 0x02 61 #define LSI_SCNTL2_VUE1 0x04 62 #define LSI_SCNTL2_WSS 0x08 63 #define LSI_SCNTL2_SLPHBEN 0x10 64 #define LSI_SCNTL2_SLPMD 0x20 65 #define LSI_SCNTL2_CHM 0x40 66 #define LSI_SCNTL2_SDU 0x80 67 68 #define LSI_ISTAT0_DIP 0x01 69 #define LSI_ISTAT0_SIP 0x02 70 #define LSI_ISTAT0_INTF 0x04 71 #define LSI_ISTAT0_CON 0x08 72 #define LSI_ISTAT0_SEM 0x10 73 #define LSI_ISTAT0_SIGP 0x20 74 #define LSI_ISTAT0_SRST 0x40 75 #define LSI_ISTAT0_ABRT 0x80 76 77 #define LSI_ISTAT1_SI 0x01 78 #define LSI_ISTAT1_SRUN 0x02 79 #define LSI_ISTAT1_FLSH 0x04 80 81 #define LSI_SSTAT0_SDP0 0x01 82 #define LSI_SSTAT0_RST 0x02 83 #define LSI_SSTAT0_WOA 0x04 84 #define LSI_SSTAT0_LOA 0x08 85 #define LSI_SSTAT0_AIP 0x10 86 #define LSI_SSTAT0_OLF 0x20 87 #define LSI_SSTAT0_ORF 0x40 88 #define LSI_SSTAT0_ILF 0x80 89 90 #define LSI_SIST0_PAR 0x01 91 #define LSI_SIST0_RST 0x02 92 #define LSI_SIST0_UDC 0x04 93 #define LSI_SIST0_SGE 0x08 94 #define LSI_SIST0_RSL 0x10 95 #define LSI_SIST0_SEL 0x20 96 #define LSI_SIST0_CMP 0x40 97 #define LSI_SIST0_MA 0x80 98 99 #define LSI_SIST1_HTH 0x01 100 #define LSI_SIST1_GEN 0x02 101 #define LSI_SIST1_STO 0x04 102 #define LSI_SIST1_SBMC 0x10 103 104 #define LSI_SOCL_IO 0x01 105 #define LSI_SOCL_CD 0x02 106 #define LSI_SOCL_MSG 0x04 107 #define LSI_SOCL_ATN 0x08 108 #define LSI_SOCL_SEL 0x10 109 #define LSI_SOCL_BSY 0x20 110 #define LSI_SOCL_ACK 0x40 111 #define LSI_SOCL_REQ 0x80 112 113 #define LSI_DSTAT_IID 0x01 114 #define LSI_DSTAT_SIR 0x04 115 #define LSI_DSTAT_SSI 0x08 116 #define LSI_DSTAT_ABRT 0x10 117 #define LSI_DSTAT_BF 0x20 118 #define LSI_DSTAT_MDPE 0x40 119 #define LSI_DSTAT_DFE 0x80 120 121 #define LSI_DCNTL_COM 0x01 122 #define LSI_DCNTL_IRQD 0x02 123 #define LSI_DCNTL_STD 0x04 124 #define LSI_DCNTL_IRQM 0x08 125 #define LSI_DCNTL_SSM 0x10 126 #define LSI_DCNTL_PFEN 0x20 127 #define LSI_DCNTL_PFF 0x40 128 #define LSI_DCNTL_CLSE 0x80 129 130 #define LSI_DMODE_MAN 0x01 131 #define LSI_DMODE_BOF 0x02 132 #define LSI_DMODE_ERMP 0x04 133 #define LSI_DMODE_ERL 0x08 134 #define LSI_DMODE_DIOM 0x10 135 #define LSI_DMODE_SIOM 0x20 136 137 #define LSI_CTEST2_DACK 0x01 138 #define LSI_CTEST2_DREQ 0x02 139 #define LSI_CTEST2_TEOP 0x04 140 #define LSI_CTEST2_PCICIE 0x08 141 #define LSI_CTEST2_CM 0x10 142 #define LSI_CTEST2_CIO 0x20 143 #define LSI_CTEST2_SIGP 0x40 144 #define LSI_CTEST2_DDIR 0x80 145 146 #define LSI_CTEST5_BL2 0x04 147 #define LSI_CTEST5_DDIR 0x08 148 #define LSI_CTEST5_MASR 0x10 149 #define LSI_CTEST5_DFSN 0x20 150 #define LSI_CTEST5_BBCK 0x40 151 #define LSI_CTEST5_ADCK 0x80 152 153 #define LSI_CCNTL0_DILS 0x01 154 #define LSI_CCNTL0_DISFC 0x10 155 #define LSI_CCNTL0_ENNDJ 0x20 156 #define LSI_CCNTL0_PMJCTL 0x40 157 #define LSI_CCNTL0_ENPMJ 0x80 158 159 #define LSI_CCNTL1_EN64DBMV 0x01 160 #define LSI_CCNTL1_EN64TIBMV 0x02 161 #define LSI_CCNTL1_64TIMOD 0x04 162 #define LSI_CCNTL1_DDAC 0x08 163 #define LSI_CCNTL1_ZMOD 0x80 164 165 #define LSI_SBCL_ATN 0x08 166 #define LSI_SBCL_BSY 0x20 167 #define LSI_SBCL_ACK 0x40 168 #define LSI_SBCL_REQ 0x80 169 170 /* Enable Response to Reselection */ 171 #define LSI_SCID_RRE 0x60 172 173 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 174 175 #define PHASE_DO 0 176 #define PHASE_DI 1 177 #define PHASE_CMD 2 178 #define PHASE_ST 3 179 #define PHASE_MO 6 180 #define PHASE_MI 7 181 #define PHASE_MASK 7 182 183 /* Maximum length of MSG IN data. */ 184 #define LSI_MAX_MSGIN_LEN 8 185 186 /* Flag set if this is a tagged command. */ 187 #define LSI_TAG_VALID (1 << 16) 188 189 typedef struct lsi_request { 190 SCSIRequest *req; 191 uint32_t tag; 192 uint32_t dma_len; 193 uint8_t *dma_buf; 194 uint32_t pending; 195 int out; 196 QTAILQ_ENTRY(lsi_request) next; 197 } lsi_request; 198 199 enum { 200 LSI_NOWAIT, /* SCRIPTS are running or stopped */ 201 LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */ 202 LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */ 203 LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */ 204 }; 205 206 enum { 207 LSI_MSG_ACTION_COMMAND = 0, 208 LSI_MSG_ACTION_DISCONNECT = 1, 209 LSI_MSG_ACTION_DOUT = 2, 210 LSI_MSG_ACTION_DIN = 3, 211 }; 212 213 typedef struct { 214 /*< private >*/ 215 PCIDevice parent_obj; 216 /*< public >*/ 217 218 qemu_irq ext_irq; 219 MemoryRegion mmio_io; 220 MemoryRegion ram_io; 221 MemoryRegion io_io; 222 AddressSpace pci_io_as; 223 224 int carry; /* ??? Should this be an a visible register somewhere? */ 225 int status; 226 int msg_action; 227 int msg_len; 228 uint8_t msg[LSI_MAX_MSGIN_LEN]; 229 int waiting; 230 SCSIBus bus; 231 int current_lun; 232 /* The tag is a combination of the device ID and the SCSI tag. */ 233 uint32_t select_tag; 234 int command_complete; 235 QTAILQ_HEAD(, lsi_request) queue; 236 lsi_request *current; 237 238 uint32_t dsa; 239 uint32_t temp; 240 uint32_t dnad; 241 uint32_t dbc; 242 uint8_t istat0; 243 uint8_t istat1; 244 uint8_t dcmd; 245 uint8_t dstat; 246 uint8_t dien; 247 uint8_t sist0; 248 uint8_t sist1; 249 uint8_t sien0; 250 uint8_t sien1; 251 uint8_t mbox0; 252 uint8_t mbox1; 253 uint8_t dfifo; 254 uint8_t ctest2; 255 uint8_t ctest3; 256 uint8_t ctest4; 257 uint8_t ctest5; 258 uint8_t ccntl0; 259 uint8_t ccntl1; 260 uint32_t dsp; 261 uint32_t dsps; 262 uint8_t dmode; 263 uint8_t dcntl; 264 uint8_t scntl0; 265 uint8_t scntl1; 266 uint8_t scntl2; 267 uint8_t scntl3; 268 uint8_t sstat0; 269 uint8_t sstat1; 270 uint8_t scid; 271 uint8_t sxfer; 272 uint8_t socl; 273 uint8_t sdid; 274 uint8_t ssid; 275 uint8_t sfbr; 276 uint8_t sbcl; 277 uint8_t stest1; 278 uint8_t stest2; 279 uint8_t stest3; 280 uint8_t sidl; 281 uint8_t stime0; 282 uint8_t respid0; 283 uint8_t respid1; 284 uint32_t mmrs; 285 uint32_t mmws; 286 uint32_t sfs; 287 uint32_t drs; 288 uint32_t sbms; 289 uint32_t dbms; 290 uint32_t dnad64; 291 uint32_t pmjad1; 292 uint32_t pmjad2; 293 uint32_t rbc; 294 uint32_t ua; 295 uint32_t ia; 296 uint32_t sbc; 297 uint32_t csbc; 298 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 299 uint8_t sbr; 300 uint32_t adder; 301 302 uint8_t script_ram[2048 * sizeof(uint32_t)]; 303 } LSIState; 304 305 #define TYPE_LSI53C810 "lsi53c810" 306 #define TYPE_LSI53C895A "lsi53c895a" 307 308 #define LSI53C895A(obj) \ 309 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A) 310 311 static const char *scsi_phases[] = { 312 "DOUT", 313 "DIN", 314 "CMD", 315 "STATUS", 316 "RSVOUT", 317 "RSVIN", 318 "MSGOUT", 319 "MSGIN" 320 }; 321 322 static const char *scsi_phase_name(int phase) 323 { 324 return scsi_phases[phase & PHASE_MASK]; 325 } 326 327 static inline int lsi_irq_on_rsl(LSIState *s) 328 { 329 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 330 } 331 332 static lsi_request *get_pending_req(LSIState *s) 333 { 334 lsi_request *p; 335 336 QTAILQ_FOREACH(p, &s->queue, next) { 337 if (p->pending) { 338 return p; 339 } 340 } 341 return NULL; 342 } 343 344 static void lsi_soft_reset(LSIState *s) 345 { 346 trace_lsi_reset(); 347 s->carry = 0; 348 349 s->msg_action = LSI_MSG_ACTION_COMMAND; 350 s->msg_len = 0; 351 s->waiting = LSI_NOWAIT; 352 s->dsa = 0; 353 s->dnad = 0; 354 s->dbc = 0; 355 s->temp = 0; 356 memset(s->scratch, 0, sizeof(s->scratch)); 357 s->istat0 = 0; 358 s->istat1 = 0; 359 s->dcmd = 0x40; 360 s->dstat = 0; 361 s->dien = 0; 362 s->sist0 = 0; 363 s->sist1 = 0; 364 s->sien0 = 0; 365 s->sien1 = 0; 366 s->mbox0 = 0; 367 s->mbox1 = 0; 368 s->dfifo = 0; 369 s->ctest2 = LSI_CTEST2_DACK; 370 s->ctest3 = 0; 371 s->ctest4 = 0; 372 s->ctest5 = 0; 373 s->ccntl0 = 0; 374 s->ccntl1 = 0; 375 s->dsp = 0; 376 s->dsps = 0; 377 s->dmode = 0; 378 s->dcntl = 0; 379 s->scntl0 = 0xc0; 380 s->scntl1 = 0; 381 s->scntl2 = 0; 382 s->scntl3 = 0; 383 s->sstat0 = 0; 384 s->sstat1 = 0; 385 s->scid = 7; 386 s->sxfer = 0; 387 s->socl = 0; 388 s->sdid = 0; 389 s->ssid = 0; 390 s->sbcl = 0; 391 s->stest1 = 0; 392 s->stest2 = 0; 393 s->stest3 = 0; 394 s->sidl = 0; 395 s->stime0 = 0; 396 s->respid0 = 0x80; 397 s->respid1 = 0; 398 s->mmrs = 0; 399 s->mmws = 0; 400 s->sfs = 0; 401 s->drs = 0; 402 s->sbms = 0; 403 s->dbms = 0; 404 s->dnad64 = 0; 405 s->pmjad1 = 0; 406 s->pmjad2 = 0; 407 s->rbc = 0; 408 s->ua = 0; 409 s->ia = 0; 410 s->sbc = 0; 411 s->csbc = 0; 412 s->sbr = 0; 413 assert(QTAILQ_EMPTY(&s->queue)); 414 assert(!s->current); 415 } 416 417 static int lsi_dma_40bit(LSIState *s) 418 { 419 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 420 return 1; 421 return 0; 422 } 423 424 static int lsi_dma_ti64bit(LSIState *s) 425 { 426 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 427 return 1; 428 return 0; 429 } 430 431 static int lsi_dma_64bit(LSIState *s) 432 { 433 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 434 return 1; 435 return 0; 436 } 437 438 static uint8_t lsi_reg_readb(LSIState *s, int offset); 439 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 440 static void lsi_execute_script(LSIState *s); 441 static void lsi_reselect(LSIState *s, lsi_request *p); 442 443 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 444 void *buf, dma_addr_t len) 445 { 446 if (s->dmode & LSI_DMODE_SIOM) { 447 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 448 buf, len); 449 } else { 450 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 451 } 452 } 453 454 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 455 const void *buf, dma_addr_t len) 456 { 457 if (s->dmode & LSI_DMODE_DIOM) { 458 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 459 buf, len); 460 } else { 461 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 462 } 463 } 464 465 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 466 { 467 uint32_t buf; 468 469 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 470 return cpu_to_le32(buf); 471 } 472 473 static void lsi_stop_script(LSIState *s) 474 { 475 s->istat1 &= ~LSI_ISTAT1_SRUN; 476 } 477 478 static void lsi_set_irq(LSIState *s, int level) 479 { 480 PCIDevice *d = PCI_DEVICE(s); 481 482 if (s->ext_irq) { 483 qemu_set_irq(s->ext_irq, level); 484 } else { 485 pci_set_irq(d, level); 486 } 487 } 488 489 static void lsi_update_irq(LSIState *s) 490 { 491 int level; 492 static int last_level; 493 494 /* It's unclear whether the DIP/SIP bits should be cleared when the 495 Interrupt Status Registers are cleared or when istat0 is read. 496 We currently do the formwer, which seems to work. */ 497 level = 0; 498 if (s->dstat) { 499 if (s->dstat & s->dien) 500 level = 1; 501 s->istat0 |= LSI_ISTAT0_DIP; 502 } else { 503 s->istat0 &= ~LSI_ISTAT0_DIP; 504 } 505 506 if (s->sist0 || s->sist1) { 507 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 508 level = 1; 509 s->istat0 |= LSI_ISTAT0_SIP; 510 } else { 511 s->istat0 &= ~LSI_ISTAT0_SIP; 512 } 513 if (s->istat0 & LSI_ISTAT0_INTF) 514 level = 1; 515 516 if (level != last_level) { 517 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 518 last_level = level; 519 } 520 lsi_set_irq(s, level); 521 522 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 523 lsi_request *p; 524 525 trace_lsi_update_irq_disconnected(); 526 p = get_pending_req(s); 527 if (p) { 528 lsi_reselect(s, p); 529 } 530 } 531 } 532 533 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 534 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 535 { 536 uint32_t mask0; 537 uint32_t mask1; 538 539 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 540 s->sist0 |= stat0; 541 s->sist1 |= stat1; 542 /* Stop processor on fatal or unmasked interrupt. As a special hack 543 we don't stop processing when raising STO. Instead continue 544 execution and stop at the next insn that accesses the SCSI bus. */ 545 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 546 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 547 mask1 &= ~LSI_SIST1_STO; 548 if (s->sist0 & mask0 || s->sist1 & mask1) { 549 lsi_stop_script(s); 550 } 551 lsi_update_irq(s); 552 } 553 554 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 555 static void lsi_script_dma_interrupt(LSIState *s, int stat) 556 { 557 trace_lsi_script_dma_interrupt(stat, s->dstat); 558 s->dstat |= stat; 559 lsi_update_irq(s); 560 lsi_stop_script(s); 561 } 562 563 static inline void lsi_set_phase(LSIState *s, int phase) 564 { 565 s->sbcl &= ~PHASE_MASK; 566 s->sbcl |= phase | LSI_SBCL_REQ; 567 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 568 } 569 570 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 571 { 572 /* Trigger a phase mismatch. */ 573 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 574 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 575 s->dsp = out ? s->pmjad1 : s->pmjad2; 576 } else { 577 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 578 } 579 trace_lsi_bad_phase_jump(s->dsp); 580 } else { 581 trace_lsi_bad_phase_interrupt(); 582 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 583 lsi_stop_script(s); 584 } 585 lsi_set_phase(s, new_phase); 586 } 587 588 589 /* Resume SCRIPTS execution after a DMA operation. */ 590 static void lsi_resume_script(LSIState *s) 591 { 592 if (s->waiting != 2) { 593 s->waiting = LSI_NOWAIT; 594 lsi_execute_script(s); 595 } else { 596 s->waiting = LSI_NOWAIT; 597 } 598 } 599 600 static void lsi_disconnect(LSIState *s) 601 { 602 s->scntl1 &= ~LSI_SCNTL1_CON; 603 s->sstat1 &= ~PHASE_MASK; 604 s->sbcl = 0; 605 } 606 607 static void lsi_bad_selection(LSIState *s, uint32_t id) 608 { 609 trace_lsi_bad_selection(id); 610 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 611 lsi_disconnect(s); 612 } 613 614 /* Initiate a SCSI layer data transfer. */ 615 static void lsi_do_dma(LSIState *s, int out) 616 { 617 uint32_t count; 618 dma_addr_t addr; 619 SCSIDevice *dev; 620 621 assert(s->current); 622 if (!s->current->dma_len) { 623 /* Wait until data is available. */ 624 trace_lsi_do_dma_unavailable(); 625 return; 626 } 627 628 dev = s->current->req->dev; 629 assert(dev); 630 631 count = s->dbc; 632 if (count > s->current->dma_len) 633 count = s->current->dma_len; 634 635 addr = s->dnad; 636 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 637 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 638 addr |= ((uint64_t)s->dnad64 << 32); 639 else if (s->dbms) 640 addr |= ((uint64_t)s->dbms << 32); 641 else if (s->sbms) 642 addr |= ((uint64_t)s->sbms << 32); 643 644 trace_lsi_do_dma(addr, count); 645 s->csbc += count; 646 s->dnad += count; 647 s->dbc -= count; 648 if (s->current->dma_buf == NULL) { 649 s->current->dma_buf = scsi_req_get_buf(s->current->req); 650 } 651 /* ??? Set SFBR to first data byte. */ 652 if (out) { 653 lsi_mem_read(s, addr, s->current->dma_buf, count); 654 } else { 655 lsi_mem_write(s, addr, s->current->dma_buf, count); 656 } 657 s->current->dma_len -= count; 658 if (s->current->dma_len == 0) { 659 s->current->dma_buf = NULL; 660 scsi_req_continue(s->current->req); 661 } else { 662 s->current->dma_buf += count; 663 lsi_resume_script(s); 664 } 665 } 666 667 668 /* Add a command to the queue. */ 669 static void lsi_queue_command(LSIState *s) 670 { 671 lsi_request *p = s->current; 672 673 trace_lsi_queue_command(p->tag); 674 assert(s->current != NULL); 675 assert(s->current->dma_len == 0); 676 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 677 s->current = NULL; 678 679 p->pending = 0; 680 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 681 } 682 683 /* Queue a byte for a MSG IN phase. */ 684 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 685 { 686 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 687 trace_lsi_add_msg_byte_error(); 688 } else { 689 trace_lsi_add_msg_byte(data); 690 s->msg[s->msg_len++] = data; 691 } 692 } 693 694 /* Perform reselection to continue a command. */ 695 static void lsi_reselect(LSIState *s, lsi_request *p) 696 { 697 int id; 698 699 assert(s->current == NULL); 700 QTAILQ_REMOVE(&s->queue, p, next); 701 s->current = p; 702 703 id = (p->tag >> 8) & 0xf; 704 s->ssid = id | 0x80; 705 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 706 if (!(s->dcntl & LSI_DCNTL_COM)) { 707 s->sfbr = 1 << (id & 0x7); 708 } 709 trace_lsi_reselect(id); 710 s->scntl1 |= LSI_SCNTL1_CON; 711 lsi_set_phase(s, PHASE_MI); 712 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN; 713 s->current->dma_len = p->pending; 714 lsi_add_msg_byte(s, 0x80); 715 if (s->current->tag & LSI_TAG_VALID) { 716 lsi_add_msg_byte(s, 0x20); 717 lsi_add_msg_byte(s, p->tag & 0xff); 718 } 719 720 if (lsi_irq_on_rsl(s)) { 721 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 722 } 723 } 724 725 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 726 { 727 lsi_request *p; 728 729 QTAILQ_FOREACH(p, &s->queue, next) { 730 if (p->tag == tag) { 731 return p; 732 } 733 } 734 735 return NULL; 736 } 737 738 static void lsi_request_free(LSIState *s, lsi_request *p) 739 { 740 if (p == s->current) { 741 s->current = NULL; 742 } else { 743 QTAILQ_REMOVE(&s->queue, p, next); 744 } 745 g_free(p); 746 } 747 748 static void lsi_request_cancelled(SCSIRequest *req) 749 { 750 LSIState *s = LSI53C895A(req->bus->qbus.parent); 751 lsi_request *p = req->hba_private; 752 753 req->hba_private = NULL; 754 lsi_request_free(s, p); 755 scsi_req_unref(req); 756 } 757 758 /* Record that data is available for a queued command. Returns zero if 759 the device was reselected, nonzero if the IO is deferred. */ 760 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 761 { 762 lsi_request *p = req->hba_private; 763 764 if (p->pending) { 765 trace_lsi_queue_req_error(p); 766 } 767 p->pending = len; 768 /* Reselect if waiting for it, or if reselection triggers an IRQ 769 and the bus is free. 770 Since no interrupt stacking is implemented in the emulation, it 771 is also required that there are no pending interrupts waiting 772 for service from the device driver. */ 773 if (s->waiting == LSI_WAIT_RESELECT || 774 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 775 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 776 /* Reselect device. */ 777 lsi_reselect(s, p); 778 return 0; 779 } else { 780 trace_lsi_queue_req(p->tag); 781 p->pending = len; 782 return 1; 783 } 784 } 785 786 /* Callback to indicate that the SCSI layer has completed a command. */ 787 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 788 { 789 LSIState *s = LSI53C895A(req->bus->qbus.parent); 790 int out; 791 792 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 793 trace_lsi_command_complete(status); 794 s->status = status; 795 s->command_complete = 2; 796 if (s->waiting && s->dbc != 0) { 797 /* Raise phase mismatch for short transfers. */ 798 lsi_bad_phase(s, out, PHASE_ST); 799 } else { 800 lsi_set_phase(s, PHASE_ST); 801 } 802 803 if (req->hba_private == s->current) { 804 req->hba_private = NULL; 805 lsi_request_free(s, s->current); 806 scsi_req_unref(req); 807 } 808 lsi_resume_script(s); 809 } 810 811 /* Callback to indicate that the SCSI layer has completed a transfer. */ 812 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 813 { 814 LSIState *s = LSI53C895A(req->bus->qbus.parent); 815 int out; 816 817 assert(req->hba_private); 818 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current || 819 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 820 if (lsi_queue_req(s, req, len)) { 821 return; 822 } 823 } 824 825 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 826 827 /* host adapter (re)connected */ 828 trace_lsi_transfer_data(req->tag, len); 829 s->current->dma_len = len; 830 s->command_complete = 1; 831 if (s->waiting) { 832 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) { 833 lsi_resume_script(s); 834 } else { 835 lsi_do_dma(s, out); 836 } 837 } 838 } 839 840 static void lsi_do_command(LSIState *s) 841 { 842 SCSIDevice *dev; 843 uint8_t buf[16]; 844 uint32_t id; 845 int n; 846 847 trace_lsi_do_command(s->dbc); 848 if (s->dbc > 16) 849 s->dbc = 16; 850 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 851 s->sfbr = buf[0]; 852 s->command_complete = 0; 853 854 id = (s->select_tag >> 8) & 0xf; 855 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 856 if (!dev) { 857 lsi_bad_selection(s, id); 858 return; 859 } 860 861 assert(s->current == NULL); 862 s->current = g_new0(lsi_request, 1); 863 s->current->tag = s->select_tag; 864 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 865 s->current); 866 867 n = scsi_req_enqueue(s->current->req); 868 if (n) { 869 if (n > 0) { 870 lsi_set_phase(s, PHASE_DI); 871 } else if (n < 0) { 872 lsi_set_phase(s, PHASE_DO); 873 } 874 scsi_req_continue(s->current->req); 875 } 876 if (!s->command_complete) { 877 if (n) { 878 /* Command did not complete immediately so disconnect. */ 879 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 880 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 881 /* wait data */ 882 lsi_set_phase(s, PHASE_MI); 883 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 884 lsi_queue_command(s); 885 } else { 886 /* wait command complete */ 887 lsi_set_phase(s, PHASE_DI); 888 } 889 } 890 } 891 892 static void lsi_do_status(LSIState *s) 893 { 894 uint8_t status; 895 trace_lsi_do_status(s->dbc, s->status); 896 if (s->dbc != 1) { 897 trace_lsi_do_status_error(); 898 } 899 s->dbc = 1; 900 status = s->status; 901 s->sfbr = status; 902 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 903 lsi_set_phase(s, PHASE_MI); 904 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 905 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 906 } 907 908 static void lsi_do_msgin(LSIState *s) 909 { 910 uint8_t len; 911 trace_lsi_do_msgin(s->dbc, s->msg_len); 912 s->sfbr = s->msg[0]; 913 len = s->msg_len; 914 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN); 915 if (len > s->dbc) 916 len = s->dbc; 917 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 918 /* Linux drivers rely on the last byte being in the SIDL. */ 919 s->sidl = s->msg[len - 1]; 920 s->msg_len -= len; 921 if (s->msg_len) { 922 memmove(s->msg, s->msg + len, s->msg_len); 923 } else { 924 /* ??? Check if ATN (not yet implemented) is asserted and maybe 925 switch to PHASE_MO. */ 926 switch (s->msg_action) { 927 case LSI_MSG_ACTION_COMMAND: 928 lsi_set_phase(s, PHASE_CMD); 929 break; 930 case LSI_MSG_ACTION_DISCONNECT: 931 lsi_disconnect(s); 932 break; 933 case LSI_MSG_ACTION_DOUT: 934 lsi_set_phase(s, PHASE_DO); 935 break; 936 case LSI_MSG_ACTION_DIN: 937 lsi_set_phase(s, PHASE_DI); 938 break; 939 default: 940 abort(); 941 } 942 } 943 } 944 945 /* Read the next byte during a MSGOUT phase. */ 946 static uint8_t lsi_get_msgbyte(LSIState *s) 947 { 948 uint8_t data; 949 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 950 s->dnad++; 951 s->dbc--; 952 return data; 953 } 954 955 /* Skip the next n bytes during a MSGOUT phase. */ 956 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 957 { 958 s->dnad += n; 959 s->dbc -= n; 960 } 961 962 static void lsi_do_msgout(LSIState *s) 963 { 964 uint8_t msg; 965 int len; 966 uint32_t current_tag; 967 lsi_request *current_req, *p, *p_next; 968 969 if (s->current) { 970 current_tag = s->current->tag; 971 current_req = s->current; 972 } else { 973 current_tag = s->select_tag; 974 current_req = lsi_find_by_tag(s, current_tag); 975 } 976 977 trace_lsi_do_msgout(s->dbc); 978 while (s->dbc) { 979 msg = lsi_get_msgbyte(s); 980 s->sfbr = msg; 981 982 switch (msg) { 983 case 0x04: 984 trace_lsi_do_msgout_disconnect(); 985 lsi_disconnect(s); 986 break; 987 case 0x08: 988 trace_lsi_do_msgout_noop(); 989 lsi_set_phase(s, PHASE_CMD); 990 break; 991 case 0x01: 992 len = lsi_get_msgbyte(s); 993 msg = lsi_get_msgbyte(s); 994 (void)len; /* avoid a warning about unused variable*/ 995 trace_lsi_do_msgout_extended(msg, len); 996 switch (msg) { 997 case 1: 998 trace_lsi_do_msgout_ignored("SDTR"); 999 lsi_skip_msgbytes(s, 2); 1000 break; 1001 case 3: 1002 trace_lsi_do_msgout_ignored("WDTR"); 1003 lsi_skip_msgbytes(s, 1); 1004 break; 1005 case 4: 1006 trace_lsi_do_msgout_ignored("PPR"); 1007 lsi_skip_msgbytes(s, 5); 1008 break; 1009 default: 1010 goto bad; 1011 } 1012 break; 1013 case 0x20: /* SIMPLE queue */ 1014 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1015 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 1016 break; 1017 case 0x21: /* HEAD of queue */ 1018 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 1019 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1020 break; 1021 case 0x22: /* ORDERED queue */ 1022 qemu_log_mask(LOG_UNIMP, 1023 "lsi_scsi: ORDERED queue not implemented\n"); 1024 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1025 break; 1026 case 0x0d: 1027 /* The ABORT TAG message clears the current I/O process only. */ 1028 trace_lsi_do_msgout_abort(current_tag); 1029 if (current_req) { 1030 scsi_req_cancel(current_req->req); 1031 } 1032 lsi_disconnect(s); 1033 break; 1034 case 0x06: 1035 case 0x0e: 1036 case 0x0c: 1037 /* The ABORT message clears all I/O processes for the selecting 1038 initiator on the specified logical unit of the target. */ 1039 if (msg == 0x06) { 1040 trace_lsi_do_msgout_abort(current_tag); 1041 } 1042 /* The CLEAR QUEUE message clears all I/O processes for all 1043 initiators on the specified logical unit of the target. */ 1044 if (msg == 0x0e) { 1045 trace_lsi_do_msgout_clearqueue(current_tag); 1046 } 1047 /* The BUS DEVICE RESET message clears all I/O processes for all 1048 initiators on all logical units of the target. */ 1049 if (msg == 0x0c) { 1050 trace_lsi_do_msgout_busdevicereset(current_tag); 1051 } 1052 1053 /* clear the current I/O process */ 1054 if (s->current) { 1055 scsi_req_cancel(s->current->req); 1056 } 1057 1058 /* As the current implemented devices scsi_disk and scsi_generic 1059 only support one LUN, we don't need to keep track of LUNs. 1060 Clearing I/O processes for other initiators could be possible 1061 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1062 device, but this is currently not implemented (and seems not 1063 to be really necessary). So let's simply clear all queued 1064 commands for the current device: */ 1065 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1066 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1067 scsi_req_cancel(p->req); 1068 } 1069 } 1070 1071 lsi_disconnect(s); 1072 break; 1073 default: 1074 if ((msg & 0x80) == 0) { 1075 goto bad; 1076 } 1077 s->current_lun = msg & 7; 1078 trace_lsi_do_msgout_select(s->current_lun); 1079 lsi_set_phase(s, PHASE_CMD); 1080 break; 1081 } 1082 } 1083 return; 1084 bad: 1085 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1086 lsi_set_phase(s, PHASE_MI); 1087 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1088 s->msg_action = LSI_MSG_ACTION_COMMAND; 1089 } 1090 1091 #define LSI_BUF_SIZE 4096 1092 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1093 { 1094 int n; 1095 uint8_t buf[LSI_BUF_SIZE]; 1096 1097 trace_lsi_memcpy(dest, src, count); 1098 while (count) { 1099 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1100 lsi_mem_read(s, src, buf, n); 1101 lsi_mem_write(s, dest, buf, n); 1102 src += n; 1103 dest += n; 1104 count -= n; 1105 } 1106 } 1107 1108 static void lsi_wait_reselect(LSIState *s) 1109 { 1110 lsi_request *p; 1111 1112 trace_lsi_wait_reselect(); 1113 1114 if (s->current) { 1115 return; 1116 } 1117 p = get_pending_req(s); 1118 if (p) { 1119 lsi_reselect(s, p); 1120 } 1121 if (s->current == NULL) { 1122 s->waiting = LSI_WAIT_RESELECT; 1123 } 1124 } 1125 1126 static void lsi_execute_script(LSIState *s) 1127 { 1128 PCIDevice *pci_dev = PCI_DEVICE(s); 1129 uint32_t insn; 1130 uint32_t addr, addr_high; 1131 int opcode; 1132 int insn_processed = 0; 1133 1134 s->istat1 |= LSI_ISTAT1_SRUN; 1135 again: 1136 insn_processed++; 1137 insn = read_dword(s, s->dsp); 1138 if (!insn) { 1139 /* If we receive an empty opcode increment the DSP by 4 bytes 1140 instead of 8 and execute the next opcode at that location */ 1141 s->dsp += 4; 1142 goto again; 1143 } 1144 addr = read_dword(s, s->dsp + 4); 1145 addr_high = 0; 1146 trace_lsi_execute_script(s->dsp, insn, addr); 1147 s->dsps = addr; 1148 s->dcmd = insn >> 24; 1149 s->dsp += 8; 1150 switch (insn >> 30) { 1151 case 0: /* Block move. */ 1152 if (s->sist1 & LSI_SIST1_STO) { 1153 trace_lsi_execute_script_blockmove_delayed(); 1154 lsi_stop_script(s); 1155 break; 1156 } 1157 s->dbc = insn & 0xffffff; 1158 s->rbc = s->dbc; 1159 /* ??? Set ESA. */ 1160 s->ia = s->dsp - 8; 1161 if (insn & (1 << 29)) { 1162 /* Indirect addressing. */ 1163 addr = read_dword(s, addr); 1164 } else if (insn & (1 << 28)) { 1165 uint32_t buf[2]; 1166 int32_t offset; 1167 /* Table indirect addressing. */ 1168 1169 /* 32-bit Table indirect */ 1170 offset = sextract32(addr, 0, 24); 1171 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1172 /* byte count is stored in bits 0:23 only */ 1173 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1174 s->rbc = s->dbc; 1175 addr = cpu_to_le32(buf[1]); 1176 1177 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1178 * table, bits [31:24] */ 1179 if (lsi_dma_40bit(s)) 1180 addr_high = cpu_to_le32(buf[0]) >> 24; 1181 else if (lsi_dma_ti64bit(s)) { 1182 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1183 switch (selector) { 1184 case 0 ... 0x0f: 1185 /* offset index into scratch registers since 1186 * TI64 mode can use registers C to R */ 1187 addr_high = s->scratch[2 + selector]; 1188 break; 1189 case 0x10: 1190 addr_high = s->mmrs; 1191 break; 1192 case 0x11: 1193 addr_high = s->mmws; 1194 break; 1195 case 0x12: 1196 addr_high = s->sfs; 1197 break; 1198 case 0x13: 1199 addr_high = s->drs; 1200 break; 1201 case 0x14: 1202 addr_high = s->sbms; 1203 break; 1204 case 0x15: 1205 addr_high = s->dbms; 1206 break; 1207 default: 1208 qemu_log_mask(LOG_GUEST_ERROR, 1209 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1210 "for 64-bit DMA block move", selector); 1211 break; 1212 } 1213 } 1214 } else if (lsi_dma_64bit(s)) { 1215 /* fetch a 3rd dword if 64-bit direct move is enabled and 1216 only if we're not doing table indirect or indirect addressing */ 1217 s->dbms = read_dword(s, s->dsp); 1218 s->dsp += 4; 1219 s->ia = s->dsp - 12; 1220 } 1221 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1222 trace_lsi_execute_script_blockmove_badphase( 1223 scsi_phase_name(s->sstat1), 1224 scsi_phase_name(insn >> 24)); 1225 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1226 break; 1227 } 1228 s->dnad = addr; 1229 s->dnad64 = addr_high; 1230 switch (s->sstat1 & 0x7) { 1231 case PHASE_DO: 1232 s->waiting = LSI_DMA_SCRIPTS; 1233 lsi_do_dma(s, 1); 1234 if (s->waiting) 1235 s->waiting = LSI_DMA_IN_PROGRESS; 1236 break; 1237 case PHASE_DI: 1238 s->waiting = LSI_DMA_SCRIPTS; 1239 lsi_do_dma(s, 0); 1240 if (s->waiting) 1241 s->waiting = LSI_DMA_IN_PROGRESS; 1242 break; 1243 case PHASE_CMD: 1244 lsi_do_command(s); 1245 break; 1246 case PHASE_ST: 1247 lsi_do_status(s); 1248 break; 1249 case PHASE_MO: 1250 lsi_do_msgout(s); 1251 break; 1252 case PHASE_MI: 1253 lsi_do_msgin(s); 1254 break; 1255 default: 1256 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n", 1257 scsi_phase_name(s->sstat1)); 1258 } 1259 s->dfifo = s->dbc & 0xff; 1260 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1261 s->sbc = s->dbc; 1262 s->rbc -= s->dbc; 1263 s->ua = addr + s->dbc; 1264 break; 1265 1266 case 1: /* IO or Read/Write instruction. */ 1267 opcode = (insn >> 27) & 7; 1268 if (opcode < 5) { 1269 uint32_t id; 1270 1271 if (insn & (1 << 25)) { 1272 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1273 } else { 1274 id = insn; 1275 } 1276 id = (id >> 16) & 0xf; 1277 if (insn & (1 << 26)) { 1278 addr = s->dsp + sextract32(addr, 0, 24); 1279 } 1280 s->dnad = addr; 1281 switch (opcode) { 1282 case 0: /* Select */ 1283 s->sdid = id; 1284 if (s->scntl1 & LSI_SCNTL1_CON) { 1285 trace_lsi_execute_script_io_alreadyreselected(); 1286 s->dsp = s->dnad; 1287 break; 1288 } 1289 s->sstat0 |= LSI_SSTAT0_WOA; 1290 s->scntl1 &= ~LSI_SCNTL1_IARB; 1291 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1292 lsi_bad_selection(s, id); 1293 break; 1294 } 1295 trace_lsi_execute_script_io_selected(id, 1296 insn & (1 << 3) ? " ATN" : ""); 1297 /* ??? Linux drivers compain when this is set. Maybe 1298 it only applies in low-level mode (unimplemented). 1299 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1300 s->select_tag = id << 8; 1301 s->scntl1 |= LSI_SCNTL1_CON; 1302 if (insn & (1 << 3)) { 1303 s->socl |= LSI_SOCL_ATN; 1304 s->sbcl |= LSI_SBCL_ATN; 1305 } 1306 s->sbcl |= LSI_SBCL_BSY; 1307 lsi_set_phase(s, PHASE_MO); 1308 s->waiting = LSI_NOWAIT; 1309 break; 1310 case 1: /* Disconnect */ 1311 trace_lsi_execute_script_io_disconnect(); 1312 s->scntl1 &= ~LSI_SCNTL1_CON; 1313 /* FIXME: this is not entirely correct; the target need not ask 1314 * for reselection until it has to send data, while here we force a 1315 * reselection as soon as the bus is free. The correct flow would 1316 * reselect before lsi_transfer_data and disconnect as soon as 1317 * DMA ends. 1318 */ 1319 if (!s->current) { 1320 lsi_request *p = get_pending_req(s); 1321 if (p) { 1322 lsi_reselect(s, p); 1323 } 1324 } 1325 break; 1326 case 2: /* Wait Reselect */ 1327 if (s->istat0 & LSI_ISTAT0_SIGP) { 1328 s->dsp = s->dnad; 1329 } else if (!lsi_irq_on_rsl(s)) { 1330 lsi_wait_reselect(s); 1331 } 1332 break; 1333 case 3: /* Set */ 1334 trace_lsi_execute_script_io_set( 1335 insn & (1 << 3) ? " ATN" : "", 1336 insn & (1 << 6) ? " ACK" : "", 1337 insn & (1 << 9) ? " TM" : "", 1338 insn & (1 << 10) ? " CC" : ""); 1339 if (insn & (1 << 3)) { 1340 s->socl |= LSI_SOCL_ATN; 1341 s->sbcl |= LSI_SBCL_ATN; 1342 lsi_set_phase(s, PHASE_MO); 1343 } 1344 1345 if (insn & (1 << 6)) { 1346 s->sbcl |= LSI_SBCL_ACK; 1347 } 1348 1349 if (insn & (1 << 9)) { 1350 qemu_log_mask(LOG_UNIMP, 1351 "lsi_scsi: Target mode not implemented\n"); 1352 } 1353 if (insn & (1 << 10)) 1354 s->carry = 1; 1355 break; 1356 case 4: /* Clear */ 1357 trace_lsi_execute_script_io_clear( 1358 insn & (1 << 3) ? " ATN" : "", 1359 insn & (1 << 6) ? " ACK" : "", 1360 insn & (1 << 9) ? " TM" : "", 1361 insn & (1 << 10) ? " CC" : ""); 1362 if (insn & (1 << 3)) { 1363 s->socl &= ~LSI_SOCL_ATN; 1364 s->sbcl &= ~LSI_SBCL_ATN; 1365 } 1366 1367 if (insn & (1 << 6)) { 1368 s->sbcl &= ~LSI_SBCL_ACK; 1369 } 1370 1371 if (insn & (1 << 10)) 1372 s->carry = 0; 1373 break; 1374 } 1375 } else { 1376 uint8_t op0; 1377 uint8_t op1; 1378 uint8_t data8; 1379 int reg; 1380 int operator; 1381 1382 static const char *opcode_names[3] = 1383 {"Write", "Read", "Read-Modify-Write"}; 1384 static const char *operator_names[8] = 1385 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1386 1387 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1388 data8 = (insn >> 8) & 0xff; 1389 opcode = (insn >> 27) & 7; 1390 operator = (insn >> 24) & 7; 1391 trace_lsi_execute_script_io_opcode( 1392 opcode_names[opcode - 5], reg, 1393 operator_names[operator], data8, s->sfbr, 1394 (insn & (1 << 23)) ? " SFBR" : ""); 1395 op0 = op1 = 0; 1396 switch (opcode) { 1397 case 5: /* From SFBR */ 1398 op0 = s->sfbr; 1399 op1 = data8; 1400 break; 1401 case 6: /* To SFBR */ 1402 if (operator) 1403 op0 = lsi_reg_readb(s, reg); 1404 op1 = data8; 1405 break; 1406 case 7: /* Read-modify-write */ 1407 if (operator) 1408 op0 = lsi_reg_readb(s, reg); 1409 if (insn & (1 << 23)) { 1410 op1 = s->sfbr; 1411 } else { 1412 op1 = data8; 1413 } 1414 break; 1415 } 1416 1417 switch (operator) { 1418 case 0: /* move */ 1419 op0 = op1; 1420 break; 1421 case 1: /* Shift left */ 1422 op1 = op0 >> 7; 1423 op0 = (op0 << 1) | s->carry; 1424 s->carry = op1; 1425 break; 1426 case 2: /* OR */ 1427 op0 |= op1; 1428 break; 1429 case 3: /* XOR */ 1430 op0 ^= op1; 1431 break; 1432 case 4: /* AND */ 1433 op0 &= op1; 1434 break; 1435 case 5: /* SHR */ 1436 op1 = op0 & 1; 1437 op0 = (op0 >> 1) | (s->carry << 7); 1438 s->carry = op1; 1439 break; 1440 case 6: /* ADD */ 1441 op0 += op1; 1442 s->carry = op0 < op1; 1443 break; 1444 case 7: /* ADC */ 1445 op0 += op1 + s->carry; 1446 if (s->carry) 1447 s->carry = op0 <= op1; 1448 else 1449 s->carry = op0 < op1; 1450 break; 1451 } 1452 1453 switch (opcode) { 1454 case 5: /* From SFBR */ 1455 case 7: /* Read-modify-write */ 1456 lsi_reg_writeb(s, reg, op0); 1457 break; 1458 case 6: /* To SFBR */ 1459 s->sfbr = op0; 1460 break; 1461 } 1462 } 1463 break; 1464 1465 case 2: /* Transfer Control. */ 1466 { 1467 int cond; 1468 int jmp; 1469 1470 if ((insn & 0x002e0000) == 0) { 1471 trace_lsi_execute_script_tc_nop(); 1472 break; 1473 } 1474 if (s->sist1 & LSI_SIST1_STO) { 1475 trace_lsi_execute_script_tc_delayedselect_timeout(); 1476 lsi_stop_script(s); 1477 break; 1478 } 1479 cond = jmp = (insn & (1 << 19)) != 0; 1480 if (cond == jmp && (insn & (1 << 21))) { 1481 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1482 cond = s->carry != 0; 1483 } 1484 if (cond == jmp && (insn & (1 << 17))) { 1485 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1), 1486 jmp ? '=' : '!', scsi_phase_name(insn >> 24)); 1487 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1488 } 1489 if (cond == jmp && (insn & (1 << 18))) { 1490 uint8_t mask; 1491 1492 mask = (~insn >> 8) & 0xff; 1493 trace_lsi_execute_script_tc_compd( 1494 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1495 cond = (s->sfbr & mask) == (insn & mask); 1496 } 1497 if (cond == jmp) { 1498 if (insn & (1 << 23)) { 1499 /* Relative address. */ 1500 addr = s->dsp + sextract32(addr, 0, 24); 1501 } 1502 switch ((insn >> 27) & 7) { 1503 case 0: /* Jump */ 1504 trace_lsi_execute_script_tc_jump(addr); 1505 s->adder = addr; 1506 s->dsp = addr; 1507 break; 1508 case 1: /* Call */ 1509 trace_lsi_execute_script_tc_call(addr); 1510 s->temp = s->dsp; 1511 s->dsp = addr; 1512 break; 1513 case 2: /* Return */ 1514 trace_lsi_execute_script_tc_return(s->temp); 1515 s->dsp = s->temp; 1516 break; 1517 case 3: /* Interrupt */ 1518 trace_lsi_execute_script_tc_interrupt(s->dsps); 1519 if ((insn & (1 << 20)) != 0) { 1520 s->istat0 |= LSI_ISTAT0_INTF; 1521 lsi_update_irq(s); 1522 } else { 1523 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1524 } 1525 break; 1526 default: 1527 trace_lsi_execute_script_tc_illegal(); 1528 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1529 break; 1530 } 1531 } else { 1532 trace_lsi_execute_script_tc_cc_failed(); 1533 } 1534 } 1535 break; 1536 1537 case 3: 1538 if ((insn & (1 << 29)) == 0) { 1539 /* Memory move. */ 1540 uint32_t dest; 1541 /* ??? The docs imply the destination address is loaded into 1542 the TEMP register. However the Linux drivers rely on 1543 the value being presrved. */ 1544 dest = read_dword(s, s->dsp); 1545 s->dsp += 4; 1546 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1547 } else { 1548 uint8_t data[7]; 1549 int reg; 1550 int n; 1551 int i; 1552 1553 if (insn & (1 << 28)) { 1554 addr = s->dsa + sextract32(addr, 0, 24); 1555 } 1556 n = (insn & 7); 1557 reg = (insn >> 16) & 0xff; 1558 if (insn & (1 << 24)) { 1559 pci_dma_read(pci_dev, addr, data, n); 1560 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1561 for (i = 0; i < n; i++) { 1562 lsi_reg_writeb(s, reg + i, data[i]); 1563 } 1564 } else { 1565 trace_lsi_execute_script_mm_store(reg, n, addr); 1566 for (i = 0; i < n; i++) { 1567 data[i] = lsi_reg_readb(s, reg + i); 1568 } 1569 pci_dma_write(pci_dev, addr, data, n); 1570 } 1571 } 1572 } 1573 if (insn_processed > 10000 && s->waiting == LSI_NOWAIT) { 1574 /* Some windows drivers make the device spin waiting for a memory 1575 location to change. If we have been executed a lot of code then 1576 assume this is the case and force an unexpected device disconnect. 1577 This is apparently sufficient to beat the drivers into submission. 1578 */ 1579 if (!(s->sien0 & LSI_SIST0_UDC)) { 1580 qemu_log_mask(LOG_GUEST_ERROR, 1581 "lsi_scsi: inf. loop with UDC masked"); 1582 } 1583 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1584 lsi_disconnect(s); 1585 } else if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) { 1586 if (s->dcntl & LSI_DCNTL_SSM) { 1587 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1588 } else { 1589 goto again; 1590 } 1591 } 1592 trace_lsi_execute_script_stop(); 1593 } 1594 1595 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1596 { 1597 uint8_t ret; 1598 1599 #define CASE_GET_REG24(name, addr) \ 1600 case addr: ret = s->name & 0xff; break; \ 1601 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1602 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1603 1604 #define CASE_GET_REG32(name, addr) \ 1605 case addr: ret = s->name & 0xff; break; \ 1606 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1607 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1608 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1609 1610 switch (offset) { 1611 case 0x00: /* SCNTL0 */ 1612 ret = s->scntl0; 1613 break; 1614 case 0x01: /* SCNTL1 */ 1615 ret = s->scntl1; 1616 break; 1617 case 0x02: /* SCNTL2 */ 1618 ret = s->scntl2; 1619 break; 1620 case 0x03: /* SCNTL3 */ 1621 ret = s->scntl3; 1622 break; 1623 case 0x04: /* SCID */ 1624 ret = s->scid; 1625 break; 1626 case 0x05: /* SXFER */ 1627 ret = s->sxfer; 1628 break; 1629 case 0x06: /* SDID */ 1630 ret = s->sdid; 1631 break; 1632 case 0x07: /* GPREG0 */ 1633 ret = 0x7f; 1634 break; 1635 case 0x08: /* Revision ID */ 1636 ret = 0x00; 1637 break; 1638 case 0x09: /* SOCL */ 1639 ret = s->socl; 1640 break; 1641 case 0xa: /* SSID */ 1642 ret = s->ssid; 1643 break; 1644 case 0xb: /* SBCL */ 1645 ret = s->sbcl; 1646 break; 1647 case 0xc: /* DSTAT */ 1648 ret = s->dstat | LSI_DSTAT_DFE; 1649 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1650 s->dstat = 0; 1651 lsi_update_irq(s); 1652 break; 1653 case 0x0d: /* SSTAT0 */ 1654 ret = s->sstat0; 1655 break; 1656 case 0x0e: /* SSTAT1 */ 1657 ret = s->sstat1; 1658 break; 1659 case 0x0f: /* SSTAT2 */ 1660 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1661 break; 1662 CASE_GET_REG32(dsa, 0x10) 1663 case 0x14: /* ISTAT0 */ 1664 ret = s->istat0; 1665 break; 1666 case 0x15: /* ISTAT1 */ 1667 ret = s->istat1; 1668 break; 1669 case 0x16: /* MBOX0 */ 1670 ret = s->mbox0; 1671 break; 1672 case 0x17: /* MBOX1 */ 1673 ret = s->mbox1; 1674 break; 1675 case 0x18: /* CTEST0 */ 1676 ret = 0xff; 1677 break; 1678 case 0x19: /* CTEST1 */ 1679 ret = 0; 1680 break; 1681 case 0x1a: /* CTEST2 */ 1682 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1683 if (s->istat0 & LSI_ISTAT0_SIGP) { 1684 s->istat0 &= ~LSI_ISTAT0_SIGP; 1685 ret |= LSI_CTEST2_SIGP; 1686 } 1687 break; 1688 case 0x1b: /* CTEST3 */ 1689 ret = s->ctest3; 1690 break; 1691 CASE_GET_REG32(temp, 0x1c) 1692 case 0x20: /* DFIFO */ 1693 ret = s->dfifo; 1694 break; 1695 case 0x21: /* CTEST4 */ 1696 ret = s->ctest4; 1697 break; 1698 case 0x22: /* CTEST5 */ 1699 ret = s->ctest5; 1700 break; 1701 case 0x23: /* CTEST6 */ 1702 ret = 0; 1703 break; 1704 CASE_GET_REG24(dbc, 0x24) 1705 case 0x27: /* DCMD */ 1706 ret = s->dcmd; 1707 break; 1708 CASE_GET_REG32(dnad, 0x28) 1709 CASE_GET_REG32(dsp, 0x2c) 1710 CASE_GET_REG32(dsps, 0x30) 1711 CASE_GET_REG32(scratch[0], 0x34) 1712 case 0x38: /* DMODE */ 1713 ret = s->dmode; 1714 break; 1715 case 0x39: /* DIEN */ 1716 ret = s->dien; 1717 break; 1718 case 0x3a: /* SBR */ 1719 ret = s->sbr; 1720 break; 1721 case 0x3b: /* DCNTL */ 1722 ret = s->dcntl; 1723 break; 1724 /* ADDER Output (Debug of relative jump address) */ 1725 CASE_GET_REG32(adder, 0x3c) 1726 case 0x40: /* SIEN0 */ 1727 ret = s->sien0; 1728 break; 1729 case 0x41: /* SIEN1 */ 1730 ret = s->sien1; 1731 break; 1732 case 0x42: /* SIST0 */ 1733 ret = s->sist0; 1734 s->sist0 = 0; 1735 lsi_update_irq(s); 1736 break; 1737 case 0x43: /* SIST1 */ 1738 ret = s->sist1; 1739 s->sist1 = 0; 1740 lsi_update_irq(s); 1741 break; 1742 case 0x46: /* MACNTL */ 1743 ret = 0x0f; 1744 break; 1745 case 0x47: /* GPCNTL0 */ 1746 ret = 0x0f; 1747 break; 1748 case 0x48: /* STIME0 */ 1749 ret = s->stime0; 1750 break; 1751 case 0x4a: /* RESPID0 */ 1752 ret = s->respid0; 1753 break; 1754 case 0x4b: /* RESPID1 */ 1755 ret = s->respid1; 1756 break; 1757 case 0x4d: /* STEST1 */ 1758 ret = s->stest1; 1759 break; 1760 case 0x4e: /* STEST2 */ 1761 ret = s->stest2; 1762 break; 1763 case 0x4f: /* STEST3 */ 1764 ret = s->stest3; 1765 break; 1766 case 0x50: /* SIDL */ 1767 /* This is needed by the linux drivers. We currently only update it 1768 during the MSG IN phase. */ 1769 ret = s->sidl; 1770 break; 1771 case 0x52: /* STEST4 */ 1772 ret = 0xe0; 1773 break; 1774 case 0x56: /* CCNTL0 */ 1775 ret = s->ccntl0; 1776 break; 1777 case 0x57: /* CCNTL1 */ 1778 ret = s->ccntl1; 1779 break; 1780 case 0x58: /* SBDL */ 1781 /* Some drivers peek at the data bus during the MSG IN phase. */ 1782 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) { 1783 assert(s->msg_len > 0); 1784 return s->msg[0]; 1785 } 1786 ret = 0; 1787 break; 1788 case 0x59: /* SBDL high */ 1789 ret = 0; 1790 break; 1791 CASE_GET_REG32(mmrs, 0xa0) 1792 CASE_GET_REG32(mmws, 0xa4) 1793 CASE_GET_REG32(sfs, 0xa8) 1794 CASE_GET_REG32(drs, 0xac) 1795 CASE_GET_REG32(sbms, 0xb0) 1796 CASE_GET_REG32(dbms, 0xb4) 1797 CASE_GET_REG32(dnad64, 0xb8) 1798 CASE_GET_REG32(pmjad1, 0xc0) 1799 CASE_GET_REG32(pmjad2, 0xc4) 1800 CASE_GET_REG32(rbc, 0xc8) 1801 CASE_GET_REG32(ua, 0xcc) 1802 CASE_GET_REG32(ia, 0xd4) 1803 CASE_GET_REG32(sbc, 0xd8) 1804 CASE_GET_REG32(csbc, 0xdc) 1805 case 0x5c ... 0x9f: 1806 { 1807 int n; 1808 int shift; 1809 n = (offset - 0x58) >> 2; 1810 shift = (offset & 3) * 8; 1811 ret = (s->scratch[n] >> shift) & 0xff; 1812 break; 1813 } 1814 default: 1815 { 1816 qemu_log_mask(LOG_GUEST_ERROR, 1817 "lsi_scsi: invalid read from reg %s %x\n", 1818 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1819 offset); 1820 ret = 0xff; 1821 break; 1822 } 1823 } 1824 #undef CASE_GET_REG24 1825 #undef CASE_GET_REG32 1826 1827 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1828 offset, ret); 1829 1830 return ret; 1831 } 1832 1833 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1834 { 1835 #define CASE_SET_REG24(name, addr) \ 1836 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1837 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1838 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1839 1840 #define CASE_SET_REG32(name, addr) \ 1841 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1842 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1843 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1844 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1845 1846 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1847 offset, val); 1848 1849 switch (offset) { 1850 case 0x00: /* SCNTL0 */ 1851 s->scntl0 = val; 1852 if (val & LSI_SCNTL0_START) { 1853 qemu_log_mask(LOG_UNIMP, 1854 "lsi_scsi: Start sequence not implemented\n"); 1855 } 1856 break; 1857 case 0x01: /* SCNTL1 */ 1858 s->scntl1 = val & ~LSI_SCNTL1_SST; 1859 if (val & LSI_SCNTL1_IARB) { 1860 qemu_log_mask(LOG_UNIMP, 1861 "lsi_scsi: Immediate Arbritration not implemented\n"); 1862 } 1863 if (val & LSI_SCNTL1_RST) { 1864 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1865 qbus_reset_all(BUS(&s->bus)); 1866 s->sstat0 |= LSI_SSTAT0_RST; 1867 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1868 } 1869 } else { 1870 s->sstat0 &= ~LSI_SSTAT0_RST; 1871 } 1872 break; 1873 case 0x02: /* SCNTL2 */ 1874 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1875 s->scntl2 = val; 1876 break; 1877 case 0x03: /* SCNTL3 */ 1878 s->scntl3 = val; 1879 break; 1880 case 0x04: /* SCID */ 1881 s->scid = val; 1882 break; 1883 case 0x05: /* SXFER */ 1884 s->sxfer = val; 1885 break; 1886 case 0x06: /* SDID */ 1887 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1888 qemu_log_mask(LOG_GUEST_ERROR, 1889 "lsi_scsi: Destination ID does not match SSID\n"); 1890 } 1891 s->sdid = val & 0xf; 1892 break; 1893 case 0x07: /* GPREG0 */ 1894 break; 1895 case 0x08: /* SFBR */ 1896 /* The CPU is not allowed to write to this register. However the 1897 SCRIPTS register move instructions are. */ 1898 s->sfbr = val; 1899 break; 1900 case 0x0a: case 0x0b: 1901 /* Openserver writes to these readonly registers on startup */ 1902 return; 1903 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1904 /* Linux writes to these readonly registers on startup. */ 1905 return; 1906 CASE_SET_REG32(dsa, 0x10) 1907 case 0x14: /* ISTAT0 */ 1908 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1909 if (val & LSI_ISTAT0_ABRT) { 1910 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1911 } 1912 if (val & LSI_ISTAT0_INTF) { 1913 s->istat0 &= ~LSI_ISTAT0_INTF; 1914 lsi_update_irq(s); 1915 } 1916 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) { 1917 trace_lsi_awoken(); 1918 s->waiting = LSI_NOWAIT; 1919 s->dsp = s->dnad; 1920 lsi_execute_script(s); 1921 } 1922 if (val & LSI_ISTAT0_SRST) { 1923 qdev_reset_all(DEVICE(s)); 1924 } 1925 break; 1926 case 0x16: /* MBOX0 */ 1927 s->mbox0 = val; 1928 break; 1929 case 0x17: /* MBOX1 */ 1930 s->mbox1 = val; 1931 break; 1932 case 0x18: /* CTEST0 */ 1933 /* nothing to do */ 1934 break; 1935 case 0x1a: /* CTEST2 */ 1936 s->ctest2 = val & LSI_CTEST2_PCICIE; 1937 break; 1938 case 0x1b: /* CTEST3 */ 1939 s->ctest3 = val & 0x0f; 1940 break; 1941 CASE_SET_REG32(temp, 0x1c) 1942 case 0x21: /* CTEST4 */ 1943 if (val & 7) { 1944 qemu_log_mask(LOG_UNIMP, 1945 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1946 } 1947 s->ctest4 = val; 1948 break; 1949 case 0x22: /* CTEST5 */ 1950 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1951 qemu_log_mask(LOG_UNIMP, 1952 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1953 } 1954 s->ctest5 = val; 1955 break; 1956 CASE_SET_REG24(dbc, 0x24) 1957 CASE_SET_REG32(dnad, 0x28) 1958 case 0x2c: /* DSP[0:7] */ 1959 s->dsp &= 0xffffff00; 1960 s->dsp |= val; 1961 break; 1962 case 0x2d: /* DSP[8:15] */ 1963 s->dsp &= 0xffff00ff; 1964 s->dsp |= val << 8; 1965 break; 1966 case 0x2e: /* DSP[16:23] */ 1967 s->dsp &= 0xff00ffff; 1968 s->dsp |= val << 16; 1969 break; 1970 case 0x2f: /* DSP[24:31] */ 1971 s->dsp &= 0x00ffffff; 1972 s->dsp |= val << 24; 1973 if ((s->dmode & LSI_DMODE_MAN) == 0 1974 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1975 lsi_execute_script(s); 1976 break; 1977 CASE_SET_REG32(dsps, 0x30) 1978 CASE_SET_REG32(scratch[0], 0x34) 1979 case 0x38: /* DMODE */ 1980 s->dmode = val; 1981 break; 1982 case 0x39: /* DIEN */ 1983 s->dien = val; 1984 lsi_update_irq(s); 1985 break; 1986 case 0x3a: /* SBR */ 1987 s->sbr = val; 1988 break; 1989 case 0x3b: /* DCNTL */ 1990 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1991 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1992 lsi_execute_script(s); 1993 break; 1994 case 0x40: /* SIEN0 */ 1995 s->sien0 = val; 1996 lsi_update_irq(s); 1997 break; 1998 case 0x41: /* SIEN1 */ 1999 s->sien1 = val; 2000 lsi_update_irq(s); 2001 break; 2002 case 0x47: /* GPCNTL0 */ 2003 break; 2004 case 0x48: /* STIME0 */ 2005 s->stime0 = val; 2006 break; 2007 case 0x49: /* STIME1 */ 2008 if (val & 0xf) { 2009 qemu_log_mask(LOG_UNIMP, 2010 "lsi_scsi: General purpose timer not implemented\n"); 2011 /* ??? Raising the interrupt immediately seems to be sufficient 2012 to keep the FreeBSD driver happy. */ 2013 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 2014 } 2015 break; 2016 case 0x4a: /* RESPID0 */ 2017 s->respid0 = val; 2018 break; 2019 case 0x4b: /* RESPID1 */ 2020 s->respid1 = val; 2021 break; 2022 case 0x4d: /* STEST1 */ 2023 s->stest1 = val; 2024 break; 2025 case 0x4e: /* STEST2 */ 2026 if (val & 1) { 2027 qemu_log_mask(LOG_UNIMP, 2028 "lsi_scsi: Low level mode not implemented\n"); 2029 } 2030 s->stest2 = val; 2031 break; 2032 case 0x4f: /* STEST3 */ 2033 if (val & 0x41) { 2034 qemu_log_mask(LOG_UNIMP, 2035 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 2036 } 2037 s->stest3 = val; 2038 break; 2039 case 0x56: /* CCNTL0 */ 2040 s->ccntl0 = val; 2041 break; 2042 case 0x57: /* CCNTL1 */ 2043 s->ccntl1 = val; 2044 break; 2045 CASE_SET_REG32(mmrs, 0xa0) 2046 CASE_SET_REG32(mmws, 0xa4) 2047 CASE_SET_REG32(sfs, 0xa8) 2048 CASE_SET_REG32(drs, 0xac) 2049 CASE_SET_REG32(sbms, 0xb0) 2050 CASE_SET_REG32(dbms, 0xb4) 2051 CASE_SET_REG32(dnad64, 0xb8) 2052 CASE_SET_REG32(pmjad1, 0xc0) 2053 CASE_SET_REG32(pmjad2, 0xc4) 2054 CASE_SET_REG32(rbc, 0xc8) 2055 CASE_SET_REG32(ua, 0xcc) 2056 CASE_SET_REG32(ia, 0xd4) 2057 CASE_SET_REG32(sbc, 0xd8) 2058 CASE_SET_REG32(csbc, 0xdc) 2059 default: 2060 if (offset >= 0x5c && offset < 0xa0) { 2061 int n; 2062 int shift; 2063 n = (offset - 0x58) >> 2; 2064 shift = (offset & 3) * 8; 2065 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 2066 } else { 2067 qemu_log_mask(LOG_GUEST_ERROR, 2068 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 2069 offset < ARRAY_SIZE(names) ? names[offset] : "???", 2070 offset, val); 2071 } 2072 } 2073 #undef CASE_SET_REG24 2074 #undef CASE_SET_REG32 2075 } 2076 2077 static void lsi_mmio_write(void *opaque, hwaddr addr, 2078 uint64_t val, unsigned size) 2079 { 2080 LSIState *s = opaque; 2081 2082 lsi_reg_writeb(s, addr & 0xff, val); 2083 } 2084 2085 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2086 unsigned size) 2087 { 2088 LSIState *s = opaque; 2089 return lsi_reg_readb(s, addr & 0xff); 2090 } 2091 2092 static const MemoryRegionOps lsi_mmio_ops = { 2093 .read = lsi_mmio_read, 2094 .write = lsi_mmio_write, 2095 .endianness = DEVICE_LITTLE_ENDIAN, 2096 .impl = { 2097 .min_access_size = 1, 2098 .max_access_size = 1, 2099 }, 2100 }; 2101 2102 static void lsi_ram_write(void *opaque, hwaddr addr, 2103 uint64_t val, unsigned size) 2104 { 2105 LSIState *s = opaque; 2106 stn_le_p(s->script_ram + addr, size, val); 2107 } 2108 2109 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2110 unsigned size) 2111 { 2112 LSIState *s = opaque; 2113 return ldn_le_p(s->script_ram + addr, size); 2114 } 2115 2116 static const MemoryRegionOps lsi_ram_ops = { 2117 .read = lsi_ram_read, 2118 .write = lsi_ram_write, 2119 .endianness = DEVICE_LITTLE_ENDIAN, 2120 }; 2121 2122 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2123 unsigned size) 2124 { 2125 LSIState *s = opaque; 2126 return lsi_reg_readb(s, addr & 0xff); 2127 } 2128 2129 static void lsi_io_write(void *opaque, hwaddr addr, 2130 uint64_t val, unsigned size) 2131 { 2132 LSIState *s = opaque; 2133 lsi_reg_writeb(s, addr & 0xff, val); 2134 } 2135 2136 static const MemoryRegionOps lsi_io_ops = { 2137 .read = lsi_io_read, 2138 .write = lsi_io_write, 2139 .endianness = DEVICE_LITTLE_ENDIAN, 2140 .impl = { 2141 .min_access_size = 1, 2142 .max_access_size = 1, 2143 }, 2144 }; 2145 2146 static void lsi_scsi_reset(DeviceState *dev) 2147 { 2148 LSIState *s = LSI53C895A(dev); 2149 2150 lsi_soft_reset(s); 2151 } 2152 2153 static int lsi_pre_save(void *opaque) 2154 { 2155 LSIState *s = opaque; 2156 2157 if (s->current) { 2158 assert(s->current->dma_buf == NULL); 2159 assert(s->current->dma_len == 0); 2160 } 2161 assert(QTAILQ_EMPTY(&s->queue)); 2162 2163 return 0; 2164 } 2165 2166 static int lsi_post_load(void *opaque, int version_id) 2167 { 2168 LSIState *s = opaque; 2169 2170 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) { 2171 return -EINVAL; 2172 } 2173 2174 return 0; 2175 } 2176 2177 static const VMStateDescription vmstate_lsi_scsi = { 2178 .name = "lsiscsi", 2179 .version_id = 1, 2180 .minimum_version_id = 0, 2181 .pre_save = lsi_pre_save, 2182 .post_load = lsi_post_load, 2183 .fields = (VMStateField[]) { 2184 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2185 2186 VMSTATE_INT32(carry, LSIState), 2187 VMSTATE_INT32(status, LSIState), 2188 VMSTATE_INT32(msg_action, LSIState), 2189 VMSTATE_INT32(msg_len, LSIState), 2190 VMSTATE_BUFFER(msg, LSIState), 2191 VMSTATE_INT32(waiting, LSIState), 2192 2193 VMSTATE_UINT32(dsa, LSIState), 2194 VMSTATE_UINT32(temp, LSIState), 2195 VMSTATE_UINT32(dnad, LSIState), 2196 VMSTATE_UINT32(dbc, LSIState), 2197 VMSTATE_UINT8(istat0, LSIState), 2198 VMSTATE_UINT8(istat1, LSIState), 2199 VMSTATE_UINT8(dcmd, LSIState), 2200 VMSTATE_UINT8(dstat, LSIState), 2201 VMSTATE_UINT8(dien, LSIState), 2202 VMSTATE_UINT8(sist0, LSIState), 2203 VMSTATE_UINT8(sist1, LSIState), 2204 VMSTATE_UINT8(sien0, LSIState), 2205 VMSTATE_UINT8(sien1, LSIState), 2206 VMSTATE_UINT8(mbox0, LSIState), 2207 VMSTATE_UINT8(mbox1, LSIState), 2208 VMSTATE_UINT8(dfifo, LSIState), 2209 VMSTATE_UINT8(ctest2, LSIState), 2210 VMSTATE_UINT8(ctest3, LSIState), 2211 VMSTATE_UINT8(ctest4, LSIState), 2212 VMSTATE_UINT8(ctest5, LSIState), 2213 VMSTATE_UINT8(ccntl0, LSIState), 2214 VMSTATE_UINT8(ccntl1, LSIState), 2215 VMSTATE_UINT32(dsp, LSIState), 2216 VMSTATE_UINT32(dsps, LSIState), 2217 VMSTATE_UINT8(dmode, LSIState), 2218 VMSTATE_UINT8(dcntl, LSIState), 2219 VMSTATE_UINT8(scntl0, LSIState), 2220 VMSTATE_UINT8(scntl1, LSIState), 2221 VMSTATE_UINT8(scntl2, LSIState), 2222 VMSTATE_UINT8(scntl3, LSIState), 2223 VMSTATE_UINT8(sstat0, LSIState), 2224 VMSTATE_UINT8(sstat1, LSIState), 2225 VMSTATE_UINT8(scid, LSIState), 2226 VMSTATE_UINT8(sxfer, LSIState), 2227 VMSTATE_UINT8(socl, LSIState), 2228 VMSTATE_UINT8(sdid, LSIState), 2229 VMSTATE_UINT8(ssid, LSIState), 2230 VMSTATE_UINT8(sfbr, LSIState), 2231 VMSTATE_UINT8(stest1, LSIState), 2232 VMSTATE_UINT8(stest2, LSIState), 2233 VMSTATE_UINT8(stest3, LSIState), 2234 VMSTATE_UINT8(sidl, LSIState), 2235 VMSTATE_UINT8(stime0, LSIState), 2236 VMSTATE_UINT8(respid0, LSIState), 2237 VMSTATE_UINT8(respid1, LSIState), 2238 VMSTATE_UINT8_V(sbcl, LSIState, 1), 2239 VMSTATE_UINT32(mmrs, LSIState), 2240 VMSTATE_UINT32(mmws, LSIState), 2241 VMSTATE_UINT32(sfs, LSIState), 2242 VMSTATE_UINT32(drs, LSIState), 2243 VMSTATE_UINT32(sbms, LSIState), 2244 VMSTATE_UINT32(dbms, LSIState), 2245 VMSTATE_UINT32(dnad64, LSIState), 2246 VMSTATE_UINT32(pmjad1, LSIState), 2247 VMSTATE_UINT32(pmjad2, LSIState), 2248 VMSTATE_UINT32(rbc, LSIState), 2249 VMSTATE_UINT32(ua, LSIState), 2250 VMSTATE_UINT32(ia, LSIState), 2251 VMSTATE_UINT32(sbc, LSIState), 2252 VMSTATE_UINT32(csbc, LSIState), 2253 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2254 VMSTATE_UINT8(sbr, LSIState), 2255 2256 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192), 2257 VMSTATE_END_OF_LIST() 2258 } 2259 }; 2260 2261 static const struct SCSIBusInfo lsi_scsi_info = { 2262 .tcq = true, 2263 .max_target = LSI_MAX_DEVS, 2264 .max_lun = 0, /* LUN support is buggy */ 2265 2266 .transfer_data = lsi_transfer_data, 2267 .complete = lsi_command_complete, 2268 .cancel = lsi_request_cancelled 2269 }; 2270 2271 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2272 { 2273 LSIState *s = LSI53C895A(dev); 2274 DeviceState *d = DEVICE(dev); 2275 uint8_t *pci_conf; 2276 2277 pci_conf = dev->config; 2278 2279 /* PCI latency timer = 255 */ 2280 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2281 /* Interrupt pin A */ 2282 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2283 2284 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2285 "lsi-mmio", 0x400); 2286 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2287 "lsi-ram", 0x2000); 2288 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2289 "lsi-io", 256); 2290 2291 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2292 qdev_init_gpio_out(d, &s->ext_irq, 1); 2293 2294 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2295 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2296 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2297 QTAILQ_INIT(&s->queue); 2298 2299 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2300 } 2301 2302 static void lsi_scsi_unrealize(DeviceState *dev, Error **errp) 2303 { 2304 LSIState *s = LSI53C895A(dev); 2305 2306 address_space_destroy(&s->pci_io_as); 2307 } 2308 2309 static void lsi_class_init(ObjectClass *klass, void *data) 2310 { 2311 DeviceClass *dc = DEVICE_CLASS(klass); 2312 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2313 2314 k->realize = lsi_scsi_realize; 2315 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2316 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2317 k->class_id = PCI_CLASS_STORAGE_SCSI; 2318 k->subsystem_id = 0x1000; 2319 dc->unrealize = lsi_scsi_unrealize; 2320 dc->reset = lsi_scsi_reset; 2321 dc->vmsd = &vmstate_lsi_scsi; 2322 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2323 } 2324 2325 static const TypeInfo lsi_info = { 2326 .name = TYPE_LSI53C895A, 2327 .parent = TYPE_PCI_DEVICE, 2328 .instance_size = sizeof(LSIState), 2329 .class_init = lsi_class_init, 2330 .interfaces = (InterfaceInfo[]) { 2331 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2332 { }, 2333 }, 2334 }; 2335 2336 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2337 { 2338 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2339 2340 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2341 } 2342 2343 static TypeInfo lsi53c810_info = { 2344 .name = TYPE_LSI53C810, 2345 .parent = TYPE_LSI53C895A, 2346 .class_init = lsi53c810_class_init, 2347 }; 2348 2349 static void lsi53c895a_register_types(void) 2350 { 2351 type_register_static(&lsi_info); 2352 type_register_static(&lsi53c810_info); 2353 } 2354 2355 type_init(lsi53c895a_register_types) 2356 2357 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2358 { 2359 LSIState *s = LSI53C895A(lsi_dev); 2360 2361 scsi_bus_legacy_handle_cmdline(&s->bus); 2362 } 2363