1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/hw.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "sysemu/dma.h" 22 #include "qemu/log.h" 23 24 //#define DEBUG_LSI 25 //#define DEBUG_LSI_REG 26 27 #ifdef DEBUG_LSI 28 #define DPRINTF(fmt, ...) \ 29 do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0) 30 #define BADF(fmt, ...) \ 31 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0) 32 #else 33 #define DPRINTF(fmt, ...) do {} while(0) 34 #define BADF(fmt, ...) \ 35 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0) 36 #endif 37 38 static const char *names[] = { 39 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 40 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 41 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 42 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 43 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 44 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 45 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 46 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 47 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 48 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 49 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 50 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 51 }; 52 53 #define LSI_MAX_DEVS 7 54 55 #define LSI_SCNTL0_TRG 0x01 56 #define LSI_SCNTL0_AAP 0x02 57 #define LSI_SCNTL0_EPC 0x08 58 #define LSI_SCNTL0_WATN 0x10 59 #define LSI_SCNTL0_START 0x20 60 61 #define LSI_SCNTL1_SST 0x01 62 #define LSI_SCNTL1_IARB 0x02 63 #define LSI_SCNTL1_AESP 0x04 64 #define LSI_SCNTL1_RST 0x08 65 #define LSI_SCNTL1_CON 0x10 66 #define LSI_SCNTL1_DHP 0x20 67 #define LSI_SCNTL1_ADB 0x40 68 #define LSI_SCNTL1_EXC 0x80 69 70 #define LSI_SCNTL2_WSR 0x01 71 #define LSI_SCNTL2_VUE0 0x02 72 #define LSI_SCNTL2_VUE1 0x04 73 #define LSI_SCNTL2_WSS 0x08 74 #define LSI_SCNTL2_SLPHBEN 0x10 75 #define LSI_SCNTL2_SLPMD 0x20 76 #define LSI_SCNTL2_CHM 0x40 77 #define LSI_SCNTL2_SDU 0x80 78 79 #define LSI_ISTAT0_DIP 0x01 80 #define LSI_ISTAT0_SIP 0x02 81 #define LSI_ISTAT0_INTF 0x04 82 #define LSI_ISTAT0_CON 0x08 83 #define LSI_ISTAT0_SEM 0x10 84 #define LSI_ISTAT0_SIGP 0x20 85 #define LSI_ISTAT0_SRST 0x40 86 #define LSI_ISTAT0_ABRT 0x80 87 88 #define LSI_ISTAT1_SI 0x01 89 #define LSI_ISTAT1_SRUN 0x02 90 #define LSI_ISTAT1_FLSH 0x04 91 92 #define LSI_SSTAT0_SDP0 0x01 93 #define LSI_SSTAT0_RST 0x02 94 #define LSI_SSTAT0_WOA 0x04 95 #define LSI_SSTAT0_LOA 0x08 96 #define LSI_SSTAT0_AIP 0x10 97 #define LSI_SSTAT0_OLF 0x20 98 #define LSI_SSTAT0_ORF 0x40 99 #define LSI_SSTAT0_ILF 0x80 100 101 #define LSI_SIST0_PAR 0x01 102 #define LSI_SIST0_RST 0x02 103 #define LSI_SIST0_UDC 0x04 104 #define LSI_SIST0_SGE 0x08 105 #define LSI_SIST0_RSL 0x10 106 #define LSI_SIST0_SEL 0x20 107 #define LSI_SIST0_CMP 0x40 108 #define LSI_SIST0_MA 0x80 109 110 #define LSI_SIST1_HTH 0x01 111 #define LSI_SIST1_GEN 0x02 112 #define LSI_SIST1_STO 0x04 113 #define LSI_SIST1_SBMC 0x10 114 115 #define LSI_SOCL_IO 0x01 116 #define LSI_SOCL_CD 0x02 117 #define LSI_SOCL_MSG 0x04 118 #define LSI_SOCL_ATN 0x08 119 #define LSI_SOCL_SEL 0x10 120 #define LSI_SOCL_BSY 0x20 121 #define LSI_SOCL_ACK 0x40 122 #define LSI_SOCL_REQ 0x80 123 124 #define LSI_DSTAT_IID 0x01 125 #define LSI_DSTAT_SIR 0x04 126 #define LSI_DSTAT_SSI 0x08 127 #define LSI_DSTAT_ABRT 0x10 128 #define LSI_DSTAT_BF 0x20 129 #define LSI_DSTAT_MDPE 0x40 130 #define LSI_DSTAT_DFE 0x80 131 132 #define LSI_DCNTL_COM 0x01 133 #define LSI_DCNTL_IRQD 0x02 134 #define LSI_DCNTL_STD 0x04 135 #define LSI_DCNTL_IRQM 0x08 136 #define LSI_DCNTL_SSM 0x10 137 #define LSI_DCNTL_PFEN 0x20 138 #define LSI_DCNTL_PFF 0x40 139 #define LSI_DCNTL_CLSE 0x80 140 141 #define LSI_DMODE_MAN 0x01 142 #define LSI_DMODE_BOF 0x02 143 #define LSI_DMODE_ERMP 0x04 144 #define LSI_DMODE_ERL 0x08 145 #define LSI_DMODE_DIOM 0x10 146 #define LSI_DMODE_SIOM 0x20 147 148 #define LSI_CTEST2_DACK 0x01 149 #define LSI_CTEST2_DREQ 0x02 150 #define LSI_CTEST2_TEOP 0x04 151 #define LSI_CTEST2_PCICIE 0x08 152 #define LSI_CTEST2_CM 0x10 153 #define LSI_CTEST2_CIO 0x20 154 #define LSI_CTEST2_SIGP 0x40 155 #define LSI_CTEST2_DDIR 0x80 156 157 #define LSI_CTEST5_BL2 0x04 158 #define LSI_CTEST5_DDIR 0x08 159 #define LSI_CTEST5_MASR 0x10 160 #define LSI_CTEST5_DFSN 0x20 161 #define LSI_CTEST5_BBCK 0x40 162 #define LSI_CTEST5_ADCK 0x80 163 164 #define LSI_CCNTL0_DILS 0x01 165 #define LSI_CCNTL0_DISFC 0x10 166 #define LSI_CCNTL0_ENNDJ 0x20 167 #define LSI_CCNTL0_PMJCTL 0x40 168 #define LSI_CCNTL0_ENPMJ 0x80 169 170 #define LSI_CCNTL1_EN64DBMV 0x01 171 #define LSI_CCNTL1_EN64TIBMV 0x02 172 #define LSI_CCNTL1_64TIMOD 0x04 173 #define LSI_CCNTL1_DDAC 0x08 174 #define LSI_CCNTL1_ZMOD 0x80 175 176 /* Enable Response to Reselection */ 177 #define LSI_SCID_RRE 0x60 178 179 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 180 181 #define PHASE_DO 0 182 #define PHASE_DI 1 183 #define PHASE_CMD 2 184 #define PHASE_ST 3 185 #define PHASE_MO 6 186 #define PHASE_MI 7 187 #define PHASE_MASK 7 188 189 /* Maximum length of MSG IN data. */ 190 #define LSI_MAX_MSGIN_LEN 8 191 192 /* Flag set if this is a tagged command. */ 193 #define LSI_TAG_VALID (1 << 16) 194 195 typedef struct lsi_request { 196 SCSIRequest *req; 197 uint32_t tag; 198 uint32_t dma_len; 199 uint8_t *dma_buf; 200 uint32_t pending; 201 int out; 202 QTAILQ_ENTRY(lsi_request) next; 203 } lsi_request; 204 205 typedef struct { 206 /*< private >*/ 207 PCIDevice parent_obj; 208 /*< public >*/ 209 210 MemoryRegion mmio_io; 211 MemoryRegion ram_io; 212 MemoryRegion io_io; 213 AddressSpace pci_io_as; 214 215 int carry; /* ??? Should this be an a visible register somewhere? */ 216 int status; 217 /* Action to take at the end of a MSG IN phase. 218 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */ 219 int msg_action; 220 int msg_len; 221 uint8_t msg[LSI_MAX_MSGIN_LEN]; 222 /* 0 if SCRIPTS are running or stopped. 223 * 1 if a Wait Reselect instruction has been issued. 224 * 2 if processing DMA from lsi_execute_script. 225 * 3 if a DMA operation is in progress. */ 226 int waiting; 227 SCSIBus bus; 228 int current_lun; 229 /* The tag is a combination of the device ID and the SCSI tag. */ 230 uint32_t select_tag; 231 int command_complete; 232 QTAILQ_HEAD(, lsi_request) queue; 233 lsi_request *current; 234 235 uint32_t dsa; 236 uint32_t temp; 237 uint32_t dnad; 238 uint32_t dbc; 239 uint8_t istat0; 240 uint8_t istat1; 241 uint8_t dcmd; 242 uint8_t dstat; 243 uint8_t dien; 244 uint8_t sist0; 245 uint8_t sist1; 246 uint8_t sien0; 247 uint8_t sien1; 248 uint8_t mbox0; 249 uint8_t mbox1; 250 uint8_t dfifo; 251 uint8_t ctest2; 252 uint8_t ctest3; 253 uint8_t ctest4; 254 uint8_t ctest5; 255 uint8_t ccntl0; 256 uint8_t ccntl1; 257 uint32_t dsp; 258 uint32_t dsps; 259 uint8_t dmode; 260 uint8_t dcntl; 261 uint8_t scntl0; 262 uint8_t scntl1; 263 uint8_t scntl2; 264 uint8_t scntl3; 265 uint8_t sstat0; 266 uint8_t sstat1; 267 uint8_t scid; 268 uint8_t sxfer; 269 uint8_t socl; 270 uint8_t sdid; 271 uint8_t ssid; 272 uint8_t sfbr; 273 uint8_t stest1; 274 uint8_t stest2; 275 uint8_t stest3; 276 uint8_t sidl; 277 uint8_t stime0; 278 uint8_t respid0; 279 uint8_t respid1; 280 uint32_t mmrs; 281 uint32_t mmws; 282 uint32_t sfs; 283 uint32_t drs; 284 uint32_t sbms; 285 uint32_t dbms; 286 uint32_t dnad64; 287 uint32_t pmjad1; 288 uint32_t pmjad2; 289 uint32_t rbc; 290 uint32_t ua; 291 uint32_t ia; 292 uint32_t sbc; 293 uint32_t csbc; 294 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 295 uint8_t sbr; 296 uint32_t adder; 297 298 /* Script ram is stored as 32-bit words in host byteorder. */ 299 uint32_t script_ram[2048]; 300 } LSIState; 301 302 #define TYPE_LSI53C810 "lsi53c810" 303 #define TYPE_LSI53C895A "lsi53c895a" 304 305 #define LSI53C895A(obj) \ 306 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A) 307 308 static inline int lsi_irq_on_rsl(LSIState *s) 309 { 310 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 311 } 312 313 static void lsi_soft_reset(LSIState *s) 314 { 315 DPRINTF("Reset\n"); 316 s->carry = 0; 317 318 s->msg_action = 0; 319 s->msg_len = 0; 320 s->waiting = 0; 321 s->dsa = 0; 322 s->dnad = 0; 323 s->dbc = 0; 324 s->temp = 0; 325 memset(s->scratch, 0, sizeof(s->scratch)); 326 s->istat0 = 0; 327 s->istat1 = 0; 328 s->dcmd = 0x40; 329 s->dstat = 0; 330 s->dien = 0; 331 s->sist0 = 0; 332 s->sist1 = 0; 333 s->sien0 = 0; 334 s->sien1 = 0; 335 s->mbox0 = 0; 336 s->mbox1 = 0; 337 s->dfifo = 0; 338 s->ctest2 = LSI_CTEST2_DACK; 339 s->ctest3 = 0; 340 s->ctest4 = 0; 341 s->ctest5 = 0; 342 s->ccntl0 = 0; 343 s->ccntl1 = 0; 344 s->dsp = 0; 345 s->dsps = 0; 346 s->dmode = 0; 347 s->dcntl = 0; 348 s->scntl0 = 0xc0; 349 s->scntl1 = 0; 350 s->scntl2 = 0; 351 s->scntl3 = 0; 352 s->sstat0 = 0; 353 s->sstat1 = 0; 354 s->scid = 7; 355 s->sxfer = 0; 356 s->socl = 0; 357 s->sdid = 0; 358 s->ssid = 0; 359 s->stest1 = 0; 360 s->stest2 = 0; 361 s->stest3 = 0; 362 s->sidl = 0; 363 s->stime0 = 0; 364 s->respid0 = 0x80; 365 s->respid1 = 0; 366 s->mmrs = 0; 367 s->mmws = 0; 368 s->sfs = 0; 369 s->drs = 0; 370 s->sbms = 0; 371 s->dbms = 0; 372 s->dnad64 = 0; 373 s->pmjad1 = 0; 374 s->pmjad2 = 0; 375 s->rbc = 0; 376 s->ua = 0; 377 s->ia = 0; 378 s->sbc = 0; 379 s->csbc = 0; 380 s->sbr = 0; 381 assert(QTAILQ_EMPTY(&s->queue)); 382 assert(!s->current); 383 } 384 385 static int lsi_dma_40bit(LSIState *s) 386 { 387 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 388 return 1; 389 return 0; 390 } 391 392 static int lsi_dma_ti64bit(LSIState *s) 393 { 394 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 395 return 1; 396 return 0; 397 } 398 399 static int lsi_dma_64bit(LSIState *s) 400 { 401 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 402 return 1; 403 return 0; 404 } 405 406 static uint8_t lsi_reg_readb(LSIState *s, int offset); 407 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 408 static void lsi_execute_script(LSIState *s); 409 static void lsi_reselect(LSIState *s, lsi_request *p); 410 411 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 412 void *buf, dma_addr_t len) 413 { 414 if (s->dmode & LSI_DMODE_SIOM) { 415 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 416 buf, len); 417 } else { 418 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 419 } 420 } 421 422 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 423 const void *buf, dma_addr_t len) 424 { 425 if (s->dmode & LSI_DMODE_DIOM) { 426 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 427 buf, len); 428 } else { 429 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 430 } 431 } 432 433 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 434 { 435 uint32_t buf; 436 437 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 438 return cpu_to_le32(buf); 439 } 440 441 static void lsi_stop_script(LSIState *s) 442 { 443 s->istat1 &= ~LSI_ISTAT1_SRUN; 444 } 445 446 static void lsi_update_irq(LSIState *s) 447 { 448 PCIDevice *d = PCI_DEVICE(s); 449 int level; 450 static int last_level; 451 lsi_request *p; 452 453 /* It's unclear whether the DIP/SIP bits should be cleared when the 454 Interrupt Status Registers are cleared or when istat0 is read. 455 We currently do the formwer, which seems to work. */ 456 level = 0; 457 if (s->dstat) { 458 if (s->dstat & s->dien) 459 level = 1; 460 s->istat0 |= LSI_ISTAT0_DIP; 461 } else { 462 s->istat0 &= ~LSI_ISTAT0_DIP; 463 } 464 465 if (s->sist0 || s->sist1) { 466 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 467 level = 1; 468 s->istat0 |= LSI_ISTAT0_SIP; 469 } else { 470 s->istat0 &= ~LSI_ISTAT0_SIP; 471 } 472 if (s->istat0 & LSI_ISTAT0_INTF) 473 level = 1; 474 475 if (level != last_level) { 476 DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n", 477 level, s->dstat, s->sist1, s->sist0); 478 last_level = level; 479 } 480 pci_set_irq(d, level); 481 482 if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 483 DPRINTF("Handled IRQs & disconnected, looking for pending " 484 "processes\n"); 485 QTAILQ_FOREACH(p, &s->queue, next) { 486 if (p->pending) { 487 lsi_reselect(s, p); 488 break; 489 } 490 } 491 } 492 } 493 494 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 495 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 496 { 497 uint32_t mask0; 498 uint32_t mask1; 499 500 DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n", 501 stat1, stat0, s->sist1, s->sist0); 502 s->sist0 |= stat0; 503 s->sist1 |= stat1; 504 /* Stop processor on fatal or unmasked interrupt. As a special hack 505 we don't stop processing when raising STO. Instead continue 506 execution and stop at the next insn that accesses the SCSI bus. */ 507 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 508 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 509 mask1 &= ~LSI_SIST1_STO; 510 if (s->sist0 & mask0 || s->sist1 & mask1) { 511 lsi_stop_script(s); 512 } 513 lsi_update_irq(s); 514 } 515 516 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 517 static void lsi_script_dma_interrupt(LSIState *s, int stat) 518 { 519 DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat); 520 s->dstat |= stat; 521 lsi_update_irq(s); 522 lsi_stop_script(s); 523 } 524 525 static inline void lsi_set_phase(LSIState *s, int phase) 526 { 527 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 528 } 529 530 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 531 { 532 /* Trigger a phase mismatch. */ 533 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 534 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 535 s->dsp = out ? s->pmjad1 : s->pmjad2; 536 } else { 537 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 538 } 539 DPRINTF("Data phase mismatch jump to %08x\n", s->dsp); 540 } else { 541 DPRINTF("Phase mismatch interrupt\n"); 542 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 543 lsi_stop_script(s); 544 } 545 lsi_set_phase(s, new_phase); 546 } 547 548 549 /* Resume SCRIPTS execution after a DMA operation. */ 550 static void lsi_resume_script(LSIState *s) 551 { 552 if (s->waiting != 2) { 553 s->waiting = 0; 554 lsi_execute_script(s); 555 } else { 556 s->waiting = 0; 557 } 558 } 559 560 static void lsi_disconnect(LSIState *s) 561 { 562 s->scntl1 &= ~LSI_SCNTL1_CON; 563 s->sstat1 &= ~PHASE_MASK; 564 } 565 566 static void lsi_bad_selection(LSIState *s, uint32_t id) 567 { 568 DPRINTF("Selected absent target %d\n", id); 569 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 570 lsi_disconnect(s); 571 } 572 573 /* Initiate a SCSI layer data transfer. */ 574 static void lsi_do_dma(LSIState *s, int out) 575 { 576 uint32_t count; 577 dma_addr_t addr; 578 SCSIDevice *dev; 579 580 assert(s->current); 581 if (!s->current->dma_len) { 582 /* Wait until data is available. */ 583 DPRINTF("DMA no data available\n"); 584 return; 585 } 586 587 dev = s->current->req->dev; 588 assert(dev); 589 590 count = s->dbc; 591 if (count > s->current->dma_len) 592 count = s->current->dma_len; 593 594 addr = s->dnad; 595 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 596 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 597 addr |= ((uint64_t)s->dnad64 << 32); 598 else if (s->dbms) 599 addr |= ((uint64_t)s->dbms << 32); 600 else if (s->sbms) 601 addr |= ((uint64_t)s->sbms << 32); 602 603 DPRINTF("DMA addr=0x" DMA_ADDR_FMT " len=%d\n", addr, count); 604 s->csbc += count; 605 s->dnad += count; 606 s->dbc -= count; 607 if (s->current->dma_buf == NULL) { 608 s->current->dma_buf = scsi_req_get_buf(s->current->req); 609 } 610 /* ??? Set SFBR to first data byte. */ 611 if (out) { 612 lsi_mem_read(s, addr, s->current->dma_buf, count); 613 } else { 614 lsi_mem_write(s, addr, s->current->dma_buf, count); 615 } 616 s->current->dma_len -= count; 617 if (s->current->dma_len == 0) { 618 s->current->dma_buf = NULL; 619 scsi_req_continue(s->current->req); 620 } else { 621 s->current->dma_buf += count; 622 lsi_resume_script(s); 623 } 624 } 625 626 627 /* Add a command to the queue. */ 628 static void lsi_queue_command(LSIState *s) 629 { 630 lsi_request *p = s->current; 631 632 DPRINTF("Queueing tag=0x%x\n", p->tag); 633 assert(s->current != NULL); 634 assert(s->current->dma_len == 0); 635 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 636 s->current = NULL; 637 638 p->pending = 0; 639 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 640 } 641 642 /* Queue a byte for a MSG IN phase. */ 643 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 644 { 645 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 646 BADF("MSG IN data too long\n"); 647 } else { 648 DPRINTF("MSG IN 0x%02x\n", data); 649 s->msg[s->msg_len++] = data; 650 } 651 } 652 653 /* Perform reselection to continue a command. */ 654 static void lsi_reselect(LSIState *s, lsi_request *p) 655 { 656 int id; 657 658 assert(s->current == NULL); 659 QTAILQ_REMOVE(&s->queue, p, next); 660 s->current = p; 661 662 id = (p->tag >> 8) & 0xf; 663 s->ssid = id | 0x80; 664 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 665 if (!(s->dcntl & LSI_DCNTL_COM)) { 666 s->sfbr = 1 << (id & 0x7); 667 } 668 DPRINTF("Reselected target %d\n", id); 669 s->scntl1 |= LSI_SCNTL1_CON; 670 lsi_set_phase(s, PHASE_MI); 671 s->msg_action = p->out ? 2 : 3; 672 s->current->dma_len = p->pending; 673 lsi_add_msg_byte(s, 0x80); 674 if (s->current->tag & LSI_TAG_VALID) { 675 lsi_add_msg_byte(s, 0x20); 676 lsi_add_msg_byte(s, p->tag & 0xff); 677 } 678 679 if (lsi_irq_on_rsl(s)) { 680 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 681 } 682 } 683 684 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 685 { 686 lsi_request *p; 687 688 QTAILQ_FOREACH(p, &s->queue, next) { 689 if (p->tag == tag) { 690 return p; 691 } 692 } 693 694 return NULL; 695 } 696 697 static void lsi_request_free(LSIState *s, lsi_request *p) 698 { 699 if (p == s->current) { 700 s->current = NULL; 701 } else { 702 QTAILQ_REMOVE(&s->queue, p, next); 703 } 704 g_free(p); 705 } 706 707 static void lsi_request_cancelled(SCSIRequest *req) 708 { 709 LSIState *s = LSI53C895A(req->bus->qbus.parent); 710 lsi_request *p = req->hba_private; 711 712 req->hba_private = NULL; 713 lsi_request_free(s, p); 714 scsi_req_unref(req); 715 } 716 717 /* Record that data is available for a queued command. Returns zero if 718 the device was reselected, nonzero if the IO is deferred. */ 719 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 720 { 721 lsi_request *p = req->hba_private; 722 723 if (p->pending) { 724 BADF("Multiple IO pending for request %p\n", p); 725 } 726 p->pending = len; 727 /* Reselect if waiting for it, or if reselection triggers an IRQ 728 and the bus is free. 729 Since no interrupt stacking is implemented in the emulation, it 730 is also required that there are no pending interrupts waiting 731 for service from the device driver. */ 732 if (s->waiting == 1 || 733 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 734 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 735 /* Reselect device. */ 736 lsi_reselect(s, p); 737 return 0; 738 } else { 739 DPRINTF("Queueing IO tag=0x%x\n", p->tag); 740 p->pending = len; 741 return 1; 742 } 743 } 744 745 /* Callback to indicate that the SCSI layer has completed a command. */ 746 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 747 { 748 LSIState *s = LSI53C895A(req->bus->qbus.parent); 749 int out; 750 751 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 752 DPRINTF("Command complete status=%d\n", (int)status); 753 s->status = status; 754 s->command_complete = 2; 755 if (s->waiting && s->dbc != 0) { 756 /* Raise phase mismatch for short transfers. */ 757 lsi_bad_phase(s, out, PHASE_ST); 758 } else { 759 lsi_set_phase(s, PHASE_ST); 760 } 761 762 if (req->hba_private == s->current) { 763 req->hba_private = NULL; 764 lsi_request_free(s, s->current); 765 scsi_req_unref(req); 766 } 767 lsi_resume_script(s); 768 } 769 770 /* Callback to indicate that the SCSI layer has completed a transfer. */ 771 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 772 { 773 LSIState *s = LSI53C895A(req->bus->qbus.parent); 774 int out; 775 776 assert(req->hba_private); 777 if (s->waiting == 1 || req->hba_private != s->current || 778 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 779 if (lsi_queue_req(s, req, len)) { 780 return; 781 } 782 } 783 784 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 785 786 /* host adapter (re)connected */ 787 DPRINTF("Data ready tag=0x%x len=%d\n", req->tag, len); 788 s->current->dma_len = len; 789 s->command_complete = 1; 790 if (s->waiting) { 791 if (s->waiting == 1 || s->dbc == 0) { 792 lsi_resume_script(s); 793 } else { 794 lsi_do_dma(s, out); 795 } 796 } 797 } 798 799 static void lsi_do_command(LSIState *s) 800 { 801 SCSIDevice *dev; 802 uint8_t buf[16]; 803 uint32_t id; 804 int n; 805 806 DPRINTF("Send command len=%d\n", s->dbc); 807 if (s->dbc > 16) 808 s->dbc = 16; 809 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 810 s->sfbr = buf[0]; 811 s->command_complete = 0; 812 813 id = (s->select_tag >> 8) & 0xf; 814 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 815 if (!dev) { 816 lsi_bad_selection(s, id); 817 return; 818 } 819 820 assert(s->current == NULL); 821 s->current = g_new0(lsi_request, 1); 822 s->current->tag = s->select_tag; 823 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 824 s->current); 825 826 n = scsi_req_enqueue(s->current->req); 827 if (n) { 828 if (n > 0) { 829 lsi_set_phase(s, PHASE_DI); 830 } else if (n < 0) { 831 lsi_set_phase(s, PHASE_DO); 832 } 833 scsi_req_continue(s->current->req); 834 } 835 if (!s->command_complete) { 836 if (n) { 837 /* Command did not complete immediately so disconnect. */ 838 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 839 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 840 /* wait data */ 841 lsi_set_phase(s, PHASE_MI); 842 s->msg_action = 1; 843 lsi_queue_command(s); 844 } else { 845 /* wait command complete */ 846 lsi_set_phase(s, PHASE_DI); 847 } 848 } 849 } 850 851 static void lsi_do_status(LSIState *s) 852 { 853 uint8_t status; 854 DPRINTF("Get status len=%d status=%d\n", s->dbc, s->status); 855 if (s->dbc != 1) 856 BADF("Bad Status move\n"); 857 s->dbc = 1; 858 status = s->status; 859 s->sfbr = status; 860 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 861 lsi_set_phase(s, PHASE_MI); 862 s->msg_action = 1; 863 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 864 } 865 866 static void lsi_do_msgin(LSIState *s) 867 { 868 int len; 869 DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len); 870 s->sfbr = s->msg[0]; 871 len = s->msg_len; 872 if (len > s->dbc) 873 len = s->dbc; 874 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 875 /* Linux drivers rely on the last byte being in the SIDL. */ 876 s->sidl = s->msg[len - 1]; 877 s->msg_len -= len; 878 if (s->msg_len) { 879 memmove(s->msg, s->msg + len, s->msg_len); 880 } else { 881 /* ??? Check if ATN (not yet implemented) is asserted and maybe 882 switch to PHASE_MO. */ 883 switch (s->msg_action) { 884 case 0: 885 lsi_set_phase(s, PHASE_CMD); 886 break; 887 case 1: 888 lsi_disconnect(s); 889 break; 890 case 2: 891 lsi_set_phase(s, PHASE_DO); 892 break; 893 case 3: 894 lsi_set_phase(s, PHASE_DI); 895 break; 896 default: 897 abort(); 898 } 899 } 900 } 901 902 /* Read the next byte during a MSGOUT phase. */ 903 static uint8_t lsi_get_msgbyte(LSIState *s) 904 { 905 uint8_t data; 906 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 907 s->dnad++; 908 s->dbc--; 909 return data; 910 } 911 912 /* Skip the next n bytes during a MSGOUT phase. */ 913 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 914 { 915 s->dnad += n; 916 s->dbc -= n; 917 } 918 919 static void lsi_do_msgout(LSIState *s) 920 { 921 uint8_t msg; 922 int len; 923 uint32_t current_tag; 924 lsi_request *current_req, *p, *p_next; 925 926 if (s->current) { 927 current_tag = s->current->tag; 928 current_req = s->current; 929 } else { 930 current_tag = s->select_tag; 931 current_req = lsi_find_by_tag(s, current_tag); 932 } 933 934 DPRINTF("MSG out len=%d\n", s->dbc); 935 while (s->dbc) { 936 msg = lsi_get_msgbyte(s); 937 s->sfbr = msg; 938 939 switch (msg) { 940 case 0x04: 941 DPRINTF("MSG: Disconnect\n"); 942 lsi_disconnect(s); 943 break; 944 case 0x08: 945 DPRINTF("MSG: No Operation\n"); 946 lsi_set_phase(s, PHASE_CMD); 947 break; 948 case 0x01: 949 len = lsi_get_msgbyte(s); 950 msg = lsi_get_msgbyte(s); 951 (void)len; /* avoid a warning about unused variable*/ 952 DPRINTF("Extended message 0x%x (len %d)\n", msg, len); 953 switch (msg) { 954 case 1: 955 DPRINTF("SDTR (ignored)\n"); 956 lsi_skip_msgbytes(s, 2); 957 break; 958 case 3: 959 DPRINTF("WDTR (ignored)\n"); 960 lsi_skip_msgbytes(s, 1); 961 break; 962 default: 963 goto bad; 964 } 965 break; 966 case 0x20: /* SIMPLE queue */ 967 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 968 DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff); 969 break; 970 case 0x21: /* HEAD of queue */ 971 BADF("HEAD queue not implemented\n"); 972 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 973 break; 974 case 0x22: /* ORDERED queue */ 975 BADF("ORDERED queue not implemented\n"); 976 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 977 break; 978 case 0x0d: 979 /* The ABORT TAG message clears the current I/O process only. */ 980 DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag); 981 if (current_req) { 982 scsi_req_cancel(current_req->req); 983 } 984 lsi_disconnect(s); 985 break; 986 case 0x06: 987 case 0x0e: 988 case 0x0c: 989 /* The ABORT message clears all I/O processes for the selecting 990 initiator on the specified logical unit of the target. */ 991 if (msg == 0x06) { 992 DPRINTF("MSG: ABORT tag=0x%x\n", current_tag); 993 } 994 /* The CLEAR QUEUE message clears all I/O processes for all 995 initiators on the specified logical unit of the target. */ 996 if (msg == 0x0e) { 997 DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag); 998 } 999 /* The BUS DEVICE RESET message clears all I/O processes for all 1000 initiators on all logical units of the target. */ 1001 if (msg == 0x0c) { 1002 DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag); 1003 } 1004 1005 /* clear the current I/O process */ 1006 if (s->current) { 1007 scsi_req_cancel(s->current->req); 1008 } 1009 1010 /* As the current implemented devices scsi_disk and scsi_generic 1011 only support one LUN, we don't need to keep track of LUNs. 1012 Clearing I/O processes for other initiators could be possible 1013 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1014 device, but this is currently not implemented (and seems not 1015 to be really necessary). So let's simply clear all queued 1016 commands for the current device: */ 1017 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1018 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1019 scsi_req_cancel(p->req); 1020 } 1021 } 1022 1023 lsi_disconnect(s); 1024 break; 1025 default: 1026 if ((msg & 0x80) == 0) { 1027 goto bad; 1028 } 1029 s->current_lun = msg & 7; 1030 DPRINTF("Select LUN %d\n", s->current_lun); 1031 lsi_set_phase(s, PHASE_CMD); 1032 break; 1033 } 1034 } 1035 return; 1036 bad: 1037 BADF("Unimplemented message 0x%02x\n", msg); 1038 lsi_set_phase(s, PHASE_MI); 1039 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1040 s->msg_action = 0; 1041 } 1042 1043 #define LSI_BUF_SIZE 4096 1044 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1045 { 1046 int n; 1047 uint8_t buf[LSI_BUF_SIZE]; 1048 1049 DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count); 1050 while (count) { 1051 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1052 lsi_mem_read(s, src, buf, n); 1053 lsi_mem_write(s, dest, buf, n); 1054 src += n; 1055 dest += n; 1056 count -= n; 1057 } 1058 } 1059 1060 static void lsi_wait_reselect(LSIState *s) 1061 { 1062 lsi_request *p; 1063 1064 DPRINTF("Wait Reselect\n"); 1065 1066 QTAILQ_FOREACH(p, &s->queue, next) { 1067 if (p->pending) { 1068 lsi_reselect(s, p); 1069 break; 1070 } 1071 } 1072 if (s->current == NULL) { 1073 s->waiting = 1; 1074 } 1075 } 1076 1077 static void lsi_execute_script(LSIState *s) 1078 { 1079 PCIDevice *pci_dev = PCI_DEVICE(s); 1080 uint32_t insn; 1081 uint32_t addr, addr_high; 1082 int opcode; 1083 int insn_processed = 0; 1084 1085 s->istat1 |= LSI_ISTAT1_SRUN; 1086 again: 1087 insn_processed++; 1088 insn = read_dword(s, s->dsp); 1089 if (!insn) { 1090 /* If we receive an empty opcode increment the DSP by 4 bytes 1091 instead of 8 and execute the next opcode at that location */ 1092 s->dsp += 4; 1093 goto again; 1094 } 1095 addr = read_dword(s, s->dsp + 4); 1096 addr_high = 0; 1097 DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr); 1098 s->dsps = addr; 1099 s->dcmd = insn >> 24; 1100 s->dsp += 8; 1101 switch (insn >> 30) { 1102 case 0: /* Block move. */ 1103 if (s->sist1 & LSI_SIST1_STO) { 1104 DPRINTF("Delayed select timeout\n"); 1105 lsi_stop_script(s); 1106 break; 1107 } 1108 s->dbc = insn & 0xffffff; 1109 s->rbc = s->dbc; 1110 /* ??? Set ESA. */ 1111 s->ia = s->dsp - 8; 1112 if (insn & (1 << 29)) { 1113 /* Indirect addressing. */ 1114 addr = read_dword(s, addr); 1115 } else if (insn & (1 << 28)) { 1116 uint32_t buf[2]; 1117 int32_t offset; 1118 /* Table indirect addressing. */ 1119 1120 /* 32-bit Table indirect */ 1121 offset = sextract32(addr, 0, 24); 1122 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1123 /* byte count is stored in bits 0:23 only */ 1124 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1125 s->rbc = s->dbc; 1126 addr = cpu_to_le32(buf[1]); 1127 1128 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1129 * table, bits [31:24] */ 1130 if (lsi_dma_40bit(s)) 1131 addr_high = cpu_to_le32(buf[0]) >> 24; 1132 else if (lsi_dma_ti64bit(s)) { 1133 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1134 switch (selector) { 1135 case 0 ... 0x0f: 1136 /* offset index into scratch registers since 1137 * TI64 mode can use registers C to R */ 1138 addr_high = s->scratch[2 + selector]; 1139 break; 1140 case 0x10: 1141 addr_high = s->mmrs; 1142 break; 1143 case 0x11: 1144 addr_high = s->mmws; 1145 break; 1146 case 0x12: 1147 addr_high = s->sfs; 1148 break; 1149 case 0x13: 1150 addr_high = s->drs; 1151 break; 1152 case 0x14: 1153 addr_high = s->sbms; 1154 break; 1155 case 0x15: 1156 addr_high = s->dbms; 1157 break; 1158 default: 1159 BADF("Illegal selector specified (0x%x > 0x15)" 1160 " for 64-bit DMA block move", selector); 1161 break; 1162 } 1163 } 1164 } else if (lsi_dma_64bit(s)) { 1165 /* fetch a 3rd dword if 64-bit direct move is enabled and 1166 only if we're not doing table indirect or indirect addressing */ 1167 s->dbms = read_dword(s, s->dsp); 1168 s->dsp += 4; 1169 s->ia = s->dsp - 12; 1170 } 1171 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1172 DPRINTF("Wrong phase got %d expected %d\n", 1173 s->sstat1 & PHASE_MASK, (insn >> 24) & 7); 1174 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1175 break; 1176 } 1177 s->dnad = addr; 1178 s->dnad64 = addr_high; 1179 switch (s->sstat1 & 0x7) { 1180 case PHASE_DO: 1181 s->waiting = 2; 1182 lsi_do_dma(s, 1); 1183 if (s->waiting) 1184 s->waiting = 3; 1185 break; 1186 case PHASE_DI: 1187 s->waiting = 2; 1188 lsi_do_dma(s, 0); 1189 if (s->waiting) 1190 s->waiting = 3; 1191 break; 1192 case PHASE_CMD: 1193 lsi_do_command(s); 1194 break; 1195 case PHASE_ST: 1196 lsi_do_status(s); 1197 break; 1198 case PHASE_MO: 1199 lsi_do_msgout(s); 1200 break; 1201 case PHASE_MI: 1202 lsi_do_msgin(s); 1203 break; 1204 default: 1205 BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK); 1206 exit(1); 1207 } 1208 s->dfifo = s->dbc & 0xff; 1209 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1210 s->sbc = s->dbc; 1211 s->rbc -= s->dbc; 1212 s->ua = addr + s->dbc; 1213 break; 1214 1215 case 1: /* IO or Read/Write instruction. */ 1216 opcode = (insn >> 27) & 7; 1217 if (opcode < 5) { 1218 uint32_t id; 1219 1220 if (insn & (1 << 25)) { 1221 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1222 } else { 1223 id = insn; 1224 } 1225 id = (id >> 16) & 0xf; 1226 if (insn & (1 << 26)) { 1227 addr = s->dsp + sextract32(addr, 0, 24); 1228 } 1229 s->dnad = addr; 1230 switch (opcode) { 1231 case 0: /* Select */ 1232 s->sdid = id; 1233 if (s->scntl1 & LSI_SCNTL1_CON) { 1234 DPRINTF("Already reselected, jumping to alternative address\n"); 1235 s->dsp = s->dnad; 1236 break; 1237 } 1238 s->sstat0 |= LSI_SSTAT0_WOA; 1239 s->scntl1 &= ~LSI_SCNTL1_IARB; 1240 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1241 lsi_bad_selection(s, id); 1242 break; 1243 } 1244 DPRINTF("Selected target %d%s\n", 1245 id, insn & (1 << 3) ? " ATN" : ""); 1246 /* ??? Linux drivers compain when this is set. Maybe 1247 it only applies in low-level mode (unimplemented). 1248 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1249 s->select_tag = id << 8; 1250 s->scntl1 |= LSI_SCNTL1_CON; 1251 if (insn & (1 << 3)) { 1252 s->socl |= LSI_SOCL_ATN; 1253 } 1254 lsi_set_phase(s, PHASE_MO); 1255 break; 1256 case 1: /* Disconnect */ 1257 DPRINTF("Wait Disconnect\n"); 1258 s->scntl1 &= ~LSI_SCNTL1_CON; 1259 break; 1260 case 2: /* Wait Reselect */ 1261 if (!lsi_irq_on_rsl(s)) { 1262 lsi_wait_reselect(s); 1263 } 1264 break; 1265 case 3: /* Set */ 1266 DPRINTF("Set%s%s%s%s\n", 1267 insn & (1 << 3) ? " ATN" : "", 1268 insn & (1 << 6) ? " ACK" : "", 1269 insn & (1 << 9) ? " TM" : "", 1270 insn & (1 << 10) ? " CC" : ""); 1271 if (insn & (1 << 3)) { 1272 s->socl |= LSI_SOCL_ATN; 1273 lsi_set_phase(s, PHASE_MO); 1274 } 1275 if (insn & (1 << 9)) { 1276 BADF("Target mode not implemented\n"); 1277 exit(1); 1278 } 1279 if (insn & (1 << 10)) 1280 s->carry = 1; 1281 break; 1282 case 4: /* Clear */ 1283 DPRINTF("Clear%s%s%s%s\n", 1284 insn & (1 << 3) ? " ATN" : "", 1285 insn & (1 << 6) ? " ACK" : "", 1286 insn & (1 << 9) ? " TM" : "", 1287 insn & (1 << 10) ? " CC" : ""); 1288 if (insn & (1 << 3)) { 1289 s->socl &= ~LSI_SOCL_ATN; 1290 } 1291 if (insn & (1 << 10)) 1292 s->carry = 0; 1293 break; 1294 } 1295 } else { 1296 uint8_t op0; 1297 uint8_t op1; 1298 uint8_t data8; 1299 int reg; 1300 int operator; 1301 #ifdef DEBUG_LSI 1302 static const char *opcode_names[3] = 1303 {"Write", "Read", "Read-Modify-Write"}; 1304 static const char *operator_names[8] = 1305 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1306 #endif 1307 1308 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1309 data8 = (insn >> 8) & 0xff; 1310 opcode = (insn >> 27) & 7; 1311 operator = (insn >> 24) & 7; 1312 DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n", 1313 opcode_names[opcode - 5], reg, 1314 operator_names[operator], data8, s->sfbr, 1315 (insn & (1 << 23)) ? " SFBR" : ""); 1316 op0 = op1 = 0; 1317 switch (opcode) { 1318 case 5: /* From SFBR */ 1319 op0 = s->sfbr; 1320 op1 = data8; 1321 break; 1322 case 6: /* To SFBR */ 1323 if (operator) 1324 op0 = lsi_reg_readb(s, reg); 1325 op1 = data8; 1326 break; 1327 case 7: /* Read-modify-write */ 1328 if (operator) 1329 op0 = lsi_reg_readb(s, reg); 1330 if (insn & (1 << 23)) { 1331 op1 = s->sfbr; 1332 } else { 1333 op1 = data8; 1334 } 1335 break; 1336 } 1337 1338 switch (operator) { 1339 case 0: /* move */ 1340 op0 = op1; 1341 break; 1342 case 1: /* Shift left */ 1343 op1 = op0 >> 7; 1344 op0 = (op0 << 1) | s->carry; 1345 s->carry = op1; 1346 break; 1347 case 2: /* OR */ 1348 op0 |= op1; 1349 break; 1350 case 3: /* XOR */ 1351 op0 ^= op1; 1352 break; 1353 case 4: /* AND */ 1354 op0 &= op1; 1355 break; 1356 case 5: /* SHR */ 1357 op1 = op0 & 1; 1358 op0 = (op0 >> 1) | (s->carry << 7); 1359 s->carry = op1; 1360 break; 1361 case 6: /* ADD */ 1362 op0 += op1; 1363 s->carry = op0 < op1; 1364 break; 1365 case 7: /* ADC */ 1366 op0 += op1 + s->carry; 1367 if (s->carry) 1368 s->carry = op0 <= op1; 1369 else 1370 s->carry = op0 < op1; 1371 break; 1372 } 1373 1374 switch (opcode) { 1375 case 5: /* From SFBR */ 1376 case 7: /* Read-modify-write */ 1377 lsi_reg_writeb(s, reg, op0); 1378 break; 1379 case 6: /* To SFBR */ 1380 s->sfbr = op0; 1381 break; 1382 } 1383 } 1384 break; 1385 1386 case 2: /* Transfer Control. */ 1387 { 1388 int cond; 1389 int jmp; 1390 1391 if ((insn & 0x002e0000) == 0) { 1392 DPRINTF("NOP\n"); 1393 break; 1394 } 1395 if (s->sist1 & LSI_SIST1_STO) { 1396 DPRINTF("Delayed select timeout\n"); 1397 lsi_stop_script(s); 1398 break; 1399 } 1400 cond = jmp = (insn & (1 << 19)) != 0; 1401 if (cond == jmp && (insn & (1 << 21))) { 1402 DPRINTF("Compare carry %d\n", s->carry == jmp); 1403 cond = s->carry != 0; 1404 } 1405 if (cond == jmp && (insn & (1 << 17))) { 1406 DPRINTF("Compare phase %d %c= %d\n", 1407 (s->sstat1 & PHASE_MASK), 1408 jmp ? '=' : '!', 1409 ((insn >> 24) & 7)); 1410 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1411 } 1412 if (cond == jmp && (insn & (1 << 18))) { 1413 uint8_t mask; 1414 1415 mask = (~insn >> 8) & 0xff; 1416 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n", 1417 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1418 cond = (s->sfbr & mask) == (insn & mask); 1419 } 1420 if (cond == jmp) { 1421 if (insn & (1 << 23)) { 1422 /* Relative address. */ 1423 addr = s->dsp + sextract32(addr, 0, 24); 1424 } 1425 switch ((insn >> 27) & 7) { 1426 case 0: /* Jump */ 1427 DPRINTF("Jump to 0x%08x\n", addr); 1428 s->adder = addr; 1429 s->dsp = addr; 1430 break; 1431 case 1: /* Call */ 1432 DPRINTF("Call 0x%08x\n", addr); 1433 s->temp = s->dsp; 1434 s->dsp = addr; 1435 break; 1436 case 2: /* Return */ 1437 DPRINTF("Return to 0x%08x\n", s->temp); 1438 s->dsp = s->temp; 1439 break; 1440 case 3: /* Interrupt */ 1441 DPRINTF("Interrupt 0x%08x\n", s->dsps); 1442 if ((insn & (1 << 20)) != 0) { 1443 s->istat0 |= LSI_ISTAT0_INTF; 1444 lsi_update_irq(s); 1445 } else { 1446 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1447 } 1448 break; 1449 default: 1450 DPRINTF("Illegal transfer control\n"); 1451 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1452 break; 1453 } 1454 } else { 1455 DPRINTF("Control condition failed\n"); 1456 } 1457 } 1458 break; 1459 1460 case 3: 1461 if ((insn & (1 << 29)) == 0) { 1462 /* Memory move. */ 1463 uint32_t dest; 1464 /* ??? The docs imply the destination address is loaded into 1465 the TEMP register. However the Linux drivers rely on 1466 the value being presrved. */ 1467 dest = read_dword(s, s->dsp); 1468 s->dsp += 4; 1469 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1470 } else { 1471 uint8_t data[7]; 1472 int reg; 1473 int n; 1474 int i; 1475 1476 if (insn & (1 << 28)) { 1477 addr = s->dsa + sextract32(addr, 0, 24); 1478 } 1479 n = (insn & 7); 1480 reg = (insn >> 16) & 0xff; 1481 if (insn & (1 << 24)) { 1482 pci_dma_read(pci_dev, addr, data, n); 1483 DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n, 1484 addr, *(int *)data); 1485 for (i = 0; i < n; i++) { 1486 lsi_reg_writeb(s, reg + i, data[i]); 1487 } 1488 } else { 1489 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr); 1490 for (i = 0; i < n; i++) { 1491 data[i] = lsi_reg_readb(s, reg + i); 1492 } 1493 pci_dma_write(pci_dev, addr, data, n); 1494 } 1495 } 1496 } 1497 if (insn_processed > 10000 && !s->waiting) { 1498 /* Some windows drivers make the device spin waiting for a memory 1499 location to change. If we have been executed a lot of code then 1500 assume this is the case and force an unexpected device disconnect. 1501 This is apparently sufficient to beat the drivers into submission. 1502 */ 1503 if (!(s->sien0 & LSI_SIST0_UDC)) 1504 fprintf(stderr, "inf. loop with UDC masked\n"); 1505 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1506 lsi_disconnect(s); 1507 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) { 1508 if (s->dcntl & LSI_DCNTL_SSM) { 1509 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1510 } else { 1511 goto again; 1512 } 1513 } 1514 DPRINTF("SCRIPTS execution stopped\n"); 1515 } 1516 1517 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1518 { 1519 uint8_t ret; 1520 1521 #define CASE_GET_REG24(name, addr) \ 1522 case addr: ret = s->name & 0xff; break; \ 1523 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1524 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1525 1526 #define CASE_GET_REG32(name, addr) \ 1527 case addr: ret = s->name & 0xff; break; \ 1528 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1529 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1530 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1531 1532 switch (offset) { 1533 case 0x00: /* SCNTL0 */ 1534 ret = s->scntl0; 1535 break; 1536 case 0x01: /* SCNTL1 */ 1537 ret = s->scntl1; 1538 break; 1539 case 0x02: /* SCNTL2 */ 1540 ret = s->scntl2; 1541 break; 1542 case 0x03: /* SCNTL3 */ 1543 ret = s->scntl3; 1544 break; 1545 case 0x04: /* SCID */ 1546 ret = s->scid; 1547 break; 1548 case 0x05: /* SXFER */ 1549 ret = s->sxfer; 1550 break; 1551 case 0x06: /* SDID */ 1552 ret = s->sdid; 1553 break; 1554 case 0x07: /* GPREG0 */ 1555 ret = 0x7f; 1556 break; 1557 case 0x08: /* Revision ID */ 1558 ret = 0x00; 1559 break; 1560 case 0x09: /* SOCL */ 1561 ret = s->socl; 1562 break; 1563 case 0xa: /* SSID */ 1564 ret = s->ssid; 1565 break; 1566 case 0xb: /* SBCL */ 1567 /* ??? This is not correct. However it's (hopefully) only 1568 used for diagnostics, so should be ok. */ 1569 ret = 0; 1570 break; 1571 case 0xc: /* DSTAT */ 1572 ret = s->dstat | LSI_DSTAT_DFE; 1573 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1574 s->dstat = 0; 1575 lsi_update_irq(s); 1576 break; 1577 case 0x0d: /* SSTAT0 */ 1578 ret = s->sstat0; 1579 break; 1580 case 0x0e: /* SSTAT1 */ 1581 ret = s->sstat1; 1582 break; 1583 case 0x0f: /* SSTAT2 */ 1584 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1585 break; 1586 CASE_GET_REG32(dsa, 0x10) 1587 case 0x14: /* ISTAT0 */ 1588 ret = s->istat0; 1589 break; 1590 case 0x15: /* ISTAT1 */ 1591 ret = s->istat1; 1592 break; 1593 case 0x16: /* MBOX0 */ 1594 ret = s->mbox0; 1595 break; 1596 case 0x17: /* MBOX1 */ 1597 ret = s->mbox1; 1598 break; 1599 case 0x18: /* CTEST0 */ 1600 ret = 0xff; 1601 break; 1602 case 0x19: /* CTEST1 */ 1603 ret = 0; 1604 break; 1605 case 0x1a: /* CTEST2 */ 1606 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1607 if (s->istat0 & LSI_ISTAT0_SIGP) { 1608 s->istat0 &= ~LSI_ISTAT0_SIGP; 1609 ret |= LSI_CTEST2_SIGP; 1610 } 1611 break; 1612 case 0x1b: /* CTEST3 */ 1613 ret = s->ctest3; 1614 break; 1615 CASE_GET_REG32(temp, 0x1c) 1616 case 0x20: /* DFIFO */ 1617 ret = 0; 1618 break; 1619 case 0x21: /* CTEST4 */ 1620 ret = s->ctest4; 1621 break; 1622 case 0x22: /* CTEST5 */ 1623 ret = s->ctest5; 1624 break; 1625 case 0x23: /* CTEST6 */ 1626 ret = 0; 1627 break; 1628 CASE_GET_REG24(dbc, 0x24) 1629 case 0x27: /* DCMD */ 1630 ret = s->dcmd; 1631 break; 1632 CASE_GET_REG32(dnad, 0x28) 1633 CASE_GET_REG32(dsp, 0x2c) 1634 CASE_GET_REG32(dsps, 0x30) 1635 CASE_GET_REG32(scratch[0], 0x34) 1636 case 0x38: /* DMODE */ 1637 ret = s->dmode; 1638 break; 1639 case 0x39: /* DIEN */ 1640 ret = s->dien; 1641 break; 1642 case 0x3a: /* SBR */ 1643 ret = s->sbr; 1644 break; 1645 case 0x3b: /* DCNTL */ 1646 ret = s->dcntl; 1647 break; 1648 /* ADDER Output (Debug of relative jump address) */ 1649 CASE_GET_REG32(adder, 0x3c) 1650 case 0x40: /* SIEN0 */ 1651 ret = s->sien0; 1652 break; 1653 case 0x41: /* SIEN1 */ 1654 ret = s->sien1; 1655 break; 1656 case 0x42: /* SIST0 */ 1657 ret = s->sist0; 1658 s->sist0 = 0; 1659 lsi_update_irq(s); 1660 break; 1661 case 0x43: /* SIST1 */ 1662 ret = s->sist1; 1663 s->sist1 = 0; 1664 lsi_update_irq(s); 1665 break; 1666 case 0x46: /* MACNTL */ 1667 ret = 0x0f; 1668 break; 1669 case 0x47: /* GPCNTL0 */ 1670 ret = 0x0f; 1671 break; 1672 case 0x48: /* STIME0 */ 1673 ret = s->stime0; 1674 break; 1675 case 0x4a: /* RESPID0 */ 1676 ret = s->respid0; 1677 break; 1678 case 0x4b: /* RESPID1 */ 1679 ret = s->respid1; 1680 break; 1681 case 0x4d: /* STEST1 */ 1682 ret = s->stest1; 1683 break; 1684 case 0x4e: /* STEST2 */ 1685 ret = s->stest2; 1686 break; 1687 case 0x4f: /* STEST3 */ 1688 ret = s->stest3; 1689 break; 1690 case 0x50: /* SIDL */ 1691 /* This is needed by the linux drivers. We currently only update it 1692 during the MSG IN phase. */ 1693 ret = s->sidl; 1694 break; 1695 case 0x52: /* STEST4 */ 1696 ret = 0xe0; 1697 break; 1698 case 0x56: /* CCNTL0 */ 1699 ret = s->ccntl0; 1700 break; 1701 case 0x57: /* CCNTL1 */ 1702 ret = s->ccntl1; 1703 break; 1704 case 0x58: /* SBDL */ 1705 /* Some drivers peek at the data bus during the MSG IN phase. */ 1706 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) 1707 return s->msg[0]; 1708 ret = 0; 1709 break; 1710 case 0x59: /* SBDL high */ 1711 ret = 0; 1712 break; 1713 CASE_GET_REG32(mmrs, 0xa0) 1714 CASE_GET_REG32(mmws, 0xa4) 1715 CASE_GET_REG32(sfs, 0xa8) 1716 CASE_GET_REG32(drs, 0xac) 1717 CASE_GET_REG32(sbms, 0xb0) 1718 CASE_GET_REG32(dbms, 0xb4) 1719 CASE_GET_REG32(dnad64, 0xb8) 1720 CASE_GET_REG32(pmjad1, 0xc0) 1721 CASE_GET_REG32(pmjad2, 0xc4) 1722 CASE_GET_REG32(rbc, 0xc8) 1723 CASE_GET_REG32(ua, 0xcc) 1724 CASE_GET_REG32(ia, 0xd4) 1725 CASE_GET_REG32(sbc, 0xd8) 1726 CASE_GET_REG32(csbc, 0xdc) 1727 case 0x5c ... 0x9f: 1728 { 1729 int n; 1730 int shift; 1731 n = (offset - 0x58) >> 2; 1732 shift = (offset & 3) * 8; 1733 ret = (s->scratch[n] >> shift) & 0xff; 1734 break; 1735 } 1736 default: 1737 { 1738 qemu_log_mask(LOG_GUEST_ERROR, 1739 "lsi_scsi: invalid read from reg %s %x\n", 1740 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1741 offset); 1742 ret = 0xff; 1743 break; 1744 } 1745 } 1746 #undef CASE_GET_REG24 1747 #undef CASE_GET_REG32 1748 1749 #ifdef DEBUG_LSI_REG 1750 DPRINTF("Read reg %s %x = %02x\n", 1751 offset < ARRAY_SIZE(names) ? names[offset] : "???", offset, ret); 1752 #endif 1753 1754 return ret; 1755 } 1756 1757 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1758 { 1759 #define CASE_SET_REG24(name, addr) \ 1760 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1761 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1762 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1763 1764 #define CASE_SET_REG32(name, addr) \ 1765 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1766 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1767 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1768 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1769 1770 #ifdef DEBUG_LSI_REG 1771 DPRINTF("Write reg %s %x = %02x\n", 1772 offset < ARRAY_SIZE(names) ? names[offset] : "???", offset, val); 1773 #endif 1774 switch (offset) { 1775 case 0x00: /* SCNTL0 */ 1776 s->scntl0 = val; 1777 if (val & LSI_SCNTL0_START) { 1778 BADF("Start sequence not implemented\n"); 1779 } 1780 break; 1781 case 0x01: /* SCNTL1 */ 1782 s->scntl1 = val & ~LSI_SCNTL1_SST; 1783 if (val & LSI_SCNTL1_IARB) { 1784 BADF("Immediate Arbritration not implemented\n"); 1785 } 1786 if (val & LSI_SCNTL1_RST) { 1787 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1788 qbus_reset_all(&s->bus.qbus); 1789 s->sstat0 |= LSI_SSTAT0_RST; 1790 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1791 } 1792 } else { 1793 s->sstat0 &= ~LSI_SSTAT0_RST; 1794 } 1795 break; 1796 case 0x02: /* SCNTL2 */ 1797 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1798 s->scntl2 = val; 1799 break; 1800 case 0x03: /* SCNTL3 */ 1801 s->scntl3 = val; 1802 break; 1803 case 0x04: /* SCID */ 1804 s->scid = val; 1805 break; 1806 case 0x05: /* SXFER */ 1807 s->sxfer = val; 1808 break; 1809 case 0x06: /* SDID */ 1810 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1811 BADF("Destination ID does not match SSID\n"); 1812 } 1813 s->sdid = val & 0xf; 1814 break; 1815 case 0x07: /* GPREG0 */ 1816 break; 1817 case 0x08: /* SFBR */ 1818 /* The CPU is not allowed to write to this register. However the 1819 SCRIPTS register move instructions are. */ 1820 s->sfbr = val; 1821 break; 1822 case 0x0a: case 0x0b: 1823 /* Openserver writes to these readonly registers on startup */ 1824 return; 1825 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1826 /* Linux writes to these readonly registers on startup. */ 1827 return; 1828 CASE_SET_REG32(dsa, 0x10) 1829 case 0x14: /* ISTAT0 */ 1830 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1831 if (val & LSI_ISTAT0_ABRT) { 1832 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1833 } 1834 if (val & LSI_ISTAT0_INTF) { 1835 s->istat0 &= ~LSI_ISTAT0_INTF; 1836 lsi_update_irq(s); 1837 } 1838 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) { 1839 DPRINTF("Woken by SIGP\n"); 1840 s->waiting = 0; 1841 s->dsp = s->dnad; 1842 lsi_execute_script(s); 1843 } 1844 if (val & LSI_ISTAT0_SRST) { 1845 qdev_reset_all(DEVICE(s)); 1846 } 1847 break; 1848 case 0x16: /* MBOX0 */ 1849 s->mbox0 = val; 1850 break; 1851 case 0x17: /* MBOX1 */ 1852 s->mbox1 = val; 1853 break; 1854 case 0x18: /* CTEST0 */ 1855 /* nothing to do */ 1856 break; 1857 case 0x1a: /* CTEST2 */ 1858 s->ctest2 = val & LSI_CTEST2_PCICIE; 1859 break; 1860 case 0x1b: /* CTEST3 */ 1861 s->ctest3 = val & 0x0f; 1862 break; 1863 CASE_SET_REG32(temp, 0x1c) 1864 case 0x21: /* CTEST4 */ 1865 if (val & 7) { 1866 BADF("Unimplemented CTEST4-FBL 0x%x\n", val); 1867 } 1868 s->ctest4 = val; 1869 break; 1870 case 0x22: /* CTEST5 */ 1871 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1872 BADF("CTEST5 DMA increment not implemented\n"); 1873 } 1874 s->ctest5 = val; 1875 break; 1876 CASE_SET_REG24(dbc, 0x24) 1877 CASE_SET_REG32(dnad, 0x28) 1878 case 0x2c: /* DSP[0:7] */ 1879 s->dsp &= 0xffffff00; 1880 s->dsp |= val; 1881 break; 1882 case 0x2d: /* DSP[8:15] */ 1883 s->dsp &= 0xffff00ff; 1884 s->dsp |= val << 8; 1885 break; 1886 case 0x2e: /* DSP[16:23] */ 1887 s->dsp &= 0xff00ffff; 1888 s->dsp |= val << 16; 1889 break; 1890 case 0x2f: /* DSP[24:31] */ 1891 s->dsp &= 0x00ffffff; 1892 s->dsp |= val << 24; 1893 if ((s->dmode & LSI_DMODE_MAN) == 0 1894 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1895 lsi_execute_script(s); 1896 break; 1897 CASE_SET_REG32(dsps, 0x30) 1898 CASE_SET_REG32(scratch[0], 0x34) 1899 case 0x38: /* DMODE */ 1900 s->dmode = val; 1901 break; 1902 case 0x39: /* DIEN */ 1903 s->dien = val; 1904 lsi_update_irq(s); 1905 break; 1906 case 0x3a: /* SBR */ 1907 s->sbr = val; 1908 break; 1909 case 0x3b: /* DCNTL */ 1910 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1911 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1912 lsi_execute_script(s); 1913 break; 1914 case 0x40: /* SIEN0 */ 1915 s->sien0 = val; 1916 lsi_update_irq(s); 1917 break; 1918 case 0x41: /* SIEN1 */ 1919 s->sien1 = val; 1920 lsi_update_irq(s); 1921 break; 1922 case 0x47: /* GPCNTL0 */ 1923 break; 1924 case 0x48: /* STIME0 */ 1925 s->stime0 = val; 1926 break; 1927 case 0x49: /* STIME1 */ 1928 if (val & 0xf) { 1929 DPRINTF("General purpose timer not implemented\n"); 1930 /* ??? Raising the interrupt immediately seems to be sufficient 1931 to keep the FreeBSD driver happy. */ 1932 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 1933 } 1934 break; 1935 case 0x4a: /* RESPID0 */ 1936 s->respid0 = val; 1937 break; 1938 case 0x4b: /* RESPID1 */ 1939 s->respid1 = val; 1940 break; 1941 case 0x4d: /* STEST1 */ 1942 s->stest1 = val; 1943 break; 1944 case 0x4e: /* STEST2 */ 1945 if (val & 1) { 1946 BADF("Low level mode not implemented\n"); 1947 } 1948 s->stest2 = val; 1949 break; 1950 case 0x4f: /* STEST3 */ 1951 if (val & 0x41) { 1952 BADF("SCSI FIFO test mode not implemented\n"); 1953 } 1954 s->stest3 = val; 1955 break; 1956 case 0x56: /* CCNTL0 */ 1957 s->ccntl0 = val; 1958 break; 1959 case 0x57: /* CCNTL1 */ 1960 s->ccntl1 = val; 1961 break; 1962 CASE_SET_REG32(mmrs, 0xa0) 1963 CASE_SET_REG32(mmws, 0xa4) 1964 CASE_SET_REG32(sfs, 0xa8) 1965 CASE_SET_REG32(drs, 0xac) 1966 CASE_SET_REG32(sbms, 0xb0) 1967 CASE_SET_REG32(dbms, 0xb4) 1968 CASE_SET_REG32(dnad64, 0xb8) 1969 CASE_SET_REG32(pmjad1, 0xc0) 1970 CASE_SET_REG32(pmjad2, 0xc4) 1971 CASE_SET_REG32(rbc, 0xc8) 1972 CASE_SET_REG32(ua, 0xcc) 1973 CASE_SET_REG32(ia, 0xd4) 1974 CASE_SET_REG32(sbc, 0xd8) 1975 CASE_SET_REG32(csbc, 0xdc) 1976 default: 1977 if (offset >= 0x5c && offset < 0xa0) { 1978 int n; 1979 int shift; 1980 n = (offset - 0x58) >> 2; 1981 shift = (offset & 3) * 8; 1982 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 1983 } else { 1984 qemu_log_mask(LOG_GUEST_ERROR, 1985 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 1986 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1987 offset, val); 1988 } 1989 } 1990 #undef CASE_SET_REG24 1991 #undef CASE_SET_REG32 1992 } 1993 1994 static void lsi_mmio_write(void *opaque, hwaddr addr, 1995 uint64_t val, unsigned size) 1996 { 1997 LSIState *s = opaque; 1998 1999 lsi_reg_writeb(s, addr & 0xff, val); 2000 } 2001 2002 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2003 unsigned size) 2004 { 2005 LSIState *s = opaque; 2006 2007 return lsi_reg_readb(s, addr & 0xff); 2008 } 2009 2010 static const MemoryRegionOps lsi_mmio_ops = { 2011 .read = lsi_mmio_read, 2012 .write = lsi_mmio_write, 2013 .endianness = DEVICE_NATIVE_ENDIAN, 2014 .impl = { 2015 .min_access_size = 1, 2016 .max_access_size = 1, 2017 }, 2018 }; 2019 2020 static void lsi_ram_write(void *opaque, hwaddr addr, 2021 uint64_t val, unsigned size) 2022 { 2023 LSIState *s = opaque; 2024 uint32_t newval; 2025 uint32_t mask; 2026 int shift; 2027 2028 newval = s->script_ram[addr >> 2]; 2029 shift = (addr & 3) * 8; 2030 mask = ((uint64_t)1 << (size * 8)) - 1; 2031 newval &= ~(mask << shift); 2032 newval |= val << shift; 2033 s->script_ram[addr >> 2] = newval; 2034 } 2035 2036 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2037 unsigned size) 2038 { 2039 LSIState *s = opaque; 2040 uint32_t val; 2041 uint32_t mask; 2042 2043 val = s->script_ram[addr >> 2]; 2044 mask = ((uint64_t)1 << (size * 8)) - 1; 2045 val >>= (addr & 3) * 8; 2046 return val & mask; 2047 } 2048 2049 static const MemoryRegionOps lsi_ram_ops = { 2050 .read = lsi_ram_read, 2051 .write = lsi_ram_write, 2052 .endianness = DEVICE_NATIVE_ENDIAN, 2053 }; 2054 2055 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2056 unsigned size) 2057 { 2058 LSIState *s = opaque; 2059 return lsi_reg_readb(s, addr & 0xff); 2060 } 2061 2062 static void lsi_io_write(void *opaque, hwaddr addr, 2063 uint64_t val, unsigned size) 2064 { 2065 LSIState *s = opaque; 2066 lsi_reg_writeb(s, addr & 0xff, val); 2067 } 2068 2069 static const MemoryRegionOps lsi_io_ops = { 2070 .read = lsi_io_read, 2071 .write = lsi_io_write, 2072 .endianness = DEVICE_NATIVE_ENDIAN, 2073 .impl = { 2074 .min_access_size = 1, 2075 .max_access_size = 1, 2076 }, 2077 }; 2078 2079 static void lsi_scsi_reset(DeviceState *dev) 2080 { 2081 LSIState *s = LSI53C895A(dev); 2082 2083 lsi_soft_reset(s); 2084 } 2085 2086 static int lsi_pre_save(void *opaque) 2087 { 2088 LSIState *s = opaque; 2089 2090 if (s->current) { 2091 assert(s->current->dma_buf == NULL); 2092 assert(s->current->dma_len == 0); 2093 } 2094 assert(QTAILQ_EMPTY(&s->queue)); 2095 2096 return 0; 2097 } 2098 2099 static const VMStateDescription vmstate_lsi_scsi = { 2100 .name = "lsiscsi", 2101 .version_id = 0, 2102 .minimum_version_id = 0, 2103 .pre_save = lsi_pre_save, 2104 .fields = (VMStateField[]) { 2105 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2106 2107 VMSTATE_INT32(carry, LSIState), 2108 VMSTATE_INT32(status, LSIState), 2109 VMSTATE_INT32(msg_action, LSIState), 2110 VMSTATE_INT32(msg_len, LSIState), 2111 VMSTATE_BUFFER(msg, LSIState), 2112 VMSTATE_INT32(waiting, LSIState), 2113 2114 VMSTATE_UINT32(dsa, LSIState), 2115 VMSTATE_UINT32(temp, LSIState), 2116 VMSTATE_UINT32(dnad, LSIState), 2117 VMSTATE_UINT32(dbc, LSIState), 2118 VMSTATE_UINT8(istat0, LSIState), 2119 VMSTATE_UINT8(istat1, LSIState), 2120 VMSTATE_UINT8(dcmd, LSIState), 2121 VMSTATE_UINT8(dstat, LSIState), 2122 VMSTATE_UINT8(dien, LSIState), 2123 VMSTATE_UINT8(sist0, LSIState), 2124 VMSTATE_UINT8(sist1, LSIState), 2125 VMSTATE_UINT8(sien0, LSIState), 2126 VMSTATE_UINT8(sien1, LSIState), 2127 VMSTATE_UINT8(mbox0, LSIState), 2128 VMSTATE_UINT8(mbox1, LSIState), 2129 VMSTATE_UINT8(dfifo, LSIState), 2130 VMSTATE_UINT8(ctest2, LSIState), 2131 VMSTATE_UINT8(ctest3, LSIState), 2132 VMSTATE_UINT8(ctest4, LSIState), 2133 VMSTATE_UINT8(ctest5, LSIState), 2134 VMSTATE_UINT8(ccntl0, LSIState), 2135 VMSTATE_UINT8(ccntl1, LSIState), 2136 VMSTATE_UINT32(dsp, LSIState), 2137 VMSTATE_UINT32(dsps, LSIState), 2138 VMSTATE_UINT8(dmode, LSIState), 2139 VMSTATE_UINT8(dcntl, LSIState), 2140 VMSTATE_UINT8(scntl0, LSIState), 2141 VMSTATE_UINT8(scntl1, LSIState), 2142 VMSTATE_UINT8(scntl2, LSIState), 2143 VMSTATE_UINT8(scntl3, LSIState), 2144 VMSTATE_UINT8(sstat0, LSIState), 2145 VMSTATE_UINT8(sstat1, LSIState), 2146 VMSTATE_UINT8(scid, LSIState), 2147 VMSTATE_UINT8(sxfer, LSIState), 2148 VMSTATE_UINT8(socl, LSIState), 2149 VMSTATE_UINT8(sdid, LSIState), 2150 VMSTATE_UINT8(ssid, LSIState), 2151 VMSTATE_UINT8(sfbr, LSIState), 2152 VMSTATE_UINT8(stest1, LSIState), 2153 VMSTATE_UINT8(stest2, LSIState), 2154 VMSTATE_UINT8(stest3, LSIState), 2155 VMSTATE_UINT8(sidl, LSIState), 2156 VMSTATE_UINT8(stime0, LSIState), 2157 VMSTATE_UINT8(respid0, LSIState), 2158 VMSTATE_UINT8(respid1, LSIState), 2159 VMSTATE_UINT32(mmrs, LSIState), 2160 VMSTATE_UINT32(mmws, LSIState), 2161 VMSTATE_UINT32(sfs, LSIState), 2162 VMSTATE_UINT32(drs, LSIState), 2163 VMSTATE_UINT32(sbms, LSIState), 2164 VMSTATE_UINT32(dbms, LSIState), 2165 VMSTATE_UINT32(dnad64, LSIState), 2166 VMSTATE_UINT32(pmjad1, LSIState), 2167 VMSTATE_UINT32(pmjad2, LSIState), 2168 VMSTATE_UINT32(rbc, LSIState), 2169 VMSTATE_UINT32(ua, LSIState), 2170 VMSTATE_UINT32(ia, LSIState), 2171 VMSTATE_UINT32(sbc, LSIState), 2172 VMSTATE_UINT32(csbc, LSIState), 2173 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2174 VMSTATE_UINT8(sbr, LSIState), 2175 2176 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)), 2177 VMSTATE_END_OF_LIST() 2178 } 2179 }; 2180 2181 static const struct SCSIBusInfo lsi_scsi_info = { 2182 .tcq = true, 2183 .max_target = LSI_MAX_DEVS, 2184 .max_lun = 0, /* LUN support is buggy */ 2185 2186 .transfer_data = lsi_transfer_data, 2187 .complete = lsi_command_complete, 2188 .cancel = lsi_request_cancelled 2189 }; 2190 2191 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2192 { 2193 LSIState *s = LSI53C895A(dev); 2194 DeviceState *d = DEVICE(dev); 2195 uint8_t *pci_conf; 2196 2197 pci_conf = dev->config; 2198 2199 /* PCI latency timer = 255 */ 2200 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2201 /* Interrupt pin A */ 2202 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2203 2204 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2205 "lsi-mmio", 0x400); 2206 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2207 "lsi-ram", 0x2000); 2208 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2209 "lsi-io", 256); 2210 2211 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2212 2213 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2214 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2215 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2216 QTAILQ_INIT(&s->queue); 2217 2218 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2219 } 2220 2221 static void lsi_scsi_unrealize(DeviceState *dev, Error **errp) 2222 { 2223 LSIState *s = LSI53C895A(dev); 2224 2225 address_space_destroy(&s->pci_io_as); 2226 } 2227 2228 static void lsi_class_init(ObjectClass *klass, void *data) 2229 { 2230 DeviceClass *dc = DEVICE_CLASS(klass); 2231 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2232 2233 k->realize = lsi_scsi_realize; 2234 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2235 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2236 k->class_id = PCI_CLASS_STORAGE_SCSI; 2237 k->subsystem_id = 0x1000; 2238 dc->unrealize = lsi_scsi_unrealize; 2239 dc->reset = lsi_scsi_reset; 2240 dc->vmsd = &vmstate_lsi_scsi; 2241 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2242 } 2243 2244 static const TypeInfo lsi_info = { 2245 .name = TYPE_LSI53C895A, 2246 .parent = TYPE_PCI_DEVICE, 2247 .instance_size = sizeof(LSIState), 2248 .class_init = lsi_class_init, 2249 }; 2250 2251 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2252 { 2253 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2254 2255 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2256 } 2257 2258 static TypeInfo lsi53c810_info = { 2259 .name = TYPE_LSI53C810, 2260 .parent = TYPE_LSI53C895A, 2261 .class_init = lsi53c810_class_init, 2262 }; 2263 2264 static void lsi53c895a_register_types(void) 2265 { 2266 type_register_static(&lsi_info); 2267 type_register_static(&lsi53c810_info); 2268 } 2269 2270 type_init(lsi53c895a_register_types) 2271 2272 void lsi53c895a_create(PCIBus *bus) 2273 { 2274 LSIState *s = LSI53C895A(pci_create_simple(bus, -1, "lsi53c895a")); 2275 2276 scsi_bus_legacy_handle_cmdline(&s->bus, false); 2277 } 2278