1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/hw.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "sysemu/dma.h" 22 #include "qemu/log.h" 23 #include "trace.h" 24 25 static const char *names[] = { 26 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 27 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 28 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 29 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 30 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 31 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 32 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 33 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 34 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 35 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 36 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 37 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 38 }; 39 40 #define LSI_MAX_DEVS 7 41 42 #define LSI_SCNTL0_TRG 0x01 43 #define LSI_SCNTL0_AAP 0x02 44 #define LSI_SCNTL0_EPC 0x08 45 #define LSI_SCNTL0_WATN 0x10 46 #define LSI_SCNTL0_START 0x20 47 48 #define LSI_SCNTL1_SST 0x01 49 #define LSI_SCNTL1_IARB 0x02 50 #define LSI_SCNTL1_AESP 0x04 51 #define LSI_SCNTL1_RST 0x08 52 #define LSI_SCNTL1_CON 0x10 53 #define LSI_SCNTL1_DHP 0x20 54 #define LSI_SCNTL1_ADB 0x40 55 #define LSI_SCNTL1_EXC 0x80 56 57 #define LSI_SCNTL2_WSR 0x01 58 #define LSI_SCNTL2_VUE0 0x02 59 #define LSI_SCNTL2_VUE1 0x04 60 #define LSI_SCNTL2_WSS 0x08 61 #define LSI_SCNTL2_SLPHBEN 0x10 62 #define LSI_SCNTL2_SLPMD 0x20 63 #define LSI_SCNTL2_CHM 0x40 64 #define LSI_SCNTL2_SDU 0x80 65 66 #define LSI_ISTAT0_DIP 0x01 67 #define LSI_ISTAT0_SIP 0x02 68 #define LSI_ISTAT0_INTF 0x04 69 #define LSI_ISTAT0_CON 0x08 70 #define LSI_ISTAT0_SEM 0x10 71 #define LSI_ISTAT0_SIGP 0x20 72 #define LSI_ISTAT0_SRST 0x40 73 #define LSI_ISTAT0_ABRT 0x80 74 75 #define LSI_ISTAT1_SI 0x01 76 #define LSI_ISTAT1_SRUN 0x02 77 #define LSI_ISTAT1_FLSH 0x04 78 79 #define LSI_SSTAT0_SDP0 0x01 80 #define LSI_SSTAT0_RST 0x02 81 #define LSI_SSTAT0_WOA 0x04 82 #define LSI_SSTAT0_LOA 0x08 83 #define LSI_SSTAT0_AIP 0x10 84 #define LSI_SSTAT0_OLF 0x20 85 #define LSI_SSTAT0_ORF 0x40 86 #define LSI_SSTAT0_ILF 0x80 87 88 #define LSI_SIST0_PAR 0x01 89 #define LSI_SIST0_RST 0x02 90 #define LSI_SIST0_UDC 0x04 91 #define LSI_SIST0_SGE 0x08 92 #define LSI_SIST0_RSL 0x10 93 #define LSI_SIST0_SEL 0x20 94 #define LSI_SIST0_CMP 0x40 95 #define LSI_SIST0_MA 0x80 96 97 #define LSI_SIST1_HTH 0x01 98 #define LSI_SIST1_GEN 0x02 99 #define LSI_SIST1_STO 0x04 100 #define LSI_SIST1_SBMC 0x10 101 102 #define LSI_SOCL_IO 0x01 103 #define LSI_SOCL_CD 0x02 104 #define LSI_SOCL_MSG 0x04 105 #define LSI_SOCL_ATN 0x08 106 #define LSI_SOCL_SEL 0x10 107 #define LSI_SOCL_BSY 0x20 108 #define LSI_SOCL_ACK 0x40 109 #define LSI_SOCL_REQ 0x80 110 111 #define LSI_DSTAT_IID 0x01 112 #define LSI_DSTAT_SIR 0x04 113 #define LSI_DSTAT_SSI 0x08 114 #define LSI_DSTAT_ABRT 0x10 115 #define LSI_DSTAT_BF 0x20 116 #define LSI_DSTAT_MDPE 0x40 117 #define LSI_DSTAT_DFE 0x80 118 119 #define LSI_DCNTL_COM 0x01 120 #define LSI_DCNTL_IRQD 0x02 121 #define LSI_DCNTL_STD 0x04 122 #define LSI_DCNTL_IRQM 0x08 123 #define LSI_DCNTL_SSM 0x10 124 #define LSI_DCNTL_PFEN 0x20 125 #define LSI_DCNTL_PFF 0x40 126 #define LSI_DCNTL_CLSE 0x80 127 128 #define LSI_DMODE_MAN 0x01 129 #define LSI_DMODE_BOF 0x02 130 #define LSI_DMODE_ERMP 0x04 131 #define LSI_DMODE_ERL 0x08 132 #define LSI_DMODE_DIOM 0x10 133 #define LSI_DMODE_SIOM 0x20 134 135 #define LSI_CTEST2_DACK 0x01 136 #define LSI_CTEST2_DREQ 0x02 137 #define LSI_CTEST2_TEOP 0x04 138 #define LSI_CTEST2_PCICIE 0x08 139 #define LSI_CTEST2_CM 0x10 140 #define LSI_CTEST2_CIO 0x20 141 #define LSI_CTEST2_SIGP 0x40 142 #define LSI_CTEST2_DDIR 0x80 143 144 #define LSI_CTEST5_BL2 0x04 145 #define LSI_CTEST5_DDIR 0x08 146 #define LSI_CTEST5_MASR 0x10 147 #define LSI_CTEST5_DFSN 0x20 148 #define LSI_CTEST5_BBCK 0x40 149 #define LSI_CTEST5_ADCK 0x80 150 151 #define LSI_CCNTL0_DILS 0x01 152 #define LSI_CCNTL0_DISFC 0x10 153 #define LSI_CCNTL0_ENNDJ 0x20 154 #define LSI_CCNTL0_PMJCTL 0x40 155 #define LSI_CCNTL0_ENPMJ 0x80 156 157 #define LSI_CCNTL1_EN64DBMV 0x01 158 #define LSI_CCNTL1_EN64TIBMV 0x02 159 #define LSI_CCNTL1_64TIMOD 0x04 160 #define LSI_CCNTL1_DDAC 0x08 161 #define LSI_CCNTL1_ZMOD 0x80 162 163 #define LSI_SBCL_ATN 0x08 164 #define LSI_SBCL_BSY 0x20 165 #define LSI_SBCL_ACK 0x40 166 #define LSI_SBCL_REQ 0x80 167 168 /* Enable Response to Reselection */ 169 #define LSI_SCID_RRE 0x60 170 171 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 172 173 #define PHASE_DO 0 174 #define PHASE_DI 1 175 #define PHASE_CMD 2 176 #define PHASE_ST 3 177 #define PHASE_MO 6 178 #define PHASE_MI 7 179 #define PHASE_MASK 7 180 181 /* Maximum length of MSG IN data. */ 182 #define LSI_MAX_MSGIN_LEN 8 183 184 /* Flag set if this is a tagged command. */ 185 #define LSI_TAG_VALID (1 << 16) 186 187 typedef struct lsi_request { 188 SCSIRequest *req; 189 uint32_t tag; 190 uint32_t dma_len; 191 uint8_t *dma_buf; 192 uint32_t pending; 193 int out; 194 QTAILQ_ENTRY(lsi_request) next; 195 } lsi_request; 196 197 enum { 198 LSI_NOWAIT, /* SCRIPTS are running or stopped */ 199 LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */ 200 LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */ 201 LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */ 202 }; 203 204 enum { 205 LSI_MSG_ACTION_COMMAND = 0, 206 LSI_MSG_ACTION_DISCONNECT = 1, 207 LSI_MSG_ACTION_DOUT = 2, 208 LSI_MSG_ACTION_DIN = 3, 209 }; 210 211 typedef struct { 212 /*< private >*/ 213 PCIDevice parent_obj; 214 /*< public >*/ 215 216 qemu_irq ext_irq; 217 MemoryRegion mmio_io; 218 MemoryRegion ram_io; 219 MemoryRegion io_io; 220 AddressSpace pci_io_as; 221 222 int carry; /* ??? Should this be an a visible register somewhere? */ 223 int status; 224 int msg_action; 225 int msg_len; 226 uint8_t msg[LSI_MAX_MSGIN_LEN]; 227 int waiting; 228 SCSIBus bus; 229 int current_lun; 230 /* The tag is a combination of the device ID and the SCSI tag. */ 231 uint32_t select_tag; 232 int command_complete; 233 QTAILQ_HEAD(, lsi_request) queue; 234 lsi_request *current; 235 236 uint32_t dsa; 237 uint32_t temp; 238 uint32_t dnad; 239 uint32_t dbc; 240 uint8_t istat0; 241 uint8_t istat1; 242 uint8_t dcmd; 243 uint8_t dstat; 244 uint8_t dien; 245 uint8_t sist0; 246 uint8_t sist1; 247 uint8_t sien0; 248 uint8_t sien1; 249 uint8_t mbox0; 250 uint8_t mbox1; 251 uint8_t dfifo; 252 uint8_t ctest2; 253 uint8_t ctest3; 254 uint8_t ctest4; 255 uint8_t ctest5; 256 uint8_t ccntl0; 257 uint8_t ccntl1; 258 uint32_t dsp; 259 uint32_t dsps; 260 uint8_t dmode; 261 uint8_t dcntl; 262 uint8_t scntl0; 263 uint8_t scntl1; 264 uint8_t scntl2; 265 uint8_t scntl3; 266 uint8_t sstat0; 267 uint8_t sstat1; 268 uint8_t scid; 269 uint8_t sxfer; 270 uint8_t socl; 271 uint8_t sdid; 272 uint8_t ssid; 273 uint8_t sfbr; 274 uint8_t sbcl; 275 uint8_t stest1; 276 uint8_t stest2; 277 uint8_t stest3; 278 uint8_t sidl; 279 uint8_t stime0; 280 uint8_t respid0; 281 uint8_t respid1; 282 uint32_t mmrs; 283 uint32_t mmws; 284 uint32_t sfs; 285 uint32_t drs; 286 uint32_t sbms; 287 uint32_t dbms; 288 uint32_t dnad64; 289 uint32_t pmjad1; 290 uint32_t pmjad2; 291 uint32_t rbc; 292 uint32_t ua; 293 uint32_t ia; 294 uint32_t sbc; 295 uint32_t csbc; 296 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 297 uint8_t sbr; 298 uint32_t adder; 299 300 uint8_t script_ram[2048 * sizeof(uint32_t)]; 301 } LSIState; 302 303 #define TYPE_LSI53C810 "lsi53c810" 304 #define TYPE_LSI53C895A "lsi53c895a" 305 306 #define LSI53C895A(obj) \ 307 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A) 308 309 static const char *scsi_phases[] = { 310 "DOUT", 311 "DIN", 312 "CMD", 313 "STATUS", 314 "RSVOUT", 315 "RSVIN", 316 "MSGOUT", 317 "MSGIN" 318 }; 319 320 static const char *scsi_phase_name(int phase) 321 { 322 return scsi_phases[phase & PHASE_MASK]; 323 } 324 325 static inline int lsi_irq_on_rsl(LSIState *s) 326 { 327 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 328 } 329 330 static lsi_request *get_pending_req(LSIState *s) 331 { 332 lsi_request *p; 333 334 QTAILQ_FOREACH(p, &s->queue, next) { 335 if (p->pending) { 336 return p; 337 } 338 } 339 return NULL; 340 } 341 342 static void lsi_soft_reset(LSIState *s) 343 { 344 trace_lsi_reset(); 345 s->carry = 0; 346 347 s->msg_action = LSI_MSG_ACTION_COMMAND; 348 s->msg_len = 0; 349 s->waiting = LSI_NOWAIT; 350 s->dsa = 0; 351 s->dnad = 0; 352 s->dbc = 0; 353 s->temp = 0; 354 memset(s->scratch, 0, sizeof(s->scratch)); 355 s->istat0 = 0; 356 s->istat1 = 0; 357 s->dcmd = 0x40; 358 s->dstat = 0; 359 s->dien = 0; 360 s->sist0 = 0; 361 s->sist1 = 0; 362 s->sien0 = 0; 363 s->sien1 = 0; 364 s->mbox0 = 0; 365 s->mbox1 = 0; 366 s->dfifo = 0; 367 s->ctest2 = LSI_CTEST2_DACK; 368 s->ctest3 = 0; 369 s->ctest4 = 0; 370 s->ctest5 = 0; 371 s->ccntl0 = 0; 372 s->ccntl1 = 0; 373 s->dsp = 0; 374 s->dsps = 0; 375 s->dmode = 0; 376 s->dcntl = 0; 377 s->scntl0 = 0xc0; 378 s->scntl1 = 0; 379 s->scntl2 = 0; 380 s->scntl3 = 0; 381 s->sstat0 = 0; 382 s->sstat1 = 0; 383 s->scid = 7; 384 s->sxfer = 0; 385 s->socl = 0; 386 s->sdid = 0; 387 s->ssid = 0; 388 s->sbcl = 0; 389 s->stest1 = 0; 390 s->stest2 = 0; 391 s->stest3 = 0; 392 s->sidl = 0; 393 s->stime0 = 0; 394 s->respid0 = 0x80; 395 s->respid1 = 0; 396 s->mmrs = 0; 397 s->mmws = 0; 398 s->sfs = 0; 399 s->drs = 0; 400 s->sbms = 0; 401 s->dbms = 0; 402 s->dnad64 = 0; 403 s->pmjad1 = 0; 404 s->pmjad2 = 0; 405 s->rbc = 0; 406 s->ua = 0; 407 s->ia = 0; 408 s->sbc = 0; 409 s->csbc = 0; 410 s->sbr = 0; 411 assert(QTAILQ_EMPTY(&s->queue)); 412 assert(!s->current); 413 } 414 415 static int lsi_dma_40bit(LSIState *s) 416 { 417 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 418 return 1; 419 return 0; 420 } 421 422 static int lsi_dma_ti64bit(LSIState *s) 423 { 424 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 425 return 1; 426 return 0; 427 } 428 429 static int lsi_dma_64bit(LSIState *s) 430 { 431 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 432 return 1; 433 return 0; 434 } 435 436 static uint8_t lsi_reg_readb(LSIState *s, int offset); 437 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 438 static void lsi_execute_script(LSIState *s); 439 static void lsi_reselect(LSIState *s, lsi_request *p); 440 441 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 442 void *buf, dma_addr_t len) 443 { 444 if (s->dmode & LSI_DMODE_SIOM) { 445 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 446 buf, len); 447 } else { 448 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 449 } 450 } 451 452 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 453 const void *buf, dma_addr_t len) 454 { 455 if (s->dmode & LSI_DMODE_DIOM) { 456 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 457 buf, len); 458 } else { 459 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 460 } 461 } 462 463 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 464 { 465 uint32_t buf; 466 467 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 468 return cpu_to_le32(buf); 469 } 470 471 static void lsi_stop_script(LSIState *s) 472 { 473 s->istat1 &= ~LSI_ISTAT1_SRUN; 474 } 475 476 static void lsi_set_irq(LSIState *s, int level) 477 { 478 PCIDevice *d = PCI_DEVICE(s); 479 480 if (s->ext_irq) { 481 qemu_set_irq(s->ext_irq, level); 482 } else { 483 pci_set_irq(d, level); 484 } 485 } 486 487 static void lsi_update_irq(LSIState *s) 488 { 489 int level; 490 static int last_level; 491 492 /* It's unclear whether the DIP/SIP bits should be cleared when the 493 Interrupt Status Registers are cleared or when istat0 is read. 494 We currently do the formwer, which seems to work. */ 495 level = 0; 496 if (s->dstat) { 497 if (s->dstat & s->dien) 498 level = 1; 499 s->istat0 |= LSI_ISTAT0_DIP; 500 } else { 501 s->istat0 &= ~LSI_ISTAT0_DIP; 502 } 503 504 if (s->sist0 || s->sist1) { 505 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 506 level = 1; 507 s->istat0 |= LSI_ISTAT0_SIP; 508 } else { 509 s->istat0 &= ~LSI_ISTAT0_SIP; 510 } 511 if (s->istat0 & LSI_ISTAT0_INTF) 512 level = 1; 513 514 if (level != last_level) { 515 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 516 last_level = level; 517 } 518 lsi_set_irq(s, level); 519 520 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 521 lsi_request *p; 522 523 trace_lsi_update_irq_disconnected(); 524 p = get_pending_req(s); 525 if (p) { 526 lsi_reselect(s, p); 527 } 528 } 529 } 530 531 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 532 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 533 { 534 uint32_t mask0; 535 uint32_t mask1; 536 537 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 538 s->sist0 |= stat0; 539 s->sist1 |= stat1; 540 /* Stop processor on fatal or unmasked interrupt. As a special hack 541 we don't stop processing when raising STO. Instead continue 542 execution and stop at the next insn that accesses the SCSI bus. */ 543 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 544 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 545 mask1 &= ~LSI_SIST1_STO; 546 if (s->sist0 & mask0 || s->sist1 & mask1) { 547 lsi_stop_script(s); 548 } 549 lsi_update_irq(s); 550 } 551 552 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 553 static void lsi_script_dma_interrupt(LSIState *s, int stat) 554 { 555 trace_lsi_script_dma_interrupt(stat, s->dstat); 556 s->dstat |= stat; 557 lsi_update_irq(s); 558 lsi_stop_script(s); 559 } 560 561 static inline void lsi_set_phase(LSIState *s, int phase) 562 { 563 s->sbcl &= ~PHASE_MASK; 564 s->sbcl |= phase | LSI_SBCL_REQ; 565 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 566 } 567 568 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 569 { 570 /* Trigger a phase mismatch. */ 571 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 572 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 573 s->dsp = out ? s->pmjad1 : s->pmjad2; 574 } else { 575 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 576 } 577 trace_lsi_bad_phase_jump(s->dsp); 578 } else { 579 trace_lsi_bad_phase_interrupt(); 580 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 581 lsi_stop_script(s); 582 } 583 lsi_set_phase(s, new_phase); 584 } 585 586 587 /* Resume SCRIPTS execution after a DMA operation. */ 588 static void lsi_resume_script(LSIState *s) 589 { 590 if (s->waiting != 2) { 591 s->waiting = LSI_NOWAIT; 592 lsi_execute_script(s); 593 } else { 594 s->waiting = LSI_NOWAIT; 595 } 596 } 597 598 static void lsi_disconnect(LSIState *s) 599 { 600 s->scntl1 &= ~LSI_SCNTL1_CON; 601 s->sstat1 &= ~PHASE_MASK; 602 s->sbcl = 0; 603 } 604 605 static void lsi_bad_selection(LSIState *s, uint32_t id) 606 { 607 trace_lsi_bad_selection(id); 608 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 609 lsi_disconnect(s); 610 } 611 612 /* Initiate a SCSI layer data transfer. */ 613 static void lsi_do_dma(LSIState *s, int out) 614 { 615 uint32_t count; 616 dma_addr_t addr; 617 SCSIDevice *dev; 618 619 assert(s->current); 620 if (!s->current->dma_len) { 621 /* Wait until data is available. */ 622 trace_lsi_do_dma_unavailable(); 623 return; 624 } 625 626 dev = s->current->req->dev; 627 assert(dev); 628 629 count = s->dbc; 630 if (count > s->current->dma_len) 631 count = s->current->dma_len; 632 633 addr = s->dnad; 634 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 635 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 636 addr |= ((uint64_t)s->dnad64 << 32); 637 else if (s->dbms) 638 addr |= ((uint64_t)s->dbms << 32); 639 else if (s->sbms) 640 addr |= ((uint64_t)s->sbms << 32); 641 642 trace_lsi_do_dma(addr, count); 643 s->csbc += count; 644 s->dnad += count; 645 s->dbc -= count; 646 if (s->current->dma_buf == NULL) { 647 s->current->dma_buf = scsi_req_get_buf(s->current->req); 648 } 649 /* ??? Set SFBR to first data byte. */ 650 if (out) { 651 lsi_mem_read(s, addr, s->current->dma_buf, count); 652 } else { 653 lsi_mem_write(s, addr, s->current->dma_buf, count); 654 } 655 s->current->dma_len -= count; 656 if (s->current->dma_len == 0) { 657 s->current->dma_buf = NULL; 658 scsi_req_continue(s->current->req); 659 } else { 660 s->current->dma_buf += count; 661 lsi_resume_script(s); 662 } 663 } 664 665 666 /* Add a command to the queue. */ 667 static void lsi_queue_command(LSIState *s) 668 { 669 lsi_request *p = s->current; 670 671 trace_lsi_queue_command(p->tag); 672 assert(s->current != NULL); 673 assert(s->current->dma_len == 0); 674 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 675 s->current = NULL; 676 677 p->pending = 0; 678 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 679 } 680 681 /* Queue a byte for a MSG IN phase. */ 682 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 683 { 684 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 685 trace_lsi_add_msg_byte_error(); 686 } else { 687 trace_lsi_add_msg_byte(data); 688 s->msg[s->msg_len++] = data; 689 } 690 } 691 692 /* Perform reselection to continue a command. */ 693 static void lsi_reselect(LSIState *s, lsi_request *p) 694 { 695 int id; 696 697 assert(s->current == NULL); 698 QTAILQ_REMOVE(&s->queue, p, next); 699 s->current = p; 700 701 id = (p->tag >> 8) & 0xf; 702 s->ssid = id | 0x80; 703 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 704 if (!(s->dcntl & LSI_DCNTL_COM)) { 705 s->sfbr = 1 << (id & 0x7); 706 } 707 trace_lsi_reselect(id); 708 s->scntl1 |= LSI_SCNTL1_CON; 709 lsi_set_phase(s, PHASE_MI); 710 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN; 711 s->current->dma_len = p->pending; 712 lsi_add_msg_byte(s, 0x80); 713 if (s->current->tag & LSI_TAG_VALID) { 714 lsi_add_msg_byte(s, 0x20); 715 lsi_add_msg_byte(s, p->tag & 0xff); 716 } 717 718 if (lsi_irq_on_rsl(s)) { 719 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 720 } 721 } 722 723 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 724 { 725 lsi_request *p; 726 727 QTAILQ_FOREACH(p, &s->queue, next) { 728 if (p->tag == tag) { 729 return p; 730 } 731 } 732 733 return NULL; 734 } 735 736 static void lsi_request_free(LSIState *s, lsi_request *p) 737 { 738 if (p == s->current) { 739 s->current = NULL; 740 } else { 741 QTAILQ_REMOVE(&s->queue, p, next); 742 } 743 g_free(p); 744 } 745 746 static void lsi_request_cancelled(SCSIRequest *req) 747 { 748 LSIState *s = LSI53C895A(req->bus->qbus.parent); 749 lsi_request *p = req->hba_private; 750 751 req->hba_private = NULL; 752 lsi_request_free(s, p); 753 scsi_req_unref(req); 754 } 755 756 /* Record that data is available for a queued command. Returns zero if 757 the device was reselected, nonzero if the IO is deferred. */ 758 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 759 { 760 lsi_request *p = req->hba_private; 761 762 if (p->pending) { 763 trace_lsi_queue_req_error(p); 764 } 765 p->pending = len; 766 /* Reselect if waiting for it, or if reselection triggers an IRQ 767 and the bus is free. 768 Since no interrupt stacking is implemented in the emulation, it 769 is also required that there are no pending interrupts waiting 770 for service from the device driver. */ 771 if (s->waiting == LSI_WAIT_RESELECT || 772 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 773 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 774 /* Reselect device. */ 775 lsi_reselect(s, p); 776 return 0; 777 } else { 778 trace_lsi_queue_req(p->tag); 779 p->pending = len; 780 return 1; 781 } 782 } 783 784 /* Callback to indicate that the SCSI layer has completed a command. */ 785 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 786 { 787 LSIState *s = LSI53C895A(req->bus->qbus.parent); 788 int out; 789 790 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 791 trace_lsi_command_complete(status); 792 s->status = status; 793 s->command_complete = 2; 794 if (s->waiting && s->dbc != 0) { 795 /* Raise phase mismatch for short transfers. */ 796 lsi_bad_phase(s, out, PHASE_ST); 797 } else { 798 lsi_set_phase(s, PHASE_ST); 799 } 800 801 if (req->hba_private == s->current) { 802 req->hba_private = NULL; 803 lsi_request_free(s, s->current); 804 scsi_req_unref(req); 805 } 806 lsi_resume_script(s); 807 } 808 809 /* Callback to indicate that the SCSI layer has completed a transfer. */ 810 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 811 { 812 LSIState *s = LSI53C895A(req->bus->qbus.parent); 813 int out; 814 815 assert(req->hba_private); 816 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current || 817 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 818 if (lsi_queue_req(s, req, len)) { 819 return; 820 } 821 } 822 823 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 824 825 /* host adapter (re)connected */ 826 trace_lsi_transfer_data(req->tag, len); 827 s->current->dma_len = len; 828 s->command_complete = 1; 829 if (s->waiting) { 830 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) { 831 lsi_resume_script(s); 832 } else { 833 lsi_do_dma(s, out); 834 } 835 } 836 } 837 838 static void lsi_do_command(LSIState *s) 839 { 840 SCSIDevice *dev; 841 uint8_t buf[16]; 842 uint32_t id; 843 int n; 844 845 trace_lsi_do_command(s->dbc); 846 if (s->dbc > 16) 847 s->dbc = 16; 848 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 849 s->sfbr = buf[0]; 850 s->command_complete = 0; 851 852 id = (s->select_tag >> 8) & 0xf; 853 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 854 if (!dev) { 855 lsi_bad_selection(s, id); 856 return; 857 } 858 859 assert(s->current == NULL); 860 s->current = g_new0(lsi_request, 1); 861 s->current->tag = s->select_tag; 862 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 863 s->current); 864 865 n = scsi_req_enqueue(s->current->req); 866 if (n) { 867 if (n > 0) { 868 lsi_set_phase(s, PHASE_DI); 869 } else if (n < 0) { 870 lsi_set_phase(s, PHASE_DO); 871 } 872 scsi_req_continue(s->current->req); 873 } 874 if (!s->command_complete) { 875 if (n) { 876 /* Command did not complete immediately so disconnect. */ 877 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 878 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 879 /* wait data */ 880 lsi_set_phase(s, PHASE_MI); 881 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 882 lsi_queue_command(s); 883 } else { 884 /* wait command complete */ 885 lsi_set_phase(s, PHASE_DI); 886 } 887 } 888 } 889 890 static void lsi_do_status(LSIState *s) 891 { 892 uint8_t status; 893 trace_lsi_do_status(s->dbc, s->status); 894 if (s->dbc != 1) { 895 trace_lsi_do_status_error(); 896 } 897 s->dbc = 1; 898 status = s->status; 899 s->sfbr = status; 900 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 901 lsi_set_phase(s, PHASE_MI); 902 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 903 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 904 } 905 906 static void lsi_do_msgin(LSIState *s) 907 { 908 uint8_t len; 909 trace_lsi_do_msgin(s->dbc, s->msg_len); 910 s->sfbr = s->msg[0]; 911 len = s->msg_len; 912 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN); 913 if (len > s->dbc) 914 len = s->dbc; 915 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 916 /* Linux drivers rely on the last byte being in the SIDL. */ 917 s->sidl = s->msg[len - 1]; 918 s->msg_len -= len; 919 if (s->msg_len) { 920 memmove(s->msg, s->msg + len, s->msg_len); 921 } else { 922 /* ??? Check if ATN (not yet implemented) is asserted and maybe 923 switch to PHASE_MO. */ 924 switch (s->msg_action) { 925 case LSI_MSG_ACTION_COMMAND: 926 lsi_set_phase(s, PHASE_CMD); 927 break; 928 case LSI_MSG_ACTION_DISCONNECT: 929 lsi_disconnect(s); 930 break; 931 case LSI_MSG_ACTION_DOUT: 932 lsi_set_phase(s, PHASE_DO); 933 break; 934 case LSI_MSG_ACTION_DIN: 935 lsi_set_phase(s, PHASE_DI); 936 break; 937 default: 938 abort(); 939 } 940 } 941 } 942 943 /* Read the next byte during a MSGOUT phase. */ 944 static uint8_t lsi_get_msgbyte(LSIState *s) 945 { 946 uint8_t data; 947 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 948 s->dnad++; 949 s->dbc--; 950 return data; 951 } 952 953 /* Skip the next n bytes during a MSGOUT phase. */ 954 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 955 { 956 s->dnad += n; 957 s->dbc -= n; 958 } 959 960 static void lsi_do_msgout(LSIState *s) 961 { 962 uint8_t msg; 963 int len; 964 uint32_t current_tag; 965 lsi_request *current_req, *p, *p_next; 966 967 if (s->current) { 968 current_tag = s->current->tag; 969 current_req = s->current; 970 } else { 971 current_tag = s->select_tag; 972 current_req = lsi_find_by_tag(s, current_tag); 973 } 974 975 trace_lsi_do_msgout(s->dbc); 976 while (s->dbc) { 977 msg = lsi_get_msgbyte(s); 978 s->sfbr = msg; 979 980 switch (msg) { 981 case 0x04: 982 trace_lsi_do_msgout_disconnect(); 983 lsi_disconnect(s); 984 break; 985 case 0x08: 986 trace_lsi_do_msgout_noop(); 987 lsi_set_phase(s, PHASE_CMD); 988 break; 989 case 0x01: 990 len = lsi_get_msgbyte(s); 991 msg = lsi_get_msgbyte(s); 992 (void)len; /* avoid a warning about unused variable*/ 993 trace_lsi_do_msgout_extended(msg, len); 994 switch (msg) { 995 case 1: 996 trace_lsi_do_msgout_ignored("SDTR"); 997 lsi_skip_msgbytes(s, 2); 998 break; 999 case 3: 1000 trace_lsi_do_msgout_ignored("WDTR"); 1001 lsi_skip_msgbytes(s, 1); 1002 break; 1003 case 4: 1004 trace_lsi_do_msgout_ignored("PPR"); 1005 lsi_skip_msgbytes(s, 5); 1006 break; 1007 default: 1008 goto bad; 1009 } 1010 break; 1011 case 0x20: /* SIMPLE queue */ 1012 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1013 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 1014 break; 1015 case 0x21: /* HEAD of queue */ 1016 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 1017 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1018 break; 1019 case 0x22: /* ORDERED queue */ 1020 qemu_log_mask(LOG_UNIMP, 1021 "lsi_scsi: ORDERED queue not implemented\n"); 1022 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1023 break; 1024 case 0x0d: 1025 /* The ABORT TAG message clears the current I/O process only. */ 1026 trace_lsi_do_msgout_abort(current_tag); 1027 if (current_req) { 1028 scsi_req_cancel(current_req->req); 1029 } 1030 lsi_disconnect(s); 1031 break; 1032 case 0x06: 1033 case 0x0e: 1034 case 0x0c: 1035 /* The ABORT message clears all I/O processes for the selecting 1036 initiator on the specified logical unit of the target. */ 1037 if (msg == 0x06) { 1038 trace_lsi_do_msgout_abort(current_tag); 1039 } 1040 /* The CLEAR QUEUE message clears all I/O processes for all 1041 initiators on the specified logical unit of the target. */ 1042 if (msg == 0x0e) { 1043 trace_lsi_do_msgout_clearqueue(current_tag); 1044 } 1045 /* The BUS DEVICE RESET message clears all I/O processes for all 1046 initiators on all logical units of the target. */ 1047 if (msg == 0x0c) { 1048 trace_lsi_do_msgout_busdevicereset(current_tag); 1049 } 1050 1051 /* clear the current I/O process */ 1052 if (s->current) { 1053 scsi_req_cancel(s->current->req); 1054 } 1055 1056 /* As the current implemented devices scsi_disk and scsi_generic 1057 only support one LUN, we don't need to keep track of LUNs. 1058 Clearing I/O processes for other initiators could be possible 1059 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1060 device, but this is currently not implemented (and seems not 1061 to be really necessary). So let's simply clear all queued 1062 commands for the current device: */ 1063 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1064 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1065 scsi_req_cancel(p->req); 1066 } 1067 } 1068 1069 lsi_disconnect(s); 1070 break; 1071 default: 1072 if ((msg & 0x80) == 0) { 1073 goto bad; 1074 } 1075 s->current_lun = msg & 7; 1076 trace_lsi_do_msgout_select(s->current_lun); 1077 lsi_set_phase(s, PHASE_CMD); 1078 break; 1079 } 1080 } 1081 return; 1082 bad: 1083 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1084 lsi_set_phase(s, PHASE_MI); 1085 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1086 s->msg_action = LSI_MSG_ACTION_COMMAND; 1087 } 1088 1089 #define LSI_BUF_SIZE 4096 1090 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1091 { 1092 int n; 1093 uint8_t buf[LSI_BUF_SIZE]; 1094 1095 trace_lsi_memcpy(dest, src, count); 1096 while (count) { 1097 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1098 lsi_mem_read(s, src, buf, n); 1099 lsi_mem_write(s, dest, buf, n); 1100 src += n; 1101 dest += n; 1102 count -= n; 1103 } 1104 } 1105 1106 static void lsi_wait_reselect(LSIState *s) 1107 { 1108 lsi_request *p; 1109 1110 trace_lsi_wait_reselect(); 1111 1112 if (s->current) { 1113 return; 1114 } 1115 p = get_pending_req(s); 1116 if (p) { 1117 lsi_reselect(s, p); 1118 } 1119 if (s->current == NULL) { 1120 s->waiting = LSI_WAIT_RESELECT; 1121 } 1122 } 1123 1124 static void lsi_execute_script(LSIState *s) 1125 { 1126 PCIDevice *pci_dev = PCI_DEVICE(s); 1127 uint32_t insn; 1128 uint32_t addr, addr_high; 1129 int opcode; 1130 int insn_processed = 0; 1131 1132 s->istat1 |= LSI_ISTAT1_SRUN; 1133 again: 1134 insn_processed++; 1135 insn = read_dword(s, s->dsp); 1136 if (!insn) { 1137 /* If we receive an empty opcode increment the DSP by 4 bytes 1138 instead of 8 and execute the next opcode at that location */ 1139 s->dsp += 4; 1140 goto again; 1141 } 1142 addr = read_dword(s, s->dsp + 4); 1143 addr_high = 0; 1144 trace_lsi_execute_script(s->dsp, insn, addr); 1145 s->dsps = addr; 1146 s->dcmd = insn >> 24; 1147 s->dsp += 8; 1148 switch (insn >> 30) { 1149 case 0: /* Block move. */ 1150 if (s->sist1 & LSI_SIST1_STO) { 1151 trace_lsi_execute_script_blockmove_delayed(); 1152 lsi_stop_script(s); 1153 break; 1154 } 1155 s->dbc = insn & 0xffffff; 1156 s->rbc = s->dbc; 1157 /* ??? Set ESA. */ 1158 s->ia = s->dsp - 8; 1159 if (insn & (1 << 29)) { 1160 /* Indirect addressing. */ 1161 addr = read_dword(s, addr); 1162 } else if (insn & (1 << 28)) { 1163 uint32_t buf[2]; 1164 int32_t offset; 1165 /* Table indirect addressing. */ 1166 1167 /* 32-bit Table indirect */ 1168 offset = sextract32(addr, 0, 24); 1169 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1170 /* byte count is stored in bits 0:23 only */ 1171 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1172 s->rbc = s->dbc; 1173 addr = cpu_to_le32(buf[1]); 1174 1175 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1176 * table, bits [31:24] */ 1177 if (lsi_dma_40bit(s)) 1178 addr_high = cpu_to_le32(buf[0]) >> 24; 1179 else if (lsi_dma_ti64bit(s)) { 1180 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1181 switch (selector) { 1182 case 0 ... 0x0f: 1183 /* offset index into scratch registers since 1184 * TI64 mode can use registers C to R */ 1185 addr_high = s->scratch[2 + selector]; 1186 break; 1187 case 0x10: 1188 addr_high = s->mmrs; 1189 break; 1190 case 0x11: 1191 addr_high = s->mmws; 1192 break; 1193 case 0x12: 1194 addr_high = s->sfs; 1195 break; 1196 case 0x13: 1197 addr_high = s->drs; 1198 break; 1199 case 0x14: 1200 addr_high = s->sbms; 1201 break; 1202 case 0x15: 1203 addr_high = s->dbms; 1204 break; 1205 default: 1206 qemu_log_mask(LOG_GUEST_ERROR, 1207 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1208 "for 64-bit DMA block move", selector); 1209 break; 1210 } 1211 } 1212 } else if (lsi_dma_64bit(s)) { 1213 /* fetch a 3rd dword if 64-bit direct move is enabled and 1214 only if we're not doing table indirect or indirect addressing */ 1215 s->dbms = read_dword(s, s->dsp); 1216 s->dsp += 4; 1217 s->ia = s->dsp - 12; 1218 } 1219 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1220 trace_lsi_execute_script_blockmove_badphase( 1221 scsi_phase_name(s->sstat1), 1222 scsi_phase_name(insn >> 24)); 1223 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1224 break; 1225 } 1226 s->dnad = addr; 1227 s->dnad64 = addr_high; 1228 switch (s->sstat1 & 0x7) { 1229 case PHASE_DO: 1230 s->waiting = LSI_DMA_SCRIPTS; 1231 lsi_do_dma(s, 1); 1232 if (s->waiting) 1233 s->waiting = LSI_DMA_IN_PROGRESS; 1234 break; 1235 case PHASE_DI: 1236 s->waiting = LSI_DMA_SCRIPTS; 1237 lsi_do_dma(s, 0); 1238 if (s->waiting) 1239 s->waiting = LSI_DMA_IN_PROGRESS; 1240 break; 1241 case PHASE_CMD: 1242 lsi_do_command(s); 1243 break; 1244 case PHASE_ST: 1245 lsi_do_status(s); 1246 break; 1247 case PHASE_MO: 1248 lsi_do_msgout(s); 1249 break; 1250 case PHASE_MI: 1251 lsi_do_msgin(s); 1252 break; 1253 default: 1254 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n", 1255 scsi_phase_name(s->sstat1)); 1256 } 1257 s->dfifo = s->dbc & 0xff; 1258 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1259 s->sbc = s->dbc; 1260 s->rbc -= s->dbc; 1261 s->ua = addr + s->dbc; 1262 break; 1263 1264 case 1: /* IO or Read/Write instruction. */ 1265 opcode = (insn >> 27) & 7; 1266 if (opcode < 5) { 1267 uint32_t id; 1268 1269 if (insn & (1 << 25)) { 1270 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1271 } else { 1272 id = insn; 1273 } 1274 id = (id >> 16) & 0xf; 1275 if (insn & (1 << 26)) { 1276 addr = s->dsp + sextract32(addr, 0, 24); 1277 } 1278 s->dnad = addr; 1279 switch (opcode) { 1280 case 0: /* Select */ 1281 s->sdid = id; 1282 if (s->scntl1 & LSI_SCNTL1_CON) { 1283 trace_lsi_execute_script_io_alreadyreselected(); 1284 s->dsp = s->dnad; 1285 break; 1286 } 1287 s->sstat0 |= LSI_SSTAT0_WOA; 1288 s->scntl1 &= ~LSI_SCNTL1_IARB; 1289 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1290 lsi_bad_selection(s, id); 1291 break; 1292 } 1293 trace_lsi_execute_script_io_selected(id, 1294 insn & (1 << 3) ? " ATN" : ""); 1295 /* ??? Linux drivers compain when this is set. Maybe 1296 it only applies in low-level mode (unimplemented). 1297 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1298 s->select_tag = id << 8; 1299 s->scntl1 |= LSI_SCNTL1_CON; 1300 if (insn & (1 << 3)) { 1301 s->socl |= LSI_SOCL_ATN; 1302 s->sbcl |= LSI_SBCL_ATN; 1303 } 1304 s->sbcl |= LSI_SBCL_BSY; 1305 lsi_set_phase(s, PHASE_MO); 1306 s->waiting = LSI_NOWAIT; 1307 break; 1308 case 1: /* Disconnect */ 1309 trace_lsi_execute_script_io_disconnect(); 1310 s->scntl1 &= ~LSI_SCNTL1_CON; 1311 /* FIXME: this is not entirely correct; the target need not ask 1312 * for reselection until it has to send data, while here we force a 1313 * reselection as soon as the bus is free. The correct flow would 1314 * reselect before lsi_transfer_data and disconnect as soon as 1315 * DMA ends. 1316 */ 1317 if (!s->current) { 1318 lsi_request *p = get_pending_req(s); 1319 if (p) { 1320 lsi_reselect(s, p); 1321 } 1322 } 1323 break; 1324 case 2: /* Wait Reselect */ 1325 if (s->istat0 & LSI_ISTAT0_SIGP) { 1326 s->dsp = s->dnad; 1327 } else if (!lsi_irq_on_rsl(s)) { 1328 lsi_wait_reselect(s); 1329 } 1330 break; 1331 case 3: /* Set */ 1332 trace_lsi_execute_script_io_set( 1333 insn & (1 << 3) ? " ATN" : "", 1334 insn & (1 << 6) ? " ACK" : "", 1335 insn & (1 << 9) ? " TM" : "", 1336 insn & (1 << 10) ? " CC" : ""); 1337 if (insn & (1 << 3)) { 1338 s->socl |= LSI_SOCL_ATN; 1339 s->sbcl |= LSI_SBCL_ATN; 1340 lsi_set_phase(s, PHASE_MO); 1341 } 1342 1343 if (insn & (1 << 6)) { 1344 s->sbcl |= LSI_SBCL_ACK; 1345 } 1346 1347 if (insn & (1 << 9)) { 1348 qemu_log_mask(LOG_UNIMP, 1349 "lsi_scsi: Target mode not implemented\n"); 1350 } 1351 if (insn & (1 << 10)) 1352 s->carry = 1; 1353 break; 1354 case 4: /* Clear */ 1355 trace_lsi_execute_script_io_clear( 1356 insn & (1 << 3) ? " ATN" : "", 1357 insn & (1 << 6) ? " ACK" : "", 1358 insn & (1 << 9) ? " TM" : "", 1359 insn & (1 << 10) ? " CC" : ""); 1360 if (insn & (1 << 3)) { 1361 s->socl &= ~LSI_SOCL_ATN; 1362 s->sbcl &= ~LSI_SBCL_ATN; 1363 } 1364 1365 if (insn & (1 << 6)) { 1366 s->sbcl &= ~LSI_SBCL_ACK; 1367 } 1368 1369 if (insn & (1 << 10)) 1370 s->carry = 0; 1371 break; 1372 } 1373 } else { 1374 uint8_t op0; 1375 uint8_t op1; 1376 uint8_t data8; 1377 int reg; 1378 int operator; 1379 1380 static const char *opcode_names[3] = 1381 {"Write", "Read", "Read-Modify-Write"}; 1382 static const char *operator_names[8] = 1383 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1384 1385 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1386 data8 = (insn >> 8) & 0xff; 1387 opcode = (insn >> 27) & 7; 1388 operator = (insn >> 24) & 7; 1389 trace_lsi_execute_script_io_opcode( 1390 opcode_names[opcode - 5], reg, 1391 operator_names[operator], data8, s->sfbr, 1392 (insn & (1 << 23)) ? " SFBR" : ""); 1393 op0 = op1 = 0; 1394 switch (opcode) { 1395 case 5: /* From SFBR */ 1396 op0 = s->sfbr; 1397 op1 = data8; 1398 break; 1399 case 6: /* To SFBR */ 1400 if (operator) 1401 op0 = lsi_reg_readb(s, reg); 1402 op1 = data8; 1403 break; 1404 case 7: /* Read-modify-write */ 1405 if (operator) 1406 op0 = lsi_reg_readb(s, reg); 1407 if (insn & (1 << 23)) { 1408 op1 = s->sfbr; 1409 } else { 1410 op1 = data8; 1411 } 1412 break; 1413 } 1414 1415 switch (operator) { 1416 case 0: /* move */ 1417 op0 = op1; 1418 break; 1419 case 1: /* Shift left */ 1420 op1 = op0 >> 7; 1421 op0 = (op0 << 1) | s->carry; 1422 s->carry = op1; 1423 break; 1424 case 2: /* OR */ 1425 op0 |= op1; 1426 break; 1427 case 3: /* XOR */ 1428 op0 ^= op1; 1429 break; 1430 case 4: /* AND */ 1431 op0 &= op1; 1432 break; 1433 case 5: /* SHR */ 1434 op1 = op0 & 1; 1435 op0 = (op0 >> 1) | (s->carry << 7); 1436 s->carry = op1; 1437 break; 1438 case 6: /* ADD */ 1439 op0 += op1; 1440 s->carry = op0 < op1; 1441 break; 1442 case 7: /* ADC */ 1443 op0 += op1 + s->carry; 1444 if (s->carry) 1445 s->carry = op0 <= op1; 1446 else 1447 s->carry = op0 < op1; 1448 break; 1449 } 1450 1451 switch (opcode) { 1452 case 5: /* From SFBR */ 1453 case 7: /* Read-modify-write */ 1454 lsi_reg_writeb(s, reg, op0); 1455 break; 1456 case 6: /* To SFBR */ 1457 s->sfbr = op0; 1458 break; 1459 } 1460 } 1461 break; 1462 1463 case 2: /* Transfer Control. */ 1464 { 1465 int cond; 1466 int jmp; 1467 1468 if ((insn & 0x002e0000) == 0) { 1469 trace_lsi_execute_script_tc_nop(); 1470 break; 1471 } 1472 if (s->sist1 & LSI_SIST1_STO) { 1473 trace_lsi_execute_script_tc_delayedselect_timeout(); 1474 lsi_stop_script(s); 1475 break; 1476 } 1477 cond = jmp = (insn & (1 << 19)) != 0; 1478 if (cond == jmp && (insn & (1 << 21))) { 1479 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1480 cond = s->carry != 0; 1481 } 1482 if (cond == jmp && (insn & (1 << 17))) { 1483 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1), 1484 jmp ? '=' : '!', scsi_phase_name(insn >> 24)); 1485 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1486 } 1487 if (cond == jmp && (insn & (1 << 18))) { 1488 uint8_t mask; 1489 1490 mask = (~insn >> 8) & 0xff; 1491 trace_lsi_execute_script_tc_compd( 1492 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1493 cond = (s->sfbr & mask) == (insn & mask); 1494 } 1495 if (cond == jmp) { 1496 if (insn & (1 << 23)) { 1497 /* Relative address. */ 1498 addr = s->dsp + sextract32(addr, 0, 24); 1499 } 1500 switch ((insn >> 27) & 7) { 1501 case 0: /* Jump */ 1502 trace_lsi_execute_script_tc_jump(addr); 1503 s->adder = addr; 1504 s->dsp = addr; 1505 break; 1506 case 1: /* Call */ 1507 trace_lsi_execute_script_tc_call(addr); 1508 s->temp = s->dsp; 1509 s->dsp = addr; 1510 break; 1511 case 2: /* Return */ 1512 trace_lsi_execute_script_tc_return(s->temp); 1513 s->dsp = s->temp; 1514 break; 1515 case 3: /* Interrupt */ 1516 trace_lsi_execute_script_tc_interrupt(s->dsps); 1517 if ((insn & (1 << 20)) != 0) { 1518 s->istat0 |= LSI_ISTAT0_INTF; 1519 lsi_update_irq(s); 1520 } else { 1521 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1522 } 1523 break; 1524 default: 1525 trace_lsi_execute_script_tc_illegal(); 1526 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1527 break; 1528 } 1529 } else { 1530 trace_lsi_execute_script_tc_cc_failed(); 1531 } 1532 } 1533 break; 1534 1535 case 3: 1536 if ((insn & (1 << 29)) == 0) { 1537 /* Memory move. */ 1538 uint32_t dest; 1539 /* ??? The docs imply the destination address is loaded into 1540 the TEMP register. However the Linux drivers rely on 1541 the value being presrved. */ 1542 dest = read_dword(s, s->dsp); 1543 s->dsp += 4; 1544 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1545 } else { 1546 uint8_t data[7]; 1547 int reg; 1548 int n; 1549 int i; 1550 1551 if (insn & (1 << 28)) { 1552 addr = s->dsa + sextract32(addr, 0, 24); 1553 } 1554 n = (insn & 7); 1555 reg = (insn >> 16) & 0xff; 1556 if (insn & (1 << 24)) { 1557 pci_dma_read(pci_dev, addr, data, n); 1558 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1559 for (i = 0; i < n; i++) { 1560 lsi_reg_writeb(s, reg + i, data[i]); 1561 } 1562 } else { 1563 trace_lsi_execute_script_mm_store(reg, n, addr); 1564 for (i = 0; i < n; i++) { 1565 data[i] = lsi_reg_readb(s, reg + i); 1566 } 1567 pci_dma_write(pci_dev, addr, data, n); 1568 } 1569 } 1570 } 1571 if (insn_processed > 10000 && s->waiting == LSI_NOWAIT) { 1572 /* Some windows drivers make the device spin waiting for a memory 1573 location to change. If we have been executed a lot of code then 1574 assume this is the case and force an unexpected device disconnect. 1575 This is apparently sufficient to beat the drivers into submission. 1576 */ 1577 if (!(s->sien0 & LSI_SIST0_UDC)) { 1578 qemu_log_mask(LOG_GUEST_ERROR, 1579 "lsi_scsi: inf. loop with UDC masked"); 1580 } 1581 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1582 lsi_disconnect(s); 1583 } else if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) { 1584 if (s->dcntl & LSI_DCNTL_SSM) { 1585 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1586 } else { 1587 goto again; 1588 } 1589 } 1590 trace_lsi_execute_script_stop(); 1591 } 1592 1593 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1594 { 1595 uint8_t ret; 1596 1597 #define CASE_GET_REG24(name, addr) \ 1598 case addr: ret = s->name & 0xff; break; \ 1599 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1600 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1601 1602 #define CASE_GET_REG32(name, addr) \ 1603 case addr: ret = s->name & 0xff; break; \ 1604 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1605 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1606 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1607 1608 switch (offset) { 1609 case 0x00: /* SCNTL0 */ 1610 ret = s->scntl0; 1611 break; 1612 case 0x01: /* SCNTL1 */ 1613 ret = s->scntl1; 1614 break; 1615 case 0x02: /* SCNTL2 */ 1616 ret = s->scntl2; 1617 break; 1618 case 0x03: /* SCNTL3 */ 1619 ret = s->scntl3; 1620 break; 1621 case 0x04: /* SCID */ 1622 ret = s->scid; 1623 break; 1624 case 0x05: /* SXFER */ 1625 ret = s->sxfer; 1626 break; 1627 case 0x06: /* SDID */ 1628 ret = s->sdid; 1629 break; 1630 case 0x07: /* GPREG0 */ 1631 ret = 0x7f; 1632 break; 1633 case 0x08: /* Revision ID */ 1634 ret = 0x00; 1635 break; 1636 case 0x09: /* SOCL */ 1637 ret = s->socl; 1638 break; 1639 case 0xa: /* SSID */ 1640 ret = s->ssid; 1641 break; 1642 case 0xb: /* SBCL */ 1643 ret = s->sbcl; 1644 break; 1645 case 0xc: /* DSTAT */ 1646 ret = s->dstat | LSI_DSTAT_DFE; 1647 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1648 s->dstat = 0; 1649 lsi_update_irq(s); 1650 break; 1651 case 0x0d: /* SSTAT0 */ 1652 ret = s->sstat0; 1653 break; 1654 case 0x0e: /* SSTAT1 */ 1655 ret = s->sstat1; 1656 break; 1657 case 0x0f: /* SSTAT2 */ 1658 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1659 break; 1660 CASE_GET_REG32(dsa, 0x10) 1661 case 0x14: /* ISTAT0 */ 1662 ret = s->istat0; 1663 break; 1664 case 0x15: /* ISTAT1 */ 1665 ret = s->istat1; 1666 break; 1667 case 0x16: /* MBOX0 */ 1668 ret = s->mbox0; 1669 break; 1670 case 0x17: /* MBOX1 */ 1671 ret = s->mbox1; 1672 break; 1673 case 0x18: /* CTEST0 */ 1674 ret = 0xff; 1675 break; 1676 case 0x19: /* CTEST1 */ 1677 ret = 0; 1678 break; 1679 case 0x1a: /* CTEST2 */ 1680 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1681 if (s->istat0 & LSI_ISTAT0_SIGP) { 1682 s->istat0 &= ~LSI_ISTAT0_SIGP; 1683 ret |= LSI_CTEST2_SIGP; 1684 } 1685 break; 1686 case 0x1b: /* CTEST3 */ 1687 ret = s->ctest3; 1688 break; 1689 CASE_GET_REG32(temp, 0x1c) 1690 case 0x20: /* DFIFO */ 1691 ret = s->dfifo; 1692 break; 1693 case 0x21: /* CTEST4 */ 1694 ret = s->ctest4; 1695 break; 1696 case 0x22: /* CTEST5 */ 1697 ret = s->ctest5; 1698 break; 1699 case 0x23: /* CTEST6 */ 1700 ret = 0; 1701 break; 1702 CASE_GET_REG24(dbc, 0x24) 1703 case 0x27: /* DCMD */ 1704 ret = s->dcmd; 1705 break; 1706 CASE_GET_REG32(dnad, 0x28) 1707 CASE_GET_REG32(dsp, 0x2c) 1708 CASE_GET_REG32(dsps, 0x30) 1709 CASE_GET_REG32(scratch[0], 0x34) 1710 case 0x38: /* DMODE */ 1711 ret = s->dmode; 1712 break; 1713 case 0x39: /* DIEN */ 1714 ret = s->dien; 1715 break; 1716 case 0x3a: /* SBR */ 1717 ret = s->sbr; 1718 break; 1719 case 0x3b: /* DCNTL */ 1720 ret = s->dcntl; 1721 break; 1722 /* ADDER Output (Debug of relative jump address) */ 1723 CASE_GET_REG32(adder, 0x3c) 1724 case 0x40: /* SIEN0 */ 1725 ret = s->sien0; 1726 break; 1727 case 0x41: /* SIEN1 */ 1728 ret = s->sien1; 1729 break; 1730 case 0x42: /* SIST0 */ 1731 ret = s->sist0; 1732 s->sist0 = 0; 1733 lsi_update_irq(s); 1734 break; 1735 case 0x43: /* SIST1 */ 1736 ret = s->sist1; 1737 s->sist1 = 0; 1738 lsi_update_irq(s); 1739 break; 1740 case 0x46: /* MACNTL */ 1741 ret = 0x0f; 1742 break; 1743 case 0x47: /* GPCNTL0 */ 1744 ret = 0x0f; 1745 break; 1746 case 0x48: /* STIME0 */ 1747 ret = s->stime0; 1748 break; 1749 case 0x4a: /* RESPID0 */ 1750 ret = s->respid0; 1751 break; 1752 case 0x4b: /* RESPID1 */ 1753 ret = s->respid1; 1754 break; 1755 case 0x4d: /* STEST1 */ 1756 ret = s->stest1; 1757 break; 1758 case 0x4e: /* STEST2 */ 1759 ret = s->stest2; 1760 break; 1761 case 0x4f: /* STEST3 */ 1762 ret = s->stest3; 1763 break; 1764 case 0x50: /* SIDL */ 1765 /* This is needed by the linux drivers. We currently only update it 1766 during the MSG IN phase. */ 1767 ret = s->sidl; 1768 break; 1769 case 0x52: /* STEST4 */ 1770 ret = 0xe0; 1771 break; 1772 case 0x56: /* CCNTL0 */ 1773 ret = s->ccntl0; 1774 break; 1775 case 0x57: /* CCNTL1 */ 1776 ret = s->ccntl1; 1777 break; 1778 case 0x58: /* SBDL */ 1779 /* Some drivers peek at the data bus during the MSG IN phase. */ 1780 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) { 1781 assert(s->msg_len > 0); 1782 return s->msg[0]; 1783 } 1784 ret = 0; 1785 break; 1786 case 0x59: /* SBDL high */ 1787 ret = 0; 1788 break; 1789 CASE_GET_REG32(mmrs, 0xa0) 1790 CASE_GET_REG32(mmws, 0xa4) 1791 CASE_GET_REG32(sfs, 0xa8) 1792 CASE_GET_REG32(drs, 0xac) 1793 CASE_GET_REG32(sbms, 0xb0) 1794 CASE_GET_REG32(dbms, 0xb4) 1795 CASE_GET_REG32(dnad64, 0xb8) 1796 CASE_GET_REG32(pmjad1, 0xc0) 1797 CASE_GET_REG32(pmjad2, 0xc4) 1798 CASE_GET_REG32(rbc, 0xc8) 1799 CASE_GET_REG32(ua, 0xcc) 1800 CASE_GET_REG32(ia, 0xd4) 1801 CASE_GET_REG32(sbc, 0xd8) 1802 CASE_GET_REG32(csbc, 0xdc) 1803 case 0x5c ... 0x9f: 1804 { 1805 int n; 1806 int shift; 1807 n = (offset - 0x58) >> 2; 1808 shift = (offset & 3) * 8; 1809 ret = (s->scratch[n] >> shift) & 0xff; 1810 break; 1811 } 1812 default: 1813 { 1814 qemu_log_mask(LOG_GUEST_ERROR, 1815 "lsi_scsi: invalid read from reg %s %x\n", 1816 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1817 offset); 1818 ret = 0xff; 1819 break; 1820 } 1821 } 1822 #undef CASE_GET_REG24 1823 #undef CASE_GET_REG32 1824 1825 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1826 offset, ret); 1827 1828 return ret; 1829 } 1830 1831 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1832 { 1833 #define CASE_SET_REG24(name, addr) \ 1834 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1835 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1836 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1837 1838 #define CASE_SET_REG32(name, addr) \ 1839 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1840 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1841 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1842 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1843 1844 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1845 offset, val); 1846 1847 switch (offset) { 1848 case 0x00: /* SCNTL0 */ 1849 s->scntl0 = val; 1850 if (val & LSI_SCNTL0_START) { 1851 qemu_log_mask(LOG_UNIMP, 1852 "lsi_scsi: Start sequence not implemented\n"); 1853 } 1854 break; 1855 case 0x01: /* SCNTL1 */ 1856 s->scntl1 = val & ~LSI_SCNTL1_SST; 1857 if (val & LSI_SCNTL1_IARB) { 1858 qemu_log_mask(LOG_UNIMP, 1859 "lsi_scsi: Immediate Arbritration not implemented\n"); 1860 } 1861 if (val & LSI_SCNTL1_RST) { 1862 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1863 qbus_reset_all(BUS(&s->bus)); 1864 s->sstat0 |= LSI_SSTAT0_RST; 1865 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1866 } 1867 } else { 1868 s->sstat0 &= ~LSI_SSTAT0_RST; 1869 } 1870 break; 1871 case 0x02: /* SCNTL2 */ 1872 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1873 s->scntl2 = val; 1874 break; 1875 case 0x03: /* SCNTL3 */ 1876 s->scntl3 = val; 1877 break; 1878 case 0x04: /* SCID */ 1879 s->scid = val; 1880 break; 1881 case 0x05: /* SXFER */ 1882 s->sxfer = val; 1883 break; 1884 case 0x06: /* SDID */ 1885 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1886 qemu_log_mask(LOG_GUEST_ERROR, 1887 "lsi_scsi: Destination ID does not match SSID\n"); 1888 } 1889 s->sdid = val & 0xf; 1890 break; 1891 case 0x07: /* GPREG0 */ 1892 break; 1893 case 0x08: /* SFBR */ 1894 /* The CPU is not allowed to write to this register. However the 1895 SCRIPTS register move instructions are. */ 1896 s->sfbr = val; 1897 break; 1898 case 0x0a: case 0x0b: 1899 /* Openserver writes to these readonly registers on startup */ 1900 return; 1901 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1902 /* Linux writes to these readonly registers on startup. */ 1903 return; 1904 CASE_SET_REG32(dsa, 0x10) 1905 case 0x14: /* ISTAT0 */ 1906 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1907 if (val & LSI_ISTAT0_ABRT) { 1908 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1909 } 1910 if (val & LSI_ISTAT0_INTF) { 1911 s->istat0 &= ~LSI_ISTAT0_INTF; 1912 lsi_update_irq(s); 1913 } 1914 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) { 1915 trace_lsi_awoken(); 1916 s->waiting = LSI_NOWAIT; 1917 s->dsp = s->dnad; 1918 lsi_execute_script(s); 1919 } 1920 if (val & LSI_ISTAT0_SRST) { 1921 qdev_reset_all(DEVICE(s)); 1922 } 1923 break; 1924 case 0x16: /* MBOX0 */ 1925 s->mbox0 = val; 1926 break; 1927 case 0x17: /* MBOX1 */ 1928 s->mbox1 = val; 1929 break; 1930 case 0x18: /* CTEST0 */ 1931 /* nothing to do */ 1932 break; 1933 case 0x1a: /* CTEST2 */ 1934 s->ctest2 = val & LSI_CTEST2_PCICIE; 1935 break; 1936 case 0x1b: /* CTEST3 */ 1937 s->ctest3 = val & 0x0f; 1938 break; 1939 CASE_SET_REG32(temp, 0x1c) 1940 case 0x21: /* CTEST4 */ 1941 if (val & 7) { 1942 qemu_log_mask(LOG_UNIMP, 1943 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1944 } 1945 s->ctest4 = val; 1946 break; 1947 case 0x22: /* CTEST5 */ 1948 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1949 qemu_log_mask(LOG_UNIMP, 1950 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1951 } 1952 s->ctest5 = val; 1953 break; 1954 CASE_SET_REG24(dbc, 0x24) 1955 CASE_SET_REG32(dnad, 0x28) 1956 case 0x2c: /* DSP[0:7] */ 1957 s->dsp &= 0xffffff00; 1958 s->dsp |= val; 1959 break; 1960 case 0x2d: /* DSP[8:15] */ 1961 s->dsp &= 0xffff00ff; 1962 s->dsp |= val << 8; 1963 break; 1964 case 0x2e: /* DSP[16:23] */ 1965 s->dsp &= 0xff00ffff; 1966 s->dsp |= val << 16; 1967 break; 1968 case 0x2f: /* DSP[24:31] */ 1969 s->dsp &= 0x00ffffff; 1970 s->dsp |= val << 24; 1971 if ((s->dmode & LSI_DMODE_MAN) == 0 1972 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1973 lsi_execute_script(s); 1974 break; 1975 CASE_SET_REG32(dsps, 0x30) 1976 CASE_SET_REG32(scratch[0], 0x34) 1977 case 0x38: /* DMODE */ 1978 s->dmode = val; 1979 break; 1980 case 0x39: /* DIEN */ 1981 s->dien = val; 1982 lsi_update_irq(s); 1983 break; 1984 case 0x3a: /* SBR */ 1985 s->sbr = val; 1986 break; 1987 case 0x3b: /* DCNTL */ 1988 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1989 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1990 lsi_execute_script(s); 1991 break; 1992 case 0x40: /* SIEN0 */ 1993 s->sien0 = val; 1994 lsi_update_irq(s); 1995 break; 1996 case 0x41: /* SIEN1 */ 1997 s->sien1 = val; 1998 lsi_update_irq(s); 1999 break; 2000 case 0x47: /* GPCNTL0 */ 2001 break; 2002 case 0x48: /* STIME0 */ 2003 s->stime0 = val; 2004 break; 2005 case 0x49: /* STIME1 */ 2006 if (val & 0xf) { 2007 qemu_log_mask(LOG_UNIMP, 2008 "lsi_scsi: General purpose timer not implemented\n"); 2009 /* ??? Raising the interrupt immediately seems to be sufficient 2010 to keep the FreeBSD driver happy. */ 2011 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 2012 } 2013 break; 2014 case 0x4a: /* RESPID0 */ 2015 s->respid0 = val; 2016 break; 2017 case 0x4b: /* RESPID1 */ 2018 s->respid1 = val; 2019 break; 2020 case 0x4d: /* STEST1 */ 2021 s->stest1 = val; 2022 break; 2023 case 0x4e: /* STEST2 */ 2024 if (val & 1) { 2025 qemu_log_mask(LOG_UNIMP, 2026 "lsi_scsi: Low level mode not implemented\n"); 2027 } 2028 s->stest2 = val; 2029 break; 2030 case 0x4f: /* STEST3 */ 2031 if (val & 0x41) { 2032 qemu_log_mask(LOG_UNIMP, 2033 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 2034 } 2035 s->stest3 = val; 2036 break; 2037 case 0x56: /* CCNTL0 */ 2038 s->ccntl0 = val; 2039 break; 2040 case 0x57: /* CCNTL1 */ 2041 s->ccntl1 = val; 2042 break; 2043 CASE_SET_REG32(mmrs, 0xa0) 2044 CASE_SET_REG32(mmws, 0xa4) 2045 CASE_SET_REG32(sfs, 0xa8) 2046 CASE_SET_REG32(drs, 0xac) 2047 CASE_SET_REG32(sbms, 0xb0) 2048 CASE_SET_REG32(dbms, 0xb4) 2049 CASE_SET_REG32(dnad64, 0xb8) 2050 CASE_SET_REG32(pmjad1, 0xc0) 2051 CASE_SET_REG32(pmjad2, 0xc4) 2052 CASE_SET_REG32(rbc, 0xc8) 2053 CASE_SET_REG32(ua, 0xcc) 2054 CASE_SET_REG32(ia, 0xd4) 2055 CASE_SET_REG32(sbc, 0xd8) 2056 CASE_SET_REG32(csbc, 0xdc) 2057 default: 2058 if (offset >= 0x5c && offset < 0xa0) { 2059 int n; 2060 int shift; 2061 n = (offset - 0x58) >> 2; 2062 shift = (offset & 3) * 8; 2063 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 2064 } else { 2065 qemu_log_mask(LOG_GUEST_ERROR, 2066 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 2067 offset < ARRAY_SIZE(names) ? names[offset] : "???", 2068 offset, val); 2069 } 2070 } 2071 #undef CASE_SET_REG24 2072 #undef CASE_SET_REG32 2073 } 2074 2075 static void lsi_mmio_write(void *opaque, hwaddr addr, 2076 uint64_t val, unsigned size) 2077 { 2078 LSIState *s = opaque; 2079 2080 lsi_reg_writeb(s, addr & 0xff, val); 2081 } 2082 2083 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2084 unsigned size) 2085 { 2086 LSIState *s = opaque; 2087 return lsi_reg_readb(s, addr & 0xff); 2088 } 2089 2090 static const MemoryRegionOps lsi_mmio_ops = { 2091 .read = lsi_mmio_read, 2092 .write = lsi_mmio_write, 2093 .endianness = DEVICE_LITTLE_ENDIAN, 2094 .impl = { 2095 .min_access_size = 1, 2096 .max_access_size = 1, 2097 }, 2098 }; 2099 2100 static void lsi_ram_write(void *opaque, hwaddr addr, 2101 uint64_t val, unsigned size) 2102 { 2103 LSIState *s = opaque; 2104 stn_le_p(s->script_ram + addr, size, val); 2105 } 2106 2107 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2108 unsigned size) 2109 { 2110 LSIState *s = opaque; 2111 return ldn_le_p(s->script_ram + addr, size); 2112 } 2113 2114 static const MemoryRegionOps lsi_ram_ops = { 2115 .read = lsi_ram_read, 2116 .write = lsi_ram_write, 2117 .endianness = DEVICE_LITTLE_ENDIAN, 2118 }; 2119 2120 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2121 unsigned size) 2122 { 2123 LSIState *s = opaque; 2124 return lsi_reg_readb(s, addr & 0xff); 2125 } 2126 2127 static void lsi_io_write(void *opaque, hwaddr addr, 2128 uint64_t val, unsigned size) 2129 { 2130 LSIState *s = opaque; 2131 lsi_reg_writeb(s, addr & 0xff, val); 2132 } 2133 2134 static const MemoryRegionOps lsi_io_ops = { 2135 .read = lsi_io_read, 2136 .write = lsi_io_write, 2137 .endianness = DEVICE_LITTLE_ENDIAN, 2138 .impl = { 2139 .min_access_size = 1, 2140 .max_access_size = 1, 2141 }, 2142 }; 2143 2144 static void lsi_scsi_reset(DeviceState *dev) 2145 { 2146 LSIState *s = LSI53C895A(dev); 2147 2148 lsi_soft_reset(s); 2149 } 2150 2151 static int lsi_pre_save(void *opaque) 2152 { 2153 LSIState *s = opaque; 2154 2155 if (s->current) { 2156 assert(s->current->dma_buf == NULL); 2157 assert(s->current->dma_len == 0); 2158 } 2159 assert(QTAILQ_EMPTY(&s->queue)); 2160 2161 return 0; 2162 } 2163 2164 static int lsi_post_load(void *opaque, int version_id) 2165 { 2166 LSIState *s = opaque; 2167 2168 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) { 2169 return -EINVAL; 2170 } 2171 2172 return 0; 2173 } 2174 2175 static const VMStateDescription vmstate_lsi_scsi = { 2176 .name = "lsiscsi", 2177 .version_id = 1, 2178 .minimum_version_id = 0, 2179 .pre_save = lsi_pre_save, 2180 .post_load = lsi_post_load, 2181 .fields = (VMStateField[]) { 2182 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2183 2184 VMSTATE_INT32(carry, LSIState), 2185 VMSTATE_INT32(status, LSIState), 2186 VMSTATE_INT32(msg_action, LSIState), 2187 VMSTATE_INT32(msg_len, LSIState), 2188 VMSTATE_BUFFER(msg, LSIState), 2189 VMSTATE_INT32(waiting, LSIState), 2190 2191 VMSTATE_UINT32(dsa, LSIState), 2192 VMSTATE_UINT32(temp, LSIState), 2193 VMSTATE_UINT32(dnad, LSIState), 2194 VMSTATE_UINT32(dbc, LSIState), 2195 VMSTATE_UINT8(istat0, LSIState), 2196 VMSTATE_UINT8(istat1, LSIState), 2197 VMSTATE_UINT8(dcmd, LSIState), 2198 VMSTATE_UINT8(dstat, LSIState), 2199 VMSTATE_UINT8(dien, LSIState), 2200 VMSTATE_UINT8(sist0, LSIState), 2201 VMSTATE_UINT8(sist1, LSIState), 2202 VMSTATE_UINT8(sien0, LSIState), 2203 VMSTATE_UINT8(sien1, LSIState), 2204 VMSTATE_UINT8(mbox0, LSIState), 2205 VMSTATE_UINT8(mbox1, LSIState), 2206 VMSTATE_UINT8(dfifo, LSIState), 2207 VMSTATE_UINT8(ctest2, LSIState), 2208 VMSTATE_UINT8(ctest3, LSIState), 2209 VMSTATE_UINT8(ctest4, LSIState), 2210 VMSTATE_UINT8(ctest5, LSIState), 2211 VMSTATE_UINT8(ccntl0, LSIState), 2212 VMSTATE_UINT8(ccntl1, LSIState), 2213 VMSTATE_UINT32(dsp, LSIState), 2214 VMSTATE_UINT32(dsps, LSIState), 2215 VMSTATE_UINT8(dmode, LSIState), 2216 VMSTATE_UINT8(dcntl, LSIState), 2217 VMSTATE_UINT8(scntl0, LSIState), 2218 VMSTATE_UINT8(scntl1, LSIState), 2219 VMSTATE_UINT8(scntl2, LSIState), 2220 VMSTATE_UINT8(scntl3, LSIState), 2221 VMSTATE_UINT8(sstat0, LSIState), 2222 VMSTATE_UINT8(sstat1, LSIState), 2223 VMSTATE_UINT8(scid, LSIState), 2224 VMSTATE_UINT8(sxfer, LSIState), 2225 VMSTATE_UINT8(socl, LSIState), 2226 VMSTATE_UINT8(sdid, LSIState), 2227 VMSTATE_UINT8(ssid, LSIState), 2228 VMSTATE_UINT8(sfbr, LSIState), 2229 VMSTATE_UINT8(stest1, LSIState), 2230 VMSTATE_UINT8(stest2, LSIState), 2231 VMSTATE_UINT8(stest3, LSIState), 2232 VMSTATE_UINT8(sidl, LSIState), 2233 VMSTATE_UINT8(stime0, LSIState), 2234 VMSTATE_UINT8(respid0, LSIState), 2235 VMSTATE_UINT8(respid1, LSIState), 2236 VMSTATE_UINT8_V(sbcl, LSIState, 1), 2237 VMSTATE_UINT32(mmrs, LSIState), 2238 VMSTATE_UINT32(mmws, LSIState), 2239 VMSTATE_UINT32(sfs, LSIState), 2240 VMSTATE_UINT32(drs, LSIState), 2241 VMSTATE_UINT32(sbms, LSIState), 2242 VMSTATE_UINT32(dbms, LSIState), 2243 VMSTATE_UINT32(dnad64, LSIState), 2244 VMSTATE_UINT32(pmjad1, LSIState), 2245 VMSTATE_UINT32(pmjad2, LSIState), 2246 VMSTATE_UINT32(rbc, LSIState), 2247 VMSTATE_UINT32(ua, LSIState), 2248 VMSTATE_UINT32(ia, LSIState), 2249 VMSTATE_UINT32(sbc, LSIState), 2250 VMSTATE_UINT32(csbc, LSIState), 2251 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2252 VMSTATE_UINT8(sbr, LSIState), 2253 2254 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192), 2255 VMSTATE_END_OF_LIST() 2256 } 2257 }; 2258 2259 static const struct SCSIBusInfo lsi_scsi_info = { 2260 .tcq = true, 2261 .max_target = LSI_MAX_DEVS, 2262 .max_lun = 0, /* LUN support is buggy */ 2263 2264 .transfer_data = lsi_transfer_data, 2265 .complete = lsi_command_complete, 2266 .cancel = lsi_request_cancelled 2267 }; 2268 2269 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2270 { 2271 LSIState *s = LSI53C895A(dev); 2272 DeviceState *d = DEVICE(dev); 2273 uint8_t *pci_conf; 2274 2275 pci_conf = dev->config; 2276 2277 /* PCI latency timer = 255 */ 2278 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2279 /* Interrupt pin A */ 2280 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2281 2282 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2283 "lsi-mmio", 0x400); 2284 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2285 "lsi-ram", 0x2000); 2286 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2287 "lsi-io", 256); 2288 2289 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2290 qdev_init_gpio_out(d, &s->ext_irq, 1); 2291 2292 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2293 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2294 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2295 QTAILQ_INIT(&s->queue); 2296 2297 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2298 } 2299 2300 static void lsi_scsi_unrealize(DeviceState *dev, Error **errp) 2301 { 2302 LSIState *s = LSI53C895A(dev); 2303 2304 address_space_destroy(&s->pci_io_as); 2305 } 2306 2307 static void lsi_class_init(ObjectClass *klass, void *data) 2308 { 2309 DeviceClass *dc = DEVICE_CLASS(klass); 2310 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2311 2312 k->realize = lsi_scsi_realize; 2313 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2314 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2315 k->class_id = PCI_CLASS_STORAGE_SCSI; 2316 k->subsystem_id = 0x1000; 2317 dc->unrealize = lsi_scsi_unrealize; 2318 dc->reset = lsi_scsi_reset; 2319 dc->vmsd = &vmstate_lsi_scsi; 2320 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2321 } 2322 2323 static const TypeInfo lsi_info = { 2324 .name = TYPE_LSI53C895A, 2325 .parent = TYPE_PCI_DEVICE, 2326 .instance_size = sizeof(LSIState), 2327 .class_init = lsi_class_init, 2328 .interfaces = (InterfaceInfo[]) { 2329 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2330 { }, 2331 }, 2332 }; 2333 2334 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2335 { 2336 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2337 2338 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2339 } 2340 2341 static TypeInfo lsi53c810_info = { 2342 .name = TYPE_LSI53C810, 2343 .parent = TYPE_LSI53C895A, 2344 .class_init = lsi53c810_class_init, 2345 }; 2346 2347 static void lsi53c895a_register_types(void) 2348 { 2349 type_register_static(&lsi_info); 2350 type_register_static(&lsi53c810_info); 2351 } 2352 2353 type_init(lsi53c895a_register_types) 2354 2355 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2356 { 2357 LSIState *s = LSI53C895A(lsi_dev); 2358 2359 scsi_bus_legacy_handle_cmdline(&s->bus); 2360 } 2361