1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/hw.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "sysemu/dma.h" 22 #include "qemu/log.h" 23 #include "trace.h" 24 25 static const char *names[] = { 26 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 27 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 28 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 29 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 30 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 31 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 32 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 33 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 34 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 35 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 36 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 37 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 38 }; 39 40 #define LSI_MAX_DEVS 7 41 42 #define LSI_SCNTL0_TRG 0x01 43 #define LSI_SCNTL0_AAP 0x02 44 #define LSI_SCNTL0_EPC 0x08 45 #define LSI_SCNTL0_WATN 0x10 46 #define LSI_SCNTL0_START 0x20 47 48 #define LSI_SCNTL1_SST 0x01 49 #define LSI_SCNTL1_IARB 0x02 50 #define LSI_SCNTL1_AESP 0x04 51 #define LSI_SCNTL1_RST 0x08 52 #define LSI_SCNTL1_CON 0x10 53 #define LSI_SCNTL1_DHP 0x20 54 #define LSI_SCNTL1_ADB 0x40 55 #define LSI_SCNTL1_EXC 0x80 56 57 #define LSI_SCNTL2_WSR 0x01 58 #define LSI_SCNTL2_VUE0 0x02 59 #define LSI_SCNTL2_VUE1 0x04 60 #define LSI_SCNTL2_WSS 0x08 61 #define LSI_SCNTL2_SLPHBEN 0x10 62 #define LSI_SCNTL2_SLPMD 0x20 63 #define LSI_SCNTL2_CHM 0x40 64 #define LSI_SCNTL2_SDU 0x80 65 66 #define LSI_ISTAT0_DIP 0x01 67 #define LSI_ISTAT0_SIP 0x02 68 #define LSI_ISTAT0_INTF 0x04 69 #define LSI_ISTAT0_CON 0x08 70 #define LSI_ISTAT0_SEM 0x10 71 #define LSI_ISTAT0_SIGP 0x20 72 #define LSI_ISTAT0_SRST 0x40 73 #define LSI_ISTAT0_ABRT 0x80 74 75 #define LSI_ISTAT1_SI 0x01 76 #define LSI_ISTAT1_SRUN 0x02 77 #define LSI_ISTAT1_FLSH 0x04 78 79 #define LSI_SSTAT0_SDP0 0x01 80 #define LSI_SSTAT0_RST 0x02 81 #define LSI_SSTAT0_WOA 0x04 82 #define LSI_SSTAT0_LOA 0x08 83 #define LSI_SSTAT0_AIP 0x10 84 #define LSI_SSTAT0_OLF 0x20 85 #define LSI_SSTAT0_ORF 0x40 86 #define LSI_SSTAT0_ILF 0x80 87 88 #define LSI_SIST0_PAR 0x01 89 #define LSI_SIST0_RST 0x02 90 #define LSI_SIST0_UDC 0x04 91 #define LSI_SIST0_SGE 0x08 92 #define LSI_SIST0_RSL 0x10 93 #define LSI_SIST0_SEL 0x20 94 #define LSI_SIST0_CMP 0x40 95 #define LSI_SIST0_MA 0x80 96 97 #define LSI_SIST1_HTH 0x01 98 #define LSI_SIST1_GEN 0x02 99 #define LSI_SIST1_STO 0x04 100 #define LSI_SIST1_SBMC 0x10 101 102 #define LSI_SOCL_IO 0x01 103 #define LSI_SOCL_CD 0x02 104 #define LSI_SOCL_MSG 0x04 105 #define LSI_SOCL_ATN 0x08 106 #define LSI_SOCL_SEL 0x10 107 #define LSI_SOCL_BSY 0x20 108 #define LSI_SOCL_ACK 0x40 109 #define LSI_SOCL_REQ 0x80 110 111 #define LSI_DSTAT_IID 0x01 112 #define LSI_DSTAT_SIR 0x04 113 #define LSI_DSTAT_SSI 0x08 114 #define LSI_DSTAT_ABRT 0x10 115 #define LSI_DSTAT_BF 0x20 116 #define LSI_DSTAT_MDPE 0x40 117 #define LSI_DSTAT_DFE 0x80 118 119 #define LSI_DCNTL_COM 0x01 120 #define LSI_DCNTL_IRQD 0x02 121 #define LSI_DCNTL_STD 0x04 122 #define LSI_DCNTL_IRQM 0x08 123 #define LSI_DCNTL_SSM 0x10 124 #define LSI_DCNTL_PFEN 0x20 125 #define LSI_DCNTL_PFF 0x40 126 #define LSI_DCNTL_CLSE 0x80 127 128 #define LSI_DMODE_MAN 0x01 129 #define LSI_DMODE_BOF 0x02 130 #define LSI_DMODE_ERMP 0x04 131 #define LSI_DMODE_ERL 0x08 132 #define LSI_DMODE_DIOM 0x10 133 #define LSI_DMODE_SIOM 0x20 134 135 #define LSI_CTEST2_DACK 0x01 136 #define LSI_CTEST2_DREQ 0x02 137 #define LSI_CTEST2_TEOP 0x04 138 #define LSI_CTEST2_PCICIE 0x08 139 #define LSI_CTEST2_CM 0x10 140 #define LSI_CTEST2_CIO 0x20 141 #define LSI_CTEST2_SIGP 0x40 142 #define LSI_CTEST2_DDIR 0x80 143 144 #define LSI_CTEST5_BL2 0x04 145 #define LSI_CTEST5_DDIR 0x08 146 #define LSI_CTEST5_MASR 0x10 147 #define LSI_CTEST5_DFSN 0x20 148 #define LSI_CTEST5_BBCK 0x40 149 #define LSI_CTEST5_ADCK 0x80 150 151 #define LSI_CCNTL0_DILS 0x01 152 #define LSI_CCNTL0_DISFC 0x10 153 #define LSI_CCNTL0_ENNDJ 0x20 154 #define LSI_CCNTL0_PMJCTL 0x40 155 #define LSI_CCNTL0_ENPMJ 0x80 156 157 #define LSI_CCNTL1_EN64DBMV 0x01 158 #define LSI_CCNTL1_EN64TIBMV 0x02 159 #define LSI_CCNTL1_64TIMOD 0x04 160 #define LSI_CCNTL1_DDAC 0x08 161 #define LSI_CCNTL1_ZMOD 0x80 162 163 /* Enable Response to Reselection */ 164 #define LSI_SCID_RRE 0x60 165 166 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 167 168 #define PHASE_DO 0 169 #define PHASE_DI 1 170 #define PHASE_CMD 2 171 #define PHASE_ST 3 172 #define PHASE_MO 6 173 #define PHASE_MI 7 174 #define PHASE_MASK 7 175 176 /* Maximum length of MSG IN data. */ 177 #define LSI_MAX_MSGIN_LEN 8 178 179 /* Flag set if this is a tagged command. */ 180 #define LSI_TAG_VALID (1 << 16) 181 182 typedef struct lsi_request { 183 SCSIRequest *req; 184 uint32_t tag; 185 uint32_t dma_len; 186 uint8_t *dma_buf; 187 uint32_t pending; 188 int out; 189 QTAILQ_ENTRY(lsi_request) next; 190 } lsi_request; 191 192 typedef struct { 193 /*< private >*/ 194 PCIDevice parent_obj; 195 /*< public >*/ 196 197 qemu_irq ext_irq; 198 MemoryRegion mmio_io; 199 MemoryRegion ram_io; 200 MemoryRegion io_io; 201 AddressSpace pci_io_as; 202 203 int carry; /* ??? Should this be an a visible register somewhere? */ 204 int status; 205 /* Action to take at the end of a MSG IN phase. 206 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */ 207 int msg_action; 208 int msg_len; 209 uint8_t msg[LSI_MAX_MSGIN_LEN]; 210 /* 0 if SCRIPTS are running or stopped. 211 * 1 if a Wait Reselect instruction has been issued. 212 * 2 if processing DMA from lsi_execute_script. 213 * 3 if a DMA operation is in progress. */ 214 int waiting; 215 SCSIBus bus; 216 int current_lun; 217 /* The tag is a combination of the device ID and the SCSI tag. */ 218 uint32_t select_tag; 219 int command_complete; 220 QTAILQ_HEAD(, lsi_request) queue; 221 lsi_request *current; 222 223 uint32_t dsa; 224 uint32_t temp; 225 uint32_t dnad; 226 uint32_t dbc; 227 uint8_t istat0; 228 uint8_t istat1; 229 uint8_t dcmd; 230 uint8_t dstat; 231 uint8_t dien; 232 uint8_t sist0; 233 uint8_t sist1; 234 uint8_t sien0; 235 uint8_t sien1; 236 uint8_t mbox0; 237 uint8_t mbox1; 238 uint8_t dfifo; 239 uint8_t ctest2; 240 uint8_t ctest3; 241 uint8_t ctest4; 242 uint8_t ctest5; 243 uint8_t ccntl0; 244 uint8_t ccntl1; 245 uint32_t dsp; 246 uint32_t dsps; 247 uint8_t dmode; 248 uint8_t dcntl; 249 uint8_t scntl0; 250 uint8_t scntl1; 251 uint8_t scntl2; 252 uint8_t scntl3; 253 uint8_t sstat0; 254 uint8_t sstat1; 255 uint8_t scid; 256 uint8_t sxfer; 257 uint8_t socl; 258 uint8_t sdid; 259 uint8_t ssid; 260 uint8_t sfbr; 261 uint8_t stest1; 262 uint8_t stest2; 263 uint8_t stest3; 264 uint8_t sidl; 265 uint8_t stime0; 266 uint8_t respid0; 267 uint8_t respid1; 268 uint32_t mmrs; 269 uint32_t mmws; 270 uint32_t sfs; 271 uint32_t drs; 272 uint32_t sbms; 273 uint32_t dbms; 274 uint32_t dnad64; 275 uint32_t pmjad1; 276 uint32_t pmjad2; 277 uint32_t rbc; 278 uint32_t ua; 279 uint32_t ia; 280 uint32_t sbc; 281 uint32_t csbc; 282 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 283 uint8_t sbr; 284 uint32_t adder; 285 286 /* Script ram is stored as 32-bit words in host byteorder. */ 287 uint32_t script_ram[2048]; 288 } LSIState; 289 290 #define TYPE_LSI53C810 "lsi53c810" 291 #define TYPE_LSI53C895A "lsi53c895a" 292 293 #define LSI53C895A(obj) \ 294 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A) 295 296 static inline int lsi_irq_on_rsl(LSIState *s) 297 { 298 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 299 } 300 301 static void lsi_soft_reset(LSIState *s) 302 { 303 trace_lsi_reset(); 304 s->carry = 0; 305 306 s->msg_action = 0; 307 s->msg_len = 0; 308 s->waiting = 0; 309 s->dsa = 0; 310 s->dnad = 0; 311 s->dbc = 0; 312 s->temp = 0; 313 memset(s->scratch, 0, sizeof(s->scratch)); 314 s->istat0 = 0; 315 s->istat1 = 0; 316 s->dcmd = 0x40; 317 s->dstat = 0; 318 s->dien = 0; 319 s->sist0 = 0; 320 s->sist1 = 0; 321 s->sien0 = 0; 322 s->sien1 = 0; 323 s->mbox0 = 0; 324 s->mbox1 = 0; 325 s->dfifo = 0; 326 s->ctest2 = LSI_CTEST2_DACK; 327 s->ctest3 = 0; 328 s->ctest4 = 0; 329 s->ctest5 = 0; 330 s->ccntl0 = 0; 331 s->ccntl1 = 0; 332 s->dsp = 0; 333 s->dsps = 0; 334 s->dmode = 0; 335 s->dcntl = 0; 336 s->scntl0 = 0xc0; 337 s->scntl1 = 0; 338 s->scntl2 = 0; 339 s->scntl3 = 0; 340 s->sstat0 = 0; 341 s->sstat1 = 0; 342 s->scid = 7; 343 s->sxfer = 0; 344 s->socl = 0; 345 s->sdid = 0; 346 s->ssid = 0; 347 s->stest1 = 0; 348 s->stest2 = 0; 349 s->stest3 = 0; 350 s->sidl = 0; 351 s->stime0 = 0; 352 s->respid0 = 0x80; 353 s->respid1 = 0; 354 s->mmrs = 0; 355 s->mmws = 0; 356 s->sfs = 0; 357 s->drs = 0; 358 s->sbms = 0; 359 s->dbms = 0; 360 s->dnad64 = 0; 361 s->pmjad1 = 0; 362 s->pmjad2 = 0; 363 s->rbc = 0; 364 s->ua = 0; 365 s->ia = 0; 366 s->sbc = 0; 367 s->csbc = 0; 368 s->sbr = 0; 369 assert(QTAILQ_EMPTY(&s->queue)); 370 assert(!s->current); 371 } 372 373 static int lsi_dma_40bit(LSIState *s) 374 { 375 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 376 return 1; 377 return 0; 378 } 379 380 static int lsi_dma_ti64bit(LSIState *s) 381 { 382 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 383 return 1; 384 return 0; 385 } 386 387 static int lsi_dma_64bit(LSIState *s) 388 { 389 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 390 return 1; 391 return 0; 392 } 393 394 static uint8_t lsi_reg_readb(LSIState *s, int offset); 395 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 396 static void lsi_execute_script(LSIState *s); 397 static void lsi_reselect(LSIState *s, lsi_request *p); 398 399 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 400 void *buf, dma_addr_t len) 401 { 402 if (s->dmode & LSI_DMODE_SIOM) { 403 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 404 buf, len); 405 } else { 406 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 407 } 408 } 409 410 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 411 const void *buf, dma_addr_t len) 412 { 413 if (s->dmode & LSI_DMODE_DIOM) { 414 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 415 buf, len); 416 } else { 417 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 418 } 419 } 420 421 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 422 { 423 uint32_t buf; 424 425 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 426 return cpu_to_le32(buf); 427 } 428 429 static void lsi_stop_script(LSIState *s) 430 { 431 s->istat1 &= ~LSI_ISTAT1_SRUN; 432 } 433 434 static void lsi_set_irq(LSIState *s, int level) 435 { 436 PCIDevice *d = PCI_DEVICE(s); 437 438 if (s->ext_irq) { 439 qemu_set_irq(s->ext_irq, level); 440 } else { 441 pci_set_irq(d, level); 442 } 443 } 444 445 static void lsi_update_irq(LSIState *s) 446 { 447 int level; 448 static int last_level; 449 lsi_request *p; 450 451 /* It's unclear whether the DIP/SIP bits should be cleared when the 452 Interrupt Status Registers are cleared or when istat0 is read. 453 We currently do the formwer, which seems to work. */ 454 level = 0; 455 if (s->dstat) { 456 if (s->dstat & s->dien) 457 level = 1; 458 s->istat0 |= LSI_ISTAT0_DIP; 459 } else { 460 s->istat0 &= ~LSI_ISTAT0_DIP; 461 } 462 463 if (s->sist0 || s->sist1) { 464 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 465 level = 1; 466 s->istat0 |= LSI_ISTAT0_SIP; 467 } else { 468 s->istat0 &= ~LSI_ISTAT0_SIP; 469 } 470 if (s->istat0 & LSI_ISTAT0_INTF) 471 level = 1; 472 473 if (level != last_level) { 474 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 475 last_level = level; 476 } 477 lsi_set_irq(s, level); 478 479 if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 480 trace_lsi_update_irq_disconnected(); 481 QTAILQ_FOREACH(p, &s->queue, next) { 482 if (p->pending) { 483 lsi_reselect(s, p); 484 break; 485 } 486 } 487 } 488 } 489 490 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 491 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 492 { 493 uint32_t mask0; 494 uint32_t mask1; 495 496 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 497 s->sist0 |= stat0; 498 s->sist1 |= stat1; 499 /* Stop processor on fatal or unmasked interrupt. As a special hack 500 we don't stop processing when raising STO. Instead continue 501 execution and stop at the next insn that accesses the SCSI bus. */ 502 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 503 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 504 mask1 &= ~LSI_SIST1_STO; 505 if (s->sist0 & mask0 || s->sist1 & mask1) { 506 lsi_stop_script(s); 507 } 508 lsi_update_irq(s); 509 } 510 511 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 512 static void lsi_script_dma_interrupt(LSIState *s, int stat) 513 { 514 trace_lsi_script_dma_interrupt(stat, s->dstat); 515 s->dstat |= stat; 516 lsi_update_irq(s); 517 lsi_stop_script(s); 518 } 519 520 static inline void lsi_set_phase(LSIState *s, int phase) 521 { 522 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 523 } 524 525 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 526 { 527 /* Trigger a phase mismatch. */ 528 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 529 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 530 s->dsp = out ? s->pmjad1 : s->pmjad2; 531 } else { 532 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 533 } 534 trace_lsi_bad_phase_jump(s->dsp); 535 } else { 536 trace_lsi_bad_phase_interrupt(); 537 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 538 lsi_stop_script(s); 539 } 540 lsi_set_phase(s, new_phase); 541 } 542 543 544 /* Resume SCRIPTS execution after a DMA operation. */ 545 static void lsi_resume_script(LSIState *s) 546 { 547 if (s->waiting != 2) { 548 s->waiting = 0; 549 lsi_execute_script(s); 550 } else { 551 s->waiting = 0; 552 } 553 } 554 555 static void lsi_disconnect(LSIState *s) 556 { 557 s->scntl1 &= ~LSI_SCNTL1_CON; 558 s->sstat1 &= ~PHASE_MASK; 559 } 560 561 static void lsi_bad_selection(LSIState *s, uint32_t id) 562 { 563 trace_lsi_bad_selection(id); 564 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 565 lsi_disconnect(s); 566 } 567 568 /* Initiate a SCSI layer data transfer. */ 569 static void lsi_do_dma(LSIState *s, int out) 570 { 571 uint32_t count; 572 dma_addr_t addr; 573 SCSIDevice *dev; 574 575 assert(s->current); 576 if (!s->current->dma_len) { 577 /* Wait until data is available. */ 578 trace_lsi_do_dma_unavailable(); 579 return; 580 } 581 582 dev = s->current->req->dev; 583 assert(dev); 584 585 count = s->dbc; 586 if (count > s->current->dma_len) 587 count = s->current->dma_len; 588 589 addr = s->dnad; 590 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 591 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 592 addr |= ((uint64_t)s->dnad64 << 32); 593 else if (s->dbms) 594 addr |= ((uint64_t)s->dbms << 32); 595 else if (s->sbms) 596 addr |= ((uint64_t)s->sbms << 32); 597 598 trace_lsi_do_dma(addr, count); 599 s->csbc += count; 600 s->dnad += count; 601 s->dbc -= count; 602 if (s->current->dma_buf == NULL) { 603 s->current->dma_buf = scsi_req_get_buf(s->current->req); 604 } 605 /* ??? Set SFBR to first data byte. */ 606 if (out) { 607 lsi_mem_read(s, addr, s->current->dma_buf, count); 608 } else { 609 lsi_mem_write(s, addr, s->current->dma_buf, count); 610 } 611 s->current->dma_len -= count; 612 if (s->current->dma_len == 0) { 613 s->current->dma_buf = NULL; 614 scsi_req_continue(s->current->req); 615 } else { 616 s->current->dma_buf += count; 617 lsi_resume_script(s); 618 } 619 } 620 621 622 /* Add a command to the queue. */ 623 static void lsi_queue_command(LSIState *s) 624 { 625 lsi_request *p = s->current; 626 627 trace_lsi_queue_command(p->tag); 628 assert(s->current != NULL); 629 assert(s->current->dma_len == 0); 630 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 631 s->current = NULL; 632 633 p->pending = 0; 634 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 635 } 636 637 /* Queue a byte for a MSG IN phase. */ 638 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 639 { 640 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 641 trace_lsi_add_msg_byte_error(); 642 } else { 643 trace_lsi_add_msg_byte(data); 644 s->msg[s->msg_len++] = data; 645 } 646 } 647 648 /* Perform reselection to continue a command. */ 649 static void lsi_reselect(LSIState *s, lsi_request *p) 650 { 651 int id; 652 653 assert(s->current == NULL); 654 QTAILQ_REMOVE(&s->queue, p, next); 655 s->current = p; 656 657 id = (p->tag >> 8) & 0xf; 658 s->ssid = id | 0x80; 659 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 660 if (!(s->dcntl & LSI_DCNTL_COM)) { 661 s->sfbr = 1 << (id & 0x7); 662 } 663 trace_lsi_reselect(id); 664 s->scntl1 |= LSI_SCNTL1_CON; 665 lsi_set_phase(s, PHASE_MI); 666 s->msg_action = p->out ? 2 : 3; 667 s->current->dma_len = p->pending; 668 lsi_add_msg_byte(s, 0x80); 669 if (s->current->tag & LSI_TAG_VALID) { 670 lsi_add_msg_byte(s, 0x20); 671 lsi_add_msg_byte(s, p->tag & 0xff); 672 } 673 674 if (lsi_irq_on_rsl(s)) { 675 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 676 } 677 } 678 679 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 680 { 681 lsi_request *p; 682 683 QTAILQ_FOREACH(p, &s->queue, next) { 684 if (p->tag == tag) { 685 return p; 686 } 687 } 688 689 return NULL; 690 } 691 692 static void lsi_request_free(LSIState *s, lsi_request *p) 693 { 694 if (p == s->current) { 695 s->current = NULL; 696 } else { 697 QTAILQ_REMOVE(&s->queue, p, next); 698 } 699 g_free(p); 700 } 701 702 static void lsi_request_cancelled(SCSIRequest *req) 703 { 704 LSIState *s = LSI53C895A(req->bus->qbus.parent); 705 lsi_request *p = req->hba_private; 706 707 req->hba_private = NULL; 708 lsi_request_free(s, p); 709 scsi_req_unref(req); 710 } 711 712 /* Record that data is available for a queued command. Returns zero if 713 the device was reselected, nonzero if the IO is deferred. */ 714 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 715 { 716 lsi_request *p = req->hba_private; 717 718 if (p->pending) { 719 trace_lsi_queue_req_error(p); 720 } 721 p->pending = len; 722 /* Reselect if waiting for it, or if reselection triggers an IRQ 723 and the bus is free. 724 Since no interrupt stacking is implemented in the emulation, it 725 is also required that there are no pending interrupts waiting 726 for service from the device driver. */ 727 if (s->waiting == 1 || 728 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 729 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 730 /* Reselect device. */ 731 lsi_reselect(s, p); 732 return 0; 733 } else { 734 trace_lsi_queue_req(p->tag); 735 p->pending = len; 736 return 1; 737 } 738 } 739 740 /* Callback to indicate that the SCSI layer has completed a command. */ 741 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 742 { 743 LSIState *s = LSI53C895A(req->bus->qbus.parent); 744 int out; 745 746 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 747 trace_lsi_command_complete(status); 748 s->status = status; 749 s->command_complete = 2; 750 if (s->waiting && s->dbc != 0) { 751 /* Raise phase mismatch for short transfers. */ 752 lsi_bad_phase(s, out, PHASE_ST); 753 } else { 754 lsi_set_phase(s, PHASE_ST); 755 } 756 757 if (req->hba_private == s->current) { 758 req->hba_private = NULL; 759 lsi_request_free(s, s->current); 760 scsi_req_unref(req); 761 } 762 lsi_resume_script(s); 763 } 764 765 /* Callback to indicate that the SCSI layer has completed a transfer. */ 766 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 767 { 768 LSIState *s = LSI53C895A(req->bus->qbus.parent); 769 int out; 770 771 assert(req->hba_private); 772 if (s->waiting == 1 || req->hba_private != s->current || 773 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 774 if (lsi_queue_req(s, req, len)) { 775 return; 776 } 777 } 778 779 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 780 781 /* host adapter (re)connected */ 782 trace_lsi_transfer_data(req->tag, len); 783 s->current->dma_len = len; 784 s->command_complete = 1; 785 if (s->waiting) { 786 if (s->waiting == 1 || s->dbc == 0) { 787 lsi_resume_script(s); 788 } else { 789 lsi_do_dma(s, out); 790 } 791 } 792 } 793 794 static void lsi_do_command(LSIState *s) 795 { 796 SCSIDevice *dev; 797 uint8_t buf[16]; 798 uint32_t id; 799 int n; 800 801 trace_lsi_do_command(s->dbc); 802 if (s->dbc > 16) 803 s->dbc = 16; 804 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 805 s->sfbr = buf[0]; 806 s->command_complete = 0; 807 808 id = (s->select_tag >> 8) & 0xf; 809 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 810 if (!dev) { 811 lsi_bad_selection(s, id); 812 return; 813 } 814 815 assert(s->current == NULL); 816 s->current = g_new0(lsi_request, 1); 817 s->current->tag = s->select_tag; 818 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 819 s->current); 820 821 n = scsi_req_enqueue(s->current->req); 822 if (n) { 823 if (n > 0) { 824 lsi_set_phase(s, PHASE_DI); 825 } else if (n < 0) { 826 lsi_set_phase(s, PHASE_DO); 827 } 828 scsi_req_continue(s->current->req); 829 } 830 if (!s->command_complete) { 831 if (n) { 832 /* Command did not complete immediately so disconnect. */ 833 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 834 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 835 /* wait data */ 836 lsi_set_phase(s, PHASE_MI); 837 s->msg_action = 1; 838 lsi_queue_command(s); 839 } else { 840 /* wait command complete */ 841 lsi_set_phase(s, PHASE_DI); 842 } 843 } 844 } 845 846 static void lsi_do_status(LSIState *s) 847 { 848 uint8_t status; 849 trace_lsi_do_status(s->dbc, s->status); 850 if (s->dbc != 1) { 851 trace_lsi_do_status_error(); 852 } 853 s->dbc = 1; 854 status = s->status; 855 s->sfbr = status; 856 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 857 lsi_set_phase(s, PHASE_MI); 858 s->msg_action = 1; 859 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 860 } 861 862 static void lsi_do_msgin(LSIState *s) 863 { 864 int len; 865 trace_lsi_do_msgin(s->dbc, s->msg_len); 866 s->sfbr = s->msg[0]; 867 len = s->msg_len; 868 if (len > s->dbc) 869 len = s->dbc; 870 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 871 /* Linux drivers rely on the last byte being in the SIDL. */ 872 s->sidl = s->msg[len - 1]; 873 s->msg_len -= len; 874 if (s->msg_len) { 875 memmove(s->msg, s->msg + len, s->msg_len); 876 } else { 877 /* ??? Check if ATN (not yet implemented) is asserted and maybe 878 switch to PHASE_MO. */ 879 switch (s->msg_action) { 880 case 0: 881 lsi_set_phase(s, PHASE_CMD); 882 break; 883 case 1: 884 lsi_disconnect(s); 885 break; 886 case 2: 887 lsi_set_phase(s, PHASE_DO); 888 break; 889 case 3: 890 lsi_set_phase(s, PHASE_DI); 891 break; 892 default: 893 abort(); 894 } 895 } 896 } 897 898 /* Read the next byte during a MSGOUT phase. */ 899 static uint8_t lsi_get_msgbyte(LSIState *s) 900 { 901 uint8_t data; 902 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 903 s->dnad++; 904 s->dbc--; 905 return data; 906 } 907 908 /* Skip the next n bytes during a MSGOUT phase. */ 909 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 910 { 911 s->dnad += n; 912 s->dbc -= n; 913 } 914 915 static void lsi_do_msgout(LSIState *s) 916 { 917 uint8_t msg; 918 int len; 919 uint32_t current_tag; 920 lsi_request *current_req, *p, *p_next; 921 922 if (s->current) { 923 current_tag = s->current->tag; 924 current_req = s->current; 925 } else { 926 current_tag = s->select_tag; 927 current_req = lsi_find_by_tag(s, current_tag); 928 } 929 930 trace_lsi_do_msgout(s->dbc); 931 while (s->dbc) { 932 msg = lsi_get_msgbyte(s); 933 s->sfbr = msg; 934 935 switch (msg) { 936 case 0x04: 937 trace_lsi_do_msgout_disconnect(); 938 lsi_disconnect(s); 939 break; 940 case 0x08: 941 trace_lsi_do_msgout_noop(); 942 lsi_set_phase(s, PHASE_CMD); 943 break; 944 case 0x01: 945 len = lsi_get_msgbyte(s); 946 msg = lsi_get_msgbyte(s); 947 (void)len; /* avoid a warning about unused variable*/ 948 trace_lsi_do_msgout_extended(msg, len); 949 switch (msg) { 950 case 1: 951 trace_lsi_do_msgout_ignored("SDTR"); 952 lsi_skip_msgbytes(s, 2); 953 break; 954 case 3: 955 trace_lsi_do_msgout_ignored("WDTR"); 956 lsi_skip_msgbytes(s, 1); 957 break; 958 case 4: 959 trace_lsi_do_msgout_ignored("PPR"); 960 lsi_skip_msgbytes(s, 5); 961 break; 962 default: 963 goto bad; 964 } 965 break; 966 case 0x20: /* SIMPLE queue */ 967 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 968 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 969 break; 970 case 0x21: /* HEAD of queue */ 971 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 972 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 973 break; 974 case 0x22: /* ORDERED queue */ 975 qemu_log_mask(LOG_UNIMP, 976 "lsi_scsi: ORDERED queue not implemented\n"); 977 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 978 break; 979 case 0x0d: 980 /* The ABORT TAG message clears the current I/O process only. */ 981 trace_lsi_do_msgout_abort(current_tag); 982 if (current_req) { 983 scsi_req_cancel(current_req->req); 984 } 985 lsi_disconnect(s); 986 break; 987 case 0x06: 988 case 0x0e: 989 case 0x0c: 990 /* The ABORT message clears all I/O processes for the selecting 991 initiator on the specified logical unit of the target. */ 992 if (msg == 0x06) { 993 trace_lsi_do_msgout_abort(current_tag); 994 } 995 /* The CLEAR QUEUE message clears all I/O processes for all 996 initiators on the specified logical unit of the target. */ 997 if (msg == 0x0e) { 998 trace_lsi_do_msgout_clearqueue(current_tag); 999 } 1000 /* The BUS DEVICE RESET message clears all I/O processes for all 1001 initiators on all logical units of the target. */ 1002 if (msg == 0x0c) { 1003 trace_lsi_do_msgout_busdevicereset(current_tag); 1004 } 1005 1006 /* clear the current I/O process */ 1007 if (s->current) { 1008 scsi_req_cancel(s->current->req); 1009 } 1010 1011 /* As the current implemented devices scsi_disk and scsi_generic 1012 only support one LUN, we don't need to keep track of LUNs. 1013 Clearing I/O processes for other initiators could be possible 1014 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1015 device, but this is currently not implemented (and seems not 1016 to be really necessary). So let's simply clear all queued 1017 commands for the current device: */ 1018 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1019 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1020 scsi_req_cancel(p->req); 1021 } 1022 } 1023 1024 lsi_disconnect(s); 1025 break; 1026 default: 1027 if ((msg & 0x80) == 0) { 1028 goto bad; 1029 } 1030 s->current_lun = msg & 7; 1031 trace_lsi_do_msgout_select(s->current_lun); 1032 lsi_set_phase(s, PHASE_CMD); 1033 break; 1034 } 1035 } 1036 return; 1037 bad: 1038 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1039 lsi_set_phase(s, PHASE_MI); 1040 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1041 s->msg_action = 0; 1042 } 1043 1044 #define LSI_BUF_SIZE 4096 1045 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1046 { 1047 int n; 1048 uint8_t buf[LSI_BUF_SIZE]; 1049 1050 trace_lsi_memcpy(dest, src, count); 1051 while (count) { 1052 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1053 lsi_mem_read(s, src, buf, n); 1054 lsi_mem_write(s, dest, buf, n); 1055 src += n; 1056 dest += n; 1057 count -= n; 1058 } 1059 } 1060 1061 static void lsi_wait_reselect(LSIState *s) 1062 { 1063 lsi_request *p; 1064 1065 trace_lsi_wait_reselect(); 1066 1067 QTAILQ_FOREACH(p, &s->queue, next) { 1068 if (p->pending) { 1069 lsi_reselect(s, p); 1070 break; 1071 } 1072 } 1073 if (s->current == NULL) { 1074 s->waiting = 1; 1075 } 1076 } 1077 1078 static void lsi_execute_script(LSIState *s) 1079 { 1080 PCIDevice *pci_dev = PCI_DEVICE(s); 1081 uint32_t insn; 1082 uint32_t addr, addr_high; 1083 int opcode; 1084 int insn_processed = 0; 1085 1086 s->istat1 |= LSI_ISTAT1_SRUN; 1087 again: 1088 insn_processed++; 1089 insn = read_dword(s, s->dsp); 1090 if (!insn) { 1091 /* If we receive an empty opcode increment the DSP by 4 bytes 1092 instead of 8 and execute the next opcode at that location */ 1093 s->dsp += 4; 1094 goto again; 1095 } 1096 addr = read_dword(s, s->dsp + 4); 1097 addr_high = 0; 1098 trace_lsi_execute_script(s->dsp, insn, addr); 1099 s->dsps = addr; 1100 s->dcmd = insn >> 24; 1101 s->dsp += 8; 1102 switch (insn >> 30) { 1103 case 0: /* Block move. */ 1104 if (s->sist1 & LSI_SIST1_STO) { 1105 trace_lsi_execute_script_blockmove_delayed(); 1106 lsi_stop_script(s); 1107 break; 1108 } 1109 s->dbc = insn & 0xffffff; 1110 s->rbc = s->dbc; 1111 /* ??? Set ESA. */ 1112 s->ia = s->dsp - 8; 1113 if (insn & (1 << 29)) { 1114 /* Indirect addressing. */ 1115 addr = read_dword(s, addr); 1116 } else if (insn & (1 << 28)) { 1117 uint32_t buf[2]; 1118 int32_t offset; 1119 /* Table indirect addressing. */ 1120 1121 /* 32-bit Table indirect */ 1122 offset = sextract32(addr, 0, 24); 1123 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1124 /* byte count is stored in bits 0:23 only */ 1125 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1126 s->rbc = s->dbc; 1127 addr = cpu_to_le32(buf[1]); 1128 1129 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1130 * table, bits [31:24] */ 1131 if (lsi_dma_40bit(s)) 1132 addr_high = cpu_to_le32(buf[0]) >> 24; 1133 else if (lsi_dma_ti64bit(s)) { 1134 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1135 switch (selector) { 1136 case 0 ... 0x0f: 1137 /* offset index into scratch registers since 1138 * TI64 mode can use registers C to R */ 1139 addr_high = s->scratch[2 + selector]; 1140 break; 1141 case 0x10: 1142 addr_high = s->mmrs; 1143 break; 1144 case 0x11: 1145 addr_high = s->mmws; 1146 break; 1147 case 0x12: 1148 addr_high = s->sfs; 1149 break; 1150 case 0x13: 1151 addr_high = s->drs; 1152 break; 1153 case 0x14: 1154 addr_high = s->sbms; 1155 break; 1156 case 0x15: 1157 addr_high = s->dbms; 1158 break; 1159 default: 1160 qemu_log_mask(LOG_GUEST_ERROR, 1161 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1162 "for 64-bit DMA block move", selector); 1163 break; 1164 } 1165 } 1166 } else if (lsi_dma_64bit(s)) { 1167 /* fetch a 3rd dword if 64-bit direct move is enabled and 1168 only if we're not doing table indirect or indirect addressing */ 1169 s->dbms = read_dword(s, s->dsp); 1170 s->dsp += 4; 1171 s->ia = s->dsp - 12; 1172 } 1173 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1174 trace_lsi_execute_script_blockmove_badphase(s->sstat1 & PHASE_MASK, 1175 (insn >> 24) & 7); 1176 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1177 break; 1178 } 1179 s->dnad = addr; 1180 s->dnad64 = addr_high; 1181 switch (s->sstat1 & 0x7) { 1182 case PHASE_DO: 1183 s->waiting = 2; 1184 lsi_do_dma(s, 1); 1185 if (s->waiting) 1186 s->waiting = 3; 1187 break; 1188 case PHASE_DI: 1189 s->waiting = 2; 1190 lsi_do_dma(s, 0); 1191 if (s->waiting) 1192 s->waiting = 3; 1193 break; 1194 case PHASE_CMD: 1195 lsi_do_command(s); 1196 break; 1197 case PHASE_ST: 1198 lsi_do_status(s); 1199 break; 1200 case PHASE_MO: 1201 lsi_do_msgout(s); 1202 break; 1203 case PHASE_MI: 1204 lsi_do_msgin(s); 1205 break; 1206 default: 1207 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %d\n", 1208 s->sstat1 & PHASE_MASK); 1209 } 1210 s->dfifo = s->dbc & 0xff; 1211 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1212 s->sbc = s->dbc; 1213 s->rbc -= s->dbc; 1214 s->ua = addr + s->dbc; 1215 break; 1216 1217 case 1: /* IO or Read/Write instruction. */ 1218 opcode = (insn >> 27) & 7; 1219 if (opcode < 5) { 1220 uint32_t id; 1221 1222 if (insn & (1 << 25)) { 1223 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1224 } else { 1225 id = insn; 1226 } 1227 id = (id >> 16) & 0xf; 1228 if (insn & (1 << 26)) { 1229 addr = s->dsp + sextract32(addr, 0, 24); 1230 } 1231 s->dnad = addr; 1232 switch (opcode) { 1233 case 0: /* Select */ 1234 s->sdid = id; 1235 if (s->scntl1 & LSI_SCNTL1_CON) { 1236 trace_lsi_execute_script_io_alreadyreselected(); 1237 s->dsp = s->dnad; 1238 break; 1239 } 1240 s->sstat0 |= LSI_SSTAT0_WOA; 1241 s->scntl1 &= ~LSI_SCNTL1_IARB; 1242 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1243 lsi_bad_selection(s, id); 1244 break; 1245 } 1246 trace_lsi_execute_script_io_selected(id, 1247 insn & (1 << 3) ? " ATN" : ""); 1248 /* ??? Linux drivers compain when this is set. Maybe 1249 it only applies in low-level mode (unimplemented). 1250 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1251 s->select_tag = id << 8; 1252 s->scntl1 |= LSI_SCNTL1_CON; 1253 if (insn & (1 << 3)) { 1254 s->socl |= LSI_SOCL_ATN; 1255 } 1256 lsi_set_phase(s, PHASE_MO); 1257 break; 1258 case 1: /* Disconnect */ 1259 trace_lsi_execute_script_io_disconnect(); 1260 s->scntl1 &= ~LSI_SCNTL1_CON; 1261 break; 1262 case 2: /* Wait Reselect */ 1263 if (!lsi_irq_on_rsl(s)) { 1264 lsi_wait_reselect(s); 1265 } 1266 break; 1267 case 3: /* Set */ 1268 trace_lsi_execute_script_io_set( 1269 insn & (1 << 3) ? " ATN" : "", 1270 insn & (1 << 6) ? " ACK" : "", 1271 insn & (1 << 9) ? " TM" : "", 1272 insn & (1 << 10) ? " CC" : ""); 1273 if (insn & (1 << 3)) { 1274 s->socl |= LSI_SOCL_ATN; 1275 lsi_set_phase(s, PHASE_MO); 1276 } 1277 if (insn & (1 << 9)) { 1278 qemu_log_mask(LOG_UNIMP, 1279 "lsi_scsi: Target mode not implemented\n"); 1280 } 1281 if (insn & (1 << 10)) 1282 s->carry = 1; 1283 break; 1284 case 4: /* Clear */ 1285 trace_lsi_execute_script_io_clear( 1286 insn & (1 << 3) ? " ATN" : "", 1287 insn & (1 << 6) ? " ACK" : "", 1288 insn & (1 << 9) ? " TM" : "", 1289 insn & (1 << 10) ? " CC" : ""); 1290 if (insn & (1 << 3)) { 1291 s->socl &= ~LSI_SOCL_ATN; 1292 } 1293 if (insn & (1 << 10)) 1294 s->carry = 0; 1295 break; 1296 } 1297 } else { 1298 uint8_t op0; 1299 uint8_t op1; 1300 uint8_t data8; 1301 int reg; 1302 int operator; 1303 1304 static const char *opcode_names[3] = 1305 {"Write", "Read", "Read-Modify-Write"}; 1306 static const char *operator_names[8] = 1307 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1308 1309 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1310 data8 = (insn >> 8) & 0xff; 1311 opcode = (insn >> 27) & 7; 1312 operator = (insn >> 24) & 7; 1313 trace_lsi_execute_script_io_opcode( 1314 opcode_names[opcode - 5], reg, 1315 operator_names[operator], data8, s->sfbr, 1316 (insn & (1 << 23)) ? " SFBR" : ""); 1317 op0 = op1 = 0; 1318 switch (opcode) { 1319 case 5: /* From SFBR */ 1320 op0 = s->sfbr; 1321 op1 = data8; 1322 break; 1323 case 6: /* To SFBR */ 1324 if (operator) 1325 op0 = lsi_reg_readb(s, reg); 1326 op1 = data8; 1327 break; 1328 case 7: /* Read-modify-write */ 1329 if (operator) 1330 op0 = lsi_reg_readb(s, reg); 1331 if (insn & (1 << 23)) { 1332 op1 = s->sfbr; 1333 } else { 1334 op1 = data8; 1335 } 1336 break; 1337 } 1338 1339 switch (operator) { 1340 case 0: /* move */ 1341 op0 = op1; 1342 break; 1343 case 1: /* Shift left */ 1344 op1 = op0 >> 7; 1345 op0 = (op0 << 1) | s->carry; 1346 s->carry = op1; 1347 break; 1348 case 2: /* OR */ 1349 op0 |= op1; 1350 break; 1351 case 3: /* XOR */ 1352 op0 ^= op1; 1353 break; 1354 case 4: /* AND */ 1355 op0 &= op1; 1356 break; 1357 case 5: /* SHR */ 1358 op1 = op0 & 1; 1359 op0 = (op0 >> 1) | (s->carry << 7); 1360 s->carry = op1; 1361 break; 1362 case 6: /* ADD */ 1363 op0 += op1; 1364 s->carry = op0 < op1; 1365 break; 1366 case 7: /* ADC */ 1367 op0 += op1 + s->carry; 1368 if (s->carry) 1369 s->carry = op0 <= op1; 1370 else 1371 s->carry = op0 < op1; 1372 break; 1373 } 1374 1375 switch (opcode) { 1376 case 5: /* From SFBR */ 1377 case 7: /* Read-modify-write */ 1378 lsi_reg_writeb(s, reg, op0); 1379 break; 1380 case 6: /* To SFBR */ 1381 s->sfbr = op0; 1382 break; 1383 } 1384 } 1385 break; 1386 1387 case 2: /* Transfer Control. */ 1388 { 1389 int cond; 1390 int jmp; 1391 1392 if ((insn & 0x002e0000) == 0) { 1393 trace_lsi_execute_script_tc_nop(); 1394 break; 1395 } 1396 if (s->sist1 & LSI_SIST1_STO) { 1397 trace_lsi_execute_script_tc_delayedselect_timeout(); 1398 lsi_stop_script(s); 1399 break; 1400 } 1401 cond = jmp = (insn & (1 << 19)) != 0; 1402 if (cond == jmp && (insn & (1 << 21))) { 1403 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1404 cond = s->carry != 0; 1405 } 1406 if (cond == jmp && (insn & (1 << 17))) { 1407 trace_lsi_execute_script_tc_compp( 1408 (s->sstat1 & PHASE_MASK), 1409 jmp ? '=' : '!', 1410 ((insn >> 24) & 7)); 1411 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1412 } 1413 if (cond == jmp && (insn & (1 << 18))) { 1414 uint8_t mask; 1415 1416 mask = (~insn >> 8) & 0xff; 1417 trace_lsi_execute_script_tc_compd( 1418 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1419 cond = (s->sfbr & mask) == (insn & mask); 1420 } 1421 if (cond == jmp) { 1422 if (insn & (1 << 23)) { 1423 /* Relative address. */ 1424 addr = s->dsp + sextract32(addr, 0, 24); 1425 } 1426 switch ((insn >> 27) & 7) { 1427 case 0: /* Jump */ 1428 trace_lsi_execute_script_tc_jump(addr); 1429 s->adder = addr; 1430 s->dsp = addr; 1431 break; 1432 case 1: /* Call */ 1433 trace_lsi_execute_script_tc_call(addr); 1434 s->temp = s->dsp; 1435 s->dsp = addr; 1436 break; 1437 case 2: /* Return */ 1438 trace_lsi_execute_script_tc_return(s->temp); 1439 s->dsp = s->temp; 1440 break; 1441 case 3: /* Interrupt */ 1442 trace_lsi_execute_script_tc_interrupt(s->dsps); 1443 if ((insn & (1 << 20)) != 0) { 1444 s->istat0 |= LSI_ISTAT0_INTF; 1445 lsi_update_irq(s); 1446 } else { 1447 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1448 } 1449 break; 1450 default: 1451 trace_lsi_execute_script_tc_illegal(); 1452 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1453 break; 1454 } 1455 } else { 1456 trace_lsi_execute_script_tc_cc_failed(); 1457 } 1458 } 1459 break; 1460 1461 case 3: 1462 if ((insn & (1 << 29)) == 0) { 1463 /* Memory move. */ 1464 uint32_t dest; 1465 /* ??? The docs imply the destination address is loaded into 1466 the TEMP register. However the Linux drivers rely on 1467 the value being presrved. */ 1468 dest = read_dword(s, s->dsp); 1469 s->dsp += 4; 1470 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1471 } else { 1472 uint8_t data[7]; 1473 int reg; 1474 int n; 1475 int i; 1476 1477 if (insn & (1 << 28)) { 1478 addr = s->dsa + sextract32(addr, 0, 24); 1479 } 1480 n = (insn & 7); 1481 reg = (insn >> 16) & 0xff; 1482 if (insn & (1 << 24)) { 1483 pci_dma_read(pci_dev, addr, data, n); 1484 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1485 for (i = 0; i < n; i++) { 1486 lsi_reg_writeb(s, reg + i, data[i]); 1487 } 1488 } else { 1489 trace_lsi_execute_script_mm_store(reg, n, addr); 1490 for (i = 0; i < n; i++) { 1491 data[i] = lsi_reg_readb(s, reg + i); 1492 } 1493 pci_dma_write(pci_dev, addr, data, n); 1494 } 1495 } 1496 } 1497 if (insn_processed > 10000 && !s->waiting) { 1498 /* Some windows drivers make the device spin waiting for a memory 1499 location to change. If we have been executed a lot of code then 1500 assume this is the case and force an unexpected device disconnect. 1501 This is apparently sufficient to beat the drivers into submission. 1502 */ 1503 if (!(s->sien0 & LSI_SIST0_UDC)) { 1504 qemu_log_mask(LOG_GUEST_ERROR, 1505 "lsi_scsi: inf. loop with UDC masked"); 1506 } 1507 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1508 lsi_disconnect(s); 1509 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) { 1510 if (s->dcntl & LSI_DCNTL_SSM) { 1511 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1512 } else { 1513 goto again; 1514 } 1515 } 1516 trace_lsi_execute_script_stop(); 1517 } 1518 1519 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1520 { 1521 uint8_t ret; 1522 1523 #define CASE_GET_REG24(name, addr) \ 1524 case addr: ret = s->name & 0xff; break; \ 1525 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1526 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1527 1528 #define CASE_GET_REG32(name, addr) \ 1529 case addr: ret = s->name & 0xff; break; \ 1530 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1531 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1532 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1533 1534 switch (offset) { 1535 case 0x00: /* SCNTL0 */ 1536 ret = s->scntl0; 1537 break; 1538 case 0x01: /* SCNTL1 */ 1539 ret = s->scntl1; 1540 break; 1541 case 0x02: /* SCNTL2 */ 1542 ret = s->scntl2; 1543 break; 1544 case 0x03: /* SCNTL3 */ 1545 ret = s->scntl3; 1546 break; 1547 case 0x04: /* SCID */ 1548 ret = s->scid; 1549 break; 1550 case 0x05: /* SXFER */ 1551 ret = s->sxfer; 1552 break; 1553 case 0x06: /* SDID */ 1554 ret = s->sdid; 1555 break; 1556 case 0x07: /* GPREG0 */ 1557 ret = 0x7f; 1558 break; 1559 case 0x08: /* Revision ID */ 1560 ret = 0x00; 1561 break; 1562 case 0x09: /* SOCL */ 1563 ret = s->socl; 1564 break; 1565 case 0xa: /* SSID */ 1566 ret = s->ssid; 1567 break; 1568 case 0xb: /* SBCL */ 1569 /* ??? This is not correct. However it's (hopefully) only 1570 used for diagnostics, so should be ok. */ 1571 ret = 0; 1572 break; 1573 case 0xc: /* DSTAT */ 1574 ret = s->dstat | LSI_DSTAT_DFE; 1575 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1576 s->dstat = 0; 1577 lsi_update_irq(s); 1578 break; 1579 case 0x0d: /* SSTAT0 */ 1580 ret = s->sstat0; 1581 break; 1582 case 0x0e: /* SSTAT1 */ 1583 ret = s->sstat1; 1584 break; 1585 case 0x0f: /* SSTAT2 */ 1586 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1587 break; 1588 CASE_GET_REG32(dsa, 0x10) 1589 case 0x14: /* ISTAT0 */ 1590 ret = s->istat0; 1591 break; 1592 case 0x15: /* ISTAT1 */ 1593 ret = s->istat1; 1594 break; 1595 case 0x16: /* MBOX0 */ 1596 ret = s->mbox0; 1597 break; 1598 case 0x17: /* MBOX1 */ 1599 ret = s->mbox1; 1600 break; 1601 case 0x18: /* CTEST0 */ 1602 ret = 0xff; 1603 break; 1604 case 0x19: /* CTEST1 */ 1605 ret = 0; 1606 break; 1607 case 0x1a: /* CTEST2 */ 1608 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1609 if (s->istat0 & LSI_ISTAT0_SIGP) { 1610 s->istat0 &= ~LSI_ISTAT0_SIGP; 1611 ret |= LSI_CTEST2_SIGP; 1612 } 1613 break; 1614 case 0x1b: /* CTEST3 */ 1615 ret = s->ctest3; 1616 break; 1617 CASE_GET_REG32(temp, 0x1c) 1618 case 0x20: /* DFIFO */ 1619 ret = 0; 1620 break; 1621 case 0x21: /* CTEST4 */ 1622 ret = s->ctest4; 1623 break; 1624 case 0x22: /* CTEST5 */ 1625 ret = s->ctest5; 1626 break; 1627 case 0x23: /* CTEST6 */ 1628 ret = 0; 1629 break; 1630 CASE_GET_REG24(dbc, 0x24) 1631 case 0x27: /* DCMD */ 1632 ret = s->dcmd; 1633 break; 1634 CASE_GET_REG32(dnad, 0x28) 1635 CASE_GET_REG32(dsp, 0x2c) 1636 CASE_GET_REG32(dsps, 0x30) 1637 CASE_GET_REG32(scratch[0], 0x34) 1638 case 0x38: /* DMODE */ 1639 ret = s->dmode; 1640 break; 1641 case 0x39: /* DIEN */ 1642 ret = s->dien; 1643 break; 1644 case 0x3a: /* SBR */ 1645 ret = s->sbr; 1646 break; 1647 case 0x3b: /* DCNTL */ 1648 ret = s->dcntl; 1649 break; 1650 /* ADDER Output (Debug of relative jump address) */ 1651 CASE_GET_REG32(adder, 0x3c) 1652 case 0x40: /* SIEN0 */ 1653 ret = s->sien0; 1654 break; 1655 case 0x41: /* SIEN1 */ 1656 ret = s->sien1; 1657 break; 1658 case 0x42: /* SIST0 */ 1659 ret = s->sist0; 1660 s->sist0 = 0; 1661 lsi_update_irq(s); 1662 break; 1663 case 0x43: /* SIST1 */ 1664 ret = s->sist1; 1665 s->sist1 = 0; 1666 lsi_update_irq(s); 1667 break; 1668 case 0x46: /* MACNTL */ 1669 ret = 0x0f; 1670 break; 1671 case 0x47: /* GPCNTL0 */ 1672 ret = 0x0f; 1673 break; 1674 case 0x48: /* STIME0 */ 1675 ret = s->stime0; 1676 break; 1677 case 0x4a: /* RESPID0 */ 1678 ret = s->respid0; 1679 break; 1680 case 0x4b: /* RESPID1 */ 1681 ret = s->respid1; 1682 break; 1683 case 0x4d: /* STEST1 */ 1684 ret = s->stest1; 1685 break; 1686 case 0x4e: /* STEST2 */ 1687 ret = s->stest2; 1688 break; 1689 case 0x4f: /* STEST3 */ 1690 ret = s->stest3; 1691 break; 1692 case 0x50: /* SIDL */ 1693 /* This is needed by the linux drivers. We currently only update it 1694 during the MSG IN phase. */ 1695 ret = s->sidl; 1696 break; 1697 case 0x52: /* STEST4 */ 1698 ret = 0xe0; 1699 break; 1700 case 0x56: /* CCNTL0 */ 1701 ret = s->ccntl0; 1702 break; 1703 case 0x57: /* CCNTL1 */ 1704 ret = s->ccntl1; 1705 break; 1706 case 0x58: /* SBDL */ 1707 /* Some drivers peek at the data bus during the MSG IN phase. */ 1708 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) 1709 return s->msg[0]; 1710 ret = 0; 1711 break; 1712 case 0x59: /* SBDL high */ 1713 ret = 0; 1714 break; 1715 CASE_GET_REG32(mmrs, 0xa0) 1716 CASE_GET_REG32(mmws, 0xa4) 1717 CASE_GET_REG32(sfs, 0xa8) 1718 CASE_GET_REG32(drs, 0xac) 1719 CASE_GET_REG32(sbms, 0xb0) 1720 CASE_GET_REG32(dbms, 0xb4) 1721 CASE_GET_REG32(dnad64, 0xb8) 1722 CASE_GET_REG32(pmjad1, 0xc0) 1723 CASE_GET_REG32(pmjad2, 0xc4) 1724 CASE_GET_REG32(rbc, 0xc8) 1725 CASE_GET_REG32(ua, 0xcc) 1726 CASE_GET_REG32(ia, 0xd4) 1727 CASE_GET_REG32(sbc, 0xd8) 1728 CASE_GET_REG32(csbc, 0xdc) 1729 case 0x5c ... 0x9f: 1730 { 1731 int n; 1732 int shift; 1733 n = (offset - 0x58) >> 2; 1734 shift = (offset & 3) * 8; 1735 ret = (s->scratch[n] >> shift) & 0xff; 1736 break; 1737 } 1738 default: 1739 { 1740 qemu_log_mask(LOG_GUEST_ERROR, 1741 "lsi_scsi: invalid read from reg %s %x\n", 1742 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1743 offset); 1744 ret = 0xff; 1745 break; 1746 } 1747 } 1748 #undef CASE_GET_REG24 1749 #undef CASE_GET_REG32 1750 1751 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1752 offset, ret); 1753 1754 return ret; 1755 } 1756 1757 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1758 { 1759 #define CASE_SET_REG24(name, addr) \ 1760 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1761 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1762 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1763 1764 #define CASE_SET_REG32(name, addr) \ 1765 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1766 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1767 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1768 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1769 1770 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1771 offset, val); 1772 1773 switch (offset) { 1774 case 0x00: /* SCNTL0 */ 1775 s->scntl0 = val; 1776 if (val & LSI_SCNTL0_START) { 1777 qemu_log_mask(LOG_UNIMP, 1778 "lsi_scsi: Start sequence not implemented\n"); 1779 } 1780 break; 1781 case 0x01: /* SCNTL1 */ 1782 s->scntl1 = val & ~LSI_SCNTL1_SST; 1783 if (val & LSI_SCNTL1_IARB) { 1784 qemu_log_mask(LOG_UNIMP, 1785 "lsi_scsi: Immediate Arbritration not implemented\n"); 1786 } 1787 if (val & LSI_SCNTL1_RST) { 1788 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1789 qbus_reset_all(&s->bus.qbus); 1790 s->sstat0 |= LSI_SSTAT0_RST; 1791 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1792 } 1793 } else { 1794 s->sstat0 &= ~LSI_SSTAT0_RST; 1795 } 1796 break; 1797 case 0x02: /* SCNTL2 */ 1798 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1799 s->scntl2 = val; 1800 break; 1801 case 0x03: /* SCNTL3 */ 1802 s->scntl3 = val; 1803 break; 1804 case 0x04: /* SCID */ 1805 s->scid = val; 1806 break; 1807 case 0x05: /* SXFER */ 1808 s->sxfer = val; 1809 break; 1810 case 0x06: /* SDID */ 1811 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1812 qemu_log_mask(LOG_GUEST_ERROR, 1813 "lsi_scsi: Destination ID does not match SSID\n"); 1814 } 1815 s->sdid = val & 0xf; 1816 break; 1817 case 0x07: /* GPREG0 */ 1818 break; 1819 case 0x08: /* SFBR */ 1820 /* The CPU is not allowed to write to this register. However the 1821 SCRIPTS register move instructions are. */ 1822 s->sfbr = val; 1823 break; 1824 case 0x0a: case 0x0b: 1825 /* Openserver writes to these readonly registers on startup */ 1826 return; 1827 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1828 /* Linux writes to these readonly registers on startup. */ 1829 return; 1830 CASE_SET_REG32(dsa, 0x10) 1831 case 0x14: /* ISTAT0 */ 1832 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1833 if (val & LSI_ISTAT0_ABRT) { 1834 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1835 } 1836 if (val & LSI_ISTAT0_INTF) { 1837 s->istat0 &= ~LSI_ISTAT0_INTF; 1838 lsi_update_irq(s); 1839 } 1840 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) { 1841 trace_lsi_awoken(); 1842 s->waiting = 0; 1843 s->dsp = s->dnad; 1844 lsi_execute_script(s); 1845 } 1846 if (val & LSI_ISTAT0_SRST) { 1847 qdev_reset_all(DEVICE(s)); 1848 } 1849 break; 1850 case 0x16: /* MBOX0 */ 1851 s->mbox0 = val; 1852 break; 1853 case 0x17: /* MBOX1 */ 1854 s->mbox1 = val; 1855 break; 1856 case 0x18: /* CTEST0 */ 1857 /* nothing to do */ 1858 break; 1859 case 0x1a: /* CTEST2 */ 1860 s->ctest2 = val & LSI_CTEST2_PCICIE; 1861 break; 1862 case 0x1b: /* CTEST3 */ 1863 s->ctest3 = val & 0x0f; 1864 break; 1865 CASE_SET_REG32(temp, 0x1c) 1866 case 0x21: /* CTEST4 */ 1867 if (val & 7) { 1868 qemu_log_mask(LOG_UNIMP, 1869 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1870 } 1871 s->ctest4 = val; 1872 break; 1873 case 0x22: /* CTEST5 */ 1874 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1875 qemu_log_mask(LOG_UNIMP, 1876 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1877 } 1878 s->ctest5 = val; 1879 break; 1880 CASE_SET_REG24(dbc, 0x24) 1881 CASE_SET_REG32(dnad, 0x28) 1882 case 0x2c: /* DSP[0:7] */ 1883 s->dsp &= 0xffffff00; 1884 s->dsp |= val; 1885 break; 1886 case 0x2d: /* DSP[8:15] */ 1887 s->dsp &= 0xffff00ff; 1888 s->dsp |= val << 8; 1889 break; 1890 case 0x2e: /* DSP[16:23] */ 1891 s->dsp &= 0xff00ffff; 1892 s->dsp |= val << 16; 1893 break; 1894 case 0x2f: /* DSP[24:31] */ 1895 s->dsp &= 0x00ffffff; 1896 s->dsp |= val << 24; 1897 if ((s->dmode & LSI_DMODE_MAN) == 0 1898 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1899 lsi_execute_script(s); 1900 break; 1901 CASE_SET_REG32(dsps, 0x30) 1902 CASE_SET_REG32(scratch[0], 0x34) 1903 case 0x38: /* DMODE */ 1904 s->dmode = val; 1905 break; 1906 case 0x39: /* DIEN */ 1907 s->dien = val; 1908 lsi_update_irq(s); 1909 break; 1910 case 0x3a: /* SBR */ 1911 s->sbr = val; 1912 break; 1913 case 0x3b: /* DCNTL */ 1914 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1915 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1916 lsi_execute_script(s); 1917 break; 1918 case 0x40: /* SIEN0 */ 1919 s->sien0 = val; 1920 lsi_update_irq(s); 1921 break; 1922 case 0x41: /* SIEN1 */ 1923 s->sien1 = val; 1924 lsi_update_irq(s); 1925 break; 1926 case 0x47: /* GPCNTL0 */ 1927 break; 1928 case 0x48: /* STIME0 */ 1929 s->stime0 = val; 1930 break; 1931 case 0x49: /* STIME1 */ 1932 if (val & 0xf) { 1933 qemu_log_mask(LOG_UNIMP, 1934 "lsi_scsi: General purpose timer not implemented\n"); 1935 /* ??? Raising the interrupt immediately seems to be sufficient 1936 to keep the FreeBSD driver happy. */ 1937 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 1938 } 1939 break; 1940 case 0x4a: /* RESPID0 */ 1941 s->respid0 = val; 1942 break; 1943 case 0x4b: /* RESPID1 */ 1944 s->respid1 = val; 1945 break; 1946 case 0x4d: /* STEST1 */ 1947 s->stest1 = val; 1948 break; 1949 case 0x4e: /* STEST2 */ 1950 if (val & 1) { 1951 qemu_log_mask(LOG_UNIMP, 1952 "lsi_scsi: Low level mode not implemented\n"); 1953 } 1954 s->stest2 = val; 1955 break; 1956 case 0x4f: /* STEST3 */ 1957 if (val & 0x41) { 1958 qemu_log_mask(LOG_UNIMP, 1959 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 1960 } 1961 s->stest3 = val; 1962 break; 1963 case 0x56: /* CCNTL0 */ 1964 s->ccntl0 = val; 1965 break; 1966 case 0x57: /* CCNTL1 */ 1967 s->ccntl1 = val; 1968 break; 1969 CASE_SET_REG32(mmrs, 0xa0) 1970 CASE_SET_REG32(mmws, 0xa4) 1971 CASE_SET_REG32(sfs, 0xa8) 1972 CASE_SET_REG32(drs, 0xac) 1973 CASE_SET_REG32(sbms, 0xb0) 1974 CASE_SET_REG32(dbms, 0xb4) 1975 CASE_SET_REG32(dnad64, 0xb8) 1976 CASE_SET_REG32(pmjad1, 0xc0) 1977 CASE_SET_REG32(pmjad2, 0xc4) 1978 CASE_SET_REG32(rbc, 0xc8) 1979 CASE_SET_REG32(ua, 0xcc) 1980 CASE_SET_REG32(ia, 0xd4) 1981 CASE_SET_REG32(sbc, 0xd8) 1982 CASE_SET_REG32(csbc, 0xdc) 1983 default: 1984 if (offset >= 0x5c && offset < 0xa0) { 1985 int n; 1986 int shift; 1987 n = (offset - 0x58) >> 2; 1988 shift = (offset & 3) * 8; 1989 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 1990 } else { 1991 qemu_log_mask(LOG_GUEST_ERROR, 1992 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 1993 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1994 offset, val); 1995 } 1996 } 1997 #undef CASE_SET_REG24 1998 #undef CASE_SET_REG32 1999 } 2000 2001 static void lsi_mmio_write(void *opaque, hwaddr addr, 2002 uint64_t val, unsigned size) 2003 { 2004 LSIState *s = opaque; 2005 2006 lsi_reg_writeb(s, addr & 0xff, val); 2007 } 2008 2009 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2010 unsigned size) 2011 { 2012 LSIState *s = opaque; 2013 2014 return lsi_reg_readb(s, addr & 0xff); 2015 } 2016 2017 static const MemoryRegionOps lsi_mmio_ops = { 2018 .read = lsi_mmio_read, 2019 .write = lsi_mmio_write, 2020 .endianness = DEVICE_NATIVE_ENDIAN, 2021 .impl = { 2022 .min_access_size = 1, 2023 .max_access_size = 1, 2024 }, 2025 }; 2026 2027 static void lsi_ram_write(void *opaque, hwaddr addr, 2028 uint64_t val, unsigned size) 2029 { 2030 LSIState *s = opaque; 2031 uint32_t newval; 2032 uint32_t mask; 2033 int shift; 2034 2035 newval = s->script_ram[addr >> 2]; 2036 shift = (addr & 3) * 8; 2037 mask = ((uint64_t)1 << (size * 8)) - 1; 2038 newval &= ~(mask << shift); 2039 newval |= val << shift; 2040 s->script_ram[addr >> 2] = newval; 2041 } 2042 2043 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2044 unsigned size) 2045 { 2046 LSIState *s = opaque; 2047 uint32_t val; 2048 uint32_t mask; 2049 2050 val = s->script_ram[addr >> 2]; 2051 mask = ((uint64_t)1 << (size * 8)) - 1; 2052 val >>= (addr & 3) * 8; 2053 return val & mask; 2054 } 2055 2056 static const MemoryRegionOps lsi_ram_ops = { 2057 .read = lsi_ram_read, 2058 .write = lsi_ram_write, 2059 .endianness = DEVICE_NATIVE_ENDIAN, 2060 }; 2061 2062 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2063 unsigned size) 2064 { 2065 LSIState *s = opaque; 2066 return lsi_reg_readb(s, addr & 0xff); 2067 } 2068 2069 static void lsi_io_write(void *opaque, hwaddr addr, 2070 uint64_t val, unsigned size) 2071 { 2072 LSIState *s = opaque; 2073 lsi_reg_writeb(s, addr & 0xff, val); 2074 } 2075 2076 static const MemoryRegionOps lsi_io_ops = { 2077 .read = lsi_io_read, 2078 .write = lsi_io_write, 2079 .endianness = DEVICE_NATIVE_ENDIAN, 2080 .impl = { 2081 .min_access_size = 1, 2082 .max_access_size = 1, 2083 }, 2084 }; 2085 2086 static void lsi_scsi_reset(DeviceState *dev) 2087 { 2088 LSIState *s = LSI53C895A(dev); 2089 2090 lsi_soft_reset(s); 2091 } 2092 2093 static int lsi_pre_save(void *opaque) 2094 { 2095 LSIState *s = opaque; 2096 2097 if (s->current) { 2098 assert(s->current->dma_buf == NULL); 2099 assert(s->current->dma_len == 0); 2100 } 2101 assert(QTAILQ_EMPTY(&s->queue)); 2102 2103 return 0; 2104 } 2105 2106 static const VMStateDescription vmstate_lsi_scsi = { 2107 .name = "lsiscsi", 2108 .version_id = 0, 2109 .minimum_version_id = 0, 2110 .pre_save = lsi_pre_save, 2111 .fields = (VMStateField[]) { 2112 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2113 2114 VMSTATE_INT32(carry, LSIState), 2115 VMSTATE_INT32(status, LSIState), 2116 VMSTATE_INT32(msg_action, LSIState), 2117 VMSTATE_INT32(msg_len, LSIState), 2118 VMSTATE_BUFFER(msg, LSIState), 2119 VMSTATE_INT32(waiting, LSIState), 2120 2121 VMSTATE_UINT32(dsa, LSIState), 2122 VMSTATE_UINT32(temp, LSIState), 2123 VMSTATE_UINT32(dnad, LSIState), 2124 VMSTATE_UINT32(dbc, LSIState), 2125 VMSTATE_UINT8(istat0, LSIState), 2126 VMSTATE_UINT8(istat1, LSIState), 2127 VMSTATE_UINT8(dcmd, LSIState), 2128 VMSTATE_UINT8(dstat, LSIState), 2129 VMSTATE_UINT8(dien, LSIState), 2130 VMSTATE_UINT8(sist0, LSIState), 2131 VMSTATE_UINT8(sist1, LSIState), 2132 VMSTATE_UINT8(sien0, LSIState), 2133 VMSTATE_UINT8(sien1, LSIState), 2134 VMSTATE_UINT8(mbox0, LSIState), 2135 VMSTATE_UINT8(mbox1, LSIState), 2136 VMSTATE_UINT8(dfifo, LSIState), 2137 VMSTATE_UINT8(ctest2, LSIState), 2138 VMSTATE_UINT8(ctest3, LSIState), 2139 VMSTATE_UINT8(ctest4, LSIState), 2140 VMSTATE_UINT8(ctest5, LSIState), 2141 VMSTATE_UINT8(ccntl0, LSIState), 2142 VMSTATE_UINT8(ccntl1, LSIState), 2143 VMSTATE_UINT32(dsp, LSIState), 2144 VMSTATE_UINT32(dsps, LSIState), 2145 VMSTATE_UINT8(dmode, LSIState), 2146 VMSTATE_UINT8(dcntl, LSIState), 2147 VMSTATE_UINT8(scntl0, LSIState), 2148 VMSTATE_UINT8(scntl1, LSIState), 2149 VMSTATE_UINT8(scntl2, LSIState), 2150 VMSTATE_UINT8(scntl3, LSIState), 2151 VMSTATE_UINT8(sstat0, LSIState), 2152 VMSTATE_UINT8(sstat1, LSIState), 2153 VMSTATE_UINT8(scid, LSIState), 2154 VMSTATE_UINT8(sxfer, LSIState), 2155 VMSTATE_UINT8(socl, LSIState), 2156 VMSTATE_UINT8(sdid, LSIState), 2157 VMSTATE_UINT8(ssid, LSIState), 2158 VMSTATE_UINT8(sfbr, LSIState), 2159 VMSTATE_UINT8(stest1, LSIState), 2160 VMSTATE_UINT8(stest2, LSIState), 2161 VMSTATE_UINT8(stest3, LSIState), 2162 VMSTATE_UINT8(sidl, LSIState), 2163 VMSTATE_UINT8(stime0, LSIState), 2164 VMSTATE_UINT8(respid0, LSIState), 2165 VMSTATE_UINT8(respid1, LSIState), 2166 VMSTATE_UINT32(mmrs, LSIState), 2167 VMSTATE_UINT32(mmws, LSIState), 2168 VMSTATE_UINT32(sfs, LSIState), 2169 VMSTATE_UINT32(drs, LSIState), 2170 VMSTATE_UINT32(sbms, LSIState), 2171 VMSTATE_UINT32(dbms, LSIState), 2172 VMSTATE_UINT32(dnad64, LSIState), 2173 VMSTATE_UINT32(pmjad1, LSIState), 2174 VMSTATE_UINT32(pmjad2, LSIState), 2175 VMSTATE_UINT32(rbc, LSIState), 2176 VMSTATE_UINT32(ua, LSIState), 2177 VMSTATE_UINT32(ia, LSIState), 2178 VMSTATE_UINT32(sbc, LSIState), 2179 VMSTATE_UINT32(csbc, LSIState), 2180 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2181 VMSTATE_UINT8(sbr, LSIState), 2182 2183 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)), 2184 VMSTATE_END_OF_LIST() 2185 } 2186 }; 2187 2188 static const struct SCSIBusInfo lsi_scsi_info = { 2189 .tcq = true, 2190 .max_target = LSI_MAX_DEVS, 2191 .max_lun = 0, /* LUN support is buggy */ 2192 2193 .transfer_data = lsi_transfer_data, 2194 .complete = lsi_command_complete, 2195 .cancel = lsi_request_cancelled 2196 }; 2197 2198 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2199 { 2200 LSIState *s = LSI53C895A(dev); 2201 DeviceState *d = DEVICE(dev); 2202 uint8_t *pci_conf; 2203 2204 pci_conf = dev->config; 2205 2206 /* PCI latency timer = 255 */ 2207 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2208 /* Interrupt pin A */ 2209 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2210 2211 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2212 "lsi-mmio", 0x400); 2213 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2214 "lsi-ram", 0x2000); 2215 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2216 "lsi-io", 256); 2217 2218 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2219 qdev_init_gpio_out(d, &s->ext_irq, 1); 2220 2221 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2222 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2223 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2224 QTAILQ_INIT(&s->queue); 2225 2226 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2227 } 2228 2229 static void lsi_scsi_unrealize(DeviceState *dev, Error **errp) 2230 { 2231 LSIState *s = LSI53C895A(dev); 2232 2233 address_space_destroy(&s->pci_io_as); 2234 } 2235 2236 static void lsi_class_init(ObjectClass *klass, void *data) 2237 { 2238 DeviceClass *dc = DEVICE_CLASS(klass); 2239 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2240 2241 k->realize = lsi_scsi_realize; 2242 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2243 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2244 k->class_id = PCI_CLASS_STORAGE_SCSI; 2245 k->subsystem_id = 0x1000; 2246 dc->unrealize = lsi_scsi_unrealize; 2247 dc->reset = lsi_scsi_reset; 2248 dc->vmsd = &vmstate_lsi_scsi; 2249 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2250 } 2251 2252 static const TypeInfo lsi_info = { 2253 .name = TYPE_LSI53C895A, 2254 .parent = TYPE_PCI_DEVICE, 2255 .instance_size = sizeof(LSIState), 2256 .class_init = lsi_class_init, 2257 .interfaces = (InterfaceInfo[]) { 2258 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2259 { }, 2260 }, 2261 }; 2262 2263 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2264 { 2265 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2266 2267 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2268 } 2269 2270 static TypeInfo lsi53c810_info = { 2271 .name = TYPE_LSI53C810, 2272 .parent = TYPE_LSI53C895A, 2273 .class_init = lsi53c810_class_init, 2274 }; 2275 2276 static void lsi53c895a_register_types(void) 2277 { 2278 type_register_static(&lsi_info); 2279 type_register_static(&lsi53c810_info); 2280 } 2281 2282 type_init(lsi53c895a_register_types) 2283 2284 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2285 { 2286 LSIState *s = LSI53C895A(lsi_dev); 2287 2288 scsi_bus_legacy_handle_cmdline(&s->bus); 2289 } 2290