1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/hw.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "sysemu/dma.h" 22 #include "qemu/log.h" 23 #include "trace.h" 24 25 static const char *names[] = { 26 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 27 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 28 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 29 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 30 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 31 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 32 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 33 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 34 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 35 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 36 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 37 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 38 }; 39 40 #define LSI_MAX_DEVS 7 41 42 #define LSI_SCNTL0_TRG 0x01 43 #define LSI_SCNTL0_AAP 0x02 44 #define LSI_SCNTL0_EPC 0x08 45 #define LSI_SCNTL0_WATN 0x10 46 #define LSI_SCNTL0_START 0x20 47 48 #define LSI_SCNTL1_SST 0x01 49 #define LSI_SCNTL1_IARB 0x02 50 #define LSI_SCNTL1_AESP 0x04 51 #define LSI_SCNTL1_RST 0x08 52 #define LSI_SCNTL1_CON 0x10 53 #define LSI_SCNTL1_DHP 0x20 54 #define LSI_SCNTL1_ADB 0x40 55 #define LSI_SCNTL1_EXC 0x80 56 57 #define LSI_SCNTL2_WSR 0x01 58 #define LSI_SCNTL2_VUE0 0x02 59 #define LSI_SCNTL2_VUE1 0x04 60 #define LSI_SCNTL2_WSS 0x08 61 #define LSI_SCNTL2_SLPHBEN 0x10 62 #define LSI_SCNTL2_SLPMD 0x20 63 #define LSI_SCNTL2_CHM 0x40 64 #define LSI_SCNTL2_SDU 0x80 65 66 #define LSI_ISTAT0_DIP 0x01 67 #define LSI_ISTAT0_SIP 0x02 68 #define LSI_ISTAT0_INTF 0x04 69 #define LSI_ISTAT0_CON 0x08 70 #define LSI_ISTAT0_SEM 0x10 71 #define LSI_ISTAT0_SIGP 0x20 72 #define LSI_ISTAT0_SRST 0x40 73 #define LSI_ISTAT0_ABRT 0x80 74 75 #define LSI_ISTAT1_SI 0x01 76 #define LSI_ISTAT1_SRUN 0x02 77 #define LSI_ISTAT1_FLSH 0x04 78 79 #define LSI_SSTAT0_SDP0 0x01 80 #define LSI_SSTAT0_RST 0x02 81 #define LSI_SSTAT0_WOA 0x04 82 #define LSI_SSTAT0_LOA 0x08 83 #define LSI_SSTAT0_AIP 0x10 84 #define LSI_SSTAT0_OLF 0x20 85 #define LSI_SSTAT0_ORF 0x40 86 #define LSI_SSTAT0_ILF 0x80 87 88 #define LSI_SIST0_PAR 0x01 89 #define LSI_SIST0_RST 0x02 90 #define LSI_SIST0_UDC 0x04 91 #define LSI_SIST0_SGE 0x08 92 #define LSI_SIST0_RSL 0x10 93 #define LSI_SIST0_SEL 0x20 94 #define LSI_SIST0_CMP 0x40 95 #define LSI_SIST0_MA 0x80 96 97 #define LSI_SIST1_HTH 0x01 98 #define LSI_SIST1_GEN 0x02 99 #define LSI_SIST1_STO 0x04 100 #define LSI_SIST1_SBMC 0x10 101 102 #define LSI_SOCL_IO 0x01 103 #define LSI_SOCL_CD 0x02 104 #define LSI_SOCL_MSG 0x04 105 #define LSI_SOCL_ATN 0x08 106 #define LSI_SOCL_SEL 0x10 107 #define LSI_SOCL_BSY 0x20 108 #define LSI_SOCL_ACK 0x40 109 #define LSI_SOCL_REQ 0x80 110 111 #define LSI_DSTAT_IID 0x01 112 #define LSI_DSTAT_SIR 0x04 113 #define LSI_DSTAT_SSI 0x08 114 #define LSI_DSTAT_ABRT 0x10 115 #define LSI_DSTAT_BF 0x20 116 #define LSI_DSTAT_MDPE 0x40 117 #define LSI_DSTAT_DFE 0x80 118 119 #define LSI_DCNTL_COM 0x01 120 #define LSI_DCNTL_IRQD 0x02 121 #define LSI_DCNTL_STD 0x04 122 #define LSI_DCNTL_IRQM 0x08 123 #define LSI_DCNTL_SSM 0x10 124 #define LSI_DCNTL_PFEN 0x20 125 #define LSI_DCNTL_PFF 0x40 126 #define LSI_DCNTL_CLSE 0x80 127 128 #define LSI_DMODE_MAN 0x01 129 #define LSI_DMODE_BOF 0x02 130 #define LSI_DMODE_ERMP 0x04 131 #define LSI_DMODE_ERL 0x08 132 #define LSI_DMODE_DIOM 0x10 133 #define LSI_DMODE_SIOM 0x20 134 135 #define LSI_CTEST2_DACK 0x01 136 #define LSI_CTEST2_DREQ 0x02 137 #define LSI_CTEST2_TEOP 0x04 138 #define LSI_CTEST2_PCICIE 0x08 139 #define LSI_CTEST2_CM 0x10 140 #define LSI_CTEST2_CIO 0x20 141 #define LSI_CTEST2_SIGP 0x40 142 #define LSI_CTEST2_DDIR 0x80 143 144 #define LSI_CTEST5_BL2 0x04 145 #define LSI_CTEST5_DDIR 0x08 146 #define LSI_CTEST5_MASR 0x10 147 #define LSI_CTEST5_DFSN 0x20 148 #define LSI_CTEST5_BBCK 0x40 149 #define LSI_CTEST5_ADCK 0x80 150 151 #define LSI_CCNTL0_DILS 0x01 152 #define LSI_CCNTL0_DISFC 0x10 153 #define LSI_CCNTL0_ENNDJ 0x20 154 #define LSI_CCNTL0_PMJCTL 0x40 155 #define LSI_CCNTL0_ENPMJ 0x80 156 157 #define LSI_CCNTL1_EN64DBMV 0x01 158 #define LSI_CCNTL1_EN64TIBMV 0x02 159 #define LSI_CCNTL1_64TIMOD 0x04 160 #define LSI_CCNTL1_DDAC 0x08 161 #define LSI_CCNTL1_ZMOD 0x80 162 163 /* Enable Response to Reselection */ 164 #define LSI_SCID_RRE 0x60 165 166 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 167 168 #define PHASE_DO 0 169 #define PHASE_DI 1 170 #define PHASE_CMD 2 171 #define PHASE_ST 3 172 #define PHASE_MO 6 173 #define PHASE_MI 7 174 #define PHASE_MASK 7 175 176 /* Maximum length of MSG IN data. */ 177 #define LSI_MAX_MSGIN_LEN 8 178 179 /* Flag set if this is a tagged command. */ 180 #define LSI_TAG_VALID (1 << 16) 181 182 typedef struct lsi_request { 183 SCSIRequest *req; 184 uint32_t tag; 185 uint32_t dma_len; 186 uint8_t *dma_buf; 187 uint32_t pending; 188 int out; 189 QTAILQ_ENTRY(lsi_request) next; 190 } lsi_request; 191 192 typedef struct { 193 /*< private >*/ 194 PCIDevice parent_obj; 195 /*< public >*/ 196 197 qemu_irq ext_irq; 198 MemoryRegion mmio_io; 199 MemoryRegion ram_io; 200 MemoryRegion io_io; 201 AddressSpace pci_io_as; 202 203 int carry; /* ??? Should this be an a visible register somewhere? */ 204 int status; 205 /* Action to take at the end of a MSG IN phase. 206 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */ 207 int msg_action; 208 int msg_len; 209 uint8_t msg[LSI_MAX_MSGIN_LEN]; 210 /* 0 if SCRIPTS are running or stopped. 211 * 1 if a Wait Reselect instruction has been issued. 212 * 2 if processing DMA from lsi_execute_script. 213 * 3 if a DMA operation is in progress. */ 214 int waiting; 215 SCSIBus bus; 216 int current_lun; 217 /* The tag is a combination of the device ID and the SCSI tag. */ 218 uint32_t select_tag; 219 int command_complete; 220 QTAILQ_HEAD(, lsi_request) queue; 221 lsi_request *current; 222 223 uint32_t dsa; 224 uint32_t temp; 225 uint32_t dnad; 226 uint32_t dbc; 227 uint8_t istat0; 228 uint8_t istat1; 229 uint8_t dcmd; 230 uint8_t dstat; 231 uint8_t dien; 232 uint8_t sist0; 233 uint8_t sist1; 234 uint8_t sien0; 235 uint8_t sien1; 236 uint8_t mbox0; 237 uint8_t mbox1; 238 uint8_t dfifo; 239 uint8_t ctest2; 240 uint8_t ctest3; 241 uint8_t ctest4; 242 uint8_t ctest5; 243 uint8_t ccntl0; 244 uint8_t ccntl1; 245 uint32_t dsp; 246 uint32_t dsps; 247 uint8_t dmode; 248 uint8_t dcntl; 249 uint8_t scntl0; 250 uint8_t scntl1; 251 uint8_t scntl2; 252 uint8_t scntl3; 253 uint8_t sstat0; 254 uint8_t sstat1; 255 uint8_t scid; 256 uint8_t sxfer; 257 uint8_t socl; 258 uint8_t sdid; 259 uint8_t ssid; 260 uint8_t sfbr; 261 uint8_t stest1; 262 uint8_t stest2; 263 uint8_t stest3; 264 uint8_t sidl; 265 uint8_t stime0; 266 uint8_t respid0; 267 uint8_t respid1; 268 uint32_t mmrs; 269 uint32_t mmws; 270 uint32_t sfs; 271 uint32_t drs; 272 uint32_t sbms; 273 uint32_t dbms; 274 uint32_t dnad64; 275 uint32_t pmjad1; 276 uint32_t pmjad2; 277 uint32_t rbc; 278 uint32_t ua; 279 uint32_t ia; 280 uint32_t sbc; 281 uint32_t csbc; 282 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 283 uint8_t sbr; 284 uint32_t adder; 285 286 /* Script ram is stored as 32-bit words in host byteorder. */ 287 uint32_t script_ram[2048]; 288 } LSIState; 289 290 #define TYPE_LSI53C810 "lsi53c810" 291 #define TYPE_LSI53C895A "lsi53c895a" 292 293 #define LSI53C895A(obj) \ 294 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A) 295 296 static inline int lsi_irq_on_rsl(LSIState *s) 297 { 298 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 299 } 300 301 static void lsi_soft_reset(LSIState *s) 302 { 303 trace_lsi_reset(); 304 s->carry = 0; 305 306 s->msg_action = 0; 307 s->msg_len = 0; 308 s->waiting = 0; 309 s->dsa = 0; 310 s->dnad = 0; 311 s->dbc = 0; 312 s->temp = 0; 313 memset(s->scratch, 0, sizeof(s->scratch)); 314 s->istat0 = 0; 315 s->istat1 = 0; 316 s->dcmd = 0x40; 317 s->dstat = 0; 318 s->dien = 0; 319 s->sist0 = 0; 320 s->sist1 = 0; 321 s->sien0 = 0; 322 s->sien1 = 0; 323 s->mbox0 = 0; 324 s->mbox1 = 0; 325 s->dfifo = 0; 326 s->ctest2 = LSI_CTEST2_DACK; 327 s->ctest3 = 0; 328 s->ctest4 = 0; 329 s->ctest5 = 0; 330 s->ccntl0 = 0; 331 s->ccntl1 = 0; 332 s->dsp = 0; 333 s->dsps = 0; 334 s->dmode = 0; 335 s->dcntl = 0; 336 s->scntl0 = 0xc0; 337 s->scntl1 = 0; 338 s->scntl2 = 0; 339 s->scntl3 = 0; 340 s->sstat0 = 0; 341 s->sstat1 = 0; 342 s->scid = 7; 343 s->sxfer = 0; 344 s->socl = 0; 345 s->sdid = 0; 346 s->ssid = 0; 347 s->stest1 = 0; 348 s->stest2 = 0; 349 s->stest3 = 0; 350 s->sidl = 0; 351 s->stime0 = 0; 352 s->respid0 = 0x80; 353 s->respid1 = 0; 354 s->mmrs = 0; 355 s->mmws = 0; 356 s->sfs = 0; 357 s->drs = 0; 358 s->sbms = 0; 359 s->dbms = 0; 360 s->dnad64 = 0; 361 s->pmjad1 = 0; 362 s->pmjad2 = 0; 363 s->rbc = 0; 364 s->ua = 0; 365 s->ia = 0; 366 s->sbc = 0; 367 s->csbc = 0; 368 s->sbr = 0; 369 assert(QTAILQ_EMPTY(&s->queue)); 370 assert(!s->current); 371 } 372 373 static int lsi_dma_40bit(LSIState *s) 374 { 375 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 376 return 1; 377 return 0; 378 } 379 380 static int lsi_dma_ti64bit(LSIState *s) 381 { 382 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 383 return 1; 384 return 0; 385 } 386 387 static int lsi_dma_64bit(LSIState *s) 388 { 389 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 390 return 1; 391 return 0; 392 } 393 394 static uint8_t lsi_reg_readb(LSIState *s, int offset); 395 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 396 static void lsi_execute_script(LSIState *s); 397 static void lsi_reselect(LSIState *s, lsi_request *p); 398 399 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 400 void *buf, dma_addr_t len) 401 { 402 if (s->dmode & LSI_DMODE_SIOM) { 403 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 404 buf, len); 405 } else { 406 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 407 } 408 } 409 410 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 411 const void *buf, dma_addr_t len) 412 { 413 if (s->dmode & LSI_DMODE_DIOM) { 414 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 415 buf, len); 416 } else { 417 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 418 } 419 } 420 421 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 422 { 423 uint32_t buf; 424 425 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 426 return cpu_to_le32(buf); 427 } 428 429 static void lsi_stop_script(LSIState *s) 430 { 431 s->istat1 &= ~LSI_ISTAT1_SRUN; 432 } 433 434 static void lsi_set_irq(LSIState *s, int level) 435 { 436 PCIDevice *d = PCI_DEVICE(s); 437 438 if (s->ext_irq) { 439 qemu_set_irq(s->ext_irq, level); 440 } else { 441 pci_set_irq(d, level); 442 } 443 } 444 445 static void lsi_update_irq(LSIState *s) 446 { 447 int level; 448 static int last_level; 449 lsi_request *p; 450 451 /* It's unclear whether the DIP/SIP bits should be cleared when the 452 Interrupt Status Registers are cleared or when istat0 is read. 453 We currently do the formwer, which seems to work. */ 454 level = 0; 455 if (s->dstat) { 456 if (s->dstat & s->dien) 457 level = 1; 458 s->istat0 |= LSI_ISTAT0_DIP; 459 } else { 460 s->istat0 &= ~LSI_ISTAT0_DIP; 461 } 462 463 if (s->sist0 || s->sist1) { 464 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 465 level = 1; 466 s->istat0 |= LSI_ISTAT0_SIP; 467 } else { 468 s->istat0 &= ~LSI_ISTAT0_SIP; 469 } 470 if (s->istat0 & LSI_ISTAT0_INTF) 471 level = 1; 472 473 if (level != last_level) { 474 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 475 last_level = level; 476 } 477 lsi_set_irq(s, level); 478 479 if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 480 trace_lsi_update_irq_disconnected(); 481 QTAILQ_FOREACH(p, &s->queue, next) { 482 if (p->pending) { 483 lsi_reselect(s, p); 484 break; 485 } 486 } 487 } 488 } 489 490 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 491 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 492 { 493 uint32_t mask0; 494 uint32_t mask1; 495 496 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 497 s->sist0 |= stat0; 498 s->sist1 |= stat1; 499 /* Stop processor on fatal or unmasked interrupt. As a special hack 500 we don't stop processing when raising STO. Instead continue 501 execution and stop at the next insn that accesses the SCSI bus. */ 502 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 503 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 504 mask1 &= ~LSI_SIST1_STO; 505 if (s->sist0 & mask0 || s->sist1 & mask1) { 506 lsi_stop_script(s); 507 } 508 lsi_update_irq(s); 509 } 510 511 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 512 static void lsi_script_dma_interrupt(LSIState *s, int stat) 513 { 514 trace_lsi_script_dma_interrupt(stat, s->dstat); 515 s->dstat |= stat; 516 lsi_update_irq(s); 517 lsi_stop_script(s); 518 } 519 520 static inline void lsi_set_phase(LSIState *s, int phase) 521 { 522 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 523 } 524 525 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 526 { 527 /* Trigger a phase mismatch. */ 528 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 529 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 530 s->dsp = out ? s->pmjad1 : s->pmjad2; 531 } else { 532 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 533 } 534 trace_lsi_bad_phase_jump(s->dsp); 535 } else { 536 trace_lsi_bad_phase_interrupt(); 537 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 538 lsi_stop_script(s); 539 } 540 lsi_set_phase(s, new_phase); 541 } 542 543 544 /* Resume SCRIPTS execution after a DMA operation. */ 545 static void lsi_resume_script(LSIState *s) 546 { 547 if (s->waiting != 2) { 548 s->waiting = 0; 549 lsi_execute_script(s); 550 } else { 551 s->waiting = 0; 552 } 553 } 554 555 static void lsi_disconnect(LSIState *s) 556 { 557 s->scntl1 &= ~LSI_SCNTL1_CON; 558 s->sstat1 &= ~PHASE_MASK; 559 } 560 561 static void lsi_bad_selection(LSIState *s, uint32_t id) 562 { 563 trace_lsi_bad_selection(id); 564 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 565 lsi_disconnect(s); 566 } 567 568 /* Initiate a SCSI layer data transfer. */ 569 static void lsi_do_dma(LSIState *s, int out) 570 { 571 uint32_t count; 572 dma_addr_t addr; 573 SCSIDevice *dev; 574 575 assert(s->current); 576 if (!s->current->dma_len) { 577 /* Wait until data is available. */ 578 trace_lsi_do_dma_unavailable(); 579 return; 580 } 581 582 dev = s->current->req->dev; 583 assert(dev); 584 585 count = s->dbc; 586 if (count > s->current->dma_len) 587 count = s->current->dma_len; 588 589 addr = s->dnad; 590 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 591 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 592 addr |= ((uint64_t)s->dnad64 << 32); 593 else if (s->dbms) 594 addr |= ((uint64_t)s->dbms << 32); 595 else if (s->sbms) 596 addr |= ((uint64_t)s->sbms << 32); 597 598 trace_lsi_do_dma(addr, count); 599 s->csbc += count; 600 s->dnad += count; 601 s->dbc -= count; 602 if (s->current->dma_buf == NULL) { 603 s->current->dma_buf = scsi_req_get_buf(s->current->req); 604 } 605 /* ??? Set SFBR to first data byte. */ 606 if (out) { 607 lsi_mem_read(s, addr, s->current->dma_buf, count); 608 } else { 609 lsi_mem_write(s, addr, s->current->dma_buf, count); 610 } 611 s->current->dma_len -= count; 612 if (s->current->dma_len == 0) { 613 s->current->dma_buf = NULL; 614 scsi_req_continue(s->current->req); 615 } else { 616 s->current->dma_buf += count; 617 lsi_resume_script(s); 618 } 619 } 620 621 622 /* Add a command to the queue. */ 623 static void lsi_queue_command(LSIState *s) 624 { 625 lsi_request *p = s->current; 626 627 trace_lsi_queue_command(p->tag); 628 assert(s->current != NULL); 629 assert(s->current->dma_len == 0); 630 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 631 s->current = NULL; 632 633 p->pending = 0; 634 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 635 } 636 637 /* Queue a byte for a MSG IN phase. */ 638 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 639 { 640 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 641 trace_lsi_add_msg_byte_error(); 642 } else { 643 trace_lsi_add_msg_byte(data); 644 s->msg[s->msg_len++] = data; 645 } 646 } 647 648 /* Perform reselection to continue a command. */ 649 static void lsi_reselect(LSIState *s, lsi_request *p) 650 { 651 int id; 652 653 assert(s->current == NULL); 654 QTAILQ_REMOVE(&s->queue, p, next); 655 s->current = p; 656 657 id = (p->tag >> 8) & 0xf; 658 s->ssid = id | 0x80; 659 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 660 if (!(s->dcntl & LSI_DCNTL_COM)) { 661 s->sfbr = 1 << (id & 0x7); 662 } 663 trace_lsi_reselect(id); 664 s->scntl1 |= LSI_SCNTL1_CON; 665 lsi_set_phase(s, PHASE_MI); 666 s->msg_action = p->out ? 2 : 3; 667 s->current->dma_len = p->pending; 668 lsi_add_msg_byte(s, 0x80); 669 if (s->current->tag & LSI_TAG_VALID) { 670 lsi_add_msg_byte(s, 0x20); 671 lsi_add_msg_byte(s, p->tag & 0xff); 672 } 673 674 if (lsi_irq_on_rsl(s)) { 675 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 676 } 677 } 678 679 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 680 { 681 lsi_request *p; 682 683 QTAILQ_FOREACH(p, &s->queue, next) { 684 if (p->tag == tag) { 685 return p; 686 } 687 } 688 689 return NULL; 690 } 691 692 static void lsi_request_free(LSIState *s, lsi_request *p) 693 { 694 if (p == s->current) { 695 s->current = NULL; 696 } else { 697 QTAILQ_REMOVE(&s->queue, p, next); 698 } 699 g_free(p); 700 } 701 702 static void lsi_request_cancelled(SCSIRequest *req) 703 { 704 LSIState *s = LSI53C895A(req->bus->qbus.parent); 705 lsi_request *p = req->hba_private; 706 707 req->hba_private = NULL; 708 lsi_request_free(s, p); 709 scsi_req_unref(req); 710 } 711 712 /* Record that data is available for a queued command. Returns zero if 713 the device was reselected, nonzero if the IO is deferred. */ 714 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 715 { 716 lsi_request *p = req->hba_private; 717 718 if (p->pending) { 719 trace_lsi_queue_req_error(p); 720 } 721 p->pending = len; 722 /* Reselect if waiting for it, or if reselection triggers an IRQ 723 and the bus is free. 724 Since no interrupt stacking is implemented in the emulation, it 725 is also required that there are no pending interrupts waiting 726 for service from the device driver. */ 727 if (s->waiting == 1 || 728 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 729 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 730 /* Reselect device. */ 731 lsi_reselect(s, p); 732 return 0; 733 } else { 734 trace_lsi_queue_req(p->tag); 735 p->pending = len; 736 return 1; 737 } 738 } 739 740 /* Callback to indicate that the SCSI layer has completed a command. */ 741 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 742 { 743 LSIState *s = LSI53C895A(req->bus->qbus.parent); 744 int out; 745 746 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 747 trace_lsi_command_complete(status); 748 s->status = status; 749 s->command_complete = 2; 750 if (s->waiting && s->dbc != 0) { 751 /* Raise phase mismatch for short transfers. */ 752 lsi_bad_phase(s, out, PHASE_ST); 753 } else { 754 lsi_set_phase(s, PHASE_ST); 755 } 756 757 if (req->hba_private == s->current) { 758 req->hba_private = NULL; 759 lsi_request_free(s, s->current); 760 scsi_req_unref(req); 761 } 762 lsi_resume_script(s); 763 } 764 765 /* Callback to indicate that the SCSI layer has completed a transfer. */ 766 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 767 { 768 LSIState *s = LSI53C895A(req->bus->qbus.parent); 769 int out; 770 771 assert(req->hba_private); 772 if (s->waiting == 1 || req->hba_private != s->current || 773 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 774 if (lsi_queue_req(s, req, len)) { 775 return; 776 } 777 } 778 779 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 780 781 /* host adapter (re)connected */ 782 trace_lsi_transfer_data(req->tag, len); 783 s->current->dma_len = len; 784 s->command_complete = 1; 785 if (s->waiting) { 786 if (s->waiting == 1 || s->dbc == 0) { 787 lsi_resume_script(s); 788 } else { 789 lsi_do_dma(s, out); 790 } 791 } 792 } 793 794 static void lsi_do_command(LSIState *s) 795 { 796 SCSIDevice *dev; 797 uint8_t buf[16]; 798 uint32_t id; 799 int n; 800 801 trace_lsi_do_command(s->dbc); 802 if (s->dbc > 16) 803 s->dbc = 16; 804 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 805 s->sfbr = buf[0]; 806 s->command_complete = 0; 807 808 id = (s->select_tag >> 8) & 0xf; 809 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 810 if (!dev) { 811 lsi_bad_selection(s, id); 812 return; 813 } 814 815 assert(s->current == NULL); 816 s->current = g_new0(lsi_request, 1); 817 s->current->tag = s->select_tag; 818 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 819 s->current); 820 821 n = scsi_req_enqueue(s->current->req); 822 if (n) { 823 if (n > 0) { 824 lsi_set_phase(s, PHASE_DI); 825 } else if (n < 0) { 826 lsi_set_phase(s, PHASE_DO); 827 } 828 scsi_req_continue(s->current->req); 829 } 830 if (!s->command_complete) { 831 if (n) { 832 /* Command did not complete immediately so disconnect. */ 833 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 834 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 835 /* wait data */ 836 lsi_set_phase(s, PHASE_MI); 837 s->msg_action = 1; 838 lsi_queue_command(s); 839 } else { 840 /* wait command complete */ 841 lsi_set_phase(s, PHASE_DI); 842 } 843 } 844 } 845 846 static void lsi_do_status(LSIState *s) 847 { 848 uint8_t status; 849 trace_lsi_do_status(s->dbc, s->status); 850 if (s->dbc != 1) { 851 trace_lsi_do_status_error(); 852 } 853 s->dbc = 1; 854 status = s->status; 855 s->sfbr = status; 856 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 857 lsi_set_phase(s, PHASE_MI); 858 s->msg_action = 1; 859 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 860 } 861 862 static void lsi_do_msgin(LSIState *s) 863 { 864 uint8_t len; 865 trace_lsi_do_msgin(s->dbc, s->msg_len); 866 s->sfbr = s->msg[0]; 867 len = s->msg_len; 868 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN); 869 if (len > s->dbc) 870 len = s->dbc; 871 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 872 /* Linux drivers rely on the last byte being in the SIDL. */ 873 s->sidl = s->msg[len - 1]; 874 s->msg_len -= len; 875 if (s->msg_len) { 876 memmove(s->msg, s->msg + len, s->msg_len); 877 } else { 878 /* ??? Check if ATN (not yet implemented) is asserted and maybe 879 switch to PHASE_MO. */ 880 switch (s->msg_action) { 881 case 0: 882 lsi_set_phase(s, PHASE_CMD); 883 break; 884 case 1: 885 lsi_disconnect(s); 886 break; 887 case 2: 888 lsi_set_phase(s, PHASE_DO); 889 break; 890 case 3: 891 lsi_set_phase(s, PHASE_DI); 892 break; 893 default: 894 abort(); 895 } 896 } 897 } 898 899 /* Read the next byte during a MSGOUT phase. */ 900 static uint8_t lsi_get_msgbyte(LSIState *s) 901 { 902 uint8_t data; 903 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 904 s->dnad++; 905 s->dbc--; 906 return data; 907 } 908 909 /* Skip the next n bytes during a MSGOUT phase. */ 910 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 911 { 912 s->dnad += n; 913 s->dbc -= n; 914 } 915 916 static void lsi_do_msgout(LSIState *s) 917 { 918 uint8_t msg; 919 int len; 920 uint32_t current_tag; 921 lsi_request *current_req, *p, *p_next; 922 923 if (s->current) { 924 current_tag = s->current->tag; 925 current_req = s->current; 926 } else { 927 current_tag = s->select_tag; 928 current_req = lsi_find_by_tag(s, current_tag); 929 } 930 931 trace_lsi_do_msgout(s->dbc); 932 while (s->dbc) { 933 msg = lsi_get_msgbyte(s); 934 s->sfbr = msg; 935 936 switch (msg) { 937 case 0x04: 938 trace_lsi_do_msgout_disconnect(); 939 lsi_disconnect(s); 940 break; 941 case 0x08: 942 trace_lsi_do_msgout_noop(); 943 lsi_set_phase(s, PHASE_CMD); 944 break; 945 case 0x01: 946 len = lsi_get_msgbyte(s); 947 msg = lsi_get_msgbyte(s); 948 (void)len; /* avoid a warning about unused variable*/ 949 trace_lsi_do_msgout_extended(msg, len); 950 switch (msg) { 951 case 1: 952 trace_lsi_do_msgout_ignored("SDTR"); 953 lsi_skip_msgbytes(s, 2); 954 break; 955 case 3: 956 trace_lsi_do_msgout_ignored("WDTR"); 957 lsi_skip_msgbytes(s, 1); 958 break; 959 case 4: 960 trace_lsi_do_msgout_ignored("PPR"); 961 lsi_skip_msgbytes(s, 5); 962 break; 963 default: 964 goto bad; 965 } 966 break; 967 case 0x20: /* SIMPLE queue */ 968 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 969 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 970 break; 971 case 0x21: /* HEAD of queue */ 972 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 973 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 974 break; 975 case 0x22: /* ORDERED queue */ 976 qemu_log_mask(LOG_UNIMP, 977 "lsi_scsi: ORDERED queue not implemented\n"); 978 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 979 break; 980 case 0x0d: 981 /* The ABORT TAG message clears the current I/O process only. */ 982 trace_lsi_do_msgout_abort(current_tag); 983 if (current_req) { 984 scsi_req_cancel(current_req->req); 985 } 986 lsi_disconnect(s); 987 break; 988 case 0x06: 989 case 0x0e: 990 case 0x0c: 991 /* The ABORT message clears all I/O processes for the selecting 992 initiator on the specified logical unit of the target. */ 993 if (msg == 0x06) { 994 trace_lsi_do_msgout_abort(current_tag); 995 } 996 /* The CLEAR QUEUE message clears all I/O processes for all 997 initiators on the specified logical unit of the target. */ 998 if (msg == 0x0e) { 999 trace_lsi_do_msgout_clearqueue(current_tag); 1000 } 1001 /* The BUS DEVICE RESET message clears all I/O processes for all 1002 initiators on all logical units of the target. */ 1003 if (msg == 0x0c) { 1004 trace_lsi_do_msgout_busdevicereset(current_tag); 1005 } 1006 1007 /* clear the current I/O process */ 1008 if (s->current) { 1009 scsi_req_cancel(s->current->req); 1010 } 1011 1012 /* As the current implemented devices scsi_disk and scsi_generic 1013 only support one LUN, we don't need to keep track of LUNs. 1014 Clearing I/O processes for other initiators could be possible 1015 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1016 device, but this is currently not implemented (and seems not 1017 to be really necessary). So let's simply clear all queued 1018 commands for the current device: */ 1019 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1020 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1021 scsi_req_cancel(p->req); 1022 } 1023 } 1024 1025 lsi_disconnect(s); 1026 break; 1027 default: 1028 if ((msg & 0x80) == 0) { 1029 goto bad; 1030 } 1031 s->current_lun = msg & 7; 1032 trace_lsi_do_msgout_select(s->current_lun); 1033 lsi_set_phase(s, PHASE_CMD); 1034 break; 1035 } 1036 } 1037 return; 1038 bad: 1039 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1040 lsi_set_phase(s, PHASE_MI); 1041 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1042 s->msg_action = 0; 1043 } 1044 1045 #define LSI_BUF_SIZE 4096 1046 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1047 { 1048 int n; 1049 uint8_t buf[LSI_BUF_SIZE]; 1050 1051 trace_lsi_memcpy(dest, src, count); 1052 while (count) { 1053 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1054 lsi_mem_read(s, src, buf, n); 1055 lsi_mem_write(s, dest, buf, n); 1056 src += n; 1057 dest += n; 1058 count -= n; 1059 } 1060 } 1061 1062 static void lsi_wait_reselect(LSIState *s) 1063 { 1064 lsi_request *p; 1065 1066 trace_lsi_wait_reselect(); 1067 1068 QTAILQ_FOREACH(p, &s->queue, next) { 1069 if (p->pending) { 1070 lsi_reselect(s, p); 1071 break; 1072 } 1073 } 1074 if (s->current == NULL) { 1075 s->waiting = 1; 1076 } 1077 } 1078 1079 static void lsi_execute_script(LSIState *s) 1080 { 1081 PCIDevice *pci_dev = PCI_DEVICE(s); 1082 uint32_t insn; 1083 uint32_t addr, addr_high; 1084 int opcode; 1085 int insn_processed = 0; 1086 1087 s->istat1 |= LSI_ISTAT1_SRUN; 1088 again: 1089 insn_processed++; 1090 insn = read_dword(s, s->dsp); 1091 if (!insn) { 1092 /* If we receive an empty opcode increment the DSP by 4 bytes 1093 instead of 8 and execute the next opcode at that location */ 1094 s->dsp += 4; 1095 goto again; 1096 } 1097 addr = read_dword(s, s->dsp + 4); 1098 addr_high = 0; 1099 trace_lsi_execute_script(s->dsp, insn, addr); 1100 s->dsps = addr; 1101 s->dcmd = insn >> 24; 1102 s->dsp += 8; 1103 switch (insn >> 30) { 1104 case 0: /* Block move. */ 1105 if (s->sist1 & LSI_SIST1_STO) { 1106 trace_lsi_execute_script_blockmove_delayed(); 1107 lsi_stop_script(s); 1108 break; 1109 } 1110 s->dbc = insn & 0xffffff; 1111 s->rbc = s->dbc; 1112 /* ??? Set ESA. */ 1113 s->ia = s->dsp - 8; 1114 if (insn & (1 << 29)) { 1115 /* Indirect addressing. */ 1116 addr = read_dword(s, addr); 1117 } else if (insn & (1 << 28)) { 1118 uint32_t buf[2]; 1119 int32_t offset; 1120 /* Table indirect addressing. */ 1121 1122 /* 32-bit Table indirect */ 1123 offset = sextract32(addr, 0, 24); 1124 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1125 /* byte count is stored in bits 0:23 only */ 1126 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1127 s->rbc = s->dbc; 1128 addr = cpu_to_le32(buf[1]); 1129 1130 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1131 * table, bits [31:24] */ 1132 if (lsi_dma_40bit(s)) 1133 addr_high = cpu_to_le32(buf[0]) >> 24; 1134 else if (lsi_dma_ti64bit(s)) { 1135 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1136 switch (selector) { 1137 case 0 ... 0x0f: 1138 /* offset index into scratch registers since 1139 * TI64 mode can use registers C to R */ 1140 addr_high = s->scratch[2 + selector]; 1141 break; 1142 case 0x10: 1143 addr_high = s->mmrs; 1144 break; 1145 case 0x11: 1146 addr_high = s->mmws; 1147 break; 1148 case 0x12: 1149 addr_high = s->sfs; 1150 break; 1151 case 0x13: 1152 addr_high = s->drs; 1153 break; 1154 case 0x14: 1155 addr_high = s->sbms; 1156 break; 1157 case 0x15: 1158 addr_high = s->dbms; 1159 break; 1160 default: 1161 qemu_log_mask(LOG_GUEST_ERROR, 1162 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1163 "for 64-bit DMA block move", selector); 1164 break; 1165 } 1166 } 1167 } else if (lsi_dma_64bit(s)) { 1168 /* fetch a 3rd dword if 64-bit direct move is enabled and 1169 only if we're not doing table indirect or indirect addressing */ 1170 s->dbms = read_dword(s, s->dsp); 1171 s->dsp += 4; 1172 s->ia = s->dsp - 12; 1173 } 1174 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1175 trace_lsi_execute_script_blockmove_badphase(s->sstat1 & PHASE_MASK, 1176 (insn >> 24) & 7); 1177 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1178 break; 1179 } 1180 s->dnad = addr; 1181 s->dnad64 = addr_high; 1182 switch (s->sstat1 & 0x7) { 1183 case PHASE_DO: 1184 s->waiting = 2; 1185 lsi_do_dma(s, 1); 1186 if (s->waiting) 1187 s->waiting = 3; 1188 break; 1189 case PHASE_DI: 1190 s->waiting = 2; 1191 lsi_do_dma(s, 0); 1192 if (s->waiting) 1193 s->waiting = 3; 1194 break; 1195 case PHASE_CMD: 1196 lsi_do_command(s); 1197 break; 1198 case PHASE_ST: 1199 lsi_do_status(s); 1200 break; 1201 case PHASE_MO: 1202 lsi_do_msgout(s); 1203 break; 1204 case PHASE_MI: 1205 lsi_do_msgin(s); 1206 break; 1207 default: 1208 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %d\n", 1209 s->sstat1 & PHASE_MASK); 1210 } 1211 s->dfifo = s->dbc & 0xff; 1212 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1213 s->sbc = s->dbc; 1214 s->rbc -= s->dbc; 1215 s->ua = addr + s->dbc; 1216 break; 1217 1218 case 1: /* IO or Read/Write instruction. */ 1219 opcode = (insn >> 27) & 7; 1220 if (opcode < 5) { 1221 uint32_t id; 1222 1223 if (insn & (1 << 25)) { 1224 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1225 } else { 1226 id = insn; 1227 } 1228 id = (id >> 16) & 0xf; 1229 if (insn & (1 << 26)) { 1230 addr = s->dsp + sextract32(addr, 0, 24); 1231 } 1232 s->dnad = addr; 1233 switch (opcode) { 1234 case 0: /* Select */ 1235 s->sdid = id; 1236 if (s->scntl1 & LSI_SCNTL1_CON) { 1237 trace_lsi_execute_script_io_alreadyreselected(); 1238 s->dsp = s->dnad; 1239 break; 1240 } 1241 s->sstat0 |= LSI_SSTAT0_WOA; 1242 s->scntl1 &= ~LSI_SCNTL1_IARB; 1243 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1244 lsi_bad_selection(s, id); 1245 break; 1246 } 1247 trace_lsi_execute_script_io_selected(id, 1248 insn & (1 << 3) ? " ATN" : ""); 1249 /* ??? Linux drivers compain when this is set. Maybe 1250 it only applies in low-level mode (unimplemented). 1251 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1252 s->select_tag = id << 8; 1253 s->scntl1 |= LSI_SCNTL1_CON; 1254 if (insn & (1 << 3)) { 1255 s->socl |= LSI_SOCL_ATN; 1256 } 1257 lsi_set_phase(s, PHASE_MO); 1258 break; 1259 case 1: /* Disconnect */ 1260 trace_lsi_execute_script_io_disconnect(); 1261 s->scntl1 &= ~LSI_SCNTL1_CON; 1262 break; 1263 case 2: /* Wait Reselect */ 1264 if (!lsi_irq_on_rsl(s)) { 1265 lsi_wait_reselect(s); 1266 } 1267 break; 1268 case 3: /* Set */ 1269 trace_lsi_execute_script_io_set( 1270 insn & (1 << 3) ? " ATN" : "", 1271 insn & (1 << 6) ? " ACK" : "", 1272 insn & (1 << 9) ? " TM" : "", 1273 insn & (1 << 10) ? " CC" : ""); 1274 if (insn & (1 << 3)) { 1275 s->socl |= LSI_SOCL_ATN; 1276 lsi_set_phase(s, PHASE_MO); 1277 } 1278 if (insn & (1 << 9)) { 1279 qemu_log_mask(LOG_UNIMP, 1280 "lsi_scsi: Target mode not implemented\n"); 1281 } 1282 if (insn & (1 << 10)) 1283 s->carry = 1; 1284 break; 1285 case 4: /* Clear */ 1286 trace_lsi_execute_script_io_clear( 1287 insn & (1 << 3) ? " ATN" : "", 1288 insn & (1 << 6) ? " ACK" : "", 1289 insn & (1 << 9) ? " TM" : "", 1290 insn & (1 << 10) ? " CC" : ""); 1291 if (insn & (1 << 3)) { 1292 s->socl &= ~LSI_SOCL_ATN; 1293 } 1294 if (insn & (1 << 10)) 1295 s->carry = 0; 1296 break; 1297 } 1298 } else { 1299 uint8_t op0; 1300 uint8_t op1; 1301 uint8_t data8; 1302 int reg; 1303 int operator; 1304 1305 static const char *opcode_names[3] = 1306 {"Write", "Read", "Read-Modify-Write"}; 1307 static const char *operator_names[8] = 1308 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1309 1310 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1311 data8 = (insn >> 8) & 0xff; 1312 opcode = (insn >> 27) & 7; 1313 operator = (insn >> 24) & 7; 1314 trace_lsi_execute_script_io_opcode( 1315 opcode_names[opcode - 5], reg, 1316 operator_names[operator], data8, s->sfbr, 1317 (insn & (1 << 23)) ? " SFBR" : ""); 1318 op0 = op1 = 0; 1319 switch (opcode) { 1320 case 5: /* From SFBR */ 1321 op0 = s->sfbr; 1322 op1 = data8; 1323 break; 1324 case 6: /* To SFBR */ 1325 if (operator) 1326 op0 = lsi_reg_readb(s, reg); 1327 op1 = data8; 1328 break; 1329 case 7: /* Read-modify-write */ 1330 if (operator) 1331 op0 = lsi_reg_readb(s, reg); 1332 if (insn & (1 << 23)) { 1333 op1 = s->sfbr; 1334 } else { 1335 op1 = data8; 1336 } 1337 break; 1338 } 1339 1340 switch (operator) { 1341 case 0: /* move */ 1342 op0 = op1; 1343 break; 1344 case 1: /* Shift left */ 1345 op1 = op0 >> 7; 1346 op0 = (op0 << 1) | s->carry; 1347 s->carry = op1; 1348 break; 1349 case 2: /* OR */ 1350 op0 |= op1; 1351 break; 1352 case 3: /* XOR */ 1353 op0 ^= op1; 1354 break; 1355 case 4: /* AND */ 1356 op0 &= op1; 1357 break; 1358 case 5: /* SHR */ 1359 op1 = op0 & 1; 1360 op0 = (op0 >> 1) | (s->carry << 7); 1361 s->carry = op1; 1362 break; 1363 case 6: /* ADD */ 1364 op0 += op1; 1365 s->carry = op0 < op1; 1366 break; 1367 case 7: /* ADC */ 1368 op0 += op1 + s->carry; 1369 if (s->carry) 1370 s->carry = op0 <= op1; 1371 else 1372 s->carry = op0 < op1; 1373 break; 1374 } 1375 1376 switch (opcode) { 1377 case 5: /* From SFBR */ 1378 case 7: /* Read-modify-write */ 1379 lsi_reg_writeb(s, reg, op0); 1380 break; 1381 case 6: /* To SFBR */ 1382 s->sfbr = op0; 1383 break; 1384 } 1385 } 1386 break; 1387 1388 case 2: /* Transfer Control. */ 1389 { 1390 int cond; 1391 int jmp; 1392 1393 if ((insn & 0x002e0000) == 0) { 1394 trace_lsi_execute_script_tc_nop(); 1395 break; 1396 } 1397 if (s->sist1 & LSI_SIST1_STO) { 1398 trace_lsi_execute_script_tc_delayedselect_timeout(); 1399 lsi_stop_script(s); 1400 break; 1401 } 1402 cond = jmp = (insn & (1 << 19)) != 0; 1403 if (cond == jmp && (insn & (1 << 21))) { 1404 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1405 cond = s->carry != 0; 1406 } 1407 if (cond == jmp && (insn & (1 << 17))) { 1408 trace_lsi_execute_script_tc_compp( 1409 (s->sstat1 & PHASE_MASK), 1410 jmp ? '=' : '!', 1411 ((insn >> 24) & 7)); 1412 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1413 } 1414 if (cond == jmp && (insn & (1 << 18))) { 1415 uint8_t mask; 1416 1417 mask = (~insn >> 8) & 0xff; 1418 trace_lsi_execute_script_tc_compd( 1419 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1420 cond = (s->sfbr & mask) == (insn & mask); 1421 } 1422 if (cond == jmp) { 1423 if (insn & (1 << 23)) { 1424 /* Relative address. */ 1425 addr = s->dsp + sextract32(addr, 0, 24); 1426 } 1427 switch ((insn >> 27) & 7) { 1428 case 0: /* Jump */ 1429 trace_lsi_execute_script_tc_jump(addr); 1430 s->adder = addr; 1431 s->dsp = addr; 1432 break; 1433 case 1: /* Call */ 1434 trace_lsi_execute_script_tc_call(addr); 1435 s->temp = s->dsp; 1436 s->dsp = addr; 1437 break; 1438 case 2: /* Return */ 1439 trace_lsi_execute_script_tc_return(s->temp); 1440 s->dsp = s->temp; 1441 break; 1442 case 3: /* Interrupt */ 1443 trace_lsi_execute_script_tc_interrupt(s->dsps); 1444 if ((insn & (1 << 20)) != 0) { 1445 s->istat0 |= LSI_ISTAT0_INTF; 1446 lsi_update_irq(s); 1447 } else { 1448 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1449 } 1450 break; 1451 default: 1452 trace_lsi_execute_script_tc_illegal(); 1453 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1454 break; 1455 } 1456 } else { 1457 trace_lsi_execute_script_tc_cc_failed(); 1458 } 1459 } 1460 break; 1461 1462 case 3: 1463 if ((insn & (1 << 29)) == 0) { 1464 /* Memory move. */ 1465 uint32_t dest; 1466 /* ??? The docs imply the destination address is loaded into 1467 the TEMP register. However the Linux drivers rely on 1468 the value being presrved. */ 1469 dest = read_dword(s, s->dsp); 1470 s->dsp += 4; 1471 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1472 } else { 1473 uint8_t data[7]; 1474 int reg; 1475 int n; 1476 int i; 1477 1478 if (insn & (1 << 28)) { 1479 addr = s->dsa + sextract32(addr, 0, 24); 1480 } 1481 n = (insn & 7); 1482 reg = (insn >> 16) & 0xff; 1483 if (insn & (1 << 24)) { 1484 pci_dma_read(pci_dev, addr, data, n); 1485 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1486 for (i = 0; i < n; i++) { 1487 lsi_reg_writeb(s, reg + i, data[i]); 1488 } 1489 } else { 1490 trace_lsi_execute_script_mm_store(reg, n, addr); 1491 for (i = 0; i < n; i++) { 1492 data[i] = lsi_reg_readb(s, reg + i); 1493 } 1494 pci_dma_write(pci_dev, addr, data, n); 1495 } 1496 } 1497 } 1498 if (insn_processed > 10000 && !s->waiting) { 1499 /* Some windows drivers make the device spin waiting for a memory 1500 location to change. If we have been executed a lot of code then 1501 assume this is the case and force an unexpected device disconnect. 1502 This is apparently sufficient to beat the drivers into submission. 1503 */ 1504 if (!(s->sien0 & LSI_SIST0_UDC)) { 1505 qemu_log_mask(LOG_GUEST_ERROR, 1506 "lsi_scsi: inf. loop with UDC masked"); 1507 } 1508 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1509 lsi_disconnect(s); 1510 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) { 1511 if (s->dcntl & LSI_DCNTL_SSM) { 1512 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1513 } else { 1514 goto again; 1515 } 1516 } 1517 trace_lsi_execute_script_stop(); 1518 } 1519 1520 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1521 { 1522 uint8_t ret; 1523 1524 #define CASE_GET_REG24(name, addr) \ 1525 case addr: ret = s->name & 0xff; break; \ 1526 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1527 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1528 1529 #define CASE_GET_REG32(name, addr) \ 1530 case addr: ret = s->name & 0xff; break; \ 1531 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1532 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1533 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1534 1535 switch (offset) { 1536 case 0x00: /* SCNTL0 */ 1537 ret = s->scntl0; 1538 break; 1539 case 0x01: /* SCNTL1 */ 1540 ret = s->scntl1; 1541 break; 1542 case 0x02: /* SCNTL2 */ 1543 ret = s->scntl2; 1544 break; 1545 case 0x03: /* SCNTL3 */ 1546 ret = s->scntl3; 1547 break; 1548 case 0x04: /* SCID */ 1549 ret = s->scid; 1550 break; 1551 case 0x05: /* SXFER */ 1552 ret = s->sxfer; 1553 break; 1554 case 0x06: /* SDID */ 1555 ret = s->sdid; 1556 break; 1557 case 0x07: /* GPREG0 */ 1558 ret = 0x7f; 1559 break; 1560 case 0x08: /* Revision ID */ 1561 ret = 0x00; 1562 break; 1563 case 0x09: /* SOCL */ 1564 ret = s->socl; 1565 break; 1566 case 0xa: /* SSID */ 1567 ret = s->ssid; 1568 break; 1569 case 0xb: /* SBCL */ 1570 /* ??? This is not correct. However it's (hopefully) only 1571 used for diagnostics, so should be ok. */ 1572 ret = 0; 1573 break; 1574 case 0xc: /* DSTAT */ 1575 ret = s->dstat | LSI_DSTAT_DFE; 1576 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1577 s->dstat = 0; 1578 lsi_update_irq(s); 1579 break; 1580 case 0x0d: /* SSTAT0 */ 1581 ret = s->sstat0; 1582 break; 1583 case 0x0e: /* SSTAT1 */ 1584 ret = s->sstat1; 1585 break; 1586 case 0x0f: /* SSTAT2 */ 1587 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1588 break; 1589 CASE_GET_REG32(dsa, 0x10) 1590 case 0x14: /* ISTAT0 */ 1591 ret = s->istat0; 1592 break; 1593 case 0x15: /* ISTAT1 */ 1594 ret = s->istat1; 1595 break; 1596 case 0x16: /* MBOX0 */ 1597 ret = s->mbox0; 1598 break; 1599 case 0x17: /* MBOX1 */ 1600 ret = s->mbox1; 1601 break; 1602 case 0x18: /* CTEST0 */ 1603 ret = 0xff; 1604 break; 1605 case 0x19: /* CTEST1 */ 1606 ret = 0; 1607 break; 1608 case 0x1a: /* CTEST2 */ 1609 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1610 if (s->istat0 & LSI_ISTAT0_SIGP) { 1611 s->istat0 &= ~LSI_ISTAT0_SIGP; 1612 ret |= LSI_CTEST2_SIGP; 1613 } 1614 break; 1615 case 0x1b: /* CTEST3 */ 1616 ret = s->ctest3; 1617 break; 1618 CASE_GET_REG32(temp, 0x1c) 1619 case 0x20: /* DFIFO */ 1620 ret = 0; 1621 break; 1622 case 0x21: /* CTEST4 */ 1623 ret = s->ctest4; 1624 break; 1625 case 0x22: /* CTEST5 */ 1626 ret = s->ctest5; 1627 break; 1628 case 0x23: /* CTEST6 */ 1629 ret = 0; 1630 break; 1631 CASE_GET_REG24(dbc, 0x24) 1632 case 0x27: /* DCMD */ 1633 ret = s->dcmd; 1634 break; 1635 CASE_GET_REG32(dnad, 0x28) 1636 CASE_GET_REG32(dsp, 0x2c) 1637 CASE_GET_REG32(dsps, 0x30) 1638 CASE_GET_REG32(scratch[0], 0x34) 1639 case 0x38: /* DMODE */ 1640 ret = s->dmode; 1641 break; 1642 case 0x39: /* DIEN */ 1643 ret = s->dien; 1644 break; 1645 case 0x3a: /* SBR */ 1646 ret = s->sbr; 1647 break; 1648 case 0x3b: /* DCNTL */ 1649 ret = s->dcntl; 1650 break; 1651 /* ADDER Output (Debug of relative jump address) */ 1652 CASE_GET_REG32(adder, 0x3c) 1653 case 0x40: /* SIEN0 */ 1654 ret = s->sien0; 1655 break; 1656 case 0x41: /* SIEN1 */ 1657 ret = s->sien1; 1658 break; 1659 case 0x42: /* SIST0 */ 1660 ret = s->sist0; 1661 s->sist0 = 0; 1662 lsi_update_irq(s); 1663 break; 1664 case 0x43: /* SIST1 */ 1665 ret = s->sist1; 1666 s->sist1 = 0; 1667 lsi_update_irq(s); 1668 break; 1669 case 0x46: /* MACNTL */ 1670 ret = 0x0f; 1671 break; 1672 case 0x47: /* GPCNTL0 */ 1673 ret = 0x0f; 1674 break; 1675 case 0x48: /* STIME0 */ 1676 ret = s->stime0; 1677 break; 1678 case 0x4a: /* RESPID0 */ 1679 ret = s->respid0; 1680 break; 1681 case 0x4b: /* RESPID1 */ 1682 ret = s->respid1; 1683 break; 1684 case 0x4d: /* STEST1 */ 1685 ret = s->stest1; 1686 break; 1687 case 0x4e: /* STEST2 */ 1688 ret = s->stest2; 1689 break; 1690 case 0x4f: /* STEST3 */ 1691 ret = s->stest3; 1692 break; 1693 case 0x50: /* SIDL */ 1694 /* This is needed by the linux drivers. We currently only update it 1695 during the MSG IN phase. */ 1696 ret = s->sidl; 1697 break; 1698 case 0x52: /* STEST4 */ 1699 ret = 0xe0; 1700 break; 1701 case 0x56: /* CCNTL0 */ 1702 ret = s->ccntl0; 1703 break; 1704 case 0x57: /* CCNTL1 */ 1705 ret = s->ccntl1; 1706 break; 1707 case 0x58: /* SBDL */ 1708 /* Some drivers peek at the data bus during the MSG IN phase. */ 1709 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) { 1710 assert(s->msg_len > 0); 1711 return s->msg[0]; 1712 } 1713 ret = 0; 1714 break; 1715 case 0x59: /* SBDL high */ 1716 ret = 0; 1717 break; 1718 CASE_GET_REG32(mmrs, 0xa0) 1719 CASE_GET_REG32(mmws, 0xa4) 1720 CASE_GET_REG32(sfs, 0xa8) 1721 CASE_GET_REG32(drs, 0xac) 1722 CASE_GET_REG32(sbms, 0xb0) 1723 CASE_GET_REG32(dbms, 0xb4) 1724 CASE_GET_REG32(dnad64, 0xb8) 1725 CASE_GET_REG32(pmjad1, 0xc0) 1726 CASE_GET_REG32(pmjad2, 0xc4) 1727 CASE_GET_REG32(rbc, 0xc8) 1728 CASE_GET_REG32(ua, 0xcc) 1729 CASE_GET_REG32(ia, 0xd4) 1730 CASE_GET_REG32(sbc, 0xd8) 1731 CASE_GET_REG32(csbc, 0xdc) 1732 case 0x5c ... 0x9f: 1733 { 1734 int n; 1735 int shift; 1736 n = (offset - 0x58) >> 2; 1737 shift = (offset & 3) * 8; 1738 ret = (s->scratch[n] >> shift) & 0xff; 1739 break; 1740 } 1741 default: 1742 { 1743 qemu_log_mask(LOG_GUEST_ERROR, 1744 "lsi_scsi: invalid read from reg %s %x\n", 1745 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1746 offset); 1747 ret = 0xff; 1748 break; 1749 } 1750 } 1751 #undef CASE_GET_REG24 1752 #undef CASE_GET_REG32 1753 1754 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1755 offset, ret); 1756 1757 return ret; 1758 } 1759 1760 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1761 { 1762 #define CASE_SET_REG24(name, addr) \ 1763 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1764 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1765 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1766 1767 #define CASE_SET_REG32(name, addr) \ 1768 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1769 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1770 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1771 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1772 1773 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1774 offset, val); 1775 1776 switch (offset) { 1777 case 0x00: /* SCNTL0 */ 1778 s->scntl0 = val; 1779 if (val & LSI_SCNTL0_START) { 1780 qemu_log_mask(LOG_UNIMP, 1781 "lsi_scsi: Start sequence not implemented\n"); 1782 } 1783 break; 1784 case 0x01: /* SCNTL1 */ 1785 s->scntl1 = val & ~LSI_SCNTL1_SST; 1786 if (val & LSI_SCNTL1_IARB) { 1787 qemu_log_mask(LOG_UNIMP, 1788 "lsi_scsi: Immediate Arbritration not implemented\n"); 1789 } 1790 if (val & LSI_SCNTL1_RST) { 1791 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1792 qbus_reset_all(&s->bus.qbus); 1793 s->sstat0 |= LSI_SSTAT0_RST; 1794 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1795 } 1796 } else { 1797 s->sstat0 &= ~LSI_SSTAT0_RST; 1798 } 1799 break; 1800 case 0x02: /* SCNTL2 */ 1801 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1802 s->scntl2 = val; 1803 break; 1804 case 0x03: /* SCNTL3 */ 1805 s->scntl3 = val; 1806 break; 1807 case 0x04: /* SCID */ 1808 s->scid = val; 1809 break; 1810 case 0x05: /* SXFER */ 1811 s->sxfer = val; 1812 break; 1813 case 0x06: /* SDID */ 1814 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1815 qemu_log_mask(LOG_GUEST_ERROR, 1816 "lsi_scsi: Destination ID does not match SSID\n"); 1817 } 1818 s->sdid = val & 0xf; 1819 break; 1820 case 0x07: /* GPREG0 */ 1821 break; 1822 case 0x08: /* SFBR */ 1823 /* The CPU is not allowed to write to this register. However the 1824 SCRIPTS register move instructions are. */ 1825 s->sfbr = val; 1826 break; 1827 case 0x0a: case 0x0b: 1828 /* Openserver writes to these readonly registers on startup */ 1829 return; 1830 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1831 /* Linux writes to these readonly registers on startup. */ 1832 return; 1833 CASE_SET_REG32(dsa, 0x10) 1834 case 0x14: /* ISTAT0 */ 1835 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1836 if (val & LSI_ISTAT0_ABRT) { 1837 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1838 } 1839 if (val & LSI_ISTAT0_INTF) { 1840 s->istat0 &= ~LSI_ISTAT0_INTF; 1841 lsi_update_irq(s); 1842 } 1843 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) { 1844 trace_lsi_awoken(); 1845 s->waiting = 0; 1846 s->dsp = s->dnad; 1847 lsi_execute_script(s); 1848 } 1849 if (val & LSI_ISTAT0_SRST) { 1850 qdev_reset_all(DEVICE(s)); 1851 } 1852 break; 1853 case 0x16: /* MBOX0 */ 1854 s->mbox0 = val; 1855 break; 1856 case 0x17: /* MBOX1 */ 1857 s->mbox1 = val; 1858 break; 1859 case 0x18: /* CTEST0 */ 1860 /* nothing to do */ 1861 break; 1862 case 0x1a: /* CTEST2 */ 1863 s->ctest2 = val & LSI_CTEST2_PCICIE; 1864 break; 1865 case 0x1b: /* CTEST3 */ 1866 s->ctest3 = val & 0x0f; 1867 break; 1868 CASE_SET_REG32(temp, 0x1c) 1869 case 0x21: /* CTEST4 */ 1870 if (val & 7) { 1871 qemu_log_mask(LOG_UNIMP, 1872 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1873 } 1874 s->ctest4 = val; 1875 break; 1876 case 0x22: /* CTEST5 */ 1877 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1878 qemu_log_mask(LOG_UNIMP, 1879 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1880 } 1881 s->ctest5 = val; 1882 break; 1883 CASE_SET_REG24(dbc, 0x24) 1884 CASE_SET_REG32(dnad, 0x28) 1885 case 0x2c: /* DSP[0:7] */ 1886 s->dsp &= 0xffffff00; 1887 s->dsp |= val; 1888 break; 1889 case 0x2d: /* DSP[8:15] */ 1890 s->dsp &= 0xffff00ff; 1891 s->dsp |= val << 8; 1892 break; 1893 case 0x2e: /* DSP[16:23] */ 1894 s->dsp &= 0xff00ffff; 1895 s->dsp |= val << 16; 1896 break; 1897 case 0x2f: /* DSP[24:31] */ 1898 s->dsp &= 0x00ffffff; 1899 s->dsp |= val << 24; 1900 if ((s->dmode & LSI_DMODE_MAN) == 0 1901 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1902 lsi_execute_script(s); 1903 break; 1904 CASE_SET_REG32(dsps, 0x30) 1905 CASE_SET_REG32(scratch[0], 0x34) 1906 case 0x38: /* DMODE */ 1907 s->dmode = val; 1908 break; 1909 case 0x39: /* DIEN */ 1910 s->dien = val; 1911 lsi_update_irq(s); 1912 break; 1913 case 0x3a: /* SBR */ 1914 s->sbr = val; 1915 break; 1916 case 0x3b: /* DCNTL */ 1917 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1918 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1919 lsi_execute_script(s); 1920 break; 1921 case 0x40: /* SIEN0 */ 1922 s->sien0 = val; 1923 lsi_update_irq(s); 1924 break; 1925 case 0x41: /* SIEN1 */ 1926 s->sien1 = val; 1927 lsi_update_irq(s); 1928 break; 1929 case 0x47: /* GPCNTL0 */ 1930 break; 1931 case 0x48: /* STIME0 */ 1932 s->stime0 = val; 1933 break; 1934 case 0x49: /* STIME1 */ 1935 if (val & 0xf) { 1936 qemu_log_mask(LOG_UNIMP, 1937 "lsi_scsi: General purpose timer not implemented\n"); 1938 /* ??? Raising the interrupt immediately seems to be sufficient 1939 to keep the FreeBSD driver happy. */ 1940 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 1941 } 1942 break; 1943 case 0x4a: /* RESPID0 */ 1944 s->respid0 = val; 1945 break; 1946 case 0x4b: /* RESPID1 */ 1947 s->respid1 = val; 1948 break; 1949 case 0x4d: /* STEST1 */ 1950 s->stest1 = val; 1951 break; 1952 case 0x4e: /* STEST2 */ 1953 if (val & 1) { 1954 qemu_log_mask(LOG_UNIMP, 1955 "lsi_scsi: Low level mode not implemented\n"); 1956 } 1957 s->stest2 = val; 1958 break; 1959 case 0x4f: /* STEST3 */ 1960 if (val & 0x41) { 1961 qemu_log_mask(LOG_UNIMP, 1962 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 1963 } 1964 s->stest3 = val; 1965 break; 1966 case 0x56: /* CCNTL0 */ 1967 s->ccntl0 = val; 1968 break; 1969 case 0x57: /* CCNTL1 */ 1970 s->ccntl1 = val; 1971 break; 1972 CASE_SET_REG32(mmrs, 0xa0) 1973 CASE_SET_REG32(mmws, 0xa4) 1974 CASE_SET_REG32(sfs, 0xa8) 1975 CASE_SET_REG32(drs, 0xac) 1976 CASE_SET_REG32(sbms, 0xb0) 1977 CASE_SET_REG32(dbms, 0xb4) 1978 CASE_SET_REG32(dnad64, 0xb8) 1979 CASE_SET_REG32(pmjad1, 0xc0) 1980 CASE_SET_REG32(pmjad2, 0xc4) 1981 CASE_SET_REG32(rbc, 0xc8) 1982 CASE_SET_REG32(ua, 0xcc) 1983 CASE_SET_REG32(ia, 0xd4) 1984 CASE_SET_REG32(sbc, 0xd8) 1985 CASE_SET_REG32(csbc, 0xdc) 1986 default: 1987 if (offset >= 0x5c && offset < 0xa0) { 1988 int n; 1989 int shift; 1990 n = (offset - 0x58) >> 2; 1991 shift = (offset & 3) * 8; 1992 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 1993 } else { 1994 qemu_log_mask(LOG_GUEST_ERROR, 1995 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 1996 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1997 offset, val); 1998 } 1999 } 2000 #undef CASE_SET_REG24 2001 #undef CASE_SET_REG32 2002 } 2003 2004 static void lsi_mmio_write(void *opaque, hwaddr addr, 2005 uint64_t val, unsigned size) 2006 { 2007 LSIState *s = opaque; 2008 2009 lsi_reg_writeb(s, addr & 0xff, val); 2010 } 2011 2012 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2013 unsigned size) 2014 { 2015 LSIState *s = opaque; 2016 2017 return lsi_reg_readb(s, addr & 0xff); 2018 } 2019 2020 static const MemoryRegionOps lsi_mmio_ops = { 2021 .read = lsi_mmio_read, 2022 .write = lsi_mmio_write, 2023 .endianness = DEVICE_NATIVE_ENDIAN, 2024 .impl = { 2025 .min_access_size = 1, 2026 .max_access_size = 1, 2027 }, 2028 }; 2029 2030 static void lsi_ram_write(void *opaque, hwaddr addr, 2031 uint64_t val, unsigned size) 2032 { 2033 LSIState *s = opaque; 2034 uint32_t newval; 2035 uint32_t mask; 2036 int shift; 2037 2038 newval = s->script_ram[addr >> 2]; 2039 shift = (addr & 3) * 8; 2040 mask = ((uint64_t)1 << (size * 8)) - 1; 2041 newval &= ~(mask << shift); 2042 newval |= val << shift; 2043 s->script_ram[addr >> 2] = newval; 2044 } 2045 2046 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2047 unsigned size) 2048 { 2049 LSIState *s = opaque; 2050 uint32_t val; 2051 uint32_t mask; 2052 2053 val = s->script_ram[addr >> 2]; 2054 mask = ((uint64_t)1 << (size * 8)) - 1; 2055 val >>= (addr & 3) * 8; 2056 return val & mask; 2057 } 2058 2059 static const MemoryRegionOps lsi_ram_ops = { 2060 .read = lsi_ram_read, 2061 .write = lsi_ram_write, 2062 .endianness = DEVICE_NATIVE_ENDIAN, 2063 }; 2064 2065 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2066 unsigned size) 2067 { 2068 LSIState *s = opaque; 2069 return lsi_reg_readb(s, addr & 0xff); 2070 } 2071 2072 static void lsi_io_write(void *opaque, hwaddr addr, 2073 uint64_t val, unsigned size) 2074 { 2075 LSIState *s = opaque; 2076 lsi_reg_writeb(s, addr & 0xff, val); 2077 } 2078 2079 static const MemoryRegionOps lsi_io_ops = { 2080 .read = lsi_io_read, 2081 .write = lsi_io_write, 2082 .endianness = DEVICE_NATIVE_ENDIAN, 2083 .impl = { 2084 .min_access_size = 1, 2085 .max_access_size = 1, 2086 }, 2087 }; 2088 2089 static void lsi_scsi_reset(DeviceState *dev) 2090 { 2091 LSIState *s = LSI53C895A(dev); 2092 2093 lsi_soft_reset(s); 2094 } 2095 2096 static int lsi_pre_save(void *opaque) 2097 { 2098 LSIState *s = opaque; 2099 2100 if (s->current) { 2101 assert(s->current->dma_buf == NULL); 2102 assert(s->current->dma_len == 0); 2103 } 2104 assert(QTAILQ_EMPTY(&s->queue)); 2105 2106 return 0; 2107 } 2108 2109 static int lsi_post_load(void *opaque, int version_id) 2110 { 2111 LSIState *s = opaque; 2112 2113 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) { 2114 return -EINVAL; 2115 } 2116 2117 return 0; 2118 } 2119 2120 static const VMStateDescription vmstate_lsi_scsi = { 2121 .name = "lsiscsi", 2122 .version_id = 0, 2123 .minimum_version_id = 0, 2124 .pre_save = lsi_pre_save, 2125 .post_load = lsi_post_load, 2126 .fields = (VMStateField[]) { 2127 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2128 2129 VMSTATE_INT32(carry, LSIState), 2130 VMSTATE_INT32(status, LSIState), 2131 VMSTATE_INT32(msg_action, LSIState), 2132 VMSTATE_INT32(msg_len, LSIState), 2133 VMSTATE_BUFFER(msg, LSIState), 2134 VMSTATE_INT32(waiting, LSIState), 2135 2136 VMSTATE_UINT32(dsa, LSIState), 2137 VMSTATE_UINT32(temp, LSIState), 2138 VMSTATE_UINT32(dnad, LSIState), 2139 VMSTATE_UINT32(dbc, LSIState), 2140 VMSTATE_UINT8(istat0, LSIState), 2141 VMSTATE_UINT8(istat1, LSIState), 2142 VMSTATE_UINT8(dcmd, LSIState), 2143 VMSTATE_UINT8(dstat, LSIState), 2144 VMSTATE_UINT8(dien, LSIState), 2145 VMSTATE_UINT8(sist0, LSIState), 2146 VMSTATE_UINT8(sist1, LSIState), 2147 VMSTATE_UINT8(sien0, LSIState), 2148 VMSTATE_UINT8(sien1, LSIState), 2149 VMSTATE_UINT8(mbox0, LSIState), 2150 VMSTATE_UINT8(mbox1, LSIState), 2151 VMSTATE_UINT8(dfifo, LSIState), 2152 VMSTATE_UINT8(ctest2, LSIState), 2153 VMSTATE_UINT8(ctest3, LSIState), 2154 VMSTATE_UINT8(ctest4, LSIState), 2155 VMSTATE_UINT8(ctest5, LSIState), 2156 VMSTATE_UINT8(ccntl0, LSIState), 2157 VMSTATE_UINT8(ccntl1, LSIState), 2158 VMSTATE_UINT32(dsp, LSIState), 2159 VMSTATE_UINT32(dsps, LSIState), 2160 VMSTATE_UINT8(dmode, LSIState), 2161 VMSTATE_UINT8(dcntl, LSIState), 2162 VMSTATE_UINT8(scntl0, LSIState), 2163 VMSTATE_UINT8(scntl1, LSIState), 2164 VMSTATE_UINT8(scntl2, LSIState), 2165 VMSTATE_UINT8(scntl3, LSIState), 2166 VMSTATE_UINT8(sstat0, LSIState), 2167 VMSTATE_UINT8(sstat1, LSIState), 2168 VMSTATE_UINT8(scid, LSIState), 2169 VMSTATE_UINT8(sxfer, LSIState), 2170 VMSTATE_UINT8(socl, LSIState), 2171 VMSTATE_UINT8(sdid, LSIState), 2172 VMSTATE_UINT8(ssid, LSIState), 2173 VMSTATE_UINT8(sfbr, LSIState), 2174 VMSTATE_UINT8(stest1, LSIState), 2175 VMSTATE_UINT8(stest2, LSIState), 2176 VMSTATE_UINT8(stest3, LSIState), 2177 VMSTATE_UINT8(sidl, LSIState), 2178 VMSTATE_UINT8(stime0, LSIState), 2179 VMSTATE_UINT8(respid0, LSIState), 2180 VMSTATE_UINT8(respid1, LSIState), 2181 VMSTATE_UINT32(mmrs, LSIState), 2182 VMSTATE_UINT32(mmws, LSIState), 2183 VMSTATE_UINT32(sfs, LSIState), 2184 VMSTATE_UINT32(drs, LSIState), 2185 VMSTATE_UINT32(sbms, LSIState), 2186 VMSTATE_UINT32(dbms, LSIState), 2187 VMSTATE_UINT32(dnad64, LSIState), 2188 VMSTATE_UINT32(pmjad1, LSIState), 2189 VMSTATE_UINT32(pmjad2, LSIState), 2190 VMSTATE_UINT32(rbc, LSIState), 2191 VMSTATE_UINT32(ua, LSIState), 2192 VMSTATE_UINT32(ia, LSIState), 2193 VMSTATE_UINT32(sbc, LSIState), 2194 VMSTATE_UINT32(csbc, LSIState), 2195 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2196 VMSTATE_UINT8(sbr, LSIState), 2197 2198 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)), 2199 VMSTATE_END_OF_LIST() 2200 } 2201 }; 2202 2203 static const struct SCSIBusInfo lsi_scsi_info = { 2204 .tcq = true, 2205 .max_target = LSI_MAX_DEVS, 2206 .max_lun = 0, /* LUN support is buggy */ 2207 2208 .transfer_data = lsi_transfer_data, 2209 .complete = lsi_command_complete, 2210 .cancel = lsi_request_cancelled 2211 }; 2212 2213 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2214 { 2215 LSIState *s = LSI53C895A(dev); 2216 DeviceState *d = DEVICE(dev); 2217 uint8_t *pci_conf; 2218 2219 pci_conf = dev->config; 2220 2221 /* PCI latency timer = 255 */ 2222 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2223 /* Interrupt pin A */ 2224 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2225 2226 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2227 "lsi-mmio", 0x400); 2228 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2229 "lsi-ram", 0x2000); 2230 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2231 "lsi-io", 256); 2232 2233 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2234 qdev_init_gpio_out(d, &s->ext_irq, 1); 2235 2236 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2237 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2238 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2239 QTAILQ_INIT(&s->queue); 2240 2241 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2242 } 2243 2244 static void lsi_scsi_unrealize(DeviceState *dev, Error **errp) 2245 { 2246 LSIState *s = LSI53C895A(dev); 2247 2248 address_space_destroy(&s->pci_io_as); 2249 } 2250 2251 static void lsi_class_init(ObjectClass *klass, void *data) 2252 { 2253 DeviceClass *dc = DEVICE_CLASS(klass); 2254 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2255 2256 k->realize = lsi_scsi_realize; 2257 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2258 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2259 k->class_id = PCI_CLASS_STORAGE_SCSI; 2260 k->subsystem_id = 0x1000; 2261 dc->unrealize = lsi_scsi_unrealize; 2262 dc->reset = lsi_scsi_reset; 2263 dc->vmsd = &vmstate_lsi_scsi; 2264 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2265 } 2266 2267 static const TypeInfo lsi_info = { 2268 .name = TYPE_LSI53C895A, 2269 .parent = TYPE_PCI_DEVICE, 2270 .instance_size = sizeof(LSIState), 2271 .class_init = lsi_class_init, 2272 .interfaces = (InterfaceInfo[]) { 2273 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2274 { }, 2275 }, 2276 }; 2277 2278 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2279 { 2280 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2281 2282 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2283 } 2284 2285 static TypeInfo lsi53c810_info = { 2286 .name = TYPE_LSI53C810, 2287 .parent = TYPE_LSI53C895A, 2288 .class_init = lsi53c810_class_init, 2289 }; 2290 2291 static void lsi53c895a_register_types(void) 2292 { 2293 type_register_static(&lsi_info); 2294 type_register_static(&lsi53c810_info); 2295 } 2296 2297 type_init(lsi53c895a_register_types) 2298 2299 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2300 { 2301 LSIState *s = LSI53C895A(lsi_dev); 2302 2303 scsi_bus_legacy_handle_cmdline(&s->bus); 2304 } 2305