1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/irq.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "migration/vmstate.h" 22 #include "sysemu/dma.h" 23 #include "qemu/log.h" 24 #include "qemu/module.h" 25 #include "trace.h" 26 #include "qom/object.h" 27 28 static const char *names[] = { 29 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 30 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 31 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 32 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 33 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 34 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 35 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 36 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 37 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 38 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 39 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 40 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 41 }; 42 43 #define LSI_MAX_DEVS 7 44 45 #define LSI_SCNTL0_TRG 0x01 46 #define LSI_SCNTL0_AAP 0x02 47 #define LSI_SCNTL0_EPC 0x08 48 #define LSI_SCNTL0_WATN 0x10 49 #define LSI_SCNTL0_START 0x20 50 51 #define LSI_SCNTL1_SST 0x01 52 #define LSI_SCNTL1_IARB 0x02 53 #define LSI_SCNTL1_AESP 0x04 54 #define LSI_SCNTL1_RST 0x08 55 #define LSI_SCNTL1_CON 0x10 56 #define LSI_SCNTL1_DHP 0x20 57 #define LSI_SCNTL1_ADB 0x40 58 #define LSI_SCNTL1_EXC 0x80 59 60 #define LSI_SCNTL2_WSR 0x01 61 #define LSI_SCNTL2_VUE0 0x02 62 #define LSI_SCNTL2_VUE1 0x04 63 #define LSI_SCNTL2_WSS 0x08 64 #define LSI_SCNTL2_SLPHBEN 0x10 65 #define LSI_SCNTL2_SLPMD 0x20 66 #define LSI_SCNTL2_CHM 0x40 67 #define LSI_SCNTL2_SDU 0x80 68 69 #define LSI_ISTAT0_DIP 0x01 70 #define LSI_ISTAT0_SIP 0x02 71 #define LSI_ISTAT0_INTF 0x04 72 #define LSI_ISTAT0_CON 0x08 73 #define LSI_ISTAT0_SEM 0x10 74 #define LSI_ISTAT0_SIGP 0x20 75 #define LSI_ISTAT0_SRST 0x40 76 #define LSI_ISTAT0_ABRT 0x80 77 78 #define LSI_ISTAT1_SI 0x01 79 #define LSI_ISTAT1_SRUN 0x02 80 #define LSI_ISTAT1_FLSH 0x04 81 82 #define LSI_SSTAT0_SDP0 0x01 83 #define LSI_SSTAT0_RST 0x02 84 #define LSI_SSTAT0_WOA 0x04 85 #define LSI_SSTAT0_LOA 0x08 86 #define LSI_SSTAT0_AIP 0x10 87 #define LSI_SSTAT0_OLF 0x20 88 #define LSI_SSTAT0_ORF 0x40 89 #define LSI_SSTAT0_ILF 0x80 90 91 #define LSI_SIST0_PAR 0x01 92 #define LSI_SIST0_RST 0x02 93 #define LSI_SIST0_UDC 0x04 94 #define LSI_SIST0_SGE 0x08 95 #define LSI_SIST0_RSL 0x10 96 #define LSI_SIST0_SEL 0x20 97 #define LSI_SIST0_CMP 0x40 98 #define LSI_SIST0_MA 0x80 99 100 #define LSI_SIST1_HTH 0x01 101 #define LSI_SIST1_GEN 0x02 102 #define LSI_SIST1_STO 0x04 103 #define LSI_SIST1_SBMC 0x10 104 105 #define LSI_SOCL_IO 0x01 106 #define LSI_SOCL_CD 0x02 107 #define LSI_SOCL_MSG 0x04 108 #define LSI_SOCL_ATN 0x08 109 #define LSI_SOCL_SEL 0x10 110 #define LSI_SOCL_BSY 0x20 111 #define LSI_SOCL_ACK 0x40 112 #define LSI_SOCL_REQ 0x80 113 114 #define LSI_DSTAT_IID 0x01 115 #define LSI_DSTAT_SIR 0x04 116 #define LSI_DSTAT_SSI 0x08 117 #define LSI_DSTAT_ABRT 0x10 118 #define LSI_DSTAT_BF 0x20 119 #define LSI_DSTAT_MDPE 0x40 120 #define LSI_DSTAT_DFE 0x80 121 122 #define LSI_DCNTL_COM 0x01 123 #define LSI_DCNTL_IRQD 0x02 124 #define LSI_DCNTL_STD 0x04 125 #define LSI_DCNTL_IRQM 0x08 126 #define LSI_DCNTL_SSM 0x10 127 #define LSI_DCNTL_PFEN 0x20 128 #define LSI_DCNTL_PFF 0x40 129 #define LSI_DCNTL_CLSE 0x80 130 131 #define LSI_DMODE_MAN 0x01 132 #define LSI_DMODE_BOF 0x02 133 #define LSI_DMODE_ERMP 0x04 134 #define LSI_DMODE_ERL 0x08 135 #define LSI_DMODE_DIOM 0x10 136 #define LSI_DMODE_SIOM 0x20 137 138 #define LSI_CTEST2_DACK 0x01 139 #define LSI_CTEST2_DREQ 0x02 140 #define LSI_CTEST2_TEOP 0x04 141 #define LSI_CTEST2_PCICIE 0x08 142 #define LSI_CTEST2_CM 0x10 143 #define LSI_CTEST2_CIO 0x20 144 #define LSI_CTEST2_SIGP 0x40 145 #define LSI_CTEST2_DDIR 0x80 146 147 #define LSI_CTEST5_BL2 0x04 148 #define LSI_CTEST5_DDIR 0x08 149 #define LSI_CTEST5_MASR 0x10 150 #define LSI_CTEST5_DFSN 0x20 151 #define LSI_CTEST5_BBCK 0x40 152 #define LSI_CTEST5_ADCK 0x80 153 154 #define LSI_CCNTL0_DILS 0x01 155 #define LSI_CCNTL0_DISFC 0x10 156 #define LSI_CCNTL0_ENNDJ 0x20 157 #define LSI_CCNTL0_PMJCTL 0x40 158 #define LSI_CCNTL0_ENPMJ 0x80 159 160 #define LSI_CCNTL1_EN64DBMV 0x01 161 #define LSI_CCNTL1_EN64TIBMV 0x02 162 #define LSI_CCNTL1_64TIMOD 0x04 163 #define LSI_CCNTL1_DDAC 0x08 164 #define LSI_CCNTL1_ZMOD 0x80 165 166 #define LSI_SBCL_ATN 0x08 167 #define LSI_SBCL_BSY 0x20 168 #define LSI_SBCL_ACK 0x40 169 #define LSI_SBCL_REQ 0x80 170 171 /* Enable Response to Reselection */ 172 #define LSI_SCID_RRE 0x60 173 174 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 175 176 #define PHASE_DO 0 177 #define PHASE_DI 1 178 #define PHASE_CMD 2 179 #define PHASE_ST 3 180 #define PHASE_MO 6 181 #define PHASE_MI 7 182 #define PHASE_MASK 7 183 184 /* Maximum length of MSG IN data. */ 185 #define LSI_MAX_MSGIN_LEN 8 186 187 /* Flag set if this is a tagged command. */ 188 #define LSI_TAG_VALID (1 << 16) 189 190 /* Maximum instructions to process. */ 191 #define LSI_MAX_INSN 10000 192 193 typedef struct lsi_request { 194 SCSIRequest *req; 195 uint32_t tag; 196 uint32_t dma_len; 197 uint8_t *dma_buf; 198 uint32_t pending; 199 int out; 200 QTAILQ_ENTRY(lsi_request) next; 201 } lsi_request; 202 203 enum { 204 LSI_NOWAIT, /* SCRIPTS are running or stopped */ 205 LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */ 206 LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */ 207 LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */ 208 }; 209 210 enum { 211 LSI_MSG_ACTION_COMMAND = 0, 212 LSI_MSG_ACTION_DISCONNECT = 1, 213 LSI_MSG_ACTION_DOUT = 2, 214 LSI_MSG_ACTION_DIN = 3, 215 }; 216 217 struct LSIState { 218 /*< private >*/ 219 PCIDevice parent_obj; 220 /*< public >*/ 221 222 qemu_irq ext_irq; 223 MemoryRegion mmio_io; 224 MemoryRegion ram_io; 225 MemoryRegion io_io; 226 AddressSpace pci_io_as; 227 228 int carry; /* ??? Should this be an a visible register somewhere? */ 229 int status; 230 int msg_action; 231 int msg_len; 232 uint8_t msg[LSI_MAX_MSGIN_LEN]; 233 int waiting; 234 SCSIBus bus; 235 int current_lun; 236 /* The tag is a combination of the device ID and the SCSI tag. */ 237 uint32_t select_tag; 238 int command_complete; 239 QTAILQ_HEAD(, lsi_request) queue; 240 lsi_request *current; 241 242 uint32_t dsa; 243 uint32_t temp; 244 uint32_t dnad; 245 uint32_t dbc; 246 uint8_t istat0; 247 uint8_t istat1; 248 uint8_t dcmd; 249 uint8_t dstat; 250 uint8_t dien; 251 uint8_t sist0; 252 uint8_t sist1; 253 uint8_t sien0; 254 uint8_t sien1; 255 uint8_t mbox0; 256 uint8_t mbox1; 257 uint8_t dfifo; 258 uint8_t ctest2; 259 uint8_t ctest3; 260 uint8_t ctest4; 261 uint8_t ctest5; 262 uint8_t ccntl0; 263 uint8_t ccntl1; 264 uint32_t dsp; 265 uint32_t dsps; 266 uint8_t dmode; 267 uint8_t dcntl; 268 uint8_t scntl0; 269 uint8_t scntl1; 270 uint8_t scntl2; 271 uint8_t scntl3; 272 uint8_t sstat0; 273 uint8_t sstat1; 274 uint8_t scid; 275 uint8_t sxfer; 276 uint8_t socl; 277 uint8_t sdid; 278 uint8_t ssid; 279 uint8_t sfbr; 280 uint8_t sbcl; 281 uint8_t stest1; 282 uint8_t stest2; 283 uint8_t stest3; 284 uint8_t sidl; 285 uint8_t stime0; 286 uint8_t respid0; 287 uint8_t respid1; 288 uint32_t mmrs; 289 uint32_t mmws; 290 uint32_t sfs; 291 uint32_t drs; 292 uint32_t sbms; 293 uint32_t dbms; 294 uint32_t dnad64; 295 uint32_t pmjad1; 296 uint32_t pmjad2; 297 uint32_t rbc; 298 uint32_t ua; 299 uint32_t ia; 300 uint32_t sbc; 301 uint32_t csbc; 302 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 303 uint8_t sbr; 304 uint32_t adder; 305 306 uint8_t script_ram[2048 * sizeof(uint32_t)]; 307 }; 308 309 #define TYPE_LSI53C810 "lsi53c810" 310 #define TYPE_LSI53C895A "lsi53c895a" 311 312 OBJECT_DECLARE_SIMPLE_TYPE(LSIState, LSI53C895A) 313 314 static const char *scsi_phases[] = { 315 "DOUT", 316 "DIN", 317 "CMD", 318 "STATUS", 319 "RSVOUT", 320 "RSVIN", 321 "MSGOUT", 322 "MSGIN" 323 }; 324 325 static const char *scsi_phase_name(int phase) 326 { 327 return scsi_phases[phase & PHASE_MASK]; 328 } 329 330 static inline int lsi_irq_on_rsl(LSIState *s) 331 { 332 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 333 } 334 335 static lsi_request *get_pending_req(LSIState *s) 336 { 337 lsi_request *p; 338 339 QTAILQ_FOREACH(p, &s->queue, next) { 340 if (p->pending) { 341 return p; 342 } 343 } 344 return NULL; 345 } 346 347 static void lsi_soft_reset(LSIState *s) 348 { 349 trace_lsi_reset(); 350 s->carry = 0; 351 352 s->msg_action = LSI_MSG_ACTION_COMMAND; 353 s->msg_len = 0; 354 s->waiting = LSI_NOWAIT; 355 s->dsa = 0; 356 s->dnad = 0; 357 s->dbc = 0; 358 s->temp = 0; 359 memset(s->scratch, 0, sizeof(s->scratch)); 360 s->istat0 = 0; 361 s->istat1 = 0; 362 s->dcmd = 0x40; 363 s->dstat = 0; 364 s->dien = 0; 365 s->sist0 = 0; 366 s->sist1 = 0; 367 s->sien0 = 0; 368 s->sien1 = 0; 369 s->mbox0 = 0; 370 s->mbox1 = 0; 371 s->dfifo = 0; 372 s->ctest2 = LSI_CTEST2_DACK; 373 s->ctest3 = 0; 374 s->ctest4 = 0; 375 s->ctest5 = 0; 376 s->ccntl0 = 0; 377 s->ccntl1 = 0; 378 s->dsp = 0; 379 s->dsps = 0; 380 s->dmode = 0; 381 s->dcntl = 0; 382 s->scntl0 = 0xc0; 383 s->scntl1 = 0; 384 s->scntl2 = 0; 385 s->scntl3 = 0; 386 s->sstat0 = 0; 387 s->sstat1 = 0; 388 s->scid = 7; 389 s->sxfer = 0; 390 s->socl = 0; 391 s->sdid = 0; 392 s->ssid = 0; 393 s->sbcl = 0; 394 s->stest1 = 0; 395 s->stest2 = 0; 396 s->stest3 = 0; 397 s->sidl = 0; 398 s->stime0 = 0; 399 s->respid0 = 0x80; 400 s->respid1 = 0; 401 s->mmrs = 0; 402 s->mmws = 0; 403 s->sfs = 0; 404 s->drs = 0; 405 s->sbms = 0; 406 s->dbms = 0; 407 s->dnad64 = 0; 408 s->pmjad1 = 0; 409 s->pmjad2 = 0; 410 s->rbc = 0; 411 s->ua = 0; 412 s->ia = 0; 413 s->sbc = 0; 414 s->csbc = 0; 415 s->sbr = 0; 416 assert(QTAILQ_EMPTY(&s->queue)); 417 assert(!s->current); 418 } 419 420 static int lsi_dma_40bit(LSIState *s) 421 { 422 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 423 return 1; 424 return 0; 425 } 426 427 static int lsi_dma_ti64bit(LSIState *s) 428 { 429 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 430 return 1; 431 return 0; 432 } 433 434 static int lsi_dma_64bit(LSIState *s) 435 { 436 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 437 return 1; 438 return 0; 439 } 440 441 static uint8_t lsi_reg_readb(LSIState *s, int offset); 442 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 443 static void lsi_execute_script(LSIState *s); 444 static void lsi_reselect(LSIState *s, lsi_request *p); 445 446 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 447 void *buf, dma_addr_t len) 448 { 449 if (s->dmode & LSI_DMODE_SIOM) { 450 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 451 buf, len); 452 } else { 453 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 454 } 455 } 456 457 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 458 const void *buf, dma_addr_t len) 459 { 460 if (s->dmode & LSI_DMODE_DIOM) { 461 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 462 buf, len); 463 } else { 464 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 465 } 466 } 467 468 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 469 { 470 uint32_t buf; 471 472 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 473 return cpu_to_le32(buf); 474 } 475 476 static void lsi_stop_script(LSIState *s) 477 { 478 s->istat1 &= ~LSI_ISTAT1_SRUN; 479 } 480 481 static void lsi_set_irq(LSIState *s, int level) 482 { 483 PCIDevice *d = PCI_DEVICE(s); 484 485 if (s->ext_irq) { 486 qemu_set_irq(s->ext_irq, level); 487 } else { 488 pci_set_irq(d, level); 489 } 490 } 491 492 static void lsi_update_irq(LSIState *s) 493 { 494 int level; 495 static int last_level; 496 497 /* It's unclear whether the DIP/SIP bits should be cleared when the 498 Interrupt Status Registers are cleared or when istat0 is read. 499 We currently do the formwer, which seems to work. */ 500 level = 0; 501 if (s->dstat) { 502 if (s->dstat & s->dien) 503 level = 1; 504 s->istat0 |= LSI_ISTAT0_DIP; 505 } else { 506 s->istat0 &= ~LSI_ISTAT0_DIP; 507 } 508 509 if (s->sist0 || s->sist1) { 510 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 511 level = 1; 512 s->istat0 |= LSI_ISTAT0_SIP; 513 } else { 514 s->istat0 &= ~LSI_ISTAT0_SIP; 515 } 516 if (s->istat0 & LSI_ISTAT0_INTF) 517 level = 1; 518 519 if (level != last_level) { 520 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 521 last_level = level; 522 } 523 lsi_set_irq(s, level); 524 525 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 526 lsi_request *p; 527 528 trace_lsi_update_irq_disconnected(); 529 p = get_pending_req(s); 530 if (p) { 531 lsi_reselect(s, p); 532 } 533 } 534 } 535 536 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 537 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 538 { 539 uint32_t mask0; 540 uint32_t mask1; 541 542 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 543 s->sist0 |= stat0; 544 s->sist1 |= stat1; 545 /* Stop processor on fatal or unmasked interrupt. As a special hack 546 we don't stop processing when raising STO. Instead continue 547 execution and stop at the next insn that accesses the SCSI bus. */ 548 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 549 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 550 mask1 &= ~LSI_SIST1_STO; 551 if (s->sist0 & mask0 || s->sist1 & mask1) { 552 lsi_stop_script(s); 553 } 554 lsi_update_irq(s); 555 } 556 557 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 558 static void lsi_script_dma_interrupt(LSIState *s, int stat) 559 { 560 trace_lsi_script_dma_interrupt(stat, s->dstat); 561 s->dstat |= stat; 562 lsi_update_irq(s); 563 lsi_stop_script(s); 564 } 565 566 static inline void lsi_set_phase(LSIState *s, int phase) 567 { 568 s->sbcl &= ~PHASE_MASK; 569 s->sbcl |= phase | LSI_SBCL_REQ; 570 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 571 } 572 573 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 574 { 575 /* Trigger a phase mismatch. */ 576 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 577 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 578 s->dsp = out ? s->pmjad1 : s->pmjad2; 579 } else { 580 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 581 } 582 trace_lsi_bad_phase_jump(s->dsp); 583 } else { 584 trace_lsi_bad_phase_interrupt(); 585 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 586 lsi_stop_script(s); 587 } 588 lsi_set_phase(s, new_phase); 589 } 590 591 592 /* Resume SCRIPTS execution after a DMA operation. */ 593 static void lsi_resume_script(LSIState *s) 594 { 595 if (s->waiting != 2) { 596 s->waiting = LSI_NOWAIT; 597 lsi_execute_script(s); 598 } else { 599 s->waiting = LSI_NOWAIT; 600 } 601 } 602 603 static void lsi_disconnect(LSIState *s) 604 { 605 s->scntl1 &= ~LSI_SCNTL1_CON; 606 s->sstat1 &= ~PHASE_MASK; 607 s->sbcl = 0; 608 } 609 610 static void lsi_bad_selection(LSIState *s, uint32_t id) 611 { 612 trace_lsi_bad_selection(id); 613 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 614 lsi_disconnect(s); 615 } 616 617 /* Initiate a SCSI layer data transfer. */ 618 static void lsi_do_dma(LSIState *s, int out) 619 { 620 uint32_t count; 621 dma_addr_t addr; 622 SCSIDevice *dev; 623 624 if (!s->current || !s->current->dma_len) { 625 /* Wait until data is available. */ 626 trace_lsi_do_dma_unavailable(); 627 return; 628 } 629 630 dev = s->current->req->dev; 631 assert(dev); 632 633 count = s->dbc; 634 if (count > s->current->dma_len) 635 count = s->current->dma_len; 636 637 addr = s->dnad; 638 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 639 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 640 addr |= ((uint64_t)s->dnad64 << 32); 641 else if (s->dbms) 642 addr |= ((uint64_t)s->dbms << 32); 643 else if (s->sbms) 644 addr |= ((uint64_t)s->sbms << 32); 645 646 trace_lsi_do_dma(addr, count); 647 s->csbc += count; 648 s->dnad += count; 649 s->dbc -= count; 650 if (s->current->dma_buf == NULL) { 651 s->current->dma_buf = scsi_req_get_buf(s->current->req); 652 } 653 /* ??? Set SFBR to first data byte. */ 654 if (out) { 655 lsi_mem_read(s, addr, s->current->dma_buf, count); 656 } else { 657 lsi_mem_write(s, addr, s->current->dma_buf, count); 658 } 659 s->current->dma_len -= count; 660 if (s->current->dma_len == 0) { 661 s->current->dma_buf = NULL; 662 scsi_req_continue(s->current->req); 663 } else { 664 s->current->dma_buf += count; 665 lsi_resume_script(s); 666 } 667 } 668 669 670 /* Add a command to the queue. */ 671 static void lsi_queue_command(LSIState *s) 672 { 673 lsi_request *p = s->current; 674 675 trace_lsi_queue_command(p->tag); 676 assert(s->current != NULL); 677 assert(s->current->dma_len == 0); 678 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 679 s->current = NULL; 680 681 p->pending = 0; 682 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 683 } 684 685 /* Queue a byte for a MSG IN phase. */ 686 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 687 { 688 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 689 trace_lsi_add_msg_byte_error(); 690 } else { 691 trace_lsi_add_msg_byte(data); 692 s->msg[s->msg_len++] = data; 693 } 694 } 695 696 /* Perform reselection to continue a command. */ 697 static void lsi_reselect(LSIState *s, lsi_request *p) 698 { 699 int id; 700 701 assert(s->current == NULL); 702 QTAILQ_REMOVE(&s->queue, p, next); 703 s->current = p; 704 705 id = (p->tag >> 8) & 0xf; 706 s->ssid = id | 0x80; 707 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 708 if (!(s->dcntl & LSI_DCNTL_COM)) { 709 s->sfbr = 1 << (id & 0x7); 710 } 711 trace_lsi_reselect(id); 712 s->scntl1 |= LSI_SCNTL1_CON; 713 lsi_set_phase(s, PHASE_MI); 714 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN; 715 s->current->dma_len = p->pending; 716 lsi_add_msg_byte(s, 0x80); 717 if (s->current->tag & LSI_TAG_VALID) { 718 lsi_add_msg_byte(s, 0x20); 719 lsi_add_msg_byte(s, p->tag & 0xff); 720 } 721 722 if (lsi_irq_on_rsl(s)) { 723 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 724 } 725 } 726 727 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 728 { 729 lsi_request *p; 730 731 QTAILQ_FOREACH(p, &s->queue, next) { 732 if (p->tag == tag) { 733 return p; 734 } 735 } 736 737 return NULL; 738 } 739 740 static void lsi_request_free(LSIState *s, lsi_request *p) 741 { 742 if (p == s->current) { 743 s->current = NULL; 744 } else { 745 QTAILQ_REMOVE(&s->queue, p, next); 746 } 747 g_free(p); 748 } 749 750 static void lsi_request_cancelled(SCSIRequest *req) 751 { 752 LSIState *s = LSI53C895A(req->bus->qbus.parent); 753 lsi_request *p = req->hba_private; 754 755 req->hba_private = NULL; 756 lsi_request_free(s, p); 757 scsi_req_unref(req); 758 } 759 760 /* Record that data is available for a queued command. Returns zero if 761 the device was reselected, nonzero if the IO is deferred. */ 762 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 763 { 764 lsi_request *p = req->hba_private; 765 766 if (p->pending) { 767 trace_lsi_queue_req_error(p); 768 } 769 p->pending = len; 770 /* Reselect if waiting for it, or if reselection triggers an IRQ 771 and the bus is free. 772 Since no interrupt stacking is implemented in the emulation, it 773 is also required that there are no pending interrupts waiting 774 for service from the device driver. */ 775 if (s->waiting == LSI_WAIT_RESELECT || 776 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 777 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 778 /* Reselect device. */ 779 lsi_reselect(s, p); 780 return 0; 781 } else { 782 trace_lsi_queue_req(p->tag); 783 p->pending = len; 784 return 1; 785 } 786 } 787 788 /* Callback to indicate that the SCSI layer has completed a command. */ 789 static void lsi_command_complete(SCSIRequest *req, size_t resid) 790 { 791 LSIState *s = LSI53C895A(req->bus->qbus.parent); 792 int out; 793 794 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 795 trace_lsi_command_complete(req->status); 796 s->status = req->status; 797 s->command_complete = 2; 798 if (s->waiting && s->dbc != 0) { 799 /* Raise phase mismatch for short transfers. */ 800 lsi_bad_phase(s, out, PHASE_ST); 801 } else { 802 lsi_set_phase(s, PHASE_ST); 803 } 804 805 if (req->hba_private == s->current) { 806 req->hba_private = NULL; 807 lsi_request_free(s, s->current); 808 scsi_req_unref(req); 809 } 810 lsi_resume_script(s); 811 } 812 813 /* Callback to indicate that the SCSI layer has completed a transfer. */ 814 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 815 { 816 LSIState *s = LSI53C895A(req->bus->qbus.parent); 817 int out; 818 819 assert(req->hba_private); 820 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current || 821 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 822 if (lsi_queue_req(s, req, len)) { 823 return; 824 } 825 } 826 827 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 828 829 /* host adapter (re)connected */ 830 trace_lsi_transfer_data(req->tag, len); 831 s->current->dma_len = len; 832 s->command_complete = 1; 833 if (s->waiting) { 834 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) { 835 lsi_resume_script(s); 836 } else { 837 lsi_do_dma(s, out); 838 } 839 } 840 } 841 842 static void lsi_do_command(LSIState *s) 843 { 844 SCSIDevice *dev; 845 uint8_t buf[16]; 846 uint32_t id; 847 int n; 848 849 trace_lsi_do_command(s->dbc); 850 if (s->dbc > 16) 851 s->dbc = 16; 852 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 853 s->sfbr = buf[0]; 854 s->command_complete = 0; 855 856 id = (s->select_tag >> 8) & 0xf; 857 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 858 if (!dev) { 859 lsi_bad_selection(s, id); 860 return; 861 } 862 863 assert(s->current == NULL); 864 s->current = g_new0(lsi_request, 1); 865 s->current->tag = s->select_tag; 866 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 867 s->current); 868 869 n = scsi_req_enqueue(s->current->req); 870 if (n) { 871 if (n > 0) { 872 lsi_set_phase(s, PHASE_DI); 873 } else if (n < 0) { 874 lsi_set_phase(s, PHASE_DO); 875 } 876 scsi_req_continue(s->current->req); 877 } 878 if (!s->command_complete) { 879 if (n) { 880 /* Command did not complete immediately so disconnect. */ 881 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 882 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 883 /* wait data */ 884 lsi_set_phase(s, PHASE_MI); 885 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 886 lsi_queue_command(s); 887 } else { 888 /* wait command complete */ 889 lsi_set_phase(s, PHASE_DI); 890 } 891 } 892 } 893 894 static void lsi_do_status(LSIState *s) 895 { 896 uint8_t status; 897 trace_lsi_do_status(s->dbc, s->status); 898 if (s->dbc != 1) { 899 trace_lsi_do_status_error(); 900 } 901 s->dbc = 1; 902 status = s->status; 903 s->sfbr = status; 904 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 905 lsi_set_phase(s, PHASE_MI); 906 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 907 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 908 } 909 910 static void lsi_do_msgin(LSIState *s) 911 { 912 uint8_t len; 913 trace_lsi_do_msgin(s->dbc, s->msg_len); 914 s->sfbr = s->msg[0]; 915 len = s->msg_len; 916 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN); 917 if (len > s->dbc) 918 len = s->dbc; 919 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 920 /* Linux drivers rely on the last byte being in the SIDL. */ 921 s->sidl = s->msg[len - 1]; 922 s->msg_len -= len; 923 if (s->msg_len) { 924 memmove(s->msg, s->msg + len, s->msg_len); 925 } else { 926 /* ??? Check if ATN (not yet implemented) is asserted and maybe 927 switch to PHASE_MO. */ 928 switch (s->msg_action) { 929 case LSI_MSG_ACTION_COMMAND: 930 lsi_set_phase(s, PHASE_CMD); 931 break; 932 case LSI_MSG_ACTION_DISCONNECT: 933 lsi_disconnect(s); 934 break; 935 case LSI_MSG_ACTION_DOUT: 936 lsi_set_phase(s, PHASE_DO); 937 break; 938 case LSI_MSG_ACTION_DIN: 939 lsi_set_phase(s, PHASE_DI); 940 break; 941 default: 942 abort(); 943 } 944 } 945 } 946 947 /* Read the next byte during a MSGOUT phase. */ 948 static uint8_t lsi_get_msgbyte(LSIState *s) 949 { 950 uint8_t data; 951 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 952 s->dnad++; 953 s->dbc--; 954 return data; 955 } 956 957 /* Skip the next n bytes during a MSGOUT phase. */ 958 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 959 { 960 s->dnad += n; 961 s->dbc -= n; 962 } 963 964 static void lsi_do_msgout(LSIState *s) 965 { 966 uint8_t msg; 967 int len; 968 uint32_t current_tag; 969 lsi_request *current_req, *p, *p_next; 970 971 if (s->current) { 972 current_tag = s->current->tag; 973 current_req = s->current; 974 } else { 975 current_tag = s->select_tag; 976 current_req = lsi_find_by_tag(s, current_tag); 977 } 978 979 trace_lsi_do_msgout(s->dbc); 980 while (s->dbc) { 981 msg = lsi_get_msgbyte(s); 982 s->sfbr = msg; 983 984 switch (msg) { 985 case 0x04: 986 trace_lsi_do_msgout_disconnect(); 987 lsi_disconnect(s); 988 break; 989 case 0x08: 990 trace_lsi_do_msgout_noop(); 991 lsi_set_phase(s, PHASE_CMD); 992 break; 993 case 0x01: 994 len = lsi_get_msgbyte(s); 995 msg = lsi_get_msgbyte(s); 996 (void)len; /* avoid a warning about unused variable*/ 997 trace_lsi_do_msgout_extended(msg, len); 998 switch (msg) { 999 case 1: 1000 trace_lsi_do_msgout_ignored("SDTR"); 1001 lsi_skip_msgbytes(s, 2); 1002 break; 1003 case 3: 1004 trace_lsi_do_msgout_ignored("WDTR"); 1005 lsi_skip_msgbytes(s, 1); 1006 break; 1007 case 4: 1008 trace_lsi_do_msgout_ignored("PPR"); 1009 lsi_skip_msgbytes(s, 5); 1010 break; 1011 default: 1012 goto bad; 1013 } 1014 break; 1015 case 0x20: /* SIMPLE queue */ 1016 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1017 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 1018 break; 1019 case 0x21: /* HEAD of queue */ 1020 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 1021 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1022 break; 1023 case 0x22: /* ORDERED queue */ 1024 qemu_log_mask(LOG_UNIMP, 1025 "lsi_scsi: ORDERED queue not implemented\n"); 1026 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1027 break; 1028 case 0x0d: 1029 /* The ABORT TAG message clears the current I/O process only. */ 1030 trace_lsi_do_msgout_abort(current_tag); 1031 if (current_req) { 1032 scsi_req_cancel(current_req->req); 1033 } 1034 lsi_disconnect(s); 1035 break; 1036 case 0x06: 1037 case 0x0e: 1038 case 0x0c: 1039 /* The ABORT message clears all I/O processes for the selecting 1040 initiator on the specified logical unit of the target. */ 1041 if (msg == 0x06) { 1042 trace_lsi_do_msgout_abort(current_tag); 1043 } 1044 /* The CLEAR QUEUE message clears all I/O processes for all 1045 initiators on the specified logical unit of the target. */ 1046 if (msg == 0x0e) { 1047 trace_lsi_do_msgout_clearqueue(current_tag); 1048 } 1049 /* The BUS DEVICE RESET message clears all I/O processes for all 1050 initiators on all logical units of the target. */ 1051 if (msg == 0x0c) { 1052 trace_lsi_do_msgout_busdevicereset(current_tag); 1053 } 1054 1055 /* clear the current I/O process */ 1056 if (s->current) { 1057 scsi_req_cancel(s->current->req); 1058 } 1059 1060 /* As the current implemented devices scsi_disk and scsi_generic 1061 only support one LUN, we don't need to keep track of LUNs. 1062 Clearing I/O processes for other initiators could be possible 1063 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1064 device, but this is currently not implemented (and seems not 1065 to be really necessary). So let's simply clear all queued 1066 commands for the current device: */ 1067 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1068 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1069 scsi_req_cancel(p->req); 1070 } 1071 } 1072 1073 lsi_disconnect(s); 1074 break; 1075 default: 1076 if ((msg & 0x80) == 0) { 1077 goto bad; 1078 } 1079 s->current_lun = msg & 7; 1080 trace_lsi_do_msgout_select(s->current_lun); 1081 lsi_set_phase(s, PHASE_CMD); 1082 break; 1083 } 1084 } 1085 return; 1086 bad: 1087 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1088 lsi_set_phase(s, PHASE_MI); 1089 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1090 s->msg_action = LSI_MSG_ACTION_COMMAND; 1091 } 1092 1093 #define LSI_BUF_SIZE 4096 1094 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1095 { 1096 int n; 1097 uint8_t buf[LSI_BUF_SIZE]; 1098 1099 trace_lsi_memcpy(dest, src, count); 1100 while (count) { 1101 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1102 lsi_mem_read(s, src, buf, n); 1103 lsi_mem_write(s, dest, buf, n); 1104 src += n; 1105 dest += n; 1106 count -= n; 1107 } 1108 } 1109 1110 static void lsi_wait_reselect(LSIState *s) 1111 { 1112 lsi_request *p; 1113 1114 trace_lsi_wait_reselect(); 1115 1116 if (s->current) { 1117 return; 1118 } 1119 p = get_pending_req(s); 1120 if (p) { 1121 lsi_reselect(s, p); 1122 } 1123 if (s->current == NULL) { 1124 s->waiting = LSI_WAIT_RESELECT; 1125 } 1126 } 1127 1128 static void lsi_execute_script(LSIState *s) 1129 { 1130 PCIDevice *pci_dev = PCI_DEVICE(s); 1131 uint32_t insn; 1132 uint32_t addr, addr_high; 1133 int opcode; 1134 int insn_processed = 0; 1135 1136 s->istat1 |= LSI_ISTAT1_SRUN; 1137 again: 1138 if (++insn_processed > LSI_MAX_INSN) { 1139 /* Some windows drivers make the device spin waiting for a memory 1140 location to change. If we have been executed a lot of code then 1141 assume this is the case and force an unexpected device disconnect. 1142 This is apparently sufficient to beat the drivers into submission. 1143 */ 1144 if (!(s->sien0 & LSI_SIST0_UDC)) { 1145 qemu_log_mask(LOG_GUEST_ERROR, 1146 "lsi_scsi: inf. loop with UDC masked"); 1147 } 1148 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1149 lsi_disconnect(s); 1150 trace_lsi_execute_script_stop(); 1151 return; 1152 } 1153 insn = read_dword(s, s->dsp); 1154 if (!insn) { 1155 /* If we receive an empty opcode increment the DSP by 4 bytes 1156 instead of 8 and execute the next opcode at that location */ 1157 s->dsp += 4; 1158 goto again; 1159 } 1160 addr = read_dword(s, s->dsp + 4); 1161 addr_high = 0; 1162 trace_lsi_execute_script(s->dsp, insn, addr); 1163 s->dsps = addr; 1164 s->dcmd = insn >> 24; 1165 s->dsp += 8; 1166 switch (insn >> 30) { 1167 case 0: /* Block move. */ 1168 if (s->sist1 & LSI_SIST1_STO) { 1169 trace_lsi_execute_script_blockmove_delayed(); 1170 lsi_stop_script(s); 1171 break; 1172 } 1173 s->dbc = insn & 0xffffff; 1174 s->rbc = s->dbc; 1175 /* ??? Set ESA. */ 1176 s->ia = s->dsp - 8; 1177 if (insn & (1 << 29)) { 1178 /* Indirect addressing. */ 1179 addr = read_dword(s, addr); 1180 } else if (insn & (1 << 28)) { 1181 uint32_t buf[2]; 1182 int32_t offset; 1183 /* Table indirect addressing. */ 1184 1185 /* 32-bit Table indirect */ 1186 offset = sextract32(addr, 0, 24); 1187 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1188 /* byte count is stored in bits 0:23 only */ 1189 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1190 s->rbc = s->dbc; 1191 addr = cpu_to_le32(buf[1]); 1192 1193 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1194 * table, bits [31:24] */ 1195 if (lsi_dma_40bit(s)) 1196 addr_high = cpu_to_le32(buf[0]) >> 24; 1197 else if (lsi_dma_ti64bit(s)) { 1198 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1199 switch (selector) { 1200 case 0 ... 0x0f: 1201 /* offset index into scratch registers since 1202 * TI64 mode can use registers C to R */ 1203 addr_high = s->scratch[2 + selector]; 1204 break; 1205 case 0x10: 1206 addr_high = s->mmrs; 1207 break; 1208 case 0x11: 1209 addr_high = s->mmws; 1210 break; 1211 case 0x12: 1212 addr_high = s->sfs; 1213 break; 1214 case 0x13: 1215 addr_high = s->drs; 1216 break; 1217 case 0x14: 1218 addr_high = s->sbms; 1219 break; 1220 case 0x15: 1221 addr_high = s->dbms; 1222 break; 1223 default: 1224 qemu_log_mask(LOG_GUEST_ERROR, 1225 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1226 "for 64-bit DMA block move", selector); 1227 break; 1228 } 1229 } 1230 } else if (lsi_dma_64bit(s)) { 1231 /* fetch a 3rd dword if 64-bit direct move is enabled and 1232 only if we're not doing table indirect or indirect addressing */ 1233 s->dbms = read_dword(s, s->dsp); 1234 s->dsp += 4; 1235 s->ia = s->dsp - 12; 1236 } 1237 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1238 trace_lsi_execute_script_blockmove_badphase( 1239 scsi_phase_name(s->sstat1), 1240 scsi_phase_name(insn >> 24)); 1241 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1242 break; 1243 } 1244 s->dnad = addr; 1245 s->dnad64 = addr_high; 1246 switch (s->sstat1 & 0x7) { 1247 case PHASE_DO: 1248 s->waiting = LSI_DMA_SCRIPTS; 1249 lsi_do_dma(s, 1); 1250 if (s->waiting) 1251 s->waiting = LSI_DMA_IN_PROGRESS; 1252 break; 1253 case PHASE_DI: 1254 s->waiting = LSI_DMA_SCRIPTS; 1255 lsi_do_dma(s, 0); 1256 if (s->waiting) 1257 s->waiting = LSI_DMA_IN_PROGRESS; 1258 break; 1259 case PHASE_CMD: 1260 lsi_do_command(s); 1261 break; 1262 case PHASE_ST: 1263 lsi_do_status(s); 1264 break; 1265 case PHASE_MO: 1266 lsi_do_msgout(s); 1267 break; 1268 case PHASE_MI: 1269 lsi_do_msgin(s); 1270 break; 1271 default: 1272 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n", 1273 scsi_phase_name(s->sstat1)); 1274 } 1275 s->dfifo = s->dbc & 0xff; 1276 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1277 s->sbc = s->dbc; 1278 s->rbc -= s->dbc; 1279 s->ua = addr + s->dbc; 1280 break; 1281 1282 case 1: /* IO or Read/Write instruction. */ 1283 opcode = (insn >> 27) & 7; 1284 if (opcode < 5) { 1285 uint32_t id; 1286 1287 if (insn & (1 << 25)) { 1288 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1289 } else { 1290 id = insn; 1291 } 1292 id = (id >> 16) & 0xf; 1293 if (insn & (1 << 26)) { 1294 addr = s->dsp + sextract32(addr, 0, 24); 1295 } 1296 s->dnad = addr; 1297 switch (opcode) { 1298 case 0: /* Select */ 1299 s->sdid = id; 1300 if (s->scntl1 & LSI_SCNTL1_CON) { 1301 trace_lsi_execute_script_io_alreadyreselected(); 1302 s->dsp = s->dnad; 1303 break; 1304 } 1305 s->sstat0 |= LSI_SSTAT0_WOA; 1306 s->scntl1 &= ~LSI_SCNTL1_IARB; 1307 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1308 lsi_bad_selection(s, id); 1309 break; 1310 } 1311 trace_lsi_execute_script_io_selected(id, 1312 insn & (1 << 3) ? " ATN" : ""); 1313 /* ??? Linux drivers compain when this is set. Maybe 1314 it only applies in low-level mode (unimplemented). 1315 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1316 s->select_tag = id << 8; 1317 s->scntl1 |= LSI_SCNTL1_CON; 1318 if (insn & (1 << 3)) { 1319 s->socl |= LSI_SOCL_ATN; 1320 s->sbcl |= LSI_SBCL_ATN; 1321 } 1322 s->sbcl |= LSI_SBCL_BSY; 1323 lsi_set_phase(s, PHASE_MO); 1324 s->waiting = LSI_NOWAIT; 1325 break; 1326 case 1: /* Disconnect */ 1327 trace_lsi_execute_script_io_disconnect(); 1328 s->scntl1 &= ~LSI_SCNTL1_CON; 1329 /* FIXME: this is not entirely correct; the target need not ask 1330 * for reselection until it has to send data, while here we force a 1331 * reselection as soon as the bus is free. The correct flow would 1332 * reselect before lsi_transfer_data and disconnect as soon as 1333 * DMA ends. 1334 */ 1335 if (!s->current) { 1336 lsi_request *p = get_pending_req(s); 1337 if (p) { 1338 lsi_reselect(s, p); 1339 } 1340 } 1341 break; 1342 case 2: /* Wait Reselect */ 1343 if (s->istat0 & LSI_ISTAT0_SIGP) { 1344 s->dsp = s->dnad; 1345 } else if (!lsi_irq_on_rsl(s)) { 1346 lsi_wait_reselect(s); 1347 } 1348 break; 1349 case 3: /* Set */ 1350 trace_lsi_execute_script_io_set( 1351 insn & (1 << 3) ? " ATN" : "", 1352 insn & (1 << 6) ? " ACK" : "", 1353 insn & (1 << 9) ? " TM" : "", 1354 insn & (1 << 10) ? " CC" : ""); 1355 if (insn & (1 << 3)) { 1356 s->socl |= LSI_SOCL_ATN; 1357 s->sbcl |= LSI_SBCL_ATN; 1358 lsi_set_phase(s, PHASE_MO); 1359 } 1360 1361 if (insn & (1 << 6)) { 1362 s->sbcl |= LSI_SBCL_ACK; 1363 } 1364 1365 if (insn & (1 << 9)) { 1366 qemu_log_mask(LOG_UNIMP, 1367 "lsi_scsi: Target mode not implemented\n"); 1368 } 1369 if (insn & (1 << 10)) 1370 s->carry = 1; 1371 break; 1372 case 4: /* Clear */ 1373 trace_lsi_execute_script_io_clear( 1374 insn & (1 << 3) ? " ATN" : "", 1375 insn & (1 << 6) ? " ACK" : "", 1376 insn & (1 << 9) ? " TM" : "", 1377 insn & (1 << 10) ? " CC" : ""); 1378 if (insn & (1 << 3)) { 1379 s->socl &= ~LSI_SOCL_ATN; 1380 s->sbcl &= ~LSI_SBCL_ATN; 1381 } 1382 1383 if (insn & (1 << 6)) { 1384 s->sbcl &= ~LSI_SBCL_ACK; 1385 } 1386 1387 if (insn & (1 << 10)) 1388 s->carry = 0; 1389 break; 1390 } 1391 } else { 1392 uint8_t op0; 1393 uint8_t op1; 1394 uint8_t data8; 1395 int reg; 1396 int operator; 1397 1398 static const char *opcode_names[3] = 1399 {"Write", "Read", "Read-Modify-Write"}; 1400 static const char *operator_names[8] = 1401 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1402 1403 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1404 data8 = (insn >> 8) & 0xff; 1405 opcode = (insn >> 27) & 7; 1406 operator = (insn >> 24) & 7; 1407 trace_lsi_execute_script_io_opcode( 1408 opcode_names[opcode - 5], reg, 1409 operator_names[operator], data8, s->sfbr, 1410 (insn & (1 << 23)) ? " SFBR" : ""); 1411 op0 = op1 = 0; 1412 switch (opcode) { 1413 case 5: /* From SFBR */ 1414 op0 = s->sfbr; 1415 op1 = data8; 1416 break; 1417 case 6: /* To SFBR */ 1418 if (operator) 1419 op0 = lsi_reg_readb(s, reg); 1420 op1 = data8; 1421 break; 1422 case 7: /* Read-modify-write */ 1423 if (operator) 1424 op0 = lsi_reg_readb(s, reg); 1425 if (insn & (1 << 23)) { 1426 op1 = s->sfbr; 1427 } else { 1428 op1 = data8; 1429 } 1430 break; 1431 } 1432 1433 switch (operator) { 1434 case 0: /* move */ 1435 op0 = op1; 1436 break; 1437 case 1: /* Shift left */ 1438 op1 = op0 >> 7; 1439 op0 = (op0 << 1) | s->carry; 1440 s->carry = op1; 1441 break; 1442 case 2: /* OR */ 1443 op0 |= op1; 1444 break; 1445 case 3: /* XOR */ 1446 op0 ^= op1; 1447 break; 1448 case 4: /* AND */ 1449 op0 &= op1; 1450 break; 1451 case 5: /* SHR */ 1452 op1 = op0 & 1; 1453 op0 = (op0 >> 1) | (s->carry << 7); 1454 s->carry = op1; 1455 break; 1456 case 6: /* ADD */ 1457 op0 += op1; 1458 s->carry = op0 < op1; 1459 break; 1460 case 7: /* ADC */ 1461 op0 += op1 + s->carry; 1462 if (s->carry) 1463 s->carry = op0 <= op1; 1464 else 1465 s->carry = op0 < op1; 1466 break; 1467 } 1468 1469 switch (opcode) { 1470 case 5: /* From SFBR */ 1471 case 7: /* Read-modify-write */ 1472 lsi_reg_writeb(s, reg, op0); 1473 break; 1474 case 6: /* To SFBR */ 1475 s->sfbr = op0; 1476 break; 1477 } 1478 } 1479 break; 1480 1481 case 2: /* Transfer Control. */ 1482 { 1483 int cond; 1484 int jmp; 1485 1486 if ((insn & 0x002e0000) == 0) { 1487 trace_lsi_execute_script_tc_nop(); 1488 break; 1489 } 1490 if (s->sist1 & LSI_SIST1_STO) { 1491 trace_lsi_execute_script_tc_delayedselect_timeout(); 1492 lsi_stop_script(s); 1493 break; 1494 } 1495 cond = jmp = (insn & (1 << 19)) != 0; 1496 if (cond == jmp && (insn & (1 << 21))) { 1497 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1498 cond = s->carry != 0; 1499 } 1500 if (cond == jmp && (insn & (1 << 17))) { 1501 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1), 1502 jmp ? '=' : '!', scsi_phase_name(insn >> 24)); 1503 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1504 } 1505 if (cond == jmp && (insn & (1 << 18))) { 1506 uint8_t mask; 1507 1508 mask = (~insn >> 8) & 0xff; 1509 trace_lsi_execute_script_tc_compd( 1510 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1511 cond = (s->sfbr & mask) == (insn & mask); 1512 } 1513 if (cond == jmp) { 1514 if (insn & (1 << 23)) { 1515 /* Relative address. */ 1516 addr = s->dsp + sextract32(addr, 0, 24); 1517 } 1518 switch ((insn >> 27) & 7) { 1519 case 0: /* Jump */ 1520 trace_lsi_execute_script_tc_jump(addr); 1521 s->adder = addr; 1522 s->dsp = addr; 1523 break; 1524 case 1: /* Call */ 1525 trace_lsi_execute_script_tc_call(addr); 1526 s->temp = s->dsp; 1527 s->dsp = addr; 1528 break; 1529 case 2: /* Return */ 1530 trace_lsi_execute_script_tc_return(s->temp); 1531 s->dsp = s->temp; 1532 break; 1533 case 3: /* Interrupt */ 1534 trace_lsi_execute_script_tc_interrupt(s->dsps); 1535 if ((insn & (1 << 20)) != 0) { 1536 s->istat0 |= LSI_ISTAT0_INTF; 1537 lsi_update_irq(s); 1538 } else { 1539 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1540 } 1541 break; 1542 default: 1543 trace_lsi_execute_script_tc_illegal(); 1544 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1545 break; 1546 } 1547 } else { 1548 trace_lsi_execute_script_tc_cc_failed(); 1549 } 1550 } 1551 break; 1552 1553 case 3: 1554 if ((insn & (1 << 29)) == 0) { 1555 /* Memory move. */ 1556 uint32_t dest; 1557 /* ??? The docs imply the destination address is loaded into 1558 the TEMP register. However the Linux drivers rely on 1559 the value being presrved. */ 1560 dest = read_dword(s, s->dsp); 1561 s->dsp += 4; 1562 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1563 } else { 1564 uint8_t data[7]; 1565 int reg; 1566 int n; 1567 int i; 1568 1569 if (insn & (1 << 28)) { 1570 addr = s->dsa + sextract32(addr, 0, 24); 1571 } 1572 n = (insn & 7); 1573 reg = (insn >> 16) & 0xff; 1574 if (insn & (1 << 24)) { 1575 pci_dma_read(pci_dev, addr, data, n); 1576 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1577 for (i = 0; i < n; i++) { 1578 lsi_reg_writeb(s, reg + i, data[i]); 1579 } 1580 } else { 1581 trace_lsi_execute_script_mm_store(reg, n, addr); 1582 for (i = 0; i < n; i++) { 1583 data[i] = lsi_reg_readb(s, reg + i); 1584 } 1585 pci_dma_write(pci_dev, addr, data, n); 1586 } 1587 } 1588 } 1589 if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) { 1590 if (s->dcntl & LSI_DCNTL_SSM) { 1591 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1592 } else { 1593 goto again; 1594 } 1595 } 1596 trace_lsi_execute_script_stop(); 1597 } 1598 1599 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1600 { 1601 uint8_t ret; 1602 1603 #define CASE_GET_REG24(name, addr) \ 1604 case addr: ret = s->name & 0xff; break; \ 1605 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1606 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1607 1608 #define CASE_GET_REG32(name, addr) \ 1609 case addr: ret = s->name & 0xff; break; \ 1610 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1611 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1612 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1613 1614 switch (offset) { 1615 case 0x00: /* SCNTL0 */ 1616 ret = s->scntl0; 1617 break; 1618 case 0x01: /* SCNTL1 */ 1619 ret = s->scntl1; 1620 break; 1621 case 0x02: /* SCNTL2 */ 1622 ret = s->scntl2; 1623 break; 1624 case 0x03: /* SCNTL3 */ 1625 ret = s->scntl3; 1626 break; 1627 case 0x04: /* SCID */ 1628 ret = s->scid; 1629 break; 1630 case 0x05: /* SXFER */ 1631 ret = s->sxfer; 1632 break; 1633 case 0x06: /* SDID */ 1634 ret = s->sdid; 1635 break; 1636 case 0x07: /* GPREG0 */ 1637 ret = 0x7f; 1638 break; 1639 case 0x08: /* Revision ID */ 1640 ret = 0x00; 1641 break; 1642 case 0x09: /* SOCL */ 1643 ret = s->socl; 1644 break; 1645 case 0xa: /* SSID */ 1646 ret = s->ssid; 1647 break; 1648 case 0xb: /* SBCL */ 1649 ret = s->sbcl; 1650 break; 1651 case 0xc: /* DSTAT */ 1652 ret = s->dstat | LSI_DSTAT_DFE; 1653 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1654 s->dstat = 0; 1655 lsi_update_irq(s); 1656 break; 1657 case 0x0d: /* SSTAT0 */ 1658 ret = s->sstat0; 1659 break; 1660 case 0x0e: /* SSTAT1 */ 1661 ret = s->sstat1; 1662 break; 1663 case 0x0f: /* SSTAT2 */ 1664 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1665 break; 1666 CASE_GET_REG32(dsa, 0x10) 1667 case 0x14: /* ISTAT0 */ 1668 ret = s->istat0; 1669 break; 1670 case 0x15: /* ISTAT1 */ 1671 ret = s->istat1; 1672 break; 1673 case 0x16: /* MBOX0 */ 1674 ret = s->mbox0; 1675 break; 1676 case 0x17: /* MBOX1 */ 1677 ret = s->mbox1; 1678 break; 1679 case 0x18: /* CTEST0 */ 1680 ret = 0xff; 1681 break; 1682 case 0x19: /* CTEST1 */ 1683 ret = 0; 1684 break; 1685 case 0x1a: /* CTEST2 */ 1686 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1687 if (s->istat0 & LSI_ISTAT0_SIGP) { 1688 s->istat0 &= ~LSI_ISTAT0_SIGP; 1689 ret |= LSI_CTEST2_SIGP; 1690 } 1691 break; 1692 case 0x1b: /* CTEST3 */ 1693 ret = s->ctest3; 1694 break; 1695 CASE_GET_REG32(temp, 0x1c) 1696 case 0x20: /* DFIFO */ 1697 ret = s->dfifo; 1698 break; 1699 case 0x21: /* CTEST4 */ 1700 ret = s->ctest4; 1701 break; 1702 case 0x22: /* CTEST5 */ 1703 ret = s->ctest5; 1704 break; 1705 case 0x23: /* CTEST6 */ 1706 ret = 0; 1707 break; 1708 CASE_GET_REG24(dbc, 0x24) 1709 case 0x27: /* DCMD */ 1710 ret = s->dcmd; 1711 break; 1712 CASE_GET_REG32(dnad, 0x28) 1713 CASE_GET_REG32(dsp, 0x2c) 1714 CASE_GET_REG32(dsps, 0x30) 1715 CASE_GET_REG32(scratch[0], 0x34) 1716 case 0x38: /* DMODE */ 1717 ret = s->dmode; 1718 break; 1719 case 0x39: /* DIEN */ 1720 ret = s->dien; 1721 break; 1722 case 0x3a: /* SBR */ 1723 ret = s->sbr; 1724 break; 1725 case 0x3b: /* DCNTL */ 1726 ret = s->dcntl; 1727 break; 1728 /* ADDER Output (Debug of relative jump address) */ 1729 CASE_GET_REG32(adder, 0x3c) 1730 case 0x40: /* SIEN0 */ 1731 ret = s->sien0; 1732 break; 1733 case 0x41: /* SIEN1 */ 1734 ret = s->sien1; 1735 break; 1736 case 0x42: /* SIST0 */ 1737 ret = s->sist0; 1738 s->sist0 = 0; 1739 lsi_update_irq(s); 1740 break; 1741 case 0x43: /* SIST1 */ 1742 ret = s->sist1; 1743 s->sist1 = 0; 1744 lsi_update_irq(s); 1745 break; 1746 case 0x46: /* MACNTL */ 1747 ret = 0x0f; 1748 break; 1749 case 0x47: /* GPCNTL0 */ 1750 ret = 0x0f; 1751 break; 1752 case 0x48: /* STIME0 */ 1753 ret = s->stime0; 1754 break; 1755 case 0x4a: /* RESPID0 */ 1756 ret = s->respid0; 1757 break; 1758 case 0x4b: /* RESPID1 */ 1759 ret = s->respid1; 1760 break; 1761 case 0x4d: /* STEST1 */ 1762 ret = s->stest1; 1763 break; 1764 case 0x4e: /* STEST2 */ 1765 ret = s->stest2; 1766 break; 1767 case 0x4f: /* STEST3 */ 1768 ret = s->stest3; 1769 break; 1770 case 0x50: /* SIDL */ 1771 /* This is needed by the linux drivers. We currently only update it 1772 during the MSG IN phase. */ 1773 ret = s->sidl; 1774 break; 1775 case 0x52: /* STEST4 */ 1776 ret = 0xe0; 1777 break; 1778 case 0x56: /* CCNTL0 */ 1779 ret = s->ccntl0; 1780 break; 1781 case 0x57: /* CCNTL1 */ 1782 ret = s->ccntl1; 1783 break; 1784 case 0x58: /* SBDL */ 1785 /* Some drivers peek at the data bus during the MSG IN phase. */ 1786 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) { 1787 assert(s->msg_len > 0); 1788 return s->msg[0]; 1789 } 1790 ret = 0; 1791 break; 1792 case 0x59: /* SBDL high */ 1793 ret = 0; 1794 break; 1795 CASE_GET_REG32(mmrs, 0xa0) 1796 CASE_GET_REG32(mmws, 0xa4) 1797 CASE_GET_REG32(sfs, 0xa8) 1798 CASE_GET_REG32(drs, 0xac) 1799 CASE_GET_REG32(sbms, 0xb0) 1800 CASE_GET_REG32(dbms, 0xb4) 1801 CASE_GET_REG32(dnad64, 0xb8) 1802 CASE_GET_REG32(pmjad1, 0xc0) 1803 CASE_GET_REG32(pmjad2, 0xc4) 1804 CASE_GET_REG32(rbc, 0xc8) 1805 CASE_GET_REG32(ua, 0xcc) 1806 CASE_GET_REG32(ia, 0xd4) 1807 CASE_GET_REG32(sbc, 0xd8) 1808 CASE_GET_REG32(csbc, 0xdc) 1809 case 0x5c ... 0x9f: 1810 { 1811 int n; 1812 int shift; 1813 n = (offset - 0x58) >> 2; 1814 shift = (offset & 3) * 8; 1815 ret = (s->scratch[n] >> shift) & 0xff; 1816 break; 1817 } 1818 default: 1819 { 1820 qemu_log_mask(LOG_GUEST_ERROR, 1821 "lsi_scsi: invalid read from reg %s %x\n", 1822 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1823 offset); 1824 ret = 0xff; 1825 break; 1826 } 1827 } 1828 #undef CASE_GET_REG24 1829 #undef CASE_GET_REG32 1830 1831 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1832 offset, ret); 1833 1834 return ret; 1835 } 1836 1837 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1838 { 1839 #define CASE_SET_REG24(name, addr) \ 1840 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1841 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1842 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1843 1844 #define CASE_SET_REG32(name, addr) \ 1845 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1846 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1847 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1848 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1849 1850 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1851 offset, val); 1852 1853 switch (offset) { 1854 case 0x00: /* SCNTL0 */ 1855 s->scntl0 = val; 1856 if (val & LSI_SCNTL0_START) { 1857 qemu_log_mask(LOG_UNIMP, 1858 "lsi_scsi: Start sequence not implemented\n"); 1859 } 1860 break; 1861 case 0x01: /* SCNTL1 */ 1862 s->scntl1 = val & ~LSI_SCNTL1_SST; 1863 if (val & LSI_SCNTL1_IARB) { 1864 qemu_log_mask(LOG_UNIMP, 1865 "lsi_scsi: Immediate Arbritration not implemented\n"); 1866 } 1867 if (val & LSI_SCNTL1_RST) { 1868 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1869 qbus_reset_all(BUS(&s->bus)); 1870 s->sstat0 |= LSI_SSTAT0_RST; 1871 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1872 } 1873 } else { 1874 s->sstat0 &= ~LSI_SSTAT0_RST; 1875 } 1876 break; 1877 case 0x02: /* SCNTL2 */ 1878 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1879 s->scntl2 = val; 1880 break; 1881 case 0x03: /* SCNTL3 */ 1882 s->scntl3 = val; 1883 break; 1884 case 0x04: /* SCID */ 1885 s->scid = val; 1886 break; 1887 case 0x05: /* SXFER */ 1888 s->sxfer = val; 1889 break; 1890 case 0x06: /* SDID */ 1891 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1892 qemu_log_mask(LOG_GUEST_ERROR, 1893 "lsi_scsi: Destination ID does not match SSID\n"); 1894 } 1895 s->sdid = val & 0xf; 1896 break; 1897 case 0x07: /* GPREG0 */ 1898 break; 1899 case 0x08: /* SFBR */ 1900 /* The CPU is not allowed to write to this register. However the 1901 SCRIPTS register move instructions are. */ 1902 s->sfbr = val; 1903 break; 1904 case 0x0a: case 0x0b: 1905 /* Openserver writes to these readonly registers on startup */ 1906 return; 1907 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1908 /* Linux writes to these readonly registers on startup. */ 1909 return; 1910 CASE_SET_REG32(dsa, 0x10) 1911 case 0x14: /* ISTAT0 */ 1912 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1913 if (val & LSI_ISTAT0_ABRT) { 1914 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1915 } 1916 if (val & LSI_ISTAT0_INTF) { 1917 s->istat0 &= ~LSI_ISTAT0_INTF; 1918 lsi_update_irq(s); 1919 } 1920 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) { 1921 trace_lsi_awoken(); 1922 s->waiting = LSI_NOWAIT; 1923 s->dsp = s->dnad; 1924 lsi_execute_script(s); 1925 } 1926 if (val & LSI_ISTAT0_SRST) { 1927 qdev_reset_all(DEVICE(s)); 1928 } 1929 break; 1930 case 0x16: /* MBOX0 */ 1931 s->mbox0 = val; 1932 break; 1933 case 0x17: /* MBOX1 */ 1934 s->mbox1 = val; 1935 break; 1936 case 0x18: /* CTEST0 */ 1937 /* nothing to do */ 1938 break; 1939 case 0x1a: /* CTEST2 */ 1940 s->ctest2 = val & LSI_CTEST2_PCICIE; 1941 break; 1942 case 0x1b: /* CTEST3 */ 1943 s->ctest3 = val & 0x0f; 1944 break; 1945 CASE_SET_REG32(temp, 0x1c) 1946 case 0x21: /* CTEST4 */ 1947 if (val & 7) { 1948 qemu_log_mask(LOG_UNIMP, 1949 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1950 } 1951 s->ctest4 = val; 1952 break; 1953 case 0x22: /* CTEST5 */ 1954 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1955 qemu_log_mask(LOG_UNIMP, 1956 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1957 } 1958 s->ctest5 = val; 1959 break; 1960 CASE_SET_REG24(dbc, 0x24) 1961 CASE_SET_REG32(dnad, 0x28) 1962 case 0x2c: /* DSP[0:7] */ 1963 s->dsp &= 0xffffff00; 1964 s->dsp |= val; 1965 break; 1966 case 0x2d: /* DSP[8:15] */ 1967 s->dsp &= 0xffff00ff; 1968 s->dsp |= val << 8; 1969 break; 1970 case 0x2e: /* DSP[16:23] */ 1971 s->dsp &= 0xff00ffff; 1972 s->dsp |= val << 16; 1973 break; 1974 case 0x2f: /* DSP[24:31] */ 1975 s->dsp &= 0x00ffffff; 1976 s->dsp |= val << 24; 1977 /* 1978 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one 1979 * instruction. Is this correct? 1980 */ 1981 if ((s->dmode & LSI_DMODE_MAN) == 0 1982 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1983 lsi_execute_script(s); 1984 break; 1985 CASE_SET_REG32(dsps, 0x30) 1986 CASE_SET_REG32(scratch[0], 0x34) 1987 case 0x38: /* DMODE */ 1988 s->dmode = val; 1989 break; 1990 case 0x39: /* DIEN */ 1991 s->dien = val; 1992 lsi_update_irq(s); 1993 break; 1994 case 0x3a: /* SBR */ 1995 s->sbr = val; 1996 break; 1997 case 0x3b: /* DCNTL */ 1998 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1999 /* 2000 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one 2001 * instruction. Is this correct? 2002 */ 2003 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 2004 lsi_execute_script(s); 2005 break; 2006 case 0x40: /* SIEN0 */ 2007 s->sien0 = val; 2008 lsi_update_irq(s); 2009 break; 2010 case 0x41: /* SIEN1 */ 2011 s->sien1 = val; 2012 lsi_update_irq(s); 2013 break; 2014 case 0x47: /* GPCNTL0 */ 2015 break; 2016 case 0x48: /* STIME0 */ 2017 s->stime0 = val; 2018 break; 2019 case 0x49: /* STIME1 */ 2020 if (val & 0xf) { 2021 qemu_log_mask(LOG_UNIMP, 2022 "lsi_scsi: General purpose timer not implemented\n"); 2023 /* ??? Raising the interrupt immediately seems to be sufficient 2024 to keep the FreeBSD driver happy. */ 2025 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 2026 } 2027 break; 2028 case 0x4a: /* RESPID0 */ 2029 s->respid0 = val; 2030 break; 2031 case 0x4b: /* RESPID1 */ 2032 s->respid1 = val; 2033 break; 2034 case 0x4d: /* STEST1 */ 2035 s->stest1 = val; 2036 break; 2037 case 0x4e: /* STEST2 */ 2038 if (val & 1) { 2039 qemu_log_mask(LOG_UNIMP, 2040 "lsi_scsi: Low level mode not implemented\n"); 2041 } 2042 s->stest2 = val; 2043 break; 2044 case 0x4f: /* STEST3 */ 2045 if (val & 0x41) { 2046 qemu_log_mask(LOG_UNIMP, 2047 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 2048 } 2049 s->stest3 = val; 2050 break; 2051 case 0x56: /* CCNTL0 */ 2052 s->ccntl0 = val; 2053 break; 2054 case 0x57: /* CCNTL1 */ 2055 s->ccntl1 = val; 2056 break; 2057 CASE_SET_REG32(mmrs, 0xa0) 2058 CASE_SET_REG32(mmws, 0xa4) 2059 CASE_SET_REG32(sfs, 0xa8) 2060 CASE_SET_REG32(drs, 0xac) 2061 CASE_SET_REG32(sbms, 0xb0) 2062 CASE_SET_REG32(dbms, 0xb4) 2063 CASE_SET_REG32(dnad64, 0xb8) 2064 CASE_SET_REG32(pmjad1, 0xc0) 2065 CASE_SET_REG32(pmjad2, 0xc4) 2066 CASE_SET_REG32(rbc, 0xc8) 2067 CASE_SET_REG32(ua, 0xcc) 2068 CASE_SET_REG32(ia, 0xd4) 2069 CASE_SET_REG32(sbc, 0xd8) 2070 CASE_SET_REG32(csbc, 0xdc) 2071 default: 2072 if (offset >= 0x5c && offset < 0xa0) { 2073 int n; 2074 int shift; 2075 n = (offset - 0x58) >> 2; 2076 shift = (offset & 3) * 8; 2077 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 2078 } else { 2079 qemu_log_mask(LOG_GUEST_ERROR, 2080 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 2081 offset < ARRAY_SIZE(names) ? names[offset] : "???", 2082 offset, val); 2083 } 2084 } 2085 #undef CASE_SET_REG24 2086 #undef CASE_SET_REG32 2087 } 2088 2089 static void lsi_mmio_write(void *opaque, hwaddr addr, 2090 uint64_t val, unsigned size) 2091 { 2092 LSIState *s = opaque; 2093 2094 lsi_reg_writeb(s, addr & 0xff, val); 2095 } 2096 2097 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2098 unsigned size) 2099 { 2100 LSIState *s = opaque; 2101 return lsi_reg_readb(s, addr & 0xff); 2102 } 2103 2104 static const MemoryRegionOps lsi_mmio_ops = { 2105 .read = lsi_mmio_read, 2106 .write = lsi_mmio_write, 2107 .endianness = DEVICE_LITTLE_ENDIAN, 2108 .impl = { 2109 .min_access_size = 1, 2110 .max_access_size = 1, 2111 }, 2112 }; 2113 2114 static void lsi_ram_write(void *opaque, hwaddr addr, 2115 uint64_t val, unsigned size) 2116 { 2117 LSIState *s = opaque; 2118 stn_le_p(s->script_ram + addr, size, val); 2119 } 2120 2121 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2122 unsigned size) 2123 { 2124 LSIState *s = opaque; 2125 return ldn_le_p(s->script_ram + addr, size); 2126 } 2127 2128 static const MemoryRegionOps lsi_ram_ops = { 2129 .read = lsi_ram_read, 2130 .write = lsi_ram_write, 2131 .endianness = DEVICE_LITTLE_ENDIAN, 2132 }; 2133 2134 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2135 unsigned size) 2136 { 2137 LSIState *s = opaque; 2138 return lsi_reg_readb(s, addr & 0xff); 2139 } 2140 2141 static void lsi_io_write(void *opaque, hwaddr addr, 2142 uint64_t val, unsigned size) 2143 { 2144 LSIState *s = opaque; 2145 lsi_reg_writeb(s, addr & 0xff, val); 2146 } 2147 2148 static const MemoryRegionOps lsi_io_ops = { 2149 .read = lsi_io_read, 2150 .write = lsi_io_write, 2151 .endianness = DEVICE_LITTLE_ENDIAN, 2152 .impl = { 2153 .min_access_size = 1, 2154 .max_access_size = 1, 2155 }, 2156 }; 2157 2158 static void lsi_scsi_reset(DeviceState *dev) 2159 { 2160 LSIState *s = LSI53C895A(dev); 2161 2162 lsi_soft_reset(s); 2163 } 2164 2165 static int lsi_pre_save(void *opaque) 2166 { 2167 LSIState *s = opaque; 2168 2169 if (s->current) { 2170 assert(s->current->dma_buf == NULL); 2171 assert(s->current->dma_len == 0); 2172 } 2173 assert(QTAILQ_EMPTY(&s->queue)); 2174 2175 return 0; 2176 } 2177 2178 static int lsi_post_load(void *opaque, int version_id) 2179 { 2180 LSIState *s = opaque; 2181 2182 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) { 2183 return -EINVAL; 2184 } 2185 2186 return 0; 2187 } 2188 2189 static const VMStateDescription vmstate_lsi_scsi = { 2190 .name = "lsiscsi", 2191 .version_id = 1, 2192 .minimum_version_id = 0, 2193 .pre_save = lsi_pre_save, 2194 .post_load = lsi_post_load, 2195 .fields = (VMStateField[]) { 2196 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2197 2198 VMSTATE_INT32(carry, LSIState), 2199 VMSTATE_INT32(status, LSIState), 2200 VMSTATE_INT32(msg_action, LSIState), 2201 VMSTATE_INT32(msg_len, LSIState), 2202 VMSTATE_BUFFER(msg, LSIState), 2203 VMSTATE_INT32(waiting, LSIState), 2204 2205 VMSTATE_UINT32(dsa, LSIState), 2206 VMSTATE_UINT32(temp, LSIState), 2207 VMSTATE_UINT32(dnad, LSIState), 2208 VMSTATE_UINT32(dbc, LSIState), 2209 VMSTATE_UINT8(istat0, LSIState), 2210 VMSTATE_UINT8(istat1, LSIState), 2211 VMSTATE_UINT8(dcmd, LSIState), 2212 VMSTATE_UINT8(dstat, LSIState), 2213 VMSTATE_UINT8(dien, LSIState), 2214 VMSTATE_UINT8(sist0, LSIState), 2215 VMSTATE_UINT8(sist1, LSIState), 2216 VMSTATE_UINT8(sien0, LSIState), 2217 VMSTATE_UINT8(sien1, LSIState), 2218 VMSTATE_UINT8(mbox0, LSIState), 2219 VMSTATE_UINT8(mbox1, LSIState), 2220 VMSTATE_UINT8(dfifo, LSIState), 2221 VMSTATE_UINT8(ctest2, LSIState), 2222 VMSTATE_UINT8(ctest3, LSIState), 2223 VMSTATE_UINT8(ctest4, LSIState), 2224 VMSTATE_UINT8(ctest5, LSIState), 2225 VMSTATE_UINT8(ccntl0, LSIState), 2226 VMSTATE_UINT8(ccntl1, LSIState), 2227 VMSTATE_UINT32(dsp, LSIState), 2228 VMSTATE_UINT32(dsps, LSIState), 2229 VMSTATE_UINT8(dmode, LSIState), 2230 VMSTATE_UINT8(dcntl, LSIState), 2231 VMSTATE_UINT8(scntl0, LSIState), 2232 VMSTATE_UINT8(scntl1, LSIState), 2233 VMSTATE_UINT8(scntl2, LSIState), 2234 VMSTATE_UINT8(scntl3, LSIState), 2235 VMSTATE_UINT8(sstat0, LSIState), 2236 VMSTATE_UINT8(sstat1, LSIState), 2237 VMSTATE_UINT8(scid, LSIState), 2238 VMSTATE_UINT8(sxfer, LSIState), 2239 VMSTATE_UINT8(socl, LSIState), 2240 VMSTATE_UINT8(sdid, LSIState), 2241 VMSTATE_UINT8(ssid, LSIState), 2242 VMSTATE_UINT8(sfbr, LSIState), 2243 VMSTATE_UINT8(stest1, LSIState), 2244 VMSTATE_UINT8(stest2, LSIState), 2245 VMSTATE_UINT8(stest3, LSIState), 2246 VMSTATE_UINT8(sidl, LSIState), 2247 VMSTATE_UINT8(stime0, LSIState), 2248 VMSTATE_UINT8(respid0, LSIState), 2249 VMSTATE_UINT8(respid1, LSIState), 2250 VMSTATE_UINT8_V(sbcl, LSIState, 1), 2251 VMSTATE_UINT32(mmrs, LSIState), 2252 VMSTATE_UINT32(mmws, LSIState), 2253 VMSTATE_UINT32(sfs, LSIState), 2254 VMSTATE_UINT32(drs, LSIState), 2255 VMSTATE_UINT32(sbms, LSIState), 2256 VMSTATE_UINT32(dbms, LSIState), 2257 VMSTATE_UINT32(dnad64, LSIState), 2258 VMSTATE_UINT32(pmjad1, LSIState), 2259 VMSTATE_UINT32(pmjad2, LSIState), 2260 VMSTATE_UINT32(rbc, LSIState), 2261 VMSTATE_UINT32(ua, LSIState), 2262 VMSTATE_UINT32(ia, LSIState), 2263 VMSTATE_UINT32(sbc, LSIState), 2264 VMSTATE_UINT32(csbc, LSIState), 2265 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2266 VMSTATE_UINT8(sbr, LSIState), 2267 2268 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192), 2269 VMSTATE_END_OF_LIST() 2270 } 2271 }; 2272 2273 static const struct SCSIBusInfo lsi_scsi_info = { 2274 .tcq = true, 2275 .max_target = LSI_MAX_DEVS, 2276 .max_lun = 0, /* LUN support is buggy */ 2277 2278 .transfer_data = lsi_transfer_data, 2279 .complete = lsi_command_complete, 2280 .cancel = lsi_request_cancelled 2281 }; 2282 2283 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2284 { 2285 LSIState *s = LSI53C895A(dev); 2286 DeviceState *d = DEVICE(dev); 2287 uint8_t *pci_conf; 2288 2289 pci_conf = dev->config; 2290 2291 /* PCI latency timer = 255 */ 2292 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2293 /* Interrupt pin A */ 2294 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2295 2296 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2297 "lsi-mmio", 0x400); 2298 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2299 "lsi-ram", 0x2000); 2300 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2301 "lsi-io", 256); 2302 2303 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2304 qdev_init_gpio_out(d, &s->ext_irq, 1); 2305 2306 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2307 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2308 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2309 QTAILQ_INIT(&s->queue); 2310 2311 scsi_bus_init(&s->bus, sizeof(s->bus), d, &lsi_scsi_info); 2312 } 2313 2314 static void lsi_scsi_exit(PCIDevice *dev) 2315 { 2316 LSIState *s = LSI53C895A(dev); 2317 2318 address_space_destroy(&s->pci_io_as); 2319 } 2320 2321 static void lsi_class_init(ObjectClass *klass, void *data) 2322 { 2323 DeviceClass *dc = DEVICE_CLASS(klass); 2324 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2325 2326 k->realize = lsi_scsi_realize; 2327 k->exit = lsi_scsi_exit; 2328 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2329 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2330 k->class_id = PCI_CLASS_STORAGE_SCSI; 2331 k->subsystem_id = 0x1000; 2332 dc->reset = lsi_scsi_reset; 2333 dc->vmsd = &vmstate_lsi_scsi; 2334 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2335 } 2336 2337 static const TypeInfo lsi_info = { 2338 .name = TYPE_LSI53C895A, 2339 .parent = TYPE_PCI_DEVICE, 2340 .instance_size = sizeof(LSIState), 2341 .class_init = lsi_class_init, 2342 .interfaces = (InterfaceInfo[]) { 2343 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2344 { }, 2345 }, 2346 }; 2347 2348 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2349 { 2350 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2351 2352 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2353 } 2354 2355 static TypeInfo lsi53c810_info = { 2356 .name = TYPE_LSI53C810, 2357 .parent = TYPE_LSI53C895A, 2358 .class_init = lsi53c810_class_init, 2359 }; 2360 2361 static void lsi53c895a_register_types(void) 2362 { 2363 type_register_static(&lsi_info); 2364 type_register_static(&lsi53c810_info); 2365 } 2366 2367 type_init(lsi53c895a_register_types) 2368 2369 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2370 { 2371 LSIState *s = LSI53C895A(lsi_dev); 2372 2373 scsi_bus_legacy_handle_cmdline(&s->bus); 2374 } 2375